Archive for April 2012
Posted April 30, 2012on:
More than 600,000 Macs have been infected with a new version of the Flashback Trojan horse that’s being installed on people’s computers with the help of Java exploits. How does this infection affect Apple’s reputation for security? Let’s see what LI members think on this point:
“Not in the slightest. Most of Apple’s users wouldn’t know what Flashback is, nor would they care. Did Lulzsec’s hack of Sony’s PSN have any effect on Sony users? Not a bit.
If there will be any change it may be from Sysadmins realizing that there’s no such thing as a perfectly secure OS. Good education on how to use systems applies equally to Mac and Windows users – always has. The OS may be slightly better, but there are still multiple different apps and other attack vectors that can be used – following bad links probably the top of that list.”
Technical Project Manager & Info Sec Architect
“I think it is funny. Most people still think that only Microsoft software gets viruses.”
Real Time Card Stunts for sports teams & sports events
“Mac OS X has a great reputation for security in general, but it’s not perfect. Most of the malware we see exploit vulnerabilities in other platforms installed on top of OS X like Java and Adobe Flash. The latest, LuckyCat even comes in through Microsoft Word 2011! Apple’s response may have been slow, but it was definitive. Apple has eliminated the threat with standard software updates. It’s just a question of time before the current variant of Flashback is extinct.
As for Apple’s reputation, it will be a bit tarnished by the outbreak because most people don’t understand the true mechanism of these attacks. That being said, Since Apple controls when Java gets updated for OS X, Apple would do well to keep Java updated on a more regular basis. They allowed this vulnerability to exist for Mac OS X even when the main Java codebase had already been patched.”
Business Technology Consultant
“I would say that it shows that their OS isn’t inherently more secure, just less targeted, but that isn’t actually what was at play here.
The vulnerability wasn’t in OS X, but rather in the implementation of Java that came with it. Apple manages its own JRE deployment to OS X, and as a result this vulnerability came into play only on Apple’s environment. That vulnerability lends itself well to exploitation, and that’s what happened. Security…real security…was never about how tight an operating system or application is. I mean, that’s a part of it, but there isn’t anything that has no vulnerabilities. And so, the really important thing that determines security is the overarching process and capability to manage those vulnerabilities and deal with them. Microsoft used to entirely suck at this…but now they are the industry leader. Nobody issues patches like they do; theirs is the gold standard. And yes, some of their vulnerabilities go a long time without being fixed, but when I look at how much code comprises Windows these days, and the damage that results if they issue a bad patch, I don’t know that I really want to yell at Microsoft over it. And Apple does worse.”
Power Generation Cyber Security Lead
“I don’t think it affects it at all. Apple has always had a poor reputation for security in terms of providing patches in a timely manner. In terms of overall reputation for security though, the machines have enjoyed a minor user-base for years and thus were not targeted often. Now that the user base has increased exponentially in recent years, one can only expect that the amount of exploits in production for the platform will also rise.
In terms of my own personal feelings on the matter. I still trust my Mac. I still use an industry standard antivirus solution (ClamXav). Most importantly, I don’t surf the types of sites that typically are used to host malware, and watch what I click on. I’ve been pretty happy and virus free for years so no complaints here.”
at Aholattafun Creative Solutions
“It will probably have a small negative effect on the market perception of Apple security but perhaps the real question is will that have any impact on Apple’s business? My feeling is that Apple’s perceived security advantages do not lead to increased sales, but if they ignore the increasing threat to their platforms it could have a significant negative effect in the medium term.”
an Independent Consultant, Researcher and Author
Maybe you have something to add? You’re welcome with your comments.
Apple has wormed its way into the broad population, creating new expectations and a model for IT. For fan boys, it’s vindication. For old-school IT, it’s a nightmare. For those not in either extreme, it’s further sign of the fundamental shift known as the consumerization of IT.
Apple effect isn’t merely consumerization effect
Users are shifting into mobile devices, and its implications on computing are indeed profound. But we already know that and can see it manifest itself in everything from Microsoft’s attempt to reinvent Windows and the notion that we’re entering a post-PC era.
Apple rides this trend, as does Google’s Android. But Apple lit the fuse with its iPhone, which redefined both mobile computing in particular and computing in general. The iPad lit the second fuse, breaking the separation between mobile and desktop computing. In some cases, an iPad is the primary computer already. Apple is defining very much what the new computing means, as well as training users on what to expect computing to be. As the notions of user technology and personal technology continue to blend, Apple’s ideas are reshaping the expectations and requirements of corporate IT as well.
The entrancing Apple ecosystem
Many in IT don’t get it. They’ll say that iPods are irrelevant to computing technology, and the fact that those are the majority of Apple products in use distorts any alleged Apple effect. The facts speak otherwise. That survey shows that the 51 percent of households that have an Apple product have three Apple products each on average, and a quarter of those plan to buy an additional one this year. What this signifies is the effect of the Apple ecosystem: It’s cliché to say that Apple products are easier to use than rivals, but they almost always are. You see this effect in the real world. The iPod or iPhone is a gateway drug to more Apple products. iTunes and now iCloud encourage the addition of more Apple products to share your digital goodies and — more important — your user experience. There’s truth to the joke that once you go Mac, you never go back.
Dying technology is euthanized
When Apple decides something needs to die, it kills it. That’s what happened with the floppy drive, then to all its proprietary ports, then to CDs, and most recently to Adobe Flash. PC users whine and point fingers, but their vendors eventually follow suit. Apple users simply deal and move on, perhaps after a brief complaint. That’s something else IT should learn: Stop mollycoddling old technology that slows the company and complicates its technology maintenance. The short-term cost of change is lower than the long-term cost of avoidance.
What Apple is doing right is to serve and engage customers, and replicate what is possible within IT. If you do so, you won’t worry about shadow IT, disrespect, irrelevance, or consumerization — you’ll be co-captaining a better company.
Private cloud (also called internal cloud or corporate cloud) is a marketing term for a proprietary computing architecture that provides hosted services to a limited number of people behind a firewall. Advances in virtualization and distributed computing have allowed corporate network and datacenter administrators to effectively become service providers that meet the needs of their “customers” within the corporation. Below you may find some tips on how to architect your virtual infrastructure for private cloud success.
Configuration: When examining the configuration of your virtual infrastructure, it’s important to look at some basic components to make the journey to the private cloud simpler.
1. In resource clusters or groupings in your virtual infrastructure, have you ensured a consistent computing platform (same processor/memory, same brand)?
2. Are all virtual servers created and run from network-attached storage?
3. Are your virtual networks and switches defined and made consistent across all hypervisors within a resource cluster or grouping?
4. Are your hypervisors within a resource cluster at the same revision? Differences in revision can cripple features necessary for availability and performance as well as business continuity.
Capacity: Capacity planning is important to managing a self-sustaining private cloud infrastructure. Without it, much of the resources that were architected to operate an efficient private cloud will be squandered on idle virtual servers – virtual servers that are no longer providing a useful service to the organization. When capacity is needed, it will be there.
Capacity is also the starting point for a chargeback or at the least, a showback cost model. This will be a mechanism that can be used inside an enterprise to ensure IT moves from a group described as overhead to one that is a business enabler. The showback model will ensure that the best decisions for business are made and that the proper costs are budgeted for resource usage to ensure a sustainable funding model in the organization. When growth in capacity is needed, it can be procured.
Provisioning: One of the largest benefits to come from the private cloud is the notion of self-service provisioning or business-driven provisioning. This is accomplished through automation built on top of your virtual infrastructure – from requests through approvals and including all components necessary to get operating systems and applications installed and configured to return an up-and-running service to the client. Automating key tasks within the process is paramount to success with your private cloud.
Availability and performance: Virtualization offers a host of features to improve on availability and performance. You should look at these features for your virtual infrastructure and implement them where possible. High availability features allow your virtual infrastructure to recover from failure of a compute resource (loss of a host, blade or physical server, within the virtual infrastructure) by restarting a lost virtual server on another host. Resource balancing features allow your virtual infrastructure to move workloads around to ensure the best performance possible within that area of your virtual infrastructure. Take a look at how your virtual infrastructure deals with these items and ensure that they are implemented to the fullest.
Business continuity: Does your virtual infrastructure have a formal DR strategy and plan in place? It’s important that all elements of the virtual infrastructure be examined from the hypervisor hosts themselves, to storage and networking, to the virtual servers they support. Are there sufficient resources at the DR site to support your critical applications? Are you satisfied with manual restoration or do you need a more automated approach? How often should you test your DR plan?
Hope you’ll find these points useful.
Nowadays more and more people are using smart phones to access the internet. The rise of the mobile is undeniable and perhaps the future of the web lies on mobile devices. It seems that almost everybody has a cell phone these days, and with the growing adoption of smart phones, more and more people are browsing internet pages on their mobile device. Some phones, for example iPhone, have browsers that make viewing regular webpages suitable. However a mobile version of your website can give you several benefits, such as faster load times, and wide coverage of devices, i.e your website can be viewed on a wider range of phones.
There were conducted several researches that studied mobile solutions for optimizing websites for mobile devicese. As the result a number of solutions was suggested that make easy to go mobile with your website and I`d like to present you the best ways “to go mobile”:
1) WPtouch is a mobile theme for a WordPress website. Modeled after Apple’s app store design specs, it loads lightning fast and shows your content in a beautiful way, without interfering with your regular site theme. WPtouch automatically transforms your WordPress blog into a web-application experience when viewed from an iPhone, iPod touch, Android, or BlackBerry Storm touch mobile device.
2) MoFuse is currently being used by over 23,000 blogs for their mobile versions. Some notable “big-name” sites are Mashable and Read Write Web. MoFuse gives you tools to promote your content, build and measure your audience, and even make money.
3) Mobify is probably the best service out there for you if you are engaged in e-commerce. Mobify offers HTML5 features for its clients and gives you full control over the layout of your mobile site with CSS, and supports over 5000 mobile devices.
4) Wirenode currently hosts nearly 40,000 mobile webpages, and includes some popular brands like Reebok and Ford. With Wirenode it takes about 5 minutes to get a mobile version of your site up and running, and it gives you features like mobile widgets, RSS mobilization, and mobile polls and forms.
5) WPtap delivers mobile themes/plugins that also can instantly convert your WordPress site into web-application experience when viewed from iPhone, iPod Touch, touch-based Blackberry, and Android smartphones. WPtap offers comprehensive mobile theme solutions for your WordPress website. It comes complete with all the standard WordPress blog features: search, login, categories, tags, archives, photos & more. WPtap also offers many customization features through a user-friendly WordPress admin panel.
6) MobiSiteGalore is a mobile website builder that allows you to easily build, publish & share a full-fledged mobile website that is guaranteed to work fine on any mobile phone. Design templates allow you to completely customize the colors, fonts and layout of the page to create a unique looking mobile version of your website.
7) bMobilized turns your website into mobile version really fast. It offers the fast conversion with comprehensive customization as an option available for you to tune the design well. bMobilized claims to support more than 13000 mobile devices, including all major brands. Also the more website you host using their service the higher the discount you get. So if you have a network of websites that needs conversion, bMobilized is the perfect service for you!
8) Onbile. Do you want to create a mobile version of your website quickly? Well, with 3 very simple steps and 5 minutes at hand you can! Onbile supports smartphones like iPhone, Android, and Blackberry. The only disadvantage here will be its limited templates, but their templates are generally awesome!
In general every solution has its ups and downs in mobile conversion. The pros are obvious: easier navigation, optimized user experience, and focused site content. The disadvantage, however,is that there will be limited advertisement space. And if your website exists with heavy and tantalizing graphics and you want it the same in mobile version, you might need to think to redesign the current site or abandon the conversion as the mobile website should be designed with minimalism in mind.
Thus consider carefully between the pros and cons, and make the wise decision whether it will benefit your users and you :)
Thank you for your attention!
Elvira Golyak – Business Development Manager (LI page)
Elvira.Golyak@altabel.com | Skype ID: elviragolyak
Altabel Group – Professional Software Development