Gartner Enterprise Architecture Tools Magic Quadrant 2012

Gartner has released yet another great resource for Enterprise Architects with their EA Tools Magic Quadrant.

The full report can be found here: http://www.gartner.com/technology/reprints.do?id=1-1CVXD3X&ct=121119&utm_content=c26292b9-8692-4afe-9fec-28e9315d6a34

 

Mike The Architect Blog: Gartner Enterprise Architecture Tools Magic Quadrant 2012

For those that have already selected an EA tool and are looking to find out how your vendor is fairing in the overall landscape, Gartner states it well in their What's New section with what changes have occurred over the last year from the last study:

Overall, it's been a "light" year as far as the degree of change in this marketplace is concerned. During the past year, some EA tool vendors have begun, or continue, to further reposition their products as broader enterprise business planning tools, in addition to being classical EA tools. This drives two primary vendor changes: in product marketing and in product output targeted at effective presentation to business leaders. This repositioning is helping vendors increase the interest and engagement of business leaders, and overcome skepticism about the term "enterprise architecture." These vendors report that they are working to expand their addressable market and increase revenue.
For users, this strengthens vendor viability by expanding their business in this otherwise smaller, niche market. At the same time, it drives improvement in features that are important for use by business stakeholders. Although these vendors still support EA concepts, principles and best practices, this repositioning may help to rebrand IT-centric architecture efforts in a more business-relevant manner.
Of course, renaming and repositioning EA will not resolve challenges of governance, business strategy, measurement, collaboration and communications. Clients need to evaluate a vendor based on its real abilities and capabilities to support their holistic EA tool needs — not based purely on market repositioning.

Instaspam 2: Electric Boogaloo

While death and taxes may be certainties in our lives, in the digital world—especially in social networking—one certainty is spam.

I recently wrote about gift card spam targeting the popular photo-sharing application Instagram. The service now has over 100 million users and it recently surpassed Twitter with more average daily visitors (Figure 1). As the number of users of Instagram continues to increase, we expect to see a corresponding increase in Instagram spam.

Figure 1. Instagram daily visitor growth
 

Cash Rules Everything Around Me (C.R.E.A.M.)

While gift cards work quite well as a lure in social engineering, the promise of cash (through different means) or even fame is a sure fire way to attract targets.

Figure 2. Spam comments as lure

In one example, a spammer tries to lure a user by offering movie roles (Figure 2). This spam comment mentions a user account (Figure 3) where details can be found. We have seen something similar before, where spam accounts tag fake promotional accounts as a way of tricking users.

Figure 3. Spam user profile has many followers

The URL provided in the spam user profile (Figure 3) confirms more than 8,000 clicks in just a two-day period (Figure 4).

Figure 4. Instagram spam lure success
 

The distribution of these clicks also confirms more than 5,000 originated from mobile devices. Most of the security applications designed for smartphones do not handle blocking browser-based spam, which is one reason why it is attractive to target these users.
 

Hashtags-a-go-go

Another easy way for scammers to lure targets is to focus on hashtags (words or phrases prefixed with the symbol #). On U.S. Election Day, for example, many users were using #ivoted to show off their “I Voted” stickers. Spammers targeted this popular hashtag with their message (Figure 5).

Figure 5. More spam comments as lure

While the Brenda spam comment (Figure 5) is a type commonly found, the spam comment from Isabelle is different: she makes no mention of making money from home neither does she offer anything else to the user. Instead, Isabelle leaves a generic comment.

Figure 6. Curiosity killed the cat? More spam.
 

Once a user visits Isabelle’s profile, it becomes obvious: the account is plugging a work-from-home scheme in the profile bio section (Figure 6).
 

Follow Me Now

Last, but certainly not least, is the allure of attaining more followers. Followers are a key part of any social network and it is just as important on Instagram.

Figure 7. Spam account promises new followers

There are plenty of scams circulating on Instagram about how one can purchase likes and new followers. However, this is the first time I have seen an Instagram scam (Figure 7) that leads users to a survey scam page (Figure 8).

Figure 8. Survey scam targets Instagram users

If you come across spam while using Instagram, you can do your part and report it.

And please remember folks, if it sounds too good to be true, there is a good chance that it is, in fact, too good to be true.

Google, Microsoft, PayPal, other Romanian sites hijacked by DNS hackers

For a brief time, people trying to visit google.ro on Wednesday were connected to this page instead.

Romanian websites for Google, Microsoft, Yahoo, PayPal, and other operators were briefly redirected to a rogue server on Wednesday. The redirect is most likely a result of a decade-old hacking technique that underscores the fragility of the Internet's routing system.

For a span of one to several hours on Wednesday morning, people typing Google.ro, Yahoo.ro, and Romanian-specific addresses for other sites connected to a website that was purportedly run by an Algerian hacker, according to numerous security blog posts, including this one from Kaspersky Lab. Researchers said the most likely explanation for the redirection is a technique known as DNS poisoning, in which domain name system routing tables are tampered with, causing domain names to resolve to incorrect IP addresses.

DNS poisoning first came to light in the mid-1990s when researchers discovered that attackers could inject spoofed IP addresses into the DNS resolvers belonging to Internet service providers and large organizations. The servers would store the incorrect information for hours or days at a time, allowing the attack to send large numbers of end users to websites that install malware or masquerade as banks or other trusted destinations. Over the years, DNS server software has been updated to make it more resistant to the hack, most recently in 2008, when numerous providers introduced fixes to patch a DNS cache poisoning vulnerability discovered by researcher Dan Kaminsky.

Read 3 remaining paragraphs | Comments

Pro-Iranian hackers stole data from UN atomic agency’s server

The United Nations' International Atomic Energy Agency has admitted that data from a retired server at its Vienna headquarters was stolen and posted to a hacker website. A group calling itself Parastoo allegedly stole the data in an effort to draw attention to Israel's nuclear weapons program and as a protest against attacks on Iran's nuclear efforts—including the use of the Stuxnet worm and assassinations of Iranian nuclear researchers.

A Pastebin posting on November 25 by someone purporting to represent the group (which takes its name from the Farsi name for the swallow) listed the e-mail addresses of physicists and other experts that had consulted with the IAEA. The message urged the people whose addresses were listed to petition the IAEA to investigate "activities at Dimona"—the site of Israel's Negev Nuclear Research Center, which is widely believed to be the center of Israel's nuclear weapons production efforts.

"We would like to assert that we have evidences [sic] showing there are beyond-harmful operations taking place at this site and the above list who technically help IAEA could be considered a partner in crime should an accident happen there," the statement read.

Read 2 remaining paragraphs | Comments