Open Group Newport Beach Conference 2013 – Big Data Panel

Mike The Architect Blog - Big Data Panel
Continuing on the theme of Big Data, the Open Group held a panel on that topic with some of the keynote speakers along with other industry experts on this complex topic.

The topics included:

  • Big Data and the EA Perspective
  • Lessons learned
  • Big Data’s relationship with the Cloud
  • Mobility
  • Security

 Below are the key insights that resonated with me.

Big Data and the EA Perspective

  • Define what is useful data
  • Institute a data life cycle through your governance practices
  • Focus on what data is going to create business value
  • Big data platforms were not built with data security in mind (example: Hadoop – access control mechanism not there.. Still needs third party controls)

 

Lessons learned

  • Not all data is created equally
  • Once you classify, then you can do something with it

 

Big Data & Cloud

  • Need to figure out information, service level agreements and risk analysis 
  • Sometime the risk analysis points to private cloud
  • If you are thinking about moving big chunks of data around the enterprise, then cloud may not be an option. Figure out real-time data, Hadoop solutions, ETL or Data Warehousing.

 

Mobility & Development

  • Developers are now developing  for mobile first or at a minimum mobile compatible
  • It is important to address security in the mobile tier. How important is to make data avail to mobile device
  • In general, if consumers have access to it on their desktop, they will want it on their mobile

 

Value of Big Data

NASA is using Big Data in several small projects, mostly in the visualization realm.

Example: Write an app to use NASA data to allow a farmer to have an iOS app to determine what they should grow. The team that worked on it realize that great satellite data wasn’t enough. They decide to build the “mash-up” of data through other sources. The mash-up was vital to getting an accurate view. 

 

Internet criminals: so reliably dumb at hiding their tracks

It's a good thing for the rest of us that so few criminals are truly "masterminds"—and thus end up so easy to find. Case in point: the FBI's arrest, announced today, of an alleged sextortionist named Karen "Gary" Kazaryan in California.

First, let's be clear on the charges. According to the FBI, the 27-year-old spent huge amounts of time breaking in to e-mail and social networking accounts—usually Facebook—and then scouring them for sexually provocative photos. If found, the photos were then used to approach the account holders and blackmail them into making further displays, usually over Skype, to the watching hacker. If they didn't comply, the original photos might be posted to their Facebook page.

Here, for instance, is how FBI Special Agent Tanith Rogers describes a November 20, 2010 encounter between the hacker, who had obtained a topless photo of a woman in a hot tub from one victim's Facebook account, and two sisters:

Read 10 remaining paragraphs | Comments

To prevent hacking, disable Universal Plug and Play now

Security experts are advising that a networking feature known as Universal Plug and Play be disabled on routers, printers, and cameras, after finding it makes tens of millions of Internet-connected devices vulnerable to serious attack.

UPnP, as the feature is often abbreviated, is designed to make it easy for computers to connect to Internet gear by providing code that helps devices automatically discover each other over a local network. That often eliminates the hassle of figuring out how to configure devices the first time they're connected. But UPnP can also make life easier for attackers half a world away who want to compromise a home computer or breach a business network, according to a white paper published Tuesday by researchers from security firm Rapid7.

Over a five-and-a-half-month period last year, the researchers scanned every routable IPv4 address about once a week. They identified 81 million unique addresses that responded to standard UPnP discovery requests, even though the standard isn't supposed to communicate with devices that are outside a local network. Further scans revealed 17 million addresses exposed UPnP services built on the open standard known as SOAP, short for simple object access protocol. By broadcasting the service to the Internet at large, the devices can make it possible for attackers to bypass firewall protections.

Read 5 remaining paragraphs | Comments

Gift of Trojan.Smoaler Delivered Through Fake FedEx Emails

Symantec Security Response is aware that fake FedEx emails have been circulating recently. The emails claim the user must print out a receipt by clicking on a link and then physically go to the nearest FedEx office to receive their parcel. Obviously the parcel does not exist and those who click on the link will be greeted by a PostalReceipt.zip file containing malicious PostalReceipt.exe executable file. Instead of receiving a parcel, which the user did not order in the first place, Trojan.Smoaler is delivered to the computer.

All the fake FedEx emails delivering this malware are almost identical except for the order numbers and the website the zip file is hosted on. One sign of laziness, or perhaps an oversight on the part of the malware author, is an consistent order date. The author does change the domain where Trojan.Smoaler is hosted daily. The following emails were spammed out in 2013 on January 21, 25, and 26.
 

Figure. Fake FedEx emails spotted in 2013 on January 21, 25, 26
 

Symantec detection Trojan.Smoaler!gen4 protects customers from this threat.

We should all know by now that the only unordered parcels we ever receive are gifts from Santa Claus. Even though Santa and his reindeer may be struggling to keep up with the ever increasing amount of gifts that need to be delivered on Christmas night each year, we are sure he would not send them through a courier delivery service!

FedEx has posted a warning on its website along with further information about online security. As always, we recommend users to keep their antivirus up to date and avoid clicking on links in emails received from unknown senders. If a suspicious email originates from an organization that you do not have any personal business dealings with, it should be assumed that these emails are potentially malicious and should not be opened.