“Dexter” malware infects South African restaurants, costs banks millions

South African banks have sustained millions of dollars worth of losses after criminals obtained payment card data from electronic point-of-sale terminals infected with malware, according to published news reports.

Hundreds of thousands of people have probably been affected by the fraud, which was primarily focused on KFC outlets and other South African fast-food restaurants, Bloomberg News reported Tuesday. The news service quoted an official with the Payments Association of South Africa as saying: "There's not a single bank that hasn't been affected." In all, losses come to tens of millions of South African rand, which converts to millions of US dollars.

South Africa-based TechCentral, citing Payments Association CEO Walter Volker, said the card data was obtained from point-of-sale terminals infected with malicious software known as Dexter. The malware, which uploads the contents of a terminal's computer memory to remote servers controlled by criminal syndicates, first came to light ten months ago. It's capable of isolating payment cards' Track 1 and Track 2 data contained in memory dumps. Previously, it had infected hundreds of terminals at big-name retailers, hotels, restaurants, and other businesses located in North America and Europe, according to researchers at Seculert, the Israel-based security firm believed to have discovered Dexter. The malware gets its name from a text string found in one of its files.

Read 3 remaining paragraphs | Comments


New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks

For nearly a decade, TrueCrypt has been one of the trusty tools in a security-minded user’s toolkit. There’s just one problem: no one knows who created the software. Worse still, no one has ever conducted a full security audit on it—until now.

Since last month, a handful of cryptographers have discussed new problems and alternatives to the popular application. On Monday, this culminated in a public call to perform a full security audit on TrueCrypt. As of Tuesday afternoon, that fundraiser reached more than $16,000, making a proper check more likely. Much of those funds came from a single $10,000 donation from an Atlanta-based security firm.

“We're now in a place where we have nearly, but not quite enough to get a serious audit done,” wrote Matthew Green, a well-known cryptography professor at Johns Hopkins University. How much would “enough” be? “That depends on how many favors we can get from the security evaluation companies,” Green continued on Twitter. "I'm trying to answer that this week."

Read 2 remaining paragraphs | Comments


Five Take-Aways from Gartner Symposium 2013

Mike The Architect Blog: Gartner Symposium 2013 5 Take-Aways

Last week was Gartner’s marquee event for its customers, Symposium ITxpo 2013. Gartner Symposium/ITxpo brings CIOs and senior IT executives together under one roof, the event offers 500+ analyst sessions, workshops, roundtables and mastermind keynotes across five full days. With 10 role-based tracks and 11 industry tracks, the agenda targets your specific title responsibilities and ways to adapt new ideas and strategy to your industry, along with insight on what's next in IT.

I wanted to provide a recap on the event based on my perspectives. I hope this is helpful to the folks that attended and for those that could did not.


My Top Five Take-Aways from the Event

For Enterprise Architects and other strategic roles I distilled the following observations from the conference.

  1. Be Prepared For The 2014 Top 10 Trends
  2. Customers Demand a New Vendor Model
  3. The Focus Is Still on Cloud, Mobile Social and Information
  4. There is no Private and Public Cloud, Just Hybrid
  5. IT Has Grown Up. Focusing on Strategic Business Value


#1 Be Prepared For The 2014 Top 10 Trends

Gartner highlighted the top ten technologies and trends that will be strategic for most organizations in 2014. Strategic technology is defined as one with the potential for significant impact on the enterprise in the next three years. Factors that denote significant impact include a high potential for disruption to IT or the business, the need for a major dollar investment, or the risk of being late to adopt.

Gartner says:

“The new technologies will help drive IT spending to $3.8 trillion in 2014, a 3.6% percent increase from this year”

The projected increase in IT spending isn't necessarily good news for established IT vendors. Approximately two-thirds of the respondents to Gartner's CIO survey said they expect to change primary suppliers by 2017. [See more below in #2 Customers Demand New Vendor Model]

A strategic technology may be an existing technology that has matured and/or become suitable for a wider range of uses. It may also be an emerging technology that offers an opportunity for strategic business advantage for early adopters or with potential for significant market disruption in the next five years. These technologies impact the organization's long-term plans, programs and initiatives.

The top ten strategic technology trends for 2014 include:

  1. Mobile Device Diversity and Management
  2. Mobile Apps and Applications
  3. The Internet of Everything
  4. Hybrid Cloud and IT as Service Broker
  5. Cloud/Client Architecture
  6. The Era of Personal Cloud
  7. Software Defined Anything
  8. Web-Scale IT
  9. Smart Machines
  10. 3-D Printing

Gartner defines a strategic technology as one with the potential for significant impact on the enterprise in the next three years. Factors that denote significant impact include a high potential for disruption to IT or the business, the need for a major dollar investment, or the risk of being late to adopt.


#2 Customers Demand a New Vendor Model
According to a Gartner, 1300 CIOs say that their vendors and partners of the future (digital IT partners) will not be the same as the current traditional partners.

Below is the predictions from Gartner on who will be the relevant technology leaders in the next 10 years.

Mike The Architect Blog: Gartner Symposium 2013 5 Take-Aways

Gartner says:

“CIOs see Google as "more innovative than current enterprise vendors"

This analysis further showed that the customers over the next 5 to 10 years will be less inclined to go with a single sourcers of technology but rather diversify to many smaller more agile and innovative technology partners.

Mike The Architect Blog: Gartner Symposium 2013 5 Take-Aways


Should the big vendors be concerned? If Gartner’s analysis is correct, yes. I suspect what this means is that companies now have more options to go with smaller more agile and nimble vendors. An example of this is Salesforce.com or Workday which I think companies like these have pioneered this behavior with a combination of their go to market strategies and availability of technology. 


#3 The Focus is on Cloud, Mobile Social and Information

The Gartner Nexus of Forces on the IT industry is in full effect. To be relevant in the marketplace today and tomorrow an emphasis on these areas is paramount. Talking with customers at the conference certainly reflected this. 

This is reflected not only in the Gartner research but also in independent research. Shown below is the latest 2013 IBM C-Suite Infographic that shows the importance and the demand.

Mike The Architect Blog: Gartner Symposium 2013 5 Take-Aways - IBM C-Suite Infographic


Just like previous events the analysts at Gartner painted a transformational view on what the IT industry was going to evolve to over the next 5 or so years. Some of the key insights that the Gartner analysts provided were included:

  • The “internet of everything” will drive 4 trillion next year
  • Data explosion threatens to overwhelm enterprises
  • Sensors will be everywhere
  • 3-D printing will change everything
  • Smart machines will replace people

While each one of these insights provide their own value standing alone,  all of these insights are connected and highly predicated on cloud as the backbone. Cloud not only provides the connective tissue but it also provides an architecture that can support the overwhelming amount of information that will open up these new business opportunities.

There is still quite a bit of confusion around what cloud really is and isn’t. Daryl Plummer provides a concise view of what cloud really is in the Network World article, “Gartner: The cloud according to Daryl


#4 There is no Private or Public Cloud, Just Hybrid Cloud

According to Gartner, 70% of companies will be pursuing hybrid cloud strategy by 2015. That might not be a surprise to some as with most solutions they were hybrid in nature before the advent of cloud when there was client / server or SOA.


Mike The Architect Blog: Gartner Symposium 2013 5 Take-Aways - Hybrid Cloud Predictions

What that means is that workloads will be distributed based on how technology decision where made in the past (i.e., heavy focus on infrastructure and apps) but move toward a business oriented IT organization focused on business capability and information.

Focusing only on one service model (IaaS, PaaS or SaaS) or delivery model (Private, Public, Hybrid or Community) is flawed. The go to market strategy must have a cloud playbook that allows for the combination of these to come up with the right solution based on three levels of detail:

  1. Business Model Alignment. How does this solution achieve maximum shareholder value, foster innovation, reduce GRC issues and reduce complexity.
  2. Business Capability Alignment. How does this solution maximize, address gaps or sun sets non-differentiating capabilities of the business
  3. Business Information Management. How does the information that technology facilitates differentiate the company and support technology decisions around risk and benefit.

You can find more of more of my specific insights on this topic in the posts referenced below:

  1. How to Understand Which Investments Go to The Cloud
  2. Cloud Strategy Begins with Balancing Value and Risk
  3. Enterprise Architects are Key to Driving Cloud Strategy
  4. Pragmatic Methods and Tools to Moving to the Cloud


#5 IT Grows Up. Focusing on Strategic Business Value.
The IT world is shifting dramatically, more so than it ever has. Not only as seen in technology but also in it’s operating and organizational models. IT is moving from a classic run or operate IT to be better aligned with the business to deliver innovation that drives strategic value.

Below you will find how the head of IT, the CIO is evolving to support these demands.

Mike The Architect Blog: Gartner Symposium 2013 5 Take-Aways - Evolving Role of the CIO

Gartner says:

“CIOs that don't adapt will become simple custodians of back-end systems. Companies that fail to change will join Kodak, Blackberry and Wang, each of which was slow to recognize new forces in technology.”

You can find more of more of my specific insights on this topic in the posts referenced below:

  1. What Kind of CIO’s with Transform Businesses   
  2. CIO Priorities for the Next 3 Years

Oracle Releases October 2013 Security Advisory

Original release date: October 15, 2013

Oracle has released its Critical Patch Update for October 2013 to address 127 vulnerabilities across multiple products. This update contains the following security fixes:

  • 2 for Oracle Database Server
  • 17 for Oracle Fusion Middleware
  • 4 for Oracle Enterprise Manager Grid Control
  • 1 for Oracle E-Business Suite
  • 2 for Oracle Supply Chain Products Suite
  • 8 for Oracle PeopleSoft Products
  • 9 for Oracle Siebel CRM
  • 2 for Oracle iLearning
  • 6 for Oracle Industry Applications
  • 1 for Oracle Financial Services Software
  • 2 for Oracle Primavera Products Suite
  • 51 for Oracle Java SE
  • 12 for Oracle and Sun Systems Products Suite
  • 2 for Oracle Virtualization
  • 8 for Oracle MySQL

US-CERT encourages users and administrators to review the October 2013 Critical Patch Update and follow best practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.