Business Technology

Attack of the Zombies – How America is Vulnerable to Cyber Attack

Hackers from China launched a massive attack on several large network operations centers at 8:00am CST March 8, 2011.  As many as 1.5 million packets per second paralyzed the networks.  The perpetrators used malware to invade servers all over the Internet that have weak security. It’s called a distributed denial of service attack or DDoS for short. 

After the poorly protected servers were infected, they became zombies, listening for instructions from their remote mastermind.  When the command was given the army of zombie servers began attacking networks carrying an opposing political point of view.  Blogging sites such as WordPress and others have experienced such an attack in the past week.

So how much damage can an army of zombies do?  It is not so dissimilar to a zombie movie.  You know, the one where someone is talking to a friend and they don’t realize they’ve been infected and suddenly they turn on them and begin chewing on their necks.  You might think that these zombie servers are off in some third world country.  Not so.  Many are right here in our midst.  It is not as simple as AT&T cutting the cable to disconnect the threat.  The attackers come from everywhere.  It’s a zombie fest where you have to deal with blocking many zombies coming from different directions.  They can literally stop all communication dead in its tracks.

How much trouble can zombies cause?  Basically, when zombie servers attack, your network can become as isolated as those folks caught in the local shopping mall trying to fend off the zombies coming in through the doors, windows and breaking through walls.  We have become so dependent on the Internet that everything is subject to failure.  Even the phones can die because many now use voice over IP (VoIP) and transmit over the Internet.  It is a critical problem and a vulnerability for America.

Are there any weapons that will kill the zombies?  The answer to that question is yes.  Cisco makes a product that detects a potential attack and takes corrective action – as do other companies.  The problem is that many large network companies don’t use them.  In the case of large Internet companies like AT&T, they don’t discriminate and send packets through regardless of their nature.  They make no attempt to distinguish zombies.  It is left up to the network operation center to fend for themselves.  An operation with a big budget can afford this kind of equipment but it is still out of reach for a small operation.

The bottom line is that we know this is a problem for national security.  We even have a technical solution.  The question is what is the plan to protect American infrastructure?  I feel like the professor shouting Buehler, Buehler – it’s an ‘80’s thing.

References:

http://www.zdnet.co.uk/news/security-threats/2011/03/09/web-hosting-firm-hit-by-china-based-ddos-attack-40092070/

http://www.pingzine.com/codero-taken-down-by-ddos-attack/

Advertisements

Windows XP and 2003 at Risk

If you are the owner of Windows XP or Windows Server 2003 you are at risk of a pretty significant hack – at least for the time being. 

It’s an attack on the “Windows Help Center”.  The bad news about this attack is that some unwitting, or perhaps witting, genius at Google published how someone can execute the attack without considering the risk he was exposing all XP users to.  The fellow’s name is Tavis Ormondy, a Google security researcher.  Come on Tavis – use some common sense and do the right thing.  As a result of his error in judgement systems in Europe are experiencing a significant peak in hacks.  The U.S. may be next.

So, right now, as of today, if you are using Windows XP or running a Windows Server 2003 for your business you are at risk.  If you visit a web site that is exploiting the security hole your machine could be in big trouble – which is why I’m writing this article – to get the word out.  

The vulnerability exists in the Windows “Help Center”.  Yes – the same one that provides automated updates.  I won’t bore you with the details but you can download a temporary fix that will protect you from attack but it is not a permanent fix.  My understanding is that the download will also disable some help center functionality.  But I recommend you do it as soon as possible.  You can download the fix at http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx.

This is probably a pretty good time to upgrade to Windows 7 if you’ve been thinking about it.  My understanding is that a permanent fix could be as long as 2 months away – due to testing and all of the other stuff involved in a release.

Here is an informative Computer World article on the subject: http://www.computerworld.com/s/article/9178084/Hackers_exploit_Windows_XP_zero_day_Microsoft_confirms

The Role of Technology in Education

Technology is transforming the way we learn and teach.  We are already seeing learning being transformed into an “open system” via the Internet. It is readily accessible to the highly educated, the young and those who failed to get an education in their youth. The future of education is no longer the monopoly of brick and mortar schools.

The last great change in the way people were educated occurred with the advent of the printed book by Gutenberg in 1440.  The foundations for our current system of education was established by John Amos Comenius between 1628 and 1632 when he published his work titled “Didactica Magna” which proclaimed that both noble and ignoble children, boys and girls alike, should be sent to school and educated.  He proposed that society would benefit if they were occupied learning “useful things”.

The way that subjects have been taught has not changed much until now. We have known for hundreds of years that we learn behaviorally through drill, repetition and feedback.  And that learning is best done in stages and that those stages are mastered differently, either more or less easily, by different students.  When children of different abilities and interests are grouped by age and force fed subject matter it does not account for those differences.  In this way technology is far superior in providing instruction to the student depending on their own rate of learning.  The activity of the teacher is no longer focused on the repetition, drill and administration, but on the leading, directing and motivating the student.

With technology, students become their own instructors.  We are seeing children become computer literate at a very young age.  They are competent at interfacing with and using computers as a learning tool. Today’s labor intensive schools will become unnecessary in the future.

The challenge for educators, and their top priority, must be a commitment to literacy.  This commitment is crucial to society and to the young student.  Only when a student attains a high level of skill and mastery of a subject do they become self confident, competent and able to contribute to society.

The role of the teacher will change.  While technology is the best tool for providing repetition and practice to the student – it is boring.  Computer programs can be written to lessen the boredom but the real motivation for the student is when they realize achievement.   Achievement is the strongest motivator and one that is recognized by our society.  The athlete who practices speed skating spends hours and hours going in circles on an ice track.  But the one who achieves Olympic fame is honored by a gold medal for their achievement.  This achievement inspires and motivates others to spend hours and years in boring repetition in order to become the best in the world.  The importance of repetition and drill will not be eliminated by computers.

Technology can free the teacher from the repetitive and routine activities.  It can provide the teacher with the results of the student’s efforts so that they can be analyzed in order to identify strengths and weaknesses.  This can be done through test results, video tape or monitoring the learning process.  The role of the teacher will be to recognize and acknowledge achievement and direct the student to mastery of the subject.  The student will then be able to contribute to society.

Technology also provides employers and adults seeking advanced education new opportunities to master subjects without interfering with their daily responsibilities.  The role of educators in advanced subjects will focus not only on directing and leading, but on challenging the student to new levels of achievement by focusing on their strengths.

The new “open system” of learning is essential to our rapidly changing society.  New techniques, tools and systems are constantly being introduced.  This requires that the student learn new things about a subject they had previously mastered.  Technology and the economy are no longer static during the lifetime of the student.  It is changing – sometimes rapidly. 

In 1965 Gordon Moore, the co-founder of Intel, introduced the concept that technology is improving at an exponential rate.  It has held true that “data density” has doubled approximately every 18 months since that time.  This has led to the flat screens, netbooks, highly functional cell phones like the iPhone and now reading devices like the Kindle, Nook and iPad that can store 10,000 books and play video.  This frees the student from studying at a physical location and opens new teaching possibilities.  But, it also means that new subject matter may also be added at a furious pace.  In order to stay at an advanced level of literacy, the student must commit to a life a continual learning.  This can only be effectively done by technology.

Revolutionary automated outbound call system using Skype

Sometimes I love my job as a Software Architect because I get to invent new toys to play with that make life easier, less tedious and, on occasion, provide real value.  Well, I just finished designing one of those toys.  It is a very different kind of automated calling system that uses Skype voice over IP, the latest text to speech technology and seamless web services to do something very cool.

Over the past 10 years research has shown that if schools hold students accountable for their behavior they typically reduce problems like being late to class, using cell phones, etc. by up to 80%.   They also know that the minute they stop holding the students accountable they slip back into the bad behavior almost immediately.  In the late 1990’s our company pioneered parental involvement by being the first to instantly send an email to the parent when a tardy slip or disciplinary action was assigned to a student.  Since then, eCampusUSA.net (one of FTI’s companies) has issued over 3,000,000 tardy slips and almost 2,000,000 disciplinary actions – but there has always been a problem.  What if the parent doesn’t have email or it isn’t in the student record?

The old solution to the problem was either to print a letter and mail it to the parent or make a phone call.  The problem with the letter is that mailing costs continue to rise.  And while we have automated the process of printing so that the school doesn’t have to print labels or address envelopes, it is still labor intensive.  Some schools would have to mail 200 letters a day and at a buck a letter it could cost 180 x $200 = $36,000 per year.   Not exactly the best solution – even if you cut the cost in half.

If a school wants to automate phone calls to parents, installing their own dialer can be very expensive.  Installing an automated dialer to call parents requires a separate computer, installation of a very expensive digital phone card that costs at least $2500 and is difficult to install and configure – to say the least – if you ever tried to configure one you’d know what I mean.  The school also must pay for a monthly charge for all of the dedicated phone lines.   The cost of a dialer for a school can cost $5,000-10,000 a year when you consider phone lines, support and installation.  Then you have the problem of setting up the data so that it can begin making the calls which can be a lot of work – and the reality is that most systems cannot provide the data that can be fed into an automated calling program. For schools on tight budgets, that cost is out of the question.

The new system is amazing.  When a school issues disciplinary action of any kind to a student and the parent email is missing, a customized phone call to the parent is made within minutes.  The greeting and message tells the parent about the offense and when detention or other corrective action will be held.  Every message is unique and in a human voice.  The result of the call is then stored in the student record so that a school administrator can see the result of every phone call. 

The school doesn’t need to install any hardware or software to make this happen.  All they need is a browser and Internet connection.  The rest is done automatically.  Instead of spending thousands of dollars and having to put up with the support headaches it only costs them $39 a month regardless of the number of phone calls.  You might say – really?  But don’t services of this type always charge per call?  You would be right.  Most services charge 4-10 cents per call.  If a school made 200 calls per day it would cost  $160-400 per month.  How can we offer this service for only $39 per month?  You see – I told you that sometimes inventing new toys is fun!

The reason we can do it for that amount is because we use Skype as our phone service.  We have a server that talks directly to the eCampus server in real time to see if any calls have to be made.  If there are calls, then it gets the message that is unique for every call and converts it from digital text to speech using the latest in speech technology.  It sounds more like a human than a robot and I’ve even had people talking to the system thinking a person was on the other end of the line.  Pretty cool stuff!  Then, it dials the parent’s phone number using a special interface we built into Skype.  If the parent picks up the phone it plays the message, if not it leaves a voice mail.  If there is no answer, it tracks that as well.  When the call is finished, it updates the student record with the result.  This takes interaction to a whole new level – and it is incredibly cost effective!

I’ve been thinking about how this technology can be used by doctors and dentists for reminding patients.  Organizations for announcing meetings or reminders.  It is pretty powerful and opens up a whole new means of communication that was previously cost prohibitive.

So I’ve been watching my new toy quietly going about it’s business every day improving the communication between teacher and parent.  Something that would not have been possible 5 years ago.

Microsoft Antivirus may be a Game Changer

Windows 7 was released last week and it looks like Microsoft might be getting its act together.  I wanted to let you know about some free antivirus software that Microsoft has released (not beta) and it is compatible with Windows 7 (unlike some existing antivirus programs).  It looks very good.

It is called Microsoft Security Essentials and can be downloaded at http://www.microsoft.com/security_essentials/resources.aspx.  It only takes a minute to download and install.  I discovered that it is very comprehensive.  When I rebooted my system it detected an automated backup program that I run and asked if I wanted to give it permission to work through the firewall – so I know it is absolutely checking the firewall.

The second thing is that it was tested against 3,200 viruses and detected all of them, including malware, etc.  You can read the review at http://blogs.zdnet.com/hardware/?p=4785.

 The third feature that is pretty cool, other than being free, is that it works on Windows XP, Vista and the new 7.  So you can dump all of your old antivirus if you want to.  It is true that it might not have features like a browsing toolbar that your current antivirus has – but – if you load Internet Explorer 8, much of that security is already built in.

From a performance perspective I launched programs as soon as the computer loaded Microsoft Security Essentials.  When I did this with Zone Alarm and McAfee, the system would tend to thrash a bit.  With the MS antivirus this did not appear to be a problem.

So, if you didn’t know about it I hope this was helpful. 

P.S. – If you own stock in McAfee, Norton or others you may want to watch it carefully.  When this is widely publicized it could be a game changer.