Scary Smart Phone Stories! (Halloween)

October 26th, 2010

It’s Halloween time, when people tell each other frightening stories and urban myths. Some like to party and dress up, though I suspect Halloween may be just a thinly veiled excuse for some people! I personally like to raid my child’s “Haul” as she calls it when she’s not looking. After all, that’s a lot of candy!

I have some scary stories to share with you, stories about Smart Phones (or App Phones, as some call them) security issues.

Unfortunately, unlike the Halloween stories that we grew up with and can’t really hurt us, this information is real, and some of it scares me and other people who have come to understand the issues involved. I’d like to take a look at three popular smart phone platforms:

  • iPhone
  • Blackberry
  • Android

Let’s see if we can’t “scare up” some information on each platform and find the most secure, or at least the most vulnerable to malware, viruses, corruption, etc. I know that this information will probably not cause you to buy a particular handset, or steer away from another, but to quote Sy Syms (clothing store magnate supreme): “An educated consumer is our best customer”.

First the iPhone: Good news! Unless you have jail broken your phone, you should be relatively secure. If you havejail broken it, there are a number of good freeware programs that can help protect you from malware apps. Now the Meh.. news: Oneof the primary reasons that the iPhone remains pretty secure is that Steve Jobs has every app in the app store carefully certified as safe. Of course, there is also a fair amount of censorship going on there, but that’s a story for another day for another day. Bad news: Poor design can really bite you in the ass, as shown in an article published by VentureBeat technology blog in the New York Times on 10-26-10. Apparently, a screen locked phone can be made to bring up the phone app, which can then be used to make calls, VIEW YOUR CONTACT LIST WITH ATTACHED NOTES and browse your call history. Of course, Apple promises to fix this soonest!

Black berry: Good News! Some of the blackberry’s communications are so secure that some countries have considered banning then nationally. This is also why the US Government loves these thing. Meh…news: There are companies (Symantec for one and Panda for another) that offer mobile security suites for these devices. I’m guessing some stuff happened (stuff?) and this software is filling a need. Bad news: With out a tightly controlled app store, there are plenty of apps out there that are border line malicious. If the OS is corrupted somehow (unlikely), rebooting the device will restore it though.

Android: Good news! Hard to tell yet. Meh…news: Same deal. Bad news: Insufficient data. My personal guess is that this platform (open source, freeware etc..) will become a lightning rod for malware, viruses and Trojan attacks. I can just picture the proud teenager bragging to his/her friends that their Android Botnet has over 50,000 zombies.

Of course, the most frightening thing of all is not poor design, it’s not lack of security software, it’s not- well you get the point. The fact remains that even the most secure device in the wrong hands can still lead to heartache. All these phones can connect to the world wide web, where a host of evil phishing and scam sites await you around the next dark corner! The human mind does not need electronic devices to perform damaging acts. And boy, are we humans gullible!

More scary news: Gadgets Bring New Opportunities for Hackers, NY Times Online 12/26/10

Yet another prediction of doom: Security To Ward Off Crimes On Phones, NY Times 02/23/2011.

Hacking: Pretexting and Social Engineering

September 3rd, 2010

A very interesting article was published by IDG News Service on September 3rd, 2010 by Robert McMillan.

The article was about the outcome of a contest recently hosted by and at Def Con in Las Vegas NV. If you are not familiar with Def Con, it is considered to be one of the worlds premier hacker conventions. It is held yearly in Las Vegas the day after the Black Hat www.blackhat.com hacker conference. The Black Hat conference is more oriented towards computer industry network administrators and hardcore computer security types. There is a steep entry fee.

Besides this and many other  interesting articles that were generated out of the fruits of Def Con, the conference itself is a very unusual and interesting event. Check it out at www.defcon.com .

Anyway, the contest was to see if conference participants would be able to cold call fortune 500 companies (in front of the live Def Con audience) and get a hold of a person who would give out company information that might help a hacker with a computer or network attack on that company later (read full article). Unbelievable results! 17 major corporations were targeted. 90% of the corporations are house hold names.  The Def Con callers were amazingly successful in getting receptionists, managers and other employees to give up information about things like what kind of web browser were they using, what kind of operating system, what kind of anti-virus etc. The contest participants were not allowed to ask for things like pass words, etc.

Only one company did not give up any of the information the contestants were told to try and uncover, and that is because the contestant could not a live person on the line!

The technical name for what the contest participants were doing is called ‘Pretexting” or “social Engineering”. Hackers will normally deploy some sort of social engineering attack to learn some basics about the targets computer infrastructure. That is why the callers were asking for thing like what type of operating system are you using? After, the hacker can probe the company network to see if the operating system is missing any security patches, and if so, exploit those openings. Any information gained during pretexting can be useful to the hacker.

The most troubling thing, is that most of the information was given up by the companies employees willingly. One of the assign tasks for the partipants was to try to get the company employee to visit a strange website. Most did.

Of the 135 fortune 500 employees, only 5 refused to give up any information at all. And all 5 were women.

This exercise shows that even companies that take security seriously can become undone by unwitting (or witting) employees who say things and do things that they should not. Receptionists are the front line of defense in the battle against social engineering. A skilled social engineer will extract information by engaging the target in seemingly innocent conversation. You really must see a skilled hacker at work to truly understand how effective some one with knowledge of human nature and some charm can be.

After the event, the sponsors of the competition met with the FBI in Washington DC to discuss their findings. It might surprise you to know that the FBI and the DHS attend many different hacker conventions, to learn, recruit and look out for bad guys (?).

In closing, it is important to remember that the software sales person on the phone asking all those questions might be a sales person or something more sinister. It a Social Engineer’s job to come across as pure and clean as the driven snow. Please read the article, it outlines preventative measures that some companies deploy on a daily basis.

 

DIY Security Systems- You Get What You Pay For

July 1st, 2010

I’m starting to see a disturbing trend predominately in the home alarm industry. The ‘Do It Your Self Security System’.

When Home Depot and then Lowes Home Stores became really popular in the North East, a new type of reality TV show was also gaining popularity, DIY home fix up shows that showed how good results could be gotten from:

  1. good planning
  2. a low budget
  3. some general handiness
  4. lots of elbow grease.

These two factors, the stores and the shows, (among some other important ones) drove millions of people to try their hand at DIY home improvements. With predictable results. The people who had the wherewithal to handle all 4 of the important above mentioned points got good results. As the ability to handle less of these points whet down, so did the quality of the end result. Many DIY home fix up shows actually showed the home owner realizing they where in over their heads and called in a Pro for a certain portion of the job.

People who had realistic expectations, kept the projects within their range of ability, knew a bit about what they were doing, knew when to ask for professional help, were willing to put in hard work, mostly produced something that they could be proud of, something they could brag about having done themselves, and maybe, just maybe actually improved their home and it’s value. The other people, well, not so much…….

What really disturbs me is that websites, home shows, home DIY stores and even the New York Times http://www.nytimes.com/2010/07/01/garden/01hometech.html are misleading the public into believing that a DIY security system is the equivalent of Professional Grade Equipment installed by a Licensed, Insured, Bonded and Educated Security Dealer! In the States of New Jersey, New York and all across the country, security dealers are HIGHLY regulated. Care to guess why? Because we are dealing with life safety issues! People regularly get robbed, burned and killed in their own homes. Just look at any news paper. To deceive the public into believing that a $60.00 system (NY Times) will give the same level of protection as a professionally install alarm system is a shame.

One of the benefits mentioned in the NY Times article is a lower monitoring costs for DIY systems. First of all, you really do get what you pay for. Facilities like Rapid Response Monitoring are proud to have customers tour their facility. Because they know you will leave understanding that they have done things correctly. Ask the cut rate monitoring station for a tour. Some cut rate monitoring stations are nothing more than an automated system (a server sitting in a server farm somewhere in the Meadow Lands of NJ) with minimal human interaction. How can you even be sure that the connection to the central station is done correctly? Believe it or not, this is one of the trickiest parts of system installation.

When installing DIY security, particularly when adding smoke detectors, you may unknowingly be modifying the home in a way that violates the International Building Code and thus voiding your homes Certificate of Occupancy.

DIY security fine fine for some situations, but keep your expectations realistic and know when to call in a professional. Like me. 201-447-9696

Grow Some Code of Your Own!

May 22nd, 2010

A common question potential customers ask me is “How much does your security system cost?”. This is sometimes our initial conversation over the telephone before I know anything about the property. Now, I understand that there are some companies that will quote you a price for a system for your property, sight unseen. We don’t work that way. All of our systems are custom designed for the individual customer, property and situation. Some customers are insistent that I give them a price, so I tell them the truth, that the cost of the system is limited only by your imagination, my paranoia and your budget. Our systems range from $0.00 to 6 figures. Would you like me to come out to your facility and give you a realistic proposal? No? them let me recommend a national company or two.

Okay, I’m getting away from the point of this post, which is that the system itself (forget the cost) is limited only by your imagination. Humans have an inate hardwired propensity toward stretching the limits of every imaginable thing within our realm. Curiosity did not really kill the cat, it made him/her an explorer, a tinkerer, a hacker, an inventor. Not all these forays were ethical, legal, practical, painless or beneficial to mankind in any meaningful way, but some were, and almost all left us with lessons learned (i.e.: the stove is hot it will burn you).

I am a firm believer that if a human can imagine an idea (no matter how out landish), that at some point technology will evolve to a point where someone will feel it worthwhile to stretch things to the point where that idea could become reality. That person will then endeavour tirelessly to make it so, for better or worse (ie:, cloning humans- good or bad?).

I’m not the only person thinking this. A great book called “Physics Of The Impossible” by Michio Kaku is a case in point. The book takes many ideas that are science fiction today and actually gives a theoretical time line on each idea covered. Of course, some some time lines, such as traveling at high fractional speed of light span centuries. But the fact is well known physicists believe that almost everything will become possible at some time in the future (sorry, flying cars are just too damn dangerous with you behind the wheel!).

Another person who believes in streching things just recently made the news again, Dr. J. Craig Venter. Most people might remember him for developing the “Shot Gun” method of genome coding, as he competed with the public genome project some years ago. It seems Dr. Venter has been genome hacking along quietly all these years. It also seems that his endeavours have bourne some fruit.

According to news sources including the New York Times  Dr. Venter has managed to actually create a new life form. Here is a edited excerpt from a New York Times acticle from 05-20-10:

“Dr. Venter took a first step toward this goal three years ago, showing that the natural DNA from one bacterium could be inserted into another and that it would take over the host cell’s operation. Last year, his team synthesized a piece of DNA with 1,080,000 bases, the chemical units of which DNA is composed.

In a final step, a team led by Daniel G. Gibson, Hamilton O. Smith and Dr. Venter report in Thursday’s issue of the journal Science that the synthetic DNA takes over a bacterial cell just as the natural DNA did, making the cell generate the proteins specified by the new DNA’s genetic information in preference to those of its own genome.

The team ordered pieces of DNA 1,000 units in length from Blue Heron, a company that specializes in synthesizing DNA, and developed a technique for assembling the shorter lengths into a complete genome. The cost of the project was $40 million, most of it paid for by Synthetic Genomics, a company Dr. Venter founded.”

If this is not serious hacking, then I am really not sure how anyone can define a hacker (contrary to popular belief, hacking does not solely pertain to breaking into computer systems and stealing credit card numbers). The Doctor created a complete DNA sequence. This guy should get a noble prize.

I am a firm believer in stem cell research. Dr. Venter is a hero of The Bold New World.

As The Going Gets Tough, The FCC Gets Going

May 7th, 2010

Two posts ago, I was speaking about the FCC’s plan to do away with all analog communication networks (nationally) within this decade.

What I did not discuss or fully comprehend at the time of my post was the broadband carriers universal dislike (stronger words like “hate”, and less polite words could be inserted here) of the details of the plan and the effect it would have on thier ability to control the market and charge rates with no regulatory oversight.

Some history: For the sake of my carpal syndrome, I have paraphrased some of the following 5 paragraphs from wikipedia.

The original Communications Act of 1934 was the statutory framework for U.S. communications policy, covering telecommunications and broadcasting. That act created the Federal Communications Commission, which was to implement and administer the economic regulation of the interstate activities of the telephone monopolies and the licensing of spectrum used for broadcast and other purposes.

In the 1970s and 1980s, a combination of technological change, court decisions, and changes in U.S. policy permitted competitive entry into some telecommunications and broadcast markets. In this context, the Telecommunications Actwas designed to further open up markets to competition by removing unnecessary regulatory barriers to entry. Its stated objective was to open up markets to competition by removing regulatory barriers to entry: The conference report refers to the bill “to provide for a pro-competitive, de-regulatory national policy framework designed to accelerate rapidly private sector deployment of advanced services and information technologies and services to all Americans by opening all telecommunications markets to competition. Congress was attempting to create a regulatory framework for the transition from primarily monopoly provision to competitive provision of telecommunications services”.

However, in retrospect, the de-regulations led to a concentration of media ownership with fewer broadcasters competing in regional markets and the elimination of many local, independent and alternative media outlets.

The Act was approved by the 104th Congress on January 3, 1996 and signed into law on February 8, 1996 by President Bill Clinton.

The Act makes a significant distinction between providers of telecommunications services (colloquially referred to as “Common Carriers”) and information services.  For example, a carrier is not a ‘telecommunications carrier’ when it is selling broadband Internet access. This distinction becomes particularly important because the act enforces specific regulations against ‘telecommunications carriers’ but not against carriers providing information services. With the convergence of telephone, cable, and Internet providers, this distinction has created much controversy.

The FCC has sought to undo some of the provisions of the telecommunications act of 1996. It wants to regulate (or more precisely “de-de-regulate”) the “Providers of Information Services”. Predictably, the FCC was sued by ComCast (the nations largest provider by far) and on April 6, 2010 won a ruling against the FCC in the Supreme Court:  http://pacer.cadc.uscourts.gov/common/opinions/201004/08-1291-1238302.pdf

One possible recourse for the FCC is to reclassify all broadband providers as “Common Carriers” just like regular telephone companies, which they can and do regulate. It would take an act of congress, and Republicans strongly oppose this idea.

This apparently is the path that the FCC has decided to walk. For a more in depth analysis on what this means, please see the well written article by Edward Wyatt in the NY Times: http://www.nytimes.com/2010/05/07/technology/07broadband.html?ref=technology

The ability of the FCC to regulate the information carriers is essential to bring competition back into the market, where presently mergers and consolidation has left us a choice of just a few monolithic providers. In some geographical areas there is no choice at all.

Competition in the market place brings innovation and nimble, lean companies to the fore. This can easily be seen by looking at the market conditions in countries that are rated well above the US for Internet speed, pricing, availability and content.

Lets hope the FCC can get the job done without burying us under a ton of non-essential regulation. Let’s keep it lean people!

Report From The ISC West Security Conference

April 4th, 2010

Well, I’m safely back from Las Vegas and the ISC West Show. Unlike the commercials, it doesn’t stay in Vegas, I’m gonna spill the beans!

Disclosure: It may bore you.

My life, being dedicated to family and electronic security; traveling alone to Las Vegas has left me with stories of meetings, product roll outs and a few pleasant surprises in the area of new technology. I played roulette and lost. I played Black Jack and won for once.

Before I left home for the annual Honeywell CSS Symposium and ISC West Show, I may have complained in several forums available to me that I had better see some NEW STUFF. Well I guess I really didn’t need to complain, for low and behold, I did in fact see some new stuff! Sure, there where lots of improved this and that, and even some things that haven’t seemed to have improved at all. Here’s a short run down:

First of all, like the ISC East show in NYC, the Chinese and Korean Governments both had sponsored large areas of floor space for their country men to show their wares. Nothing really innovated there, most vendor’s were looking for US distribution channels, offering off-shore manufacturing or showing existing but cheaper technology. I spent about 30 minutes in each area looking and speaking to a few vendor’s to ensure that I was seeing things correctly.

One problem with a trade show of this size is that it is easy to get side tracked by the dozens of small vendors who are offering neat new stuff. I tried to stay centered on the new products that Honeywell rolled out, as promised. After all, with technology moving so quickly, you need to focus only one product line, and in my opinion, Honeywell’s is the strongest and deepest.

I saw technologies that ranged from miniature CCTV cameras and DVRs (fits in your pocket, I bought some, look out) to rising gate barriers designed to stop 80,000 lbs trucks cold in their tracks. I also saw two different types of total body scanners that could see internal organs without the use of x-rays (can that really be good for you?).

My overall impression: Everything WAS smaller, everything DID have an Ethernet port, and MOST items seemed somewhat improved. It was good to see what the smaller companies (some just inventors with a great idea) were touting, as these are the products (the realistic ones at least) that the larger companies will be rolling into their product lines, complete with warranties and support that the smaller companies cannot provide.

My lasting impression: Blows away the ISC East show in NYC by far.

The FCC’s Plan To Broaden Our Backbone

March 13th, 2010

An article or two ago, I wrote that regular telephone lines were going away soon, and that the FCC was already seeking public and industry comments on the subject. The FCC’s National Broad Band Plan is was to be delivered to Congress on February 17. 2010.

Well folks, what a delivery it has been. In my opinion, not only is it a healthy 8 pound baby boy, it’s the equivalent of a fully grown working adult. The FCC has delivered a sweeping plan that will pull the nation’s communications (kicking and screaming) firmly into the 21st Century.

I can’t lie, I like what I am reading so far.

This morning, NYtimes.com published an article on the FCC’s delivered plan that should be read by anyone who plans on using a telephone or computer in the next 10 years.

The FCC’s plan is extremely ambitious. They are proposing nothing less than changing our entire communication infrastructure to broadband high speed Internet based communications in less than a decade. The plan also addresses getting broadband to rural areas, schools and other public institutions. The FCC is also recommending that all military communication infrastructure be upgraded to ULTRA high speed broadband service. Read the NYtimes.com article on Cisco’s new high CRS-3 router for an idea of whats in store in the nearer future.

The get the ball rolling, The FCC has begun studies on where broadband is currently available, how fast it is, and how much it cost consumers. The FCC has even begun providing consumer usable test tools online at their new broadband web site http://www.broadband.gov/ Please visit this site. The master plan as it stands today is there along with consumer Internet speed test tools. It’s a very eye opening website if you are able to read between the lines and see the FCC’s intentions about the future of our nations communications.

I have seen this change coming, and I would like all of our customers to be aware that this new national policy will affect all Americans, in all areas of communications, including alarm signal transmission. Some of our customers have already met the future with alarm controllers that use IP based communications. The rest of our customers need to make plans. Do not wait until some dead line nears, there will be a rush to change everything over to the new way, and according to the laws of supply and demand, it will be expensive. Save money and do it now.

One big reason that this ambitious plan will work is that the need for the change is being driven by consumers and businesses, a classic example of market driven dynamics. This does not mean a smooth road ahead. I think we should be prepared to see epic battles between the FCC and all parties involved; setting standards and policies will always be more beneficial to one party than another (always a winner and a loser). I see an approaching period of mergers, cooperation and contention between communication companies, large and small. This is also a great time for entrepreneurs and small companies with good ideas to move into the shoes vacated by companies that cannot or will not adapt to a new landscape of IP based national and global communications.

Evolve or die. It is the law.

Poking Holes In the Wall (Your Firewall)

March 8th, 2010

Over the past 2 years I’ve seen a great change in customer’s attitudes toward network security. One of my biggest worries (right behind physical and electronic security) is computer and network security. Network security in both commercial environments and residential settings.

Our commercial customers (who have always had the right idea, if not the time and budget) lately have been paying more attention to hard to get to things like patching every server and updating security software. Upper management has seen cyber espionage on the increase and do not want to called ‘Victims’ (this usually leads to firings, heads rolling etc..) and so have mandated more attention be paid to all things related to security, computers and networks.

Our residential customers, while not too tech savvy a few years back, i applaud loudly! It seemed that residential customers as a whole were very fast to embrace the wireless home network idea, but did not understand the ramifications of a unsecured wireless network. I used to pass my idle time by sniffing wireless networks where ever I happened to be. Two years ago more than 50% were unsecured and open to possible mayhem. These days, when engaging in the same sort of time killing, I can happily say that it is rare to find an unsecured network! I think that computer and router manufacturers have made security setup simpler (and turned ON by default in many cases).

People like me are always bringing  up computer and network security. It’s almost uncanny, I can bring up this subject in almost any conversation in almost any context. Maybe security is better these days  just because customers are tired of hearing me complain that the network is not properly secured, and would you like me to secure it for you? Maybe securing a network has become akin a knowing how to operate a TiVo, it’s just something you learn to do as a normal part of life (the jury is still out on this idea).

All that is fine, but I’d like to talk about something that (for the most part) residential customers have not caught onto, the danger of opening, forwarding and triggering ports in their firewalls. In most commercial settings, the IT department would frown upon you if you asked them to open a port to connect something like a DVR for remote viewing, where as residential customers have no qualms about opening as many ports as needed to add convenience for things like remotely programming your cable TV DVR, looking into a CCTV DVR, remotely controlling stuff like an alarm system (PLEASE NOTE, THIS DOES NOT APPLY TO HONEYWEL TOTAL CONNECT PRODUCTS). Most companies with an IT department have a VPN in place that allows their Road Warriors to securely connect to the home base network and all the good stuff on it, i.e. DVR’s.

There are 65,536 ports available for network communications (ports 0 -65,535, port number 0 is never used, but it could be). Ports come in two flavors, TCP and UDP. Ports are like doorways that programs and services can use to enter and leave a computer (I mean communicate with other computers over a network). Some programs use specific ports, and some can be assigned arbitrary ports. Here in lies the danger, because some ports are more secure than others. For instance, port 443 is used for HTTPS:// secure Internet communications and is handled by the host computer as such.

Why so many ports? I don’t know, but 65,536 is a number any computer enthusiast would recognize. Actually, ports have a 16 bit value, meaning that there are 65,536 possible combinations (remember hexadecimals? 1234567890ABCDEF). Ports 0 through 1023 are called ‘Well Known’, as many of them have official uses (like port 443) and others in this range have, over the years, by default become the ports used for many applications. Check out this handy chart at Wikipedia http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Ports 1024 through 49,151 have been registered, or claimed by various hardware and software vendors. Ports 49,152 – 65,535 are known as dynamic ports and can be freely used. These are the ports that are typically opened, forwarded and triggered to make our lives more convenient and less secure (it can be done securely if you know what you are doing).

Please consider this fact of life, every time you open a port, your are opening a hole in your networks defenses. There are hackers running programs called scanners, running 24 X 7 “pinging” the Internet across various ranges of IP addresses looking for computers with open ports. Once they see an open port, they ‘probe’ the port to see what device or service is there. If you have connected something that uses a password, and that password strength is weak, the hacker will try to use this weakness as a vector to gain deeper network access, trying to get ‘root’ privileges. At this point the hacker owns you. This is one of many possible security snafu’s that can happen when ports are opened.

How secure is your computer? There is a well known and trusted automatic port scanner located at www.grc.comClick on ‘Shields Up’ and follow the directions. I use this service all the time. It will tell you what is open and how to secure open ports and if your computer is responding to “pings”. There is also tons of information concerning various ports and their vulnerabilities and possible solutions to closing them. Ideally, your computer should be invisible to hackers pinging your network.

Of course, life without open ports would be tough, you could not run programs or communicate with and through other networks to other machines. The right course of action is to understand what the contractor means when he/she says ‘Ill open a port on your router and forward it to the DVR IP address (or whatever device)”. It can be difficult to understand all of the implications of opening that port and how to protect it. The chances are good that the technician doing the work does not truly understand it either.

When using Honeywell IP products, like Total Connect remote services, there is no need to open ANY additional ports in your firewall. Why? Because the Honeywell equipment polls (or checks into) the Honeywell AlarmNet Center every 20 seconds. When you want to connect to your equipment, you actually are connecting to a secure server at AlarmNet. When AlarmNet gets your request to connect to your equipment, it waits for your equipment to check in, and connects the two of your through a secure server located and maintained at alarmNet. DoD, DoE and the military like this idea and use AlarmNet by Honeywell it because it is secure.

There is a small monthly fee to use the AlarmNet service. Why? Because they hire people who know what real network security is to run the place. You get what you pay for. Pay nothing, and you could get about that much security.

Whats the sense of installing a DVR and cameras for security if you need to compromise the firewall to use it? There is a better way, email me and I’ll tell you all about it. mlomega@safe-t-tech.com

Cyber Warfare In the “Clouds”

February 8th, 2010

When used by home/ small business consumers, what do ‘Cloud Computing’ and ‘NetBooks’ have in common? They are both an effort by data/ computer companies to get you to pay for access to your own data!

OK, that was pretty negative, to be fair, both fill an important need. One is to get you to put your data on some one Else’s server (in the ‘cloud” ) and the other is to help you access that data.

Of Course your ‘cloud computing” site subscription fees are all paid up, your Internet service provider fees are all paid up.

And of course your have a strong Internet signal that is letting you create a safe, encrypted session with the cloud.

If any one of these elements is missing, you might be cut off from your data! Like a subscription music service, one day you have access to millions of songs available, but miss a payment, and everything goes away. Of course with the music subscription service, you know that you never really owned the music, you were just renting it. You might feel differently about your own data files which can be considered your own  intellectual property.

Enterprise business users may use ‘application as a service” cloud computing, this is an entirely different thing from what is being offered to consumers. Enterprise users usually take security very seriously and have teams dedicated to ensuring that things stay secure. Very often, the cloud computing environment may be hosted by the business itself, and have strong protocols in place for using the cloud. Most consumers are not very tech savvy, particularly when it comes to network/Internet security issues and have to secure themselves. Even the business users get successfully hacked, it’s called corporate espionage.

Google (strictly as a well known example), is a company that I admire for their sheer audacity (in most cases) in it’s willingness to try new technology models. It is a very popular cloud computing hosting company, Google docs, Google calendar, etc…

Google and several other companies that host other peoples personal data were recently hacked. Google is standing firm on it’s allegation that the attacks originated in China and were of a type that could only be carried out with the resources and permission of a government behind it, i.e. China.

Cyber activity of this type is beyond what we commonly think of as hacking, this is actually cyber warfare. Google has asked for help as reported by CNN online February4, 2010:  “Google has turned to the National Security Agencyfor technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year”.

I believe that Google has done the right thing in this case, it was attacked by a government, so it has turned to someone with the resources to help them figure it out, another government, our own.

Do you want your data on the front lines? I feel that the above statement is true, but like any real war, when a conflict is in progress, it safer to keep the troops, I mean your data, at home!

Telephone Lines (the real kind) will be going away

February 4th, 2010

I think that my rant on cloud computing (please see mention in my last entry) will have to wait awhile, because some real news that will impact the security industry has recently come to light. Please be patient, I’ve been told that strong personal opinions should be balanced with actual facts. So…..

An article in Security Systems News (Volume 13, number 2) by Daniel Gelinas reports that the FCC has issued a public notice seeking comment on a National Broadband Plan that could include the mandatory phasing out of analog telephone networks. In layman’s terms this means that something old is going to go.These types of public comment notices went out before analog cell phones were phased out and before analog TV transmissions were phased out. In this particular case, we are talking about the analog, public switched telephone network, commonly called POTS lines (Plain Old Telephone Service) in the communications industry.

When the analog cell phone system was retired, security dealers had to go out to all of the customers that had a cellullar type back up transmitter (they were ALL analog back then) and replace them with digital transmitters. We are talking about hundreds of thousands of radio units (there were close to 1 million analog radio units installed up to 2008) being replaced.

Many people who have telephone service cannot tell the difference between POTS lines and telephone service provided by an Internet provider, like Vonage, Comcast, FIOS, CableVision etc… But the alarm panel installed at the premise knows the difference. And the difference is large. Only 20% of Americans relay solely on POTS lines for telephone service (AT&T).

So, are POTS lines going away soon? In December 2009, AT&T reported to the FCC that (amongst other things, it is seeking out ways of phasing out ‘Relics Of A By-Gone Era’) 700,000 POTS lines are being cut each month. Lance Dean of NY based 2GIG Technologies made a good point; it’s not a matter of if but of when. “There’s 700,000 lines going down a month. If you do the math, that’s 8 million a year. In a few more years there won’t be any more land lines” (POTS).

AT&T has suggested that it would like to see the POTS system retired by 2014. The FCC’s National Broad Band Plan is due to be delivered to Congress on February 17. 2010.

So what will all of the security dealers who relay so heavily on POTS line for Central Station communications do? Well, fortunately, most manufacturers and savvy security dealers have seen this coming from a mile away. Honeywell for one has an alarm control (VISTA 21ip)  that is designed from the ground up to use the TCP/IP and GSM environment. Honeywell is leading this field of IP based communicators.

My bet is that POTS lines will be going away sooner than later, because most customers are willing to give up the POTS line and use IP to get all of the great service that become possible with IP communications.

Now you know why I always say “Ask me about Total Connect by Honey”. It’s the way of the future, and it’s not delivered by POTS lines!