Airplay May 2012

Airplay April 2012

Airplay March 2012

Airplay Feb 2012

Airplay Jan 2012

Cloud Computing – Common Sense or Common Concern

If you are a lone wildebeest migrating across the Serengeti your best course of action will be to wait for a massive herd of other wildebeests and join them. There is safety in numbers and while your herd will be attacked, you stand a good statistical chance of arriving at your new grazing grounds safe and well.

We learn at an early age that there is safety in numbers and we see examples regularly from animals to people protesting about their governments to sports supporters. So if you are looking to store your valuable corporate and customer data and keep it safe from criminals it makes sense to look at a Cloud solution so that you are in with hundreds or thousands of other companies. And there are a number of benefits that this scale of operation will bring. The Cloud supplier will have a well protected data-centre that will be harder to infiltrate than a military installation. They will vet their staff and ensure that they have up to date contingency arrangements.

The network will be under constant attack, as will the networks of many large companies but the Cloud supplier can afford to buy the very best perimeter monitoring and defence equipment and also pay for highly trained staff to watch and respond to any threat. There are Cloud suppliers who have a security budget that exceeds the turnover of many companies. If you choose a good Cloud supplier you will avoid upgrade and support costs because it is in their interest to maintain an up to date installation.

But there is a down-side that you need to be aware of. I have read many cases of companies, organisations and even governments having their security breached and in all the reports I have read I have not seen a single example of a criminal taking a proportion of the data. Whenever a network defence is breached, the criminals copy all of the data they can find.

With so many companies moving data into the Cloud, we are seeing the larger suppliers constructing networks of Biblical proportions. The focus of hundreds of criminal gangs is moving away from the smaller company to the larger Cloud supplier. The growth of the Advanced Persistent Threat whereby a group of criminals will spend months or even years probing a network, mapping the equipment, operating systems and software that are used and then waiting for a new vulnerability to emerge so they can pounce on the data within is a very real and growing threat.

Many of the advantages of being in with a very large Cloud supplier still apply but your security is a growing issue. If you are a small to medium company with a modest profile in the market, you may find that a reasonable security budget may protect your data just as well or even better than joining a large number of other organisations and guaranteeing that the criminals will be attacking your supplier.

In other words, from an IT risk perspective, if you are a lone wildebeest crossing the Serengeti, you may be safer to stay away from the mega-herd and cross alone while the predators eat the large herd.

Cyber Security – The killer Virus

In 2004 this article was first published, it seems it is time to re-publish it.

INTRODUCTION

Much has been written about virus threats and the new “blended” viruses. One thing is for sure – so far we have got off lightly. If there ever is a deliberate and concentrated attack by computer virus it will turn out to be a Killer!

THE KILLER VIRUS?

For a start it will not necessarily be a virus. The attack will come in the form of a blended attack; this is where a combination of malicious software and standard operating system facilities is used. It will probably start life as a worm, since it will almost certainly be spread directly from computer to computer but will then install itself a root-kit so it will be hard to identify and remove. It will have stealth capabilities and this often means that the virus will be accompanied by a second program that monitors the system for a virus scan starting. When this happens the program will halt the virus from running and present the virus scanner with a clean bill of health so the system thinks there is no infection.

Why killer? The simple answer is that any virus that knocks out a large proportion of computers in a country as dependant in IT as the UK is, will almost certainly kill people. Hospital systems, emergency services, offices, factories, traffic systems and airports may all be affected. The cost in economic terms will be enormous, but the cost in human terms is hard to estimate. If the support systems of a hospital were taken out of action, the impact could be disastrous. If emergency vehicles couldn’t be deployed, then there could be loss of life.

By the nature of malware, this paper has to be speculative but it is based on a study of a large number of malware attacks and also looks at the mentality of the current breed of terrorist. I am therefore confident in the general description of the way that the attack will take shape and how it will be started. What I can’t know is the full impact of the attack, since this will depend on the security of the computers of the country. However, if past attacks are anything to go by, it will have a major impact across all computing departments, both public and private sector.

The precise form that the attacking program will take will vary but it will almost certainly use a newly discovered vulnerability in the Windows operating system. Then it will use a combination of valid features and stealth technology to hide itself and to operate. It could be that the terrorists will design and test their code and then wait for a new vulnerability to be announced in the hacker news-groups and strike before many of the country’s computers are protected.

It will make full use of standard facilities found in the most popular operating systems (Microsoft Windows). In particular, it will be using valid operating system facilities and program code in combination so that it will be hard to detect. If there is specifically written program code involved in the attack, it will be designed so that it mimics non-malicious activity as far as possible and is therefore hard to detect. The code is also likely to be a combination of malware types such as virus and worm. These “blended” attacks are becoming increasingly common because they rapidly increase the rate of spread of the malware.

A point to remember here is that up till now many viruses have been badly written and “buggy” so have often failed to perform as expected. How do you test a virus in the wild? If you plan the attack carefully and have unlimited funds to test the infection rate and capability then a fully “quality assured” virus could be devastating.

Even if the infection were suspected it would be extremely hard to detect since the main part of the attacking code could be “valid”. While it is simple to dismiss the “valid” code idea as impractical, remember that a large proportion of the viruses released will use standard facilities in Microsoft Outlook or Outlook Express to propagate. Because the method of propagation is “valid” it is not easy to prevent the code from propagating without also removing standard facilities in these e-mail systems.

It is arguable that many virus writers will not release potentially devastating code into the wild because of the damage that would be done. Perhaps the risk of getting caught means that the “payload” is relatively benign. However, a terrorist group, particularly if they were associated with Al-Qaida, would not consider the outcome to be any reason for not releasing such code.

Another consideration is the use of code that “evolves” or “morphs” so that there is not a single virus to detect. Evolving code has been used in a small way with some of the existing malware but the Killer Virus will make much more use of constantly changing code so that any examples of the code that were found would only represent a small proportion of the infected computers in the world. Because the code changed, it would take much longer to remove than if there were a single form of the program.

The main problem with evolving code is that some forms will have a different code footprint or maybe behaviour pattern and therefore be detected at different times and in different ways. What this means is that there will be a number of false hopes as the anti-virus writers begin to make headway and announce that they have an anti-dote, only to find the attack come back with renewed strength.

There is one final point to bear in mind. Some virus writers design their code so that they “own” it and can control it. The main objective being to gain notoriety as the author within their own circle. If, for some reason, they need to end an attack, they can always release information to help kill off the attack. The killer virus would not be designed to be detected and give fame satisfaction to the author, therefore it will not be given any limits. It will not be designed to last for a given amount of time, or to be limited in the type of computers that it attacks.

While conventional virus writers may well include tests so that they do not take out a medical system or an air-traffic control computer, the terrorists will do no such thing. They will try to bring “The West” to its knees and, at least in theory, it is easier than you may well believe to do this.

If we were to go back 30 years and remove the computers from Society, there would be little impact outside of the major multi-national companies and large Government installations. Now we are in a position where virtually every company would stop working. The transport systems, food distribution, gas and electric supplies along with the supplying of garages would all fail. The water companies, the sewage works, hospitals, doctors, chemists, air-traffic systems and harbour control computers would all be in the frame. Even if all of the Government systems were designed to withstand such an attack (and I can’t imagine why they would), the country would virtually grind to a halt.

Am I painting a black picture? Well I hope so, since I am almost certainly understating the true scale of the problem. We no longer live in a society where the local farmer takes his or her produce to a market to be sold to the local shops. Almost everything we eat moves on a global scale. Without the IT Infrastructure, the entire food distribution process would fall apart.

There is no manual backup for these systems, they are far too complex, too far reaching and running with far too few staff to have a non-IT option. We are completely reliant on the computerised systems for our day to day lives. An individual company (water company, supermarket, fuel distribution plant etc.) will have fail-safe systems that are designed to keep running in the event of an IT failure but these are not designed to run for any length of time, this is just a temporary mechanism to let the IT Team fix the problem. We are simply not equipped to cope without the IT systems for any length of time. And while it is true to say that we could learn to do so, we couldn’t learn to do it quickly enough to save society from near melt-down. We simply have to have a plan-B to deal with this potential problem.

We (as a nation) have spent billions of pounds preparing for and countering a nuclear threat. We now need to spend a small amount of money to ensure that this most devastating of weapons can’t be developed, since we will have the technology ready to defeat it.

HOW WILL IT BE RELEASED?

It will initially be released into the Internet and given a few days or even a couple of weeks to propagate. The release phase of the virus is particularly dangerous for the attacker as it is vital from their point of view that they are not arrested. If they were traced back from the original infection, as often happens with an e-mail release, the code and all of the research that went with it, will be lost to the terrorists and available to the authorities.

This would mean that the anti-virus companies would be able to attack the killer virus based on it’s original design. Given the resources that they would be able to pump into such a counter-attack, the anti-virus companies would win. It is therefore vital from the terrorists point of view that they are able to infect the Internet with a virus that we can’t trace back to it’s source. Fortunately for the terrorists and unfortunately for us, they are able to do this with less effort than you may imagine.

It is most likely that the initial release of the code will take place in a large city, or several cities. What they are most likely to do is to search for wireless access points, such as those provided by some café’s, train stations, airports shopping centres. The terrorist will not even need to go into the building, so that they can avoid any CCTV systems that may be operating. By using a wireless enabled laptop, he will not need to log-on to a particular computer and will almost certainly be able to avoid any CCTV systems that may be operating in the building.

This means that he will be able to release the code, directly into a vulnerable computer and let that start the propagation. Having done that, he will move on to the next access point and infect that. Any computers that are protected will simply repel the code, and the attacker will again, move on to the next. It is reasonable to expect that in the course of a day, one terrorist will be able to infect upwards of 70 computers. Given that the attack will not be obvious at this stage, he could easily move from city to city spreading the code.

During this phase of the attack, the virus will probably not attack using all the power of the computer. If it were to do this, someone will notice the virus and report it to one of the anti-virus vendors. If this were to happen, the code may well be destroyed before it can do serious damage.

Assuming that it can remain hidden during the propagation phase there are a number of options open to the programmer. He may choose to split the attack into groups of IP addresses, so that he gets the maximum propagation of the virus. Remember that any computer that is connected to the Internet is addressable by any other computer. The nature of the Internet means that you can either talk to the whole world OR you can choose to talk to a part of it.

The Internet Protocol (IP) addresses show the country that the computer is connected to. By splitting the attack into countries, the attacker will know the time-zone of the victim machines. This means that the terrorists can choose to attack a single country, or group of countries. Now, the IP addresses are not completely fool-proof but they are about 99.5%. What this means is that the terrorist can divide the attacks into countries, so that any attack that is aimed at infecting a range of IP addresses can either use the location of the IP address to attack or omit a country.

While there are very few “friendly” countries as far as Al-Qaida is concerned, there may be other reasons to split the attack. A terrorist may wish to “try” a new virus without giving away the secret of a new exploit. If this were the case, the terrorists would probably want to limit the range of the attack. They may even remove the virus after a while, or give it a life of just a day or two so that when the test had been completed, the virus will simply disappear.

If such a “trial run” were to be launched, the anti-virus companies, the IT Security companies and the Governments of the world will have to be extremely vigilant if they are to be aware of the warning. They will then have anything from a few days to a few weeks (if they are lucky) to counter the coming attack.

WHAT FORM WILL THE ATTACK TAKE?

Given that the terrorists will be aiming for maximum impact, it is reasonable to assume that they will arrange for the attack to start at the same time. Not at the same “clock-time”, as this will stagger the attack, given the number of time-zones in the world. The terrorist will arrange for the attack to start at the same “staggered” time so that all of the major computer systems in the world will fail at the same time.

Of course, not all computer systems will fail, since no virus will affect all operating systems equally. The chances are that they will attack the Microsoft Windows operating systems and, in all probability, the Xp/Vista/7 range of operating systems.

With such a co-ordinated attack many companies will simply cease to function. Even if the affected companies have a mix of computer systems, it is most likely that their desk-top computers will be running the Microsoft.

Many companies will have a disaster recovery plan that involves either restoring or re-imaging PCs or maybe acquiring new machines to re-build. If the majority of your PCs are dead then you have nothing to re-image from. If everyone is in the same position then you have a very limited number of new machines in warehouses or shops to acquire.

HOW LONG WILL IT LAST?

The attack will last as long as the designer of the attack can arrange for it to last. Given that the virus will have had a number of days to spread and infect as many computers as possible before turning into the full-scale attack the whole purpose of the attack is to have the maximum impact for as long as possible.

We have to assume that if the virus is able to evolve, even if the main attack is defeated, the attack may well be able to resume. The impact on the business community will bear a heave price in the course of the attack. The other problem that we (as representatives of “The West”) face is that the attack will go far beyond business.

As stated earlier, medical systems will almost certainly be seriously impaired as will computers running traffic management systems. The impact on rush-hour traffic as well as emergency services attempting to do their duty.

While military systems should not be affected, any deployment of troops will be severely impacted if the roads are grid-locked. The same will be true of any companies that are unaffected by the virus. They will still have serious problems if their staff are unable to get into the office.

If you think about the number and range of activities that would be affected by such an attack, it is easy to understand that it will not be a simple or quick matter to remove such an infection. If the virus is a blend of attack types and is largely making use of standard facilities then it will have the potential to withstand a single removal attempt. It will have the ability to keep re-infecting systems long after the original code has been neutralised.

WHAT WILL THE IMPACT BE?

The impact on business will be devastating. Many companies use large mainframe computers to store their databases on but even if the main computer systems of the company are not affected, the chances are that the staff that use LAN based WinTel devices will not be able to connect to them.

Most companies run Microsoft Windows for their main customer-facing systems and if these are attacked, there will be few of the major companies that will be able to function. Bear-in mind that many companies will use Unix based servers for their Internet service, and these will almost certainly not be affected by such an attack but any systems that the employees use will almost certainly not be working.

Of course, we are looking at a worst-case scenario but given the nature of the enemy and the fact that the whole of Western society is their target, it is wise to assume that they will attack with as much impact as possible.

It is not an exaggeration to say that if Al-Qaida understood how devastating the attack on the World-Trade Centre was going to be, they would still have gone ahead with their murderous plans. It is therefore wise to assume that any cyber-based attack will have a massive and far-reaching impact. The only option is to have a fall-back position so that if this attack were to happen, we (society in general that is) will be in a position to defeat it.

CONCLUSION

There is one guiding principal in business and IT in particular. You don’t EVER have a single point of failure. You would never build an IT department to use a single massive computer, you would design your systems so that you use two smaller machines. You don’t have a single phone line, you have two.

Auditors, regulators, accountants, IT security departments and business continuity experts will scour companies looking for single points of failure and removing them. Yet almost every company in the world has a single point of failure in the operating system of its main office systems. Even the companies that use large servers and mainframes will still be using off the shelf Microsoft operating systems and office products to connect to the main computers.

Of course Microsoft products are popular for a reason, they are good but from a security and a business continuity perspective, this is a massive risk. If companies had a split operating system approach where they would use a mix of Microsoft and Linux (say), then the job of the malicious virus writer would be so much harder. A company could develop a far more resilient IT platform with little additional cost.

A Majestic red, an average Sancerre – August 2011

Not being one to venture too far, I get my wine from Marks and Spencer, Morrisons and The Vine King, all within five minutes walk of home. After discovering their superb wines, I started ordering over the Internet from Berry Brothers and Rudd. At a recent party I hosted, I decided to take a chance on Majestic Wine Warehouse, who I had previously avoided due to their original insistence of buying wine by the case, now reduced to six bottles. I used their free bucket and delivery service and bought some ice with the order – all very convenient. The pleasant surprise, however, was the quality of their “Sunshine Case”, a mixed white and red case, sold at £71.88 (£5.99 per bottle). In particular, “Domaine Tranquillité 2008 Bernard Magrez”  . The dark aroma promises smooth complexity and the taste delivers a powerful red with a hint of berry that you just cannot get enough of. Be careful though. Although it does not feel brutish, after two glasses I was a little unsteady on my feet. “Les Ruettes Sancerre 2009” from Marks and Spencer has a nose that hints both at the freshness of Sauvignon Blanc, as well as a surprising sourness. On tasting, the full citrus fruit flavour is unexpected and a bit disappointing for those, like me, who believe the pinnacle of Sauvignon Blanc production to be the fresh, tropical New Zealand style, embodied by Sacred Hill Marlborough Sauvignon Blanc. Let us hope the giver of this gift does not read this article!

Cheers!

George

Summer Adventures – September 2011

The Northern Hemisphere summer holidays are over and it is back to the daily grind. I holidayed in Central Europe this year and sampled Czech, Slovak and Montenegran wines. Back in the UK I was plied by a range of South African wine by friends from the old homeland. My recommendation is not to write off our Slavic cousins' wine making abilities without trying. Most of the reds I tasted were reasonably priced and very drinkable. Even a bottom of the range semi-sweet supermarket white from Slovakia was passable, although somehow I did not discover anything I loved on the white wine front in August. I will try harder this month to discover a white I can recommend beyond my favourites, from the cheap and cheerful Black Tower Rivaner, through any New Zealand Sauvignon Blanc to Berry Brothers and Rudd's "2010 Berrys' Chablis" and "2009 Berrys' Sancerre". I am sometimes quite critical of the South African reds, but I must say I really enjoyed the range I tasted, from Tesco's South Africa Western Cape Red Wine and their South African Cabernet Shiraz blend to top of the range Pinotages. However, my red recommendation of the month, one that I am going to order more of, is again from Berry Brothers and Rudd (www.bbr.com) – it is the (Spanish) Alicante "2009 Laderas de El Seque". It has a warm, comforting berry taste and will set you back £8.20 a bottle if you buy a case. Order online and delivery is free. If you are in the area, their small London Shop at 3 St James's Street, which opened in 1698 and still has many of the original features, is worth a visit.

Cheers!

KJAZZ Radio UK is proud to welcome to its family of talent Maurice Johnson. Milwaukee born guitar veteran, Maurice Johnson first gained notice in 1985 shortly after forming the Oklahoma City based, “After Five” band. Considered the young lions of jazz, “After Five” gained a great deal of popularity, sharing the stage with major acts including, George Benson, George Howard, Norman Brown, Nancy Wilson, Al Green, Alex Bungon, Stanley Turrentine, Little Melton, Mary Wright, Ronny Laws, Jennifer Holiday, Freddy Jackson, Larry Coryell, Barney Kessel and many others. In 1991 the group signed with New York label, Warlock Records and released the EXPRESSIONS CD. After a nearly ten-year stint, “After Five” would ultimately disband.

As the early 90′s unfolded, Maurice found himself at the helm of a unique industry as co-founder of D’Leco Acoustic Instruments with luthier / partner James W. Dale. The two built and marketed handcrafted archtop guitars. After a chance encounter with the daughter of legendary Jazz great, Charlie Christian they designed and licensed two exclusive lines of Charlie Christian guitar models to American manufacturer, Gibson Guitars and Samick Musical Instruments in Korea. Between 1996 and 2003 Maurice authored three nationally published music related books with Mel Bay Publishing, Mix Books and Artist Pro Press. Titles include, The New Working Musician’s One Year Organizer; Build and Manage Your Music Career and Gigorama. During this time he would develop the popular windows based, Gigorama software. Today, Maurice’s focus has turned back to his love of music with the recent release of his “Tonight” CD, and is currently producing under the artist-owned, Jazz Drops record label.

Find out more about Maurice Johnson

Find out more about Rocco & Rahj

Find out more about Bickley Rivera

 Find out more about Holle Thee Maxwell

Find out more about Aysha