Warning: array_merge() [function.array-merge]: Argument #1 is not an array in /home/chrisdodds/focusfire.net/ovid/wp-content/themes/ovid/lib/custom.lib.php on line 712
It’s that time of year again; storms are rolling through the plains, temperatures are rising, and security vendors & the tech media are spreading unsubstantiated FUD about a new “mega-virus”.
This time around, the fear-mongering vendor is Kaspersky Labs and the security threat is the Flame malware. Kaspersky, whose CTO recently made news for stretching the truth about the firm’s relationship with Apple, doesn’t have the best track record of providing even-handed information to consumers and the tech industry.
On May 28th, one of Kaspersky’s employees put up an analysis of a recently discovered malware dubbed “Flame”. Within two paragraphs of the Kaspersky post, the author has described it as a “super weapon” and something that “redefines the notion of cyberwar and cyberespionage”.
Statements like those should be red flags. One of the hallmarks of good research is conservative language, and Kaspersky has provided little of that in regards to Flame. Compare Kaspersky’s post with Symantec’s. Symantec’s reads like research analysis. Kaspersky’s reads like a sales pitch for Life Alert.
The Flame malware has been associated with the Stuxnet worm, due primarily to their shared use of commercial application-style code and a similar target area (Middle Eastern governments) – although there are a few other similarities emerging as research continues. Kaspersky and others are amping up the discovery of Flame as being on par with that of Stuxnet worm (if not more worrisome). Reading through the publicly available information, I do not believe this is the case.
Stuxnet was troubling because it was a purpose-built trojan with a very specific goal (sabotaging Iran’s uranium enrichment centrifuges) and presented us with a real world example of an attack on a country’s infrastructure. It included multiple zero-day exploits, stolen SSL certificates, and other characteristics that signaled it was the creation of a highly-organized, well-funded group of programmers.
Flame is complex and seems to have been built by a similar group, but is nowhere near as ground breaking. It is more of a Swiss army knife of electronic surveillance and reconnaissance tools. The tasks it performs (recording audio & video, grabbing screenshots, etc.) are all possible via widely available and somewhat old methods. The novelty of Flame is primarily found in its assembly. It’s much larger than most malware (20MB vs. Stuxnet’s 0.5MB) and is modular, with numerous independent components. That being said, it seems more like the natural evolution of existing threats rather than something entirely new and fear-inspiring.
Flame is real. It serves as an example of the evolution of malware, but shouldn’t be labeled as an imminent or extraordinary threat. I tend to side with Webroot’s Joe Jaroch, who told PCWorld:
“This was definitely not developed by a single person,” said Jaroch, “but assuming it is a nation behind the code would probably be underestimating the abilities of private malware authors. Threats like TDL4 provide a much stronger set of functionality and obfuscation.”
Flamer’s complexity, notes Jaroch, “doesn’t equate to the conventional term of complexity with regard to threats. Server-side polymorphic malware which layers together multiple components dynamically protected by rootkits have been around for several years and are orders of magnitude more complicated,” said Jaroch. He added, “Using 20 times more code than Stuxnet doesn’t necessarily mean that it is 20 times stronger.”
Bombastic announcements and dramatic language damage the trust between the security industry and end users. Kaspersky’s treatment of Flame toolkit is, in my mind, irresponsible and further tarnishes their reputation. It sounds like they are crying wolf and as people stop listening to future warnings we’ll all be less secure.
HP announced today that they will be cutting around 27,000 jobs over the next two years. This seems to be another sign of big tech companies struggling to adapt to the changes rippling through the tech industry.
From Computer World:
In a statement, HP said it expects the restructuring program will save $3 billion to $3.5 billion through fiscal year 2014. A majority of those savings will be reinvested in the company, HP said.
The job cuts are “difficult” but they also are “necessary to improve execution and to fund long-term health” of HP, CEO Meg Whitman said in a statement.
As the PC market transitions to mobile devices and services move to the cloud, companies like HP and Dell (see recent Dell earnings) haven’t shifted focus quickly enough and have introduced few enticing new products.
Maybe HP’s changes will help the company. I hope for their employees’ sake it does. As much as HP might need to be leaner, it will be interesting to see if the company culture changes and they begin innovating again. After watching them kill off Voodoo PC and bungle their tablet effort (both of which had huge potential), I’m not holding my breath.
This is probably a bit late in coming as there have already been two issues released, but this is the official announcement for the Focusfire Newsletter.
Each month a new issue covering a single IT topic will be delivered directly to your inbox. It’s not spammy. It’s not salesy. It’s just good info. The newsletter is also a great place to learn about upcoming Focusfire training events, most of which are free.
Here’s the best part – If you sign-up and don’t like it, there’s a fancy unsubscribe button that makes it really easy to get off the mailing list.
So you should sign-up. You’ll be a better person, your lawn will be greener, and your kids will be better behaved. OK, maybe not. But I can promise that your inbox and your time will be respected and that I’ll do my best to provide you with interesting and useful information.
Last month I posted a link to a discussion on “Build vs. Buy“. The gist of the post was that it only makes sense to build applications and systems internally when the end product will be something that differentiates the business or is a part of the service or products the company provides.
Today, there’s a case study on this exact topic posted on Ars Technica. From the article:
What’s interesting is that, while deviantART muro wasn’t directly acquired, some of the primary talent behind the project was. In 2005, deviantART acquired a website called DrawHere.com, which Sotira describes as “graffiti for the web.” Users could essentially draw over other websites and share the resulting digital graffiti with friends. Sasha Lerner, now VP of engineering, and Michael Dewey, now deviantART muro’s lead developer, were both brought on-board in the deal, but worked on other deviantART projects and tasks before the idea of a drawing app was even tabled. However, having that past experience already present within the company—not to mention the rest of deviantART’s vast engineering team—meant that Sotira wasn’t forced to hire additional staff to make deviantART muro a reality. They already had the skills within.
Given deviantART’s particular situation, this seems to be a rare case of building making sense.
VMWare is testing a promising-looking product for businesses who want to offer corporate users cloud storage. If they can match the ease of use of Dropbox or Box.net, this could be an attractive option for businesses who are needing more control of cloud storage than the more consumer-oriented products offer.
Subscribe to the newsletter to keep up to date with Focusfire & technology news. Click here for past issues.