Tag: Twitter

DDoS Attacks: What Happened And What We Should Do About It

The security community has been watching the DDoS threat grow to incredible levels. DDoS attacks are up 75% over last year. Over 30% of attacks reach sustained peaks of over 10 Gbps, an amount that will swamp most every business user. Some very large attacks have gone as high as 600 Gbps, a size that is overwhelming to the largest infrastructure providers.

On 21 October 2016 one of these very large attacks occurred against Internet infrastructure provider Dyn. This resulted in outages of many highly popular sites, disrupting access to Amazon, Twitter, Reddit, Airbnb, New York times, Spotfiy, Netflix and many others. Dyn provides many advanced services to these providers including managing their DNS. Since DNS is critical to how computers find other computers, traffic to these major sites was impacted because of the Dyn DDoS attack.

The probable attack vector was compromised IoT devices controlled by malicious code called "Mirai".  This software scans the Internet for devices that still use default passwords, and then uses common protocols like telnet to log into those devices. After doing that it is in control of the device. The code actually hardens the devices a little bit to prevent other attacks against it. From that point on the device can be used as a node in a DDoS attack.

What can be done to prevent this attack or mitigate the impact of similar attacks when they occur? We provide our thoughts here, segmented into recommendations for Home Users, Business Users and Local, State, Federal Governments.

What Business Users Should Do To Mitigate DDoS Threats

Businesses have long known of the threats of DDoS to their operation, and the security community has been watching this threat evolve to the point where we all need to take collective action to prevent attack.

  • Businesses of every size need to know what devices you have and what you have them for. This gets hard but must be done if you are to optimize your IT. If you don't understand what you have got you will never be able to keep systems patched and will have a hard time changing default passwords.
  • We are strong believers in using software defined perimeter approaches to understand who is who and what is what and only allowing authorized actions in your network.
  • Use a DNS firewall to reduce two major issues: 1) users visiting sites known to have malicious code that threatens your enterprise and 2) malicious code inside your enterprise that seeks to beacon out to its controller. We recommend Verisign's DNS Firewall. It provides cloud-based network security based on is built on Verisign's global recursive DNS platform.
  • Managed DNS is important as well. Make sure your provider of managed DNS services has a track record of reliability.
  • Also ensure your networking team understands the details of BCP38 on Network Ingress Filtering. This will defeat DDoS attacks that employ IP source address spoofing.
  • Businesses of all sizes should ensure you are tracking the cyber threat by signing up for the daily Threat Brief. This will provide strategic warning of threats and info on mitigation strategies.
  • Your network defenders should avail themselves of the powerful research tools of Passive Total. This will help keep them aware of threats in ways that will help them adjust defenses. A key benefit is tracking risks that exist totally out of your control.
  • Consider training your extended team on the cyber threat. One way to raise awareness is through our book, The Cyber Threat. This succinct overview articulates the threat in ways that inform and lead to collective action.
  • Have a backup communications plan. If your network is down and that same network carries all your data, video and voice, how will you get the word out to employees, suppliers, customers?

We also provide insights and tips aimed at the Home User and for Governments at Local, State and Federal levels. Please review and help get those tips into the right hands.

Curating a Digital Life

Soci_01Many times when I speak at conferences I talk about how each of us is now two people. There is first, the analog version of our self and now, with increasing emphasis and importance, our digital self that is leading more and more of an independent life without us.

The Analog Self

Every one of us still exists in the analog (non-digital) world. That self is the person who wakes up every day, brushes their teeth and ambles to work at some point. This analog self is un-curated. It exists in a messy state of reality where things can’t be edited, undone or re-worked to suit a specific need. More and more this analog self is being washed away and overcome by our digital shadow, or digital self that is far more interesting, witty, pithy and leads an exciting life of adventure. Increasingly the main pre-occupation of the analog self is to continually curate and care for our digital self. The digital self represents a new type of existence where distance, boundaries and language can be overcome to create new communities of interest and friendship.

In fact, the nature of friendship and the past is now completely different in the digital world. All of our past utterances, viewpoints and statements are preserved. Increasingly there is little room to evolve as a person, forget your past, create a new life, or move forward as our analog self could do ten or twenty years ago. Friendships, good, bad or indifferent, now last forever and tend to have various levels of intimacy/proximity. One study I read indicated that most ‘likes’ and comments on posts are generally from ‘friends’ that are several circles away from being what is classically considered ‘close.’ In conversations I’ve had with Facebook they say they can predict with ease who is your ‘enemy’ or doesn’t like you by examining trees of connectivity, a feature which would never be created or released.

Today, we’re held accountable for every twitch, like, dislike or comment that is made for all time. Privacy is non-existent for the digital self and increasingly less so for the analog version as well.

The Digital Life

More and more of our existence is spent on-line in almost every fashion. With social media, apps, geo-location services, texts, and other full-media immersion our digital self continues to grow and become more complicated which results in the need for more maintenance. One of the things that mobile phones and Facebook have done is upend typical social interactions. I no longer go to out to dinner with my partner on the fly. We must look at OpenTable, read Yelp reviews, get suggestions and once at dinner we’re actually at dinner with roughly 500 people in our extended social network. It is typical to socially pause a conversation and take pictures of food, answer texts, post a witty bon-mot on Facebook and interact, at a distance with many people at once. This increases our distant social interaction at the expense of real-time experience and has created a shared-experience world.

This shift in shared experience will only continue to evolve and grow more pervasive. Today, experience doesn’t count if it’s not documented and shared in near real-time with social media outlets. Exercise doesn’t count if it’s not calculated on my fitbit. In fact, we’re starting to see a cultural shift in the definition of what constitutes a personal experience and in the future there will probably be support groups, as there are today, to help people give up shared digital experience for short periods of time and have a private adventure.

But for now our ‘digital pauses’ during social concourse have created a moment where we must check in with our digital selves and create content that entertains others. For our future, this means we’ll all become adept at being mini multi-media hubs spinning out information on a constant basis.

Anonymity and the Digital Self

Many people think that they can simply not ‘exist’ in the digital world and that would provide them some modicum of anonymity and privacy. This isn’t true, and increasingly difficult to achieve in the modern world. The lack of participation by an individual is a clear indicator of who they are, their demographics, and their absence is keenly felt, and duly noted. By doing analytics on social media is easy to tell if someone’s father, mother, sibling etc, is not a member of that nation. Their lack of ‘existence’ is glaring in fact. If you’re not on LinkedIn, without people vouching for you, writing reviews of your performance or illustrating the depth, breadth and diversity of your network, it’ll be next to impossible to get a job in the future.

I think that we need to start a national dialog on what constitutes privacy since it’s changed so rapidly. For many companies, they use data as a currency to create value for their companies and keep services ‘free.’ We now knowingly, or perhaps unwittingly, trade information about ourselves in order to receive goods and services. The realization that information about you is viewed as currency indicates a new trend in the market and more companies will try to keep information about you legally discoverable as again, it creates the basis for their business model.

Overall, no one can truly be anonymous any longer and privacy is quickly eroding. People will continue to ‘sell’ their data for convenience and for the value that ‘participation’ brings in the digital age.

Final Analysis

Every person must now face the simple truth that two of you exist- one analog and one digital. It is now the responsibility of the analog version to grow and care for your digital self if you’re going to be a full participating member of society. I always encourage everyone in my talks to make sure they are actively managing their digital self and ensure its security otherwise someone else may manage it for you.

Never Waste Another Minute: Take The CTOvision Mobile App With You And Stay In The Loop

CTOvision Mobile App

An upgrade for The CTOvision Mobile Application is available for iPhone, iPad and Android users.

Please download your app today by visiting your favorite iOS or Android app store and searching for CTOvision.  This upgrade addresses stability issues in the old app plus brings in new data sources.

Here is a bit more on the app and pointers to download sites:

The application focuses on content we create for technologists, so you will find our blog content and tech write-ups featured prominently in the app. It also contains a curated list of coming events we believe are of high interest plus curated lists of the videos we want to bring to your attention on topics like Big Data, Cloud Computing, Computer Security, Robotics and Tech Humor.

If you are on the go and want to get directly into the topics in Twitter of interest to enterprise technologists you can use this application’s curated twitter stream of CTOvision tweets for a rapid gist of what is going on. Then share what you discover with who you want to know, directly from the application or via other applications on your device.

Here are the download sites for the CTOvision Mobile App:

We appreciate you downloading this application. We would also appreciate it if you review the app in the app store.

Please give the app a try and let us know what you think.

Top 100 Influencers In Artificial Intelligence and Machine Learning

Artificial Intelligence is the discipline of thinking machines. It has been a field of growing interest since 1955 when John McCarthy first coined the term, defining it as "the science and engineering of making intelligent machines."

The largest players in technology today, including Google, Facebook, Amazon, Microsoft and Apple, are all investing heavily in Artificial Intelligence. So are most of the technology focused Venture Capital firms. All indications are this hot field is about to accelerate dramatic capabilities into every corner of our economy.

Onalytica has brought insights into this field by reviewing experts and influencers in Artificial Intelligence and Machine Learning. They have used their models and methods to map the community of thought leaders in social media, extracting those showing the greatest amount of influence on the topics.

Onalytica analyzed 1.1M+ tweets from November 30, 2015 through February 24, 2016 mentioning keywords associated with “Artificial Intelligence” and identified the top 100 most influential brands and individuals leading the discussion on Twitter. What they discovered was a very engaged community, with much discussion between individuals and brands. The map below was created with Onalytica's Influencer Relationship Management software (IRM).

Screen Shot 2016-03-03 at 3.29.01 PM

Our own Bob Gourley appears at the bottom center of this map. Overall he was ranked number five in Onalytica's Artificial Intelligence and Machine Learning Top 100 Influencers on Twitter.

Screen Shot 2016-03-03 at 3.15.30 PM

The point of assessments like these are to help those seeking to track developments in Artificial Intelligence to know who to follow to learn from. To follow these influencers directly on Twitter see the Top AI Influencers List.

Read the full report on Onalytica.com.