Collaborative Strategy Guild

Twitter Has 145M Users, Mobile Use Up 62 Percent [GigaOM] «

Peter O'Kelly — Fri, 03 Sep 2010 11:35:00 +0000

Mobile use of Twitter has climbed by more than 60 percent since April, when the company introduced its official iPhone client, Twitter CEO Ev Williams said in a status update posted to the company’s blog. The Twitter founder also said that the microblogging service has 145 million registered users, up almost 40 percent from the number it had four months ago.

Twitter Has 145M Users, Mobile Use Up 62 Percent «

Continue reading: Twitter Has 145M Users, Mobile Use Up 62 Percent [GigaOM] «

louisgray.com: Continuous Parallel Attention: My New Reality

Peter O'Kelly — Fri, 03 Sep 2010 11:27:00 +0000

A timely attention management reality check

When you really want to concentrate, do you need a quiet room with no distractions, or does playing loud music help you focus? Can you hold a conversation while typing? Can you read blogs and write e-mail while watching TV? I do. And I must. For with all the information available these days, and my personal unwillingness to miss out on conversations or media consumption, I've done more than embrace what many call "continuous partial attention". Instead, I believe I have a goal of achieving "continuous parallel attention", whereby no single task is given primary focus, but instead, multiple tasks gain the same focus.

louisgray.com: Continuous Parallel Attention: My New Reality

Fun with blog syndication: day 1 results

Peter O'Kelly — Fri, 03 Sep 2010 10:42:00 +0000

What I’m seeing after the first day of tweaking my syndication settings

Blogger => Google Buzz: instant (Buzz appears to use dynamic content queries)
Blogger => Twitter via Twitterfeed: still a seemingly arbitrary subset of blog posts showing up in Twitter
Blogger => Facebook (via Facebook page/note subscription to my blog’s XML syndication feed): worked once, after initial set-up; no updates since then

Perhaps direct access to traditional blogs and blog XML syndication feeds will continue to be popular for a while after all…

Continue reading: Fun with blog syndication: day 1 results

FT.com / Technology – Samsung tablet throws down gauntlet to iPad

Peter O'Kelly — Fri, 03 Sep 2010 10:28:00 +0000

Another respect in which Sony is apparently emulating Apple: its reality distortion field

Sir Howard Stringer, Sony president, told a press roundtable at IFA on Thursday that it had not taken any decision yet on making a tablet of its own, but if it did, it would have content and services ready through its Qriocity online service that would differentiate it from the competition.

“[Our content] puts us right up there with Apple and Microsoft and, at the same time, we can deliver it on far more products than Apple or anybody else can,” he said. “This is a very important moment for Sony. We have all these assets and scale and ... size does matter.”

FT.com / Technology - Samsung tablet throws down gauntlet to iPad

Apple-Facebook Friction Erupts Over Ping – NYTimes.com

Peter O'Kelly — Fri, 03 Sep 2010 10:22:00 +0000

It’ll be interesting to see if Apple is as effective as Facebook is, in terms of purging forged identities. Of course, if Apple also prohibits iTunes Ping content that is "hateful, threatening, or pornographic; incites violence; or contains nudity or graphic or gratuitous violence,” as Facebook does, that will limit the opportunities for discourse on modern popular music…

It is also not clear why Facebook did not call Apple to resolve the issue before it pulled the plug on Ping connections.

In the meantime, Facebook’s chief executive, Mark Zuckerberg, has been testing Apple’s social network, opening his own account on Ping. So has another Mark Zuckerberg, whose profile says “It’s true, I invented Facebook.” One of them is fake. From the looks of it, the one that doesn’t have a picture and doesn’t boast of having invented Facebook is the real one, as that user is connected to at least one other Facebook executive, Bret Taylor. Mr. “I invented Facebook” appears to have no connections to other Facebook execs.

Apple-Facebook Friction Erupts Over Ping - NYTimes.com

The mystery of the disappearing Facebook-Ping integration | Circuit Breaker – CNET News

Peter O'Kelly — Fri, 03 Sep 2010 10:11:00 +0000

More details on the short-lived iTunes Ping/Facebook integration. Also see this GigaOm post for a reality check on the complementor/competitor continuum in this context.

The word is that Facebook may have pulled the plug on the Ping integration at the last minute.

AllThingsD hears from unnamed sources that Facebook blocked Apple's use of the Facebook API within Ping "since it violated its terms of service." As a result, Apple reportedly then killed the advertised find-Ping-friends-via-Facebook feature.

Facebook's API is generally open for anyone to use, but there are a few rules. The company's developer agreement states that if an application exceeds more than 100 million API calls per day, "please contact us as you may be subject to additional terms." Apple says there are 160 million iTunes customers--and therefore potential users of Ping.

It seems those "additional terms"--whatever they were--are the "onerous" ones Jobs referred to.

The mystery of the disappearing Facebook-Ping integration | Circuit Breaker - CNET News

Another Video on Google’s Evils: Creepy Ice Cream Man Edition – Digits – WSJ

Peter O'Kelly — Fri, 03 Sep 2010 09:22:00 +0000

Sign of the times

Are anti-Google videos becoming some sort of weird cottage industry?

The Journal’s Amir Efrati reported just a couple of weeks ago on a video about the “evil” side of Google. And now a group called Consumer Watchdog has a video that makes fun of Google CEO Eric Schmidt’s views on privacy. Part of the video is being used in a 15-second ad on a giant screen in Times Square too. (And these are all posted on on Google’s YouTube. Oh, the irony.)

In the video, Schmidt is portrayed as an ice cream man who hands out “free” ice cream to kids — while giving them full-body scans and collecting their secrets. (In Digits’ view, his ice cream man might rank right up there with clowns in terms of creepiness.) .

Another Video on Google’s Evils: Creepy Ice Cream Man Edition - Digits - WSJ

AOL, Google expand partnership – The Boston Globe

Peter O'Kelly — Fri, 03 Sep 2010 09:12:00 +0000

Maybe the second time will be a charm for Google

Armstrong said the deal is an improvement economically and declined to disclose specifics of the revenue-sharing split. AOL talked to five or six potential partners before deciding on Google and negotiations intensified in July, he said.

In 2006, Google beat out advances from Microsoft Corp. and renewed a search agreement with AOL originally signed in 2002. To seal that deal four years ago, Google bought a 5 percent stake in AOL for $1 billion. Google wrote down the investment by $726 million in 2008 and last year Time Warner bought back the stake for $283 million. Armstrong has said that 2006 pact was done “purely for money.’’

The new agreement doesn’t include upfront payments or equity stakes, he said today.

AOL, Google expand partnership - The Boston Globe

Introducing the “Malware Conference for Global Evil (and Mass Effect 2)”

Ed Moyle — Thu, 02 Sep 2010 21:58:43 +0000

So I’ve been thinking more about Malcon (OH NOES you’re probably saying). Anyway, after I posted the thing the other day about Malcon, Kurt Wismer’s counter-argued on his blog that my logic was flawed. That could be.

Out of respect for Kurt’s well-reasoned disagreement, I won’t try to do a TLDR synopsis here (go read it if you want the full background) other than to focus in on one point that he alludes to. I’m still trying to get to the root of how (or if) this thing (Malcon) is different from Blackhat – and why one would be OK in our community and the other not (since there are quite a few folks who feel that way). So what Kurt said that was a starting point for me on my musings this morning was this one:

…blackhat/defcon are about more than just the race to zero or the blue pill. the blackhat/defcon conference pair focus on a wide variety of security issues, many of which not only deserve to be highlighted but also contribute to the betterment of the security condition… by way of contrast (since ed’s argument compares blackhat/defcon to malcon simply by substituting one for the other in his logical framework above), malcon focuses explicitly and exclusively on the advancement of malware creation which is (in general) incapable of providing the same contribution to the security condition.

Like I said, this is just one of Kurt’s points and not intended to represent everything he said – or even most of it. But it got me thinking more about why people have a problem with Malcon but not with other conferences. In other words, why someone would object to a conference like this one but not to something like Blackhat, HOPE, or toorcon.

Kurt alludes to about Blackhat forwarding the security condition and Malcon detracting from it so one is good and the other not. I don’t know… We have no way to measure the security benefit of Blackhat. We posit that it moves security forward, but does it really? Put aside the fact that we have no evidence about Blackhat, say for the sake of argument that it does make security better. Does Malcon detract from it? Again, it hasn’t happened yet, so anything we say is speculation. I personally doubt it, but maybe. The point is – we can’t know which conferences forward security and which don’t. Doesn’t it depend on circumstance? Is a malware author passing out drunk at RSA better for forwarding the security industry? Is a junior AV researcher learning how to analyze malware at Malcon setting it back? Not sure I buy it that it’s either all one way or all the other.

And we know the objection can’t be based on content. Put aside the fact the fact that (again) the conferences hasn’t happened yet (so we could find out that it’s really a Mass Effect fan con in disguise for all we know – like “Rickrolling” but for malware.)

The only real “meat” about what’s going on there comes from the cursory overview of the sessions, which are vague. The sessions as stated are:

Reverse Engineering Walkthrough
Introduction to WIN32 Programming
Introduction to Reverse Engineering
Malware “Concept” Introduction
Coding a Malware
Malware Analysis

So, with the exception of the penultimate module (“Coding a Malware”), this looks like it could be any day’s agenda from the development track at an RSA conference. For the coding a malware part, I’d bet that percentage-wise it’s probably about the same time spent on that as the Sonoma State University class where they author malware.

So to accept that Malcon detracts from the security community, based solely on the content you would have to also accept that Sonoma State does.

Maybe you do. Maybe you believe that Sonoma State is evil. Even taking that off the table, there’s still a spectrum here. On the one side, you have security conferences that have nothing to do with malware (like Cardtech or RSA). On the other you have conferences that provide varying degree of information that could be of use to a malware author (Defcon, toorcon, pumpcon,summercon, etc.). If it’s based on content, that means there’s a magic percentage of where it goes from “OK” to “evil”. And we know it’s less than 16% (the percentage of Malcon dealing with malware authorship).

But I don’t think any of that is true. What I think is really more likely is that the objection is not about the content, or the impact to the industry, or anything else. I think it’s about the fact that it’s called “Malcon” and (to a lesser extent) the fact that people think it’s somehow forwarding the malware writing community. I posit that if you took any conference (say our hypothetical Mass Effect fan con cited earlier) and named it something like “Malware Writers’ Conference for Global Evil” and marketed it with a picture of a virus giving a raspberry… Well, you’d get static from somebody (really guys? the virus picture?)

As far as intent goes, I also think people think this is a conference somehow intending to forward the malware author community. Who would want that? Their actual intent isn’t really that, by the way. Their stated goal is, “…to help the Security Industry… so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”

Why SCADA Security Matters–And What You Should Know About It

Diana Kelley — Thu, 02 Sep 2010 18:35:54 +0000

My article this month for eSecurityPlanet addresses the oft overlooked and misunderstood issue of securing SCADA systems. Many thanks to Jonathan Pollet of Red Tiger Security for providing feedback and quotes for the article.

SCADA (supervisory control and data acquisition) systems run critical infrastructure and manufacturing processes. SCADA is what the local power company uses to manage usage on the grid and ensure customers have energy during times of high use. It’s also what manufacturing plants use to manage the shop floor to make sure production can continue without interruption. If you’re like most network and application security professionals, you’ve never worked with a SCADA system. SCADA knowledge is specialized and often not covered in traditional security training and certifications like the CISSP. Only one major certification, the Critical Infrastructure Institute PCIP (professional in critical infrastructure protection), really covers SCADA training.
Jonathan Pollet, founder of Red Tiger Security, a consulting and testing company that specializes in SCADA and critical infrastructure, notes: “SCADA Engineers and System Integrators know how to design, commission, and maintain real-time control systems, but typically do not have the right skill sets and training to embed security into those systems. They typically do not understand how to properly harden the servers, operator workstations, and network infrastructure, and in most cases, these systems are commissioned with default passwords and administrator accounts with no passwords.”

To read the rest of the article, please click here.