Wednesday, January 29, 2014

Playground 2.0

My backyard is apparently either connected to the internet or somehow got included in a mobile game app.

Like many families, we like to play in the back yard.  Ahhh, the back yard.  Many, many, many configurations exist from grass to pools to gardens to trees to BBQs to swing-sets to concrete to nothing to...you get the idea.  We play ball, fake sword fights, run around, have picnics and all the fun things that can happen outside, on the grass, in the sun.  'Turn off that radio, TV, tablet, game, device, whatever and play outside!' many parents have said over the years.  Including mine. 

But something bizarre has happened to my backyard over the last year.  Levels.

No, not the Kramer style - 'Levels, Jerry, Levels,' not the rulers with the water bubble to make sure something is level nor the 2nd floor balcony protruding from the house.  But game levels. 

It started at one of the trade shows last year.  We always have our F5 squishy balls available at the booth and I usually grab a few to juggle, give to others and take back for my kid.  She loves them.  One day we were tossing them to each other and she decided to become a target - like in a game.  So she started to pace back and forth (as a moving target) for me to hit the target.  After the 1st 'round,' she says, 'ok 2nd round,' and paces back and forth again but this time, she also ducks up and down.  2nd round, harder level.  We continued to add various 'challenges' to the simple back and forth target practice with a squishy ball.  It was fun but then dissolved into one of those, 'remember when we...?'

Fast forward to a couple weeks ago.  We are out back playing some kingdom game having a pretend sword fight.  I got a Wiffle bat and she has a bamboo stick.  We both have kid water boards as our shields and swing away, complete with sound effects.  We complete our joust and I'm informed that she won and for the next level, I needed to wear a mask.  A mask?  Since when did Infinity Blade land in my back yard?  Multiple costume changes later, she reached level 10, along with all the accolades that comes with such an achievement.

And just last weekend, we got our various 'swords' sticking out of an old, round bamboo/wicker ottoman looking thing, that's lost its pillow top.  You know, outside furniture that has been outside for too long?  So she gives me my default Wiffle sword and then announces that I can upgrade to the cooler bamboo sword if I get enough coins.  Coins?  I don't see any Temple Run coins floating around the back yard.  'How do I get coins?' I wonder.  'Oh, you earn them by winning battles,'  she asserts.  'But wait, you always win - how am I gonna get some coins?' I lament.  Noting my concern, she assures, 'Oh, don't worry about it daddy, this is all fake.' 

Got it.

ps

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, January 21, 2014

The Icebox Cometh

Will the Internet of Things turn homes into a House of Cards?

Our homes are being invaded...but not with critters that you'd call an exterminator for.  Last summer I wrote Hackable Homes about the potential risks of smart homes, smart cars and vulnerabilities of just about any-'thing' connected to the internet.  (I know, everyone loves a bragger)  Many of the many 2014 predictions included the internet of things as a breakthrough technology? (trend?) for the coming year.  Just a couple weeks ago, famed security expert Bruce Schneier wrote about how the IoT (yes, it already has it's own 3 letter acronym) is wildly insecure and often unpatchable in this Wired article.  And Google just bought Nest Labs, a home automation company that builds sensor-driven, WiFi enabled thermostats and smoke detectors. 

So when will the first refrigerator botnet launch?  It already has.

Last week, Internet security firm Proofpoint said the bad guys have already hijacked up to 100,000 devices in the Internet of Things and used them to launch malware attacks.  The first cyber attack using the Internet of Things, particularly home appliance botnets.  This attack included everything from routers to smart televisions to at least one refrigerator.  Yes, The Icebox!  As criminals have now uncovered, the IoT might be a whole lot easier to infiltrate than typical PCs, laptops or tablets.

During the attack, there were a series of malicious emails sent in 100,000 lots about 3 times a day from December 23 through January 6.  they found that over 25% of the volume was sent by things that were not conventional laptops, desktops or mobile devices.  Instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and that one refrigerator.  These devices were openly available primarily due to the fact that they still had default passwords in place.

If people don't update their home router passwords or even update the software, how are they going to do it for the 50+ (give or take) appliances they have in their home?  Heck, some people have difficulty setting the auto-brew start time for the coffee pot, can you imagine the conversations in the future?  'What's the toaster's password?  I need to change the bagel setting!'  Or  'Oh no!  Overnight a hacker replaced my fine Kona blend with some decaf tea!'  Come on. Play along!  I know you got one you just want to blurt out!

I understand this is where our society/technology/lives are going and I really like the ability to see home security cameras over the internet but part of me feels, is it really necessary to have my fridge, toaster, blender and toilet connected to the internet?  Maybe the fridge alerts you when something buried in back is molding.  I partially get the thermostats and smart energy things but I can currently program my thermostat for temperature adjustments without an internet connection.  I push a few buttons and done. Plus I don't have to worry about someone firing up my furnace in the middle of July. 

We have multiple locks on our doors, alarm systems for our dwellings, security cameras for our perimeter, dogs under the roof and weapons ready yet none of that will matter if the digital locks for our 'things' are made of dumpling dough.  Speaking of dumplings, the smart-steamer just texted me with a link to see the live feed of the dim sum cooking - from inside the pot! 

My mind just texted my tummy to get ready.

ps

Related:

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, January 15, 2014

Bricks (Thru the Window) and Mortar (Rounds)

...or I've been Breached.

There was a time when people differentiated between stealing from a physical store and pilfering data from a network.  Throughout the years there have been articles talking about the safety/risks of shopping online vs. shopping at a retail outlet.  You could either get carjacked in the parking lot and have your wallet stolen on Black Friday or your browser hijacked and your digital identity stolen on Cyber Monday.  There are probably many people who exclusively shop one way or another due to their own risk assessment of each...ignoring whatever convenience, interaction, price, constraints, gratification, availability or any other perceived beneficial metric on the Franklin T-scale tied to the specific activity.

Now we've learned that the recent Target breach was due to malware being installed on the point of sale devices.  Wait, what?  A 'cyber' crime within a retail bricks environment?  Isn't anything sacred?  Well no, and this is really not anything new.  ATMs and point of sale devices have been targets for a while due to the simple fact that they run on an operating system.  A potentially vulnerable operating system.  In 2012, thieves broke into Barnes and Noble's keypads and grabbed a bunch of credit cards.  Subway also had it's PoS devices infiltrated.  There will be more.

Online shopping has risen 300% since 2004 and continues to grow.  comScore reports that desktop sales on Black Friday grew 21% ($1.1 Billion) and Cyber Monday grew 18% ($1.7 billion).  Yet, with all the mouse orders we accomplish on any given day, according to the Dept. of Commerce, it still only amounts to 6% of all U.S. retail sales.  You'd think that it would be much higher but major purchases, like automobiles for instance, are still (mostly) purchased in person.  The shift, however, will certainly grow as more people rely on mobile as a primary purchase sidekick and... as always, the bad guys are going to focus on where they can get their take.  In this interesting TED talk, security expert Mikko Hypponen says that we are more likely to be a victim of an online crime than a real world stick up.

That includes an increase of blended attacks.

We've seen it a thousand times - plant something on the inside and siphon from the outside; launch a network based attack as a diversion to go after the app data; do a little social engineering surveillance to become one of them; and of course the classic, knock out the guards, put on their outfits and walk in while nobody notices.

There is still much to uncover about this latest breach but I can't help feeling that more retailers, as has been reported, will be screaming, 'This PoS device is a PoS

Nice how I worked that in huh?

ps

Related:

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, January 7, 2014

OK 2014, Now What

So I've been staring at this blinking cursor for the last 5 minutes wondering what story to tell.  'Once upon a time, there was a....'  No that won't work.  'It was a dark and dreary night as our protagonist grudgingly dragged his feet toward the impending...'  No, not that either.  How about, 'The waves were big, mean and fast that day...the kind of day where Eddie would go.'   Nah, too local boy.
After a few weeks break and with so much going on within information technology, I sometimes find it difficult to zero in on something interesting with so many choices.  So I decided to do a mini blog buffet....the best in town, I say!
The big news this week seems to be the Consumer Electronics Show (CES).  From connected and driverless cars to interactive kitchens to wearable technology to the massive ultra HD televisions to even toothbrushes, the internet of things is certainly posed to take over the world in 2014.  There are, of course, risks with all these embedded systems.
There was the Target breach right at the height of the holiday shopping season nailing 40 some million (now 70 million) credit and debit cards in the process.  I had a browser tab The 10 Worst Data Breaches of 2013 saved since before the new year for an article but this most recent debacle will certainly make all of 2014's lists.  I was in Target a couple days ago retuning something and the person in front of me was asked, 'Do you want cash or credited back on the card?'  He dryly answered, 'Well, I got a letter from my bank this week saying they are replacing my card due to your breach, so I'll just take the cash.'  Mine was an even exchange.
There was the FireEye - Mandiant deal struck slightly before the ball dropped and announced after the 12th ding.  Interesting blend of attack detection along with attack response.  The timing seemed perfect in the wake of the Target news.
There was the Snapchat breach, the Yahoo malware, the WoW attack and certainly all the 'national security' news.
And finally, our very own John McAdam earned Puget Sound Business Journal Executive of the Year for 2013.  I first met John when I joined F5 in 2004.  We had less than 1000 employees at the time and our sales conference that year was at a local Seattle hotel.  During one of the breaks, Ken Salchow took me over to introduce me to McAdam, who was sitting in a chair fiddling with his blackberry.  Now you'd think that the first time meeting your CEO you'd be all proper, business-like...Sir.  Not me.  As Ken did the formalities, the first words out of my mouth were, 'What's your high score on brick breaker?'  John's face lit up with a smile, a determination in his eye and without missing a beat, shoved his phone in my face and taunted, 'Can you beat that?'  It was wonderful and crushing at the same time since his score trounced mine.  This was well before internet on planes and playing brick breaker was a way to pass time in the air.  For the next several months as we did our individual business travel, we would send each other our high score(s) wrapped in a bit of bragging.  There was actually a few of us on the thread, all hoping to blast the others.  Then one day, one of the competitors (who had been on an overseas flight if I remember correctly) sent a score that blew everyone away.  That was it, game over.  But I'll never forget how the CEO included a relatively new guy into a fun little group of folks trying to one up each other.  I've been here ever since. 
Welcome to the Year of the Horse!
ps
Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]