ThruGlassXFER – exfiltration via QRCode

June 10th, 2014 Comments off

This week Ian Latter, under his MidnightCode moniker, started to release information on his proof of concept for the exfiltration of information using QR Codes called ThruGlassXFER. This is ahead of his presentation at COSAC in Ireland and time at BlackHat later this year.

The full ThruGlassXFER White-Paper and proof of concept apps are coming. I was privileged enough to see this project as it emerged including the functioning proof-of-concept. The White-Paper will walk people from first principles through to sample code. There are also some inventive ways to get the base code onto secure systems.

This can put to bed the argument that a system that delivers a remote display, mouse and keyboard, only, are secure and that information cannot be easily exfiltrated. Yes, I understand that this is an oversimplification of the potential issue. Looking forward to how this is received and what people do with it.

My hat goes off to Ian!

Categories: exploits, Security Tags: ,

Innovate, innovate, innovate – making time for ideas

March 17th, 2014 Comments off

Warning: this is a half thought – I saw this YouTube clip recently by Steven Johnson , titled – Where good ideas come from.

http://youtu.be/NugRZGDbPFU

The short of it is:

  • Ideas need time to incubate
  • The best ideas and breakthroughs come from a collision of multiple ideas or hunches
  • You need to provide a way to allow contemplative thinking and mingling of people to allow the discussion to happen.

Every day customers, managers, investors are telling us to innovate more. The biggest issues I see is that in the corporate world we don’t make time to think about things. If we do it is generally in some form of work-shop environment where no one has had 5 minutes to spare before getting there to think about it.

Whilst the internet has made it a lot easier to collaborate, borrow, use or bounce-off other’s ideas, having time to get out there and participate in discussions as well as making time to reflect and absorb is becoming increasingly harder.

 

ITO Maturity?

February 24th, 2014 2 comments

iStock_000016868699SmallI was recently told that Information Technology Outsourcing (ITO) and integration of multi-service providers is still an emerging market. In my role, everyday I deal with looking at outsourcing of customer IT environments; the opportunities; the value I, as a service provider, can bring; and the risk for both sides. I’d like to point out that I’ve been involved in ITO in some fashion for almost 20 years. It certainly isn’t new, or emerging. What it is is a changing one.

 

With the years gone by it was easier to either single source (procure through one provider) or completely manage all your IT service needs due to the relatively small, non strategic, investment in IT; that and businesses and IT managers alike could wrap their collective heads around the problem. As the complexity of IT grew so did the strategic investment to deliver business outcomes, this forced businesses to look to multiple parties for the delivery of services in order to take advantage of the leading edge IT capabilities: Multiple suppliers, internal teams ora mixture of both were used in this delivery. This forced a new managed service and system integrator (MSI) function to emerge, stitching together the various IT services in order to deliver a cohesive end-to-end service to business.

 

With the recent normalisation of Everything as a Service and the push for “good enough” service provision, businesses are caught in the mix of pushing to adopt these cost saving services and yet continue to receive value from the IT services that they procure. This push, coupled with the shadow IT adoption of cloud based services, has moved IT departments back into the business of service and system integration. This is what my colleagues and I call micro-sourcing; ad hoc procurement of services.

 

To follow up on the conversation I had previously stumbled on this article by Stephanie Overby at CIO magazine. In it she highlights eight tips to deal with liability when outsourcing to multiple IT vendors. I saw it as a great example of how ITO is viewed by the market and those that make the decisions. This is a very valid, risk centric, view of ITO. Given my conversation and Stephanie’s article I wanted to pull them together to show that what some of the tips, and thus preconceptions, do is to reinforce the MBA-esque risk adverse nature of the approach to ITO and limit the benefits that it can provide.

Read more…

WhatsApp: an Incomplete thought

February 22nd, 2014 2 comments

WhatsAppSilicon Valley’s latest acquisition has the twitter sphere in a tizz. For those living under a rock, Facebook acquired messaging company WhatsApp for $19B dollars

 

What I like about the whole situation is that WhatsApp exploited a perceived gap in market. Sure there are messaging apps that work across multiple platforms, but their focus is all about the social platform. WhatsApp’s was more simplistic, universal messaging across platforms. Given the platform and style of service, users feel far less threatened and take up in various geographies show this.

 

They are also a “cloud service platform” that allows them to mine the information on relationships and interconnectivity that a lot of players in the social service space would kill for. The fact that Google offered USD$10B previously is a clear sign of their value. This can be attributed to a lot of things, least of which is their growth rate and repeat customer rate.

 

Whilst this might highlight some some trends in market, like the purchase of startups focused on social services, it is a blinkered view of the market as a whole. These MEGA players (Google, Twitter, Facebook, etc) have a weird and wonderful product and marketing model that most of the world is still trying to get their heads around. Like most marketing machines, new product are critical to the survival of a company (be it new to market, improvements or repositioning). WhatsApp shows a link between Google and Facebook’s understanding of their customers (BTW that’s not you) and what they want, but most importantly, what it is worth.

 

Apart from the incredulity that is coming out by the average Joe, there are severalitems and articles out there that attempt to show why the $19B.

 

The best article I read was from Danny Crichton (@DannyCrichton)  who points out that the growing trend in social application business acquisition is going to change the nature of business, certainly in Silicon Valley. I’m leaning toward agreeing with most of his observations though I’m wiling to bet that some of the other cities around the world will get a look in as the Valley is rapidly becoming expensive!

 

More great stuff on Business Mapping

February 5th, 2014 Comments off

As I tend to reference Simon Wardley’s mapping a lot recently is was good to see that he’s finally named it the “Wardley Map” developed by Simon in 2007.

If, like I, you like the concept for its flexibility and ability to clearly show a business ecosystem, make sure that you are following along here.

Categories: Technology Tags: