IT Artillery

    There have been some frightening items in the news this week. It’s one thing to read your credit card information has likely been compromised because a retailer was hacked and didn’t encrypt your data, but it’s quite another to read your municipal water supply system has been compromised:

    When planning your infrastructure and thinking about the "what ifs," remember it's not just about planning for what you think might happen, it's also about taking into consideration what you may think could never happen. If you think a natural disaster can't possibly take out your data center (and by that I mean any data center, building, or service) and thus bring your business to a screeching halt, you're not thinking.

    Our thoughts and prayers go out to all who have been affected by the tragedy in Japan, and this post is our effort at a call to arms to encourage our industry's aid to Japan, which has been one of our strongest allies since the end of World War II. The people of Japan really need the help now, and will need help long after the media has moved on to other stories.

    "This will completely change the paradigm of how IT purchasing decisions are made, and even what type of technology can be brought to market." If you need further proof of this, I came across a recent news article--German hacker uses rented computing to crack hashing algorithm. He uses Amazon's E2C cloud service to supply the computing power needed, for which he pays a grand total of two dollars per crack.

    In this episode: The Planet's Houston data centers go offline, Google calendar goes down yet again, and Telstra's Next G mobile network suffers a massive outage to all of Queensland Australia due to an update that apparently went very wrong.

    "It wasn't supposed to be this way. Microsoft was supposed to be the evil one. But now you guys are busting down doors in Palo Alto while commandant Gates is ridding the world of mosquitoes. What the #&@% is going on? It is all mixed up. I don't know which end is up anymore. Black is white. Cats are dogs."

    "If you board the wrong train, it's no use running along the corridor in the other direction," said famed World War II German resistance fighter Dietrich Bonhoeffer. We in IT boarded the wrong train a long time ago. It's the "standard model" of information technology organizations -- the familiar litany that says CIOs should run IT as a business, meeting the requirements of its internal customers.

    In this episode: Codero's Phoenix data center suffers lengthy outage, Wordpress.com goes down affecting millions of sites, Microsoft's Live ID servers wobble after loss of a brother, Google gives honest assessment of February app outage, and Ubisoft's new DRM system falls down and locks out paying customers.

    Recently a Moscow-based security research firm named Intevydis announced that rather than follow the standard method of disclosing security holes called responsible disclosure, they would publish their findings without first informing the vendor - so-called "full disclosure". In the words of Evgeny Legerov, founder of Intevydis: "After working with the vendors long enough, we've come to conclusion that, to put it simply, it is a waste of time."

     In this episode: Human error takes down a university data center, Mother nature knocks out NaviSite's San Jose data center, and Microsoft's cloud is "hiccupping", has anyone even noticed?

    In this news roundup - A large power outage in New Zealand causes repair workers to need a police escort past an angry farmer but local datacenters stay up and running, US Government websites miss their own DNS security deadline, A router glitch cripples the California DMV network, A network flaw causes a session hijack flaw courtesy of AT&T, Cisco NetApp and VMware team up on virtualization security, and more.:

    On December 4th, the website RockYou.com was breached and their entire user database was stolen. The bad news was the fact that all the database entries including usernames, passwords, and e-mail addresses were stored in plain text, unencrypted, The REALLY bad news to come out of this incident was contained in a research study performed on the stolen database, perhaps one of the first times such a large volume of real-world passwords was available to examine, and it clearly shows that users are opening themselves up for attack.

    Recently, Mark Bowker (a colleague of mine who works upstairs near the ESG Research eggheads) wrote a blog post entitled "The Cloud Busy Signal." ESG continues to observe reports of degraded services and outages by cloud providers. Mark's post is well worth the read and he makes a good point--not to mention a good segue into the inaugural episode of Backfires, Misfires, and Duds...

    In this news roundup - The French agency tasked with enforcing strict anti-piracy regulations has been left severely embarrassed after the revelation that its logo contains pirated material, A migration said to be "largest enterprise cloud deployment", A Russian security researcher chooses full disclosure, calls working with vendors "a waste of time", Google investigates China staff over cyber attack, Latvia attacks a UK ISP, and more.

    A company called SquareTrade provides after-sale warranties for laptop (and netbook) computers. They recently published a study of the failure rates of the major brands which provides some interesting data, especially if you're thinking about making a new laptop purchase. A quick look at this data shows that about 1 in 3 laptops fail over 3 years, and  in any business, the bigger truth is that downtime equals lost revenue.