Category Archives: Published work

Quickbase blog: There are better ways to manipulate data than Google Docs

Posted on by
1

Google Docs is a favorite way to build applications for lightweight data manipulation, reporting, and analytics as well as useful for building websites that can capture and display data. While it is a great tool to get started using an online all-purpose office suite, you should also know its limitations and when it is time to move on to something more industrial strength. Let’s look at what is missing and when you should move on.

Document size limits. Google Docs has several limits on file sizes, depending on the type of file that you store there. For example, uploaded document files that are converted to the Google documents format can’t be larger than 50 MB, spreadsheets can be up to 2 million cells.

You need to enable Javascript and allow cookies for Google Docs to work. That might be an issue in some environments.

Lack of workflows. Google Docs is setup for real-time collaboration, which means that everyone working on a document can chime in at the same time, if they are online and have access to a particular document. As the others make changes to your document, you see them displayed almost immediately. While that is great, there is no control over the workflow: meaning you have to play traffic cop and make sure your teammates know the order of who is going to be working on the document next and how it gets passed around. There are other collaboration tools (such as the Skyword editorial add-on to WordPress) that handle this workflow better.

Weak data reporting and report construction. If you are used to these features in QuickBase, you will be frustrated by what Google Docs offers.

It isn’t at feature parity to Microsoft Office, especially for Excel, Access and PowerPoint apps. You can import .PPT and other presentation files, but you might lose some fidelity, transitions, and other aspects of your presentations. The same is true when Google Sheets is compared to Excel or other dedicated spreadsheets: while you can build a pivot table in the former, you probably wouldn’t want to use Sheets to produce complex financial models.

Fewer granular access controls to documents. Google Docs has three roles to choose from: a user can edit, can view, or can just post comments to a shared file. You can send a link and allow anyone access via email, and if you are the original owner of the document you can prevent other editors from change access permissions or adding new collaborators to the overall workflow. As owner you can also disable the options to download the file to your local desktop or print the document. That is about it: other online workspaces have more sophisticated access controls that allow more flexibility.

These user roles are established through email addresses of your workgroup. If you have users that have multiple Google IDs (such as their own Gmail account and a corporate email account that is hosted by Google) it can get confusing managing all the various access roles.

Another limitation is that with Google Docs, all documents can be either public or private (and shared among a specific list of email addresses). Other online systems are more flexible.

If you want to work offline, you have to plan ahead and make your documents available on your local desktop.

Fast Track blog: Is it Time for Citizen Developers to Replace IBM Notes?

Posted on by
Reply

Nearly 30 years ago, Lotus Software came out with a radical new tool called Notes that has since become a corporate staple. More than an email program, it was used by IT and non-IT alike to build collaborative apps. Think of it as the origin of the citizen developer movement.

But Notes has stalled and many corporations are looking to move on to something else. You can read my post on QuickBase’s FastTrack blog here about what can citizen developers do to get the decommissioning party for Notes started.

iBoss blog: There’s No Single Magic Bullet for IoT Protection

Posted on by
Reply

An earlier post of mine for iBoss addressed the issue of wearable fitness devices and smartwatches and their network threat. And while that post has lots of suggestions on how you can protect your network, there is still a lot going on with the IoT world.

In this post for iBoss, I discuss recent exploits using an all-webcam botnet, how the NSA wants to use IoT devices to profile your communications, and how enterprises are using mobile device management tools.

iBoss blog: Beware of wearables!

Posted on by
1

As more of our users start literally wearing their own gear to work, the number of threats from these devices, such as Fitbits and Apple Watches, increases. After all, they are just another remote wireless computer that can be compromised to gain access to your enterprise network. I talk about the potential threats and ways to mitigate them, along with other factors. You can read my post here on iBoss’ blog.

Fast Track blog: Signs you should replace Access with an online database

Posted on by
Reply

Many of us started out with database software with something like Microsoft Access. It came included as part of the Office suite, was fairly easy to get started and infinitely customizable for light database programming. But with all these advantages, it might be time to look elsewhere for alternatives, especially for citizen developers who want to build more sophisticated online database applications.

You can read my post here about ways to recognize when your Access is running out of steam.

Network World: Ten new generation endpoint security products compared

Posted on by
Reply

Endpoint security used to be so simple: you purchase an anti-malware scanner, install across your endpoints, and you were protected. Not anymore. However, the days of simple endpoint protection are over. Scanning and screening for malware has become a very complex process, and most traditional anti-malware tools only find a small fraction of potential infections.  The attackers have gotten more sophisticated, and so too must the endpoint detection and response (EDR) tools, which need to find more subtle exploits, even ones that don’t leave many fingerprints.crowdstrike flow

This week, I review of ten different endpoint detection and response (EDR) tools for Network World magazine. You can read the complete review package here.

I spent several months running Outlier Security, Cybereason, Sentinel One, Stormshield SES, ForeScout CounterAct, Promisec PEM, Countertack Sentinel, CrowdStrike Falcon Host, Guidance Software Encase, and Comodo Advanced Endpoint Protection. From this experience, I came up with a series of broad trends:

Virus signatures are passé. Creating a virus with a unique signature is child’s play, thanks to the nearly automated virus construction kits that have filled the Internet over the past several years. Instead, many of these products tap into security news feeds that report on the latest attacks such as VirusTotal.com and other reputation management services.

Second, tracking executable programs is also so last year. In the old days of malware, exploits typically had some kind of payload or residue that they left on an endpoint: a file, a registry key or whatnot. Then the bad guys graduated to run their business just in memory, leaving little trace of their activity, or hide inside PDFs or Word documents, or would force your Web browser to a phished site that contained Java-based exploits. Today’s hackers have become more sophisticated, using Windows Powershell commands to set up a remote command shell, pass a few text commands, and compromise a machine without leaving much of a trace on an endpoint.

Many products can track privilege escalation or other credential spoofing. Modern attackers try to penetrate your network with a legit user credential that uses a default setting when you installed SQL Server or some other product, and then escalate to a domain administrator or other more significant user with greater network rights.

Insider threats are more pernicious, and blocking them has become more compelling. One of the reasons why traditional anti-virus protection has failed is because attackers can gain access to your internal network and do damage from a formerly trusted endpoint. To block this kind of behavior, today’s tools need to map the internal or lateral network movement so you can track down what PCs were compromised and neutralize them before your entire network falls into the wrong hands.

In addition to insider threats, data exfiltration is more popular than ever. Moving private user data, or confidential customer information, out of your network is the name of the game today. Look no further than Sony or Target to see the harm of making public some of their data as examples of what the EDR tool has to deal with now.

Many tools are using big data and cloud-based analytics to track actual network behavior. One of the reasons why the sensors and agents are so compact is that most of the heavy lifting of these tools happens in the cloud, where they can bring to bear big data techniques and data visualization to identify and block a potential attack.

The variety of approaches is stunning, and worth a closer look at these tools, to see if you can leverage one or more of them to better protect your endpoints.

iBoss blog: Understanding the keys to writing successful ransomware

Posted on by
Reply

It’s ironic that we have to look tothe authors of ransomware forexamples of some of the leading aspects of software engineering. And while what they are doing is reprehensible and criminal, they ply their trade with improvements in customer service, using the cloud to package their programs, and leading in understanding the psychology of their ultimate victims. With all this effort going towards developing malware, it isn’t that surprising that this category has become very adept at making money. Perhaps legit software vendors can learn from some of these experiences, while hopefully avoiding some of the darker forces. There are also some important lessons from these activities that IT folks can learn to help better defend their networks.

First, there is using the cloud. Several ransomware authors are making use of the cloud to deliver some of the key elements of their code. The malware authors deploy a NW Javascript library that appears harmless, but allows access to operating system functions to better control their target PCs. This ups the ante in terms of danger and also complicates efforts to protect such infected computers. A second aspect of using the cloud is how some ransomware samples download their initial infection from a series of shared Google Docs accounts, to try and make these sources more difficult to track.

But coding prowess is just one side of the ransomware effort. Another is the ability to exploit human psychology and social engineering.One group researching the underlying operations of Cryptowall found that the ransomware was advertising different pricing at different geographical locations. For instance, the US fee was several hundred dollars higher than the fees for countries like Russia, Mexico and Israel. This demonstrates that the purveyors of malware understand median incomes and will changes demands when their victim’s locale calls for it. If the ransom isn’t paid on time, it doubles.  This shows prior criminal experience and understanding of how we all think: act now to pay less!

Anotherpart of the underlying Cryptowall infrastructure is how it exploits the Bitcoin payment network, moving money from collector accounts until it’sultimately out of the network and presumably into the criminal’s own banks for final payment.

Finally, there is the built-in live chat support. Many legit apps and SaaS-based services now come with live operators who will enter into text chats with end users to help them solve any problems and answer questions on how to pay their ransoms. A ransomware sample called Jigsaw now offers this chat “feature” to better collect their ransoms from their victims. “By providing a human voice to go to and by making the process of paying the ransom easier, the purveyors of the new Jigsaw variant appear to be trying to convince users into paying up,” according to Trend Micro researchers that first uncovered the chat routine. Jigsaw also exploits some social engineering of its own, starting off by locking just a few files and then adding more to its encrypted repository if the victim hesitates to pay the ransom.

The malware authors offer “better support than [users] get from their own Internet service providers,” says Angela Sasse, a psychologist and computer scientist at University College London who isquoted in this Nature magazine article. She says that many of the victims of ransomware rave about the customer service and support they got to pay their ransoms.

All of this shows that ransomware is attracting more professional developers, as the funds collected from their malware efforts are also attracting more ill-gotten gains. It’s too bad that all this coding couldn’t be used for good rather than evil.

IBM SecurityIntelligence blog: Can You Still Protect Your Most Sensitive Data?

Posted on by
Reply

An article in The Washington Post called “A Shift Away From Big Data” chronicled several corporations that are actually deleting their most sensitive data files rather than saving them. This is counterintuitive to today’s collect-it-all data-heavy landscape.

However, enterprises are looking to own their encryption keys and protecting  their metadata privacy. Plus, there is a growing concern that American-based companies are more vulnerable to government requests than offshore businesses.

You can read more on IBM’s SecurityIntelligence.com blog here.

The death of the editor-in-chief

Posted on by
Reply

This piece was written for Sam Whitmore’s MediaSurvey, which is a subscriber-only site. I have reposted it with his permission.

We have come to the end of an era. It is time to retire a professional title that was significant role in my own life, that of the Editor-in-Chief or EIC. It now has little significance for those in online publishing, perhaps because the entire editorial department has collapsed into a single individual. As in, the EIC is also the copy editor, chief illustrator (thanks, clipart), social media promotions manager, and freelance manager. We might as well add the roles of lunchroom monitor and basketball coach too, for all that they matter.

To say that editorial operations have changed from back in the day when I was EIC at Network Computing in the early pre-web 1990s is an understatement. It is a completely different world. Look at some of the magazine mastheads from that era: there are dozens of roles that are historical curiosities now. It is like looking at the Dead Sea Scrolls. “Yes, sonny, back in my day we printed things on dead trees, and put them into the mail. And we walked five miles uphill to school too.” Who uses ordinary mail, and many kids learn online. Is there anything that the Internet can’t do now?

We had a significant editorial staff: some 20 people, some million or so dollars in annual salaries. Oh what fun I had back then. Not everyone wrote for the publication, but all contributed towards creating a solid editorial product every month. Remember art directors? Another job title that is headed for the scrap heap. Since then, I held other EIC titles and have run online publications with varying sized staffs, but never that big and for that much budget. Little did I know that my first EIC job was going to be the best of them.

Today we don’t have that luxury of having an editorial staff. If the EIC still writes their own stuff, they have a pressure to get it posted online within moments of the actual news event: how many posts on the Microsoft/LinkedIn deal did you read Monday morning, barely minutes after the acquisition was announced? You don’t have time to do a copy edit, or even check the facts, before you get something online.

Sure, there are pubs that have huge (by comparison) editorial staffs and probably still have EICs that can lay claim to the title, but they are by far the exception. Look how many publications Techtarget still has: Each one has a miniscule staff, with a lot of shared services. And I mean no disrespect for them; they are just an obvious example. When I was at EETimes back in the mid 2000’s, their print revenue was 10x or 20x their online revenue, and healthy revenue it was. Not so today. No one prints on dead trees anymore. It seems even silly to say so.

Now the current tech publishing model isn’t really about the articles. Instead, it is all about how you can pay the bills with other things: custom publishing and lead generation and conference sales – in other words, with everything but your actual editorial product. Who needs editorial product, anyway? Bring in the copywriters!

When I was last at ReadWrite, I ran a successful editorial effort with several full time editors and numerous freelancers. The company had just been purchased by an online advertising agency called, ironically, Say Media. Their first question: do you intend to still do copywriting for ReadWrite? Ahem, I didn’t realize that the rebel alliance had taken over. Or maybe it was the dark side of the Force, if I want to have the right Star Wars metaphor. Whatever, Say What? I didn’t last long as a “copywriter.”

Regardless of what the job I was doing was called, the problem is those golden words that I have written over the years used to be the crank that turned the cash machine on. It was words that got readers to open the pages, which in turn drove advertisers to plunk down thousands per fullpage ads. Thanks to the web, there are no more printed pages, and ad rates are down. Way down. If you the reader doesn’t click, we the writers don’t get paid.

But the web isn’t only to blame: that just started the process of decline of the EIC. What really killed him or her off was the very nature of the web publication itself has changed. When every article that I write lives or dies based on the clickstream, you are just a Google entry away from obscurity – or fame and becoming a viral meme. Nowadays the time that I spend promoting, tweeting, reposting, commenting, and cajoling and trying to find readers is just as much as the time spent interviewing, testing, researching and writing. Social media is the cart now driving this old workhorse.

So say farewell to the EICs, may they RIP. Soon we will take our place next to buggy whip operators in history. Please take a moment and honor their memory.

EventTracker blog: Should I be doing EDR? Why anti-virus isn’t enough now

Posted on by
Reply

Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just a few percent of the malware that is active these days. You need better tools, called endpoint detection and response (EDR), such as those that integrate with SIEMs, that can recognize errant behavior and remediate endpoints quickly.

I like to think about EDR products in terms of hunting and gathering. You can read more in my post in EventTracker’s blog this week here.