Tech Faceplant: Dropbox Infinite
Posted on by Beau AdkinsCategories Computer Security, Opinion, SecurityLeave a comment on Tech Faceplant: Dropbox Infinite

Dropbox Project InfiniteLast month, Dropbox pulled back the curtains on their next new major feature, titled “Dropbox Infinite”. However, the details about how they were going to implement this feature left the majority of the audience dumbfounded. This is another one of those occasions where tech companies make a decision against the outcries of their customers, and even in the face of that backlash, just chug happily along.

Dropbox Infinite sounds like a pretty cool idea. It would make your Dropbox storage area appear as its own drive in your OS. It’s an idea that few people would complain about. However, when Dropbox revealed that they would implement this with kernel mode extensions, people’s heads started exploding.

By implementing this in the kernel, it puts the user’s system security at much higher risk than if it were implemented in user-mode. When code runs in the kernel, it has complete system access. It can read, write, or delete any file. If malware gets a foothold in your computer’s kernel, then it’s no longer your computer. Any programming mistake in the kernel means the whole system crashes (the infamous Blue Screen of Death). For these reasons, users should be wary of every piece of code they allow to run there. A product like Dropbox, used to manage remote shared file backups, seems like a poor candidate for kernel level code. It would be like Microsoft announcing the next version of Internet Explorer will run primarily in the kernel. It would be the worst idea in the history of computing.

The Dropbox article mentioned an open-source project called FUSE, which could have been used to implement this in user-mode. But they scrapped that idea because it incurred an extra kernel-mode context switch which has performance implications. Like a commenter observed, the performance of a context switch is practically nonexistent compared to the cost of performing network operations with the Dropbox servers.

The article received numerous comments, which were mostly negative. A common theme in those comments was the hope that this feature was optional. Dropbox never clarified if this was mandatory or not. If they make it mandatory, it will be an enormous faceplant. It’s quite obvious that the users are not ready for it. Maybe one day they will be, but not today. Forcing it on users now will only hurt Dropbox.

Sadly, this sort of thing happens all the time. Tech companies come up with an idea that they believe their users will go gaga over. But when they announce it, it is met with vitriol. Instead of just admitting a mistake and scrapping the idea, they double down, and shove it down their users’ throats anyway. Think Windows Metro or Chrome removing support for plugins. Listen to your customers. If you announce a new product change that causes your customers to threaten to leave, its not too late to go back to the drawing board.

Light Point Security CEO Discusses Cybersecurity and Terrorism Prevention
Posted on by Beau AdkinsCategories Computer Security, Opinion, SecurityLeave a comment on Light Point Security CEO Discusses Cybersecurity and Terrorism Prevention

Zuly Gonzalez discusses cybersecurity and terrorismLight Point Security CEO, Zuly Gonzalez, was interviewed on the Emmy Award winning Live TV show Fresh Outlook, which aired on Saturday April 2, 2016 at 2pm ET. Fresh Outlook is a weekly talk show that airs every Saturday Live, and examines a variety of topics and current events.

Zuly discussed Apple vs the FBI, encryption, terrorism, and how to protect yourself from cyber threats, among other topics. For example, she was asked why if less skilled adversaries are able to hack into devices, does the FBI with all of the resources at their disposal have such a hard time getting into the encrypted iPhone of one of the San Bernardino terrorists. Zuly talked about how not all things are equal and that a combination of skill level and protection mechanisms must be taken into account when comparing successful and unsuccessful attacks. She also discussed the importance of the data being protected and how consumers should also value their data. Zuly also touched on the irony of Apple asking the FBI for help in strengthening their protections.

It was an informative segment with several other security experts on the panel. The segment is below for your viewing pleasure.

The Use of Booth Babes – a Marketing Tactic Past Its Prime
Posted on by Zuly GonzalezCategories OpinionLeave a comment on The Use of Booth Babes – a Marketing Tactic Past Its Prime

Please welcome Joanie Nelson! Joanie is our Marketing Assistant and since this is her first post on the site I thought I would give her a proper welcome. You’ll be seeing more posts from Joanie in the coming weeks.

There have been discussions among security professionals over the last week on the practice of using booth babes at tradeshows to attract foot traffic. We’ve also been discussing the issue internally and I asked Joanie to share her thoughts in a blog post. What follows is her post.

The number of booth babes at RSA is too damn high

The concept of “booth babes” has been around since 1967, when the first Consumer Electronics Show was held in New York City. Back then, they were known as “CES Guides,” a title that has been replaced with a less discerning one, “booth babes.” Since then, the marketing ploy has drifted into other technology trade shows and events, such as RSA.

Chenxi Wang, Ph.D., is the VP for Market Intelligence at Intel Security. She and many others are tired of this “old school” practice and she wants change. Tired of seeing booth babes year after year show up at the RSA conference, this year in particular, she was wholly turned off by the booth babes. After a year of controversial stories and news directly affecting the security sector, she was surprised to still see booth babes. She took to her blog, where she states her case for why booth babes need to go. Instead of the yearly rants and commentary on the presence of booth babes, she wants actual change. For women who are wanting to enter IT (like myself) and for future generations of girls, changing the dialogue could represent a powerful change in dynamic.

The security industry is dominated by men, something that is widely known. The purpose of these conferences is for companies to show off their new products and solutions. In 2014, the norm for conferences and trade shows should be to focus on the product and not market to majority using booth babes. At what point do companies realize they aren’t promoting their brand, but they are hurting their brand when they objectify a gender.

Winn Schwartau made his opinion known last year after the 2013 RSA Conference, where he states that he is, “offended that vendors can come up with amazing technologies but still find it necessary to resort to tickling the male amygdala to attract traffic to their booths.” He also states what is probably a more popular thought on this marketing technique in the security sector, is that most people are more interested in the technology and don’t want to see scantily clad women at booths.

Moreover, using these booth babes to draw in people, often brings the lower level professional, who isn’t there to buy services, but to check out the booth babes. Spencer Chen noticed this, when he put the booth babe marketing tactic to use. He found that his theory that booth babes don’t bring in more deals, leads, or foot traffic to be true.

For the security industry, it’s fair to say that most professionals want to be impressed by the technology. They want to know more about it and in detail. When wanting to know how a product can help protect your business or interests, who can take a woman in platform shoes and barely there clothing very seriously? In fact, it’s fair to assume most security professionals at RSA or another technology event would see through this kind of marketing and wonder what’s wrong with this product that they put it behind booth babes and not market it for a more technical oriented crowd; a crowd intelligent enough to see through the booth babes.

The bottom line on booth babes is they don’t add value to a booth. The focus should always be on the product. Attention should never be taken away from the brilliance of a solution. Staffing knowledgeable people, whether men or women, should be priority for companies who want to sell their technology to people who understand technology.

FOSE 2011 Government IT Conference – My Thoughts
Posted on by Zuly GonzalezCategories Events, Opinion, SecurityLeave a comment on FOSE 2011 Government IT Conference – My Thoughts

FOSE Government IT Conference logoI attended the 2011 FOSE Conference and Exposition, which was held July 19 – 21 at the Walter E. Washington Convention Center in Washington DC. This is a summary of my overall experience.

What Is FOSE?

FOSE is a government Information Technology event hosted in DC every year that features IT products and services, and provides education on the latest IT trends. FOSE brings together federal, state, and local governments with industry partners to share experiences and evaluate new solutions.

FOSE offers a free exposition, as well as a paid conference portion. At the free expo there were over 250 vendors demonstrating their latest products and services. In addition to the vendor exposition, the conference portion also included educational tracks and conference-only keynotes. The four conference educational tracks were:

  • Cybersecurity, Network Defense, and Information Assurance: Strategies and technologies for protecting government information systems and the data that moves across them.
  • Information Management and Collaboration: Ways that new tools and approaches are improving enterprise-wide and federated decision making.
  • Next-Generation Infrastructure Strategies: Infrastructure strategies from desktop virtualization to cloud computing and everything in between.
  • Enabling the Mobile Government Workforce: Harnessing mobile web apps, social media and emerging wireless technologies for more effective government.

I attended the cybersecurity track. The two conference keynotes were:

  • Operation Trident Breach- Lessons Learned from FBI Global Cyber Crime Arrests: Representatives from the FBI, Metropolitan Police in the UK, Cyber Crime officials from the Netherlands and the Ukrainian Security Service explained their multi-year Zeus malware investigation which led to the arrest of over 100 criminals in the United States, United Kingdom, Moldova and the Ukraine on a variety of cyber related, money laundering, fraudulent passports and identify theft crimes. Additionally, they presented Open Source intelligence techniques used in investigating the network of financial crime based on the Zeus trojan.
  • The Federal IT Agenda in 2012: This presentation provided perspectives and insights to fellow CIOs, CISOs, and IT/Network managers in government about the direction of cyber security, data center consolidation and the move to cloud computing within agencies and what lessons there are to be learned.

My Thoughts on FOSE 2011

Zuly Gonzalez at FOSE 2011 Government IT ConferenceThe Good

From the conference tracks, to the keynote presentations, to the vendor exhibits, there was a lot going on at FOSE – more than one person could do at any given time.

I was impressed by the quality of some of the free sessions at FOSE. They offered four free keynote presentations, free workshops, free education sessions, and free vendor exhibits. I didn’t attend all of the free sessions since I registered for the paid conference talks, but of the ones I attended, most were fairly good. For instance, Steve Wozniak, co-founder of Apple, was one of the free keynote speakers this year. Steve talked about fostering creativity and innovation in any environment (including big enterprises), and shared his view on the revolution under way in mobile computing. It’s not everyday that you get to hear someone of that caliber speak in person. Other keynote speakers included General James E. Cartwright, Vice Chairman of the Joint Chiefs of Staff, and Dr. David McQueeney, Vice President of Software at IBM Research.

Of the paid conference sessions, some were really good, and some were just OK. I really enjoyed the Operation Trident Breach presentation where law enforcement officials discussed their multi-year Zeus malware investigation that led them to organized crime around the world. They discussed how Zeus was propagated, and how they used Facebook to identify some of the criminals.

Another interesting presentation was Mitigating the Next Stuxnet. In this presentation they discussed the history of the Stuxnet worm, how Stuxnet could have been mitigated, and steps the government can take to prevent cyber attacks of this magnitude.

I’ll summarize these presentations in future blog posts.

The Bad

The thing that stood out the most for me was how unorganized the event was. I wasn’t given any information when I registered other than where to go to pick up the agenda. When I did ask the onsite personnel a question, they weren’t able to help me. They were nice, and tried to be helpful, but for some reason even the onsite personnel were left in the dark. It turned out that registration was in one place, the agenda was handed out at a different place, and the conference swag was handed out at a third place. Now why these three things couldn’t have been handled in one place, I don’t know, but I do know it was a stupid way to set things up, especially when the attendees aren’t even told that this is the process.

One other minor, though understandable, annoyance was that every time I went into one of the conference talks, there was someone there policing the entrance and checking for badges. I understand the need to do this, but it was a bit annoying. It’s akin to having to show your receipt when leaving Wal-Mart.

Conclusion

Despite these issues I would consider attending the free expo portion next year. For one, since I have experience with the event now, I’ll be better prepared for next year. Second, it’s always interesting to see what new products and solutions are available, especially in the cybersecurity arena. Plus the expo is free, so there’s not a whole lot to lose, although parking in DC can get expensive (you could pay as much as $75 in parking for the 3 days). Lastly, in addition to the vendor booths at the expo, FOSE also offers free educational workshops and free keynote talks.

Will I attend the paid conference portion next year? I don’t know. It’ll depend on the topics and speakers.

FOSE Resources

I plan on summarizing a couple of the FOSE talks in future blog posts, but for the time being, take a look at these links.

Some of the FOSE talks were recorded, including Steve Wozniak’s keynote. You can view them here. In addition, some of the PowerPoint slides have been made available. You can find the slides here.

Did you attend FOSE? Have you attended in previous years? What did you think of it? What was your favorite part? Will you consider attending FOSE next year?

Why Are There so Few Minority Owned Startups?
Posted on by Zuly GonzalezCategories Opinion, Startups13 Comments on Why Are There so Few Minority Owned Startups?

The question, Why are there so few minority owned startups?, came up on a startup Q&A site I participate on. The question stemmed from a study by the Center for Venture Research that stated:

Minority angels accounted for 2% of the angel population and minority-owned firms represented 6% of the entrepreneurs that presented their business concept to angels. The yield rate for these minority-owned firms was 19%, which for the fourth straight year is in line with market yield rates. However, the small percentage of minority-owned firms seeking angel capital is of concern.

I started to write an answer to the question, and then decided to turn it into a blog post. Here it is.

African Americans in business meetingMy Perspective

I’m a “double minority” – a Hispanic female.

There are very few females and Hispanics in the tech startup world. Not only are there few women and Hispanic startup founders, there is a lack of them in the startup scene in general. I have wondered about this a lot. I’ve thought about all the usual reasons people say there is such a lack of minority owned startups, but none of these reasons made much sense to me. Then about a month ago, it finally dawned on me. It’s the culture.

The Answer – Culture

There are some cultures that are more entrepreneurial than others. That’s just the way things are. For instance, Indians are considered a minority, yet they tend to be very entrepreneurial. The same can be said for other Asian cultures. So the general minority tag doesn’t work here. Instead we need to separate each of these minority groups and look at them independently. What you’ll find is that certain groups/cultures are more business minded than others.

Hispanics and African Americans tend to be less entrepreneurial than Whites. Why? Because of the difference in cultures. The real issue comes from within the culture itself, and has little to do with external factors (contrary to what many believe). Unfortunately, culture is an intangible, which makes it hard to point to specific notions within each culture that contribute to being one way or the other. The best I can think of is to look at what kind of behaviors are encouraged within each culture. Starting your own business is not something that is encouraged in all cultures.

So my opinion is that this really isn’t a problem. It’s perceived as a problem by many entrepreneurs, because we think this is the road to happiness, but it’s not really a problem. It only becomes a problem when there is a big percentage of minorities that want to start a tech business, but can’t. However, the reality is that a majority of people in certain groups just aren’t interested in tech startups. And of the small percentage that are interested, their success rate seems to be in line with non-minorities.

In fact, the quote from the study backs up my suspicions:

The yield rate for these minority-owned firms was 19%, which for the fourth straight year is in line with market yield rates.

How to Increase Minority Owned Startups?

Asian business teamSo, what can we do to increase the number of minority owned startups? The answer is not much.

I don’t think our society is doing anything to discourage minorities from starting their own business. In fact, there are already plenty of programs in place to encourage the growth of minority owned businesses. For example, when contracting work, the US Government will give preference to minority, or disadvantaged as they call them, owned companies when applicable.

There’s a delicate balance between ensuring that there are enough programs in place to guarantee that those in “disadvantaged” groups that want to start their own company can, without creating a situation where better candidates from the “non-disadvantaged” group are getting turned down simply because of their race. In essence we would be doing the same thing we are trying to prevent, but to a different group of people.

We are all different, and that’s what makes this world such a great place. Some people have no desire to start a business, and that’s perfectly fine. Starting, and running, a business is a lot of hard work, it’s stressful, risky, and it’s not for everyone. And to be honest, entrepreneurs can’t succeed without those people that are happier in the role of employee than CEO. So let’s thank them for their support, and help them achieve their definition of success, not ours.

I believe we should do what we can to help those that want our help, regardless of race, color, religion, etc. Those that come from historically non-entrepreneurial cultures may need more help – because of the innate aspects of that culture – and we should be willing to give them that extra bit of help. But we shouldn’t force our idea of success onto those with different beliefs. In the end it’s about being happy, and different things make different people happy.

So, what do you think? This is my opinion based on my personal experiences as a minority. Do you agree, or disagree, with my hypothesis? I’m very interested in this topic, and would love to hear your thoughts and perspectives in the comments below.

How to increase minority owned startups?So, what can we do to increase the number of minority owned startups? The answer is not much.

I don’t think our society is doing anything to discourage minorities from starting their own business. In fact, there are already plenty of programs in place to encourage the growth of minority owned businesses. For example, when contracting work, the US Government will give preference to minority, or disadvantaged, owned companies when applicable.

There’s a delicate balance between ensuring that there are enough programs in place to guarantee that those in disadvantaged groups that want to start their own company can, without creating a situation where better candidates from the non-disadvantaged group are getting turned down simply because of their race. In essence we would be doing the same thing we are trying to prevent, but to a different group of people.

We are all different, and that’s what makes this world such a great place. Some people have no desire to start a business, and that’s perfectly fine. Starting, and running, a business is a lot of hard work, it’s stressful, risky, and it’s not for everyone. And to be honest, entrepreneurs can’t succeed without those people that are happier in the role of employee than CEO. So let’s thank them for their support, and help them achieve their definition of happiness, not ours.

Microsoft’s “To The Cloud” Commercials Are Embarrassing
Posted on by Beau AdkinsCategories Opinion3 Comments on Microsoft’s “To The Cloud” Commercials Are Embarrassing

Face PalmSomeone please tell Microsoft what the cloud is… this is getting embarrassing. Have you seen the “To The Cloud” commercials? They all loosely follow the same formula. Someone is faced with a problem, they say “To The Cloud” and then they show you a Microsoft product that solves their problem. My issue is that none of the solutions they use have anything to do with the cloud.

Read more “Microsoft’s “To The Cloud” Commercials Are Embarrassing”

Categories
Archives