Server hacking techniques

(This is a post corresponding to Chapter #8 "Electronic commerce" textbook about web server hardware and software)

In todays world, where almost everything is on servers it is important to know not only how to use, configure and manage them, but also how to secure them, and which are the methods a server could be compromised.

There are multiple reasons why a webserver gets compromised or hacked, one of the major reason is installing the webserver with default and lack of updates and weak passwords.

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.This is one of the most used methods.

There are two general forms of DoS attacks: those that crash services and those that flood services. Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.
A DoS attack can be perpetrated in a number of ways.  Popularly, the attacks are divided into three classes:

1. bandwidth attacks,
2. protocol attacks,
3. logic attacks

Address Resolution Protocol (ARP) spoofing, also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP Spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The attack can only be used on networks that actually make use of ARP and not another method of address resolution.

Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the "ping" command from unix-like hosts (the -t flag on Windows systems has a far less malignant function). It is very simple to launch, the primary requirement being access to greater bandwidth than the victim.

Peer-to-peer attacks
With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a "puppet master," instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead

Keyloggers And Trojans

If A hacker can manage to install a trojan or a keylogger on administrator's computer then, the malicious hacker can easily capture the credentials

DNS Cache Poisoning Attack

If a hacker can manage to insert fake address records for a domain name into DNS server and can make the webserver accept the fake address record then the hacker or intruder can easily control your browser, This attack is extremely dangerous as it happens without the users knowledge

How Egypt lost its Internet connection

(This is a post corresponding to Chapter #2 "Electronic commerce" textbook about the birth of the Internet, concepts and protocols)

@politisite: The world has indeed changed.. when demands are not for food or shelter but Twitter and facebook #egypt

This is a twitter post from several days concerning the unprecedented attempt of the Egyptian government to block the Internet from 27 January 2011. They successfully blocked the social media sites - Twitter, Facebook, and limited access to Yahoo and Google, Youtube.

According to Jillian York, a project coordinator at Harvard University's Berkman Center for Internet & Society, "The government does not have a central control point for the Internet, which means it must rely on being able to force ISPs to comply." Which is exactly what happened.

The easiest way to disconnect a country from the Internet is to cut the cables that leave the country. Egypt has a bunch of sea cables that go across the Mediterranean to Italy, and a few others that visit other Mediterranean destinations. Other cables run through the Red Sea towards east Africa and in the direction of India and beyond. But actually the fiber backbone that runs under the sea and across Egypt for international traffic seems unaffected. So something else happened. It should be noted that Egypt has only 4 major ISPs.

Renesys, an internet security firm based in Manchester, N.H., has observed that nearly all of the routes to Egypt were simultaneously withdrawn, starting at about 5 p.m. Eastern Standard Time Thursday night and 12:34 a.m. in Egypt. "Approximately 3,500 individual BGP routes were withdrawn," the company wrote, "leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers."
A chart prepared by RIPE provides a glimpse at how Egypt's network went dark, shutting down 90% drop in data traffic to and from Egypt. Egyptian authorities are also reported to have stunted net access by shutting down official Domain Name Servers (DNS) in Egypt.

Renesys also noted that the only unaffected was Noor Group, which had 83 live routes, and which supports the Egyptian Stock Exchange. According to the article, this is an excellent planning on behalf of the Stocke Exchange, which was probably left online in order to continue work on 31 January.
Renesys reported: "Our new observation is that this was not an instantaneous event on the front end; each service provider approached the task of shutting down its part of the Egyptian Internet separately.
• Telecom Egypt (AS8452), the national incumbent, starts the process at 22:12:43.
• Raya joins in a minute later, at 22:13:26.
• Link Egypt (AS24863) begins taking themselves down 4 minutes later, at 22:17:10.
• Etisalat Misr (AS32992) goes two minutes later, at 22:19:02
• Internet Egypt (AS5536) goes six minutes later, at 22:25:10.

First impressions: this sequencing looks like people getting phone calls, one at a time, telling them to take themselves off the air."

After Egypt fell of the grid, the world saw a new way of activism - offering dial-up connections to people so they can connect and to continue informing the world through social media, pictures, videos, and to organize the protest online. Here are some examples:

Today (01/02/2011), the internet access was resumed and according to renesys blog post all major Egyptian ISPs looked like they readvertised routes to their domestic customer networks in the global routing table:
________________________________________

Update (13:36 UTC): We confirm that Facebook and Twitter are up and available inside Egypt, at least from the places we can monitor. No traffic blocks are in place, DNS answers are clean, IP addresses match,
no funny business. For now.
________________________________________

Resources:
http://www.computerworld.com/s/article/9206980/Egypt_s_Internet_block_aims_at_social_media
http://www.bbc.co.uk/news/technology-12306041
http://www.zdnet.com/blog/networking/the-internet-goes-dark-in-egypt/613
http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml

To launch a game changer

Thomas Friedman in his book "The world is flat" explains about the ten flatteners of the world. He also mentions the axis that changes the world - the fall of the Berlin Wall, the rise of the PC, Netscape...

Netscape had one of the most amazing deployment strategies sin the industry. Netscape Navigator was based on the Mosaic web browser, which was co-written by Marc Andreessen and Jim Clark. Clark believed that the Mosaic browser had great commercial possibilities and provided the seed money.
On 13.10.1994 Netscape announced that it would make Navigator available without charge to all non-commercial users. Netscape's initial corporate policy regarding Navigator is interesting, as it claimed that it would make Navigator freely available for non-commercial use in accordance with the notion that Internet software should be distributed for free.

However, two months later, Netscape apparently reversed its policy on who could freely obtain and use version 1.0 by only mentioning that educational and non-profit institutions could use version 1.0 at no charge.

The versions were available for free download with boxed versions available on floppy disks (and later CDs) in stores along with a period of phone support. Email support was initially free, and remained so for a year or two until the volume of support requests grew too high."

When the consumer Internet revolution arrived in the mid-to-late 1990s, Netscape was well positioned to take advantage of it. With a good mix of features and an attractive licensing scheme that allowed free use for non-commercial purposes, the Netscape browser soon became the de facto standard, particularly on the Windows platform.The media hype deffinetely helped to estabslish its leading position. Of course it became even more renowened for the on-the-fly display of web pages,where text and graphics appeared on the screen as the web page downloaded. During the 1990s, important new features included cookies, frames, and JavaScript (in version 2.0).

According to Wikipedia, the browser remained the market leader with more than 50% usage share. Industry observers confidently forecast the dawn of a new era of connected computing. The underlying operating system, it was believed, would become an unimportant consideration; future applications would run within a web browser. This was seen by Netscape as a clear opportunity to entrench Navigator at the heart of the next generation of computing, and thus gain the opportunity to expand into all manner of other software and service market.

During that time Microsoft entered the market, using the code from Spyglass to create Internet Explorer. Microsoft's browser were thought by many to be inferior and primitive when compared to contemporary versions of Netscape Navigator. With the release of IE version 3.0 (1996) Microsoft was able to catch up with Netscape competitively. In the meantime the 4.0 version of Netscape became crashy and buggy, helping the demise of the browser. Important factor was the entrance of other open-source browsers and the deal between Microsoft and Apple, that the latter will use IE as the default browser in Mac OS for Macintosh.

In March 1998, Netscape released most of the code base for Netscape Communicator under an open source license. The product, Netscape 5, used open-source community contributions, and was known as Mozilla, Netscape Navigator's original code name.

Resources:
Friedman, Thomas.The World Is Flat: A Brief History of the Twenty-First Century.2007
Netscape Navigator. (2010, December 5). In Wikipedia, The Free Encyclopedia. Retrieved 04:45, December 8, 2010, from http://en.wikipedia.org/w/index.php?title=Netscape_Navigator&oldid=400669043

Virtual teams and trust

The advent of the Internet has provided new opportunities for collaboration thought impossible just a few years ago. The term ‘virtual organization’ (VO) has been coined to show the way that technologies enable collaborators to work together in ways that parallel membership of a common institute. But the concept actually is more flexible. It might, for example, represent a formal entity associated with sharing of resources, with quality-of-service agreements and access control policies, but more generally the virtual organization is an expression of a task-oriented collaboration between members of geographically distinct institutes ("New tools to support collaboration and virtual organizations").

Due to the ever increasing trend towards globalization, virtual teams are becoming essential to enhancing a company's competitive advantage.  With the shift towards more decentralized organizational structures, companies are beginning to utilize the vast availability of individuals with high specialization and experience. This helps companies not only attain organizational goals and expand their financial success, but creates more opportunities for employees to advance their personal careers and also transform the future of any type of business.

One disadvantage of a virtual team stems from the improper use of communication channels and mediums (Piccoli, 2004). When using e-mail, chat, and other similar technologies, the richness of communication suffers because nonverbal communication is lost, making the development of a team much more difficult. This problem is magnified when dealing with individuals from multiple cultural backgrounds, which can create communication barriers and fault lines that impede the development of interpersonal relationships. Another disadvantage of virtual teams is their reliance on technology. Any type of malfunction with the technology being used will inhibit the team’s ability to interact, making it almost impossible to complete any task at that time. Additionally, communication lags are inevitable and unavoidable, further preventing the team from performing efficiently because information sharing becomes tedious (Piccoli).

One of the most important things with VO or VT is to select the right tools and technology. Find tools that foster communication and trust. It is important to ensure all team members are on the same page about what is happening in the organization as well on their dedicated projects. Social networking tools make it easy to keep the lines of communication open at all times, building deeper relationships and lessening isolation among geographically dispersed peers. The newness and social aspects of online tools can be exciting, however, it’s important to determine standards and protocols as to how and when your team will use social networking tools.When selecting the right tools, ensure they meet the needs of the diverse individuals who will use them. Do these tools assist in solving some of the typical challenges for virtual team members, such as adjustments to differing time zones, cultures and languages? For companies to grow, they must now rely on Internet collaboration and emphasize individual contributions. It is important for team members to control the brainstorm process, share research and generate new ideas online. Using social networking tools could help capture personal observations, invite comments from other team members and distribute new knowledge.

Many online teams communicate through a variety of online products such as Dimdim Online Collaboration, GoTo Meeting, Huddle, Vyew Instant Workspace, and Nomadesk, WebEx. Although the products provide ways to communicate, each varies in popularity and use, privacy and security, cost, technology, and training. Social networking sites also integrate many tools that are very useful for collaboration, unfortunately it is not practical to use many of the popular social network sites such as Facebook, or even Nature Network (a social networking site for scientists) for scientific collaboration.

One of the most important factors for virtual team will be TRUST. According to Fukuyama the culture of trust as the source of spontaneous sociability allows enterprises to grow beyond family into professionally managed organizations. Trust is the elixir of group life—the belief, or confidence in a person or organization's integrity, fairness, and reliability. This faith comes from experience, however brief or extensive. The importance of trust cuts across a team's life cycle. As trust accumulates—in teams, corporations, communities, and nations—it creates a new form of wealth. In the Network Age, human, social and knowledge capital are as potent a source of value as land, resources, skills, and technology. Trust will be one of the main ingredients in the future VT and the success of the innovative project from dispersed group members. 

One example could be Valent Software. The CEO lived in Massachusetts, the president worked from Utah, the engineering team was based in Ohio, and a few others worked out of their homes. Yet, while Valent Software’s ten employees never really co-located, they were able to sell their $700,000 investment and three years of work for $45 million to a major web portal.

Nowdays it doesn't really matter for tech startups where the geographical location of their employees are. Just check this article

Thefutureofwork

View more presentations from hartog.

Business Strategy Innovation Diamond

Product innovation is the engine that drives growth and prosperity for many companies . At the same time is one of the most difficult undertakings of the modern corporation. What is the reason that some companies were successful at developing and launching new products on the market even though product life cycle gets shorter, while others have had more than their fair share of failures and gone bankrupt. Professor R.G.Cooper and his partners conducted a research into around 2,000 projects and 500 companies. This research has addressed two main questions:

1. How successful and profitable are the companies new product efforts?
2. Are certain product development practices connected to success and profitability?

Best practice research has uncovered a common theme in organizations that excel at product innovation. Four key areas of best practice stand out as common denominators: product innovation and technology strategy; portfolio management – both strategic and tactical; idea-to-launch new product development process, and the right climate and culture for innovation. These four performance drivers comprise the Innovation Diamond.

The best-performing companies (the top 25%) turn 78% of their new products into money-makers. The best companies also execute their projects much faster and more efficiently. They have a much higher proportion of projects completed on time.

Measuring product development performance and practices is one of the most important best practices. But unfortunately it is also one the weakest areas according to Cooper’s research because most companies don’t measure and don’t know how well (or poorly) they are doing.  Almost a third of the companies do not measure systematically measure their product success rate or adherence to budgets and time schedules for individual projects and for the company as a whole. Post-launch reviews are not done or poorly done in most businesses. Also new product development project teams are typically not accountable for the business-performance results of their projects.

It was discovered that many senior managements do not keep score in NPD (New Product Development) – overall NPD results are not measured and new product results are typically not part of senior management’s personal objectives or reward systems. Furthermore most companies do not measure how well their product development process is working.

The BSID focuses your organization on making sure that the policies support the strategy, that the processes facilitate the policies, that the systems enable the processes, and the reporting measures the execution of the strategy. Not focusing on the BSID (Business Strategy Innovation Diamond), may result in just BS instead of strategic innovation.

 

Resources:  

Stage-Gate.EU

Business Strategy Innovation 

http://www.prod-dev.com/videos.php

Organizing for innovation with open innovation

There are different opinions considering the structure of the organization and the likelihood of innovation, the level of creativity and experimentation. Some researchers support the view that the bigger the firm, the better the chance for innovation, because they could accumulate more money for R&D. It also helps with developing competences and wide range of innovation projects to choose from. In the same time - big firms have bigger bureaucratic system, thus hindering flexibility and entrepreneurship. 

Centralization was the best managerial method long time ago, but still some organizations are happy with this kind of set up. Recently, most organizations are transforming from centralized organization going through a multi-divisional set up to reach a loosely-coupled network form (Scott, 2003). The change brought by knowledge economy and information systems changes the organizations and their views toward innovation. New terms such as virtual organizations, network organizations, modular organizations are used more and more.

And what does it take to organize for innovation?

Ø  imagination

Ø  thinking outside the box

Ø  willingness to take significant risk

Ø  accept failures

Ø  openness to the new and untried

Ø  slack resources to generate and develop ideas

John Roberts, professor of economics, strategic management, and international business at Stanford Graduate School of Business says: "... firms must develop multiple business opportunities, and to continue to grow and survive they must do this on an ongoing basis".

But there is something new more and more leading companies embrace: open innovation.  Henry Chesbrough says that  “Open innovation is a paradigm that assumes that firms can and should use external ideas as well as internal ideas, and internal and external paths to market, as the firms look to advance their technology.”

There are many examples from a variety of industries, including:

TELECOM: BT (formerly British Telecom) – link

CONSUMER ELECTRONICS: Philips – link

CONSUMER PRODUCTS: P&G – link

PHARMACEUTICALS: Novartis – link

CHEMICALS: Air Products – link

IT HARDWARE: Sun Microsystems – link

FOOD AND BEVERAGE: Starbucks – link

COMPUTERS: DELL – link

US GOVERNMENT – link

In an interesting article on how Procter & Gamble is using “open innovation” to develop new products and drive growth, Stefan Lindegaard gets in to specifics on how the giant soap company puts ideas in to action. This is good, because a lot of the talk about innovation can be overly abstract.

Here is some of what P&G does:

-          They seek out ideas in 85 different networks and over 120 universities, and 75 percent of the searches result in “viable leads”

-          They have a website in five languages to encourage unsolicited submissions

-          More than half of their innovation is sourced externally

Elsewhere, Lindegaard writes of how P&G sees the future of open innovation. They also see the wisdom of crowds playing a part where consumers and communities will be tapped for ideas. He says: "There will be a tremendous amount of innovation in and from developing regions which is driven by population as well as capability growth in countries such as India, China and Brazil."

Open Innovation - global trends and examples

View more presentations from Jose Claudio Terra.

Copyright is failing in 21 century

Several years ago the EU commission decided to reconsider the copyright law in the information society.  The commission even talked about copyright in the knowledge economy.  One thing remains essential - the copyright law is not in touch with the changes produced by the technology innovation.

The origin of copyright law in most European countries lies in efforts by the church and governments to regulate and control printing, which was widely established in the 15th and 16th centuries. Before the invention of the printing press a writing, once created, could only be physically multiplied by the highly laborious and error-prone process of manual copying by scribes.  Printing allowed for multiple exact copies of a work, leading to a more rapid and widespread circulation of ideas and information.

Later on the governments of different countries gave licenses to printers and publishers to print certain materials (example: Stationers' Company in Britain). In pre-revolutionary France all books needed to be approved by official censors and authors and publishers had to obtain a royal privilege before a book could be published. Royal privileges were exclusive and usually granted for six years, with the possibility of renewal. Over time it was established that the owner of a royal privilege has the sole right to obtain a renewal indefinitely. In 1761 the Royal Council awarded a royal privilege to the heirs of an author rather than the author's publisher, sparking a national debate on the nature of literary property similar to that taking place in Britain during the battle of the booksellers(information from Wikipedia).

Because the incentives given by the early copyright law, printers and publishers were essentially patrons of art, spurring the development of literature and creative works.

Now, fast forward to the end of the 20th century, when the copyright law said that a work is under a copyright until the death of the author plus from 50 to 70 years after the death of the writer. If in the beginning the copyright played essential role in funding art and creativity, now it stops and prevents people from using works that should be in the public domain, spurring new creativity from existing works.

See the DRM (digital rights management) - it tried to use old approach for copyright protection in the new digital era, failing miserably. It was hacked so fast, it is an old joke right now. I am sure that every time a company decided to hinder creativity by closing platform/work or whatever there would be people who will hack it, thus making it possible for innovation. Cause you see - innovation is putting old materials/ knowledge in new and creative way. Nothing comes from thin air - and if the previous stuff are under protection of copyright law, invention would be decreased or put in a box - the way companies want to use their product, their work.  If copyright law covers such a large chunks of information and for such a long time, it will hinder the creativity for the future generations to rip, mix, and burn (as Lessig puts it).Generative system is what we need, and for it we need completely new law - take creative commons for example. Many people were skeptics that it will not work, because people would never choose to pay for something that is offered for free. But this is proven not to be true.

Besides copyright law you can choose between:

1. Creative commons: several copyright licenses that allow the distribution of copyrighted works. The licenses differ by several combinations that condition the terms of distribution.

2. Copyleft - is a play on the word copyright to describe the practice of using copyright law to offer the right to distribute copies and modified versions of a work and requiring that the same rights be preserved in modified versions of the work. In other words, copyleft is a general method for making a program (or other work) free, and requiring all modified and extended versions of the program to be free as well.

3.  GNU General Public License is a free, copyleft license for software and other kinds of works

Some examples: 

Text Novels; a revolution in publishing!

View more videos from Ed Celis.