Showing posts with label Viruses. Show all posts
Showing posts with label Viruses. Show all posts

May 12, 2018

Beautiful Virus, Huh?

So this is an image of the Tobacco Mosaic Virus.

Yeah, I never heard of it either. 

It is a virus that attacks and destroys tobacco and other plants. 

Viruses are ugly and evil in that they hurt and kill other living things

Yet in looking at this molecular image, I seriously hate to say it, but it is also beautiful in a way. 

The shape, color, complexity--the design and wisdom embedded in it--what can I say, but even this too is a miracle. 

Sure, it would be better in a mortal sense if there were no viruses to make us suffer and literally eat away at us. 

Yet, surely G-d has a plan even for these nasty virus molecules.  

Do they help us gain immunity to even worse diseases?

Do they help us to use ingenuity to discover, fight, and evolve to withstand their attacks and progress our society in larger ways?

Do they help us learn however horribly to turn to G-d, strengthen ourselves, and somehow try to cope with suffering and loss in life and death.

All sickness is unbelievably horrible and the suffering it causes is truly impossible to understand, and G-d should please, please have mercy on us. 

Yet, looking at this molecular image of even this virus, there is something comforting in the supreme intelligent design and creation of it all.  ;-)

(Source Andy's photo of image by Visual Molecular Dynamics)
Share/Save/Bookmark

May 10, 2016

Creative Washing Sign

Ok, this is not your typical handwashing sign.

Usually these signs that are mandated by health regulations in food establishments remind employees to wash their hands before returning to work.

Of course, given all the Clostridium, E. coli, Hepatitis, Listeria, Norovirus, and Salmonella out there, we know that unfortunately many food workers are not following these instructions very well...yes, yuck!

Here, someone "sanitized" the sign, and rubbed out the "h" and the top part of the "d" in hands and left the crude word, "anus." 

Now employees must wash not their hands, but their anus (does that help in food preparation?)!

Perhaps, whoever did this are lobbyists for some sort of bidets in this country. 

Given all the political crap that goes on around this town, this may be a very good idea. ;-)

(Source Photo: Dannielle Blumenthal)
Share/Save/Bookmark

August 15, 2014

The Ebola Bomb {^}

Ebola is the "one of the most virulent microbes" to mankind--there is no known cure and it has a 90% mortality rate. 

The death toll from the current outbreak of ebola in West Africa has now hit 1,145.


And according to the U.N. Health Agency, the number of deaths are "vastly underestimated."


Already, as of two weeks ago, more than 100 health workers had been infected. So who is going to care for the infected and sick, when the medical professionals themselves are sick and dead? 


According to the World Health Organization, Ebola is spread by "direct contact (through broken skin or mucous membranes) with the blood, secretions, organs, or other bodily fluids of infected people, and indirect contact with environments infected with such fluids."


However, as frightening and deadly as ebola is as a disease that spreads and must be contained, what is even more terrifying is that there are those who believe that terrorists may try to harness it into a dirty bomb.


CBS reports that a disease expert from Cambridge University says that "A bigger and more serious risk is that a [terrorist] group manages to harness the virus as a power, then explode it in a bomb in a highly populated area."


A biological bomb like this "could cause a large number of horrific deaths," and would further spread the disease--and until it stops, no one knows. 


Visiting any number of local doctors offices, emergency rooms, or hospitals that are already filled with patients and with lengthy wait times to be treated, I cannot imagine what an Ebola (type) outbreak would look like.


I hope and pray we never find out the suffering, death, and havoc something a virus like this would cause--whether transmitted through human-to-human contact or by one of the dirtiest, sickest bombs you could imagine. 


(Source Screenshot: here with attribution to Unicef)

Share/Save/Bookmark

March 1, 2013

Now That's Robot Clean


How many of you heard the phrase as a child, "Cleanliness is next to G-dliness"?

Over the years, we've learned that germs and associated illnesses are frequently transmitted by touch and through the air.

And so we've become sensitized to the importance of things like regularly washing our hands, using antibacterial soap, and generally keeping our homes and offices as clean as they can be. (Okay, some people I know aren't so good about this--yes, you know who you are!)

The problem is that even with regular cleaning, corners, cracks, and surfaces are missed and harmful germs survive.

You can imagine that this can be especially true in places like hospitals and nursing facilities where unfortunately, there are already a lot of sick people.

Xenex Healthcare has invented an amazing robot that takes care of the problem--no, I am not taking about euthanasia (just kidding).

But really, this robot is wheeled into a room--generally after a manual cleaning that according to Bloomberg BusinessWeek (25 February 2013) often leaves 50% of the room still infected--and these germs can survive up to six months.

The Xenex robot generates a pulsing ultraviolet (UV) light from its extending head that zaps viruses and bacteria--destroying their DNA--and leaving a room 20 times cleaner!

There are 20 million hospital infection a years in America, killing about 100,000 people, and costing about $30,000 per infection, so the Xenex robot that kills up to 95% of many deadly infections and superbugs is significant. 

The robot costs around $125,000 or it can be rented for $3,700 per month--but it can disinfect dozens of rooms a day.

I'd like to see a Xenex robot for every home and office--that should do wonders for improved health care in this country. 

Oh and it makes a great gift for Howie Mandel. ;-)

Share/Save/Bookmark

August 25, 2012

IT Security, The Frankenstein Way

Here's a riddle: When is a computer virus not a dangerous piece of malware? Answer: when it is hidden as Frankenstein code. 

The Economist (25 August 2012) describes how computer viruses are now being secretly passed into computers, by simply sending a blueprint for the virus rather than the harmful code itself into your computer--then the code is harvested from innocuous programs and assembled to form the virus itself. 

Like the fictional character, Frankenstein, that is stitched together out of scavenged body parts, the semantic blueprint pulls together code from host programs to form the viruses. 

This results is a polymorphic viruses, where based on the actual code being drawn from other programs, each virus ends up appearing a little different and can potentially mask itself--bypassing antivirus, firewall, and other security barriers. 

Flipping this strategy around, in a sense, Bloomberg Businessweek (20 June 2012) reports on a new IT security product by Bromium that prevents software downloads from entering the entire computer, and instead sets aside a virtual compartment to contain the code and ensure it is not malicious--and if the code is deemed dangerous, the cordoned-off compartment will dissolve preventing damage to the overall system.

So while on the offensive side, Frankenstein viruses stitch together parts of code to make a dangerous whole--here on the defensive side, we separate out dangerous code from potentially infecting the whole computer.  

Computer attacks are getting more sinister as they attempt to do an end-run around standardized security mechanisms, leading to continually evolving computer defenses to keep the Frankensteins out there, harmless, at bay.

(Source Photo: here with attribution to Dougal McGuire)

Share/Save/Bookmark

May 15, 2010

What’s Lurking In The Update?

In defense, it is a well-known principle that you determine your critical infrastructure, and then harden those defenses—to protect it.

This is also called risk-based management, because you determine your high impact assets and the probability that they will be “hit” and deem those the high risks ones that need to be most protected.

In buttressing the defenses of our critical infrastructure, we make sure to only let in trusted agents. That’s what firewalls, anti-virus, spyware, and intrusion prevention systems are all about.

In so-called “social engineering” scams, we have become familiar with phony e-mails that contain links to devastating computer viruses. And we are on the lookout for whether these e-mails are coming from trusted agents or people we don’t know and are just trying to scam us.

What happens though when like the Trojan Horse in Greek times, the malware comes in from one of the very trusted agents that you know and rely on, for example, like from a software vendor sending you updates for your regular operating system or antivirus software?

ComputerWorld, 10 May 2010, reports that a “faulty update, released on April 21, [by McAfee] had corporate IT administrators scrambling when the new signatures [from a faulty antivirus update] quarantined a critical Windows systems file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.”

While this particular flawed security file wasn’t the result of an action by a cyber-criminal, terrorist or hostile nation state, but rather a “failure of their quality control process,” it begs the question what if it was malicious rather than accidental?

The ultimate Trojan Horse for our corporate and personal computer systems are the regular updates we get from the vendors to “patch” or upgrade or systems. The doors of our systems are flung open to these updates. And the strategic placement of a virus into these updates that have open rein to our core systems could cause unbelievable havoc.

Statistics show that the greatest vulnerability to systems is by the “insider threat”—a disgruntled employee, a disturbed worker, or perhaps someone unscrupulous that has somehow circumvented or deceived their way past the security clearance process (or not) on employees and contractors and now has access from the inside.

Any well-placed “insider” in any of our major software providers could potentially place that Trojan Horse in the very updates that we embrace to keep our organizations secure.

Amrit Williams, the CTO of BIGFIX Inc. stated with regards to the faulty McAfee update last month, “You’re not talking about some obscure file from a random third party; you’re talking about a critical Windows file. The fact that it wasn’t found is extremely troubling.”

I too find this scenario unnerving and believe that our trusted software vendors must increase their quality assurance and security controls to ensure that we are not laid bare like the ancient city of Troy.

Additionally, we assume that the profit motive of our software vendors themselves will keep them as organizations “honest” and collaborative, but what if the “payoff” from crippling our systems is somehow greater than our annual license fees to them (e.g., terrorism)?

For those familiar with the science fiction television series BattleStar Galactica, what if there is a “Baltar” out there ready and willing to bring down our defenses to some lurking computer virus—whether for some distorted ideological reason, a fanatical drive to revenge, or a belief in some magnanimous payoff.

“Trust but verify” seems the operative principle for us all when it comes to the safety and security of our people, country and way of life—and this applies even to our software vendors who send us the updates we rely on.

Ideally, we need to get to the point where we have the time and resources to test the updates that we get prior to deploying them throughout our organizations.


Share/Save/Bookmark

April 15, 2008

“I Am Legend” and Enterprise Architecture

Sometimes, when we architect change, we can make mistakes and people and organizations end up getting hurt.

In the movie I Am Legend, mankind architects a way to use a virus to kill cancer—seemingly, the cure that we’ve all been hoping for; but something goes terribly wrong and 90% of the world ends up dead, while another 9% end up as zombie cannibals feeding off of the remaining 1% of the population that is immune to the virus.

“Viral diseases such as rabies, yellow fever and smallpox have affected humans for centuries…Examples of common human diseases caused by viruses include the common cold, the flu, chickenpox and cold sores. Serious diseases such as Ebola, AIDS, avian influenza and SARS are caused by viruses…The ability of viruses to cause devastating epidemics in human societies has led to the concern that viruses could be weaponized for biological warfare.” (Adapted from Wikipedia)

So is there such a thing as a good virus?

Now scientists have architected, they believe, a way for viruses (bacteriophages) to kill bacterial infections (hopefully, not a repeat of the I Am Legend plot!)

MIT Technology Review, 15 April 2008, reports that “in the fight against infection, viruses take up where antibiotics leave off.”

Superbug bacteria infects up to 1.2 million patients a year in the U.S., particularly in hospitals where bacteria can spread from countertops, stethoscopes, and catheters.

Scientists have developed “nylon sutures coated with bacteriophages—viruses, found naturally in water, that eat bacteria while leaving human cells intact.”

Bacteriophages were used in World War II to treat soldiers with dysentery and gangrene, but this was soon overcome by rising interest in antibiotics. But “it takes time to get new classes of antibiotics onto the market, whereas bacteriophages can be easily isolated from environmental sources such as sewage water.”

How do the bacteriophages work?

“In water, these natural born-killers are extremely effective at eating up bacteria. The virus binds to bacteria and injects its DNA, replicating within its host until it reaches capacity, whereupon it bursts out, killing the bacteria in the process.”

What is the advantage to using bacteriophages?

“Antibiotics are broad-spectrum, and for certain bacterial strains, it’s easier to use bacteriophages if you know exactly which bacterium is causing the infection. You can target one strain, and it wouldn’t affect any other bacteria that may be protecting cells.”

Aside from sutures, how else might bacteriophages be applied?

They can be incorporated into sprays and creams.

Additionally, bacteriophages, aside from use in fighting bacteria, may be useful in detecting bacterial infection.

From an enterprise architecture perspective, the baseline for fighting infection has for many years been through antibiotics. Now, the target architecture includes viruses that can kill the bacteria. However, as in the case of the virus that is supposed to help cure, but instead causes a lethal epidemic, there is always the potential for things to go off course, when we architect change in the enterprise.

Catastrophic consequences from change can occur for example, when we make changes to products, processes, people, and technologies in organizations. These can result in unintended consequences like defective products, inefficient processes, accidents to employees, and failed IT implementations to name just a few.

The point is that enterprise architecture is not a bacteriophage or antibiotic cure-all. As architects, we need to be cognizant of the risks inherent in change (as well as in maintaining the status quo) and manage change thoughtfully, carefully, and with an eye toward risk management all along the way.

The last thing we want to be is Lieutenant Colonel Robert Neville (in the movie I Am Legend) left as the last healthy human along with his trusty dog in New York City and possibly the entire world.


Share/Save/Bookmark

April 2, 2008

Hacker Camps and Enterprise Architecture

One of the perspectives of the enterprise architecture is Security. It details how we secure the business and technology of the organization. It includes managerial, operational, and technical controls. From an information security view, we seek confidentiality, integrity, availability, and privacy of information.

Who are we protecting the enterprise from in terms of our information security? From hackers of course!

How do we protect ourselves from hackers? By teaching our security professionals the tricks of the trade—teach them how to hack!

The Wall Street Journal, 1 April 2008, reports that “Hacker Camps Train Network Defenders: Sessions Teach IT Pros to Use Tools of the Online Criminal Trade.”

“In such sessions, which cost about $3,800, IT pros typically spend a week playing firsthand with the latest underground computer tools. By the end of the week, participants are trained as ‘ethical hackers’ and can take a certification test backed by the International Council of Electronic Commerce Consultants.”

Overall more than 11,000 people have received the ‘ethical hacker’ certificate since 2003; nearly 500 places world-wide offer the training.”

Why do we need to teach these hacking tools to IT security professionals?

They need to understand what they’re up against so they can more effectively plan how to protect against the adversary. Know thy enemy!

How large is the IT security issue?

The average large U.S. business was attacked 150,000 times in 2007…the average business considered 1,700 of these attacks as sophisticated enough to possibly cause a data breach. In addition, the number of unique computer viruses and other pieces of malicious software that hackers tried to install on computers and IT networks doubled to 500,000 last year from 2006…[and it’s expected] to double again in 2008.”

It’s great that we are advancing the training of our information security champions and defenders, but what about those who take the course, but are really there to learn hacking for the sake of hacking? How many of the 11,000 ‘ethical hackers’ that have been trained are really ethical and how many are using their newfound knowledge for more nefarious ends?

From an enterprise architecture standpoint, we need to ensure that we are not giving away the keys of the kingdom to anyone, including our own IT security staff—through hacker training. Also, we need to be careful not to rely on any one individual to maintain the security order of things. We need to plan our security using a system of checks and balances, just like the constitution lays out for the governance of the nation, so that even the chief information security officer (CISO) is accountable and has close oversight. Finally, we need to institute multiple layers of defense to work best we can to thwart even the determined hackers out there.
Share/Save/Bookmark

February 8, 2008

Internet Apocalypse and Enterprise Architecture

It is the 21st century and we are a nation dependent on everything internet. We rely on the internet for communications, like email, text messaging, and even voice over IP. We also use the internet for getting news and information, social networking, storing and sharing blogs, videos, music, and photos, accessing various applications, shopping, and conducting financial transactions.

What happens if the internet is attacked or otherwise fails us?

This is the question asked in ComputerWorld, 21 January 2008: “If the internet goes down will you be ready?”

ComputerWorld states: “It’s likely that the internet will soon experience a catastrophic failure, a multiday outage that will cost the U.S. economy billions of dollars. Or maybe it isn’t likely. In any case, companies are not prepared for such a possibility.”

The Business Roundtable says: “The threat is ‘urgent and real.’ There is a 10% to 20% chance of a ‘breakdown of the critical information infrastructure’ in the next 1o years brought on by ‘malicious code, coding error, natural disaster, [or] attacks by terrorists and other adversaries.’”

What will be the effect of a major internet interruption?

An internet meltdown would result in reduced productivity and profits, falling stock prices, erosion of consumer spending, and potentially a liquidity crisis.” It would disrupt our everyday ability to communicate, get and share information, work and conduct transactions. And let’s not forget the effect on the human psyche—there would be chaos.

Why have we not prepared ourselves adequately?

The Business Roundtable says that “business executives often fail to realize how dependent they have become on the public network—for email, collaboration, e-commerce, public-facing and internal Web sites, and information retrieval by employees.”

Where are we most vulnerable?

The Internet Corporation for Assigned Names and Numbers (ICANN) says that “the Internet is pretty robust at the physical layer. There are just too many alternate paths available. But the Internet is not so robust at other layers.” Hence, the risk of operating system failures, penetration by worms, and denial of service attacks.

Is there any reason for optimism?

The CIO of Yuma County, Arizona, reminds us that the Internet “having been based on the Arpanet [from DoD] and designed to keep functioning when pieces are broken, it seems less likely that the entire Internet would stop working.”

What can enterprises do to prepare for the worst?

Of course, all organizations need to fully address security concerns in terms of managerial, operational, and technical controls.

They need the best and brightest security personnel.

Additionally, they need to perform regular risk assessments, vulnerability testing, intrusion detection and prevention, back-up and recovery.

They need to have strict access controls, security awareness training of employees and contractors, and an IT security policy.

Our organizations need a comittment to continuity of operations planning (COOP).

ComputerWorld points out that the financial services sector is out in front in making preparations Here’s some of the architectural preparations that financial companies have undertaken:

  • Dedicated networks—“set up dedicated networks independent of phone companies.”
  • Guaranteed diverse routing—“negotiate more aggressively with communications companies to guarantee diverse routing.”
  • Geographic dispersal—“separate data centers and communications centers more widely geographically.”

In general, enterprises need “diversity and redundancy” of communications.

Most importantly, we need to recognize the risks out there and prepare, prepare, prepare.


Share/Save/Bookmark

January 29, 2008

Intrusion-Prevention Systems and Enterprise Architecture

Firewalls have traditionally been used to “wall off” the enterprise from computer attack, but now intrusion-prevention systems are augmenting the organization’s defenses.

The Wall Street Journal, 28 January 2008 reports that “intrusion prevention systems promise an even smarter defense” than firewalls.

Firewalls are intended to keep intruders out. However, because certain traffic, such as email, needs to get through, holes or open ports allow in traffic that can carry viruses or malware into the network.

Intrusion-prevention systems work differently—they don’t wall off the enterprise networks like firewalls, but rather like a metal detector, they filter or scan every piece of traffic entering the organization for suspicious activity, and reject any item that is identified as a threat.

According to Wikipedia, Intrusion prevention systems (IPS)... [are] a considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done.

Intrusion-prevention systems can be hardware that is physically attached to the network or software that is loaded onto individual computers.

Are intrusion-prevention systems really necessary?

Yes. “According to the Computer Security Institute 2007 Computer Crime and Security Survey, the average annual loss suffered by U.S. companies from computer crime more than doubled last year to $350,424 from $168,000 in 2006. And these reported losses tend to underestimate the number of attacks.”

Gartner analyst recommends antivirus on PCs and an intrusion –prevention system on the network.

Are there any problems with intrusion-prevention systems?

One of the biggest issues is false positives, which if not adjusted for will block desired incoming traffic. One way to handle this is to use the intrusion-prevention system to “detect threats and flag them,” rather than simply block them altogether. Additionally, the organization can adjust the filters that they may not need. This is the tuning required to ensure performance in terms of network speed and an appropriate level of filtering.

If your organization is not using an intrusion-prevention system, this is something your enterprise architecture needs to plan for and implement ASAP.


Share/Save/Bookmark

December 11, 2007

Information Security and Enterprise Architecture

Information security is generally considered a cross-cutting area of enterprise architecture. However, based on its importance to the overall architecture, I treat information security as its own perspective (similar to performance, business, information, services, and technology).

According to the Wall Street Journal (WSJ), 11 December 2007, professional hackers are getting smarter and more sophisticated in their attacks and this requires new IT tools to protect the enterprise. Here are some of the suggestions:

  1. Email scams—“hackers have responded to improved filtering software and savvier population by aiming their attacks at specific individuals, using publicly available information to craft a message designed to dupe a particular person of group of people” In response, organizations are installing antivirus and antimalware software from multiple vendors to increase the chance, the an attack that gets by one security software products, will be stopped by one of the others. These products can be obtained from vendors like Sophos, Sybari, Micosoft, Symantec, and McAfee.
  2. Key loggers—“one common form of malware is a key logger, which captures the user names and passwords that an unsuspecting computer user types, and then sends these to a hacker.” However, software from Biopassword Inc. can thwart this by recording employees typing rhythms, so that even a hacker that knows a username and password is denied access if he types too fast or too slow.
  3. Patrolling the network—hackers who get past the firewall often have free rein to roam once inside the network. However, CoSentry Networks Inc. has a product that imposes controls on where a user can go on the network, so even someone with a valid login will be prevented from snooping around the network or accessing information from an unapproved location.
  4. Policing the police—one of the biggest threats to an enterprise is from the insiders, employees who have access to the systems and information. Software from Application Security Inc., however, monitors access, changes, repeated failed logins, and suspicious activity and notifies the designated security officer.

From a user-centric EA standpoint, information security is paramount to protect the enterprise, its mission execution, its employees, and stakeholders. As the WSJ points out, “breaches of corporate computer security have reached epidemic proportions. So far this year more than 270 organizations have lost sensitive information like customer credit-card or employee social security numbers—and those are just the ones that have disclosed such incidents publicly.” EA must help the chief information security officer to identify these enterprise security threats and select appropriate countermeasures to implement.


Share/Save/Bookmark