Sekiur My Thoughts

On October 16th, Oil prices plummeted below $70 for the first time in 16 months, loosing half its value since hitting a record high of $147.27, prompting the oil cartel OPEC to call an emergency meeting.

OPEC cut production by 1.5 million barrels a day starting November after their emergency meeting on October 24th one month ahead of their scheduled meeting.

Although their next meeting was not scheduled until December 17th, the OPEC cartel will meet again this coming November 29th in Cairo, most likely to make another cut in production. In this global financial turmoil, they run the risk of taking things too far as demands for energy increase during the winter months.

The drop in prices has already created problems for oil producers, who have become accustomed to high prices. Iran needs oil prices at $95 a barrel to balance the budget, Russia needs $70, Venezuela needs $60 and Saudi Arabia needs $55 a barrel, according to Deutsche Bank estimates. Cartel representatives have hinted at the idea of fixing a price high and low, which they call “ideal” ranging between $70 and $90 a barrel.

Juan Pablo Perez Alfonzo was a Venezuelan minister of energy that popularized the phrase “oil: the devil’s excrement” and the minister said that the oil corrupts the power.

Gasoline: The fall in world oil prices since July has pushed gasoline in the United States, the world’s largest oil consumer, from a high of $4.114 a gallon on average to $1.91 a gallon Monday, according to motorist group AAA.

Source:

http://money.cnn.com/2008/10/24/markets/oil/

http://www.iht.com/articles/2008/10/16/business/oil.php

http://seattletimes.nwsource.com/html/localnews/2008429585_webgasprices24m.html

Within weeks of the World Bank’s story breaking about its computer systems being breached by hackers, Fox News has reported here that Cyber-Hackers have broken into the IMF computer system.

The International Monetary Fund (IMF) is an international organization that oversees the global financial system by following the macroeconomic policies of its member countries, in particular those with an impact on exchange rates and the balance of payments. It also offers financial and technical assistance to its members, making it an international lender of last resort. Its headquarters are located in Washington, D.C., USA.

The IMF of course absolutely denies that the event took place. The spyware discoveries came at a particularly sensitive time for the international bailout institution, which along with the World Bank is expected to play a central role in trying to combat global financial turmoil.

This is too much of a coincidence in my opinion. Any information taken by the attackers will likely be used as leverage to blackmail the institutions rather than being made public to embarass them.

In fact, the computer assaults on the World Bank and the IMF are only part of a rash of sensitive cyber-burglaries that even reached into the U.S. presidential campaign. Both London’s Financial Times and Newsweek recently reported that the computer network of the White House, and the Obama and McCain campaigns, were seriously breached.

The Pentagon claims the Chinese army has established units to develop viruses to attack enemy computer systems. Chinese hackers penetrated the Pentagon last year, in an attack that obtained e-mails from the system serving Defense Secretary Robert Gates.

Despite vigorous Chinese denials, “everyone in the intelligence community knows that China is the biggest player in cyber espionage,” says John Tkacik, a former head of China intelligence for the U.S. State Department. Tkacik told FOX News that later this month, President-elect Obama will be presented with a new top-secret National Intelligence Estimate (NIE) report that “will cause the scales to drop from his eyes” regarding Chinese cyber-espionage.

“What the Chinese are particularly interested in at the IMF is what loans the IMF is likely to give to other countries,” says Nick Day, a former British intelligence officer who runs Diligence, a private investigative firm that does extensive work for many international corporations and institutions.

“The geopolitics of this is that essentially you’ve got a few countries in the world that are stacked on huge foreign capital reserves — Russia, China, Japan, the Middle East — and the rest of us are pretty much borrowers to those lenders.

This past November 20th, Amazon announced the winner of the AWS Start-Up Challenge for $100,000 in cash and AWS credits. Amazon Web Services or AWS is searching for the next hot start-up that uses AWS to build its business.

Yieldex was chosen as the winner of the 2008 AWS Start-Up Challenge! Yieldex delivers “advertising inventory and optimal campaign allocation for online publishers.”

The finalists in the running were:

	Encoding.com Encoding.com has transformed video encoding from a traditional software model to a software as a service (SaaS) platform. Encoding.com combines elastic computing resources with cutting edge video encoding software.
	Knewton Knewton supercharges any education content by teaching the exact concepts students need, in the medium and pacing best for each. Knewton’s self-optimizing “Darwinian” engine grows increasingly effective as each new student joins the network – so the learning plan of the 50 millionth student is powered by the combined data of all the others.
	MedCommons MedCommons provides cloud-based Health 2.0 application services for patients and doctors, and enables third parties to customize and extend the MedCommons Platform for their own needs.
	Sonian Sonian is a cloud compute email productivity service. Each day, 86 billion emails and IMs are created and most of this information needs to be saved and indexed for compliance and personal productivity. Sonian solves this problem with next generation software running on the Amazon Web Services cloud. Sonian archives electronic communications, files and unstructured content to unlock the actionable intelligence stored in this “dark data.”
	Pixily Pixily is an interactive document management service that organizes paper and electronic materials online so people can instantly find and share information whenever and wherever they need it. For consumers, Pixily serves as a digital organization assistant that reduces paper clutter and helps manage personal information more efficiently. Businesses rely on Pixily as an affordable on-demand document management service to streamline daily operations and be more productive.
	Yieldex Yieldex delivers accurate forecasting of overlapping online advertising inventory and optimal campaign allocation for online publishers. Our tools help publishers get more revenue from their premium inventory through in-depth proposal analysis, scenario planning, and Yieldex’s proprietary yield index.
	Zephyr Zephyr enables enterprises to manage their test departments more efficiently, boost productivity, reduce costs and provide IT leaders with real-time visibility into all aspects of their software quality cycle.

Although Yieldex does not seem that attrative to me, I can see how media objects could be stored in the AWS cloud and even though online advertising providers have closely integrated management tools, smartly storing those media objects and using its metadata to provide forecasting and scenario planning could have a market.

My favorite is encoding.com and with the boom in IPTV, anyone wanting to deliver quality video in a variety of formats can do so very cheaply.

Knewton and Pixily, I see as having a hard time making it. Knewton is up against with widespread access to information; Knowledge is everywhere for the taking with the advent of the Internet and as Higher Education Institutions take their knowledge online by joining the Open Courseware Consortium, I wouldn’t know why anyone would pay for this.

As for Pixily (a document management system), providing the ability to go paperless has two shortfalls in my view. I am not sure I am ready to store sensitive, confidential information online just yet and then there’s other providers like Scribd which allows you to publish documents for free.

My first exposure to diabetes was while living in the UK during my teenage years. I remember a girl who used to leave class at a specific time everyday in order to inject herself with insulin. Obviously at that time I was completely ignorant and so were my classmates who made cruel comments about the daily event.

A number of years later my mother developed type 2 diabetes, which was treated by using medication and a diet. Unfortunately dieting was something that turned out really difficult for her, so the use of insulin became necessary.

Medication turned to a device to check sugar levels in the blood and a shot of insulin once a day. Elevations of blood glucose levels lead to damage of the blood vessels, which over the years affected her eyesight, her ability to heal fast from leg and foot wounds and her kidneys. She past away at 69.

The Internet and most recently the move to view it as a platform, brought about the development and evolution of web-based communities such as social-networking sites like “Tu Diabetes” that was founded by my friend Manny Hernandez on March 2007 and today has 5,394 members and going strong.

Both type 1 and type 2 diabetes are at least partly inherited. Type 1 diabetes appears to be triggered by some (mainly viral) infections, or less commonly, by stress or environmental exposure (such as exposure to certain chemicals or drugs). There is a genetic element in individual susceptibility to some of these triggers which has been traced to particular HLA genotypes (i.e., the genetic “self” identifiers relied upon by the immune system). However, even in those who have inherited the susceptibility, type 1 diabetes mellitus seems to require an environmental trigger. A small proportion of people with type 1 diabetes carry a mutated gene that causes maturity onset diabetes of the young (MODY).

There is a stronger inheritance pattern for type 2 diabetes. Those with first-degree relatives with type 2 have a much higher risk of developing type 2, increasing with the number of those relatives. Concordance among monozygotic twins is close to 100%, and about 25% of those with the disease have a family history of diabetes. Candidate genes include KCNJ11 (potassium inwardly rectifying channel, subfamily J, member 11), which encodes the islet ATP-sensitive potassium channel Kir6.2, and TCF7L2 (transcription factor 7–like 2), which regulates proglucagon gene expression and thus the production of glucagon-like peptide-1.^[3] Moreover, obesity (which is an independent risk factor for type 2 diabetes) is strongly inherited.^[17]

Various hereditary conditions may feature diabetes, for example myotonic dystrophy and Friedreich’s ataxia. Wolfram’s syndrome is an autosomal recessive neurodegenerative disorder that first becomes evident in childhood. It consists of diabetes insipidus, diabetes mellitus, optic atrophy, and deafness, hence the acronym DIDMOAD.^[18]

This is something that today I think I should probably look out for, and so my quest for information and prevention begins. 23andMe, a start-up company named after the numbered of paired chromosomes in humans, wants to help you understand what your genes mean by indexing them and highlighting significant findings and Type 2 Diabetes is one of the conditions that 23andMe analyzes.

For the price of $399 through their online store, they will mail you a kit with a test tube that you will send back with a sample of your saliva. After 4 to 6 weeks you will receive a report to better understand your ancestry, genealogy, and inherited traits.

Specifically for Type 2 Diabetes, you will get:

• An estimate, based on currently available information, on whether your genetic risk of Type 2 Diabetes is higher or lower than average.
• Your results at 9 markers.
• A look at how Type 2 Diabetes works, a history of the condition, and a list of counselors, links and support groups for Type 2 Diabetes in your area.

In the United States, almost 21 million children and adults have diabetes, but the rate of new diagnoses is increasing, so I will get going with a visit to the doctor and then order one of these kits.

Earlier this year, the World Bank suffered a server security breach in which hackers were able to compromise critical servers.

In what Fox News characterized as an “Unprecedented Crisis“, were one of the largest repositories of sensitive data about the economies of every nation, had been raided repeatedly for more than a year.

It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution’s highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank’s network for nearly a month in June and July.

In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.

In a frantic midnight e-mail to colleagues, the bank’s senior technology manager referred to the situation as an “unprecedented crisis.” In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public.

• Click here to see the e-mail.

The crisis comes at an awkward moment for World Bank president Robert Zoellick, who runs the world’s largest and most influential anti-poverty agency, which doles out $25 billion a year, and whose board represents 185 member nations. This weekend, the bank holds its annual series of meetings in Washington — and just in advance of those sessions, Zoellick called for a radical revamping of multilateral organizations in light of the global economic meltdown.

The bank’s chief information officer, Guy De Poerck, has engaged Price Waterhouse Coopers to do a confidential million-dollar assessment that is expected to tell him what’s going on in his own department.

What is very peculiar about this story is that no other news agency has reported the event and that Fox News was able to acquire internal e-mails and memos regarding the attack.
Jack Conde, Senior Enterprise Risk Management Officer at World Bank shared with executives on July,10, the extent of the breach here. According to the memo at least 17 servers were breached and were slowly being taken offline to perform forensics.

The memo goes on to say what steps they will take in the future to prevent information leaving the network, like implementing an outgoing firewall rule preventing communications being initiated from within the network.

A major effort is underway to implement a firewall rule that will bar all outbound traffic from server networks to the internet with exceptions made for servers with a legitimate reason to make such connections. To this end, ISG staff is creating a daily report of traffic which will be vetted by ISG service managers and OIS to insure that all exceptions are explained and justified. The rule will be implemented on Friday. This effort will curtail any data lost from production servers in the future.

This a normal reaction to a breach, were measures that should have been in place were not, but any such action should always be considered carefully to determine if it will actually prevent data loss or provide a false sense of security.

In the age of spyware, malware, keyloggers and hamachi, the biggest threat to corporate data comes from within.

What would be achieved by a firewall rule restricting Internet access? Well, absolutely nothing when the servers have access to every PC on the internal network and subsequently these PC’s have inherent access to the Internet.

In this particular situation were the attacker was able to compromise in excess of 17 servers and go undetected for so long, can only lead to 2 conclusions. Either the security guys are clueless or the attacker or attackers knew what they were doing.

In plainspeak: “They had access to everything,” says the source. “They had the keys to every room at the bank. And we can’t say whether they still do or don’t until we fully and openly address what’s happening here.”

Now this is not a small business, a law firm, or a retail chain. This is the World Bank, so I am inclined to believe that the keepers of the data are professionals and subsequently it would be wise to think that the attacker is not stupid.

Having access to the servers that were compromised and knowing that sooner or later someone was going to discover the breach, it wouldn’t be far fetched that the attacker would create false accounts and personnel records to back them up in the SAP (ERP), HR and Secure ID systems of the 10,000 plus employee organization.

This would give an attacker the capability to restore access once the breach was discovered triggering the containment plan. Additionally the attacker had gained system administrator access providing access throughout the corporation, providing the potential of creating backdoor’s into virtually any desktop computer in the network.

After FOX News published its story, a World Bank spokesman issued the following statement:

“The Fox News story is wrong and is riddled with falsehoods and errors. The story cites misinformation from unattributed sources and leaked emails that are taken out of context.

“Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these. But at no point has a hacking attack accessed sensitive information in the World Bank’s Treasury, procurement, anti-corruption or human resources departments.”

In the security field, you have to be paranoid and levelheaded, specially if you are working in an outfit like this.

Hey World Bank…. if you need a hand… drop be a line.

Just had to pass on what transpired today. I started a Tech Support call to Microsoft Partner Support at 9:05 this morning. The call was initially answered in Redmond by the Partner Group. It was then transferred (via IP) to India for First Level Support – this lasted for two hours, when it was kicked up to another level in tech support, and transferred (Again, via IP) to Montreal, CA. After another half hour, I had to attend a meeting, so the call was transferred (in house) to one of my Techs. He stayed on the line for another 1.5 hours, and then transferred the call back to me.

So at this point, I have had a live call that has been bounced over two continents, and in house over three extensions – this is at the 4-Hour point in the call.

The tech from M$FT then says that he needs a disk placed in the server – I place him on hold and call my contact, who is not there, so I transfer the call to my cel phone, and jump in the car and drive 15 minutes to the customer site. Stick the disk in, and resume troubleshooting on site and on the Cel, which has the call bridged through our Trixbox and out to my cel phone.

Two hours and 48 minutes later, and the M$FT guy is still not done, and my cell phone is going dead. Remote over to my desk at the office, call one of the people at my office and tell them I am giving them the call back, and to transfer it to a desk phone back where I am. I then bring up Flash Operator Panel, and put the call on his desk.

He then does a screened transfer to me, hits the receptionist at the school I am working at, asks for the server room, and when the phone rings and I answer, releases the call back to me!!!

Now, I am back talking to the M$FT guy, with no interruption WHATSOEVER and the call goes on for another 2 hours and 20 minutes!!!! He finally finishes what he was doing, and I sat back and looked at the statistics for the call:

9 Hours, 10 Minutes and 56 Seconds (I looked in the Log)
Three Locations and Two Continents (On the M$FT side)
Three internal Transfers, Two Offsite Transfers, and one Flash Operator Panel Call retrieval from an offsite location!!!!!!

And at no point did the call quality suffer – and all of this on a standard production Trixbox system!

Name me a system you could have done this on this easily!!!!

Source: Trixbox Forums (GSnover)

Trixbox (formerly Asterisk At Home – A@H) has definitely come a long since its beginnings in November 2004 and since I started playing around with Asterisk 2 months earlier. The convenience of being able to download an ISO and have a functional PBX in less than an hour was and is amazing.

An excellent resource is Ward Mundy’s blog Nerd Vittles, which I have also followed since early 2005 and has worked on some very cool and interesting projects augmenting Asterisk functionality. Most recently in November 2007, they released PBX In A Flash (PIAF) and have also announced a under $500 appliance with PIAF running on it.

What is Asterisk?

Asterisk is a software implementation of a telephone private branch exchange (PBX) originally created in 1999 by Mark Spencer of Digium. Like any PBX, it allows attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network (PSTN) and Voice over Internet Protocol (VoIP) services. Its name comes from the asterisk symbol, “*”.

What is Trixbox?

Trixbox is a turnkey business class PBX voice communication system based on the Open Source Asterisk project. It’s no longer necessary to pay thousands and thousands of dollars for a proprietary phone system. By simply downloading software and installing it on a low end system you can have a powerful, open, and robust pbx system. From small systems with only a couple analog phone lines and extensions to large installs with multiple T1/E1 connections and hundreds of extensions, you can easily use Trixbox to meet your telephony needs.

I believe Trixbox to be the most complete distribution of Asterisk out there, although many of its features might not be used in many cases. On the other side I have heard complaints on the lack of collaboration in adding new features and fixing bugs by the guys at Fonality, which makes it less open as it were.

Parts List:

• Trixbox 2.6.1.13 IS
  • trixbox CE 2.6.1.13 (Stable) – 474,263,552 bytes – Released 10/02/08
    MD5: 0424baa0dd061e313062441083672427
    This is the current development release.
    [ Download ISO Image ] from SourceForge

• Dell GX-150 with 512MB and 80Gb

• Sangoma A200 card with 4 FXO ports

• Sangoma drivers
  

Todo List:

• Upgrade the RAM to 512Mb and the hard drive to 80Gb
• Install the Sangoma PCI A200 card
• Insert CD into CD drive and boot from disk
• Go through wizard and install Trixbox
• Login to the computer, update Cent OS and download and install the drivers
  • yum update
  • yum upgrade
  • cd /opt
  • wget ftp://ftp.sangoma.com/linux/RPMS/2.6.1.13/wanpipe-util-3.2.7.1-0.i686.rpm
  • wget ftp://ftp.sangoma.com/linux/RPMS/2.6.1.13/wanpipe-modules-2.6.18-53.1.4.el5-3.2.7.1-0.i686.rpm
  • wanrouter hwprobe
  • wanrouter hwprobe verbose
  • setup-sangoma
    • When asked which codec will be used, select MULAW – North America
    • When configuration of the analog card completes, select 1 to continue
    • When configuration of Zaptel and Wanpipe completes, select 1 to save and restart deamons
    • When asked to start wanrouter at boot time, select 1 for yes
  • ztcfg -vv (to display the analog card installed and its modules.)
• Install DynDNS client:
  • Install DAG’s GPG key
    • rpm –import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
  • Verify the package you have downloaded
    • rpm -K rpmforge-release-0.3.6-1.el5.rf.*.rpm
  • yum install ddclient
• Create DynDNS account
• Configuration ddclient: (Add to the end of the /etc/ddclient/ddclient.conf file)
  • use=web, web=checkip.dyndns.com/, web-skip=’IP Address’
  • server=members.dyndns.org,      \
  • protocol=dyndns2,       \
  • login=your-login,        \
  • password=your-password        \
  • pbx.dnsalias.com

Trixbox links to several good quick install guides here and a comprehensive list of documentation here.

Higher Education and K-12 institutions have always either lead in the IT field with innovative solutions or been way behind in technology to the point of not having any.

Open source has always been an option, although generally for the technically inclined but several years ago the big guys (Google and Microsoft), brought hosted E-mail offerings to the table that would out perform any locally installed solution and without a price tag associated with it.

A new player recently entered the market with their very attractive offering. ZCS from Zimbra.

Zimbra Collaboration Suite (ZCS) is a groupware product created by Zimbra Inc., located in San Mateo, California, USA. The company was purchased by Yahoo! in September 2007.[1]. The software consists of both client and server components. Two versions of Zimbra are available: an open-source version, and a commercially supported version (“Zimbra Network”) with closed-source components. These software versions are available from Zimbra for download and independent use, from Zimbra-authorized partners, and included with service from a Zimbra-authorized hosting provider.

So what are the options?

1. Outsource
   1. Google Apps for Education
   2. Microsoft’s Live@edu Service
   3. Zimbra’s Hosted Collaboration Suite
2. Maintain/deploy in-house

Even thought there are legitimate issues with outsourcing, like privacy of e-mails, loosing control over the capability to access logs in case of an incident and ads displayed to the constituents amongst others; the option to provide this same level of service in-house is not economically feasible.

Lets take a look what these services offer:

Microsoft and Google are free provided that they can display ads for alumni and Zimbra costs $2 per year per student.

Resources:

Microsoft Live@edu:

Microsoft Live@edu video
Live@edu with Exchange Labs
Web Collaboration

Google Apps for Education:

Google Apps video

Zimbra:

Compare Hosted EDU Products

One of the challenges I have come across recently is being able to retrieve data from a cell phone SIM, whether it be a large phone-book list and there is not an existing PC interface you can make use of or if you are trying to recover deleted outgoing/incoming messages from the phone.

A SIM or Subscriber Identity Module (SIM) on a removable SIM Card securely stores the service-subscriber key (IMSI) used to identify a subscriber on mobile telephony devices (such as computers) and mobile phones. The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.

You will need a SIM card reader, drivers and software to read the SIM card.

You can easily get the SIM card reader on eBay for under $5, and though they usually ship with a software CD, I have not found one that has the right drivers with it. What this has meant for me is prying open the plastic casing and looking at the chip-set manufacturer, subsequently diving into Google to find in the majority of cases a Taiwanese manufacturer hosting the drivers for the reader.

Then comes the software. I recommend Data Doctor Recovery Sim Card from Pro Data Doctor, it has a nice interface and works, which was also a challenge. This will set you back $69.

Once the SIM is in the reader and its connect to the USB port on your computer and working correctly after the drivers have been installed, you can start-up the program and click the magnifying glass icon. You will then be prompted to select the reader type, which in my case is Phoenix technology standard.

You will be asked to define the port, data baud and parity. To determine what port was assigned, I open up the Device Manager on Windows XP and look under modem to find the reader. The baud should remain at 9600 and the parity at even. Once this is done, the software will scan the SIM for data and display it on the screen were it can be viewed or save to a text file.

As I had predicted back in October 20th here, Reuters is reporting that Circuit City has filed for bankruptcy.

What’s amazing to me, is how the board of directors allowed this company to go downhill for over 2 years without taking action.