Archive for April, 2009

Retail Bandwidth Inventory

April 7, 2009

Don’t Deliver A Carload When The Customer’s Trying to Buy A Cupful…!

The place where new demand can be stimulated is in retail space. Retail sales require delivering real customer value. Without a differentiating retail offer, a product or service may end up offering only price reductions that erode the vendor’s ability to continue manufacturing and distributing it to the customer.

Today, telecom is not making much money on its capital or as a percentage of its operations expenditures. T-Mobile and Cingular do not see 10% annual returns on their CapEx or OpEx, where historically, telecoms CFOs seek 35% hurdle rates in their investment business cases.

They Are Selling Price, Not Technology: Every service is available from at least five indistinguishable service providers in the typical market.

They Are Selling Quantity, Not Quality: The only exception to some extent is Verizon Wireless. The company has had some success in retailing more expensive services than its competitors.

The concept of retail is important in many industries.

Some examples of how consumable inventory is managed to package and deliver retail value —

Sugar purveyors make 1000% more revenue when they can sell it by the box of cubes, rather than by the five- or ten-pound bag. The profit margin on a carload of sugar is much higher when retailed as cubes than when it is wholesaled as a carload of sugar.

Makers of Anacin and Tylenol generated an entirely new high-margin market opportunity when they packaged two pills of pain-reliever in a little vacuum-sealed envelope and delivered it in a point-of-sale display to 7-11 convenience stores and all night gas stations on virtually every corner. The profit per pill is higher when a gross of pills are sold in these two-pill packages than when a gross of pills is sold by a bottle at the drug store.

As with the telecom industry confronting the Internet, music executives confronted a massive consumer revolt when they discovered that hundreds of thousands of songs were being regularly downloaded and shared illegally for free through peer-to-peer network software on the Internet. The bundling of 20 “poor” songs with one or two “great” songs to sell an expensive album and monopolize the music consumer’s budget with a few artists was shattered. iTunes’ innovation was to sell a single song at a time for $1.00. This provided music in a desired increment so the customer could target its choice only. This new retailer, iTunes, has generated a successor music inventory management paradigm for the retail music market space by recasting the micro-economic music sales transaction, one song at a time. Open 24/7, the iTunes Store features more than 6 million 99¢ songs, 100,000 free podcasts, 30,000 audiobooks, 600 TV shows, 500 movies, and iPod games. You can download, play, and sync in a fraction of the time it takes to drive to any superstore. iTunes’ innovation sold more than one billion songs by the end of 2006.

We have long been able to buy various ‘quality’ grades of gasoline by the gallon.

Values Of The Data Call: Behind the retail scene most obvious to the lay person is a world that has solution software products only for those that can afford it. Software providers retail their products to manufacturers, distributors, and re-sellers.

However, these products are only affordable to organizations that have already grown large enough without the benefit of the product’s productivity so that the organization can afford buy and use the product. The small to medium-sized enterprise (“SME”) cannot avail itself of these productivity solutions until they have grown larger. Yet the accessibility of these very productivity solutions engenders the growth the SME seeks and has yet to achieve.

How do SMEs get at the solution software? If the SME can use a Data Call to invoke the application as a pay-on-use service, it can use these productivity solutions to generate its own growth.

The Data Call delivers dedicated and real-time bandwidth in support of productivity applications.

The Data Call is guaranteed to be secure and to work every time an order is accepted. What enforces this reliability and security is the fact that the service provider will be obliged to pay a large SLA penalty to the customer if a Data Call fails to assure performance.

Data Call bandwidth capacity is pre-specified. The customer pays only for bandwidth actually used.

The customer can employ a Data Call to any networked destination just as if he had a ‘temporary leased line’ to that destination.

Replacing Wholesale With Retail Inventory Management: The private leased line is the service provider’s [“SP’s”] value-based business model and historically it was the most profitable data service of all. SPs have expanded this market by selling cheaper Frame Relay and VPN ‘leased lines’.

In contrast, the private leased line is 24 hours by 7 days of always-on dedicated bandwidth. Yet a customer of the private leased line uses less than 5% of its bandwidth / time resource in any given month. Extensive Bell Labs research analysis has confirmed this finding. Thus, the leased line is delivering a “carload of sugar” when the customer needs to use only a cupful – this is wholesale inventory management, not retail inventory management.

The Data Call has better security (3 separate levels) and higher reliability (dual-stream < 50 millisecond automatic protection switching) than the private leased line (1 level of security, single-stream, 4 hours to repair). Unlike the leased line, the Data Call provides retail inventory management and the customer is charged only for the actual bandwidth used during the Data Call — not for security, not for the size of the pipe, and not for its reliability.

Less than 1% of the business market can afford a private leased line — and they only use it 5% of the time. Yet, 100% of the business and residential worlds can easily afford to use the Data Call regularly.

An Example of High Margin and Lowest Cost Solution: A British enterprise operates separate databases in London, Cambridge and Manchester. The db administrator uses database synchronization, highly reliable because data is copied at the disk level at both the satellites and the base, transaction by transaction. This alternative is bandwidth intensive — 30 Mbit/s to 45 Mbit/s in each direction for each site. The enterprise runs the application between 9:30am & 11:30am, then again from 1:30pm till 4:30pm. Each work session is broken up as 45 minutes at 30 Mbit/s then 15 minutes at 45 Mbit/s, then 45 minutes at 30 Mbit/s and so on. Monday through Friday the leased line costs are BPDS £ 20,080, while the data calls cost for these work sessions would amount to only BPDS £ 1,335 per week.

The 45 Mbit/s leased line network inventory not in use by the British firm’s data calls are freed up for sale to other customers. In addition to significant savings for the British firm (BPDS £ 18,745 / week), this network inventory resource left over from the unused leased line represents an additional Data Call revenue potential of BPDS £ 59,865 / week for the network. By matching the British firm’s actual requirement of 10,125 Mbit minutes for these Data Call work sessions, the network frees up 443,475 Mbit minutes for sale to other customers each week.

Thus, the revenue potential of a given increment of bandwidth is nearly 3 times higher when sold as Data Calls instead of leased lines (BPDS £ 59,865 / week of potential data call sales versus BPDS £ 20,080 / week at current leased line prices).

What is more, the data call pricing includes a minimum of 90% mark-up over its incremental resource costs. This markup will increase if the customer gives less of a reservation notice for the Data Call.

In Sum, Data Calls Return High Margin Profitability To Affordable Bandwidth Sales. Portable, Opportunistic Broadband Provisioning Will Be Readily Available And Easy To Use For The Small, Medium, As Well As The Largest Retail Broadband Customer.


Just Another Oxymoron: Internet Security, says Information Week

April 6, 2009

Interesting Points from Information Weeks Worst of…

In 2007, the words “Internet security” joined the ever-growing list of self-canceling phrases, alongside “business intelligence,” “Congressional ethics,” and “Microsoft Works.” This year, bot herders proved they could harness enough zombie PCs to take down an entire country’s infrastructure for a month. Estonia eventually recovered, but our notion of Net invulnerability hasn’t.

According to McAfee’s Virtual Criminology Report, some 120 governments are actively engaged in Web espionage and cyber assaults. Meanwhile, private criminals used the Storm worm to created a botnet for hire containing millions of zombies–enough to take down a major network. And while the FBI’s Operation Bot Roast nailed a handful of domestic bot herders, that leaves several thousand more to go, most of them living beyond the Feds’ reach. Three-quarters of cyber attacks in 2007 originated outside the U.S., according to Symantec’s most recent Internet Security Threat Report.

As with global warming, there’s plenty of blame to go around–for everybody from developers of insecure software to home users who blithely log on without inoculating their PCs. Let’s hope they get more of a clue in 2008.

“enough zombie PCs to take down an entire country’s infrastructure for a month” A series of online attacks seriously disrupted Web sites belonging to several banking and government organizations in Estonia this year may have been perpetrated by a loosely organized, politically motivated online mob, a security researcher suggested at the Black Hat 2007 conference.

The attacks hold several lessons about how large-scale Internet attacks can unfold and the responses that may be needed to deal with them, said Gadi Evron, security evangelist for Israel-based Beyond Security. “The use of the Internet to create an online mob has proven itself and will likely receive more attention in the future,” following the Estonia attacks, said Evron, who wrote a postmortem report on the incident for the Estonian CERT.

The widely reported attacks in Estonia crippled Web sites belonging to the Estonian government — including that of the nation’s prime minister as well as several banks and smaller sites run by schools. The online attacks are believed to have been triggered by the Estonian government’s decision to relocate a Soviet-era war memorial in Tallin called the Bronze Soldier.

The decision sparked more than two days of rioting in Tallin by ethnic Russians as well as a siege of the Estonian embassy in Moscow. It also appears to have sparked an Internet riot aimed at the country’s online infrastructure, Evron said.

Initial media reports suggested that the denial-of-service (DOS) attacks may have been organized by the Russian government in retaliation for Estonia’s decision to move the statue. The reality, however, is that the attacks were carried on by an unknown number of Russian individuals with active support from security-savvy people in the Russian blogosphere, Evron said.

Many Russian-language blogs offered simple, detailed instructions to their readers on how to overload Estonian Web sites using “ping” commands, Evron said. The bloggers also kept updating their advice as Estonian incident responders started defending against the initial attacks.

The attacks started with pings and quickly scaled up to more sophisticated attacks, including those enabled via botnets from outside Estonia. One attack was launched by a specially crafted botnet with targets hard-coded in their source, Evron said. Some bloggers attempted to collect money to hire botnets to launch attacks against targets in Estonia, Evron said. The timing of the attacks, their scope and the sudden availability of botnets to aim at Estonian targets suggest that some level of organization was involved. But no evidence explains who was responsible.

None of the attack methods were new or sophisticated, Evron said. Neither were they particularly large as far as DOS attacks go. But they were enough to seriously disrupt several services in what is a very Internet-dependent country. For instance, because bank sites were crippled, many citizens were unable to conduct ordinary transactions such as buying gas and groceries.

The attacks highlight several issues — chief among them the importance of incident response, Evron said. When the attacks started, the Estonian responders first focused on the targets rather than sources. Filtering technology was used to throttle back on traffic aimed at target systems, which, at its peak, reached between 100 to 1,000 times the normal amount of traffic.

Quick decisions were made on which systems to protect first and all connections to those systems from outside the country were blocked. Efforts were also made to lure attackers to less critical systems and draw their attention away from the more important ones, Evron said.

The Estonian incident also showed how — at least in that country’s case — “critical infrastructure” proved to be banking and private-sector companies, ISPs and media Web sites, not Estonia’s transportation or energy sectors, Evron said.

“some 120 governments are actively engaged in Web espionage and cyber assaults” Governments and allied groups worldwide use the Internet to spy and launch cyberattacks, targeting critical systems including electricity, air traffic control, financial markets and government computer networks, according to McAfee’s annual report on global cybersecurity.

This year, China has been accused of launching attacks against the United States, India, Germany and Australia, but the Chinese are not alone: 120 countries including the United States are said to be launching Web espionage operations, according to McAfee’s Virtual Criminology Report, issued today and developed with input from NATO, the FBI, the United Kingdom’s Serious Organized Crime Agency, and various groups and universities.

“Cyber assaults have become more sophisticated in their nature, designed to specifically slip under the radar of government cyber defenses,” McAfee states. “Attacks have progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic and technical espionage.”

One attack against Estonia, allegedly carried out by Russia, disrupted government, news and bank servers for several weeks, McAfee notes. In the United States, a Pentagon computer network allegedly was hacked by China-based perpetrators in June, the McAfee report states.

The Internet is simply a great tool for gathering intelligence, both for world powers like the United States and China and small countries with limited resources, says David Marcus, security research and communications manager at McAfee Avert Labs.
He doesn’t think cyberattacks will replace conventional warfare, but says they are becoming an important augmentation, with countries using technology to spread disinformation and disrupt communications. He also predicts it will be common for governments to license cybercriminals to attack enemies in a sort of privatized model. “We’re already starting to see that with state-sponsored malware,” he says. “I only think you’re going to start seeing more than that because it’s easier to attack government X’s database than it is to nuke their troops.”

McAfee said its research also found an increasing threat to banking and other online services, and “the emergence of a complex and sophisticated market for malware.” Malware today is more complex than ever before, capable of acting as if it were genetically modified. “These ‘super-strength’ threats are more resilient, are modified over and over again like recombinant DNA,” McAfee writes. “Nuwar (‘Storm Worm’) was the first example, and there will be more in 2008.”

VoIP is a new target of cybercriminals, and social-networking applications — MySpace and Facebook may be exploited more often, going forward, McAfee says. NATO insiders say many governments are unaware of Web espionage threats, leaving themselves open to cyberattack.

One aspect that might be overlooked is the economy that distributes the tools of cybercrime. Software flaws are sold for as much as US$75,000, and criminals can buy custom-written Trojans designed to steal credit card data. Additionally, McAfee says an “underground economy already includes specialized auction sites, product advertising and even support services, but now competition is so fierce that ‘customer service’ has become a specific selling point.”

“ private criminals used the Storm worm to created a botnet for hire containing millions of zombies” The Storm worm is fighting back against security researchers that seek to destroy it and has them running scared, Interop New York show attendees heard Tuesday. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says Josh Korman, host-protection architect for IBM/ISS, who led a session on network threats. “As you try to investigate [Storm], it knows, and it punishes,” he says. “It fights back.”

As a result, researchers who have managed to glean facts about the worm are reluctant to publish their findings. “They’re afraid. I’ve never seen this before,” Korman says. “They find these things but never say anything about them.” And not without good reason, he says. Some who have managed to reverse engineer Storm in an effort to figure out how to thwart it have suffered DDoS attacks that have knocked them off the Internet for days, he says.

As researchers test their versions of Storm by connecting to Storm command-and-control servers, the servers seem to recognize these attempts as threatening. Then either the worm itself or the people behind it seem to knock them off the Internet by flooding them with traffic from Storm’s botnet, Korman says.
A recently discovered capability of Storm is its ability to interrupt applications as they boot up and either shut them down or allow them to appear to boot, but disable them. Users will see that, say, antivirus is turned on, but it isn’t scan for viruses, or as Korman puts it, it is brain-dead. “It’s running, but it’s not doing anything. You can brain-dead anything,” he says. The worm has created a botnet of slave machines whose latent size and power is unknown. The number of infected machines available to launch spam and DoS attacks is estimated from hundreds of thousands to 50 million. Korman says he believes it’s between 6 and 15 million.

The botnet the worm commands is used infrequently, indicating that it is for sale or lease to what he terms “profit nation” — computer hackers who do their work for money not fame. The potential exists for political entities to use the botnet for cyberterror attacks, he says.

“It’s getting more serious the more I look at it,” Korman says. “I’m more concerned not so much about where Storm is today, but where it’s going.” Still, the power of Storm, also known as Peacomm, is still hotly debated. Earlier this week another expert said the worm had pretty much run its course and was subsiding.

the FBI’s Operation Bot Roast nailed a handful The FBI Wednesday announced that its “Operation Bot Roast” anti-botnet sweep has so far identified more than 1 million hijacked personal computers and resulted in the arrest of three men charged with everything from spamming to infecting systems at several hospitals.
The operation is an ongoing effort to disrupt the bot trade and identify botnet controllers, the FBI said at a news conference. “Bot” is the term for an infected personal computer. A “botnet” is a large number of hijacked PCs controlled by a hacker, called a “bot herder.” Botnets are used by spammers, criminals launching distributed-denial- of-service (DDoS) attacks and malware authors looking to spread their applications. “The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said James Finch, FBI assistant director for the cyber division.

With the help of the CERT Coordination Center at Carnegie Mellon University, the FBI is also trying to notify the owners of the million-plus victimized computers it has fingered as bots. “Through this process, the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity,” the agency said.
That’s exactly how authorities uncovered bots controlled by three men recently arrested, including spam king Robert Soloway in Seattle, James Brewer of Arlington, Texas, and Jason Downey of Covington, Ky., with various felonies. According to indictment papers filed yesterday in a Chicago federal court, Brewer compromised more than 10,000 computers worldwide, including machines at two area hospitals, between October and December 2006. “The ‘bots’ caused the infected computers to, among other things, repeatedly freeze or reboot, causing significant delays in the provision of medical services,” the indictment states. It took the hospitals more than 1,000 man-hours to clean up after the infections.

Downey, meanwhile, was charged two weeks ago with running a botnet that conducted DDoS attacks using an IRC (Internet relay chat) server called Last year, that server was one of several that Sophos PLC linked with ongoing attacks by the Agobot worm.

Estimates of the botnet problem’s size are hard to pin down: Symantec Corp.’s most recent report estimated there has been a 2nd half 2006 increase of 29% in the number of hijacked computers.

Three-quarters of cyber attacks in 2007 originated outside the U.S. Today, the threat landscape is arguably more dynamic than ever. Identity theft is an increasingly prevalent security issue, particularly for organizations that store and manage information that could facilitate identity theft. Compromises that result in the loss of personal data could be quite costly, not only to the people whose identity may be at risk and their respective financial institutions, but also to the organization responsible for collecting the data. Data breaches that lead to identity theft could damage an organization’s reputation, and undermine customer and institutional confidence in the organization. Underground economy servers are used by criminals and criminal organizations to sell stolen information, typically for subsequent use in identity theft. This data can include government-issued identification numbers (such as social security numbers), credit cards, bank cards, personal identification numbers (PINs), user accounts, and email address lists.

Symantec tracks and assesses underground economy servers across the Internet using proprietary online fraud monitoring tools. For the first time in this issue of the Internet Security Threat Report¸ Symantec is assessing the types of goods that are most frequently offered for sale on underground economy servers.

Who Let The Dogs Out.

April 1, 2009

Check this out.