Security Attacks, Technology Advancements

Symantec Corp. has admitted that its servers were compromised, leaving several of its security tools' source code available to be accessed. Elsewhere, Zappos Development Inc. also suffered a major attack. IBM Corp. announced significant advancements in the areas of battery and storage density. Lastly, California has approved legislation to reduce vampire power consumption.

Focal Points:

• Symantec announced that source code for five and six year old versions of Symantec Endpoint Protection and Symantec Antivirus had been stolen, and named the source of the theft as a server operated by the Indian government. The company is now amending its earlier statement, adding that its own network, rather than that of the Indian government, was the source of the breach. Worse still, the company stated that source code for additional products including Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack, and pcAnywhere had been obtained. These products are prominent among Symantec's stable, and the hacker claiming responsibility for the breach claims to be releasing zero-day code exploits after the code review is complete. Elsewhere, Amazon.com, Inc. owned Zappos has notified the Federal Bureau of Investigation (FBI) and 24 million of its customers about its own significant security penetration. The company disclosed that hackers made off with the names, addresses, cryptographically scrambled passwords, email addresses, phone numbers and partial credit card numbers, but added that the database holding credit card data was uncompromised. Zappos has reset all customer passwords and warned customers using the same id and password combination on other sites to change credentials immediately. Although the stolen customer passwords were encrypted, it is unclear how secure the employed hashing is.
• For the 19^th consecutive year, IBM claims the prize for the most patents issued at 6,180, a five percent jump from 2010. The declaration coincides with two breakthroughs from the company, though neither is yet commercially available. First, IBM believes it has found a way to store up to 1,000 times more energy than a standard lithium-ion battery and effectively extend the range of an electric vehicle's battery by a factor of five. Rather than using metal to conduct a charge, IBM's Li-air technology employs air to react with lithium and carbon as part of its Battery 500 project began in 2009.  A working prototype could be tested next year and commercial products by the end of the decade. IBM also found a way to shrink storage down to just 12 iron atoms for a single bit of data. This is thought to be the absolute limit for magnetic storage density because quantum effects dominate when fewer atoms are used, thus eliminating the sanctity of the magnetic charge required to indicate a bit's "on/off" status.
• In a 3-0 vote, the California Energy Commission has passed legislation dictating new standards for battery chargers sold in the state after February 1, 2013. California claims that 13 percent of its average household's energy use comes from standby power consumption and that battery chargers, which use power even when not actively charging, account for a significant portion of that amount. According to the state's calculations, the new regulations will save enough electricity to power 350,000 homes and save residents $906 million per year. With a number of other northwestern states following these developments closely and considering implementing their own such regulations, the Consumer Electronics Association (CEA) has been quick to issue a response to the law's passage. The CEA claims California's calculations for energy savings is fundamentally flawed and is irked by its inability to comment during the public comment period. The federal Department of Energy is also working on regulations regarding battery charger energy use.

Experton Group believes enterprise security remains a journey and not a destination. As such, enterprises must take great care in establishing, monitoring, and rigorously enforcing proper procedures including regular patching, redundant firewalls, regularly changing passwords, and updating user access profiles as personnel move into and out of roles. IT executives at sizable organizations are well aware that the next security threat always lurks imminently on the horizon, and therefore should not be surprised when well-known entities are targeted and breached. Symantec should have been more cautious and conducted a full investigation before condemning a customer rather than itself, and it should be of particular concern that security companies including Symantec and RSA have recently been breached. While IBM's new battery and storage discoveries will take years of research and development before they reach market, assuming initial proofs prove both technically and financially viable. Nonetheless, IT executives should take the announcement of these new advancements as a reminder of the continuously improving nature of technology and the value – both hard and lost opportunity costs – of maintaining old technologies when newer, more effective ones come to fruition. As an example, Experton Group has proven in numerous iterations that upgrading old hardware is less expensive from a total cost perspective. Still, many IT executives fail to keep to a regular upgrade cycle and succumb to keeping assets that are "fully paid and depreciated" in operation when administrator, breakage, floor space, and software maintenance costs prove the strategy inefficient. Lastly, IT executives and technology vendors should expect legislation regarding power usage to apply across a wide array of products. California's need to have its own rules supersede that of the federal government are well known, if troublesome, and Experton Group believes the CA ruling will likely stand. Moreover, the new passage will likely result in changes to the federal regulations so as to help bring universal standards and allow for a single set of U.S. standards.