I’ve never been much of a horror movie fan. I think my deep-seated love and background of history and my fascination for things that are real diminishes my ability to kick back and allow my wits to be uprooted by monsters and other ghoulish figures like Jason from Friday the 13th or Freddie Krueger from Nightmare on Elm Street.
That doesn’t mean I don’t like scary movies. Movies featuring psychotic predators that do not exceed the realm of possibility keep me both glued and frightened. If you want to frighten me, give me Max Cady from Cape Fear or Patrick Bateman from American Psycho.
Of course, even these characters are only fictional and cannot compare with the fears of real life. In the theater, the movie eventually ends. In real life, fear can keep going on, and on, and on.
We’re already being reminded of that less than two months into 2012 as we follow up 2011 – a year being described as having seen more data breaches and IT outages in history – with a spate of application failures to start off the year.
The Server that Ate Tokyo
In an eerily familiar-sounding drama, just shy of a full year after the London Stock Exchange and several other exchanges experienced failures that brought their systems to a halt, last week the Tokyo Stock Exchange suffered a similar fate.
For the second time in four years, a technical malfunction resulted in trading coming to a halt on the Tokyo exchange. This latest outage, however, affected the exchange’s three-month-old server platform that had been touted for its high degree of reliability.
Although Fujitsu, makers of the Arrowhead server that suffered the outage, refused to comment on the problem, however, Computerworld’s Michael Pooler reported that:
Exchange authorities said the problem was caused by a glitch in one of eight sets of system servers that comprise three devices. When a problem occurs in one device it should be automatically switched with the other two. However in this instance the automatic changeover did not happen, leading to the outage.
Cops and Hackers
The first time anybody ever tried to explain to me the meaning of “irony,” the example they used was a fire in a firehouse. Seems to me, a police department being the victim of a crime would also fit the definition of irony.
So it struck me as the ultimate “cyber irony” when back on February 3 the Boston Police Department announced it had been victimized by the hacker group “Anonymous,” which had hacked into the department’s front-facing web site, BPDnews.com. Where normally visitors would find news and information about the Boston Police Department as well as an online tip line, instead they were “treated” to repetitive streaming of the music video “Sound of Da Police” by KRS-ONE.
This was not the first time hackers have targeted the BPD in recent memory. Back in October, the same group hacked the servers of the Boston Police Patrolmen’s Association and released email addresses and passwords of city police officers.
But if misery (no, not the psycho-thriller with Kathy Bates) loves company, the BPD has it. Even before its web site was hacked earlier this month, Anonymous had also hacked into the web site of the Federal Trade Commission, forcing it to be down for over a week.
Exhorted and Extorted
Last month I posted about the first data breach admission of the year offered by, again, somewhat ironically, security giant Symantec. Since then, Symantec’s headache over the breach it originally suffered in 2006, but which it only admitted to this year, went from simple throbbing to the blinding migraine variety.
Again, Anonymous took responsibility for the breach, but this time the group threatened to expose what it had stolen in the hack – namely the source code for Symantec’s pcAnywhere security software.
In an effort to keep hackers from going public with the code, Symantec allegedly offered an “olive branch” of sorts in the form of a $50,000 bribe. The money was in part to buy the hackers’ silence and cooperation in keeping the source code proprietary, while also being part of the investigation to track the hackers. The hackers, in response, allegedly gave Symantec 10 minutes to come through with all of the money rather than accepting the security company’s offer to pay monthly installments until assurances the hackers had destroyed any trace of the code they held.
As John Riberio of IDG News Service reported, when payment was not made:
Hackers associated with the group Anonymous known as the Lords of Dharamaja leaked what appears to be another 1.27 gigabytes of source code from Symantec Monday night, what they claim is the source code of the Symantec program PCAnywhere.
The one thing this year’s new outages and breaches have in common is they were all somehow vulnerable to attack. Whether it’s a glitch in the system or a vulnerability remaining from legacy code, the fact remains that companies need to do a better job of assessing the structural quality of the applications in their systems. Identifying issues and determining its ability to be fixed is vital to the security and robustness of the application.
Continued failure to perform these assessments will only lead to companies fearing that last year’s failures will be exceeded by those this year…now THAT is a scary thought!