Archive for 2006

6
Dec

Privacidad por contrato

Written on December 6, 2006 by faparicio in Riesgos y Tecnología

Director Cátedra de Riesgos en Sistemas de Información
Bueno, parece que, en materia de protección de datos, no sólo llueve en Europa y chaparrea en España: una empresa de mercadotecnia online norteamericana, pagará 900.000 euros de multa por haber empleado ilegalmente los datos personales de seis millones de consumidores norteamericanos (ver noticia completa) . A diferencia del caso de las autoridades de control europeas (las agencias de protección de datos), la multa en el mercado USA la impuso el fiscal general de Nueva York y es una de las más cuantiosas de una legislación claramente por debajo del nivel de exigencia de sus homólogas europeas. Parece que el ámbito del marketing tiene en el respeto a la privacidad y la política anti-spam a su Pepito Grillo particular y es una de los principales criterios para la selección de un proveedor de email marketing. Ahora que empiezan a proliferar los servicios de marketing en modo ASP (ConstantContact, Graphicmail, Teenvio, etc), los clientes tienen que tener en cuenta más que nunca que la responsabilidad en caso de infracción de la normativa es para ambos, cliente y proveedor, lo que obliga a revisar el contrato y adecuarlo a las circustancias y legislación particulares (la propia filosofía de estos servicios es ofrecerlos a cualquier país del mundo). Por tanto, nada de contratos de adhesión, en los que mi única opción como cliente es aceptar o no: si el proveedor vende un servicio personalizado…ha de empezar por el contrato.

24
Nov

Toc, Toc…aseguradoras, estais ahí?

Written on November 24, 2006 by faparicio in Technology Management

Fernando Aparicio. Director de la Catedra de Riesgos en Sistemas de Información y Profesor del Area de Sistemas de Información
Aunque es ya una necesidad real desde el punto de vista de la demanda, la oferta de soluciones aseguradoras de cobertura de riesgo electrónico se reduce a un puñado de visionarios provenientes de las mayores aseguradoras internacionales, quienes, en su día, se lanzaron al barro de intentar conseguir cuantificar los riesgos de seguridad de la información, verdadera zona muerta de las organizaciones. ¿Que implanto un firewall,,IDS, antispam, antivirus y demás cacharrería…? De acuerdo, mi riesgo de seguridad perimetral se reduce, pero no se elimina; siguen existiendo falsos negativos, errores de configuración, actualizaciones no instaladas, o simplemente vulnerabilidades llamadas de “día cero”. Con lo cual. el Director General como buen gestor, tiene que lidiar con el riesgo residual, según el cual le voy a cortar la cabeza a mi responsable de seguridad por mucho que me explique, mediante 35 acrónimos que el Director ni entiende ni quiere entender, que, técnicamente, el impacto era imposible de evitar.
¿Y qué decir de la implantación y comunicación de políticas y procedimientos de seguridad? ¿Puedo asegurar que todo mi personal no sólo está debidamente formado sino que cumple escrupulosamente con los requerimientos de seguridad de la compañía? ¿A cuántos de los empleados por un oído les entra y por el otro les sale? Y por mucho que me esfuerce en mis campañas internas de sensibilización, el error humano seguirá siendo estadísticamente la mayor amenaza en cualquier análisis de riesgo que se precie.
En resumen, para cuando asegurar el contenido y no el continente, o dicho de otro modo, ¿de qué me vale asegurar el hardware cuando lo importante son los datos de la organización? Es hora de que las aseguradoras den un (valiente, bien es verdad) paso al frente para ofrecer el pilar de seguridad que nos falta. Algunos tímidos pasos se están dando (aunque, una vez más, fuera de España), como el que anuncia Financial Teh Magazine con la oferta realizada por AOL a sus suscriptores: les ofrece un seguro gratuito para casos de robo de identidad online; el seguro cubre a los usuarios en caso de robo de identidad u otros daños, y la compañía encargada es AIG, que asume las indemnizaciones en caso de robo de informaciones privadas de usuarios; tales como los números de sus tarjetas de crédito, de la Seguridad Social, así como datos de sus cuentas bancarias y demás información personal comprometedora.
Aunque más valdría que cubriera a los sufridos vendedores online, que son los que habitualmente pagan el pato del fraude online…..

17
Nov

Wimax: the new enemy of telecommunication companies?

Written on November 17, 2006 by José Esteves in Technology trends

Last week some telecommunication companies announced their results during 2005. After the presentation of its results, deutsch telecomm has just changed its CEO…Telefonica is doing quite well thanks to adsl connections, same with france telecom, but for long they may increase results because of adsl users?
After VOIP, i think that the next challenge to telecommunications revenue model, is Wimax technology. WiMAX (standardized in IEEE802.16) is a wireless standard for so-called “MAN” application, or Metropolitan Area Networks (an intere city). It complements Wi-FI (IEEE802.11) which is inteded for “LAN”, local area networks (your house or building). The main advantage of WIMAX would be a slightly bigger thruput, some feature of better control of traffic flowing, but mostly, the reach, which could go up to 50km. So WIMAX could be used to connect to the network when no local WIFI hot spot is available or to connect between them “islands” of WIFI, like for intance connecting a distant village to the nearby city.
Countries like China, have announced the investment on this kind of technology to provide Internet Access. Some latin america countries are also starting to experiment with wimax technology.
New companies such as Alvarion, one of the top players on wimax business are challeging the traditional telecommunications players. Thus, i think that in the near future we will start seeing big changes on these players, they need to adapt to survive…

9
Nov

wikis conquering the enterprise

Written on November 9, 2006 by José Esteves in Technology trends

Google’s recent acquisition of JotSpot has put wikis back in the news — and likely on the radar screens of more CIOs. Companies using them say wikis can supercharge collaboration among employees and also with outside partners.
But can wikis make the jump to a strategic tool for enabling business?
More and more, experts are saying that yes. IBut the wiki revolution is emerging not from IT people. Instead, department-level managers and project managers are leading the charge to use wikis, in part because wikis seem to inspire innovation in employees. Gartner predicts that half of all U.S. businesses will use wikis within three years. Already, vendors like IBM and Microsoft are adding wiki functions to their enterprise collaboration tools.

8
Nov

UTube versus YouTube

Written on November 8, 2006 by José Esteves in Technology Management

A company that shut down its Web site because it was overwhelmed by millions of people looking for YouTube has sued the online video-sharing portal. The Globe and Mail reports that Universal Tube & Rollform Equipment said the cost of hosting its Web site – utube.com – has grown significantly in the last two months. ‘We’ve had to move our site five times in an effort to stay ahead of the youtube.com visitors,’ said Ralph Girkins, Universal Tube’s president. The lawsuit, filed last week in US District Court, asks that YouTube stop using the youtube.com or pay Universal Tube’s cost for creating a new domain. Universal Tube, which sells used machines that make tubes, has said it has lost business because customers have had trouble accessing its site.
Full report in The Globe and Mail

8
Nov

Luxury Brands to the Web

Written on November 8, 2006 by José Esteves in Technology trends

As reported by the wall street journal on monday, there is a change in store for holiday shoppers this season. Over the past year, many of the world’s biggest luxury brands, that were previously hard to find on the Web, have opened online stores.
Websites such as style.com Net-A-Porter.com are creating exclusive agreements with some labels and also improving the way of selling, using multimedia. Style.com creates amazing videos for labels like Fendi.
although it seems a typical evolution, it is a radical change in terms of luxury brands culture. The internet’s reputation as a host for discount shopping and bargain-basement deals, epitomized by retailers like eBay and Amazon has until now been a turnoff for luxury goods players.
If selling is the primary goal, online marketing is the second one. With more users surfing the Net, it seems natural that luxury brands try to ad online. For users ther is also another advantage: Price. As the wall street journal mentions, user can compare prices and also buy items that companies sell only online
The issue remains: are luxury brands losoing image and prestige with this movement?

4
Nov

No more guns to rob a bank

Written on November 4, 2006 by faparicio in Technology Management

Fernando Aparicio. Information Systems Professor.
Confirming the worst omens about malicious use of the Internet, several recent news have stressed this worrisome trend: hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars. Based on phishing or pharming disguise, social engineers cash in on the usual unawareness of the average internet user. All these fast-growing forms of online fraud have been used against online brokers such as E-Trade and TD Ameritrade, US’ fourth and third-largest online broker, respectively.
Stealing information from a user is not much more complicated, for instance, than placing keystroke-monitoring software on any public computer (library, hotel business centers, airports, cybercafes). All hackers have to do is wait until anyone types in the Web address of E-Trade or any other online broker, and then watch the next several dozen keystrokes, which are likely to include someone’s password and login name. The user has then been stolen its digital identity and…a lot of money?
In this particular case, both E-Trade and TD Ameritrade have guaranteed that they will cover their clients’ losses, even though they are not required to do so by law. What would be the reaction of the Spanish banks? Most probably blaming it on the customer, who is responsible for keeping its login and password safe.
The most worrying matter of this situation is that the problem is growing faster than its public awareness. If we merge the ever-growing use of Internet for both corporate and personal finance and the “snooping software-for-dummies” availability the odds for this problem to skyrocket are pretty high.
E-Trade stated that “concerted rings” in Eastern Europe and Thailand caused their customers $18 million in losses in the third quarter alone. The distributed denial-of-service attacks are among the most recent, fashionable and easy-to-use attack schemes used widely for organized crime to harm private web servers and taking them down during days. What is the financial impact of this time of non-delivery service to my customers? Ask your CEO, please, he should have an answer for its investors and stockholders, shouldn’t he?
In fact, online scams have been growing so serious in the States that the Federal Financial Institutions Examination Council, a government entity that establishes standards for banks, has given U.S. financial institutions until Dec. 31 to tighten security measures for accessing online accounts. Offering user awareness programas and free anti-spyware software are among the countermeasures recomnended.
It is still to soon to get really concerned in Spain? Just two flashes to deny a positive answer: DDOS against IRC Hispano and the detention of a Spanish trojan creator. We’d better get ready, the dark side is already here.
Click here for the whole article

18
Oct

Google Mania by Mahesh Pillai – GCMBA07 Alumn

Written on October 18, 2006 by Guillermo Montes in Información y tecnología

The Mountain View, California based firm is in the news again, for the right reasons of course (unlike HP, which is based not very far from Mountain View). After its headline-hogging buyout of YouTube (www.youtube.com), Google (www.google.com) has announced that it has merged its online word processing tool Writely and online spreadsheet tool. The new combination will now be called Google Docs and Spreadsheets (not a very creative name I must say).
Online forums are abuzz with debates over whether this is a nail in Microsoft’s Office coffin. My thoughts are that while Microsoft might not see this as an immediate threat to its virtual monopoly over the office tools space, the long run will see Microsoft having to contend with strong competition from Google and others if it does not respond with an online option of its office suite.
Two other factors will weigh in on how this market shapes out for Google. First, the fact that Google’s word and spreadsheet applications have much less features compared to Word or Excel. This will make acceptance from medium to large business virtually impossible, since functionality will most likely be a higher factor than cost. For Small to Medium scaled businesses, Google is an enticing option given how expensive the Microsoft Office suite can get. The second factor is the competition in this field. SaaS applications like Zoho, Open Office , and Thinkfree are way ahead of Google’s word and spreadsheet applications in terms of the functionality they offer.
Analysts point out that Google should try to popularize their office products by making a full featured stand-alone version available. I doubt if Google will ever take that route, since it is not their business model. They are not a software company and they don’t make money by selling software. Advertising is what brings in their moolah and offline, stand-alone applications are certainly not a way of generating ad revenues.
Microsoft’s launch of its touted online office suite is a much awaited event and is sure to make things interesting. In the meantime, if using cool free office tools give you a high, be sure to check out OpenOffice.org.

17
Oct

CrackBerry Pearl by Mahesh Pillai – GCMBA07 Alumn

Written on October 17, 2006 by Guillermo Montes in Información y tecnología

So what is all the talk about people getting addicted to their BlackBerry??
If rehab is the first thing that comes to mind, think again, the new BlackBerry Pearl will send you to email hell and you might actually enjoy it!
BlackBerry Pearl (www.blackberrypearl.com) is the latest phone from the Canada based technology company Research in Motion (RIM (www.rim.com)). At $199 (from T-Mobile (www.t-mobile.com)), this is phone worth owning for all the features that it offers. Users of the old BlackBerry will instantly notice the absence of the signature scroll wheel, which has been replaced by a trackball which is pretty intuitive and easy to use once you get the hang of it. That’s not all that has changed. Moving away from just catering to its typical business users, the Pearl has new multimedia features that are designed to attract hipper style conscious users.
Weighing a wispy 3.2 ounces and a half an inch thick, the Pearl has new multimedia features that include a 1.3 megapixel camera, iTunes enabled mp3 player, MPEG video player, microSD card slot in addition to the 64MB flash memory. This adds to the other features of Web browsing, Email, and Organizer. An impressive feature is support for Google Maps.
If you are one of the 5 million users who like to be seen scrolling through messages on their BlackBerry’s and had hoped that you could do more with your phone than just make calls and check email, a shift to the Pearl might be well worth it. The rest should buy it at your own risk of addiction.

4
Sep

Microsoft IE update by Mahesh Pillai – GCMBA 07 Alumn

Written on September 4, 2006 by Guillermo Montes in Software

Some good news for users (including yours truly) of Internet Explorer is coming out of the Microsoft stables. Microsoft is planning to make IE 7 available as a security update to its Windows XP users later this year. A third beta was released last month and is available for users to download. The updates will be pushed through Windows’ Automatic updates, but users can choose to not install it. The last major update to IE was quite a while back, about 5 years to be more precise, which is saying something about how secure IE is against newer security threats.
Most tech savvy people do not really think highly of IE’s security capabilities, but this release is aimed at improving that image. Apart from the numerous smaller bugs that have been fixed in the new release, security features in ActiveX have also been boosted. Some tools to protect users from fraud resulting from personal and financial data have also been included in this release. For example, users will be notified if a certain bank’s website has been fraudulently replicated on another website.
Microsoft is of course being itself and using it’s tried and tested strategy of making available a few key features of a new release only if users upgrade to a newer version of an associated software. The ‘protected mode’ security feature on IE 7, which notifies the user whenever the browser tries to install new software or change any settings on the computer, will only be available with Windows Vista, which is due early 2007.
The real test for IE 7 will of course come from the ever increasing number of hackers and others trying to exploit weaknesses in a browser to access sensitive information.