The last week, in my spare time, I saw very interesting talks about how to improve Mobile App Performance. One particular topic who came in many conversations with my team was the Internet Protocol version 6, well known as IPv6, the next generation Internet Protocol, who solves not just the problem of IPv4 exhaustion, but it’s thought to other problems like security and true end-to-end connectivity. So, I began to dig even deeper why IPv6 matters today for Mobile Performance, and fortunately, I found a lot of cases, people and teams working in the same problem.
Everyday you read or hear about new stories about Social Engineering Scams, Data breachs, Personal Information Records Threfts, Credit Cards scams, new kind of attacks like Voice Phishing, CryptoLocker, Dino, Duqu; and vulnerabilities like StageFright, POODLE, BEAST, FREAK, and more.
But there is a new shift for hackers right now: Mobile devices and apps; and every second, if you are in the Cyber Security industry, you see that the attacks are becoming more targeted and sophisticated with time. We are using our Mobile devices right now for almost everything: browse the web, to make payments, to chat with friends and family, but many of us are not aware of the dangers and worries about privacy and security when we do that through Mobile; and we need to take advanced measures to protect us from scammers and hackers. I always talk with my family about these issues and I show to them real threats about this. Some have heard my advices, others just ignored me until they are victims of one of this kind of attacks. One of my cousins was one of these victims and he told what he could do today to keep Mobile communications private and secure, and this is the objective of the post: to provide world-class apps and tools to achieve this. Let’s start.
Writing the last post about Mobile Performance, one of the news that shocked me was the partnership between Apple and Cisco. I began to dig deeper about this, and I understood that this needs a complete post to talk about this profound partnership. When you see this kind of alliances about two massive companies, you begin to look for answers, but the real deal is to make more questions:
- Wants Apple to bet in big for the Enterprise world?
- Why Cisco?
- Why now?
Yes, I have to say it: I’m a Performance junkie; I’m trying always to the fastest and suitable solution for a particular problem in the architecture of the platforms where I’m involved. In my case, I learned a lot about caching systems, HTTP servers optimization (my favorite is Nginx right now), Databases systems tuning, and more. But everything changed when I was charged to lead the first Mobile app development in my organization.
Here in Cuba, we are in a different technology perspective of the world, because mostly of the time, we are offline of Internet. Recent changes in ETECSA (the Telecomms company in the country) services has allowed to more Cuban people to be connected more often, but the majority of the population can’t afford the service (an Internet connection card through public WI-FI costs 2 CUC per hour, the equivalent to 2 USD per hour, and it’s located in specific zones around the country). Due to this problem, you have to code every Mobile app with an offline-thinking, and we have to make it right the first time, because:
- You have only one chance to prove that your app is valuable to them
- You don’t have any form of feedback, and many of them simply can’t send it to you
So, my team and me started to getting deep about Mobile performance issues and how to fix the problems quickly.
We began to focus first in the offline version of the app, and then we began to think about to incorporate some small online features to it. In the process, we learned that there are so many problems that could affect the performance of your Mobile app, which you can feel intimidated, but many of these problems can be solved today with a detailed planing of your Mobile app development and with a completed view of all performance metrics that could affect your app. And this is the main objective of this post: to help you to identify quickly these problems, and the solutions that you could apply today, and the products and teams that could help you in the process. So, let’s start the journey.
“Small Businesses are important for the global economy”, I said in a recent conversation with an U.S high-level executive the last week. “I know that”, he said to me, and continued “But, to create a good plan to launch a product focused in small and medium enterprises, we need to know how many of them are actually around the globe”. And my straight answer was: “I think you have to focus in at least 5 countries, 10 countries like maximum, because you can’t launch a product simultaneously in more than 10 countries at the same time, there are many different needs for SMEs around the world, even in a same country”.
I continued: “If you want to see a good example of internationalization, you can see read how Mina Radhakrishnan did it (1, 2) at Uber (now she is a EIR Redpoint Ventures), but you can note one thing: they have hundreds of employees, from many countries and different cultures, which is critical for a massive work like this one; and seriously my friend, you don’t that quantity of personnel to embrace this huge task”. And he said:“OK, I understand your point. So, if you were to select some countries, what they would be?”. And everything started with that conversation.
Cybercrime is more organized than ever before. If you are in the industry of Cybersecurity, you see everyday more and more companies that are victims of a highly coordinated DDoS attack or you see highly-targeted data breach, which cost 3.8 million like average. So, if hackers are getting more sophisticated, companies that are want to be protected, need to take a bold approach and to make contracts for a robust security programs for this. Greg Day and Bryce Boland, from FireEye, made a great post explaining how to quanlify the economic return from Cybersecurity solutions; and based in this approach, I think that every serious company with Enterprise customers need to think deeply on this.
But, How could you take this approach? Is any available solution to provide Real-Time detection of attacks? The simple answer is: YES. The not-so-simple answer is a little more complicated: to accomplish this difficult task, a modern Cybersecurity solutions needs to be based in the principles described by Dr. Hossein Eslambolchi (former Head of Research at AT&T Labs and a well known Cybersecurity expert): 3P (Proactive, Preventative and Predictive). Many security solutions could fulfill the first P, but the next two are more complicated, because here is where comes to play Advanced Analytics using Data Mining and Machine Learning techniques in Real-Time. This combinations of techniques and methods, could be something Dr. Eslambolchi defined like: Anomalytics. What is this, and more importantly, who is in the frontline of Anomalytics? Keep reading to find out.
Reading the recent news from Cisco about its intent to acquire OpenDNS made to think about the strategy behind this group of acquisitions that the company have been doing since 2013. Every report that you read about Cybercrime is saying the same: Hackers don’t sleep, and they are always finding new ways to steal your data, or to crack your Mobile device, or use your laptop or computer like part of a highly sofisticated botnet. For example, there is the report from Juniper Research that said that “Cybercrime will Cost Businesses Over $2.1 Trillion by 2019”, where they found found that the majority of these breaches will come from existing IT and network infrastructure, but there is an increasing interest in the Internet of Things (IoT) and mobile devices, so to be prepared for this inmmediate future, organizations need to be creative, looking for the best platforms to be protected. And to which company they will begin to look? That’s why Cisco wants to become in the de-facto partner to call, covering every corner of the Security business. How they are doing this? Keep reading.
Some days ago, I was talking with a friend of mine about new technologies which could redefine in the upcoming years how we will work, live and make business, and certain word came to the conversation like a bomb: Bitcoin. I’m an avid reader for tech news and sites, spending a lot of time reading articles from Nathaniel Mott at Pando about Security and Net neutrality, discussing topics from a recent article from First Round’s Review (BTW: the last one about Hacking Sales with Inbound Marketing is amazing), and many others good resources about tech. I trust in Pando like a one of the best and sincere platforms for sharing information about Startups, Venture Capital and more topics. So, when I began to search information about what is Bitcoin, and which companies are working hard in this space, so I went again to Pando looking for the basics. Following this idea, I found very interesting articles from Dennis Keohane, talking about the new funding raising of Circle, one of the most interesting Bitcoin startups:
“With Goldman Sachs’ investment, Circle — and by proxy Bitcoin — gets a huge uplift in visibility outside of the smaller venture capital community. While General Catalyst and Accel carry weight in the world of entrepreneurs and fast-growth startups, the approval of a multinational investment bank like Goldman, even with all its baggage, is a signal of Bitcoin’s arrival in the consciousness of the financial world at-large.”
Gem’s stated goal has been to eliminate the learning curve for bitcoin developers, while allowing the industry to adopt best-in-class security standards to store, encrypt, and backup end user bitcoin assets, without deep expertise in cryptography or security. The company’s API does exactly this by making a comprehensive set of security solutions available at the push of a button. Crucially, Gem never needs to take possession of end-user funds, meaning that relationships between consumer and developer go un-interrupted.
These articles made me to wonder why Bitcoin doesn’t reach a major adoption for consumers, and I began to getting deep in this though, and after a deep information search, the answer came in front of me: “The Blockchain needs more to become in a more secure horse and Bitcoin companies need to be more serious with users credentials security”, and it seems that it matters for a broad adoption.
Then, I started to search more focused in this problem, looking for info about Bitcoin hacks around the world, and for my surprise, the list is very large. Even, there is a forum topic at Bitcointalk describing a very good complication of the most famous hacks and heists. One of the most famous hacks was Mt. Gox Bitcoin exchange, giving to hackers the shocking number of $460 Million; so when you see creepy things like this one, you become in an instant skeptical person about Bitcoin; but this idea is changing quickly with companies like Circle, Coinbase and Gem; because they are putting an incredible grade of resources and expertise to create Bitcoin-based secure platforms.
If you read my last post about how I integrated Redis, PostgreSQL and Neo4j, you should have noted that I use CentOS with SELinux activated in all my servers, because I know the costs behind a massive data theft, and all we have learnt this in a hard way. If you are in tech, you should remember the hacks at Target, Sony Entertaiment, Home Depot; the recently discovered vulnerabilities like VENOM, FREAK and the Logjam bug; or the news from Google shutting down its Chrome platform; or the news about the massive security risks in Lenovo’s PCs; or the three vulnerabilities discovered in Internet Explorer and the Trapwot Marlware by Palo Alto Networks’s Unit 42 Threat Intelligence team (BTW: incredible newsletter focused in Security alerts) and the list grows exponentially with time.
It´s not just in U.S; in the APAC region, the cyber battle is ruthless too. FireEye released an amazing research report in April describing how a cyber threat group (they called APT30) exploited governments and commercial entities across Southeast Asia and India for almost a decade, and more recently they worked with Microsoft in a new report, where they exposed a new Obfuscation tactic used on Microsoft TechNet, where they determinated that APT17, a China-based advanced persistent threat group was behind the attempt. This battle is getting more serious every second in every corner of the world, and there is one particular area where attacks are more sophisticated and common: targeting Mobile users and apps.
If you are one of my loyal readers, you should know that I’m a Statistics fan, and precisely, the numbers about cybersecurity in the well known Mary Meeker´s 2015 Internet Trends Report are simply shocking (Slides 88 and 89):
and there are many companies which are Mobile-First companies that are vulnerable to all this. But, my friend, still there are people out there which is working very hard to help you to secure your Mobile apps. FireEye for example, made a strategic partnership with Samsung Knox to protect Galaxy S6 users, based in their mobile threat protection products; already I’ve talked about Lookout and Palo Alto Networks, Red Hat’s approach to make the best Enterprise Linux distribution with a big thinking in security, OpenDNS with its Umbrella platform for protecting user from many forms of attacks in your corporate network, and more vendors. But, I will talk here about a new competitor in the space which is redefining how Mobile-First companies like Facebook, Uber, Etsy, are securing their respective apps with Two-Factor Authentication (2FA), and it seems they are doing a very good job on it, because every day, many organizations are more interested in the services they provide. Surprisingly for me, they are not based in California, their HQs are in Ann Arbor, Michigan and its name is: Duo Security.
Recently, working for a new client here at UCI, we began to think in an internal Social Network, focused in educational purposes where students, researchers, teachers and more, could have an online space to discuss trends, make comments, give online talks, etc. My team was in charge to define the Data Model of the platform, and of course, to define the completed strategy to the new Data infrastructure behind the platform. We are a big fans of CentOS (and RHEL of course), for its incredible stability, performance and amazing security features through SELinux, the security project sponsored by Red Hat, available in many Linux distributions today, but in CentOS and Fedora, there is the last policy version (# 28) which is the most updated version of it.
We began to dig in the data model, and we saw an opportunity to create a new kind of data storage solution, using PostgreSQL like the center of the hub; but making interactions with NoSQL solutions focused in fast in-memory read/writes and of course, to be able to store the social interaction among the members of the network like a graph. So, we began to test Redis and Neo4j for these particular tasks. This post is to explain how we did it.