Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

2/17/2011
01:53 PM
Rob Enderle
Rob Enderle
Commentary
50%
50%

RSA: Microsoft vs. Google--Mobile vs. Cloud--Anonymous vs. HBGary Inc.

RSA has turned out to be an historic event this year showcasing massive industry change from traditional platforms to mobile devices and cloud computing, Google’s replacement of Microsoft as the most targeted vendor, and the drift of the vigilante group Anonymous towards the dark side.

The RSA conference has historically been rather low key year over year. Important things are discussed and presented, but topics are hardly fodder for major news events. But this year the show actually had a lot of really interesting conflict -- not only inside the show, but between the show and Mobile World Congress going on in Barcelona Spain. Let’s chat about some of the major events so far this week.

Microsoft vs. Google
This was subtle, but typically at RSA the company that everyone is jumping on is Microsoft for its lack of security. Over the last several years ago these quiet attacks have become less and less strident and this year Google took Microsoft’s place. In fact, and I have mentioned this before, Google seems to continue to be on track to repeat most every mistake that Microsoft has made since their founding at a faster rate and on a larger scale. If it were me running that company I’d likely try to avoid these mistakes but then the Google Stockholders must clearly like the idea of sequels and unnecessary drama.

Microsoft has a major presence at RSA and they set the stage in their keynote suggesting that governments implement a central control requirement. This requirement would make sure that anything connecting to the internet and using the common backbone meet certain minimum security requirements in order to eliminate the infrastructure that is spreading viruses and creating botnets. Better than an Internet Cutoff Switch which scares the hell out of anyone that worries about their government becoming “Big Brother” this would better immunize the against catastrophic events and likely work better than the “cut-off” switch ever could.

Google wasn’t at RSA, like Microsoft was in the 80s and 90s, Google appears to think that security is someone else’s responsibility and stories of hostile practices surrounding Google’s Android platform and search products were circulating wildly. Most chilling was the story out of Mexico where a top executive was kidnapped by attackers who used Google to identify him and then killed him when they didn’t get their ransom timely. Particularly troubling was that CNET actually identified this potential exposure nearly a decade ago and instead of addressing it in any fashion Google chose to blacklist CNET. Can you imagine if any other product company did this and was connected to a death of a prominent executive?

While clearly there was a lot of concern surrounding Google’s public cloud products and security the other really big story was that in China there are evidently companies who take applications off of Google’s application store and rewrite them either putting advertising or malware in them and then releasing them back onto Chinese versions of the App store where folks load them onto their phones. Much like Microsoft’s past practice of ignoring security resulted in a security market largely positioned against them these same companies are building solutions to scan Google applications and secure Google products, which like it was with Microsoft, will be sold by disparaging those same products. An interesting aside is back in the ‘90s I watched as a bunch of exIBM and exDEC employees appeared to drive Microsoft to make the same mistakes IBM and DEC had made, it now looks like a bunch of ex-Microsoft employees may be doing the same thing to Google.

Boy if this doesn’t put a smile on both Steve Jobs and Steve Ballmer’s faces I don’t know what else will. Mobile vs. Cloud
Another interesting battle going on was the one between the Mobile World Congress and RSA. It appears that most of the folks working on mobile applications actually were at Mobile World Congress and not at RSA which focused RSA more on securing the Cloud than on securing Mobile devices.

Given that increasingly these mobile devices are increasingly being used as the perfect cloud client and this trend would typically favor companies like McAfee, who did a major partnership with RSA at the show, which have or are developing solid positions across the ecosystem but by splitting the resources the overall solution for many was likely more difficult to pitch. Also interesting is the folks being pitched for the two sides are different, Cloud security solutions are pitched largely to IT and hosting companies while client solutions tend to favor carriers. However I did notice that both Verizon and AT&T were pitching Cloud services suggesting they are lining up to be big players in this new space.

Interesting enough Dell and McAfee had the best positions on the RSA show floor pointing to Dell’s new aggressiveness and once again helping justify why Intel bought McAfee. It is also interesting that both vendors have solutions that span cloud and mobile platforms.

Anonymous vs. HBGary Inc.
There is a fine line between being a hero and a villain and Anonymous, the group of folks allegedly supporting Wikileaks, seemed to cross that line at RSA. It is one thing to protect something important but another entirely to attack, particularly physically, another entity. While the sanity of any company wanting to step in and out the folks behind Anonymous would be in question because it would push them into survival mode and likely result in a violent response the use of violence tarnishes the entire effort and makes the group almost impossible to support.

In effect the group becomes their own worst enemy and appears to be hypocritical in supporting the release of confidential information that may put others at risk but violently objecting to information that puts them at risk. This drama played out at RSA where HBGary Inc. the firm that had attempted to out the Anonymous hackers, was allegedly subjected to death threats and had their booth vandalized. They had to cancel their talk and their attendance at the event allegedly to protect their safety. As an underdog Anonymous is a powerful force as a bully trending to the use of fear, or terror, they are far less compelling and this drama also played out at RSA this year.

Wrapping Up: Historic Event
As a result of these major topics RSA was an historic event this year showcasing the transition between legacy platforms and the new Cloud/Mobile arena even as it fought with Mobile World Congress for who had the greatest voice. It also showcased a changing of the guard, this time actually favoring Microsoft, as Google drifts to repeating Microsoft mistakes. It emphasized the why behind Dell’s impressive financial results during the week and McAfee’s increased power in this new Mobile/Cloud world. And finally it unfortunately also showcased the changing threat landscape represented by vigilantes who think of themselves as heroes but are actually starting to cross the line into criminal behavior and working against their own best interests.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1689
PUBLISHED: 2019-12-10
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
CVE-2016-10001
PUBLISHED: 2019-12-10
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitra...
CVE-2019-6183
PUBLISHED: 2019-12-10
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.
CVE-2019-6192
PUBLISHED: 2019-12-10
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
CVE-2019-4095
PUBLISHED: 2019-12-10
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.