Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:53 PM
Rob Enderle
Rob Enderle

RSA: Microsoft vs. Google--Mobile vs. Cloud--Anonymous vs. HBGary Inc.

RSA has turned out to be an historic event this year showcasing massive industry change from traditional platforms to mobile devices and cloud computing, Google’s replacement of Microsoft as the most targeted vendor, and the drift of the vigilante group Anonymous towards the dark side.

The RSA conference has historically been rather low key year over year. Important things are discussed and presented, but topics are hardly fodder for major news events. But this year the show actually had a lot of really interesting conflict -- not only inside the show, but between the show and Mobile World Congress going on in Barcelona Spain. Let’s chat about some of the major events so far this week.

Microsoft vs. Google
This was subtle, but typically at RSA the company that everyone is jumping on is Microsoft for its lack of security. Over the last several years ago these quiet attacks have become less and less strident and this year Google took Microsoft’s place. In fact, and I have mentioned this before, Google seems to continue to be on track to repeat most every mistake that Microsoft has made since their founding at a faster rate and on a larger scale. If it were me running that company I’d likely try to avoid these mistakes but then the Google Stockholders must clearly like the idea of sequels and unnecessary drama.

Microsoft has a major presence at RSA and they set the stage in their keynote suggesting that governments implement a central control requirement. This requirement would make sure that anything connecting to the internet and using the common backbone meet certain minimum security requirements in order to eliminate the infrastructure that is spreading viruses and creating botnets. Better than an Internet Cutoff Switch which scares the hell out of anyone that worries about their government becoming “Big Brother” this would better immunize the against catastrophic events and likely work better than the “cut-off” switch ever could.

Google wasn’t at RSA, like Microsoft was in the 80s and 90s, Google appears to think that security is someone else’s responsibility and stories of hostile practices surrounding Google’s Android platform and search products were circulating wildly. Most chilling was the story out of Mexico where a top executive was kidnapped by attackers who used Google to identify him and then killed him when they didn’t get their ransom timely. Particularly troubling was that CNET actually identified this potential exposure nearly a decade ago and instead of addressing it in any fashion Google chose to blacklist CNET. Can you imagine if any other product company did this and was connected to a death of a prominent executive?

While clearly there was a lot of concern surrounding Google’s public cloud products and security the other really big story was that in China there are evidently companies who take applications off of Google’s application store and rewrite them either putting advertising or malware in them and then releasing them back onto Chinese versions of the App store where folks load them onto their phones. Much like Microsoft’s past practice of ignoring security resulted in a security market largely positioned against them these same companies are building solutions to scan Google applications and secure Google products, which like it was with Microsoft, will be sold by disparaging those same products. An interesting aside is back in the ‘90s I watched as a bunch of exIBM and exDEC employees appeared to drive Microsoft to make the same mistakes IBM and DEC had made, it now looks like a bunch of ex-Microsoft employees may be doing the same thing to Google.

Boy if this doesn’t put a smile on both Steve Jobs and Steve Ballmer’s faces I don’t know what else will. Mobile vs. Cloud
Another interesting battle going on was the one between the Mobile World Congress and RSA. It appears that most of the folks working on mobile applications actually were at Mobile World Congress and not at RSA which focused RSA more on securing the Cloud than on securing Mobile devices.

Given that increasingly these mobile devices are increasingly being used as the perfect cloud client and this trend would typically favor companies like McAfee, who did a major partnership with RSA at the show, which have or are developing solid positions across the ecosystem but by splitting the resources the overall solution for many was likely more difficult to pitch. Also interesting is the folks being pitched for the two sides are different, Cloud security solutions are pitched largely to IT and hosting companies while client solutions tend to favor carriers. However I did notice that both Verizon and AT&T were pitching Cloud services suggesting they are lining up to be big players in this new space.

Interesting enough Dell and McAfee had the best positions on the RSA show floor pointing to Dell’s new aggressiveness and once again helping justify why Intel bought McAfee. It is also interesting that both vendors have solutions that span cloud and mobile platforms.

Anonymous vs. HBGary Inc.
There is a fine line between being a hero and a villain and Anonymous, the group of folks allegedly supporting Wikileaks, seemed to cross that line at RSA. It is one thing to protect something important but another entirely to attack, particularly physically, another entity. While the sanity of any company wanting to step in and out the folks behind Anonymous would be in question because it would push them into survival mode and likely result in a violent response the use of violence tarnishes the entire effort and makes the group almost impossible to support.

In effect the group becomes their own worst enemy and appears to be hypocritical in supporting the release of confidential information that may put others at risk but violently objecting to information that puts them at risk. This drama played out at RSA where HBGary Inc. the firm that had attempted to out the Anonymous hackers, was allegedly subjected to death threats and had their booth vandalized. They had to cancel their talk and their attendance at the event allegedly to protect their safety. As an underdog Anonymous is a powerful force as a bully trending to the use of fear, or terror, they are far less compelling and this drama also played out at RSA this year.

Wrapping Up: Historic Event
As a result of these major topics RSA was an historic event this year showcasing the transition between legacy platforms and the new Cloud/Mobile arena even as it fought with Mobile World Congress for who had the greatest voice. It also showcased a changing of the guard, this time actually favoring Microsoft, as Google drifts to repeating Microsoft mistakes. It emphasized the why behind Dell’s impressive financial results during the week and McAfee’s increased power in this new Mobile/Cloud world. And finally it unfortunately also showcased the changing threat landscape represented by vigilantes who think of themselves as heroes but are actually starting to cross the line into criminal behavior and working against their own best interests.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-16
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or ...
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a se...
PUBLISHED: 2021-04-16
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS build 20210202 (and later) QT...
PUBLISHED: 2021-04-16
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request...