Goto Blog Home PageRevell Research Systems: Alastair Revell's Web Log
On this page....
Archive
<October 2009>
SunMonTueWedThuFriSat
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567

RSS 2.0     Atom 1.0     CDF

Summary
Search
Navigation
Categories
Blog Roll
About Alastair Revell
Alastair Revell is the Managing Consultant of Revell Research Systems, a Management and Technology Consulting Practice based at Exeter in the United Kingdom.
Contact Alastair Revell
 EMail Revell Research Systems Limited Email Me
Copyright
Legal & Other Notices
Sign In
Disclaimer
The material published in this web log is for general purposes only. It does not constitute nor is it intended to represent professional advice. You should always seek specific professional advice in relation to particular issues. The information in this web log is provided "as is" with no warranties and confers no rights. The opinions expressed herein are my own personal opinions.

Web Log Home | Welcome to this Web Log | Using this Web Log | New to Blogs? | About Revell Research Systems | Contact Details

Review Entries for Day Saturday, October 31, 2009
Farmers Weekly has reported that the Rural Payments Agency (RPA) has lost the payment details of every farmer in the United Kingdom that has ever claimed a farm payment. The details include names and addresses, bank details, passwords and security questions and apparently were not encrypted. The number of farmers affected is believed to be around 100,000.
More about Alastair Revell

Saturday, October 31, 2009 3:01:56 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Security | Trackback

Review Entries for Day Monday, September 21, 2009
The British Computer Society (BCS) launched its new branding over the weekend and it is clearly setting an ambitious course. The changes clearly run far deeper than just the corporate colour change from blue to green. Firstly, it is obvious from the web site that it wants to fulfil a more global role rather than just one confined to the United Kingdom. It has conspicuously stopped calling itself The British Computer Society in favour of referring to itself simply as the BCS.
More about Alastair Revell

Monday, September 21, 2009 8:29:48 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] IT Profession | Trackback

Review Entries for Day Thursday, September 03, 2009

I was pleased to just read a few moments ago on the BBC Web Site that the National Museum of Computing at Bletchley Park is to acquire the Harwell machine. It is the oldest computer in existence (depending on whether you classify the Collusus machine as a computer or not) and will definitely strengthen their growing collection.

I understand that the machine is to be dusted down and restarted as part of a renovation project. The machine was originally built and used by staff at the Atomic Energy Research Establishment at Harwell in Oxfordshire. It was designed in 1949, commissioned in 1951 and ran in regular service until 1973.

I think it is important that the IT profession looks after its heritage. We like to boast that a year in computing or Internet time is equivalent to just a few months. We need to realise that, if this is the case, that we are producing history at around four times the normal rate!

More about Alastair Revell

Thursday, September 03, 2009 5:43:56 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] General | Trackback

Review Entries for Day Tuesday, August 25, 2009

I welcome the joint report produced by fellows of The Royal Academy of Engineering (RAE), The Institution of Engineering and Technology (IET) and The British Computer Society (BCS) entitled: "Engineering Values in IT", which was published on 3rd August 2009 and is available from the academy's web site.

The report recommends that "appropriately qualified Chartered Engineers (CE) and Chartered IT Professionals (CITP) should be employed to lead and manage major IT projects within both government and industry."

I sense that, in particular, Chartered IT Professional (CITP) status is a qualification whose time is now rapidly approaching. I’ve noted over recent months that many IT professionals in senior positions have recently been awarded chartered status.

It is a necessarily hard qualification to achieve and is certainly on a par with those in other chartered professions, such as Chartered Accountants or Chartered Surveyors.

The motivation for the report was the critical importance of IT at a national level.

The report notes that the take up of chartered status within information technology remains a problem. I certainly think that those who have attained the CITP qualification should make it clear that they are "Chartered IT Professionals", since I believe that this will accelerate its adoption.

More about Alastair Revell

Tuesday, August 25, 2009 9:29:16 AM (GMT Standard Time, UTC+00:00)  #
Comments [0] IT Profession | Trackback

Review Entries for Day Thursday, May 28, 2009

I’ve recently had occasion to contact a number of professional service firms “out of the blue” about the services that they offer.

As an IT professional, I’ve naturally used email as my preferred means of communication. What concerns me is that in all cases, I’ve had to chase these emails because I’ve had no reply – no doubt because my original email has been eaten by my recipient’s anti-spam system.
 
This raises serious questions about the effectiveness of email for “first contact” communication and begs the question just how many leads are being lost by organisations in this recession!
 
Clearly, telephone contact or a written letter is probably both more efficient and more effective. In fact, as traditional (ie: paper-based) junk mail seems to be in decline, any written communication is more likely to stand out when marketing services to other firms, rather than being automatically hidden as frequently now happens with emarketing.
 
Where does this leave email?
More about Alastair Revell

Thursday, May 28, 2009 10:26:13 AM (GMT Standard Time, UTC+00:00)  #
Comments [0] General | Trackback

Review Entries for Day Wednesday, May 20, 2009

I attended the BCS South West AGM Talk “The Second World War Code Breaking Centre at Bletchley Park” at the University of Plymouth on Wednesday, 13th May 2009, given by John Gallehawk of The Bletchley Park Trust, who came complete with an Enigma machine – the code machine used by the German’s during the war to send encrypted messages between various fighting units and their commanders.

It was the first time that I had heard anyone from Bletchley Park talk and the speaker was very engaging. The history of the house, its role during the war and its more recent history were all fascinating.

The Enigma machine was clearly the star attraction of the talk and sparked a lot of discussion amongst the various IT professionals drawn from across the region and from a variety of computing disciplines.

 john gallehawk with an enigma machine 

John Gallehawk, from The Blethcley Park Trust,
demonstrating the use of an Enigma Machine.

The talk accidentally followed Stephen Fry’s visit to Bletchley in the same week, which had managed to draw a lot of attention to the plight of the centre. News of his informal visit seems to have escaped because he uses Twitter to keep his fans informed of his movements. He’d announced that he was as “excited as a kitten” about his visit.

I certainly believe that Bletchley Park needs as much publicity and money as it can get. It is very much the cradle of British computing and is arguably the birth place of the first modern computer, the so-called Collossus. It would be a terrible disgrace if our generation of IT professionals allowed this important piece of our history to decay and disappear, which it most certainly is in danger of doing.

I blogged last September about Dr Sue Black of the University of Westminster’s letter to The Times, which she had been spurred to write after the feedback she received from other heads of computing departments across the British higher education establishment. She’s right - the centre really does need saving.

More about Alastair Revell

Wednesday, May 20, 2009 3:14:46 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] General | Trackback

Review Entries for Day Tuesday, May 19, 2009

I periodically battle with SME clients who argue that no one really would want to “hack” their organisation – they are simply too small or too insignificant to warrant the effort. I suspect I am not alone and that many other advisers on IT have the same trouble persuading their clients of the very real risks they face.

The argument that is often recited is that when the partner or director was employed elsewhere, their previous firm was much slacker with their IT security and had no problems whatsoever. The issue, of course, is that the goal in hacking has changed from destruction to utilisation. The aim is to take unseen control of the computing resources of an organisation and to use those resources for crime. It simply doesn’t surprise me that there never are any signs of compromise!

The BBC recently reported that security firm Finjan had tracked down a botnet with over two million machines under its control to a group of criminals working in the Ukraine. This particular botnet had even ensnared computing resources inside both the UK and US governments, which in itself raises concerns.

I suspect that firms that take few steps to lock down their workstations will have background malware undertaking all sorts of malicious activities. These infections will probably have managed to enter their sites via the web or email, which is increasingly carrying malicious content.

The so-called drive-by attacks using infected third party web sites is particularly worrying. Few organisations seem to scan inbound data over the web for vulnerabilities, partly because of the impact on browsing speeds that this would have. Those organisations that then don’t lock down their desktops so users cannot install software run very real risks of users innocently and unknowingly installing something they really don’t want. Once such software is on the inside of the firewall, most SME organisations simply have little or no defence, especially if the software is not strictly considered a “virus” and ignored by their anti-virus product.

A technical colleague in another firm drew my attention recently to Sophos’ Security Threat Report 2009, which provides examples of firms that have suffered attacks on their web sites. Some of these web sites would have posed risks to casual browsers of those sites as well as to those who had previously provided them with confidential information.

The list included such well-known names as ITV, a site selling Euro 2008 football championship tickets, the anti-virus firm Trend Micro, Cambridge University Press, Sony’s US Playstation site, the Association of Tennis Professionals’ web site as Wimbledon opened in the UK in June 2008 and the Business Week web site.

Unfortunately, I doubt few SME business leaders that have small (if any) indigenous IT staff will actually ever get to read it.

However, the difficulty simply persists that many SME organisations believe that no symptoms means no underlying problems. I can see their dilemma – a bunch of (often external) IT professionals becoming excited about dangerous threats and advocating the spending of money in a recession is far from appealing, especially when the risks from a naïve perspective seems minimal.

I was recently a guest at The Institution of Analysts and Programmers Spring Seminar in the London Docklands at which Microsoft’s Chief Security Advisor in the United Kingdom, Ed Gibson, spoke. He is an engaging speaker, an attorney in the United States and a practising solicitor in England and Wales, as well as a former FBI agent. He has for sometime been trying to raise awareness of these issues in the United Kingdom.

While listening to him and while mulling over his thoughts at the (excellent) lunch that followed, I believe that we really do need some form of reliable reporting mechanism for attacks of the sort documented by Sophos and these need to become highly publicised, even if in an anonymous form.

SME business leaders need to have independently verified facts about the IT security risks they face that are both readily available and easily digested; and in a form that brings the message home.

More about Alastair Revell

Tuesday, May 19, 2009 6:37:15 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Security | Trackback

Review Entries for Day Monday, November 24, 2008

The closure of the San Jose hosting company McColo Corp has had an amazing effect on the level of spam world-wide. A number of sources suggest that spam has dropped by around 66% in the last week or so.

McColo Corp is alleged to have been the home to a number of command and control systems for a variety of botnets, some with more than 600,000 zombie computers under their control. Many reports also suggest that the company was hosting a variety of other nefarious web sites. 

I understand two Internet Service Providers (ISPs) decided to act by effectively cutting McColo off from the Internet.

I have certainly noticed the dramatic drop off in daily spam. The amount of time spent world-wide dealing with junk email is huge and is an unwelcome drain on resources, especially as many businesses try and weather the current economic downturn.

I am quite surprised just how effective the action taken by these two ISPs has proved to be, although I doubt it will last for long. The spammers will find alternative ways to continue.

However, it does raise an interesting point about how effective this sort of action can be. Perhaps, we should look to legislate to make this kind of response much easier to take. I suspect that the amount of money saved globally by this action over the last week alone was quite staggering.

Long may the lull continue …

More about Alastair Revell

Monday, November 24, 2008 8:46:31 AM (GMT Standard Time, UTC+00:00)  #
Comments [0] General | Trackback

RSS 2.0 Feed If you enjoyed reading an article on this blog, why not subscribe to the RSS 2.0 feed to receive future articles?
   
Revell Research Systems Logo Visit the Revell Research Systems Web Site if you want to learn more about this management and technology consulting practice.