If you are having trouble viewing this email, click here to view this online



   ISSUE 32

26 March  2014

Article of the Month Around the World

The Evolution of Computing-Part 1


In the early 1880s Mr Herman Hollerith created a device to help automate the United States of America’s census process. It was the punch-card tabulator. The idea was simple but brilliant. By punching a series of holes in paper, information about a certain population could be stored. For example a hole in a predefined location in the paper would indicate that a family had two children.


  Seeing the advantage of such a process, the Census Bureau put Hollerith’s machine to good use in the 1890s census. This new phenomena improved the tallying procedure, making it much more quicker for the Bureau to tabulate the census taken than it had in the 1880 round, even though the country‘s population had grown. Having proved its value in speeding up calculations and reduction of cost of the census (savings almost ten times greater than the Bureau had expected), the punch-card tabulator attracted the attention of the owners of big businesses such as railroads, insurance agencies, banks, and mass-market manufacturers and retailers.
Seeing the commercial potential of his invention, Hollerith, established the Tabulating Machine Company. The main aim was to sell tabulators to businesses. Seeing the growth of the need for such services, Hollerith‘s firm merged with the Computer–Tabulating–Recording Company, to supplier even larger business machines. After some time, Thirteen years later, a talented young manager, named Thomas J. Watson, was brought into run the business. Once he had taken over the reins of the company, he changed the company’s name to the more impressive sounding International Business Machines Corporation (IBM). This saw the dawn of the information technology industry.

Retrospectively it would seem inevitability that people, at that time, would have thought that computers would be the backbone of modern business. However, strangely, the reverse was true. People at that time had much scepticism about the machine’s usefulness. So much so that Howard Aiken, a distinguished Harvard mathematician and a member of the US government‘s National Research Council and the creator of the Havard Mark I Computer, had commented to Edward Cannon, of the U.S. National Bureau of standards, in 1948 that the idea that there would be a big market for computers is “foolishness”1. Furthermore he had been documented as stating that “there never would be enough work for more than two of these computers”2 .

However as technology evolved with the advent of the tiny transistors, the big bulky vacuum tubes were replaced. This saw the birth of what we now know as the desktop computers. It is ironic to note that, as with the former views, the dominant computer companies of the day from IBM to Digital, paid little attention to these quirky new machines. For the PC were seen too week for any use. It took the brilliance of a college dropout named Bill Gates—to see potential in the use of these personal computers in business. In 1975, Gates together with his high-school friend Paul Allen founded a little company named Micro-Soft, to write software for the newly invented PC. Gates envisaged that these machines would not only find a place inside business but that, because of its versatility and low cost, it would supplant the bulky mainframe as the centre of corporate computing.3
Nevertheless it can be seen that such advances still did not allow the computer to meet its full potential. The issue being that workstation could not compete with mini and mainframes on the basis of the power of a single machine. This was solved by in the advent of networks of machines. In which it was noted that the collective power of the PC was greater than the sum of the parts. In 1990 a slew of ―application service providers‖ emerged, with considerable venture-capital backing, in hopes of providing businesses with software programs over the Internet3.

However this good intention was met with, at that time, a significant “barrier to entry”, where a significant chasm existed between communication speeds and computer processing speeds. To explain this two laws were coined. One is Moore’s law. Gordon E Moore stated in 1965 that over the history of computing hardware, the number of transistors on integrated circuits doubles approximately every two years4 . The other is Grove’s Law. Andrew Grove stated, while chip density doubles every eighteen months (Moore’s Law), telecommunications bandwidth doubles every 100 years1 .

However in the recent past we can see that the Grove’s law has been progressively being negated. With the genesis and subsequent improvement of communication services, it can be noted that the next stage in the evolution of computer services has come, that is providing computer as a utility. As data now can be transferred quickly at a cheaper rate “the full power of computers can finally be delivered to users from afar. It doesn't matter much whether the server computer running your program is in the data centre down the hall or in somebody else's data center on the other side of the country. All the machines are now connected and shared -- they're one machine.3"
What is utility computing? As stated in Wikipidia utility computing is the packaging of computing resources, such as computation, storage and services, as a metered service5.
Imagine the day in which a person would just plug their laptop, palm top or tablet PC’s; to a wall socket and obtain services pre-negotiated between the service provider and his/her respective business, so that to carry out his/her daily work.
The service provider may provide the company with comprehensive package. The package may come pre-bundled with:
• Computer hardware , included standard servers, CPUs, monitors, input devices and network cables.6
• Internet access , including Web servers and browsing software. 6
• Software applications that run the entire gamut of computer programs. They could include word processing programs, e-mail clients, project-specific applications and everything in between. Industry experts call this particular kind of business "Software as a Service " (SaaS). 6
• Access to the processing power of a supercomputer . Some corporations have hefty computational requirements. For example, a financial company might need to process rapidly-changing data gathered from the stock market. While a normal computer might take hours to process complicated data, a supercomputer could complete the same task much more quickly. 6
• The use of a grid computing system . A grid computing system is a network of computers running special software called middleware. The middleware detects idle CPU processing power and allows an application running on another computer to take advantage of it. It's useful for large computational problems that can be divided into smaller chunks. 6
• Off-site data storage , which is also called cloud storage . There are many reasons a company might want to store data off-site. If the company processes a lot of data, it might not have the physical space to hold the data servers it needs. An off-site backup is also a good way to protect information in case of a catastrophe. For example, if the company's building were demolished in a fire, its data would still exist in another location. 6
At the end of the month, this business in question would then receive an invoice. This invoice would depict charges based on usage and not on a fixed flat fee. This could be compared to the modern electricity tariff. Where usage for a certain amount of units would be billed at a predefine amount.


Second part of this article will be continued in the next month issue


Kumar is the Secretary to ISACA Sri Lanka Chapter and as an information system audit and assurance professional, is currently working as an Information Systems Auditor at SJMS Associates, an esteemed firm of Chartered Accountants independent correspondent firm to Deloitte Touche Tohmatsu







  IBM: No Backdoors, No Source Code, No Client Data Provided to NSA

“. . . After details began to emerge on the scope of US government spying when classified documents were leaked by Edward Snowden, many US technology companies have been put in a tough position with their customers. ..."

  Don't Forget DNS Server Security

'....Late last August, some visitors to the New York Times website received an unexpected surprise - the website was down.

The source of the interruption was not a power outage or even a denial-of-service attack. Instead, it was a battle against a DNS hijacking attempt believed to be connected to hacktivsts with the Syrian Electronic Army.....'

Experts warn against judging Firefox on poor Pwn2Own performance



'....Last week, security researchers at the annual contest discovered four previously unknown vulnerabilities, more than for rivals Google Chrome, Apple Safari and Microsoft Internet Explorer. The number of holes found in Firefox prompted some in the media to declare it the least secure browser.

On Monday, security experts said judging the security of Firefox, or any other browser, by the number of vulnerabilities found in a single contest is misleading.

DARPA Cyber Ops Needs a Bigger Rolodex


'.... The Pentagon is scouting for cyber ninjas in the private sector who would be available for future help dominating the cyber domain, according to documents. The trick will be finding potential “performers” that hold security clearances for classified endeavors, Defense Advanced Research Projects Agency officials said.........'

Cloud Security Frees Up NOAA's Workforce

''....  Sometimes consolidation can be a good thing for the federal workforce.

Centralizing networks in the cloud has allowed human eyes at the National Oceanic and Atmospheric Administration to weed through 1.2 billion cyber transactions per day for signs of hacking.. ....”

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in February 2014
  Hacked Sites

 Statistics - Sri Lanka CERT|CC


Hitting the Data Jackpot

'.... Breaches, breaches everywhere. There has to be a reason for it – criminals aren’t just following a trend like a spring shopper buying the latest styles of shoes. If you put yourself in the shoes of a cybercriminal (not the spring shopper’s), you’ll be able to appreciate how breach data equates money in a number of ways.........'

8 ways to improve wired network security

'.... We sometimes focus more on the wireless side of the network when it comes to security because Wi-Fi has no physical fences. After all, a war-driver can detect your SSID and launch an attack while sitting out in the parking lot.

But in a world of insider threats, targeted attacks from outside, as well as hackers who use social engineering to gain physical access to corporate networks, the security of the wired portion of the network should also be top of mind......’

The Siesta Campaign: A New Targeted Attack Awakens

'....In the past few weeks, we have received several reports of targeted attacks that exploited various application vulnerabilities to infiltrate various organizations. Similar to the Safe Campaign, the campaigns we noted went seemingly unnoticed and under the radar. The attackers orchestrating the campaign we call the Siesta Campaign used multicomponent malware to target certain institutions that fall under the following industries:........'

Bypassing security scanners by changing the system language



'...... A substantial security oversight is present in a variety of penetration testing tools, and it has to do with the different languages that a computer system can be set up to use, claimed and proved Trustwave researchers at the recently held Hack In The Box conference in Kuala Lumpur........'

Digital devices used every day that could result in a security breach



'..... Data breaches cost U.S. enterprises an average of $5.4 million per incident in 2012, according to the Ponemon Institute and Cintas Corporation.

With the growing number of digital devices in today’s businesses, it is no longer sufficient to only secure data stored on documents or in computer files,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Data stored on digital devices such as fax machines and routers must be securely destroyed to prevent it from getting into the wrong hands.”

Notice Board
  Training and Awareness Programmes - March 2014
- 10rd- 14th March and 24th - 28th March Hardware maintenance Training Programme
General Sir John Kothelawela Defense University


17th- 21st March Hardware maintenance Training Programme General Sir John Kothelawela Defense University
- 17th- 23rd March Hardware maintenance Training Programme South Eastern University, Oluvil
24th - 30th March Hardware maintenance Training Programme South Eastern University, Oluvil
21st- 23rd March Trainers training on Unlimited Potential Partnership Program Holiday Resort, Kiriella
23rd-25th March  Trainers training on Unlimited Potential Partnership Program Holiday Resort, Kiriella
- 21st March Opening ceremony of Suneetha Vidyalaya( Mahindodaya Special Model school) Wataraka

Brought to you by: