Beautiful Virus, Huh?

So this is an image of the Tobacco Mosaic Virus.


Yeah, I never heard of it either. 


It is a virus that attacks and destroys tobacco and other plants. 


Viruses are ugly and evil in that they hurt and kill other living things


Yet in looking at this molecular image, I seriously hate to say it, but it is also beautiful in a way. 


The shape, color, complexity–the design and wisdom embedded in it–what can I say, but even this too is a miracle. 


Sure, it would be better in a mortal sense if there were no viruses to make us suffer and literally eat away at us. 


Yet, surely G-d has a plan even for these nasty virus molecules.  


Do they help us gain immunity to even worse diseases?


Do they help us to use ingenuity to discover, fight, and evolve to withstand their attacks and progress our society in larger ways?


Do they help us learn however horribly to turn to G-d, strengthen ourselves, and somehow try to cope with suffering and loss in life and death.


All sickness is unbelievably horrible and the suffering it causes is truly impossible to understand, and G-d should please, please have mercy on us. 


Yet, looking at this molecular image of even this virus, there is something comforting in the supreme intelligent design and creation of it all.  😉


(Source Andy’s photo of image by Visual Molecular Dynamics)

Creative Washing Sign

Wash Hands.jpeg

Ok, this is not your typical handwashing sign.


Usually these signs that are mandated by health regulations in food establishments remind employees to wash their hands before returning to work.


Of course, given all the Clostridium, E. coli, Hepatitis, Listeria, Norovirus, and Salmonella out there, we know that unfortunately many food workers are not following these instructions very well…yes, yuck!


Here, someone “sanitized” the sign, and rubbed out the “h” and the top part of the “d” in hands and left the crude word, “anus.” 


Now employees must wash not their hands, but their anus (does that help in food preparation?)!


Perhaps, whoever did this are lobbyists for some sort of bidets in this country. 


Given all the political crap that goes on around this town, this may be a very good idea. 😉


(Source Photo: Dannielle Blumenthal)

The Ebola Bomb {^}

Ebola
Ebola is the “one of the most virulent microbes” to mankind–there is no known cure and it has a 90% mortality rate. 

 

The death toll from the current outbreak of ebola in West Africa has now hit 1,145.

 

And according to the U.N. Health Agency, the number of deaths are “vastly underestimated.”

 

Already, as of two weeks ago, more than 100 health workers had been infected. So who is going to care for the infected and sick, when the medical professionals themselves are sick and dead?

 

According to the World Health Organization, Ebola is spread by “direct contact (through broken skin or mucous membranes) with the blood, secretions, organs, or other bodily fluids of infected people, and indirect contact with environments infected with such fluids.”

 

However, as frightening and deadly as ebola is as a disease that spreads and must be contained, what is even more terrifying is that there are those who believe that terrorists may try to harness it into a dirty bomb.

 

CBS reports that a disease expert from Cambridge University says that “A bigger and more serious risk is that a [terrorist] group manages to harness the virus as a power, then explode it in a bomb in a highly populated area.”

 

A biological bomb like this “could cause a large number of horrific deaths,” and would further spread the disease–and until it stops, no one knows.

 

Visiting any number of local doctors offices, emergency rooms, or hospitals that are already filled with patients and with lengthy wait times to be treated, I cannot imagine what an Ebola (type) outbreak would look like.

 

I hope and pray we never find out the suffering, death, and havoc something a virus like this would cause–whether transmitted through human-to-human contact or by one of the dirtiest, sickest bombs you could imagine.

 

(Source Screenshot: here with attribution to Unicef)

Now That’s Robot Clean

How many of you heard the phrase as a child, “Cleanliness is next to G-dliness”?

Over the years, we’ve learned that germs and associated illnesses are frequently transmitted by touch and through the air.

And so we’ve become sensitized to the importance of things like regularly washing our hands, using antibacterial soap, and generally keeping our homes and offices as clean as they can be. (Okay, some people I know aren’t so good about this–yes, you know who you are!)

The problem is that even with regular cleaning, corners, cracks, and surfaces are missed and harmful germs survive.

You can imagine that this can be especially true in places like hospitals and nursing facilities where unfortunately, there are already a lot of sick people.

Xenex Healthcare has invented an amazing robot that takes care of the problem–no, I am not taking about euthanasia (just kidding).

But really, this robot is wheeled into a room–generally after a manual cleaning that according to Bloomberg BusinessWeek (25 February 2013) often leaves 50% of the room still infected–and these germs can survive up to six months.

The Xenex robot generates a pulsing ultraviolet (UV) light from its extending head that zaps viruses and bacteria–destroying their DNA–and leaving a room 20 times cleaner!

There are 20 million hospital infection a years in America, killing about 100,000 people, and costing about $30,000 per infection, so the Xenex robot that kills up to 95% of many deadly infections and superbugs is significant.

The robot costs around $125,000 or it can be rented for $3,700 per month–but it can disinfect dozens of rooms a day.

I’d like to see a Xenex robot for every home and office–that should do wonders for improved health care in this country.

Oh and it makes a great gift for Howie Mandel. 😉

IT Security, The Frankenstein Way

Frankenstein

Here’s a riddle: When is a computer virus not a dangerous piece of malware? Answer: when it is hidden as Frankenstein code.

The Economist(25 August 2012) describes how computer viruses are now being secretly passed into computers, by simply sending a blueprint for the virus rather than the harmful code itself into your computer–then the code is harvested from innocuous programs and assembled to form the virus itself.

Like the fictional character, Frankenstein, that is stitched together out of scavenged body parts, the semantic blueprint pulls together code from host programs to form the viruses.

This results is a polymorphic viruses, where based on the actual code being drawn from other programs, each virus ends up appearing a little different and can potentially mask itself–bypassing antivirus, firewall, and other security barriers.

Flipping this strategy around, in a sense, Bloomberg Businessweek (20 June 2012) reports on a new IT security product by Bromiumthat prevents software downloads from entering the entire computer, and instead sets aside a virtual compartment to contain the code and ensure it is not malicious, and if the code is deemed dangerous, the cordoned-off compartment will dissolve preventing damage to the overall system.

So while on the offensive side, Frankenstein viruses stitch together parts of code to make a dangerous whole–here on the defensive side, we separate out dangerous code from potentially infecting the whole computer.

Computer attacks are getting more sinister as they attempt to do an end-run around standardized security mechanisms, leading to continually evolving computer defenses to keep the Frankensteins out there, harmless, at bay.

(Source Photo: herewith attribution to Dougal McGuire)

A Cyber Security House Of Cards

House_of_cards

Yesterday there were reports of a new “massive cyber attack” called the Flame.

A U.N. Spokespersoncalled it “the most powerful [cyber] espionage tool ever.”

The Flame ups the cyber warfare ante and is “one of the most complex threats ever discovered”–20 times larger than Stuxnet–and essentially an “industrial vacuum cleaner for sensitive information.”

Unlike prior cyber attacks that targeted computers to delete data (“Wiper”), steal data (“Duqu”), or to disrupt infrastructure (“Stuxnet”), this malware collects sensitive information.

The malware can record audio, take screenshots of items of interest, log keyboard strokes, sniff the network, and even add-on additional malware modules as needed.

Kaspersky Labs discovered the Flame visus, and there have been greater than 600 targets infected in more than 7 countries over the last 2 years with the greatest concentration in Iran.

This is reminiscent of the Operation Shady Ratthat was a 5-year cyber espionage attack discovered by McAfee in 2011–involving malware that affected more than 72 institutions in 14 countries.

Separately, an attack on the U.S. Federal government’s retirement investments–the Thrift Saving Plan–impacted the privacy and account information of 123,000 participants and “unathroized access”–and was reported just last week after being discovered as far back as July 2011.

Regardless of where the particular cyber attacks are initiating from, given the scale and potential impact of these, it is time to take cyber security seriously and adopt a more proactive rather than a reactive mode to it.

One can only wonder how many other cyber attacks are occuring that we don’t yet know about, and perhaps never will.

We can’t afford to fumble the countermeasures to the extraordinary risk we face in the playing fields of cyber warfare.

We have to significantly strengthen our cyber defenses (and offenses) — or else risk this “cyber house of cards” come crashing down.

It’s time for a massive infusion of funds, talent, tools, and leadership to turn this around and secure our nation’s cyber infrastructure.

(Source Photo: herewith attribution to Dave Rogers)

>What’s Lurking In The Update?

>

In defense, it is a well-known principle that you determine your critical infrastructure, and then harden those defenses—to protect it.

This is also called risk-based management, because you determine your high impact assets and the probability that they will be “hit” and deem those the high risks ones that need to be most protected.

In buttressing the defenses of our critical infrastructure, we make sure to only let in trusted agents. That’s what firewalls, anti-virus, spyware, and intrusion prevention systems are all about.

In so-called “social engineering” scams, we have become familiar with phony e-mails that contain links to devastating computer viruses. And we are on the lookout for whether these e-mails are coming from trusted agents or people we don’t know and are just trying to scam us.

What happens though when like the Trojan Horse in Greek times, the malware comes in from one of the very trusted agents that you know and rely on, for example, like from a software vendor sending you updates for your regular operating system or antivirus software?

ComputerWorld, 10 May 2010, reports that a “faulty update, released on April 21, [by McAfee] had corporate IT administrators scrambling when the new signatures [from a faulty antivirus update] quarantined a critical Windows systems file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.”

While this particular flawed security file wasn’t the result of an action by a cyber-criminal, terrorist or hostile nation state, but rather a “failure of their quality control process,” it begs the question what if it was malicious rather than accidental?

The ultimate Trojan Horse for our corporate and personal computer systems are the regular updates we get from the vendors to “patch” or upgrade or systems. The doors of our systems are flung open to these updates. And the strategic placement of a virus into these updates that have open rein to our core systems could cause unbelievable havoc.

Statistics show that the greatest vulnerability to systems is by the “insider threat”—a disgruntled employee, a disturbed worker, or perhaps someone unscrupulous that has somehow circumvented or deceived their way past the security clearance process (or not) on employees and contractors and now has access from the inside.

Any well-placed “insider” in any of our major software providers could potentially place that Trojan Horse in the very updates that we embrace to keep our organizations secure.

Amrit Williams, the CTO of BIGFIX Inc. stated with regards to the faulty McAfee update last month, “You’re not talking about some obscure file from a random third party; you’re talking about a critical Windows file. The fact that it wasn’t found is extremely troubling.”

I too find this scenario unnerving and believe that our trusted software vendors must increase their quality assurance and security controls to ensure that we are not laid bare like the ancient city of Troy.

Additionally, we assume that the profit motive of our software vendors themselves will keep them as organizations “honest” and collaborative, but what if the “payoff” from crippling our systems is somehow greater than our annual license fees to them (e.g., terrorism)?

For those familiar with the science fiction television series BattleStar Galactica, what if there is a “Baltar” out there ready and willing to bring down our defenses to some lurking computer virus—whether for some distorted ideological reason, a fanatical drive to revenge, or a belief in some magnanimous payoff.

“Trust but verify” seems the operative principle for us all when it comes to the safety and security of our people, country and way of life—and this applies even to our software vendors who send us the updates we rely on.

Ideally, we need to get to the point where we have the time and resources to test the updates that we get prior to deploying them throughout our organizations.