On Dec. 1, the General Services Administration shuttered apps.gov, the one-stop cloud portal championed by the former federal CIO, Vivek Kundra.
Apps.gov was designed as an online storefront of cloud-based services from which agencies could "get the capabilities they need to fulfill their missions at lower cost, faster, and ultimately, in a more sustainable manner," Kundra wrote in a blog post announcing the site.
GSA decommissioned the three-year-old site in an effort to streamline customer service and simplify its consumer-facing websites, according to FCW. GSA said the move is to adjust its services to suit agency needs.
According to the announcement as reported by govroot, GSA said the apps.gov website will no longer host SaaS vendors or other cloud service providers. These offerings instead would be available through the vendors' respective IT Schedule 70 contracts on GSA Advantage. Other apps.gov services, such as social media applications, would be available on howto.gov, GSA's website for managers of government service channels.
FCW reported that in 2010, Katie Lewin, chief of staff at the Office of the Chief Information Officer at GSA, said government users were not buying from apps.gov. They were using the site to do research and check prices, with "prospective buyers presumably using that information to help structure their own cloud computing buys."
Traffic and links to Apps.gov are being redirected to info.apps.gov, the home of the Federal Cloud Computing Initiative.
Posted on Dec 03, 2012 at 2:27 PM0 comments
If the old adage is true that it’s an ill wind that blows no good, then Superstorm Sandy may have earned its role as a force for good, thanks to the members of Team Rubicon.
The all-volunteer disaster-relief organization, staffed by more than 6,000 military veterans and former first responders, is using battlefield-tested software to direct its army of aid workers along storm-ravaged New York’s Rockaways as they patrol the devastated beach area assessing the damage, providing assistance or calling for supplies, according to Businessweek.com.
The Palantir Technologies software runs on the laptops in the mobile headquarters bus and on smart phones in the field, informing dispatchers of the location of the volunteers and updating information on damaged properties. Simultaneously, the volunteers can call up notes, add their own data and upload geo-tagged photos for address information and visual confirmation, similar to a coordinated battlefield operation.
Company officials say Palantir’s software is applicable in such situations because it is designed to deal with large, disparate data sets. So when relief workers want to determine where to send aid, it’s helpful to be able to combine several layers of information: the status of neighborhood pharmacies and gas stations, demographic and census data, and poverty rates.
“When other relief groups have arrived, government agencies have been sending them to us, based on our effectiveness,” Ford Sypher, a Team Rubicon regional director and former Army Ranger in Iraq and Afghanistan, told Businessweek.
This is not the first time an application designed for the battlefield has proved its worth in a civilian setting. In September, a U.S. military exercise in Croatia created an imaginary 11-nation coalition of forces to counter a criminal organization’s infiltration of a fictitious country.
For that exercise, the White Canvas Group, of Alexandria, Va., developed a secure customized version of its GridMeNow application. The smart phone-based app allowed operators to share and use location-based reports and to relay real-time operations data to the people who needed it.
The commercial version of GridMeNow is designed to let people affected by a disaster more accurately notify first responders. A couple clicks and the emergency personnel have an alert, a geographical location and even pictures and video as needed.
Posted on Dec 03, 2012 at 11:39 AM0 comments
Some Samsung and Dell printers made by Samsung have a firmware flaw that could allow unauthenticated users access to sensitive information on the devices, according to a notice released this week by the U.S. Computer Emergency Response Team.
US-CERT said the popular government printers contain a hardcoded Simple Network Management Protocol (SNMP) full read-write string that could give an unauthenticated user access to information on the device, “even when the protocol is disabled in the printer management utility." The SNMP is used to monitor the status of remote devices.
An attacker with administrative read/write privileges could therefore access information, make changes to the device configuration and even have, “the ability to leverage further attacks through arbitrary code execution,” according to US-CERT.
Samsung and Dell said models released after Oct. 31, 2012 are not affected by the vulnerability. Samsung added that it is “committed to releasing updated firmware for all current models by Nov. 30, with all other models receiving an update by the end of the year.”
In the meantime, CERT said blocking the custom SNMP trap port of 1118/udp could help lower the risks posed by the backdoor. It also recommended network administrators to allow connections only from trusted hosts and networks.
“Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location,” it said.
Posted on Nov 29, 2012 at 12:30 PM0 comments
A recent Government Accountability Office report found that while the White House and the Office of Management and Budget have instituted policies and procedures for investment in geospatial assets, agencies and committees have not followed this guidance, leading to duplication and a lack of coordination among geospatial projects.
The federal government invests billions of dollars in geospatial information across a variety of agencies to support many functions, including national security and disaster response. The Federal Geographic Data Committee (FGDC) was established to coordinate the nation’s geospatial data nationwide and has established a clearinghouse of metadata. However, agencies are not using this metadata in planning their investments, according to the report.
GAO recommended that the FGDC develop a national strategy for coordinating geospatial investments and that agencies follow federal guidance for managing these projects. Meanwhile, GAO recommends that OMB develop a mechanism for agencies to identify and report on their geospatial assets.
Posted on Nov 28, 2012 at 2:04 PM1 comments
Antivirus software is 0-for-82 against new malware, but is it a waste of money?
A recent study by University of Tel Aviv for Imperva comes to that conclusion, at least with regard to new viruses. The research team tested 82 new malware files against 40 antivirus products and found that the antivirus programs detected exactly none of them, TechWorld reports.
Even after giving the antivirus software additional chances at one-week intervals, the best of the antivirus products still took at least three weeks to detect the viruses, according to the report. And of the batch tested, Imperva said that two free programs, Avast and Emisoft, performed the best, along with McAfee antivirus.
Antivirus software has come in for criticism in recent years, with a Cambridge University study suggesting that organizations spend too much on antivirus and should instead concentrate on catching cyber criminals. Others have advocated methods such as whitelisting and intrusion detection as better for protecting networks.
But antivirus software, which typically is used to detect malware with known signatures, could still have a place in an administrator’s cyber defense arsenal. The Imperva study, for instance, involved testing new malware that the antivirus programs tested apparently were not aware of. But recent research also has found that old vulnerabilities are still the most popular among hackers.
Posted on Nov 28, 2012 at 12:11 PM0 comments