DISCLAIMER: I know I am going to get a lot of flak for this article. But just had to get this off my chest. Feel free to respond with your own and/or opposite opinion–which may also have merit.
Lovely Heartbleed Logo
Ok, first of all some context – anyone with an eye on I/T or security has recently heard of the ‘Heartbleed’ vulnerability — one of the “scariest web exploits in the last half century.” It has unilaterally turned the web infrastructure world on its face because of the need to stop everything you’re doing and rush to secure your servers.
But am I the only one here thinking and saying to myself – “Screw Codenomicon!” I mean, come on – this is more than partially their fault! Almost everything I read on this topic praises their ingenuity and dedication for helping to find and explain this serious issue to the public. But to quote Will Ferrell from Zoolander “I feel like I’m taking crazy pills!!!”
I say the opposite – SHAME on them! Codenomicon, for those who don’t know, is the company/’heroes’ responsible for uncovering this bug.
However, they couldn’t have gone about this in a worse way. Instead of quietly making the vulnerability known to OpenSSL folks and a select few in the security circles, they SHOUTED it from the rooftops to everyone they could. They actually rushed to make almost a marketing campaign out of this exploit (see http://heartbleed.com/). If I didn’t know any better, I would say they were trying to tell every single hacker, even those living under a rock, that this problem exists and exactly how to exploit it.
Let’s look at the sequence of events and their own description of what happened:
These are security geeks looking to explore holes in systems; it’s what they do for a living (unlike a hacker – who typically uses known exploits to circumvent infrastructure, not create their own)
They explain that the exploit was extremely obscure. It was like accidentally finding a needle in a stack of needles (my words, not theirs).
They explain even they just stumbled upon the bug – “We were in the right place with the right tool”
They discover that this is a wide-reaching problem, “impacting 66% of all known websites”
They share the bug with the OpenSSH team (this is good!)
They then [and this is speculation] share with their management who ask themselves “hmmm, how can we make this about us and turn this into a huge media circus to add a spotlight on our company??”
They then purchase a web domain, explain the exploit, CREATE A FREAKIN’ LOGO, and launch a giant advertising campaign to push out knowledge about this exploit to everyone and their mother
And we’re (IT administrators) are now supposed to thank them like this is a huge favor to the security community. I don’t think so. I was perfectly happy letting a sleeping giant lay. Odds are no one would ever have found out about this bug if they didn’t decide to spread the message like wildfire.
Now, instead of having a contained situation that a few ‘inside’ people know about and can work to devise a plan to silently fix, we have raging pandemonium which may not fully sort itself out for many years to come. For example, there may be networking devices or systems out there which may not ever be patched.
This is exactly why in aliens-attacking-the-earth movies when the President finds out they’re coming, the first thing he DOES NOT say is “Let’s go tell the press! We should cause an immediate riot with this information.” Because we all know knowledge of this kind, in a rampant and undigested form, is often destructive. In this case, the people who really shouldn’t find out about the issue are the first to know and probably the first to exploit people’s systems.
So in conclusion – while many continue to herald Codenomicon as pioneers and innovators in their space — I will say: curse them and the way they went about this sticky mess. They should have let sleeping dogs lie, quietly communicated the vulnerability, and the standard OpenSSL release management process would have fixed the problem over time. Instead, they decided to try to capitalize on this find and make a name for themselves.
Because at the end of the day, this is a true Catch 22. Since this is a highly-used open source protocol, if the security community DOESN’T tell everyone about the bug, it’s considered being non-transparent and unethical.
Cartman Rides on the Back of Cthulhu
However, if they DO tell everyone about the bug, then nay-sayers like me say they have awoken The Kraken–who would have laid dormant and/or unknown by the world. And Codenomicon is like Eric Cartman riding on its shoulder, capitalizing on the destruction of the Internet. Praise to them for their “innovation.” Bah!
Poorly executed, Codenomicon! I have nothing but disdain for how you handled this situation.
We’ve launched a video showing how Qfuse can be used as a mobile website and landing page builder. Check it out below!
Here’s a transcript of the video.
Qfuse makes it easy to produce great-looking mobile websites and landing pages that are optimized for display and performance on smartphones, like iPhone, Android, and Windows Mobile.
Our professional mobile website builder is loaded with features and allows you to see all of your edits as you work, in real-time
Quickly customize your mobile landing page to match your brand by uploading your logo and customizing your color scheme.
Choose a mobile website template from our template library or define your own custom style with a few clicks.
Create mobile pages with text content, image galleries, videos, and social media capabilities. Qfuse also makes it easy to add interactive features to engage your users, such as click-to-call buttons, customizable contact forms, and GPS mapping with Google Maps. Best of all, Qfuse has industry leading real-time analytics to show exactly how your mobile pages perform and what visitors do on your site.
Whether you’re a small business that needs a simple mobile-friendly version of your regular website, an agency that needs to efficiently build and manage thousands of mobile landing pages for your ad campaigns – or anything in between – Qfuse has you covered.
Let us know what you think of our latest video below!
According to a recent Forbes article on mobile technology, 2014 is going to be ‘the year of mobile.’ What is meant by this is that mobile will finally become a “mainstream marketing solution.”
Mobile has been largely adopted by consumers, and yet it has taken marketers a few years to catch up, or really to even put themselves in the race. The numbers though are getting to a point where marketers must take this increasing gap seriously. According to data from IBM’s Digital Analytics Benchmark, mobile traffic is driving 25% of total online traffic to retail sites, is accounting for more than 20% of all online sales, and mobile sales are up 55% over last year with exponential growth appearing very likely.
According to the Forbes article, the average firm invests only two to three percent towards their mobile budgets, but the leading mobile firms are beginning to increase their mobile budgets to 10 or even 25%. Indicating that some firms are finally starting to take mobile as seriously as they should.
As Jay Henderson, Strategy Program Director at IBM, states in the Forbes article, the best strategy for firms is “to take a ‘mobile first’ approach,” and he “encourages marketers to build mobile sites form the ground up, rather than force fitting an existing website into a smaller format.” This is also what we would advise at Qfuse.
This is an important point, because rather than viewing mobile as separate and relatively insignificant, it should be viewed as vital to how business will be done in the near future, and integrated into the overall business plan.
As Henderson is quoted in the article, it is forward thinking marketers that “are investing in their mobile apps to include maps of the store, special promotions, and location based targeting. Companies are adding QR codes and NFC to their in-store display to help bridge from physical to mobile.” These sort of integrated plans will go a long way for the firms which implement them earliest. Helping to increase in store sales, prevent lost sales from showrooming, helping increase brand interaction and awareness, and simply creating a better experience for the customer.
For marketers, 2014 should be a year of transition to mobile, and a year of mastering mobile technology and its existing tools. Creating a strategy to build mobile from the ground up, and then connecting mobile to your physical marketing plan—through tools like QR codes, NFC tags, and mobile apps—will greatly increase the efficiency of the overall marketing strategy and enhance the end objectives.
To read more on this issues check out the Forbes article here, and to get started on, or improve upon you existing mobile strategy, check out Qfuse here.
With the ever exponentially growing mobile usage it can be difficult for companies to keep up, and in fact few are. This means that if a company can quickly move to mobile, and do it right, they can potentially find themselves filling that market hole over their competitors and reaping significant rewards.
As you will see in the Infographic below, brought to you by Surge, you will notice that as of 2014 mobile web browsing will account for half of all browsing. If half of web usage is on mobile, and you aren’t—or you are only dipping your big toe into the mobile waters—then you are missing out on connecting with half of the entire market.
It should be pointed out that it isn’t JUST about getting onto mobile, more importantly it is about doing mobile correctly. This means ensuring your mobile optimized site functions flawlessly since “46% of consumers are unlikely to return to a mobile site if it didn’t work properly their last visit,” and if you site takes more than 5 seconds to load, 74% of users will leave the site. Advertisements or search results that mention a location also see a 200% increase in click-through rates as mentioned in the infographic below. This means that if you are not doing mobile correctly, it might be as bad, or even worse, than not doing mobile at all.
In regards to e-commerce one in five smartphone users scan product codes like QR codes to access information or make purchases. This means that using things like QR codes or NFC tags might help ensure you capture a greater number of sales than you otherwise might without these codes on your physical marketing or packaging.
The future of mobile around the world looks promising, and the growth is very much exponential. So take a look at the infographic provided by Surge, consider where you and your company’s mobile strategy currently stands, and begin to develop a plan and make the necessary changes to match where the mobile market future is headed. You will be far ahead of the competition.