danger

Phishing for presidential candidates

Mon, 15 Oct 2007 06:59:59 -0400

This year's presidential candidates will be facing the same kind of hack attacks that commercial websites are facing. Just how many of these candidates have CIOs on board? There are probably very few. But it is an idea that they might consider, as the threat to a candidate's online contributions gets bigger with attacks such as phishing, which can worm their way onto a site and divert online contributions to an opponent. "The threat that poses the most danger now is what has posed the most danger in the past," said Oliver Friedrichs, the director of Symantec's security response team. "Phishing is the most significant problem now, and it has the potential to disrupt campaigns or even competing campaigns." There are plenty of other headaches too. Hackers could pose as the real deal in order to harvest contributors' credit card and bank account numbers. In 2004, only two phishing attacks were identified. Both attacks targeted Democratic presidential candidate John Kerry. But this time, experts say the 2008 campaign will see a much larger number of election-oriented phishing campaigns. Do you think every campaign needs a CIO to help them out?

To read more:
- see this InfoWorld article

Open-source can be risky business

Tue, 08 May 2007 20:01:39 -0400

For CIOs, the governance of open source can be very tricky. Governance of open-source technology is critical; without knowing how it was obtained and how it's being used, companies can get sued over its use. There are also downtime risks; organizations need to know how to deal with open-source technology when it fails. Another risk is compliance. With workflow in place to enforce open-source polices, organizations can ensure that they have the proper controls in place to satisfy any applicable regulatory requirements. There are products available to help, however, such as those from OpenLogic and SourceLabs. These products offer open-source support or maintain certified repositories of open-source technology. They also pinpoint problematic open-source products and include basic governance and workflows that help companies track what's being used and how it's used. But some believe these products aren't enough. Policies and practices have to go with the software.

Read more about managing open-source in the enterprise:
- read the article at ComputerWeekly

ALSO:
- read this on how open-source has grown up
- and this on the danger of open-source

Open-source grows up

Wed, 25 Apr 2007 20:01:38 -0400

Traditionally, open source has worked best in those areas of the software stack that have broad user populations, such as operating systems and browsers. Open source works less well in applications with a smaller universe of users. But that's changing as vendors discover business models that would allow companies to make better use of open-source, while making money for vendors. These days, a community dedicated to open-source is looking for new, merging markets. The next decade belongs to the innovators in new markets, which will largely be shaped by open-source, not traditional, proprietary software.

Read more about the future of open-source:
- read the blog at InfoWorld

ALSO: read this on the danger of open source

ALSO NOTED: Microsoft's four patches fix nearly a dozen flaws; NY super computing center re-energizing more than gene discovery

Tue, 09 Jan 2007 19:01:33 -0500

> Microsoft's four patches fix nearly a dozen flaws. Article

> NY super computing center re-energizing more than gene discovery. Article

> Hacking exploit puts copy protection back in danger. Article

> Firefox bug fixes for Vista integration coming February 1st. Article

> The prominent role blogs are playing in French elections. Article

> Perks push Google to top of best place to work list. Article

And Finally... Looking for an island? Here's one for sale. Article

Company escapes close call with logic bomb

Wed, 20 Dec 2006 19:01:39 -0500

As many security experts have warned, the greatest danger to data and networks is the human element, especially with regards to those in the know about systems and infrastructure. A systems administrator is being charged with trying to set off a logic bomb within his company's network but was thwarted by a colleague who discovered the nasty code before any damage could be done. The allegations come close on the heels of another case where another IT professional was given an eight-year sentence for detonating a logic bomb at UBS PaineWebber.

For more on the latest bomb incident:
- read the news at TechWeb

ALSO NOTED: U.S. data breach level hits the 100M point; Small enterprises need not be scared of VoIP; and much more...

Thu, 14 Dec 2006 19:01:33 -0500

> U.S. data breach level hits the 100M point. Article

> Small enterprises need not be scared of VoIP. Article

> A list of good blogs for keeping up on storage issues. Article

> Understanding IT hierarchy and the business connection. Blog

> Analysts: Vista likely Microsoft's last big system bang. Article

> Identity protection in danger of being repealed. Article

And Finally... A holiday gift guide for last minute shoppers. Article

SPOTLIGHT: Mobile security issues increasing

Mon, 11 Dec 2006 19:01:34 -0500

Mobile devices are increasingly under attack, according to new research from Juniper Networks and the danger is coming from all sides. Malware, viruses and hacking are all on the rise and vendors releasing mobile security tools and applications will be the big beneficiaries. Article

Getting a grip on rootkits

Tue, 21 Nov 2006 19:01:39 -0500

While they're not topping the big security threat lists, rootkits still pose a danger to today's enterprises. It is extremely important to understand what a rootkit is and how it can be used maliciously by hackers and worm writers. Knowing how to eradicate the threat with new tools available to security and IT leaders is equally important. As recent news items relate, rootkits aren't going anywhere fast so like with any security vulnerability, the more you know, the more secure you can be.

For a comprehensive look at rootkits:
- check out the feature at Network Computing

Related Article: More on tools for fighting rootkits. Article

New worm can knock down firewall, connectivity

Mon, 30 Oct 2006 19:01:39 -0500

Thanks to hackers, there is now malicious code available that can disable the Windows Firewall on some Windows XP PCs. According to security experts, the code can terminate Windows' Internet Connection Service (ICS) and the Windows firewall. While there's little danger if a machine is offline, it could cause a lot of damage in enterprises that leave their PCs on standby. One solution is for ICS users to move over to a router or network address translation device, in order to stay safe and online.

For more on the latest hacking development:
- read the news at Computerworld

PLUS: New bug in IE7 is unpatched flaw from IE6. Article

Using behavioral markers to keep internal risk low

Sun, 27 Aug 2006 20:01:35 -0400

Internal risks are a major culprit when it comes to unauthorized network access and data leaks but trying to figure out which employees, if any, pose that type of danger can be daunting (unless they clearly display disgruntled behavior). However, as some experts advise, there are ways to spot such problem employees before they do any damage, through behavior assessment. Big signs include aggression in the workplace, insubordinate acts, and nasty communication with coworkers and supervisors. They're called behavioral markers and paying attention to them can help IT ensure that the internal risk factor stays low.

For more on identifying employee malcontents:
- read this article at InformationWeek