___________________________________________________________ Computerworld's Security Newsletter
May 7, 2007 ___________________________________________________________ In This Issue ----------------- 1. Editor's Note - By Angela Gunn - The not-so-simple life in IT 2. Top Story - Trojan horse impersonates Windows activation to snatch credit card numbers 3. Security Appliances: Are They Good Enough? 4. Businesses Speak English, But ... 5. Security Manager's Journal: When Offshoring Comes to Infosec 6. Opinion: Security Isn't Just Avoiding Microsoft 7. Restaurant Chain Beefs Up Payment Card Protections 8. Gathering (virtually) to examine the edges 9. Computerworld presents: The first tech blog aggregator powered by humans 10. Great leadership wanted Manage Your Newsletter Subscription: http://www.computerworld.com/action/member.do?command=newsletterLogin ********************** Advertisement *********************** Tumbleweed offers an easier way to secure your messaging. http://cwflyris.computerworld.com/t/1518817/114916/62217/0/ ************************************************************ 1. Editor's Note - By Angela Gunn - The not-so-simple life in IT It would be a wonderful thing for Computerworld.com if Paris Hilton were capable of holding a job, because with that one hanging around someone's office we'd never lack for Shark Tank chum. But chances are you've got your own Paris somewhere at work, and she's a security problem waiting to happen. I'm not saying that one of your co-workers (male or female) is a person of loose on-camera morals, or terminally vapid, or even a bottle blonde. I'm talking about that co-worker that manages to ignore advisories, written warnings, and direct instruction on security practices and, when stuff goes wrong, whines (http://www.news.com.au/heraldsun/story/0,21985,21677969-2902,00.html) that "no one told" him or her and that the authority figures are being mean... go on, you know this drill. And what happens when that person inevitably messes up? Someone else's job is on the line -- for Miss Hilton her publicist's, for your company, quite possibly yours. In cosmically related news on Friday, officials in Colorado are trying to figure out (http://scoop.epluribusmedia.org/story/2007/5/4/16524/59764) whether they didn't know or just didn't care about Dan Kopelman, the former tech manager in the Secretary of State's office who had a nice private business on the side selling voter data to candidates -- in fact, specifically to candidates of one political party * . The link above (to "ePluribusmedia.org," a citizen-journalism site; the story was picked up (http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_5521831,00.html) over the weekend by the Rocky Mountain News) lays out the story nicely. A read of both the story and the comments following it will give you a whiff of what life might be like if Miss Hilton went into IT -- questionable liaisons involving irregular access leading to dicey grey-market video... I mean, data. I suppose we should be glad this isn't a tacky video, but merely a database of voter information for sale by a guy who recertified e-voting machinery and works on a statewide voter database. (After all, if it were a geek remake of "One Night in Paris" we'd never hear the end of it on YouTube, and also we'd most likely all try to tear out own eyes of their sockets. That would be bad.) Except, of course, if you vote in Colorado and are concerned that this situation apparently obtained for quite some time -- including during not only Secretary of State Mike Coffman's 2006 campaign but during Dan Kopelman's own run for elective office that year. The Hilton-style excuses and shrugging are seriously underway, with the Secretary of State's office saying that no one knew Kopelman was running such a side business -- except that expense reports from the SoS's campaign office showing payments to Mr. Kopelman and his "Political Live Wires" DBA during a leave he took to help with that campaign. I'm eager to see how the story develops, but I suspect I know how this will go -- whining about how people are being just! so! mean!, and making life difficult for those trying to restore order and decorum to the scene. * Not that it matters which one, but in these situations I always find it most useful to imagine it's the party I would least like to have any sort of questionable advantage. -- Monday's picks -- One more day for that ugly DNS-server bug to flap in the wind before Microsoft issues a patch. Meanwhile, the TSA can't find one of its external hard drives containing records for around 100,000 current and former employees. I'm betting they left it in a grey plastic bin somewhere. - Microsoft promises DNS patch Tuesday http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018647 - TSA hard drive goes missing, 100K worker records at risk http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018678 -- Angela Gunn Security Channel Editor, Computerworld's Security Channel http://www.computerworld.com/taxonomy/000/000/000/taxonomy_000000017_index.jsp mailto:[EMAIL PROTECTED] ********************** Other Resources ********************* End users can now be compromised by simply opening a malicious Word, Excel or PowerPoint document sent via email, or browsing malicious web sites that exploit vulnerable client-side code. This resource from Computerworld and Core Security will show you how to proactively identify, expose and protect your organization from these threats. http://cwflyris.computerworld.com/t/1518817/114916/61121/0/ Turn Information into Higher Business Performance. http://cwflyris.computerworld.com/t/1518817/114916/58697/0/ Endpoint Security Virtual Conference: This free Computerworld conference will focus on strategies for protecting data at the edge of your network. Register now. http://cwflyris.computerworld.com/t/1518817/114916/59416/0/ Foundation Repair: The New SSL; A New Model for SSL Certificates and Browser Trust. Get this white paper now! http://cwflyris.computerworld.com/t/1518817/114916/61122/0/ ************************************************************ 2. Top Story: Trojan horse impersonates Windows activation to snatch credit card numbers http://cwflyris.computerworld.com/t/1518817/114916/62221/0/ Symantec Corp. researchers are warning of a Trojan horse in the wild that poses as a Windows activation program to dupe users into entering credit card information in an attempt to reanimate their machines. 3. Security Appliances: Are They Good Enough? http://cwflyris.computerworld.com/t/1518817/114916/62222/0/ The use of security appliances is growing, but how, when and where they're used makes all the difference. The question prospective users need to answer is, how much security is good enough for a particular location? 4. Businesses Speak English, But ... http://cwflyris.computerworld.com/t/1518817/114916/62223/0/ On the Mark: Learning English is essential in global business and IT. Mark Hall learns about on-demand software that targets non-native speakers who need to know English to get ahead. ********************** Advertisement *********************** Evaluate Burstek Internet Security Software: Get a Free Laptop Light! Stop paying big brand prices for Internet security software! Burstek offers ISA, Exchange & Small Business server customers the most powerful solutions for Web filtering, blocking and reporting -- at fraction of the cost! Evaluate Burstek today and GET a FREE USB Laptop Light! http://cwflyris.computerworld.com/t/1518817/114916/62224/0/ ************************************************************ 5. Security Manager's Journal: When Offshoring Comes to Infosec http://cwflyris.computerworld.com/t/1518817/114916/62225/0/ Mathias Thurman gets word that some information security operations will be outsourced, and it has him worried. 6. Opinion: Security Isn't Just Avoiding Microsoft http://cwflyris.computerworld.com/t/1518817/114916/62226/0/ Opinion: Ben Rothke says life without Microsoft wouldn't improve security in any meaningful way. Only effectively training your users can do that. 7. Restaurant Chain Beefs Up Payment Card Protections http://cwflyris.computerworld.com/t/1518817/114916/62227/0/ The Steak n Shake restaurant chain has had to tighten up its payment security measures to comply with the card industry's PCI standard -- a move that has required a series of IT changes. ********************** Advertisement *********************** Title: Security and Device Management This new Computerworld produced report will explain best practices for extracting value and productivity from mobile devices without compromising corporate security. This $95 report is being made free for a limited time. http://cwflyris.computerworld.com/t/1518817/114916/62228/0/ ************************************************************ 8. Gathering (virtually) to examine the edges http://www.endpointsecurityconference.com/eng/nonAuthGeneric/redirect.cfm?sectionID=registrationForm.cfm&path=specificComponents&selectedMenu=1&tag=edit The EndPoint Security Virtual Conference will assemble robust content, renowned thought-leaders, engaged attendees, and vendors with solutions specific to Endpoint Security. As a thank you, you will receive the results from our exclusive Endpoint Security Survey to benchmark your efforts against those of your peers. 9. Computerworld presents: The first tech blog aggregator powered by humans http://www.techdispenser.com?source=tdnlp TechDispenser.com is different from the bot-powered landscape of news aggregators. Each piece of content is hand selected, categorized and prioritized by Computerworld's editors. Our constantly growing network represents some of the most creative minds in technology. Check it out now! 10. The 2008 Premier 100: Great leadership wanted http://www.computerworld.com/p100nominations08 Know any outstanding IT leaders? Nominate them today for Computerworld's 2008 Premier 100 IT Leader Awards. Just click on the link above to fill out the simple form. We'll take care of the rest! The nomination deadline is May 31, and honorees will be notified in the fall. Manage Your Newsletter Subscription -------------------------------------- You are subscribed to Computerworld's Security Newsletter, whose internal list name is: computerworld_security. The e-mail address you are subscribed with is: archive@mail-archive.com To unsubscribe, change your preferences or change your e-mail address, please visit our Web-based subscription center: http://www.computerworld.com/action/member.do?command=newsletterLogin If the above URL is not clickable, please copy and paste it to your Web browser's address field. Tell a Colleague or Friend About Security Newsletter ----------------------------------------------------------- Do you know someone who might like this newsletter? Please send a recommendation, and pass them this convenient subscription link: http://www.computerworld.com/action/newsletter.do?command=registerNewsletter&newsletterId=1025 Feedback --------------- To submit feedback about this newsletter, send a message to: mailto:[EMAIL PROTECTED] Privacy Policy ----------------------- Please reivew our privacy policy: http://www.computerworld.com/action/pages.do?command=viewPage&pagePath=/about_policies Advertising ------------------- For information on advertising, contact Sean Weglage: mailto:[EMAIL PROTECTED] Try the Other Computerworld Newsletters ------------------------------------------ Did you know Computerworld has more than 45 other e-mail newsletters that may be of use to you? Please visit the following Web page to find out more: http://www.computerworld.com/action/member.do?command=registerNewsletters Computerworld Inc. http://www.computerworld.com/ One Speen Street Framingham MA 01701 Copyright (C) 2007 Computerworld Inc.