___________________________________________________________
Computerworld's Security Newsletter
May 7, 2007
___________________________________________________________
In This Issue
-----------------
1. Editor's Note - By Angela Gunn - The not-so-simple life in IT
2. Top Story - Trojan horse impersonates Windows activation to snatch credit
card numbers
3. Security Appliances: Are They Good Enough?
4. Businesses Speak English, But ...
5. Security Manager's Journal: When Offshoring Comes to Infosec
6. Opinion: Security Isn't Just Avoiding Microsoft
7. Restaurant Chain Beefs Up Payment Card Protections
8. Gathering (virtually) to examine the edges
9. Computerworld presents: The first tech blog aggregator powered by humans
10. Great leadership wanted
Manage Your Newsletter Subscription:
http://www.computerworld.com/action/member.do?command=newsletterLogin
********************** Advertisement ***********************
Tumbleweed offers an easier way to secure your messaging.
http://cwflyris.computerworld.com/t/1518817/114916/62217/0/
************************************************************
1. Editor's Note - By Angela Gunn - The not-so-simple life in IT
It would be a wonderful thing for Computerworld.com if Paris Hilton were
capable of holding a job, because with that one hanging around someone's office
we'd never lack for Shark Tank chum. But chances are you've got your own Paris
somewhere at work, and she's a security problem waiting to happen.
I'm not saying that one of your co-workers (male or female) is a person of
loose on-camera morals, or terminally vapid, or even a bottle blonde. I'm
talking about that co-worker that manages to ignore advisories, written
warnings, and direct instruction on security practices and, when stuff goes
wrong, whines
(http://www.news.com.au/heraldsun/story/0,21985,21677969-2902,00.html) that "no
one told" him or her and that the authority figures are being mean... go on,
you know this drill. And what happens when that person inevitably messes up?
Someone else's job is on the line -- for Miss Hilton her publicist's, for your
company, quite possibly yours.
In cosmically related news on Friday, officials in Colorado are trying to
figure out (http://scoop.epluribusmedia.org/story/2007/5/4/16524/59764) whether
they didn't know or just didn't care about Dan Kopelman, the former tech
manager in the Secretary of State's office who had a nice private business on
the side selling voter data to candidates -- in fact, specifically to
candidates of one political party * .
The link above (to "ePluribusmedia.org," a citizen-journalism site; the story
was picked up
(http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_5521831,00.html)
over the weekend by the Rocky Mountain News) lays out the story nicely. A read
of both the story and the comments following it will give you a whiff of what
life might be like if Miss Hilton went into IT -- questionable liaisons
involving irregular access leading to dicey grey-market video... I mean, data.
I suppose we should be glad this isn't a tacky video, but merely a database of
voter information for sale by a guy who recertified e-voting machinery and
works on a statewide voter database. (After all, if it were a geek remake of
"One Night in Paris" we'd never hear the end of it on YouTube, and also we'd
most likely all try to tear out own eyes of their sockets. That would be bad.)
Except, of course, if you vote in Colorado and are concerned that this
situation apparently obtained for quite some time -- including during not only
Secretary of State Mike Coffman's 2006 campaign but during Dan Kopelman's own
run for elective office that year.
The Hilton-style excuses and shrugging are seriously underway, with the
Secretary of State's office saying that no one knew Kopelman was running such a
side business -- except that expense reports from the SoS's campaign office
showing payments to Mr. Kopelman and his "Political Live Wires" DBA during a
leave he took to help with that campaign. I'm eager to see how the story
develops, but I suspect I know how this will go -- whining about how people are
being just! so! mean!, and making life difficult for those trying to restore
order and decorum to the scene.
* Not that it matters which one, but in these situations I always find it most
useful to imagine it's the party I would least like to have any sort of
questionable advantage.
-- Monday's picks --
One more day for that ugly DNS-server bug to flap in the wind before Microsoft
issues a patch. Meanwhile, the TSA can't find one of its external hard drives
containing records for around 100,000 current and former employees. I'm betting
they left it in a grey plastic bin somewhere.
- Microsoft promises DNS patch Tuesday
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018647
- TSA hard drive goes missing, 100K worker records at risk
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018678
-- Angela Gunn
Security Channel Editor, Computerworld's Security Channel
http://www.computerworld.com/taxonomy/000/000/000/taxonomy_000000017_index.jsp
mailto:[EMAIL PROTECTED]
********************** Other Resources *********************
End users can now be compromised by simply opening a malicious Word, Excel or
PowerPoint document sent via email, or browsing malicious web sites that
exploit vulnerable client-side code. This resource from Computerworld and Core
Security will show you how to proactively identify, expose and protect your
organization from these threats.
http://cwflyris.computerworld.com/t/1518817/114916/61121/0/
Turn Information into Higher Business Performance.
http://cwflyris.computerworld.com/t/1518817/114916/58697/0/
Endpoint Security Virtual Conference: This free Computerworld conference will
focus on strategies for protecting data at the edge of your network. Register
now.
http://cwflyris.computerworld.com/t/1518817/114916/59416/0/
Foundation Repair: The New SSL; A New Model for SSL Certificates and Browser
Trust. Get this white paper now!
http://cwflyris.computerworld.com/t/1518817/114916/61122/0/
************************************************************
2. Top Story: Trojan horse impersonates Windows activation to snatch credit
card numbers
http://cwflyris.computerworld.com/t/1518817/114916/62221/0/
Symantec Corp. researchers are warning of a Trojan horse in the wild that poses
as a Windows activation program to dupe users into entering credit card
information in an attempt to reanimate their machines.
3. Security Appliances: Are They Good Enough?
http://cwflyris.computerworld.com/t/1518817/114916/62222/0/
The use of security appliances is growing, but how, when and where they're used
makes all the difference. The question prospective users need to answer is, how
much security is good enough for a particular location?
4. Businesses Speak English, But ...
http://cwflyris.computerworld.com/t/1518817/114916/62223/0/
On the Mark: Learning English is essential in global business and IT. Mark Hall
learns about on-demand software that targets non-native speakers who need to
know English to get ahead.
********************** Advertisement ***********************
Evaluate Burstek Internet Security Software: Get a Free Laptop Light!
Stop paying big brand prices for Internet security software!
Burstek offers ISA, Exchange & Small Business server customers
the most powerful solutions for Web filtering, blocking
and reporting -- at fraction of the cost!
Evaluate Burstek today and GET a FREE USB Laptop Light!
http://cwflyris.computerworld.com/t/1518817/114916/62224/0/
************************************************************
5. Security Manager's Journal: When Offshoring Comes to Infosec
http://cwflyris.computerworld.com/t/1518817/114916/62225/0/
Mathias Thurman gets word that some information security operations will be
outsourced, and it has him worried.
6. Opinion: Security Isn't Just Avoiding Microsoft
http://cwflyris.computerworld.com/t/1518817/114916/62226/0/
Opinion: Ben Rothke says life without Microsoft wouldn't improve security in
any meaningful way. Only effectively training your users can do that.
7. Restaurant Chain Beefs Up Payment Card Protections
http://cwflyris.computerworld.com/t/1518817/114916/62227/0/
The Steak n Shake restaurant chain has had to tighten up its payment security
measures to comply with the card industry's PCI standard -- a move that has
required a series of IT changes.
********************** Advertisement ***********************
Title: Security and Device Management
This new Computerworld produced report will explain best practices for
extracting value and productivity from mobile devices without compromising
corporate security. This $95 report is being made free for a limited time.
http://cwflyris.computerworld.com/t/1518817/114916/62228/0/
************************************************************
8. Gathering (virtually) to examine the edges
http://www.endpointsecurityconference.com/eng/nonAuthGeneric/redirect.cfm?sectionID=registrationForm.cfm&path=specificComponents&selectedMenu=1&tag=edit
The EndPoint Security Virtual Conference will assemble robust content, renowned
thought-leaders, engaged attendees, and vendors with solutions specific to
Endpoint Security. As a thank you, you will receive the results from our
exclusive Endpoint Security Survey to benchmark your efforts against those of
your peers.
9. Computerworld presents: The first tech blog aggregator powered by humans
http://www.techdispenser.com?source=tdnlp
TechDispenser.com is different from the bot-powered landscape of news
aggregators. Each piece of content is hand selected, categorized and
prioritized by Computerworld's editors. Our constantly growing network
represents some of the most creative minds in technology. Check it out now!
10. The 2008 Premier 100: Great leadership wanted
http://www.computerworld.com/p100nominations08
Know any outstanding IT leaders? Nominate them today for Computerworld's 2008
Premier 100 IT Leader Awards. Just click on the link above to fill out the
simple form. We'll take care of the rest! The nomination deadline is May 31,
and honorees will be notified in the fall.
Manage Your Newsletter Subscription
--------------------------------------
You are subscribed to Computerworld's Security Newsletter, whose internal
list name is: computerworld_security.
The e-mail address you are subscribed with is:
archive@mail-archive.com
To unsubscribe, change your preferences or change your e-mail address,
please visit our Web-based subscription center:
http://www.computerworld.com/action/member.do?command=newsletterLogin
If the above URL is not clickable, please copy and paste it to your
Web browser's address field.
Tell a Colleague or Friend About Security Newsletter
-----------------------------------------------------------
Do you know someone who might like this newsletter? Please send a
recommendation, and pass them this convenient subscription link:
http://www.computerworld.com/action/newsletter.do?command=registerNewsletter&newsletterId=1025
Feedback
---------------
To submit feedback about this newsletter, send a message to:
mailto:[EMAIL PROTECTED]
Privacy Policy
-----------------------
Please reivew our privacy policy:
http://www.computerworld.com/action/pages.do?command=viewPage&pagePath=/about_policies
Advertising
-------------------
For information on advertising, contact Sean Weglage:
mailto:[EMAIL PROTECTED]
Try the Other Computerworld Newsletters
------------------------------------------
Did you know Computerworld has more than 45 other e-mail newsletters
that may be of use to you? Please visit the following Web page to
find out more:
http://www.computerworld.com/action/member.do?command=registerNewsletters
Computerworld Inc.
http://www.computerworld.com/
One Speen Street
Framingham MA 01701
Copyright (C) 2007 Computerworld Inc.
