Security

When I was growing up we lived on a dead end street which ended perpendicular to a railroad track. So, needless to say, my brothers and I along with our neighborhood friends, put our share of items on those tracks so we could watch them get smooshed by the next passing train. At the time, we didn't have access to hard drives but you can be sure that they would be perfect fodder for our crushing exploits.

It's IT Blogwatch: in which many ISP subscribers could have been at risk of "undetectable" phishing attacks for 18 months. Not to mention analytics, according to Captain Kirk...

Robert McMillan reports:

A vulnerability in servers used by EarthLink to handle mistyped Web page requests may have allowed attackers to launch undetectable phishing attacks against any Internet site, according to a noted Internet security researcher ...

Some people are still getting the terms mixed up for penetration tests, audit, assessments, etc. In informal company, sometimes that is OK, but when you are asking someone to do some work, the terms need to be defined well.

Looks like phishers are still at it, only now the targets are executives and they're being lured with "promise" of a subpoena. The problem is that once they follow the provided link in the email message, they're not really being directed to a federal court site, although the name "uscourts.com" may lead them to believe otherwise (perhaps because there really is a "uscourts.gov").  They're brought to a site where they're instructed to download a plug-in so that they'll be able to read their subpoena. Unfortunately, in reality the plug-in is malware.

It's IT Blogwatch: in which we think we know the release dates for Windows XP Service Pack 3. Not to mention National High Five Day...

I guess sometimes even us IT guys have to concede that low tech does have its place. While colleges and universities aren't abandoning their recent forays into high-tech alert systems, many are also turning back the clock and using WWII-reminiscent systems. I read an article "Colleges now on alert in low-tech ways, too" by Greg Toppo that explained why using both modern and old-fashioned approaches are a good idea.

There's a new security policy at this biotech company: When logging in on a PC, the username field will now be blank, and everyone will have to input the name together with the password.

Some people think that security awareness is an exercise in futility. I think it is an important layer in security-in-depth, especially when dealing with the spear phishing that is going on these days.

It's the real deal: Tonight on PBS, National Geographic has a special documentary on counterfeit goods that you don't want to miss. Illicit: The Dark Trade is a chilling piece of work...

Home-user client calls this consultant pilot fish and says her e-mail isn’t working -- and no matter what he does, the system won't let fish in. ...

Virtual machine software and new hardware may be the breakthrough thin client advocates have been waiting for.

OK, so it's not illegal to sell some government defense products, but common sense - and common decency - should still prevail. According to this Computerworld article, "GAO: Stolen U.S. military gear sold on eBay, Craigslist" stolen U.S. military equipment was discovered being sold on eBay and Craigslist.

Traditional virtual desktop infrastructures simply shift the administrative burden from endpoints into the datacenter. Citrix' XenDesktop separates applications, user profiles, and the operating system in a virtual desktop infrastructure to heighten the user experience while sharply reducing IT handling costs.

How many people do you have working to protect your data, systems and networks? The way you're counting them, it's probably not enough.

Last week a Microsoft exec revealed that Vista's User Account Control (UAC) scheme was designed from the ground up to keep people safe by constantly annoying them. Microsoft needs to learn that security through annoyance isn't the way to keep users safe --- or to keep them as customers.