The software giant may be showing signs of slowing as the Core Brand Power 100 2007 Study shows the firm slipping from one of the top ten most powerful and recognizable brands the world over. The study shows that in 1996, the company was ranked number one to its current level at 59. This might be why the company is continuously surprising industry leaders with bold moves in the industry. Its current foray into the acquisition of Yahoo, the opening of doors for sharing some of its trade secrets and many more unknown strategic moves which might show they are looking for a boost to its business. The company has lost favor of many companies who have been loyal to its product lines but have now turned to cheaper and free versions offered by open-sourced developers. Open Office, which is similar to Microsoft’s office, is a better and cheaper choice for businesses who are now trying to save all they can due to the current financial crisis.
Many have also opted to use Linux and the many other Unix-based operating systems which cost a lot less that mass volume licensing Windows. Some are even free which is blamed as the main reason for their favorability. These competing operating systems also have fewer requirements with regards to hardware with the most basic stripped versions which can be used as web servers able to run at older machines. Linux is re-compilable, meaning it can be stripped down of all unnecessary components which makes it faster and cheaper to implement. Windows has strict requirements with regards to processor type, the amount memory and hard disk space which it gobbles up in no time. The advent of a Windows-like interface for Linux has also made the cut deeper into the Windows market along with the release of more and more open sourced applications that can do what Windows-based ones do.
Their monopoly on the Operating system market might still be tight but elsewhere, it’s downhill. The many bugs and weaknesses of Microsoft software is also proving to be too costly for businesses and for something they pay so much for to cause so many problems they are starting to think twice before getting more of their products. Though still a player in the IT industry, it may only be time before some other IT giant is born to take its place as the world’s most prolific software vendor/developer.

Tags: Microsoft, Open Office, Open-Sourced

Categories: General, News, Real-World Issues

Leave a Comment

The internet has evolved into an uncontrollable organism or entity that no one can control. The wide scope and the millions of interconnected computers that make it up are all part of the system which makes it possible. Most IT experts that the internet is in need of an overhaul but the huge cost of making it better and removing all the problems that have been answered, that gave birth to several more problems is proving to be so hard to stop they defer it to the next time they get to it. There is much to be done with the internet, such as the establishment and replacement of ageing fiber optic networks that have failed before. Better equipment such as routers, switches and the implementation of back-up data transmission systems which would make it fail-proof would be a nice idea. Vulnerabilities which hackers capitalize on could be patched and repaired leaving less room for attacks. DOS attacks wherein data hubs are overloaded
True to this, most of the equipment in use by the internet has been gradually replaced with better and newer hardware but very vital links which cannot be turned off or hot swapped are prone to fail at a time or another. The failure of just one major link in the chain of inter-linked fiber networks can impact millions of users causing delays in internet use, millions of dollars of lost revenue for Internet based firms and other more sinister effects which could result in world turmoil. Imagine the network system of a small country which bought nuclear weapons off the black market can have these nukes launched beginning the end of all human life on earth. Banks which now use the internet for their transactional data transmission would have back-logged processing causing delays in millions of customer’s transactions.
The internet is indeed in need of a major overhaul yet the burden of cost and disruption is to prohibitive of such a move. It may happen sometime soon but with the current financial market crisis which is currently sweeping the globe, not in the too near future.

Tags: Fiber Optic Hubs, Internet Flaws

Categories: IT Security Basics, Malware, Network Security, Real-World Issues

Leave a Comment

Banks and other financial institutions are the most attacked institutions in the world which accounts for millions in losses according to RSA, one of the IT Industry’s leading security firms. The rise has been foreseen and predicted for many years yet banks are simply not taking it too seriously. Phishing involves the leeching of client information from bank networks for use in scams and fraud. This type of attack sits next to identity fraud and credit card fraud as the most expensive financial loss generators for the banking industry. The phishing attacks target mostly US based firms with the UK ranking second. Many countries are following as targets for phishing by hackers who aim to use the information they obtain for personal gains.
The banking industry is considered to be one of the most secure and IT dependent industries in the world but the diversity and sheer number of attacks is taking its toll on their systems prompting them to take notice. Credit Card fraud alone accounts for billions in losses worldwide that is suffered by financial institutions adding to that the newer types of attacks making it an IT Security Managers worst nightmare. In Europe, Germany is hailed to be the financial hub in the region yet it has managed to repel attacks which isn’t the same with it’s other neighboring countries. More strict legislation might be needed to deter criminals who now opt to use computers rather than a gun which is safer and involves less effort.
The Credit card Fraud problem is being addressed by the implementation of PCI DSS which is to secure and prevent hackers from getting card customer information while it is in transit over the network. The attacks now focus on more public domain which is the internet through social networks which is where most phishing attacks usually occur.

Tags: Bnaking IT Security, Credit-Card-Fraud, Fraud, identity-theft, Scams

Categories: IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies

1 Comment

The advent of cheap wireless technology such as routers for as little as 50 Pounds has made the wireless revolution a true headache to IT managers from all over. Suddenly, the once secure office database and programs is open to all types of vulnerabilities from viruses to hackers getting stuff off the company’s servers selling or using it for profit. Securing the wireless network is proving to be harder than wired ones for the de-centralization of data once contained within corporate firewalls became mobile through WiFi enabled laptops and other digital devices.
Securing the entire WiFi network is out of the question due to the dynamic structure of such networks. Even the internet has been so hard to police that companies nowadays rely on end-point intrusion prevention methods using software and hardware that are pre-loaded with security systems. This would be the best option for the internet is a very dangerous place which no amount of security software can secure. Even with super-computers the task would be difficult due to the millions of computers that are interconnected forming the internet.
For corporate security it is also vital to have proper education for employees regarding the risks of unauthorized WiFi connections from within the company. Security engineers should also be aware of the risks and goals of the measures they are implementing so as to avoid holes in the security net they are putting in place. If possible invest in education seminars regarding real life scenarios which can raise awareness. Also allow employees to voluntarily declare personal devices which they bring into the office. This avoids the unauthorized occasional iPhone from popping up in your network scans. Regularly check for malware which may have gone through the security net which is already in place and keep all security software up to date.

Tags: End-Point Intrusion Prevention, WiFi Risks, WiFi Security

Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies

Leave a Comment

Viacom, the company that owns MTV has confirmed the fact that there was indeed a leakage of information from their system that has resulted in personal information such as Social Security numbers, Birth dates and other employment related data. They confirmed the fact that the said information was taken from an employee workstation which may have been infected by malware that sent the said information to the outside without the management knowing about it. These types of problems are now becoming more common as people go on the web and as this case shows, the workstation in question was said to have entered a social networking site through which may have been the path the malware took. The said information was contained in password protected files and the company has said that it has launched an internal investigation as to why the employee in question may have been able to access the said site from the office workstation.
Information leakage such as this case is now so common that they happen even without anybody knowing about it. Even with installed security and intrusion prevention systems, programs that piggy-back onto legal programs have found and exploited ways to circumvent them exposing themselves to protection systems as legitimate programs. Social networks have been targeted as with the problems with Goggle’s Orkut, Myspace and the many other social networking sites which have fallen to hackers who use them as launch/propagation platforms to unload their payloads of Trojans, key-loggers and many other forms malicious code.
The Web transforming into the social network may be the best thing that has happened to many but it remains to be a thorn in IT Security People from all over. Many have fallen victim to such instances that have resulted in credit card fraud and full-blown identity theft cases which are a real-world issue everybody has take notice of. The threat is real and we must all make it a point to do our best. Install the proper intrusion prevention systems and establish systems usage security protocol which will minimize exposure to such threats which are sure to invade more of our daily lives as we go on living a second life in the internet of today, the Social net.

Tags: MTV, Social Networking, Spyware

Categories: General, IT Security Basics, Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware

Leave a Comment

As if we haven’t gotten enough warning about free stuff of the web, here’s a classic case of such malware found by an unsuspecting programmer who just happened to casually do a de-compilation of a popular utility used on Google Mail that allows archiving of all your email. As the story goes, A programmer was on the hunt for a way to back-up his email from GMail which he submitted a request to CodingHorror.com for such a utility from fellow programmers. He was referred to a commercial program called G-Archiver which was distributed by an American firm Mate Media. As all freeware usually do (which is not as much as their advertising says) it disappoints him quite to the extent that he decides to reverse engineer(in the fashion of true hacking) the said utility only to find the email address and passowrd of the program’s creator within the code that raised red flags as to the reason behind the said suspicious details. As it turns out, the said program was sending private data with respect to the users who have downloaded and used the said utility to archive their Gmail accounts.
The program contained the said information (email address and password) of the programmer so the said utility can send information to him without the users knowing about it from any platform and location it may have been used.
Most of the sites which offered the program for download have removed them from their software offerings and the authors at ZDnet Asia where this was first reported have not been able to get a reply from the firm which distributes the said utility as to an explanation to the said event. This is a classic case of complacency wherein people rely on big names for their needs sometimes even sacrificing common sense in the process as sad as it may seem. The reluctance of the developers to reply to the said allegations. The programmer took the email address and the pasword using it to log-on to Gmail where he finds 1,777 email from all the people who have used the software including their passowrds and other vital information. So, be wary of free and sometimes harmless stuff, they are the ones who can do most harm.

Tags: G-Archiver Utility, Gmail, Spyware

Categories: General, IT Security Basics, Malware, News, Real-World Issues, Security Policies, Spyware

2 Comments

The European Commission is planning to implement biometrics screening and automated security checks for all visitors who wish to enter all the current member countries. This is a move to bolster internal security which has been quite troublesome in the past years with problems like terrorism and identity theft on the rise. The plan calls for mandatory scanning of a person for biometrics information which is compared to a database of known criminals and fugitives from around the world. This would bolster or even curb the growth of illegal immigrants who have overstaying status in that corner of the world. Though much of the plan is under wraps, it would surely include pioneering technology such as the facial recognition system used in the football match series that allows a person’s face to be scanned and compared to an online database of known hooligans which allows denial of entry to stadiums and even the host country to prevent violence. Hooliganism has risen in the past years with several violent clashes between police and rioters who have turned unruly during the games.
Several games had to be moved or postponed indefinitely due to fears of rising violence on and off the courts between rowdy fans and security forces.
The introduction of a scanning camera that has the ability to reveal what’s under your clothes but not enough to reveal the skin (which is to address privacy invasion issues of the past) is sure to play a vital part in the said security plan. The information of travelers would be scanned and entered into the biometric database upon visa application which is then again checked during entry into the country of destination. The system is initially for testing with suspicious travelers who may have something to hide, such as fake passports and other identity theft cases which if successful would be implemented full-scale to address the need for increased security.
All the above measures are to address the increasing cases of identity theft, cross-country crimes, illegal immigration and other related matters. Most of the countries who are voting for the said security measures are the ones who share borders with the exception of some like the UK which is separated from mainland Europe and some other countries that form the EU who are under deliberation if they would avail or support such a measure.

Tags: Biometrics, EU Security, Facial Recognition

Categories: General, News, Physical Security, Real-World Issues, Security Policies

Leave a Comment

In another addition to the UK government’s growing list of information security blunders, a data CD which was found labeled as coming form the UK Government’s Home Office Branch, was found lodged inside a laptop bought over the internet from eBay. Yes, bought online which at first was kind of funny for the laptop engineers who handled the device after it was brought in by a customer for repairs. The un-named customer apparently won the online bidding for the laptop and took it for repair to Leapfrog computers for repairs. The technicians found the disk crammed in between the keyboard panel and the main board and thought of it trivially till they read the words, “Home Office Confidential”. The seriousness of the situation arose when technicians found the laptop hard drive and the disk itself to be encrypted rendering the information stored within it un-readable. They immediately called the police which dispatched anti-terrorism units to recover the government laptop and took it to the Greater Manchester Police Headquarters for safe keeping.

These types of incidents are not unusual which began last year when on Nov 20, 25 million people and 7.2 million families had gone missing which had information such as names, addresses, dates of birth, child benefit numbers, national insurance numbers and bank and social security details. The Department of the Environment on the 11th of December, lost two computer disks containing names and addresses of 7,685 learner Northern Ireland motorists. On the same day, confidential information regarding dozens of prisoners/inmates released to private businesses. On Dec 11, a company union claimed that personal information of hundreds of members were sent to four companies by health authority employers. Unite said Sefton Primary Care Trust released data including names, dates of birth, salary, pension and national insurance numbers of 1,800 employees. On Dec 18, records of 3 million learner drivers’ information were lost when a hard disk which was sent to the US for maintenance was lost during processing. The HM Revenue and Customs Service lost 6,500 customers of private pension firms were lost contained within a computer cartridge. The NHS trust, lost patient information of 168,000 people and lastly, the Police records from Devon and Cornwall were found in a dump by a man looking for spare parts for computers who was going through scrap equipment.

Such incidents are alarming and very dangerous for some of the lost information were not even encrypted. The one they found within the laptop was encrypted but given time, a computer expert with no good intentions could theoretically have broken the code exposing sensitive information into the unknown. These are some of the ones that are publicly known and as it shows, the UK Government might want to shore up it’s strategy of safeguarding information for the public and it’s own sake.

Tags: Confidential Disk, eBay, UK Home Office

Categories: Cryptography, General, IT Security Basics, News, Real-World Issues, Security Policies

Leave a Comment

McAfee, one of the industry’s leading software developers of anti-virus software have through its Avert Labs has discovered a new Trojan that infects WindowsCE which was developed for the Microsoft PocketPCs. The Trojan, disables data and network security rendering it useless and can be installed via memory card. The Trojan has the nasty ability to defy removal through software methods with the exception of a total re-format and re-installation of the applications and OS from a secure and safe source. Infected users are also asked not to use flash drives or memory sticks with saved data for they can also contain the code which spreads the trojan.The Trojan was discovered in China and makes itself the home page of the heavily reliant PocketPCs on the web. Information regarding the device, serial number and other personal information are then sent to the author of the Trojan leaving it open to future attacks and installation of malware due to security that has been turned off by the said Trojan.

The Trojan has been found contained snugly within legitimate installers and Asia being one of the fastest growing areas for mobile devices it would only take a little time before the said Trojan aptly named InfoJack spreads and wreaks havoc on Asia’s growing mobile PC community. The US-CERT or Computer Emergency Readiness Team has already taken notice of the said Trojan and is closely monitoring for further developments. Them along with anti-virus developers are currently developing methods of defeating the perpetrator and hopefully also capture the crook who designed the said malware.

Tags: PocketPC, Trojan, US-CERT, Windoes CE

Categories: Backups, Cryptography, General, IT Security Basics, Malware, Network Security, News, Operating Systems, Real-World Issues, Spyware

1 Comment

To think the attacks over the internet would end, users of MySpace have been hit by a termed “Link Hack” which was discovered and is being studied by Websense which found the hack to re-direct the parsing process from the MySpace profile page, to the malicious site them back to the said legit page. The hack allows malicious code to be attached to all aspects of the MySpace page (such as the View Pictures, View Profile and other such legitimate functions that are normally used on the social networking site but instead of doing the requested operation, the user is re-directed to another site which prompts the user to click the back button or try to figure out what the hell just happened with the malicious phishing site getting all the info it needs and the cycle continues again and again.

The hijack process comes in stages and all the while the misguided clicks always execute a piece of JavaScript which re-directs the user to a page that seems to be the MySpace site but actually isn’t. The problem has seemingly dropped traffic due to the shutting down by the phishing site. Websense has informed the MySpace people regarding the matter and they are surely taking action to provide measures to ensure the privacy (which may be next to impossible to such open sites) of their subscribers. Symantec has also raised the alarm and has released information that can help users avert the disclosure of personal information to the said phishing site. MySpace has also identified several individuals who might be involved in the attack and have suspended their accounts as they continue to investigate the actions of these errant users and what part they had with the attach on the social networking site.

Tags: Link Hack, Malware, myspace, Social Network Under Attack

Categories: General, IM, IT Security Basics, Malware, Network Security, News, Real-World Issues, Review, Security Policies

2 Comments