|
|
|
| Related Articles |
| Client-side vulnerabilities loom large |
28 November 2007 |
| Critical vulnerabilities in common PC software, including both applications and operating systems, continue to grow in number and stand as the leading cause for concern in the IT security landscape today, according to training experts at the SANS Institute.Holes in so-called client-side applications, including Web browsers, e-mail clients, productivity suites, and media players, have become particularly worrisome over the last year, according to SANS, which highlighted the issue as part of its annual report on the top 20 Internet security risks for 2007.As hackers have shifted their attention further away from operating system flaws and drilled down to applications-layer vulnerabilities they have found a seemingly endless wealth of possibilities for infecting PCs with everything from spyware to botnet programs, SANS researchers contend.Unless something can be done to improve software developers' coding habits or better test popular applications for such issues before they land on end-users' machines, attackers will be able to continue their successful assaults against enterprise networks and devices for the foreseeable future, said Rohit Dhamankar, project manager for the Top 20 report at SANS and a senior manager of security research for TippingPoint.?"There's just been such a dramatic rise in the numbers of vulnerabilities found in applications like Internet Explorer and Microsoft Office and a number of media players that attackers are having their way," said Dhamankar. "Enterprises are bolstering security, but desktop users still pose a massive risk if they can download anything they want from the Web; the attacks are also growing in sophistication to the extent that many can defeat antivirus and other security systems primarily by obfuscating their code."Some of the most powerful tools that hackers have adopted in hunting for potential targets are the same industrial-strength applications fuzzing tools that software vendors themselves are using to search for holes in their products, said the expert.Enterprises could do themselves a favor by enforcing stricter policies that dictate the types of applications that end-users are allowed to put on their work machines and using technical means to ensure that those rules are being followed, Dhamankar said.Other SANS researchers noted that while companies may not want to tell end-users that they cannot utilize media players, messaging clients, and other applications that have moved into the business world from the consumer sector, they could help themselves out by limiting the variety of client-side applications that people may choose from."IT departments can't focus on all the applications of the world, but they can choose several and keep their eye on those while allowing end-users some freedom," said Amol Sarwate, research manager at Qualys who studies vulnerability patterns for SANS. "What companies need to do is enforce standards for applications usage and utilize technical means to block unwanted software, devices, and even wireless access points."While many businesses have already realized that they need to shift more of their efforts toward defending client-side vulnerabilities, most have failed to embrace a proactive approach versus simply keeping track of publicly-reported flaws and patching those issues said Sarwate.Enterprises need to think about future security issues
It will be particularly important for firms to examine the additional security issues that will be introduced in the coming years with broader adoption of technologies including VoIP (Voice over IP), according to the expert."The key is for people to start thinking ahead of these client-side vulnerabilities to understand what the next big thing may be. Things like VoIP need to be examined for their security implications," said Sarwate. "Many companies are already adopting these tools because of all the advantages they offer, but there will be many attacks carried out against these systems as well."Among the advice that SANS is offering organizations hoping to improve their client-side security coverage is to mandate secure configurations at installation time for all applications, to constantly verify patching and upgrading of both applications and system software, to scan for new vulnerabilities frequently, and to keep their security systems up to date.Other leading areas of concern highlighted by SANS in its report included critical vulnerabilities in Web applications that allow for cross-site scripting attacks or for computers to be otherwise compromised simply by pointing their browsers at poisoned URLs."Gullible, busy, accommodating computer users," including executives, IT staff, and others with privileged access also remain a major weak point for enterprise security, according to SANS, as these seemingly more seasoned users of computers and software are still falling for increasingly targeted spear-phishing campaigns in large numbers.One of the best ways to educate users about the problem is for organizations to create fake spear-phishing threats and send them out to internal users to determine which individuals might be most likely to fall for the schemes and follow up with additional training, the group said.Critical vulnerabilities in the software and systems that provide the operating environment and primary services to computer users, or server-side software, remain another area of leading concern, according to SANS.Problems in Microsoft Windows services, Unix and Mac OS services, back-up and AV programs, management servers, database software, and VoIP technologies in particular are proving troublesome, according to the report.Many of those issues can be addressed by following the same advice offered for solving client-side vulnerabilities, SANS said in the research. |
| |
| Panelists: Content management, meet social networking |
28 November 2007 |
| Enterprise content management and social networking form a natural nexus that is already taking tangible form, a software executive said during a panel discussion Wednesday at the Gilbane Group's annual conference in Boston."People have real requirements to secure information, but also have a demand to interact with people," said John Newton, CTO of Alfresco, an open-source content management software maker. "We are starting to blur the lines between what's inside the enterprise and what's outside the enterprise."Panelist David Mendels, senior vice president of Adobe's enterprise and developer business unit, echoed the idea. "The biggest single shift we're seeing is from the infrastructure of content management to humans -- to how humans engage with it," he said. "The real question is, what experiences are you going to build for your end-users, and how are you going to securely connect that back to your back-end systems?"David Boloker, CTO of the company's emerging Internet technology group, touched upon security concerns as well. "When you end up in the Facebook world or the Web world, you have to ask yourself, is that information correct? Do you have to annotate it, do you have to clean that information?""There are people out there who will try to take your information or plant a worm," he added.Mendels predicted that enterprise rights management software for securing content will see wider use. "We've talked about this for a while, but I think we're really on the cusp of it starting to accelerate," he said.Beyond addressing bottom-line concerns, such as security, enterprises will soon be compelled to apply social-networking principles in a wider range of areas, said Andy MacMillan, vice president of product management in Oracle's enterprise content management division. "The Web is going to lead the way, but pretty soon, you're going to be talking about the call center, the checkout kiosk at the airport -- how do I personalize those things?"Panelists took questions following the main discussion. One audience member asked them to render an opinion on content management's adoption rate around the world.Newton said lower-cost options have diversified the roles of content management software: "We see content management being pulled into types of applications it normally wouldn't have been before.... It's changing -- it's much more democratized. It's not so much about compliance."Mendels said hosted content management services, such as Adobe's Share and Buzzword offerings, will see faster growth outside the U.S., particularly among SMBs.Panelists at one point peered into their respective crystal balls. Mendels said Adobe's goal moving forward is "creating applications and experiences that keep people in context."Ideally, he said, the current practice of jumping among e-mail programs, instant messaging services, and the phone would be no more. "We see a world where you should have all those experiences tied to one document," he said.Mendels gave the example of a person sending an e-mail that prompts the recipient to return the query by phone. "Instead of picking up the phone and calling you, the document can call you," he said.Boloker pointed to mashups, saying they represent a new "application paradigm we're all walking into." IBM is working on a drag-and-drop mashup development environment called QEDWiki, which Boloker demonstrated for IDG News Service following the panel discussion.MacMillan said enterprises must now focus on not just cataloging their structured and unstructured data, but also applying analytics against it. "I think the next big step for content management from the infrastructure layer is to turn BI loose on it," he said.But Newton's take centered more on philosophy than a given technology. The Web 2.0-social networking boom has unleashed a "wave of creativity" that stands in contrast to "introverted, left-brain thinking" types, in Newton's view. "What our industry needs to do is get out of our left-brain, introverted mindset," he said. |
| |
| Schneirla Joins Tiffany as Chief Gemologist |
28 November 2007 |
| Tiffany & Co. said Tuesday that Peter C. Schneirla has joined the company as its new chief gemologist. He succeeds Melvyn Kirtley, who has assumed the position of group vice president and managing director of Tiffany's business in the United Kingdom. |
| |
| Frank Sinatra Family And Warner Music Form Joint Venture |
28 November 2007 |
| Warner Music Group and the family of the late Frank Sinatra have formed a joint venture to continue the business of Frank Sinatra. |
| |
| Web Developer brand new project |
28 November 2007 |
| HTML, SQL, XHTML, Flash. Web Developer. My client is looking for a Web Developer to be responsible for the online shops. You should have a strong HTML coding qualities and good visual skills and also understand the commercial aspect of your role. They are looking for a Web Developer, who seeks high levels of empowerment and the responsability of running and developing processes around the day to day management of a group of web sites. The candidate will be required to select all software and hardware needed to run this area of the business so a sound knowledge of IT and applications is vital.
Key Accountabilities:
- Develop eCommerce platform processes
- Develop Web Design processes
- Define design styles for campains & HTML emails
- Enter and maitain up-to-date campain elements
Knowledge, Skills and Abilities:
- Highly proficient and experienced gained in a commercial environment in the use of SQL, HTML, XHTML, Flash, Photoshop, Abode, Dreamweaver, Illustrator, an expert in CSS, Freehand. Training course certificates will be request as will evidence of proficiency of software.
- Minimum 5 years experience in web site management
- Experience with the planning and managing of web marketing campain
- Strong creative and interpretative skills
- Good graphic design ability
- Problen solving and analytical skills
- Excellent organisation and priority management skills
- A can do attitude
Detailed job specification available upon receipt of suitable CV.
Abraxas plc acts as an employment agency/business.
No terminology in this advert is intended to discriminate on the grounds of age, and we confirm that we will gladly accept applications from persons of any age for this role. |
| |
| World Business Briefing | Europe: Belgium: Glass Makers Fined in Price-Fixing Case |
29 November 2007 |
| The Guardian Industries Corporation and three other companies were fined $724 million by European regulators who said they fixed the price in Europe of flat glass used to make windows, fire-resistant glass and mirrors. The four companies were Guardian, based in Auburn Hills, Mich.; Compagnie de Saint-Gobain of France; the Pilkington Group of Britain; the Asahi Glass Company of Japan. |
| |
| World Business Briefing | Africa: South Africa: Phone Company Ends Takeover Talks |
29 November 2007 |
| Telkom South Africa abandoned talks to sell its mobile and fixed-line phone assets to the Vodafone Group and the MTN Group, ending the possibility of South Africa’s biggest takeover. Vodafone, which owns 50 percent of Vodacom Group, South Africa’s largest cellphone company, was in talks to buy the other half from Telkom. The MTN Group was negotiating to buy Telkom’s fixed-line business. |
| |
| Update: Verizon's move called an opening for industry |
27 November 2007 |
| Verizon Wireless gave a boost to the whole U.S. mobile data industry with its plan to open up its network to third-party devices and applications, according to industry observers.The nation's second-largest carrier, a joint venture of Verizon Communications and Vodafone Group, said Tuesday it will allow devices and software that it doesn't sell to work on its network nationwide by the end of next year. Verizon will also continue its traditional business of selling phones and offering a controlled "deck" of applications and services.The move seems to preface a Verizon bid for valuable, long-range 700MHz radio spectrum in an auction set for early next year, IDC analyst Shiv Bakhshi said. The rules for that auction require part of the spectrum to be used for an open network. In that sense, Verizon was probably pushed into it by Google's drive for open-network rules and its Android open mobile software platform. "It's obviously a reaction to Google's threat," Bakhshi said.But he believes Verizon's initiative could have wide-ranging effects and, in turn, lead other carriers to open up."This suddenly allows a lot of manufacturers of non-cellular devices to seriously consider Verizon as a network option," Bakhshi said. Those could range from Internet tablets like the Nokia N810 to in-car systems that send data about a vehicle's condition to the manufacturer, he said. Subscribers will also get a lot more applications to choose from on those devices, easing one problem that has impeded the growth of mobile data, Bakhshi added.The move is good for Verizon's image as well as its business, he said."It takes away the sting of the criticism that the networks are closed," Bakhshi said. At the same time, it makes Verizon's network more valuable to subscribers because they can connect more devices to it, he said."It would not be very smart on the part of other operators to give up that opportunity," Bakhshi said.One executive of a mobile content delivery company also welcomed the plan."The good thing about this is that the content provider will be able to work a lot more closely with the handset manufacturer than they have in the past," said Brian Casazza, CEO of mobile content delivery company 9Squared. That's easier than tailoring their content offerings to the user interface and handset configuration that each carrier specifies, he said.Verizon's approach is more attractive than Android, which will present yet another software platform to develop for, Casazza said. He would rather work with handset makers using existing operating systems, such as Windows Mobile and Symbian."Handset manufacturers aren't going to reinvent the wheel on their OSs," Casazza said.The change might be a boon to Nokia, which wants more control over its own software environment than U.S. carriers have been willing to give it, Casazza said.He also expects other mobile operators to follow Verizon's cautious example, stepping into an open model without abandoning their traditional businesses.Third-party content and application providers are likely to face some challenges in billing for their products, which typically are handled through the subscriber's phone bill today, Casazza said. But with more freedom to write new software, they will probably be able to create systems for credit-card or other billing systems that are attractive to consumers, he said. There is a financial incentive to do so because mobile operators take a big cut of each transaction that appears on their bills, he said.Verizon plans to hold a developer conference in the first quarter after it releases the technical specifications for the initiative, and it will explore the billing issue then if developers are interested in it, said Verizon spokeswoman Nancy Stark.The carrier got a valuable seal of approval on Tuesday when Microsoft said it supported Verizon's initiative."We are proud to support any open access that puts more power in people's hands to connect them to the information they want when and where they want it," said Pieter Knook, senior vice president of Microsoft's mobile communications business, in a prepared statement.Though important, the plan Verizon outlined Tuesday is just one step for the carrier and the industry, said analyst Jason Kowal of Analysys. Cell phones have a market penetration of about 80 percent in the U.S., and the subscriber base is only growing at about 10 percent per year, so carriers need to drive more use for their data networks, he said."It's crucial for the future growth of the mobile sector to have a more open platform, to stimulate the take-up of media services," Kowal said. "This is one more piece of the puzzle coming in."This story was updated on November 27 |
| |
| EU approves SAP, Vodafone acquisitions |
27 November 2007 |
| The European Commission has signed off on two big technology mergers, approving SAP's acquisition of Business Objects and Vodafone's purchase of the Spanish and Italian subsidiaries of the Swedish telecom group Tele2.The Commission said it approved SAP's takeover of the BI software vendor Business Objects after concluding that the combined entity would not unfairly dominate the market."The combined SAP/Business Object entity would continue to face several strong competitors, and customers would find sufficient alternative suppliers of such software products," the Commission said.SAP sells primarily middleware and ERP applications and has just started getting into the BI market, while Business Objects is known for its business analytics software.The Commission said its investigation found no significant risk that the merged entity would be able to close off competitors from the market because SAP's middleware product, Netweaver, is an "open" platform that can work with BI products from multiple vendors.The Commission also gave the green light to Vodafone's expansion plans for the Spanish and Italian broadband Internet access markets, by approving its planned €775 million ($1.1 billion) acquisition of the Spanish and Italian subsidiaries of Tele2."The combined entity's share would be below 10 percent in those markets, and the incremental increase in the share of Vodafone would be small," the Commission said.In Italy and Spain, Vodafone is mainly active as a provider of mobile communications services and is the second largest mobile operator in both countries. Tele2 Italy and Tele2 Spain offer fixed-line telephony services and Internet access, including broadband."The parties' activities only overlap in the retail market for fixed broadband internet access and in the retail market for telephony services at a fixed location, both in Italy and in Spain," the Commission concluded. |
| |
| Universal chief rues Apple's 'golden handcuffs' |
27 November 2007 |
| We'd love to leave, but the money's too good
Universal Music Group boss Doug Morris, profiled in the current issue of WiReD, isn't the first person to regret a business arrangement with Steve Jobs. As the head of the world's biggest record label, Morris' blessing was instrumental to the success of iTunes Music Store.… |
| |
 |
|
|
|