Other
Commentary
6/11/2007
10:04 AM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Critical Bugs Found In CA's Backup Software, Yahoo Messenger

In This Issue:
1. Editor's Note: Cyberwinter? Here's What It Means To Commercial IT
2. Today's Top Story
    - Researchers Report 10 Critical Bugs In CA's Backup Software
    Related Stories:
    - Critical Bugs Discovered In Yahoo Messenger
    - Google Security Survey Finds Microsoft Web Servers Vulnerable
3. Breaking News
    - Immigration Amendment Would Prevent Companies From Laying Off U.S. Workers
    - Sun Adds Intel Chips To Its Blade Line
    - IBM To Buy Watchfire To Strengthen Web App Security
    - Toshiba Launches Ultramobile PC
    - Adobe Revs Acrobat For Windows Vista And Office 2007
    - VMware Makes Move Toward Virtualization As Hosted Service
    - Former IT Contractor Pleads Guilty To Chrysler Sabotage
    - AMD Releases Final Spec For Mini-PCs
    - Review: The FlipStart UMPC -- A Notebook In Miniature
    - Broadband Internet Access For Business Jets Could Open Way For Commercial Airlines
    - IBM Settles SEC Securities Probe
    - Human Rights Group Turns To Satellite Images To Save Lives In Darfur
4. The Latest Security Blog Posts
    - Forget Security 3.0. What Will Security 4.0 Look Like?
    - Another Incident Of Dumb Cops Arresting A Guy For Using An Open Wi-Fi Connection
    - Why Catching The 'Spam King' Won't Save Your In-Box
    - Vegas BBQ -- Burn, PC, Burn
5. Job Listings From TechCareers
6. White Papers
    - Why IT Operations Fail and How to Guarantee Yours Succeeds
7. Get More Out Of InformationWeek
8. Manage Your Newsletter Subscription

Quote of the day:
"People will buy anything that is one to a customer." -- Sinclair Lewis


1. Editor's Note: Cyberwinter? Here's What It Means To Commercial IT

The recent distributed denial-of-service blitz that has paralyzed parts of Estonia's government and commercial Web sites over the past month has spawned a lot of talk of "cyberwinters" and "cyberterrorism." While what happened to Estonia is unusual in its scope and focus, and is possibly the first publicized attack on a country's cyberinfrastructure, it's not necessarily a bellwether of trends to come. For one thing, the attacks appear to be driven by politics and not financial gain. This is also a case where angry individual citizens took instructions from organizers online and joined the attack, according to Mikko Hypponen, the chief research officer at F-Secure, a Finland-based security company.

So what's that got to do with you? Potentially plenty. The fact that a political battle drove this attack does not mean that there aren't lessons to be learned and a warning here for U.S. businesses and IT executives. No, you don't need to be too concerned about cyberterrorism -- yet. Terrorists like to inflict as much carnage, blood, and pain as possible, or, as Hypponen puts it, as much chaos, panic, and fear as they can. That goal is lot easier -- and more immediately achieved -- via suicide bombings and other forms of attacks than it would be via a cyberattack. (Think back, how much attention did you really pay to the Estonian cyber meltdown? I'd bet not too much. So there you go.) Also, it's just not that easy to get into the systems running our critical infrastructure. "It's not like on television," says Hypponen. Which is a good thing, since the government's efforts to get those responsible for running the various pieces of our infrastructure -- most of which is privately owned -- to line up behind some basic security measures has been about as successful as herding cats.

Back to the goal of terrorists, the fact that it is not easy to commit cyberterrorism might be one reason why in the immediate aftermath of the start of the 2003 war in Iraq, when numerous U.S. and British government sites were targeted by Arab hackers, they mostly defaced the sites, leaving in their wake quotes from the Koran, along with political messages, says Hypponen. There were more than 600 such attacks in just the first 24 hours, he says. But the goal here was probably just disruption and a chance to make their feelings known. Similar attacks occurred after a Danish newspaper ran a cartoon making fun of the prophet -- in this case, though, Web sites in Denmark were defaced with death threats and very visual images of blood. And so on early on in the Kosovo conflict when Russian hackers attacked the U.S. Navy Web site, according to Hypponen. It's what he calls a "reflection effect," when conflicts in the real world are moved online.

The two things thing you should be paying attention to here are emotion and disruption. U.S. companies may be not be in any immediate danger of cyberterrorist attacks, and corporate espionage may have always been around, but this "reflection effect" is new wrinkle to consider. Take the power of citizen Web and add to that radical activists, angry consumers, and whatever competing interests regularly do battle with your company on a PR front, and you have a pretty good source of emotion. Why incur the risk and cost of crashing a board meeting or boarding a sealing ship or occupying a piece of land when you can anonymously direct or launch a distributed denial-of-service attack and build out bot armies? And if you can't do it yourself, you can hire someone cheap to do it for you, for about $100 a day.

This is already happening, says Hypponen. He gives as one recent example, an animal rights group that used a similar attack to disrupt an online fur auction. (I guess throwing paint and lining up nude celebrities to make a statement is so yesterday!) Now consider that the ripple effects from an attack on an online bank, as was the case in Estonia, can certainly ensnare your company and your customers. Basically, all your rivals or critics have to do is to slow or electronically cripple your business. And the more dependent you are on your online businesses, or even the Internet as the mode through which you communicate with suppliers, financiers, and other customers, the more vulnerable you are.

To read more about how these attacks can affect your business, and what if anything you can and should be doing about it, please go to the blog entry for this editor's note.

Patricia Keefe
pkeefe@cmp.com
www.informationweek.com


2. Today's Top Story

Researchers Report 10 Critical Bugs In CA's Backup Software
Researchers at eEye Digital Security say they discovered the 10 buffer overflow vulnerabilities that can each enable remote code execution.

Related Stories:

Critical Bugs Discovered In Yahoo Messenger
Security company eEye Digital Security, which found the bugs, gave them its highest security threat rating because they enable remote code execution.

Google Security Survey Finds Microsoft Web Servers Vulnerable
Microsoft IIS Web servers were found to be twice as likely to distribute malware as open source Apache Web servers.


3. Breaking News

Immigration Amendment Would Prevent Companies From Laying Off U.S. Workers
The amendment would cover an array of employer-based visas, including those used most frequently for hiring technology workers, especially H-1B and L-1.

Sun Adds Intel Chips To Its Blade Line
The Sun Blade 6000 Modular System is built on a 10U chassis design and highlights Sun's new partnership with Intel.

IBM To Buy Watchfire To Strengthen Web App Security
IBM expects Watchfire's technology to complement existing IBM Tivoli offerings by better incorporating security and compliance testing into the application development life cycle.

Toshiba Launches Ultramobile PC
The notebooks weigh as little as 1.9 pounds, are 0.77 of an inch thick, sport up to 12.5 hours of battery life, and run Windows.

Adobe Revs Acrobat For Windows Vista And Office 2007
Adobe has said its upgrade decisions have more to do with having finite developer resources and that it has no anti-Microsoft agenda.

VMware Makes Move Toward Virtualization As Hosted Service
VMware's Infrastructure Suite lets hosted service providers take a step toward utility computing, where their customers pay for only the resources needed at the moment.

Former IT Contractor Pleads Guilty To Chrysler Sabotage
A federal prosecutor said William Johns was let go from a wireless installation job before using a computer kiosk in a visitors' lobby to delete needed passwords and files.

AMD Releases Final Spec For Mini-PCs
The design requirements are meant to make use of energy-efficient processors and to help manufacturers make products that also take up less space and generate less noise.

Review: The FlipStart UMPC -- A Notebook In Miniature
The FlipStart provides all the functionality of a notebook computer in a highly portable form factor, although its small size makes some features awkward.

Broadband Internet Access For Business Jets Could Open Way For Commercial Airlines
The partnership between Rockwell Collins and Arinc hopes there eventually will be a market for their service on commercial airliners.

IBM Settles SEC Securities Probe
The move settles a dispute over statements IBM made about its first-quarter earnings in 2005 that the SEC claimed were misleading.

Human Rights Group Turns To Satellite Images To Save Lives In Darfur
The Eyes on Darfur Web site has been set up to display an ongoing series of satellite images of 12 villages deemed to be a risk from the Janjaweed militias backed by the Sudanese government.

All Our Latest News

On the go?
See InformationWeek's daily breaking news on your mobile device, visit wap.informationweek.com and sign up for daily SMS notifications.


----- The latest research, polls, and tools -----

Software As A Service
Learn about software delivery strategies from 250 business technology professionals in this new InformationWeek Research report.

IT Salaries On The Rise
Information technology as a career path is back on track. IT professionals are earning the highest salaries in the 10-year history of the InformationWeek National IT Salary Survey.

-----------------------------------------


4. The Latest XXXXX Blog Posts
http://www.informationweek.com/blog/security/

Forget Security 3.0. What Will Security 4.0 Look Like?
Believe it or not, people already are starting to ask this question as it becomes painfully obvious that today's teens, whose dexterous thumbs have grown up tapping away on cell phone keypads as they check out the latest action on MySpace or YouTube, will be part of the workforce before you know it.

Another Incident Of Dumb Cops Arresting A Guy For Using An Open Wi-Fi Connection
A Michigan cop, who'd obviously been hit over the head with a billy club one time too many, levied criminal charges against a man who used an open, public Wi-Fi network outside the cafe that was running it.

Why Catching The 'Spam King' Won't Save Your In-Box
Even if a judge and jury lock up Robert Alan Soloway for the rest of his natural born life, your in-box will still be inundated with tons of offers for HGH, porn, and penny stocks.

Vegas BBQ -- Burn, PC, Burn
Picture a beautiful sunset over the desert, the glow of the Vegas skyline in the distance. Then a towering wave of flames leap into the air that crackles with the heat -- a man just set his computer on fire.


5. Job Listings From TechCareers

Union Telephone/Union Wireless seeking Network Administration Specialist in Mountain View, WY

General Electric Transportation seeking Controls Design Engineer in Erie, PA

American Home Mortgage seeking .NET Developer in Melville, NY

Openlink Financial, Inc. seeking Java Developer in Uniondale, NY

Union Telephone/Union Wireless seeking LAN/WAN Administrator in Mountain View, WY

For more great jobs, career-related news, features and services, please visit CMP Media's TechCareers.


6. White Papers

Why IT Operations Fail And How To Guarantee Yours Succeeds
This paper will discuss 10 straightforward, proactive strategies that will optimize your computers, networks, and systems for their best possible performance, and keep your business running -- ensuring that your IT operation does not fail.


7. Get More Out Of InformationWeek

Try InformationWeek's RSS Feed

Discover all InformationWeek's sites and newsletters

Recommend This Newsletter To A Friend
Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.

Visit InformationWeek's Online Marketplace to learn more about the products, technologies and companies that will help you meet your business technology needs.


8. Manage Your Newsletter Subscription

To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
InfoWeek@update.informationweek.com

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

We take your privacy very seriously. Please review our Privacy Policy.

InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2007 CMP Media LLC
600 Community Drive
Manhasset, N.Y. 11030

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.