Critical Bugs Found In CA's Backup Software, Yahoo Messenger
In This Issue:
1. Editor's Note: Cyberwinter? Here's What It Means To Commercial IT
2. Today's Top Story
- Researchers Report 10 Critical Bugs In CA's Backup Software
- Critical Bugs Discovered In Yahoo Messenger
- Google Security Survey Finds Microsoft Web Servers Vulnerable
3. Breaking News
- Immigration Amendment Would Prevent Companies From Laying Off U.S. Workers
- Sun Adds Intel Chips To Its Blade Line
- IBM To Buy Watchfire To Strengthen Web App Security
- Toshiba Launches Ultramobile PC
- Adobe Revs Acrobat For Windows Vista And Office 2007
- VMware Makes Move Toward Virtualization As Hosted Service
- Former IT Contractor Pleads Guilty To Chrysler Sabotage
- AMD Releases Final Spec For Mini-PCs
- Review: The FlipStart UMPC -- A Notebook In Miniature
- Broadband Internet Access For Business Jets Could Open Way For Commercial Airlines
- IBM Settles SEC Securities Probe
- Human Rights Group Turns To Satellite Images To Save Lives In Darfur
4. The Latest Security Blog Posts
- Forget Security 3.0. What Will Security 4.0 Look Like?
- Another Incident Of Dumb Cops Arresting A Guy For Using An Open Wi-Fi Connection
- Why Catching The 'Spam King' Won't Save Your In-Box
- Vegas BBQ -- Burn, PC, Burn
5. Job Listings From TechCareers
6. White Papers
- Why IT Operations Fail and How to Guarantee Yours Succeeds
7. Get More Out Of InformationWeek
8. Manage Your Newsletter Subscription
Quote of the day:
"People will buy anything that is one to a customer." -- Sinclair Lewis
1. Editor's Note: Cyberwinter? Here's What It Means To Commercial IT
The recent distributed denial-of-service blitz that has paralyzed parts of Estonia's government and commercial Web sites over the past month has spawned a lot of talk of "cyberwinters" and "cyberterrorism." While what happened to Estonia is unusual in its scope and focus, and is possibly the first publicized attack on a country's cyberinfrastructure, it's not necessarily a bellwether of trends to come. For one thing, the attacks appear to be driven by politics and not financial gain. This is also a case where angry individual citizens took instructions from organizers online and joined the attack, according to Mikko Hypponen, the chief research officer at F-Secure, a Finland-based security company.
So what's that got to do with you? Potentially plenty. The fact that a political battle drove this attack does not mean that there aren't lessons to be learned and a warning here for U.S. businesses and IT executives. No, you don't need to be too concerned about cyberterrorism -- yet. Terrorists like to inflict as much carnage, blood, and pain as possible, or, as Hypponen puts it, as much chaos, panic, and fear as they can. That goal is lot easier -- and more immediately achieved -- via suicide bombings and other forms of attacks than it would be via a cyberattack. (Think back, how much attention did you really pay to the Estonian cyber meltdown? I'd bet not too much. So there you go.) Also, it's just not that easy to get into the systems running our critical infrastructure. "It's
like on television," says Hypponen. Which is a good thing, since the government's efforts to get those responsible for running the various pieces of our infrastructure -- most of which is privately owned -- to line up behind some basic security measures has been about as successful as herding cats.
Back to the goal of terrorists, the fact that it is not easy to commit cyberterrorism might be one reason why in the immediate aftermath of the start of the 2003 war in Iraq, when numerous U.S. and British government sites were targeted by Arab hackers, they mostly defaced the sites, leaving in their wake quotes from the Koran, along with political messages, says Hypponen. There were more than 600 such attacks in just the first 24 hours, he says. But the goal here was probably just disruption and a chance to make their feelings known. Similar attacks occurred after a Danish newspaper ran a cartoon making fun of the prophet -- in this case, though, Web sites in Denmark were defaced with death threats and very visual images of blood. And so on early on in the Kosovo conflict when
hackers attacked the U.S. Navy Web site, according to Hypponen. It's what he calls a "reflection effect," when conflicts in the real world are moved online.
The two things thing you should be paying attention to here are emotion and disruption. U.S. companies may be not be in any immediate danger of cyberterrorist attacks, and corporate espionage may have always been around, but this "reflection effect" is new wrinkle to consider. Take the power of citizen Web and add to that radical activists, angry consumers, and whatever competing interests regularly do battle with your company on a PR front, and you have a pretty good source of emotion. Why incur the risk and cost of crashing a board meeting or boarding a sealing ship or occupying a piece of land when you can anonymously direct or launch a distributed denial-of-service attack and build out bot armies? And if you can't do it yourself, you can hire someone cheap to do it for you, for
about $100 a day.
This is already happening, says Hypponen. He gives as one recent example, an animal rights group that used a similar attack to disrupt an online fur auction. (I guess throwing paint and lining up nude celebrities to make a statement is so yesterday!) Now consider that the ripple effects from an attack on an online bank, as was the case in Estonia, can certainly ensnare your company and your customers. Basically, all your rivals or critics have to do is to slow or electronically cripple your business. And the more dependent you are on your online businesses, or even the Internet as the mode through which you communicate with suppliers, financiers, and other customers, the more vulnerable you are.
To read more about how these attacks can affect your business, and what if anything you can and should be doing about it, please go to the blog entry for this editor's note.
AMD Releases Final Spec For Mini-PCs
The design requirements are meant to make use of energy-efficient processors and to help manufacturers make products that also take up less space and generate less noise.
On the go?
See InformationWeek's daily breaking news on your mobile device, visit wap.informationweek.com and sign up for daily SMS notifications.
----- The latest research, polls, and tools -----
Software As A Service
Learn about software delivery strategies from 250 business technology professionals in this new InformationWeek Research report.
IT Salaries On The Rise
Information technology as a career path is back on track. IT professionals are earning the highest salaries in the 10-year history of the InformationWeek National IT Salary Survey.
Forget Security 3.0. What Will Security 4.0 Look Like?
Believe it or not, people already are starting to ask this question as it becomes painfully obvious that today's teens, whose dexterous thumbs have grown up tapping away on cell phone keypads as they check out the latest action on MySpace or YouTube, will be part of the workforce before you know it.
Vegas BBQ -- Burn, PC, Burn
Picture a beautiful sunset over the desert, the glow of the Vegas skyline in the distance. Then a towering wave of flames leap into the air that crackles with the heat -- a man just set his computer on fire.
Why IT Operations Fail And How To Guarantee Yours Succeeds
This paper will discuss 10 straightforward, proactive strategies that will optimize your computers, networks, and systems for their best possible performance, and keep your business running -- ensuring that your IT operation does not fail.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.