In This Issue:
1. Editor's Note: Getting To The Root Of Rootkits
2. Today's Top Story: RFID
- Survey: RFID Production To Increase 25-Fold In Four Years
- Wal-Mart Tests RFID Data-Sharing Project
3. Breaking News
- Unofficial Firefox For Intel Macs Debuts
- Microsoft Allows Production Use For WinFX Workflow,
- Is Your Computer Killing You?
- 10 Tips For Protecting Sensitive Enterprise Data
- Cingular Unveils Budget Smart Phone
- Spyware Prevention Strategies, Part 2: Offense And Defense
- Sprint Increases Investment In WiMax Competitor
- Indian Outsourcer Wipro Outpaces U.S. Rivals With 33%
- Blackmailers Behind Attack On Million-Dollar Site
- Salesforce.com Brings Big Names Into New Apps Marketplace
- Amazon.com Search Engine Adds People Search
- Is Apple Considering An IPod Phone?
4. Grab Bag: 160-Gbyte Notebook Drive
5. In Depth: The Latest In Security
6. Voice Of Authority: Nanotech
7. White Papers: On-Demand TCO
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription
Quote of the day:
"Son, always tell the truth. Then you'll never have to remember
what you said the last time." -- Sam Rayburn
1. Editor's Note: Getting To The Root Of Rootkits
The futility of today's model for antivirus protection is fairly
obvious. Plug one hole in the dike and another will sprout.
Pretty soon, you're running out of fingers and toes to hold back
the flood. It gets worse. Attackers without the skill to create
their own malicious hacks can outsource their dirty business to
others who will write the code for them and then offer services
that keep these rootkits from being detected.
One of the most prominent rootkit suppliers is the Hacker Defender site,
which I learned about during an interview with Herbert Thompson,
Ph.D., chief security strategist for Security Innovation Inc.,
a provider of application security services. Worse than simply
selling rootkits to the masses, Hacker Defender also offers
anti-detection services that will help ensure that its rootkits
aren't detected by antivirus and other malware-prevention software.
These third-party rootkits could be used by an employee who's
about to leave an organization or someone who thinks he or she
will be fired and would love to keep control within a network,
Thompson told me. It's incredibly difficult for law enforcement
to gather evidence against someone selling hacks or botnets,
unless they slip up somehow. "If they are doing it from their
house, they are traceable; but what about if they're doing
business from kiosks or libraries?" Thompson asks.
When I asked Thompson how a site trying so hard to protect its
identity (the person running the site refers to himself only as
Holy_father) could collect for its services, he told me that the
answer is E-gold. Excuse me? He told me about one West Indies
company, E-gold Ltd., that
doesn't possess any national currency of any nation and has no
bank accounts. "They don't trade in any sovereign currency, so
they avoid the scrutiny of the Secret Service," Thompson says.
Like most tech pros who make a living selling security to defend
against attacks, Thompson couldn't give me a good explanation of
why someone would trade in malicious code, other than to make
money. Of course, if you're that skilled a programmer, there are
lots of ways to make money. I decided to bless myself and E-mail
To my surprise, he actually got back to me within a few hours. HF
claims that it's because of his work--he launched the site in
2002--that so many people even know what a rootkit is. Of course,
he had a lot of help from Sony.
HF's contention is that antivirus companies benefit from keeping
their customers just one step ahead of the next big malware
attack. In other words, why bother to invest the time and money
creating a revolutionary anti-malware engine when companies are
willing to pay to upgrade regularly? Sounds to me like he's
accusing the software market of complacency. I suppose he
wouldn't be the first. What's your take? Are the software
companies being complacent? Is there anything the white hats can
do to win the chess match? Please reply at my blog entry.
While the rootkit debate rages, security flaws and patches abound.
For the latest insights, check out today's In Depth report.
Blackmailers Behind Attack On Million-Dollar Site
The British college student who launched an ad gimmick on the Web
that took in $1 million in a few months has received threatening
letters from blackmailers apparently behind a massive
Seagate Ships 160-Gbyte Notebook Drive (PC Pro)
Seagate has begun shipping its 160-Gbyte notebook drive using
perpendicular recording technology. The drive, the first in its
Momentus line using perpendicular recording, was disclosed in
June. Six months later it has now hit the channel, and Seagate
still claims it's an industry first.
Cisco Latest Tech Giant To Eye Consumer Market (TechNewsWorld)
Cisco is apparently bidding for end-to-end coverage, recognizing
that converged networks will be the means to deliver a broad
range of services and wanting to control as much of what goes on
at both ends of the pipeline as possible, telecom analyst Jeff
Kagan told the E-Commerce Times.
New From InformationWeek: Get Your News In A Flash--Literally
InformationWeek.com's latest service is automated E-mail news
flashes. You pick the topic and the frequency (real time, daily,
or weekly) and we'll do the rest. Sign up by following the link below
and be one of the first to take advantage of this latest service.
TCO Of On-Demand Applications For SMBs And Midmarket Enterprises
This study by the Yankee Group looks at the total cost of
ownership of deploying and integrating CRM and ERP/accounting
applications. Learn how on-demand solutions are changing the IT
landscape in small businesses and midmarket enterprises and how
these solutions affect your TCO.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.