In This Issue: 1. Editor's Note: Let The UBS Trial Be A Warning To You 2. Today's Top Story - Yahoo Mail Worm May Be First Of Many As Ajax Proliferates Related Story: - Yahoo Quashes Mail Bug 3. Breaking News - Google Earth Grows With New Hi-Res Imagery - Google Upgrades Mapping Products With Developer Tools - EBay To Go Head To Head Against Google For Online Ad Market - MySpace Launches Job Listings - Firefox To Drop Support For Windows 98, Me - Virtualization Can Be Great, But It's Not For Everyone - Case Study: Virtualization Delivers A Cost-Saving Lesson - Forrester: Skills Shortage Will Worsen Unless Industry Seeds IT Talent - Spy Sweeper Enterprise Sniffs Out Rootkits - Oracle Acquires Telephony@Work - Early Java EE 5 Users Praise Platform's Overhaul - Brief: PC Market Seen Improving - Sun Jumps Back Into Blade Business - Skyhook Woos Developers With Wi-Fi-Based Alternative To GPS 4. Grab Bag - PCs To Developing World 'Fuel Malware' - Canceling AOL - Can Windows And Open Source Learn To Play Nice? 5. In Depth - Analysis: Microsoft Forefront Must Overcome Security Stigma Before Businesses Bite - Review: Windows Live OneCare Protects Your PC—Almost - Microsoft Pumps Out A Dozen Patches For 21 Flaws - Vista Beta Now On Tap Via BitTorrent - Microsoft Adds Webcams To Hardware Line - Microsoft To Ship SMS 2003 R2, Vista Feature Pack In August - Brief: Exchange To Get More Mobile With 2007 Release 6. Voice Of Authority - IT Confidential: Adware Versus Spyware: Who's Making The Money? 7. White Papers - The Remote Access Imperative In Disaster Recovery 8. Get More Out Of InformationWeek 9. Manage Your Newsletter Subscription
Quote of the day: "Remember that as a teenager you are at the last stage of your life when you will be happy to hear that the phone is for you." -- Fran Lebowitz
1. Editor's Note: Let The UBS Trial Be A Warning To You
The trial against a former UBS employee charged with hacking the company's networks shows up embarrassing failures in UBS's security and disaster preparedness measures.
The defendant is Roger Duronio, 63, who, at the time of the crime, was a UBS PaineWebber systems administrator. Duronio is facing charges of computer sabotage and securities fraud in a federal trial in U.S. District Court in Newark that's ongoing this week. Prosecutors say Duronio, angry because he thought he wasn't making enough money, planted a type of malicious software called a "logic bomb" while logged in from home over the company VPN. The "bomb" went off March 4, 2002.
Here's where it gets embarrassing for UBS PaineWebber: As testimony by its own employees shows, UBS PaineWebber failed to take some elementary security precautions which could have minimized the damage. And that failure might—if defense attorney Chris Adams gets his way—make it impossible for U.S. prosecutors to get a conviction against Duronio.
Adams says the prosecutors have the wrong guy. He's attempting to show in cross-examination of the prosecution witnesses that lax security at UBS PaineWebber would have allowed anyone to have logged in to the network, planted the logic bomb, and left a false digital trail to make Duronio look like the guilty party.
Some 40 systems administrators at the company shared the same 'root' password to gain administrator access to the network, where they had free rein to install software or make any changes they wished on the network. It was not remarkable for systems administrators to get up from their desks and wander off while still logged in as 'root,' allowing anyone to sit down and have root access to the network, according to testimony from UBS IT manager Elvira Maria Rodriguez.
The damage to UBS PaineWebber was catastrophic. According to the report from InformationWeek's Sharon Gaudin: "Nothing more than 50 to 70 lines of malicious code ... took down about 2,000 servers, leaving 8,000 brokers across the country unable to work. IT teams spent sleepless nights on conference calls with IBM and scrambled to reset servers, trying to undo damage that still, four years later, hasn't been completely repaired." At least 400 employees had to drop what they were doing and troubleshoot the problem. "Assessing and repairing the damage cost $3.1 million. In some cases, brokers were down for days, even weeks, depending on how badly their machines were hit, how remote the offices were, and if the branch's backup tapes could be found." UBS PaineWebber failed to make backups on 20% of its servers, according to Rodriguez.
The UBS PaineWebber case demonstrates that every business needs to take security and disaster preparedness measures. We're all under attack every day by outside hackers, and, unfortunately, every business has disgruntled employees. And natural disasters and terrorists strike everywhere.
UBS PaineWebber is a stark example of what happens to companies that let their guard down.
Gaudin returns to Newark today for on-the-scene coverage as the trial goes through its second week.
Is your company prepared for catastrophic attacks and disasters? Leave a message on the InformationWeek Weblog and let us know.
Case Study: Virtualization Delivers A Cost-Saving Lesson Bowdoin College turns to virtual software as an alternative to a costly data center build-out. The decision saves millions, maximizes the school's flexibility to support a variety of operating systems and applications, and contributes to higher confidence in its IT organization.
Oracle Acquires Telephony@Work The plan calls for more tightly integrating Telephony@Work's call center infrastructure software with the enterprise software vendor's CRM and business intelligence offerings.
Early Java EE 5 Users Praise Platform's Overhaul Developers are still kicking the tires of the newly released Java Enterprise Edition 5, but early adopters say the new platform makes good on its architects' pledge to greatly simplify Java development and deployment.
Brief: PC Market Seen Improving Global PC shipments grew 12.6% in the first quarter of 2006, ahead of March projections of 11.8% growth, according to market research firm IDC.
Sun Jumps Back Into Blade Business Sun has already briefed many of its channel partners on a plan to offer blades and an eight-way server based on AMD's x64 Opteron chips.
----- The latest research, polls, and tools ----- Download PDFs Of InformationWeek's Top Stories Visit InformationWeek Download to get all of InformationWeek's biggest, best articles all in one place, in an easy-to-read PDF format, to help you analyze and make purchase decisions for today's technology solutions.
Open Source Outlook Learn how more than 300 business-technology professionals are planning to use open-source solutions in their IT infrastructure in this recent InformationWeek research report Linux: The Impact of Service and Support. -----------------------------------------
Canceling AOL (Insignificant Thoughts) A blogger records a support call with AOL that lasted almost five minutes, demonstrating how AOL makes you jump through hoops before canceling your account. The operator takes one minute to take the information to cancel the account, and then spends four minutes trying to talk the customer out of it. Money quote: "I don't know any way to make this clearer. When I say cancel the account, I don't mean 'help me figure out how to keep the account."' Warning: Contains foul language. Alternate URL
The Remote Access Imperative In Disaster Recovery As organizations prepare a disaster recovery plan, it's important to include remote access as a fundamental part of the disaster recovery infrastructure. This document explores best practices for disaster recovery and the role of SSL VPNs in that process.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list: InfoWeek@update.informationweek.com
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.