1. Editor's Note: Same Old Security Song And Dance? Yes And No 2. Today's Top Story - Microsoft Shows Off New Vista Basic Look Related Stories: - Windows 98, Me Support Ends, WinXP SP1 Next - Microsoft Makes Leap To Per-User ERP Pricing 3. Breaking News - Mozilla To Release Firefox 2.0 Beta Tuesday - Legal Setback Raises Questions Of SCO's Survival - IBM To Release Linux Notes Sooner Than Promised - White House Asks For Dismissal Of NSA Wiretap Suit - Fans Pushing Back Against File-Sharing Suits - Options Pricing Scandal Could Hit Tech Vendors' Customers - EU To Cap Microsoft Daily Fine At $3.8 Million: Source - EMC Says Quarterly Results To Miss Forecasts - Data Brokers Draw Increased Scrutiny - BlackBerry Maker Comes Late To The Small-Business Game - FBI Warns Job Hunters Of Online Scams - Wi-Fi Cloud Of Hot Zones Planned For NYC 4. Grab Bag - Apple's New iPod Nano May Sport Metal Jacket (Appleinsider.com) - If You Have Something Worth Millions, Shouldn't You Back It Up? (techdirt.com) - Who's Afraid Of Nathan Myhrvold? (Fortune) - The Resurrection Of AOL (Business 2.0) 5. In Depth: InformationWeek's Annual Global Security Survey - InformationWeek Global Security Survey 2006: Controlled Chaos - Outsourcers Fill Businesses' Security Gaps - Built-In Software Security Flaws Have Companies Up In Arms - Global Differences - The Fear Industry - Video: Larry Greenemeier Talks About The Love-Hate Relationship With Security Researchers - Reader Tool: Compare Your Security Practices 2006 6. Voice Of Authority - Down To Business: There's No Leader's Manual 7. White Papers - Exploring Six Common Myths Of System i5 High Availability 8. Get More Out Of InformationWeek 9. Manage Your Newsletter Subscription
Quote Of The Day: "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." — Nathaniel Borenstein
1. Editor's Note: Same Old Security Song And Dance? Yes And No
By which I mean there's a certain amount of same-old same-old here, which is to be expected. On one level, the story is that the security story doesn't change much. The issue is a continuum, playing out over and over again. Companies may be spending more money, but they still aren't spending enough money. (They never do unless they've been publicly embarrassed.) For the most part, they don't set up or fully follow security procedures unless a news story scares the pants off them. They plow ahead with new technologies even though they know they aren't secure. (Hey, you gotta do what you gotta do to keep a competitive edge.)
And users keep doing stupid things, too. Mom was right: If their laptops weren't screwed to their desks, they'd lose them. No wait, they aren't nailed down, and they do lose them! Hackers continue to have their way, IT shoulders the blame, and researchers reap much publicity in the race to ferret out application flaws. If I never see another survey that brightly announces that users don't change their passwords enough, or should stop using birthdays and pet names as passwords, it won't be soon enough. (It's stuff like this, by the way, that will probably help propel biometric access methods into the mainstream.)
In fact, the only things that seem to change in this ongoing saga are the targets, the technology, and the attitudes of the public, legal, and regulatory sectors.
For example, it used to be that users of Macintosh or open-source systems didn't have to worry so much. Not anymore. Maybe blowing holes through Windows got to be too easy, but the bad guys have finally gotten 'round to training their sights on Apple and Linux. And hackers—even and especially white-hat ones—also didn't used to have to worry so much. Not any more. You get caught today, even with the best of intentions, and you face the highest chance ever of going to jail.
Law enforcement has taken an increasingly harder view of cybercrimes of all ilk, and it's showing up in tougher laws, cross-agency and cross-national teamwork, more arrests, and more jail time.
Congress at least thinks more about addressing high-tech issues, but the very thought of more action on the hill ought to give pause, given the knowledge base we're dealing with there. Take that key senator who brightly announced that the Internet is not a truck. Very good, sir, you may sit down now. On the other hand, if companies can't be scared straight, so to speak, into enacting needed reforms to protect the data they collect, well, maybe it would be better if Congress stepped in.
One obvious change is the evolution in publicizing hacks, data breaches, and vulnerabilities. Yeah, we still don't hear about this stuff in as timely a manner as we should, and the source of that information is often not the affected party (which it should be), but we're seeing more cybercrimes and computer flaws reported and publicized. Which is a good thing. It's good because it will spur at least some readers into action, and because knowing how each event happened, and knowing how it was dealt with, adds to our knowledge base.
The area of biggest change is, of course, technology itself. Be it the frighteningly fast evolution of viruses, Trojans, worms, and other forms of attack, old and new, or the technologies being used to defend against such attacks, the pace of change has been furiously fast.
At the end of the day, this should mean a major ratcheting up in turns of the seriousness of this issue. It means that even if the number of attacks falls, the cost of those attacks is escalating up and up. The fallout from a successful enterprise breach or data loss carries a higher probability of being more devastating. The cost of cleaning up after such an attack and defending against the increasingly more complex and sophisticated efforts to break in are going to rise to painful levels.
So even if your company is more secure today than it was a year ago, it won't necessarily help you going forward. IT needs to make sure all the security bases are fully covered, deployed, and in use, and then determine to remain on alert going forward, updating and changing policies and technology as needed. Be honest, does this describe your company?
This is a different kind of war on terror, but like its political counterpart, it's never going to be over. So don't wait for the next big news story to start looking at your security setup. Be proactive now because you never know—yours could be the next company splashed across the headlines.
** For another take on our annual global security survey, read Larry Greenemeier's summary of what he sees as the five biggest surprises from the survey and his cover story package on that survey. You can see the full package of survey results, reader tools, and stories by going to our special topic page on the subject.
Microsoft Shows Off New Vista Basic Look For machines that lack the horsepower to handle Vista's "Aero" interface, with its animation and other visual goodies, there will be a more basic look and feel.
Windows 98, Me Support Ends, WinXP SP1 Next Microsoft has reminded users several times that all support for the operating systems—including delivery of critical security updates—will cease after the regularly scheduled July 11 patch date. It recommends users upgrade to Windows XP.
Microsoft Makes Leap To Per-User ERP Pricing The most common functions will be bundled in a Business Essentials entry-level package for about $2,250 per user before volume discounts. Included will be general ledger, accounts receivable, accounts payable, fixed assets and consolidations, and other core functions.
Fans Pushing Back Against File-Sharing Suits The Electronic Freedom Foundation is reviving its efforts to ignite a lobbying movement among music fans and recording artists. An online petition has garnered over 80,000 signatures so far.
EU To Cap Microsoft Daily Fine At $3.8 Million: Source The fine will be backdated to run from Dec. 15 to the date when officials from national competition authorities meet to endorse the Commission's proposal. Some observers expect the meeting to happen on Wednesday, when the fine will officially be imposed.
EMC Says Quarterly Results To Miss Forecasts Demand for the latest version of its top-of-the-line storage system, Symmetrix DMX-3, was better than expected, while sales of the previous Symmetrix generation fell short of internal estimates. This is the second consecutive quarter EMC has missed its own targets.
FBI Warns Job Hunters Of Online Scams Be extra careful when looking for work in cyberspace. The FBI is investigating some cases that involve fake job interviews and offers of employment that are actually ways to lure people into helping crime rings.
Wi-Fi Cloud Of Hot Zones Planned For NYC Subscribers to NuVisions' in-building broadband service at $24.95 per month can use the company's Wi-Fi service without charge at any of its hot zones in the city.
Can you Hear Me Now? Learn how security issues are affecting companies installing VoIP in this recent report by InformationWeek Research. Use this report to understand the challenges you may face in your deployment and how security concerns can affect your installation, network, and security.
A Personal Approach To The Web InformationWeek's newest service is MyInformationWeek, a personalization engine that responds to your stated preferences and also uses your click behavior to refine your profile and serve you the most relevant information on every visit. Sign up now.
Download PDFs Of InformationWeek's Top Stories Visit InformationWeek Downloads to get all of InformationWeek's biggest and best articles all in one place. Presented in an easy-to-read PDF format, they'll help you analyze and make purchasing decisions for today's technology solutions.
4. Grab Bag
Apple's New iPod Nano May Sport Metal Jacket (Appleinsider.com) The next generation of Apple Computer's iPod Nano digital music player may dip into iPod Mini's wardrobe, AppleInsider has learned. In an effort to reduce the player's susceptibility to scratches, Apple has been experimenting with aluminum-anodized enclosures similar to those used in the company's iPod Mini digital music players.
If You Have Something Worth Millions, Shouldn't You Back It Up? (techdirt.com) It appears that a guy saved his screenplays to his desktop, but didn't bother backing them up. When a technician came to his house to install the DSL, he tried to "help" by cleaning up the "unused" items on the guy's desktop—which, of course, included the screenplays. While compensated, he wanted the millions he never got in a signed deal.
Outsourcers Fill Businesses' Security Gaps One-quarter of U.S. companies surveyed in InformationWeek Research's Global Security Survey 2006 outsource at least some of their security functions to managed services.
Global Differences Basic aspects of IT security may hold true everywhere, but there are differences in China, Europe, India, and the United States when it comes to protecting business data and systems.
The Fear Industry Shameless self-promoters? Fear mongerers? Sure, security researchers aren't always model citizens, but business technology pros want them on the job.
Reader Tool: Compare Your Security Practices 2006 Security attacks are evolving and growing in number, making it challenging to stay ahead of potential threats. We invite you to benchmark your company's approach to information security against those of its global peers with this fast, informative, and confidential tool from InformationWeek and Accenture.
Exploring Six Common Myths Of System i5 High Availability When it comes to System i5 high availability, misconceptions abound. The common myths, which address lack of reliability, difficulty of use, and high expense, are addressed here. This paper also provides a comprehensive look at the key factors you'll need when evaluating availability solutions.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list: InfoWeek@update.informationweek.com
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.