1. Editor's Note: Let The UBS Trial Be A Warning To You
2. Today's Top Story
- Yahoo Mail Worm May Be First Of Many As Ajax Proliferates
- Yahoo Quashes Mail Bug
3. Breaking News
- Google Earth Grows With New Hi-Res Imagery
- Google Upgrades Mapping Products With Developer Tools
- EBay To Go Head To Head Against Google For Online Ad Market
- MySpace Launches Job Listings
- Firefox To Drop Support For Windows 98, Me
- Virtualization Can Be Great, But It's Not For Everyone
- Case Study: Virtualization Delivers A Cost-Saving Lesson
- Forrester: Skills Shortage Will Worsen Unless Industry Seeds IT Talent
- Spy Sweeper Enterprise Sniffs Out Rootkits
- Oracle Acquires [email protected]
- Early Java EE 5 Users Praise Platform's Overhaul
- Brief: PC Market Seen Improving
- Sun Jumps Back Into Blade Business
- Skyhook Woos Developers With Wi-Fi-Based Alternative To GPS
4. Grab Bag
- PCs To Developing World 'Fuel Malware'
- Canceling AOL
- Can Windows And Open Source Learn To Play Nice?
5. In Depth
- Analysis: Microsoft Forefront Must Overcome Security Stigma Before Businesses Bite
- Review: Windows Live OneCare Protects Your PC—Almost
- Microsoft Pumps Out A Dozen Patches For 21 Flaws
- Vista Beta Now On Tap Via BitTorrent
- Microsoft Adds Webcams To Hardware Line
- Microsoft To Ship SMS 2003 R2, Vista Feature Pack In August
- Brief: Exchange To Get More Mobile With 2007 Release
6. Voice Of Authority
- IT Confidential: Adware Versus Spyware: Who's Making The Money?
7. White Papers
- The Remote Access Imperative In Disaster Recovery
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription
Quote of the day:
"Remember that as a teenager you are at the last stage of your life when you will be happy to hear that the phone is for you." -- Fran Lebowitz
1. Editor's Note: Let The UBS Trial Be A Warning To You
The trial against a former UBS employee charged with hacking the company's networks shows up embarrassing failures in UBS's security and disaster preparedness measures.
The defendant is Roger Duronio, 63, who, at the time of the crime, was a UBS PaineWebber systems administrator. Duronio is facing charges of computer sabotage and securities fraud in a federal trial in U.S. District Court in Newark that's ongoing this week. Prosecutors say Duronio, angry because he thought he wasn't making enough money, planted a type of malicious software called a "logic bomb" while logged in from home over the company VPN. The "bomb" went off March 4, 2002.
Here's where it gets embarrassing for UBS PaineWebber: As testimony by its own employees shows, UBS PaineWebber failed to take some elementary security precautions which could have minimized the damage. And that failure might—if defense attorney Chris Adams gets his way—make it impossible for U.S. prosecutors to get a conviction against Duronio.
Adams says the prosecutors have the wrong guy. He's attempting to show in cross-examination of the prosecution witnesses that lax security at UBS PaineWebber would have allowed anyone to have logged in to the network, planted the logic bomb, and left a false digital trail to make Duronio look like the guilty party.
Some 40 systems administrators at the company shared the same 'root' password to gain administrator access to the network, where they had free rein to install software or make any changes they wished on the network. It was not remarkable for systems administrators to get up from their desks and wander off while still logged in as 'root,' allowing anyone to sit down and have root access to the network, according to testimony from UBS IT manager Elvira Maria Rodriguez.
The damage to UBS PaineWebber was catastrophic. According to the report from InformationWeek's Sharon Gaudin: "Nothing more than 50 to 70 lines of malicious code ... took down about 2,000 servers, leaving 8,000 brokers across the country unable to work. IT teams spent sleepless nights on conference calls with IBM and scrambled to reset servers, trying to undo damage that still, four years later, hasn't been completely repaired." At least 400 employees had to drop what they were doing and troubleshoot the problem. "Assessing and repairing the damage cost $3.1 million. In some cases, brokers were down for days, even weeks, depending on how badly their machines were hit, how remote the offices were, and if the branch's backup tapes could be found." UBS PaineWebber failed to make backups on 20% of its servers, according to Rodriguez.
The UBS PaineWebber case demonstrates that every business needs to take security and disaster preparedness measures. We're all under attack every day by outside hackers, and, unfortunately, every business has disgruntled employees. And natural disasters and terrorists strike everywhere.
UBS PaineWebber is a stark example of what happens to companies that let their guard down.
Gaudin returns to Newark today for on-the-scene coverage as the trial goes through its second week.
Is your company prepared for catastrophic attacks and disasters? Leave a message on the InformationWeek Weblog and let us know.
Yahoo Mail Worm May Be First Of Many As Ajax Proliferates
Companies are quickly embracing Ajax and related techniques for Web applications. Expect more security problems like the Yamanner worm along the way.
Yahoo Quashes Mail Bug
Yahoo says it has patched a bug that was letting attackers hijack systems through a flaw in the portal's free Web-based e-mail service.
Google Earth Grows With New Hi-Res Imagery
Several functions could make mash-ups and other business uses more valuable.
Google Upgrades Mapping Products With Developer Tools
Updates include fee-based licensing and support for businesses wanting to embed Google Maps in Web sites. Google also released a new version of Google Earth for consumers.
EBay To Go Head To Head Against Google For Online Ad Market
Sellers on eBay will use AdContext to run contextual ads and promote auctions on linked Web sites. The system works similarly to Google AdSense.
MySpace Launches Job Listings
The new feature provides access to more than 5 million listings across the nation from job boards, newspapers, and company Web sites.
Firefox To Drop Support For Windows 98, Me
Mozilla will drop support for the nearly obsolete operating systems when it releases Firefox 3.0 in 2007. Some users criticized the decision.
Virtualization Can Be Great, But It's Not For Everyone
Virtual software lets you maximize server utilization, but it brings complexity, and there can be a domino effect if one server fails.
Case Study: Virtualization Delivers A Cost-Saving Lesson
Bowdoin College turns to virtual software as an alternative to a costly data center build-out. The decision saves millions, maximizes the school's flexibility to support a variety of operating systems and applications, and contributes to higher confidence in its IT organization.
Forrester: Skills Shortage Will Worsen Unless Industry Seeds IT Talent
A new study warns of dire consequences if the industry does not work with higher education to promote the viability of IT as a career.
Spy Sweeper Enterprise Sniffs Out Rootkits
Version 3.0 brings the enterprise version up to par with the company's consumer program and includes a redesigned client interface and several new defenses.
Oracle Acquires [email protected]
The plan calls for more tightly integrating [email protected]'s call center infrastructure software with the enterprise software vendor's CRM and business intelligence offerings.
Early Java EE 5 Users Praise Platform's Overhaul
Developers are still kicking the tires of the newly released Java Enterprise Edition 5, but early adopters say the new platform makes good on its architects' pledge to greatly simplify Java development and deployment.
Brief: PC Market Seen Improving
Global PC shipments grew 12.6% in the first quarter of 2006, ahead of March projections of 11.8% growth, according to market research firm IDC.
Sun Jumps Back Into Blade Business
Sun has already briefed many of its channel partners on a plan to offer blades and an eight-way server based on AMD's x64 Opteron chips.
Skyhook Woos Developers With Wi-Fi-Based Alternative To GPS
The three-year-old wireless company will offer developers free access to its metro-area positioning system, which relies on Wi-Fi signals rather than GPS signals to compute a user's location.
In the current episode:
John Soat with "Hidden Agenda"
EBay introduces a Web advertising platform, Microsoft reports heavy demand for Vista test version, National Semiconductor gives away iPods, and more...
Also in the current episode:
Larry Greenemeier with "Ajax Attax"
Caleb Sima, CTO SPI Dynamics, explains how Ajax increases your attack surface.
----- The latest research, polls, and tools -----
Download PDFs Of InformationWeek's Top Stories
Visit InformationWeek Download to get all of InformationWeek's biggest, best articles all in one place, in an easy-to-read PDF format, to help you analyze and make purchase decisions for today's technology solutions.
Open Source Outlook
Learn how more than 300 business-technology professionals are planning to use open-source solutions in their IT infrastructure in this recent InformationWeek research report Linux: The Impact of Service and Support.
PCs To Developing World 'Fuel Malware' (The Register)
Programs to send PCs to third world countries might inadvertently fuel the development of malware for hire scams, warns Eugene Kaspersky, head of anti-virus research at Kaspersky Labs.
Canceling AOL (Insignificant Thoughts)
A blogger records a support call with AOL that lasted almost five minutes, demonstrating how AOL makes you jump through hoops before canceling your account. The operator takes one minute to take the information to cancel the account, and then spends four minutes trying to talk the customer out of it. Money quote: "I don't know any way to make this clearer. When I say cancel the account, I don't mean 'help me figure out how to keep the account."' Warning: Contains foul language.
Can Windows And Open Source Learn To Play Nice? (eWeek)
Microsoft has been reaching out to the open-source community to try to find ways to overcome the incompatibilities between software distributed under the GNU General Public License and its own commercial software.
Analysis: Microsoft Forefront Must Overcome Security Stigma Before Businesses Bite
Microsoft's new Forefront lineup of security products demonstrates that it knows where the money is in the security market: selling Band-Aids, not cures.
Review: Windows Live OneCare Protects Your PC—Almost
Microsoft's new all-in-one security and maintenance suite offers a stellar firewall, mediocre backup capabilities, and no protection whatsoever from phishing or spam.
Microsoft Pumps Out A Dozen Patches For 21 Flaws
Microsoft picks up the pace of security updates—most flagged as critical—releasing a huge set that aims to fix 21 separate vulnerabilities.
Vista Beta Now On Tap Via BitTorrent
Two bloggers have set up VistaTorrent.com, a site that serves up a torrent of the operating system's beta.
Microsoft Adds Webcams To Hardware Line
Both Webcams will be tied to Windows Live Messenger instant messenger client, which is currently in beta.
Microsoft To Ship SMS 2003 R2, Vista Feature Pack In August
The company also announced availability of a beta version of its SMS OS Deployment Feature Pack with support for the 64-bit versions of Windows XP and Vista.
Brief: Exchange To Get More Mobile With 2007 Release
Exchange Server 2007 will bring more perks for mobile users, including the ability for users to wipe data off a stolen or lost device remotely, according to Microsoft.
IT Confidential: Adware Versus Spyware: Who's Making The Money?
John Soat says, What's the hottest growth area these days? It's the intersection of technology, privacy, and the law.
The Remote Access Imperative In Disaster Recovery
As organizations prepare a disaster recovery plan, it's important to include remote access as a fundamental part of the disaster recovery infrastructure. This document explores best practices for disaster recovery and the role of SSL VPNs in that process.
8. Get More Out Of InformationWeek
Try InformationWeek's RSS Feed
Discover all InformationWeek's sites and newsletters
To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.