TippingPoint Warns Of Upcoming Bugs In Microsoft, CA, Symantec
In This Issue:
1. Editor's Note: A Lesson Plan For The DOE
2. Today's Top Story
- TippingPoint Warns Of Upcoming Bugs In Microsoft, CA, Symantec
- Most Damaging Attacks Rely On Stolen Log-Ins
- Anti-Spyware Group Targets AOL 9.0 As 'Badware'
- Anti-Spyware Vendors Mad About Consumer Reports Test Methods
3. Breaking News
- Analysis: Businesses Don't Need Microsoft Software
- Google, eBay Sign Ad Deal, Plan To Integrate Internet Telephony Services
- UPDATE: BellSouth Drops Internet Fee After FCC Threat
- ONStor Offers Entry-Level NAS For $40,000
- Microsoft Clarifies 32-Bit Vista Playback Issue
- Genome Institute Turns To Sun's Opteron Workstations For Gene Sequencing
- Brief: Microsoft Strikes Back At Cybersquatters
- Review: SwiftPage Facilitates Mass E-Mail From Your Outlook Desktop
- Gore Wants TV To Welcome More Users Internet-Style
- Computer Science Majors Get Tools To Build Accessibility Into Software
- Game Consoles To Power Cancer, Alzheimer's Research
- Bot Herder Sentenced To Three-Year Prison Term
4. Grab Bag
- Unlocking Fingerprints (The Washington Post)
- Open Warfare In Open Source (BusinessWeek)
- Web Site Chronicles N.Y. Conversations (AP)
- The Grapes Of Math (Fortune)
5. In Depth: Travel & Technology
- Fasten Your Seatbelts, And No Mobiles, Please
- Personal Tech: Inflight Power's $35 Recharger Cables Plug Into The Passenger Seat
- Travel Industry Casts Wider Net
- You Can Take It With You: TV On The Small, Small Screen
6. Voice Of Authority
- Windows Vista: The Last Of Microsoft's Supersized Operating Systems?
7. White Papers
- The Remote Access Imperative In Disaster Recovery
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription
Quote of the day:
"Horse sense is the thing a horse has which keeps it from betting on people." -- W.C. Fields
1. Editor's Note: A Lesson Plan For The DOE
Another week, another preventable exposure of citizen data at a government agency. Last week's spillage in the spotlight comes courtesy of the U.S. Department of Education. A glitch in a new software program created a situation where the wrong client data was being shown to people trying to update their student loan accounts. After a number of complaints, the DOE shut down the affected Web pages. Then, apparently, it worked on stonewalling.
As reporter Sharon Gaudin and I worked on the story, formulating questions and a list of people to call and things to check, it quickly became clear that, from a PR standpoint, the agency and its contractor need to study up on recent history.
If they did, they might learn that data breaches in general, and delayed admissions in particular, are greeted with much horror and scrutiny by the public and, increasingly, legislative bodies. They might also learn that the anger and angst over such breaches has led to Senate hearings, public pillorying, canceled contracts, the largest-ever fine issued by the Federal Trade Commission, new security directives from the White House for federal agencies, and increasingly, firings and resignations. If they found themselves a little pressed for time, and in need of some CliffsNotes on the subject, they could cut to the chase very quickly by calling over to the Veterans Affairs Department.
If they did any of that, they might also discover there are several cardinal rules of spin control, among them:
Ignorance is not bliss
The longer you stall exponentially lengthens the lifespan of the story
The press won't go away empty-handed
I would add to this that anyone victimized or negatively impacted by your mistake has a right to an immediate explanation.
Of course, the real goal is NOT to have to employ spin control.
Despite the fact that the breach was detailed in a front-page story in a major metropolitan daily newspaper, complete with a huge jump, we found both the contractor and the DOE less than ready, and seemingly unwilling, to explain what had happened. We found a lack of urgency about the issue and what seemed to be almost a casual attitude. We did not find a press release, official statement, or Web site alert. And we had a hard time finding answers to questions about what did happen.
The point here isn't that some government workers gave some reporters a hard time. We eventually got an interview and some information confirmed. It's about accountability and about letting the public know when they've been exposed to a risk. It's about letting actions speak louder than wordsi.e., don't tell us you're taking it seriously, show us.
My blog entry provides more detail about this lesson in poor disaster response, as well as some suggestions for what the department might do after the fact at this point. And if you're one of the 21,000 people who visited the affected pages on the DOE Web site before the glitch was discovered, not to worryyou'll be getting a (paper) letter of explanation from the DOE one of these days.
Anti-Spyware Group Targets AOL 9.0 As 'Badware'
Stopbadware.org, which is backed by Google, Sun, and Lenovo, says AOL's client software is "badware" and that users should avoid installing the program, because it interferes with computer use and uses deceptive information practices.
Game Consoles To Power Cancer, Alzheimer's Research
Researchers at Stanford University plan to use the cell processor power of PlayStation3 to perform calculations for the Folding@Home project, which simulates protein behavior to give scientists clues about the disease process.
IT Priorities 3Q
Understand how business-technology managers plan to allocate precious IT dollars for the remainder of the year with InformationWeek Research's IT Priorities 3Q report, part of our Priorities series.
Keep Up With Careers News
Catch up on all the latest employment trends by subscribing to TechCareers Report, a newsletter designed to bring all the relevant careers information you'll need to keep your career moving forward.
Go In Depth On The Topics That Matter Most.
Visit the InformationWeek Download site to help you as you analyze and make purchase decisions on critical technology solutions. The site gives you exclusive access to the original InformationWeek reports in an easy-to-read format. Topics covered include security and privacy, business intelligence and analytics, networking and infrastructure, data center, and mobile and wireless.
Web Site Chronicles N.Y. Conversations (AP)
In a city of 8 million people, someone's always saying something strange. And, odds are, someone is around to hear it. Chronicling such utterances is the mission of Overheard in New York, a Web site that has become an Internet sensation, spawned a book, and inspired countless imitators throughout the world.
Fasten Your Seatbelts, And No Mobiles, Please
Airlines are seeking ways to police potentially annoying onboard phone chats via symbols of a mobile phone crossed out, forcing passengers to switch off during take-off and designated "night" periods.
The Remote Access Imperative In Disaster Recovery
As organizations prepare a disaster recovery plan, it's important to include remote access as a fundamental part of the disaster recovery infrastructure. This document explores best practices for disaster recovery and the role of SSL VPNs in that process.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.