|
|
|
 Related Articles
|
|
|
|
| |
Social-learning network with free access to MIT course content to add portal for high school students and teachers. |
| |
|
| |
| |
Critical vulnerabilities in common PC software, including both applications and operating systems, continue to grow in number and stand as the leading cause for concern in the IT security landscape today, according to training experts at the SANS Institute.Holes in so-called client-side applications, including Web browsers, e-mail clients, productivity suites, and media players, have become particularly worrisome over the last year, according to SANS, which highlighted the issue as part of its annual report on the top 20 Internet security risks for 2007.As hackers have shifted their attention further away from operating system flaws and drilled down to applications-layer vulnerabilities they have found a seemingly endless wealth of possibilities for infecting PCs with everything from spyware to botnet programs, SANS researchers contend.Unless something can be done to improve software developers' coding habits or better test popular applications for such issues before they land on end-users' machines, attackers will be able to continue their successful assaults against enterprise networks and devices for the foreseeable future, said Rohit Dhamankar, project manager for the Top 20 report at SANS and a senior manager of security research for TippingPoint.?"There's just been such a dramatic rise in the numbers of vulnerabilities found in applications like Internet Explorer and Microsoft Office and a number of media players that attackers are having their way," said Dhamankar. "Enterprises are bolstering security, but desktop users still pose a massive risk if they can download anything they want from the Web; the attacks are also growing in sophistication to the extent that many can defeat antivirus and other security systems primarily by obfuscating their code."Some of the most powerful tools that hackers have adopted in hunting for potential targets are the same industrial-strength applications fuzzing tools that software vendors themselves are using to search for holes in their products, said the expert.Enterprises could do themselves a favor by enforcing stricter policies that dictate the types of applications that end-users are allowed to put on their work machines and using technical means to ensure that those rules are being followed, Dhamankar said.Other SANS researchers noted that while companies may not want to tell end-users that they cannot utilize media players, messaging clients, and other applications that have moved into the business world from the consumer sector, they could help themselves out by limiting the variety of client-side applications that people may choose from."IT departments can't focus on all the applications of the world, but they can choose several and keep their eye on those while allowing end-users some freedom," said Amol Sarwate, research manager at Qualys who studies vulnerability patterns for SANS. "What companies need to do is enforce standards for applications usage and utilize technical means to block unwanted software, devices, and even wireless access points."While many businesses have already realized that they need to shift more of their efforts toward defending client-side vulnerabilities, most have failed to embrace a proactive approach versus simply keeping track of publicly-reported flaws and patching those issues said Sarwate.Enterprises need to think about future security issues
It will be particularly important for firms to examine the additional security issues that will be introduced in the coming years with broader adoption of technologies including VoIP (Voice over IP), according to the expert."The key is for people to start thinking ahead of these client-side vulnerabilities to understand what the next big thing may be. Things like VoIP need to be examined for their security implications," said Sarwate. "Many companies are already adopting these tools because of all the advantages they offer, but there will be many attacks carried out against these systems as well."Among the advice that SANS is offering organizations hoping to improve their client-side security coverage is to mandate secure configurations at installation time for all applications, to constantly verify patching and upgrading of both applications and system software, to scan for new vulnerabilities frequently, and to keep their security systems up to date.Other leading areas of concern highlighted by SANS in its report included critical vulnerabilities in Web applications that allow for cross-site scripting attacks or for computers to be otherwise compromised simply by pointing their browsers at poisoned URLs."Gullible, busy, accommodating computer users," including executives, IT staff, and others with privileged access also remain a major weak point for enterprise security, according to SANS, as these seemingly more seasoned users of computers and software are still falling for increasingly targeted spear-phishing campaigns in large numbers.One of the best ways to educate users about the problem is for organizations to create fake spear-phishing threats and send them out to internal users to determine which individuals might be most likely to fall for the schemes and follow up with additional training, the group said.Critical vulnerabilities in the software and systems that provide the operating environment and primary services to computer users, or server-side software, remain another area of leading concern, according to SANS.Problems in Microsoft Windows services, Unix and Mac OS services, back-up and AV programs, management servers, database software, and VoIP technologies in particular are proving troublesome, according to the report.Many of those issues can be addressed by following the same advice offered for solving client-side vulnerabilities, SANS said in the research. |
| |
|
| |
| |
Verizon Wireless' decision to open its network to outside mobile devices and applications has won praise from several groups, including past critics.Verizon Wireless officials announced Tuesday they would open up their network to any devices and software customers want to use by the second half of 2008. Any device that passes a minimal connectivity test will be allowed on the Verizon Wireless network, officials said.That announcement drew applause from a wide variety of groups. Public Knowledge, a consumer rights group that has pushed for open network regulations from the U.S. Congress or the Federal Communications Commission, said it was "cautiously optimistic" about Verizon's decision.Verizon's decision could lead to "a more open network in the wireless industry at large," said Gigi Sohn, Public Knowledge's president. Wireless carriers have fought an FCC decision to require open access on a portion of spectrum in the 700MHz band to be auctioned starting in January, she noted."The Verizon announcement, however, is very limited," Sohn added. "If other carriers don't follow the same model, then consumers will still find their phones tied to a specific technology or wireless company. In order for an open network to become a reality, all carriers will have to participate."Verizon will still decide what phones can operate on its network, she said. Public Knowledge would prefer to have a third party decide what phones can operate on the Verizon network, she said.She also has continuing questions about prices. If Verizon continues to offer its preferred mobile phones at a discount, "then the adoption of the open model will be minimal, absent a rapid decline in cell phone prices," Sohn said. "We need to know whether the rates for Verizon service plans will vary for those with subsidized phones and for those customers with a phone bought elsewhere."Others were less guarded with their praise.Verizon's announcement, combined with the Google-led Open Handset Alliance, is a "significant" step toward the goal of more open wireless networks, FCC Chairman Kevin Martin, said in a statement."As I noted when we adopted open network rules for our upcoming spectrum auction, wireless customers should be able to use the wireless device of their choice and download whatever software they want onto it," Martin added. "I continue to believe that more openness -- at the network, device, and application level -- helps foster innovation and enhances consumers' freedom and choice in purchasing wireless service. I am optimistic that Verizon Wireless's commitment along with the upcoming spectrum auction will ensure an exciting new era in wireless technology for the benefit of all consumers."Solveig Singleton, an adjunct senior fellow with Maryland think tank the Free State Foundation, said Verizon's voluntary decision makes more sense than open network regulations, such as net-neutrality rules pushed by Public Knowledge and other groups."Requiring openness or neutrality beyond the basics now supported by demand would needlessly make development far more costly and slow," she said. "A company that wants to invent a new type of phone with cutting-edge features already has a good bit to think about without having to worry about new phones and networks being simultaneously built by everyone else."Many proposed net-neutrality rules would require wireless and broadband providers to treat all network traffic equally, she said."Mandate 'open' and 'neutral' everywhere all the time for everything, and innovation will slow to a snail's pace and network traffic will jam," she added. "Competition between operators to offer innovative combinations of services at special prices would become almost impossible. In this fast-changing context, a regulatory command to treat all traffic all the same is just a bad idea."Also praising Verizon's decision were Funambol, a developer of open-source calendar and messaging tools for mobile phones, and the New America Foundation, a think tank that has pushed for open access rules on the 700MHz spectrumThe FCC and Google deserve credit for pushing the issue forward, said Michael Calabrese, director of New America's Wireless Future Program."This appears to be a move to head off market entry and new wireless competition from Google and other Internet companies that would result if the incumbent carriers were unwilling to meet minimal FCC consumer choice requirements," he said in an e-mail. |
| |
|
| |
| |
U.S. employers may have noticed a slight spike in productivity Wednesday as a computer glitch blocked access to online reviews site Yelp.com.The outage lasted from around 9 a.m to 11 a.m. Pacific Time, and blocked visitors from some companies, including Bank Of America, Kaiser Permanente, and Visa, according to posters at Yelp's discussion forums. Access at IDG's West Coast offices was also blocked.Yelp is a popular source of user-generated restaurant, entertainment, and business reviews in the Bay Area, and some companies have blocked access to the site to prevent employees from reading and contributing reviews during office hours.The glitch didn't shut down the Web site, but many visitors to the site were greeted with a "403" error telling users that they did not have permission to access the server. This type of error is returned by Web servers when someone tries to visit a restricted area of the site.Yelp wouldn't explain exactly what went wrong, except to say that it was a glitch caused by an update to the Web site that was pushed out Tuesday night. Most Yelp users had no problem visiting the site Wednesday, said Yelp spokeswoman Stephanie Ichinose. "It was a very narrow isolated incident that's now been rectified."That probably comes as welcome news to some.Yelpers were at first worried that their companies had moved to block access to the popular service. "Seems like a lot of filters at work added yelp to their list of blocked sites now," wrote one poster named Euge l. "I've heard of a handful of daily day time posters in the west coast have been blocked as well as the east coast. Is this the end of day time yelp?" |
| |
|
| |
| |
Poland, the Czech Republic, Greece, and Belgium have the worst telecommunications regulators in Europe, according to a study carried out for the European Competitive Telecom Association (ECTA), an industry group that promotes the interests of new entrants into the market.The annual study, available on ECTA's Web site, compares the telecom regulatory environment and the application of the current legislative framework in 19 European countries. Top of the class were the U.K., the Netherlands, Denmark, Norway, and France."This year’s results show that countries where regulators have taken action to enable competition to flourish, including the UK, Netherlands and Scandinavian countries, have seen strong performance in their telecom markets. However, others including Poland, the Czech Republic and Greece have fallen behind," ECTA said in a statement.It added that "institutional weaknesses" may be preventing Germany, Belgium, and Finland from reaching their full potential.The study, dubbed the 2007 Scorecard, shows the impact of weak competition on consumers."If you are paying high prices for broadband, it may be because your regulator has not been able to open the market to competition," said Innocenzo Genna, chairman of ECTA, in prepared remarks at a conference in Brussels on Wednesday.ECTA supports the European Commission's plans to change telecom rules. In particular, it backs moves to allow regulators the power to break up an incumbent operator if it isn't giving rival service providers fair access to the infrastructure, such as the "local loop" of telephone lines that lead directly into people's homes and offices.Meanwhile, the Commission took Bulgaria to court on Wednesday for failing to police its telecom market "independently and effectively." Bulgaria joined the European Union at the beginning of this year, but it was supposed to have applied all the E.U.-wide rules concerning market access and fair competition in the telecom sector before its arrival.Viviane Reding, commissioner for telecom at the European Commission, attended the ECTA's conference in Brussels. In her keynote speech, she thanked ECTA for supporting the reforms she is trying to push through, but she warned that it will be a "hard fight" ensuring that the changes she has proposed get adopted.As well as proposing that functional separation should be introduced as a remedy to instill fair competition, she also called for the creation of an E.U.-wide telecom market authority to ensure that all national regulators apply the same rules in all markets. Functional separation calls for operators to set up separate units to manage and sell network services."We shall have to fight hard in the coming months to ensure that this vision of a competitive single market for the telecom sector becomes a reality. I count on your continuing support," Reding said. |
| |
|
| |
| |
The European Commission launched an in-depth investigation Wednesday into Dutch satellite navigation device maker TomTom's plans to take over Dutch digital mapmaker Tele Atlas, expressing "serious doubts" about the deal's impact on competition in the booming satellite navigation market.While many companies make portable navigation devices, Tele Atlas is one of only two makers of digital maps that offer complete coverage of Europe. The other is the U.S. firm, Navteq. Because there are only two such companies, "the proposed acquisition raises vertical competition concerns," the Commission said in a statement.The probe will examine whether the deal would push up the price of digital maps for rival portable navigation device makers or limit their access to these maps, the Commission said. It set an April 17 deadline for the probe to end.TomTom and Tele Atlas said in a joint statement they expect to have a clearer idea about whether the deal can go through by early next year. TomTom extended its offer for Tele Atlas shares until March 31, assuming it would know the outcome of the probe by then.The market for satellite navigation devices, which has emerged over the past five years, is undergoing rapid consolidation.One of TomTom's biggest rivals, U.S.-based Garmin, also tried to acquire Tele Atlas but withdrew its offer after being outbid by TomTom last month. Also last month, Finnish mobile phone operator Nokia announced plans to buy Navteq.Garmin, meanwhile, has struck a deal with Navteq, giving the device maker access to Navteq's maps until 2015. |
| |
|
| |
| |
Project STORK. Not STALK.
Updated News emerged yesterday of a mysterious international ID card plan, described by the Tories as "a European-wide identity card project called Project Stork". The Conservatives suggested in Parliament that Stork was a huge Europe-wide extension to the planned UK National ID card with its associated databases and biometrics.… |
| |
|
| |
| |
Access without accountability
More than 80 per cent of temporary staff have the same level of access to company documents as permanent staff but without the same accountability, according to research released today by security firm Websense.… |
| |
|
| |
| |
The Israeli-Palestinian statement read by President Bush at the start of Tuesday's peace summit in Annapolis, Maryland, amounted to a "public relations gimmick," said a legal adviser to Palestinian President Mahmoud Abbas. |
| |
|
| |
| |
The disabled children of the Musoma Engineering Project are rehearsing for celebrations on World Disability Day. |
| |
|
| |
|
|
Related Companies |
| |
|
|
|