For the first time, Apple recommended on November 21st, via its website, use of Antivirus software

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult. Here are some available antivirus utilities:

Intego VirusBarrier X5

Symantec Norton Anti-Virus 11 for Macintosh

McAfee VirusScan for Mac

Is a page definitively turned ?

p.s It exists also a free antivirus for OSX: ClamXav which is not advertised on Apple pages.

Tags: antivirus, apple, clamxav, intego, mcafee, norton, osx, recommendation, symantec, virus

Following Windows XP Service Pack 2 released in August 2004, Microsoft finallz releases the long waited Windows XP SP3 which includes all previously released Windows XP updates, including security updates and hotfixes, and select out-of-band releases.

Microsoft is not adding significant Windows Vista functionality to Windows XP through SP3. However, SP3 does include Network Access Protection (NAP) to help organizations that use Windows XP to take advantage of new features in the Windows Server® 2008 operating system. Further, Windows XP SP3 does not include Windows Internet Explorer 7

Previously Released Functionality

• MMC 3.0
• MSXML6
• Microsoft Windows Installer 3.1
• Background Intelligent Transfer Service (BITS) 2.5
• IPsec Simple Policy Update for Windows Server 2003 and Windows XP
• Digital Identity Management Service (DIMS) DIMS makes it possible for users who log on to any domain-joined computer to silently access all of their certificates and private keys for applications and services. Peer Name
• Peer Name Resolution Protocol (PNRP) 2.1
• Wi-Fi Protected Access 2 (WPA2)

New and Enhanced Functionality

• “Black Hole” Router Detection
• Network Access Protection (NAP)
• Descriptive Security Options User Interface
• Enhanced security for Administrator and Service policy entries
• Microsoft Kernel Mode Cryptographic Module
• Windows Product Activation

All details on Windows SP3 page

The 320 MB Windows XP SP3 is available for download here

Tags: microsoft, release, security, service pack, services, sp3, update, windows, XP

The Register published the result of a survey, among office worker in London, which reveals that women are 4 (four) times more likely than men to give out "passwords" in exchange for chocolate bars.

The survey by of 576 office workers in London found that women are by far more likely to give  their computer login credentials to total strangers than their male colleagues in a ratio above 4/1 (45% vs. 10%).

The bogus researchers also asked for workers' names and telephone numbers, ostensibly so they could be entered into a draw to go to Paris.

The complete article is on Register website 

Tags: access, chocolat, credential, ict, ICT Security, password, risk, security, survey

InfoWorld published the 10 most common security land mines that experts say you need to avoid.

Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable.

And almost all can be done without spending one more dime.

1. A slip of the finger reveals the company secret

2. People give away passwords and other secrets without thinking

3. A trusted partner ends up not being so trustworthy with your data

4. Web-based apps can be portals to leaks and thieves

5. Hoping the worse doesn’t happen only makes it worse

6. Avoiding or diluting response leadership makes breaches worse

7. Handling breach details sloppily tips off the perp

8. Trusting "silver bullet" technology hides real threats

9. Spending unthinkingly wastes resources you might need for important threats

10. Don't save the wrong data

In short, weakest point in ICT technologies is always the same one… guess who ?

The full article is available here on InfoWorld

Tags: 2008, art, blog, ces, ict, ICT Security, im, King, lan, leadership, nomadcom.net, password, risk, security, technology, thieves, threat, tips, top 10, weakness, web, world, wp, www, XP

Toshiba will soon start production of 2 new interesting products which may find their way into future mobile/portable devices.

First are the new SATA SSD (Solid State Drive) drives on 1.8' and 2.5' formats. According Engadget 32, 64 and 128 GB will be available. Speed announced is read 100 MB/s while reading and 40 MB/sec writting.

With such capacity, traditional mechanical hard disk will slowly disappear from portable devices. With no moving parts, a solid state drive largely eliminates seek time, latency and other electro-mechanical delays and failures associated with a conventional hard disk drive.

The second interesting product announced by Toshiba is the so called "Super Charge ion Battery" (SCiB) which is at this stage not intended for portable devices but for industrial systems and electric vehicles.

SCiB Major Characteristics

• Safety : SCiB adopts a new negative-electrode material that offers a high level of thermal stability and a high flash point electrolyte. Its structure is resistant to internal short circuiting and thermal runaway

• Long-life cycle : Capacity loss after 3,000 cycles of rapid charge and discharge is less than 10%. SCiB batteries are able to repeat the charge-discharge cycle over 5,000 times which is equivalent to more than 10 years with a once-a-day recharge-discharge cycle.
• Rapidly rechargeable : Safety characteristics of SCiB allow recharge with a current as large as 50 amperes (A), allowing the SCiB Cell and SCiB Standard Module to recharge to 90% of full capacity in only five minutes.
• High power (practical capacity) : The SCiB has an input-output performance equivalent to that of an electric double layer capacitor.
• Temperature : Extreme temperatures supported with sufficient discharge at temperatures as low as -30°C.

SCiB batteries will first be available on the market in March 2008 with the following specifications:

• Nominal voltage  : 24VDC
• Nominal capacity : 4.2 Ah
• Size : 10x30x5 cm
• Weight : 2 kg

Perhaps these batteries will also find other field of application,  but for portable devices they will need to become lighter and slimmer..but batteries that get charges in  five minutes are definitively very attractive for mobile users. 

What do you think ?  

Sources: Engadget Toshiba 

Tags: 2007, 2008, 24, api, arc, art, ATT, batteries, blog, capacity, ces, CTU, delay, failure, fast charge, find, flash, fon, hard disk, hdd, ia, im, lan, laptop, LED, light, minutes, mobile, nomadcom.net, portable, power, rechargeable, safe, safety, SCiB, Solid State Drive, SSD, technology, toshiba, user, vehicles, wp, www

British secret services MI5 warned UK businesses about Chinese hackers.

MI5 director-general wrote to 300 UK firms including Banks and law firms to warn them about "electronic espionage attacks" conducted by "Chinese state organizations".

IT Security company Sophos reports that 30 per cent of malware are "made in China". Trojan horses are designed to rob login credentials of anything including email and games. 

China's People's Liberation Army (PLA) was already blamed in September 2007 for attacking governments computers of France, Germany, New Zealand, Australia and United States, including Pentagon systems.

Trojan horses often target computers with unpatched vulnerabilities and without proper level of security deployed.  

The Chinese government has denied any involvement in the attacks and pointed its finger to unidentified hackers.

The question is now to discover if malware "made in China" are really powerful and smart of if attacked computers were the result of a serious lack of security and preventive protection measures.

Source: The Register 

Tags: 2007, art, ATT, attack, blog, ces, computer, computers, design, espionage, event, game, ia, im, King, lan, law, login, malware, nomadcom.net, nyt, power, sco, security, services, spy, spy cyber china espionage "cyber spy" attack warning MI, the register, uk, wp, www

I found the article below on "The Register" site and asked myself the following question: 

If connecting to Internet using an open and unsecured wifi access point is considered as a crime, why authorities do not apply the same principle to other services (mainly electricity and water) we often use without any formal agreement of the owner ?

 " More than half of computer users have illegally stolen Wi-Fi connections, according to The Times – but only 11 alleged offenders have been arrested in the UK, as the police seem to think those deploying Wi-Fi should be more careful about securing their connections.

The data was collected from a "Have Your Say" survey on the website of security-specialist Sophos: apparently 54 per cent of the 560 people who responded admitted nicking bandwidth from insecure Wi-Fi routers.

This might say more about Sophos customers than the general population, and extrapolating the results to every computer user in the country is probably a crime against statistics: so that's exactly what The Times has done.

…

Anyone caught stealing a Wi-Fi connection can be fined up to a grand, even if it's left unsecured, so make sure you ask nicely next time you're looking to log on, and if the person next to you has never stolen a Wi-Fi connection then we have to assume that you have. "

What is your opinion about accessing open wifi ? Do you think it is a crime ?

Source: The Register

Tags: 2007, access, agreement, art, blog, ces, computer, connection, connections, crime, customer, electricity, enforcement, free, ia, im, internet, internet access, King, lan, law, list, MIT, nomadcom.net, police, population, security, services, statistics, survey, the register, thief, thieves, uk, user, water, web, website, what is, wifi, wireless, wp, www

The attacks on Swiss financial institutes with the aim of unjustified enrichment and the threat of the targeted industrial espionage via the internet are the main topics of the fifth semi-annual report of the Reporting and Analysis Centre for Information Assurance.

The report assesses the situation of the first half of the year 2007 in Switzerland and is now available online and clearly shows that the human factor remains the weakest point of ICT security.

Focus areas of issue 2007/I

• Attacks on Swiss financial services
  "Classic" phishing attacks by e-mail with password requests have decreased substantially in Switzerland. Moreover, all such attacks have been unsuccessful. On the other hand, successful attacks with malware have increased. Two-factor authentication systems (e.g. transaction authentication numbers, SecurID, etc.) do not afford protection against such attacks and must be viewed as insecure once the computer of the customer has been infected with malware.

• Industrial espionage and data theft
  The threat posed by targeted state or private industrial espionage continues. Not only the operators of critical infrastructures, the armament industry, or public authorities are threatened. Medium-sized industrial companies as well as manufacturers of luxury articles and fashion are also being targeted. The attacks are carried out by sending targeted e-mails to individual employees which contain malware in their attachments or links to bogus websites.
• Attacks on web servers:
  malware distribution, phishing, data theft Compromising of web servers has increased. The purpose is to use web servers to distribute malware, such as by drive-by infection, to steal data (especially on commercially used servers), to carry out (interim) storage of data (e.g. in connection with phishing), or to distribute messages that are generally political in nature.
• Malware / attack vectors
  Malware is still usually distributed through e-mail attachments or e-mails with links to bogus websites. Using clever social engineering techniques, the victim is deceived into opening the attachment or clicking on the link. Websites installing malware on the computer without any action by the user (drive-by infections) have heavily increased as an infection vector. Vulnerabilities in the operating system, the browser, or other applications are exploited. For a long time now, this no longer only happens on dubious sites, but also on (compromised) serious and well-known sites. Rates of recognition of malware by anti-virus software remain low.

The complete report is available on Melani website in italian, german, french and english.

A complete and useful list of all Internet risks and related protection measures is also available.

Tags: 2007, 24, aim, analysis, Annual, art, ATT, attack, blog, ces, computer, connection, CTU, customer, engine, espionage, human, ia, ict, ICT Security, im, industry, install, internet, IT World, ITU, King, lan, list, malware, melani, nomadcom.net, online, password, phishing, public, risk, security, services, social, storage, swiss, switzerland, theme, threat, user, web, web server, website, wp, www, XP

Last week Lenovo (certainly among others) announced to its customers that owners of "qualified systems" can, if they wish, downgrade their Vista O/S to Windows XP. The offer is valid till 31st of July 2008.

Now, Microsoft announces that Windows XP operating system will remain available for sales to OEM and retail till June 2008, which is five month more than previously announced. System builder partners will be able to offer Windows XP until end of January 2009.

Windows XP Starter Edition in emerging markets where it is currently available for the rapidly growing class of hardware-constrained ultra-low cost PCs until June 30, 2010.

Long waited Microsoft Vista SP1 has not been yet officially announced and its release is not expected before 2008.

Tags: 2007, 2008, api, art, blog, ces, customer, downgrade, ia, ibm, im, IT World, lan, microsoft, nomadcom.net, press, release, train, vista, windows, wp, www, XP

The Gartner Group launched during the IT Security Summit, a book written by Richard Hunter (Gartner vice-president) entitled IT Risk: "Turning Business Threats into Competitive".

The Register published an article highlighting some of Hunter's statement. Extracts:

• IT systems have become so integral to businesses that their failure can have disastrous consequences for an organization.

• IT risk is too important to be left to IT departments
• IT risk is related to IT value. It would be short-sighted not to recognize either value or risk

The complete article in available on The Register site.

More interesting than the article itself are indeed the comments which clearly show how wide is the gap between the theory (or the analysis) and the reality.

Best of :

• So the Bean counters and all the people who have no clue about it should have control? BAD IDEA.
• …This is the reason why an I.T director needs to sit on the board. Not however just some one who did a MBA but barely knows how to turn on their PC.
• …much of the problem can be resolved with a bit of education and common sense – and some money of course
• Ignorance, from middle management to board level, of even simple issues relating to IT risks that can be seriously detrimental to the business as a whole.
• Management, up to board level, simply not listening to IT managers who DO know what they are talking about
• In my experience IT risk auditors are finance types who don't understand IT and thus cannot adequately assess the risk
• Yes, let's take away IT disaster management and network security from the people that have a clue.

All comments are here.

I recognize in most comments highly experienced, realistic and well grounded IT guys. About the, so called, IT Analysts… same consideration than for the Burton Group.

As expressed, common sense would be to have IT director on the board, and the management to wake up and become IT skilled.

What's your opinion ?

Tags: 2007, analysis, art, best of, blog, book, ces, ethernet, failure, fon, gap, gartner group, how to, im, IT risk, King, lan, launch, LED, light, list, Management, MIT, money, network, nomadcom.net, pet, press, risk, security, simple, the register, threat, uk, wp, www, XP