British secret services MI5 warned UK businesses about Chinese hackers.

MI5 director-general wrote to 300 UK firms including Banks and law firms to warn them about "electronic espionage attacks" conducted by "Chinese state organizations".

IT Security company Sophos reports that 30 per cent of malware are "made in China". Trojan horses are designed to rob login credentials of anything including email and games. 

China's People's Liberation Army (PLA) was already blamed in September 2007 for attacking governments computers of France, Germany, New Zealand, Australia and United States, including Pentagon systems.

Trojan horses often target computers with unpatched vulnerabilities and without proper level of security deployed.  

The Chinese government has denied any involvement in the attacks and pointed its finger to unidentified hackers.

The question is now to discover if malware "made in China" are really powerful and smart of if attacked computers were the result of a serious lack of security and preventive protection measures.

Source: The Register 

Tags: 2007, art, ATT, attack, blog, ces, computer, computers, design, espionage, event, game, ia, im, King, lan, law, login, malware, nomadcom.net, nyt, power, sco, security, services, spy, spy cyber china espionage "cyber spy" attack warning MI, the register, uk, wp, www

I found the article below on "The Register" site and asked myself the following question: 

If connecting to Internet using an open and unsecured wifi access point is considered as a crime, why authorities do not apply the same principle to other services (mainly electricity and water) we often use without any formal agreement of the owner ?

 " More than half of computer users have illegally stolen Wi-Fi connections, according to The Times - but only 11 alleged offenders have been arrested in the UK, as the police seem to think those deploying Wi-Fi should be more careful about securing their connections.

The data was collected from a "Have Your Say" survey on the website of security-specialist Sophos: apparently 54 per cent of the 560 people who responded admitted nicking bandwidth from insecure Wi-Fi routers.

This might say more about Sophos customers than the general population, and extrapolating the results to every computer user in the country is probably a crime against statistics: so that's exactly what The Times has done.

…

Anyone caught stealing a Wi-Fi connection can be fined up to a grand, even if it's left unsecured, so make sure you ask nicely next time you're looking to log on, and if the person next to you has never stolen a Wi-Fi connection then we have to assume that you have. "

What is your opinion about accessing open wifi ? Do you think it is a crime ?

Source: The Register

Tags: 2007, access, agreement, art, blog, ces, computer, connection, connections, crime, customer, electricity, enforcement, free, ia, im, internet, internet access, King, lan, law, list, MIT, nomadcom.net, police, population, security, services, statistics, survey, the register, thief, thieves, uk, user, water, web, website, what is, wifi, wireless, wp, www

The Gartner Group launched during the IT Security Summit, a book written by Richard Hunter (Gartner vice-president) entitled IT Risk: "Turning Business Threats into Competitive".

The Register published an article highlighting some of Hunter's statement. Extracts:

• IT systems have become so integral to businesses that their failure can have disastrous consequences for an organization.

• IT risk is too important to be left to IT departments
• IT risk is related to IT value. It would be short-sighted not to recognize either value or risk

The complete article in available on The Register site.

More interesting than the article itself are indeed the comments which clearly show how wide is the gap between the theory (or the analysis) and the reality.

Best of :

• So the Bean counters and all the people who have no clue about it should have control? BAD IDEA.
• …This is the reason why an I.T director needs to sit on the board. Not however just some one who did a MBA but barely knows how to turn on their PC.
• …much of the problem can be resolved with a bit of education and common sense – and some money of course
• Ignorance, from middle management to board level, of even simple issues relating to IT risks that can be seriously detrimental to the business as a whole.
• Management, up to board level, simply not listening to IT managers who DO know what they are talking about
• In my experience IT risk auditors are finance types who don't understand IT and thus cannot adequately assess the risk
• Yes, let's take away IT disaster management and network security from the people that have a clue.

All comments are here.

I recognize in most comments highly experienced, realistic and well grounded IT guys. About the, so called, IT Analysts… same consideration than for the Burton Group.

As expressed, common sense would be to have IT director on the board, and the management to wake up and become IT skilled.

What's your opinion ?

Tags: 2007, analysis, art, best of, blog, book, ces, ethernet, failure, fon, gap, gartner group, how to, im, IT risk, King, lan, launch, LED, light, list, Management, MIT, money, network, nomadcom.net, pet, press, risk, security, simple, the register, threat, uk, wp, www, XP