Feed
Description

RSS News Feeds

- Janco

- IT Productivity Center

ejobdescription -

- psrinc

- IT-Toolkits

IT Job Descriptions and Salary Data Latest News

How do you provide electronic data for litigation?

Once litigation starts CIOs often are required to provide data in electronic format.  There are three (3) ways that can be accomplished:

more info 

LDAP injection is a technique for exploiting web applications

Lightweight Directory Access Protocol (LDAP) is a widely used protocol for accessing information directories. LDAP injection is a technique for exploiting web applications that use client-supplied data in LDAP statements without first properly validating that data.  LDAP is frequently used in web applications to help users search for specific information on the Internet. For example, a distributer or reseller may publish white pages so that users can find information about particular products.

more info 

IRS Systems Lack Security - Expose Taxpayer Data

An audit report of IRS systems states that the IRS fails to implement systems with adequate security built in.  Since 1997, the IRS has designated computer security as a material weakness. The IRS continues to struggle with addressing security vulnerabilities on its modernized systems.  Until security control vulnerabilities are corrected, the IRS is jeopardizing the confidentiality, integrity, and availability of the massive volume of taxpayer data processed and stored by the IRS.

more info 

Techniques Used by Hackers Defined

There are six main techniques used by hackers to attack systems.  They are:

more info 

Data Breaches are Expensive

California Senate Bill1386 added a new, public dimension to regulatory compliance. In the event of a data breach such as a lost laptop computer containing sensitive information, the bill requires organizations to notify all parties whose personal information has been exposed.  Following California's lead, 36 additional states have enacted similar data breach laws. It has been estimated that it costs a company $197 per missing record when a breach occurs.  So 1,000 records breached $1,970,000!!

more info 

ISO 17799 is not fully compliant with SOX

ISO 17799 is not 100% fully compliant to the list of all SOX requirements, as SOX was conceived in the USA and targeted especially if not only for USA-based companies and not mandatory for European ones, while ISO standards are thought as international standards to be applied by all corporations from all countries.

more info 

Wireless opens new vulnerabilities

more info 

IE 7 Offers News Security Enhancements

more info 

Metrics Drive Productivity

more info 

Centralized Password Reset is a Must for Smart Phones

The Janco Security Manual address issues like centralized password control for smart phones.  The central establishment and enforcement of password policies provides the greatest authentication security to the enterprise. When controlling password policies from a centralized function or location with wireless capability, administrators can quickly and easily control policies for a broad array of users, without ever having to handle the end users device.

more info 

How Do You Audit the Mobile Work Force

How do you audit your Security Standards given the notebook computers which are available todayu are enabling businesses to further blur the distinction between an in‑office worker and a mobile worker. For instance, the latest model notebooks incorporate dual‑core processors that deliver the computational power to run business productivity applications as well as complex financial analysis and computer‑aided design applications.

The processing power in these notebooks gives users the flexibility to work from a client site, on the road, in a hotel room or at home. At the same time, the availability of residential broadband services and wireless hotspots lets these users share their work with colleagues and allows them to connect to company networks. But thereÂ’s the catch. The combination of increased connectivity and mobility could expose computers to todayÂ’s growing security threats.

Mobile systems, like their desktop counterparts, need protection from viruses, worms, Trojans and spyware. And the users of these systems must also be protected from system vulnerabilities and other hacker exploits. However, protection is getting more complicated as hackers are turning to special wireless snooping tools and blended threats that use a combination of different attacks to steal information or corrupt mobile systems.

more info 

Internet Growth Rate Slowing Down

(University of Minnesota) Despite more demand for video and other bandwidth saturating content, Internet traffic growth rates are slowing down, according to a new Web site at the University of Minnesota. The Minnesota Internet Traffic Studies site shows that Internet traffic growth rates have settled in at about 50% to 60% in the United States and worldwide as the Internet matures. That's a far cry from the doubling rates every year or even every 100 days that some claimed in the mid-to-late 1990s.

more info 

IT Service Management is key to Success

IT Service Management is not for the faint of heart. Support professionals, help desk staff, and even network administrators, already consumed with a barrage of break-fix requests, must also manage a constant stream of challenging user administration tasks. Add to the mix the responsibility for deploying or upgrading new user accounts, software, and equipment, and you have the conditions for every harried IT professionals perfect storm.

more info 

Vista Not Selling as Well as XP When It Was Released

Sales of boxed copies of Windows Vista continue to significantly trail those of Windows XP during its early days, according to a soon-to-be-released report.

(c/net news.com) Standalone unit sales of Vista at U.S. retail stores were down 59.7 percent compared with Windows XP, during each product's first six months on store shelves, according to NPD Group. In terms of revenue, sales are also down, but the drop has been less steep, at 41.5 percent. The findings largely mirror the sales pattern NPD saw for Vista during its first week on the market in January.

more info 

Security Took a Major Hit with a Microsoft System Meltdown
(Computerworld) Security took a major hit with a 19-hour blackout of the Microsoft Corp. servers that identify copies of Windows XP and Vista as legitimate or counterfeit shows that serious flaws exist in the process and raises questions about the reliability of Microsoft's services.

The system that validates Windows XP and Vista erroneously fingered users as pirates, preventing them from downloading most software from the Microsoft Web site, and in the case of Vista, disabling several features, including the operating system's Aero graphical user interface. Windows users lit up Microsoft support forums with more than 450 messages, some of which were collected in threads have been viewed by as many as 45,000 people.

Microsoft had not explained the problem with the Windows Genuine Advantage (WGA) servers, although on Saturday the program manager promised that after the team had generated a fix, he would get you all what you are looking for, an explanation and cause.

more info 

Simpson Movie Drives New Spam Blast
(Network World) -- Spammers are jumping on the success of The Simpsons Movie to trick e-mail users into validating their addresses, so they can then send them more spam.

Since the launch of the movie spammers have been sending messages with an embedded picture of Homer Simpson in his underwear. The text asks if the recipient plans to see the new movie and to fill out a related survey by following an embedded link. If the recipient clicks on the link, the Web site records the e-mail address -- now knowing that there is a valid user -- and sends the address more spam.

The spam message also promises to award a prize to those who fill out the survey, according to antispam vendor SpamFighter, which caught a The Simpsons Movie spam in its filters.

While this new spam blast uses a hot pop culture topic to entice recipients, the purpose of the spam is a throwback to the early days of e-mail abuse. Unlike phishing scams of late that try to extract personal or financial information from users or e-mails with hidden malware that installs bot nets on unsuspecting PCs, the Simpsons scam does nothing more than validate the legitimacy of the address, and then spam some more.

Another recent abuse that used the release of a Harry Potter novel and film to entice recipients was also comparatively benign; the W32/Hairy-A worm infected PCs and displayed a file that said Harry Potter is dead, among other messages, but did not download malware or attempt to extract information from the user.

more info 

Disaster Plan - Business Continuity Template Meets Sarbanes-Oxley Mandated Requirements

The Disaster Recovery / Business Continuity Template version 4.3 has just been released.  Janco contiues to update its templates to meet the ever changing requirements of the business environment.

more info 

Senators renew quest for Net neutrality rules
(CNet)  - The Net neutrality skirmish that swallowed up so much of Congress' technopolitical agenda last year may be gearing up for a comeback. A pair of senators who led the divisive push for the new regulations want everyone to know they haven't forgotten the cause.

Sens. Byron Dorgan (D-N.D.) and Olympia Snowe (R-Maine) aired their views in a joint letter (PDF) filed with the Federal Communications Commission just before the Monday deadline for remarks on an open inquiry into "broadband industry practices."

more info 

The Big Advantages and Big Challenges of VoIP
VoIP, because of its complexity and relative immaturity, is unpredictable and a bit less stable than traditional voice networks. And nobody wants to take chances with their corporate voice service. In limiting the disadvantages, perhaps the most important single step is to perform a baseline network study before designing and implementing systems. Even the best VoIP network will be undermined if the infrastructure on which it rests is flawed or inadequate. Other suggestions are to make sure switches and routers are configured correctly and to use Ethernet switches that offer quality of service features. In cases in which the telecommunications network will be part of the mix — for instance, the use of VoIP in scenarios in which branch offices and headquarters are linked — make sure VPNs based on service level agreements are in place.

more info 

HIPAA audit at hospital riles health care IT
(Computerworld) -- An audit of Atlanta Piedmont Hospital that was initiated by the U.S. Department of Health and Human Services in March is raising concerns in the health care industry about the prospect of more enforcement actions related to the data security requirements of the federal HIPAA legislation.

The audit was the first of its kind since the Health Insurance Portability and Accountability Acts security rules went into effect in April 2005, joining data privacy mandates that were already in place. The security rules require organizations that handle electronic health data to implement measures for controlling access to confidential medical information and protecting it against compromise and misuse.

more info 

Other News Links

CTO Toolkits.com
e-janco.com
IT Productivity.org
IT-Toolkits.com
ejobdescription.com
psrinc.com
psrorders.com
newsgroupworld.com
ntcity.com
disaster-planning-template.com
disaster-recovey-planning.org
disaster-recovery-planning.com
disaster-recovey-planning-template.com

© 1999 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 09/17/08.