May 22, 2000 (Computerworld) --
Here's a message I hope I'll never have to send: Hello. You're in my address book and therefore have probably been sent an e-mail "from me" containing a zipped attachment - which I supposedly received from (Sender), (Title) at (Prominent Company). Do NOT open the zipped attachment - this is the worm virus in the news. Simply delete the e-mail. Sorry, (Victim) I received this pathetic missive in the wake of the so-called Love Bug's predecessor, ExploreZip.worm. These worms, while clever, are more socially than technically adept. A victim is attacked by a message that seems to come from an acquaintance. In reality, of course, the poisoned message comes from a trusted person's machine, not that trusted person. After the Love Bug, experts made the same tired recommendations we always see: Disable macro languages. Ban attachments in corporate environments. Don't open any attachment you aren't sure about. Will we ever learn? This isn't really about viruses and worms at all; it's about identity. You probably do most of your business through e-mail, where you're represented by nothing more than an e-mail address. Everybody knows it's trivial to forge an e-mail address, and we now know it's also far too easy to hijack somebody's e-mail program. Sadly, a solution has been widely available - and almost universally ignored - for almost five years. Since 1996, the e-mail clients bundled with both Microsoft's and Netscape's browsers have enabled us to digitally sign our messages and thus prove our identities to recipients. I sign all my e-mail messages, but I can count on the fingers of two hands the people who have ever sent me signed e-mail. Leave out cryptography experts, and I only need one hand. To sign your e-mail, you need a client certificate, a.k.a. digital identification. These are like the server certificates that secure Web sites use to support Secure Sockets Layer (SSL) connections. But server certificates do more than just activate SSL. They also authenticate servers to clients - that is, they prove to your browser that it's really connected to Amazon.com and not to some rogue site. The dirty little secret of e-commerce is that clients aren't authenticated to servers. You know that Amazon.com is Amazon.com, but it doesn't know who you are; it knows only that you're somebody's valid credit-card number. Why not use a client certificate? It takes effort to acquire and use one, and nobody wants to slow the e-commerce juggernaut by asking people to make that effort. It's long past time to rethink this lazy approach. The same client certificates that could help stem the growing tide of online credit-card fraud
Google's Universal Search for Business View this exclusive webcast, free, compliments of Google! Go to the webcast
Learn-Fast Guide: Software as a Service is Growing Up
Download this Computerworld Executive Briefing, a $195 value, for free! Compliments of Akamai. (Source: Computerworld) SaaS is here to stay as an application delivery channel. You will be using it, but will you do so wisely? This Learn-Fast Guide will prepare you for software delivered over the Web. From security issues to contract negotiations, there's a lot to consider ... and a lot to gain. Download this executive briefing
The Importance of Application Management
Get this white paper now! (Source: Dell) Efficient desktop application management is essential in normal day-to-day operations of any company. Whether you are introducing a new application or implementing an OS migration, the goal is the same: minimize disruptions and ensure user productivity throughout the process. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Intercept Spam & Viruses With MessageLabs MessageLabs is offering a complimentary 30 day trial of its managed Anti-virus and Anti-spam security solutions. MessageLabs guarantees complete protection against all know and unknown email threats. By providing 24 hour support, your business can increase productivity and decrease risk. Register for a complimentary trial and receive a free datasheet. Download this white paper now!
SQL Anywhere is the industry-leading mobile and embedded database. Designed for database-powered applications that operate in frontline environments without onsite IT support, SQL Anywhere offers enterprise-caliber features in a database that is easily embedded and widely deployed in server, desktop, remote office and mobile applications.