October 20, 2005 (Computerworld) --
At the moment, there's a dirty little secret that only a few people in the information security world seem to be privileged to know about, or at least take seriously. Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes. When you read this, it almost sounds like the plot of a cheesy science fiction novel, where some evil uberhacker is seeking world domination, while a good uberhacker applies all his super brain power to save the world. Sadly, this isn't science fiction, and we don't typically have uberhackers on our side. Talk of these hacks is going on within the intelligence and defense communities in the U.S. and around the world. The attacks were even given a code name, Titan Rain, within the U.S. government. The attackers appear to be targeting systems with military and secret information of any type. They are also targeting the related technologies. But I'm not just talking about government systems. There are a variety of industries that support the government. For example, automobile companies make tanks and other military equipment. Food service companies supply military rations. Oil companies provide fuel to the government. Companies with personal information on federal employees can be exploited to identify undercover operatives. That also brings up other potential targets, as the attackers are necessarily limiting their sites on apparent military systems. Oil companies know where potentially valuable oil reserves might be. Telecommunications companies have details about satellite communications and new technologies for improving communications reliability and bandwidth. Any organization with intellectual property worth protecting is a potential victim of these attackers. I only present the above facts to demonstrate that most companies can expect to fall victim to the attackers. Way too many companies believe that they have nothing to fear or nothing of value that sophisticated attackers would want. The fact of the matter is that these attackers are extremely indiscriminate in whom they compromise. The critical issue is the identity of the attackers. The source of the attacks will tell you how much you have to be worried about. Initially, the attacks were traced to China, which told investigators very little. There are so many poorly secured computers in China that many hackers use China-based systems as relay points for their attacks. So despite the fact that all attacks went through China, there was little evidence to conclude that China was responsible. That was until Shawn Carpenter, a security analyst at Sandia National Laboratories, decided to pursue
"Welcome to a special IT Blogwatch EXTRA: as Richi Jennings watches bloggers' reactions to the Russian hackers who claim to..."
Read more...
"As if taxpayers needed another reason to scorn the IRS. I read yesterday that the inspector general review of several..."
Read more... Read more Security posts or See all Blogs
One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs.
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center Register for this complimentary webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage
Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Securing your network begins at the gateway, also called the perimeter, to keep unauthorized users, viruses and malicious code from entering your systems. Deploying multilayer technologies is your first line of defense. With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. One of the key facets of a successful security strategy is protecting the servers that run critical applications and house so much of your essential data. Having the right policies, procedures and server configurations is critical.
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT the good, the bad, and the rest of the weird stuff you deal with every day.
Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]