Archive for July, 2010
On Safari and Bagged Your Personal Data
“Right at the moment a Safari user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address.”
Jeremiah Grossman, founder and CTO of WhiteHat Security
Here’s another new threat to your personal information, and another example how no company is exempt from security breaches.
According to an article written by Thomas Claburn of InformationWeek: “a flaw in the implementation of Safari’s AutoFill mechanism can be exploited to grab Mac users’ names, street addresses, and e-mail addresses.”
“[The] entire process takes mere seconds and represents a major breach in online privacy,” says Jeremiah Grossman who believes that “the security flaw may reside in the open-source WebKit engine used by Safari and that the flaw may be present in older versions of Google’s Chrome browser, which also relies on the WebKit engine.”
The article and Grossman’s own blog are worth checking out as it was once all too rare to hear the words “Apple” and “security flaw” in the same sentence.
Today Microsoft recognized Ipswitch as a “MidMarket Solution Provider” under its Certified Partner Program. This recognition was awarded on the strength of recommendations from Ipswitch’s customers and on the depth of technical knowledge in the company.
Ipswitch now holds two Microsoft competencies: “MidMarket Solution Provider” and “Independent Software Vendor” (a.k.a. “ISV”). Together these afford Ipswitch excellent access to Microsoft technical support and consulting services as well as early access to operating systems, databases and other key platforms from Microsoft.
That’s right. Get ready to say goodbye to cloud computing. 
Not the hosting and using of services over the Internet, oh no. I’m talking about the term “Cloud Computing.”
Well, that’s just one of John Soat’s “Five Predictions Concerning Cloud Computing”
What are the five predictions?
- All applications will move into the cloud.
- Platform-as-a-service (PaaS) will supplant software-as-a-service (SaaS) as the most important form of cloud computing for small and, especially, mid-size businesses.
- Private clouds will be the dominant form of cloud computing in large enterprises
- Hybrid clouds eventually will dominate enterprise IT architectures
- The term “cloud computing” will drop off the corporate lexicon.
This is a fun and engaging read, and the comments afterward are equally as interesting. Worth checking out.
“We are sorry for any concern we are causing anyone at this time.”
It’s pretty certain that those are 13 words that no CEO ever wants to have to say. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.
Seems that some computer files containing the personal information of about 800,000 people might have been misplaced or possibly lost or maybe even stolen.
We’re talking about information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits … just to name a few pieces of personal information, you get the picture.
800,000 records. 800,000 reasons why Managed File Transfer is important. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.
Seems that somewhere in the process of these 800,000 records being shipped to a contractor to be destroyed, and actually getting to the contractor to be destroyed they disappeared.
Boston.com has some information worth reading.
Forgive the obvious Ipswitch plug here, but c’mon, any one of these solutions could help any CEO avoid having to say those 13 words.
So, that’s today’s 800,000 reasons why MFT is important, and how to avoid those 13 words. As a special bonus for you, here’s 7 words you’d surely like to steer clear of:
“We are still searching for those files.’’
Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.
There’s some interesting news going on regarding a warning that Microsoft gave on Friday (7/16/10) about hackers exploiting a critical unpatched Windows vulnerability.
I read on Networkworld.com that “hackers have been exploiting a bug in Windows ‘shortcut’ files, the placeholders typically dropped on the desktop or into the Start menu to represent links to actual files or programs.”
Also in the article, Dave Forstrom, one of the directors in Microsoft’s Trustworthy Computing group, said:
“In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware.”
If you’re unfamiliar with Stuxnet, it’s a “clan of malware that includes a Trojan horse that downloads further attack code, including a rootkit that hides evidence of the attack.”
Siemens, according to this Computerworld article, sees this virus as “new and highly sophisticated“, and in the same article there’s a disturbing quote from a large utility IT professional:
“This has all the hallmarks of weaponized software, probably for espionage,” said Jake Brodsky, who asked that his company not be identified because he was not authorized to speak on its behalf.
In the end, I think that Chester Wisniewski, senior security advisor at Sophos, is right on when he perfectly summed up the virus with one word. He simply called the threat “nasty“.
