- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Toxic Mix or Bit of a Mixed Blessing? 31/12/2007 10:36:30
“Eye of newt, and toe of frog, Wool of bat, and tongue of dog . . . ” The inter-generational office brew of Boomer, Gen X and Gen Y may not be quite as odious as that of the three witches in Shakespeare’s Macbeth, but even so it makes “for a charm of powerful trouble”"Eye of newt, and toe of frog, Wool of bat, and tongue of dog . . . " The inter-generational office brew of Boomer, Gen X and Gen Y may not be quite as odious as that of the three witches in Shakespeare's Macbeth, but even so it makes "for a charm of powerful trouble" - +
Strategies for Dealing With IT Complexity 24/12/2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business. - +
Process Trip 04/02/2008 13:07:03
Why Maritz Travel revamped key business processes — and how business and IT came together to make it workWhen Rich Phillips became COO OF Maritz Travel about two and-a-half years ago, he sat down and took a hard look at the big industry picture
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Is the software we're using to protect ourselves from online attacks becoming a liability?
That's what Thierry Zoller believes. For the past two years, the security engineer for n.runs has taken a close look at the way antivirus software inspects e-mail traffic, and he thinks companies that try to improve security by checking data with more than one antivirus engine may actually be making things worse. Why? Because bugs in the "parser" software used to examine different file formats can easily be exploited by attackers, so increasing your use of antivirus software increases the chances that you could be successfully attacked.
Antivirus software must open and inspect data in hundreds, if not thousands, of file formats. One bug in the software that does this can lead to a serious security breach.
Zoller and his colleague Sergio Alvarez have been looking into this issue for the past two years and they've found more than 80 parser bugs in antivirus software, most of which have not yet been patched.
The flaws they've found affect every major antivirus vendor, and many of them could allow attackers to run unauthorized code on a victim's system, Zoller said.
"People think that putting one AV engine after another is somehow defense in depth. They think that if one engine doesn't catch the worm, the other will catch it," he said. "You haven't decreased your attack surface; you've increased it, because every AV engine has bugs"
Although attackers have exploited parsing bugs in browsers for years now, with some success, Zoller believes that because antivirus software runs everywhere, and often with greater administrative rights than the browser, these flaws could lead to even greater problems in the future.
The bottom line, he says, is that Antivirus software is broken. "One e-mail and boom, you're gone," he said.
Research into parsing bugs has been spurred by a heightened focus in recent years on "fuzzing" software, which is used by researchers to flood software with a barrage of invalid data in order to see if the product can be made to crash. This is often the first step toward discovering a way of running unauthorized software on a victim's machine.
A parsing bug in the way the Safari browser processed .tiff graphic files was used recently to circumvent Apple's strict controls over what software may be installed on the iPhone.
Zoller says he has been criticized by his peers in the security industry for "questioning the very glue that holds IT security all together," but he believes that by bringing this issue to the forefront, the industry will be forced to address a very real security problem.
Between 2002 and 2005, nearly half of the vulnerabilities that were discovered in antivirus software were remotely exploitable, meaning that attackers could launch their attacks from anywhere on the Internet. Nowadays, that percentage is close to 80 percent, he said.
Zoller's company sees a business opportunity here. N.runs, based in Oberursel, Germany, is building a product, code-named ParsingSafe, that will help protect antivirus software from the kind of parsing attacks that he has documented.
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Zepto release new graphics card for their Centrino 2 range 2008-08-21 15:34:00+10
Perth Energy selects Gentrack to support its growth in Australia's energy market 2008-08-21 15:03:00+10
SAP Names Satyam ‘Global Partner’ 2008-08-21 11:01:00+10
C4 is Making a Blast in the Australian Networking Equipment Market, Says IDC 2008-08-21 10:29:00+10
Surfboard Mounted Touchscreen Computer Makes Waves 2008-08-20 16:00:00+10
Unified Communications: Justifications and Predictions
Building a business case for Unified Communications is currently more of an art than a science. However, the difficulty of building a business case for UC does not mean that there is none - just that we need to view (and measure) UC's benefits in accordance with the stage of maturity of the technology's adoption. Read on to find out more.
