- +
Blog: Regulatory Compliance & the Real Risk of Undetected Malware 01/02/2008 12:35:37
With the emergence of regulatory laws borne out of experience from a variety of embarrassing security breaches, today's corporate leaders face a myriad of repercussions. These range from serious fines to jail time when found not in compliance with regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and Payment Card Industry (PCI), etc. - +
How to Be a Supremely Productive Person: A Chat With John Halamka 11/01/2008 10:59:10
John Halamka has two CIO titles, a family, passionate rock-climbing and wine-making interests and a major-league blog habit. We discuss his celebrity turn in a BlackBerry ad, his tips for e-mail triage, how he sleeps three hours a night and why he now understands Britney Spears.John Halamka has two CIO titles, a family, passionate rock-climbing and wine-making interests and a major-league blog habit. We discuss his celebrity turn in a BlackBerry ad, his tips for e-mail triage, how he sleeps three hours a night and why he now understands Britney Spears. - +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
Big Brother Is Watching You. . . and He's a Computer 25/06/2007 10:57:08
Schools are increasingly installing cameras to spy on students. The stated reasons include the prosecution of crimes likely to occur at a school such as vandalism and theft, but the cameras also can be used to enforce school rules such as tardiness, truancy and running in the hallsPrivacy activists have been lamenting increasing surveillance by cameras and warn of abuse by authorities who have access to them. But two additional trends portend a disturbing new direction - +
Ever-evolving Malware Is Getting Nastier 04/06/2007 12:34:20
For the past seven years, the most frequent way that people got infected with malware was by clicking malicious file attachments or rogue embedded Web linksMalware evolves in trends. Yesterday's boot virus is today's Web server exploit program. Malware follows popularity, and it morphs to get past ubiquitous defences. Understanding the growing trends in malware will help you plan better defences
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Microsoft 2008 Mission Critical IT
ALM for the Enterprise - Serena’s Approach to ALM 2.0
EMC Data Profiling for File System and Exchange Server Environments
Application Modernization: Preserving Your Organization’s DNA
The value of Project Portfolio Management
Aligning IT and the Business with Demand Management
A Guide to Next-Generation Backup, Recovery and Archive
SOA Governance: Rule your SOA
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Lessons learned: Russia's a terrible place to base your operations for a criminal enterprise, unless you like taking long vacations in Siberia. Kazakhstan and Latvia seem to be much more agreeable. Also, if someone sends you 40 large, don't wait: Turn off the damn DDoS before MI-5 gets involved.
Punked over a prank
Perp: Shawn Nematbakhsh
Status: Currently employed as a software engineer with a medical data company.
Dossier: One of the hottest technology topics of 2003 was how election systems were vulnerable. With the first presidential election since the Bush v. Gore fiasco coming up the following year, technologists were up in arms about the unreliability and untrustworthiness of electronic balloting systems, and were eager to prove their point.
Enter Shawn Nematbakhsh, computer science undergraduate at the University of California. Was he eager -- perhaps a bit too eager -- to make a point about the electronic balloting system that the university employed to hold student council elections, when he cast 800 votes for a fictitious candidate named American Ninja? Sadly, no.
"I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."
The student council elections were held over the Web. Students could log in to a special page and cast their ballots for student council members and student body president. Unfortunately, the election system suffered from a serious internal weakness: "There was some input that was not bounds-checked, so using certain input you could vote as anyone," Nematbakhsh explains. "I wrote a script that would log in, cast a vote, log out, then log in again, cast another vote, and so on."
But seriously, American Ninja? "That year I remember watching that really stupid movie and talking about it with my friends, and it was the first thing that came [to mind]," he said.
Nematbakhsh says the jig was up when campus police called him in to discuss the incident. He'd told some friends about the vulnerability he had discovered in the voting system, and his name had eventually surfaced in the investigation. When asked, Nematbakhsh immediately admitted his involvement in the prank.
"I confessed to doing it, thinking it wasn't such a big deal. I thought they might fine me, or suspend me for a quarter or something," he says. That did happen, but a month later, he also faced criminal charges that could have landed him prison time.
In the end, he arranged a deal to accept a misdemeanor charge. His sentence: "I had to pick up trash on the weekends for three or four months, and pay back the cost of the election -- a couple thousand dollars."
Lessons learned: "Getting caught was kind of a wake-up call, that the Internet was not some kind of playground and I couldn't do what I wanted to all the time. I had to obey the law. The prank was not well received by a lot of people at the school."
Nematbakhsh's advice to potential election pranksters: "Things like that seem funny when you're doing them, but when you get caught, it's not much fun. I'd caution against silly pranks like the one I did."
Computerworld Member Login
Beyond Virtualisation - The Roadmap to 2012
CIO Breakfast Briefing
8:30am - 10:30am
Brisbane | 22 July | Sofitel Brisbane
Sydney | 23 July | Four Seasons Hotel
Canberra | 24 July | The Hyatt
Attend and discover:
- What happens after virtualisation
- The benefits automation drives
- When automated infrastructures will emerge
- What the roadmap to 2012 looks like
- How to deliver an automated architecture
- How to maximise your investment in virtualisation
- +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years.
Ballarat Grammar Improves Student Access to Computer Based Learning with HP ProCurve 2008-07-04 16:49:00+10
Media release: 40 Per Cent of Australian Businesses Do Not Validate Their Data 2008-07-04 10:29:00+10
Kaseya helps turbo charge BlueFire’s service delivery model 2008-07-03 17:23:00+10
Computershare Selects Symantec for Data Loss Prevention Globally 2008-07-03 14:52:00+10
DST International moves to new Shanghai office 2008-07-03 13:21:00+10
Tools and techniques for superior test management
In recent years, the field of application testing has evolved. While the pressure to deliver high-quality applications continues to mount, shrinking development and deployment schedules and high turnover rates for skilled employees make application testing challenging. Read on to discover how to combat these problems and complete your application testing successfully.
