Silicon.com: Social networking sites as infection hotbeds
The social websites are the big target now - MySpace, Facebook...People are less careful and more likely to click on a link or download something. They are open and people can put links or trade files with somebody. I refer to the latest threat report from Symantec, they are seeing a shift away from hacking individual computers to web-based threats.

Complete Story

I am saddened by continued reports that support for Mozilla's email client, Thunderbird, continues to diminish. From DesktopLinux:

The Mozilla Foundation's press release focused on the Firefox 2.12 security fixes.
The Foundation also reported, though, in its MFSA (Mozilla Foundation
Security Advisory), that these same bugs had been fixed in the
fictitious Thunderbird 2.12...

...Still, it is upsetting that
Mozilla reports that these problems have been fixed in a version of
Thunderbird that doesn't exist. The latest version of Thunderbird is
2.09.

Mitchell Baker posted last September the transfer of Thunderbird from Mozilla to a yet to be seen Mailco organization. Just as DesktopLinux mentioned in their article, I've seen little information about what we can with regards to Thunderbird's future. Perhaps, I'm just not looking in the wrong places?

"Most people consider themselves prudent when it comes to workplace activities, but actions speak louder than words—especially when it comes to computer security.

A large gap exists between what employees say about computer security and how they practice it at work, according to the Information Systems Audit and Control Association, which polled 301 white-collar workers at companies of at least 100 employees."

Complete Story

 

An excellent article at CIO Insight in their "Expert Voices" column concerning IT security.  The article is titled, "IT Security, Reconsidered":

Business people know risk and return are opposite sides of the same coin; you can't have return without risk. So successful companies learn to analyze, accept and manage risk…most kinds of risk, anyway. When it comes to IT risk, organizations tend to focus on avoiding risk instead of managing it, by preventing intrusions and preparing to respond to catastrophic events. But instead of protecting companies, this approach to risk has blindsided IT to a long stream of IT disasters, from system meltdowns (Comair, Jet Blue) and stolen credit card data (TJX, CardSystems Solutions) to pilfered laptops (Veterans' Administration) and stolen data (U.S. Department of Transportation). Putting IT security back in the context of risk management has been the focus of George Westerman's work.

This year at work I have spent close to half my time dealing with a lot of IT security.  I have not only been kept busy with locking down the network but  also with way too much paperwork certifying that our machines are secure.  When you spend so much time making the paper pushers happy that you're following the latest policies it hard to actually really identify the true risks that don't show up on paper.  More importantly, spending so much time on IT security not only locks out the would-be hackers but also locks your IT staff out from adding potential IT value to the operations.  There has to be a balance somewhere...

"Welcome to the brave new world of booby-trapped Web pages. If Trend Micro's predictions hold up, more cyberattacks will originate from the Web than they do from e-mail.

That shift is expected to take place sometime next year, according to [Raimund] Genes. CNET News.com caught up with Genes to find out how he sees the battle lines shifting."

Complete Story

"Now, there is a general feeling of hopelessness among security professionals involved in finding and disabling botnets. It remains to be seen how this despair affects security products and the attitudes of the technology executives who rely on them.

'We've known about [the threat from] botnets for a few years, but we're only now figuring out how they really work, and I'm afraid we might be two to three years behind in terms of response mechanisms,' said Marcus Sachs, a deputy director in the Computer Science Laboratory of SRI International, in Arlington, Va."

Complete Story