Be on the wave or under it
The News – 03/19/02
Cleaning Out the Old Links, part 2
I’ve got such a collection of interesting
and important material that hasn’t found its way into SNS yet
that I have to clean house. I cleaned out a bunch in the last SNS. Here’s some more
of the best of what I’ve got.
- Facial Recognition and Other Threats to Privacy:
Virage Inc. has developed software that
can automate video security, eliminating the need to pay low
wages to bored personnel just to stare at monitors all day.
You can program the system to recognize suspicious faces,
locations, words or phrases. Great. Now surveillance can be
in the hands of machines. Doesn’t that make you feel better?
To top it off, Visionics,
a maker of face recognition software, is enthusiastic about
the possibility of creating “national shield” (Mom & apple
pie alert!) linking every camera in the country.
Thankfully, not everyone thinks this is a great idea. “We're
collecting data on everyone on the assumption that anyone
may be the next terrorist,” said Deirdre Mulligan, director
of the Law and Technology Clinic at UC Berkeley. “This subverts
our traditional notion of the ability of the government to
survey its citizens” only if there is probable cause to suspect
criminal conduct. Security expert Bruce Schneier agrees: “You
end up with a society in which the database is more important
- UK ISP Closes After DoS Attack: For
those who are still wondering if the danger posed by Internet
miscreants is mostly hype, check out this story. UK Internet
Service Provider (ISP) Cloud-Nine was forced to close after
being hit with a massive denial of service (DoS) attack.
- Walk-up Printing for PDAs: Startup
Flexiworld wants to make it easy for your to walk up to any
printer and print emails or other documents wirelessly. I
don’t even want to think about the security implications of
Portland Business Journal
- The eBay Scam: Miscreants have been
attempting to steal unwary users’ credit card numbers through
a fake email that purports to be a purchase confirmation from
eBay. My Dad received the email in mid-January, along with
thousands of others. Recipients received the following email:
Your order has been completed and
will be mailed within 24-48 hours.
Your credit card has been charged
$460.50 for the following purchase...
- Microsoft X Box ( $399.00 )
- NFL Fever ( $50.00 )
Plus shipping and handling. If you
feel that your credit card has been billed wrongly, please visit
http://ebayservices-cancelorder.cjb.net and fill out all the
needed information to cancel the following order.
Again that site is <a href="http://ebayservices-cancelorder.cjb.net">eBay
Services: Cancel Order</a>,
CJB.net is an URL redirection service that
sent users to a page hosted at AOL. The page asked the user
to enter credit card number and other personal information
so that eBay could cancel the order. Obviously, eBay was not
involved in this scam, but, oddly, Harry Caray’s Chicago-area
restaurants were, albeit unknowingly. For some reason, after
users submitted the information, they were sent to a page
on Harry Caray’s restaurants site that simply said, “Your
order has been canceled.”
- “Unbreakable” Oracle 9i Broken: It
had to happen. The good marketing people at Oracle thought
an ad campaign calling Oracle 9i unbreakable was a good idea.
If they’d asked the Oracle techies, they probably would have
been told that nothing’s unbreakable, given enough time and
motivation. Sure enough, the software has been cracked, easily,
using the ever-popular buffer overflow exploit. Make sure
your marketing department has a better clue than Oracle’s!
- More from the FBI Survey: A recent SNS quoted
results from a recent survey by the Computer Security Institute
(CSI), in conjunction with the FBI Computer Intrusion Squad.
In addition to finding that that 81 percent of corporate respondents
said the most likely source of attack was from inside the
company, the survey also revealed:
- 85 percent of respondents (Large corporations and government
agencies) detected security breaches within the last twelve
- 35 percent of respondents quantified their financial losses
- 91 percent of respondents detected employee abuse of Internet
- 94 percent detected computer viruses within their network
- 78 percent of respondents stated they had detected Denial
Of Service Attacks
- 58 percent reported their network had been attacked 10
or more times
Domain Sellers Busted
Alert SNS Reader Roger Hamm sent along this article about
domain scammers who were selling bogus .usa domain names.
The UK company, dotusa.com, traded on Amercians’ patriotic
sentiment to sell more than $1 million in names at $59 apiece
before being busted by the FTC. Buyers of the .usa domains
found they couldn’t be used on the Internet. Oops.
- Genomics Predictions: The Centre
for Research on Innovation and the Institute for Alternative
Futures recently released predictions from the ESRC Genomics
Scenario Project. One of the most intriguing: “By 2005 biomarkers
indicate the likely presence of several cancers, classify
their defining molecular characteristics, and indicate which
therapies should be beneficial to the particular type of tumour.”
for Alternative Futures
- Verticalnet Gets Serious: Last month,
Kevin McKay, former SAP CEO, was appointed Verticalnet's new
president and CEO. McKay appears to be a heavyweight, having
held key positions at SAP, Sony Electronics and PricewaterhouseCoopers.
Erstwhile B2B exchange Verticalnet appears to be trying to
remake itself as a vendor of Collaborative Supply Chain solutions.
Such solutions provide supply chain visibility, comprehension,
and rapid response that leads to lower costs and inventory,
higher revenue, and growth opportunities. Modernizing the
supply chain by improving communication and planning processes
will be corporations’ big To Do for this decade. Strategic
Sourcing, Collaborative Planning, and Multi-tier Order Management
look to shave dollars off supply chain costs. It remains to
be seen, however, how successful Verticalnet will be in a
marketplace dominated by i2 and, to a lesser extent, Manugistics.
- Automated Security Testers: I’ve
recommended the Microsoft Personal
Security Advisor, and the enterprise tools offered by
its creator, Twin Cities-based Shavlik
Technologies, in the past. They’re great tools, and a
must for any Microsoft-based user. A new player in the area
of security vulnerability assessment and automated fixes is
BigFix.com, which offers customers a free online service that
finds security holes, software bugs, outdated drivers, and
viruses on a PC, then automatically retrieves and installs
the patch or update. It’s unclear if BigFix makes use of the
Microsoft database of security vulnerabilities that the Shavlik
tools access. To use BigFix, the user must subscribe to Fixlet
sites maintained by experts around the world, who provide
Fixlets in their area of expertise. I’m a little wary of allowing
“experts” to determine how to fix my software, however. And
while automatic updating might be OK for desktop computers,
I don’t think it would fly for production servers. A free
consumer version of the software is available at Download.com.
- Wireless Email Easily Hacked: If
you use a BlackBerry™or SMS (Short Message
Service) or any other kind of messaging on your wireless phone,
be aware that your messages can be intercepted. While you
may not be sending information on your company’s latest secret
project from your portable device, if you route all your messages
to your BlackBerry, you could be receiving sensitive information.
The latest demonstration of the insecure nature of wireless
communications is courtesy of @Stake Inc., a security consulting
company in Cambridge, Mass. mentioned in a previous SNS. @Stake
was able to intercept BlackBerry Internet Edition traffic
using a scanner with a digital output, an antenna and freely
downloadable software. Since the email is sent over the wireless
network in the clear, much like the email you send over the
Internet every day, once the message is intercepted, it’s
- Shameless Self-Promotion Dept.: Take
our survey on corporate policies on home use of network resources.
StratVantage has launched a new service, CTOMentor™, designed
to allow Chief Technology Officers and other technical leaders
to get rid of the Guilt Stack, that pile of magazines you’ll
get around to reading someday.
CTOMentor is a subscription advisory service tailored to customers’
industry and personal information needs. Four times a year
CTOMentor provides a four-hour briefing for subscribers and
their staffs on the most important emerging technology trends
that could affect their businesses. As part of the service,
subscribers also get a weekly email newsletter, Just the
Right Stuff™, containing links to the Top 10 Must Read
articles needed to stay current. These and other CTOMentor
services will let you Burn Your Inbox™.
As part of its launch, CTOMentor is offering a two-part white
paper on peer-to-peer technology: Peer-to-Peer Computing
and Business Networks: More Than Meets the Ear. Part 1,
What is P2P?, is available for free on the CTOMentor
Part 2, How Are Businesses Using P2P?, is available for $50.
This issue can be found at:
Return to Mike’s
Copyright © 2000-2008, StratVantage Consulting, LLC. All rights
Please send all comments to
Looking to light up your office, your business, or your city?
The WiMAX Guys™ can help you easily provide secure wireless Internet to your customers.
The WiMAX Guys specialize in designing and running wireless networks. We're experienced, we're quick, and we won't cost you an arm and a leg. Give us a call today provide your users a wireless Internet experience tomorrow.
Alert SNS Reader Hall of Fame
About The Author
a New Service from StratVantage
Can’t Get Enough of ME?
In the unlikely event
that you want more of my opinions, I’ve started a Weblog. It’s the fashionable
thing for pundits to do, and I’m doing it too. A Weblog is a datestamped
collection of somewhat random thoughts and ideas assembled on a Web
page. If you’d like to subject the world to your thoughts, as I do,
you can create your own Weblog. You need to have a Web site that allows
you FTP access, and the free software from www.blogger.com.
This allows you to right click on a Web page and append your pithy thoughts
to your Weblog.
I’ve dubbed my Weblog
entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/.
Let me know what you think.
Also check out the TrendSpot for ranking of
the latest emerging trends.
14, 1928 - July 5, 2003
Jane C. Ellsworth
20, 1928 - July 20, 2003