IT-Toolkits.com

USB flash drives a major security risk

webmaster — Wed, 25 Aug 2010 15:55:04 -0600

According to the Washington Post, a top Defense Department official is speaking publicly a successful, high-profile infiltration of a computer network belonging to the US military's Central Command.

Deputy Defense Secretary William J. Lynn III describes the attack in an article to be published today in Foreign Affairs. The incident occurred in 2008 at a post in the middle east and was performed by means of a USB flash drive which installed malware. "That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," according to Lynn. In 2008, the Los Angeles Times reported, citing anonymous Defense officials, that the incursion might have originated in Russia.

"Operation Buckshot Yankee," which countered the attack, was a turning point for military computer security. Part of the response was a temporary ban on the use of flash drives in military computers. That ban has since been modified. The broad outlines of the attack have been reported over time, but the details had heretofore been kept secret.

The Post suggests that Lynn's article is aimed in part at raising awareness of the problem and of DoD's actions in response, particularly "active defense" which seeks out intruders on the network. It is also an exercise in public lobbying for DoD to have a role in national cyberdefense. Current legislative proposals generally give the Department of Homeland Security primary responsibility.

IE continues to lose market share

webmaster — Wed, 18 Aug 2010 09:44:17 -0600

Microsoft Continues to Lose Browser Market Share!!!
Vista Dead In Its Tracks - Windows 7 Does Better?

The summary findings in Janco's Browser and OS Market Share White Paper are:

Firefox challenged Microsoft as no other competitor has done in quite some time but Microsoft seems to have addressed this
The SmartPhone market has taken off and users no longer have to depend on a PC to access the Internet
Users are staying current with the latest versions of IE, and Firefox via the automatic update feature.
Googles Chrome is disappointing and has captured only a little over 5% of the browser market since its introduction.
Internet Explorers market share continues to fall.
Attacks on browsers are moving many users to the automatic update feature to get the latest versions of the browsers.
The door was open for Google with both Desktop and Chrome it is not clear that the current offering by Microsofts competitors can do more damage to Microsoft browser market share. However Microsoft must address the SmartPhone market to maintain its leadership position.

Blackberry under attack again...

webmaster — Fri, 13 Aug 2010 12:39:19 -0600

India's government is the latest in a long list of national governments that have recently threatened to shut down BlackBerry services over security issues. The United Arab Emirates has said it will halt Blackberry Messenger, e-mail, and Web browsing starting October 11. Indonesia and Saudi Arabia also threatened to block BlackBerry Messenger service. Saudi Arabia reached a deal with RIM over the weekend, and a ban that was to go into effect starting Monday was lifted.

Meanwhile, countries in Europe, such as Germany, are also putting pressure on RIM to loosen its security enough so that communications can be monitored. The German government has urged staffers not to use the BlackBerry, and several ministries have banned them, Reuters reported. And last week, the European Commission rejected the BlackBerry as a handset for its employees, opting instead for Apple's iPhone and HTC smartphones.

India's decision followed a meeting that Home Secretary G.K. Pillai had with officials from India's Department of Telecommunications as well as other federal security agencies, according to Reuters.

Governments say the BlackBerry's tight security is a concern as they try to combat terrorist attacks and other illegal activities. India, for instance, is trying to keep a lid on fighting by insurgents in Kashmir as well as potential threats from Pakistani militants.

Of RIM's 46 million users worldwide, about 1.1 million are in India. India is among the fastest-growing markets for the BlackBerry. This is an important factor given that the North American market, RIM's stronghold, is becoming saturated. RIM and other phone makers need to look to developing countries, such as India and nations in the Middle East, for growth.

If RIM is unable to satisfy India's security demands, the services that would be shut down are the BlackBerry e-mail service and instant messaging.

IT infrastructure is complex

webmaster — Sat, 07 Aug 2010 12:57:37 -0600

Todays IT infrastructure is complex. The number of IT assets in the infrastructure that an enterprise level organisation must manage can be overwhelming - different platforms, devices, servers, applications databases and more. And the sheer volume of activity that occurs in this infrastructure is almost too large to imagine. Many organisations have technology located in different places around the world. In the retail and hospitality industries for example, these organizations have corporate data centers plus thousands of tills and point of sale (POS) devices in stores and hotels that introduce potential risk.

In addition, to drive down costs, organisations have turned to potential cost-savings technology such as virtualisation. But such actions introduce new complications. Virtualisation may provide cost-savings, but managing these highly dynamic virtual machines introduces a new layer of risk and requires greater visibility into the activities on these systems.

Security infrastructure definition key to productivity

webmaster — Sat, 31 Jul 2010 16:20:21 -0600

Complex security policies can be difficult for employees to follow, it is unrealistic to leave security in the hands of mobile employees. An effective enterprise security plan should provide for simple, automated, scalable, and comprehensive ways to protect IT investments and maintain worker productivity. Organizations must approach security from a comprehensive perspective that ranges from the desktop to the data center, following best practices to help ensure that the plan protects both physical assets and data. A good strategy for mobile security is based on:

Protect systems: Asset tags can help simplify asset management by identifying individual devices. When used in conjunction with server-side asset management toolssoftware, these tags can give IT organizations the ability to monitor internal system components. In addition, dedicated security locks can help prevent theft. Visual deterrent labels and company logos offer an additional layer of protection against common theft because they can prevent an easy resale.
Protect data: When physical protection fails and a mobile device is lost, stolen, or damaged, it is critical that organizations retain the ability to protect sensitive enterprise data on the system. Data protection is linked to efficient access management. If authentication is not well managed, data protection can be difficult - especially if it is not centrally controlled. With a central security management solution a server-side application that interacts with the client-side software for central management IT departments can maintain control over key client security features and link them back.
Prevent unauthorized access: Security policies must strike the correct balance between providing the right people with access to the right level of information and blocking access for improper users. Authentication is key to enabling secure data access because it focuses on identifying the user. Authentication methods can include smart cards with PIN access, contactless cards, or unique biometric verifiers such as Federal Information Processing Standards (FIPS) - certified embedded fingerprint readers. Multi-factor authentication is the combination of these technologies into one strong authentication process, whereby any end user may be asked for more than one form of authentication.
Prevent malicious attacks: Network security should focuses on antivirus deployment and securityappliances, targeting three lines of
defense: endpoint protection, which relies on software designed to safeguard mobile devices; network traffic monitoring, which uses appliances to watch for unusual data traffic patterns on enterprise networks; and Internet gateway appliances, which serve as filters and firewalls that selectively identify and block potentially dangerous data.

Government employees continue to breach privacy of individuals

webmaster — Mon, 26 Jul 2010 11:02:41 -0600

According to Gazette.net, a Maryland Department of Human Resources employee has been fired for posting about 3,000 names, Social Security numbers and other personal information on his personal website.

The information, which belonged to department clients who use food stamps, housing programs and other social services provided by the state, had been posted on the employee's website since April 27. The site has since been removed and there is no indication that the information has been misused.

The Baltimore Sun reports that a DHR spokeswoman, says it is unclear why he used the data in an unauthorized way.

The incident is still under investigation and no decision has been made yet about whether criminal charges will be filed.

Record Management Needs to Include Email

webmaster — Sat, 24 Jul 2010 13:29:56 -0600

As the importance of IT, the Internet, SmartPhones, and email has grown, its legal status has changed with far-reaching consequences. A variety of laws and regulations have been extended to cover all business records, including email and all communications in both public and private sectors. Sarbanes-Oxley (SOX) and other mandates requirements touch almost every facet of paper and electronic data.

Among other provisions, SOX requires companies to maintain all audit or review work papers for at least five years. For registered public accounting firms, the period is at least seven years. Penalties for noncompliance include severe fines and even imprisonment, and intentionally altering or destroying records can bring even more serious consequences.

Consider that most work papers and records are created as emails and may never exist in physical form. An email can be deleted in violation of SOX at the click of a mouse. Key considerations for ensuring your company meets SOX record-keeping requirements include:

Can employees reliably distinguish ordinary emails from protected business records?
Are you be certain that employees are storing the protected emails for the required time period?
Is there a process in place for storing physical copies of every protected business records and emails?
Are you certain that no one is hacking into your email system and maliciously changing records?

Wi-Fi needs to be secure

webmaster — Tue, 13 Jul 2010 00:28:12 -0600

You can secure your wireless network in little time with these 5 simple rules:

Secure your access point administration interface: The default passwords of most standard devices are already known to most hackers. So, when you set up your router through the web interface, change the default password and write it down somewhere safe.
Stop broadcasting your SSID: Your wireless router continuously transmits your SSID (Service Set Identifier). While this is useful in an office where many people are going to connect to your network, at home this is certainly not needed. Turn SSID transmission off as soon as you can. Wireless LAN "sniffers" will still be able to detect your network, but other than that, your network will mostly be shrouded from outsiders.
Use MAC address filtering: Turn on MAC address filtering on your wireless router configuration utility. By doing so, you can add the MAC addresses of all of your networking devices to the address pool of the router. This way, no one outside your home network will be able to access your network.
Reduce the power of transmission: Reduce the power of your wireless transmitter to such a degree that the signal does not reach outside your faciltiy or home. This will keep most outsiders at bay.
Disable remote administration tool: Your remote administration utility is seldom used. So, keeping it on exposes your network to outsiders. Turn it off for enhance your network security.

Feds to spend billion on cybersecurity research

webmaster — Tue, 22 Jun 2010 22:56:43 -0600

As the Obama administration and Congress propose various measures to improve the nations cybersecurity, the Office of the Director of National Intelligence is planning to spend "multiple billions of dollars" on cybersecurity research.

The deputy director of national intelligence for acquisition and technology, said at a recent cybersecurity summit sponsored by Defense Daily that her office, together with the White House Office of Science and Technology, will be sponsoring "innovative" research addressing three areas, the Washington Post reported:

Multiple security levels for government and non-government organizations.
Security systems that change constantly to create moving targets for hackers.
Methods to motivate individuals to improve their cybersecurity practices.

Disaster Recovery / Business Continuity is Not the Place to Cut Costs

webmaster — Fri, 18 Jun 2010 11:23:48 -0600

In today's business environment, many enterprises are looking for way to reduce their expenses by cutting overhead. Often this takes the form of reducing headcount, particularly in areas that are regarded as ancillary or non-core components of the enterprise.

Disaster Recovery and Business Continuity often are placed in that category and, as a result, can be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and Business Continuity team losing staff members, or a part-time Disaster Recovery and Business Continuity manager with less time to spare from the day job, Disaster Recovery and Business Continuity programs can be neglected and will quickly become out of date and ineffective, particularly in a rapidly changing organization. As anyone who has ever had to manage a Disaster Recovery and Business Continuity event knows, there are few things more useless than an out of date Disaster Recovery and Business Continuity plan.

Of course, it is hard to make a case for Disaster Recovery and Business Continuity at a time when core functions are under pressure, but maybe that is just when it should be on the radar even more than usual. With share prices shaky and credit hard to find, the last thing any organization needs right now is the damage to its reputation and credibility that could arise from failing to effectively manage a high profile disruptive incident.

Arguably, during a recession companies are at their most vulnerable, which makes it the worst time to neglect anything, which contributes to resilience or reduces risk. However, if an organization is under financial pressure, how can it square the circle and achieve those reductions in overhead costs while still maintaining the effectiveness of its Disaster Recovery and Business Continuity program.

Disaster Planning and Server Consolidation

webmaster — Thu, 10 Jun 2010 12:44:31 -0600

The cutting edge of virtualization technology may have set its sights on virtual PCs, unified network fabrics and other esoteric applications, but server consolidation remains the primary driver for most data centers. In fact, only a handful of enterprises have begun the process of virtualizing their server farms, according to most recent surveys, although the pace is likely to pick up as energy costs and competitive pressures drive organizations to increase performance even while paring down their hardware infrastructures. But as those who have already taken the virtual plunge have no doubt realized, consolidating servers is not just a matter of powering up the virtualization layer and then pulling equipment out of racks. There is a long list of factors to consider with any centralization project and a wide range of land mines that need to be avoided to prevent service failures. One of the main concerns is the resiliency of remaining hardware.

NAS a good backup solution

webmaster — Sun, 23 May 2010 14:25:21 -0600

Remote offices present IT managers with a number of technical challenges. Traditionally, companies have relied on tape backup solutions to backup data both at corporate headquarters as well as at remote offices. At one point in time, tape backup was the only viable option for backing up data. That's no longer the case. There are benefits of network-attached storage (NAS) hardware, a completely self-contained appliance that has a built-in power supply, an operating system, an easy-to-use management console, and network-accessible storage.

Federal cloud web site hacked

webmaster — Wed, 12 May 2010 15:25:49 -0600

A Department of Treasury Web site hosted by a third party was hacked for a short while redirecting visitors to a malicious site in Ukraine and later tracking IP addresses before the Department of Treasury took the site offline.

The Department of Treasury did not identify the provider that hosted the Bureau of Engraving and Printing Web site, but did acknowledge in a statement that it "entered the cloud computing arena last year."

The attack is bound to raise concerns about federal agencies' abilities to secure data hosted by third-party service providers. Security remains one of the biggest concerns in government circles as the Obama administration makes an aggressive push for federal agencies to begin adopting cloud computing services. The attack may also be used as a tool by legislators and policy makers to demand tighter security requirements.

The main web site of the Treasury division that prints U.S. paper currency, the Bureau of Engraving and Printing presented would-be visitors with a 404 "not found" error at each of the four URLs that point to the page, bep.gov, bep.treas.gov, moneyfactory.gov, and moneyfactory.com.

Cisco's ScanSafe tracked the attack to a Web site that attempts to exploit numerous vulnerabilities in Adobe Reader, Adobe Acrobat, Internet Explorer, Microsoft Office, Symantec AppStream, and other applications, and said that the malicious site has targeted sites hosted by Network Solutions and GoDaddy.

New York City Failed Bomb Highlights Disaster Planning Requirements

webmaster — Wed, 05 May 2010 13:27:23 -0600

The failed Times Square Car bomb shows that there is now a new class of disaster that CIOs need to plan for.The infrastructure may be damaged, communications may be lost, and the building may not be intact. That highlights some things that a disaster plan needs to consider:

Have a communications plan that doesnt require the use of cell phones or smartphones.
Have an alternate form of communications if necessary to save lives or call for help. Your emergency coordinator should have at least one ham radio operator on staff, with a radio available - ham radio is often the only reliable means of emergency communications in a real crisis.
Define a central assembly point thats located somewhere besides your office. Pick a place inland, within 50 miles or so, where you can set up a place for employees to check in.
Assume that some of your employees will not be able to make it to the assembly point and have a plan to have their jobs filled until their status is determined.
Validate your insurance carrier has you covered for such contingencies.

Intel can not meet chip demand

webmaster — Fri, 23 Apr 2010 09:25:07 -0600

As companies upgrade to Windows 7 and replace older laptops there is a shortage of the latest Intel laptop PC Core i3 and Core i5 microprocessors.

The shortfall is in Intel's new laptop microprocessors codenamed Arrandale, including some Core i3 and Core i5 chips. The shortage has caused chip buyers to bid the price of the microprocessors up to a 20 percent premium over contract prices on the open market, according to U.S. chip distributor Converge. The shortage hit in March and will last throughout April, the company added in a monthly research report.

Utah may extend the reach of e-verify

webmaster — Fri, 09 Apr 2010 12:19:19 -0600

The Utah state legislature has pass SB 251 to its governor, which would require businesses with 15 or more employees to use E-Verify to check whether new hires are legal workers, passed the legislature this month and is waiting for action by Governor Gary Herbert. However, some activists report the bill may be in trouble because business lobbies are working hard to get the governor to veto the bill.

Database security a management issue

webmaster — Fri, 09 Apr 2010 12:15:29 -0600

Traditional IT security focuses on protecting the corporate network perimeter with firewalls, VPNs, and antivirus software. While important, these first-line defenses aren't enough. New technology and business practices spread sensitive data across multiple channels, creating new vulnerabilities. The solution is safeguarding data where it lives - in the database and on the file servers.

Security Policies Should be Part of Normal Business Practices According to Federal Judge

webmaster — Sun, 21 Mar 2010 15:46:15 -0600

A federal judge has rejected a proposed settlement by TD Ameritrade Inc. in a data breach lawsuit. That marks the second time in recent months that a court has weighed in on what it considers basic security standards for protecting data. The case stems from a 2007 breach that exposed more than 6 million customer records.

The federal judge did not find the proposed settlement to be "fair, reasonable, or adequate." Rather than benefiting those directly affected by the breach, Ameritrade's proposed settlement was designed largely to benefit the company. The judge described the additional security measures that Ameritrade proposed in the settlement as "routine practices" that any reputable company should be taking anyway and should be defined in their normal security policies and procedures.

In September 2007, Ameritrade said that the names, addresses, phone numbers, and trading information of potentially all of its more than 6 million retail and institutional customers at that time had been compromised by an intrusion into one of its databases. The stolen information was later used to spam those customers.

As part of an effort to settle claims arising from that incident, Ameritrade this May said it would retain an independent security expert to conduct penetration tests of its networks to look for vulnerabilities.

The company also offered to retain the services of an analytics firm to find out whether any of the data that had been compromised in the breach had been used for identity theft purposes. The company also said it would give affected customers a one-year subscription for antivirus and anti-spam software.

SOA Best Practicdes

webmaster — Sun, 21 Mar 2010 03:58:29 -0600

SOA Design Patterns & Best Practices

Some of the most important tools in the evaluation, purchase, and ongoing use of Service-Oriented Architecture (SOA) are the best practices that vendors, consultants, and customers have compiled. What factors vary most are the time, cost, and ease of SOA implementation. This template gives you the tools for SOA success by fcousing on the processes and providing a definition of the standard best practices for large-scale technology implementations.

IT security - Often a Myth

webmaster — Thu, 04 Mar 2010 13:49:33 -0600

IT Security polices for notebooks and desktops are typically managed by restricting the choices that users have by reducing the number options that are supported. This standards-based process ensures control by reducing flexibility. But try maintaining that system when users can buy a relatively cheap smartphone with as much power as a desktop had in the early 1990s.

Furthermore, attempts by IT organizations to prevent the use of handheld devices has largely failed because of the number of tools available to work around IT policies. For example, users who are restricted from using wireless e-mail often find ways to redirect e-mail to outside ISP services, where they synchronize e-mail to their personally owned devices. This raises the security threat for enterprises because it means that control of e-mail routing has been losts.

Microsoft gives Google Chrome an edge in the EU

webmaster — Mon, 01 Mar 2010 16:33:27 -0600

Microsoft's new browser ballot screen, which is supposed to randomly scramble the positions of the top five browsers, instead gives Google's Chrome the best chance of landing in the preferred first spot, an IBM software architect said today.

"This was a rookie mistake," said a professor, who works for IBM and has a degree in astrophysics from Harvard University. "I was definitely surprised to see an error of this type in the ballot."

Windows 7 Crushes Vista In terms of adoption

webmaster — Tue, 23 Feb 2010 08:56:25 -0600

Microsoft has already said that Windows 7 is the fastest selling operating system in history, but, judging by the adoption rate, the platform is simply leaving Vista in the dust. Janco found that Windows 7s market share had skyrocketed to no less than 12.5% since the OS was released. In this regard, the market share of Windows 7 is dwarfing that of Vista, comparing the first seven months after release.

IE Loses 6.21% Market Share in 12 Months

webmaster — Sat, 20 Feb 2010 17:07:23 -0600

Janco has just released its Browser and Operating System Market Share White Paper. The major findings are that in the last 12 months Microsofts browser market share has continued to erode Microsoft lost over 6% in the last 12 months; Firefoxs market share is unchanged for the last 12 months; Google Desktop and Chrome now have just under 6%; and Netscape is no more. On the operating systems side, Windows 7 is being accepted at a pace is parallel to the way Window XP was in the 90s. The CEO of Janco Associates, Victor Janulaitis said, "The last six months have been a mixed bag for Microsoft. Their browser market share has fallen to level that they back in 1998 with no end in sight. At the same time Windows 7 now has 12% of the OS market in less than 7 months since its release."

The top five browser market share rankings are: 1 - Microsofts IE 64.78%; 2 - Firefox 17.38%; 3 Google (Desktop & Chrome) 5.78%; 4 Mozilla 1.73%; 5 Safari 1.39%. The CEO of Janco Associates, Inc and the ITPC, M. Victor Janulaitis said: "The positive glow on Googles Chrome was dulled in with the identification of some defects in the way it handles XML pages. But the real story is the continued erosion of Microsofts" market.

IT service management issues that CIOs face

webmaster — Fri, 12 Feb 2010 16:06:15 -0600

The key service management business questions facing CIOs and senior IT managers today are:

What are the service management impacts with the ever-increasing technical complexity on margins and customer satisfaction?
Where are the areas where margin-improvement opportunities exist?
How can IT minimize the maintenance-contract price pressure to drive new service-revenue opportunities to the bottom line?
How does improved service management translate into a competitive advantage?
What is the future as the IT function moves from fixing problems to driving product value?
What are the challenges of off shoring support and how should the enterprise address them?

IT Infrastructure a CIO Challenge

webmaster — Wed, 10 Feb 2010 15:18:52 -0600

The CIO struggles to manage Infrastructure as they prepare for change

While the business faces changes that require more agility, IT is seen as lagging behind - even when CIOs carefully manage business and IT alignment:

IT objectives still include only cost reduction and quality. IT objectives rarely reflect enterprise agility objectives. CEOs want greater agility but do not talk about it as a measurable objective. Instead, many firms still measure IT on its contribution to cost reductions inside and beyond the walls of IT, along with its reliability and its availability to run today's business.
Business agility improvement projects do not easily gain funding. There are a number of current trends that, in theory, should improve agility - such as service-oriented architecture (SOA), on-demand services, pervasive technologies, outsourcing, Dynamic Business Applications, agile development, and offshoring. However, IT still needs to plan for and rightsize these options to reach the agility required while balancing the costs and risks. In addition, these technologies require cross-department investment in enterprises where each business unit manages budgets separately.

Obama administration to ask for more 1984 Big Brother powers

webmaster — Wed, 03 Feb 2010 15:33:59 -0600

Everyone knows that police can peek inside an email account it if they have a paper search warrant

But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

A federal task force (soon to be released) study says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to "exchange legal process requests and responses to legal process" through an encrypted, police-only "nationwide computer network."

The study also says: "89 percent of investigators agreed that a nationwide computer network should be established for the purpose of linking ISPs with law enforcement agencies so that they may exchange legal process requests and responses to legal process. Authorized users would communicate through encrypted virtual private networks in order to maintain the security of the data."

But the most controversial element is probably the private Web interface, which raises novel security and privacy concerns, especially in the wake of a recent inspector general's report from the Justice Department. The 289-page report detailed how the FBI obtained Americans' telephone records by citing nonexistent emergencies and simply asking for the data or writing phone numbers on a sticky note rather than following procedures required by law.

Oursouring continues

webmaster — Sun, 31 Jan 2010 16:46:14 -0600

U.S. defense contractors growing use of offshore (outsource) subsidiaries from 2003 to 2008 allowed the Defense Department to save money on contracts but also resulted in the loss of U.S. tax revenue and unemployment benefits for some U.S. workers, according to a new report from the Government Accountability Office.

Practical Guide for IT Outsourcing a HandiGuide

The 29 largest publicly traded defense contractors increased their use of offshore subsidiaries by 26 percent from 2003 to 2008, the report states.

Those subsidiaries helped the contractors reduce taxes, in part by avoiding Social Security and Medicare payroll taxes for U.S. workers hired at the foreign subsidiaries, GAO auditors said.

About a third of the contractors also decreased their effective U.S. corporate tax rates in 2008 in part through the use of foreign affiliates, lower foreign tax rates and indefinite reinvestment of foreign income outside the United States.

Almost 200,000 jobs lost in IT during this recession

webmaster — Tue, 26 Jan 2010 16:16:10 -0600

Job cuts in technology were fierce in 2009, but 2010 is expected to see modest growth in a number of subsectors. The last time layoffs were this bad was in 2005.

Job cuts in technology were fierce in 2009. Last year saw 174,629 jobs lost in the sector, catapulting up 12.3 percent from the 2008 cuts of 155,570 jobs, according to an outplacement company which tracks industry numbers on announced layoffs. Technology - still considered by the Department of Labor to be one of the most promising industries for future job creation - has not seen that many layoffs since 2005.

The worst of the downsizing occurred in the first quarter, which is when the overall economy hit rock bottom. The recession's impact on the tech sector was inescapable.

The technology-focused blog TechCrunch developed its own "layoff tracker" Web application, which has been documenting layoffs in the sector since October 2008. For comparison, as of its last update in November 2009, TechCrunch had reported a total of 350,299 employees laid off - roughly 20,000 more, but certainly in the same ballpark.

The tech sector accounted for about 13.2 percent of the total 1.3 million announced job cuts in the United States in 2009, said Challenger, Gray & Christmas. By subsector, electronics fared the worst with 65,000 jobs cut - up 55 percent from 2008 - while telecommunications lost 9.4 percent fewer jobs in 2009. The computer industry was unchanged.

It's going to be a slow climb out of this recession, but computer and electronics firms should be among the first to see the turnaround, as companies try to postpone hiring by achieving productivity gains through technology. Even with the economy showing some nascent signs of recovery beginning the second half of the year, many companies are holding off on investments in new technology. And, with it still [being] difficult for small businesses and startups to obtain loans, there are few opportunities for tech firms to expand their customer base.

Despite the potential for improved hiring in the new year, there are a lot people competing for every opening and many employers are very particular about what skills and experience they want new workers to have. It is critical that technology workers continually update their skills in order to remain competitive. It is necessary to maintain a balance between having specialized skills and having the flexibility of a generalist. It may also be necessary to expand one's search to more industries or geographically.

We'll see a radically transforming marketplace - driven by surging demand in emerging markets, growing impact from the cloud services model, an explosion of mobile devices and applications, and the continuing rollout of higher-speed networks. These transformational forces will drive key players to redefine themselves and their offerings and will spark lots of M&A activity.

IT Job Descriptions HandiGuide 2010 Version Released by Janco

webmaster — Tue, 19 Jan 2010 17:04:54 -0600

The IT job descriptions contained within the Internet and Information Technology Position Descriptions HandiGuide® was updated in 2010 and contains over 650 pages; which includes sample organization charts, a job progression matrix, over 231 job descriptions, best practices for resume screening and best practices for phone screening.

The author of this book has extensive experience in job content definition and analysis. He personally is recognized by the courts as an "expert" and has been used by a number of firms as an expert in age and job discrimination cases. The HandiGuide includes some of the tools that he uses in that process.

The book also addresses Fair Labor Standards and the ADA, and is in a new easier to read format. Each job description meets ADA standards and the position description is delivered in electronic format - word which is editable and PDF which is printed. Also included are tools to help you expand, evaluate and define your enterprise's unique additional required. Those tools include:

Job Evaluation Questionnaire
Position Description Questionnaire
Job Progression Matrix (Job Family Classifications)
Best Practices for
- Screening Resumes
- Phone Screening
- Hiring employees
- Motivating employees
Mandated Requirements
- American with Disabilities Act (ADA)
- Health and Safety Requirements (Federal and State)
- Fair Labor Standards Act
- Sexual Harassement
- Other Labor Laws

Google personal lead sensitive data in error

webmaster — Tue, 12 Jan 2010 21:43:44 -0600

It was reported in Computerworld that Google apologized after it mistakenly e-mailed potentially sensitive business data last week to other users of its business listings service.

The company's Local Business Center allows businesses to create a listing for Google's search engine and Maps application, as well as add videos, coupons or photos.

Google then provides data on how customers found the listing, showing search terms people used before clicking the listing and other data such as the geographic location of someone who looked up driving directions to the business.

Google will send reports to those who are signed up. Early last week, Google sent the reports to third parties by mistake. The mistake affected several thousands businesses registered with Local Business Center, of which there are more than a million.

"Shortly after sending the newsletter to a portion of our users last night, we discovered that some e-mails included statistics for the wrong business," Google said in a written statement. "We promptly stopped sending any further e-mails and investigated the cause, which we found to be a human error while pulling together the newsletter content. We'd like to apologize to all the business owners impacted and assure them that we're fixing the process that led to this mistake."

People who received the data then began to publicize the incident, realizing the privacy implications. Chicago-based Internet consultant David Dalka wrote on his blog that he received information regarding the listing for Boscos, a restaurant in Tennessee that brews its own beer.

Massachusetts information security requirements

webmaster — Wed, 06 Jan 2010 17:06:04 -0600

As of January 1, 2010, all organizations with operations and/or customers in the state of Massachusetts are required to follow comprehensive information security requirements regarding both paper and electronic records containing personal information. These requirements include enforcing password security, encrypting all personal information stored on laptops and removable devices and ensuring up-to-date firewall protection, operating system patches and the latest versions of security agent software. Read this whitepaper to learn how your organization can meet the necessary requirements and improve its security practices.

Personal and Professioal Bonuses Cut By Most Enterprises

webmaster — Tue, 29 Dec 2009 14:57:41 -0600

Fringe benefits are cut by most entetprises. Health insurance is the only benefit that has reamined.

Companies have started to cut back on the fringe benefits provided to IT Professionals. For example in January of 2008 95% of IT professionals had health insurance supplied by their employers while in June 2009 only 88% did. A full historical comparison of trends in benefits is included with the full version of the Janco IT Salary Survey.

User Departments Often Drive IT Infrastructure Excesses

webmaster — Tue, 15 Dec 2009 18:39:07 -0600

Often a departmental business manager submits a request to the IT organization for a new server to host a critical business-intelligence application. The request itself is unremarkable; after all, it is common for a business unit to ask IT to deploy additional hardware infrastructure to support their application requirements.

However the company may have multiple similar requests in queue, and all include a request for storage arrays dedicated to the applications being added. All too often, it's a common reaction to request dedicated servers and storage for new applications. And some CIOs and IT departments accommodated such requests to a fault. However, at times, this addition of processing and storage capacity occurs without adequate understanding of whether there may be unused capacity available. It also fails to recognize that each new addition of servers and storage adds to the complexity of the IT infrastructure.

Will Google violate your privacy in the future?

webmaster — Wed, 09 Dec 2009 15:21:51 -0600

Google Goggles could violate your privacy without your knowing it. Goggles lets you send photos of a business card, book cover or even bar code from your Android-based smartphone to Google for quick identification and data manipulation. Now if that software is extended to include photos your personal privacy could be impacted.

The way it works is that you snap a photo by centering your image in the Goggles screen and pressing a small camera icon at the bottom of the screen. Goggles then scans the image, analyzes it and identifies it. If the image is of a business card, Goggles separates the information into fields and lets you put it into your Google Contacts database. If it's a book, the app offers to let you purchase or research it. If it's a store or a landmark, Goggles fetches Google search info about the location. (Objects such as cars, animals or people aren't, according to the instructions, really identifiable yet.)

Imagine pointing your smartphone at anything, clicking a button and having all the information about that object immediate appear.

SmartPhones - new security risks

webmaster — Tue, 01 Dec 2009 08:01:09 -0600

As the iPhone, BlackBerry, and other devices have become more popular, harmful software such as viruses and spyware is emerging to exploit their vulnerability. Cheaters beware. In late October, Indonesian developer released mobile-phone software that can help someone eavesdrop on your conversations.

A distrusting partner or spouse can secretly download the free application, called PhoneSnoop, onto your BlackBerry, remotely turn on the microphone, and listen to conversations held in proximity to the device. PhoneSnoop, downloaded more than 2,000 times since its release, is one of a growing number of applications that can be downloaded onto a smartphone without a user's knowledge. FlexiSPY similarly can be downloaded onto Research In Motion's BlackBerry or the Apple iPhone.

Smartphones and the growing number of people using them are becoming a bigger target for unauthorized and potentially harmful software, including worms, viruses, and spyware that tracks a user's Web activity. The smartphone security threat "is imminent," says a principal analyst at consultant Infonetics Research.

Computerization does not always save money according to Harvard study

webmaster — Mon, 30 Nov 2009 09:48:02 -0600

"As currently implemented, hospital computing might modestly improve process measures of quality but does not reduce administrative or overall costs" say a Harvard Medical School study. The stuyd looked at some of the nation's "most wired" hospital facilities found that computerization of those facilities has not saved them any money or improved administrative efficiency.

The recently released study evaluated data on 4,000 hospitals in the U.S over a four-year period and found that the immense cost of installing and running hospital IT systems is greater than any expected cost savings. And much of the software being written for use in clinics is aimed at administrators, not doctors, nurses and lab workers.

The problem "is mainly that computer systems are built for the accountants and managers and not built to help doctors, nurses and patients," the report's lead author. While many health care experts believe that computerization will improve quality of care, reduce costs and increase administrative efficiency, the Harvard Medical School report notes that no earlier studies closely examined computerization's cost or its effect on a diverse sample of hospitals. Even hospitals on the "most wired" list "performed no better than others on quality, costs, or administrative costs," the study found.

Congress fails security check

webmaster — Mon, 23 Nov 2009 17:18:33 -0600

The Washington Post reports that a (now) ex-employee of the U.S. House Ethics Committee put a sensitive report detailing 30+ current investigations on to a public accessible computer. Wired Magazine also reported on this story, saying it was put onto a personal computer, and then placed it into a file folder used for peer to peer file sharing to the Internet.

This lack of compliance with basic security policies and procedures is a major defect in how Congress is protecting sensitive information.

No word on what file sharing application tool was used. If it was setup as anonymous FTP, it may have been from one specific computer or wound up on hundreds if not thousands of computers.

The ethics committee is one of the most secretive panels in Congress, and its members and staff members sign oaths not to disclose any activities related to its past or present investigations. Watchdog groups have accused the committee of not actively pursuing inquiries; the newly disclosed document indicates the panel is conducting far more investigations than it had revealed.

Risk Management is focus of ISO 31000-2009

webmaster — Fri, 20 Nov 2009 13:35:16 -0600

ISO has announced that ISO 31000:2009, the new international standard for risk management, has been published.

Entitled 'ISO 31000:2009, Risk management - Principles and guidelines', the standard provides principles, framework and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context.

The standard recommends that organizations develop, implement and continuously improve a risk management framework as an integral component of their management system.

At the same time, ISO has published 'ISO Guide 73:2009, Risk management vocabulary', which complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.

All organizations, no matter how big or small, face internal and external factors that create uncertainty on whether they will be able to achieve their objectives. The effect of this uncertainty is risk and it is inherent in all activities. It can be argued that the global financial crisis resulted from the failure of boards and executive management to effectively manage risk. ISO 31000 is expected to help industry and commerce, public and private, to confidently emerge from the crisis.

ISO 31000 is a practical document that seeks to assist organizations in developing their own approach to the management of risk. But this is not a standard that organizations can seek certification to. By implementing ISO 31000, organizations can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management. ISO Guide 73 will further ensure that all organizations are on the same page when talking about risk.

Programmers can go to jail for their work

webmaster — Mon, 16 Nov 2009 01:25:09 -0600

IT professionals now have one more worry on their minds, they have to be aware of what they design and program is legal.

Two computer programmers who worked for Bernard L. Madoff were arrested and charged in connection with the multibillion dollar Ponzi scheme. They were charged with conspiracy, falsifying books and records of a broker-dealer, and falsifying books and records of an investment dealer according to the U.S. Department of Justice (DOJ).

The two were employed as computer programmers at Madoff's business beginning in the ealy 1990's and were primarily were responsible for developing and maintaining computer programs that supported the operation of Madoff's investment account business.

The progammers "... allegedly helped construct Bernie Madoff's house of cards," the U.S. attorney said in a statement. "The computer codes and random algorithms they allegedly designed served to deceive investors and regulators and concealed Madoff's crimes. ... they have been charged for their roles in Madoff's epic fraud."

As a broker-dealer and investment adviser, BLMIS was required, under the federal securities laws and regulations, to keep certain books and records in the ordinary course of its business, including: trade blotters containing an itemized daily record of details about all of BLMIS's purchases and sales of securities; documents reflecting each order underlying the purchases and sales of securities and the times at which the orders were received and executed; and the name and address of the beneficial owner of each account held at BLMIS.

The programmers developed and maintained computer programs that generated numerous false and fraudulent books and records. They created books and records for a small subset of BLMIS investment account clients to help hide the scope and nature of the business; altered details about the number of shares, execution times, and transaction numbers for trades reported on BLMIS trade blotters, by employing random algorithms that produced false and random results;and created false and fraudulent order entry and execution reports that included fictitious times at which orders for equities transactions purportedly were placed.

The programmers allegedly knew that the special programs they developed contained fraudulent information and that they were used in connection with the SEC and European accounting firm reviews. One of the two attempted to delete 218 of 225 special programs from a server and also closed their own BLMIS accounts, withdrawing hundreds of thousands of dollars each.

Handwritten notes found by the FBI in one of the programmer's desk stated, "I won't lie any longer. Next time, I say 'ask Frank.'"

Is recovery around the corner?

webmaster — Tue, 10 Nov 2009 10:34:29 -0600

PC processors are the latest tech segment bouncing back from the recession.

Third-quarter shipments of computer processors, or CPUs, climbed 23 percent over the second quarter of 2009, doubling typical growth and setting a record for sequential growth, according to an IDC report released Monday.

Revenue from processor sales also bounced back to hit $7.4 billion, a 14 percent gain over the second quarter, according to IDC's "Worldwide PC Processor 3Q09 Vendor Shares" report.

Most meaningful about 3Q09 is that, since PC processor shipments overall just slightly exceeded shipments in 3Q08--which was itself a record quarter at the time--we know that the processor market is recovering.