Internet freedom and security

It's already been a busy year in the area of Internet freedom and security.

10 of the Worst Moments in Network Security History

First, Google reported that it, along with a bunch of other major companies, had been hacked, and pointed the finger at China.

Then Secretary of State Hillary Rodham Clinton gave a few "Remarks on Internet Freedom" in which she pushed for one Internet, without barriers.

Separately, the Federal Trade Commission notified about 100 companies that some of their secrets had been exposed by employees who were running peer-to-peer software.

Finally the Internet security firm NetWitness said that it had figured out that 75,000 computers at 2,500 companies had been compromised with the ZeuS Trojan starting in 2008.

Nope - not a good start to 2010. I would like to think that things will quiet down some for the rest of the year but it does not look like that will happen.

In early January, Google announced that it had been hacked from China, that the hackers seemed to be after the gmail accounts of Chinese human rights activists and that Google was going to review "feasibility of our business operations in China."

Well, that caused quite a splash. Google's accusation fit so well with the general public perception of China's approach to the Internet that it was easy to assume that the hacking was directed by the Chinese government.

Clinton did not go quite so far as to accuse the Chinese government of complicity during her speech on Internet freedom,but she did call upon it to "conduct a thorough review" of the Google hacks and that the results of the review be transparent. Clinton's speech was quite a good one from the point of view of those of us who value the positive impact of the communication enabled by the Internet.

Properly, she did not hide the fact that communication over the Internet can be used for good (human rights activists) and evil (terrorists).

Read More

India adds IT jobs despite recession

The largest addition of jobs in the country came in the IT services and BPO industries

India added 487,000 jobs in its IT and BPO (business process outsourcing) export industries in the quarter ended Dec. 31, despite the global recession, according to a Quarterly Quick Employment Survey by the country's labor bureau.

The survey was conducted to assess the impact of the economic slowdown on employment in India.

The results, released Thursday, found that of a total of 638,000 jobs added across the economy, 580,000 were in the exports sector. IT services and BPO exporters led the pack.

Besides Indian service providers, a large number of multinational companies like IBM and Accenture have set up IT services and BPO operations in the country, that service both the Indian market and markets abroad. Most of India's IT and BPO exports go to the U.S. and the U.K.

In January this year, a large number of Indian outsourcers, including the largest, Tata Consultancy Services (TCS), and the second largest, Infosys Technologies, reported plans to increase hiring in anticipation of improved business conditions.

TCS, for example, added 7,692 positions in last quarter of 2009, taking the total staff at the end of the quarter to 149,654. The company plans to hire about 8,000 trainees and about 3,000 experienced staff in the current quarter, it said.

India's software and services exports are expected to grow at 5.5 percent to US$49.7 billion in the Indian fiscal year to March 31, 2010, Minister for Communications and IT Sachin Pilot told Parliament on Thursday.

That growth rate for software and services exports is well behind the 16.5 percent rate in the year to March 31, 2009, and 29.5 percent in the previous year.

However an expected uptick in business later this year is driving new hiring by the IT and BPO sector. The National Association of Software and Service Companies (Nasscom) said in February that India's exports of software services and BPO are likely to increase by 13 to 15 percent in the fiscal year to March 31, 2011.

Some companies have also indicated that they will increase staff salaries soon. Raises were cut down or held back last year after the recession hit the industry.

Read More

IT management: Zero in on business impact

Push users to think past the idea that technology will be a cure-all
CIO Executive Council - Within five years of moving into IT management, Jay Kerley found his purpose: working with the business to affect business outcomes and results. And he set his sights on the CIO role when it became clear that the best way to create change and effect a business impact on as wide a scale as possible is to have that executive-level, strategic role. "With a CIO's cross-division view of processes, you are in the position to shift and turn the company," says Kerley, who was promoted to the position of deputy CIO at Applied Materials in 2009.

Kerley, a winner of CIO magazine's and the CIO Executive Council's 2009 CIO Ones to Watch Award, identifies three milestones in his path to the c-suite: building business outcome-focused IT leadership teams, taking on risky challenges with big payoffs for the company, and cultivating a portfolio perspective.

Kerley's first taste of driving business results came in his first leadership position, where he discovered that he had a knack for rallying and motivating teams to tackle complex, business-oriented challenges. What motivated him -- and his team, in turn -- was the chance to create and enable business improvements. He built a close-knit team of people during his time in that position -- many of whom have stayed with him as he moved to new companies and new locations -- that led projects with far-reaching impact on the company, including globalization of processes for more efficient and consistent operations, and merging acquired business units without disrupting service to the customers.

Kerley realized that a willingness to face new challenges would bring greater benefits to the business, and he had this in mind when he joined Applied Materials, the world's largest supplier of manufacturing equipment to the semiconductor, display and solar photovoltaic industries. There he took a risk by evaluating applications that hadn't been meeting the engineering users' needs for years, pushing people to think past the idea that technology would be a cure-all, and examining the underlying processes as the source point for potential improvements. He then partnered with business leads to develop new processes and a technology solution to enable them. In the end, the engineering team not only had a better user experience, but was able to use the system in ways it hadn't before, including collaborating across the globe.

Much of this came together because Kerley found a strong CIO mentor early on, who complemented weaknesses -- while Kerley came up in IT via infrastructure and applications development, this mentor came from a leadership development and project and portfolio management background. Being exposed to that side of the IT world was a revelation, Kerley says. Having a portfolio perspective enables IT leaders to serve as a bridge into the business and to see the potential for cross-functional improvements, a skill-set necessary to being a results-oriented CIO.

Jay Kerley is deputy CIO at Applied Materials and a member of the CIO Executive Council. The Council's Pathways Program was created by CIOs to build business and IT leadership skills in senior IT leaders through group mentoring with CIOs, 360-degree competencies assessment, targeted seminars and community forums. To learn more, visit council.cio.com/pathways.html.

Read More

Microsoft's Charney suggests 'Net tax to clean computers

The company recently used the U.S. court system to shut down the Waledac botnet

How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines.

Today most hacked PCs run Microsoft's Windows operating system, and the company has invested millions in trying to fight the problem.


Microsoft recently used the U.S. court system to shut down the Waledac botnet, introducing a new tactic in the battle against hackers. Speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that the technology industry needs to think about more "social solutions."

That means fighting the bad guys at several levels, he said. "Just like we do defense in depth in IT, we have to do defense in depth in [hacking] response."

"I actually think the health care model ... might be an interesting way to think about the problem," Charney said. With medical diseases, there are education programs, but there are also social programs to inspect people and quarantine the sick.

This model could work to fight computer viruses too, he said. When a computer user allows malware to run on his computer, "you're not just accepting it for yourself, you're contaminating everyone around you," he said.

The idea that Internet service providers might somehow step up in the fight against malware is not new. The problem, however, is cost.

Customer calls already eat into service provider profits. Adding quarantine and malware-fixing costs to that would be prohibitive, said Danny McPherson, chief research officer with Arbor Networks, via instant message. "They have no incentive to do anything today."

So who would foot the bill? "Maybe markets will make it work," Charney said. But an Internet usage tax might be the way to go. "You could say it's a public safety issue and do it with general taxation," he said.

According to Microsoft, there are 3.8 million infected botnet computers worldwide, 1 million of which are in the U.S. They are used to steal sensitive information and send spam, and were a launching point for 190,000 distributed denial-of-service attacks in 2008.

Read More

More than 100 companies targeted by Google hackers

Two months after hack, security firm says another 68 command-and-control servers have been identified

IDG News Service — The hackers who broke into Google two months ago have gone after more than 100 companies, according to an estimate by security vendor Isec Partners.

Researchers have been closing in on the unidentified criminals responsible for the attack over the past month. In the process, they have uncovered another 68 so-called command-and-control servers, used to control the hacked machines.

Investigators had already identified 34 hacked companies after examining the single command-and-control server used in the Google attack, and the discovery of another 68 servers could mean that many more companies were compromised than previously thought. "It's easily over 100 companies," said Alex Stamos a partner with Isec Partners.

In the weeks since Google went public with details of the hack, informal discussion lists have sprung up, including security experts and staffers from companies that have been compromised. In those discussions, "that list of control machines keeps getting longer and longer," Stamos said.

The code used in the attacks, known in security circles as Aurora, has been in use for at least 18 months, Stamos said. But the security industry was unaware of Aurora until Google discovered the intrusion last December. That allowed hackers to get onto corporate networks undetected.

Other technology companies, including Intel, Adobe, and Symantec, have also been hit by the attack, which investigators have traced back to China.

To break into victim companies, the hackers sent carefully targeted e-mail or instant messages to victims, hoping to trick them into visiting Web pages or opening malicious documents that would then attack their computers.

The worst part of the attack is what happens once the initial victim has been compromised. The hackers then use a variety of techniques to acquire additional usernames and passwords and fan out across the targeted company's network, downloading sensitive data, which is then moved offshore.

This type of targeted attack is not new, but it is dangerous because it is so good at circumventing traditional security measures, said Rob Lee, a computer forensics instructor with the SANS Institute. "We've been dealing with [these attacks] for five years," he said. "They're basically going around all the security appliances via email."

Not all of these attacks have been linked to Aurora, but Lee said that "there have been hundreds of companies infiltrated."

Stamos agreed that traditional security products such as antivirus and intrusion detection systems are not enough to stop the attack. "The interesting thing to me about these attackers is they're very patient," he said. "They'll spend a lot of time writing custom malware to get around people's antivirus."

"They'll use a social network to learn about one person in the company, and then will send emails or chats messages as that person's friend," he added.

Read More

Facebook Tips and Tweaks

Add-ons, plug-ins, and services to streamline and simplify your Facebook experience.
by Rick Broida, PCWorld - I like using Facebook to keep tabs on my friends, but I don't like the endless stream of "so-and-so took this quiz" and "Joe became friends with Jane" messages. I just became a fan of Facebook Purity, an add-on that removes those notifications from your Facebook home page. Facebook Purity is a script that requires Greasemonkey. Once you've installed that and restarted Firefox, just install the FP script, start up Firefox again, and fire up Facebook.


The effects are subtle--don't expect a major makeover--but definitely worthwhile. You may not notice any immediate changes, but you should see a "FB Purity hid" header like the one highlighted in this screen shot. The tally refers to the number of Facebook apps and "extras" hidden from your home page. If you're curious to see what they are, just click Show for either category.

If you want to edit the list of apps and extras Facebook Purity blocks, see the developer's FAQ page. Speaking of which, the script doesn't cost anything, but the developer sure would appreciate a few bucks if you find it useful. (Click the Donate button on his page to make a contribution via PayPal.)

By the way, Facebook Purity is compatible with Google Chrome, Opera, and Safari, but using Greasemonkey scripts with those browsers is a bit more complicated. Again, see the FAQ page for details.

Download Photo Albums in a Flash

For a service as photo-oriented as Facebook, the simple act of downloading photos is annoyingly complicated. In fact, there is no download option; you have to view each photo in turn, right-click it, and choose Save Image As or Save Picture As (depending on your browser).

So what happens if a friend posts a bunch of pictures you want to download? Are you really supposed to go through and save them one by one? Not if you install the FacePAD plug-in for Firefox. Short for Facebook Photo Album Downloader, it does exactly what its name implies: downloads entire albums at a time.

After loading the plug-in and restarting Firefox, select Tools, Add-ons, find FacePAD, click Options, and choose your language. Click OK and you're good to go.

To use FacePAD, just navigate your way into a friend's photo library, right-click an album link, and choose Download Album with FacePAD. In a matter of minutes the plug-in will plunk every photo into your default Firefox Downloads folder.

It's too bad you can't specify a folder or do any batch-renaming; all the photos end up with cryptic numerical file names. Still, FacePAD works as advertised, and it's a damn sight easier than retrieving each photo manually.

Add Facebook Chat to Your Firefox Sidebar

Let's solve another Facebook hassle: When you leave the site, your chat sessions get left behind. Wouldn't it be nice if you could keep a Facebook chat going regardless of what site you're viewing?

If you use Firefox as your Web browser, you can add Facebook chat to the Sidebar, thus keeping it alive and active even while you browse elsewhere. (I also find it a more convenient location than the bottom-right corner of the screen, which is where Facebook shoehorns it.) Here's how to make it happen:

In Firefox, press Ctrl-B to open the Sidebar in Bookmarks view. Right-click the bookmark folder where you want to add Facebook chat, then choose New Bookmark. Name the new bookmark "Facebook Chat," then paste this URL into the Location field: http://www.facebook.com/presence/popout.php Check "Load this bookmark in the sidebar," then click OK.

Now just click your new bookmark and presto: Facebook chat in the sidebar. Not too shabby, eh?

Simplify Your Facebook Experience with Brizzly

Brizzly provides a clean, simple, ad-free interface for Facebook (Twitter, too).

Getting started with this free Web service is a snap. Sign up for an account, then supply your user name and password for Facebook and/or Twitter. You'll have to click through a couple "approval" pop-ups, which is normal for any outside service seeking access to your account.

Now you've got a simple front end for your Facebook news feed. You can update your status, comment on friends' posts, watch posted videos, write on walls, and so on. You don't get every single Facebook feature--you can't "hide" a friend or play any games--but you do get a refreshingly streamlined interface.

Read More

MSI ready to launch iPad alternative

So we get it, a lot of you are underwhelmed by the iPad. But there's much more to the tablet world than Apple's latest creation. According to Digitimes (via Engadget), MSI's 10" tablet is coming during the second half of 2010. But will you Doubting Thomases be any happier with this offering?

The price is the same as the cheapest iPad ($500) and the capacitive screen is effectively the same size (9.7" for the iPad, 10" for the MSI). The iPad runs iPhone OS while the MSI runs Android. That means the MSI will multitask of course, and Flash support in Android should be a given by launch time (though that isn't certain). It has a camera. It's running on an Nvidia Tegra2 chip which Ars Technica suggests puts it on par with the iPad's A4 as far as computing horsepower. And of course Android doesn't live in a walled garden.

On the other hand, it doesn't have the iTunes App Store, nor does it have the media partners that Apple has lined up for the iPad. And (as seen in the video below) native apps don't support multi-touch pinch and zoom gestures.

So what do you say, iPad doubters? Is a device like this any more appealing or will you still stick to your smartphones and netbooks? (Another intriguing option is the Notion Ink Adam which Engadget took a good look at during CES.)

Some of you, I know, just aren't interested in the tablet form factor but others have specific grievances with the iPad in particular, and I'm wondering if a device that addresses some of these grievances without increasing the price is of more interest.

Here's one of the least bad videos of the MSI Android Tablet that I could find at YouTube, so you can see it in action. Keep in mind it isn't shipping for at least 5 months so in theory response should get a bit snappier, and rough edges should get a bit of polishing, before then.

Read More