TJX says theft of data may go back to 2005 TJX Cos. yesterday said computer hackers may have gained access to its consumer data in 2005, a year earlier than it had previously thought, potentially exposing millions more customers of stores such as T.J. Maxx and Marshalls to identity theft. [Boston.com]
Mass. bill would make retailers pay for data leaks Massachusetts lawmakers are about to consider a bill that would require retailers to pay for losses when hackers and thieves breach their security systems to steal consumers’ credit card and other financial information, the Wall Street Journal reported on Thursday. [Boston.com]
Cisco IP phone flaws discovered Hackers could get unauthorized access to some speaker phones, IP desktop phones, says company. [CNET]
Google offers business software via subscription Web search leader Google Inc. has begun delivering a set of essential business software tools to paying subscribers, in a move to widen its appeal to corporate customers, the company said on Wednesday. $50/year. 10GB storage; 99.9% uptime.
Microsoft walks tightrope with business services The company has good reason to expand into services and hosted software, but it must be careful not to alienate partners. [CNET]
It seems like somebody is a little cranky about the slow pace of sales for Microsoft’s Windows Vista. CEO Steve Ballmer, as Kevin Fogarty noted in today’s headline scan, has tried to place at least part of the blame for Vista’s slow start on software piracy, and is threatening to “dial up” Microsoft’s anti-piracy measures. At the same time, as the threat of losing some potential buyers to Linux desktops continues to rear its head, Ballmer once again is threatening legal action against Linux distributions that infringe on Microsoft’s intellectual property claims.
Sure, Vista is out there in Bitstream . Sure, Windows Genuine advantage is so hosed, you can install an upgrade copy onto a bare machine just by rebooting at the right time during install. But there’s a reason why Vista sales are so slack that has nothing to do with piracy, and that Linux has little to do with: people don’t trust it yet.
Cisco Systems is warning that customers who don’t change the default names and passwords on routers are vulnerable to an exploit publicized by Symantec and Indiana University last week.
Pharming is a malware technique more sophisticated than phishing because it requires no conscious effort on the part of the user, and can even change the code on a victimized computer to re-route its Web requests without the knowledge of the user.
The solution is to change the default password as soon as the router is brought online, according to Cisco. But, since compromised laptops could also be the source of such attacks, it may also be necessary to check the machines of users who bring laptops home and work from routers they configure (or leave the configuration as the factory default) themselves.
The original version of this story appeared on TechTarget sister site SearchSecurity.com.
You already knew that your customers’ employees are often a huge security liability. But if you needed any more proof, this week’s Stop and Shop scandal might help to convince you.
In a nutshell, thieves stole account and personal identification numbers from customers’ credit and debit cards at stores in Rhode Island and Massachusetts by tampering with checkout-lane keypads. At some point, these data thieves must have accessed the keypads by entering the building and physically tampering with them, then reinstalling. How could this have happened?
One NetworkWorld story may have the answer (if not to this particular breach, then possibly to others). A penetration tester from NTA Monitor Inc. got into a company’s building by waiting until a group of smokers finished their smoke break, then slipping in behind the last employee. He managed to get upstairs by saying that IT had sent him, and successfully attached his computer to the company’s VoIP network. Scary, I know.
If your customer is relying on employees to sound the intruder alarm — or if there are unsecured entry points into their buildings — all of the firewalls, IDS, VPNs, and monitoring devices you’ve implemented may not help. You CAN make sure you’ve given your customer a fighting chance, however, by checking out the brand new Penetration Testing Project Guide on SearchSecurityChannel.com.
As G.I. Joe used to say, “Knowing is half the battle.” Do your own penetration testing, and then educate, educate, educate your customer. You’ll be their greatest asset.
Notebook computers flew off shelves over the holidays, helping to bolster Hewlett-Packard’s lead atop the PC heap. [NYT]
Steve Ballmer has reissued Microsoft’s patent threat against Linux, warning open-source vendors that they must respect his company’s intellectual property. [CNET]
Now that Vista is out and shipping on new PCs, the question for VAR and user alike isn’t whether to deal with it — or even when — but how. To make the transition a bit more transparent, Microsoft has released six new Vista deployment tools and guidelines.
The new tools are:
- Solution Accelerator for Business Desktop Deployment (BBD), to deploy Windows Vista and Office 2007 on desktops
- Application Compatibility Toolkit (ACT), to ease the process of moving old third-party apps to Vista
- Windows Vista Hardware Assessment, a brand-new tool to help customers determine whether their computers will even run Vista
- Volume Activation Management Tool (VAMT) and Key Management Service (KMS), to handle site-wide activation for Vista, which Microsoft says is necessary to help cut down on piracy
- Virtual PC 2007, the newest version of Microsoft’s virtualization software.
The full version of this story appeared on TechTarget sister site SearchWinIT.
Check back soon at SearchSystemsChannel.com for more on these new tools and what they’ll mean for resellers and systems integrators.
Mergers among security vendors often leave customers – and VARS – in the lurch.
Before Symantec took over Veritas, for example, techs at Newton, Mass.-based IT management service provider MIS Alliance Corp. got good tech support from Veritas.
Now the phone-support techs don’t seem up to speed, and it can take 45 minutes even to get to an unhelpful tech. Licensing issues – including getting access keys for clients – is also a problem.
Symantec acknowledges the glitches, but says many are the result of merging its ERP system with Veritas’ and that the problems will disappear quickly.
Other mergers have worked out better for their customers and VARs. Secure Computing’s acquisition of CipherTrust worked out partly because of the number of high-level CipherTrust execs kept on after the merge, one customer said.
For others, including EMC’s acquisition of RSA, the jury is still out, and the customers are still nervous.
The full version of this story appeared on TechTarget sister site SearchSecurity.com.
Unified communications (UC) systems can be performance-challenged and sometimes don’t match the way their users would like to work – at least according to colleagues of IT director Mike Gladish.
So Gladish was cautious in rolling out UC to the East Central division of the American Automobile Association (AAA), testing it with a small group of headquarters staff before trying a full rollout – the better to map out both hard and soft productivity benefits.
So far the rollout isn’t going over like a house afire, but users aren’t rebelling, either. As time goes on, though, the UC system is diverging from the way people work, or at least the way they used to work. The UC-enabled group is moving away from strict reliance on voice communications, has easier access to an mobility of voice mail, and is thinking about adding video.
So far, so good.
The full version of this story appeared on TechTarget sister site SearchVOIP.com.
Sourcefire Inc. has plugged security holes in its popular Snort intrusion detection tool that could have allowed attackers to get in through the security software itself to run unauthorized code on a victim’s server.
The flaws in Snort’s DCE/RPC preprocessor would have allowed a stack-based buffer overflow, according to an advisory from Sourcefire. The preprocessor is enabled by default.
Sourcefire advised users to fix the flaw by upgrading to Snort version 188.8.131.52 or beta 2 of Snort 2.7.
The full version of this story appeared on TechTarget sister site SearchSecurity.com.
Microsoft released a Vista-compatible version of its SQL Server 2005 database this week, rectifying a critical gap in its own Vista-enabled product line, and eliminating virtualization restrictions on the popular database at the same time.
The rules that come with SQL Server 2005 Service Pack 2 remove any limit on the number of instances of SQL Server that can run in virtual machines as long as the server on which they run has a SQL Server license for each CPU on the machine.
Earlier rules would have required a license for each virtual machine.
The new version does not support the Microsoft Data Engine, the database engine under SQL Server 2000. SQL Server is important to Microsoft customers because it’s widely embedded in applications that require a local database, though it is typically not considered robust enough to scale to the levels of Oracle or IBM’s top databases.
The original version of this story appeared on TechTarget sister site SearchWinIT.com.