March 21, 2009 11:38 PM
Posted by: Xjlittle
, malicious code
, malicious web sites
, search engines
, web browsers
Crackers are increasingly attempting to influence the behavior of search engines to get them to misdirect users to malicious sites says security firm Marshal.
Unknowing users are asked to download an anti-malware application to protect their computers. The malware program then installs it’s malicious code onto the users computer.
Microsoft has attempted to help users with it’s Internet Explorer browser by using what they call a Smartscreen filter. The filter scans servers that have downloads to determine if those servers have a history of giving out malicious content. It if does the user is warned that they may be on a malicious web site.
Crackers also add links to bad websites in the comments. Posting links to such sites is known as blog spamming. When a user goes to one of these sites the cracker has automated tools that help gain entry into the users computer.
Unfortunately there is no firewall rule to prevent the foolishness of people visiting such sites. Once they are there bad things happen. Updated browsers, proxy servers and black and white lists certainly help. Still the best prevention for eliminating problems is educating users what to avoid along with the aforementioned methods.
March 21, 2009 9:09 PM
Posted by: Xjlittle
, federal agency
, us government
The US Government give you a full scholarship for college if you want to become a cybersecurity specialist. The scholarship covers room and board, books and tuition.
The obvious question here is “What do I have to give them in return?” Two years of government service at a federal agency in a cybersecurity position. That’s not a whole to ask in my opinion. Think about. Your getting a paid-for education in a field whose demand is only going to grow and all you have to do is work at a federal agency for two year using what you majored in at college. Not bad.
The program, known as SFS (Scholarship for Service), is run by run jointly by the National Science Foundation and DHS. SFS is quickly becoming known for more than just recruiting talent for their scholarships:
In the information assurance community, SFS is becoming widely recognized as indispensable, especially when government demand for highly skilled information technology security professionals is surging because of Information Systems Management Act requirements, the inexorable growth in security operations centers and an impending wave of retirements.
Michelle Kwon who graduated from the program has this to say about it
“When I graduated from the SFS program, I really thought I was going to do my two years [of government service] and then jump to industry and make big bucks,” Kwon said. “But I was given opportunities through the program that I wouldn’t have had otherwise.”
Michelle is now in a high-powered position as director of the Homeland Security Department’s U.S. Computer Emergency Readiness Team. Last year she was named director of US-CERT.
You can read more about the program here.
If I were a student and looking for a way to go to college this would be a fantastic way to go.
March 20, 2009 7:32 PM
Posted by: Xjlittle
, single sign on
, web authentication
myOpenID is an open source third party authentication tool allowing users to have one login across multiple websites. myOpenID is developed my JanRain.
Making life even better OpenID works with many websites where you may already have an identity. These include Facebook, MySpace, Google, Yahoo, AOL and Windows Live ID. Many sites will allow you to use your authentication information from one of these sites to login to their site.
JanRain eases the integration of OpenID with their RPX product. RPX allows websites to be up and running in an afternoon with OpenID. They recently launched a WordPress plugin for blogging sites. This site uses WordPress. I wonder if we’ll be getting OpenID
OpenID has launched a demo of the RPX product here. The plugin demonstrates the ease in which the RPX turnkey solution can be implemented.
OpenID now has over 35,000 sites using their product. These include high profile sites like PayPal, Plaxo, Sun and AOL.
I know that I use it with Yahoo as my identity provider for sites that accept them. I could use my myOpenID uthentication for all of them if I chose to do so. You should try it-it’s nice to able to use existing web identities instead of having to register at sites that you want to use.
March 19, 2009 1:00 AM
Posted by: Xjlittle
, Server room
I ran across this article in which Celerity Works Mike Lisagor who is the author of The Enlightened Manager discusses the seven skills a server room manager must have.
Increasingly the management skills needed be an effective Server Room manager encompasses much more than technical knowledge according to Lisagor.
Successful managers at any level need intangible skills such as: treating people with respect; being honest as to project status; being a good listener; keeping in sight what the overall mission is and prioritizing technology implementation within budget and cultural realities.
Here is a summary of seven skill sets that will set you apart:
1. Be Stakeholder Savvy
Connect with stakeholders at all levels and departments within your organization including program managers, technical managers, contracting staff and senior executives. This will give you access to the organizational intelligence you will need when you must deploy resources to meet competing goals. Be an active participant and you will develop the business savvy you need to succeed.
Also be willing to work at any hour, IT often means the flexibility to work non-standard hours and be available 24/7.
2. Set Reasonable Expectations
Organizations are looking to IT to deliver solutions. Don’t over promise and set expectations properly so that your management and users understand how much the solution will cost, how long it will take to deploy, and exactly what it can and can’t do.
3. Be In Charge Of Your Budget
Be ready to discuss topics such as ROI and TCO with program and contracting staff. If you understand and can explain both the upfront and long-term costs of technology solutions, you’ll be better able to guide your organization in making technology choices that will positively impact the business. Managing your budget involves looking not only at expenditures, but also at expected returns.
4. Be A Trusted Technology Advisor
Be a realist as to what current and new technologies can do and not do. Say “no” to technologies that won’t fulfill the organization’s missions – no matter how “cool” they are. Do this and you’ll be seen as a credible source for technology advice and heighten your strategic value to the organization.
5. Get Credentials, Gain Practical Experience
Education and certifications such as MCSE, CCNA or CompTIA A+ matter. So do security specific certifications. A mix of Linux and Windows server abilities is extremely desirable.
The talent pool is deep, so you need to be able to compete. In government, you can take advantage of reimbursement programs for training opportunities, but if you must invest in certifications on your own- do it and you’ll quickly realize the return on this investment in your career.
Getting practical experience can be a “chicken and egg” dilemma. So, don’t be afraid to get down in the trenches. Build a server from scratch, which requires researching component capabilities, analyzing price/performance data, choosing brand or vendor, dealing with power, cooling and other “green” factors, and troubleshooting problems.
6. Be Tactful and Patient
Hone the skills that allow you to navigate smoothly through your organization. Often you will need to explain technology to non-technical staff and talk about the pros and cons in language they can relate to. Being patient is an absolute must. It can make or break your career as issues and problems often take much longer to solve than anticipated.
7. Be Optimistic – Mix management and IT skills
Come to work each day with a positive attitude. This will take you far. As you move higher up in the organization, the emphasis moves toward a mix of IT, management and other skills. Many of the issues faced have little to do with IT systems directly, such as power and cooling. If you want that senior management position you’ll need knowledge – or at least an understanding – of areas outside of IT, such as facility management, engineering, and probably corporate politics and PR.
“The need for management to communicate with those around them has never been more pressing. The rapid growth of technology has increased work complexity and the need to coordinate with many individuals located in multiple places and organizational units,” Lisagor told 1105 Government Information Group Custom Media.
“Every manager can make a difference, and the more enlightened the manager is, the more enlightened the organization will be.”
That’s some information any technologist can take to the bank.
March 18, 2009 11:35 PM
Posted by: Xjlittle
A recent report by the Treasury Inspector General for Tax Administration (TIGTA) noted that the IRS scans about 89% of it’s servers weekly for malware and viruses. That should give you a warm and fuzzy feeling.
Apparently they believe that employee workstations pose more of a threat. All employee workstations are scanned weekly. Of the 11% of servers that aren’t scanned some are scanned intermittently and others not at all.
According to Michael Phillips, the deputy inspector general for audit, The IRS’ Cybersecurity Computer Security Incident Response Center responded to 961 malware incidents in calendar year 2008, an increase of 45 percent over the prior year,
The TIGTA also said that the IRS has adequate controls in place to prevent and respond to malware attacks. They have also built up the security structure to deal with the increasing threat of crackers.
The inspector general also recommended that IRS administrators should not be accessing the internet with their IRS logons. Employees and their managers should also be notified when their browsing results in a successful malicious code incident.
Terence Milholland, IRS’ chief technology officer, said in response the service would begin to scan all servers weekly by May 1 and implement regular reminders on Internet access restrictions by Aug. 1. The IRS would start notifying employees and their managers when their activity results in a malware incident, he said.
You can access the full report here.
March 17, 2009 12:20 AM
Posted by: Xjlittle
, green computing
, los alamos
I have often wondered how the really big technology users, like the Federal Government, utilize various technologies such as virtualization.
Now we can all get a first hand look by watching an eSeminar presented by Government Computer News. They are presenting Anil Karmel, a solutions architect in the network and infrastructure engineering division at Los Alamos National Laboratory, in an eSeminar at 2 p.m. Tuesday, March 24.
In the seminar Mr. Karmel will present on the initiatives taken by Los Alamos to address such things as green computing, disaster recovery and security. During the presentation he will discuss
How Los Alamos National Laboratory implemented virtualization to reduce their carbon footprint and consolidate data centers across their campus;
How to leverage server virtualization to cost-effectively supplement your disaster-recovery or business-continuity plan;
How to identify “low hanging fruit” for your agency’s green initiatives while achieving a substantial return on your investment; and
Moving computing from the desktop to the data center to enhance your agency’s security.
Sounds like a good place to learn about how some really smart people implement virtualization. I certainly plan on being there. You can read more about it here.
March 15, 2009 6:43 PM
Posted by: Xjlittle
, tax payer
, us government
The Collaborative Software Initiative and other backers of Open Source Software sent a letter to President Obama requesting that he mandate federal agencies consider how software purchased by the federal government is developed.
The letter stated that the open and collaborative way that open source software is developed mirrors the way that Obama wants to shape the government. It’s openness for for development and collaboration transparency is the way that Obama has said that he wants the US government to be in all of it’s dealings. The letter was signed by Collaborative Software Initiative Senior Developer David Christiansen and Chief Executive Officer Stuart Cohen, along with 14 CEOs of software development companies,
Paul Jones, an information science professor at the University of North Carolina at Chapel Hill says that Open-source software is already widely used by the military and intelligence agencies. He also believes that software developers are not likely to get an exclusive open-source mandate and that open-source solutions should compete on their merits, which are many.
“In some cases, open-source, or at the very least open formats, should be required so that the software, procedures…can be audited,” Jones said. “For archiving purposes, and for Freedom of Information Act purposes, software source and format definitions should be at minimum placed in escrow.”
The letter went on to say that open source reduces costs in the areas of application hosting and development and added that “the Obama administration should consider open-source software in its effort to standardize and digitize medical records”.
I for one am all for this. At the very least it makes agencies move away from Microsoft FUD and consider other alternatives for technology needs. In turn, if the software stands on it’s own merits and provides the required functionality, which I it will, the financial burden of the tax payers is greatly reduced.
References: Federal Computer Week
March 15, 2009 1:53 PM
Posted by: Xjlittle
, linux file system
Users of the Kubuntu recently suffered data loss while using the new ext4 file system. It happens when there is a power loss or a system failure. Note that this is not specific to Kubuntu. The Kubuntu users were just the first to try out the new file system.
I’m not talking about data that you’ve just written to a document or application. These failures are returning 0 byte files on any application that has a write to a file. That is to say that your data is completely gone, not just the unsaved part.
Developer of the ext4 file system, Ted Ts’o, has joined into discussions to explain what is going wrong. He has this to say: “The short answer is (a) yes, I’m aware of it, (b) there is a (partial) solution, (c) it’s not yet in mainline, and as far as I know, not in an Ubuntu Kernel, but it is queued for integration at the next merge window, after 2.6.29 releases, and (d) this is really more of an application design problem more than anything else.”
The problem is a write commit issue. The ext3 file system committed writes within 5 seconds. In an effort to enhance security and speed Ts’o increased the data commit to 60 seconds on the ext4 file system.
So far as the application design comment he apparently is asking developers to redesign their applications to deal with the 60 second delay. While this may happen over time it is certainly not going to be something that happens in the immediate future.
My advice is to leave the ext4 file system alone until it becomes mainstream and matures. There is obviously quite a bit of work still to be done before it is production ready for servers or workstations.
March 15, 2009 12:11 AM
Posted by: Xjlittle
, one laptop per child
The One Laptop Per Child (OLPC) is moving to the ARM processor. Chief technologist for the project, Ed McNierney, says that they can do better in terms of power with the ARM processor than with the AMD Geode chip whose output is 5 watts.
But what about Microsoft? The only operating system they have that will run on the ARM processor is Windows Mobile. The OLPC project and Microsoft had previously agreed that they would install Windows XP. OLPC chairman Nicholas Negroponte is currently in talks with Microsoft regarding a port of the XP operating system to the ARM processor.
Part of the OLPC misssion is targeting current and historic conflict zones, including places such as Iraq, Rwanda and the Gaza Strip. Providing laptops to children in these areas not only fulfills the group’s mission to offer equal-access education to the most isolated children, it may also promote world peace. Matt Keller, who works for the OLPC project believes that by putting laptops “into the hands of kids who would otherwise be indoctrinated,” he explained, “we can make the case pretty successfully that doing this is a long-term solution to root causes.”
The OLPC also serves the need of kids in the US. Last year Glen Iris Elementary School in Birmingham opened it’s doors as the as the district’s pilot for the program. “It’s been an overwhelming success at our school,” says principal Michael Wilson, whose school has a poverty rate of 83 percent. They’re “totally engaged in what they’re doing,” Wilson said. “I have kids getting out of cars in the morning with their laptops open.”
What a great project literally changing the lives of kids around the world. You can read more about the OLPC here.