Critical vulnerabilities in common PC software, including both applications and operating systems, continue to grow in number and stand as the leading cause for concern in the IT security landscape today, according to training experts at the SANS Institute.Holes in so-called client-side applications, including Web browsers, e-mail clients, productivity suites, and media players, have become particularly worrisome over the last year, according to SANS, which highlighted the issue as part of its annual report on the top 20 Internet security risks for 2007.As hackers have shifted their attention further away from operating system flaws and drilled down to applications-layer vulnerabilities they have found a seemingly endless wealth of possibilities for infecting PCs with everything from spyware to botnet programs, SANS researchers contend.Unless something can be done to improve software developers' coding habits or better test popular applications for such issues before they land on end-users' machines, attackers will be able to continue their successful assaults against enterprise networks and devices for the foreseeable future, said Rohit Dhamankar, project manager for the Top 20 report at SANS and a senior manager of security research for TippingPoint.?"There's just been such a dramatic rise in the numbers of vulnerabilities found in applications like Internet Explorer and Microsoft Office and a number of media players that attackers are having their way," said Dhamankar. "Enterprises are bolstering security, but desktop users still pose a massive risk if they can download anything they want from the Web; the attacks are also growing in sophistication to the extent that many can defeat antivirus and other security systems primarily by obfuscating their code."Some of the most powerful tools that hackers have adopted in hunting for potential targets are the same industrial-strength applications fuzzing tools that software vendors themselves are using to search for holes in their products, said the expert.Enterprises could do themselves a favor by enforcing stricter policies that dictate the types of applications that end-users are allowed to put on their work machines and using technical means to ensure that those rules are being followed, Dhamankar said.Other SANS researchers noted that while companies may not want to tell end-users that they cannot utilize media players, messaging clients, and other applications that have moved into the business world from the consumer sector, they could help themselves out by limiting the variety of client-side applications that people may choose from."IT departments can't focus on all the applications of the world, but they can choose several and keep their eye on those while allowing end-users some freedom," said Amol Sarwate, research manager at Qualys who studies vulnerability patterns for SANS. "What companies need to do is enforce standards for applications usage and utilize technical means to block unwanted software, devices, and even wireless access points."While many businesses have already realized that they need to shift more of their efforts toward defending client-side vulnerabilities, most have failed to embrace a proactive approach versus simply keeping track of publicly-reported flaws and patching those issues said Sarwate.Enterprises need to think about future security issues It will be particularly important for firms to examine the additional security issues that will be introduced in the coming years with broader adoption of technologies including VoIP (Voice over IP), according to the expert."The key is for people to start thinking ahead of these client-side vulnerabilities to understand what the next big thing may be. Things like VoIP need to be examined for their security implications," said Sarwate. "Many companies are already adopting these tools because of all the advantages they offer, but there will be many attacks carried out against these systems as well."Among the advice that SANS is offering organizations hoping to improve their client-side security coverage is to mandate secure configurations at installation time for all applications, to constantly verify patching and upgrading of both applications and system software, to scan for new vulnerabilities frequently, and to keep their security systems up to date.Other leading areas of concern highlighted by SANS in its report included critical vulnerabilities in Web applications that allow for cross-site scripting attacks or for computers to be otherwise compromised simply by pointing their browsers at poisoned URLs."Gullible, busy, accommodating computer users," including executives, IT staff, and others with privileged access also remain a major weak point for enterprise security, according to SANS, as these seemingly more seasoned users of computers and software are still falling for increasingly targeted spear-phishing campaigns in large numbers.One of the best ways to educate users about the problem is for organizations to create fake spear-phishing threats and send them out to internal users to determine which individuals might be most likely to fall for the schemes and follow up with additional training, the group said.Critical vulnerabilities in the software and systems that provide the operating environment and primary services to computer users, or server-side software, remain another area of leading concern, according to SANS.Problems in Microsoft Windows services, Unix and Mac OS services, back-up and AV programs, management servers, database software, and VoIP technologies in particular are proving troublesome, according to the report.Many of those issues can be addressed by following the same advice offered for solving client-side vulnerabilities, SANS said in the research.

Home is a shabby apartment building on the outskirts of town. Work is the late shift at a meatpacking plant. This is Degmo Ali's life. And it seems to have been misplaced in this rural town:

Our biological propensity for keeping awake during the day and sleeping at night makes night work a challenge. Now, researchers at Brigham and Women's Hospital (BWH) have found that attention is especially affected during the first night shift. This research appears in the November 28, 2007 edition of PLOS ONE. [click link for full article]

Driven by market consolidation and the ongoing efforts of large IT security vendors to meld DLP (data leakage prevention) tools into their broader portfolios, some experts contend that the technologies will increasingly become perceived as product features and less so as stand-alone platforms.As with countless other security technologies that previously flourished as separate products but are now largely consumed as elements of packaged security suites -- including anti-spyware applications, spam-filtering tools, intrusion detection systems (IDS), and firewalls -- some market watchers claim that DLP is rapidly shifting into a mere piece of other offerings.Over the last six months, a slew of independent DLP vendors have been acquired by large security providers, including Vontu, Tablus, Provilla, PortAuthority, and Oakley Networks.Just as customer demand for DLP technologies -- considered valuable tools in stemming the theft and misplacement of sensitive corporate information -- drove Symantec, EMC, Trend Micro, WebSense, and Raytheon to buy those firms, respectively, the ubiquitous need for data protection among enterprises will drive further integration of the applications into other systems, according to some industry watchers."If you look at what DLP does, the real value will become more of a stack value than a vertical play," said Jon Oltsik, analyst with Enterprise Strategy Group. "A lot of devices can do packet filtering at the edge, and that filtering will become the enforcement of a policy, versus stand-alone data leakage prevention; the DLP system will still be where you might classify data, enter policies, and do analysis, but other products will likely take over the enforcement piece."As Symantec had not yet announced details of its $350 million deal to buy Vontu when the market leader convened its second quarter earnings call on Oct. 23, Chief Executive John Thompson deferred questions about the impending acquisition in favor of highlighting DLP features that already resided in a number of the company's existing products, such as its database security programs.While Symantec executives claim that the firm is planning to continue to sell Vontu's technology as a stand-alone platform for the foreseeable future, they also concede that one of the major benefits of adding the startup will be giant vendor's ability to further weave the acquired tools throughout a number of its other products."If you're going to have an agent on the end point, clearly you want all those capabilities to be integrated, and that includes DLP," said Ken Schneider, chief technology officer of Symantec's Security and Data Management group. "One of the things we're always trying to do is take disparate sets of technologies and build them into our architecture; we will continue to sell DLP as a stand-alone, but we will also introduce DLP capabilities throughout the portfolio."As with many other security technologies, one of the hardest parts of effectively using DLP tools in the enterprise setting lies in customers' abilities to manage the systems, Schneider said.Based on that reality, the degree to which Symantec can bond the technology with other security tools to allow for centralized management and policy control will play heavily into further adoption of DLP applications, according to the executive.At rival McAfee, which has made less aggressive moves in adding DLP capabilities -- having purchased a smaller vendor, Onigma, in late 2006 and recently buying Safeboot, more of a device encryption specialist -- executives agreed that the complex nature of the data protection tools makes integration crucial to their overall usability.McAfee executives agree with Symantec's view that there is likely a market for both stand-alone and integrated DLP in the short term, but said that the long-term play favors assimilation into other products -- in particular, more narrow DLP products aimed at protecting only end points, network gateways, or databases will need to be merged with other technologies, said Vimal Solanki, McAfee's senior director of product marketing.Those DLP products that can offer broader coverage across different systems and many types of data have the best chance of selling on their own going forward, he said."The point products that are out there are just features at some point, if they don't have all the pieces, like encryption, they won't meet all the expectations that customers have for DLP," Solanki said. "The key is that the same policies have to apply regardless of the device or the data; vendors have done a good job of marketing individual DLP features, but what we've seen among customers is that unless they can view many areas of risk and manage them with the same policy, DLP becomes a much tougher sell."Some companies who have already been acquired are already questioning the viability of the DLP space they came from."The remaining stand-alones will be very challenged, as DLP is going to be absorbed into all types of networking gear," said Derek Smith, chief executive of Oakley Networks, which was acquired by defense industry giant Raytheon for an undisclosed sum in late September. "I think DLP was probably pretty short-lived as the basis for an entire company, because if all you are doing is putting a box on the network, you're simply deflecting the threat of data loss to another vector that you probably can't see."However, most people in charge of the 35-odd remaining independent providers of DLP tools argue that in many senses it is the larger vendors who have the most work to do.It is the core anti-virus tools and spam-filtering products of security companies including McAfee, Symantec, and Trend that are becoming rapidly commoditized, an argument that has hung over the sector for years, said Seth Birnbaum, chief executive of Verdasys, an independent DLP vendor.The big players are trying desperately to shift from selling those types of legacy products into providing the data protection tools that customers are clamoring for, he said."Maybe if we were more of a point provider I'd be worried, but we are winning deals today based on a platform approach that includes everything from data discovery and policy creation right through to encryption, which is what customers are looking for and not many people have been able to offer," said Birnbaum."These bigger players are going to have a much tougher time trying to realign their entire business around data security since they've been married to all these other product lines for so long," he said. "The stronger point providers will be acquired, and everyone who doesn't have all the necessary pieces of DLP will be wiped out, but there's a lot of room for those of us who are already doing it the right way today."Other stand-alone vendors admitted that there is probably value to be found in arguments for both independent and integrated DLP systems."The answer is that we will probably see escalation of both models," said David Etue, vice president of product management at Fidelis Security, another independent DLP vendor."Some of early DLP market success stories were people were who built more of a feature, and I'm not sure if it was their strategy, but they built something that easily became a feature of other things," he said. "At the same time, we obviously believe that those of us who sell a real DLP platform today continue to have a strong opportunity."Other analysts contend that the stand-alone DLP market does in fact have sustainability but claim that there will only be a few players-- those who have mastered the policy management and enforcement pieces specifically -- who will survive and potentially flourish.At this point, any company whose products do not offer that level of functionality are probably living on borrowed time, said Rich Mogull, a longtime analyst at Gartner who recently launched his own consulting firm, Securosis.In the case of the larger vendors such as Symantec, the analyst said that the company will integrate its DLP tools with other products, while also marketing the policy management and enforcement aspect of the technology as a stand-alone product."There are a lot of elements of content monitoring and protection that can be integrated on the firewall, the end point, or in e-mail, and those more narrow providers who address only those things will probably go away," Mogull said. "For Symantec to connect Vontu's DLP to its end-point products makes sense, but there's still a market for the technologies used to create, manage, and enforce the policy, something for all these other systems to plug back into.""The independent companies who already have a platform and can address the high-level business problems of protecting data will likely be the ones who get acquired next," he said. "But there's probably only a dozen or so left like that, because many of the companies that have identified themselves as DLP only solve a small part of the problem."

Experienced Flexographic Pressman! Great company in the Independence area is looking for an experienced Flexographic pressman. Multicolor up to 8 colors. Must have experience and be willing to work any shift. This is

Microsoft's emphasis on improvements to security features in Windows Vista may have undermined business adoption of the OS as many business and enterprise customers are still holding off on upgrading to the OS nearly a year after its release to them.Microsoft spent a good deal of time and money to ensure Vista's security after Windows XP and applications running on it proved susceptible to devastating worms like Blaster, Slammer, and MyDoom. Though Microsoft released Windows XP Service Pack 2 to remedy some vulnerabilities, the company decided that security would be a top priority for the next major Windows release, said George Stathakopoulos, general manager of Microsoft’s Response and Product Centers."The security part of Vista was talked about a lot because it was a primary concern all over the world," he said.But in retrospect, those close to the company and even Microsoft have acknowledged recently that security has not proved to be important enough to encourage businesses to upgrade to Vista.Robert Hansen, CEO of IT security consultancy SecTheory in Austin, Texas, who has spoken at Microsoft's Blue Hat hacker conference and done contract work for the company, said Microsoft is aware that its laser focus on Vista security may have been a misstep, and that it is trying to remedy that.He said that Microsoft staffers are pleased in general with Vista's security improvements, but they acknowledge that "the consumer reaction was ho-hum.""Over the next year, although security is definitely top of mind, some people feel as if the security as a priority is going to shift downwards as opposed to feature enhancements," Hansen said.Hansen also said that Microsoft traded general OS usability to add some of Vista's security features, such as UAC (User Account Control), and is "feeling pressure from Apple" to provide a more intuitive and user-friendly OS.UAC gives system administrators more control over what features business users can access. It has become a chief complaint with users because it interrupts a PC user's work with a pop-up window whenever they're about to do something the feature considers an administrative function. UAC can be bypassed by working in administrator mode instead of standard user mode, but this defeats the purpose of the added security the feature was supposed to bring to the OS.Microsoft has said that it plans to improve UAC in a future update to Windows to address usability and make it more intuitive for users while maintaining OS security.In an interview last week as part of an update on Vista adoption, Mike Nash, vice president of product management for Windows Client for Microsoft, acknowledged that security "is not a reason in the short term" to buy a new OS. He promoted other features of Vista, such as updates to how it manages and stores multimedia, to encourage end-users to upgrade.Indeed, Microsoft certainly seems to have misjudged just how important security was with customers prior to Vista's business launch. But to be fair, the company faced complexities in promoting and marketing Vista to customers because with every new version of Windows, the company "is competing with itself," said Tim McAtee, research director for MarketingSherpa, a research firm that provides market intelligence for marketing professionals.Still, Microsoft made a crucial mistake in pushing and marketing something that many feel should be an inherent part of an operating system, he said. By telling customers a feature of the OS was not right in a previous version and promoting that it's been improved in the new one, "you're abusing the trust of your customer if you expect them to buy an upgrade to fix your mistake," McAtee said.Indeed, the idea that "security just should be there; that should just go without saying" was likely a factor in the lackluster response from customers over Vista's security improvements, said a San Francisco-based public relations professional who was a part of the enormously successful Windows 95 marketing and PR campaign."Security is something that Microsoft is constantly addressing with updates, and people understand there are evolving security issues," the professional said. "Instead of making that the feature of a huge launch, they should have gone for many of the much cooler features."

SA rises in the ranks - of pollutersThursday, 15 November 2007, 11:55Source: http://it-online.co.za/content/view/175330/142/South Africa's Eskom has been ranked as the second-largest power producer in the world - in terms of carbon dioxide (CO2) emissions. And South Africa is placed eighth overall in a new ranking of countries by CO2 emissions. These shocking findings have emerged from a new online database - Carbon Monitoring for Action (Carma) - compiled by the Center for Global Development, which measures the CO2 emission of 50 000 power plants worldwide.The database lays out exactly where the CO2 emitters are and how much of the greenhouse gas they are casting into the atmosphere. It also shows which companies own the plants.A research team, led by David Wheeler, a senior fellow at CGD, constructed the enormous database to help speed the shift to less carbon-intensive power generation – with the objective of minimising global warming which is and will hurt poor people in developing countries first and worst.The Carma data is arrayed on a user-friendly website: www.Carma.org.The database and its website rank individual power plants, plotting their location by latitude and longitude. The data for total power-related emissions can be displayed by cities, states or provinces, and countries.Rankings of the 4 000 electric power companies in the world show which are the biggest carbon polluters, globally, nationally, and at sub-national levels. Company-level data include emissions and power generation for 2000 and 2007, as well as estimates of future emissions and power generation from planned expansions. Data will be updated regularly as facility ownership changes and new plants come online.Power generation accounts for about one-quarter of total emissions of CO2, the main culprit in global warming. But, until now, people concerned about climate change lacked information about the emissions of particular power plants and the identities of the companies that own them."Carma makes information about power-related CO2 emissions transparent to people throughout the world," says Dr Wheeler. "Information leads to action. We know that this works for other forms of pollution and we believe it can work for greenhouse gas emissions, too."On a per capita basis, Australians are some of the largest CO2 emitters in the world, producing more than 11 tons of power sector CO2 emissions per person every year. Americans aren’t far behind at more than 9 tons per person. Populous developing nations have far lower per capita emissions. For example, the average Chinese citizen produces 2 tons of CO2 emissions from power generation annually, and Indians emit about half-a-ton per person.A recent study by William Cline, a joint senior fellow at CGD and the Peterson Institute for International Economics, predicts that agricultural productivity in developing countries will decline sharply by 2080, as crops in areas closer to the equator suffer from the effects of increased heat and drought. Averting such a disaster would require rapid emission reductions in the first half of this century. Carma is intended to help speed the necessary emission reductions.Globally, power generation emits nearly 10 billion tons of CO2 per year. The US, with more than 8 000 power plants out of the more than 50, 000 worldwide, accounts for about 25% of that total, or 2,8-billion tons.Although no single country comes close to the US's total, other countries collectively account for three-quarters of the power-related CO2 burden. China comes second after the US with 2.7-billion tons; followed by Russia – 661-million tons; India – 583-million tons; Japan – 400-million tons; Germany – 356-million tons; Australia – 226-million tons; South Africa – 222-million tons; the UK – 212-million tons; and South Korea – 185-million tons.One surprise in the data is that the biggest emitters of CO2 in the world in absolute terms are located not in the rich world but in rapidly emerging economies with massive coal-fired plants.Huaneng Power International in China is the biggest culprit with 292-million tons, followed by Eskom at 214-million tons and India's NTPC with 182-million tons. Another two Chinese plants are ahed of the first US plants, which rank at six and siver, followed by a German power producer.Source: http://it-online.co.za/content/view/175330/142/

Today, the Government announced its plans to lift one million people off incapacity benefit and into work. But this ambitious target will require a radical shift in the delivery of welfare to work services, says the REC.

Rachel K. Paulose, the United States attorney in Minnesota, said that she would step down to go to work at the Justice Department in Washington on legal policies.

When Danny Sabbah became general manager of IBM's Rational division in 2005, he set out to make changes in the organization. Sabbah said Friday that this transformation is well under way."I think you will see a lot more reality to that vision in the second half of 2008," he said. "By 2009, you won't recognize Rational."A key Rational project is Jazz. "What we're doing now is starting to create the IDE (integrated development environment) of the year 2010," Sabbah said. One of the first Jazz products is Rational Team Concert, a real-time collaboration portal, which is now in beta.The Jazz project symbolizes the shift in focus at Rational, Sabbah said. At different points, the company focused on developing "best of breed" developer tools, and then on process and methodology, he said. Jazz doesn't negate that work but aims to "treat the application life cycle as an entity in and of itself," Sabbah said. "It's a very different perspective from, 'How am I the best coder, or the best tester, or change management expert?'""I talk about Rational being the ERP (enterprise resource planning) vendor for the business process of software development," he added.Overall, Sabbah's leadership of Rational has indeed invoked change, said analyst Judith Hurwitz, a longtime IBM watcher."Historically, they've had a lot of tools that didn't really work together all that well," she said of the company, which IBM bought in 2003. "From the outside, it looks like they're building much more of a platform than a series of disconnected tools."IBM bought Watchfire, a Web application security company, earlier this year. Sabbah said IBM is going to use Watchfire's technology to embed the notion of security early in the software development process. "The way you encourage developers to understand those types of rules is to inject those design patterns into their tools," he said.As Rational undergoes change, competitor Microsoft has in turn been evolving its own development products, such as the Visual Studio IDE.Sabbah said IBM will make sure Rational continues to play well with its rival because of the mixed environments many IBM customers have. Either IBM or its partners will create Jazz plug-ins for the Visual Studio stack, he said.However, Sabbah is unimpressed by Microsoft's roadmap for application development beyond Visual Studio 2008. The project, codenamed "Oslo," is based around using model-driven design to build and manage composite applications. But the vision is still hazy, as Microsoft has set no release dates."I have a hard time dealing with announcements from Microsoft that are nothing but paper," Sabbah said. "I can write vision documents too. It's just hard to make judgments on things that aren't real.... All I can tell you is, the stuff we're doing with Jazz, it's running code."Sabbah also said he has little use for a recent trend: Tools and platforms that supposedly make it easy for business users to do some development."I don't believe any of that stuff," he said. "I've never met a business user that can use any type of professional development tool. Period." Business users are better off working within more familiar environments, such as spreadsheets and word processing programs, he said.IBM is instead working on how to better connect coders with the needs of business. "The whole idea is to improve the communication between the developers and the business analysts who are trying to convey the requirements," he said.

 Related Pages

http://www.dickiesstore.co.uk
Who supply:
safety work boots