Aug 29, 2006 (12:08 PM EDT)
TippingPoint Warns Of Upcoming Bugs In Microsoft, CA, Symantec

Read the Original Article at InformationWeek

In This Issue:
1. Editor's Note: A Lesson Plan For The DOE
2. Today's Top Story
    - TippingPoint Warns Of Upcoming Bugs In Microsoft, CA, Symantec
    Related Stories:
    - Most Damaging Attacks Rely On Stolen Log-Ins
    - Anti-Spyware Group Targets AOL 9.0 As 'Badware'
    - Anti-Spyware Vendors Mad About Consumer Reports Test Methods
3. Breaking News
    - Analysis: Businesses Don't Need Microsoft Software
    - Google, eBay Sign Ad Deal, Plan To Integrate Internet Telephony Services
    - UPDATE: BellSouth Drops Internet Fee After FCC Threat
    - ONStor Offers Entry-Level NAS For $40,000
    - Microsoft Clarifies 32-Bit Vista Playback Issue
    - Genome Institute Turns To Sun's Opteron Workstations For Gene Sequencing
    - Brief: Microsoft Strikes Back At Cybersquatters
    - Review: SwiftPage Facilitates Mass E-Mail From Your Outlook Desktop
    - Gore Wants TV To Welcome More Users Internet-Style
    - Computer Science Majors Get Tools To Build Accessibility Into Software
    - Game Consoles To Power Cancer, Alzheimer's Research
    - Bot Herder Sentenced To Three-Year Prison Term
4. Grab Bag
    - Unlocking Fingerprints (The Washington Post)
    - Open Warfare In Open Source (BusinessWeek)
    - Web Site Chronicles N.Y. Conversations (AP)
    - The Grapes Of Math (Fortune)
5. In Depth: Travel & Technology
    - Fasten Your Seatbelts, And No Mobiles, Please
    - Personal Tech: Inflight Power's $35 Recharger Cables Plug Into The Passenger Seat
    - Travel Industry Casts Wider Net
    - You Can Take It With You: TV On The Small, Small Screen
6. Voice Of Authority
    - Windows Vista: The Last Of Microsoft's Supersized Operating Systems?
7. White Papers
    - The Remote Access Imperative In Disaster Recovery
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription

Quote of the day:
"Horse sense is the thing a horse has which keeps it from betting on people." -- W.C. Fields


1. Editor's Note: A Lesson Plan For The DOE

Another week, another preventable exposure of citizen data at a government agency. Last week's spillage in the spotlight comes courtesy of the U.S. Department of Education. A glitch in a new software program created a situation where the wrong client data was being shown to people trying to update their student loan accounts. After a number of complaints, the DOE shut down the affected Web pages. Then, apparently, it worked on stonewalling.

As reporter Sharon Gaudin and I worked on the story, formulating questions and a list of people to call and things to check, it quickly became clear that, from a PR standpoint, the agency and its contractor need to study up on recent history.

If they did, they might learn that data breaches in general, and delayed admissions in particular, are greeted with much horror and scrutiny by the public and, increasingly, legislative bodies. They might also learn that the anger and angst over such breaches has led to Senate hearings, public pillorying, canceled contracts, the largest-ever fine issued by the Federal Trade Commission, new security directives from the White House for federal agencies, and increasingly, firings and resignations. If they found themselves a little pressed for time, and in need of some CliffsNotes on the subject, they could cut to the chase very quickly by calling over to the Veterans Affairs Department.

If they did any of that, they might also discover there are several cardinal rules of spin control, among them:

  • Ignorance is not bliss
  • The longer you stall exponentially lengthens the lifespan of the story
  • The press won't go away empty-handed

    I would add to this that anyone victimized or negatively impacted by your mistake has a right to an immediate explanation.

    Of course, the real goal is NOT to have to employ spin control.

    Despite the fact that the breach was detailed in a front-page story in a major metropolitan daily newspaper, complete with a huge jump, we found both the contractor and the DOE less than ready, and seemingly unwilling, to explain what had happened. We found a lack of urgency about the issue and what seemed to be almost a casual attitude. We did not find a press release, official statement, or Web site alert. And we had a hard time finding answers to questions about what did happen.

    The point here isn't that some government workers gave some reporters a hard time. We eventually got an interview and some information confirmed. It's about accountability and about letting the public know when they've been exposed to a risk. It's about letting actions speak louder than words—i.e., don't tell us you're taking it seriously, show us.

    My blog entry provides more detail about this lesson in poor disaster response, as well as some suggestions for what the department might do after the fact at this point. And if you're one of the 21,000 people who visited the affected pages on the DOE Web site before the glitch was discovered, not to worry—you'll be getting a (paper) letter of explanation from the DOE one of these days.

    Patricia Keefe
    pkeefe@cmp.com
    www.informationweek.com


    2. Today's Top Story

    TippingPoint Warns Of Upcoming Bugs In Microsoft, CA, Symantec
    The bug list, which is scant on details, came from TippingPoint's bounty program, which is celebrating its first anniversary.

    Related Stories:

    Most Damaging Attacks Rely On Stolen Log-Ins
    Security safeguards need to identify not just the user, but also the machine logging on to the network.

    Anti-Spyware Group Targets AOL 9.0 As 'Badware'
    Stopbadware.org, which is backed by Google, Sun, and Lenovo, says AOL's client software is "badware" and that users should avoid installing the program, because it interferes with computer use and uses deceptive information practices.

    Anti-Spyware Vendors Mad About Consumer Reports Test Methods
    Vendors including Microsoft and Sunbelt Software say the consumer magazine's test was bogus because it didn't take into account how security software detects and removes threats.


    3. Breaking News

    Analysis: Businesses Don't Need Microsoft Software
    Alternatives are available to Microsoft business software, including operating systems, CRM, e-mail, and even word processors. Google's new Web-based business software provides even more options.

    Google, EBay Sign Ad Deal, Plan To Integrate Internet Telephony Services
    Financial terms were not disclosed, but the companies said both initiatives involved revenue sharing.

    UPDATE: BellSouth Drops Internet Fee After FCC Threat
    The Federal Communications Commission had been poised to send a letter of inquiry to BellSouth asking the carrier to explain the new fee, which replaces a surcharge for a government subsidy program.

    ONStor Offers Entry-Level NAS For $40,000
    ONStor is targeting the midlevel enterprise, a portion of the market served largely by Network Appliances for NAS systems.

    Microsoft Clarifies 32-Bit Vista Playback Issue
    The 32-bit version of Windows Vista won't have high-definition playback. Instead, this function will be left up to independent software vendors.

    Genome Institute Turns To Sun's Opteron Workstations To Get Gene-Sequencing Done
    Sequencing tasks that used to take a month or more now only take a few days or a few hours.

    Brief: Microsoft Strikes Back At Cybersquatters
    Microsoft is sending its lawyers after four men who it alleges are profiting from the practice of cybersquatting and typo-squatting.

    Review: SwiftPage Facilitates Mass E-Mail From Your Outlook Desktop
    Service lets you easily send mass mailings to everyone in your Outlook address book.

    Gore Wants TV To Welcome More Users Internet-Style
    Television, still the dominant media format, could stand to have more user control and in that regard could learn from the Internet, former Vice President Al Gore said.

    Computer Science Majors Get Tools To Build Accessibility Into Software
    The program aims to improve access to Internet and workplace technologies for people with disabilities, the aging, and non-native-language speakers.

    Game Consoles To Power Cancer, Alzheimer's Research
    Researchers at Stanford University plan to use the cell processor power of PlayStation3 to perform calculations for the Folding@Home project, which simulates protein behavior to give scientists clues about the disease process.

    Bot Herder Sentenced To Three-Year Prison Term
    The attack hit thousands of computers, including some owned by the Department of Defense.

    All Our Latest News

    Watch The News Show

    In the current episode:

    John Soat With 'Wild World'
    Google tests enterprise software, Toshiba to manufacture MSFT's MP3 player "Zune," and more.

    Elena Malykhina With 'Locating Kin'
    Wherify Wireless plans to launch GMS/GPS phone and service allowing parents to locate kids and monitor calls.

    Nick Hoover With 'What Keeps You Up At Night?'
    Dan Wagner, CIO at Global Crossing, discusses issues he worries about.


    ----- The latest research, polls, and tools -----

    IT Priorities 3Q
    Understand how business-technology managers plan to allocate precious IT dollars for the remainder of the year with InformationWeek Research's IT Priorities 3Q report, part of our Priorities series.

    Poll: Google's A Do-It-Yourselfer. Should You Be Too?

    Keep Up With Careers News
    Catch up on all the latest employment trends by subscribing to TechCareers Report, a newsletter designed to bring all the relevant careers information you'll need to keep your career moving forward.

    Go In Depth On The Topics That Matter Most.
    Visit the InformationWeek Download site to help you as you analyze and make purchase decisions on critical technology solutions. The site gives you exclusive access to the original InformationWeek reports in an easy-to-read format. Topics covered include security and privacy, business intelligence and analytics, networking and infrastructure, data center, and mobile and wireless.

    -----------------------------------------


    4. Grab Bag

    Unlocking Fingerprints (The Washington Post)
    Plan for enhanced federal IDs could open the door to a biometrics boom.

    Open Warfare In Open Source (BusinessWeek)
    Disagreements over what should be included in the free software license's next version have pitted the movement's leaders against each other.

    Web Site Chronicles N.Y. Conversations (AP)
    In a city of 8 million people, someone's always saying something strange. And, odds are, someone is around to hear it. Chronicling such utterances is the mission of Overheard in New York, a Web site that has become an Internet sensation, spawned a book, and inspired countless imitators throughout the world.

    The Grapes Of Math (Fortune)
    Can high-tech tools help make better wine? Some Silicon Valley refugees think so.


    5. In Depth: Travel & Technology

    Fasten Your Seatbelts, And No Mobiles, Please
    Airlines are seeking ways to police potentially annoying onboard phone chats via symbols of a mobile phone crossed out, forcing passengers to switch off during take-off and designated "night" periods.

    Personal Tech: Inflight Power's $35 Recharger Cables Plug Into The Passenger Seat Headset Jack And Convert Audio Output Into USB Power
    Sharp's BroadbandFax uses a broadband connection to send and receive faxes directly to e-mail without paying for an electronic fax service; GM and Mazda will offer built-in auxiliary audio-input jacks for the iPod on all 2007 models.

    Travel Industry Casts Wider Net
    New features and, in one case, an improved network backbone aim to lure more travelers online.

    You Can Take It With You: TV On The Small, Small Screen
    A 50-inch plasma display may be cool, but try fitting one in your pocket. We show you a variety of options for taking TV wherever you go—without a wheelbarrow.


    6. Voice Of Authority

    Windows Vista: The Last Of Microsoft's Supersized Operating Systems?
    Windows XP is in the neighborhood of 50 million lines of programming code, and Windows Vista will push that number higher by millions. The time is coming for Microsoft to reverse direction and pare back its mother lode of code.


    7. White Papers

    The Remote Access Imperative In Disaster Recovery
    As organizations prepare a disaster recovery plan, it's important to include remote access as a fundamental part of the disaster recovery infrastructure. This document explores best practices for disaster recovery and the role of SSL VPNs in that process.


    8. Get More Out Of InformationWeek

    Try InformationWeek's RSS Feed

    Discover all InformationWeek's sites and newsletters

    Recommend This Newsletter To A Friend
    Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.


    9. Manage Your Newsletter Subscription

    To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

    Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

    Keep Getting This Newsletter
    Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
    InfoWeek@update.informationweek.com

    If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

    We take your privacy very seriously. Please review our Privacy Policy.

    InformationWeek Daily Newsletter
    A free service of InformationWeek and the TechWeb Network.
    Copyright (c) 2006 CMP Media LLC
    600 Community Drive
    Manhasset, N.Y. 11030




    		•