Business: IT News | iSafe Technologies

Staples cited for failing to delete data

June 24th, 2011

Posted in Business: IT News | Post a Comment | 2 Comments »

The NDP’s incoherence on Senate reform

A Staples logo is seen at a store, Monday, Dec. 1, 2008 in Boston. - A Staples logo is seen at a store, Monday, Dec. 1, 2008 in Boston. | Lisa Poole/AP

EMILY JACKSON

copyright: http://www.theglobeandmail.com/news/national/staples-cited-for-failing-to-delete-data/article2070213/

From Wednesday’s Globe and Mail

Published Tuesday, Jun. 21, 2011 9:38PM EDT

Last updated Tuesday, Jun. 21, 2011 9:41PM EDT

Consumers’ social insurance numbers, banking information and tax records were discovered on used electronics that Staples Business Depot “wiped” for resale, Canada’s Privacy Commissioner has found.

Her annual report chastised Staples, an office supplies chain, for not fully deleting sensitive data from returned devices such as laptops and USB hard drives, leaving customers at risk of identity theft or fraud.

As more and more personal information takes a digital shape, calls for companies like Staples to protect consumer data have become louder.“I’m hugely disappointed looking at the whole Staples situation,” said Privacy Commissioner Jennifer Stoddart in an interview.

“The onus should not be on consumers to wipe their devices clean.”

The privacy office conducted a year-long, country-wide audit of Staples after a series of complaints.

More than one-third of the 149 “clean” devices audited still held the previous owner’s information, according to the report.

Although Staples complied with most of the audit’s recommendations, it has not committed to properly destroying consumer data, Ms. Stoddart said.

Staples took issue with the report in a statement released Tuesday. Staples “responded positively to all of the Privacy Commissioner’s recommendations well before the release of this audit,” according to the statement.

“Further, Staples has implemented changes that exceed current industry practice to remove personal data from returned memory devices. This meets the level requested by the Privacy Commissioner,” it continued.

But in its original response to the audit, Staples said overwriting data was “commercially unviable” and the company was “actively testing” ways to remove personal information that would not damage or destroy a hard drive.

Wiping a hard drive can cost up to $100 per computer, but it’s harmless, said cyber forensic specialist Daniel Tobok, president of Digital Wyzdom.

“You cannot hurt the operating system or the hard drive by doing a DOD standard wipe on the hard drive,” he said.

“It’s done by governments and financial institutions every day.”

There have been no reports of identity theft or fraud connected to an improperly wiped Staples device, but consumers should be aware, Ms. Stoddart said. If the company does not comply with her recommendations by June of 2012, as verified by a third party, she said she will launch a formal investigation.

…….

Crisis management

An employer learns what an emergency contact list is for

Emergency contacts: People to call in a crisis or people whom managers should advise on the home front?

A manager at a small trucking company evidently felt the latter, according to the Privacy Commissioner’s annual report.

The manager sent a letter to every driver’s emergency contact – be it their spouse, mother, or sibling – to give them advice on the employee’s health and safety.

“I am hoping that we can count on you to do your part to make sure that your loved one is coming to work rested,” the manager wrote in the letter.

“Things like saving their ‘honey do’ list or other physically or emotionally draining tasks for days they are not working are a good start.”

After an employee anonymously complained about the letter, a privacy officer gave the manager a honey-don’t list for when to call emergency contacts.

The manager destroyed the mailing list and the problem was resolved without a formal complaint.

The Web Is Shrinking. Now What?

June 24th, 2011

Posted in Business: IT News | Post a Comment | No Comments »

We all read the statistics every week documenting the meteoric new growth areas of the Internet, and they are impressive:

Online video is exploding, with annual user growth of more than 45 percent. Mobile-device time spent increased 28 percent last year — with average smartphone time spent doubling. And social networks are now used by 90 percent of U.S. Internet users — for an average of more than four hours a month.

None of this is a newsflash. Every venture capitalist, Web publisher, and digital marketer is hyper-aware of these three trends.

But what’s happening to the rest of the Web?

The Web Is Shrinking. Really.

When you take these three growth areas out of the picture, the size of the hole left behind is staggering: the rest of the Web — the tried and true core that we thought would have limitless growth — is already shrinking.

Here are the facts:

When you exclude just Facebook from the rest of the Web, consumption in terms of minutes of use shrank by nearly nine percent between March 2010 and March 2011, according to data from comScore. And, even when you include Facebook usage, total non-mobile Internet consumption still dropped three percent over the same period.

We’ve known that social is growing lightning fast — notably, Facebook consumption, which grew by 69 percent — but now it’s clear that Facebook is not growing in addition to the Web. Rather, it’s actually taking consumption away from the publishers who compete on the rest of the Web.

And just what is the rest of the Web?

I have been calling it the “document Web,” based on how Google and other Web architectures view its pages as documents, linked together. But increasingly, it might as well be called the “searchable Web” since it’s accessed predominantly as a reference, and navigated primarily via search.

And it’s becoming less relevant.

In the last year, Facebook’s share of users’ time online grew from one out of every 13 minutes of use nationwide, to one out of every eight. In aggregate, that means the document Web was down more than half a billion hours of use (that’s more than 800 lifetimes) this March versus last March. And in financial terms, that represents a lost opportunity of $2.2 billion in advertising inventory that didn’t exist this year.

The Creation of a New, Connected Web

The change in the Web’s direction is a clear indication to me that we aren’t just in the midst of a boom for new interaction modes, but rather in a generational overhaul of the Internet.

What replaces the declining searchable Web is a new and “fully connected” digital life. You may have heard this before. After all, the promise of the Web was to connect pages with hyperlinks. Well, this time, “connected” means much more. It means the Web connects us, as people, to each one of the individuals online; and those connections, ultimately, extend from one of us to all of us.

Just as significantly, this all happens in real time, and at nearly all times.

And here’s what’s different when you connect people, as opposed to pages: Now, the Web knows who we are (identity), is with us at all times wherever we go (mobile), threads our relationships with others (social), and delivers meaningful experiences beyond just text and graphics (video).

The connected, social Web is alive, moving, proactive, and personal, while the document Web is just an artifact — suited as a universal reference, but hardly a personal experience.

The Social Web Versus the Searchable Web

Analytical explanations — increasing smartphone penetration, bandwidth availability, and technology sophistication — fill in some of the gaps as we try to understand this sea change, but they fall short.

Something larger is afoot, and it’s not about science or technology. Rather, as human beings, we have changed how we fit the Internet into our lives.

And the nature of the Web is changing to match. The old searchable Web is crashing; while the new connected, social Web is lifting off.

The implications for publishers are massive.

The last decade has been defined by the rise of Google as the nearly limitless supplier of traffic to digital media properties. And so a generation of digital media publishers developed and followed the same playbook: create lots of content around top keywords, engineer for search engine optimization (SEO) and expand the surface area in search engines to reach more users. The objective was to catch visitors in their net; expand reach — as measured by ComScore — look more impressive to advertisers and capture more demand.

The landscape is changing, and fast.

SEO’s strategic value is quickly fading as Google’s growth slows and its prominence in distribution slides away. In its place, Facebook has become the wiring hub of the connected Web — a new “home base” alternative to Google’s dominance of the last decade. Facebook began receiving as many visits as Google in March 2010, and already garners more than three times as many minutes as Google each month from users, according to comScore. Looking ahead, the best projections of U.S. online reach indicate that Facebook will surpass Google on that metric in less than a year, too.

And with this change, the nature of the relationship between users and publishers is being altered fundamentally — and perhaps forever.

Search offers a utility relationship, connecting users to content for the briefest of transactions; typically, it provokes users to just one pageview so they can find a piece of information, and then they move on.

But social discovery builds a relationship. Leveraging social endorsements and an environment of serendipitous discovery, consumers meet publishers in a meaningful context. As a result, the relationship that forms is stronger — and, more importantly for publishers, it’s branded.

Unlike the ecosystem set up by Google, where the search engine ironically intermediates between users and the objects of their queries (so that users reinforce their loyalty to Google, far more than to the publisher), in the world of social publishing, the Facebook hub enables a direct, if constrained, relationship between users and media brands.

The results — at least for my own company, Wetpaint — are that social media brings more qualified eyeballs and retains them. People who come via social media stay longer on the first visit; and they are more likely to come back sooner and more frequently. Overall, our visitors from social networks have a relationship that’s several times stronger — and several times as valuable when measured in engagement, pageviews, and revenues — than the relationships people form when then arrive through search.

The Human Connection

But it’s not just a change in mechanics. It’s a change in our human relationships.

Lewis D’Vorkin, the Chief Product Officer at Forbes, speaks of it when he and Alex Knapp talk about “live” media, quantum entanglement and mutually rewarding relationships that bind authors and readers on the new connected Web. It’s a sense of the Web moving from static published reference to living digital companion.

But there’s even more, and this vast change foreshadows bigger and better impacts on our lives. The greatest innovators in social media are driving exactly along that edge today. As one friend commented recently on the full potential of connected lives, by being joined more closely together, we can increase empathy and meaning, while decreasing isolation.

Toward a Fully Connected Future

Admittedly, we’re early in the replacement cycle when it comes to the connected Web. Even for strong connected Web performers like Huffington Post, Wetpaint, and others, the sum total of traffic from Facebook, Twitter, video, and mobile may add up to only half the total, or less.

But the trend has tipped, and with that tip has come both the business necessity and the human impact potential of elevating the relationship.

As the document Web of old shrinks, the new connected Web expands and delivers experiences that make our time online more effective, efficient, and enjoyable.

And that changes the role of companies on the Web from mere content publishers or providers to truly connected digital partners for real people.

Ben Elowitz (@elowitz) is co-founder and CEO of web publisher Wetpaint, and author of the Digital Quarters blog about the future of digital media. Prior to Wetpaint, Elowitz co-founded Blue Nile (NILE). He is an angel investor in media and e-commerce companies.

copyright: http://allthingsd.com/20110623/the-web-is-shrinking-now-what/?mod=googlenews

Scareware and How to Avoid It

June 24th, 2011

Posted in Business: IT News, IT Security | Post a Comment | No Comments »

By Nick Clayton

The idea behind “scareware” is to frighten computer users into paying to download anti-virus software of dubious, if any, value. It can be enormously profitable which means its methodology is increasingly sophisticated.

“The people behind scareware have learned a great deal from the anti-virus industry and vice versa. It’s a copycat business,” said Richard Clooke, review program manager at PC Tools, a division of Symantec Corporation.

A common sales strategy used by legitimate businesses was, for instance, to persuade computer users to have their machines scanned online for free. They would then have to pay for software to clean up any infections. Of course, almost all computer owners would only have the vendors’ word for the existence of viruses and their removal.

That is where scareware comes in. Rather than waiting for a customer to visit a site to try and clean-up a perceived problem, scareware pops up a warning on the user’s screen. This can appear totally legitimate. In recent weeks the Firefox browser and Apple computers through MacDefender software have been the subject of scareware alerts.

To generate these alerts, users do not have to do anything stupid. Malicious code can be concealed on legitimate sites and so-called “drive-by attacks” mean visitors can generate pop-ups without clicking on anything.

“Another common tactic of fake anti-virus attackers is to ‘poison’ search engines with results that point to web pages that contain scareware. These attackers have created elaborate scripts and programs that actually use real-time trending information derived from search engines to create fake web pages containing the trending topic, but that also contain scareware.

“These fake pages then get indexed by search engines and appear in search results for legitimate timely topics. For example, earlier this year, the topics relating to the Japan earthquake and tsunami disaster, and Osama Bin Laden’s death were heavily utilized by fake anti-virus groups to ‘promote’ their scareware,” said Mike Paquette, chief strategy officer at network security company Correro.

The authors of scareware have also become increasingly adept at persuading people to buy useless or malicious programs when they see the warnings: “They’re forcing you to make an error of judgment,” said Sencer Parker of security company websense.

“They use three main mechanisms: First, there’s the visceral influence of that big flashing warning symbol on your screen.

“Second, they provoke a failure of self-regulation because of the pressure of that sign and things such as the fear of losing credit card details.

“Thirdly, there’s authority. The user thinks: ‘I’ve got an anti-virus company, who must know more than I do about these things, warning me I’ve got to take action now.’”

Under this carefully-orchestrated pressure it’s not surprising so many people are fooled into handing over their credit card details. “The main thing to look for is these scareware warnings are very much more aggressive than you’d get from any legitimate anti-virus company,” said Orla Cox of security company Symantec’s response centre.

Equally, legitimate companies do not scan a machine without asking. “The main thing is not to panic. Even if you have downloaded something it is unlikely the damage cannot be repaired,” she said.

The trick is often to Google any information such as the name of the scareware company or the wording of the warning. This will usually turn up advice and programs, which are almost always free, from legitimate vendors which will enable the computer to be repaired. If the original infected machine will not connect to the internet, as is quite common, the clean-up program can be downloaded to a memory stick.

Anti-Virus Pioneer Evgeny Kaspersky

June 24th, 2011

Posted in Business: IT News, IT Security | Post a Comment | No Comments »

read more on this article: http://www.spiegel.de/international/world/0,1518,770191,00.html

‘I Fear the Net Will Soon Become a War Zone’

Photo Gallery: The Fears of an Antivirus Guru

REUTERS

Evgeny Kaspersky is one of Russia’s top Internet virus hunters and IT entrepreneurs. In a SPIEGEL interview, he discusses a raft of recent hacker attacks on multinationals, the “total professionals” behind the Stuxnet virus and his fear of both personal and widespread cyber violence.

SPIEGEL: Mr. Kaspersky, when was the last time that a virus hunter like you fell victim to a cyber attack?

Evgeny Kaspersky: My computer was almost infected twice recently. When someone returned my flash card to me at a conference, it was infected with a virus. But then our own virus program helped me. The second time, the website of a hotel in Cyprus was infected. These kinds of things can happen to anyone, no matter how careful you are. I need protection just like anyone else. After all, a specialist on sexually transmitted diseases also relies on condoms for protection.

SPIEGEL: Virologists sometimes rave about the deadly perfection of the viruses they study. Do you still ever get excited yourself about the technology of a computer virus?

Kaspersky: The more sophisticated a virus is, the more exciting it is to crack its algorithm. I’m happy if I can do it. Okay, sometimes there’s a little professional respect involved, too. But it has nothing to do with enthusiasm. Every virus is a crime. Hackers do bad things. I would never hire one.

SPIEGEL: You and your company are the winners of a new era in warfare.

Kaspersky: No, because this war can’t be won; it only has perpetrators and victims. Out there, all we can do is prevent everything from spinning out of control. Only two things could solve this for good, and both of them are undesirable: to ban computers — or people.

SPIEGEL: Although your company Kaspersky Lab now employs more than 2,000 employees, it’s a small business compared with antivirus software makers like McAfee and Symantec. Can you ever catch up with them?

Kaspersky: We’re certainly trying. Russia is our most important competitive advantage. Moscow produces the world’s best programmers. It has a large number of outstanding technical universities. And although Russians can’t build cars the way you Germans can, they do write brilliant software.

SPIEGEL: You were once trained as a cryptologist by the KGB. Does that at all hinder your expansion in the West?

Kaspersky: No, but the fact that we are a company with Russian roots does. We occasionally sense a certain amount of suspicion. Nevertheless, we are now No. 1 in Germany, are growing rapidly in the United States and even have customers within NATO.

SPIEGEL: Who?

Kaspersky: A defense ministry. I won’t reveal the name of the country.

SPIEGEL: Which countries do most viruses come from?

Kaspersky: It’s hard to say because viruses unfortunately don’t carry ID cards. We can at least usually identify the originator’s language, and that’s at the moment the inventor communicates with his virus and gives it a command.

SPIEGEL: Russian programmers don’t only do good things. We assume that they also dominate the virus business.

Kaspersky: Based on the number of programmed viruses, we are in third place behind China and Latin America. Unfortunately, Russians are also among the most sophisticated and advanced players in criminal cyber activity. These days, they invent viruses and complex Trojan programs on demand. They launder money through the Internet. However, the largest number of harmful programs are written in Chinese. This means that they can be coming directly from the People’s Republic, but also from Singapore, Malaysia and even California, where there are Mandarin-speaking hackers.

SPIEGEL: Surprisingly enough, very few viruses seem to be coming from India even though it’s a rising star in the IT world.

Kaspersky: In general, the crime level in India is low. It’s probably a matter of the mentality. India and China have roughly the same population, the same computer density, a similar standard of living and similar religious roots. But China spits out viruses like they were coming off an assembly line.

More than just data lost in cruel hack

June 24th, 2011

Posted in Business: IT News, the Hacker's War | Post a Comment | No Comments »

Adam Carey

June 25, 2011

A single, intuitive platform to transform your data into an asset.

Computer hackers have destroyed a Melbourne IT company. Photo: Tanya Lake

SOME say it was an act of evil.

On the Queen’s Birthday long weekend, a Melbourne IT company’s hard drives were hacked and thousands of files and websites erased. Today that company, Distribute.IT, is dead – its business and reputation so trashed that its owners were forced this week to sell it to a competitor. Thousands of small Australian businesses whose websites it hosted are picking up the pieces.

The hacker obliterated 4800 websites in a lightning nighttime strike upon Distribute.IT on June 11, leaving a message on the company’s home page: ”owned by evil at efnet you mother f***ers need to get a clue before you run a business your security is horrible !!!!! the one and only evil at efnet i am back mother f***ers!!!”

Distribute.IT’s clients quickly began screaming for answers, but it took the company 10 days to report – via a blog it had started to replace its own wiped website – how thoroughly it had been hacked. ”The overall magnitude of the tragedy and the loss of our information and yours is simply incalculable; and we are distressed by the actions of the parties responsible for this reprehensible act,” it wrote.

Affected customers expressed sympathy but also anger.

”We’ve been dealing with them for three years, I know the owners personally and we’ve had zero communication from them,” said Cheyne Johnstone, chief executive of VentraIP, one of Distribute.IT’s largest customers, who had more than 8500 domain names hosted there. Although not erased, those domain names have been ”effectively frozen” since June 11.

Marne Jakins, owner of a Queensland-based web design company for rural businesses, said her clients had been hit hard by the enforced downtime.

Milan Rajkovic of web hosting company Milan Industries, says he lost some of his own clients through the hacking episode. ”If your back-ups are gone, you’re screwed. And obviously the disaster recovery plan they [Distribute.IT] had in place was not up to scratch.”

On Thursday web services company Netregistry announced it had ”acquired” Distribute.IT. Netregistry chief executive Larry Bloch said he had no prior designs on a takeover, but the gravity of the crisis gave him no choice.

Netregistry’s technicians are now salvaging what they can from the hard drives, prioritising the worst-affected customers.

Distribute.IT’s former owners declined requests for an interview, but Mr Bloch said they were devastated and exhausted. ”This is just a tragedy for them.”