Archive for RB

| May 21, 2010
Comments Off on eWaste Takeback Results

eWaste Takeback Results

eWaste Takeback ResultsLawrence Tech University held its first electronic recycling drive last month. The University took in over one ton of eWaste according to TechNews. The event helped raise awareness about the dangers of electronic waste. There are real environmental dangers associated with discarded electrical and electronic equipment.

Lawrence Technological UniversityComputers contain:

  • Beryllium,
  • Chromium,
  • Lead,
  • Mercury,
  • PVC.

CRT’s contain:

  • Barium compounds,
  • Bromine-based flame retardants (BFRs),
  • Up to 8 pounds of lead,
  • Mercury,
  • Phosphors compounds,
  • PVC.

LCD monitors contain:

  • All the above,
  • Mercury in backlights.

Batteries

Inkjet inks and laser tone  cartridges:

  • Bromine-based flame retardants (BFRs).
  • PVC.

Copper Ethernet cables are often jacketed in PVC.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
| May 18, 2010
Comments Off on Fallingwater

Fallingwater

Fallingwater is a house designed by American architect Frank Lloyd Wright in 1935. Construction began in 1936 and was completed in 1939. This is a spectacular 3-d animation from Etérea featuring the Frank Lloyd Wright masterpiece.

Fallingwater from Cristóbal Vila on Vimeo.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| May 16, 2010
Comments Off on Who’s in Charge Here?

Who’s in Charge Here?

Who's in Charge Here?Apparently, the justices in the U.S. Supreme court don’t use much technology. LawyersUSA reports that during oral arguments in the case City of Ontario v. Quon, which considers whether police officers had an expectation of privacy in personal (and sexually explicit) text messages sent on pagers issued to them by the city, the justices of the Supreme Court at times seemed to struggle with the technology involved.

Among the technical difficulties reported included Chief Justice John G. Roberts, Jr. – who is known to write out his opinions in longhand with pen and paper instead of a computer – asked what the difference was “between email and a pager?”

Justice Anthony Kennedy asked what would happen if a text message was sent to an officer at the same time he was sending one to someone else. “Does it say: ‘Your call is important to us, and we will get back to you?’” Kennedy asked.

Justice Antonin Scalia wrangled a bit with the idea of a service provider. “You mean (the text) doesn’t go right to me?” he asked. Then he asked whether they can be printed out in hard copy. “Could Quon print these spicy little conversations and send them to his buddies?” Scalia asked.

rb-

While I’m no lawyer, I have a passing knowledge of how courts work (and don’t work) to frame decisions I make. It would seem reasonable that the Supremes would have a passing knowledge of how technology works when they are making laws that will impact the rest of us.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| May 11, 2010
Comments Off on Microsoft Security Report

Microsoft Security Report

Microsoft Security ReportMicrosoft (NASDAQ MSFT) released the latest Microsoft Security Intelligence Report (SIRv8) on April 26, 2010. Data for SIRv8  came from 500 million PCs across the globe between July and December 2009 and for the first time separates enterprise user and consumer user malware trend data. The data included in the 250-page report says that enterprises and consumers each suffer from different types of malware threats.

Microsft security goog news

Microsoft logoThe good Microsoft security news from the SIR 8 report is that newer operating systems and up-to-date applications are the most secure. Windows 7 and Vista Service Pack 2 have the lowest infection rates per 1,000 executions of the Microsoft Malicious Software Removal Tool (MSRT) in the second half of last year. (pg. 85). Microsoft runs the Malicious Software Removal Tool before installing Windows updates.

Windows OSPC's cleaned/1,000 MSRT
XP SP121.7
XP SP214.5
Win 7 32-bit2.8
Vista SP2 32-bit2.2
Vista SP2 64-bit1.4
Win 7 64-bit1.4

The report shows that the more recent versions of Microsoft Windows are less vulnerable to attack. Cliff Evans, Microsoft UK’s head of security and privacy says only about 5% of the vulnerabilities are in Microsoft software. This has led to a shift in emphasis to targeting third-party programs and utilities. In XP, around 45% of attacks exploited third-party (i.e. non-Microsoft) code, with Vista and Windows 7 it’s around 75% according to an article in the Guardian.

Application attacks continue to increase. Running updated software decreases the attack surface and increases Microsoft security robustness. The report shows that attackers target Internet Explorer 6 (IE 6) up to four times more often than the newer version IE 7 (pg.33). Matt Thomlinson, general manager of product security in Microsoft’s Trustworthy Computing group told DarkReading, “With Internet Explorer, IE 6 is four times more targeted in drive-by attacks.” Thomlinson says SIR 8 provides the first real results to illustrate this.

Browser attacks

The Microsoft security report says that nearly 75% of the browser-based exploits encountered in 2H09, were third-party applications, including Adobe Reader, RealPlayer, Apple QuickTime, and AOL software (pg.26). This means Windows Update is not enough to protect users, who must also install updates from Adobe, Apple, and other software suppliers.

Attacks against Microsoft Office make use of older vulnerabilities that have mostly been fixed and can easily be avoided by keeping the software suite up to date. The majority of Office file format attacks can be avoided by applying service packs (pg. 43). For example, 75.8% of the attacks on Microsoft Office files exploited a single vulnerability (CVE-2006-2492, the Malformed Object Pointer Vulnerability in Microsoft Office Word), which was found in 2006.

The report found that enterprise users contract more worms, “In the enterprise, worms are more of a problem, which is not a surprise in that you have networks with trusted file shares and USB devices, and they are more susceptible to those transmission mechanisms,” Thomlinson told DarkReading. “This is the first time we’ve had data allowing us to separate [enterprise and consumer machines] and show differences [in malware prevalence.]” Worms were found in 32 percent of enterprise PCs.

ThreatPresent %
Worms32
Miscellaneous Trojans18
Unwanted software16
Trojan down-loaders and droppers13
Password-stealers and monitoring tools7
Backdoor programs 5
Viruses 4
Exploits 3
Adware3
Spyware1

Rogue anti-virus attacks

Windows in both the enterprise and the consumer markets were hit hard by rogue anti-virus attacks last year. Rogue security software was found on 7.8 million up 46% from 5.3 million in the second half of last year. The most detected rogue security software family, Win32/FakeXPA, was also the third-most prevalent overall threat detected by Microsoft worldwide in 2H09. Three other rouge software families were also widely detected:

  • Win32/Yektel,
  • Win32/ FakeSpypro, and
  • Win32/Winwebsec.

MSFT claims that attacks are now motivated by financial gain, with a “black economy” of malware authors, botnet herders, and other criminals working together to exploit vulnerabilities in Windows PCs. “We’re seeing that the criminals are more professional and organized,” Thomlinson says. “This is really about criminals in shirts and ties, not with tattoos.” Criminals are becoming more specialized in different aspects of cybercrime. They are then coordinating with criminals with other specialties. He says. “Threats are being packaged together and sold as commodities and kits,” he says. “It struck us as we looked at botnets that this is an early version of cloud computing: There is computing available for whatever use they have in mind, and they are taking advantage of many machines to do that. This is the ‘black cloud’ of computing.

rb-
The next report will be interesting as attackers focus their attention on Win7 as it becomes wider deployed. The takeaway from the report is:
  • Keep your installed software patched to current levels.
  • Running old versions of operating systems, browsers, and application software exposes companies to additional unnecessary risks (Ask Google).
  • Invest into initiatives that get systems upgraded to the newest technology available.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| May 8, 2010
Comments Off on SCOTUS Look At Texting and Sexting

SCOTUS Look At Texting and Sexting

SCOTUS Look At Texting & SextingThe U.S. Supreme Court recently heard oral arguments in the sexting case City of Ontario, Ontario Police Department, and Lloyd Scharf v. Jeff Quon, et al.  According to the Workplace Privacy Data Management & Security Report by the legal firm of Jackson|Lewis, this case highlights the effects new technologies continue to have on workplace privacy issues.

Sexting messages

One issue the Court will consider is whether a California police department violated the privacy of one of its officers when it read the personal “sexting” messages on his department issued pager. The U.S. Court of Appeals for the Ninth Court sided with the police officer and ruled that users of text messaging services “have a reasonable expectation of privacy” regarding messages stored on the service provider’s network.

Police Sgt. Jeff Quon, his wife, his girlfriend, and another police sergeant filed the original suit. The suit started after one of Quon’s superiors audited his messages and found that many of them were sexually explicit “sexting” and personal. Among the defendants were the City of Ontario, the Ontario Police Department, and Arch Wireless Operating. Co. Inc. Plaintiffs sought damages for alleged violation of their privacy rights.

Arch Wireless contracted with the employer, the City of Ontario, California, to provide text-messaging services using pagers. The City distributed the pagers to various employees. The employees signed an “Employee Acknowledgment” of the City’s general “Computer Usage, Internet, and E-mail Policy.”

The policy stated that the City reserved the right to “monitor and log all network activity including e-mail and Internet use, with or without notice.” The policy also stated that “[u]sers should have no expectation of privacy or confidentiality when using these resources.” Quon also attended a meeting during which a police Lieutenant stated that pager messages “were considered e-mail and that those messages would fall under the City’s policy as public information and eligible for auditing.”

A certain number of characters each month were allocated to each pager per month, Quon exceeded his allotment on several occasions. The Lieutenant attempted to determine whether the overages were business-related and obtained transcripts of text messages for the employees with overages. After auditing the transcripts provided by Arch Wireless the matter was referred to the City’s Internal Affairs agency. Where it was determined that Quon exceeded his monthly character allotment and many of his messages were personal and not business-related.

Court rulings

The case went to trial and the jury ruled in favor of the employer. The plaintiffs appealed the ruling. The Court of Appeals ruled that the plaintiff had a reasonable expectation of privacy in the text messages. The Court held that he had a reasonable expectation of privacy because the City:

  • Had a practice of not reviewing the messages if employees paid the overage charges.
  • Did not review Quon’s messages even though he exceeded the character allotment several times.

Significantly, the author points out, the court held that the City’s practice trumped its own written policy, its employees’ acknowledgments that they had no privacy interest in electronic communications and its statements in staff meetings that it viewed text messages as e-mail.

no-privacyAmong the issues the Supreme Court will look at in this case is whether the Department’s official “no-privacy” policy conflicts with its informal policy of allowing some personal use of pagers according to the blog. The blog says that this area of the law remains unsettled.

They recommend a well-drafted policy to lower an employee’s expectation of privacy when using employer owned equipment. The law firm cites estimates that 100 million people will use text messages in 2010 and recommends that employers be ready with comprehensive computer and electronic equipment usage policies. Further, the firm says it is critical that:

  • Practices and policies are consistent.
  • Policies reflect current technologies.
  • Employees acknowledge receiving and reviewing policies and procedures, particularly when introducing new technologies.

While this case involves a public sector entity, its outcome is likely to affect electronic communications policies and practices across the country, whether by public or private employers.

rb-

While I’m no lawyer, the biggest message out of this case and one out of New Jersey, which I noted earlier are policies need to be clear and consistent to be enforceable. In the New Jersey case, The court found the company’s policy on email use to be vague, noting it allows “occasional personal use.” The issue in the CA case seems to be the conflict between official policy and informal policy.

Some of the policy suggestions we make to clients include:

  • Have senior management and legal counsel make policy
  • Update the policy often
  • Reduce expectation of privacy
  • Distribute the policy to employees at regular intervals
  • Specify who can change policy in the policy
  • Train managers about the policy
  • Specify that company equipment be used only for business communications
  • Do not allow third-party emails.

Of course don’t forget the example Kwame Kilpatrick

SCOTUS Look At Texting & Sexting

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »