Microsoft Research Reveals New Trends in Cybercrime
by: Jerry Liao
Microsoft Corp. released research showing an acceleration in the number of security attacks designed to steal personal information or trick people into providing it through social engineering.
Microsoft’s most recent Security Intelligence Report, a comprehensive analysis of the threat landscape, shows that attackers are increasingly targeting personal information to make a profit and are threatening to impact people’s privacy. The report found that during the first half of 2007, 31.6 million phishing scams were detected, an increase of more than 150 percent over the previous six months. The study also shows a 500 percent increase in trojan downloaders and droppers, malicious code used to install files such as trojans, password stealers, keyboard loggers and other malware on users’ systems. Two notable families of trojans detected and removed by the Microsoft Malicious Software Removal Tool are specifically targeted at stealing data and banking information.
The study for the Microsoft Trustworthy Computing Group, titled “Microsoft Study on Data Protection and Role Collaboration Within Organizations,” found that organizations with poor collaboration were more than twice as likely as organizations with good collaboration to have suffered a data breach in the past two years.
As more people communicate, access and share information online and the delivery of services and information becomes more personalized, organizations are collecting larger amounts of personal information to provide services to customers. Increasingly, organizations need to share information and conduct business across borders and devices, and with a wide range of internal and external stakeholders. For cybercriminals, these factors represent greater opportunities to steal personal information.
“As the security of the operating system improves, we are seeing cybercriminals becoming more sophisticated, diverse and targeted in their methods of stealing personal information,” said Ben Fathi, corporate vice president of development for the Windows Core Operating System Division at Microsoft. “Personal information is the currency of crime, and malicious attackers are targeting it to make their cyberattacks and other scams more authentic, credible and successful, and to make a profit.”
The research indicates there are tensions within organizations over how data should be managed. Security and privacy professionals see customer data as an asset to protect, while in functions such as marketing where personal data is collected and used, employees are more likely to see it as a resource to achieve business objectives. Conversely, representatives from all three functions agree that the theft or loss of customer data has a potentially damaging impact on brand value and organizational reputation.
One finding in particular from the survey provides evidence that some organizations struggle to align security, privacy and marketing functions. According to the research, 78 percent of security and privacy executives said they were confident that their marketing colleagues consult them before collecting or using personal information. However, only 30 percent of marketers said they actually do so.
Another key finding from the research found that preserving or enhancing an organization’s reputation and trust is important, especially for marketing professionals. More than 65 percent of marketers who collect and use data reported that preserving or enhancing the organization’s reputation and trust was among the most important business drivers for data protection. Avoiding threats is the top business driver for security professionals, and regulatory compliance is the top driver for privacy and compliance professionals. This finding suggests that when approaching data protection issues with marketers, security and privacy professionals will benefit from communicating the reputation and trust impacts associated with a lack of focus on avoiding threats of managing compliance.
Security breachers are continuously thinking of ways on how to penetrate systems, slowly turning to financial gains reasons. Let this be a challenge to security providers to come up with better and more effective solutions to further assist users to protect corporate computing infrastructure.
CorelDRAW Graphic Suite X3 – A Breakthrough in Design
by: Jerry Liao
No doubt that when it comes to graphics suites, Adobe is the leader. Not only because it’s packed with a lot of features, a lot of people are using the application. But like any other graphic solution, Adobe softwares comes with a price. If budget is not a problem, then go with Adobe. But if budget is a concern, you may want to take a look at CorelDRAW.
It’s not as strong as Adobe’s offering, but it costs a lot less. With CorelDRAW Graphics Suite X3, budget-minded design professionals and business users get access to excellent graphics tools at an affordable price. Corel has added several features and enhancements to this already terrific package.
CorelDRAW Graphic Suite X3 comes With over 400 enhancements, 40 new features, 10,000 new images and 1,000 new fonts. New features include:
– Corel PowerTRACE X3, best-in-class integrated bitmap-to-vector tracing solution provides optimal accurate results with color control flexibility. Plus! Prepare traced images confidently for spot colors with the color conversion palette.
– Corel PHOTO-PAINT X3 Image Adjustment Lab easily adjusts color, tones, and create snapshots of your photo adjustments with one single click.
– Hints docker provides dynamic, context-sensitive tips and tricks as you work, making the suite easier to use and learn.
– 10,000 clipart images, 1,000 new fonts individually hand-selected for the best quality.
– Interactive Fit Text to Path tool can precisely attach text to a path. A common effect for creating logos and signs, this new tool lets you interactively and quickly get your desired results.
– Open or create password-protected PDFs makes it easy to secure client files.
– CorelDRAW Design Collection offers 100 creatively varied templates that are easily customized to suit specific needs.
– Overprints Preview: allows you to confidently prepare objects for print by simulating the color of areas where objects overlap and preview these in the application.
– Crop tool: A significant time-saver, the Crop tool lets you quickly remove unwanted areas in objects and photos.
CorelDRAW Graphics Suite X3 is ideal for:
– Design-oriented professionals, either freelancers or those working in advertising industries.
– Production-oriented professionals working in business services such as sign-making, screen printing, awards, engraving, and embroidery.
– Small businesses with a need to create or repurpose their business marketing collaterals.
– Students and teachers at school or at home looking for creative ways to incorporate graphics into their curriculum, projects, and reports.
– Business professionals in government and commercial organizations such as technicians, sales support specialists, engineers, scientists and administrative support professionals.
Aside from CorelDRAW Graphic Suite X3, Corel also has Corel DRAWings X3, Corel KnockOut 2, Corel KPT Collection and Corel Grafigo 2 under its graphic offerings. But Corel is more than Graphics, its offerings spans to Technical Illustration ( Corel DESIGNER Technical Suite 12, Corel DESIGNER Professional 12), Painting/Natural Media ( Corel Painter X, Corel Painter Essentials 4), and Web Design (Ulead PhotoImpact 12).
With this comprehensive graphics suite, you can confidently tackle a wide variety of projects – from logo creation and Web graphics to multi-page marketing brochures and eye-catching signs. CorelDRAW Graphics Suite X3 offers the ultimate combination of superior design capabilities, speed, ease of use and affordability.
For more information, contact WordText Systems Inc., exclusive distributor of Corel Suites.
Worldwide PC shipments grew by 15.5% in the third quarter of 2007 (3Q07), according to IDC’s Worldwide Quarterly PC Tracker. Most regions continued to grow close to the pace of recent quarters, but EMEA saw a significant increase in Portable PC demand. Across regions, strong consumer and Small and Medium Business demand was supported by back-to-school promotions and competition for retail and SMB channels. A strong Euro and rising investment throughout EMEA helped accelerate the trend, pushing global growth to rates not seen since the end of 2005.
“The appeal of Portable PCs in all regions continues to propel the PC market at a remarkable pace and sets the stage for a very strong fourth quarter,” said Loren Loverde, director of IDC’s Worldwide Quarterly PC Tracker. “Falling costs, aggressive vendor competition, and rising commercial spending in all regions, along with relatively low penetration and rising consumer income in emerging markets, will sustain high growth over the next couple years.”
“There is some risk that component supplies – particularly for batteries and displays – could limit volume or raise prices,” added Bob O’Donnell, IDC vice president Clients and Displays. “However, suppliers are working to increase production and PC vendors may be able to adapt their configuration lineup to maximize volume. If components are in short supply, smaller vendors are likely to have a harder time adapting.”
– The United States market came in close to expectations with Desktop volume declining gradually while Portables growth remained strong but below last quarter’s accelerated pace. Dell remained the top vendor and improved from last quarter, although total volume was down from a year ago. HP saw solid growth of near 17%, although this was down from the prior two quarters.
– EMEA saw strong back-to-school and SMB growth as the top vendors all boosted their Portable shipments substantially. HP and Acer led the market, each with a significant increase in Portable PC growth. Desktop volumes increased incrementally, similar to last quarter. Central and Eastern Europe also saw strong Portable demand along with a growing consumer market.
– In Japan, shipment growth remained below zero, but improved from prior quarters. HP continued to make gains riding strong Consumer Portable growth, while Toshiba’s volume declined with a focus on profitability and the slower-growing commercial segment. Most other vendors saw relatively flat growth comparable to the market. NEC remained the market leader and although volume was flat from a year ago, growth recovered from a soft second quarter.
– Asia/Pacific (excluding Japan) saw another solid quarter with the biggest markets all coming in slightly ahead of expectations. Lenovo remained the clear leader, although HP and Acer continued to gain ground. Portables remained a key driver with regional growth rising to nearly 60% year on year.
– HP had a second consecutive quarter of better than 30% year-on-year growth with solid gains domestically and internationally. Share improved by roughly 2.5% from a year ago in both the United States and international markets. The company continues to leverage its channel strengths and aggressively pursue the Portables market – successfully capturing a substantial share of this high-growth segment.
– Dell improved growth significantly in EMEA and Asia/Pacific (excluding Japan) with less dramatic improvements in the United States and Japan. The results put growth back in positive territory and boosted quarterly volume above 10 million for the second time. The company continues its reorganization, focusing on more profitable business in the commercial market while still expanding its retail operations.
– Lenovo had another solid quarter, sustaining growth of nearly 23% for a second consecutive quarter. Growth spikes during the second quarter in EMEA and Latin America subsided during the third quarter, while stronger growth in the United States, Asia/Pacific, and Japan picked up. Overall the company saw solid and fairly steady growth across regions.
– Acer continued its rapid gains, boosting worldwide growth to near 60% with strong gains in its core markets in EMEA and Asia/Pacific (excluding Japan). The company also continued its rapid expansion in the United States with growth of 100% or more for a third consecutive quarter. Despite the elevated growth, volume in the United States was down from Q2 and roughly even with the first quarter – suggesting Acer’s U.S. expansion may face more pressure from competitors as volume grows.
– Toshiba saw growth accelerate in EMEA and Asia/Pacific (excluding Japan) while growth in the United States slowed from 47% in the second quarter. Worldwide volume increased by 17% year-on-year, down from over 20% in Q2, but stronger than first quarter performance.
– Gateway boosted international shipments nearly 8% following several quarters of declining growth. However, the company fell to fifth in the United States as volume dropped by 14% from a year ago, nearly twice the pace of prior quarters.
Most Small, Mid-sized Businesses Exposed to Internet Security
by: Jerry Liao
Webroot Software, Inc., a leading provider of Internet security software for the consumer, enterprise and SME markets, unveiled its latest report, “State of Internet Security: Protecting Small and Medium Businesses”. The report highlights startling survey results surrounding Internet security threats among SMEs worldwide. In conjunction with the report, Webroot has released a handbook for SMEs, “A Guide to Security for Small & Medium Business” that provides tips and best practices for protecting technology infrastructure and sensitive customer data from malware and cyber criminals.
“Unlike larger corporations, SMEs often lack the monetary resources and IT expertise to install and maintain the type of protection needed in the face of today’s growing malware threats. The real dichotomy here is that most of these companies think the real threats are viruses and worms, but the reality is the percentage of spyware is much higher and growing quickly,” said Peter Watkins, CEO, Webroot Software. “As a result, these companies are easier targets for cyber criminals when compared to larger companies with dedicated IT security resources.”
Consistent around the world, SMEs make up the overwhelming majority of the world’s business landscape, totaling more than 99.5 percent of all businesses in each country surveyed and representing more than 50 percent of the Gross Domestic Product (GDP) in each country. Because of the sheer number of SMEs worldwide, they are easy for criminals to find and have several consistent internal attributes that heighten their Internet security risk including:
• Pervasive Internet use. Seventy-seven percent of SMEs said their success depends on the Internet.
• Home-based and remote workers. Up to 52 percent of new businesses are home-based or remote.
• The need to store valuable customer and employee data due to online sales.
According to the report released by Webroot, SMEs are increasingly connected in order to do business, but there are a number of other factors impacting their IT security including:
• Lack of in-house security expertise.
• Limited budget and resource constraints.
• A constant struggle to keep pace with a growing mobile workforce.
• Absence of policies managing personal use of work computers.
• Increasing volume of sensitive customer and employee data.
• A rapidly evolving threat landscape.
“We’re seeing a perfect storm developing that could possibly have serious economic impact. SMEs are heavily reliant on the Internet for their work, making them a target. Compounding matters, there has been a 183 percent increase in Websites harboring spyware since January 2007, and SMEs aren’t defending themselves adequately,” added Watkins. “Given that these companies are the lifeblood of the world’s leading economies in both revenue generation and employment, we have a situation that could expose both businesses and customers to a very real, significant and growing threat on a global basis.”
– Low Awareness and Misperception of Real Problem. In all six countries surveyed, SMEs reported viruses and worms as more of a threat than spyware, yet last year spyware threats increased 254 percent while viruses were on the decline.
– High Virus Infection Rates Despite Protection. Approximately 96 percent of respondents reported that they have an antivirus solution installed, but more than 60 percent of respondents in Canada, France and the U.S. still reported a virus infection in the past year, which reflects the need for broader protection due to the increasingly complex nature of malware threats, and the need for someone to help manage the solution.
– Lack of Policies for Perceived Threats. To the extent that SMEs view employee errors and data theft as serious threats, 40 to 60 percent lack a policy to restrict or monitor employees’ personal use of work computers.
– Limited or No IT Staff. Approximately 40 percent of SMEs in Japan reported having no IT department at all, while three-fourths of SMEs surveyed have fewer than ten people in IT. The lack of in-house security expertise helps explain why 61 percent of SMEs have never sought information about how to properly protect customer and employee data.
May this report serves as a guide not only to our local SMEs but to security application and service providers as well, that security is not a product but a process. Everyone in the equation should work together to achieve a secure I.T. infrastructure. If not, everyone will be a loser here. Believer me, when I say everyone – I mean EVERYONE.
Gartner, Inc. analysts highlighted the top 10 technologies and trends that will be strategic for most organizations. Gartner defines a strategic technology as one with the potential for significant impact on the enterprise in the next three years. Factors that denote significant impact include a high potential for disruption to IT or the business, the need for a major dollar investment, or the risk of being late to adopt.
The top 10 strategic technologies for 2008 include:
1. Green IT. The focus of Green IT that came to the forefront in 2007 will accelerate and expand in 2008. Consider potential regulations and have alternative plans for data center and capacity growth. Regulations are multiplying and have the potential to seriously constrain companies in building data centers, as the impact on power grids, carbon emissions from increased use and other environmental impacts are under scrutiny.
2. Unified Communications. Today, 20 percent of the installed base with PBX has migrated to IP telephony, but more than 80 percent are already doing trials of some form. Gartner analysts expect the next three years to be the point at which the majority of companies implement this, the first major change in voice communications since the digital PBX and cellular phone changes in the 1970s and 1980s.
3. Business Process Modeling. Top-level process services must be defined jointly by a set of roles (which include enterprise architects, senior developers, process architects and/or process analysts). Some of those roles sit in a service oriented architecture center of excellence, some in a process center of excellence and some in both.
4. Metadata Management. Through 2010, organizations implementing both customer data integration and product integration and product information management will link these master data management initiatives as part of an overall enterprise information management (EIM) strategy. Metadata management enables optimization, abstraction and semantic reconciliation of metadata to support reuse, consistency, integrity and shareability.
5. Virtualization 2.0. Virtualization technologies can improve IT resource utilization and increase the flexibility needed to adapt to changing requirements and workloads.
6. Mashup & Composite Apps. By 2010, Web mashups will be the dominant model (80 percent) for the creation of composite enterprise applications. Mashup technologies will evolve significantly over the next five years, and application leaders must take this evolution into account when evaluating the impact of mashups and in formulating an enterprise mashup strategy.
7. Web Platform & WOA. Software as a service (SaaS) is becoming a viable option in more markets and companies must evaluate where service based delivery may provide value in 2008-2010. Meanwhile Web platforms are emerging which provide service-based access to infrastructure services, information, applications, and business processes through Web based “cloud computing” environments.
8. Computing Fabric. A computing fabric is the evolution of server design beyond the interim stage, blade servers, that exists today. The fabric-based server of the future will treat memory, processors, and I/O cards as components in a pool, combining and recombining them into particular arrangements to suits the owner’s needs. For example a large server can be created by combining 32 processors and a number of memory modules from the pool, operating together over the fabric to appear to an operating system as a single fixed server.
9. Real World Web. The term “real world Web” is informal, referring to places where information from the Web is applied to the particular location, activity or context in the real world. It is intended to augment the reality that a user faces, not to replace it as in virtual worlds. It is used in real-time based on the real world situation, not prepared in advance for consumption at specific times or researched after the events have occurred.
10. Social Software. Through 2010, the enterprise Web 2.0 product environment will experience considerable flux with continued product innovation and new entrants, including start-ups, large vendors and traditional collaboration vendors. Expect significant consolidation as competitors strive to deliver robust Web 2.0 offerings to the enterprise. Nevertheless social software technologies will increasingly be brought into the enterprise to augment traditional collaboration.
“These 10 opportunities should be considered in conjunction with many proven, fully-matured technologies, as we as others that did not make this list, but can provide value for many companies,” said Carl Claunch, vice president and distinguished analyst at Gartner. “For example, real-time enterprises providing advanced devices for a mobile workforce will consider next-generation smartphones to be a key technology, in addition to the value that this list might offer.”
Major Trends that will Force IT Organizations to change the way they support Workers
by: Jerry Liao
People have varying levels of difficulty with change. The adoption of innovations and technological changes involves altering human behavior, and the way they do things. Technology has brought change to new heights. And according to research firm Gartner, five major discontinuities are combining and will force IT organizations to change long-standing practices for procuring and managing IT. The intensity of these trends will grow through 2011, according to Gartner, Inc.
The five discontinuities include – Web 2.0, software as a service (SaaS), global-class computing, the consumerization of IT and open-source software.
“The five major discontinuities have the potential to completely disrupt vendor business models, user deployment models, whole market segments and key user and vendor brand assumptions,” said Tom Austin, vice president and Gartner Fellow. “These emerging discontinuities reinforce each other, and their combined effect will prove far stronger than each individual trend. IT managers who oversee applications must incorporate these trends into their long-term planning.”
These five major intersecting discontinuities amplify each other and any one of them can upset the balance of power between users and their IT organization. When the five come together, they intensify each other’s dislocating impact and can cause major disruption that creates pain for some and opportunity for others.
SaaS is already empowering business units to act independently of corporate IT strategies. Global-class systems, built on tera-architectures (as in Google Apps), threaten to upset the careful balance of power between IBM and Microsoft in messaging, and more importantly, they introduce entirely new ways to implement and scale applications. “Consumerization” and users’ clamor for IT organizations to be as responsive as Internet vendors are giving many IT departments headaches. Web 2.0 communities are bonding people in ways many people do not fully understand. Community members are doing business in ways that most enterprises had never even considered as they laid out their communications strategies. Open source is a hidden “secret” that enables many elements of the other four discontinuities to develop.
Gartner recommends five actions that can help IT managers take advantage of, rather than just react to, these five trends:
– Question Core Assumptions about the Role of the IT Organization — Once upon a time, it was the only source of IT. Now that users can often buy “what they need” from the Web, business executives must re-evaluate IT-related operating principles, guidelines, policies, practices and governance.
– Experiment with Free-form Environments — Create free-form searchable “personal Web pages” for users, along with folksonomies, tag clouds, navigation by tag or type of user, feeds, blogs and “wikis”. Companies need to provide free-form, open environments to facilitate productive social interactions and to allow patterns of behavior, interaction with the rest of the business ecosystem and new business models (and opportunities) to emerge and evolve over time.
– Help Users Innovate — Innovation speeds economic development. IT managers should apply this general rule to the enterprise by helping selected users interact in an open environment and thereby innovate. Allow them to exploit Web-based tools and share their experiences with other users.
– Segment Users — The IT organization needs to stop providing the same support to everyone. One size does not fit all. IT managers should segment users based on difference in roles, responsibilities, and information and application access requirements. The IT organization can increase workers’ effectiveness by giving them support that better fits their individual needs.
– Stop Trying to Provide Everything — The IT organization should admit that it can no longer compete with the Web in providing many personal and social tools. The IT organization should define what it is really good at, and for other activities, play the role of advisor and facilitator. It should no longer assume responsibility for supporting and managing all IT systems that workers use. Users must take personal responsibility for experimenting with new software and communities.
“For the IT organization, the greatest consequence of the five trends may be that — for better or for worse — they will give business units and selected users more independence to set their own IT direction. In addition, business models, marketing and distribution will shift radically,” Mr. Austin said. “As a result, companies will embrace some powerful new ways of using IT to implement their business strategy.”
2007 Ozone Hole ‘Smaller Than Usual’
by: Jerry Liao
Let us take break from our usual tech stories and give way to a similarly important issue that will greatly impact mankind, and this is the deterioration of our ozone layer. What is ozone exactly and why is it important?
Ozone is a protective layer found about 25 km above us mostly in the stratospheric stratum of the atmosphere that acts as a sunlight filter shielding life on Earth from harmful ultraviolet rays. Over the last decade the ozone layer has thinned by about 0.3% per year on a global scale, increasing the risk of skin cancer, cataracts and harm to marine life.
The thinning of the ozone is caused by the presence of ozone destructing gases in the atmosphere such as chlorine and bromine, originating from man-made products like chlorofluorocarbons (CFCs), which have still not vanished from the air but are on the decline as they are banned under the Montreal Protocol, which was signed on 16 September 1987.
I don’t know if this could be considered a good news but just recently a study was made and the reported indicated that the ozone hole over Antarctica has shrunk 30 percent as compared to last year’s record size. According to measurements made by ESA’s Envisat satellite, this year’s ozone loss peaked at 27.7 million tonnes, compared to the 2006 record ozone loss of 40 million tonnes.
Ozone loss is derived by measuring the area and the depth of the ozone hole. The area of this year’s ozone hole – where the ozone measures less than 220 Dobson Units – is 24.7 million sq km, roughly the size of North America, and the minimum value of the ozone layer is around 120 Dobson Units.
A Dobson Unit is a unit of measurement that describes the thickness of the ozone layer in a column directly above the location being measured. For instance, if an ozone column of 300 Dobson Units is compressed to 0º C and 1 atmosphere (the pressure at the Earth’s surface) and spread out evenly over the area, it would form a slab of ozone approximately 3mm thick.
Scientists say this year’s smaller hole – a thinning in the ozone layer over the South Pole – is due to natural variations in temperature and atmospheric dynamics (illustrated in the time series to the right) and is not indicative of a long-term trend.
“Although the hole is somewhat smaller than usual, we cannot conclude from this that the ozone layer is recovering already,” Ronald van der A, a senior project scientist at Royal Dutch Meteorological Institute (KNMI), said.
“This year’s ozone hole was less centred on the South Pole as in other years, which allowed it to mix with warmer air, reducing the growth of the hole because ozone is depleted at temperatures less than -78 degrees Celsius.”
During the southern hemisphere winter, the atmospheric mass above the Antarctic continent is kept cut off from exchanges with mid-latitude air by prevailing winds known as the polar vortex. This leads to very low temperatures, and in the cold and continuous darkness of this season, polar stratospheric clouds are formed that contain chlorine.
As the polar spring arrives, the combination of returning sunlight and the presence of polar stratospheric clouds leads to splitting of chlorine compounds into highly ozone-reactive radicals that break ozone down into individual oxygen molecules. A single molecule of chlorine has the potential to break down thousands of molecules of ozone.
The ozone hole, first recogniZed in 1985, typically persists until November or December, when the winds surrounding the South Pole (polar vortex) weaken, and ozone-poor air inside the vortex is mixed with ozone-rich air outside it.
Let me reiterate that it is all our responsibility to take the best care of Mother Earth. Take care of it and we congratulate ourselves. Destroy it and we can only have ourselves to blame. In other words, whatever happen to it is in our hands. We are given a choice here – which one will we take?