New software lets businesses track employee Facebook, Twitter activity

Social Sentry, debuted at DEMO, detects confidential information in public posts

By Jon Brodkin, Network World, March 24, 2010 09:17 AM ET

Facebook and Twitter users should probably just assume that what they post publicly is being monitored by their employer.
If your privacy settings don’t limit content to friends only, anyone can search Google or the social networking sites themselves to see what you’re writing. Granted, that can be a tedious process that an employer may not want to bother with – but now it’s becoming easier for businesses to monitor social networking activity.

At DEMO, a company called Teneros demonstrated a new software-as-a-service product called Social Sentry that automates the process of examining employee activity on social networking sites.

25 awesome tech products at DEMO

The point isn’t necessarily to see how much time employees are spending on Facebook and Twitter while they’re supposed to be working. Rather, the software monitors all public social networking activity in case employees reveal confidential information or make statements that could be damaging to the company’s brand.

Read the full article at NetworkWorld.com

#002 Certification Weekly by CED Solutions produced by Chris Pope from The Tech Jives Network

3/25/10 “Sharepoint “Twenty Ten” ” Certification Weekly is a weekly podcast that includes valuable information about all of the latest and greatest Certifications that are available in the Technology field! By CED Solutions / TechJives.net

Wikipedia back up after server meltdown

Posted by: 
Filed under: Internet

[UPDATE: It appeared that Wikipedia was back online as of about 4:30 p.m. ET.]

Wikipedia was offline Wednesday afternoon after an overheating problem at the online encyclopedia’s European data center.

Wikipedia’s technical blog said the site’s servers shut themselves down to avoid damage from the heat.

Administrators tried to shift traffic to a cluster of servers in Florida, but “it turned out that this failover mechanism was now broken, causing the DNS resolution of Wikimedia sites to stop working globally,” according to the blog.

Read the full story at CNN’s SciTechBlog

Tips for crafting a great workplace IT security awareness program

Topics that hit home, such as identity theft and monitoring kids’ online activities, can engage employees on the topic of IT security

By Bob Brown, Network World, March 24, 2010 05:36 PM ET

Selling information security awareness to employees can be like “pushing the Queen Mary up Mt. Everest on the best of days,” says Jay Carter, director of information security for the faculty of arts and sciences at Harvard University. But that hasn’t stopped him from trying over the years, and he has success stories to share.

He did so at the SecureWorld Boston conference Wednesday, alongside co-panelist Michael Ste. Marie, information security analyst for Federal Home Loan Bank of Boston.

Carter says he has established an advisory council with faculty and staff at Harvard to ensure end users’ concerns are addressed in establishing security policies. “I can’t overstate the importance of establishing a two-way dialogue with your community,” he says.

Carter schedules regular meetings to update end users on security .policy issues and to re-emphasize major points. He has also printed up Information Security 101 brochures featuring a custom logo featuring Harvard’s emblem secured with a lock and key, which he says is part of a consistent branding effort.

Read more at NetworkWorld.com

Microsoft OCS update promises to replace PBX

Communications Server “14” could help companies move of aging legacy systems

By Denise Dubie, Network World, March 24, 2010 04:08 PM ET

Microsoft unveiled its updated unified communications software that the company says will help customers move off PBX systems, but industry watchers wonder if the previewed Communications Server “14” will integrate with more than just Microsoft-approved software and hardware.

Vendors ally with Microsoft at VoiceCon

“Obviously this release has been much-anticipated. The industry was waiting for the release when OCS became a full PBX replacement,” says Zeus Kerravala, an analyst at Yankee Group. “Microsoft has a good vision of where they want to take this industry, and it is similar to other vendors like Cisco, except Microsoft will argue they don’t make the hardware. Yet the company does dictate with which hardware the unified communications software will work, and it’s only a handful like Polycom.”

Microsoft Wednesday introduced its updated Office Communications Server – code-named Communications Server “14” — at VoiceCon Orlando 2010, and company executives demonstrated during a keynote presentation there how the next version of Microsoft Office Communication Server integrates with applications such as SharePoint, Exchange and Office. Gurdeep Singh Pall, corporate vice president of Microsoft’s Unified Communications Group said during the keynote address that the company’s updated unified communications software, Communications Server “14,” will provide IT organizations with the next-generation platform on which to collaborate with voice and video applications as well as a simple, cost-effective alternative to aging PBX systems.

Read the full article at NetworkWorld.com

Mozilla discloses more Firefox flaws

By Gregg Keizer March 24, 2010 04:07 PM ET

Information on some unpatched vulnerabilities now available to the public

Computerworld – Mozilla patched more than one vulnerability in Firefox when it updated the browser to version 3.6.2 on Monday, the company confirmed today.

A total of 10 flaws were fixed in Firefox 3.6.2, according to Mozilla’s security advisory page, but details of at least three that also affect the older Firefox 3.0 and Firefox 3.5 browsers have been released before the company has patched those versions. Mozilla is scheduled to ship the updates, Firefox 3.0.19 and Firefox 3.5.9, next Monday, March 30.

Mozilla accelerated the release of Firefox 3.6.2 because a Russian researcher had announced a critical vulnerability in how the browser decodes the Web Open Font Format (WOFF), a Web-based font standard. Only Firefox 3.6 supports WOFF.

Read more at Computerworld.com

iPhone, Safari, IE8, Firefox all fall on day one of Pwn2Own

By Gregg Keizer March 24, 2010 08:42 pm ET

‘Technically impressive’ exploit of IE8 bypasses DEP, ASLR on Windows 7 at hacking contest

Computerworld – Hackers took down Apple‘s iPhone and Safari browser,Microsoft‘s Internet Explore 8 (IE8) and Mozilla’s Firefox within minutes at today’s Pwn2Own contest, as expected.

The two-man team of Vincenzo Iozzo and Ralf-Philipp Weinmann exploited the iPhone in under five minutes, said a spokeswoman for 3Com TippingPoint, the security company that sponsored the contest. The pair also walked away with $15,000 in cash, a record prize for the challenge, which is in its fourth year.

Iozzo, an Italian college student, works for Zynamics GmbH, the company headed by noted researcher Thomas Dullien, better known as Halvar Flake, while Weinmann is a post-doctoral researcher at the Laboratory of Algorithms, Cryptology and Security at the University of Luxembourg.

Read the full article at Computerworld.com

Zayo Group Announces Acquisition of AGL Networks Telecommunications Business

LOUISVILLE, Colo., March 24 /PRNewswire/ — Zayo Group, LLC, a provider of Bandwidth Infrastructure and Network Neutral Colocation services, announced today that it has reached a definitive agreement to purchase AGL Networks.  

Upon close of the transaction, Zayo will acquire 100% of the ownership interest of AGL Networks and thus take over ownership and operation of the existing network of more than 795 route miles and 182,000 fiber miles. AGL Networks provides Bandwidth Infrastructure services to customers primarily in Georgia, Arizona, and North Carolina.

“AGL Networks has amassed impressive regional fiber networks and a solid base of customers,” stated Dan Caruso, President and CEO of Zayo Group.  “Zayo Group will continue to support these customers while also offering them similar services on Zayo’s existing network.”

Read more at Breitbart.com

Another US Internet company pulls back in China

By Joelle Tessler, AP Technology Writer – Wed Mar 24, 8:20 pm ET

WASHINGTON – Two U.S. companies that sell Internet addresses to Web sites said Wednesday they had stopped registering new domain names in China because the Chinese government has begun demanding pictures and other identification documents from their customers.

One of the domain name companies, Go Daddy Inc., announced its change in policy at a congressional hearing that was largely devoted to Google Inc.’s announcement Monday that it will no longer censor Internet search results in China.

Christine Jones, executive vice president and general counsel of Go Daddy, said the company’s decision was not a reaction to Google but instead reflects its concern about the security of its customers and “the chilling effect” of the new Chinese government requirements.

“We just made a decision that we didn’t want to act as an agent of the Chinese government,” Jones told lawmakers.

Read the full article at Yahoo! News.

Law Enforcement Appliance Subverts SSL

By Ryan Singel March 24, 2010 1:55 pm Categories: Surveillance, Threats

That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means.

Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s certificate to verify its authenticity.

At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications — without breaking the encryption — by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.

The attack is a classic man-in-the-middle attack, where Alice thinks she is talking directly to Bob, but instead Mallory found a way to get in the middle and pass the messages back and forth without Alice or Bob knowing she was there.

The existence of a marketed product indicates the vulnerability is likely being exploited by more than just information-hungry governments, according to leading encryption expert Matt Blaze, a computer science professor at University of Pennsylvania.

Read the full article at Wired.com/threatlevel