Google To Defenestrate Windows

"Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees.

"The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.

"`We’re not doing any more Windows. It is a security effort,` said one Google employee.

"`Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,` said another.

"New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. `Linux is open source and we feel good about it,` said one employee. `Microsoft we don’t feel so good about.`"

More at FT.com...

Tax Dollars To Fund Government Time-Waster

"Federal employees and managers will be able to meet, interact, train and learn together in a government-only online virtual world being created in the vGov project.

"The Agriculture and Homeland Security departments, Air Force and National Defense University iCollege have joined to create the vGov virtual world behind a secure firewall that can only be accessed by federal employees with authenticated identities.

"Paulette Robinson, assistant dean for teaching, learning and technology at the iCollege, said at the Gov 2.0 Expo today the project will use the three-dimensional immersive experience of virtual worlds to bring employees together from locations worldwide for real-time interactions. People will use avatars to appear in the virtual world, where they can chat with other avatars and interact with the environment."

More at Federal Computer Weekly...

Tech CEOs Play Fiddle While Rome Burns

"Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, a professional services firm, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited.

"Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55 percent of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44 percent of the companies, putting it at 23rd on the list..."

More at NetworkWorld...

Treasury Department Web Sites PWN3D

"The Treasury Department has taken offline four public Web sites for the Bureau of Engraving and Printing after the discovery Monday of malicious code on a parent site.

"The bureau began using a third-party cloud service provider to host the sites last year, it said Tuesday in a statement about the incident. “The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected,” the statement said. The Treasury Government Security Operations Center was alerted to the problem and notified the bureau, which responded by taking the sites offline."

More at Government Computer News...

Proxies Not Secure? duh.

"A widely used proxy service thought to provide anonymous Web surfing and used to skirt network administrator bans on access to sites like Facebook frequently reveals sensitive information about its users, according to a Swiss security researcher.

"Glype is a small bit of PHP code that routes requests for Web pages through other Web pages running its software, said the researcher, who runs the Swiss Security Blog and the Zeus Tracker project. He prefers to remain anonymous.

"The Glype code allows someone to, for example, access Facebook at work even if that page is blocked, as it appears the traffic is coming from the Web page running the proxy. Many companies now block sites such as Facebook.

"Glype's code is free, and anyone can install it on their Web page. But Glype is frequently misconfigured, the researcher said. It allow someone running a Glype proxy to turn on a log, which shows the IP (Internet protocol) address of the user, what site they requested and the time.

"Many of those people running a Glype proxy have not turned that logging function off, and worse yet, made it Web facing, meaning that URLs can be manipulated to reveal full logs.

"The researcher checked about 20 Glype proxies, found 1,700 logs files and more than one million unique IP addresses. `There are dozens of such 'insecure' proxies out there,` he said via instant message on Friday..."

From TechWorld...