The First Rule Of Govt. Info Security...

"Last week, Pennsylvania’s chief information security officer Robert Maley was at an information security conference in San Francisco talking about a hacking incident involving PennDOT’s computers. This week, Maley is gone.

"Gary Tuma, Gov. Ed Rendell’s press secretary, confirmed that Maley is no longer employed by the state, but he declined to comment further, saying it is a personnel matter.

"Attempts to contact Maley yesterday were unsuccessful.

"Danielle Klinger, a spokeswoman for the state Department of Transportation, said the agency is not aware of any hacking or breach that occurred involving scheduling system for its driving test. However, she said that a few weeks ago, `we did discover an anomaly and we have actually turned that over to [the state police] for further investigation. We’re not sure what that anomaly is, but it is being investigated. Unfortunately, I can’t provide any more details on it.`"

More at PennLive.com...

GARTNER SEZ: Get A REAL Job

"Cloud computing will become so pervasive that by 2012, one out of five businesses will own no IT assets at all, the analyst firm Gartner is predicting.

"The shift toward cloud services hosted outside the enterprise's firewall will necessitate a major shift in the IT hardware markets, and shrink IT staff, Gartner said.

"`The need for computing hardware, either in a data center or on an employee's desk, will not go away,` Gartner said. `However, if the ownership of hardware shifts to third parties, then there will be major shifts throughout every facet of the IT hardware industry. For example, enterprise IT budgets will either be shrunk or reallocated to more-strategic projects; enterprise IT staff will either be reduced or reskilled to meet new requirements, and/or hardware distribution will have to change radically to meet the requirements of the new IT hardware buying points.`

"If Gartner is correct, the shift will have serious implications for IT professionals, but presumably many new jobs would be created in order to build the next wave of cloud services...."

From NetworkWorld...

Employed Programmers Can Be Crooks, Too

"Two computer programmers who worked for Bernard L. Madoff’s investment firm were accused Friday of helping to cover up the giant Ponzi scheme for more than 15 years.

"In a statement, the United States attorney’s office in Manhattan said the two programmers — Jerome O’Hara, 46, of Malverne, N.Y., and George Perez, 43, of East Brunswick, N.J. — were arrested Friday at their homes.

"The complaint accuses the two men of providing the technical support needed to produce false documents and trading records in defrauding investors in Bernard L. Madoff Investment Securities of billions of dollars.

"Jerome O’Hara and George Perez allegedly helped construct Bernie Madoff’s house of cards. The computer codes and random algorithms they allegedly designed served to deceive investors and regulators and concealed Madoff’s crimes,` Preet Bharara, the United States attorney for the Southern District of New York, said in a statement.

"In addition, Joseph M. Demarest Jr., the assistant director in charge of the F.B.I.’s New York office, said that when the two men told Mr. Madoff `they would no longer lie for him,` they were paid to keep the scheme quiet."

From The New York Times...

Surge In Security Newbs Predicted

"IT professionals are placing their bets on security as they plot their next career moves, according to a new study published earlier today.

"The survey of more than 1,500 IT workers, which was conducted by the IT trade association CompTIA, found that 37 percent intend to pursue a security certification over the next five years. Another 18 percent of IT workers said they will seek ethical hacking certifications during the same time period, while 13 percent identified forensics as their next certification target.

"`Given the growing reach of security, with threats becoming more pervasive and dangerous and with no business or industry immune to those threats, it makes sense that many IT professionals view this as a must-have for career advancement,` said Terry Erdle, senior vice president, skills certifications for CompTIA."

More at DarkReading...

Not All Unemployed IT Workers Turn To Cybercrime

"A man who died in a suspected murder-suicide in Mooresville recently lost his UNC Charlotte computer job to state budget cuts after more than a decade working at the university, according to a statement from the school.

"A law enforcement official said Monday evidence suggests one of the parents was involved in the quadruple shooting early Sunday and died from a self-inflicted gun shot wound. The shooting also left the couple's two adult sons in critical condition.

"Iredell Sheriff's Capt. Darren Campbell, the lead investigator, wouldn't say which parent was suspected, saying investigators would wait for initial autopsy reports this week before releasing details.

"He said `nothing stands out` in the family history that might readily explain the violence. The family members do not have criminal records in North Carolina, and police said they hadn't been summoned to the house before.

"Public records and interviews with neighbors indicate the four family members were living in the same home where the shooting occurred, at 130 Peninsula Drive, about a half-mile from Lake Norman.

"Douglas Alan Thomas Sr., 57, and his wife, Linda Malone Thomas, also 57, died in the shooting spree. The sons, Douglas Alan Thomas Jr., 28, and Christian Edward Thomas, 25, underwent emergency surgery Sunday at Carolinas Medical Center.

"UNCC Chancellor Phil Dubois didn't immediately respond to a request for comment Monday.

"But a UNCC spokesman said Monday that Douglas Thomas Sr. lost his job Aug. 31 as a networking specialist in the school's Department of Information & Technology Services. He was one of only 15 university employees laid off by budget cuts and departmental reorganizations.

"A state salary database from May showed he was earning an annual salary of $81,070."

From the Charlotte Observer...

IT Employee Of The Week

"In a twist of Alanis Morrissettian irony, a man serving a six-year prison sentence for stealing millions of dollars through online credit card fraud recently succeeded in (surprise!) hacking into his prison's computer network, effectively paralyzing the entire system. The really incomprehensible part, though, is that officials at Ranby Prison, close to Retford, Nottinghamshire, England, gave him access to the computer.

"Apparently in dire need of an internal TV station at the facility, officers decided against hiring a third party (e.g., not a convicted hacker) to set up the system. They instead opted to keep the operation in (the Big) house, delegating the duty to one Douglas Havard. So, as convicted hackers are wont to do, Havard, left unguarded, worked his way into the prison's hard drive, and set up a labyrinth of passwords to lock everyone else out of the system....."

More at switched.com...

Unemployed IT Worker Of The Month

"A 29-year-old software engineer who was laid off four months back hanged himself last night, apparently fed up with his joblessness.

"Police said Sachin B. Khandewar, who hailed from Sholapur in Maharashtra and had been working in a city firm, hanged himself from the ceiling fan at his aunt’s house in the Kacheguda area.

"He left behind a suicide note addressed to the police saying his `unsuccessful career` had forced him to take the dire step, the police said.

"`I am bored of this meaningless and useless life. My unsuccessful career is the cause of my death. Nobody is responsible for it,` the note said."

More...

Anonymous Bloggers At Risk

"The Internet has become a great soapbox for ordinary citizens, but there is increasing controversy around the trend of anonymous political blogging. In 2006, it was estimated that 55 percent of American bloggers post under a pseudonym. But along with the explosion of anonymous blogs has come a whole host of problems. Some bloggers have used their anonymity to spread false information without ramifications. Others have used it to launch personal attacks against friend and foe alike.

"This has led to appeals from all over the political spectrum for regulation. Some blogging platform providers such as Tumblr are taking action on their own and shutting down anonymous blogs. The European Union entertained a proposal last fall to prohibit anonymous blogs. In the U.S., some have asked that the FCC categorize anonymous political blogs under campaign finance laws subject to regulation...

More at The American Spectator...

Brit Twit Quits

"A magistrate has resigned from the bench following a complaint about his use of the Twitter network.

"IT consultant Steve Molyneux, from Telford, Shropshire, posted messages on the social networking site about cases at the town's magistrates' court.

"He said everything he reported on Twitter had already been said in open court and he had done nothing illegal.

"Mr Molyneux said he had been making use of the latest technology to bring `transparency` to the judicial system."

From the BBC...

Unemployed IT Worker Of The Week

"An IT administrator faces up to five years in prison after he tried to extort money from his former employers by threatening to crash the company’s servers.

"Viktor Savtyrev, 29, pleaded guilty to extortion after he threatened his former employers with computer crashes. He also threatened to enlist Eastern European hackers to launch attacks against his former employer, New York investment firm Third Avenue Management.

"`My comrades for a small fee are able to help me out with bridging the firewall security and carry out data destruction and virus outbreak,` Savtyrev wrote in an e-mail to the company, according to the complaint.

"`I located the names and e-mail addresses of the editors of Wall Street Journal, Newsweek and the Daily News and all of them should be very interested in getting an article about a mutual fund (losing) data because some 'Crazy Russian' (this is the name of the article which I wrote last night), was fired after 5 years of loyal service.`

"Savtyrev was laid off in November but was reportedly upset at the parsimonious nature of his severance package. He told his employers that he wanted more money, better medical coverage and `excellent references,` or he would take action.

"However, Savtyrev made a serious mistake in putting his demands down in an email to directors, who promptly handed it over to the FBI, who arrested him within days."

From vnunet.com...

Another "Study" Jumps On The Anti-IT Bandwagon

"Enterprises increasingly worry that their employees may be more willing to steal data or sell insider knowledge because of the poor economy, according to an annual security survey conducted by KPMG International.

"Sixty-six percent of respondents felt that out-of-work IT staffers would be tempted to join the criminal underground, driven in part by threats to bonuses, job losses and worthless stock options.

"The E-crime Survey 2009, presented at the E-Crime Congress in London on Tuesday, surveyed 307 private companies, government organizations and law enforcement agencies.

"In the survey, KPMG said that fraud committed by managers, employees and customers tripled last year in comparison with 2007, which indicates that the recession will likely only exacerbate those problems..."

More lies at ComputerWorld...

Non-IT Worker Destroys Data Just For Funsies

"A promising engineering student who deliberately deleted crucial information from his employer's computer backup systems cost the company hundreds of thousands of dollars in lost business and data recovery.

"Gareth Pert, 23, nearly crippled Hamilton business Progressive Hydraulics while acting out of `pure vindictiveness`, said company director Rodney Sharp.

"And Sharp has warned other employers they stand to lose their life's work if they trust new staff and don't tighten computer security systems..."

Read more at stuff.co.nz...

McAfee Jumps On Anti-IT Worker Bandwagon

"If you think the IT guy at work is annoying now -- does he really have to roll his eyes when you ask him where to find to the power switch? -- just wait until he steals $5 million dollars from the company.

"As the recession unfolds and companies lay off an increasing number of employees, firms face a new and growing threat in the form of disgruntled technology workers with access to a corporation's best-kept secrets.

"Theft of intellectual property, fraud and damage of corporate networks cost corporations over a $1 trillion globally in 2008, according to a recent report by the security firm McAfee..."

More at ABC News...

Microsoft Jumps On "Evil Unemployed IT Worker" Bandwagon

"The world's biggest software maker has warned companies to expect an increase in `insider` security attacks by disgruntled, laid-off workers.

"Microsoft said so-called `malicious insider` breaches are on the rise and will worsen in the present downturn.

"`With 1.5 million predicted job losses in the US alone, there's an increased risk and exposure to these attacks,` said Microsoft's Doug Leland.

"`This is one of the most significant threats companies face,` he said."

More at BBC News...

Big Surprise: Employees Abuse Internet

"FaceTime Communications says employee Web 2.0 usage in corporate networks has exceeded IT Managers estimates by over 10 times. The company has cited actual network data from usage of apps like Instant Messaging,IPTV, VoIP and Social Networking...

"The company collected traffic data from the USG units deployed in web based companies around the world and compared it over the data (the amount of Web 2.0 applications in the establishment) they had requested from the IT Managers in those companies. One third of the managers estimated the number at less than eight. In reality, FaceTime's actual network data had shown an average of 49 Web 2.0 applications installed across all reporting locations.

"According to the company, the reason for such a rise in Web 2.0 apps is that employees are under the impression that they have the right to download and use any app available to them to make their jobs easier."

More at TCMnet.com...

Hey Now I'm A Rock Star

"Security practitioners used to be seen as propeller-hat wearing introverts hunched over computers in dark, cold basements for weeks on end, shunning daylight and anyone who tried to start a conversation with them. But times have changed.

"Thanks to the blogosphere, social networking sites and podcasting made easy, many security pros are taking on a much more public persona, becoming near-rock stars. Evidence of this can be seen in abundance at the ShmooCon 2009 security gathering in the nation's capital this weekend.

"One example was a Friday lunch gathering of the Security Twits -- a growing group of security pros who communicate with each other and the rest of the world via the Twitter micro blogging site. Another example was an evening meet-up of security podcasters.

"True, many security pros still prefer the quiet, isolated life. It's also true that the introvert tag was never a fair fit for many people. But several conference attendees acknowledged theirs has become a much more public profession. It's a necessity, they say. To truly improve security, people need to be out there communicating the threats computer users face and how to take the proper defenses..."

More at CSO.com...

H(1B) Bomb Defused at Fannie Mae

"A logic bomb allegedly planted by a former engineer at mortgage finance company Fannie Mae last fall would have decimated all 4,000 servers at the company, causing millions of dollars in damage and shutting down Fannie Mae for a least a week, prosecutors say.

"Unix engineer Rajendrasinh Babubha Makwana, 35, was indicted Tuesday in federal court in Maryland on a single count of computer sabotage for allegedly writing and planting the malicious code on Oct. 24, the day he was fired from his job. The malware had been set to detonate at 9:00 a.m. on Jan. 31, but was instead discovered by another engineer five days after it was planted, according to court records.

"Makwana, an Indian national, was an employee of technology consulting firm OmniTech, but he worked full time on-site at Fannie Mae's massive data center in Urbana, Maryland, for three years."

More at Wired...

IBM Swings The Big Blue Axe

"According to a recent article on the Associated Press, IBM is said to have cut thousands of jobs, without the company officially announcing any specific and official details. The layoffs are reported to be part of the company's ongoing plan to save costs amid the current low global economy.

"IBM is said to have cut approximately 4000 jobs (according to some reports) over the past week. The company's sales, software and hardware divisions are reported to have suffered from personnel reductions. The Armonk, N.Y-based company claims that the job cuts are just part of its ongoing efforts to monitor costs. However, it won't release any specific numbers, as it doesn't have to reveal the number of jobs it is cutting, according to the Securities and Exchange Commission regulations, which requires companies to disclose only “material” events. Even so, layoffs are reported at several of the company's locations, including Tucson, Ariz., San Jose, Calif., Rochester, Minn., Research Triangle Park, N.C., East Fishkill, N.Y., Austin, Texas, and Burlington, Vt..."

Source: Softpedia...

PC Makers: Sux 2 B Us

"Shrinking demand has taken a heavy toll on pc makers globally. The outlook for 2009 seems gloomier as US companies prepare for further tightening of IT budget amid deepening recession.

"Recently, Acer, the world's third largest PC maker, warned that its sales will decline in the fourth quarter, after previously forecasting a robust holiday season. The company expects fourth quarter revenue to slip 5% to 10% compared to the same period a year ago, due to `overall market situation.` The company said that motherboard shipments in fourth quarter plunged 20%, much worse than its own estimate of 10%."

More doom, gloom at iStockAnalyst...

IT Loser of the Week

"A former sys admin at Medco Health Solutions, a US prescription management and health information firm, has been jailed for 30 months over a failed attempt to destroy its systems using a `logic bomb` computer virus.

"Yung-Hsun Lin, 51, of Montville, New Jersey, was sentenced this week after earlier pleading guilty to booby-trapping systems at Medco.

"Yung-Hsun was also ordered to pay $81,200 in compensation to his former employer at a hearing before US District Judge Jose Linares, the New Jersey Star-Ledger adds.

"Yung-Hsun had feared he might lose his job after the firm's spin-off from Merck, and set the 'bomb' to go off after his expected departure."

More at The Register...