IT and DNS attacks....

Few things can strike fear into the heart of the IT department like an attack on a company's Domain Name System servers. That may explain why companies are spending so much time to deploy myriad, complex security measures to keep their DNS protected from attackers.

A study released Wednesday of 465 IT and business professionals says despite the Sisyphean efforts, many companies remain vulnerable. More than half the respondents reported having fallen victim to some form of malware attack. More than one-third had been hit by a denial-of-service (DoS) attack, and more than 44% had experienced a pharming or cache-poisoning attack. External and internal DNS servers were equally vulnerable: Both types succumbed to attacks with roughly the same frequency, according to the study by Mazerov Research and Consulting.

A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites, and in some cases even could cause havoc with directory services and e-mail, said Paul Mockapetris, the father of the DNS technology, in a Network World story earlier this year. "Once you control the DNS server, you have license to do phishing and pharming attacks and mislead all the users of that DNS server," said Mockapetris, who in 1983 proposed the DNS architecture and is acknowledged, along with the late Jon Postel, as the technology's inventor.

According to the Mazerov study, DoS attacks are prevalent among the respondents, with only 16% never having experienced one, although more than 10% said they often or frequently receive DoS attacks to their network. What also is interesting is that, while a total of 59% of respondents rarely or never experience DoS attacks, a surprisingly high 41% experience them. The study found that the top forms of DNS attack are malware (worms, viruses, Trojans and so forth), 68%; denial of service, 48%; cache poisoning, 36%; and pharming, 23%.

The patching game seems to be the method of choice for protecting DNS. Three-quarters of all respondents devote valuable resources to patching their operating systems continuously. Others reported having to harden operating systems; invest in dedicated firewalls; and add DNS appliances, DoS mitigation services and other network security devices. On average, respondents typically used at least 3.5 overlapping methods simultaneously to shore up their DNS security.

The study also looked at how long respondents' companies could weather DNS being taken offline before significant problems occurred, IT personnel were more sensitive to the issue than those occupying C-suites. According to the study, C-level executives estimated they could withstand losing Internet connectivity for slightly more than two hours (126 minutes), whereas IT managers estimated significant problems would arise after 105 minutes. Other IT personnel -- who may be most directly responsible for maintaining Internet uptime -- estimated an even shorter time frame -- an average of 72 minutes.

Respondents also were asked to assess what the probable impact would be on the health of their company if they were to experience a loss of Internet connectivity for a significant period of time. Maybe most alarming was that 12% of participants claimed they would be extremely or somewhat likely to go out of business completely, the study said.

Read more...

Google Expands its Code Search Site

Google has updated its Google Code Search site for finding publicly available source code, adding greater coverage and improvements in ranking and access.

Launched in October 2006, Google Code Search enables developers to locate source code on the Web, searching through billions of lines of code.

"Today we made some updates to Code Search that will hopefully make it even easier to find the code you're looking for," said Google software engineer Aleksander Fedorynski in a blog entry Thursday about the improvements.

Coverage capabilities now include indexing of individual files and code snippets from all over the Web, Google said. Previously, only complete archives, such as .zip,.tar, and repositories, including CVS and Subversion, were indexed.

To improve ranking, Google has amended Code Search so class and method definitions now appear closer to the top of search results for certain queries.
Also, users now can access Code Search through several international domains, including Brazil, China, France, and Russia.

Right after the launch, Google's Code Search was criticized as a potential resource for hackers looking to find bugs, password information, and proprietary code.

Read more...

Online Classes and Online Cheating

The number of college students taking courses online is surging, creating a dilemma for educators who want to prevent cheating.

Do you trust students to take an exam on their own computer from home or work, even though it may be easy to sneak a peek at the textbook? Or do you force them to trek to a proctored test center, detracting from the convenience that drew them to online classes in the first place?

The dilemma is one reason many online programs do little testing at all. But some new technology that places a camera inside students' homes may be the way of the future - as long as students don't find it too creepy.

This fall, Troy University in Alabama will begin rolling out the new camera technology for many of its approximately 11,000 online students, about a third of whom are at U.S. military installations around the world.

The $125 device, made by Cambridge, Mass.-based Software Secure, is similar in many respects to other test-taking software. It locks down a computer while the test is being taken, preventing students from searching files or the Internet. The latest version also includes fingerprint authentication, to help ensure the person taking the test isn't a ringer.

But the new development is a small Webcam and microphone that is set up where a student takes the exam. The camera points into a reflective ball, which allows it to capture a full 360-degree image. (The first prototype was made with a Christmas ornament.)

When the exam begins, the device records audio and video. Software detects significant noises and motions and flags them in the recording. An instructor can go back and watch only the portions flagged by the software to see if anything untoward is going on - a student making a phone call, leaving the room - and if there is a sudden surge in performance afterward.

The inventors admit it's far from a perfect defense against a determined cheater. But a human test proctor isn't necessarily better. And the camera at least "ensures that those people that are taking classes at a distance are on a level playing field," said Douglas Winneg, Software Secure's president and chief executive.

Troy graduate students will start using the device starting this fall, and undergraduates a year later.

Read more...

Apple Sells 1 of every 7 notebooks in US

Apple got help from the update to its MacBook laptops to push its share of the laptop market in the U.S. up nearly two points in May, to 14.3%, a research firm said today. According to NPD's data, the laptop "bounce" was 14% month-over-month.

The May boost put Apple's laptops in fourth place, behind Hewlett Packard Co., Toshiba Corp. and Gateway Inc., and moved its combined laptop-desktop sales share from 11.6% in April to 13% last month. In retail-only, Apple showed a slightly smaller increase, from 9.6% to 10.8%.

NPD collects its sales data primarily from retail point-of-sale sources, and excludes most online and all direct sales.

Desktop sales, meanwhile, continued to stagnate, although there too, Apple has an advantage.
Desktops sales are declining, but [Apple's] are declining a little less than others. Apple's desktop machines -- the all-in-one iMac, Mac Mini, and Mac Pro -- accounted for 10.4% of all desktop sales in May, a small increase from April's 10.2%.

Laptop sales are hitting a couple of plateaus that even Apple won't escape. ASPs [average sales prices] have flattened out, and are pretty stable now month to month.

Read more...

Top 100 Best Places to work in IT

Computerworld gives an excellent article about the 100 Best Places to work in IT. These are rankings for 2007.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9024364

Read more...