TechWatchSM For IT pros

If you are having difficulty seeing this mail or images in it, you can view it in your Web browser. Volume 6, Issue 8      In This Issue:   What’s with all this spam?   Next year’s seasonal clock changes will send IT managers running   DHS: A key to detecting malicious email   Microsoft lays out Longhorn, PowerShell & application management roadmaps   Pimp your mouse   With IE 7, green means go for legit sites   Zune moving at slow tempo   Intel’s quad-core processors go live   2006 (10) worst political mishaps [Photo’s]   Dems score with better data   AOL upgrades AIM with offline messaging, chat logs   Security group ranks human error as top security worry   Dell buys IT security firm to ease Vista upgrades   Five of anything ice breaker   Job interview tips: How to interview potential employees   Ask the right (Interview) question   The quiet leader – and how to be one   What’s to be done about performance reviews   Is the boss reading your email?   Salary survey 2006: Hot skills, Hot pay   Truth, lies and caller ID   The new open sourcing   Surprisingly healthy foods What's with all this spam? Net Worth How does your pay stack up? Find out with our 2006 Salary Calculator. Unwanted e-mail levels 'shot up like crazy'; image spam partly to blame, say experts. Researchers and IT managers are confirming security vendors’ claims that spam levels have spiked in the past month – some say by as much as 80 % -- and show no signs of decreasing. “There are enormous amounts of spam; it’s shot up like crazy since the beginning of October,” says John Levine, president of consulting firm Taughannock Networks and co-chair of the Internet Research Task Force's Anti-Spam Research Group, who operates a number of e-mail addresses that aren’t filtered for spam. “Earlier this year I was seeing about 50,000 spam messages a day, now I’m seeing 100,000.” Levine’s assumption is this spike in spam levels is a result of a new generation of viruses and zombies that can infect PCs more quickly and are harder to get rid of. In its October report, messaging security vendor MessageLabs says the spike is largely due to two Trojan programs, Warezov and SpamThru. Others say a new breed of spam messages called image spam -- messages with text embedded in an image file that evade spam filters, which can’t recognize the words inside the image -- is responsible. At North Shore-LIJ Heath System, a network of hospitals based in Great Neck, N.Y., with about 12,000 e-mail users, there’s been an... Read the article.  Back to top Next year’s seasonal clock changes will send IT managers running Shades of Y2K when the clocks change in the spring and fall. In the United States and the United Kingdom we’ve just recently come through the transition from Daylight Saving Time (“Summer Time” to some of you) back to “standard” time. Back in the early to mid 1980s, this change usually meant that network managers (or, if the IT staff was more than one person, the lowest ranking member) would spend a Sunday going from server to server, desktop to desktop changing the computers’ clocks. This would happen once in the spring and then again in the fall. But the date could - and would - vary from year to year so it was impossible to automate the task. About 20 years ago, the U.S. standardized on the first Sunday in April and the last Sunday in October as the dates to change. Soon thereafter, the Windows operating system knew to check the date and adjust the time on those occasions. That all changes next year. Starting in 2007, DST will begin on the second Sunday in March and end on the first Sunday in November. There will be patches for your server and desktop operating systems (and your laptops, palmtops and all the other Windows platforms) and the automated changes will continue to occur at the right time – provided you’ve patched your systems up to date by the beginning of March 2007. But there’s a trap lurking on most of your computers which, while not quite as serious as the old Y2K bug, will still be almost as annoying to overcome. And not only is it NOT Microsoft’s fault, but you can lay the blame directly at the feet of Sun... Read the article.  Back to top DHS: a key to detecting malicious e-mail Deceptive Header Screening threaten privacy, security. Spam, viruses and phishing attacks are a serious threat to your company's security and your customers' privacy. The most effective attacks are precisely targeted using traffic analysis, bulk message delivery, compromised Web hosts, surreptitiously installed key loggers and large doses of social engineering. To date, e-mail filtering has taken a conservative stance on identifying unwanted messages, accepting more unwanted messages for fear of losing real wanted messages to misidentification. But this practice opens a significant security hole. With the increasing volume and sophistication of e-mail-borne attacks, allowing any suspicious messages to reach downstream systems increases the risk to those systems. In a typical enterprise configuration, e-mail passes through several layers on its way to the desktop - the perimeter system, the content filtering layer and an antivirus layer. This model is dictated by the structure of e-mail inflows. The perimeter faces the largest volume of messages and traffic, as much as 90% of which is malicious, so filtering methods closest to the perimeter must be the fastest. Traffic shaping can identify unwanted traffic quickly while operating at or near wire speeds. Virus filtering requires a complex scan of each message, searching for malicious code hidden in multiple message parts. Because it is computationally expensive, it should be done after the other layers have removed everything they can. The outermost system can remove 50% of unwanted traffic, and content analysis can remove as much as 80% of the remainder, which leaves 10% of the original malicious traffic reaching antivirus and groupware systems... Read the article.  Back to top Microsoft lays out Longhorn, PowerShell and application management roadmaps Bob Muglia, senior vice president of the company's server and tools business lays out directions at IT Forum in Barcelona. On the heels of the completion of Vista and Office, Microsoft Tuesday opened its annual IT Forum conference by confirming the roadmap for the next beta of Longhorn Server, announcing the release of its long-awaited PowerShell command line tool, and unveiling a host of new and upcoming releases of platform and application management tools. The announcements were made by Bob Muglia, senior vice president of the company’s server and tools business, during his keynote speech at the conference in Barcelona, Spain. He also emphasized the management infrastructure Microsoft has been building over the past three years under its Dynamic Systems Initiative banner. Muglia said that Microsoft released for download its PowerShell command line interface and scripting environment, which is targeted at making it easier for IT administrators to manage their Windows environment from Exchange 2007 to Windows Server. PowerShell also works with System Center Operations Manager 2007, System Center Data Protection Manager V2, and System Center VirtualMachine. Muglia also said that Beta 3 of Longhorn Server, which will be the final beta for the server, is still slated for release in the first half of 2007. Microsoft plans to distribute the beta to a wider number of users than the 500,000 beta testers of Beta 2, which shipped in May. The final release of Longhorn is still on schedule for... Read the article.  Back to top Pimp your mouse If you've got a tired, old two-button mouse with a rollerball on the bottom, it's time to upgrade. Keith features three great mice to get you back in style... Watch the video  Back to top With IE 7, green means go for legit sites What’s EV SSL? EV SSL stands for Extended Validation Secure Socket Layer. These are SSL certificates just like those that allow encrypted connections between browsers and sites. The difference, though, is that the identity of each certificate holder has been verified. Requestors will be subject to a strict vetting process which all issuers must follow. Starting early next year, the address bar in Internet Explorer 7 will turn green when surfing to a legitimate Web site--but only in some cases, not all. The colored address bar is designed to be a sign that a specific site can be trusted, giving people the green light to carry out transactions there. It is a weapon in the fight against phishing scams, which use fraudulent Web sites. The idea is among the draft guidelines created by the CA Browser Forum, an organization comprised of companies that issue certificates for Web sites and major browser makers. Last week, Microsoft decided to adopt that draft version for IE 7, released last month. It plans to add the functionality in January. A primary concern is to... Read the article.  Back to top Zune moving at slow tempo Video: Zune zooms into CNET Editor James Kim got a chance to try out the music player before it hit shelves. Though Microsoft's answer to Apple Computer's iPod juggernaut officially went on sale nationwide Tuesday, the Zune wasn't exactly flying off the shelves in downtown San Francisco. At two retail outlets, the new media player wasn't even on the shelves. The Virgin Megastore near Union Square had them in stock, but the Zune display wasn't the right fit for the store's shelving. The players would be on sale "sometime this week" when new signage was scheduled to be delivered, said a store representative who declined to give his name... Read the article.  Back to top Intel's quad-core processors go live Intel will cap off a turnaround year on Tuesday with the expected introduction of its first quad-core processors, beating rival Advanced Micro Devices to the punch by several months. Originally scheduled to launch next year, the new Xeon 5300 and Core 2 Extreme QX6700 should make an immediate dent in servers and in high-end workstation/enthusiast PCs. In those markets, users can take advantage of software that's already been written to exploit four separate processing threads. The usual suspects plan to use Intel's chips in their latest products... Read the article.  Back to top Photos: 2006's (10) worst political mishaps No 10: Representative Katherine Harris (R-Fla.) plays Mrs. Robinson with a college reporter. Soon-to-be-former Congresswoman Katherine Harris made a name for herself as Florida's Secretary of State during the controversial 2000 presidential election. Characterized by outlandish statements about religion, abrupt staff shakeups, tight-fitting shirts, and questionable colors of eyeshadow, Rep. Harris was considered a longshot indeed in her (unsuccessful) bid to unseat Democratic Senator Bill Nelson this year. But she never lost her campaign trail spirit--or her charm, as was evident when photographer Stephen Elliott snapped some photos of the Senate hopeful conversing intimately with a college newspaper reporter this past April. According to political blog Wonkette, Elliott recounted to Majority Report Radio that Rep. Harris "sat (the reporter) down, sat next to him, and her foot was brushing... Read the article.  Back to top Dems score with better data DNC's Linux warehousing project delivered on '50-state strategy'. Behind every big success these days, there's probably some darned good IT making it happen. That appears to be the case in the surprising electoral victory by the Democratic Party last week. New data warehouse solutions commissioned by the Democratic National Committee (DNC) and also by Catalist, a for-profit group backed by a faction of leading Democratic players, are being credited for their part in the Party's strong performance in nationwide midterm elections. Those solutions may have helped Democrats close the gap with tech-savvy Republicans, according to a people involved with the projects and with the party's countrywide get-out-the-vote operation. The DNC solution, which was commissioned one year ago by DNC Chairman Howard Dean, tapped a new generation of low-cost, Linux-based data warehouse technology to improve the quantity, quality, and availability of voter information used by state Democratic parties during the election turn-out effort. Those close to the project say the new system, part of Dean's so-called 50-state strategy, helped tip close races in the House and Senate in favor of the Democrats. The solution was developed by Intelligent Integration Systems (IISi) of Boston, a company that develops datacenter solutions and uses a Netezza Performance Server data warehouse appliance to integrate information provided by 45 state-level Democratic parties on about 200 million voters, according to Paul Davis, IISi's CEO. In addition to the Netezza back end and IISi code, the system uses data quality and cleansing tools from FirstLogic and enterprise integration software vendor Sunopsis, as well as data modeling tools from SPSS, according to a Netezza statement. The new solution was hosted at a datacenter in Virginia and allowed the DNC to rapidly update so-called "voter files" as state-level party workers provided them with new information. The data was then cleaned up by comparing it to lists of known phone numbers and addresses. The DNC was also able to "overlay" the information and match it to data about individuals in the lists culled from various consumer data stores, Davis said. Netezza, which makes the technology used by the DNC, is part of a new generation of data warehousing companies that are using... Read the article.  Back to top AOL upgrades AIM with offline messaging, chat AIM 6.0 also sports a new dashboard to make it easier to access mobile features. AOL has upgraded its popular AIM instant messaging service with new features like the ability to send messages to offline users and to store IM sessions in a PC. In AIM 6.0, AOL also doubled the number of contacts a user can have in his "buddy" list to 1,000 people, AOL plans to announce on Wednesday. AOL is involved in a scalding hot competition in the consumer IM market with rivals Microsoft and Yahoo, which recently established a basic level of interoperability between their IM networks. AOL, Microsoft, and Yahoo operate the three most popular consumer IM networks, but AIM users can't communicate with Microsoft and Yahoo users because each network operates with proprietary communication protocols. Microsoft's Windows Live Messenger leads with 29 percent of users worldwide, followed by AIM with 27 percent and Yahoo Messenger with 21 percent, according to The Radicati Group Inc. AOL is working with Google to link AIM with the Google Talk IM service. AIM already has interoperability with... Read the article.  Back to top Security group ranks human error as top security worry Report shows most people fall for 'spear-phishing' attacks even after hours of computer security instruction. The SANS Institute has some controversial advice for computer security professionals looking to lock down their networks: spear-phish your employees. That's what the U.S. Military Academy at West Point did in 2004 to a group of 512 cadets, selected at random for a test called the Carronade. The cadets were sent a bogus e-mail that looked like it came from a fictional colonel named Robert Melvillle, who claimed to be with the academy's Office of the Commandant (The real Robert Melville helped invent a short range naval cannon called the Carronade nearly 250 years ago). "There was a problem with your last grade report," Melville wrote, before telling the cadets to click on a Web page and "follow the instructions to make sure your information is correct."... Read the article.  Back to top Dell buys IT services firm to ease Vista upgrades Vista, Office 2007 already cracked Dell plans to offer consulting to large businesses as they upgrade to Microsoft's new OS. Dell has acquired a British IT services firm, with plans to offer consulting to large businesses as they upgrade to Microsoft's new Vista operating system. Dell said Tuesday it acquired ACS of London, a privately held firm that provides infrastructure consulting to businesses listed on the FTSE 100, a stock index of England's largest corporations. Dell did not disclose the deal's cost, but said it would retain all ACS employees. Dell will use ACS to offer IT support earlier in the planning stages of customers' application deployments, such as migrating to Microsoft Vista, according to a statement from Stephen Murdoch, vice president of solutions and services for Dell's EMEA (Europe, Middle East and Africa) division. Business customers have been demanding better... Read the article.  Back to top Five of Anything Ice Breaker Looking for a winning team building ice breaker that you can use for meetings, training classes, team building sessions, and company events and activities? My new five of anything ice breaker makes group cohesiveness and cooperation a natural extension of the discussion when you use this team building ice breaker. Take a look, too, at the piece I put together to help you make all of your team building activities successful... Read the article.  Back to top Job Interview Tips: How to Interview Potential Employees I admit that the last time I went on an actual job intervew as a job searcher was about twenty years ago. I am lucky in that starting and operating my own business was the right decision for me. For a client company, however, I have interviewed hundreds of potential employees in the past couple of years. This has caused me to take a hard look at interviewing employees from both sides of the desk... Read the article.  Back to top Ask the Right (Interview) Question Starting Smarter Looking for an entry-level position? Take a tip from these recent hires at L’Oréal, JPMorgan, Lockheed, and elsewhere... Job seekers' questions typically fall into one of three categories. To impress and learn about an employer, it's important to know the protocol for each. Savvy job seekers have learned that it's important to show up at a job interview armed with smart, pithy questions. A few years ago, it was perfectly fine to ask, "Who are your company's competitors?" But these days, employers expect you to know the answer to that—and a dozen other company-specific questions. The first thing to know about job-interview questions is that there is more than one kind. In my experience, job seekers' questions fall into one of three categories, and it's good to know the difference—and the protocol for each... Read the article.  Back to top The Quiet Leader—and How to Be One If you look behind lots of great heroic leaders, you find them doing lots of quiet, patient work themselves.           —Joseph L. Badaracco Jr It sounds almost paradoxical. A quiet leader? Yet quiet leaders—managers who apply modesty, restraint, and tenacity to solve particularly difficult problems—are more common than we think, says Harvard Business School professor Joseph L. Badaracco. In his new book Leading Quietly: An Unorthodox Guide to Doing the Right Thing (HBS Press, 2002), he describes what quiet leaders do and how they make their workplace, and their world, a better place. Badaracco recently sat down with HBS Working Knowledge Senior Editor Martha Lagace to talk about quiet leaders... Read the article.  Back to top What's to Be Done About Performance Reviews? It's the season for many employee performance reviews. Why do they seem to rank alongside root canal dental work on our list of things we look forward to as managers and employees? And what are we doing about it? If we assume that the basic purpose of employee evaluations is to build better-performing organizations, then this has to be one of the most important things we do as managers. But if formal evaluations weren't required, would we even provide them? Much of this season's debate has centered around whether a forced ranking system works in such efforts... Read the article.  Back to top Is the boss reading your e-mail? E-mail privacy is a myth, Sandra Gittlen explains, and what you're doing right now with e-mail, IM or blogs could get you fired. Each day, it becomes more apparent that e-mail and instant messages are not private. Employers are worried about liability and lawsuits, so they're monitoring employee e-mail. Their fears are not unfounded. The "2006 Workplace E-mail, Instant Messaging & Blog Survey" by the American Management Association and the ePolicy Institute found that 24% of responding organizations have had employee e-mail subpoenaed, and 15% have gone to court to battle lawsuits triggered by employee e-mail.On the other side, 26% of employers have terminated employees for e-mail misuse, and 2% have let employees go for misuse of IM. Even blogs are a cause of dismissal -- 2% of respondents reported firing workers for offensive content -- even if the blogs are not corporate based. With employees encouraged to work longer and less-defined hours on company equipment, the lines between professional and personal use are becoming increasingly blurred. While organizations have gotten increasingly better about developing and communicating e-mail acceptable use policies, they are still lacking in addressing policies for IM and blogging. The AMA found that 76% of the companies surveyed do have e-mail usage and content policies in place. That number drops significantly lower -- to 31% -- of employers that have IM policies in place. And only 9% have policies that address the use of blogs. This lack of communications between employers and employees about expectations has set employees up for serious repercussions.I recently discussed this changing landscape with Jeremy Gruber, legal director at the National Workrights Institute in Princeton, N.J. What rights do employees have regarding privacy and corporate e-mail? What about using personal e-mail on a corporate computer or accessing corporate e-mail from a personal computer?... Read the article.  Back to top Salary Survey 2006: Hot Skills, Hot Pay IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? Hot skills got the biggest pay bounces in 2006, as companies prepared to fight for key talent. Mike York has 15 good reasons to be happy with his job. As a network architect at Experian Information Solutions Inc.’s data center in Allen, Texas, York saw his salary jump 5% this year, plus another 10% as the credit reporting company raised his pay to equal that of his counterparts at the California headquarters. “In Texas, I’m the only network architect” for the company, York says of his specialized skills. He’s not the only one with reason to smile. While IT workers across the board saw their pay increase an average of 3.1% again this year, a few lucky ones with the hottest skills saw above-average raises, according to Computerworld’s 20th Annual Salary Survey, which studied the compensation and bonuses of 14,740 IT workers. Network architects like York received average pay increases of 5.3%. Web developers, Internet managers and directors of e-commerce saw jumps of 4% or more. (Use our Smart Salary Tool to get survey results by job title and region. Also, see salary data for entry-level and staff positions, middle management, senior management, contractors & consultants and additional job titles. Compensation watchdogs say these IT rock stars have catapulted to popularity because of consumer demand. “The dominant business model is now Web-based. That’s what it’s all about,” says David Foote, CEO and chief research officer at Foote Partners LLC in New Canaan, Conn. “Customers are dictating the way they want to interact across the network with the vendors. They’re willing to define the relationship in part by how secure it is and how easy it is to do business with them. If I’m purchasing from a Web site and the site is too slow, I’m off of it.”... Read the article.  Back to top Truth, Lies and Caller ID Do you rely on caller ID for identification? If so, you’re taking a big risk. This week, I, Sarah Scalet, just a hardworking, honest journalist born and raised in the heartland, pretexted for the first time.I placed a call from my office phone to my colleague Scott Berinato, manipulating the caller ID in such a way that the call appeared to be coming from Scott’s cell phone. I also disguised my voice. And, just because I could, I recorded the call as well. When Scott answered, I made up a lame story about how I was calling from his cell phone company to inquire about problems with his service. Scott demanded to know, in an increasingly stern voice, exactly who I was and what I wanted. And when I tried to fess up and tell him that it was actually me, Sarah, he hung up.You might think that all this required incredible technical savvy on my part. Maybe I did some elaborate hack of a VoIP system, or built a fancy-schmancy gadget with parts from Radio Shack. Alas, no. In fact, all I did was... Read the article.  Back to top The New Open Sourcing Do-it-yourself integration and support for open source will cost you plenty. So will consultants. But a new, less expensive approach has emerged. Open source has many allures: no license costs, a wide range of support venues and the ability to work directly with code for customization or quick repairs. But it can create IT headaches, too: The mantra of open source has been “release early and often,” which means IT managers using a disparate group of open-source apps face frequent updates and patches, and must craft rules about how and when to apply them. Most enterprises soon find that with the do-it-yourself approach, maintenance and integration costs equal—and sometimes exceed—the maintenance cost of commercial software, due to the in-house resources needed to track, test, and apply patches and updates. The other option, using professional services firms to do that work, costs at least as much. But a new, potentially less expensive approach is emerging—a certified, preintegrated suite of open-source components from one vendor, which stays updated and integrated via periodic suite releases. This option could make open-source adoption easier, for example, for smaller enterprises that don’t have the staff or services dollars to support the traditional open-source integration and maintenance approaches but want to use proven open-source technologies like Linux, EnterpriseDB, Postfix, Tomcat and Apache more broadly... Read the article.  Back to top Surprisingly Healthy Foods What you didn't know might help you. Eating healthy may be virtuous, but it just doesn't seem like that much fun. Truth is, most of us prefer the taste of French fries over that of oat bran. A glass of Burgundy sounds more tantalizing than a cup of wheat grass juice. And while a nice piece of fruit is no punishment, chocolate is exceedingly more tempting. The good news: Not all of those seemingly unhealthy choices actually are... Read the article.  Back to top Forward to a Friend: Do you have a friend that would like to receive TechWatchsm? Perhaps you know a peer within your organization, or associate at a partner company that would benefit from applying to receive this publication. Inviting a friend to experience the benefits of joining the BusinessWatch Network is easy! Just FW: this newsletter to the person you know who may have an interest and ask them to click here http://www.businesswatchnetwork.com Your friend will be glad you did! If at any time you would like to unsubscribe from TechWatchsm simply visit this URL, or send a letter requesting opt-off to: The BusinessWatch Network Privacy Mailbox, 1321, Marblehead, MA. 01945 DISCLAIMER: TechWatchsm and the BusinessWatch Networksm are service marks of DMS. All other trademarks or service marks contained in this email are the property of their respective owners. At the time of publication, all links in this e-mail functioned properly. However, since many links point to sites other than businesswatchnetwork.com, some links may become invalid as time passes. DMS Inc. supports the DMA Privacy Promise and Guidelines for Ethical Business Practice. We are committed to the proper use of email and to protecting consumers from fraudulent or inappropriate offers. Privacy Policy