Site icon IT World Canada

MAILBAG: hacks, attacks, breaches and PlayBook 2.0

Brian Bloom is a staff writer at ComputerWorld Canada. You can find him on Google+. He covers enterprise hardware and software, information architecture and security topics.

If you’re a police officer or a RIM PlayBook owner, you’ve probably read some good news in the past week or so. But if you’re a hacker, or maybe if you work at Apple or Google, it’s possible you aren’t terribly happy about the way things have been going.

 
But hey, good news for us often has to be bad news for somebody else. That’s certainly been the case in the past whenever powerful forces vied for supremacy. Genghis Khan was adamant about making sure the other guy lost:  “It is not sufficient that I succeed,” he said. “All others must fail.”

Of course, sometimes big IT companies fail and then bounce back, despite a lot of folks wanting them to stay down for the count. Here’s a good example: our readers seemed quite happy with RIM’s PlayBook 2.0 update, which bodes well for a company that hasn’t exactly endeared itself to its customer base in recent times.

Here’s what commenter Bill had to say:

“Checked for the update on the 21st before I received a notification, and it was there ready to download. Anticipated a huge download file from busy servers so started the download and walked away. Checked it a half hour later and it was already waiting for me to reboot.

“Huge improvements over V1. Haven’t explored everything yet but the ability to manage all my email and social networking accounts in one stream through the new email function is fantastic. Haven’t been able to connect yet to my Exchange work calendar via BIS like I can through my Tour; not sure if I’m supposed to be able to or not. Can use Bridge, of course, but would like to not have to do that. Contacts from personal webmail and Facebook loaded fine for me.

“Desktop interface is greatly improved, now providing the ability to create new pages for icons and shortcuts as well as the ability to group them into folders.

“Lots more to explore. Very pleased with this update so far!”

Then there were the security stories. We wrote about how hard it is for law enforcement to go after hackers (though things might be improving – the crackdown on Anonymous seems like a good sign).
 
AlfredoC said the enforcement part of “law enforcement” needs to be emphasized more, given people’s tendency to flout the rules:

“The government and industry should be imposing strict rules and strong defences against social engineering and network hackers.[They] must be legislated to comply to security requirements and monitoring. Until now, I still see people working in sensitive jobs/positions who do not change their passwords, keep them written in a post-it note, or use names of their families, just because they can’t be bothered, are lazy or afraid they might forget!”

And more generally on the subject of data breaches and the best policies to prevent them, reader Michael Argast had this to say:
 
“I agree with the central premise that security policies and controls need to be considered holistically rather than in a fragmented way, and also that centralizing security provides some risks.

“On the holistic approach, increasingly we’re seeing organizations opt for integrated security solutions or suites instead of stand-alone technologies. Integration helps to lower effort and TCO required to implement and manage, and since most people have limited headcount and skill sets on their team, it leads to better outcomes.

“At the same time, I’ve seen instances where poorly designed central controls actually represent a point of threat. One Endpoint provider (who shall remain nameless) I know of held their DLP quarantine in a centralized repository that was by default poorly protected, [which] resulted in a beautifully targeted area of vulnerability for anyone trying to steal information — you had one place to go to find the documents the organization considered most sensitive.”
 

You also read about another kind of attack recently.You know, the one that targets your reputation instead of your data.

Reader Mike was not impressed with Microsoft’s “Googlighting” advertisement, aimed at its arch-rival:

“This ad seems pretty amateurish for the company that successfully squashed OS/2 via a four year long ad campaign about how the new Windows 4.0 (eventually Windows 95) was coming out any day now and then finally released a software product that should have been an alpha at best.

“I seem to recall Microsoft talking about moving all its products to a Software-as-a-Service model as a means of forcing people into its upgrade cycle back in 2003 or so.

“Personally, I like software that evolves to meet my needs, instead of telling me what needs I have. Finally, attack ads have no place in Canadian politics or in Canadian advertising. You want my vote, prove to me that you are worth it — not that the other guy isn’t.”
 

Fair enough, Mike. But Genghis Khan would have disagreed.

Exit mobile version