The Power of Chocolate

• By Lafe Low
• 04/16/2008

Infosecurity Europe has repeated its study involving exchanging sweets for end users' passwords, and revealed that women are four times as likely to divulge their passwords as men when presented with chocolate as a reward. How terrifyingly Pavlovian.

The survey was actually a cleverly designed exercise in social engineering, with the ultimate goal of impressing upon workers the importance of becoming more information security-savvy. Researchers posted in downtown London polled workers as they commuted to work. They found 45 percent of the women surveyed and 10 percent of the men were ready to give up their passwords for a sweet incentive.

While this may seem a bit scary to those of you charged with keeping your network locked down, it's a better result than last year's survey, when 64 percent eagerly handed over the keys to the kingdom for a couple of Cadburys.

That's not all the survey revealed. "Our researchers also asked for workers' names and telephone numbers so that they could be entered into a [drawing] to go to Paris," said Claire Sellick, event director for Infosecurity Europe and head of the study, in a statement. "With this incentive, 60 percent of men and 62 percent of women gave us their contact information."

That's a serious personal breach, and most people are completely unaware of the risks. "Once a criminal has your date of birth, name and phone number," Sellick said, "they are well on the way to carrying out more sophisticated social engineering attacks on you, such as pretending to be from your bank or phone company and extracting more valuable information that can be used in ID theft or fraud."

Me? I'd be more than happy to turn over my password for a nice glass of single malt scotch. What do you do to ensure that your users safeguard the company's jewels? What policies do you put in place? And -- be honest now -- have you ever shared your password? Share your secrets with me at [email protected].

Government Spending Spree
Your tax dollars hard at work: The government has been on a bit of a shopping spree when it comes to upgrading systems at the FBI, Defense Logistics Agency and the U.S. Air Force.

GTSI just earned a contract to upgrade the FBI's IT infrastructure. The upgrades will cover the entire enterprise from FBI headquarters to several key field offices. The $290 million contract is for one year, with options to extend for four more years.

CACI International will be working with the Defense Logistics Agency to upgrade its medical supply chain and health care services for our fighting forces around the globe. The five-year, $54.8 million contract to upgrade the Defense Medical Logistics Standard Support program sounds like money well-spent. As far as I'm concerned, the men and women in our armed forces deserve the best health care they can get.

And Hewlett-Packard Co. earned a five-year, $400 million contract to cover the U.S. Air Force's imaging and printing needs. This will include a full evaluation the USAF's printing infrastructure, consulting services and actual products.

Sure, they're spending our money, but this definitely makes me feel better than hearing about multiple millions spent on studies that reveal such deep secrets as exercising every day is good for you, or subsisting on a diet of pizza and Klondike bars is bad for you.

To read more about the government's activities in the world of IT, check out our sister publications Federal Computer Week and Government Computer News.

Do you work directly for a government agency? Does your company do any work for government agencies at any level? How do you feel the government IT landscape is looking? Requisition a response to me at [email protected].

Lawyers in Lawsuits
Microsoft isn't the only one having fun launching -- or defending against -- intellectual property lawsuits.

Hard drive heavyweight Seagate has filed a patent infringement suit against STEC, claiming the latter's solid-state drives violate four interface-related patents held by Seagate. Seagate filed its suit in the Federal District Court in the Northern District of California.

Apparently, Seagate has plans to dive deeply into the solid-state drive market this year, and it promises to be a lucrative venture. Already, this new storage technology is making waves with the Apple MacBook Air and the HP Mini. Solid-state drives are built with chips, so they have no moving parts, unlike traditional, mechanical hard drives. Besides being much smaller, they're more reliable, quieter, faster, generate less heat and use less power. Like any new technology, though, right now they're still much more expensive.

Have you played around with any solid-state storage yet? Any plans to change your storage infrastructure? Have any of these high-profile lawsuits had any impact on what you do? Depose your thoughts to me at [email protected].

'Stirling' Now in Beta
Microsoft has just released its integrated security control system Forefront to public beta. Codenamed "Stirling," the beta is now ready for download.

Stirling -- or "Forefront," as it'll be called once it ships -- gives you updated and integrated view of all aspects of your security infrastructure, including endpoint security, network edge security, and messaging and collaboration security.

From that single management console, you can check and update your security settings, including configuration, reporting and setting alerts. The console is also linked for direct and immediate remediation. Role-based administration lets you customize views for other staffers so they only see what they need to see. To download Stirling or to read more about Forefront, go here.

Do you plan on checking out Forefront? Have you already? Let us know when you do. We'd love to chat with you for a Reader Review story. Release a beta version of your comments to me at [email protected].