SMB Fix Is In the Flaw
Plus: Users seeks transparency with SharePoint; Symantec chief retiring; a fool and his job are soon parted.
Microsoft spent the end of last week coming
clean about a patch
that took seven years to work the kinks out of. The
Server Message Block Patch, released on Nov. 11, was the culmination of years
of work. Now as the software giant continues to roll out its cloud computing
initiatives, a report has a emerged about SharePoint server and Microsoft is
getting more serious about quantifying and measuring exploits. And to begin
the week, security software company Symantec said its chief is retiring and
that it completed an acquisition. The Payment Card Industry said it will provide
more guidance to IT security pros for assessing risk and testing for hacks.
Meanwhile a disillusioned and recently laid-off systems administrator from New
Jersey was arrested for cyber-extortion when he allegedly asked his company
for parting gifts lest he destroy their servers.
Report: More Transparency Needed for SharePoint Server
Many process owners and IT pros have less visibility of what's going on
in their SharePoint environments and thus feel the workflow and collaboration
puts them at risk of data theft. This, according to research firm Courion,
which this week found that although SharePoint-powered sites are increasingly
more prevalent in the enterprise space, 86 percent of the management-level respondents
are still concerned that sensitive data is finding its way onto these sites
without "proper safeguards." The study comes as Microsoft prepared
on Monday for its formal launch of Exchange Online and SharePoint Online from
Redmond Touts 'Exploitability Index' as a success
"For each of the aforementioned issues, functioning exploit code was
released publicly within the first two weeks," Microsoft said in this
blog posting, adding that the new index, which just reached its one-month
mark last week, will help IT pros make "deployment decisions." Redmond
said further that before the advent of the index and the "additional layer
of analysis" it fostered, its patch bulletins had no indication of the
likelihood of the stated vulnerabilities being exploited.
Symantec Completes Deal, Makes Management Announcement
Symantec announced that John W. Thompson, chairman and chief executive officer,
will retire as CEO at the end of the fiscal year. The board of directors has
appointed Enrique T. Salem, Symantec chief operating officer, as president and
CEO effective April 4, 2009. Following the transition, Thompson, 59, will remain
chairman of the board and Salem, 43, will join the board of directors. The management
change comes as the company announced it wrapped up its acquisition of MessageLabs,
a deal in which it hopes to gain ground in the software-as-a-service market
and expand Symantec's existing portfolio of SaaS offerings with messaging and
Web security services from MessageLabs.
Payment Card Industry's QA Program for Security Pros
The Payment Card Indusry Standards Council, the governing body for rules around
transaction security and Payment Application Data Security Standards, has established
assurance program for Qualified Security Assessors and Approved Scanning
Vendors. The council said the new programs are designed to provide a roadmap
for independent security vendors specializing in PCI consulting and information
security audit programs.
VeriChip to offer products through MS HealthVault
VeriChip Corporation said that its VeriMed Health Link patient data system
will be accessible through Microsoft HealthVault, an online platform designed
to help consumers keep their records safe. Per the deal, VeriChip said its members
will be given free MS HealthVault accounts to input, store, view and interact
with and protect their data.
Paid in Fool
Federal prosecutors said they've arrested Viktor Savtyrev, 29, a New Jersey
resident, who demanded extended medical coverage, "excellent" job
references and a favorable severance package -- or else -- from his former employer
where he was a systems administrator. In e-mails to his company, believed to
be New York-based Third Avenue Management LLC, he threatened that if his demands
weren't met he would crash the company servers. Savtyrev's attorney Robert Stahl
said the former IT pro will plead not guilty even though he allegedly sent e-mails
after being let go on Nov. 5.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.