|
|
|
| Related Articles |
| Client-side vulnerabilities loom large |
28 November 2007 |
| Critical vulnerabilities in common PC software, including both applications and operating systems, continue to grow in number and stand as the leading cause for concern in the IT security landscape today, according to training experts at the SANS Institute.Holes in so-called client-side applications, including Web browsers, e-mail clients, productivity suites, and media players, have become particularly worrisome over the last year, according to SANS, which highlighted the issue as part of its annual report on the top 20 Internet security risks for 2007.As hackers have shifted their attention further away from operating system flaws and drilled down to applications-layer vulnerabilities they have found a seemingly endless wealth of possibilities for infecting PCs with everything from spyware to botnet programs, SANS researchers contend.Unless something can be done to improve software developers' coding habits or better test popular applications for such issues before they land on end-users' machines, attackers will be able to continue their successful assaults against enterprise networks and devices for the foreseeable future, said Rohit Dhamankar, project manager for the Top 20 report at SANS and a senior manager of security research for TippingPoint.?"There's just been such a dramatic rise in the numbers of vulnerabilities found in applications like Internet Explorer and Microsoft Office and a number of media players that attackers are having their way," said Dhamankar. "Enterprises are bolstering security, but desktop users still pose a massive risk if they can download anything they want from the Web; the attacks are also growing in sophistication to the extent that many can defeat antivirus and other security systems primarily by obfuscating their code."Some of the most powerful tools that hackers have adopted in hunting for potential targets are the same industrial-strength applications fuzzing tools that software vendors themselves are using to search for holes in their products, said the expert.Enterprises could do themselves a favor by enforcing stricter policies that dictate the types of applications that end-users are allowed to put on their work machines and using technical means to ensure that those rules are being followed, Dhamankar said.Other SANS researchers noted that while companies may not want to tell end-users that they cannot utilize media players, messaging clients, and other applications that have moved into the business world from the consumer sector, they could help themselves out by limiting the variety of client-side applications that people may choose from."IT departments can't focus on all the applications of the world, but they can choose several and keep their eye on those while allowing end-users some freedom," said Amol Sarwate, research manager at Qualys who studies vulnerability patterns for SANS. "What companies need to do is enforce standards for applications usage and utilize technical means to block unwanted software, devices, and even wireless access points."While many businesses have already realized that they need to shift more of their efforts toward defending client-side vulnerabilities, most have failed to embrace a proactive approach versus simply keeping track of publicly-reported flaws and patching those issues said Sarwate.Enterprises need to think about future security issues
It will be particularly important for firms to examine the additional security issues that will be introduced in the coming years with broader adoption of technologies including VoIP (Voice over IP), according to the expert."The key is for people to start thinking ahead of these client-side vulnerabilities to understand what the next big thing may be. Things like VoIP need to be examined for their security implications," said Sarwate. "Many companies are already adopting these tools because of all the advantages they offer, but there will be many attacks carried out against these systems as well."Among the advice that SANS is offering organizations hoping to improve their client-side security coverage is to mandate secure configurations at installation time for all applications, to constantly verify patching and upgrading of both applications and system software, to scan for new vulnerabilities frequently, and to keep their security systems up to date.Other leading areas of concern highlighted by SANS in its report included critical vulnerabilities in Web applications that allow for cross-site scripting attacks or for computers to be otherwise compromised simply by pointing their browsers at poisoned URLs."Gullible, busy, accommodating computer users," including executives, IT staff, and others with privileged access also remain a major weak point for enterprise security, according to SANS, as these seemingly more seasoned users of computers and software are still falling for increasingly targeted spear-phishing campaigns in large numbers.One of the best ways to educate users about the problem is for organizations to create fake spear-phishing threats and send them out to internal users to determine which individuals might be most likely to fall for the schemes and follow up with additional training, the group said.Critical vulnerabilities in the software and systems that provide the operating environment and primary services to computer users, or server-side software, remain another area of leading concern, according to SANS.Problems in Microsoft Windows services, Unix and Mac OS services, back-up and AV programs, management servers, database software, and VoIP technologies in particular are proving troublesome, according to the report.Many of those issues can be addressed by following the same advice offered for solving client-side vulnerabilities, SANS said in the research. |
| |
| Yelp glitch blocks site for some |
28 November 2007 |
| U.S. employers may have noticed a slight spike in productivity Wednesday as a computer glitch blocked access to online reviews site Yelp.com.The outage lasted from around 9 a.m to 11 a.m. Pacific Time, and blocked visitors from some companies, including Bank Of America, Kaiser Permanente, and Visa, according to posters at Yelp's discussion forums. Access at IDG's West Coast offices was also blocked.Yelp is a popular source of user-generated restaurant, entertainment, and business reviews in the Bay Area, and some companies have blocked access to the site to prevent employees from reading and contributing reviews during office hours.The glitch didn't shut down the Web site, but many visitors to the site were greeted with a "403" error telling users that they did not have permission to access the server. This type of error is returned by Web servers when someone tries to visit a restricted area of the site.Yelp wouldn't explain exactly what went wrong, except to say that it was a glitch caused by an update to the Web site that was pushed out Tuesday night. Most Yelp users had no problem visiting the site Wednesday, said Yelp spokeswoman Stephanie Ichinose. "It was a very narrow isolated incident that's now been rectified."That probably comes as welcome news to some.Yelpers were at first worried that their companies had moved to block access to the popular service. "Seems like a lot of filters at work added yelp to their list of blocked sites now," wrote one poster named Euge l. "I've heard of a handful of daily day time posters in the west coast have been blocked as well as the east coast. Is this the end of day time yelp?" |
| |
| J2EE Developer Brand New Project |
28 November 2007 |
| Java, J2EE. A Java Web Developer is needed to develop a company's web platform. You should possess strong software development qualities, from initial specification, robust testing, documentation development, sign off to final roll-out you will be involved at all levels and deliver post production support to the web team. You will need to be a team player with a strong commercial understanding of how effective IT Solutions can benefit an online business.
Skills required:
- J2EE and web programming technologies
- J2EE experience needs to be application server based e.g. Oracle, 10g, JBOSS, BEA, Weblogic, Websphere
- Thorough understanding and practical exposure to SQL on any of the main databases such as Oracle, DB2 and SQL.
- W3C Standards with an excellent knowledge of Internet
- HTTP, SMTP, FTP, SSL, CSS, JavaScript, HTML, JSP, XML, XHTML.
You will be responsible for all software development on ecommerce platform responsible for web architecture delivering custom business solutions to customers ERP systems such as PunchOut/RoundTrip.
Detailed job specification available upon receipt of suitable CV.
Abraxas plc acts as an employment agency/business.
No terminology in this advert is intended to discriminate on the grounds of age, and we confirm that we will gladly accept applications from persons of any age for this role. |
| |
| Software Developer - Banking Market - |
28 November 2007 |
| C#.NET, SQL, XML, Business Objects. My client is looking for a experienced Software Developer to join their existing product development team. This is for a leading IT solutions and services company providing Software and consultancy services.
You will be responsible for programming new enhancements and involvement in maintenance work for my client's product. You will have previous experience working in a C#.NET framework. You should be an expert in C#.NET, SQL Server, XML, XLST and Business Objects [Crystal]. Knowledge of the Wealth Management Business would be beneficial but not essential. You will have excellent solving problem ability. Professional and quality focused. You should be able to work within a team and on your own.
Detailed job specification available upon receipt of suitable CV.
Abraxas plc acts as an employment agency/business.
No terminology in this advert is intended to discriminate on the grounds of age, and we confirm that we will gladly accept applications from persons of any age for this role. |
| |
| J2EE Developers - work on some of UK's leading e-c |
28 November 2007 |
| J2EE, Java, JSP, Servlets, Spring, Hibernate, XML, SQL, RDBMS, Oracle, DB2, SQL Server, ATG Dynamo, Websphere, Weblogic, XML, UML. My client are a welll established, profitable and market leading consultancy - and a fantastic company to work for!!! Recent years have seen company growth rates of 40%pa, and they have never made redundancies. They have very good staff retention rates and have excellent career progression programmes. They're currently looking to hire 3-4 J2EE developers to join their team and work on industry leading projects. We are looking for bright, motivated candidates with a strong academic background and good J2EE development experience working in structured environment. Candidates should have strong core Java and J2EE, good SQL and RDBMS, OO Design with UML and knowledge of one large app server. Any consultancy experience an advantage, but consultancy ability and strong communication skills are a must. This is a consultancy role with some, but not much travel
Abraxas plc acts as an employment agency/business.
No terminology in this advert is intended to discriminate on the grounds of age, and we confirm that we will gladly accept applications from persons of any age for this role. |
| |
| BEA touts event-driven architecture |
28 November 2007 |
| BEA Systems officials Tuesday were eager to talk about event-driven architecture and SOA rather than discuss efforts by Oracle to acquire their company.An Oracle offer to acquire BEA expired in late-October and no new one has been tendered. For BEA officials, Tuesday was business as usual with executives touting the company's middleware stack for event processing during a media presentation in San Francisco. They stayed silent when asked about any possibility that their company might be bought by Oracle."BEA has been leading in the event-processing market for some time now," said Ruma Sanyal, director of product marketing for BEA. The company's event-driven processing arsenal includes such products as WebLogic Event Server for high-performance applications driven by event-driven architecture and WebLogic Real Time featuring a version of the JRockit Java virtual machine offering guaranteed response times of 10 milliseconds.SOA factors into event-driven processing, according to BEA."We see the next generation of SOA as being an event-driven SOA," said Guy Churchward, BEA vice president of WebLogic products. With data volumes growing, companies will be competitive and win by implementing event-driven SOA and event-driven architecture, he saidBEA's Event Server product is about data stream optimization, but SOA is deployed to make a decision on what to do with these streams, Churchward said. More than 70 percent of respondents surveyed by BEA think about event-processing in the context of SOA and BPM (business process management), Runyal said."Not all the business problems are going to be solved either by EDA or by SOA or BPM," Sanyal said. "It's all three of those together," that will probably be required for solving business problems, she said.While the BEA officials did not introduce any new products, they did provide glimpses of upcoming versions of the Event Server and Real Time software. Release 3.0 of Real Time, due next summer, will offer 5-millisecond response times. A release sometime after that will reduce this to zero milliseconds. Real Time features enhancements in Java memory management, or garbage collection, to reduce latency.The next version of Event Server will focus on development tools to extend the product to business analysts. A graphical interface for setting rules is a highlight of the product.The company emphasized how the holiday season is especially taxing on transaction systems in industries like air travel and retail and that event-processing is a solution."There's unique challenges around the holiday season," Churchward said. These challenges include compressed purchase-to-delivery time expectations, management of transactions, and an exponential increase in holiday travelers."There's more people hitting these [Web] sites, hitting the stores, there's more people getting on airlines," he said. Failure to address these problems can result in loss of revenue, lost of customers, high operational costs, and negative press and referrals, he said.BEA's Robin Smith, senior engineering product manager, detailed an airline's use of BEA software, including Event Server, Real Time and the AquaLogic Service Bus to deal with issues such as locating lost baggage. BEA did not reveal the name of the airline. |
| |
| Tridion Developer - Amsterdam |
28 November 2007 |
| Tridion Developer - Amsterdam
Are you a passionate embedded Tridion Developer looking to work with cutting edge technologies, and looking to make a major impact in the consumer electronics arena? If so, this company will be able to deliver what you need.
Our client is one of the fastest growing European manufacturers of satellite navigation systems. This is an excellent opportunity to work with the latest technologies on exciting software applications in the areas of Automotive Navigation.
They offer an excellent package including:
- a very competitive salary
- a bonus of between 15-20%
- help with relocation costs
- excellent promotion prospects
- an opportunity to work with others equally as passionate as you about technology
The client does require a very good understanding of Windows and Linux.
As a Tridion Developer, you'll start working on a green-field project for my client's IT department. Currently, their IT runs mostly PHP applications. However, due to massive growth, they are now rolling out to more standardised web applications platform to meet the needs of scalability and performance. The overall goal is to roll-out a complete Tridion CMS over the entire company. To accomplish this they are looking for experienced Tridion expertise with a pioneering attitude, and who like to work with the latest [open source] technologies.
This will involve design and development from back-end to front-end, documentation, establishment of coding standards, creation of Unit tests, and definition of project standards and so on.
To qualify you'll need:
• 2+ years of experience with Tridion.
• Preferred experience with the following is a pre: Eclipse, JBoss, JUnit, Servlets, JSP, J2EE, Hibernate, Spring, Maven, JDBC, SQL, XML, HTML, Java, JTA, Acegi security, JMX JSTL, Aspect Oriented Programming
• PHP[5], PHP-Java bridge, MySQL , MS SQL server and CSS.
Abraxas plc acts as an employment agency/business.
No terminology in this advert is |
| |
| SaaS delivery model takes new turn |
26 November 2007 |
| With the announcement tomorrow by 19Marketplace of Workplace2go, SaaS will add yet another unique facet to its business model.Unlike CRM services from Salesforce.com, RightNow, or Microsoft Dynamics, 19Marketplace offers none of its own products. Rather in its initial launch, it will offer to host a growing menu of well-known applications from other companies.Workplace2go applications include WebEx WebOffice, WebEx Web Conferencing, Microsoft Hosted Exchange E-mail, Blackberry Mobile E-mail, Good Technology Mobile E-mail, Arsenal Digital Remote Data Backup, LivePrism Spam Protection, and McAfee TOPS for desktop security.John Kryzkowski, general manager at 19Marketplace, likens his company to a retailer that takes on product lines from different manufacturers and becomes a specialist in sales, marketing, distribution, and merchandizing."The key is the right merchandise and services for our customers," said Kryzkowski.Although to some extent what 19Marketplace is doing is like the traditional ASP (Application Service Provider) model, this is different in that the services 19Marketplace offers are architected around a multi-tenant infrastructure rather than a dedicated environment for each customer.What makes 19Marketplace even more unique is that it the company does not host its own services; rather it resells popular applications, which are hosted at SaaS infrastructure provider Jamcracker.The current list of applications is targeted at small businesses, and pricing appears to reflect the needs of that audience.The service fee for Live Prism, an anti-spam package, is $1.99 per user per month. The fee for Microsoft Exchange E-Mail server with each user given 2GB of storage is $13.95 per user, per month.Most of the current SaaS providers host applications in their own data center, making their time to market as much as nine months until they can deliver a new application, according to Kryzkowski.On the other hand, 19Marketplace provides a link to services that are already up and running."We plug into them for provisioning and single sign on, and they have access to all of their services," said Kryzkowski.Applications listed above are available immediately. |
| |
| Begg: I'll be off to the third world |
28 November 2007 |
| ABTA Travel Convention special report: Global founder plans to swap business for charity |
| |
| QinetiQ to cut 400 despite profit jump |
29 November 2007 |
| QinetiQ, the defence research business in which the chairman and chief
executive made more than £35 million on the flotation of the business, will
eliminate 400 jobs across the UK. |
| |
 |
|
|
|