Archive for December, 2009

As we head into a new decade, we all have the opportunity to take stock of where we are and where we want to go. Of course, aside from personal goals, we can also consider this a great time to take stock of the security issues in our lives too – both in personal and business settings.

So, what are your goals for 2010? Do you already have basic personal IT security set up (like using LoJack / Computrace or encryption)? Are you looking for more advanced IT asset management tools? Do you simply aim to roll out security updates once per month?

Share your list of goals with us here. Also, we’re asking a related question on Twitter @absolutecorp:

What are the biggest challenges IT managers face in 2010? Let us know which one and what you think, and tag your tweets #AbsoluteSoftware

Image: ba1969

Sephen Watt, the 25-year-old man who has admitted to providing the “sniffer” program used to hijack the credit card numbers associated with the TJX breach, has been sentenced to 2 years in prison and 3 years of supervised release. In addition, he will have to pay over $170 million in restitution.

Watt was not the leader of the attack that was perpetrated against TJX. That man, Albert Gonzalez, is awaiting his sentence, which could be more than 17 years in prison. Gonzalez and Watt, however, were known friends. The code that Watt created was found stored on a server leased by Gonzalez. The server contained 16.3 million stolen card numbers with another 27.5 million found on an alternate server.

Do you think that Watt received a fair sentencing for his role in one of history’s largest data breaches? Do you think that the fines / sentences associated with data breaches are adequate?

Via SC Magazine, CGI Security, Wired

Absolute’s recoveries often lead police to more than just stolen computers…check out a few of this week’s top recoveries:

–> A laptop disappeared from the locked desk of a corporate customer, leading police to believe that the thief was internal to the victim company. Indeed, the unauthorized user that Absolute identified was a current employee, and also discovered, was a longtime suspect for past office thefts – but the company simply did not have the intel to prove it. Now armed with the information provided by Absolute, police were able to attend the employee’s residence. The company’s laptop was recovered from the scene – along with 5 other company computers that were believed to be stolen prior to the installation of Computrace. The (now former) employee was arrested.

–> Bullet proof vests, a revolver, prescription drugs, an array of illegal substances, drug paraphernalia and $500 in criminal proceeds complemented the recovery of a laptop stolen in a recent break-and-enter.  Two arrests, four charges and a happy Computrace LoJack for Laptops customer resulted.

–>A laptop that was stolen in a home invasion revealed two unauthorized users – resulting in two search warrants served. The computer was swiftly recovered, along with an illegal weapon and over $7,000 worth of narcotics. Further, the two suspects were not only linked to the home invasion and charged for that offense – they also face charges for possession of narcotics for the purpose of trafficking, possession of stolen property, and possession of illegal firearms. All in a day’s work…

 
Please note that indictments and criminal complaints are merely unproven accusations and the accused, in all cases, are presumed innocent until proven guilty.

Absolute recently recovered a customer’s laptop after it was stolen from a Massachusetts dorm room. The story unfolded as follows: a few weeks prior to theft, the identified suspect’s own laptop had been stolen on the same campus. Laptopless and doubtful of its return (her machine was not equipped with Computrace LoJack for Laptops), the suspect decided to find a quick replacement – and an unlocked dorm room provided the perfect opportunity for some late night laptop larceny.

Unfortunately for our suspect, however, the thieved machine was equipped with Computrace LoJack for Laptops, and so Absolute and campus police were soon onto her ploy. After being reminded that the ‘pay it forward’ mantra does not apply to thievery, the suspect was required to handover the laptop, write a formal apology to the victim, and will be facing the university’s disciplinary board.

Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty.

The Enterprise Desktop Alliance today opened a new survey to query IT administrators about their plans to support the Mac in their Windows-centric IT environments. The results of the survey will provide an update to the Enterprise Desktop Alliance’s 2008 survey which reported:

• 90% of whom stated that integration with Windows was important to their organization
• Active Directory integration was the number one issue for Mac integration in a Windows-managed environment.
• 74% of the respondents expected to increase the number of Macs in their organization.

Results of the original Survey, “Administrators Speak Out About Managing the Mac in a Windows Infrastructure,” conducted in December 2008 are available on the Enterprise Desktop Alliance website.  

The current survey looks back to whether those plans were realized and goes into greater depth on the priorities of those tasked with managing Macs in a Windows oriented IT infrastructure. 

IT administrators are encouraged to contribute to the survey at Enterprise Desktop Alliance 2009 Survey.

LANrev, now Absolute Software, is a founding member of the Enterprise Desktop Alliance.

Last week, Eric Schmidt, who is the CEO at Google, made some comments that raised more than a few eyebrows.  During a recent interview with CNBC, Schmidt was asked whether it is a good idea for users to share their information with Google.  His response was: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

While I can appreciate his intention, it is a pretty risky thing to say when you are the CEO of a search engine.  His comments seem particularly unreasonable when you consider how upset Schmidt was when CNET reporters found out about his salary, donations and other personal information and included their findings in a published article. 

In response to this, Schmidt blacklisted the reporters from Google.  The ironic thing is that they obtained all of their information by searching Google.

Bruce Schneier, security technologist and author, has an well thought out response that’s worth reading. It touches on differences between “security versus privacy” and “liberty versus control”.  In my opinion, privacy isn’t just about not sharing things that I’ve done wrong, but it can also be about ruining surprises, revealing embarrassing facts and other, more benign things.  It isn’t just about things that we want to hide for fear of punishment.  Look at Schmidt’s reaction to having his own information shared without his express permission.  Not everyone wants the details of their salary known to everyone and why should they not have any control over that?

What do you think about what he said and how it relates to Google’s understanding of privacy? 

image: Google

In maintaining the industry’s leading theft recovery rate, the Absolute Theft Recovery Team works closely with law enforcement agencies worldwide.  It is with the help of these dedicated professionals that we are able to leverage our technology to recover thousands of stolen computers and help capture numerous criminals. We’ll often receive feedback from law enforcement officers, sharing their experiences and success with Absolute. Our most recent success story came from the University of Pittsburgh Police:

“I would like to take this time to let everyone know the value of using Computrace and LoJack for Laptops from a law enforcement standpoint. Over the last six months, I have worked with four cases involving the theft of laptops and was very fortunate that all four had Computrace installed. Once the laptops connected to the internet, the Absolute investigator assigned to the case stepped in and the cases were resolved very quickly. In fact, the most recent case in October of 2009 was solved within 48 hours, leading to the recovery of the laptop and a suspect who eventually confessed to the crime. Without assistance from Computrace and Absolute, I do not believe these cases would have ended on a positive note.”

Det. Lt. David A. Kirchner
Pittsburgh, PA

2009 will probably be remembered as the year that the H1N1, or swine flu, virus hit the world. It has caused a worldwide panic since it’s been spreading through schools, workplaces and households like wildfire.

As if that isn’t bad enough, it’s also been causing problems virtually.

The Centers of Disease Control (CDC) is now having to issue warnings about phishing emails that claim to be sent by the organization. They are definitely getting the attention of the recipients, of course, since the emails discuss a state vaccination program. So many have lined up to get the shot (with a good number being refused due to shortages), so I’m sure there are people out there who would be more than willing to follow the instructions in the email by creating a personal H1N1 vaccination profile.

The program is non-existent and, instead of getting protection against the H1N1 virus, people are being directed to a fraudulent site that puts there computer at risk of contracting ZBot (also known as Zeus), a trojan horse that powers one of the most active botnets. Personal data about the user can then be gathered and sent back to the botnet operator.

How nasty. If H1N1 doesn’t get you in real life, thieves are exploiting the fear caused by this virus to infect you online. It’s very important to have up-to-date security solutions and to only follow links and open attachments from trusted sources.

Tip for Absolute corporate customers: You can use your Computrace reporting tools to determine if your devices have the latest patches and antivirus software installed.

Online consumers are easy prey this time of year, since we are doing everything from booking our travel to buying presents on the internet. There have been times when I’ve bought something from a slightly dodgy website, because I couldn’t find the item locally. And I’m sure I’m not alone. Thieves are counting on our desperation, since it could mean that we’re letting our guard down and are paying less attention to online security.

However, it isn’t always the dodgy sites where we might wind up losing money. Consumer Reports has put together a list of sites that have made it easier for shoppers to be tricked out of more than $1.4 billion already, and they include reputable ones like Travelocity and 1-800-Flowers.com. They’re advertizing a service that at first seems free, but it turns out that you need to pay for it.

What should you be looking for?

In the checkout area, you might notice an offer to sign up for the “Membership Club” in order to qualify for cash-back rewards. It might look like it’s part of your transaction since these scammy ads say things like “Get $10 Cash Back on Your Next Purchase” but, in reality, consumers are actually signing up for a service that will cost them $10 to $20 per month – charged to their credit card.

Be careful and make sure to read every offer before signing up for services, especially during the holiday rush.

Today Absolute announced that it acquired LANRev product suite from Pole Position Software. LANrev provides a suite of easy to use tools that enable organizations to efficiently manage and track computer assets, lowering total cost of ownership.  It’s an excellent complement to the Absolute product suite. And just like Computrace, LANrev works seamlessly with PCs and Apple® computers, or any combination of the two.

LANRev features include:

• License management
• Automated patch management
• Software metering
• Software distribution
• Configuration management
• Power management

You can purchase LANRev products from Absolute starting today. Learn more