News Archive

In an IDG story it was disclosed that web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web sites, according to a security company in Taiwan.

The attack in China and Taiwan is ongoing. In addition with the impact of the earthquake and the associated relief efforts, the attack is having a huge impact. Even if they cannot successfully insert malware, they are killing lots of Web sites right now, because they are just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim Web sites.

In a SQL injection attack, an attacker attempts to exploit vulnerabilities in custom Web applications by entering SQL code in an entry field, such as a log-in. If successful, such an attack can give the attacker access to data on the database used by the application and the ability to run malicious code on the Web site.

Mass SQL injection attacks have increasingly become a security threat. In January, tens of thousands of PCs were infected by an automated SQL injection attack. That attack exploited a vulnerability in Microsoft Corp.'s SQL Server.

Thousands of Web sites have been hit by the attack, he said, noting that 10,000 servers alone were infected by malware on Friday. Most of the affected servers are in China, while some are located in Taiwan. The attackers appear to be using automated queries to the Google search engine to identify Web sites vulnerable to the attack, he said.

The attackers in the more recent outbreak are not targeting a specific vulnerability. Instead, they are using an automated SQL injection attack engine that is tailored to attack Web sites using SQL Server. The attack uses SQL injection to infect targeted Web sites with malware, which in turn exploits vulnerabilities in the browsers of those who visit the Web sites.

The malware injected by the attack comes from 1,000 different servers and targets 10 vulnerabilities in Internet Explorer and related plug-ins that are popular in Asia.

» Read More

Janco has just released its 2008 Internet and Information Technology Position Descriptions HandiGuide. The HandiGuide contains 210 Job Descriptions which are compliant with SOX and ISO 27000.

Park City, UT - March 17, 2007 - Janco has just released its 2008 Internet and Information Technology Position Descriptions HandiGuide. The HandiGuide contains 210 Job Descriptions in a new easy to read and modify format. Victor Janulaitis the CEO of Janco said, “The Internet and IT Position Descriptions HandiGuide is available in PDF, WORD 2003, and WORD 2007 formats.” The CEO added, “All of the job descriptions have been updated to comply fully with Sarbanes-Oxley and the new ISO 27000 Security Standards.”

Mr. Janulaitis added, “Over 2,500 enterprises worldwide have acquired the Internet and Information Technology HandiGuide. It is viewed by many as the Standard for Job Descriptions in the Information Technology field.”

The 210 job descriptions included cover all of the technical and non-technical job functions which could reside within the information technology department. Some of the new job descriptions include Chief Compliance Officer (CCO) and Director of Sarbanes-Oxley Compliance to reflect the security demands that are currently mandated by various governmental bodies and agencies. A full product description can be found at http://www.e-janco.com/job.htm.

Several tools have been included in the HandiGuide to help enterprise to customize job descriptions to fit their own unique needs. Included are 1) Job Evaluation Questionnaire; 2) Position Description Questionnaire use to create customized job descriptions; 3) Job Progression Matrix used to define Job Classifications; and 4) Extensive presentation of mandate requirements such as ADA and Sexual Harassment.

Mr. Janulaitis added, “Over 2,500 enterprises worldwide have acquired the Internet and Information Technology HandiGuide. It is viewed by many as the Standard for Job Descriptions in the Information Technology field.”

Janco offers an update service so existing customers can get updates as they are created for this an all of it other IT Infrastructure products.

Members of the media can contact our Media Manager to obtain a full copy of this product for their review. Direct line: (435) 940-9300 x 101 Email: support@e-janco.com More information can be found at: http://www.e-janco.com/job.htm.

Janco is Mountain States based consulting firm that publishes the HandiGuide® series of Infrastructure books used by Information Technology, Human Resources and other professionals as the source of information on topics from Security Polices, Business Continuity - Disaster Planning to job descriptions. In addition to its electronic book and survey publishing, Janco also publishes award winning business software. » Read More

(eWeek)  Disaster recovery, security, business application services and hosted infrastructure topped CIOs' most-wanted lists. Disaster recovery and business continuity topped the list of CIOs' must-haves, while business application services and hosted/outsourced infrastructure rounded out the top of the list, compiled from Channel Insider research.

Backup, disaster recovery and business continuity are the services CIOs most want from solution providers, up 4 percent over last year to 21 percent, the research showed.

The CEO of Connecting Point, said from his perspective the increase was driven from the SMB (small and midsize business) side by new technology advances and increasing concerns about natural disasters as well as internal security threats. Especially from an SMB perspective, a total solution that protects all their assets hasn't been available until now. Some statistics show that as much as 80 percent of an SMBs assets are data, and that if that data were lost, breached or compromised it could mean the loss of the entire business.  Technology overall has just evolved in leaps and bounds. It's almost like a hungry monster that needs to be fed. But with technology evolving so quickly and data assets accruing at an alarming rate, security products and strategies were often left playing catch-up.

He added many SMB owners are not tech savvy enough to understand the technology needed for a total security solution. While many SMBs had auditors and staff responsible for monitoring financial and accounting records, that type of security service wasn't performed on the technology side. Who is auditing the data security, the technology portion of their company?

Business application services were second on the CIOs must-have list, at 18 percent, research showed.  Services that develop, install and maintain business applications, including software packages, software systems and even SAAS (software as a service), continue to be hot.  Many companies lack the resources to implement and maintain complex software packages, and prefer to save money and energy by finding a solution provider to handle that aspect of their business. The increased security and availability are an added bonus a solution provider can offer.

The president of the Utility Company, an outsourced IT provider, said business applications, especially hosted or outsourced applications, are a big growth area. For SMBs this is already happening with emerging models like software as a service and managed IT services. 

Though IT as a service dropped 2 percent from last year, it's still close to many CIOs' hearts, with 18 percent of the respondents saying they are looking for these services from their solution providers.  Unlike most other technology trends, this one started with SMBs and will "trickle up" into the enterprise. At the enterprise level this trend will evolve more slowly because companies have invested money and resources in on-site data centers and infrastructure that they find tough to get rid of, he said.

Some predict a hybrid model will evolve, whereby enterprises may choose services such as network management and slowly transition to a fully outsourced IT.  The fact is, the Internet is a high-powered, ubiquitous computing grid that can deliver the most complex technologies as a utility. This movement is inevitable and unstoppable.

» Read More

Federal regulations creating a uniform national ID card--called Real ID--take effect on May 11. If your state hasn't agreed in principle to upgrade its driver's licenses to be Real ID-compliant, you could have trouble traveling by air and taking advantage of some government services. » Read More

 (Janco) In these troubled times demand for key job is chaning with the IT Industry.

In large enterprises (Over $500 million or 150 IT professionals) there is high demand for:

• Chief Information Officer – VP
• VP – Information Service
• Director Production / Data Center
• Manager Application Development
• Computer Operations – Shift Manager
• Supervisor Network Services
• Manager Wireless Communications
• Data Center Facility Administrator

In mid-sized enterprises (between $100 and $500 million - 50 to 150 IT professionals) demand is high for:Chief Information Officer – VP

• VP – Security (CSO)
• VP Administration
• VP – Information Services
• Director IT Planning
• Computer Operations – Shift Manager
• Computer Operations – Shift Supervisor
• Supervisor Network Services
• Manager Wireless Communications
• Change Control Analyst

At the same time there is signifinantly lower demand for a number of positions within the IT function of large enterprises for:

• VP Administration
• Manager Computer Operations
• Manager Voice Data Communications
• LAN Application Support

In mid-sized enterprises lower demand exits for:

• Manager Computer Operations
• Manager Network Services
• Manager Productions Services
• Manager Voice Data Communications
• Data Security Administrator

» Read More

Disaster Recovery / Business Continuity Audit program identifies control objectives that are meet by the audit program. There are 36 specific items that the audit covers in the 11 page audit program. Included are references to specific Janco products that directly address the areas the audit covers. This program can be used as standalone audit program or in concert with the following Janco offerings:

• Disaster Recovery / Business Continuity Template
• Security Manual Template
• Security Audit Program Template
• Business and IT Impact Questionnaire
• IT Service Management for Service Oriented Architecture
• Metrics for the Internet and Information Technology

» Read More

Christmas came a bit early this year for manufacturers of backup power sources. The U.S. Federal Communications Commission has released rules mandating that mobile providers and local exchange carriers install backup power for cell sites and remote telecom facilities. The rules are a direct response to the communications meltdown after Hurricane Katrina. More recently, the bridge collapse in Minneapolis demonstrated how fragile — and still inadequate — the system is. A lesser publicized goal of the 700 MHz auction set for next month is to create a national broadband emergency network. The rules will also require companies to file a plan in six months about how they will meet the new demands. » Read More

You can order the IT Management Template Suite which contains all of Janco's templates, white papers, policies, and procedures. 

The IT Management Template Suite contains all of the templates necessary to create and manage a world class Information Technology function. 

Included are:

• Disaster Recovery Template
•  Security Manual Template
•  IT Salary Survey
•  IT Salary Survey 10 year comparative study
•  Functional Specification Template
•  Safety Program Template
•  IT Infrastructure, Strategy & Charter Template
•  IT Service Management Template
•  Practical Guide IT Outsourcing
•  Client Server Management HandiGuide
•  Internet & IT Position Descriptions HandiGuide
•  Metrics for the Internet & IT HandiGuide
•  Internet & PC Workstation Policies & Procedures HandiGuide
•  Business & IT Impact Questionnaire
•  Threat & Vulnerability Assessment Tool 

Order Now ......

Read On ....

» Read More

(Computerworld) Microsoft Corp. announced that it was killing the "kill switch" built into Windows Vista.

While it has never recognized the term "kill switch," Microsoft's beefed-up antipiracy software could effectively render a PC running Vista unusable for anything other than paying for a legitimate product key. Microsoft called that "reduced functionality." This fall, Apple iPhone owners called the practice "bricking." In all cases, users hated the concept and haven't been shy about sharing their opinions.

Someone at Microsoft must have been listening. But because the company's anticounterfeit scheme is both jargon-heavy and inherently confusing, an FAQ seemed like a good idea. Here's the scoop on the modifications.

What changes did Microsoft make? If you're thinking that Vista's product activation -- or its validation and revalidation -- are history, think again. Only the results of not activating a copy of Vista and of failing validation have changed, according to Alex Kochis, the senior product manager for Microsoft's Windows Genuine Advantage (WGA) program.

Specifically, Microsoft is ditching what it has called "reduced-functionality mode" and "nongenuine," the states that came into play when users didn't activate their copy within 30 days, activated it with an invalid product key or failed the persistent anticounterfeit validation tests that Vista did on itself from time to time.

» Read More

Apple's learning fairly quickly that Europe is a very different place, especially when it comes to mobile phones.

The iPhone went on sale Wednesday through wireless carrier Orange in France, marking the third European country to carry the phone within its borders. The launch also marked the debut of the third pricing strategy for the iPhone in the three countries: France, Germany, and the United Kingdom.

It appears that at least for a while, the iPhone is going to move more slowly for Apple in Europe. Orange said hopes to sell 100,000 iPhones by the end of 2007, and 400,000 to 500,000 in total by the end of next year, according to several reports Tuesday. Apple wants to sell 10 million iPhones next year in total, after expanding to Asia some time in 2008.

» Read More