The attack in China and Taiwan is ongoing. In addition with the impact of the earthquake and the associated relief efforts, the attack is having a huge impact. Even if they cannot successfully insert malware, they are killing lots of Web sites right now, because they are just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim Web sites.

In a SQL injection attack, an attacker attempts to exploit vulnerabilities in custom Web applications by entering SQL code in an entry field, such as a log-in. If successful, such an attack can give the attacker access to data on the database used by the application and the ability to run malicious code on the Web site.

Mass SQL injection attacks have increasingly become a security threat. In January, tens of thousands of PCs were infected by an automated SQL injection attack. That attack exploited a vulnerability in Microsoft Corp.'s SQL Server.

Thousands of Web sites have been hit by the attack, he said, noting that 10,000 servers alone were infected by malware on Friday. Most of the affected servers are in China, while some are located in Taiwan. The attackers appear to be using automated queries to the Google search engine to identify Web sites vulnerable to the attack, he said.

The attackers in the more recent outbreak are not targeting a specific vulnerability. Instead, they are using an automated SQL injection attack engine that is tailored to attack Web sites using SQL Server. The attack uses SQL injection to infect targeted Web sites with malware, which in turn exploits vulnerabilities in the browsers of those who visit the Web sites.

The malware injected by the attack comes from 1,000 different servers and targets 10 vulnerabilities in Internet Explorer and related plug-ins that are popular in Asia.

Disaster recovery and business continuity topped the list of CIOs' must-haves, while business application services and hosted/outsourced infrastructure rounded out the top of the list, compiled from Channel Insider research.

Backup, disaster recovery and business continuity are the services CIOs most want from solution providers, up 4 percent over last year to 21 percent, the research showed.

The CEO of Connecting Point, said from his perspective the increase was driven from the SMB (small and midsize business) side by new technology advances and increasing concerns about natural disasters as well as internal security threats. Especially from an SMB perspective, a total solution that protects all their assets hasn't been available until now. Some statistics show that as much as 80 percent of an SMBs assets are data, and that if that data were lost, breached or compromised it could mean the loss of the entire business.  Technology overall has just evolved in leaps and bounds. It's almost like a hungry monster that needs to be fed. But with technology evolving so quickly and data assets accruing at an alarming rate, security products and strategies were often left playing catch-up.

He added many SMB owners are not tech savvy enough to understand the technology needed for a total security solution. While many SMBs had auditors and staff responsible for monitoring financial and accounting records, that type of security service wasn't performed on the technology side. Who is auditing the data security, the technology portion of their company?

Business application services were second on the CIOs must-have list, at 18 percent, research showed.  Services that develop, install and maintain business applications, including software packages, software systems and even SAAS (software as a service), continue to be hot.  Many companies lack the resources to implement and maintain complex software packages, and prefer to save money and energy by finding a solution provider to handle that aspect of their business. The increased security and availability are an added bonus a solution provider can offer.

The president of the Utility Company, an outsourced IT provider, said business applications, especially hosted or outsourced applications, are a big growth area. For SMBs this is already happening with emerging models like software as a service and managed IT services. 

Though IT as a service dropped 2 percent from last year, it's still close to many CIOs' hearts, with 18 percent of the respondents saying they are looking for these services from their solution providers.  Unlike most other technology trends, this one started with SMBs and will "trickle up" into the enterprise. At the enterprise level this trend will evolve more slowly because companies have invested money and resources in on-site data centers and infrastructure that they find tough to get rid of, he said.

Some predict a hybrid model will evolve, whereby enterprises may choose services such as network management and slowly transition to a fully outsourced IT.  The fact is, the Internet is a high-powered, ubiquitous computing grid that can deliver the most complex technologies as a utility. This movement is inevitable and unstoppable.

• Chief Information Officer – VP
• VP – Information Service
• Director Production / Data Center
• Manager Application Development
• Computer Operations – Shift Manager
• Supervisor Network Services
• Manager Wireless Communications
• Data Center Facility Administrator

In mid-sized enterprises (between $100 and $500 million - 50 to 150 IT professionals) demand is high for:Chief Information Officer – VP

• VP – Security (CSO)
• VP Administration
• VP – Information Services
• Director IT Planning
• Computer Operations – Shift Manager
• Computer Operations – Shift Supervisor
• Supervisor Network Services
• Manager Wireless Communications
• Change Control Analyst

At the same time there is signifinantly lower demand for a number of positions within the IT function of large enterprises for:

• VP Administration
• Manager Computer Operations
• Manager Voice Data Communications
• LAN Application Support

In mid-sized enterprises lower demand exits for:

• Manager Computer Operations
• Manager Network Services
• Manager Productions Services
• Manager Voice Data Communications
• Data Security Administrator

Disaster Recovery / Business Continuity Audit program identifies control objectives that are meet by the audit program. There are 36 specific items that the audit covers in the 11 page audit program. Included are references to specific Janco products that directly address the areas the audit covers. This program can be used as standalone audit program or in concert with the following Janco offerings:

• Disaster Recovery / Business Continuity Template
• Security Manual Template
• Security Audit Program Template
• Business and IT Impact Questionnaire
• IT Service Management for Service Oriented Architecture
• Metrics for the Internet and Information Technology

You can order the IT Management Template Suite which contains all of Janco's templates, white papers, policies, and procedures. 

The IT Management Template Suite contains all of the templates necessary to create and manage a world class Information Technology function. 

Included are:

Order Now ......

Read On ....

(Computerworld) Microsoft Corp. announced that it was killing the "kill switch" built into Windows Vista.

While it has never recognized the term "kill switch," Microsoft's beefed-up antipiracy software could effectively render a PC running Vista unusable for anything other than paying for a legitimate product key. Microsoft called that "reduced functionality." This fall, Apple iPhone owners called the practice "bricking." In all cases, users hated the concept and haven't been shy about sharing their opinions.

Someone at Microsoft must have been listening. But because the company's anticounterfeit scheme is both jargon-heavy and inherently confusing, an FAQ seemed like a good idea. Here's the scoop on the modifications.

What changes did Microsoft make? If you're thinking that Vista's product activation -- or its validation and revalidation -- are history, think again. Only the results of not activating a copy of Vista and of failing validation have changed, according to Alex Kochis, the senior product manager for Microsoft's Windows Genuine Advantage (WGA) program.

Specifically, Microsoft is ditching what it has called "reduced-functionality mode" and "nongenuine," the states that came into play when users didn't activate their copy within 30 days, activated it with an invalid product key or failed the persistent anticounterfeit validation tests that Vista did on itself from time to time.

Apple's learning fairly quickly that Europe is a very different place, especially when it comes to mobile phones.

The iPhone went on sale Wednesday through wireless carrier Orange in France, marking the third European country to carry the phone within its borders. The launch also marked the debut of the third pricing strategy for the iPhone in the three countries: France, Germany, and the United Kingdom.

It appears that at least for a while, the iPhone is going to move more slowly for Apple in Europe. Orange said hopes to sell 100,000 iPhones by the end of 2007, and 400,000 to 500,000 in total by the end of next year, according to several reports Tuesday. Apple wants to sell 10 million iPhones next year in total, after expanding to Asia some time in 2008.