Microsoft has been quietly testing a new program which pinpoints why Windows XP and Vista fail on a PC.  This new program has been driven by the fact that key members of the Microsoft management team are frustrated by the hits that Vista is taking because of what Microsoft feels are code beyond their control and the high image cost it pays because users blame everything that does not work on Microsoft.   An un-name Microsoft manager said. “When a user has a memory problem on their PC and it continues to re-boot, or a vendor program violates the protocols of Windows – Microsoft is blamed.  With Windows Advisor Microsoft will have a tool to help both the user and vendor to identify the source of the problem.”

Windows Advisor is an easy-to-use self-help tool that notifies users about problems on their PCs and helps fix them. Windows Advisor scans users’ PCs continuously, notifies them about important issues, and, when possible, suggests easy fix solutions. The program also provides users with self-help solutions, including a 1-click checkup function that enables them to check their PCs whenever they like; tips and tutorials that teach users how to perform certain actions on their PCs; and a toolbox that concentrates the important tools that are found in the operating system into one easy-to-find location » Read More

Data breaches are a fact of life with the advance of Wi-Fi, 3G, and remote computing as it is done in todays flexible business environment.

Data breaches and network intrusions occur because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. Some breaches do not expose such sensitive information; however, they still expose individuals to identity theft and business to a compromise of their electronic assets and that must be disclosed under Sarbanes-Oxley and various state laws.

Janco has defined a set of tools which enterprises of all sizes can use to be prepared to protect against breaches and intrusion, know when it occurs, and provides the ability to respond quickly when it does happen.

» Read More

In an IDG story it was disclosed that web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web sites, according to a security company in Taiwan.

The attack in China and Taiwan is ongoing. In addition with the impact of the earthquake and the associated relief efforts, the attack is having a huge impact. Even if they cannot successfully insert malware, they are killing lots of Web sites right now, because they are just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim Web sites.

In a SQL injection attack, an attacker attempts to exploit vulnerabilities in custom Web applications by entering SQL code in an entry field, such as a log-in. If successful, such an attack can give the attacker access to data on the database used by the application and the ability to run malicious code on the Web site.

Mass SQL injection attacks have increasingly become a security threat. In January, tens of thousands of PCs were infected by an automated SQL injection attack. That attack exploited a vulnerability in Microsoft Corp.'s SQL Server.

Thousands of Web sites have been hit by the attack, he said, noting that 10,000 servers alone were infected by malware on Friday. Most of the affected servers are in China, while some are located in Taiwan. The attackers appear to be using automated queries to the Google search engine to identify Web sites vulnerable to the attack, he said.

The attackers in the more recent outbreak are not targeting a specific vulnerability. Instead, they are using an automated SQL injection attack engine that is tailored to attack Web sites using SQL Server. The attack uses SQL injection to infect targeted Web sites with malware, which in turn exploits vulnerabilities in the browsers of those who visit the Web sites.

The malware injected by the attack comes from 1,000 different servers and targets 10 vulnerabilities in Internet Explorer and related plug-ins that are popular in Asia.

» Read More

Virtually all organizations must satisfy statutory records retention requirements, including broad-based requirements such as the Americans with Disabilities Act, the Age Discrimination in Employment Act and the Occupational Safety and Health Act. For example, the Sarbanes-Oxley Act impacts all public companies and has been a prime point for regulatory compliance. A few of the many mandated requirements are:

• SEC 17a
• FINRA 3010
• FDIC Advisory
• Investment Advisors Act of 1940 (hedge funds)
• Gramm-Leach-Bliley Act
• IDA 29.7
• FDA 21 CFR Part 11
• OCC Advisory
• HIPAA
• Financial Modernization Act 1999
• Medicare Conditions of Participation
• Fair Labor Standards Act
• Americans with Disabilities Act
• Toxic Substances Control Act
• UK Data Protection Act
• UK Companies Act
• UK Company Law Reform Bill - Electronic Communications
• UK Combined Code on Corporate Governance 2003
• UK Human Rights Act
• UK Anti-Terrorism, Crime and Security Act 2001
• Basel II
• Markets in Financial Instruments Directive

Although many records retention requirements do not impose specific requirements on email or instant messages, Janco has found that approximately 80% of enterprises use email for closing orders or performing other types of business transactions. As a result, email is housing a greater proportion of corporate and other records and so increasingly is subject to statutory records retention requirements.

» Read More

Information Technology needs to be able to adapt to enterprise needs quickly in the ever-changing business environment. Five basic business requirements and the necessary IT capabilities and responses are:

 

Business Requirement	IT Requirement
Quick Time-to-Market	Ability to roll our new applications and technology is expanded with the use of System-Oriented Architecture (SOA) http://www.e-janco.com/itsm.htm
Restructuring business due to merger, acquisition, or divestiture	Ability to add, change and eliminate IT operations thru an effective design and implementation of a structured IT Infrastructure for both networks and data centers http://www.e-janco.com/Infrastructure.html
Integration of IT technology with business operations	Ability to implement and operate on a 7 by 24 basis for all applications, application support, network, and processing operations.  this includes having integrated Business Continuity and Disaster Reovery Plans implemented http://www.e-janco.com/DisasterPlanning.htm
Compliance with mandated security and financial reporting requirements	Defined policies, procedures, and processes which quickly and efficiently support business operations without hindering to overall effectiveness of the processes that are put in place to support them http://www.e-janco.com/Security.php
Maintain an ROI which is supports the long-term objectives of the business	Metrics that are tied to the Critical Success Factors (CSFs) the enterprise and are supported by defined Service Level Agreements (SLAs) http://www.e-janco.com/metrics.htm http://www.e-janco.com/sla.htm

» Read More