A Beautiful & Successful My Green IT Day

On April 27, 2011 Nitro IT Business Solutions partnered with TechnoPlanet, Tripp Lite, and Andash Property Management to bring My Green IT Day to Ottawa. Simple ideas that benefit everyone – and helps the environment.

MyGreenITDay.com was created to help IT businesses give back to the environment by partnering with industry leading technology companies who specialize in environmentally-friendly disposal, repair and repurposing of obsolete and non-functioning technology equipment. It is their belief that if every business held one 'Green IT Day' per year, it would help keep landfills and our drinking water safe from pollutants used in the manufacture of older computers, printers, faxes, networking components, peripherals, etc.

Tons of technology equipment waste continues to fill up our landfills and pollute our environment every day. This Nitro-specific My Green IT Day movement encouraged people to do something simple to reduce the impact of IT waste on the environment––it was a great success! A very special thank you to our sponsors and to all that participated––we could not have done it with out you!

To view photos of the event, please click here.
To view the official press release from TechnoPlanet, please click here.

Game Over In The CPU Wars?

I don't know how many of us paid any particular notice to Intel's recent announcement of the E7 processors.  I mean, isn't it more of the faster, bigger, more efficient, more functional same?

Well -- yes and no.

For me, it's the final sign that -- yes -- the era of Big Unix on proprietary RISC processors is finally coming to a close.

No Tears Lost

I came of age in the era of Big Unix, and its associated RISC microprocessors.  The 88000. MIPS.  SPARC.  PowerPC.  Itanium.  Long debates on who had the "best" processor -- fastest, most efficient, most scalable, etc.  

All apparently now irrelevant, consigned to the growing dustbin of historical computer science and technology debates.  

The answer is in: Intel wins, and so do vendors *and * customers.

The Complexity Tax

Having to support multiple versions of anything -- processors, operating systems, networks, etc. -- costs money. 

Speaking from a vendor's perspective (EMC) we spend an enormous amount of money each and every year to support the vast and diverse technology choices our customers make.  While that is laudable in many regards, the reality is that we could be spending all that money on creating cool new technologies, or deeper integrations with fewer choices.

The same thing plays out in our customer environments -- so much of every IT dollar gets sucked up in supporting diversity and its resulting complexity.  At some point, the technologist's cry of "best of breed" gets subsumed by the more pragmatic "we've got a business to run here".

Any time the IT industry can largely agree on a foundational technology (like Ethernet, for example) we all win: customers and vendors alike.

Early Cloud Discussions

Way back in early 2009 when I started writing about private clouds and all of that, one of the foundational tenets was that we were going to be living in an Intel world, processor-wise.  And that was going to be a good thing.

We had to be very clear at the time -- don't make the mistake of thinking that there will be meaningful SPARC-based clouds (still a viable processor at the time!), or PowerPC-based clouds, or (heaven forbid) Itanium-based clouds.  

Whether whether it was a public, private or hybrid cloud model being discussed -- the vast mainstream would be running on Intel, using presumably VMware as a hypervisor.  Two years later, that's exactly where we are.

The hardest part -- at the time -- was putting this rather controversial view of the near-term future in front of customers who were heavily committed to non-Intel processors.  They would push back, and demand a cloud approach that used their preferred combinations of processor technologies.

"Why can't you simply cloudify everything I already own?", they would ask.  Probably for the same reason we can't Ferrari-ize all the cars in your garage, I would think.

The enterprise computing and service provider world was going to Intel, and very quickly -- compared to other industry transitions.  The forces at play in the industry were just too strong.  Betting against Intel's preferred role would be like betting against Ethernet, I would claim.

The IDC Data Doesn't Lie

Those of you in the storage business probably recall that many of us consider IDC's market data the "gold standard" in the storage business.  Not surprisingly, they do the same thing for the server market as well.

Getting access to their data requires a paid subscription, but the message has been brutally clear for many years: every year, more money gets spent on Intel-based architectures, and less money gets spent on everything else put together.

Indsutry watchers realize that we're perhaps far beyond the "tipping point" where ecosystem effects take over.  Intel gets the amazing benefits of scale.  Everyone who writes software, or designs compatible hardware will inevitably Intel first and foremost.

Even here at EMC, that discussion has come and gone.  We've long been an Intel-first shop -- not only for our IT environment, but for most every hardware product EMC builds, and every software product we ship.  

Consolidation and standardization occurs, and then we all move on.  And that's what has clearly happened here.

That One Guy In The Room

I do a lot of customer briefings, and I occasionally meet That One Guy who isn't having any of it.  

I present my case for an Intel-centric world, based on virtualization and cloud principles.  AndThat One Guy digs in with both feet, and musters every argument he can to show that I'm either completely wrong, or at least FUD up the discussion a bit.

Frankly, I don't have to give this person the stink eye.  Why?  All his co-workers are doing it for me.  They're usually thinking "this is a losing battle, why can't we just move on?".  

My point exactly.

From Integration To Migration To Replatforming

If I was having a "we're going to a cloud model" discussion with customers last year at this time, there would likely be the inevitable discussion around how to incorporate and integrate their legacy application stacks (code plus processor) into their envisioned "cloud".

These discussions were awkward, to say the least.  I kept having mental images of trying to integrate fibre optic interfaces into punched card readers.

Fortunately, I haven't had one of those discussions in a long while.

Instead, the discussion is instead about migrating their critical applications to the new cloud stack: Intel, VMware, etc. -- most often in a Vblock configuration.  It's the new "big Unix".  And, for some customers, it's the new mainframe.

And, in turn, these early migration discussions have further evolved into replatforming discussions.  Migrations usually involve recreating the exact same functionality in the new environment.  Replatforming usually involves doing more with the new platform at hand.

Many of these larger, legacy applications try to solve the world's problems using their internal logic.  They try to manage their own performance, their own security, their own data protection, and so on.  Much of the interesting bits of re-platforming involves externalizing these requirements to be provided by the environment vs. from within the application.

Ultimately, their goal is to re-invest their "cloud dividend" in creating new functionality for the enterprise. 

And that's a very cool thing when you see it.

The Chain Of Good Deeds?

Intel continually doubles down in its architecture investments, and ends up creating the de-facto platform for enterprise computing.  The IT ecosystem recognizes this, and invests in creating value-add around the Intel platform vs. trying to support several flavors of CPU.

Customers recognize this, and gain enormous benefits in performance, efficiency, functionality and standardization.  The dividends are re-invested back into IT to create applications and infrastructure that can power the business in new ways that weren't acheivable in the previous model.

Has Your IT Team Gotten The Message?

If you're running a decent-sized IT shop, look around and ask the question: what's the plan for migrating off the niche stuff, and getting onto the mainstream?  The reason is clear: with every passing year, you'll find yourself at a growing disadvantage compared to those that have already made the move.

You'll be paying more, and getting less.

Internally, you'll probably have a tough road.  For example, you'll likely encounter Stockholm Syndrome in the process.  Many of your IT staff have likely built their careers -- indeed, their self-identity -- around these proprietary processor and software stacks.  They spend lots of time with the vendor.  They go to the specialty shows and events.  They network with others like them. 

And no amount of logic is likely to budge IT people in this unfortunate situation.

Now, to be fair, the vendors of these non-Intel server systems will likely move heaven and earth to get you to stay with them.  They'll throw in discounts, professional services, free software -- whatever it takes to get you to not make the big switch to mainstream server and software architectures.

Don't underestimate the persuasive power of a large, entrenched vendor.  IBM, in particular, is very proficient at this particular skill.  For example, to this day you'll still meet people running Lotus Notes (or i Series!) for example.

Maybe you don't have the resources right now for a full-scale migration, but there's no real excuse for not having a stated point of view, and a rough plan to get there.  And there are plenty of capable professional services firms (EMC included) who'd be glad to help you get from here to there when you're ready.

Back To The Role Of IT?

I believe one of the most powerful things going on in the IT world is the shift in roles: from being viewed as a cost center to being viewed as a value generator.  Ruthlessly standardize and optimize how IT is built, operated and consumed (e.g. cloud) -- and invest your new-found "cloud dividend" in becoming more relevant to the business -- more agile, more responsive and more innovative.

And, from that point of view, being able to standardize on a single enterprise processor architecture represents yet another opportunity to pursue that worthwhile goal.

The Role Of Service Providers In Breaking The Stockholm Syndrome

I work with enterprise IT groups.  I also work with a growing cadre of enterprise-focused IT service providers.

And, occasionally, I spot an area where one group can help the other in a deep and very strategic way.

Running An Enterprise IT Group Is Hard Work

I meet with IT leaders on a regular basis.  You might think it's all about shamelessly pitching EMC products and services, but -- no -- you'd be wrong.

No, where I spend my time is in listening and sharing: listening to them and their challenges, and sharing what I see other people doing about similar problems.  Sure, the discussions frequently vector back to what EMC is doing -- that's to be expected -- but that's not the goal.

And one of the biggest challenges I'm hearing in certain IT organizations is what I call "overcoming the Stockholm Syndrome".

Where IT People Can Go Wrong

Imagine you're an Oracle administrator or architect in a large IT setting.  (Note: I'm not picking on Oracle, I'm using them as an example). You, the Oracle professional, have spent a good portion of your career getting really damn good at it.  You've gotten all the trainings and certifications.  You go to the various Oracle-sponsored events.  You read all the Oracle-related tech blogs and hang out in the Oracle-focused communities.

Inevitably, you spend a lot of time with the Oracle sales and technical teams.  You build personal and professional relationships with people like you who are similarly committed to the Oracle environment.

All good.  But then, things change.

The IT leadership thinks its time to move on to a different database strategy, and -- perhaps -- a different database vendor entirely.

All of the sudden, you feel very threatened.  All that work, all that investment, all that expertise -- now being challenged by a shift in strategy and business requirements.  This is serious stuff, from a personal and career perspective.

Who do you align with?  The organization that pays your bills, or the vendor that has essentially defined your professional career?

That -- in a nutshell -- is what I call the IT Stockholm Syndrome.

Let's be clear -- I'm not picking on Oracle, or Microsoft, or IBM, or HP, or any vendor in particular.  

IT people inevitably invest deeply in individual technologies and vendor offerings as a way to increase their value, not only for themselves, but the organizations they work for.  That's to be expected, isn't it?

The IT Leadership Challenge

Now, imagine you're an IT leader, chartered with making meaningful changes in the IT organization.  You weren't hired for a business-as-usual role.  You're the agent of change.

As you look through your IT organization and vendor affiliations, you realize that there are vendors who are motivated to help you transform, and those that are most definitely have a strong incentive to maintain the unproductive status quo.

To make matters worse, significant parts of your IT talent are essentially "Stockholm Syndrome" career hostages to particular vendors.  They've defined their entire value proposition -- indeed, sometimes their personal identity -- around some of the vendors you'd prefer to not work with going forward.

You're now faced with a thorny dilemna -- tactically, you need these people to run the as-is IT model, but -- at the same time -- you realize that you'll want far less of these people in the future model.

You'd go hire a bunch of people with the new skill sets -- and the new attitudes -- you need, but that isn't in the budget for the time being.  Not to mention being incredibly disruptive.  What to do?

And that's where the use of targeted service providers can be a boon ...

The Service Provider As The Pre-Fab IT Organization

Going back to our Oracle example, imagine a focused and trustworthy enterprise-focused IT service provider who had a demonstrated competency in the target database environment you'd prefer to move towards.

No need to invest heavily in new licenses, maintenance, or infrastructure to support it. 

No need to hire a plethora of experts who understand the new database technology. 

No need to seriously re-jigger internal processes around the new database platform. 

Start by pointing the new external service at less-than-critical workloads -- just to get a feel for things.

Start to consume as a service, and -- if it goes well -- consume more.  If it doesn't go well, you've minimized your exposure.  And, if it goes really, really well -- consider making the investment to bring that expertise in-house, if that's what you need.

With this scenario, you've positioned yourself perfectly -- you can move in the direction you'd like, with a minimum of internal stress and disruption.  Your investments -- and options -- are optimized.

Once again, I'm using databases and Oracle as an example, but we could be talking about almost anything in the IT environment where there's a strategic change indicated, and the internal team has essentially "gone native" against the change.

The Message For Service Providers

On my other blog, I frequently share with our service providers what enterprise IT leadersreally want.  The enterprise-focused SP crowd is great to work with, but frequently hasn't spent a lot of time working directly with senior levels of IT organizations, so they're sometimes a bit fuzzy as to how things really work.

One of the areas I'm promoting to them is along these lines.  Sure, everyone needs to offer the usual enterprise choices as-a-service; there's a great market there.  No doubt.

But, at the same time, I'm also encouraging them to get ahead of the next platform that IT leadership will likely want to move to: that next-gen collaboration environment, that next-gen application development environment, that next-gen user experience environment, and so on.

So many SPs position themselves to do exactly what enterprise IT groups are doing today, only faster, better, more efficiently, etc.  

A few have figured out a far stronger position -- not only doing the usual, but also supporting the environment that IT leadership would like to get to, but can't for one reason or another.

And I think we'll see more of that before long :)

Twitter Chat on the Internet Security Threat Report

The Internet is now a veritable minefield of malware, and it’s becoming more and more difficult to navigate. Every year, hundreds of millions of new threats appear and cybercriminals are constantly changing tactics hoping to catch users off-guard.

On Tuesday, April 26 at 10 a.m. PST, join me and Marc Fossi for a live Twitter discussion on the latest Internet Security Threat Report. We will discuss the report and answer your questions using the #SecChat hash tag.

This year’s report notes that Symantec detected more than 286 million new threats in 2010. This number grows every year, and in 2011, some of these threats will be pointed toward you. Many companies found that to be the case last year. The ISTR covers the trends and tricks used in targeted and massive attacks by cybercriminals. Among the trends from the report to be discussed will be the proliferation of attack kits - pre-written malicious code that purchasers can use to exploit vulnerabilities in Internet browsers and operating systems, the exploitation of social networks and URL shortening services to social engineer attacks, and the increase in Zero-day vulnerabilities in 2010.

The ISTR reports that there was a 42% increase in vulnerabilities on mobile OS platforms in 2010. This shows that the conditions are ripe for a break out in mobile threats. We'll talk about what we've seen and what we expect.

We also want to hear from you on what challenges you are facing each day and how you deal with the current threat landscape.

We hope you will join us for the Twitter discussion. You can participate in the discussion by following the #SecChat hash tag on Twitter.

What Does the Consumerization of IT Mean to You?

More than ever before, smartphones are keeping us connected both personally and professionally. Because most of us have a preference as to the ideal smartphone, IT departments are increasingly being tasked with managing a mix of business-liable and employee-liable devices. This trend has become known as the consumerization of IT.

Symantec has developed a short survey to get smartphone end users’ perspectives on this trend. We’d also like to learn more about how your employer is managing the growing use of smartphones, especially those being purchased and brought into the organization by employees. The quick five minute survey can be found here:http://bit.ly/gsdgmX

By Spencer Parkinson

Spammers Intend to Make You an Easter Bunny

Easter is a Christian holiday centered on the death of Jesus Christ and his subsequent resurrection several days later. Hence Easter is an important holiday for Christians. But what gets associated with Easter is beautifully decorated Easter eggs found on every decorated shop window this season, and of course the Easter Bunny! To celebrate Easter, people exchange Easter eggs and, with the evolution of time, today we have personalized e-cards and personalized gifts. Spammers have begun to exploit the season by sending personalized e-cards, gift cards, and replica-spam emails.

Here is a screenshot of a personalized Easter e-card:

Here are some of the headers used in Easter e-card spam:

Subject: Give your child the gift of amazement A Package from The Easter Bunny.

Subject: The Most Popular Gift for Kids this Easter 2011

Subject: Send A Personalized Easter Bunny Letter

Subject: How To Make This Your Childs Best Easter Ever.

Subject: This is the secret to making your kids happy this Easter.

Subject: Personalized Easter Bunny Letters

From: "The Easter Bunny" <The.Easter.Bunny@removed.com>

From: "Easter Bunny" <Easter.Bunny@removed.com >

Where personalized Easter gifts are concerned, spammers have targeted replica products offers at unimaginable discounts (as shown in the image below). To create a frenzy, they have also suggested that they have limited stock and therefore one must “HURRY”! But do not get carried away with such false promises. This could be bait used by the spammers to get a hold of the user’s personal information.

Screenshot of the Web site selling fake replica watches:

As Symantec wishes all our readers a very happy Easter, we also advise you to be cautious when handling unsolicited or unexpected emails, especially during this Easter season. Updating antispam signatures regularly protects your personal information from being compromised.

Thanks to Anand Muralidharan for contributed content.

New Malware can Automatically Register Facebook Applications

A few months ago, at least prior to February 7th, Sality operators pushed a new malware onto their P2P network of infected bots. The malware in question hooks into Internet Explorer using its standard COM interface, and gathers credentials submitted via web forms. February’s variant treated Facebook, Blogger, and Myspace logon information differently: on top of stealing and sending the username/password to a Command and Control (C&C) server, the information was also dumped to an encrypted file, onto the user’s compromised computer. At that time, the plausible guess was that these credentials would be used by upcoming malware – the Sality programmers are very imaginative.

This was confirmed last weekend. The newest Sality package contained a new malware, on top of their usual spam/web relays. The malware searches for encrypted files containing either Facebook or Blogger credentials (Myspace is left aside). If such files are found and contain credentials, the malware then connects to a C&C server (74.50.119.59, hosted in Florida) to request an “action script”. Such scripts look like C programs and are interpreted by the malware itself. The main goal is to automate Internet Explorer actions. On Monday, April 11th, the script sent when Facebook credentials were found on the local machine was the following:

The function names are self-explanatory. The script, when executed, performs the following actions:

• Create a visible instance of Internet Explorer.
• Navigate to facebook.com.
• Log in.
• Go to the Facebook app #119084674184 page: this application, named VIP Slots, has been around for a few years.
• Grant access to this application.
• Close the browser instance.

The permission required by VIP Slots is only “Basic information”, meaning your name and gender, profile picture, networks, and list of friends. The application itself does not seem to exhibit malicious behavior, but the fact that a malicious program interacts with it is very troubling. The end-goal is not determined at this stage: registering the user could serve as aggressive spamming (application posts appearing on your news feed), or a way to get more users to use the app, for monetary purpose (by buying virtual credits). The application could simply be an innocent party.

Another script was also distributed. The actions taken by this generic script were the following:

• Create an invisible instance of Internet Explorer.
• Go to google.com.
• Search for “auto insurance bids”.
• Close the browser instance.

This script could serve experimentation purposes. It could also be a very convoluted way to measure the propagation of their creation: Google Trends report a recent peak for this search term.

As of today, it appears script distribution has stopped. However, new scripts could be distributed in the future as the C&C server is still up and running.

Our latest definitions detect this malware as Trojan.Gen. Facebook users may see which applications they are currently subscribed to by checking their Privacy settings > Apps and Websites page.

World Record for Disaster Scam Site?

pproximately two hours after an 8.9 earthquake hit northeast Japan we spotted the first potential donation scam site. We’ve seen this before of course, but for a scam site to appear in just two hours–indexed and with content–is pretty damn quick in my experience. Hundreds of domains that could be related to the disaster have been registered so far today; we’re keeping an eye on them.

Please ensure that when you donate to victim relief efforts, that you do so through legitimate sites.

  1. .Org domains are cheap. Registering does not authenticate charitable status in any way. Verify that the organization is actually a registered charity.

  2. Domain solicitations that arrive by unsolicited email, especially those sounding overly urgent or desperate, are very likely to be scams

  3. The same goes for advertising banners

  4. If you’d like to help, I recommend you support one of the major international organizations that have a “most in need” fund

The types of scams to expect are fake donation and charity sites (including charity phish), 419 variants, fee based loved-ones locators, tweets pointing to scams and, of course, exploit-laden search-engine optimized sites installing malware.

This post from our cybersecurity mom, Tracy Mooney, charitable giving may also be of use.

Stay safe!

- Post by Chris Barton, McAffe

Need Olympic Games Ticket Information?

Are you looking for information on the London 2012 Olympic Games or tickets to the games? Then call the London Olympics 2012 Ticket Information service on:

…Actually please don’t!

Their grey small-print ad declares that calls cost £1.02 per minute and rightly (but pretty much illegibility) claims “this service is not connected with the London2012.com website.” It also says “this information service is provided as is and is without any warranty or guarantee to its accuracy or fitness for any particular purpose.” If that’s true, then why bother?

I have always had an ethical issue with premium-rate information lines profiteering from otherwise free and high-quality information resources. Official information regarding 2012 ticketing is available via www.london2012.com. It’s a great site and the only one you’ll need and clearly links to the ticketing subsite at www.tickets.london2012.com. The legitimate site even has a page that documents a heap of scams they’ve seen already! Clearly scammers and cybercriminals will continue to use sporting events as a lure to relieve people of their money. Stay informed. Stay updated. Stay safe.

- Post by Chris Barton, McAffe

Cloud potential to scale is highly dependent upon a smart network infrastructure

Cloud enterprise architecture is the new apps-on-tap, utility computing, central mainframe/thin client orthodoxy (care to recall the time-share computing days … hey, FORTRAN is even still around!).

What’s new is old; except in the case of enterprise cloud, the net-new requirement is optimizing the underlying network infrastructure to deliver reliable, secure, compliant scale and speed for on-demand provisioning of business-critical applications, with minimal human (read:  professional consulting) intervention.

At odds with enterprise cloud is the traditional outsourcing services model.  Yes, you may end up paying less over time but your deployment, systems integration and app development/provisioning time-to-market is no greater, and in fact, often turns out to be more elongated.

Inherent is this dilemma is what Rob Whiteley of Forrester terms the “automation imperative.”  Whiteley’s Law says that the greater demand for the business to evolve its IT model, i.e., from client/service to cloud, the greater the IT skills gap grows, thus the imperative to automate as many execution elements of the network that delivers the necessary capacity and intelligence to make cloud work.

Another challenge to delivering the quality of service expectations of cloud enterprise architecture is the inherent nature of scale across thousands of users and multiple geographies; for example, a Japanese multi-national conglomerate was able to leapfrog the competition with a new on-line photo-sharing service built in a cloud-based development and test environment residing totally in the network.  Implementation of the environment across multiple geographies and thousands of users allowed the company to experience a five-fold decrease in conventional systems integration and development costs.

In order to solve the automation imperative and scale dependencies, critical to the success of cloud enterprise architecture, is to first employ a robust network lifecycle management initiative.  Network lifecycle management can enable the enterprise, for example, to gain trusted visibility to real-time information about what is installed in the network and how devices are connected, even to the granular degree of the exact device feature set and OS versions, and network topologies configured inefficiently, and thus which are prime candidates for evolving to cloud.

An automated view of the network-level device inventory can also aid the organization in determining regulatory compliance standards, security policy adherence and even network performance metrics in terms of application delivery and business process optimization.  For example, greater transparency to network performance systems that are smart-enabled can send automated intelligence data feeds to network managers if certain components in the network are not functioning properly, empowering administrators to quickly and proactively prevent potential IP network issues and deliver a more predictive user experience.

Organizations will realize even more value for their cloud implementations by also examining the return-on-investment of the “operate” phase of the initiative, which often is several times the cost of the capital investment.  A key way to reduce operate costs is the minimization of bandwidth overcapacity.  Traditionally, performance problems are often addressed by throwing more bandwidth at the problem.  If the problem is on the application or configuration side, however, a costly increase in bandwidth will not necessarily solve the root cause and inadvertently increase long terms costs.

In cloud enterprise architecture, business processes and applications are virtualized in the IP network, and as such, network performance and availability are linked to profitability and shareholder value.  A comprehensive network infrastructure transformation campaign can lay the groundwork for a successful cloud implementation by determining at the continuity phase how to demonstrably increase the knowledge of the network control points, reduce potential security and compliance impacts, and accurately balance performance versus cost tradeoffs.

-Post by Atchison Frazer, Cisco

Phishers Have No Mercy for Japan

On March 11, 2011, Japan faced its worst nightmare when a massive earthquake struck with a magnitude of 9.0. Nations all over the world are giving their support through aid to Japan. On the other hand, phishers are trying to take advantage of this situation to steal and exploit well meaning donors.

Symantec observed a phishing site that spoofed a popular payment gateway requesting a donation for Japan’s earthquake victims. Phishers paid attention to every minute detail to make the page look like the legitimate brand’s Web site. On the top left corner of the page, phishers used the logo of the American Red Cross, a humanitarian organization, to make it appear that the donation would be sent to them! A donation summary was highlighted towards the left of the phishing page that displayed an amount of one euro. A hyperlink, “Donation for Japan earthquake victims”, was provided with the donation summary which redirected back to the same phishing page. Phishers fixed the considerably small amount of one euro in the hopes that users would be willing to pay the amount without hesitation.

There were two options of payment that users were required to select from. The first option was for customers of the brand, prompting them to pay from their account with the brand. The second option was to provide credit or debit card details. The card details asked for included card type, user name, date of birth, social security number, mother’s maiden name, postal address, telephone number, and email address. After the required information was entered, the phishing site displayed a “Thank you” message. The phishing site was hosted on servers based in Torrance, USA. Phishers have been devising strategies by which they can steal user’s confidential information for financial gain; fake donations, as this one, have been common bait.

Internet users are advised to follow best practices to avoid phishing attacks:
•    Do not click on suspicious links in email messages.
•    Avoid providing any personal information when answering an email.
•    Never enter personal information in a pop-up screen.
•    Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.

- Posted by Matthew Manlyara, Symantec

Social Networking’s Impact on Modern Business

Here at Cisco we keep a close eye on the evolution of social networking in the enterprise. While many companies are still determining the best ways to leverage these tools, one thing is for sure – social networking will continue to shape the ways in which businesses collaborate and communicate, inside and outside the enterprise.

Today Cisco announced the findings of a study on social networking and its adoption in the enterprise.  Based on interviews with more than 100 companies from more than 20 countries, the study explores the primary tools being used, which areas of business are adopting them and how they’re putting them to use, and some of the challenges that are arising.

One of the lead researchers, Neil Hair of the Rochester Institute of Technology, discusses two of the study’s most interesting findings:  the proliferation of social media tools to new areas of the business and the growing need for governance models. 

Cisco Services SVP Nick Earle also weighs in about the impact he’s seeing social media and collaboration tools have on companies around the world and what businesses can do to better manage them.

Highlights of the study include: 

• Of the organizations interviewed, 75 percent identified social networks as the consumer-based social media tools they primarily use, while roughly 50 percent of the group also identified extensive use of microblogging.
• Social networking tools are spreading into core areas of the value chain, including the marketing and communications, human relations, and customer service departments.
• Small and medium-sized businesses are actively using social networking channels to generate leads, but this remains a growth opportunity for larger companies.
• Only one in seven of the companies that participated in the research noted a formal process associated with adopting consumer-based social networking tools for business purposes, indicating that the potential risks associated with these tools in the enterprise are either overlooked or not well understood.
• Only one in five participants identified any policies in place concerning the use of consumer-based social networking technologies in the enterprise.
• Only one in 10 respondents noted direct IT involvement in externally facing social networking initiatives. Although the IT department is typically not involved as a primary decision maker, respondents did recognize the need for these tools to scale and properly integrate with existing business processes to reap maximum benefits.

- Post by Gareth Pettigrew, Cisco