|
|
|||||||||||||
**** NewsBytes **** NewsBytes **** NewsBytes ****
Broadband deals
Fast Internet connectivity continues to explode in its diversity of services. Here are some of the latest offerings.
A new low-end barrier for full-speed, 512Kbps broadband claims to have been broken with a £14.99 per month service called from Home Lite from PlusNet. The 1GB bandwidth allowance is tracked and capped at £2.99 per month, similar to market pioneers MetroNet and BT's recent "Basic" service.
Speed leaders Bulldog Communications have launched a special offer 8-times-broadband 4Mbps service for £39.99 per month, but the full 4Mbps is only at off-peak times, returning to standard 512Kbps at 'prime times'.
On the cable front Telewest has upped its Blueyonder speed offerings by 50% across their broadband range, with 2Mbps £50 per month subscribers being supersized to 3Mbps, for example, all with no charge increase. Clearly not pulling their punches then.
Recycling: Skip the skip
As they say: "A place to advertise all that old computer junk that you want to get rid of but can't bear to chuck it in a skip". Couldn't have put it better. SkipDotOrgDotUK. Nuff said.
Internet flawed
A previously-discovered flaw in the basic protocol of the Internet, TCP/IP is more likely to be exploited following proof-of-concept trials. In other words if can happen, it will. The possibilities are that attackers could inject packets into TCP streams as they pass between hosts, say, breaking off a communication session or causing Denial of Service (DoS) attacks. Many routers could be affected, but particularly those that make use of Cisco's Border Gateway Protocol (BGP) employing long-persistence packets. The Unified Incident Reporting and Alert Scheme (UNIRAS) lists vendor-specific fixes and a detailed description of the flaw is available at CERT, but the long-term solution will be for all Internet-routed communications to move to secure IP (IPSec).
Outsourcing trends
If you've outsourced all or part of your IT functions within the last 2 years, you're in good corporate company. A study of the 100 largest outsourcing deals by IDC in Western Europe for 2003 showed a 74% leap to US$44.1 billion on the previous year. While your outsourcing budget probably doesn't rank comparably alongside the likes of IBM Global Services, this report does indicate where trends are heading.
Free Investment Guide
Written in Plain English that first time investors will understand, The Charities Aid Foundation, (CAF) has a free Investment Guide that can be requested direct from their web site. With the help of a glossary of investment terms, the guide explains some of the complicated issues surrounding investment decisions and is aimed at people entrusted with the responsibility for long-term finances for their charity. Find the CAF Investment Guide by looking for the 'wood for the trees' photo.
Windows slips from MS grasp
In the ongoing court case between Microsoft and Lindows, the latter's case that the word 'windows' was indeed in generic use before 1985 - the year when Microsoft Windows 1.0 was launched - looks likely to be upheld, trumping Microsoft's claims to the much fought-over word. The case over the ownership of the word 'Windows' continues later in the year with Linux® distributor Lindows seeming to have won the first rounds at least.
Oxfam's Big Noise
Oxfam has just jumped into the increasingly crowded arena of music downloads with its Big Noise Music site. Over 300,000 tracks from 12,000 artists are available from day 1 and cost from 75p, with 10p in every £1 going to the charity.
With offerings from big names like Coldplay and royalty-friendly George Michael, Big Noise Music is bound to be a hit with low-end donors, being cheaper than the relaunched Napster channel.
**** end of NewsBytes ****
| ^ Back to contents ^ | |||
|
1. Simple security tips
A short state visit from a US president may make your average night's hotel bill seem like a bargain, but have no doubts - effective security isn't bought in discount shops. | |||
| More help at hand. All the back issues just a click away |
The good news is that most of the cost is upfront, not ongoing. Furthermore, it doesn't all have to revolve around laying out precious cash for high-tech IT equipment; some simple planning and forethought and simple practical measures can enhance organisational security enormously. Nailing it down
"For want of a nail" - the story of a trivial failure escalating into a global crisis. A guy strolls who into the premises and ends up scouting around the corridors looking for 'suitably liftable' gear claims to be :
A familiar tale, no doubt, but often no one questions these impostors, and their boldness makes them seem perfectly plausible. 
Only in this particular case, the crucial nail referred to was the one that could have nailed the server down to where it was to be located and from where it disappeared some moments later.
Beware the headbangersIt's the daft problems that always surprise us. Have you heard the one about the information officer who went into the server room to get a spare writeable CD? In bending down he banged his head on the router box. Three days later the router power lead fell out and all the organisation's Internet connections and branch office links disappeared! Yep - that one is a true story.
For want of a nail, the battle was lost But in modern parlance ...For the sake of a few pounds, the risk could be lowered. ContactsLearn more about security issues.-IB- Acknowledgements: Adrian Hallet, Phil Anthony, Christopher Harris |
Good read? Rate this article | |
| I | B | ||
| ^ Back to contents ^ | ||
|
2. Defending your network: from outsiders
Shrugging off hackers that say "Boo!" | ||
| More help at hand. All the back issues just a click away |
"Our chief weapon is surprise..., surprise and fear... fear and surprise.... Our two weapons are fear and surprise... and ruthless disruption.... Our three weapons are fear, surprise, and ruthless disruption.... and an almost fanatical devotion to .... chaos? Well, whatever the motives of hackers, script kiddies and malevolent intruders in general, they don't count drying racks and comfy cushions amongst their array of weaponry. Defenceless, infected and corrupted computers out there continue to cause annoyance to the rest of us by sending faked emails, viruses and executing Trojan instructions by proxy on behalf of their malicious creators. Without protection, new computers are often scanned and targeted as ripe for planting hidden programs within minutes of connection to the Internet - we've see it happen. Regular readers can't have failed to notice by now that we are unapologetically plugging security as the hot issue of 2004 because firstly, that's one area where popular computing systems are being targeted as vulnerable, and secondly - indeed crucially - the consequences of turning a blind eye can waste enormous amounts staff time or worse, even cripple your organisation's communicating structure irrevocably when fixes become too expensive. Protecting PCsThe 4 main areas of vulnerability where PCs can be 'surprised' and that need protection are :
Protecting ServersThe same measures apply to servers, though caution should be exercised when applying any type of patches or hotfixes, preferably by doing tests in advance; if it goes haywire, you can't suddenly substitute another server at the drop of a hat! For this sort of work the experience of Co-Operative Systems will be at the disposal of clients who have taken up Facilities Management (FM) contracts.Windows isn't the only fruitLinux Unix and the applications that work on top of them all have flaws but intruders prefer to prey upon the more technically-naive users with Windows-based systems (by far the most common desktop operating system) - at any rate for the time being. That last qualifier is an indication that nothing can be taken for granted. Also holed below the water line are
A watchful security eye is the best form of defence, but it becomes paramount to stay on the ball if you have multiple job roles to perform, as is frequently the case in charities and the voluntary sector. ContactsLearn more about security and firewalls.-IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
3. Defending your network: from insiders
Bring out the nanny in you: protect computer users from themselves. | ||
| More help at hand. All the back issues just a click away |
Hustle-R-Us While the majority of the apparently well-behaved charity and voluntary sector is blissfully ignorant of the consequences of attempts at internal hacking - a pleasure often 'enjoyed' by unis housing throngs of computer science students eager to experiment - the well intentioned nature of this group can often be, er, diverted, let's say. That means them being tempted from outside, by an email or rogue web site perhaps. Once a legitimate communication has been established or initiated from inside your ring-of-steel, ie from their PC, it's harder for purely technical means like firewalls to prevent. Time to educate users with such basics as:
The originators of such tricks all play upon perfectly normal human attributes and, in a work context, this chiefly amounts to succumbing to a temporary distraction. The "Personal Computer" it ain'tThe label "PC" has a lot to answer for when it comes to users' (mis)understanding of the importance of the equipment they are given. Ever since we started joining up computers, the resultant networks suddenly became more than the sum of their parts and the total cost of ownership (TCO) of a client machine is a great deal more than the number at the bottom of the sales invoice. So it's worth conveying to in-house users the difference between the networked machine they sit at and the similar-looking fun/media/household/hobby console they use at home. An Acceptable Use Policy for IT will help here in providing general guidelines for staff and volunteers. Straying slightly further from the 'corporate' regime and more into the realms of 'global IT citizenship', it also worth emphasising that a virus-crippled PC may be of some inconvenience to the owner at home but, when connected to the Internet, its damage can be inflicted on tens of thousands of computer users globally and may be best disconnected altogether until remedied. Contacts
-IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||||||||||||||||||||||||||||||||||||||||||
|
4. On the Internet, everyone can see you type!
Telecoms are private, but the Internet is public. | ||||||||||||||||||||||||||||||||||||||||||
| More help at hand. All the back issues just a click away |
It is still the case that the content of phone calls must be remain legally private (though moves are afoot to make times and logs available to a wider range of authorities), unless a warrant requesting access is sought, say by government intelligence agencies. However, when your send data via the Internet, that only remains true for the time it takes your data packets travel to the nearest exchange, whether that's broadband, phone or cable. 
Remember that first time you started a new browser and saw this dialogue box? Chances are that, like most of us, you realised it was going to pop up every time you filled in a login screen or survey form. Tick the box and away it goes!Because it was aeons ago, we forget it was there to remind us the Internet is effectively public unless we code or encrypt the data we send. It says, "Look mate, no guarantees of privacy here!" It doesn't stop there. Ask your systems admin person. Oh - that's you, maybe!If you are the 'sys admin', you know you can already access all the emails for your organisation (like you have time!) and trace all the browsing activity (through a web log) and know where people's surfing habits (by tracking web cookies). Now extrapolate that to the typical dozen or so servers and routers that your email passes through and realise they all their own admin personnel with similar rights and capabilities. Private investigations - Dick TracertYou want proof?
This is a nice introduction to a utility called tracert, that goes further than the simple ping - a utility which must surely have the dullest exchanges known to computing, its conversations being limited to:
tracert can be found on any post '95 Windows computer and is run simply from any command line, eg "tracert coopsys.net". Some of the "routers" in the list may be black boxes just redirecting packets of information but other may be mail servers that store and forward vast quantities of messages. Add to this the fact that email is stored by ISPs, often for at least at least a week and you begin to get the 'big picture'. In summary, the "Internetwork" is a great way of sharing information, but it's truly public. Related articlesDeleting an email backlog InfoBulletin March 2003-IB-
|
Good read? Rate this article | ||||||||||||||||||||||||||||||||||||||||
| I | B | |||||||||||||||||||||||||||||||||||||||||
| ^ Back to contents ^ | ||||||
|
5. Email fraud? Bank on it happening to you Another round of online hoaxes, but this time they're slicker and they want your bank details. | ||||||
| More help at hand. All the back issues just a click away |
Fake emails purporting to be from our friendly bank service are increasingly popping into our inboxes and, until recently, the crude attempts at wheedling confidential information out of the recipients have been easy to spot - even laughable. However, the latest forays into what's become known as "phishing" in the 'land of the con' have notched up the quality of the trickery by a gear of two. Having failed to beguile people into giving away their security details via plain text emails, fraudsters are now heading down the route of faking whole web sites, or in this case just the login page.
Check the emailWe picked one of a number of messages of this ilk and a short analysis of a typical example (right) helps us to understand why they appear to deceive so effectively and to deflect such attempts in future.So the intention of this particular con is to make the recipient feel the communication is bona fide and the subsequent web page (which we'll analyse shortly) is also genuine. Look out for:
http://www.personaI.barcIays.co.uk/goto/pfsoIb_Iogin Not an entirely necessary dodge you may think, but perhaps it's a poor attempt to avoid legal accusations of 'passing off' as the real Barclays iBank service.
Press Ctrl+A to highlight the lot; you'll see more textual clues to the cover up - try it now. Check the web pageLet's move on to where the link takes you - the fake iBank web page, a remarkable look-alike of the genuine article.If you've missed all of those clues, the destination web page - where the fraudsters would like all and sundry to type in their most confidential bank details - still gives itself away.
The genuine articleThe genuine iBank personal banking link is here:https://ibank.barclays.co.uk/fp/1_2d/online/1,,logon,00.html and, naturally, it's an encrypted page using the secure version of the HTTP protocol, HTTPS (https://) . You'll not be surprised to find cautions about fraud plastered on the real page! Related articles
-IB-
|
Good read? Rate this article | ||||
| I | B | |||||
| ^ Back to contents ^ | |||||||||||||||||||
|
6. The suffering of the silent (wo)man It took a leading Conservative politician to make this much-overlooked breed famous, but have you been ignoring the shyest of your computer users? | |||||||||||||||||||
| More help at hand. All the back issues just a click away |
... but what about the SILENT ONES amongst your colleagues. I first discovered this phenomenon in the mid-nineties (those post-boom, pre-Bubble nineties). Sometimes a whole year would go by, and in all that time, certain staff would have never asked for advice or sought to have an IT problem solved, despite a regular weekly social banter over coffee or lunch.
In my various IT manager guises I've often polled the SILENT ONES every month or so just to make sure they're not covering up some enormous IT issue. The reasons for this can be anything from excessive modesty to the embarrassment of exhibiting ignorance of simple techniques. To coax the timid out of their deskbound shells, you don't have to be an IT expert; approach them from the standpoint of "Is there anything you would like to do better or more efficiently?". Sometimes it's that they have naturally 'retiring' personalities, but mostly nothing arises because they are "just getting along OK". Not a murmur too soonThough most users will suffer in silence, they will only do it for so long. And then what happens? It's worse than that. And it's not out of malice driven by frustration. They simply don't want to bother anyone.
Without reaching out to the SILENT ONES, the causes of their DIY workaround behaviour will never be unearthed. This group often comprises very competent users, but their self-contained nature can also be self-defeating in the long run. By failing to keep up to scratch their base-level experience of a wider range of office applications, their IT skills remain specialist rather than broad.Spotting the types:
How to make it happenThis kind of looking-over-the-horizon may only rank way down the bottom of your To-Do list, but can win you Brownie points in the touchy-feely department and even persuade the shyest violet to consider piping up next time, instead of bottling it up. If that hasn't convinced to pull it up your To-Do list a notch or two, why not add it to ours? It's the sort activity that comes as part of our Facilities Management (FM) contracts, heading off IT problems before they raise unexpected consequences. Related articles
-IB- Paul Craig |
Good read? Rate this article | |||||||||||||||||
| I | B | ||||||||||||||||||
| ^ Back to contents ^ | |||
|
Clicks of the Trade - 4 ways to rename a file
--- Quick tips for happier clicks! --- | |||
| More help at hand. All the back issues just a click away |
-IB-
|
Good read? Rate this article | |
| I | B | ||
^ Back to contents ^Overview of InfoBulletin
E&OEViewing IB Implementation Privacy |
Subscriptions ^ Back to contents ^Contact details
|
|
|
Read recent and past issues of InfoBulletins on the Web at http://www.coopsys.net/ibindex.htm or search our archives and subject index.
We hope you found InfoBulletin useful! If you would like to comment on any of the articles or request particular subjects to be covered, mail us here.
| ||