Who let the bugs out?

Every time you think you're on top of security issues, another bug comes along to bite you. In a computer security report conducted last year by the Computer Security Institute and the San Francisco Federal Bureau of Investigations Computer Intrusion Squad, 70 per cent of respondents (mostly large corporations) reported that they had experienced unauthorised use of computer systems in the past year.

To help you stay abreast of software vulnerabilities, The National Infrastructure Protection Centre, a division of the FBI based in Washington, DC, publishes CyberNotes every two weeks; the free online newsletter informs IT and security professionals of the latest bugs, holes and patches. CyberNotes details vendor or operating system, software name, potential vulnerability, identified patches, common vulnerability name, level of potential risk and exploit scripts, if known. The December 4 issue, for example, indicates that for software Adcycle 0.77b, "a vulnerability exists if the installation is not completed, which could let a remote malicious user obtain the management user name/password", a helpful titbit for security professionals. CyberNotes compiles information from sources like @Stake, Bugtraq,, Microsoft Security Bulletin, Securiteam and Security Advisory.

To learn more about how to track these pesky bugs, check out

- Lauren Capotosto

Department of BIG, Scary Numbers

92.8: per cent of respondents saying a lack of communication skills is an issue in their IT organisations.

$US80.9 BILLION: infrastructure spending by online marketplaces by 2005.

$US42 BILLION: global revenues from wireless broadband services by 2005.

$US5.4 BILLION: forecast for value of global KM software market in 2004.

Sources: Jupiter Research, Metricnet, IDC, The ARC Group.

Hack Off.

The new economy creates opportunity - and that goes for criminals too. In Canada, 16-year-old Mafiaboy pleaded guilty in January to 56 charges of computer mischief. He is allegedly responsible for last year's denial-of-service attacks to, Dell Computer, eBay and Yahoo, and security breaches at CNN, Harvard and Yale. He faces up to two years in juvenile detention.

Dennis Moran, the 18-year-old known as Coolio, pleaded guilty in January to three misdemeanour charges stemming from break-ins and defacements of the Web site of Internet security company RSA Security and antidrug site He'll serve nine months to a year in jail and pay $US5000 restitution to each victim.

The 10 IT Processes

Next time your CEO or board grills you on what they're paying for when they fork over those millions to the IT department, show them this list of IT's 10 primary jobs defined. Then look tired.

IT operations: operating and maintaining hardware, networks, communications, systems and applications software.

Support and training: providing support for hardware, software, help desk, training for IS and businesspeople in software applications.

Application software maintenance: upgrading, debugging and enhancing software applications already installed.

IT project and cost accounting: developing and assigning project budgets and expense reports, and maintaining project accounting systems.

Infrastructure development: planning and installing networks, data centres, telecommunications systems and computing platforms.

Application software: developing custom software or purchasing packaged software and associated planning, installation and project management costs, such as consulting fees, software testing, documentation and data conversion.

Risk management: planning, installing and supporting security systems for software, networks and computing infrastructure; also includes disaster recovery and backup storage systems.

Supplier management: monitoring and maintaining hardware and software supplier relationships, outsourcing contracts and consulting projects; identification and selection of qualified hardware and software suppliers and products.

Standards and tools: specifying, supporting and enforcing standards for overall information systems and databases, including controlling communications languages and hardware and software choices.

Planning and decision support: developing strategic plans for infrastructure growth and systems development projects; surveying business on customer satisfaction and IT needs; planning and supporting R&D on new technologies.

Source: Hackett Benchmarking & Research.

Free Tibet

Ever wonder how to find Nirvana? Thanks to professional photographer and Web site producer Peter Danford, enlightenment is now just a click away at and is, of course, free. But that doesn't mean it's going to be easy!

Begin your quest in Tibet's capital city, Lhasa, with 1000 renminbi (Chinese dollars), three illegal photos of the Dalai Lama and no karma. As you explore Tibet via 24 interlinked panoramas, the karmometer keeps track of your progress. Danford created the fluid 360-degree panoramas using LivePicture's PhotoVista, "stitching" together eight photographs of each scene taken at 45-degree increments with a 16mm fish-eye lens.

The final touches came from IBM Hotmedia, which turns the views into interactive playgrounds. Clickable hot spots offer a variety of stunning audio and visual experiences depicting Tibetan history and culture. Danford also presents political issues facing Tibet, making the site a pointed as well as lively educational tool. Rhetoric is kept at a minimum, however - the viewpoints never overshadow the views.

- Amanda Fox

Surfing in Tongues

World Wide Web addresses were recently liberated from the tyranny of roman characters. This blow to the English language's hegemony came on November 10, 2000, when domain name registrar VeriSign started registering Web addresses in Chinese, Korean and Japanese characters.

The move benefits two constituencies: first and most obviously, Pacific Rim Web surfers, who will no longer have to type URLs in a foreign alphabet.

The other beneficiaries are large corporations that wish to protect their brand names. Now Coca-Cola can register the Korean equivalent of its name. As of mid-December, VeriSign had registered over 700,000 domain names, including 275,000 in Chinese, nearly 250,000 in Korean and 200,000 in Japanese. Names will gradually be assigned IP addresses so as not to interfere with the more than 24 million already active domains. VeriSign also offers translation services to ensure that, say, Coca-Cola doesn't discover that its Korean Web address reads something like

- Ben Worthen

By the Numbers

Compiled by Lorraine Cosgrove Ware

Analysing Product Development

Product Development Strategy can have a measurable impact on revenue growth, according to a recent survey conducted by US-based management consultancy Pittiglio Rabin Todd & McGrath's (PRTM) Performance Measurement Group. The study surveyed 120 subscribers to PRTM's online benchmarking service from seven industries (aerospace and defence, automotive, chemicals and applied materials, computers and electronic equipment, medical products, semiconductors, and telecommunications).

Best Practices

1. Assess your entire product portfolio. Most companies are moving from Stage 1 to Stage 2 by focusing on customisable processes and cross-functional teams, according to Michelle Roloff, chief analyst for PRTM's Performance Measurement Group. To get to Stage 3, Roloff says, Companies must make decisions with the entire product portfolio in mind, not individual projects.

2. Use Web-enabled tools to involve everyone. Incorporating such technology will supply consistent information (like accurate roll-ups of resource availability and project status updates) to all parties. Top companies work to create a cross-functional decision-making process, involving all company functions (from marketing and customer service to engineering) in the product development effort.

3. Allow for process changes. Top performers believe that product development processes continually evolve and allow for quick changes. "Design processes used to be much more rigid, Roloff says. Today companies should provide guidelines for product development, but leave room for customisation of individual steps and tasks.

4. Learn from the experts. It can take one to two years for new practices to take hold in an organisation. Don't try to learn everything internally. Start by comparing your current capabilities to peer companies and by identifying gaps in performance between your company and best-in-class performers in your industry.

Source: Product Development Benchmarking Series, PRTM Performance Measurement Group, 2000

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Amazon.comApplied MaterialsCNNComputer Security InstituteDell ComputereBayEvolveFBIHackett BenchmarkingHackett Benchmarking & ResearchIBM AustraliaIDC AustraliaINSJupiterJupiter ResearchMicrosoftNIPCPerformance Measurement GroupPittiglio Rabin Todd & McGrathPRTM's Performance Measurement GroupRSA, The Security Division of EMCSecurity SystemsVeriSign AustraliaYahoo

Show Comments