ALKHOBAR, 27 July 2004 — Grim news on the Internet front. The new numbers are out for spam volumes for the first half of 2004 and things aren’t looking pretty. According to FrontBridge Technologies, spam accounted for more than 12 million MB of e-mail volume in the first six months of 2004. Spammers and virus writers appear to be joining forces. More than 190 million spam messages from January 2004 to June 2004 carried a virus payload. In most instances, these viruses were specifically designed to transform infected machines into “spam zombies,” systems unknowingly used as spam relay machines. New “Phishing scams” use spam to lure unsuspecting enterprise users to virus-infected sites that can compromise an entire network.
With the Internet quickly transforming into a digital Wild West, it is clear that more education is needed to help people cope with IT security. This has pushed Symantec to form a strategic collaboration with Addison-Wesley Professional to launch Symantec Press, a publishing arm developed by Symantec that will feature books focused on IT security topics. Books published by Symantec Press will address information security from a number of vantage points, including management, best practices, strategy and solutions.
“Looking over the landscape of books currently available, it’s clear there is a glaring need for a publishing outlet to develop material focused specifically on information security,” said the series publisher for Symantec Press, Linda McCarthy, executive security adviser, Office of the CTO for Symantec. “As part of this effort, Symantec Press will aggressively seek out authors not only within Symantec, but also authors outside the company as well to contribute works focused on the most important security issues today based on their expertise.”
Symantec Press will publish three genres of security books, each specifically written to key members of the security community. They are:
Enterprise Books: These books will be technical titles specifically written by and for engineers, system administrators, consultants, etc. Topics may include software exploits, intrusion prevention, testing security appliances and virus research.
Management Books: These books are less technical in nature and are written specifically for the technical and/or non-technical manager.
Consumer Books: These books will be written as a guide for home users who need help in understanding how to deal with security issues such as data backups, crashes, and viruses.
The first two books to be published by Symantec Press are “The Executive Guide to Information Security: Threats, Challenges, and Solutions,” (ISBN 0-321-30451-9) by Mark Egan, Symantec’s chief information officer and vice president of Information Technology; and “Mapping Security: The Corporate Security Sourcebook for Today’s Global Economy,” (ISBN 0-321-30452-7) by Tom Patterson and Scott Gleeson Blue. Both books are scheduled to publish in November 2004.
And speaking about security, more and more users from the Middle East are purchasing notebook computers equipped with Intel Centrino mobile technology which allows them to wirelessly connect to the Internet at an increasing number of public access points or hotspots. Wi-Fi or 802.11b technology appears to be catching on slowly in many Gulf countries, but not Saudi Arabia. For example, Intel and Kuwaiti service provider Smartlink Telecom recently inaugurated a new hotspot in Kuwait’s Marina World shopping complex, making it the first Intel verified wireless network to be deployed in a mall in the Middle East. Basically what this means is that a computer equipped with a wireless network card can be used to connect to the Internet anywhere in that shopping complex.
The usefulness of connect to the Internet at a mall is questionable, but in a hotel, airport or coffee shop, a hotspot is a definite plus. In many parts of Europe, Asia and the US hotspots are commonplace. The top cities for public Wi-Fi locations are all in the US and include New York, San Francisco, Chicago, Seattle and Houston. Most Saudi notebook users can’t yet take advantage of the wireless connectivity features of their machines in the Kingdom but they do take their laptops on vacation. Notebooks are great for sending e-mail to keep in touch with family and friends, watching a movie, listening to music, booking hotels and rental cars and even searching for sightseeing and other destination information while on the road.
As the number of hotspots have grown, so have the scary articles about Wi-Fi security. While there is a small security risk in using a hotspot many reports have vastly exaggerated the problem. These reports are often put out by companies that want to sell security technologies. The truth is that most of our lives are just too boring for anyone to go out of their way to intercept our communications.
The security issues with hotspots are clear and anyone using a hotspot should be aware of the potential dangers. When you access web pages or send e-mail through any hotspot those transmissions are sent “in the clear.” In the clear means that a determined hacker equipped with the right tools could grab that information right out of the air and capture your e-mails and web page requests. Instant messaging (IM) also takes place in the clear.
If someone is transmitting sensitive e-mails at a hotspot, often work related, then they should use a virtual private network (VPN). A VPN is an advanced networking technology that creates a tunnel between a computer and the network server. Corporate network administrators should set up a VPN facility for all employees who regularly access work files or work related e-mail through a Wi-Fi network.
If you are performing sensitive transactions such as online shopping or Internet banking at a hotspot make sure the Internet connection is secure before transmitting any data. Most websites that transmit financial information use secure socket layer (SSL) technology. SSL encrypts the transaction, creating a secure tunnel between your computer and the website server. To verify that your transaction is secure see that the web page URL that starts with “https://” and look for a padlock icon or a solid key icon on your web browser. Also, if possible select “secure” log on when logging in to web-based e-mail at a hotspot. One additional reminder — every computer that connects to the Internet should be protected with a personal firewall. Zone Alarm and Sygate are available through free download. Don’t forget to update the firewall regularly.
Starbucks Coffee Company has been active in creating hotspots at many of their locations globally. The hotspot provider at the coffee shop must make a disclaimer concerning services at the time a user signs up. Unfortunately, most users don’t read the disclaimer. They just click, “accept.” This is a mistake. At least have a quick read of the security limitations and features contained in the notice, looking for any changes or warnings.
When using a public hotspot remember not to leave your computer unattended and don’t let a stranger use your machine. Watch for “over the shoulder” viewing of your login, credit card or other personal information. Properly log out of websites by clicking log out instead of just closing your browser or typing in a new Internet address. Keep passwords and account numbers secure, in part by not storing them on your computer. Change passwords frequently and make sure to use a combination of letters and numbers in password creation. Remove or disable your wireless card if you are working offline on your computer and you are not planning to connect to the HotSpot service.
For information on unwiring your life or to locate hotspots globally visit www.intel.com/unwire.
* * *
(Comments to [email protected].)
