Eideard

Global technology giant Atos, which plans to stop using email internally by 2014, says it is already seeing the benefits of the initiative.

Atos, a French firm with 80,000 employees around the world, first announced the plan — described by some critics as “stupid” and by others as “ingenious” — in February.

The company said an internal review found that on average, employees spend 15 to 20 hours a week on email, and only 15 per cent of the emails are actually useful. It also found that younger workers barely used email, relying more on social media, said Holger Kormann, general manager of Atos Canada, which has 250 employees.

The company is currently in the early stages of creating awareness of the initiative and introducing replacement tools such as instant messaging, video conferencing, Facebook, and collaboration software such as Live Meeting, Kormann told CBC’s The Current…

Already, he said, instant messaging has proven to be more effective for time-sensitive communications, and Kormann has reduced his own email load by 20 per cent.

Over time, the initiative will help balance people’s personal and professional time, he said, as people are no longer contacted while they are away from the office…

William Powers…said Atos isn’t the first company to consider phasing out email. “Other companies including Intel the chip-maker have been doing experiments of this kind for a decade or more,” he said. “In fact, the tech companies have always been leading the way in rethinking the very tools that they make.”

And after “a decade or more” they’ve added additional services and do a better job of filtering email.

Thanks, Cinaedh

Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months.

The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.

“Twenty gigs of data is a lot of data in six months of really doing nothing,” said researcher Peter Kim from the Godai Group. “And nobody knows this is happening.”

Well – truly conscientious IT departments are aware of the problem.

Doppelganger domains are ones that are spelled almost identically to legitimate domains, but differ slightly, such as a missing period separating a subdomain name from a primary domain name — as in the case of seibm.com as opposed to the real se.ibm.com domain that IBM uses for its division in Sweden.

Kim and colleague Garrett Gee, who released a paper this week (.pdf) discussing their research, found that 30%, or 151, of Fortune 500 companies were potentially vulnerable to having e-mail intercepted by such schemes, including top companies in consumer products, technology, banking, internet communication, media, aerospace, defense, and computer security…

Read the rest of this entry »

A weekend contest at the world’s largest hacking convention in Las Vegas showed one reason why big corporations seem to be such easy prey for cyber criminals: their workers are poorly trained in security.

Amid a spate of high-profile cyber assaults on targets ranging from Sony Corp to the International Monetary Fund, one would think that many companies would be paying special attention to security these days.

But hackers taking part in the competition on Friday and Saturday found it ridiculously easy in some cases to trick employees at some of the largest U.S. companies to reveal information that can be used in planning cyber attacks against them.

The contestants also managed to get employees to use their corporate computers to browse websites the hackers suggested. Had these been criminal hackers, the websites would have likely loaded malicious software onto the PCs.

In one case, a contestant pretended to work for a company’s IT department and persuaded an employee to give him information on the configuration of her PC, data that could help a hacker decide what type of malware would work best in an attack.

“For me it was a scary call because she was so willing to comply,” said Chris Hadnagy, one of the organizers of the contest at the Defcon conference in Las Vegas…

The company whose employees handed over the most data was Oracle Corp, according to Hadnagy. One of the world’s largest software makers, Oracle got its start more than 30 years ago by selling secure databases to the Central Intelligence Agency.

“Oracle was wiped,” said Hadnagy…”

It was the second year that Defcon held a contest in “social engineering,” or the practice where hackers con people into handing over information or taking actions such as downloading malicious software.

Social engineering is frequently used in attacks where the hackers send a “spear phishing” e-mail in which they impersonate a friend of the recipient and ask him or her to open a tainted file or visit a malicious website…

Piece of cake – and, not so incidentally, a technique that predates computers and hacking. A great deal of investigation stretching back into the 19th Century used the same social engineering techniques.

When we sat down I could not only relate that fact; but, I was able to drop the number of employees in each category in the lap of the regional manager. He rolled over. And I never did tell him how we came by the numbers.

Now who would want to see my email?
Daylife/AP Photo used by permission

Senate Judiciary Committee chairman Patrick Leahy (D-Vermont) has proposed sweeping digital privacy protections that would require the government, for the first time, to get a probable-cause warrant to obtain e-mail and other content stored in the cloud.

Leahy’s proposal (.pdf) would nullify a provision of the 1986 Electronic Communications Privacy Act that allows the government to acquire a suspect’s e-mail or other stored content from an internet service provider without showing probable cause that a crime was committed, as long as the content has been stored on a third-party server for 180 days or more. The government had only needed to show that it has “reasonable grounds to believe” the information would be useful in an investigation…

“We think this is the beginning of the discussion. This is a very positive step,” Chris Calabrese, legal counsel for the American Civil Liberties Union, said by telephone…

But the Leahy bill, which has not been sent to committee for review, is a give-and-take of sorts when it comes to other forms of electronic privacy…

The measure would also expand, or at least clarify, the information the government may obtain with so-called National Security Letters. They allow the FBI, without a court order, to obtain telecommunication, financial and credit records relevant to a government investigation. The Leahy bill adds “electronic communication identifiable information” and strikes “electronic communication transactional records.”

“It is not appropriate for the government to be able to get detailed information on everybody who you communicated with,” Kevin Bankston, a privacy lawyer with the Electronic Frontier Foundation, said by telephone.

That said, the bill is “a great leap forward,” Bankston said.

The struggle takes us all the way back to the founding of this nation. There have always been those who are committed to the power of the government over the rights of individuals. And some libertarians who refused to consider the question of benefits to the common good superseding any individual’s rights.

I wish Senator Leahy well with his attempt and will zap off an email via www.congress.org to my elected representatives suggesting they support the bill, too.

An Indiana prosecutor said one of his deputies resigned Thursday after admitting he sent an email to Wisconsin Gov. Scott Walker suggesting the Republican fake an attack on himself to discredit the public employee unions protesting his plan to strip them of nearly all collective bargaining rights.

Johnson County Prosecutor Brad Cooper said Carlos Lam resigned in a phone call about 5 a.m. Thursday after acknowledging that he sent the Feb. 19 email to Walker suggesting “the situation in WI presents a good opportunity for what’s called a ‘false flag’ operation.”

“If you could employ an associate who pretends to be sympathetic to the unions’ cause to physically attack you (or even use a firearm against you), you could discredit the public unions,” Lam wrote in the email, which was obtained by The Associated Press.

Cooper said Lam initially denied sending the email and said someone had hacked into his email account. But Lam later acknowledged he had written the message, and resigned hours before the Wisconsin Center for Investigative Journalism reported the contents publicly Thursday…

Lam is the second Indiana prosecutor to lose his job over volatile comments about the Wisconsin protests. Jeffrey Cox, a deputy attorney general, was fired last month after tweeting that police should use live ammunition against labor protesters.

Lam is commited to a society that hasn’t existed for decades. Fortunately.

His personal slogan BTW is reliance on the 3 G’s: “guns, gold and gasoline”.

Doesn’t it suck having to save my civil liberties?

Police must obtain search warrants before perusing Internet users’ e-mail records, a federal appeals court ruled today in a landmark decision that struck down part of a 1986 law allowing warrantless access.

In case involving a penile-enhancement entrepreneur convicted of fraud and other crimes, the Sixth Circuit Court of Appeals said that the practice of warrantless access to e-mail messages violates the Fourth Amendment, which prohibits “unreasonable” searches and seizures.

“Given the fundamental similarities between e-mail and traditional forms of communication, it would defy common sense to afford e-mails lesser Fourth Amendment protection,” the court ruled in an 3-0 opinion (PDF) written by Judge Danny Boggs, a Reagan appointee.

The court affirmed the conviction of Steven Warshak, who was charged with defrauding customers of his “natural male enhancement” pills, but sent his case back to a lower court for a new sentence. Warshak remains liable for a $44 million money laundering judgment as well…

Today’s decision striking down part of the 1986 Stored Communications Act rebuffs arguments made by the U.S. Department of Justice, which insisted the law was constitutional. In a brief (PDF) filed during an earlier phase of the case, prosecutors argued that the Fourth Amendment doesn’t apply because “compelled disclosure of e-mail is permissible under most providers’ terms of service.”

Kevin Bankston, an attorney at the Electronic Frontier Foundation who wrote an amicus brief in this case, called it a key decision because it’s the “only federal appellate decision currently on the books that squarely rules on this critically important privacy issue.”

Wasn’t there a time – somewhere back in the dim recesses of history – when we could count on our government to work at supporting our freedoms, preserving liberty and privacy for ordinary citizens?

A statement from Kazakhstan’s Prime Minister has sent ambitious ministerial apparatchiks scrambling to get their hands on Apple’s iPad computer, causing shops to sell out…

The craze began when Prime Minister Karim Massimov, himself an avid iPad user, expressed impatience with government employees who didn’t reply promptly to emails.

“Please carry tablet computers at all times,” he said at a government meeting in October. “I can send you a message any time, and, as some of you know, I aim to reply within ten minutes. Some of you have not replied to me for three days.”

Ever since, owning an iPad has become a symbol of loyalty for officials in the oil-rich former Soviet republic.

Directors of state-run companies have floated plans to issue tablet computers to every executive, and it is rare to see officials on flights to Astana, the country’s capital, without one.

Sounds like someone who really, really wants to receive timely answers to his emails. What sort of career bureaucrat wouldn’t get the hint?

Federal workers at the General Services Administration are on alert against identity theft after an employee sent the names and Social Security numbers of the agency’s entire staff to a private e-mail address.

The agency, which manages federal property, employs more than 12,000 people. Officials apologized to employees for the incident in a letter dated Oct. 25 — almost six weeks after the breach occurred. The agency said it had paid for employees to enroll in a one-year program to monitor their credit reports, along with up to $25,000 in identity theft insurance coverage.

The letter was signed by Casey Coleman, the chief information officer, and Gail Lovelace, the agency’s senior privacy official. Neither returned calls or e-mails for comment.

They issued a statement about continuing to “evolve our protocols” to protect employee privacy. They should try limiting access to sensitive data to people who know where the on/off switch is on their computer.

Documents show that officials first notified employees on Sept. 28. But workers who spoke with The New York Times said they did not learn of the incident until early November, when the letters arrived in the mail. Previous notices had been sent as security alert e-mails, which employees said they received frequently and often ignored…

The agency explained to employees that one worker had apparently transmitted the file containing the personal data by accident while seeking “work-related assistance,” and that it had not been forwarded. Those involved had cooperated, and the computer that received the data was scrubbed clean by agency technicians.

Uh-huh.

A glamorous young Russian woman alleged to have assisted a gang of computer hackers who stole $3 million (£1.9 million) in an internet banking fraud is now in court.

Kristina Svechinskaya, who was arrested in New York earlier this month, is one of 37 people charged over the alleged fraud, in which hackers allegedly broke into people’s computers to steal their money.

It is alleged that they sent victims emails containing Trojan horses, pieces of software which, when clicked, allowed the sender access to the recipients files and passwords.

Miss Svechinskaya, who drew comparisons with the Russian spy Anna Chapman after pictures of her were found online, is charged with conspiracy to commit bank fraud and the false use of a passport. She has been dubbed the “world’s sexiest computer hacker”.

She is accused of helping to provide bank accounts for the hackers, into which $35,000 was fraudulently deposited and $11,000 withdrawn, in return for a ten per cent cut of the stolen money. It is claimed she opened at least five accounts…

Of course, she is not a hacker. She’s a “mule” – the appropriate term in the world of fraud for the service she provided. Not unlike the mules who smuggle heroin or cocaine to a destination in balloons in their stomachs.

A German bank robber led his pursuers straight to him after taunting police in an email over their efforts to catch him. Authorities in the southern city of Wuerzburg said on Wednesday the 19-year-old sent emails to police and two newspapers to point out factual errors in the report of his bank raid in the town of Roettingen a week ago.

According to daily Bild, he mocked the police for getting his age, height and accent wrong then pointed out he escaped in a car, not on foot.

“His game of cat and mouse went all wrong,” a Wuerzburg police spokesman said.

Police traced his email and arrested him in a gambling hall in Hamburg just a few hours later.

“He was completely shocked,” the spokesman said.

Har!