Best Money

Here’s a new use for iPads within the enterprise, as a configuration tool for data centres. The Apple geek toy has been adapted for use by systems administrators thanks to a tie-up between OpenStack, Rackspace’s and NASA’s open cloud collaboration, and Chef, an open source integration framework from Opscode.

The use of the iPad is an extension of Rackspace’s own iPad offering but as Brett Piat, the company’s senior manager for technology alliances explained, “We had our own iPad app which allowed administrators to start servers but the new version does so much more, it can start servers, add server to a load-balancing pool etc.”

Key to the new offering is the addition of Chef. According to Piat, “Chef is a configuration management open source project run by Opscode, which has been very active in the cloud community. It’s a very powerful tool, allowing users to create applications serving 100s of servers up to very large installastions.”

He said that Chef was based on so-called recipes, discrete series of resources that describe how a particular operation should be handled, the point being that the next one can’t start until the previous stage has been properly configured.

The new iPad app is still in beta stage but will be taken back by Rackspace to offer its users. However, said Piat, the app will remain part of OpenStack and will be available for anyone who wants to work with it – “it will need to be customised for each particular organisation’s own needs.”

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

Federal prosecutors this week charged nine former Sprint employees with fraud and aggravated identity theft after learning they had cloned customer cell phone numbers to make $15 million worth of calls. According to the complaint from federal prosecutors, the individuals who have been charged worked at Sprint stores in the Bronx, Bergen, N.J., and Tampa, Fla., and used company computers to get confidential information about thousands of customers. The data was used to create the so-called ‘clone’ cell phones. Of the $15 million worth of calls, a large percentage of them were international calls, said prosecutors.

See also: Social engineering techniques: 4 ways criminal outsiders get inside

According to Randall Trzeciak, Insider Threat Team Lead, Carnegie Mellon Software Engineering Institute CERT Program, malicious insider activity is on the increase. CERT has been tracking insider threat cases since 2001. According to the most recent annual 2010 CyberSecurity Watch Survey, research CERT releases with CSO Magazine, the most costly or damaging attacks an organization experiences are caused by insiders. The survey found 51 percent of respondents who experienced a cyber security event were victims of an insider attack. Motivations range from financial gain to anger among employees (See also: Security blunders ‘dumber than dog snot’)

“It’s hard to know what employees are thinking,” said Trzeciak. “In our analysis of fraud-related events, there is often some financial difficulty on part of individual involved. There are also cases of individuals who have some level of disgruntlement. There can be a supervisor issue, or maybe a negative workplace event, such as a demotion.”

Amichai Shulman, CTO with web-security firm Imperva, said it is common for malicious insiders to become ensnared in a scheme after being approached by someone with connections to organized crime who stands to make a lot of money in the ruse and promises large financial gain to the employee.

“In this scam, low-level employees at Sprint sold customer names, cell phone numbers and ESNs (Electronic Serial Numbers) so that actual fraudsters could use these details to perform phone calls and charge them to the customers whose details were stolen,” said Shulman. “I don’t believe that many employees start working with an organization with an initial intent to steal data. Rather, they are usually approached by someone else who can use the data for nefarious purposes. So the real malicious person who is usually part of an organized criminal gang makes the big money, while the lower-level employee takes the blame when caught and is poorly rewarded compared to the risk involved.”

Trzeciak said CERT counsels organizations to observe 16 best practices for preventing and detecting insider threats. Among them: An easy and sometimes anonymous way for employees to report suspicious behavior, and a examination of business processes that may make fraud easier for malicious insiders.

“If we can put controls in place in business processes that would not allow a person not to carry out a process from beginning to end, or that require certain kinds of approval along the way, that might go a long way to preventing insider fraud.”

Read more about data protection in CSOonline’s Data Protection section.

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

Wifi Analyzer by Farproc is not for every Android user, but in the right hands it can be quite useful. At first glance the app can seem a bit intimidating–in fact, I would wager that it was designed for Internet service providers to troubleshoot wireless networks. But attentive users, if they do some careful prodding, may find this application to be pretty darn handy.

The app opens with a screen that analyzes the strength of your wireless connection. Now, even though I have no idea what “-100 to -40 dBm” means, I do know that grey typically means bad and green usually means good, and that in most cultures a needle pointing to the right is a good thing. This screen also gives you a clear idea of the strength of the wireless network.

With a swipe to the right, the app shows the various networks in the area, as well as their SSIDs, signal strengths, and–most important–whether they are “locked.” One cool feature about this screen is that if you click on a network that is not locked, you can connect to that network directly from the app (provided that you download the auxiliary application Wifi Connecter Library).

The next screen asks you to set the “AP” and shows the assorted channels and their strengths. I wasn’t too sure what to do with the information here, so I moved on. The screen after that shows a color-coded, continuous line graph detailing the signal strengths of the surrounding networks. On the last screen you can see which networks are using which channels. The app also offers a series of customizable features that I won’t pretend to comprehend.

Among the maze of techno-jargon and complicated charts and graphs, I found some great uses for this app. For instance, you can identify the dead zones in your home network, spots where you wouldn’t want to put your computer. You can also determine which channels are congested and set your home’s wireless network on a less-frequented channel (for some reason, everyone in my neighborhood is on channel 11 or 6).

Lastly, if you travel often, this app gives you an easy way to determine if you are near an open network. With this app on the job, you won’t find yourself taking out your laptop in a hotel just to realize that the network requires payment to obtain access.

Wifi Analyzer isn’t for everyone. As a tool for setting up your home’s wireless network or as a travel companion, though, this application will save you a great amount of time.

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

IT virtual-security experts can now show off their knowledge with a certificate that shows they’ve mastered the contents of two cloud-security papers.

Called the Certificate of Cloud Security Knowledge, the designation is earned by studying “Security Guidance for Critical Areas of Focus in Cloud Computing, V2.1″ and “Cloud Computing: Benefits, Risks and Recommendations for Information Security” and passing an online test.

The 13 things you should know before going cloud

“The Certificate of Cloud Security Knowledge (CCSK) provides evidence that an individual has successfully completed an examination covering the key concepts of the CSA guidance and ENISA [European Network and Information Security Agency] whitepaper,” according to the CCSK Web site maintained by the Cloud Security Alliance (CSA), which wrote the security guidance document. The benefits, risks and recommendations paper was written by ENISA.

The exam is sponsored by CSA, an industry group dedicated to examining cloud architecture and recommending best practices. Its paper breaks down areas of concern into 13 domains, spells out security challenges in each and recommends how to deal with them.

The ENISA paper reviews the risks and benefits of cloud computing and follows up with lengthy and specific recommendations for secure adoption of cloud technology and services. In all, the two papers amount to about 200 pages.

The exam costs $295, but is discounted to $195 until the end of 2010.

Read more about data center in Network World’s Data Center section.

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

Samsung’s latest addition to its Galaxy series, the Galaxy Tab Android tablet made its very first appearance today at IFA in Berlin. The Tab will initially launch in Europe in mid-September and makes its way to the U.S. and Asia in coming months.

There have been a number of Android-based e-readers and tablets to debut over the last year, like the Barnes and Noble Nook and the Archos 7 tablet, for example, but the Samsung Tab looks the most intriguing. Of course, a comparison to the Apple iPad is inevitable. But based on its specs, as well as my hands-on experience with the Galaxy S phones, the Tab looks like it will be a worthy challenger to the iPad.

Last week, a quick teaser video of the Tab made its way across the Internet and confirmed the many rumors surrounding the device: The 7-inch display will run Android 2.2 (Froyo, with support for Adobe Flash content) with an optimized version of Samsung’s TouchWiz software and will sport a 3.2-megapixel camera.

At today’s launch, Samsung revealed some more specs and details about the Tab. The 7-inch display is a TFT-LCD display with a 1024-by-600-pixel resolution. For comparison, the iPad has a 1024-by-768-pixel display. In addition to the 3.2-megapixel back-facing camera, the Tab will also have a front-facing 1.3-megapixel camera for making video calls. The Tab is powered by a Cortex A8 1GHz processor and can play back HD video content, supported by a wide range of multimedia file types (DivX, XviD, H.264, MPEG-4 to name a few).

The Galaxy Tab will come in two capacity models: 16GB and a 32GB of internal memory. Unlike the iPad, the Tab’s memory is expandable; both models come with a 32GB external memory slot.

A big difference between the Galaxy Tab and other Android tablets out there is that it is Google certified. This means that owners will have access to the ever-expanding Android Market for games and apps. Owners will also have access to Samsung’s MediaHub, an online TV and movie store for renting and buying video. Additionally, Samsung will launch its ReaderHub for buying and reading e-books and the MusicHub for purchasing music. While the MediaHub will definitely be supported on US devices (including all of the Galaxy S phones), it hasn’t been confirmed if the MusicHub or ReaderHub will be available in the states.

The Galaxy Tab also has 3G and Wi-Fi connectivity, which supports the rumors that the Galaxy will be offered by a U.S. carrier (currently the rumor mill is looking at Verizon, but Samsung neither confirmed nor denied this). Right now, it doesn’t look like there will be a Wi-Fi model at launch, which might deter some customers from buying the Tab right away.

Whether the Tab succeeds or fails will depend on its price as well as the accompanying data plan that will inevitably come with it. The Tab models should be priced competitively with the iPad and Samsung should also offer a Wi-Fi-only model in addition to the 3G model for users who don’t want to pay for data plans on multiple devices.

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

QUESTION When I got my PC back after being repaired, everything that was on it before was still there, except iTunes. I’m worried I’ll lose the playlists on my 30GB Apple iPod classic if I plug it into my PC after reinstalling iTunes. Cameron Carter

HELPROOM ANSWER It sounds as though your hard drive was backed up and wiped in the course of the repair. Since your email and the rest of your files are intact, it’s likely anything else that was previously on your PC will also be present – we simply need to find where the playlists are stored and tell the new version of iTunes where to find them.

First, locate your ‘Music’ or ‘My Music’ folder in the Start menu. If there’s a folder called ‘iTunes’ within it, back it up to an external drive or USB memory stick.

Next, download the latest version of iTunes and reinstall it (select No if it asks whether existing files can be overwritten). The new software should pick up your music and settings. Unfortunately, unless you previously backed them up, you may find you’re no longer able to play any DRM-protected audio files in your library.

If there’s no iTunes folder to be found in the ‘Music’ or ‘My Music’ folder, use Windows Search to locate the items that should be in there. It’s also worth trying a file-recovery program such as Recuva (recuva.com) if this search yields no results.

In future, back up iTunes regularly. Go to File, Library, Back Up to Disc and insert a blank CD or DVD.

See also: How to install Apple iTunes on Windows 7

See also: How to fix everything: the ultimate guide to fixing technology

Free tech support in the Helproom Forum

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

Samsung debuted the Galaxy Tab on Thursday, a portable tablet computer that just might be the first significant challenger to Apple’s iPad. The Galaxy Tab features a 7-inch multitouch display, rear- and front-facing cameras, 1Ghz processor, 1080p high-definition video playback, maximum 64GB storage and Android OS 2.2. The new tablet device will also come with 3G, Bluetooth 3.0 and 802.11n Wi-Fi connectivity. Samsung says the Galaxy Tab is only the beginning of the company’s foray into touch-based tablet devices.

Let’s take a closer look at the Samsung Galaxy Tab.

7-inch Display

The Samsung Galaxy Tab features a 7-inch WSVGA TFT-LCD color display with 1024-by-600 pixel resolution. The device is capable of 1080p HD video playback for all kinds of video formats including XviD, MPEG4 and h.264. The Galaxy Tab is also the first DivX-certified tablet, which means you can play and store DivX video on the Galaxy Tab with no need to convert files to another format.

You can also use the Galaxy Tab to connect to other DivX-certified devices, such as HDTVs, to display copy-protected content, according to DivX Inc. The Galaxy Tab is compatible with DivX paid content from providers such as Roxio CinemaNow and The Warner Bros. Shop.

Android OS 2.2

The Galaxy Tab is based on Google’s Android 2.2 (froyo) mobile operating system including support for Adobe Flash 10.1. Samsung has included Exchange Active Sync Support, along with a social hub that brings together your SMS, IM, calendar and e-mail. Calendar support includes Facebook events, Google Calendar and Outlook. Supported Google services include Google Maps, Latitude, Places (Google’s not Facebook’s) and navigation.

Samsung has also thrown its TouchWiz overlay onto the Galaxy Tab, an interface that has garnered mixed reviews for being attractive but sluggish. Other UI tweaks include the Swype text input technology and the Layar augmented reality browser. The Galaxy Tab includes access to the Android Market as well as Samsung’s own application store.

Slim profile

The Galaxy Tab offers a very slim 0.47-inch profile, which is just slightly thinner than the iPad’s 0.50-inch figure. Samsung’s new tablet measures 7.48 inches wide and 4.74 inches tall, and weighs in at 0.84 pounds. But there’s a lot of power packed into this small package. The Galaxy Tab features an A8 Cortex 1.0GHz processor with the PowerVR SGX540 3D graphics processor.

The Tab comes in 16GB and 32GB sizes, and both models feature a microSD expansion slot capable of supporting an extra 32GB of storage space. Samsung claims the Galaxy Tab’s battery provides 7 hours of video playback.

The Galaxy Tab features a 30-pin dock connector on the bottom of the device; a volume rocker, power button, and microSD and SIM card slots on the right side. However, it’s not clear if the U.S. version will include a SIM slot as rumors suggest the device may be headed to Verizon’s CDMA network.

3-Megapixel Camera

The new Galaxy Tab features a 3-megapixel rear-facing autofocus camera with an LED flash for low-light environments. Samsung hasn’t indicated whether the rear camera includes zoom capabilities. The camera captures still images and video with 720-by-480 pixel resolution at 30 frames per second.

Samsung says you can use the Tab to “edit, upload and share” photos and videos, but it’s not clear if that means you will be able to do onboard image editing as you can with the iPhone 4 and newly announced iPod Touch.

1.3 Megapixel front-facing camera

The front of the device includes a 1.3 megapixel front-facing camera for video chat capability over 3G and Wi-Fi. It’s not clear if Samsung’s Galaxy Tab video chat will let you switch between the rear and front cameras, but the hardware capability is certainly there.

Availability

The Galaxy Tab will be available in Europe within the next two weeks, and Samsung promises a U.S. launch in the coming months. Rumors suggest the 3G-capable Galaxy Tab will launch on Verizon. Samsung has yet to announce pricing or whether there will be a Wi-Fi only version of the Galaxy Tab.

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

Gaijin Games has revealed its next WiiWare game, and — surprise — it’s not a Bit.Trip game. The company’s first game outside of the franchise — and the first to be self-published instead of put out by Nintendo — will be a port of the indie-developed iPhone darling lilt line.

While lilt line has already been developed by another company (online game development collective differentcloth), the trailer shown here shows that the title has a lot in common with Gaijin’s popular Bit.Trip franchise — particularly the rhythm-based gameplay. While all of the company’s Bit.Trip games have been met with critical acclaim, Gaijin will have a high standard to live up to with its version of lilt line, as the iPhone original captured the Mobile Audio Achievement Award at the 2010 Independent Games Festival Mobile.

lilt line will be released on WiiWare this Fall, but eager gamers will be able to try the game out at this weekend’s Penny Arcade Expo in Seattle, Washington. Any Bit.Trip fans looking to check this one out?

SOURCE: Why Wait for PAX? Check out lilt line NOW! [Gaijin Games]

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

Today marks the second anniversary of the release of Google’s Chrome browser. While Chrome hasn’t completely taken the world of Web browsing by storm, it has made a lasting impact on the market for Web browsers — a decent accomplishment for a two-year-old. Google is celebrating Chrome’s birthday by releasing a brand new stable build of Chrome, which is already available for download, but let’s mark the occasion in our way: by looking back at the ways in which Chrome has shaped the Web browsers we use today.

A New Look

The first beta of Google Chrome made its debut on September 2, 2008, and most reviewers instantly lauded its streamlined, minimalistic design. PCWorld blogger J.R. Raphael noted, “Calling the design of Chrome’s interface streamlined is an understatement. The program barely looks like a program, and the vast majority of your screen space is devoted to the site you’re visiting — with no buttons or logos hogging space.”

Google’s hallmark is a clean, uncluttered interface — remember what search engines looked like before Google came along? — that many of its search rivals have tried to emulate. Since the launch of Chrome, Google’s browser rivals have tried to copy its minimalistic look, with varying degrees of success. Whether they succeed or not, I applaud the effort — and I thank Chrome for reminding others that we’re browsing the Web in order to look at a Web site, not to look at a browser.

Frequent, Easy Updates

Google is famous for keeping products in a beta stage forever (and ever), but the company did not do this to Chrome. Just a few months after the release of the first version of Chrome, the browser exited beta — and has been steadily updated since then.

The stable build released today is the sixth stable release of the Windows version in the past two years, but Google does not call it Chrome 6 — the browser is still just plain old Chrome. Rather than revving up for big releases, Google simply adds functionality on an ongoing basis — something Microsoft, in particular, might do well to emulate.

Increased Competition

After just one day of availability, Chrome managed to account for 1 percent of the browser market. While its rise since then hasn’t been quite as meteoric, Chrome has seen a steady increase in users. Chrome held 7.5 percent of the browser market in August 2010, putting it in third place behind Internet Explorer and Firefox, according to the most recent numbers from Net Applications. Even though Chrome hasn’t pushed IE — or even Firefox — to an early demise, this kind of competition is good for everyone. It gives users more choices and forces rivals to innovate.

App Store

Google plans to release what it calls a “Web Store” for Chrome next month, which will offer a place for Chrome users to find and download Web apps. The idea is a bit unusual, and we’ve yet to see the store in action, but it has the potential to do for Web browsers what Apple did for smartphones. Apple’s App Store was the first true easy-to-access mobile marketplace; now every major smartphone platform offers one. It seems pretty likely that we’ll be saying the same thing about all major Web browsers sometime soon.

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com

Of the 135 people Fortune 500 employees targeted by social engineering hackers in a recent contest only five of them refused to give up any corporate information whatsoever. And guess what? All five were women.

That’s one of the interesting data points that contest organizers gathered, following their widely publicized event, held at the Defcon hacking conference last month. Organizers are in Washington this week, briefing the U.S. Federal Bureau of Investigation on what they learned, but they expect to release a report with more details sometime next week.

Contestants targeted 17 major corporations over the course of the two-day event, including Google, Wal-Mart, Symantec, Cisco Systems, Microsoft, Pepsi, Ford and Coca-Cola. Sitting in a plexiglass booth, with an audience watching, they called up company employees, trying to get them to give up information.

The contestants were extremely successful, said Chris Hadnagy, one of the event’s organizers. Just one company didn’t divulge the secrets participants were told to dig up, and that happened only because nobody could get a live body on the phone. “If we had been hired by each one of these companies to do a security audit on the social engineering side, almost every one of the companies would have failed,” Hadnagy said.

Contestants weren’t allowed to ask for truly sensitive information such as passwords or social security numbers, but they tried to find out information that could be misused by attackers, such as what operating system, antivirus software, and browser their victims used. They also tried to talk marks into visiting unauthorized Web pages.

One interesting discovery: half of the companies contacted are still using Internet Explorer 6, a browser known to have serious security holes. Another discovery: if contestants tried to get employees to visit an outside Web site, set up for purposes of the contest, they always succeeded, eventually.

The results show that even the most secure companies can be undermined by employees who do or say thing they shouldn’t.

And the threats are real, according to Christopher Burgess, a senior security advisor at Cisco, one of the companies targeted by contestants. “In real life, pretext calls happen in many, many companies,” he said. “It’s a well refined art in information collection.”

People have called Cisco, claiming that their systems are down and that they’re on urgent deadlines, trying to get employees to give out information that they shouldn’t, Burgess said. “We train our personnel to recognize that social engineering is a means by which people manipulate others to perform actions or divulge sensitive information.”

Cisco has made a lot of its security training procedures publicly available, so that other companies can learn from its experiences over the years.

Although Cisco was one of the companies targeted in the social engineering contest, Hadnagy isn’t giving out information about any specific companies.

Still, after going over the contest results with Hadnagy, Burgess said that the contest showed that the training process never really stops. “You can’t train once and go away,” he said. “You have to keep this training fresh.”

Many of the contestants got their information by pretending to be insiders who were doing audits or consultants filling out surveys.

According to Burgess, employees should know to put a stop to this type of pretexting. “If I took away one thing from the discussion, it’s that the best defense is to train all of your personnel to validate who they are talking to if they don’t recognize the voice, before sharing any information about your company.”

Burgess didn’t want to talk about why all of the people who shut down contestants were women.

According to Hadnagy, though, different attacks work against different people. And maybe the types of social engineering techniques used by the Defcon contestants just weren’t ideal.

Still the five women performed admirably, he said. “Within the first 15 seconds, they were like, ‘This doesn’t seem right to me,’ and they ended the call,” Hadnagy said. Unfortunately, their co-workers didn’t do so well.

“Obviously there was some kind of security awareness with their training,” he said. Another factor may have been the fact that all of the contestants were men. “I think inherently women are more cautious when guys are involved,” he said.

Less than half of the 135 people called during the course of the contest were women, Hadnagy said.

Three of the five women who shut down contestants were managers, and female managers are often the least likely to fall for social engineering attacks, according to Jonathan Ham, a principal with the Lake Missoula Group, a security consultancy that does social engineering tests for financial services firms. “They’re going to be the least trusting, the most suspicious,” he said. “At the upper level of experience and training, I will avoid the women and call the men if I can,” he said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com

The IDG News Service is a Network World affiliate.

All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com