"Work From Home" Generation Lists Good And Bad

The ReadWriteWeb blog has come up with their lists of both good things and bad thinks about working at home, It's a good read for any one currently working from home or wishing they were.

It might just strike a nerve, here are the highlights, each explained in detail in their post.

The Good things About Working from Home

1. No commute
2. Flexibility
3. Saving money and the environment
4. Increased productivity

The Bad Things About Working from Home

1. Brainstorming is difficult
2. You never leave work
3. Entropy is after you

For more read, The "Work From Home" Generation - ReadWriteWeb:

For decades in American households the most dreaded morning sound was that of an alarm clock. Sometime between 6 and 7am a beep or radio music signaled that it was time to get up and head to work. But in the early 21st century two things have begun to change. First, the alarm clock is going off a little bit later. And second, instead of putting on suits and driving to work, people are heading to the basement in their pajamas and turning on their personal computers. These are the early days of the new Work From Home generation.

With the invention of modern laptops, ubiqity of broadband Internet access, and advances in communication software, there is no longer a need to be in the office. At least not everyday. Thousands of companies are rolling out work from home policies and hundreds of thousands of people are starting to take advantage of them. What are the pros and cons of working from home? In this post we take a close look, as well as discuss what lies ahead for this new, rapidly growing generation.

....

What's Next?

There are certainly challenges to working from home, but the benefits out-weigh them for many people. More companies and people are beginning to discover that working from home does more good than bad, as it introduces flexibility into people's schedule without impacting their productivity. The bottom line is that things get done and people are happier.

In terms of innovation and the technologies that are likely to evolve to help support work from home environments, there are several areas. We have previously written about basic software for virtual teams, as well as how to assemble an online office. But there is still certainly a lot of room for better tools for the at home workforce. From better brainstorming tools to video conferencing there are opportunities to innovate to make virtual collaboration smooth and painless.

And now, as always, we'd love to hear your input. Are you working from home now? If not, would you like to? What do you think are the pros and cons of working from home?

Sphere: Related Content

The Over 50 Worker, Is Their Room In Information Technology?

I'm a big fan of Diane Stafford, and what she has to say about the value of the older worker, maybe because I'm resembling one more and more every day. The older worker has a lot to offer, especially in the information technology field, but I.T employers are more interested in the current training of employee, not their experience.

Talk a look at her post Workspace by Diane Stafford: Seeking the over-50 worker:

A couple of weeks ago I wrote a careers column for The Kansas City Star about the AARP program that lists employers deemed to be open to hiring older workers.

Judging from followup calls and e-mails, there are plenty of over-50 workers in frustrating job searches. I heard quite a bit of skepticism that the companies would actually hire them.

That may be the case, but here's my take on the list: No employer would set itself up as an older-worker-friendly company if it didn't actually intend to spend the time and money following through with considering applications fairly.

What's in it for them by saying they're open to hiring the over-50s if they're really not? They're just setting themselves to get a bucketload of resumes, and most companies, thanks to the internet, already are suffering from an excess of applicants. Why invite more, especially when they know they're appealing to a job-hunting group that feels shut out in the broad job market.

So, I'll take the list at its promised face value -- as a resource tool for the older job hunter. And I'll share the latest news about the AARP list: They've added some more employers.

Three of the new entries are federal government agencies: The Peace Corps, the Internal Revenue Service, and the U.S. Small Business Administration's Office of Disaster Relief. (Federal job openings are listed and searchable at www.usajobs.gov.)

New private-sector employers on the AARP list are: AnswerNet, Bright Horizons Family Solutions, Home Instead Senior Care, Scripps Health, Synergy HomeCare, and Vedior North America.

http://www.aarp.org/money/careers/findingajob/featuredemployers/info.html is the site for the AARP list.

Sphere: Related Content

Times Is Predicting a I.T. Belt Tightening This Year

Well, Looks like it's Belt Tightening time again, the New York Times is reporting that Tech spending won't grow at the rate that it has the past few years, about 7% and will instead be held to a much more modest increase of about 4%.

I wonder what clued them in, perhaps last weeks global stock drop?

I personally think that as time goes on this year, the movement to cloud computing, which means massive consolidation of computing resources with make up most if not all of the missing 3%. So I for one don't believe that hard times are coming through out the industry.

Check out the story in New York Times - Belt-Tightening, but No Collapse, Is Forecast in Technology Spending:

In the consumer economy, the Main Street shopper leads the way. In the corporate economy, big technology buyers like Monte Ford will determine the arc of business spending in the coming months.

The decisions of Mr. Ford, the chief information officer of American Airlines, and his peers across corporate America matter a lot, because information technology looms so large in the modern economy. Today, purchases of computer hardware and software account for half of all capital spending by businesses.

Will falling corporate investment be the next shoe to drop on the way to a recession, or will it hold up enough to help steady the economy?

The outlook is encouraging, according to corporate technology buyers and industry analysts. There will surely be belt-tightening, and cuts may be sharp in some industries, especially the financial sector. Overall growth in technology spending may fall from 7 percent last year to 4 percent or less this year, according to estimates by IDC, a research firm.

That would be in sharp contrast to the experience of the 2001 recession, when technology spending fell 11 percent over two years in the aftermath of the dot-com collapse. During the boom years, the mentality was to spend on technology and hope for a payoff. But in recent years, corporate technology managers have been far more disciplined spenders, measuring results to prove that investments in technology really can cut costs, increase productivity and lift sales.

So the cutbacks in this downturn, analysts say, should be modest — reassuring news for the economy. “This is a reason for optimism that if there is a recession, it will be a mild one,” said Mark Zandi, chief economist at Moody’s Economy.com.

At American Airlines, a unit of AMR, Mr. Ford doubts that the current downturn could be worse for the airlines than the falloff after the 9/11 terrorist attacks — “a gigantic economic crack for our industry,” he said. The company decided then that despite cutbacks elsewhere, it would not sharply pare its technology budget. This year, he plans to spend modestly more — a few percent — than last year.

To explain, Mr. Ford points to three major costs for an airline: people, planes and fuel. “Technology remains the best lever for getting more value from all those, making your employees more productive, making better use of your fleet and increasing your fuel efficiency,” he said.

That view, Mr. Ford said, is supported by results. A fuel efficiency drive begun in 2005, including software to tailor routes, flight paths, even baggage loading, has reduced fuel consumption by an estimated 96 million gallons a year.

At Pitney Bowes, a maker of mail handling equipment and marketing services, Gregory E. Buoncontri, the chief information officer, expects his budget this year to be roughly $180 million, about the same as last year. Despite the economic slowdown, Pitney Bowes will make some targeted new investments that the senior management team has agreed are priorities to help the company become more competitive. The priority projects, Mr. Buoncontri said, include analytics programs that sort through customer data to predict promising sales opportunities and to improve customer service.

“You only want to start projects you are dead-serious about,” he said. “A downturn really heightens that discipline.”

To make room for spending on new things, managers must make cuts in the spending for basic operations. The preferred way to do that is to trim the budget for routine things like replacing personal computers, issuing employees mobile devices like BlackBerrys and putting off upgrades to new desktop software like Microsoft’s Windows Vista operating system or Office 2007 programs.

“You adopt the mentality of a small-business owner for those kinds of things — you just want to avoid writing a check,” said Jack Santos, an analyst at the Burton Group, a technology research firm.

In a survey of 300 chief information officers last month, IDC found that personal computers and mobile devices were the hardware products that would face spending cuts first, said Stephen Minton, an IDC analyst. The software products at the top of the budget-cutting list were office programs and desktop operating systems.

Microsoft this week reported strong quarterly results, led by its big desktop software businesses. But the C.I.O. survey suggests a slowdown in sales, especially in the United States, if the economy falters.

Technology spending, if managed prudently, can also deliver new abilities and productivity without more dollars, executives say. With processing speeds and storage capacity doubling every 18 months or so, each generation of technology is faster, cheaper and smaller than its predecessor.

So, according to Frank Modruson, chief information officer for Accenture, a real danger during an economic downturn is adopting a rigid austerity that saddles a company with technology that is behind the curve. Steady investment, he said, can save money fairly quickly because of the rapid pace of improvement in computing technology.

Accenture, a technology services company, spends less on technology today than it did in 2001, even though its payroll has more than doubled to 175,000 employees worldwide. “The reason we could do that is that we invested during the last downturn,” Mr. Modruson said.

Companies are likely to find that it is smart to make new investments as long as their overall technology spending is under control. In a recent survey of large companies, Gartner found that technology budgets have increased an average of 2.8 percent annually in the last three years. By contrast, spending at those companies in the three years leading up to the 2001 recession had grown 12.9 percent a year.

“Information technology spending,” said Mark McDonald, an analyst at Gartner, “is not the rich target for cuts that it was in 2001.”

Sphere: Related Content

The Stocks Are Falling! The Stocks Are Falling! What Can You Do?

Have you seen what has been going on in the overseas stock markets today, wow, 6 to 10% drops across the board. I don't know about you but I starting to think 2008 might be a tough year everywhere, and maybe we should start looking to Recession Proof ourselves as much as possible.

So I took a quick look around and I found this at Web Worker Daily, one of my favorite sources for helpful tips. Take a look at what they had to say in Web Worker Daily - Archive 5 Ways to Recession-Proof Your Career :

We could already be suffering a recession in the U.S., and the tech industry is not immune, as potential Yahoo! layoffs show. What should you be doing now to protect yourself?

Keep building that online persona. Share who you are and what you’re about online — through a blog or other means. Raising your professional profile online is one of the best ways to attract new job and business opportunities your way. Don’t just create an online version of a resume; get active and connected online.

Create additional income streams, even if you are an employee. Or perhaps especially if you are an employee — because your salary is vulnerable to disappearing all at once, while freelancers and business owners usually have multiple clients.

How can you create additional streams of income? Find a side job as a freelancer (be careful not to break any of your employer’s noncompete policies by doing so), start an ad-supported blog, sell products online, or offer consulting services in your field of expertise. While none of these things will — at least initially — make enough money to replace a full-time-with-bennies job, they can cushion the pain of income loss while teaching you new skills and growing your professional network.

Stay aware of what the market wants. Even during a recession, jobs go begging when employers can’t find people with the right skills. Even if you’re not looking for a job or more contract work right now, subscribe to Craigslist job listing feeds using searches that match what kind of positions might interest you. You’ll keep yourself informed as to what skills you might need to add to your arsenal, what companies are hiring in your area, and whether hires in your field are trending up or down.

Invest in human capital. In other words, beef up your skills. You don’t have to spend money on classes to do so, though that might be the easiest way to learn the basics of something unfamiliar to you. You can spend your time: find an unpaid internship with training as your compensation, do volunteer work for a nonprofit, get involved in an open source effort, or start your own just-for-learning-purposes project.

Create social capital too. If you do lose your job or a major client, your next one may very well come through your online network of friends and associates. Your online social network can not only help find new opportunities just when you need them, it can also provide emotional support when you go through tough times. Not sure exactly how to go about creating social capital? Here are some tips for networking like a human.

For more tips on recession-proofing your career, see Robert Scoble’s article from December “Surviving the 2008 recession” and Penelope Trunk’s article posted today “Maybe there will be a recession. Here’s what to do just in case.”

I really hope that in a week/month/year and remember this post and think how wrong I was, but as for what I see today, I don't think so.

Sphere: Related Content

FOXNews.com - Personal Information Lost on 650,000 Credit Card Holders After Computer Tape Goes Missing - Science News | Science & Technology | Techno

It's an Data Breach epidemic!! From Fox News, 650,000 J.C. Penney customers have their Credit records stolen. Some 150,000 records included Social Security Numbers. When will the government step up and take a proactive stance in fixing these leaks.

Check out FOXNews.com - Personal Information Lost on 650,000 Credit Card Holders After Computer Tape Goes Missing:

Personal information on about 650,000 customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing.

GE Money, which handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people.

The information was on a backup computer tape that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage company, and was never checked out but can't be found either, said Richard C. Jones, a spokesman for GE Money, part of General Electric Capital Corp.

Jones said there was "no indication of theft or anything of that sort," and no evidence of fraudulent activity on the accounts involved.

Iron Mountain spokesman Dan O'Neill said it would take specialized skills for someone to glean the personal data from the tape. He said the company regretted losing the tape, "but because of the volume of information we handle and the fact people are involved, we have occasionally made mistakes."

Penney said it had been told of the situation and referred further inquiries to GE Money.

Jones declined to identify the other retailers whose customers' information is missing but said "it includes many of the large retail organizations."

Jones said GE Money was paying for 12 months of credit-monitoring service for customers whose Social Security numbers were on the tape.

Incidents like this add to consumer concern about fraud. The Identity Theft Resource Center says there was a six-fold increase last year in the number of records reported compromised in the United States — to 125 million.

Data breaches can stem from hacking, as well as the physical loss or theft of computers of data storage equipment.

TJX Cos., owner of the T.J. Maxx and Marshalls retail chains, reported last year that tens of millions of credit and debit card owners were exposed to fraud when hackers stole data while it was being transmitted wirelessly.

It took GE Money two months to reconstruct the missing tape and identify the people whose information was lost. Since December, the company has been notifying consumers in batches of several thousand and telling them to phone a call center set up to deal with the breach. The notification is expected to be completed next week.

Penney's card holder Elizabeth Rich of Everett, Wash., got one of the GE Money letters saying her name, address and account number may have been compromised. She was told her Social Security number was not on the tape.

The letter, signed by GE Money President Brent P. Wallace, read in part, "We have no reason to believe that anyone has accessed or misused your information. The pieces of information on the tape would not be enough to open new accounts in your name, and we have implemented internal monitoring to protect your account number from misuse due to this incident."

Wallace said in the letter that Penney "was in no way responsible for this incident."

The Penney name didn't appear on the envelope Rich received, and she thought it was a credit solicitation when she saw the GE Money return address.

"I think the average consumer has thrown away that GE Money letter because they don't know it's about J.C. Penney," Rich said. "Not everybody opens junk mail."

Rich said she canceled her Penney card immediately

Sphere: Related Content

Save Your Fuel System, Don't Fill Up If You See A Tanker

Readers Digest has just updated their list of tips you can to do keep your car running in optimal condition and I really like Number 4,

" Don't fill up if you see the tanker

If you happen to see a gasoline tanker filling the tanks at your local gas station, come back another day or go to a different station. As the station's underground tanks are being filled, the turbulence can stir up sediment. Sediment in your gas can clog fuel filters and fuel injectors, causing poor forward to reverse repeatedly, as well as spinning tires at high speeds, can generate lots of heat and spell trouble for transmissions, clutches, and differentials. It may be cheaper in the long run to call the tow truck rather than risk big repair bills down the road. It's a good idea to carry a traction aid in the trunk, such as sand, gravel, or cat litter. performance and possibly necessitating repairs."

It makes a lot of sense, I know those tanks have to be filled with all kinds of stuff, and none of it would be good for your car's fuel system.

They have a lot more, check out Reader's Digest - 75 Tips to Keep Your Car in Top-Notch Condition: Operating Your Car

Sphere: Related Content

British Navy Misplaces Laptop with personal information of 600,000

Looks like the Brits are picking up where they left off last year, losing the personal information of their citizens. If anything I think the British are as bad or worse that our government at carelessly disregarding the importance of maintaining security of it's citizens private information.

PC World - British Navy Loses Laptop Containing Personnel Data:

A laptop containing personal information on about 600,000 people was stolen from an officer in the Royal Navy, the U.K.'s Ministry of Defense said on Friday.

The laptop contained information about new and potential recruits to the Royal Marines, the Royal Navy and the Royal Air Force, and was stolen in Birmingham last week, the ministry said.

The stolen data includes passport details, national insurance numbers, family details and doctors' addresses for people who submitted an application to the forces, the ministry said. The laptop also contained bank details for at least 3,500 people.

"The Ministry of Defence is treating the loss of this data with the utmost seriousness," it said in a statement.

It is writing to people whose bank details were on the laptop and has notified the Association for Payment Clearing Services to watch for unauthorized access, it said.

The ministry is investigating the theft with the West Midlands Police. The laptop was stolen Jan. 10, but the ministry said it didn't disclose the incident immediately for fear of compromising the investigation. It decided to go public with the loss after media reports surfaced about it on Friday, it said.

The laptop was stolen during the night from the car of a junior Royal Navy officer, who now faces a possible court martial, according to a report in the London Times.

This is the latest in a string of data security lapses in Britain that have embarrassed the government and called into question its plan to create a central database of patient records for the National Health Service.

In November, Her Majesty's Revenue & Customs lost two CDs containing personal data on about 25 million Britons. The discs, which were encrypted and password-protected, were sent via interoffice mail and never arrived.

The following month, the Driving Standards Agency said it lost a disc containing the records of 3 million learner drivers, and soon after that the Department of Health said that nine of its regional NHS trusts had lost patient data, including medical records for about 160,000 children in East London.

Des Brown, the U.K. defense secretary, will make a statement to Parliament about the latest incident early next week, the Defense Ministry said. It did not say if the information on the Navy's laptop was encrypted or protected by password.

People who think they have been affected can send an e-mail to recruitdata@check.mod.uk from Saturday at 10 a.m. U.K. time onward, the ministry said.

Sphere: Related Content

Programmers Guild Discusses H-1B policy at Sloan West

The Programmers Guild gave a presentation at Sloan West Coast Program, outlining the industry problems directly traceable to the countries current H-1B policy. I have noted my beliefs here repeatedly and have talked about how dangerous the current policies are to both our profession and our country. I applaud Kim Berry and the Programmer's Guild for attempting to raise awareness of this very important topic, I only wish had been in attendance to provide my support.

Check out Norm Matloff's newsletter:

Kim Berry of the Programmer's Guild gave a really outstanding talk. I had seen his slides earlier, and they were fine, but his delivery greatly enhanced the content. Here was a real victim, speaking calmly yet with contained anger at the fact that all our respected institutions--both major political parties, the business community and academia--are complicit in maintaining that sham known as H-1B. His account of hiring decision meetings in which he participated, in which qualified American applicants were repeatedly rejected in favor of H-1Bs, ought to have been videotaped; his speech would have been just as effective the Cohen & Grigsby "TubeGate" videos.

In summary their presentation made these points and suggestions concerning the H-1B policy:

• True prevailing wage of at least what average Americans earn within the same job classifications.
• H-1b and L-1 LCAs only approved after the employer has conducted good faith, transparent recruitment, and was unable to find any qualified U.S. candidates, at any price.
• H-1b only granted to U.S. business entities with as direct hires - not to consulting firms (Indian or otherwise) to be re-shopped against American job seekers.
• H-1b to include a $1,200 annual fee that would be used to fund $15,000 scholarships for American college students in STEM programs - consistent with legislation that Senator Sanders has introduced twice.

Sphere: Related Content

7 Rules For Avoiding Online Data Breaches

I spend a lot of time detailing the failings of the Information Technology Industry including to today's entry on potential problems at the TSA and not nearly enough discussing how to avoid falling into the Breach so to speak. Thanks to eWeek for giving me a chance to hop on their bandwagon by posting their 7 ways to avoid being the data breach. So please take the time and read eWeek - How to Avoid the Next Data Breach:

1. Have a viable, up-to-date security policy: Make sure your security policy takes into account what data assets need protecting, the threat landscape and the potential consequences of a breach. Have procedures in place for quick response so that if the worst happens, the organization can react rapidly and minimize damage. Too many companies have policies that address yesterday's threats, or ones that are up to date but are hidden from the employees who should know them by heart. Communicate your policy to employees, and revise it periodically.

2. Know your sensitive data and safeguard it: Determine where your sensitive data assets are – by "sensitive", we mean data that if stolen or exposed would cause serious damage to the business, its employees, shareholders, customers or partners. Control access to this data, preventing unauthorized copying, printing and backups. When reading about lost laptops with sensitive data (encrypted or not), one often wonders what such data was doing on a laptop in the first place – start there.

3. Apply the least privilege principle: Give users and applications the minimum required access, especially as regards sensitive data. Do not grant privileges based on future needs but current ones, and regularly review existing privileges and revoke the ones that are no longer required. In today's enterprise, with so many consultants, outsourced developers and partners gaining access to internal systems, it is easy to disregard just how many external elements have access to systems for which they no longer need it.

4. Encrypt data in motion: Choose the right solution for your environment, using strong encryption standards and algorithms, coupled with authentication and key exchange mechanisms that make sense. There are no "one size fits all", and a heterogeneous environment may require the use of various standards including IPSec, WPA2, SSL and SSH. TJX, for example, used weak encryption (WEP) on its point-of-sale WiFi devices, giving criminals the opening through which they began stealing credit card numbers.

5. Encrypt data at rest: When done right, this ensures that only those who need to see sensitive data see it. However, it is important to choose the right kind of encryption and do it judiciously, covering only sensitive data. Key management is crucial, because if encryption keys are distributed to too many users, applications and devices, it will render itself useless in terms of security.

6. Monitor database activity: Nowhere would you find more useful sensitive data than in enterprise databases, yet most enterprises have zero visibility into who is doing what in the database. Real-time monitoring and auditing gives you the ability to enforce usage policy and provides an additional and necessary layer of security in the place most likely to be the source of a major breach. Apply automatic prevention where appropriate (e.g., obvious SQL injection attacks). The hackers that pilfered almost 100 million credit card records from TJX could not have done so without unfettered access to the database – monitoring would have certainly caught this early on. It is not for naught that database activity monitoring is considered a premier "compensating control" in PCI DSS, being a viable alternative to encryption.

7. Regularly check and harden configuration of components: Use automated tools to find bad configurations, weak passwords and vendor defaults in databases, application servers, routers and other devices. For example, a certain system has a default privileged user account that comes with the password "change_on_install", which of course needs to be changed after installation but sometimes is not. A surprising number of breaches are due to weak passwords – those are practically "X marks the spot" signs for potential intruders.

2008 will be year that either the industry and government really get serious about solving this growing problem or the data breaches will become so bad that the public will force their action on the problem. It pays to be proactive and take eWeek's seven suggestions to heart.

Sphere: Related Content

Security Still A Problem At TSA (Transportation Security Administration) Per House Oversight Committee

Doesn't look like much has changed over at the TSA. Thats right the people that are resposible for keeping us save and secure on our airline flights are doing a rotten job keeping our identities secure online.

Less than a year ago the TSA lost a hard drive with names, Social Security numbers, salary information, and other personal information for 100,000 TSA employees. And their bosses, the DHS has also suffered serious security breaches over the past year.

Now in a House Oversight and Government Reform Committee report issued Friday, the TSA traveler redress web site was found to have numberous security flaws which exposed it's users while attempting to get removed from TSA watch lists to potential identity theft. So if you are on their list mistakenly and you try to get off, by using their website, then the bad guys can potentially get your personal information so they can use it, and then you really should be watched. How ironic.

Check out more one the story at Arstechnica.com - TSA security flaws exposed users to risk of identity theft:

The chairman of the House Oversight and Government Reform Committee published a report Friday with details about the committee's investigation into security flaws found in the Transportation Security Administration's (TSA) traveler redress web site. TSA is a division of the Department of Homeland Security (DHS) and is responsible for baggage inspection and airport security. The site—which enables travelers to seek removal from airline watch lists by providing personal identification information—operated for four months before the vulnerabilities were detected.

The web site was hosted on a commercial domain by a contractor and did not use SSL encryption for submission forms that transmit sensitive identification information. The few pages of the site that did use SSL used an expired certificate that had been self-signed by the contractor. The lack of proper encryption was brought to the attention of TSA last year by security researcher Chris Soghoian, who noted that such "major incompetence" could have been avoided by basic oversight.

"At the request of Chairman Henry Waxman, Committee staff have been investigating how TSA could have launched a web site that violated basic operating standards of web security and failed to protect travelers'€™ sensitive personal information," says the report summary. "These deficiencies exposed thousands of American travelers to potential identity theft."

According to the report, the TSA was completely unaware of the security issues while the site was in operation. During that time, thousands of travelers submitted personal information through the website and a TSA administrator claimed in congressional testimony that the agency had assured "the privacy of users and the security of the system."

The web site was created by Desyne Web Services, a web marketing firm from northern Virginia whose clientèle includes the FBI, USA Today, and George Foreman. TSA awarded Desyne a no-bid contract valued at $48,816 for development of the redress system. According to the report, the Request for Quote (RFQ) issued by TSA prior to making the deal stated that Desyne was "the only vendor that could meet the program requirements." The report notes that Nicholas Panuzio, the TSA employee and technical lead who authored the RFQ, had previously worked for Desyne and had known the owner of the web design company since high school—a serious conflict of interest.

Following the revelation of security vulnerabilities in the system, TSA transferred the site to a Department of Homeland (DHS) Security domain and notified users who submitted information through the unencrypted form that they had been exposed to risk of identity theft. The committee's report notes, however, that TSA never reprimanded Panuzio or imposed sanctions on Desyne. In fact, the report says that Desyne continues to operate several major TSA web sites and has received over $500,000 of no-bid contracts web services from TSA and DHS.

This isn't the first time that TSA has gotten itself into trouble for exposing sensitive identification information. Last year, the agency lost a hard drive with names, Social Security numbers, salary information, and bank routing numbers for 100,000 TSA employees, including air marshals. The DHS has also suffered serious security breaches in the past year.

As we have noted in the past, the TSA terror watch list has very little efficacy and may actually contribute to security problems. The creation of the TSA redress system was precipitated in the first place by a study conducted by the Government Accountability Office (GAO) which found that approximately half of the individuals on the watch lists were false positives. The GAO has also reported ongoing problems with people on the no-fly list accidentally being permitted to fly. Additionally, TSA reported last year that screeners missed approximately 75 percent of simulated explosives and bomb components that testers hid in their clothing and carry-on bags at Los Angeles International Airport during a review of airport security procedures.

In light of TSA's steady litany of serious failures, perhaps it's time for Congress to reconsider the agency's role in airport security.

I have to agree, it our own security agencies can't manage to keep our information save then we either need to radically change the agencies internal policies or eliminate their role from our lives.

Sphere: Related Content

Massive SQL-based Web Attack Last Weekend On SQL Server based Websites

In what has to be one of the largest SQL based Web attacks on record, last weekend Google says over 70,000 domains were affected by a massive attack. This time it wasn't Oracle that was affected it was Microsoft SQL and IIS that were hacked. And here I was giving Oracle grief for not patching their errors, guess I should have been looking toward Microsoft instead.

Using a MDAC vulnerably that was supposed to have been patched in September of 2006 they used SQL injection to infect the sites. For those unfamiliar with SQL injection, the hackers insert SQL commands in what the website thinks is data, and instead of performing its normal processes, the hacked server performs the hackers inserted SQL commands.

Check out what CNET has to say in Massive SQL-based Web attack decoded:

On Wednesday, the SANS Internet Storm Center and others published details about the massive SQL-based Web attack that occurred over the weekend. The attack, says SANS, is similar to a smaller SQL-injection attack seen last November. At least 70,000 sites were compromised in short period of time, leading some speculate this was an automated attack..

From logs files, the attack code appears to exploit a variety of SQL injection vulnerabilities existing on Web sites using Microsoft SQL or Microsoft IIS. On the vulnerable sites, malicous javascript is injected into all varchar and text fields in the SQL database such that when a visitor hits the site, their browsers, if vulnerable, are then redirected to another domain--in this case, us8010.com.

Roger Thompson, chief research officer at Grisoft, identified one exploits served at the malicious server as taking advantage of MS06-014, a MDAC vulnerability that Microsoft patched in September 2006. He also noted that "this domain uc8010(dot)com was registered just a few days ago (Dec 28), and yet, at one point Google showed script injections pointing to it were showing up on over 70k domains." Yet by January 5, 2008, most of these domains had already been cleaned.

Sphere: Related Content

Has Sony Just Ended The DRM War?

The last holdout in the DRM war between Record Companies and Consumers may have just thrown in the towel and began selling DRM free music, even if they are making you go to a record store to buy it. Techcrunch is reporting in their blog post that starting mid month, you will be able to buy a “Platinum Music Pass” for the album you want and then redeem the pass for DRM free music on a internet website.

I'll bet that the in store requirement is just a face saving move that will fade within a month or two, and then all the major recording companies will be offering DRM free music over the internet, and no doubt where the recording companies go today the movie studios will follow soon after.

I for one won't miss looking over my shoulder when playing my MP3's on my Smart Phone. DRM was a bad idea when it started and will remain a bad idea in the future.

Check out what Techcrunch has to say in Sony BMG Confirms DRM Free Music, But Will Force Customers to Visit A Store To Buy It:

As we reported January 4, Sony BMG will become the last of the big four record companies to sell DRM free music, but with one very stupid catch. DRM free music from Sony BMG will be available from January 15 to those who purchase a plastic card called the “Platinum Music Pass” for the album they want from a retail store for $12.99. Buyers will then have to visit MusicPass.com and enter a code to download the DRM free album they selected in the store.

According to a USA Today report, Best Buy, Target and Fred’s will be first stores to offer the cards, with Winn-Dixie, Coconuts, FYE, Spec’s and Wherehouse to follow.

When we first wrote about Sony BMG offering DRM free music we were positive on the move, and it still is a step forward, but forcing customers who want to buy digital music into a physical store where they will be forced to pick the album then and there, then go home to download it…WTF?. It’s nearly like Sony BMG is setting this up to fail, so they can then go back to only selling DRM infested music whilst saying that there wasn’t demand for DRM free music because this experiment failed.

Sphere: Related Content

What is Scrum and Why Would I Want To Implement It?

If you ever wondered what all the buzz about agile programming is about I recommend that you take some time and take a look at All About Agile's post "How to implement Scrum in 10 easy steps." Scrum is one of Agile programmings more popular methodologies, and Kelly has done a fine job of explaining just what you need do to to get started and best of all it done in a clear and easy to understand style.

So if your wishing that your development team was more efficient take the time to read and consider All About Agile: How to implement Scrum in 10 easy steps:

When I first encountered agile software development, I found it hard to understand. Okay, I might not be the brightest person you've ever met! But I'm not stupid either, I think :-)

There's a myriad of different approaches, principles, methods and terms, all of which are characterised as 'Agile'. And from my perspective, all this 'noise' makes agile development sound far harder, far more scientic, and far more confusing than it really needs to be.

For this reason, I favour the Scrum methodology. Admittedly there's a bit of jargon to learn. But otherwise Scrum provides what is fundamentally a very simple way of managing software development more effectively.

Sure, it's great to have a deep understanding of the underlying values and principles of agile development.

Sure, it's great to have a thorough understanding of why Scrum works.

Sure, it's great to know lots of case studies where Scrum has been applied and try to relate them to your own individual situation.

But, fundamentally, I believe you can implement Scrum without all this knowledge. And still find many benefits and have a very positive experience of agile development.

In these 10 posts, I outline specifically how to implement Scrum in 10 easy steps:

- Step #1: Get your backlog in order!
- Step #2: How to estimate your product backlog
- Step #3: Sprint Planning/clarify requirements
- Step #4: Sprint Planning/estimate tasks
- Step #5: Create a collaborative workspace
- Step #6: Sprint!
- Step #7: Stand up and be counted!
- Step #8: Track progress with a daily burndown chart
- Step #9: Finish when you said you would
- Step #10: Review, reflect, repeat...

See also:
'Implementing Scrum' PowerPoint Presentation
10 Key Principles of Agile Software Development

Sphere: Related Content

Nicholas Carr Agrees, The IT Department Is On It's Way Out

I have long lamented about the future of American I.T. professionals, with the rise of the H-1B imports, the outsourcing our jobs overseas and the rise of cloud computing. Now author Nicholas Carr predicts a similar fate in his new book, The Big Switch: Rewiring the World from Edison to Google.

The book makes a case for the continued commoditization of the I.T. environment, first with outsourcing menial tasks, then entire projects, in the future he sees entire I.T. departments becoming part of the I.T. cloud.

Take a look at what Network World has to say about Nicholas Carr and his latest book in Network World - The IT department is dead:

The IT department is dead, and it is a shift to utility computing that will kill this corporate career path. So predicts Nicholas Carr in his new book, The Big Switch: Rewiring the World from Edison to Google.

Carr is best known for a provocative Harvard Business Review article entitled "Does IT Matter?" Published in 2003, the article asserted that IT investments didn't provide companies with strategic advantages because when one company adopted a new technology, its competitors did the same.

The Harvard Business Review article made Carr the sworn enemy of hardware and software vendors including Microsoft, Intel and HP, as well as of CIOs and other IT professionals.

With his new book, Carr is likely to engender even more wrath among CIOs and other IT pros.

"In the long run, the IT department is unlikely to survive, at least not in its familiar form," Carr writes. "It will have little left to do once the bulk of business computing shifts out of private data centers and into the cloud. Business units and even individual employees will be able to control the processing of information directly, without the need for legions of technical people."

Carr's rationale is that utility computing companies will replace corporate IT departments much as electric utilities replaced company-run power plants in the early 1900s.

Carr explains that factory owners originally operated their own power plants. But as electric utilities became more reliable and offered better economies of scale, companies stopped running their own electric generators and instead outsourced that critical function to electric utilities.

Carr predicts that the same shift will happen with utility computing. He admits that utility computing companies need to make improvements in security, reliability and efficiency. But he argues that the Internet, combined with computer hardware and software that has become commoditized, will enable the utility computing model to replace today’s client/server model.

"It has always been understood that, in theory, computing power, like electric power, could be provided over a grid from large-scale utilities — and that such centralized dynamos would be able to operate much more efficiently and flexibly than scattered, private data centers," Carr writes.

Carr cites several drivers for the move to utility computing. One is that computers, storage systems, networking gear and most widely used applications have become commodities.

He says even IT professionals are indistinguishable from one company to the next. "Most perform routine maintenance chores — exactly the same tasks that their counterparts in other companies carry out," he says.

Carr points out that most data centers have excess capacity, with utilization ranging from 25% to 50%. Another driver to utility computing is the huge amount of electricity consumed by data centers, which can use 100 times more energy than other commercial office buildings.

"The replication of tens of thousands of independent data centers, all using similar hardware, running similar software, and employing similar kinds of workers, has imposed severe economic penalties on the economy," he writes. "It has led to the overbuilding of IT assets in every sector of the economy, dampening the productivity gains that can spring from computer automation."

Carr embraces Google as the leader in utility computing. He says Google runs the largest and most sophisticated data centers on the planet, and is using them to provide services such as Google Apps that compete directly with traditional client/server software from vendors such as Microsoft.

"If companies can rely on central stations like Google's to fulfill all or most of their computing requirements, they'll be able to slash the money they spend on their own hardware and software — and all the dollars saved are ones that would have gone into the coffers of Microsoft and the other tech giants," Carr says.

Other IT companies that Carr highlights in the book for their innovative approaches to utility computing are: Salesforce.com, which provides CRM software as a service; Amazon, which offers utility computing services called Simple Storage Solution (S3) and Elastic Compute Cloud (EC2) with its excess capacity; Savvis, which is a leader in automating the deployment of IT;
and 3Tera, which sells a software program called AppLogic that automates the creation and management of complex corporate systems.

Carr points out that many leading software and hardware companies — Microsoft, Oracle, SAP, IBM, HP, Sun and EMC — are adapting their client/server products to the utility age.

"Some of the old-line companies will succeed in making the switch to the new model of computing; others will fail," Carr writes. "But all of them would be wise to study the examples of General Electric and Westinghouse. A hundred years ago, both these companies were making a lot of money selling electricity-production components and systems to individual companies. That business disappeared as big utilities took over electricity supply. But GE and Westinghouse were able to reinvent themselves."

Carr offers a grimmer future for IT professionals. He envisions a utility computing era where "managing an entire corporate computing operation would require just one person sitting at a PC and issuing simple commands over the Internet to a distant utility."

He not only refers to the demise of the PC, which he says will be a museum piece in 20 years, but to the demise of the software programmer, whose time has come to an end.

Carr gives several examples of successful Internet companies including YouTube, Craigslist, Skype and Plenty of Fish that run their operations with minimal IT professionals. YouTube had just 60 employees when it was bought by Google in 2006 for $1.65 billion. Craigslist has a staff of 22 to run a Web site with billions of pages of content. Internet telephony vendor Skype supports 53 million customers with only 200 employees. Meanwhile, Internet dating site Plenty of Fish is a one-man shop.

"Given the economic advantages of online firms — advantages that will grow as the maturation of utility computing drives the costs of data processing and communication even lower —traditional firms may have no choice but to refashion their own businesses along similar lines, firing many millions of employees in the process," Carr says.

IT professionals aren't the only ones to suffer demise in Carr's eyes. He saves his most dire predictions for the fate of journalists.

"As user-generated content continues to be commercialized, it seems likely that the largest threat posed by social production won't be to big corporations but to individual professionals — to the journalists, editors, photographers, researchers, analysts, librarians and other information workers who can be replaced by . . . people not on the payroll."

Carr's argument about the future of utility computing is logical and well written. He offers a solid comparison between the evolution of electrical utilities in the early 1900s and the development of utility computing that's happening today.

Carr's later chapters — about the future of artificial intelligence and the many downsides of the Internet — seem less integral to his utility computing argument. And his discussion of Google's vision of a direct link between the brain and the Internet seems far-fetched.

Nonetheless, The Big Switch is a recommended read for any up-and-coming IT professional looking to make a career out of providing computing services to corporations. If Carr's predictions come true, strong technical skills will still be valued by service providers.

I really hate it when I right and I have little doubt that both my and Nicholas Carr predictions will be proven for the most part correct over time. Take the time to read his book and see if you don't agree. If Congress will wake up and recognize the value of a strong I.T. industry to this countries future security and position in the world, there is still time to reverse the trends seen in his book and predicted here in this blog..

Sphere: Related Content

More than 120 million affected by data security problems in 2007

I blogged about this incessantly during the last year but it looks like the final toll of personal data breechs for 2007 exceeded an unbelievable 120 million records. Nearly 10 times as many as was reported in 2006 , but as data has continued to be concentrated and made available online, little has been done to force the industry to face the growing problem so I have little doubt that this years total will exceed even last years.

But at least someone besides myself is noticing, lets hope they have more success pointing out the problem than I have. Check out PC World - Leaks of Personal Data Swell to a Deluge: "

More than 120 million people in the U.S. had personal data exposed in 2007 as identity theft reached record heights. That's according to research from the nonprofit organization the Identity Theft Resource Center (ITRC) which reported 446 separate breaches exposing 128 million records.

The data shows a more-than sixfold increase over its 2006 figures, when 312 incidents were recorded, involving more than 19 million individuals.

Another group, Attrition.org, shows 319 personal information data loss incidents in 2007 in its database, both in the U.S. and other countries.

Criminals can fraudulently use other another person's identity data to buy goods, take out loans, take money from savings accounts, and hire cars. That person has to recover from the loss and endure badgering by debt-recovery organizations and bailiffs.

British Incidents Increase

The U.K. also grappled with numerous incidents of personal data loss, leaving millions vulnerable to potential identity theft. U.K. government agencies alone lost over 28 million people's identity data in 2007. Additional medical data records were lost due to NHS errors. Among the most infamous incidents in 2007 were:

- HMRC and Standard Life - 15,000 records exposed

- HMRC child benefit database - 25 million records lost

- HMRC and Countrywide Assured - 6,500 records leaked

- Northern Ireland Driving Agency - 6,500 records exposed

- Driving Standards Agency - 3 million records lost.

Credit Agencies Note Fraud

The number of new identity fraud victims contacting credit reference checking agency Experian continues to grow: 2,570 victims of identity fraud contacted it for assistance in the first half of 2007; a 68 percent year-on-year increase.

Helen Lord, Experian's fraud and regulatory compliance director at Experian, said: "The rate of identity fraud growth continues to be scary."

Identity theft criminals are being caught and punished. However, ITRC founder, Linda Foley, herself an identity theft victim, said: "Identity theft is like the never-ending story. It acts like an oil spill that spreads in yet another direction with the ocean currents and wind despite best efforts to contain it."

Sphere: Related Content