Tuesday, August 22, 2006

Web Surfing in Public Places is not Safe

If you are a business traveler think twice before using the wirless network at the airport.

Web Surfing in Public Places Is a Way to Court Trouble

Any business traveler who has logged on to a wireless network at the airport, printed a document at a hotel business center or checked e-mail messages at a public terminal has probably wondered, at least fleetingly, “Is this safe?”

Although obsessing about computer security is a bit like worrying about a toddler — potential hazards lurk everywhere and you can drive yourself crazy trying to avoid them — the fact is, business travelers take certain risks with the things they do on most trips.

“If you go into the average hotel and sit down in the business center and have a look at their computer, I’m sure you’ll find some interesting things that people shouldn’t have left behind,” said Paul Stamp, a security analyst with Forrester Research.

“The first step companies need to do is to educate people about how valuable the data is and also how small the circles are in which they travel,” he said, noting how loudly many people discuss business on cellphones, without a thought for who may be nearby.

Or what may be in the air. Robert Vamosi, a senior editor with the online technology publisher CNET, said wireless networks at airports — or for that matter, hotels or cafes — are not as secure as most people think.

“Someone may have some software on their computer that allows them to look at all the wireless transactions going on around them and capture packets that are floating between the laptop and the wireless access point,” he said.

These software programs are called packet sniffers and many can be downloaded free online. They are typically set up to capture passwords, credit card numbers and bank account information — which is why Mr. Vamosi says shopping on the Web is not a great way to kill time during a flight delay.

“Where I’d draw the line is putting in your bank account information or credit card number,” he said, adding that checking e-mail messages probably is not that risky, but if you want to be cautious, change your password once you are on a secure connection again.

That said, if you gain access to your corporate network through a V.P.N., or virtual private network, you are safer using public hot spots, because your data is encrypted as it travels between Gate 17 and your office’s server, where it is decoded before going to its destination.

In other words, your communications are automatically encoded by software on your computer so the data looks like gibberish to anyone trying to intercept it. If your company does not offer a V.P.N. for employees working away from the office, there are services you can subscribe to for about $10 a month that do the same thing.

Michael Sellitto, a graduate student studying international security at Harvard, said that even though he encrypted any sensitive data on his laptop, he planned to sign up for a service like HotSpotVPN to add another level of security when he is traveling, especially when using poorly protected networks at cafes and hotels.

“The problem is, the really good people have written sniffer programs so that the less-sophisticated people have access to the same technology,” Mr. Sellitto said. “Say a Microsoft Word document gets transmitted. The sniffer program will collect that and someone could open it up on their computer.”

While it is hard to say how likely it is that someone is lurking on a public network, many public networks do not have adequate security.

Last fall, InfoWorld magazine published an article about a security researcher who managed to collect more than 100 passwords, per stay, at hotels with lax security (about half the hotels she tested).

Gathering reliable statistics about security breaches is notoriously difficult, since companies are reluctant to reveal this information. Still, the most recent computer crime and security survey, conducted annually by the Computer Security Institute with the Federal Bureau of Investigation, found that the average loss from computer security incidents in 2005 was $167,713 per respondent (based on 313 companies and organizations that answered the question).

As Jim Louderback, editor of PC Magazine, noted, the statistics may not matter given the problems one data breach can cause.

“Even if it’s 1 or 2 percent,” he said. “You don’t want to run that risk.”

Using a public computer can also mean courting trouble, because data viewed while surfing the Web, printing a document or opening an e-mail attachment is generally stored on the computer — meaning it could be accessible to the next person who sits down. (To remove traces of your work, delete any documents you have viewed, clear the browser cache and the history file and empty the trash before you walk away.)

“You also run the risk that somebody has loaded a program on there that can capture your log-ins and passwords,” Mr. Louderback said, recalling an incident a few years ago when a Queens resident was caught installing this type of “key logger” software on computers at several Kinko’s locations in New York.

One way to foil these programs, which record what you type and can send the transcript to a hacker, is to use a password manager like RoboForm. This $30 software encrypts all your user names and passwords for various Web sites, then enters the data at the click of a mouse when you are prompted to log in.

There is a mobile version that can be stored on a flash drive that plugs into a U.S.B. port — making your passwords secure and portable.

There are also simple measures you can take to protect your hardware, like using a cable lock to secure your laptop in a hotel room or even a cafe (in case you leave the table for any reason), and making sure you lock your computer bag in the trunk rather than leaving it on the back seat.

For travelers who do carry around sensitive data, it is worth looking into programs like Absolute Software’s LoJack for Laptops, which can help recover a missing computer. The software reports its location when connected to the Internet — and some versions can even be programmed to destroy data if a computer is reported lost or stolen.

But perhaps the most common snoop that business travelers encounter is someone nearby “shoulder surfing” to see what is on a laptop, out of curiosity or mere boredom.

To foil prying eyes, 3M sells a Notebook Privacy Filter, a plastic film that makes it impossible to view a laptop screen from an angle.

Trevor Stromquist, a sales analyst for a manufacturing company in Minneapolis, has been using one for the last two years to dissuade nosy neighbors on the road, but he has noticed an added benefit back at the office.


Monday, August 14, 2006

Stock Option Dating is the culprit

Backdating stock options is the financial scandal that has been rocking the TECHNOLOGY firms. The practice already has led to criminal charges against the former chief executives of Brocade Communications Systems Inc. and Comverse Technology Inc.
Backdating is not illegal per se but the proper disclosures are required to inform the investors when stock options were awarded.

Two techonology firms, Apple and E Plus are restating their financial statements because of the stock options-related accounting practices.

Excerpt of the news:

EPlus Finds Problems in Stock Option Accounting
Herndon Firm Is Latest Affected

EPlus Inc., a maker of business software in Herndon, announced yesterday that it would restate its financial results for the past two years because of "incorrect accounting" for stock option awards, as disclosures mounted about questionable compensation practices.

The company said it had uncovered problems with options granted to four senior officers -- chief executive Phillip G. Norton, Executive Vice President Bruce M. Bowen, Treasurer Kleyton L. Parkhurst and Chief Financial Officer Steven J. Mencarini -- after a stockholder flagged the issue with a letter to management in late June.

The audit committee at ePlus expanded its review to cover every stock option awarded since the company's initial public offering a decade ago. The review, which is not yet complete, has found that the "actual measurement dates" for options doled out between 1998 and 2005 "differ from the recorded measurement dates," according to a news release issued yesterday.

In a preliminary estimate, the company predicted that it would record $3 million in compensation expenses because of the problem, not including undisclosed but "significant" costs of the ongoing investigation and of revamping its "inadequate" financial controls. An ePlus spokesman declined to comment yesterday beyond the news release.

The ePlus announcement came the same day that Apple Computer Inc. said it would miss a deadline for filing its quarterly report with the Securities and Exchange Commission because of a continuing review of "irregularities" related to past stock option awards. Apple said it received a letter from the Nasdaq Stock Market formally warning that its failure to file a timely quarterly report with the SEC put the company's shares at risk for possible delistment. Apple said it would request a hearing before Nasdaq's listing panel and that its shares would keep trading on the market pending the panel's decision.

Read the entire story here.


Tuesday, August 08, 2006

Martha Stewart paid the last cost of her long battle

The lie that costed Martha Stewart several millions in punitive damages and loss in the price per share of her publicly traded stocks is about to be buried and forgotten with the final settlement of the civil suit.

Excerpt of the news:

Martha Stewart agreed to pay $195,000 to settle civil insider-trading claims yesterday, marking the end of a long and costly legal battle that sent her to prison only to reemerge as a celebrity on television and in her namesake magazine.

The settlement, which requires court approval, resolves civil charges against Stewart stemming from her December 2001 sale of stock in ImClone Systems Inc. Securities and Exchange Commission lawyers argued that Stewart took advantage of inside information to avoid $45,673 in losses before a negative announcement about ImClone's signature cancer drug. Two years ago, a jury convicted Stewart of lying to investigators about the sale.

Washington Post has the news about the fallen goddess of the home improvement business.