Show your support by donating any amount. (Note: We are still technically a for-profit company, so your
contribution is not tax-deductible.)
PayPal Acct: 
Feedback: 
Donate to VoyForums (PayPal):
| Sunday, May 17, 06:50:19pm | [ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, 2, 3, 4, 5, 6, 7, [8], 9, 10 ] |
| Subject: Windows Server 2003 also supports smartcard technologies | |
|
Author: Human Factor Wild Card in IT PerformanceMolouk Y. Ba-Isa, Arab News StaffALKHOBAR, 29 April 2003 |
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
Date Posted: Tuesday, May 06, 03:37:17am http://www.arabnews.com/Article.asp?ID=25690 ----------------------------------------------------------- Human Factor Wild Card in IT PerformanceMolouk Y. Ba-Isa, Arab News Staff ----------------------------------------------------------- ALKHOBAR, 29 April 2003 — The incident I am about to reveal today is so bizarre that it might seem to be the stuff of fantasy. Unfortunately, it’s not. This extremely weird fiasco does make me wonder though if people put on their thinking caps before they go to work each morning in Saudi Arabia. The incident involves a Saudi bank and in good conscience I can’t say which one — not to protect the bank, but to protect the bank’s customers. ----------------------------------------------------------- The whole crazy mess got started on April 23 when the bank sent out a message to a group of its Internet banking users. The message read in part: ----------------------------------------------------------- “As a valued member and as part of our services enhancement strategy, we invite you to give us your appreciated feedback and comments. This would enable us to serve you better...Kindly be mindful of safeguarding your subscriber ID and password. Rest assured, your accounts are secured and protected with us. Please feel free to call us on our toll-free number for further clarifications. We look forward to an everlasting relationship with you.” ----------------------------------------------------------- I want to emphasize here that it was not the bank’s message that was the problem. It’s what happened next. A man named Riyadh received the message. He had a problem and he wanted the bank to help him. On April 26, he sent the administrators of the Internet banking service the following communication: ----------------------------------------------------------- “Thank u for your nice message. For me I forget my user ID & password. So could you help me on this matter? Best Regards.” ----------------------------------------------------------- Once again, I must emphasize that there was nothing bad about Riyadh sending the bank an e-mail. The problem occurred in how he addressed the message. You see, instead of simply clicking on “reply” in the original message, Riyadh clicked on “Reply all.” That still might not have created a crisis except that the bank’s mail server was incorrectly configured. When Riyadh clicked reply all, two e-mail addresses came up. The first one was for the bank’s administration. The second one was for a group of Internet banking customers. When it received Riyadh’s e-mail, the bank’s incorrectly configured mail server sent out Riyadh’s request for his user identification and password to everyone — both the bank’s administration and the bank’s customers. ----------------------------------------------------------- When they received the strange e-mail, some customers in the Internet banking group realized immediately what had happened and simply phoned the bank to report a problem with the mail server. Unfortunately, one man, Samir, who wasn’t so knowledgeable about IT, went bananas and sent out an aggressive message in reply to Riyadh’s e-mail. Even worse, instead of typing in only Riyadh’s address on the new mail, Samir clicked reply on the original e-mail he’d received from Riyadh. Since the e-mail was already primed to go out to everyone — the bank’s administration and customers, the nasty message was received by all, including Riyadh. It read: ----------------------------------------------------------- “Who are you? How come I am getting your request? Which user ID are you talking about? Are you sure about what you are asking for? Kindly go to the bank near you and find out what is to be done. I am holding the bank responsible for this if they release my ID and password. Watch out.” ----------------------------------------------------------- I am sure that many of you can imagine what happened next. Customers in the Internet banking group freaked out. Some sent messages directly back to the concerned individuals but others clicked reply and their e-mails went to everybody. Those individuals revealed their primary e-mail addresses and, in most cases, their full names, to a bunch of people they don’t know. Let’s hope that all customers in that Internet banking group are decent folks because that information could be used for spoofing, SPAM registration or even as a starting point for identity theft. ----------------------------------------------------------- On the evening of April 26, the bank sent out a message to all their abused Internet banking customers. Please note, the text is exactly as sent by the bank. It read: ----------------------------------------------------------- “This is to bring to your attention to a recent incident that you might have been part of. We have created a mailing group for our continuous strive to better communicate with you. Unfortunately, the setting of this e-mail address allowed your reply to be viewable by the bank’s administration as well as some other users. This involuntary fault has been remedied and you will no longer receive non-bank authorized e-mail. We apologize for any inconvenience that this mishap may have caused you. Nevertheless, we assure you that there has been no compromise on your privileged information whatsoever. Again, make certain that your account transactions and information are secure and protected with this bank. Trust your understanding.” ----------------------------------------------------------- Yes, ladies and gentlemen, trust your understanding of this situation. The incorrect configuration of the bank’s mail server was most likely unintentional — it was not involuntary. ----------------------------------------------------------- Now, let’s take a look at a company that really is trying to provide ideal online service. Since the start of the war in Iraq, demand on Zawya.com, the first Middle Eastern business and finance portal, has increased almost twofold, while its subscriber base has seen significant uptake from non-Arab clients. Zawya management believes that the popularity of the portal has risen as the world seeks to better understand the regional situation and follow developments on what is expected to be the biggest construction program since World War II. ----------------------------------------------------------- “During the past few weeks, the daily average of hits for Zawya.com has almost doubled,” said Ihsan Jawad, managing director, ABQ Zawya. Specifically, he pointed out that there has been an obvious increase in usage from the business community particularly regarding information on Iraq’s state-owned Rafidain Bank and the Iraqi Central Bank, as well as business contracts, currency and the economic situation in Iraq. According to Jawad, the US Treasury Department recently has signed up for a large multiple user subscription to Zawya’s Corporate Monitor. Jawad is pleased that many individuals and institutions from Europe and the US are now subscribing to Zawya’s Corporate Monitor product — a dynamic database of over 9,000 of the region’s most active business entities. He feels that this clearly indicates the growing demand from non-Arab institutions for accurate and reliable data on Middle East markets. ----------------------------------------------------------- Zawya.com has created a specialized module on its homepage that aggregates news related specifically to the conflict in Iraq. It has also developed an entirely new Construction page (zawya.com/construction) which allows follow up on the reconstruction effort in Iraq. Note that at Zawya.com, archive access for non-Corporate Monitor subscribers is limited to the previous 48 hours. ----------------------------------------------------------- The final point on today’s agenda is the announcement of the global launch of Microsoft’s Windows Server 2003 family. In the Kingdom, Microsoft Arabia will be presenting the Windows Server 2003 family, Visual Studio.Net and the 64-bit edition of SQL Server 2000 Enterprise Edition to the local business community at roadshows that will visit Riyadh, Jeddah and Alkhobar during May. Also participating in the roadshows will be Microsoft international partners HP, Intel and Citrix, together with local Microsoft partners Arabic Computer Systems, New Horizons and Zuhair Fayez Partnership. The partner companies will demonstrate their products, solutions and services around the newly launched Microsoft products. Microsoft will also be demonstrating the new products on their partners’ booths at Gitex Riyadh 2003, taking place this week. ----------------------------------------------------------- Unfortunately, I haven’t actually seen the new products in action, nor have I spoken with any customers who are using the products. Microsoft Arabia stated that a Windows Server 2003 installation has been completed at one Saudi government agency, but they declined to reveal which one. ----------------------------------------------------------- At a press conference in Riyadh on Windows Server 2003, Mazen Abu Saleh, product marketing manager, servers, MS Arabia, asserted that early results from global customers deploying the product include 20-30 percent reduction in servers, two times faster performance across all workloads and 20 percent reduction in overall management costs. Abu Saleh commented that Windows NT server 4.0 users migrating to Windows Server 2003 will see the biggest benefits with systems that are 100 times more scalable at one-tenth the cost per transaction as compared to when NT4 was introduced. Further, they will see a 40 percent increase in stability due in part to improvement in a more robust driver model and system recovery capabilities designed for maximum uptime. ----------------------------------------------------------- “Globally, early-adopter customers are confirming that Windows Server 2003 is driving down overall IT cost while providing the highest level of performance and reliability. It is an outstanding product that will provide unprecedented value for businesses of all sizes,” said Bilal Sununu, GM, Microsoft Arabia. ----------------------------------------------------------- Windows Server 2003 is the first major operating system release from Microsoft that was produced under the company’s Trustworthy Computing commitment. “Windows Server 2003 is secure by design, secure by default, and secure in deployment,” emphasized Abu Saleh. What does that mean? Microsoft spent nearly $200 million training 13,000 employees on new security focused development techniques, implementing new engineering processes and completing a line-by-line security review of Windows Server 2003. More than 20 services are turned off in their default settings in the OS as compared to Windows 2000. To protect systems after deployment, a new Software Restriction Policies (SRP) feature in Windows Server 2003 allows administrators to determine which applications can and cannot execute in their environment. Windows Server 2003 also supports smartcard technologies. With this feature enabled, administrators can log on with a normal account, but must provide authentication with a smartcard when they want to perform secure administrative tasks. ----------------------------------------------------------- At the Riyadh press conference, Abu Saleh agreed that there is no such thing as 100 percent secure. However, Microsoft is doing everything possible to maximize security. They have just released the Windows Server 2003 Security Guide, which gives instructions and guidance on securing every piece of the new OS. Plus, the main OS security guide comes with a set of tools and templates. Included in this are security checklists for each of the server components of the new OS, sample scripts and a test guide. No matter how well Microsoft has designed, defaulted and deployed Windows Server 2003, in the end, the security of this OS will depend on customers following the recommended guidelines for its use. ----------------------------------------------------------- Comments to: baisa@maktoob.com -----------------------------------------------------------� [ Next Thread | Previous Thread | Next Message | Previous Message ] |
| Subject | Author | Date |
| Cashless refuelling on the go 15/04/2003 21:39 - (SA) | automated tag system | Tuesday, May 06, 04:46:53am |