Jackson Rocco

In the days leading up to NASA's crashing of two halves of a space probe into the moon, doubters turned to the Internet to express fears that the lunar bombing would have negative effects on the Earth. In a quest to find out if there's water on the moon , NASA sent two separated halves of a spacecraft crashing into a permanently dark crater on the south pole of the moon this morning. Scientists and astronomers were quick to step forward to refute any rumors and quell concerns, but rumors are still circulating online. The crashes were meant to send up a huge debris plume that could be measured and analyzed for evidence of water ice hiding in the cold, dark crater.

But detractors were quick to post online warnings about possible negative effects of the experiment. With NASA still hopeful to one day create a viable human outpost on the moon , it would be helpful for anyone there to find water rather than haul it up from Earth. Amy Ephron, an author and screenwriter, wrote an article for the Huffington Post earlier this week, questioning NASA for taking the risks associated with sending two spacecraft crashing into the surface of the moon. "Who did the risk assessment? Ephron was far from alone in her concerns. I mean, what if something goes wrong?" asked Ephron. "I could say something scientifically lame and ask, 'What if it gets thrown off its axis?' or something funny and suggest something (that I actually sort of believe), like, 'What if it somehow throws off the astrology?' Or that we're not risking - as we have the earth with continued experiments of this kind - sending the solar system out of balance. The Chicago Surrealist Movement posted an online petition , which was signed by 560 people, calling for NASA to halt the bombing of the moon.

Faith Vilas, director of the MMT Observatory , said she's been amazed by such negative reactions to the mission. And people against the LCROSS mission started their own Twitter presence with @helpsavethemoon . While some people said they felt NASA's plan was simply too aggressive an attack on the Earth's orbiter, some claimed that the impacts would change the Earth's tides, throw the moon off its axis or even affect women's menstrual cycles. There's simply no danger, she added. "The moon is impacted by nature and meteors all the time," said Vilas. "Nature has done much more damage to the moon than we just did. What we did was nothing. We were not likely to have any effect on the moon at all.

We didn't have much of an impact at all." Bruce Betts, director of projects at The Planetary Society , said in an email to Computerworld that this morning's crashes will have no negative impact on the moon or the Earth. "The spacecraft are far too tiny compared to the moon, in fact, to have any significant effect on the moon's orbit or dynamics," he added. "The impact might be likened to a gnat hitting the windshield of a truck."

The iPhone's new defense - meant to prevent users from reaching phishing sites - is inconsistent at best, a security researcher said today, with some users getting warnings about dangerous links, while others are allowed to blithely surf to criminal URLs. Other experts said that the fickle feature is worse than no defense at all. But according to Michael Sutton, the vice president of security research at Sunnyvale, Calif.-based Zscaler, the new protection is "clearly having issues." At first, said Sutton, the anti-phishing feature was simply not working. "It was blocking nothing," Sutton claimed after testing iPhone 3.1's new tool Wednesday against a list of known fraudulent sites. Apple quietly added an anti-fraud feature to the iPhone's Safari browser with the update to iPhone 3.1 , released Wednesday.

By Thursday, things had improved, but just barely. "Yesterday, it started blocking some sites, for some users, but it was inconsistent. Apple relies on Google 's SafeBrowsing API (application programming interface) for the underlying data used to build anti-phishing and anti-malware blocking lists for the desktop edition of its Safari browser. Some sites are being blocked, others are not." That led Sutton to believe that the feature's functionality wasn't the issue, but how Apple updates users with a "blacklist" of malicious sites. Other browser makers, including Google and Mozilla, also use SafeBrowsing. "It appears some iPhones are getting timely updates [from Apple], but others are not, or are getting different [block list] feeds," Sutton said. "I'm feeling better about the feature than I was Wednesday, but clearly Apple is still have issues. URLs that are blocked by Safari in Mac OS X open and direct users to malicious pages [on the iPhone]." Like Sutton, James reported inconsistencies in the anti-fraud feature's effectiveness. "All we've come up with is that sometimes it works and sometimes it doesn't," said James. "This is clearly more dangerous than no protection at all, because if users think they are protected, they are less careful about which links they click." The new feature is turned on by default in iPhone 3.1; the option to turn it off is in Settings/Safari/Security, and is listed as "Fraud Warning." Sutton, although willing to concede that Apple overall is improving its security track record, bemoaned the state of mobile security in general, and the iPhone's in particular. "The greater concern to me is that we're making the same mistakes in mobile that we made on the desktop," he said. "On the desktop, security has gotten slowly better, but [with mobile] we have a fresh start. With the [media] coverage of the problem, maybe they're resolving it, or trying to." On Thursday, researchers at Intego, a Mac-only antivirus vendor, echoed Sutton's findings. "This feature should warn users that they may be visiting a known malicious Web site and ask if they wish to continue," said Peter James, a spokesman for Intego who writes the company's Mac security blog . "However, we have extensively tested this feature, tossing dozens of phishing URLs at it, and it simply does not seem to work.

I would have thought we would have learned from our mistakes, but there's virtually no protection in mobile browsers." According to research conducted by NSS Labs, which was hired by Microsoft to benchmark different desktop browsers' ability to block malware-laden sites, Safari in Mac OS X and Windows blocked only one-in-five malicious sites . Internet Explorer and Firefox, meanwhile, blocked 80% and 27%, respectively. Last month, NSS Labs attributed the disparities between Firefox, Safari and Google - all which use SafeBrowsing as the basis for their blacklists, to differences in how each browser tweaked, then applied, the lists. Google's Chrome blocked a paltry 7% of the sites.

It's hard to understand who in their right mind would want to incur the wrath of "Triple H," the intimidating superstar of professional wrestling. The smackdown came from someone who was actually watching the wrestler's back - Lauren Dienes-Middlen. But when a poser created a fraudulent MySpace account in Triple H's name, it wasn't the wrestler that the perpetrator had to contend with. She's vice president of intellectual property at World Wrestling Entertainment, the Stamford, Conn., company that owns the trademark.

The growth of social networks has brought a variety of threats that can potentially damage a brand's good name. WWE notified MySpace, which terminated the account immediately. Most of those threats aren't new, however. The Triple H incident wasn't the first time that an impostor had commandeered the name of a trademarked WWE personality. "We've had a lot of impersonations," mostly on Facebook, MySpace and Twitter, says Dienes-Middlen. Social networks have simply become another attack vector, whether for spreading malware, launching assaults on an individual's or company's reputation, or creating impostor social networking sites that divert traffic away from the brand's legitimate sites.

In fact, it's enough of a problem that Twitter recently launched an initiative to verify some accounts. Social media cybersquatting is where domain name cybersquatting was 10 years ago, says James Carnall, manager of the cyberintelligence division at security monitoring firm Cyveillance Inc. A Good Offense To protect themselves, businesses should defensively register company brand names and trademarks - and variations on those names - on the major social networking sites, just as they do with domain names, to protect against cybersquatters, says Pamela Keeney Lina, an intellectual property lawyer at Alston & Bird LLP in Atlanta, who has written about protecting intellectual property on social networks. People use variations on brand names to open accounts on social networking sites, in hopes that companies will pay them to relinquish control of the accounts. Unlike domain names, however, social networks have no central authority like ICANN or established processes for reclaiming brand names from cybersquatters.

He points to the online market Tweexchange as a prime example of how trading in social network names is a growing business. Some impostors are simply overzealous fans, but Dienes-Middlen is more concerned about scammers and those who sell pirated videos and poor-quality knockoff WWE merchandise, which robs the company of revenue and cheapens its brands. Last year, WWE shut down 3,200 online auctions of phony WWE products with an estimated street value of $16 million to $33 million. Those sites lure users through social networks, spam, abusive search engine marketing and other channels. During one Wrestlemania pay-per-view event this spring, WWE was able to use social networking sites to identify a number of unauthorized Web sites that planned to stream the event live.

The Cost of Piracy Online counterfeiting also damages brands in other ways. It also found 8,600 sites that had made pirated copies or footage of the event available after the fact. "Counterfeiting operations are highly organized, are very global and are picking up steam because of the economy," says Liz Miller, vice president of the Chief Marketing Officer (CMO) Council. For example, some people who buy pirated copies of Microsoft Corp.'s Windows operating system may think they have legitimate copies, says Cori Hartje, senior director of the Microsoft Genuine Software Initiative. Hartje says she's seen research showing that counterfeiters today can make more money from the spyware and malware than they get from selling the pirated software itself. What they get is software that often includes embedded spyware and malware - and they expect Microsoft and its channel partners to support the product. Meanwhile, the user blames Microsoft for any problems the malware causes. "That hurts our brand," Hartje says.

Many video-sharing sites, such as YouTube, have tools available to report and take down footage that violates copyrights. At WWE, while the onus is on the corporation itself to find and shut down sites peddling pirated videos and other counterfeit wares, most sites do try to cooperate. Dienes-Middlen says the challenge isn't shutting down the sites that WWE finds, but keeping up with the new ones that continue to crop up. Dienes-Middlen thought she had things under control - until she did a test run with brand protection service MarkMonitor The losses WWE had uncovered on its own were just the "tip of the iceberg," she says. While businesses can assign employees to do that, she recommends trying a third-party monitoring service to get a handle on the problem.

Soon afterward, she went to WWE's chief operating officer to ask for additional funds to clamp down on the illicit activity. "This was something we needed to attack. Jeff Hayzlett, chief marketing officer at Eastman Kodak Co., says he has seen competitors try to hijack conversations - sometimes anonymously - with customers on the company's Twitter and blog sites. Our most valuable asset is our intellectual property," Dienes-Middlen says. "You have to protect [it] or you lose your rights to it." Social networking sites can be a launch pad for reputation attacks from competitors, customers or disgruntled employees. In one Twitter exchange between Kodak and a prospective customer, a competitor jumped in and "inundated" the inquirer with negative comments about Kodak's product while promoting his own company's offering. When a customer is publishing negative comments, he says, his preference is to have a private conversation rather than use a public forum. It was, Hayzlett says, "a rude way to participate." He has a name for Twitter users who employ such tactics: He calls them "twankers." Any time you sell a product or service, you're going to have issues like this, Hayzlett says, so Kodak hired a "chief listener." That person monitors all conversations and routes problems to the appropriate group, be it legal, IT or marketing, so that the company can follow up.

Other threats can be self-inflicted. In the time it took to delete the tweet, four people had retweeted it. "I had to reach out to them and beg them to [remove it]." Even then, the tweet may have shown up in Twitter searches. Hayzlett himself admits to prematurely posting a tweet about the impending retirement of a product. "I accidentally hit Send instead of Save and tweeted out what we had worked six months to protect," he says. Gartner Inc. analyst John Pescatore says a client that runs a campground chain had an employee who thought he'd be helpful by posting a spreadsheet on Facebook that showed which sites were available and which were booked - but it included the credit card numbers campers had given to reserve their sites. With social networks, "periodically looking at content has to be part of the cost equation," Pescatore says. Data-leak prevention tools won't find such data when it's posted outside a corporate firewall.

Some threats come from inside. That could be a big problem for WWE, since employees who know the storylines of its scripted events could spill the beans. "If those outcomes were revealed, it would destroy the experience for the fans," Dienes-Middlen says, so all WWE employees are required to sign confidentiality agreements. In an April survey of more than 2,000 U.S. employees and executives by Deloitte LLP, nearly three quarters of the employees said that it was easy to damage a company's reputation using social media - and 15% said they would post comments online if their company did something they didn't agree with. Diversionary Tactics Social networks also have been used by scammers to lure a brand's customers to malware or phishing sites - or to e-commerce sites hawking counterfeit or gray-market products. It was the third-biggest category, right behind cybersquatting or illegal use of a trademarked name, and the illegal copying of digital media content.

According to a survey by MarkMonitor, which tracks online threats for its clients, in the 12-month period ending in the second quarter of this year, phishing attacks on social networking sites increased by 164%. In a CMO Council survey of 4,500 senior marketing executives, nearly 20% of the respondents said they had been affected by online scams and phishing schemes that had hijacked brand names. The fourth category was online sales of fake products that contain deficient or dangerous ingredients. She uses a monitoring service to track and shut down cybersquatters and scam sites. Barbara Rentschler, CMO at K'nex Brands LP, sees cybersquatting, online scams and false association of its brands on other sites as the biggest threats to the toy maker's brands on the Web. Many sites that misappropriate K'nex trademarks are overseas, she says.

With so many different brand threats to contend with online, it's important to have a coordinated strategy. Most aren't malicious: They're simply businesses that hope to become K'nex distributors. Unfortunately, says Cyveillance's Carnall, many organizations take a triage approach, sending the issue to legal, IT or marketing. "They silo it," he says. Hayzlett keeps communication flowing through what he calls online councils with every department in the organization, including IT, legal and human resources. "Everyone needs to work together and understand each role. But someone needs to be keeping track of outcomes and the overall impact on the brand, he contends. "You almost need a brand intelligence officer." At Kodak, the buck stops at the CMO's desk. We work as a team," he says.

Customers are often the first to notify a business of a problem, so listen to customer service lines carefully, says Frederick Felman, CMO at MarkMonitor. Communication between marketing and IT is key. "The most powerful team would be if you connected the CMO and the CIO at the hip," Miller says. At WWE, it was fans, not staffers or a monitoring service, who first reported the Triple H imposter. "Take the complaints you get seriously," Felman advises, "and be prepared to act quickly." Rentschler says IT needs to educate colleagues in marketing about risks. IT needs to push back more when marketing plans can jeopardize brand security. If IT sees a problem and fixes it without telling anyone, "no one else will know what to look out for," she warns.

It must, for example, fight pressure to rush Web site changes through without thorough security checks. "I don't think IT does a good job of saying, 'Here's all of the IT issues with the brand upkeep,' " Rentschler says. Lynn Goodendorf, global head of data privacy at U.K.-based InterContinental Hotels Group, says she tries to focus on sensitive, confidential data. With so much online turf to monitor and so much activity in cyberspace, it's important to prioritize. But even there, you have to have realistic goals. "Mitigate your largest exposures," she says, "but don't think you can mitigate it down to zero."

VMware Inc. is having trouble getting VMware Fusion 3.0 out its download door and is getting customer complaints about timeouts and licensing problems. The alert remained on the Web site early this morning. Shortly after the software was released Tuesday for download by customers, VMware issued a support alert about its upgrade portal, blaming "overwhelming demand" for the upgrade problems. Fusion 3.0 is virtualization software that allows Windows, and other guest operating systems, to run on Intel-based Mac OS X. VMware Workstation 7 , also released Tuesday, is a virtual machine platform that supports multiple operating systems on a PC. Most of the VMware portal problems appear to be with Fusion.

In a blog post , Pat Lee, director of VMware's personal desktop products, posted the 30-day free trial key as a workaround. "Because we've seen even more demand than anticipated, the VMware Fusion upgrade portal is having significant problems keeping up with the demand," wrote Lee, in a post Tuesday afternoon. "While we have already transacted thousands of upgrades today and many people are able to get the product, I apologize immensely to those of you who are anxious to get the product immediately and are running into issues." Responded one user, Miku, in a comment field: "I'm very happy that you posted a temporary serial for us to try it out, the license server problems were driving me insane, I was really thinking I was insane." Rob Enderle, an independent IT analyst in San Jose, said the demand for the product would imply that a lot of people suddenly want to run Windows on a Mac, "so many that it is crashing VMware's servers." "VMware is largely a server company and not really used to the kinds of numbers that can be generated by a popular desktop offering. One problem was difficulty in getting activation codes for the new products. You jump from 100s for a server application to millions for a popular desktop application under load and this looks like VMware wasn't ready for this jump," Enderle said. A VMware spokesman said the company wouldn't provide details beyond what was in the blog post. The site issues may be an indication that Paul Maritz, VMware's CEO, who was appointed last year and is a longtime Microsoft veteran, may have assumed that the demand was anticipated by his staff, Enderle said. "This should be one hell of a wake-up call for him, not unusual for a new CEO, and it will remind him that he needs to test his assumptions, because what he assumes, and what turns out not to be true, can be very damaging," he said. The company was also addressing upgrade issue via a Twitter account, vmwarefusion .

The worst economic recession in decades has compelled more companies to spend less on outsourced security services and do more in-house, according to the seventh-annual Global Information Security survey, which CSO and CIO magazines conducted with PricewaterhouseCoopers earlier this year. Related podcast: IT Security Outsourcing in Decline A few years ago, technology analysts were predicting unlimited growth for managed security service providers (MSSPs). Many companies then viewed security as a foreign concept, but laws such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (affecting financial services) were forcing them to address intrusion defense, patch management, encryption and log management. Some 7,200 business and technology executives worldwide responded from a variety of industries, including government, health care, financial services and retail.

Convinced they couldn't do it on their own, companies chose outsourcers to do it for them. Although 31 percent of respondents this year are relying on outsiders to help them manage day-to-day security functions, only 18 percent said they plan to make security outsourcing a priority in the next 12 months. Gartner estimated the MSSP market in North America alone would reach $900 million in 2004 and that it would grow another 18 percent by 2008. Then came the economic tsunami, which appears to have cast a shadow over outsourcing plans even though security budgets are holding steady. When it comes to specific functions, the shift has already begun. Respondents cited similar reductions in outsourcing of network and end-user firewalls.

Last year, 30 percent of respondents said they were outsourcing management of application firewalls, compared to 16 percent today. Companies have also cut back on outsourcing encryption management and patch management. Sixty-nine percent said they're budgeting for application firewalls, up slightly compared to the past two years. At the same time, more companies are spending money on these and other security functions. Meanwhile, more than half of respondents said they are investing in encryption for laptops and other computing devices. It was mostly due to the economic conditions more than anything else," he says. "They were certainly looking to see where cost could be reduced or eliminated.

The results surprise Mark Lobel, a partner in the security practice at PricewaterhouseCoopers. "When you think about it logically, some IT organizations have the resources and maturity to manage their operating systems and patches, but many don't," he observes. "Hopefully, the numbers simply mean IT shops have grown more mature in their security understanding." Miguel Lopez, a Los Angelas-based IT security practitioner who has worked for such companies as MSC Software and Stamps.com, observed a stark trend toward less outsourcing while at MSC (he left the company earlier this year). "The company was doing less and less outsourcing. I also hear from a few of my friends in other companies that the trend is toward doing more with internal staff." Peter Hillier, director of IT security for CMA Holdings in Ottawa, believes there are three things driving the move toward more in-house security: 1. Organizations have become more adept at do-it-yourself security since first outsourcing, though, Hillier says, "they should have done that prior to outsourcing security the first time." 2. SIM/SIEM growth has been as good for the insourcer as it is for the outsourcer. "If you can do more with less, then why pay someone else to do it?" he asks. 3. Economy is a driver, as others have noted. Smart business executives understand that they must maintain control of the big picture at all times, even if a third party is managing many of the levers. Charles Beard, SVP and chief information officer for Science Applications International Corp. (SAIC), says that no matter what drives security spending decisions, companies should understand their specific security strategies and where managed security providers can offer unique value. Keeping an eye on security service providers and the risks they are encountering is essential. "CIOs and security officers may outsource certain functions to various degrees, but they should never outsource their responsibility," Beard advises.