Very funny !
vendredi, novembre 30, 2007
mercredi, novembre 28, 2007
The top 10 IT disasters of all time
By Colin Barker, ZDNetUK, News.com
Published on ZDNet News: Nov 27, 2007
Following the loss of the personal records of some 25 million child benefit recipients by Her Majesty's Revenue & Customs this month, the UK government will be acutely aware of how quickly mismanagement of technology can lead to serious problems.
While technology wasn't to blame per se in the HMRC data loss, there are plenty of recorded examples where faulty hardware and software have cost the organizations concerned dearly, both financially and in terms of reputation--and resulted in some near misses for the public.
Here's our considered list of some of the worst IT-related disasters and failures. The order is subjective--with number one being the worst--so feel free to comment using Talkback below if you disagree or have suggestions for disasters we may have missed.
1. Faulty Soviet early warning system nearly causes WWIII (1983)
The threat of computers purposefully starting World War III is still the stuff of science fiction, but accidental software glitches have brought us too close in the past. Although there have been numerous alleged events of this ilk, the secrecy around military systems makes it hard to sort the urban myths from the real incidents.
However, one example that is well recorded happened back in 1983, and was the direct result of a software bug in the Soviet early warning system. The Russian system told them that the United States had launched five ballistic missiles. However, the duty officer for the system, one Lt Col Stanislav Petrov, claims he had a "funny feeling in my gut", and reasoned if the U.S. was really attacking they would launch more than five missiles.
The trigger for the near apocalyptic disaster was traced to a fault in software that was supposed to filter out false missile detections caused by satellites picking up sunlight reflections off cloud-tops.
2. The AT&T network collapse (1990)
In 1990, 75 million phone calls across the U.S. went unanswered after a single switch at one of AT&T's 114 switching centers suffered a minor mechanical problem and shut down the center. When the center came back up soon afterwards, it sent a message to other centers, which in turn caused them to trip, shut down and reset.
The culprit turned out to be an error in a single line of code--not hackers, as some claimed at the time--that had been added during a highly complex software upgrade. American Airlines alone estimated this small error cost it 200,000 reservations.
3. The explosion of the Ariane 5 (1996)
In 1996, Europe's newest and unmanned satellite-launching rocket, the Ariane 5, was intentionally blown up just seconds after taking off on its maiden flight from Kourou, French Guiana. The European Space Agency estimated that total development of Ariane 5 cost more than $8bn (£4bn). On board Ariane 5 was a $500 million (£240 million) set of four scientific satellites created to study how the Earth's magnetic field interacts with Solar Winds.
According to a piece in the New York Times Magazine, the self-destruction was triggered by software trying to stuff "a 64-bit number into a 16-bit space."
"This shutdown occurred 36.7 seconds after launch, when the guidance system's own computer tried to convert one piece of data--the sideways velocity of the rocket--from a 64-bit format to a 16-bit format. The number was too big, and an overflow error resulted. When the guidance system shut down, it passed control to an identical, redundant unit, which was there to provide backup in case of just such a failure. But the second unit had failed in the identical manner a few milliseconds before. And why not? It was running the same software," the article stated.
4. Airbus A380 suffers from incompatible software issues (2006)
The Airbus issue of 2006 highlighted a problem many companies can have with software: What happens when one program doesn't talk to the another. In this case, the problem was caused by two halves of the same program, the CATIA software that is used to design and assemble one of the world's largest aircraft, the Airbus A380. This was a major European undertaking and, according to Business Week, the problem arose with communications between two organizations in the group: French Dassault Aviation and a Hamburg factory.
Put simply, the German system used an out-of-date version of CATIA and the French system used the latest version. So when Airbus was bringing together two halves of the aircraft, the different software meant that the wiring on one did not match the wiring in the other. The cables could not meet up without being changed.
The problem was eventually fixed, but only at a cost that nobody seems to want to put an absolute figure on. But all agreed it cost a lot, and put the project back a year or more.
5. Mars Climate Observer metric problem (1998)
Two spacecraft, the Mars Climate Orbiter and the Mars Polar Lander, were part of a space program that, in 1998, was supposed to study the Martian weather, climate, and water and carbon dioxide content of the atmosphere. But a problem occurred when a navigation error caused the lander to fly too low in the atmosphere and it was destroyed.
What caused the error? A sub-contractor on the NASA program had used imperial units (as used in the U.S.), rather than the NASA-specified metric units (as used in Europe).
6. EDS and the Child Support Agency (2004)
Business services giant EDS waded in with this spectacular disaster, which assisted in the destruction of the U.K.'s Child Support Agency (CSA) and cost the taxpayer over a billion pounds.
EDS's CS2 computer system somehow managed to overpay 1.9 million people and underpay around 700,000, partly because the Department for Work and Pensions (DWP) decided to reform the CSA at the same time as bringing in CS2.
Edward Leigh, chairman of the Public Accounts Committee, was outraged when the National Audit Office subsequently picked through the wreckage: "Ignoring ample warnings, the DWP, the CSA and IT contractor EDS introduced a large, complex IT system at the same time as restructuring the agency. The new system was brought in and, as night follows day, stumbled and now has enormous operational difficulties."
7. The two-digit year-2000 problem (1999/2000)
Many IT vendors and contractors did very well out of the billions spent to avoid what many feared would be the disaster related to the Millennium Bug. Rumors of astronomical contract rates and retainers abounded. And the sound of clocks striking midnight in time zones around the world was followed by... not panic, not crashing computer systems, in fact nothing more than New Year celebrations.
So why include it here? That the predictions of doom came to naught is irrelevant, as we're not talking about the disaster that was averted, but the original disastrous decision to use and keep using for longer than was either necessary or prudent double digits for the date field in computer programs. A report by the House of Commons Library pegged the cost of fixing the bug at £400 billion. And that is why the Millennium Bug deserves a place in the top 10.
8. When the laptops exploded (2006)
It all began simply, but certainly not quietly, when a laptop manufactured by Dell burst into flames at a trade show in Japan. There had been rumors of laptops catching fire, but the difference here was that the Dell laptop managed to do it in the full glare of publicity and video captured it in full color.
(Unfortunately, the video capturing the incident appears to have vanished from the web. If you happen to own a copy, please send it to us as it should make interesting viewing again.)
"We have captured the notebook and have begun investigating the event," Dell spokeswoman Anne Camden reported at the time, and investigate Dell did. At the end of these investigations the problem was traced to an issue with the battery/power supply on the individual laptop that had overheated and caught fire.
It was an expensive issue for Dell to sort out. As a result of its investigation Dell decided that it would be prudent to recall and replace 4.1m laptop batteries.
Company chief executive Michael Dell eventually laid the blame for the faulty batteries with the manufacturer of the battery cells--Sony. But that wasn’t the end of it. Apple reported issues for iPods and Macbooks and many PC suppliers reported the same. Matsushita alone has had to recall around 54 million devices. Sony estimated at the time that the overall cost of supporting the recall programs of Apple and Dell would amount to between ¥20 billion (£90m) and ¥30 billion.
9. Siemens and the passport system (1999)
It was the summer of 1999, and half a million British citizens were less than happy to discover that their new passports couldn't be issued on time because the Passport Agency had brought in a new Siemens computer system without sufficiently testing it and training staff first. Hundreds of people missed their holidays and the Home Office had to pay millions in compensation, staff overtime and umbrellas for the poor people queuing in the rain for passports. But why such an unexpectedly huge demand for passports? The law had recently changed to demand, for the first time, that all children under 16 had to get one if they were traveling abroad.
Tory MP Anne Widdecombe summed it up well while berating the then home secretary, Jack Straw, over the fiasco: "Common sense should have told him that to change the law on child passports at the same time as introducing a new computer system into the agency was storing up trouble for the future."
10. LA Airport flights grounded (2007)
Some 17,000 planes were grounded at Los Angeles International Airport earlier this year because of a software problem. The problem that hit systems at United States Customs and Border Protection (USCBP) agency was a simple one caused in a piece of lowly, inexpensive equipment.
The device in question was a network card that, instead of shutting down as perhaps it should have done, persisted in sending the incorrect data out across the network. The data then cascaded out until it hit the entire network at the USCBP and brought it to a standstill. Nobody could be authorized to leave or enter the U.S. through the airport for eight hours. Passengers were not impressed.
(Note: We have purposely omitted incidents that resulted in loss of life.)
Published on ZDNet News: Nov 27, 2007
Following the loss of the personal records of some 25 million child benefit recipients by Her Majesty's Revenue & Customs this month, the UK government will be acutely aware of how quickly mismanagement of technology can lead to serious problems.
While technology wasn't to blame per se in the HMRC data loss, there are plenty of recorded examples where faulty hardware and software have cost the organizations concerned dearly, both financially and in terms of reputation--and resulted in some near misses for the public.
Here's our considered list of some of the worst IT-related disasters and failures. The order is subjective--with number one being the worst--so feel free to comment using Talkback below if you disagree or have suggestions for disasters we may have missed.
1. Faulty Soviet early warning system nearly causes WWIII (1983)
The threat of computers purposefully starting World War III is still the stuff of science fiction, but accidental software glitches have brought us too close in the past. Although there have been numerous alleged events of this ilk, the secrecy around military systems makes it hard to sort the urban myths from the real incidents.
However, one example that is well recorded happened back in 1983, and was the direct result of a software bug in the Soviet early warning system. The Russian system told them that the United States had launched five ballistic missiles. However, the duty officer for the system, one Lt Col Stanislav Petrov, claims he had a "funny feeling in my gut", and reasoned if the U.S. was really attacking they would launch more than five missiles.
The trigger for the near apocalyptic disaster was traced to a fault in software that was supposed to filter out false missile detections caused by satellites picking up sunlight reflections off cloud-tops.
2. The AT&T network collapse (1990)
In 1990, 75 million phone calls across the U.S. went unanswered after a single switch at one of AT&T's 114 switching centers suffered a minor mechanical problem and shut down the center. When the center came back up soon afterwards, it sent a message to other centers, which in turn caused them to trip, shut down and reset.
The culprit turned out to be an error in a single line of code--not hackers, as some claimed at the time--that had been added during a highly complex software upgrade. American Airlines alone estimated this small error cost it 200,000 reservations.
3. The explosion of the Ariane 5 (1996)
In 1996, Europe's newest and unmanned satellite-launching rocket, the Ariane 5, was intentionally blown up just seconds after taking off on its maiden flight from Kourou, French Guiana. The European Space Agency estimated that total development of Ariane 5 cost more than $8bn (£4bn). On board Ariane 5 was a $500 million (£240 million) set of four scientific satellites created to study how the Earth's magnetic field interacts with Solar Winds.
According to a piece in the New York Times Magazine, the self-destruction was triggered by software trying to stuff "a 64-bit number into a 16-bit space."
"This shutdown occurred 36.7 seconds after launch, when the guidance system's own computer tried to convert one piece of data--the sideways velocity of the rocket--from a 64-bit format to a 16-bit format. The number was too big, and an overflow error resulted. When the guidance system shut down, it passed control to an identical, redundant unit, which was there to provide backup in case of just such a failure. But the second unit had failed in the identical manner a few milliseconds before. And why not? It was running the same software," the article stated.
4. Airbus A380 suffers from incompatible software issues (2006)
The Airbus issue of 2006 highlighted a problem many companies can have with software: What happens when one program doesn't talk to the another. In this case, the problem was caused by two halves of the same program, the CATIA software that is used to design and assemble one of the world's largest aircraft, the Airbus A380. This was a major European undertaking and, according to Business Week, the problem arose with communications between two organizations in the group: French Dassault Aviation and a Hamburg factory.
Put simply, the German system used an out-of-date version of CATIA and the French system used the latest version. So when Airbus was bringing together two halves of the aircraft, the different software meant that the wiring on one did not match the wiring in the other. The cables could not meet up without being changed.
The problem was eventually fixed, but only at a cost that nobody seems to want to put an absolute figure on. But all agreed it cost a lot, and put the project back a year or more.
5. Mars Climate Observer metric problem (1998)
Two spacecraft, the Mars Climate Orbiter and the Mars Polar Lander, were part of a space program that, in 1998, was supposed to study the Martian weather, climate, and water and carbon dioxide content of the atmosphere. But a problem occurred when a navigation error caused the lander to fly too low in the atmosphere and it was destroyed.
What caused the error? A sub-contractor on the NASA program had used imperial units (as used in the U.S.), rather than the NASA-specified metric units (as used in Europe).
6. EDS and the Child Support Agency (2004)
Business services giant EDS waded in with this spectacular disaster, which assisted in the destruction of the U.K.'s Child Support Agency (CSA) and cost the taxpayer over a billion pounds.
EDS's CS2 computer system somehow managed to overpay 1.9 million people and underpay around 700,000, partly because the Department for Work and Pensions (DWP) decided to reform the CSA at the same time as bringing in CS2.
Edward Leigh, chairman of the Public Accounts Committee, was outraged when the National Audit Office subsequently picked through the wreckage: "Ignoring ample warnings, the DWP, the CSA and IT contractor EDS introduced a large, complex IT system at the same time as restructuring the agency. The new system was brought in and, as night follows day, stumbled and now has enormous operational difficulties."
7. The two-digit year-2000 problem (1999/2000)
Many IT vendors and contractors did very well out of the billions spent to avoid what many feared would be the disaster related to the Millennium Bug. Rumors of astronomical contract rates and retainers abounded. And the sound of clocks striking midnight in time zones around the world was followed by... not panic, not crashing computer systems, in fact nothing more than New Year celebrations.
So why include it here? That the predictions of doom came to naught is irrelevant, as we're not talking about the disaster that was averted, but the original disastrous decision to use and keep using for longer than was either necessary or prudent double digits for the date field in computer programs. A report by the House of Commons Library pegged the cost of fixing the bug at £400 billion. And that is why the Millennium Bug deserves a place in the top 10.
8. When the laptops exploded (2006)
It all began simply, but certainly not quietly, when a laptop manufactured by Dell burst into flames at a trade show in Japan. There had been rumors of laptops catching fire, but the difference here was that the Dell laptop managed to do it in the full glare of publicity and video captured it in full color.
(Unfortunately, the video capturing the incident appears to have vanished from the web. If you happen to own a copy, please send it to us as it should make interesting viewing again.)
"We have captured the notebook and have begun investigating the event," Dell spokeswoman Anne Camden reported at the time, and investigate Dell did. At the end of these investigations the problem was traced to an issue with the battery/power supply on the individual laptop that had overheated and caught fire.
It was an expensive issue for Dell to sort out. As a result of its investigation Dell decided that it would be prudent to recall and replace 4.1m laptop batteries.
Company chief executive Michael Dell eventually laid the blame for the faulty batteries with the manufacturer of the battery cells--Sony. But that wasn’t the end of it. Apple reported issues for iPods and Macbooks and many PC suppliers reported the same. Matsushita alone has had to recall around 54 million devices. Sony estimated at the time that the overall cost of supporting the recall programs of Apple and Dell would amount to between ¥20 billion (£90m) and ¥30 billion.
9. Siemens and the passport system (1999)
It was the summer of 1999, and half a million British citizens were less than happy to discover that their new passports couldn't be issued on time because the Passport Agency had brought in a new Siemens computer system without sufficiently testing it and training staff first. Hundreds of people missed their holidays and the Home Office had to pay millions in compensation, staff overtime and umbrellas for the poor people queuing in the rain for passports. But why such an unexpectedly huge demand for passports? The law had recently changed to demand, for the first time, that all children under 16 had to get one if they were traveling abroad.
Tory MP Anne Widdecombe summed it up well while berating the then home secretary, Jack Straw, over the fiasco: "Common sense should have told him that to change the law on child passports at the same time as introducing a new computer system into the agency was storing up trouble for the future."
10. LA Airport flights grounded (2007)
Some 17,000 planes were grounded at Los Angeles International Airport earlier this year because of a software problem. The problem that hit systems at United States Customs and Border Protection (USCBP) agency was a simple one caused in a piece of lowly, inexpensive equipment.
The device in question was a network card that, instead of shutting down as perhaps it should have done, persisted in sending the incorrect data out across the network. The data then cascaded out until it hit the entire network at the USCBP and brought it to a standstill. Nobody could be authorized to leave or enter the U.S. through the airport for eight hours. Passengers were not impressed.
(Note: We have purposely omitted incidents that resulted in loss of life.)
Canada Fumbles Health Data in Security Breach
By Lisa Vaas
November 26, 2007
The data loss includes HIV and hepatitis patient histories for an undetermined number of people.
Canadian health authorities have lost intimate medical data including HIV and hepatitis test results for an undetermined number of citizens in a recent security breach, the government of Newfoundland and Labrador admitted Nov. 26.
According to a media release, on the evening of Nov. 20, a consultant employed by the Provincial Public Health Laboratory was contacted at his home office by an unidentified security researcher. The researcher told the consultant that he was in possession of patient information stored on the consultant's computer. That patient information includes names, MCP (Medical Care Plan) numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis.
That information is normally stored on computers within the PHL. In this case, however, a computer was taken home inappropriately, Health Minister Ross Wiseman told news outlets.
"That was an inappropriate use. Obviously, individual computers that are available for work are there for the workplace only," he told CBC News.
The PHL acts as the province's laboratory center for infectious disease surveillance and control, providing lab services to hospitals, clinics and health-related agencies.
The files were accessed through an open Internet connection. Until the forensic investigation has been concluded, there's no way to determine how many patients' data may have been exposed, according to the release.
"This appears to be an isolated situation," Jerome Kennedy, minister of justice and attorney general, was quoted as saying in the release. "The information garnered from our investigation thus far supports this. Because the external computer was not part of the systems and networks of either the laboratory or Eastern Health, which provides IT support to PHL, this breach in no way reflects on the integrity of these systems. We can say unequivocally that all other patient information stored by our government and the regional health authorities was in no way jeopardized by this one situation with one computer external to our networks."
That's likely to be cold comfort for the citizenry of the United Kingdom, which is still reeling from the unprecedented loss of personal information on 25 million child benefit recipients in England that came to light on Nov. 20, the same day as the Canada loss.
In that case, data was stored on two computer disks that were lost while being transported via internal mail from the National Audit Office department to HM Revenue and Customs. A junior employee at the National Audit Office is believed to have sent the disks through the mail, but the disks never showed up at HMRC.
November 26, 2007
The data loss includes HIV and hepatitis patient histories for an undetermined number of people.
Canadian health authorities have lost intimate medical data including HIV and hepatitis test results for an undetermined number of citizens in a recent security breach, the government of Newfoundland and Labrador admitted Nov. 26.
According to a media release, on the evening of Nov. 20, a consultant employed by the Provincial Public Health Laboratory was contacted at his home office by an unidentified security researcher. The researcher told the consultant that he was in possession of patient information stored on the consultant's computer. That patient information includes names, MCP (Medical Care Plan) numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis.
That information is normally stored on computers within the PHL. In this case, however, a computer was taken home inappropriately, Health Minister Ross Wiseman told news outlets.
"That was an inappropriate use. Obviously, individual computers that are available for work are there for the workplace only," he told CBC News.
The PHL acts as the province's laboratory center for infectious disease surveillance and control, providing lab services to hospitals, clinics and health-related agencies.
The files were accessed through an open Internet connection. Until the forensic investigation has been concluded, there's no way to determine how many patients' data may have been exposed, according to the release.
"This appears to be an isolated situation," Jerome Kennedy, minister of justice and attorney general, was quoted as saying in the release. "The information garnered from our investigation thus far supports this. Because the external computer was not part of the systems and networks of either the laboratory or Eastern Health, which provides IT support to PHL, this breach in no way reflects on the integrity of these systems. We can say unequivocally that all other patient information stored by our government and the regional health authorities was in no way jeopardized by this one situation with one computer external to our networks."
That's likely to be cold comfort for the citizenry of the United Kingdom, which is still reeling from the unprecedented loss of personal information on 25 million child benefit recipients in England that came to light on Nov. 20, the same day as the Canada loss.
In that case, data was stored on two computer disks that were lost while being transported via internal mail from the National Audit Office department to HM Revenue and Customs. A junior employee at the National Audit Office is believed to have sent the disks through the mail, but the disks never showed up at HMRC.
lundi, novembre 05, 2007
Un datacenter braqué pour la quatrième fois
par Jerome Saiz, le 5/11/2007 à 00:01
Un datacenter près de Chicago, aux Etats-Unis, a été braqué par des malfaiteurs masqués et armés. Il s'agit de la quatrième attaque de ce type en deux ans. Le butin comprend aussi bien des serveurs de clients que des équipements de routage.
A ne voir que les correctifs de sécurité et autres pare-feu, on en oublierait presque que la sécurité d'un serveur dépend aussi de la solidité des murs qui l'entourent. C'est ce qu'on découvert les clients de l'hébegeur américain C I Host, dont le datacenter de Chicago a été cambriolé pour la quatrième fois en deux ans.
Après avoir découpé le mur à la scie mécanique, les malfaiteurs auraient agressés le responsable du lieu et dérobé au moins une vingtaine de serveurs, ainsi que des équipements de routage.
L'hébergeur affirmait disposer de nombreux systèmes de sécurité, contrôle d'accès biométrique, sas de sécurité et autres caméras de surveillance. Mais il n'aura finalement fallu qu'une scie pour les contourner et passer au travers d'un mur dit "renforcé".
Un datacenter près de Chicago, aux Etats-Unis, a été braqué par des malfaiteurs masqués et armés. Il s'agit de la quatrième attaque de ce type en deux ans. Le butin comprend aussi bien des serveurs de clients que des équipements de routage.
A ne voir que les correctifs de sécurité et autres pare-feu, on en oublierait presque que la sécurité d'un serveur dépend aussi de la solidité des murs qui l'entourent. C'est ce qu'on découvert les clients de l'hébegeur américain C I Host, dont le datacenter de Chicago a été cambriolé pour la quatrième fois en deux ans.
Après avoir découpé le mur à la scie mécanique, les malfaiteurs auraient agressés le responsable du lieu et dérobé au moins une vingtaine de serveurs, ainsi que des équipements de routage.
L'hébergeur affirmait disposer de nombreux systèmes de sécurité, contrôle d'accès biométrique, sas de sécurité et autres caméras de surveillance. Mais il n'aura finalement fallu qu'une scie pour les contourner et passer au travers d'un mur dit "renforcé".
mardi, octobre 30, 2007
Check out British TV Show - "The Century Of The Self" - 2002 - Part One on Yahoo! Video
Marc-Andre thought you might be interested in this video on Yahoo! Video:
http://video.yahoo.com/video/play?vid=517451&fr=yvmtf
Marc-Andre added this message:
Very interesting video explaing the aqpplication of the work of Freud on group behaviour.
lundi, octobre 29, 2007
Trend Micro colmate les fuites
par Jerome Saiz, le 26/10/2007 à 00:19
L'éditeur d'antivirus annonce le rachat de Provilla, spécialiste américain de la prévention des fuites d'information.
La prévention des fuites d'information est un sujet très à la mode. Après le rachat de Port Authority par Websense, c'est au tour de Trend Micro de faire tomber un éditeur de solution DLP (Data Leakage Prevention, pour être à la mode) dans son escarcelle.
Provilla offre une solution basée sur le repérage des documents à l'aide d'une empreinte calculée selon une méthode propriétaire. Selon l'éditeur, la signature d'un document demeure identique même après que ce dernier ait été modifié et sauvegardé dans un nouveau fichier.
Baptisée LeakProof, la solution s'appuie sur des agents logiciels (en mode noyau sous Windows) chargés d'intercepter toutes les actions sur les fichiers (sauvegarde, impression, mise en pièce jointe, etc...). Un serveur central, sous forme d'appliance, permet de centraliser les politiques, de configurer la protection et de traquer les documents signés.
Trend Micro n'a pas révélé le montant de cette acquisition. Seule certitude : l'éditeur compte dans un premier temps continuer à vendre les solutions de Provilla en l'état, avant de les intégrer progressivement à sa gamme de produits.
Après l'anti-spyware et l'IPS, les éditeurs d'antivirus semblent vouloir refaire le coup de la "découverte" d'une nouvelle tendance sécurité, et de son intégration à l'existant pour en faire une commodité. Il n'est cependant pas certain que la prévention des fuites d'information s'y prête réellement : contrairement au vulgaire antivirus, elle exige une configuration fine, et surtout un étiquetage préalable des informations afin de déterminer lesquelles méritent d'être protégées.
Peu d'entreprises en dehors de quelques secteurs très sensibles ou très concurrentiels sont capables d'une telle organisation. Mais peut-être les éditeurs tablent-ils sur l'arrivée de nouvelles réglementations qui viendraient obliger les entreprises à contrôler les informations personnelles quittant leur réseau (numéros de cartes bancaires, adresses...) ?
L'éditeur d'antivirus annonce le rachat de Provilla, spécialiste américain de la prévention des fuites d'information.
La prévention des fuites d'information est un sujet très à la mode. Après le rachat de Port Authority par Websense, c'est au tour de Trend Micro de faire tomber un éditeur de solution DLP (Data Leakage Prevention, pour être à la mode) dans son escarcelle.
Provilla offre une solution basée sur le repérage des documents à l'aide d'une empreinte calculée selon une méthode propriétaire. Selon l'éditeur, la signature d'un document demeure identique même après que ce dernier ait été modifié et sauvegardé dans un nouveau fichier.
Baptisée LeakProof, la solution s'appuie sur des agents logiciels (en mode noyau sous Windows) chargés d'intercepter toutes les actions sur les fichiers (sauvegarde, impression, mise en pièce jointe, etc...). Un serveur central, sous forme d'appliance, permet de centraliser les politiques, de configurer la protection et de traquer les documents signés.
Trend Micro n'a pas révélé le montant de cette acquisition. Seule certitude : l'éditeur compte dans un premier temps continuer à vendre les solutions de Provilla en l'état, avant de les intégrer progressivement à sa gamme de produits.
Après l'anti-spyware et l'IPS, les éditeurs d'antivirus semblent vouloir refaire le coup de la "découverte" d'une nouvelle tendance sécurité, et de son intégration à l'existant pour en faire une commodité. Il n'est cependant pas certain que la prévention des fuites d'information s'y prête réellement : contrairement au vulgaire antivirus, elle exige une configuration fine, et surtout un étiquetage préalable des informations afin de déterminer lesquelles méritent d'être protégées.
Peu d'entreprises en dehors de quelques secteurs très sensibles ou très concurrentiels sont capables d'une telle organisation. Mais peut-être les éditeurs tablent-ils sur l'arrivée de nouvelles réglementations qui viendraient obliger les entreprises à contrôler les informations personnelles quittant leur réseau (numéros de cartes bancaires, adresses...) ?
Inscription à :
Messages (Atom)
