PraxIS July 2005

05-07 Contents: Fraud, Forensics, BugMeNot, Remote desktop, Gizmo, Euro news, Spreadsheet book, course, conferences

ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0507.htm   [Previous] [Index]  [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  

IN THIS ISSUE

1) Risk & Security
    40M Credit cards security breached
    Indian call centre fraud
    Forensic Acquisition Utilities
    Bug Me Not
    Passwords stronger than pAsSwOrD or 0qww294e
    
2) Tech stuff
    PC remote control, remote desktop access
    A telephone gizmo
 
3) Europe
    UK Govt factsheets "the euro: it's your business" updated
    What the French and Dutch really think about the European Constitution
    
4) Spreadsheets
    European Spreadsheet Risks Interest Group conference
    Spreadsheet Check and Control book
    Excel User Conference Sep 16-17, Fort Worth, Dallas, Texas 
    ScanXLS spreadsheet catalogue utility
5) Off Topic
    Eudora time machine broken
    "Project Awry": a list of all the risks
19 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

_______________________________________________________

Welcome to PraxIS

If you're in reach of Dallas this September, read this carefully!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

40M Credit cards security breached

http://www.enterpriseitplanet.com/security/news/article.php/3513806
This was the big news at the end of June. Google news reports ??? stories so far about this. I heard from my watchful correspondent Al Mac when Master Card issued a press release. Officials at CardSystems, the company that got hit, that processes transactions on behalf of the credit cards and banks that issue them, are being quoted as saying that this information is on a need-to-know basis only, which does not include the general public or the news media. The credit card theft possibly occurred late last month, according to CardSystems. The company said that it identified a "potential security incident" on Sunday, May 22 and called in the FBI the next day. Visa and MasterCard were notified as well, CardSystems said.
http://www.theregister.co.uk/2005/06/18/mastercard_breach/ MasterCard has blamed a single individual for compromising up to 40m credit card accounts - a total marking the security breach as one of the most massive to date.

Indian call centre fraud

"Indian call centres in security scare, as Sun reporter buys bank data" OUT-LAW June 23  http://195.188.8.75/php/page.php?page_id=indiancallcentres1119531698&area=news 
http://news.bbc.co.uk/2/hi/uk_news/4121934.stm 

London police have launched an investigation after an undercover reporter for The Sun newspaper managed to purchase the bank details of 1,000 British customers from a computer expert claiming to have corrupt call centre contacts in India. The information, which includes addresses, passwords, phone numbers and driving licence and passport details, was bought for about 3 per customer. Financial institutions such as Barclays, Lloyds TSB, the Nationwide and HSBC were affected.

Forensic Acquisition Utilities

http://users.erols.com/gmgarner/forensics/  George M. Garner
This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.

Bug Me Not

http://www.bugmenot.com provides ready-made login names and passwords for all those irritating newspaper sites that carry a story you want to read but want you to sign up so you can get special offers from local businesses in Punxatawney.

Passwords stronger than pAsSwOrD or 0qww294e

Fred Langa's collection of free and low-cost tools and tips to create and use passwords that really *are* strong and hard to crack, and yet also are easy to use and remember.  http://www.informationweek.com/story/showArticle.jhtml?articleID=164303537 .

____________________________________________________________
____________________________________________________________   

2) Tech stuff

PC remote control, remote desktop access

I've been trying out a few ways of doing this recently. I got used to PcAnywhere which I've used since Carbon Copy faded from the scene, but I decided it was time to try out other ways of connecting over the internet. They all work best with a broadband connection, but even 128K (dual-channel) ISDN is satisfactory if you're not in a hurry.

Windows XP remote desktop protocol (RDP)

This works when you want to control a desktop remotely and take over control completely. It is included as part of Windows XP, and to access an XP desktop from earlier versions of Windows you can download MSRDPCLI.EXE free from Microsoft.com. It works but it looks slower than the alternatives I have tried. http://www.microsoft.com/downloads/details.aspx?FamilyID=80111F21-D48D-426E-96C2-08AA2BD23A49

Real VNC (Virtual Network Computer)

This allows control of a desktop from any other computer, not just a Windows PC. It looks faster than Windows RDP. It is free for basic personal use with only password security. Commercial versions are available with encryption for greater security. Download from www.RealVNC.com

LogMeIn (browser based access)

This runs as an ActiveX control in a browser, so you can use any browser anywhere in the world to access your PC, as long as that PC is connected to the Internet.  A free version is available from www.logmein.com

A telephone gizmo

http://www.it-director.com/article.php?id=12791&zz=191245413ea227
Project Gizmo Challenges Skype 5th July 2005 by Tony Lock (Bloor Research)
"So successful has Skype been that the company name has already started to transform into a verb "To Skype". However, Skype's current pre-eminent position is now facing a serious challenge with the launch of Project Gizmo. By making a free download of its Beta release software, users can make free telephone calls to others on the Gizmo system utilising whatever IP connection they have in place, typically broadband. "

Skype was first and have become accepted, so they'll be hard to dislodge. But Skype does not work well for me over 128K ISDN, so I'll check out Gizmo too. http://www.gizmoproject.com

Book: Principles of Software Engineering Management

http://sysmod.com/az.php?a=0201192462&b=SW Eng Mgmt Principles of Software Engineering Management, Tom Gilb, Susannah Finzi (1988) It explains the critical success factors for software, and introduces methods using results-oriented quality and resource metrics. It shows in detail how the methods can improve productivity, reliability, estimation, deadline pressure, and motivation. It concludes with a set of 'Software Engineering Templates'.

____________________________________________________________
____________________________________________________________

3) Europe

UK Govt factsheets "the euro: it's your business" updated

http://www.euro.gov.uk/factsheets.asp (June 2005)
These nine factsheets suggest courses of action and provide sources of information. They are available as html files and Acrobat pdf. Hard copies are also available to business free of charge on the online ordering page or by calling the Treasury's National Business Euro line on 08456 01 01 99.

What the French and Dutch really think about the European Constitution

The EU Public Opinion Analysis team have just published new Flash Eurobarometer post-referendum surveys in France and in the Netherlands. For more information: http://europa.eu.int/comm/public_opinion/
____________________________________________________________
____________________________________________________________

4) Spreadsheets

European Spreadsheet Risks Interest Group conference

The sixth annual Eusprig conference on July 7-8, 2005 at University of Greenwich, London, is on "Managing spreadsheets in the light of Sarbanes Oxley".  It is going to be the biggest and best event yet! The conference dinner is completely booked out, and the final conference-only places are rapidly filling, after some coverage in the UK Telegraph newspaper. I will present a workshop on techniques to check and control spreadsheets on Wed 6 July from 16:00 to 17:30.

http://www.eusprig.org 

Spreadsheet Check and Control book

My new book will contain 47 key skills in the design, test, and checking of spreadsheets. Ciaran Walsh, senior finance specialist, Irish Management Institute said "It is excellent. I am embarrassed when I think of the shortcuts I generally take with spreadsheets and I have often paid the price. I think it will become, and it should be, required reading for all young trainee accountants." Check out www.SystemsPublishing.com  for news.

Excel User Conference Sep 16-17, Fort Worth, Dallas, Texas

ExcelUserConference.com The conference will take place on Friday, September 16, 2005 - Saturday, September 17, 2005 and will be held at the historic Western Stockyards Hotel Fort Worth, Texas USA. Mark your calendars and make plans to attend. Early bird registration is an amazingly low $79 for two days! Excel users and experts from across the globe will come together to learn from each other and share their expertise. Most are members of the Microsoft Most Valuable Professional (MVP) program and participate in the Excel-L mail list for advanced Excel users.

ScanXLS spreadsheet catalogue utility

My handy spreadsheet to collect inventory data on spreadsheet files & links is selling steadily. It scans any given directory and below and obtains a list of all the .XLS files. You then select some or all of these, and it opens each one in turn read-only and reports on some file properties, attributes, the presence of unusual features or settings that may represent a risk or are prone to human error, Excel's error checking summaries, a list of other workbooks that it depends on through links, and a scoring on how 'problematic' it might be. SCANXLS can also compare two workbooks to check whether their formulas and/or values are identical. For more, see

http://www.sysmod.com/scanxls.htm

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

Eudora time machine broken

At 10:30 one morning, I decided to send a specific message after 12:30 that day. Eudora displayed a cute alert "I know you had to send this message yesterday, but I just can't do it until my time machine gets back from the shop". When I typed 13:00 it accepted that OK. So Eudora can't distinguish 12 pm from 12 am. I use Eudora 4.3.2 paid mode but reports on the web suggest this bug is still there in version 6.

"Project Awry": a list of all the risks

http://www.theonion.com/news/index.php?issue=4124&n=3

An infinite vision vortex of risks?

_______________________________________________________
_______________________________________________________

Copyright 2005 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________