My employer already has a contract for telephone services.
My employer can control and audit use - if they need or want to.
If confidential information is divulged / threats promulgated/ illegal activity conducted through the existing telephone system, there are clear employment practices and laws to deal with that.
Skype is not easily audited.
Skype use -may- define the bandwidth provider (the employer) as the telephone service provider; leaving them open for subpeonas and other unwanted attention.
Skype users might configure workstations to act as relays, giving away company resources.
Right or wrong, they'd rather use POTS.
Dell learned a while ago that there was backlash from outsourcing Customer Service. They responded wisely (IMHO) with a tiered support system. If you buy the $399 "as seen on TV" special - you get the joy of waiting on hold for Roy in Bangalore when you call. If you buy one of the business line machines - you get better service. Buy the high-end XPS systems, you get even better service. Everyone also has the option of upgrading to "Gold" service - with minimal wait times and knowledgeable, easily understood professionals.
If you are in IT, you can pay a little more and get yourself qualified as a Dell-certified technician & channel partner. If you go this far,you can get paid from Dell for doing your own warrantee repairs. (Not really a profitable proposition - but it can help your bottom line in a larger shop.) You also get automatic online approval on all parts replacement requests, overnight shipping, and online access to most tech manuals.
I build & repair my own; but at work, and for my less-patient friends & customers, I recommend buying a better service level. I have heard nothing but praise from anyone who has bought and used the gold-level service.
Most of the whining comes from folks who don't want to pay a few extra dollars for the service.
On the business side - India is a growing market with a lot of potential. If you have one - check where your retirement fund is making most of its money today. International Stock funds are booming. It makes business sense to move to a growing market early. Brand recognition, community involvement, etc. EX: I doubt that Coca-Cola's US customer satisfaction has significantly changed since they opened production plants in China. But the stockholders are thrilled with all the extra income, and the Chinese workers are doing well and spending money in their communities.
I hope you don't think India will be a 3rd-world country forever. They have the same potential as any other country to become a consumer society.
Besides, maybe if they build 'em there, Bob & Roy might understand the service end better than just reading the script.
This virus is very likely a POC and an advance guard to hold doors open for future infection or botnets.
As stated by others already, LURHQ has distribution stats.
http://www.lurhq.com/blackworm.html
US infections only number about 5% of total. Peru and India have most of the worldwide population of this. (this is ip-based, and may not be reliable.)
I haven't seen another mention, but SANS Storm Center has been following this - and actually has made an offer to sysadmins to share info.
They limit the info they will give; if you can reasonably establish that you are the RP for a network or subnet - they will send you a list of known infections in your IP range. They have already sent out notice messages to admins of record (whomever the abuse or tech contact is currently on the whois lookup) using a script. [Check the ISC pages if you really want to know - I don't want to flood them by posting a direct email link here.]
Referred to in the SANS/ISC history on this http://isc.sans.org/blackworm and previous pages - Fortinet has done extensive analysis. This virus has several actions. Most folks already know it deletes files, breaks AV software, and spreads over Windows shares. What hasn't seen much daylight is that it drops a bunch registry entries that grant "trusted" status to the virus. http://www.fortinet.com/VirusEncyclopedia/search/e ncyclopediaSearch.do?method=viewVirusDetailsInfoDi rectly&fid=119856
I'm not an expert on this mechanism - but I'd assume that any machine with these "bad" trusts in place could easily be compromised later using code that is authenticated against these bad keys.
I read M$' page on this virus, http://www.microsoft.com/security/encyclopedia/det ails.aspx?name=Win32%2FMywife.E%40mm as well as a few AV pages. None mention these keys, so I would assume they don't fix this problem.
Any system that has been infected and then cleaned will probably retain these falsified certificates. This leaves a big hole in place, while some users (even the " all your AV is updated hourly folks.. return to your seats" IT guy) - will have a false sense of security on this.
Thankfully, many AV programs discovered this virus Heuristically. (see links to LURHQ & others) McAfee, Panda, NOD32, and several others identified blocked this virus without needing a signature update. This may be why we don't have 2 million AOL/Comcast sheep spreading the virus.
This should serve as a strong reminder to backup religiously, use defense-in-depth, and enforce strong registry policies when Windows systems are implemented.
If a 14-inch wide collector accumulated hundreds of humanly-visible samples in 195 days of travel - including at least one that caused a trace "large enough to put a small finger through", then any hope for high-speed space travel is really going to need excellent shielding.
Statistically, it would seem very likely to encounter objects with sufficient mass to cause damage at high relative speeds.
It might be interesting to see what a comparable flight through "clear space", and not near a comet would yield.
Slashdot Mirror
My employer already has a contract for telephone services. My employer can control and audit use - if they need or want to. If confidential information is divulged / threats promulgated/ illegal activity conducted through the existing telephone system, there are clear employment practices and laws to deal with that. Skype is not easily audited. Skype use -may- define the bandwidth provider (the employer) as the telephone service provider; leaving them open for subpeonas and other unwanted attention. Skype users might configure workstations to act as relays, giving away company resources. Right or wrong, they'd rather use POTS.
You get what you pay for.
Dell learned a while ago that there was backlash from outsourcing Customer Service. They responded wisely (IMHO) with a tiered support system. If you buy the $399 "as seen on TV" special - you get the joy of waiting on hold for Roy in Bangalore when you call. If you buy one of the business line machines - you get better service. Buy the high-end XPS systems, you get even better service. Everyone also has the option of upgrading to "Gold" service - with minimal wait times and knowledgeable, easily understood professionals.
If you are in IT, you can pay a little more and get yourself qualified as a Dell-certified technician & channel partner. If you go this far,you can get paid from Dell for doing your own warrantee repairs. (Not really a profitable proposition - but it can help your bottom line in a larger shop.) You also get automatic online approval on all parts replacement requests, overnight shipping, and online access to most tech manuals.
I build & repair my own; but at work, and for my less-patient friends & customers, I recommend buying a better service level. I have heard nothing but praise from anyone who has bought and used the gold-level service.
Most of the whining comes from folks who don't want to pay a few extra dollars for the service.
On the business side - India is a growing market with a lot of potential. If you have one - check where your retirement fund is making most of its money today. International Stock funds are booming. It makes business sense to move to a growing market early. Brand recognition, community involvement, etc. EX: I doubt that Coca-Cola's US customer satisfaction has significantly changed since they opened production plants in China. But the stockholders are thrilled with all the extra income, and the Chinese workers are doing well and spending money in their communities.
I hope you don't think India will be a 3rd-world country forever. They have the same potential as any other country to become a consumer society.
Besides, maybe if they build 'em there, Bob & Roy might understand the service end better than just reading the script.
This virus is very likely a POC and an advance guard to hold doors open for future infection or botnets.e ncyclopediaSearch.do?method=viewVirusDetailsInfoDi rectly&fid=119856
I'm not an expert on this mechanism - but I'd assume that any machine with these "bad" trusts in place could easily be compromised later using code that is authenticated against these bad keys.
t ails.aspx?name=Win32%2FMywife.E%40mm as well as a few AV pages. None mention these keys, so I would assume they don't fix this problem.
As stated by others already, LURHQ has distribution stats. http://www.lurhq.com/blackworm.html US infections only number about 5% of total. Peru and India have most of the worldwide population of this. (this is ip-based, and may not be reliable.)
I haven't seen another mention, but SANS Storm Center has been following this - and actually has made an offer to sysadmins to share info. They limit the info they will give; if you can reasonably establish that you are the RP for a network or subnet - they will send you a list of known infections in your IP range. They have already sent out notice messages to admins of record (whomever the abuse or tech contact is currently on the whois lookup) using a script. [Check the ISC pages if you really want to know - I don't want to flood them by posting a direct email link here.]
Referred to in the SANS/ISC history on this http://isc.sans.org/blackworm and previous pages - Fortinet has done extensive analysis. This virus has several actions. Most folks already know it deletes files, breaks AV software, and spreads over Windows shares. What hasn't seen much daylight is that it drops a bunch registry entries that grant "trusted" status to the virus. http://www.fortinet.com/VirusEncyclopedia/search/
I read M$' page on this virus, http://www.microsoft.com/security/encyclopedia/de
Any system that has been infected and then cleaned will probably retain these falsified certificates. This leaves a big hole in place, while some users (even the " all your AV is updated hourly folks.. return to your seats" IT guy) - will have a false sense of security on this.
Thankfully, many AV programs discovered this virus Heuristically. (see links to LURHQ & others) McAfee, Panda, NOD32, and several others identified blocked this virus without needing a signature update. This may be why we don't have 2 million AOL/Comcast sheep spreading the virus.
This should serve as a strong reminder to backup religiously, use defense-in-depth, and enforce strong registry policies when Windows systems are implemented.
If a 14-inch wide collector accumulated hundreds of humanly-visible samples in 195 days of travel - including at least one that caused a trace "large enough to put a small finger through", then any hope for high-speed space travel is really going to need excellent shielding. Statistically, it would seem very likely to encounter objects with sufficient mass to cause damage at high relative speeds. It might be interesting to see what a comparable flight through "clear space", and not near a comet would yield.