The users only call IT when they can't get in, even if it's their own dumb fault for forgetting their mother's birthday and locking themselves out after three incorrect password attempts (then, given the chance, blaming IT when their mother didn't get a card).The thing is, though, the same applies to security. And I'm not just talking about IT security – I mean security and corporate governance in general. And as with IT, the tangible benefit of security is generally pretty negligible … so let's look at some examples of how the downsides of security can completely nobble the best efforts of even the most efficient, effective parts of your company and your systems.Politeness is your enemy. There's only one sin greater than swiping yourself into the building with your electronic pass and then holding the door open for a colleague, and that's doing the same but holding the door open for a stranger. I saw someone do that when I worked in the defence industry and the stranger was a security auditor, and it wasn't pretty. Even if you've known your colleague for years, how do you know he or she wasn't fired an hour ago?
Helpfulness is also your enemy. How many times has your Service Desk reset someone's password when the latter has phoned in to say they're locked out?

And how many times have the Service Desk guys thought to themselves: “I wonder if that really was John Smith”?
The good guys suffer for the bad guys. If you have a staffer under investigation for misusing IT equipment and they end up using someone else's login to carry out their sins (and the audit trail is full of the innocent party's login ID), you can't discipline the bad guy without also disciplining the “innocent” party for disclosing their credentials.
Sales people are cowboys. Okay, that's probably an unfair generalisation … most sales people are cowboys. It doesn't matter if you bend the rules a little bit when (say) you borrow a colleague's password when you can't get in on the remote access service to download and print the contract you're trying to get signed. That's fine on the surface as it gets the job done, but these days it's highly likely that the customer who's watching you do it is thinking: “Hey, when they filled in that due diligence questionnaire, they said they didn't cut corners like this ...”
Does it affect users? Yes, if you fire them for gross misconduct if they illicitly send confidential information to a third party. But it certainly affects them if there's a big breach of security on the website, the press finds out, the share price hits the floor and an asset-stripper picks up the remains in a fire-sale and points 90 per cent of the staff to the dole queue.
And customers? Well, ask companies like TalkTalk what happens to the customer base and the bottom line when you have a nice, juicy security breach or two (and if you're not able to ask them, check out The Reg's story about it).
Security, then, has to be an absolutely core consideration for your organisation. After all, it's even worse than IT. At least with IT you get the occasional nice comment from a user when you give them a cool new laptop or you announce that the standard corporate mobile device for next year is the next-edition iPhone. The same can't be said of security: I can't recall any of my users ever saying: “Yay, what a neat RSA token!” or “Hey, I just thought of a fab password with at least one upper case character and some funky punctuation!”

• Battery for HP Compaq 2710p


• Battery for HP Compaq 2510p


• Battery for HP Compaq 6710b


• Battery for HP Compaq 6535b


• Battery for HP Compaq 6530b


• Battery for HP Compaq 6515b


• Battery for HP Compaq 8710p


• Battery for HP Compaq 8710w


• Battery for HP Compaq 6910p


• Battery for HP Compaq 8510p

But security/governance is as bad as IT in general when things go wrong: to paraphrase Henry Wadsworth Longfellow: when they are bad, they are horrid. Users ought to upgrade following the discovery of a flaw in Samsung’s software update tool that opens the door to man-in-the-middle attacks.Security shortcomings in Samsung SW Update Tool, which analyses the system drivers of a computer, were discovered by Core Security. Following the discovery of this vulnerability, Core Security recommended Samsung encrypt and validate the information users download in updates.Version 2.2.5.16 of the tool was vulnerable, said Joaquín Rodríguez Varela, a senior security researcher from Core Security CoreLabs Team, who discovered the vulnerability. Flaws in this version of the software meant both cleartext transmission of sensitive information and, worse yet, insufficient verification of data authenticity. The issue created the potential for hackers to impersonate Samsung before serving up dodgy software updates.Samsung has issued a patched version of the affected software.Rodríguez commented: These vulnerabilities in Samsung SW Update Tool could allow a malicious user to read and modify the requests made both by the user and by the Samsung servers and potentially allow such user to infect the victim with a malware or a remote access tool and gain control over its machine.

After our report, Samsung implemented a ciphered communication between the tool and its servers and also a verification mechanism of the downloaded drivers, he added.An advisory by Core Security explained the vulnerability in greater depth can be found here. El Reg invited Samsung’s PR representatives to comment on the discovery on Thursday but we’ve yet to hear back from the South Korean electronics giant.Core Security notified the electronics giant on 22 January. Samsung, after what would appear to be some foot-dragging, promised to release patches in early March. clearing the way for the researchers to go public with their findings. The Precision line of Dell’s one-time skunkworks Ubuntu developer PCs, Project Sputnik, has hit worldwide availability.Project mastermind Barton George, senior technologist at the office of Dell's CTO, announced availability of the Precision line of Ubuntu workstations with the US launch of the fifth generation of XPS 13 developer edition.The fifth-generation XPS 13 comes preloaded with Ubuntu 14.04 LTS, 6th Gen Intel Core processor and updated divers, tools and utilities.The XPS comes in three i7 configurations – 8GB, QH+T Intel 8260, and two i7 16GB configurations with 512GB and 1TB.

• Battery for HP COMPAQ 6830s


• Battery for HP COMPAQ 6820s


• Battery for HP COMPAQ 6735s


• Battery for HP COMPAQ 6730s


• Battery for HP Compaq 6730b


• Battery for HP COMPAQ 6720s


• Battery for HP Compaq 6715b


• Battery for HP Compaq 6710s


• Battery for HP HSTNN-F03C

To add a comment please login by clicking here