CPTTM CIO newsletter issue #19

Dear CIO/IT managers,

This CPTTM CIO newsletter is to bring useful news to you, CIO/IT managers in Macau, for references without obligations, so that you can do your jobs easier and better! Hope you like it. if you'd like to unsubscribe or recommend your friends to subscribe, just let me know. Old issues are available here.

Kent Tong, Editor in Chief

Topics in this issue:

Could your web sites be hacked in 10 minutes?
Managing the risks of Vista (even if you're not deploying it)
Autodesk has open sourced its MapGuide enterprise version
Backup your data online

Could your web sites be hacked in 10 minutes?

In preparing for a course on writing secure code in Java, I performed a very simple security test on four web sites (three are high profile, high traffic sites). It took me less than 10 minutes to found that two (50%) were vulnerable to a problem known as cross-site scripting (XSS). Basically it means a hacker can create a link to the vulnerable web site and send it to unsuspecting users. If a user clicks on that link, the hacker can modify the web page at wish, including creating a fake login form that sends the user's password to his own web site. If this happens to your site, this can be a disaster to the image of your organization.

Therefore, I'd urge you to immediately request your staff to test your sites. The technical steps are included in our software developer newsletter.

Managing the risks of Vista (even if you're not deploying it)

If you will have notebooks or a computer lab running Vista, you should test how much heat the Aero interface will generate. There are reports that running Vista on a notebook will increase the temperature from 50C to over 90C! This may cut the usable hours of the notebook by half or double your electricity bill. A remedy is to disable Aero.
If your web site is using ActiveX, test it to make sure it works in Vista, even if you're not deploying Vista yourself! Due to the enhanced security, many ActiveX controls will not work in Vista. Many e-commerce and e-government sites in South Korea are using ActiveX and fail to work in Vista. As such, their government is advising its people NOT to upgrade to Vista. For future projects I'd also suggest that you rely on open standards rather than a proprietary technology, as the former usually has a longer life cycle and is subject to the strategies of a particular vendor.
If you're planning to upgrade to Vista some time, allocate enough time to test your applications, hardware and make sure certified drivers are available (Vista 64bit edition will only load drivers certified by Microsoft). The Vista Upgrade Advisor may help.

Autodesk has open sourced its MapGuide enterprise version

Now you can use this free and powerful platform to develop applications to provide map & geospatial information to users on the web. To author the data, you can use the included MapGuide Web Studio (for simple stuff) or the commercial Autodesk MapGuide Studio.

Backup your data online

Backups using tapes or CDs require quite some work. Storing the media off-site is a good practice but requires additional work. Now, there is a great alternative: You can backup the data online to a remote site over the Internet (e.g., mozy, xdrive). For example, Mozy allows the data to be encrypted using a private key you specified so nobody can see your data content. Worried about bandwidth? It only transfers new or changed files. It offers free personal accounts (up to 2G disk space) and business accounts. I've been using a free personal account at home with success.

Feedbacks

Any questions, ideas or experiences to share? Contact me at 28781313 or kent at cpttm dot org dot mo.

Until next time,

Kent Tong