A helpful if rather technical explanation of targeted malware attacks takes a look at some remote control Trojans. These open the victim's machine to powerful local commands submitted by a remote hacker over a control channel. Clever stuff. The piece is a little light on the infection part of such attacks and the mechanisms used to target specific organizations or individuals, although it does outline some of the potential controls against this kind of attack and provides references for further reading.

If you are tempted to spring an emergency drill or contingency test on the organization without properly pre-announcing it, be prepared for the emotional fallout from those who are duped into believing the incident is real ... especially if your scenario involves a gunpoint hostage seige ...

We have updated and reissued the NoticeBored security awareness module on malware , one of our 'core modules' covering a topic that features heavily in all security awareness programs. As part of the research to update the module, I've been reading lately about 'virtual malware' or, more accurately, rootkits that target not just the operating system kernel but the underlying hypervisor software used on virtualization systems. To those without a technical background, this may seem like angels dancing on a pinhead but to us nerdy geeky types, virtualization is cool and virtual malware is uber cool. By coincidence, an article on The Register discusses a vulnerability in VMware , one of the virtualization systems. This could be Big News for anyone using VMware in a production environment, such as many ISPs for example. Various technical security bloggers are deep in discussion.

A former director of FEMA, the US Federal Emergency Management Agency, promotes the value of planning for employees being unable to get to the office in an emergency . "Everyone will tell you: I have a risk manager, a safety manager, we have contingency plans in place for their business. What plans do they have in place for the workforce? Because if those people cant get to work, those other plans dont do them any good. One of the things that federal government does and state government does is they really try to drive home this concept of being prepared at home. I think businesses should do the same thing, regardless of the size. The better prepared employees are in the neighborhood they live in, the more likely they are to get back to work quicker, the more likely they are to be more loyal to you because youve helped them be more prepared in the neighborhood where they live."

A US spy satellite "the size of a bus" (the SI unit of satellite size) that went out of control shortly after being launched a year ago, has been blasted by a US missile over the Pacific Ocean. They aimed (literally) to blow the satellite to smithereens (the SI unit of satellite size following missile impact), ostensibly to prevent the frozen hydrazine fuel tank smashing to Earth and giving someone a nasty surprise. Any secret weaponry allegedly on board would also, presumably, have been destroyed. What if the missile had missed its target or they had not been able to fire the missile for fear of creating an international security incident amid fears of the Star Wars initiative? And what if the spy satellite had landed, intact, on your data center? What if the missile landed on your data center? What if ...? Now I don't expect your contingency plans to mention falling spy satellites, frozen hydrazine or missiles explicitly, but that's really not the point. The ...

... especialy if you are a banker. A 5 year old boy who discovered that his local bank branch was closed but unlocked was awarded a paltry £10 (US$20) by HSBC , one of the world's largest banks that makes obscenely large annual profits, for letting them know. HSBC say the electronic door lock system failed. I presume bank staff neglected to check the lock, in other words the bank's security procedures also failed.

Physical security incidents are one class of incident that virtually all contingency plans cover, but are your plans broad enough to cater for the full range of potential physical security incidents? Here are some classic photographs of actual incidents that might make you re-think your approach: - Mice nesting inside a system , using a handy computer manual as nesting material - A snake living inside a nice warm system box - Lightning/storm damage to electronics - Inept maintenance and repairs - Equipment overheating There are more photos of this nature at the Microwave Mortuary if you need something to spice up your awareness program.

"During their planning cycles, many companies around the world evaluate how prepared they are to handle disasters as well as the effectiveness of their business continuity and disaster recovery plans. As part of this process, internal auditors can help organizations establish effective business continuity management (BCM) programs. To do this, auditors need to understand what is involved in developing a BCM program and the steps they should take to evaluate the effectiveness of existing programs that incorporate necessary business continuity, disaster recovery, and crisis management efforts." I'd like for you to be able to read what the Institute of Internal Auditors, or more precisely author Mark T Edmead of Control Solutions International, advises IT auditors to look for when reviewing business continuity arrangements. Unfortunately, the IIA article has dropped off the Web in the past few days. Sorry. Mark's advice is sound but stops well short of the audit-style...

Middle-Eastern Internet services have been severely disrupted by the failure of an undersea cable linking Egypt to Italy. There are backup connections, of course, including satellite and other cable connections but their capacity is limited, hence Internet traffic in some countries in the region is experiencing delays and probably failed connections due to timeouts. Thanks to packet switching technology and multiple routes, the Internet as a whole is highly resilient. Undersea cables can often be repaired within days or weeks . But imagine what would happen if the Internet went down, and stayed down . Not 'stayed down for a few minutes' or hours or even days, but for an extended period perhaps indefinitely. There are various horrific scenarios that could cause this to happen e.g .: - Widespread technology failure, disrupting the packet switching backbone; - Deliberate action by one or more nation states in wartime, severing critical connections and/or injecting massive am...