There’s been a lot of buzz this week after Microsoft announced that RSS would be a part of the next release of Windows know as Longhorn.

Many have written about potential benefits to the end user and syndication as a whole including Jeff Beard’s posts on his LAWTECH GURU BLOG about this news from Microsoft and what he thinks it means for RSS. He has some valid points about centralization of services into the OS and possibilities for making RSS even more useful. You can check out Jeff’s thoughts here Article or here Article. But are there any downsides to this move by MS?

Ryan Naraine writing for eWEEK.com in a recent article thinks that there is a downside. He’s found that security experts aren’t as enthusiastic about this move as some end users and syndicators. In his Article RSS in Longhorn: The Security Question, Naraine lays out the arguments that this is a bad move and opens the OS to potential attacks.

The problems range from RSS Spam, potential phisihing attacks to distribution of malware. As always, authentication will play a key role in the vulnerability of the OS to attacks. MS has adopted what it calls the SDL (Security Development Lifecycle) which focuses on security first in the development of new MS software.

Richard Stiennon, Webroot Software’s director of threat research was quoted in the article, stating: “It’s not yet a big target, but once RSS usage becomes as widespread as e-mail or instant messaging, the hackers will find a way to use it to distribute malware.”

Personally, I think trying to make the OS be all things to all people is not a good idea. While this move by MS has the potential for bringing RSS into the “mainstream”, the potential security threats it brings with it’s use of enclosures for attachments, is going to be like the current problem with attachments in email all over again.

As lawyers, we keep more and more of our confidential information on our computers; therefore, securing and safeguarding that information most be of paramount importance to each of us. Any hole in our security opens us up to potential disclosures of confidential information and of course the attendant malpractice and disciplinary complaints that would follow.

Hopefully, MS will get it right out of the gate and all of the fears over incorporating RSS into Longhorn will end up being unfounded.

It seems like a day doesn’t pass that more news of security breaches involving private information hits the press. The latest breach may potentially affect up to 40 million credit cardholders.

Myway News is reporting that CardSystems Solutions, Inc. in Tucson, AZ has suffered a security breach that could expose 4o MILLION cardholders to fraud.

According to the article:
“The compromised data included names, banks and account numbers - not addresses or Social Security numbers, said MasterCard spokeswoman Sharon Gamsin. Such data could be used to steal funds but not identities.”

I find the fact that this breach won’t allow someone to steal my identity, only my funds, to be cold comfort and assume that everyone else does as well.

Unlike thefts earlier this year, this breach was apparently caused by a virus. Referring back the article, it appears “CardSystems was hit by a virus-like computer script that captured customer data for the purpose of fraud, Gamsin said. She said she did not know how the script got into the system. The FBI was investigating.”

At some point, our government will have to recognize that this is a major threat not only to individuals, but to business and our national economy as well. I don’t believe that it is unreasonable to raise this threat to a national security level as anything that can impact our nation’s economy is a threat that our enemies would embrace as a way to further their efforts to destroy us.

If you think this is a bit over the top, I ask you to consider the effect of every business denying the use of credit cards – what would that do to our economy when we have come to rely on plastic rather than paper for the majority of our financial transactions?

I’m writing this from the 129th Illinois State bar’s Annual Meeting being held at the Abbey Resort in Lake Geneva, WI. Beautiful weather, terrific views of the lake and some great CLE and presentations taking place are making this another successful meeting.

This morning at 7:30 am, the Law Office Economics Council held their Law Office Economics & Management Breakfast roundtable symposium covering areas for improving your practice, risk management and technology. I appeared on behalf of the ISBA Committee on Legal Technology to discuss technology for lawyers. My topics covered information on security threats facing law offices, troubleshooting tips and resources for fighting spyware as well as a “show and tell” segment. You can download the handouts in PDF format by clicking one of the following links:
If It’s Broke, Fix It – Troubleshooting for Non-Geeks
Privacy and Spyware Internet Resources
The Cyberbarbarians at the Gate: Protecting Your Computer from Security Threats

The “show and tell” portion of my presentation seemed to get the most interest as I displayed numerous items for making computing life easier for lawyers. Products covered included those for the office/home as well as mobile computing products. Here are the products that I displayed:

Edge Technologies DiskGo 160GB External Hard Drive

Lexar Jump Drive Secure
MobileEdge WIF Signal Locator
D-Link 624 Wireless Router

Ultra 13 piece Connection Kit:
PenPower WorldCard Business Card Scanner
Jabra Bluetooth Wireless Headset
PalmOne Treo 650
Apple iPod Photo 30GB
Altec Lansing inMotion Portable Speakers
Phillips HN060 Noise Canceling Headphones

In this day and age it still amazes me that there are still lawyers out there that don’t take seriously the need for regular backups of their computers! I constantly get asked “Do I really need to backup everything?” Or they wonder why they just can’t leave the backup media at the office.

I’ve tried explaining time and time again why responsible attorneys insure that regular backups are made. That they test the backups to make sure they worked by doing test restores from the backup sets on some type of regular basis. I’ve explained that I think that safeguarding your data is an one of an attorneys’ ethical obligations as it safeguards the practice and client information that resides on the computer systems. I’ve lectured over and over again that with the availability of cheap storage, you should back up everything including programs. At this point someone usually raises the point that they have their program disks: can’t they just reinstall the programs off of those rather than backing them up so they have a true disaster recovery backup? They don’t seem to think about how much time reinstalling the 30 different programs they have installed will take, let alone finding all of the updates and patches for each one. So to everyone in this group: Yes, you need to backup EVERYTHING! You need to do this on a REGULAR basis (and I don’t mean once every 3 months). You need to VERIFY your backups by doing test restores from the backup set on some type of regular basis. It all goes back to the old Détente days of Trust but Verify. Don’t question why you must do this, just trust me that myself and others who have been doing legal technology for a while have come to this conclusion after many years of experience in the school of hard knocks.

When we get beyond these issues, we then come to the question of why they need to take their backups sets off site. [Note: I know that online backup services are available, but IMHO they are not financially feasible for a solo office and if there’s no broadband, they’re not technologically feasible either].

There’s no point in having a backup that’s left to suffer the same fate of a catastrophic loss as the rest of the equipment. If you search the web, you will find numerous postings on this point. By keeping a copy off site, if your office is completely destroyed, equipment stolen, etc. you can restore your critical data because you have that backup in another location. Ideally you rotate between several backup sets so you keep data lag to a minimum.

I had several clients in a multi-story office condo where a water line broke in an upper unit and flooded the floors below. A non-client had there backup tape left in the server and when it was flooded and destroyed the server, they also kept their other tapes there as well out in the open which were inundated by water as well and proved to be useless - this did not happen to my clients.

A sound backup strategy including off site storage is just one part of a having a good data protection plan: you should also have at least RAID 1 (mirrored drives) on your server computer whether it is a true server running a server OS (like Small Business Server 2003) or a standalone workstation being used as a file server running Win XP Pro. This protects you from a failed drive and allows you to keep working. The off site backup protects you from a catastrophe.

For workstations, I also recommend using a product like Drive Image, Ghost or TrueImage to make periodic images of the computer’s hard drive. This can prove to be a life saver if you get a piece of malware or virus that you can’t get rid; in this case, you can at least restore to the last image. I also like a program called File Map BB found at http://www.dogkennels.net/filemap/ which keeps track of added files and can help you track down spyware and malware by comparing the latest file counts to a prior one.

There are numerous backup software solutions that are reasonably priced and available including Emc Dantz Retrospect (www.dantz.com); Novastor Novabackup (www.novastor.com); NTI Backup Now (www.ntius.com); Stomp’s Backup MyPC (www.stompsoft.com); Aconis TrueImage (www.acronis.com) and others. Each of these have slightly different feature sets and may require a floppy disk to create a disaster recovery set (Backup MyPC does) but they will all work for backing up your ENTIRE system. For servers, you may have to buy additional plug-ins or a server version, but can you really afford not to safe guard your all important data? I didn’t think so.