Thursday, March 24, 2005
Last Bastion of Socialism
March 19, 2005
OP-ED COLUMNIST
Captains of Piracy
By NICHOLAS D. KRISTOF
In Russia, those who manipulate capitalism to gain fabulous wealth are called the oligarchs, and they sometimes end up in prison. Here we just call such people C.E.O.'s, and we put them in prison less often.
This is the time of year when corporate financial statements offer snapshots of their executives' mugging shareholders. Over the next few weeks, we'll find out precisely how much public companies overpaid their chief executives, but the news filtering out so far underscores the market failure in the boardrooms.
Carly Fiorina was fired last month as chairman and chief executive of Hewlett-Packard. So why did the board reward her with a total of $8.15 million in her last full year before booting her out?
Then there's Michael Eisner, who is finally being pushed out of the Walt Disney Company's chief executive post for running his company almost into the ground. Yet the Disney board recently gave him a $7.25 million cash bonus.
Both instances are a reminder that the executive suite in America is the last bastion of socialism in the world today. If Kim Jong Il traveled to America, he would be bewildered by most of corporate America but would immediately feel at home on a board's compensation committee.
A study for The Wall Street Journal by Mercer Human Resource Consulting found that at 100 major U.S. corporations, bonuses for C.E.O.'s last year rose more than 46 percent, to a median of $1.14 million. Both the amount and the percentage increase were the highest since comparable studies began five years ago.
Companies have shaved costs by laying off workers and reducing health care coverage - and then using those savings to slather more pay on top executives. It's true that companies are now cutting back on stock options for C.E.O.'s, but it's hard to be impressed by that restraint when bonuses are soaring.
Since 1993, the average pay for C.E.O.'s of the S.&P. 500 companies has tripled to $10 million at last count, while the number of Americans without health insurance has risen by six million.
If America's chief executives really earned their money, I'd be more sympathetic. But in 5 of the 100 companies in The Journal's study, bonuses rose as the companies' income dropped.
As John Kenneth Galbraith once put it: "The salary of the chief executive of a large corporation is not a market award for achievement. It is frequently in the nature of a warm personal gesture by the individual to himself."
Indeed, C.E.O. pay increased most rapidly at companies with weak governance and few shareholder rights, according to a study this year by Lucian Bebchuk of Harvard and Yaniv Grinstein of Cornell.
That study also found that public companies devoted about 10 percent of their profits to compensating their top five executives, up from 6 percent in the mid-1990's. That's a hijacking of corporate wealth by top managers.
Companies typically claim that C.E.O.'s are rewarded highly only when they outperform their peers. Poppycock. One study found that when companies didn't outrank their peers, they just redefined their peers.
Another study found that of the 1,000 largest companies, two-thirds claimed to have outperformed their peers. That's the "Lake Wobegon effect": All C.E.O.'s in America are paid as if they were above average.
If only my buddies determined my compensation: I'd like my earnings "peers" to be a New York journalism figure and someone with an interest in the third world - people like Rupert Murdoch and Bill Gates. What a bonus that would be!
Boards sometimes argue that they need to pay huge sums to hang on to talent. Really? Consider Mr. Eisner, who did a great job in his early years but has been a walking pay scandal ever since Disney earnings fell 63 percent in 1993 (after an accounting change) and he received $203 million. He has been so desperate to stay at Disney that he virtually Super-glued himself to his chair. If the board had wanted to pay the market price necessary to keep him, it could have offered a penny.
Or less.
Brian Halla, the C.E.O. of National Semiconductor, received a $5 million bonus last year. But he told The Wall Street Journal, "I feel I should pay somebody for doing this job." Now there's a smart suggestion.
So I called to ask Mr. Halla why, since he feels that way, his board shouldn't save the shareholders a bundle and charge him a fee to keep the job. He didn't take my call.
E-mail: nicholas@nytimes.com
OP-ED COLUMNIST
Captains of Piracy
By NICHOLAS D. KRISTOF
In Russia, those who manipulate capitalism to gain fabulous wealth are called the oligarchs, and they sometimes end up in prison. Here we just call such people C.E.O.'s, and we put them in prison less often.
This is the time of year when corporate financial statements offer snapshots of their executives' mugging shareholders. Over the next few weeks, we'll find out precisely how much public companies overpaid their chief executives, but the news filtering out so far underscores the market failure in the boardrooms.
Carly Fiorina was fired last month as chairman and chief executive of Hewlett-Packard. So why did the board reward her with a total of $8.15 million in her last full year before booting her out?
Then there's Michael Eisner, who is finally being pushed out of the Walt Disney Company's chief executive post for running his company almost into the ground. Yet the Disney board recently gave him a $7.25 million cash bonus.
Both instances are a reminder that the executive suite in America is the last bastion of socialism in the world today. If Kim Jong Il traveled to America, he would be bewildered by most of corporate America but would immediately feel at home on a board's compensation committee.
A study for The Wall Street Journal by Mercer Human Resource Consulting found that at 100 major U.S. corporations, bonuses for C.E.O.'s last year rose more than 46 percent, to a median of $1.14 million. Both the amount and the percentage increase were the highest since comparable studies began five years ago.
Companies have shaved costs by laying off workers and reducing health care coverage - and then using those savings to slather more pay on top executives. It's true that companies are now cutting back on stock options for C.E.O.'s, but it's hard to be impressed by that restraint when bonuses are soaring.
Since 1993, the average pay for C.E.O.'s of the S.&P. 500 companies has tripled to $10 million at last count, while the number of Americans without health insurance has risen by six million.
If America's chief executives really earned their money, I'd be more sympathetic. But in 5 of the 100 companies in The Journal's study, bonuses rose as the companies' income dropped.
As John Kenneth Galbraith once put it: "The salary of the chief executive of a large corporation is not a market award for achievement. It is frequently in the nature of a warm personal gesture by the individual to himself."
Indeed, C.E.O. pay increased most rapidly at companies with weak governance and few shareholder rights, according to a study this year by Lucian Bebchuk of Harvard and Yaniv Grinstein of Cornell.
That study also found that public companies devoted about 10 percent of their profits to compensating their top five executives, up from 6 percent in the mid-1990's. That's a hijacking of corporate wealth by top managers.
Companies typically claim that C.E.O.'s are rewarded highly only when they outperform their peers. Poppycock. One study found that when companies didn't outrank their peers, they just redefined their peers.
Another study found that of the 1,000 largest companies, two-thirds claimed to have outperformed their peers. That's the "Lake Wobegon effect": All C.E.O.'s in America are paid as if they were above average.
If only my buddies determined my compensation: I'd like my earnings "peers" to be a New York journalism figure and someone with an interest in the third world - people like Rupert Murdoch and Bill Gates. What a bonus that would be!
Boards sometimes argue that they need to pay huge sums to hang on to talent. Really? Consider Mr. Eisner, who did a great job in his early years but has been a walking pay scandal ever since Disney earnings fell 63 percent in 1993 (after an accounting change) and he received $203 million. He has been so desperate to stay at Disney that he virtually Super-glued himself to his chair. If the board had wanted to pay the market price necessary to keep him, it could have offered a penny.
Or less.
Brian Halla, the C.E.O. of National Semiconductor, received a $5 million bonus last year. But he told The Wall Street Journal, "I feel I should pay somebody for doing this job." Now there's a smart suggestion.
So I called to ask Mr. Halla why, since he feels that way, his board shouldn't save the shareholders a bundle and charge him a fee to keep the job. He didn't take my call.
E-mail: nicholas@nytimes.com
Wednesday, March 23, 2005
Consumer Healcare, over consumption
Pushy Parents May Be Harmful for Kids' Health
Tue Mar 22,12:54 PM ET
LONDON (Reuters) - Pushy parents could be doing more harm than good to their children's health, researchers said in a study released on Tuesday. Well-meaning parents insisting on batteries of tests for their children, even though their ailment has no apparent physical cause, may not be acting in their best interest.
"A culture of parental consumerism in healthcare, however well intentioned, needs to be accompanied by robust systems to protect the interests of the child," said Dr. Keith Lindley of the Institute of Child Health and Great Ormond Street Hospital for Children.
He and his colleagues analyzed 23 children who had severe abdominal pain and had been referred to the hospital between 1997 and 2001.
All had been given routine tests to find the cause of the problem without any success. More than half of the youngsters, whose average age was 14, had already seen other doctors.
Although psychological factors can play a role in severe abdominal pain, only 13 families agreed to have their children referred to psychological services, according to the study reported in the Archives of Disease in Childhood.
Eleven children who received psychological support got better and resumed their normal activities within a year. Only 3 children of the 10 families that refused psychological help improved.
Tue Mar 22,12:54 PM ET
LONDON (Reuters) - Pushy parents could be doing more harm than good to their children's health, researchers said in a study released on Tuesday. Well-meaning parents insisting on batteries of tests for their children, even though their ailment has no apparent physical cause, may not be acting in their best interest.
"A culture of parental consumerism in healthcare, however well intentioned, needs to be accompanied by robust systems to protect the interests of the child," said Dr. Keith Lindley of the Institute of Child Health and Great Ormond Street Hospital for Children.
He and his colleagues analyzed 23 children who had severe abdominal pain and had been referred to the hospital between 1997 and 2001.
All had been given routine tests to find the cause of the problem without any success. More than half of the youngsters, whose average age was 14, had already seen other doctors.
Although psychological factors can play a role in severe abdominal pain, only 13 families agreed to have their children referred to psychological services, according to the study reported in the Archives of Disease in Childhood.
Eleven children who received psychological support got better and resumed their normal activities within a year. Only 3 children of the 10 families that refused psychological help improved.
% Asian Students In U.S. Colleges [Part II]
Learning to Stand Out Among the Standouts
Some Asian Americans Say Colleges Expect More From Them
By Jay Mathews
Washington Post Staff Writer
Tuesday, March 22, 2005; Page A10
Robert Shaw, an educational consultant based in Garden City, N.Y., was working with a very bright Chinese American student who feared the Ivy League would not notice her at New Jersey's Holmdel High, where 22 percent of the students were Asian American, and she was only in the top 20 percent of her high-scoring class.
So, Shaw said, she and her parents took his daring advice to change their address. They moved 10 miles north to Keyport, N.J., where the average SAT score was 300 points lower and there were almost no Asians. She also entered, at his suggestion, the Miss Teen New Jersey contest, not a typical activity for the budding scholar.
Educational consultants Robert Shaw and Victoria Hsiao of Ivy Success help students get accepted to Ivy League colleges, but Shaw notes: "Students can get a quality education at hundreds of colleges throughout the country." (Helayne Seidman For The Washington Post)
It worked, Shaw said. His client became class valedictorian, won the talent portion of the Miss Teen competition playing piano and got into Yale and MIT.
"As admissions strategists, our experience is that Asian Americans must meet higher objective standards, such as SAT scores and GPAs, and higher subjective standards than the rest of the applicant pool," he said. "Our students need to do a lot more in order to stand out."
Asian American students have higher average SAT scores than any other government-monitored ethnic group, and selective colleges routinely reject them in favor of African American, Hispanic and even white applicants with lower scores in order to have more diverse campuses and make up for past discrimination.
Many Asian Americans and some educators wonder: Is that fair? Why shouldn't young people of Asian descent have more of an advantage in the selective college admissions system for being violin-playing, science-fair winning, high-scoring achievers?
"Chinese and all Asian Americans are penalized for their values on academic excellence by being required to have a higher level of achievement, academic and non-academic, than any other demographic group," said Ed Chin, a New Jersey physician who has campaigned for years for a change in college admissions procedures.
Yet, Chin notes, Harvard humanities professor Henry Louis Gates Jr. recently estimated that two-thirds of blacks at Harvard are not descendants of American slaves but the middle-class children of relatively recent immigrants from the Caribbean and Africa. "Why should they deserve admission with lowered standards -- relatively speaking -- based solely on the color of their skin over a high-achieving Asian American living in a Chinatown ghetto or a black ghetto, or a poor white from the slums of New York City?" Chin asked.
At some selective colleges, the percentage of Asians on the admittance list is reportedly significantly lower than the percentage of Asians who applied. But colleges usually do not release the ethnic breakdown of their applicants, so there has been little research on the matter.
Stanford University and Brown University, however, studied their admissions data in the late 1980s and found enough evidence of cultural bias and stereotypes to alter procedures.
"Since then, the Stanford staff has been very careful to guard against all kinds of bias in the selection process," said Robin Mamlet, Stanford's dean of admissions. For several years, admissions staff members were trained annually on such issues as shyness to be sure as little bias as possible affected the decision process, she said.
About 25 percent of Stanford undergraduates are of Asian descent, higher than most other such similarly selective colleges as Georgetown, 10 percent; Princeton, 12 percent; Yale, 13 percent; and Columbia, 14 percent. But Mamlet said she cannot be sure if Stanford's higher percentage is a result of different admissions procedures or its location in Northern California, with a large population of high-performing Asian Americans. More than 40 percent of undergraduates at the University of California at Berkeley, for instance, are of Asian descent.
Harvard admissions director Marlyn McGrath Lewis said: "We have no evidence that our admissions committee disadvantages Asian American applicants." Seventeen percent of its undergraduates are of Asian descent, and the university was cleared in 1990 of alleged racial discrimination against Asians. The U.S. Education Department's Office for Civil Rights said whites were admitted at a higher rate but because they included more recruited athletes and children of alumni.
Scholars say Asian cultures tend to emphasize education and say they are not surprised that Asian Americans, who make up 4 percent of the U.S. population, are found in much higher concentrations in selective colleges. In their 1996 book "Beyond the Classroom," Laurence Steinberg, B. Bradford Brown and Sanford M. Dornbusch said that "of all the demographic factors we studied in relation to school performance, ethnicity was the most important. . . . In terms of school achievement, it is more advantageous to be Asian than to be wealthy, to have non-divorced parents, or to have a mother who is able to stay at home full time."
Many Americans, including some of Asian descent, have grown accustomed to seemingly irrational and unfair admissions decisions by selective colleges and shrug off the Asian numbers as something that can't be helped.
But Arun Mantri, born in India with children at Fairfax County's Thomas Jefferson High School for Science and Technology, said he thinks the system should change. Asian American applicants' chances "would improve dramatically if race was not used as a factor in admissions, perhaps at the cost of the white applicants, something that only a few selective schools have dared to do," he said.
Victoria Hsiao, who works with Shaw at the admissions strategy firm Ivy Success, said that when she attended Stuyvesant High School in New York, "my Asian friends and I all tried to make ourselves stand out, as we did not want to be stereotyped as Asians with good grades, playing the piano and doing scientific research." She joined the debate team instead of the math team and got into Cornell.
Shaw said about 40 percent of his clients are Asian, but he tells all that they need to learn about great but lesser-known colleges. "Students can get a quality education at hundreds of colleges throughout the country," he said, "so parents should definitely expand their horizons to other target competitive institutions beyond the Ivy League."
That is not enough for Chin, who compares the limits on Asian admissions to the quotas that Ivy League colleges used to place on Jewish admissions. "There obviously needs to be a change to level the playing field," Chin said. Some estimates put the enrollment of Jews at Harvard as high as 30 percent, he said, "and admissions for them is indeed race and ethnic-group blind."
Some Asian Americans Say Colleges Expect More From Them
By Jay Mathews
Washington Post Staff Writer
Tuesday, March 22, 2005; Page A10
Robert Shaw, an educational consultant based in Garden City, N.Y., was working with a very bright Chinese American student who feared the Ivy League would not notice her at New Jersey's Holmdel High, where 22 percent of the students were Asian American, and she was only in the top 20 percent of her high-scoring class.
So, Shaw said, she and her parents took his daring advice to change their address. They moved 10 miles north to Keyport, N.J., where the average SAT score was 300 points lower and there were almost no Asians. She also entered, at his suggestion, the Miss Teen New Jersey contest, not a typical activity for the budding scholar.
Educational consultants Robert Shaw and Victoria Hsiao of Ivy Success help students get accepted to Ivy League colleges, but Shaw notes: "Students can get a quality education at hundreds of colleges throughout the country." (Helayne Seidman For The Washington Post)
It worked, Shaw said. His client became class valedictorian, won the talent portion of the Miss Teen competition playing piano and got into Yale and MIT.
"As admissions strategists, our experience is that Asian Americans must meet higher objective standards, such as SAT scores and GPAs, and higher subjective standards than the rest of the applicant pool," he said. "Our students need to do a lot more in order to stand out."
Asian American students have higher average SAT scores than any other government-monitored ethnic group, and selective colleges routinely reject them in favor of African American, Hispanic and even white applicants with lower scores in order to have more diverse campuses and make up for past discrimination.
Many Asian Americans and some educators wonder: Is that fair? Why shouldn't young people of Asian descent have more of an advantage in the selective college admissions system for being violin-playing, science-fair winning, high-scoring achievers?
"Chinese and all Asian Americans are penalized for their values on academic excellence by being required to have a higher level of achievement, academic and non-academic, than any other demographic group," said Ed Chin, a New Jersey physician who has campaigned for years for a change in college admissions procedures.
Yet, Chin notes, Harvard humanities professor Henry Louis Gates Jr. recently estimated that two-thirds of blacks at Harvard are not descendants of American slaves but the middle-class children of relatively recent immigrants from the Caribbean and Africa. "Why should they deserve admission with lowered standards -- relatively speaking -- based solely on the color of their skin over a high-achieving Asian American living in a Chinatown ghetto or a black ghetto, or a poor white from the slums of New York City?" Chin asked.
At some selective colleges, the percentage of Asians on the admittance list is reportedly significantly lower than the percentage of Asians who applied. But colleges usually do not release the ethnic breakdown of their applicants, so there has been little research on the matter.
Stanford University and Brown University, however, studied their admissions data in the late 1980s and found enough evidence of cultural bias and stereotypes to alter procedures.
"Since then, the Stanford staff has been very careful to guard against all kinds of bias in the selection process," said Robin Mamlet, Stanford's dean of admissions. For several years, admissions staff members were trained annually on such issues as shyness to be sure as little bias as possible affected the decision process, she said.
About 25 percent of Stanford undergraduates are of Asian descent, higher than most other such similarly selective colleges as Georgetown, 10 percent; Princeton, 12 percent; Yale, 13 percent; and Columbia, 14 percent. But Mamlet said she cannot be sure if Stanford's higher percentage is a result of different admissions procedures or its location in Northern California, with a large population of high-performing Asian Americans. More than 40 percent of undergraduates at the University of California at Berkeley, for instance, are of Asian descent.
Harvard admissions director Marlyn McGrath Lewis said: "We have no evidence that our admissions committee disadvantages Asian American applicants." Seventeen percent of its undergraduates are of Asian descent, and the university was cleared in 1990 of alleged racial discrimination against Asians. The U.S. Education Department's Office for Civil Rights said whites were admitted at a higher rate but because they included more recruited athletes and children of alumni.
Scholars say Asian cultures tend to emphasize education and say they are not surprised that Asian Americans, who make up 4 percent of the U.S. population, are found in much higher concentrations in selective colleges. In their 1996 book "Beyond the Classroom," Laurence Steinberg, B. Bradford Brown and Sanford M. Dornbusch said that "of all the demographic factors we studied in relation to school performance, ethnicity was the most important. . . . In terms of school achievement, it is more advantageous to be Asian than to be wealthy, to have non-divorced parents, or to have a mother who is able to stay at home full time."
Many Americans, including some of Asian descent, have grown accustomed to seemingly irrational and unfair admissions decisions by selective colleges and shrug off the Asian numbers as something that can't be helped.
But Arun Mantri, born in India with children at Fairfax County's Thomas Jefferson High School for Science and Technology, said he thinks the system should change. Asian American applicants' chances "would improve dramatically if race was not used as a factor in admissions, perhaps at the cost of the white applicants, something that only a few selective schools have dared to do," he said.
Victoria Hsiao, who works with Shaw at the admissions strategy firm Ivy Success, said that when she attended Stuyvesant High School in New York, "my Asian friends and I all tried to make ourselves stand out, as we did not want to be stereotyped as Asians with good grades, playing the piano and doing scientific research." She joined the debate team instead of the math team and got into Cornell.
Shaw said about 40 percent of his clients are Asian, but he tells all that they need to learn about great but lesser-known colleges. "Students can get a quality education at hundreds of colleges throughout the country," he said, "so parents should definitely expand their horizons to other target competitive institutions beyond the Ivy League."
That is not enough for Chin, who compares the limits on Asian admissions to the quotas that Ivy League colleges used to place on Jewish admissions. "There obviously needs to be a change to level the playing field," Chin said. Some estimates put the enrollment of Jews at Harvard as high as 30 percent, he said, "and admissions for them is indeed race and ethnic-group blind."
% Asian Students In U.S. Colleges [ Part I]
Colleges with large percentages of Asian American undergraduates:
College Percentage
UC Berkeley 42
UCLA 38
Caltech 27
MIT 27
Stanford 25
Cooper Union 23
Pennsylvania 18
Harvard 17
Swarthmore 16
Brown 14
Columbia 14
Rice 14
Juilliard 13
Yale 13
Amherst 12
Dartmouth 12
Pomona 12
Princeton 12
Georgetown 10
Washington U.
St. Louis 10
Source: U.S. News & World Report 2004
College Percentage
UC Berkeley 42
UCLA 38
Caltech 27
MIT 27
Stanford 25
Cooper Union 23
Pennsylvania 18
Harvard 17
Swarthmore 16
Brown 14
Columbia 14
Rice 14
Juilliard 13
Yale 13
Amherst 12
Dartmouth 12
Pomona 12
Princeton 12
Georgetown 10
Washington U.
St. Louis 10
Source: U.S. News & World Report 2004
Tuesday, March 22, 2005
Wi-Fi, Snorkeling it up
Combating Wi-Fi's Evil Twin
Mon Mar 21, 1:26 PM ET
Mark Long, wireless.newsfactor.com
Just when wireless hot-spot surfers thought it was safe to get back into the water, hackers have come up with new methods for mimicking corporate Web sites and intranets in the 802.11 environment.
Wi-Fi's "evil twin" is basically a hacker who infiltrates a company by picking up its SSID (Service Set Identification) and learning what type of encryption is being used while sitting in a convenient spot outside the building, said IBM (NYSE: IBM - news) global solutions manager for managed security services Doug Conorich.
"Then the hacker will use a WLAN tool like Airsnort or other available freeware to suck off information about who is connecting to whom and what is happening on the Wi-Fi network," Conorich told NewsFactor.
The intruder will attempt to gain entry by posing as one of the access points of the company, masquerading as a corporate network or "the man in the middle," by using an antenna that is stronger than the one in the internal access point, Conorich explained. "Wi-Fi is going to connect to the strongest signal that is out there. And if the hacker has the stronger signal, then corporate people will latch onto it -- and the hacker will be able to take their credentials by emulating the corporate Web site."
A New National Pastime?
Although wireless hacking is rather new, it already is becoming something of a national pastime. There are clubs around the U.S. that are devoted to so-called "war chalking." "When club members find an access point, they will chalk it on the sidewalk, using a code that says whether the access point is open or closed, and gives the SSID and the channels being used," notes Conorich.
"People go out on a Friday or Saturday night, walk around and find as many access points as they can as a sort of contest," Conorich said. "In New York City, there is a Web site called NYCwireless that logs all of the Wi-Fi access points seen around the New York City area and lists their addresses, operating channels, and so on."
Although war chalking is not a threat to the enterprise in and of itself, it can become a prelude to "war driving" -- a game that involves driving around looking for vulnerable access points that may become targets for hack attacks at a later date, Conorich added.
Hiding the SSID
"Normally, what companies do to protect themselves is to hide their SSIDs by turning off their broadcast," said Conorich. "This forces hackers to know the SSID.”
But, if hackers wait long enough, they will be able to deduce the SSID -- the unique ID with a maximum of 32 characters that is attached to the header of a packet, notes Conorich. "Each probing laptop is going to send that SSID over the airwaves in clear text, so if I am monitoring the signal, I am eventually going to see what that SSID is."
Whenever possible, I.T. managers should avoid installing access points that will radiate signals beyond the confines of the physical enterprise. This will make it less likely that hackers can intercept enterprise traffic from the corporate parking lot.
Nevertheless, a hacker equipped with a highly directional antenna can pick up Wi-Fi signals over quite a distance, notes Symantec (Nasdaq: SYMC - news) senior director of engineering Alfred Huger, who acknowledges that a 3-meter dish left over from the early days of satellite TV certainly would do the trick.
Securing Existing Wi-Fi Corporate Nets
"At the base level, you need to make sure that WEP encryption is on, which sounds like a trivial matter, but many companies don't bother to encrypt their traffic at all," Huger told NewsFactor.
"And if you require the traffic to go through a VPN server, then the hacker will not be able to emulate the VPN connection --because that will force everybody to encrypt all their traffic," Huger said. "But no matter what you do, it does not stop people from trying to get to you," he acknowledged.
"If only VPN traffic is allowed to pass through the network, then, yes, protection can be had, inasmuch as total protection is humanly possible to achieve," Huger said. "But even then, the I.T. manager must always keep in mind that 'where there's a will, there's a way.'"
Routing users through a VPN does not preclude someone from getting onto the network and taking part in LAN traffic, notes Huger. For this reason, I.T. managers should consider not tying the Wi-Fi network directly to their corporate LANS.
A Proactive Approach
Businesses can take a more proactive approach by deploying a wireless intrusion-detection technology that connects to the system in much the same way as a wireless access point. But rather than handling traffic, the wireless sensor just "sniffs at all the traffic that goes by," notes Conorich.
"It allows companies to inventory all their assets, know every AP up on their area, every wireless device probing, then take an inventory that identifies which ones are theirs," says Conorich.
The next step is to determine the rogue access points, which basically fall into two categories: the rogue Access Point (AP) set up on the network, and the APs of a neighboring company or a Starbucks (Nasdaq: SBUX - news), which may be free access or corporate in nature. "Even though the latter don't belong to you, you'll need to want to identify them before you can ignore them," advises Conorich.
Public Hot-Spot Scenarios
Wi-Fi's phishing also represents a serious threat to mobile workers, because it is all too easy for hackers to set up a false Web page that mimics a public hot spot in the airport or the local coffee shop.
The hacker merely needs to gain one-time access to the source to make a Web site copy that will be able to trick Wi-Fi surfers into disclosing private information, says McAfee AVERT Research Fellow Jimmy Kuo. Then, all that's required is for the spoofer to generate a signal that is strong enough to overwhelm the genuine hot spot AP.
Probably the only thing that would alert someone to the fact that they were being spoofed would be that the genuinely secure sites "typically operate under 'https,' while those mimicked would just be under 'http.'" Kuo told NewsFactor.
"One of the first things you want to do after logging on to a public hot spot "is to immediately log onto to the corporate network through the VPN process, which will encrypt every single transmission coming in and going out of your machine," Kuo advises.
"But the general rule is, if you are out in public, then assume that everything you do is in public," he says. If you are going to open an account over a public hot-spot connection, for example, "then you'd better make sure it doesn't have an open credit line."
Forcing the VPN connection
I.T. managers worried about hacker infiltration over notebooks parked in public may elect to deploy an anti-virus product -- such as Symantec Client Security, which incorporates a location-awareness function that allows the amount of network protection to change automatically, based on notebook location.
When the software program senses that the laptop is outside of the corporate firewall, then it automatically forces the network-connected device into running a VPN session, says Symantec Group Product Manager Kevin Haley.
"Once this happens, all traffic is encrypted to prevent someone from being able to listen in," Haley told NewsFactor. "So you can sit in a coffee shop on a Wi-Fi connection and have the same firewall protection as if you were behind the network gateway."
The software uses a number of criteria -- including domain and IP address -- to determine where the network-connected notebook is located at any given moment, Haley said. The software also gives I.T. managers the ability to establish a specific VPN policy for notebooks or even push a new policy out to the clients at will.
Mon Mar 21, 1:26 PM ET
Mark Long, wireless.newsfactor.com
Just when wireless hot-spot surfers thought it was safe to get back into the water, hackers have come up with new methods for mimicking corporate Web sites and intranets in the 802.11 environment.
Wi-Fi's "evil twin" is basically a hacker who infiltrates a company by picking up its SSID (Service Set Identification) and learning what type of encryption is being used while sitting in a convenient spot outside the building, said IBM (NYSE: IBM - news) global solutions manager for managed security services Doug Conorich.
"Then the hacker will use a WLAN tool like Airsnort or other available freeware to suck off information about who is connecting to whom and what is happening on the Wi-Fi network," Conorich told NewsFactor.
The intruder will attempt to gain entry by posing as one of the access points of the company, masquerading as a corporate network or "the man in the middle," by using an antenna that is stronger than the one in the internal access point, Conorich explained. "Wi-Fi is going to connect to the strongest signal that is out there. And if the hacker has the stronger signal, then corporate people will latch onto it -- and the hacker will be able to take their credentials by emulating the corporate Web site."
A New National Pastime?
Although wireless hacking is rather new, it already is becoming something of a national pastime. There are clubs around the U.S. that are devoted to so-called "war chalking." "When club members find an access point, they will chalk it on the sidewalk, using a code that says whether the access point is open or closed, and gives the SSID and the channels being used," notes Conorich.
"People go out on a Friday or Saturday night, walk around and find as many access points as they can as a sort of contest," Conorich said. "In New York City, there is a Web site called NYCwireless that logs all of the Wi-Fi access points seen around the New York City area and lists their addresses, operating channels, and so on."
Although war chalking is not a threat to the enterprise in and of itself, it can become a prelude to "war driving" -- a game that involves driving around looking for vulnerable access points that may become targets for hack attacks at a later date, Conorich added.
Hiding the SSID
"Normally, what companies do to protect themselves is to hide their SSIDs by turning off their broadcast," said Conorich. "This forces hackers to know the SSID.”
But, if hackers wait long enough, they will be able to deduce the SSID -- the unique ID with a maximum of 32 characters that is attached to the header of a packet, notes Conorich. "Each probing laptop is going to send that SSID over the airwaves in clear text, so if I am monitoring the signal, I am eventually going to see what that SSID is."
Whenever possible, I.T. managers should avoid installing access points that will radiate signals beyond the confines of the physical enterprise. This will make it less likely that hackers can intercept enterprise traffic from the corporate parking lot.
Nevertheless, a hacker equipped with a highly directional antenna can pick up Wi-Fi signals over quite a distance, notes Symantec (Nasdaq: SYMC - news) senior director of engineering Alfred Huger, who acknowledges that a 3-meter dish left over from the early days of satellite TV certainly would do the trick.
Securing Existing Wi-Fi Corporate Nets
"At the base level, you need to make sure that WEP encryption is on, which sounds like a trivial matter, but many companies don't bother to encrypt their traffic at all," Huger told NewsFactor.
"And if you require the traffic to go through a VPN server, then the hacker will not be able to emulate the VPN connection --because that will force everybody to encrypt all their traffic," Huger said. "But no matter what you do, it does not stop people from trying to get to you," he acknowledged.
"If only VPN traffic is allowed to pass through the network, then, yes, protection can be had, inasmuch as total protection is humanly possible to achieve," Huger said. "But even then, the I.T. manager must always keep in mind that 'where there's a will, there's a way.'"
Routing users through a VPN does not preclude someone from getting onto the network and taking part in LAN traffic, notes Huger. For this reason, I.T. managers should consider not tying the Wi-Fi network directly to their corporate LANS.
A Proactive Approach
Businesses can take a more proactive approach by deploying a wireless intrusion-detection technology that connects to the system in much the same way as a wireless access point. But rather than handling traffic, the wireless sensor just "sniffs at all the traffic that goes by," notes Conorich.
"It allows companies to inventory all their assets, know every AP up on their area, every wireless device probing, then take an inventory that identifies which ones are theirs," says Conorich.
The next step is to determine the rogue access points, which basically fall into two categories: the rogue Access Point (AP) set up on the network, and the APs of a neighboring company or a Starbucks (Nasdaq: SBUX - news), which may be free access or corporate in nature. "Even though the latter don't belong to you, you'll need to want to identify them before you can ignore them," advises Conorich.
Public Hot-Spot Scenarios
Wi-Fi's phishing also represents a serious threat to mobile workers, because it is all too easy for hackers to set up a false Web page that mimics a public hot spot in the airport or the local coffee shop.
The hacker merely needs to gain one-time access to the source to make a Web site copy that will be able to trick Wi-Fi surfers into disclosing private information, says McAfee AVERT Research Fellow Jimmy Kuo. Then, all that's required is for the spoofer to generate a signal that is strong enough to overwhelm the genuine hot spot AP.
Probably the only thing that would alert someone to the fact that they were being spoofed would be that the genuinely secure sites "typically operate under 'https,' while those mimicked would just be under 'http.'" Kuo told NewsFactor.
"One of the first things you want to do after logging on to a public hot spot "is to immediately log onto to the corporate network through the VPN process, which will encrypt every single transmission coming in and going out of your machine," Kuo advises.
"But the general rule is, if you are out in public, then assume that everything you do is in public," he says. If you are going to open an account over a public hot-spot connection, for example, "then you'd better make sure it doesn't have an open credit line."
Forcing the VPN connection
I.T. managers worried about hacker infiltration over notebooks parked in public may elect to deploy an anti-virus product -- such as Symantec Client Security, which incorporates a location-awareness function that allows the amount of network protection to change automatically, based on notebook location.
When the software program senses that the laptop is outside of the corporate firewall, then it automatically forces the network-connected device into running a VPN session, says Symantec Group Product Manager Kevin Haley.
"Once this happens, all traffic is encrypted to prevent someone from being able to listen in," Haley told NewsFactor. "So you can sit in a coffee shop on a Wi-Fi connection and have the same firewall protection as if you were behind the network gateway."
The software uses a number of criteria -- including domain and IP address -- to determine where the network-connected notebook is located at any given moment, Haley said. The software also gives I.T. managers the ability to establish a specific VPN policy for notebooks or even push a new policy out to the clients at will.
CU : - )
'Netspeak' doing more good than harm to English language, experts say
Mon Mar 21, 4:45 PM ET
By Robert S. Boyd, Knight Ridder Newspapers
WASHINGTON - Many schoolteachers, editors and parents profess to be horrified by "Netspeak" - the distinctive language that young people are using more and more to talk with each other on the Internet.
Purists should relax, a panel of experts declared at a recent symposium on "Language on the Internet" in Washington. This rapidly spreading digital dialect of English is doing more good than harm, they contended.
"The Internet is fostering new kinds of creativity through language," said David Crystal, a historian of language at the University of Wales in the United Kingdom. "It's the beginning of a new stage in the evolution of the written language and a new motivation for child and adult literacy."
Netspeak is the language of computerized instant messages, Web logs (or "blogs"), chat rooms and other informal types of electronic communication. It also pops up in wireless jottings on hand-held devices such as BlackBerries and cell phones.
Some examples are "cu" for "see you," "bfn" for "bye for now" and "lol" for "laughing out loud." A popular feature is a colon followed by a space and a parenthesis to make a "smiley face" to brighten up a message - like this :) - or a sad face like this : (. To give a hug, the writer types ((((name)))).
Critics object that Netspeak ignores or violates the usual rules of punctuation, capitalization and sentence structure. It's peppered with strange abbreviations, acronyms and visual symbols. Its spelling can be, well, different.
Professional linguists say not to worry. They claim that Netspeak has become a third way - in addition to traditional speech and writing - for people to communicate with one another. It brings freshness and creativity to everyday English, they say. It's even reviving the almost lost art of diary keeping.
"The Internet has permitted language to evolve a new medium of communication, different in fundamental respects from traditional conversational speech and from writing," Crystal said.
Even Netspeak enthusiasts acknowledge that young people need to learn how to speak and write proper English to get ahead in school, hold a job or write official documents.
"Children have to be taught about their language," Crystal said. "They have to learn about the importance of standard English as a medium of educated communication."
As it's used on the Internet, Netspeak has some features of both spoken and written English. But even though it's typed on a keyboard, scholars say it's closer to how we talk than to how we write.
Like conversational speech, it uses short, back-and-forth statements, sometimes consisting of single words. Its vocabulary is relatively small. It's relaxed about the rules of grammar. The smiley faces and other so-called "emoticons" help compensate for the lack of face-to-face contact.
Instant messaging, or IM, "looks more like speech than it does like writing," said Naomi Baron, a linguistics professor at American University in Washington who analyzed more than 2,100 such conversations at her university.
It's become "a mainstay of online communication, especially among teenagers and young adults," she said. The exchanges often involved multiple partners at the same time, much like a group conversation in a room.
The college students Baron studied usually were doing something else - listening to music, watching TV, talking on the telephone, writing memos or letters on the computer - while they were exchanging instant messages.
Contrary to purists' fears, only 171 of the 11,718 words she collected were misspelled - less than 2 percent. Unusual abbreviations and symbols were relatively rare. The most common was the letter "k" standing for "OK."
Another branch of Netspeak is blogs, periodic messages posted on the World Wide Web, usually with the latest entry on top. Blogs range from individual journals to accounts of presidential campaigns. Many of them allow visitors to leave comments, which can lead to a community of readers centered on the blog.
Blogs are "already providing evidence of a new genre of diary writing, which a few years ago was though to be dying out as a literary domain," Crystal said.
Crystal took issue with "prophets of doom" who complain that new technology is corrupting the language, as other critics did when printing was introduced in the 15th century, the telephone came along in the 19th century and broadcasting took off in the 20th. In fact, the Greek philosopher Plato said more than two millennia ago that talking was more important than writing.
Thanks to the Internet, the language's "resources for the expression of informality in writing have hugely increased, something which hasn't been seen in English since the Middle Ages, and which was largely lost when standard English came to be established in the 18th century," Crystal said.
"Rather than condemning it, we should be exulting in the fact that the Internet is allowing us to once more explore the power of the written language in a creative way," he added.
So far, Netspeak is mainly a dialect of English. More than 90 percent of the conversations on the Internet in Europe are conducted in English, said Susan Herring, a researcher at Indiana University, Bloomington.
"For the foreseeable future, English will be the lingua franca of the Internet," she said.
But foreign variants of Netspeak are cropping up, especially in Japan. According to Herring, Japanese use emoticons - called kaomoji, meaning "face marks" - more than Americans do.
Males and females differ in their use of Netspeak, as they do in spoken English.
"Men are more likely to engage in sarcasm, sexual humor and swearing than women," said Simeon Yates, an expert on computer communication at Sheffield Hallan University in Sheffield, England.
"Conversely, women are more likely to offer support, to be affectionate or to use emotion," he said.
Internet conversations between females lasted much longer than between males, Yates reported. Male-female chats tended to be of intermediate length.
Mon Mar 21, 4:45 PM ET
By Robert S. Boyd, Knight Ridder Newspapers
WASHINGTON - Many schoolteachers, editors and parents profess to be horrified by "Netspeak" - the distinctive language that young people are using more and more to talk with each other on the Internet.
Purists should relax, a panel of experts declared at a recent symposium on "Language on the Internet" in Washington. This rapidly spreading digital dialect of English is doing more good than harm, they contended.
"The Internet is fostering new kinds of creativity through language," said David Crystal, a historian of language at the University of Wales in the United Kingdom. "It's the beginning of a new stage in the evolution of the written language and a new motivation for child and adult literacy."
Netspeak is the language of computerized instant messages, Web logs (or "blogs"), chat rooms and other informal types of electronic communication. It also pops up in wireless jottings on hand-held devices such as BlackBerries and cell phones.
Some examples are "cu" for "see you," "bfn" for "bye for now" and "lol" for "laughing out loud." A popular feature is a colon followed by a space and a parenthesis to make a "smiley face" to brighten up a message - like this :) - or a sad face like this : (. To give a hug, the writer types ((((name)))).
Critics object that Netspeak ignores or violates the usual rules of punctuation, capitalization and sentence structure. It's peppered with strange abbreviations, acronyms and visual symbols. Its spelling can be, well, different.
Professional linguists say not to worry. They claim that Netspeak has become a third way - in addition to traditional speech and writing - for people to communicate with one another. It brings freshness and creativity to everyday English, they say. It's even reviving the almost lost art of diary keeping.
"The Internet has permitted language to evolve a new medium of communication, different in fundamental respects from traditional conversational speech and from writing," Crystal said.
Even Netspeak enthusiasts acknowledge that young people need to learn how to speak and write proper English to get ahead in school, hold a job or write official documents.
"Children have to be taught about their language," Crystal said. "They have to learn about the importance of standard English as a medium of educated communication."
As it's used on the Internet, Netspeak has some features of both spoken and written English. But even though it's typed on a keyboard, scholars say it's closer to how we talk than to how we write.
Like conversational speech, it uses short, back-and-forth statements, sometimes consisting of single words. Its vocabulary is relatively small. It's relaxed about the rules of grammar. The smiley faces and other so-called "emoticons" help compensate for the lack of face-to-face contact.
Instant messaging, or IM, "looks more like speech than it does like writing," said Naomi Baron, a linguistics professor at American University in Washington who analyzed more than 2,100 such conversations at her university.
It's become "a mainstay of online communication, especially among teenagers and young adults," she said. The exchanges often involved multiple partners at the same time, much like a group conversation in a room.
The college students Baron studied usually were doing something else - listening to music, watching TV, talking on the telephone, writing memos or letters on the computer - while they were exchanging instant messages.
Contrary to purists' fears, only 171 of the 11,718 words she collected were misspelled - less than 2 percent. Unusual abbreviations and symbols were relatively rare. The most common was the letter "k" standing for "OK."
Another branch of Netspeak is blogs, periodic messages posted on the World Wide Web, usually with the latest entry on top. Blogs range from individual journals to accounts of presidential campaigns. Many of them allow visitors to leave comments, which can lead to a community of readers centered on the blog.
Blogs are "already providing evidence of a new genre of diary writing, which a few years ago was though to be dying out as a literary domain," Crystal said.
Crystal took issue with "prophets of doom" who complain that new technology is corrupting the language, as other critics did when printing was introduced in the 15th century, the telephone came along in the 19th century and broadcasting took off in the 20th. In fact, the Greek philosopher Plato said more than two millennia ago that talking was more important than writing.
Thanks to the Internet, the language's "resources for the expression of informality in writing have hugely increased, something which hasn't been seen in English since the Middle Ages, and which was largely lost when standard English came to be established in the 18th century," Crystal said.
"Rather than condemning it, we should be exulting in the fact that the Internet is allowing us to once more explore the power of the written language in a creative way," he added.
So far, Netspeak is mainly a dialect of English. More than 90 percent of the conversations on the Internet in Europe are conducted in English, said Susan Herring, a researcher at Indiana University, Bloomington.
"For the foreseeable future, English will be the lingua franca of the Internet," she said.
But foreign variants of Netspeak are cropping up, especially in Japan. According to Herring, Japanese use emoticons - called kaomoji, meaning "face marks" - more than Americans do.
Males and females differ in their use of Netspeak, as they do in spoken English.
"Men are more likely to engage in sarcasm, sexual humor and swearing than women," said Simeon Yates, an expert on computer communication at Sheffield Hallan University in Sheffield, England.
"Conversely, women are more likely to offer support, to be affectionate or to use emotion," he said.
Internet conversations between females lasted much longer than between males, Yates reported. Male-female chats tended to be of intermediate length.
