the interface to SecureAgent which is used to manage configuration of SecureAgent servers safely, securely and remotely.

SecureAgent Administrator enables data center personnel to administer all machines in the enterprise, regardlesss of their physical location. Operators can work from one location or several.

You can use SecureAgent Administrator to set up user identifications, groups and privilege levels, as well as to configure control units, addresses and logical units of a mainframe computer.

SecureAgent Administrator enables remote access with complete security.

For more information regarding SecureAgent products visit our web site at www.secureagent.com

Pedram Amini and Cody Pierce of TippingPoint, a security firm of 3Com Corp., said they started out just to verify the size of the botnet, but found they could essentially control it using a fake Kracken server created by reverse engineering some domain names. Ultimately they said "Kracken infected systems worldwide start to connect to a server we control."

They monitored the network for a week and counted about 25,000 infected computers, far less than the 185,000 to 600,000 others have estimated.

Then Pierce created code that could have located and removed Kracken infections. But then they hit the wall of corporate liability for acting on systems they do not own or legally control. As one observer commented, "You not only face a moral dilemma, but updating a computer without authorization is illegal in the U.S."

The Information Technology and Innovation Foundation (ITIF), a Washington think tank, said the federal government could improve the high-speed connection service with some policy changes.

It proposed changes in tax policies to favor investment in high-speed accesses, but also said the to government should make more wireless spectrum available, expand and reform programs aimed at delivering telecom services to rural areas, and fund state programs already working to expand broadband deployment.

A recent study rated the U.S. 15th among 30 nations in high-speed adoption. It said many other countries offered faster services and lower prices.

Could be. Microsoft is reluctant to provide any details, but has told law enforcement officers at a close-door conference about a tool to analyze malicious code and let authorities act against the builders and operators of the secret networks, which generally are used to produce spam e-mail or send out infectious material.

Microsoft's tool is based on results from 450 million users of its Malicious Software Removal Tool, a part of its Windows operating system.

Canadian authorities say they used the tool to break up a network that used about 500,000 infected computers in 110 countries. It enabled authorities to identify the Internet addresses being used to operate the network.

The breach apparently was due to a business relationship with Target America, which searches electronic records for potential donors to institutions. Target America says it maintains "the highest standards of security" but declined to discuss specifics of this case.

UCSF said since 2004 it had provided Target America with names and addresses of 30,590 patients, which the firm used to identify potential new or enhanced contributors to the school.

The San Francisco Chronicle said information available included names, addresses and some medical data. Experts said in addition to the danger of identity theft, thieves could sometimes use medical records to obtain medical treatment, get prescription drugs or file false medical claims.

It said 21 of the 101 breaches it has tracked this year occurred in some type of health care organization.

State and federal regulations dictate preservation of patient and other medical information and a survey of security officials with health care organizations found 75 percent felt they were fully familiar with requirements of the Health Information Portability and Accountability Act, the primary federal law.

Yet Attrition counted a number of major security situations, often involving lost or stolen equipment.

Insuror WellPoint said lax security on two servers run for it by a vendor potentially exposed data on 128,000 patients. New York Presbyterian Hospital said records on 40,000 patients were stolen, possibly by an employee. The National Institutes of Health and Fallon Community Health Plan both reported breaches due to stolen laptop computers.

A Cleveland Clinic employee was convicted of stealing information and passing it to a cousin, who used it to submit more than $2.5 million in phony bills to Medicare.

Institutions often encrypt patient information, but the situation can be confusing because while principal institutions may be aware of security rules, actual work often is contracted to third parties and much data also must be communicated among institutions and insurance companies.

And experts say crooks are using more sophisticated techniques and trying to gain assistance of insiders to steal data. They say stealing medical records may be more lucrative than stealing financial records because of the potential from fake billings. Medical records also often contain credit card account information which can be used in fraud.

Although the new firm will be named Clearwire, Sprint will own 51 percent of it. Clearwire will own 27 percent, while Intel, Google, Comcast, Time-Warner Cable and Bright House Networks will invest $3.2 billion for a 20 percent share.

Clearwire, started by cellular telephone pioneer Craig McCaw, already provides wireless Internet access to about 400,000 customers in some parts of the country. The new venture hopes to cover 120 to 140 million people within about three years.

AT&T and Verizon have stuck with current wireless technology and a future development called Long Term Evolution. But Clearwire says WiMAX offers faster speeds for wireless devices and could even intrude on fixed-line high-speed services.

The site pulled up on the question "Where's my stimulus payment?" asks taxpayers to enter their Social Security numbers and some other information before it will respond with a tentative date. A CNET news blog by Chris Soghoian says this "sets a horrible example, and encourages dangerous behavior by users."

By entering the last four digits of a Social Security number, a phisher could uncover the entire number and other information, he says.

The IRS posts frequent warnings about phishers who imitate the service to try to harvest information and has shut down more than 1,600 phony sites.

The technology administrator for Riverside County's Superior Court says he's conforming to state laws and finding data such as Social Security numbers amidst the records is like "finding a needle in a haystack."

Privacy advocates have long objected to governmental institutions posting court documents and other public records, which may contain sensitive information. In most cases, material posted on the Web also would be available in paper documents at a courthouse or government office, but it might be harder to locate there.

Privacy advocate Betty Ostergren raised the issue with ComputerWorld and pointed to some documents containing Social Security numbers and other personal information. But ComputerWorld noted it had to enter a specific case number to get access to the material.

Technology Director Gary Whitehead said court officials were aware of only five online documents with sensitive material.

Microsoft said a "compatibility issue" with its Retail Management System, point-of-sale and store management programs for small and medium sized businesses, caused the delay. It did not give specifics but a Microsoft representative said on a support forum that the updates caused data loss and corruption of databases in RMS systems.

Microsoft has offered users a fix for the RMS problem and its users will be screened out of the automatic update for SP3.

It does not plan to resume automatic updates for SP3 until probably June.

Microsoft also warned XP users that installing SP3 would lock them into version 7 of Internet Explorer. The only way to downgrade to version 6, Microsoft said, would be to uninstall SP3.

Postings on a Microsoft support forum indicated some users, with processors from Advanced Micro Devices, were having trouble with endless reboots after installing SP3. Users complained they could not reboot in "safe" mode or use system restore to revert to older versions.

Meantime, Microsoft is resuming release of SP1 for Vista, which also was delayed by the RMS bug.

Other critical fixes will repair the Word and Publisher programs in the Office suite.

Jet Database provides access to such things as Microsoft Access and Visual Basic. The flaw affects Windows 2000, XP and Server 2003 SP1; Microsoft said Jet Database in Vista, Server 2003 SP2 and the new XP SP3 are not vulnerable.

The fourth and non-critical patch will fix some problems in the company's anti-malware programs.

The would-be buyer of the material was actually an undercover FBI agent. Randall Craig, 41, was a private computer contractor for the U.S. Marine Reserve Center in San Antonio, Tex., which gave him access to personal information in its database.

Craig was accused of selling a thumb drive with the data for $500 to a man he believed was a representative of a foreign government. He pleaded guilty to charges of aggravated identity theft and unauthorized access to a computer.

It adds invisible code to a site that can cause visitors to download malicious programs.

Experts say keeping all programs and preventive services up to date is a good precaution against this worm. In some cases, visitors have been hit because of a flaw in very old Real Player software.

More details are available at the ISC Web site or from shadowserver.org.

Here, from ComputerWorld, are five steps to protect against insider threats.

1. Modems. They're vital, but they must have the same security and identity authentication systems as other network entry points.

2. Open file transfer. This is handy, even critical, for troubleshooting, patching and problem-solving. But it is easily mis-used by careless or disgruntled employees or third-party workers. Look for new technologies that can control access and monitor activity in case there is trouble.

3. Open telnet and SSH ports. These are often used to allow third parties to access and troubleshoot systems but they need to be closed if not in use and and secured access; otherwise a single address can gain entry to an entire network.

4. Server console ports. Companies typically connect to serial console ports using terminal servers which, by default, offer minimum security. Terminal server security should be regularly reviewed and console ports for sensitive data such as payroll should have outside security.

5. Unmonitored extranet traffic. Extranets are convenient to give vendors, partners and customers realtime collaboration. But access should be carefully controlled and activity closely monitored.