The never-ending battle

You’ve secured your network. Congratulations — take the rest of the day off. But come back bright and early tomorrow, because you’re in danger again.

Securing an organization is a process without end. You do your best to keep your network and your clients safe from vulnerabilities, but it’s virtually impossible to seal all the holes.

At ZDNet, we try to provide not only the latest security news, but commentary, analysis, and security products you can download and try. However, there’s often some delay between the first appearance of an exploit and the first report of it in the media. If you’re vulnerable, that time could be critical. Therefore, you should keep a close eye on some dedicated security sites.

SecurityFocus.com is a clearinghouse of security information. It hosts a vulnerability database that lists newly discovered security holes, and Bugtraq, a moderated mailing list that discusses those vulnerabilities. You can also access the Bugtraq archives. There’s probably no better place to stay abreast of new computer security dangers.

A good complement to SecurityFocus.com is Carnegie Mellon University’s CERT Coordination Center, a computer emergency response team whose mission, according to its Web site, is to "provide technical assistance and coordinate responses to security compromises, identify trends in intruder activity, work with other security experts to identify solutions to security problems, and disseminate information to the broad community." CERT too offers a mailing list for security advisories.

You can also find resources aimed at specific kinds of problems. For example, an excellent resource center on viruses is Symantec’s Antivirus Resource Center.

But don’t act on security alerts without a little forethought. Before you start e-mailing the entire company about a new vulnerability your friend in Silicon Valley just sent you a message about, make sure it’s legit. Sometimes hoaxes are just as vexing as real problems, because users buy the scam and pester IS staff with questions or requests. Forewarned is forearmed — check whether the latest alert is a hoax.

Plan, implement, and test your security countermeasures, but stay up-to-date. And if you have any favorite sites or defensive tools, please share them.

Season of sloth

‘Tis the season — the last two weeks of the year — when nothing gets done. People are focused on the holidays and their families, and have to drag themselves in even to jobs they like. News stops, which makes it tough on organizations like ZDNet.

I usually look forward to this time of year as a chance to catch up on tasks I can’t otherwise accomplish — those items with a priority of 2 on my to-do list, when I never seem to get to all the 1s. Here then is my advice for making these weeks productive:

Go through all the piles on your desk. Decide what you can file in existing folders, and what new folders you need for other items that don’t need to be always at hand. Better yet, if you forgot you had it, you can live without it. Throw it out.

Once your desk is clean, do the same for your e-mail in-box. Same routine — file things in folders, trash what you don’t need. But save e-mail addresses and other contact information in a database, so you can find people quickly. I use ACT! 2000, but Outlook will do the trick, or if you have a Palm computer, its address list is probably best.

Whittle down that pile of publications. Start at the bottom (which is easier said than done). Check the table of contents — are there any features or columns you must read? Rip them out and put them aside. Then toss the dross in a reject pile, and be sure to recycle the pile when you’re done.

Speaking of recycling, you can gain good karma by recycling those useless AOL and Earthlink CD-ROMs that have been piling up in your mailbox.

Check the links on your Web site. Nobody likes dead links. I’ve found Watchfire’s LinkBot Pro to be an extremely valuable tool, but there are dozens of others.

Make your site more visible to search engines. Follow our advice, and use a tool like TopDog or WebPosition Gold to raise your rankings.

Document. Good managers make themselves easy to promote by grooming players on their team to succeed them, and one of the best ways to do that is to leave detailed information about the processes you’re responsible for.

Treat yourself to a present. If you have a few hundred dollars left in an accessible budget category, why not buy something that will make your life, or that of your administrative staff, easier? Some of my favorites are a business card scanner, for keeping contact information online; a label printer, for easy letter addressing; and a new pair of speakers or audio headset, for listening to MP3 files, streaming audio from radio stations, or online broadcasters like Spinner.com.

Talk’s not cheap, it’s bankrupt

I was saddened to see that a leader in the speech-recognition field, Lernout & Hauspie Speech Products N.V., filed for Chapter 11 bankruptcy protection last week. Earlier last month, its founders, CEO, and CFO all resigned their posts, and the company is being investigated for irregular accounting practices both in the U.S. and in Belgium, where it was founded.

L&H had great technology and brilliant people working on developing it. It had a diversified business plan, offering not only speech-recognition software but also translation services, transcription products, speech-enabled devices, and other related technologies.

I feel sorry for investors who bought in when L&H’s story seemed so promising. The stock, which traded as high as $72.50 in March, was at about $6.22 when trading was halted Nov. 9 on Nasdaq, and around $3.53 when it was stopped on Easdaq, the Nasdaq’s European equivalent. The company’s market capitalization went from more than $10 billion in May to less than $1 billion last week, and it owes half a billion in debt.

Part of that debt is from two high-profile acquisitions the company made this year: Dictaphone Corp., a leader in speech-to-text systems, and Dragon Systems Inc., the other top speech-recognition player. The sellers of those firms have seen the value of their proceeds, which were made partly in stock, disappear like the morning frost when the sun comes up. Dictaphone’s previous owners are already in court trying to get their assets back, but with little prospect of success.

Analysts are not optimistic about the chances for L&H’s the survival. If it dies, where does that leave the speech-recognition marketplace?

For now, in the hands of IBM and Philips Speech Processing, and that’s too bad for you and me. The last time I tested products from those companies (admittedly, more than a year ago) both were well behind L&H and Dragon in accuracy and usability.

I recommend you get your hands on a copy of L&H’s Voice Xpress 5.0 and treasure it. Get the Professional edition, if you can afford it. If you like the idea of making voice notes that you can later get your software to transcribe, get the Mobile Professional product, which comes with a nifty featherweight solid-state voice recorder.

And keep your fingers crossed for a miraculous turnaround.