...the wise begin scanning the sky for omens. And what's weirder than politics?

So here's Presidential candidate John McCain, campaigning frenziedly in the remaining eight red states (irony of ironies, that staunchly Republican states are red, what, haven't they heard of the slogan anti-Communists used in America in the 1950s, "Better dead than Red?") and insisting he's going to come from behind and beat his rival, Presidential candidate Barack Obama while, even in those eight red states, the tide is turning towards Mr. Obama.

How are we going to handicap this? Well, check your spam. Seems the cybercriminals have it all figured out.

According to antivirus vendor Secure Computing, 70 percent more political spam is being sent in Senator Obama's name than in Senator McCain's. Ouch. We said, not a million years ago, that there would be a surge in political spam, but unfortunately failed to read the omens correctly. I just knew that duck dive-bombing a BMW driven by a yuppie on the 401 the other day was significant.

On October 18, when Senator Obama pulled a crowd of 100,000 in St. Louis, Mo. and 75,000 in Kansas City, Mo., his two stops in the state, he led Senator McCain in the spam race, if you will, 99 to one, according to Secure Computing. That is, only ONE percent of the spam purported to be from Senator McCain; the rest all purported to be from Senator Obama.

There is one area in which Senator McCain comes out ahead, though: When the spam references pharmacy Web sites. Here, he beats Senator Obama five to four. Do the spammers know something we don't?

I was tempted to hop over to see Sasha, the local psychic, for corroboration, but wisely restrained myself -- every time I see a psychic, I want to ask something along the lines of "You know why I'm here, don't you?" and hold my tongue after that until they guess correctly. And psychics usually have large aides-de-camp whose knuckles don't just drag on the ground, they scrape it clean, and who love beating meditatively on people who annoy their employers.

Not a good idea to rile those types; I'll just lay my bets on the spam.

...and things that go bump in the night, guid Laird preserve us, goes an old Scottish poem. Just the thing for Halloween, I thought.

And, in that spirit (pun intended), comes an announcement from Hewlett-Packard that it has launched What Haunts Your Data Center -- an education campaign featuring six animated data center characters that "bring to life the scary monsters that haunt IT managers' dreams."

I'm going to have to list the six to set this one up. They are: Dracula, the Data Center Energy Sucking Vampire; Frankenstein, the Multi-Vendor Environment Monster; the Blob, The Virtualized Data Center...Gone Wrong; Skeletons, Legacy, Unknown Server and Storage Hardware; Ghosts, The Spooks Haunting Unsecured Data Centers; and Werewolf, The Untrained Custodian.

Now, I have always been a fan of Swamp Thing and Killer Tomatoes -- where are they? What is this, monster bigotry? That aside, one has to appreciate the attempt to inject humor into what is essentially a marketing event, and to tie it into the cultural phenomenon of Halloween.

Still, I can't help thinking: Would nailing up cloves of garlic and upside-down horseshoes get rid of Vlad and the Werewolf just to even things up a bit? And are IT managers really afraid of the monster under the bed?

In any event, the marketing is slick. You can view videos of the monsters here on YouTube, or go here to download a PowerPoint presentation.

HP's leveraging social media too, having set up a fan page here on Facebook. And HP's destination site has lets visitors vote for their favorite monster and has "lots of good information on best approaches for ridding the data center of the monsters that haunt it." It also lets you go to a "haunted data center" with sound and visual effects.

Me, I want my mommy. NOW!

So, recession is the word on everyone's lips. Everyone but the mooks leading this country who just can't bring themselves to pronounce the 'r' word, despite the financial industry meltdown, people having their homes foreclosed and the computer industry quaking in its collective boots as it looks towards the future. Why, back in February, the White House predicted the economy would escape a recession.

Which brings us to the subject of this particular blog: Surviving the recession. In an excellent example of the American get-up-and-go spirit, which finds a silver lining in every cloud, a company by the name of Adaptive Planning has come up with a solution to help companies survive the recession.

Its Adaptive Planning Recession Survival Kit, offered in software as a service mode, lets finance and executive teams evaluate strategic and tactical actions and their overall cash impact, and reset their financial plans quickly. Speed, it must be noted, is of the essence, a point that escaped our leaders as they dillied and dallied and whined through the weeks before approving the $700 billion bailout plan that promises to leave us poorer than before while letting the...how shall I put it politely? Ah, yes... the crooks in the financial industry that got us into this mess...get away pretty much free and clear.

Basically, the kit offers what-if modeling so company management can see how expense levels, capital expenditures and  other moves will impact cash flow. It also captures collaborative, real time inputs from managers company-wide so top management can get input in near-real time.

The cost of this largesse? Well, you get a six-month subscription to the software, for 10 user seats, consulting services and user training, all for less than $10,000, and can go live within a week.

The benefits? No capital investment, you get top-down integrated financial statements, sales, expense  and capital templates to allow collaboration, integration of one year of historical data, the ability to create unlimited scenarios, comparative scenario reporting and you can import your current budget data into the system.

Oh, and you can get rid of those Excel spreadsheets, for what it's worth.

So c'mon, Phil Gramm, who says we're a nation of whiners?

Remember how, when we were kids, our parents taught us never to talk to strangers?

Well, we can (and jolly well should) extend that principle to strangers on-line. Read on before uttering wheepling cries about this being one world and how being unfriendly is bad and you'll see why.

McAfee's Avert Labs predicts that cybercriminals will increasingly use social engineering techniques to get around antivirus and spam protection on users' computers. These attacks are getting extremely sophisticated and even the knowledgeable will fall for them.

For example, a crafty spammer sent about 10,000 users (yes, ten thousand, a one with FOUR zeros behind it) of LinkedIn.com an e-mail that seemed to be from the site's technical support department with an attachment purporting to be a list of business contacts they had asked for. Of course, the attachment actually was malware in disguise.

The latest issue of the bi-annual McAfee Security Journal outlines four major global trends for spamming.

First, cybercriminals will increasingly leverage personal information on social networking sites to more closely hone their attacks to their targets. This leads to the second trend, which is that the amount of socially engineered spam will skyrocket. Oh, and data breaches will help the cybercriminals.

The latest trend in data security is risk management, which can be equated to, "If I lose that much data, what will it cost me?" Enterprises can then do a calculation of the cost-benefit ratio and figure out whether or not the risk is worthwhile, much as Ford did with the Pinto, that tin can which was a ball of flame waiting to happen.

Then,stock scams will rise. Pump and dump scams will seem like nothing; Avert Labs researchers expect cybercriminals to falsely advertise security vulnerabilities in software or management changes at a public company.. Makes one wonder if the recent, untrue report of Steve Jobs having a heart attack was a scam, doesn't it?

Lastly, the bad guys will capitalize on users' desire to protect their PCs by faking security updates. McAfee has seen an increase in malicious software posing as applications from security vendors. Click on them and you've just gone on the highway to a very warm place.

How do you protect yourself against these scams? Use your common sense. Make sure your security software is updated, don't click on e-mail from a stranger ("But I may miss out on a new friend," you might wail. Yeah, or you might just have escaped a cybercriminal attack, sez I.); be wary of offers that come through e-mails, instant messaging systems or social networks that sound too good to be true; call your bank if you get a message purporting to come from it; and NEVER reply to anyone offering to take you off their mailing list.

Remember my old pal R. Heinlein's TANSTAAFL principle: There Ain't No Such Thing As A Free Lunch.

Although it is reeling from the impact of the global financial meltdown, like every other vendor, and squirming under the weight of Oracle's lawsuit over its soon-to-be-shut-down TomorrowNow subsidiary, German software giant SAP (NYSE: SAP) is soldiering on.

Out in Berlin, at the SAP TechEd 2008 conference, being held through Thursday, SAP has announced EcoHub, an online marketplace that lets customers "discover, evaluate and buy partner solutions to complement their SAP installations."

Now, where did I hear of a structure like this before? Aha! The AppExchange from Salesforce.com, that's where -- except that the AppExchange includes applications developed by Salesforce.com's customers, developers and partners, while EcoHub only includes solutions from SAP trusted partners.

No customer-developed apps, tsk, tsk, but EcoHub (and get the name right, there's lots of other sites with the same name but a different spelling and they can be rather exciting) does have a ratings section, a user feedback section and demos.

Well, at least it makes the task of looking for third-party solutions for your SAP environment easier. You can navigate the site by industry or solution, do a keyword search (novel thought!), sort by relevance or partner, and look at "most viewed" and "highest rated" solutions.

You can also tap feedback from peers and business process experts, read success stories, which are as much a staple of corporate Websites as oatmeal is, schedule a solution demo on EcoHub with an SAP partner, request more information on solutions you find, and buy the solution online.

All of this is welcome news, to be sure, and it's yet another indication that SAP is prepared to fight tooth and nail for its share of the market.

After years of suffering from spammers, I'm outraged at news from MessageLabs that the global ratio of spam in e-mail traffic from new and previously unknown bad sources was only 70.1 percent, a decrease of 8.1 percent from the August figures..

What, are the spammers taking a rest now? After keeping me and zillions of other long-suffering computer users on the hop? Where is their work ethic? Sheez, the planet is going to a warm place on a handcart!

According to the MessageLabs Intelligence Report for September 2008 and the third quarter of this year, this decline is largely due to the demise of California-based internet service provider (ISP) Intercage on September 20. However, MessageLabs expects the usual burst of spams over the holiday season will make up the shortfall.

Ah, good, things will be back to normal. I feel better already. Too much optimism clogs up the arteries.

A little background here: MessageLabs has just been bought by Symantec, and Intercage, which has finally died, electronically speaking, is notorious in the Internet community for having offered hosting solutions to the cybercriminal group known as the Russian Business Network.

Reading on, I find that 0.76 percent of e-mail traffic from new and previously unknown bad sources contained viruses, down four percent from the August figure, and the percentage of e-mail borne malware that contained links to malicious sites fell 11.3 percent from August's figure to only 6.3 percent in September.

Scary stuff, but the bad guys are still on the job, with phishing attacks increasing by 16 percent over the August figures. Still, overall, phishing levels have been declining sharply since the begining of the year, according to MessageLabs, although you could'a fooled me, I keep getting phishing e-mails daily and have sworn off sushi as a consequence.

Ah, well, at least the gub'mint is taking things seriously, with Senator Patrick Leahy proposing some tough anti-cybercrime provisions in a bill awaiting the President's signature. I'll find out soon if the bill has passed and let you know.

Ah, security, the word that's on everyone's lips. Necessarily, it seems, from the almost-daily reports of data breaches we keep on seeing.

Things are only going to get more complicated for security professionals as new technological and social trends emerge. Think about virtualization, the cloud, social networks, twittering, and the readiness of people today to put their information on the Web for everyone to see (and possibly steal and misuse).

IBM has come up with a list of nine trends that will shape the security environment over the next five years.

Here they are:

1. Securing virtualized environments -- always a headache, because the traditional approaches result in so much network chatter that they gulp down bandwidth like it's going out of style;

2. Alternative ways to deliver security (think pre-packaged solutions such as real and virtual appliances, cloud-enabled services and software as a service, the last being why Symantec acquired MessageLabs);

3. Managing risk and compliance. Lots of vendors are bringing tools for this because it's such a lucrative area. Security is increasingly a matter of managing risk because it's not a question of whether an enterprise will be hacked, but when, so companies have to devote more resources to protecting the most mission-critical applications and take a strategic approach; and, as for compliance, the operative phrase is "Guard your data."

4. Identity governance. If you have accounts on multiple social networks, and multiple e-mail accounts, and most of us do, you have multiple digital identities, which means individuals and businesses will need to manage these.

5. Information security -- the need to base decision on secure information sources of high quality becomes important, and companies like Informatica, which cleanse and unify data, become increasingly important.

6. Predictable security of applications -- service oriented architecture, which leads to Web-based composite applications, is all well and good, but it creates new points of vulnerability that have to be guarded closely.

7. Protecting the evolving network. Hackers are increasingly attacking applications, and one of their favorite targets is databases, which they hit with SQL injection attacks. One of the most prominent victims of this was Businessweek -- one of its Websites was hacked to redirect visitors to a Website containing malware.

8. Securing mobile devices -- as mobile devices become a trusted channel for conducting business, they will become the focus of attacks. Various sites on the Web, including this one, talk about how to hack different types of mobile phones.

9. The convergence of IT and physical security. Digitization, advanced analytics, correlation and automation help improve a physical response to security breaches. Early versions of this are motiion sensors and video cameras linked to the police or a security firm.

Implementing all nine approaches is a tall order for any enterprise but, as the number of attacks increase and the bad guys get more sophisticated, the need for a co-ordinated, wide-ranging security policy will grow.

Today, CA announced that it has acquired IDFocus LLC and its ACE identity management technology to strengthen its own identity management offerings.

The ACE application will be rolled into CA's Identity and Access Management suite, which CA has been strengthening for some time.

In May, CA agreed to resell Eurekify's Enterprise Role Manager, thus adding role-based ID management to its portfolio. In early June, CA unveiled various tools to automate compliance management, creating online workflow and tying in to remediation. All involve identity management.

Identity management is important because it helps prevent security and compliance breaches in-house, by controlling the access of staff and contractors of a company to applications. Part of that control involves retiring or rescinding access when a person is promoted, transferred or leaves the company.

Failing to retire or rescind accounts leads to orphaned accounts, which are a known security flaw.

One of the features IDFocus brings to CA's products is a separation of duties (SoD) capability. SOD is critical to security as it creates a system of checks and balances. Essentially, SoD means that different people handle different aspects of a task. That's the reason why, in a business, the accounts payable and accounts receivable departments are separate.

Failure to maintain SoD allowed rogue systems administrator Terry Childs to hold the City of San Francisco hostage when he created a super password that locked everyone but him out of accessing the city's network.