Carolyn Ramon

China defends Internet censorship after Obama lauds openness

2010-02-23T01:06:00.001-08:00

China on Tuesday defended its control of information on the Internet that it deems sensitive or harmful, one day after U.S. President Barack Obama told students in Shanghai that information should be free. China also aims to prevent "adverse content" online from harming children in the country, he said. The remarks highlighted ongoing tensions between China and the U.S. over human rights, another ideal Obama extolled in China. "For the Chinese government, we hope online communications can move smoothly, but at the same time we need to ensure that online communications do not affect our national security," Chinese Vice Foreign Minister He Yafei told reporters at a question-and-answer session in Beijing. China blocks Web sites including YouTube as part of its efforts to prevent sensitive political content from appearing online.

Obama, making his first visit to China as president, told local students at a question-and-answer session this week that freedom of information online can help people hold their government accountable and encourages them to think for themselves. It added Twitter and Facebook to its blocked list earlier this year after deadly ethnic riots in its western Muslim region, which also led China to cut off virtually all Internet access in Xinjiang province. Obama did not mention China's Internet policies, but his statements went beyond the views usually expressed by Chinese government officials or local media. Chinese President Hu Jintao stood expressionless on the stage beside Obama as he spoke. "We do not believe these principles are unique to America, but rather they are universal rights, and they should be available to all peoples, and to all ethnic and religious minorities." Chinese Web site owners are expected by authorities to censor certain information about sensitive issues like corruption on their domains, including when it is posted by users, and can risk punishment for failing to do so. "All men and women possess certain fundamental human rights," Obama said in a speech in Beijing on Tuesday that was broadcast on live national television.

Avalanche is top phishing gang by far this year

2010-02-17T16:00:00.001-08:00

A single group of attackers accounted for a quarter of all phishing in the first half of this year, according to a new study. The group attacks financial institutions, online services and job-search providers using fast-flux techniques that hide its actual attack sites behind an ever changing group of proxy machines, mainly hacked consumer computers, according to APWG's latest Global Phishing Survey. 11 security companies to watch phishing Rather than dying out after efforts to take down the Avalanche efforts, the gang seems to be increasing its efforts. "Avalanche attacks increased significantly in the third quarter of the year, and preliminary numbers indicate a possible doubling of attacks in the summer of 2009," the report says. Called Avalanche, the gang started work late last year and has been increasing its activity since, according to a report by the Anti-Phishing Working Group. "This criminal operation is one of the most sophisticated and damaging on the Internet and targets vulnerable or non-responsive registrars and registries," the report says.

The report period ends July 1, so the next report for the second half of this year will examine the apparent surge in detail. By the time the ISPs shut down the IP addresses the attack proxies have moved somewhere else, the report says. Because the IP addresses that the attacks seem to be coming from are constantly shifting, notifying ISPs of the problem doesn't work. The Avalanche gang registers domains at one to three registries or resellers and test whether the registrars notice that they are registering domain names that are nearly identical. An example of these similar domains is given in the report: 11fjfhi.com, 11fjhj.com, 11fjfh1.com, 11 fjfhl.com. If not, they launch attacks from these domains, and if the registrar takes action against them, they just abandon the domains and move on.

Each domain is used to launch up to 30 attacks, APWG says. Because mitigation efforts by ISPs and others focused on Avalanche, the average lifetime of each Avalanche attack was significantly lower than the average for all attacks, the report says. Avalanche attacks just one or two businesses at a time and frequently cycles back to re-attack older targets, the report says. The average uptime for all attacks was 39 hours, 11 minutes; for Avalanche attacks, it was 18 hours, 45 minutes, the study says. These attacks could be started up again after an hour, which would extend their longevity but would not be measured by the report, the researchers say.

APWG researchers consider an attack dead if it stays inactive for an hour. So the lifespan of Avalanche attacks may be longer than the report results indicate. Some 14.5% of phishing attacks came from what APWG called malicious domains registered by phishers themselves. In other study results, it appears that using hacked domains as launch pads for attacks is increasing. That is down from 18.5% in the second half of last year, the period for the group's previous Global Phishing Survey. "Virtually all the rest were hacked or "compromised" domains belonging to innocent site owners," the study says.

Two top level domains - .pe (Peru) and .th (Thailand) – score highest in a measure of how many second and third level domains within them are used to launch phishing attacks. Of the malicious domains, 43% were launchpads for the Avalanche attack. The average score across all domains was 6.9, and .pe scored 20 while .th scored 16. Overall, attacks came from 30,131 domains distributed among 171 top level domains. The next three most often used top level domains were .eu, .ru and .de, all with less than 3%. Half (50.3%) of these domains fell within the .com top level domain, 8.5% within .net and 5.6 within .org.

Heartland CEO: Credit card encryption needed

2010-02-12T06:06:00.001-08:00

Credit card transactions in the U.S. are often not encrypted, and credit card vendors, payment processors and retailers need to embrace an encryption standard to protect credit card numbers, the CEO of a breached payment processor said Monday. Heartland in January announced the discovery of a data breach that left tens of millions of credit card numbers exposed to a gang of hackers. "I now know that this industry needs to, and can, do more to better protect it against the ever-more-sophisticated methods used by these cybercriminals," Carr told the Senate Homeland Security and Governmental Affairs Committee. "I believe it is critical to implement new technology, not just at Heartland, but industrywide." The purpose of the committee hearing was, in part, to determine whether new legislation is needed to fight cybercrime. Credit card numbers are not now required in payment card industry guidelines to be encrypted in transit between retailers, payment processors and card issuers, Robert Carr, chairman and CEO of Heartland Payment Systems, told a U.S. Senate committee. Heartland is pushing for the credit card industry to adopt an end-to-end encryption standard, he said, and the company is deploying tamper-resistant point-of-sale terminals at its member retailers. "Our goal is to completely remove payment account numbers of credit and debit cards and magnetic-stripe data so they are never accessible in a useable format in the merchant or processor systems," Carr said.

The company has also helped to form an information-sharing council for payment processors, where the companies can share information about threats, vulnerabilities and best practices, he said. "We are working on these solutions, both technological and cooperative, because I don't want anyone else in our industry, or our customers, or their customers ... to fall victim to these cybercriminals," he said. Heartland has asked credit card companies to accept encrypted transactions and the company has engaged standards bodies and encryption vendors, Carr said. Carr didn't give details about the Heartland breach, in which the company was compromised for about a year-and-a-half. However, Heartland paid about US$32 million in the first half of 2009 for forensic investigations, legal work and other charges related to the breach, he said. The company remains involved in investigations and lawsuits involving the breach, he said. Senators asked Carr some pointed questions about the breach.

Senator Joe Lieberman, an independent from Connecticut, asked Carr about the extent of the breach. Senator Susan Collins, a Maine Republican, wanted to know how the company could be compromised from October 2006 to May 2008 without discovering the breach. "I was astounded at what a long period elapsed where these hackers were able to steal these credit card numbers," she said. "Explain to me how a breach of that magnitude could go undetected for so long." Card holders were not reporting major breaches, Carr answered. "The way breaches are normally detected is that fraudulent uses of cards are determined," he said. "There was no hint of fraudulent use of cards that came to our attention until toward the end of 2008." Collins pressed him further. "But are there no computer programs that one can use to check to see if an intrusion has occurred?" she asked. "There are, and the cybercriminals are very good at masking themselves," Carr said. In August, Albert Gonzalez of Miami was indicted in New Jersey for the theft of more than 130 million credit and debit cards, according to the U.S. Department of Justice. Gonzalez pleaded guilty last week to separate charges in Massachusetts and New York. He was charged, along with two unnamed co-conspirators, with using SQL injection attacks to steal credit and debit card information from Heartland, 7-Eleven and Hannaford Brothers, a Maine-based supermarket chain. It's too soon to tell how many credit card numbers processed by Heartland were compromised, Carr said. "We don't know the extent of the fraud at this point," he said. "It's a significant compromise."

Facebook tool could be exploited by cyber-bullies

2010-02-06T21:00:00.001-08:00

A recent Facebook feature can be exploited to be a cyber-bullying tool in the wrong hands, a security vendor warns. Why not just put a gun to your head? Facebook and Twitter? Facebook's new feature – "reply to this e-mail to comment on this status" – gives attackers a way to post messages on other people's Facebook pages, according to a blog by security vendor F-Secure.

The intent of the feature is to allow Facebook users to respond directly from their e-mail when they receive e-mail notifications that include messages that have been posted to their Facebook accounts. These messages could include personal attacks that seem to come from a user but are actually written by someone who has compromised that person's e-mail account, for instance. They can respond without having to go to the Facebook site first, eliminating a step and thereby saving time. Authenticating to the Facebook site before writing a reply drops out of the equation, so someone other than account holders can post. "They can put words in my mouth," he says. But eliminating that step can also leave a crack in Facebook's armor, according to F-Secure security adviser for North America Sean Sullivan. If a user's e-mail account is compromised via phishing or direct hacking, spammers can respond to any Facebook notifications they come across, Sullivan says.

Facebook users can opt out of receiving the e-mail notifications altogether by adjusting their settings. It has posted a demonstration of how this can work here. This story, "Facebook tool could be exploited by cyber-bullies," was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.

Wall Street Beat: Big tech deals stir market

2010-02-01T06:05:00.001-08:00

As industry insiders attempt to gauge the impact of economic recovery on IT, acquisitions and legal deals among vendors including Intel, Advanced Micro Devices, Hewlett-Packard, 3Com and Logitech are sparking investor interest by altering the shape of the tech market. The company and its archrival, Intel, announced on Thursday that they have settled all antitrust litigation and patent cross-license disputes between the companies. At first blush, AMD is one of the big winners. Intel will pay AMD US$1.25 billion.

But ultimately the real winner may be Intel, even though it will take a big earnings hit for the quarter. AMD's share price jumped 22 percent to close the day at $6.48, up by $1.16. The deal gives AMD a much-needed cash infusion. As a result of the legal settlement, Intel said it expects its spending in the fourth quarter to be approximately $4.2 billion, up from $2.9 billion. The deal also allows Intel "to focus on its real long-term threat," according to industry analyst Jack Gold. "No, it's not AMD – its ARM Holdings and all of the licensees of the ARM chip designs (e.g., Qualcomm, TI, Freescale, Nvidia, Samsung, Marvel). While PC and server chips are its breadwinner today, Intel rightly understands that the sheer number of personal and consumer intelligent computing devices that will be built over the next several years will far outnumber the traditional PC marketplace," Gold said in e-mail. However, the chip giant needs the competition from AMD to stay fresh and focused, and to allay antitrust concerns. Intel shares dropped $0.16 to close at $19.68. That doesn't mean that IT investors thought the AMD deal was bad for Intel; most tech bellwether shares dropped Thursday on macroeconomic concerns.

The federal deficit for the budget year, ended Sept. 30, set an all-time record in dollar terms of $1.42 trillion. The Treasury Department reported that the federal deficit for October totaled $176.4 billion, higher than economists expected. High deficits may push up interest rates, which could in turn hurt what looks to be a slow, fragile recovery. The purchase is a challenge to networking giant Cisco Systems and a major step toward HP's ability to provide a one-stop shop for computing, storage, services and networking. The signature M&A deal of the week was HP's $2.7 billion acquisition of network switch maker 3Com.

Cisco earlier this year started selling servers, which made it more of a direct competitor to HP. However, the deal may have its biggest impact not on Cisco, but on smaller networking players like Brocade Communications. Cisco shares declined by only 2.17 percent, dropping $0.52 to close at $23.40. The HP acquisition takes Brocade out of play as a possible acquisition target by HP while increasing competitive pressure. Brocade shares Thursday slumped to close at $8.08, down by $1.17 or 12.7 percent. In what would have been the major M&A deal in most other weeks, tString := StoryDateLine + " (" + @Text(StoryFiledDate) + ") - "; @If(datelineinbody = "No"; tString; "")Logitech said Tuesday it will acquire HD video communications equipment maker LifeSize Communications for $405 million in cash. Logitech shares slumped in the wake of the news, however.

Video communications systems, a major thrust for Cisco as well, has become a hot product category as businesses cut travel to pare costs. Often, acquisition announcements have a negative impact on the acquiring company's stock. However, Standard & Poor's Equity Research reiterated its "hold" recommendation on Logitech, stating that the deal will help the vendor in a fast-paced market. A big purchase can dilute earnings for the acquiring company. Tech market reports this week, meanwhile, were generally positive. In the mobile-phone arena, smartphone sales increased 13 percent in the third quarter over the year-earlier period, Gartner said Monday.

IDC Monday said that microprocessor unit shipments in the third quarter rose 23 percent from the second quarter, and by 0.3 percent from the same period in 2008, though the overall value of shipments declined. Overall mobile-phone market growth was much lower, increasing by 0.1 percent, Gartner said. With that all industries will suffer; certainly consumer electronics will have its ups and downs." The big hope for tech is that, just as it has been less affected by the recession than other sectors, it will fare better in the recovery as well. "The good news is certainly consumers continue to gravitate toward technology," DuBravac said. "They continue to spend on technology while trying to cut back on other categories to make room for their tech spend." While economic recovery appears to be underway, economists urge caution. "We believe that the recession is ended, that it ended in July ... but that certainly doesn't mean that we're out of the woods," said Shawn DuBravac, an economist at the Consumer Electronics Association. "We believe that while we're in an expansionary period now that it will be a mediocre, slow recovery where jobs continue to be hard to come by.

ZenNews adds some weight to RSS news feeds

2010-01-26T21:00:00.001-08:00

Zensify has a bone to pick with the way mobile devices make you read the news. That's all well and good, says Zensify chief technology officer Tom Campbell, but it doesn't provide much in the way of context-which stories are important and which ones people are talking about. Most RSS apps for the iPhone give you a chronological list of headlines, with the most recently posted stories listed first. Enter ZenNews, the latest iPhone app from Zensify.

It also incorporates the Twitter micro-blogging service to boost the weighting of stories that users are tweeting about. The app not only aggregates news headlines, but relies on analytics technology to highlight stories that are likely of greatest importance to the user. "It's a way to make news discovery more accessible to a mass market," Campbell told Macworld. "With a few swipes of your thumb, you can discover what's news and what people are tweeting about." ZenNews uses the same technology as the company's Zensify social network aggregator to pull stories from its source list, index them, and weight them. All of this happens in real time, so the stories that appear on ZenNews can change from moment to moment. A visual cloud tag of topics, where more heavily weighted stories get prominent play. The result?

You can drill down through the tag cloud as well-if a tag has more than five stories, a tap brings up a second group of tags associated with that story. Zensify believes that the abstract should give users enough of an overview for each story, but you can tap on the abstract to read the full version in an embedded browser. Tapping the "obama" tag, for example, calls up tags like "nobel," "orleans," and "pakistan." ZenNews also offers a list view that provides a headline and abstract of each story tag. Buttons within the browser let you share the story by Twitter or e-mail. Swiping from side to side takes you from the aggregated view of the ZenNews page to the tag clouds for the individual sources. ZenNews ships with 12 sources, including the BBC, New York Times, Washington Post, Al Jazeera, and others.

That gives users a chance to compare the coverage of a story from source to source, Campbell says. (Al Jazeera has precious little to say about Thursday evening's Phillies-Dodgers game, for example.) The developer promises to add three other sources to ZenNews-The Australian, China View, and Ha'Aretz. In addition to viewing stories by source, you can also sort by category. But users who want to add their own news feeds are out of luck, at least with this version. "We wanted an application that you didn't have to configure out of the box," said Campbell, adding that some customization could be introduced in future updates. ZenNews offers 13 categories in all, from Art to World news. Ultimately, Zensify plans to use the features showcased in consumer apps like ZenNews to build custom business-to-business products that deliver business intelligence about a company's products, industry, and competitors. ZenNews is a free App Store download that runs on any iPhone or iPod touch with the iPhone 2.1 software update.

Microsoft passes its first SAML 2.0 interoperability test

2010-01-21T11:04:00.001-08:00

Microsoft's federated identity platform passed its first SAML 2.0 interoperability test with favorable marks, signaling the end to the vendor's standoff against the protocol. 11 security companies to watch The eight-week, multivendor interoperability workout conducted by the Liberty Alliance and the Kantara Initiative also resulted in passing marks for two other first-time entrants – SAP and Siemens. Results were announced Wednesday. "The Liberty Interoperable testing was a great opportunity to verify that Active Directory Federation Services (AD FS) 2.0 is interoperable with others' SAML 2.0 implementations. Return testers Entrust, IBM, Novell and Ping Identity also passed. This should give our customers confidence that their federation deployments using ADFS will 'just work,'" says Conrad Bayer, product unit manager for federated identity at Microsoft.

The company previously supported the SAML token, but never the transport profiles of the protocol. "It is significant that Microsoft participated given their previous stance on the SAML protocol," says Gerry Gebel, an analyst with the Burton Group. "For the first product version that supports SAML, they have covered the core bases." Microsoft's interoperability testing focused on SAML's Service Provider Lite, Identity Provider Lite and eGovernment profiles. In the past, Microsoft has been dismissive of the Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorization data between and among security checkpoints, preferring the WS-Federation and other protocols it helped develop. The company says it plans to support other SAML profiles based on demand. In addition, it was the first test to include an international group to test the eGovernment SAML 2.0 profile v1.5. The test featured the United States, New Zealand and Denmark. "The fact that we were able to put so many new implementations through a full matrix, rigorous interoperability test speaks to the maturity of the SAML 2 protocol," says Brett McDowell, executive director of the Kantara Initiative. "And it is not just implementation; there is a tremendous amount of deployments." "Full matrix" testing means all participants must test against each other. The interoperability event featured the largest group of participants ever for the testing, which has been run twice previously.

The test was conducted over the Internet from points around the globe using real-world scenarios between service providers and identity providers as defined by the SAML 2.0 specification. ADFS 2.0 is part of a larger identity platform that includes Windows Identity Foundation and Windows Cardspace. Microsoft participated in the testing with Active Directory Federation Services 2.0 (formerly code-named Geneva), which is slated to ship later this year. Microsoft said earlier this year it would have SAML 2.0 certification before it released Geneva. ADFS 2.0 provides identity information and serves as a Security Token Service (STS), a transformation engine that is key to Microsoft's identity architecture. The SAML profiles ADFS 2.0 supports cover the core features of federation.

ADFS lets companies extend Active Directory to create single sign-on between local network resources and cloud services. The issue was noted in a report by the Drummond Group, which conducted the testing, and centered on long URL values mostly when encryption was enabled during specific operations. It wasn't all smooth sailing for Microsoft, however, as some participants reported problems using Internet Explorer 6.0 and 7.0 for SAML single sign-on, which is primarily a Web browser action. Internet Explorer does not accept URLs longer than 2,083 characters. Microsoft tested against IE 8 and Firefox 3.5.2. While Microsoft's participation was an important milestone for the advancement of SAML, McDowell says the current testing is significant on other fronts.

Testers got around the issue by using other browsers. The test marks a transition with the Kantara Initiative now taking over future tests. The level of cooperation between governments will serve as a model for other industries, he says. The group will adopt the Liberty Alliance testing methods and expand the scope of tests to include other protocols in addition to SAML. And it will build off the eGovernment profile testing as new profiles for other vertical markets, including healthcare and telecommunications, are developed. "Having countries come together and agree on a deployment profile, that is not to be understated," McDowell says. In addition, next year Kantara will pick two other protocols to test from a list made up of WS-Security, Information Card, Identity Metasystem Interoperability, OAuth and XRD. Kantara also will take cues from Project Concordia and eventually begin to test cross-protocol interoperability.

Follow John on Twitter. The next Kantara interoperability test is slated for next year.

Google Makes It Easier for News Sites to Opt-out

2010-01-16T02:00:00.001-08:00

In what will be seen as a concession to media baron Rupert Murdoch, Google has made it easier for news sites-such as those Murdoch controls-to opt-out of Google News. Murdoch has previously threatened to take News Corp. content, including the Times of London, and the Australian, off Google when at some point in the future they become paid sites. Where they used to have to fill out an online form to opt-out of Google's news aggregation site, publishers will soon have a means to opt-out or set other options automatically, using a small file placed on their sites.

His Wall Street Journal and Barron's are already largely subscription-based. As for the aggregators, "these people are not investing in journalism," Murdoch said. "They're feeding off the hard-earned efforts and investments of others." "To be impolite, it's theft," he added. On Tuesday, Murdoch told a U.S. Federal Trade Commission hearing that "there is no such thing as free news" and reiterated his statement that News Corp. sites would move to a paid model. His remarks targeting Google prompted Huffington Post founder Arianna Huffington to respond that "aggregation is part of the Web's DNA" and that old media needs to "get real." Murdoch has also reportedly been in talks with Microsoft that would result is News Corp. content being removed from Google and enhanced on Microsoft's Bing, which would pay News Corp. a fee in return for exclusivity. Google, which also attended the FTC meeting, made its announcement Tuesday in a blog post outlining extensions to the Robots Exclusion Protocol, already used to prevent Google and other search engines from indexing Web sites.

Recent reports, however, say the talks have been overplayed in the media. The extensions will give publishers control over how their sites are treated by Google News. "Now, with the news-specific crawler, if a publisher wants to opt out of Google News, they don't even have to contact us - they can put instructions just for user-agent Googlebot-News in the same robots.txt file they have today," wrote Google's Josh Cohen in the post. They'll also be able to apply the full range of REP directives just to Google News. Robots.txt is a small file that developers can place in the root directory of their Web sites that contain the Robots Exclusion Protocol commands. "In addition, once this change is fully in place, it will allow publishers to do more than just allow/disallow access to Google News. Want to block images from Google News, but not from Web Search? Want to include snippets in Google News, but not in Web Search?

Go ahead. Feel free. It's not likely most users will notice any difference as a result of the change, unless a large number of publishers decide to abandon Google News and the estimated 1 billion clicks-a-month it generates for participating publishers (including PC World) "Most people put their content on the web because they want it to be found, so very few choose to exclude their material from Google. All this will soon be possible with the same standard protocol that is REP," Cohen added. But we respect publishers' wishes.

We're excited about this change and will start rolling it out today," Cohen said in concluding his post announcing the change. If publishers don't want their websites to appear in web search results or in Google News, we want to give them easy ways to remove it. David Coursey has been writing about technology products and companies for more than 25 years. He tweets as @techinciter and may be contacted via his Web site.

Hijacked Web sites attack visitors

2010-01-10T05:00:00.001-08:00

Here's the scenario: Attackers compromise a major brand's Web site. The issue goes unnoticed until it's exposed publicly. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. Such attacks are a common occurrence, but most fly under the radar because the users never know that a trusted Web site infected them, says Brian Dye, senior director of product management at Symantec Corp.

But word can get out, leaving the Web site's customers feeling betrayed, and seriously damaging a brand's reputation. When his company tracks down the source of such infections, it often quietly notifies the Web site owner. Attackers, often organized crime rings, gain entry using techniques such as cross-site scripting, SQL injection and remote file-inclusion attacks, then install malicious code on the Web server that lets them get access to the end users doing business with the site. "They're co-opting machines that can be part of botnets that send phishing e-mail, that are landing sites for traffic diversion and that host malware," says Frederick Felman, chief marketing officer at MarkMonitor. That possibility is one of Lynn Goodendorf's biggest worries as global head of data privacy at InterContinental Hotels Group. "I worry about attacks that use a combination of malware and botnets," she says, adding that she has watched this type of activity increase steadily over the past two years. "That's very scary," says Goodendorf. But because the business's Web site isn't directly affected, the administrators of most infected Web sites don't even know it's happening. Most victims haven't associated such attacks with the Web sites that inadvertently infected them.

The latest versions of Microsoft's Internet Explorer browser and Google's search engine detect sites infected with malware, issue a warning and block access to the site. "To me, this is serious online brand damage," says Garter analyst John Pescatore, and it can be disastrous for small and midsize businesses that totally depend on search engine traffic. But that may be changing. The next frontier, says Dye, may be attackers who use these types of exploits against the Web sites of high-profile brands and then publicize - or threaten to publicize - what happened. But Pescatore sees a more fundamental problem: rushing through Web site updates and ignoring development best practices designed promote security. Preventing attacks like SQL injections requires using enterprise-class security tools, such as intrusion-prevention and -detection systems, with a focus on behavioral analysis to spot attacks, Dye says.

Most organizations follow formal processes for major upgrades, but not for the constant "tinkering" that takes place. The result: Vulnerabilities creep into the code. "Security groups often are forced to put Web application firewalls in front of Web servers to shield [these] vulnerabilities from attack," says Pescatore.

Five Tips to Shop Black Friday and Cyber Monday Securely

2010-01-01T20:00:00.001-08:00

This Friday is Black Friday-officially kicking off the 2009 holiday shopping season. Here are five tips to help you shop online securely. 1. Start with the Basics. Online attackers and malware developers know how to capitalize on current events, and the rush to find great holiday bargains offers a prime opportunity to exploit eager shoppers.

I realize that it seems redundant and cliché, but the first step in protecting yourself and your computer this holiday season is to make sure your computer is patched and secure . Make sure you have applied any applicable patches and updates for your operating system and Web browser in particular. Erin Earley, from Swedish anti-spyware company Lavasoft, says "Look for the padlock icon or a URL that starts with https://. That means your transaction is encrypted." When you are shopping at big name sites like BestBuy.com or Target.com there is less need for concern. Also, ensure you have antivirus and antispyware protection installed and running and that they are up to date. 2. Shop on Secure Sites. However, the quest for holiday bargains often extends beyond major retail chains to more obscure sites. 3. Control Your Credit. If you follow the first tip you will greatly decrease the chances of this happening, but some shoppers are still apprehensive.

One of the biggest concerns with online shopping is the possibility of an attacker intercepting your credit card details and maxing out your credit. There are a couple of alternatives you can use to shop online and protect your credit at the same time. Fred Touchette, a senior security analyst with AppRiver points out that one of the most popular holiday scams is to lure consumers with fake holiday bargains. Lavasoft's Earley suggests "If you're hesitant to enter your credit card details online, consider using a separate credit card, or use an "e-card" solution that gives you the ability to create a temporary card number to be used just once or with a spending limit." 4. Fake Holiday Bargains. Attackers are especially likely to focus on the most popular and hard-to-find items since those are more likely to catch the attention of desperate consumers.

He suggests that you "always do your research. Touchette says the fake product scams are typically promoted via spam email. If you don't recognize a company, don't order anything from them until you're sure they really exist." 5. Bank / PayPal Phishing. Attackers know this and know how to capitalize on it. With the huge spike in shopping for the holiday season its almost a sure thing that you've made a purchase with a credit card somewhere-either online or in real life at a brick and mortar retail establishment.

AppRiver lists both bank phishing attacks and PayPal (or eBay) phishing attacks on its list of the top holiday shopping scams. Touchette further recommends "Avoid following links that are provided for you in an email, especially if you are unsure of the sender. Watch out for poor spelling or grammar-signs that virtually ensure the message is fake, and remember that your financial institution will never ask you for personal information, account information, or passwords via email. A frequent trick from spammers during the holidays is a link to a fake eBay or PayPal log-in page. Black Friday has been stretched into Black November and retailers look like they will be aggressively promoting holiday bargains throughout the holiday season-not just this Friday. Rather than follow links in emails, type it directly into your browser." I don't know if its just me, but it seems that holiday shopping has reached a frenzy early this year.

Follow these tips to make sure your online holiday shopping goes smoothly and you can enjoy your holidays in peace. Tony Bradley tweets as @PCSecurityNews, and can be contacted at his Facebook page.

Stimulus for tech and telecom $3B, but jobs still guesswork

2009-12-27T06:03:00.001-08:00

WASHINGTON - The U.S. government has spent about $700 million on IT and telecommunications products and services under its economic stimulus program, part of a total of $3 billion that's in the spending pipeline, according to a private analysis of this data. Congress approved $787 billion in February to promote job growth and the White House recently claimed that some 600,000 jobs have been created by the stimulus spending so far. But how many jobs have been created is not as clear.

But the government data, made available through Recovery.gov , provides no details about the types of jobs and salaries and uses formulas to estimate the job impact. It calculates spending, and planned spending, based on actual contracts, or parts of contracts, that have allocated funding for IT and telecommunications communications and services. Oniva Inc., which tracks government contract spending and has set up a separate site, Recovery.org , to look at stimulus spending specifically and has tallied the amount of technology spending. The companies receiving stimulus funds report the number of direct jobs created, but don't estimate the indirect help. IBM was awarded in September a Social Security Administration contract, worth about $8.5 million, to upgrade systems around the country. For instance, the U.S. Social Security Administration is upgrading some IT equipment with money from the stimulus, but according to reports on three projects underway in Maryland, which represent just a fraction of the agency's tech spending, only 17 jobs were created or saved on about $11 million in spending.

IBM put the number of jobs created or saved at 16.8 is based on a combination of formulas developed by IBM and the White House, according to the company's filing. Similarly, Hewlett-Packard Co., didn't report any jobs also for a $1.25 million computer equipment contract . Oniva estimates that the direct stimulus spending has created just under 8,000 tech and telecom jobs, but this is a calculation based on a White House formula that says for approximately every $92,000 in recovery dollars spent, one job is created or saved, said Michael Balsam, the chief solutions officer of Onvi. Oracle Corp. reported from the same agency a contract of $1.25 million that didn't cite any jobs created. The government's formula attempts to look at indirect job creation that stem from direct awards, but Balsam has questions about way the government is reporting its data. That may help explain why newspapers such as the Milwaukee Journal Sentinel are reporting that that U.S. claims that 10,000 jobs were saved or created in Wisconsin "rife with errors, double counting and inflated numbers based more on satisfying federal formulas than creating real jobs." The newspaper came to this conclusion after looking at some of the local job creation reports. The U.S. job creation claims is not based on actual contract awards, said Balsam. "Only 25% of that [stimulus] money has actually left Washington," he said.

Other newspapers are turning up similar findings after examining local project spending.

Windows Marketplace reveals fragmentation

2009-12-21T21:00:00.001-08:00

Microsoft is making its Windows Marketplace for Mobile available to phones running older versions of its mobile software, although not all of the apps may be available to all Windows Mobile users. The Marketplace was initially only accessible by users of Microsoft's most recent software, Windows Mobile 6.5. It also said that the store now has 800 apps, triple the number available at the launch of the store in October. On Monday, Microsoft said users of phones running Windows Mobile 6.0 and 6.1 can now shop for and download apps from its Marketplace.

But not all of those are available to everyone. The discrepancy between the total number of apps and the number of apps in the online store demonstrates the downside to a business model like Microsoft's, with an OS that can be used on different kinds of phones. Microsoft's Web site that lets anyone browse through the Marketplace has just 376 applications. "People may not see all of them on the Marketplace website or smartphone catalogue, either because of regional access or because certain apps have specific device requirements such as GPS, screen sizes, etc.," Todd Brix, senior director of mobile services and platform product management for Microsoft, said in an e-mailed statement. The model allows end-users the luxury of choosing the phone design they prefer, but it comes with limitations in interoperability. The Android Market has 12,000 apps and so far doesn't seem to have significant issues with application interoperability.

However, Google's Android operating system is also running on phones with different form factors. Apple is on the other end of the spectrum, because it makes both the software and the hardware and also runs the app store. Microsoft says there are more than 18,000 commercial applications available for Windows Mobile. That vertical integration is at least part of the reason that there are now 100,000 applications in the iPhone App Store. Developers of those apps must submit them in order for them to appear in the new Marketplace.

Otherwise, they are only available through third-party sites. "Windows Marketplace for Mobile will not aggregate all available applications, but rather provide customers with a single source for purchasing quality tested applications backed by a money back guarantee," Microsoft said in a statement.

Google Voice Frees Your Voicemail, and Your Number

2009-12-16T11:04:00.001-08:00

Until yesterday, signing up for a Google Voice account required you to pick a new phone number - not a pleasant option for those who have kept the same digits for years. When you sign up for Google Voice - which is still not widely available to the public (you need to get an invite or request one) - you can either choose Google one-stop phone number or keep your own for a more pared-down experience. Now Google has enabled users to keep their existing phone numbers and get (most of) the features Google Voice offers, including Google's excellent voicemail service. Keeping your old digits gives you: Online, searchable voicemail Free automated voicemail transcription Custom voicemail greetings for different callers Email and SMS notifications Low-priced international calling Going for the full-throttle Google experience gives you all of the above plus: One number that reaches you on all your phones SMS via email Call screening Listen In Call recording Conference calling Call blocking If you already have a Google Voice number, you can add the voicemail option to any mobile phone associated with the account.

Happily, Google circumvented this problem earlier this month. Some of the awesome benefits are explained in Google's YouTube explanation: Since voicemails are transcribed and placed online, even made publicly available for sharing purposes, there has been some danger of said voicemails appearing in search results. These new features are both freeing and limiting: you can keep your number but sacrifice some of the goodies that make Google Voice a powerful contender in the telephony business. Follow Brennon on Twitter: @neonmadman Full number portability is likely coming in the future, after, of course, Google deals with AT&T, Apple, and the FCC. But some have high hopes that eventually the opposition will grow to accept and embrace Google Voice.

Microsoft's new lab pushes social networking boundaries

2009-12-11T02:00:00.001-08:00

DENVER - Microsoft's Lili Cheng's passion is making things that solve real problems, so as the leader of the company's new FUSE Labs she fully expects to blur the line between pure research and product development. Her rational is simple. "In some sense if you are building social software and you don't deploy, you have no idea if it works or not," she says. In fact, after only a month with its doors open, FUSE (Future Social Experiences) has done just that, helping Microsoft's Bing team release a marriage of the search engine and Twitter just two weeks ago. "The project was very experimental but once [the Bing team] saw the stuff we had they thought it would be great to try to ship it," she said of what she considers FUSE's first by-product. 10 Microsoft research projects Cheng spoke with Network World at the annual Defrag Conference around social computing and the social Web. Cheng says FUSE will embed itself with Microsoft product teams from SharePoint to Xbox and whoever is "fun to work with."Cheng says the Bing/Twitter project is a great example of the concept. "We just ship with the product team," she says. "I like that model, especially for [version 1] stuff." She describes FUSE as an advanced development research group. "We are pretty good at it because we just go for it," she says. Cheng is not some young maverick who thinks caution belongs in a stiff wind; she has an extensive and respected background in research, including director of the Creative Systems Group at Microsoft Research.

She started the Social Computing Group within Microsoft Research in 2001. The team built social networking prototypes including Wallop, which spun out as a separate company in 2004; Photostory, which shipped in Windows; and the Sapphire project, an early vision for redesigning Windows. The lab is one of three - the others being Microsoft's Rich Media Labs and Startup Labs - that were merged to create FUSE. She was appointed FUSE director last month by Microsoft chief software architect Ray Ozzie, who told Microsoft staff in a memo: "I've known Lili for many years, and have long been impressed by her vision and ability to create; to engage yet to also inspire; to lead; to make tough choices; to deliver." Cheng joined Microsoft in 1995 in the virtual worlds research group and worked on social applications such as V-Chat and Comic Chat. From 2004 to 2006 she crossed over to the product side and was the director of user experience for Windows and helped get Vista out the door. Ray and I interact all the time and he is just all over this [social experiences]," she says. Before Microsoft she worked in Apple's Advanced Technology Group, on the user interface research team. "I think the move to the labs is very natural. While Cheng won't give concrete examples of current projects, she says there is ongoing work with the SharePoint and Outlook teams and there is fascination with Twitter. "We are fascinated by the sharing of information in these systems and how you can make it more accessible," she says, mentioning Twitter's recent addition of a list capability. "If you add a little machine learning to lists and groups you could help people's experiences a lot more." She says as people consume more and more information the question becomes: "How do we make that easier and how do we help people manage their time?" Cheng says FUSE's focus won't be strictly enterprise, but a major goal will be to embed social activity into business process such as collaboration and where "social" meets real-time and entertainment.

Follow John on Twitter: twitter.com/johnfontana She says, however, the rapid rise of social computing and social networking makes it hard to think too far into the future. "If you look at young people and the way they communicate and socialize it is hard to say where it is going to go." Regardless of where everything ends up, Cheng hopes users have the new tools in their hands. "If people can use some great new cool social stuff from Microsoft that would be awesome," she says.

Appswell's looking for a few good app ideas

2009-12-05T16:05:00.001-08:00

Television ads for the iPhone promise that "There's an app for that." And, if you're talking about to-do lists, tip calculators, and myriad other categories, that's likely true. And, assuming you have the programming chops to actually build such an app, how can you expect to garner any attention in an App Store that's jammed with 80,000 or so other programs also hoping to catch the eyes of users? But what if there's not an app to pull off the particular task you're hoping to perform on your iPhone?

Appswell thinks it has the answer to both problems-an iPhone app that lets you propose ideas for mobile applications and vote on which ones should ever see the light of day. "We really believe the next big iPhone app idea is bouncing around the head of users," said Daniel Sullivan, Appswell's president and founder. Other users, who've registered with Appswell, can offer their feedback on the idea, voting for the ones they like. The app-also called Appswell-allows users to submit ideas for iPhone and iPod touch applications. Every four weeks or so, Appswell picks a winner based on user votes. Appswell, along with its partner Bit Group will turn the app proposal into a finished product.

The prize? The user who came up with the idea gets $1,000 plus 10 percent of the profits from subsequent App Store sales. The idea has to be something that Appswell and Bit Group are able to build and it has to adhere to Apple's standards for iPhone apps-no porn, bandwidth hogging, privacy-compromising, malicious, or illegal apps, in other words. And then the contest kicks off again. (There are some general requirements for app ideas, Sullivan says. Which, sadly, eliminates, most of my app ideas right off the bat.) While Appswell is billing its crowd-sourced approach to app development as "The American Idol of iPhone apps, contest winners will be entirely chosen by other Appswell users, with no panel of judges weighing in with its opinions. By involving users early in the development process, Appswell believes, it can find out what consumers want before apps are even built.

So don't look for the App Store equivalent of a Simon Cowell making lemon faces while you describe your idea for the perfect iPhone app. "Right now, we really want to take this as the voice of the [Appswell] community," Sullivan said. "We don't want to put a filter on it." In addition to giving users the chance to propose ideas for would-be iPhone apps, Sullivan thinks Appswell's approach solves one of the major dilemmas facing developers-namely that it's hard to stand out in the App Store with so many apps arriving on any given day. And Appswell-developed apps will have a built-in fanbase of users who voted on the app from the get-go; that potentially gives the app an edge when it eventually arrives in the App Store. Mac users might remember My Dream App, a contest that generated several "winning" app ideas, but none of the apps ever saw the light of day. It remains to be seen, though, how successful the crowd-sourcing of app ideas can be.

Microsoft passes its first SAML 2.0 interoperability test

2009-11-30T07:00:00.001-08:00

This should give our customers confidence that their federation deployments using ADFS will 'just work,'" says Conrad Bayer, product unit manager for federated identity at Microsoft. The company previously supported the SAML token, but never the transport profiles of the protocol. "It is significant that Microsoft participated given their previous stance on the SAML protocol," says Gerry Gebel, an analyst with the Burton Group. "For the first product version that supports SAML, they have covered the core bases." Microsoft's interoperability testing focused on SAML's Service Provider Lite, Identity Provider Lite and eGovernment profiles. In the past, Microsoft has been dismissive of the Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorization data between and among security checkpoints, preferring the WS-Federation and other protocols it helped develop. The company says it plans to support other SAML profiles based on demand. In addition, it was the first test to include an international group to test the eGovernment SAML 2.0 profile v1.5. The test featured the United States, New Zealand and Denmark. "The fact that we were able to put so many new implementations through a full matrix, rigorous interoperability test speaks to the maturity of the SAML 2 protocol," says Brett McDowell, executive director of the Kantara Initiative. "And it is not just implementation; there is a tremendous amount of deployments." "Full matrix" testing means all participants must test against each other. The interoperability event featured the largest group of participants ever for the testing, which has been run twice previously.

The test marks a transition with the Kantara Initiative now taking over future tests. The level of cooperation between governments will serve as a model for other industries, he says. The group will adopt the Liberty Alliance testing methods and expand the scope of tests to include other protocols in addition to SAML. And it will build off the eGovernment profile testing as new profiles for other vertical markets, including healthcare and telecommunications, are developed. "Having countries come together and agree on a deployment profile, that is not to be understated," McDowell says. In addition, next year Kantara will pick two other protocols to test from a list made up of WS-Security, Information Card, Identity Metasystem Interoperability, OAuth and XRD. Kantara also will take cues from Project Concordia and eventually begin to test cross-protocol interoperability. Follow John on Twitter.

The next Kantara interoperability test is slated for next year.

Undercover 1.5 ousts iPhone thieves with push notifications

2009-11-24T21:04:00.001-08:00

It's 2 AM. Do you know where your iPhone is? What if you want an app devoted to recovering a stolen iPhone or iPod Touch-one that has a few more tricks up its sleeve? Well, maybe you do, thanks to MobileMe's "Find my iPhone," but what if you're not a MobileMe subscriber?

That's exactly what Orbicule's Undercover for iPhone is. Our iPhones are now smarter, faster, stronger, better, and able to let third-party apps do more than ever. We've already covered this app and its Mac OS X cousin, back when push notifications were little more than a bullet point on a wish list, but times have changed. Back in the 1.0 days, when Undercover was just a wee lad, you had to fool your iPhone's captor into launching the app before it was able to transmit its location. You can make the messages as enticing as you want-say, by having them pretend to be a notification from your bank account.

Not an easy task: Thanks to App Store policy, apps cannot change their names or icons, and I'm guessing that all but the thickest criminals knew better than to launch an application called "Undercover." Now you have the ability to send push notifications with any message of your choosing directly to the iPhone-yes, just like MobileMe. But the comparisons end there. If the crook chooses to view the push notification, Undercover will launch, disguised either as a game that's taking its sweet time to load or loading any Website of your choosing, such as the aforementioned bank's. While the thief is distracted, Undercover will be happy to save the device's GPS coordinates and IP address to Orbicule's Website. They'll also be sent directly to any police officer you've contacted to work on the case and registered in Orbicule's Undercover Center. Each time that Undercover launches, it will save a new set of coordinates that you can view in Google Maps. Orbicule has made a video to demonstrate this killer feature. You could use Find My iPhone to collect live GPS information from MobileMe and log a record of GPS coordinates via Orbicule, submitting it all to the police.

It looks as though this app could be used not only as an alternative to Find My iPhone, but a nice companion app as well. It's still far from perfect, at least until (or unless) Apple can be made to change their iPhone app policies to let third-party apps like Undercover do a little more. It requires iPhone OS 3.0 or later. Undercover for the iPhone costs $5 and works on all iPhones and iPod touches.

Smartphones surge globally in Q3, despite recession

2009-11-19T10:00:00.001-08:00

Smartphone shipments were up 4.2% globally in the third quarter and reached a record total for a quarter despite the poor economy, market research firm IDC said today. IDC analyst Ramon Llamas said the demand in the third quarter was strong ,as it has been all year, noting that smartphones offer entertainment and a variety of functions that aren't available in traditional mobile phones. "As users expect greater functionality from their devices beyond telephony, we believe the [smartphone] market will continue to grow faster than the overall mobile phone market," Llamas said in a statement. Smartphone vendors shipped 43.3 million smartphones, such as the iPhone, in the third quarter, up 4.2% over the 41.5 million shipped in third quarter of 2008, IDC said. IDC analyst Will Stofega added that the Android operating system, which runs on devices from several manufacturers with more to come, has added to interest in smartphones.

Even though the iPhone gets most of the attention in the U.S., with more than 40 million units sold globally in more than two years, Nokia is still the global leader in smartphone shipments, IDC noted. He said he expects Android to pose a "serious challenge" to incumbent smartphones such as iPhones, Blackberries and those running Windows Mobile. Its flagship product is the N97, but it also has announced the N900, which runs the Maemo mobile Linux operating system . Nokia saw a 6.6% growth in smartphone shipments, to 16.4 million, in the third quarter, compared with 15.4 million in the same quarter of 2008. That gave Nokia nearly 38% of the smartphone market. Apple shipped 7.4 million devices, up 7% over the third quarter of 2008, giving it third place in smartphone shipments, or 17% of the market. Research in Motion, maker of several popular BlackBerry devices, was second, with 19% of the market in the quarter, having shipped 36% more smartphones in the third quarter, for a total of 8.2 million, IDC said. IDC did not compile the total for all Android or Windows Mobile devices, which run over a variety of devices.

Samsung was fifth, with 3.5% of the market or 1.5 million shipped. For the other device makers, HTC finished fourth with 5.6% of the shipments, or 2.4 million shipped. All others totaled nearly 17% of the market, with 7.3 million shipped. In addition to being the most shipments for a single quarter, the third quarter total of 43.3 million was up 3.2% from the 41.9 million shipped in the second quarter of 2009, IDC added.

Is Facebook Prepping a New Homepage?

2009-11-14T00:03:00.001-08:00

New tweaks to the Facebook homepage have been spotted in the wild that may make it easier to see what's going on within your network. Screenshots of the new homepage first appeared on The Next Web, and Inside Facebook. New features include improved filters for the newsfeed, a revised right-hand column and a new Publisher box reminiscent of Facebook Lite. A Facebook spokesperson has confirmed the social network is currently testing a new homepage designs.

Facebook Publisher The most obvious change of the proposed redesign is the disappearance of the "Publisher" box where you post status updates, Web links, photos, videos and events. Still, without explicit confirmation the new features should be considered rumor. Instead, you would simply have an "Update Status" button on the far right side of the news feed. News Feed Filter Where the Publisher typically sits, Facebook has placed a filter for your News Feed called 'View Top News.' The new filter looks like it functions similarly to the 'Comments' link now sitting in the left-hand column of your Facebook homepage. There are no screen shots showing how this button works or if it contains the same functionality as the Publisher, but I would assume it would do the same job.

Next to the top news filters is a title that looks like it alternates between headlines like 'Evening News' and 'Recent Stories' depending on the time of day you're viewing it. Although the new filter is just a minor tweak, this may be the first visible sign of FriendFeed-like features on Facebook. The central placement of the top news filter may make it a more popular feature by helping users keep tabs on any Facebook activity they may have missed. As Mashable points out, the new filter is similar to FriendFeed's Best of Day feature. This brings the 'Events' feature closer to the top of the page making it easier to see upcoming birthdays, parties and other events within your network. Right-Hand Column Another interesting tweak is the removal of the 'Highlights' section in the right hand column.

This is a welcome change since it moves more useful information to a place where you might actually see it. Facebook's Dark Past with Redesigns Until Facebook makes an announcement about new features, it's hard to know what new redesigns users will see. It's interesting to note that this tweak would make the Facebook home page closer to the failed redesign that Facebook users revolted against back in March. It should also be noted that the rumored tweaks look similar to features found in Facebook Lite, which makes me wonder if this just isn't a revision of that format. When Facebook caved to its user base earlier this year over a significant homepage redesign, I thought the social network made a huge mistake.

Of course, even if Facebook rolls out some new homepage features, there's no guarantee they'll stick around. I, for one, actually like the failed redesign, and the hodgepodge revision we ended up with had some serious flaws, like the poor placement of the 'Events' section. If users revolt once more, which I'm sure they will, Facebook should grow a pair and stick to its redesign plans.

Intel announces storage- and communications-specific processor

2009-11-08T15:00:00.001-08:00

Intel Corp. today announced it will be shipping an enhanced version of its dual-processing Nehalem Xeon chip that is aimed specifically at the data storage and communications market with the ability to natively create RAID and is integrated with PCI Express (PCIe). The processors, due out in December, are aimed at applications such as ultra-dense blades, IPTV, VoIP, network-attached storage (NAS) and storage area networks (SAN). debuted its new Nehalem-based Xeon microprocessor code-named Jasper Forest in April. Intel said the enhanced processor lowers system power consumption by 27 watts when compared to the Intel Xeon 5500 series and it integrates two Jasper Forest processors with 16 PCIe Generation 2.0 lanes each and is paired with the Intel 3420 chipset platform controller hub. The new Jasper Forest processors are capable of configuring storage as a RAID 5 or 6, protecting against single or dual disk failure, respectively. "Nehalem cores are quite powerful, but customers still want to be able to offload storage functions to a core, especially when you get down into two-core and single core versions of processors, really simplifies the architecture," said Seth Bobroff, general manager of Intel s Server Platforms Group.

This integration of the I/O hub via PCIe enables significant power and space savings, resulting in one of the highest performance-per-watt Intel Xeon chips ever. Jasper Forest provides a scalable option to system designers with a single-core, 23-watt processor to a quad-core, 85-watt processor using the same socket. The processors, which come in single or quad-core models, will offer a bridging functionality that allows multiple systems to connect over a PCIe link, removing the need for an external PCIe switch. The chips will also protect against data in case of a power failure with a function called Integrated Asynchronous Dynamic Random Access Memory Self-Refresh memory. Bobroff said that in terms of work load consolidation, the new Jasper Forest chip can natively handle storage management processing functions such as data deduplication, data snap shots, storage virtualization and any basic storage management requirements. "All the control and management aspects of storage management systems and with RAID being integrated into a CPU can simplify hardware and software design," he said. "There s no hardware acceleration for algorithms like we have here." The processor is also suited to support the Storage Bridge Bay specification , which is currently being developed as a way to plug control boards directly into storage arrays, allowing for a denser architecture. The feature automatically detects a power failure as it s happening and enables allows memory controller sequences to finish and forces the system memory to a self refresh before shutting down.

Today, storage controllers require a separate blade slot. The processors will be offered with 7-year lifecycle support.

Sun to cut 3,000 jobs as Oracle awaits approval for deal

2009-11-03T05:03:00.001-08:00

Sun Microsystems will lay off up to 3,000 workers over the next 12 months as Oracle awaits approval from European regulators for its acquisition of the company. In a filing with U.S. regulators Tuesday, Sun said it was making the cuts "in light of the delay in closing the acquisition." It said the move will "better align the company's resources with its strategic business objectives." Sun will take a charge of $75 million to $125 million for the job cuts, mostly for cash severance payments, it said. Sun is losing US$100 million a month while it awaits approval for the deal, Oracle CEO Larry Ellison said last month, so news of the layoffs came as no great surprise. It expects to incur most of the charges in the second and third quarters of its fiscal year, which means the current calendar quarter and the first three months next year.

Tony Sacconaghi, a technology analyst with Sanford C. Bernstein & Co., has said Oracle may cut up to 10,000 jobs once the deal is complete. Job cuts were a likely consequence of the deal in any case. Sun already announced plans last November to axe between 5,000 and 6,000 jobs to improve its financial position. The U.S. Department of Justice approved Oracle's $7.4 billion acquisition of Sun in August, but the European Commission has launched an investigation that could last until January. The cuts announced Tuesday, which amount to about 10 percent of Sun's workforce, are in addition to the earlier reductions, a Sun spokeswoman said.

The regulators say they are concerned about the effect that Oracle's ownership of Sun's MySQL database will have on the open-source software market.

Study: 54% of companies ban Facebook, Twitter at work

2009-10-28T22:00:00.001-07:00

Planning on firing off a short missive on Twitter or posting an update to your friends on Facebook from the office? According to a study commissioned by Robert Half Technology, an IT staffing company, 54% of U.S. companies say they've banned workers from using social networking sites like Twitter, Facebook, LinkedIn and MySpace, while on the job. Better check the rules of your workplace first. The study, released today, also found that 19% of companies allow social networking use only for business purposes, while 16% allow limited personal use.

Nucleus Research, an IT research company, reported in July that companies that allow employee productivity drops 1.5% in companies that allow full access Facebook in the workplace. Only 10% of the 1,400 CIOs interviewed said that their companies allow employees full access to social networks during work hours. "Using social networking sites may divert employees' attention away from more pressing priorities, so it's understandable that some companies limit access," said Dave Willmer, executive director of Robert Half Technology, in a statement. "For some professions, however, these sites can be leveraged as effective business tools, which may be why about one in five companies allows their use for work-related purposes." A study released last summer concluded that social networking use can hurt the bottom line. That survey of 237 corporate employees also showed that 77% of workers who have a Facebook account use it during work hours. It did not say how many workers fit into that category, but did note that one in 33 workers surveyed use Facebook only while at work. Nucleus said the survey found that "some" employees use the social networking site as much as two hours a day at work.

And of those using Facebook at work, 87% said they had no clear business reason for accessing the network. And in August, the U.S. Marine Corps reaffirmed its ban on the use of social networks by its soldiers.

Storage software market sees signs of life, but no major recovery

2009-10-22T17:07:00.000-07:00

The storage software market showed signs of rebounding in the second quarter, but is still falling short of the pace set last year. Within the storage software market, revenue for replication products grew 5% compared with the first quarter of this year, and data protection and recovery revenue was 3% higher than in the first quarter. Worldwide, storage software vendors raked in $2.8 billion in revenue in the quarter, down nearly 10% vs. the second quarter of 2008, according to an IDC report issued last week.\ However, some positive signs emerged. Revenue for device management and archiving software has also grown slightly since the beginning of 2009. "The storage software market is slowly starting to recover with positive growth over the first quarter of 2009," IDC analyst Michael Margossian said in a press release.

Globally, revenue for external disk storage systems was $4.1 billion in the second quarter, an 18% decline year-over-year. However, IDC cautioned that growth between the first and second quarters is typical, so the year-over-year comparisons are more significant. 9 data storage companies to watch While last week's report covers storage software, IDC this month also reported that storage hardware sales continue to struggle. The network disk storage market declined 15% year-over-year. EMC led the storage software market with 22.4% of revenue in the second quarter, ahead of Symantec (18.5%), IBM (11.5%) and NetApp (8.5%). EMC also leads the external disk storage systems market with 21.5% of worldwide revenue. This was the third straight year enterprise storage systems revenue declined in the second quarter.

D.C. appoints CTO to take over scandal tainted agency

2009-10-17T08:00:00.001-07:00

The District of Columbia this week hired a specialized search engine developer and entrepreneur as its new chief technology officer, overseeing what is arguably one of the most visible, progressive - and troubled - municipal technology operations in the U.S. New CTO Bryan Sivak is the founder of InQuira Inc. a privately held San Bruno, Calif.-based knowledge management firm, and has long worked on developing search engine technology designed for customer service environments. The new CTO joins a technology operation has faced some difficulties this year. Sivak succeeds Vivek Kundra, who left earlier this year after his appointment by President Barack Obama to become the nation's first CIO. That position had been filled on an interim basis since Kundra's departure.

A week after Kundra was appointed to the White House post, federal law enforcement officials filed bribery charges against Yusuf Acar, the department's acting chief security officer, in connection with what prosecutors alleged were a number of schemes developed to defraud the District of thousands of dollars. Payments were allegedly made to those "workers." After the arrests, Kundra took a leave from his new federal post. The scheme involved adding non-existent employees, or "ghost workers"," to the city payroll. Once the Obama administration determined that Kundra was not connected to the bribery scheme, he returned to the post. He is also a strong proponent of cloud computing.

Kundra gained notoriety and the attention of the Obama administration for his efforts to increase accessibility to government data. Mitchell Kramer, an analyst at the Patricia Seybold Group in Boston, said InQuira began operating as a developer of natural language search technology. This technology differs from more general Google-type search products by indexing only relevant information that can best answer specific customer queries. Later it combined that technology with a knowledge management and search application to create customer service tools that help customers seek product information and help on a company's Web site. Kramer said the market served by InQuira is growing, and is focused on high-end customers.

Kramer said it's unclear why someone with Sivak's background was selected for the District CTO's job. "For the last seven years he has worked for small software vendor that has a very narrow and not widely adopted application," he said. Salesforce.com is emerging as a competitor in that business. Kramer said Sivak could help the District use IT to provide better services to residents. Sivak was not immediately available for comment. But he wondered how Sivak will handle more general IT issues, such as changes to the government's general ledger systems, at least in the short term. "I'm sure he is capable of learning that stuff, but it's not clear that he has had the experience in acquiring, building and supporting those applications," Kramer said.

In a prepared statement announcing the appointment, Washington D.C. Mayor Adrian Fenty said that Sivak "brings a wealth of software and Internet technology experience to District government, and we look forward to putting his talents to good use for our residents." Prior to founding InQuira, Sivak co-founded Electric Knowledge LLC in 2000 along with Edwin Cooper. Sivak had earlier worked as a software engineer at IBM. In 2002 the company merged with answerFriend and the combined company became the basis of InQuira.

Cisco extends security controls to 'dark Web'

2009-10-11T22:05:00.001-07:00

Cisco is tackling the so-called "dark Web" of online content that's not easily indexed or categorized by adding new usage controls to its IronPort S-Series Web Security Appliances. The IronPort Web Usage Controls software has an engine that reads a Web page on the fly and analyzes the content to decide if it's objectionable or off limits according to corporate policy, says Vivek Bhandari, a product marketing manager at Cisco. The new technology is packaged as a software blade that works with Cisco's URL filtering database to make decisions about user Web surfing to enforce acceptable-use policies.

Simply categorizing Web sites into lists - such as sports, shopping, hate sites or porn - is no longer sufficient because the Internet is now filled with highly transient and often dangerous sites that comprise the dark Web. "These sites are coming up and down so fast," Bhandari says, noting that the proliferation of blogs and social networking sites, with Web 2.0 technology underpinnings, are also contributing to an explosion in Web content. Cisco's S-Series appliances can perform malware detection and blocking. The dark Web may constitute 80% of objectionable content, outside the 20% of Web sites that can still be put neatly into list form, Cisco says. The new Web Usage Controls software adds the ability to monitor, block or warn users about Web traffic based on a method that combines URL filtering lists with contextual heuristics for analyzing content and checking hidden tags. With the configuration Cisco is advising customers to use, about 90% of objectionable dark Web content violating policy will be detected via IronPort Web Usage Controls without causing the false positive rate to spike, Bhandari says. Cisco's URL filtering database includes 65 URL categories and is updated every 5 minutes through Cisco's security intelligence operations.

IronPort S-Series appliances with Web Usage Controls, available now, start at $8,500.

Salesforce.com, Cisco partner on SMB call-center tech

2009-10-06T12:00:00.001-07:00

Salesforce.com and Cisco Systems on Monday announced an offering for small and medium-size companies that integrates Salesforce.com's on-demand, customer-service software with Cisco's unified communications technology. The offering, which ties Salesforce.com's Service Cloud 2 to Cisco's VoIP-based Unified Contact Center, will be generally available in the first quarter of 2010 and sold by both companies, according to a statement. The Customer Interaction Cloud is aimed at businesses with between 30 and 300 sales representatives or call-center agents.

Pricing wasn't immediately available. Alex Dayon, Salesforce.com's senior vice president of CRM applications, said SMB customers have been petitioning the company for some time to help them integrate their CRM system with telecommunications functionality, which is "an expensive proposition" for smaller companies, he said. Salesforce used a lunchtime event in New York on Monday to unveil the Cisco partnership and highlight the 2.0 version of its Service Cloud, a set of technologies that allow companies to tap a variety of sources beyond the traditional call center - such as social networks and online customer communities - to meet customer-service needs. A representative from one Salesforce.com customer, American Century Investments, that is already using the Customer Interaction Cloud said its sales staff especially likes the "click-to-dial" feature of the integration of the Cisco and Salesforce.com technologies. "It's one less app on the desktop," Cory Cochran, director of technology strategy for American Century Investments, said of the new offering, which streamlines the user experience for busy salespeople who already use a lot of applications. Knowledge Base combines features from Salesforce.com's Force.com development platform and technology from its 2008 acquisition of InStranet to provide a database of information and tips for salespeople commonly found in knowledge bases through multiple channels.

Salesforce.com also on Monday revealed that the Knowledge Base aspect of Service Cloud 2 will be available in early November. The partnership is just the latest move by Salesforce.com to expand its technological footprint through partnerships, rather than internal development. Also Monday, Salesforce.com announced an upcoming "five-minute upgrade" option for the Service Cloud. Last week, it joined with Unit 4 Agresso to form FinancialForce.com, a new SaaS (software as a service) financials software company. Customers will receive read-only access to the application during scheduled maintenance windows, save for a five-minute "cut-over time," according to a statement. The option will "set a new standard" for on-demand software, Salesforce.com claimed.

This is made possible by Salesforce.com's mirrored data centers, the company said. The company is about to begin a pilot of the service with select customers, it said at Monday's event.

BI gives fashion jeansmaker a leg up

2009-09-29T13:06:00.001-07:00

CHICAGO - True Religion Apparel Inc. sells 4,000 different styles of jeans at prices starting at $200 and running up to $350. For some of Computerworld 's non-fashion-victim readers, the question may be, "Why would anyone spend that much money on denim pants?" For John Dohm, vice president of IT for the Los Angeles clothier, the question is: "What makes a customer buy this pair instead of that one?" For the first couple of years, True Religion answered that question through the founders' instinct and taste. But with more than 62 True Religion stores supplying copious point-of-sale data, True Religion has embraced business intelligence software to help it reach its goal of $1 billion in annual sales. That was enough to bring the company from zero sales in 2002 to its current run rate of $300 million in revenue per year.

Dohm shared his experience deploying BI tools at True Religion during a speech Tuesday at Computerworld 's Business Intelligence Perspectives conference. For another, IT tends to over-invest in BI projects, resulting in a "weak value proposition." That's more problematic for BI than similar-sized ERP projects. A former Deloitte & Touche director, Dohm said, "BI is a good idea, but almost never done right." For one, companies rarely do a strong study of their business processes before embarking on their BI deployment, he said. While ERP usually has a strong ally in the chief financial office, BI projects usually don't enjoy any "organizational air cover," he said. Before Dohm's arrival, the company used a small order management system.

Dohm sayid he was lucky, because he was hired by True Religion not only to roll out a modern BI system, but also to understand the business processes beforehand to make sure it was done right. Since he's taken over, the company has replaced it with Oracle Corp.'s E-Business Suite version 12, along with a tool called Aris created by Software AG. Preferring to run the "lowest footprint data center humanly possible," Dohm has just three employees in his IT team. "The goal is to have no more than eight in IT as we grow to $1 billion in revenue," he said. The key to that, he said, is to outsource wisely and to be disciplined enough to say no to his bosses when they demand some ad hoc report right away. "The service mentality that most of us in IT have is dangerous," he said. "Infinite flexibility doesn't usually come with an infinite checkbook." Dohm also doesn't believe in fighting users who go around IT's approved reporting and dashboarding tools in favor of the tried and true. "If everyone is doing things in Excel, then Excel is your BI strategy," he said. "Let them use Excel to the point where it runs out of gas, because then they will switch to your higher-end product." With Oracle E-Business Suite deployed, Dohm said he's finally been able to answer mysteries such as why "every Easter, our Dallas store sells out of white denim."

U.S. Bank picks IBM's Lotus platform over Microsoft's SharePoint

2009-09-24T04:00:00.001-07:00

Minneapolis-based U.S. Bank has chosen to standardize on IBM Corp.'s Lotus collaboration software, IBM said Tuesday, displacing Microsoft Corp.'s rival SharePoint-based platform. Quickr and Connections provide a file-sharing repository allowing employees to create profiles, wikis and blogs. U.S. Bank plans to roll out the Lotus Quickr and Lotus Connections social Web platform for corporations.

U.S. Bank is also standardizing on the latest Lotus Notes 8.5 client for all 58,000 employees, as well as the Lotus Sametime messaging app, Bob Picciano, general manager of IBM Lotus Software, told Computerworld . "The focus is for them to get everything migrated by 2010," he said. While Quickr and Connections will be new deployments, Notes and Sametime are technically upgrades. U.S. Bank is also looking into IBM's LotusLive cloud collaboration software, said Picciano, and is even considering switching off Microsoft Office to IBM's Lotus Symphony productivity suite. "Discussion for that continues to be under way," he said. U.S. Bank was already using versions 6.5 of IBM Lotus Notes and Domino for most of its employees. According to Picciano, IBM and Microsoft both bid to provide collaboration and messaging for U.S. Bank, which is ranked the sixth-largest American bank with $266 billion in assets.

But U.S. Bank was also running 5,000 SharePoint sites - some department level, some much larger, according to Picciano - throughout the bank, which was created out of a number of mergers about 10 years ago. Despite IBM's apparent incumbent's edge, Picciano said the battle between the two vendors was "largely competitive." "I wouldn't be arrogant enough to call U.S. Bank an IBM shop," he said. Microsoft did not dispute IBM's characterization of its deal with U.S. Bank, but it maintains that it is an exception that proves the rule. "Last year, more than 4.7 million people began the switch to Exchange and SharePoint from Notes," Julia White, director of Exchange product management, said in an e-mail. "We count our switchers in millions, while Notes counts their switchers in tens of thousands." "We expect this trend to accelerate with Exchange 2010 and SharePoint 2010," White said. IBM's win, he said, was the result of superior technology, not heavy discounting. "This wasn't a 'our bundle will beat up your bundle' situation," he said. "Our software was a better choice and fit." Picciano declined to disclose financial terms. "It's a very big deal," he said. Citing large customers such as HSBC, Colgate-Palmolive, Teach for America and others that are deploying the latest Web 2.0 components of the Lotus platform, Picciano says IBM is making a successful counterattack. "We are displacing Exchange, displacing Outlook," Picciano said. "Despite what the people up in Redmond might say, we are taking share."

French National Assembly votes for new 'three strikes' bill

2009-09-18T18:06:00.001-07:00

The French government is still pursuing its plan to cut off Internet users accused of copyright infringement - although a new version of the so-called "three strikes" bill approved by the National Assembly on Tuesday now requires that a court make the decision to suspend a surfer's Internet access. An earlier version of the law handed the power to disconnect surfers to a newly created High Authority for the Distribution of Works and the Protection of Rights on the Internet (Hadopi - another nickname for the law). It was approved by the French Parliament in April but the Constitutional Council struck that measure down as unconstitutional before it was signed into law. The bill takes its "three strikes" nickname from the three accusations of copyright infringement that must be levelled at surfers before their Internet access is suspended. The government immediately vowed to return to parliament with a new bill, Hadopi 2, that would satisfy the Constitutional Council.

That means that the government must now form a committee of deputies and senators to come up with a compromise bill and submit it to both houses for a vote. The Senate approved that text in July, and on Tuesday deputies in the National Assembly adopted it by 285 votes to 225. However, the deputies made a number of amendments to the Senate's text, and in France a bill cannot become law until both houses of Parliament agree to the same text. The compromise process usually goes without a hitch, but in a surprise vote in April the National Assembly rejected the compromise text for the first version of the law, Hadopi, by 21 votes to 15. While the new bill requires that suspension of Internet access be ordered by a judge, rather than decided by an administrative agency in an automated process, it toughens sanctions in other areas. That could be the case if their computer was attacked by malware and fell under someone else's control, or if their wireless Internet access was inadequately secured. Internet subscribers will now be held liable if someone uses their Internet connection to illegally download copyright works - even if they do not explicitly authorize it, but allow it to happen through negligence. The bill also adds a €5,000 (US$7,300) fine for Internet service providers that fail to suspend the Internet access of a customer when ordered by a judge, and a €3,750 fine for surfers who take out a second Internet subscription to get around a suspension ordered by a judge.

But the premise that songwriters and musicians will benefit from the stronger penalties for copyright infringement proposed by the bill is disputed by many - including the artists themselves. The latest bill's progress has been closely followed by other governments under pressure from record labels and film studios to crack down on Internet piracy. Last week a group of predominantly British musicians, the Featured Artists Coalition, criticized U.K. government plans for a similar three-strikes law, saying that "Processes of monitoring, notification and sanction are not conducive to achieving a vibrant, functional, fair and competitive market for music." The group's members, including Billy Bragg, KT Tunstall, Robbie Williams and Radiohead, said that a consultation paper issued by the U.K. government indicates "a mindset so far removed from that of the general public and music consumer that it seems an extraordinarily negative document."

China's Alibaba expects India joint venture this year

2009-09-12T21:00:00.001-07:00

Top Chinese e-commerce site Alibaba.com aims to announce an Indian joint venture this year as the company expands its global footprint, it said Friday. A deal in India, where Alibaba.com recently surpassed 1 million registered members, would be the latest in the site's efforts to grow abroad. "I've got a lot of confidence in India," said Jack Ma, CEO of Alibaba Group, the parent company of Alibaba.com. Alibaba.com is in talks with an Indian reseller about forming a joint venture, CEO David Wei told reporters at a briefing.

Alibaba.com is a platform for small and medium businesses to trade everything from lumber and clothes to iPods and PC components. Alibaba.com already works with Indian publishing company Infomedia 18, its likely joint venture partner, to promote its platform in the country. Its main member base is in China, but the site also has 9.5 million registered users in other countries and facilitates many cross-border trades. The site also has a joint venture in Japan and recently launched a major U.S. advertising campaign to attract more users there. Ma said Alibaba knows it needs to "do something" in Latin America as well. Ma and other top Alibaba executives visited the U.S. early this year for meetings with potential partners including Amazon.com, eBay and Google.

When asked if the company would also seek to expand in Eastern Europe, Ma said, "I will be there." Alibaba will not hold a majority stake in joint ventures it forms, instead taking a share similar to the 35 percent it has in its Japan operation. "Our global strategy means partner with local people," Ma said. "We want partners and we want partners to control their business." Users place total orders of more than US$200 million each day on the Alibaba.com international platform, Wei said. About 50 percent of those orders go to Chinese exporters, he said.

Microsoft Exchange 2010 hits final beta

2009-08-19T03:00:00.001-07:00

Microsoft Tuesday issued the final beta on Exchange Server 2010 along with the final beta of its security companion, Forefront for Exchange Sever 2010.

Slideshow: Sneek peaks at Exchange 2010 interface

The newest Exchange Server, which is 64-bit only, is expected to ship before year-end.

The 2010 version of Exchange is being touted as a hybrid - equally at home as the foundation for a hosted e-mail service or a corporate messaging infrastructure.

Microsoft already hosts more than 5 million users on Exchange 2010 as part of its Live@Edu program.

Michael Atalla, group product manager for Exchange, announced the release on the Exchange Team blog and called out a number of new features: support on the 64-bit versions of Windows Server 2008 and 2008 R2; support for in-place upgrades from the Exchange 2010 RC to the 2010 RTM; and co-existence with Exchange 2007 and 2003 servers.

The co-existence with Exchange 2007 will require Service Pack 2, which Atalla said would ship later this moth.

Microsoft has said previously that it has specially architected Exchange 2010 for high-availability and cross-domain integration using techniques such as pairing the server with Windows Server 2008 clustering technology and directory federation features.The company said that the ability to use Exchange as a hosting platform is now built into the product.

The Exchange beta includes a number of user and administrative features, including new archiving capabilities, but perhaps the most distinguishing characteristic is its online and on-premises split personality.

The company hopes that personality will make it easier for corporate users to straddle environments with some users on internal systems and others using hosted mailboxes from a service.

Features, such as Powershell support, will give administrators one set of tools for managing internal users, users on hosted platforms, and the infrastructure needed to bridge the gap between the two.

But creating the infrastructure and architecture involves more than just Exchange. Microsoft is relying on new clustering technology in Windows Server 2008, such as multi-subnet stretched clusters, and federated Active Directory technology to help bolster high-availability and integrated management.

Microsoft is also trying to beef up discovery and compliance features in Exchange with built-in e-mail archiving. But early beta testers have said the feature doesn't appear like it will be complete in Exchange 2010 and will likely take one Service Pack to hit full stride.

Network World Lab Alliance member Joel Snyder said in his Exchange 2010 review that corporate users should carefully assess the implications of the new server.

"The combination of clustering, replication and low-cost disk support means that reliability and scalability can be based on replicating small, inexpensive servers both within a data center and between data centers. E-mail managers thinking of deploying Exchange 2010 should step back and evaluate closely these new grid-style architectural approaches - and be sure that your Exchange team has adequate time to re-think and re-evaluate commonly held beliefs on how to build large Exchange networks."

Exchange 2010 is the first in a wave of new Office products set to ship this year and next. Office 2010, SharePoint Server 2010, Visio 2010 and Project 2010 are slated to ship in the first half of 2010.

Follow John on Twitter: twitter.com/johnfontana

New initiative is looking for a few good cybersecurity pros

2009-07-28T03:00:00.001-07:00

Amid concerns that the U.S. has a shortage of cybersecurity professionals, a new consortium of U.S. government and private organizations aims to identify students with strong computer skills and train them as cybersecurity guardians, warriors and "top guns."

The consortium - including the U.S. Department of Defense Cyber Crime Center, the Center for Strategic and International Studies (CSIS), the Air Force Association and the SANS Institute - on Monday announced a new initiative to identify, train and find jobs for students interested in cybersecurity.

The U.S. Cyber Challenge initiative will bring together three existing cybersecurity competitions for high school or college students and launch new in-person competitions, said Alan Paller, research director at the SANS Institute, a cybersecurity training organization. In addition, the organizers of the U.S. Cyber Challenge plan to offer scholarships to promising students and hook them up with internships and jobs, Paller said.

The initiative is a response to a growing concern that the U.S. will not have enough cybersecurity professionals in coming years, participants in a kick-off event said. Some experts have said the U.S. has about 1,000 world-class cybersecurity experts when it needs 20 to 30 times that many, Paller said.

The U.S. Department of Defense trains just 80 cybersecurity professionals a year, noted James Lewis, director of the CSIS Technology and Public Policy Program.

The pipeline for cybersecurity professionals in the U.S. is "a trickle," said Richard Schaeffer Jr., director of information assurance at the U.S. National Security Agency. "It is a really, really, really, really tiny number."

Nations including China are actively recruiting and developing cybersecurity professionals, Paller added. Without training and development programs, the U.S. faces getting further and further behind, he said.

One of the goals of the initiative will be to promote cybersecurity careers as "cool," organizers said. Two of the existing competitions that will be part of the program, the Air Force Association's CyberPatriot Defense Competition and the SANS Institute's NetWars Capture the Flag Competition, use a video game format to draw students' interest.

"You can't find a kid today who doesn't know what 'Grand Theft Auto' is," said Sanford Schlitt, vice chairman of the board for aerospace education at the Air Force Association.

The association launched a limited version of its CyberPatriot Defense Competition in January. A second round of the competition, with registration closing in September, has attracted 270 high school teams from 44 states, plus Japan and South Korea, he said.

The NetWars competition, with high school and college students focused on attacking and defending computers, drew 80 competitors in its first round held in June, said James Shewmaker, founder of cybersecurity vendor Bluenotch and key developer of the game. The winner of the first round was able to find a vulnerability in the scoring system and give himself additional points, and organizers decided that was fair game, Shewmaker said.

While parts of the U.S. Cyber Challenge are still coming together, the organizers are getting offers of support from many groups, including Google and the U.S. Federal Bureau of Investigation, Paller said. Companies and organizations can help in many ways, including helping to organize cybersecurity camps, he said.

The new initiative is the "best news story in cybersecurity," Paller said. "The Cyber Challenge is a step in the right direction."

EMC fine tunes its management software portfolio

2009-07-09T08:00:00.001-07:00

EMC Wednesday introduced the fruit of many acquisitions, organic development and integration work with its Ionix IT management software and services portfolio, which the vendor says will help customers more easily control next-generation networks.

EMC Ionix consists of four IT management product sets: Service Discovery and Mapping; Service Management; Data Center Automation and Compliance; and IT operations Intelligence. The software and services in each category support automated discovery, model-based management, ITIL processes, integrated workflows, automation and root-cause analysis, according to EMC.

"Ionix is the result of a five-year strategy bringing together a range of products, with the Configuresoft product anchoring the suite with its data center automation technology," says Bob Quillin, senior director of marketing for EMC Ionix. "The integrations enable customers to manage across domains and monitor virtualization across all areas of IT, not treating it as a silo."

EMC Ionix incorporates technology recently acquired with Configuresoft and EMC products partly built on software from the vendor's Smarts, nLayers, Voyence and Infra acquisitions. Ionix also puts EMC's ControlCenter to work to manage performance and availability across network, storage, servers and applications as well as tracking end-to-end services. Part of the motivation to update its management suite now was the current need to manage virtual infrastructure alongside physical machines and the growing appeal of cloud computing, EMC says.

"Ionix is not just managing silos, but centralizing around management and using virtualization to drive management to the next level," Quillin says.

EMC's approach to incorporate virtualization technology into its management software could address a current pain point in enterprise IT management. Research firms such as IDC expect virtualization adoption to slow if enterprise IT customers aren't able to automate virtualization management and simplify the ongoing operations. Industry watchers say traditional management software products might not be built to adequately address more dynamic environments.

"HP and BMC are two leaders in the space for sure – but they built monolithic software to support monolithic physical infrastructures – and were built well before anyone even heard of virtualization, let alone the cloud," said Steve Duplessie, founder and senior analyst at Enterprise Strategy Group, in a statement. "At every major disruption point, huge new market opportunities are created and the eventual winners tend to be the ones that are purpose-built for the new world order – not those who bolt-on functions to last year's model."

While Ionix would likely increase competition among EMC and management market leaders BMC, CA, HP and IBM, the vendor will still have to overcome challenges to be chosen as a primary management vendor. In an analysis of the management software market, Forrester Research commended EMC's progress and pointed out that more work needed to be done.

"EMC's recent acquisitions, such as nLayers and Voyence, have placed it as a leading configuration vendor, but broader management coverage is questionable. It has some great weapons in its arsenal with Smarts and now Infra, but it must accelerate its M&A expansion and internal development to capitalize on its assets and enter the elite class of anchors," reads the report "Managing the IT Management Software Portfolio," which was published prior to EMC's Configuresoft acquisition.

Updates, integrations and common platform support will be included in EMC Ionix products immediately.

Do you Tweet? Follow Denise Dubie on Twitter.

India bans import of mobile phones without identity codes

2009-06-18T20:05:00.001-07:00

The Indian government has banned the import of mobile phones without an IMEI (International Mobile Equipment Identity) number, and has ordered operators to block calls from phones without an IMEI from next month..

The IMEI is a unique code that identifies a mobile device on a GSM (Global System for Mobile Communications) network, and is usually programmed into the phone by the manufacturer.

A notification earlier this week from the Indian government's Directorate General of Foreign Trade has prohibited the import of mobile handsets that do not have an IMEI, or have an IMEI consisting entirely of zeros.

A large number of mobile phones that are sold in India are either spurious or unbranded, often sold at low prices without bills or warranty. Terrorists have been found to use phones without IMEI, as they prevent identification, according to security agencies.

The spurious phones also represent a significant loss of revenue to mobile phone vendors who are targeting the country's booming mobile phone market.

The Indian government told the country's parliament in December that the Department of Telecommunications had directed cellular mobile service providers to make provisions for the authentication of mobile handsets with an IMEI number for GSM networks and Electronic Serial Number (ESN) for CDMA (code -division multiple access) networks.

In a letter to service providers in April, the Ministry of Communications & IT recognized that some of the users of phones without IMEI or zeros in place of the IMEI, were "genuine innocent subscribers". The ministry approved in that letter a proposal by the service providers for a Genuine IMEI Implant (GII) program that programs genuine IMEI on mobile handsets.

The GII program is being offered by the Cellular Operators Association of India (COAI) in association with Mobile Standard Alliance of India.

The last date for the software implants will be the end of this month. On that date the EIR (Equipment Identity Register) used by the operators will have to reject all calls made from a phone without an IMEI or with all zeros in place of a genuine IMEI, according to the letter from the ministry, a copy of which has been posted on the COAI web site.

Cisco CEO humbled by placement on Dow

2009-06-05T13:42:00.001-07:00

BOSTON - Cisco Systems Inc. is proud to be joining the Dow Jones Industrial Average on Monday, but Cisco CEO John Chambers said that did not come without mixed feelings given the company was replacing General Motors.

"It's a tremendous honor ... [but] very humbling," he told a group of international reporters today at the Cisco Partner Summit here.

Chambers said he was "obviously very proud," but said he has "mixed emotions" about replacing GM on the list after the company filed bankruptcy this week. "GM is a great company, always a great customer, and a very very good partner," Chambers said, adding that everybody at Cisco knows somebody at GM. "It's an icon."

Still, Cisco's addition to the Dow, a market barometer, shows the importance of networking technology, Chambers said. "The network will play a huge rule as more than a pipe ... and be involved in areas of major economic growth. Hopefully we'll do a good job to make them proud."

HP-Microsoft: Rivalry is born

Chambers rarely comes across as a humble salesman of sophisticated networking gear, and actually did use much of his 40 minutes with news media to talk about the competition, including Hewlett Packard Co.

In May, HP announced a four-year partnership with Microsoft Corp. to provide unified communications products. Cisco executives at the Partner Summit said they would have preferred Microsoft picked Cisco.

"HP is a $110 billion competitor," Chambers said. "The last time we had competition like that was with Nortel, Alcatel and Lucent." In addition to unified communications, Cisco competes with HP in routing and switching.

Chambers said that Rob Lloyd, executive vice president of worldwide sales for Cisco, "will lead the charge against HP."

Lloyd told reporters today: "Microsoft has been saying for years that networking didn't matter, and suddenly they have a networking partner. They just picked the wrong partner."

Lloyd said that during the gathering of channel partners who resell Cisco products, he had heard many saying they are "indicating loyalty to Cisco" despite the HP-Microsoft partnership.

Video a 'game-changer'

Chambers and Lloyd emphasized the importance of video technology to Cisco, adding to comments made yesterday by the company's CTO, and earlier by other Cisco executives.

Video will make up 90% of all network traffic in two years, Chambers predicted, and will be a confirmation of Cisco's purchase Pure Digital Technology, Inc., the maker of the handheld Flip digital videocamera.

Chambers said the investment in Flip is not just about that device, but about the entire video architecture that involves taking easy-to-produce video and putting it on the Web or company-run video blogs, and also using it in addition to high-end telepresence systems and other collaboration tools.

He said that much of Cisco's advertising and branding effort in recent years, including product placements of Cisco telepresence gear in the TV series 24, revolves around the value of video technology to consumers, companies and the company.

"We see a tremendous desire to deploy consumer-type technologies but in an enterprise form-factor," Lloyd added.

Proctor and Gamble is deploying Flip cameras to its executives to use in video blogging, even as that company has invested heavily in telepresence, Chambers said. "Video is the way leaders communicate," he said.

To show his interest in video and the use of the Flip, Chambers pulled a Flip camera from his pocket and quickly panned the room of reporters. He said he used the video camera to communicate with his children.

"Cisco is a long way ahead in this technology," Chambers said.