Newsfeed Sponsors:

These RSS Newsfeeds reflect the newest and most current information related
to the many facets of intergovermental technology. Content will be added to
and updated daily.

Now

Podcast: Harnessing enterprise clouds

By: Dana Gardner, Principal Analyst, Interarbor Solutions
Published: 10th September 2009
Copyright Interarbor Solutions © 2009

Our latest BriefingsDirect podcast uncovers how to quickly harness the technical benefits of current data centers for cloud computing approaches. We examine how enterprises are increasingly focused on delivery and consumption of cloud-based infrastructure and services.

The interest in cloud adoption is being fueled by economics, energy concerns, skills shortages, and complexity. Getting the best paybacks from cloud efforts early and often and by bringing them on-premises, can help prevent missing the rewards of cloud models later by being unprepared or inexperienced now.

We expect that the way the clouds are built will be refined for more and more enterprises over time. The early goal is gaining the efficiency, control and business benefits of an everything-as-a-service approach, without the downside and risks.

Yet much of what makes the cloud tick is already being used inside of many data centers today. So now we'll examine how many of the technical underpinnings of cloud are available now for organizations to leverage in their in-house data centers, whether it’s moving to highly scalable servers and storage, deeper use of virtualization technologies, improved management and automation for elastic compute provisioning, or services management and governance expertise.

Mozilla releases Flash-checking security update

Mozilla is pushing out a new release of its flagship Firefox browser that fixes critical security vulnerabilities in the software and, for the first time, checks to see if the browser's Flash Player is up-to-date.

The Firefox 3.5.3 and 3.0.14 updates were released Wednesday, a day after Microsoft pushed out its monthly set of security patches.

By actively checking for up-to-date Flash software, Mozilla hopes to give users a smoother, and more secure, Web browsing experience. Mozilla decided to focus on the Flash Player "both because of its popularity and because some studies have shown that as many as 80% of users currently have an out of date version," said Mozilla spokesman Johnathan Nightingale in a recent blog post on the issue. "Mozilla will work with other plugin vendors to provide similar checks for their products in the future," he added.

Computer criminals have increasingly turned to bugs in add-on software such as Flash and QuickTime as they look for new ways to hack into PCs.

The three critical bugs that were patched on Wednesday lie in internal Firefox components. They are considered critical, because Mozilla developers think that hackers could leverage them to overwrite parts of the computer's memory and eventually run unauthorized software on the victim's PC.

Two other bugs were patched on Wednesday, but Mozilla rates them both as lower security risks.

Microsoft Warns of New Windows Bug, Advises Users to Take Precautions

Microsoft confirms the existence of a bug in Windows Server 2008, Windows Vista and release candidates of Windows 7 that could be used to hijack PCs. While users await a patch, there are a few steps they can take to protect themselves.

Hours after its latest Patch Tuesday release, Microsoft confirmed the presence of a serious zero-day bug in Windows Vista, Windows Server 2008 and release candidates of Windows 7.

The vulnerability, which lies in Windows' SMB (Server Message Block) 2, is due to the SMB implementation improperly parsing SMB negotiation requests. As of yesterday, Microsoft reported the flaw had not been the subject of attacks, but that could change as exploit code has been publicly available since Monday.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft's advisory said. "Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

While Microsoft officials said the company is working on a patch, they offered no timeline as to when it would be available. While users wait, the company recommends they disable SMB 2 via the Windows Registry Editor or block TCP ports 139 and 445 at the firewall. Both those workarounds, however, come with drawbacks. A mistake in the Registry Editor could force a user to reinstall Windows, while blocking ports 139 and 445 could stop applications from working.

The issue first came to light Monday when a researcher claimed he used it to trigger the infamous "Blue Screen of Death" on Windows Vista and Windows 7. Other researchers subsequently used the bug to crash other versions of Windows. After a day of investigation, Microsoft announced late Tuesday that the flaw was real, and reported it could not only cause a denial-of-service condition but could also be used to take over a system.

According to Microsoft, the Windows 7 RTM (release to manufacturing), Windows 2000, XP and Windows Server 2008 R2 are not affected by this vulnerability.

In addition to the latest zero-day, Microsoft has promised to fix a flaw in the file transfer protocol (FTP) service utilized by Internet Information Services (IIS). The flaw has come under attack by hackers, and Windows users are advised to leverage the information on workarounds and mitigations provided by Microsoft.

Tech Giants Join Open Identity Partnership with Government

Ten companies ranging from Yahoo to PayPal to Google are supporting plans to support pilot programs aimed at enabling users to log in to government Websites using OpenID and Information Card technologies.

The initiative is meant to fit into President Obama’s memorandum to make it easy for individuals to register and participate in government Websites without having to create new usernames and passwords. Members of the public will be able to fully control how much or how little personal information they share with the government at all times.

Besides Yahoo, PayPal and Google, other companies participating in the programs include Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems. The pilot programs themselves are being conducted by the Center for Information Technology, National Institutes of Health, U.S. Department of Health and Human Services, and related agencies.

The initiative paves the way for individuals to use services such as blogs, surveys and social networks and customize their experience on government Websites without revealing any personal identifiable information such as passwords. In the coming months, NIH officials plan to use OpenID and Information Cards to support a number of services, including customized library searches, access to training resources, registration for conferences and use of medical research wikis, all with strong privacy protections.

Each of the participating companies is being certified under nondiscriminatory open trust frameworks developed in collaboration between the OpenID Foundation and the Information Card Foundation and reviewed by the federal government.

“It’s also good to see government working with experts from the private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon—it’s a social phenomenon,” said Bob Blakley, an analyst with the Burton Group, in a statement. “Technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate. Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”

In an interview with eWEEK, VeriSign Director of Innovation Gary Krall said that the primary drivers for this initial phase of the initiative are trust and privacy.

“Trust in the form of certifying the [identity providers] in terms of how they manage user information, and privacy in the form of allowing users to remain anonymous on those sites which allow that and ensuring that their privacy is non-correlatable," Krall explained.

“Security in our case is how we protect the VeriSign Personal Identity Portal [PIP] user's account from unwanted access,” he said. “By combining VeriSign's two-factor authentication services, whether in the form of a one-time password or in the form of a certificate, we add a layer of protection to users who use our service when they access the [government] Websites that will be participating in the initial pilot of the service.”

Cisco Patches Critical TCP Vulnerability
From the blogs: Networking giant patches critical flaw that could trigger massive DoS condition.

Cisco (NASDAQ:CSCO) now has a critical patch out for its IOS operating system fixing a TCP flaw that could trigger a Denial of Service (DoS) condition.

The TCP flaw is similar in nature to one that Microsoft patched as part of its September Patch Tuesday update. TCP is the core transport protocol for most web traffic and the flaw is one that is not trivial.

"By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely," Cisco warns in its advisory. "If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted."
In other words, a flaw in TCP could have enabled a DoS attack.

Feds to Let Citizens Log In With Yahoo, Google, Paypal Accounts

U.S. citizens will soon be able to log in to government websites using their Google account, or the URL of their Yahoo profile — a significant embrace of open and emerging tech standards as promised by the Obama administration.

The U.S. government pilot program will allow people to interact with various government websites using an OpenID or an Information Card, two of the most popular emerging technologies for web users to manage their identities across multiple websites, the nation’s information technology officer will announce Wednesday.

Under the new program, which will go into effect in the coming weeks, people will be able to sign in, request information, participate in forums and build user profiles without having to set up a new user account on the government’s websites. Anyone will be able to interact with these sites using credentials provided to them by Yahoo, Google, AOL, VeriSign or PayPal, among others.

The pilot is scheduled to be announced by the U.S. government CIO Vivek Kundra at the Gov 2.0 Summit in Washington, D.C. Wednesday morning.

The win here for the user is two-fold.

First, you’ll have fewer logins and passwords to manage — your OpenID is a skeleton key that gets you in to every site. Eliminated is the scenario where you’ll have to create one user account to interact with Homeland Security, another to access housing records, and another to ask a question about healthcare. Second, OpenID and the other technologies which support it afford you a high level of control over exactly how much information about you gets shared with the site you’re logging in to. Those who only want to pass along the minimum can do so, and those who want to build a full-blown user profile can do so as well.

This initiative is a major step toward opening government services and making public data accessible on the web, according to Chris Messina, an OpenID board member and the CEO of Citizen Agency.

“The U.S. government taking real steps to adopt open technologies has the potential to enhance and simplify citizen engagement,” Messina said. Because it has blessing of the administration’s top techie, he stressed, “This isn’t just some little skunkworks project off to the side.”

It also comes at a time when public discourse over issues like health care reform, global warming and education are reaching a fever pitch and many citizens are itching to have their questions answered or their grievances heard.

The government agencies participating in this program are the Center for Information Technology (CIT), National Institutes of Health (NIH) and the Department of Health and Human Services (HHS). All of their websites will begin accepting OpenID and InfoCard credentials within the coming weeks.

That’s only a handful of government agencies, but the OpenID Foundation, the non-profit governing body that oversees the growth of the open-source technology, hopes Wednesday’s announcement will kick off a domino effect across Washington, according to board member David Recordon, who now works at Facebook.

“For us, this is a helpful way of saying, ‘Hey all of you other government agencies, if you’ve been wondering what you have to do to adopt these technologies and increase public participation, here’s a stake in the ground you can point to that will help you get up to speed more rapidly,’” Recordon said.

OpenID is a digital identity standard that lets people use a single ID, like a Google username or an AOL profile, to log in to multiple websites. Several major companies are already OpenID providers, including Yahoo, Google, AOL, MySpace, and Microsoft. Facebook is expected to become a provider soon.

InfoCard is a similar standard, championed by Microsoft and Equifax, to help users manage their digital identities.

However, the new pilot program won’t allow users to log in using credentials from just any ID provider.

People will only be able to use OpenID or InfoCard credentials provided by the ten companies in the pilot program: Google, Yahoo, PayPal, AOL, VeriSign, Acxiom, CitiGroup, Privo, Equifax and Wave Systems.

These companies have undergone a certification process — designed by the Information Card Foundation, the OpenID Foundation and the federal government — that guarantees certain privacy safeguards. For instance, the sites have to use SSL to handle logins, and they have to provide psuedonymous identifying information so the government can’t correlate user identities (and track a single user’s behavior) across multiple agency websites.

This trust framework is there to provide assurance to the public, says Recordon. “You shouldn’t have to sacrifice security and privacy to participate in open government,” he says.

Messina contrasted OpenId to Facebook Connect, the popular social network’s way of letting users login to other sites such as news sites using their Facebook ID. Comments on that site can then be shared on a user’s Facebook page.

“Facebook Connect spews user data all over the net, but when it comes to the government, that’s the last thing you want,” Messina said. “Using OpenID, if you don’t want to reveal any information about who you are, you are completely pseudonymous.”

The feds plan to start small. One plan is to let users of the National Institute of Health website — which is full of detailed medical information — to save their research by bookmarking articles, without the government having any idea who actually controls a given account.

While that may not seem like a huge step, Messina says federal agencies are good at adopting what works at other agencies.

“Once we get a few successes going, this will happen very quickly,” Messina said.

Cell Radiation: Where's Your Phone on the List?

WXYZ) - A new study by the Environmental Working Group has found that some cell phones emit more radiation than others.

In an exhaustive study, the agency examined and ranked more than 1,000 cell phone based on how much radiation they emit. They found that the Samsung Impression has the lowest emissions at 0.35 watts per kilogram. That's a measure of how much radiation is absorbed into the brain when the phone is held near the ear.

The tested phones with the highest watts per kilogram ratio were the T-Mobile MyTouch 3G, the Motorola Moto VU204 and the Kyocera Jax S1300. All came in at 1.55 Watts per kilogram.

CLICK HERE FOR THE FULL LIST TO SEE HOW YOUR PHONE RANKED

Under guidelines set by the Federal Communications Commission, which sets the standards for cellphone radiation, all wireless devices must be rated at 1.6 watts per kilogram or lower. However the Environmental Working Group says that rating was set 17 years ago is outdated because cell phones and wireless usage patterns have changed so much. They're asking the government to take a "fresh look" at radiation standards.

Cell phone radiation has become a hot topic in the past few years. A number of watch dog groups say that it is possible that cell phone radiation could cause cancer. They also say a number of recent studies showing increased risk for brain and mouth tumors for people who have used cell phones for at least 10 years.

However, other groups say there is no hard link between cell phones and cancer. The American Cancer Society, World Health Organization and the Food and Drug Administration have all said that wireless devices do not pose a public health risk.

Microsoft to Show Off Silverlight 4
Microsoft's HD-quality video streaming technology is also on tap for an international broadcasters convention.

Microsoft plans to give broadcasters a peek at the next version of its Silverlight streaming media technology this week as company executives show their wares at a major global media show.

Silverlight 4 will add native multicast support as well as offline digital rights management (DRM), Microsoft (NASDAQ: MSFT) said in a statement Tuesday. The glimpse of Silverlight 4 will come at the International Broadcasting Conference (IBC), which starts Friday in Amsterdam. The DRM support will come via Microsoft's PlayReady technology.

Also on the list of show and tell technologies at the conference will be Internet Information Services (IIS) Media Services 3.0, which is due to ship within 30 days, the statement said. Media Services 3.0 will provide interactive HD-quality Live Smooth Streaming video (up to 1080p) to Silverlight-based media players.

Microsoft launched Silverlight 3, the company's response to Adobe's Flash and AIR technologies as well as JavaFX from Sun Microsystems, in mid-July at a gala, invitation-only bash in San Francisco.

Silverlight 3 adds media enhancements such as H.264 video support as well as 3D support and GPU hardware acceleration. It will also run applications outside a browser, including on mobile devices.

Additionally, Microsoft said it will put its IIS Smooth Streaming Transport Protocol and Protected Interoperable File Format (PIFF) specifications under the Microsoft Community Promise, the company's guarantee that it will not sue developers that use technologies under that aegis.

"With technologies such as Live Smooth Streaming, we are furthering our commitment to provide cost-effective, scalable solutions to deliver the latest in high-quality, true HD and enhance the way audiences experience online video via Silverlight-based media players," Scott Guthrie, corporate vice president of the .NET Developer Platform, said in a statement.

According to the statements, Microsoft also plans to ship a beta of the Smooth Streaming player development kit with Media Services 3.0.

Gartner predicts new digital divide
High-speed broadband to create communities of haves and have nots

Growth in localised, high-speed residential broadband services is beginning to open a new chasm between urban and rural areas in terms of internet access, according to new findings from Gartner.

The analyst firm's Emerging Technology Analysis: Ultra-High-Speed Residential Broadband Internet, Global Consumer Services report predicts that a new digital divide will have emerged within three to five years between those able to access residential broadband speeds of 50Mbit/s or higher and those limited to basic access speeds.

This is despite efforts such as the UK government's Digital Britain project, which aims to provide a basic broadband service to everyone who wants it.

"Ultra broadband will exacerbate the digital divide among different world regions, as well as within countries," said Fernando Elizalde, principal research analyst at Gartner.

"Governments in countries that lag behind in the deployment of ultra broadband will come under increasing pressure to use public funds to upgrade broadband infrastructure to avoid falling behind."

Elizalde explained that the need to acquire new customers and retain existing ones will see providers using headline speeds to help differentiate their services from the competition.

From a consumer perspective the growing use of high bandwidth applications such as downloading or live streaming of movies and television, as well as the distribution of user-generated content through email, social networking sites and video-sharing sites, will be a key driver, according to the report.

The demand for high-speed broadband is not limited to the entertainment sector, however. The report noted that e-government initiatives such as telemedicine and teaching, and business cases such as hosted services and telepresence, will all involve high levels of bandwidth use.

Elizalde also highlighted several barriers that may hinder adoption. From a financial standpoint, many people may shun super-fast connections if they are too expensive and fail to offer sufficient value.

The huge infrastructure investment required to roll out this level of service to the majority of the population, meanwhile, poses a financial and logistical challenge as it will often require large amounts of rewiring right up to the building. This is particularly daunting given the steady development of alternative mobile broadband technologies, such as Long Term Evolution.

"Despite these challenges, ultra broadband will happen and application developers should use the opportunity offered by the early adopter markets of Japan and South Korea to carry out live testing of new applications and innovations before it becomes mainstream globally," concluded Elizalde.

"Operators must position faster broadband speeds as a premium service to avoid commoditisation of ultra broadband, and strike a balance between their need to charge more for faster broadband and consumer willingness to pay for the extra speed."

Microsoft could hand patents to Linux firms

Company said to be close to deal with open-source group

A series of key Microsoft patents are reportedly on the verge of being sold to an open-sourceadvocacy group.

A report in The Wall Street Journal citing sources within the Open Invention Network said that the group is in discussions to purchase a set of patents relating to Linux. The patents are currently owned by Allied Security Trust, which purchased the rights from Microsoft in an auction.

The Open Invention Network includes IBM, Cisco and HP. The group's web site states that its mission is to work for a "positive, fertile ecosystem for Linux, which in turn drives innovation and choice in the global marketplace".

The deal is believed to be primarily a legal manoeuvre. By purchasing the patents directly, the Open Invention Network can prevent Linux vendors becoming the target of suits from 'patent troll' organisations that purchase intellectual property for the sole purpose of collecting settlements from vendors.

The agreement is yet another twist in the ongoing saga between Microsoft and the open-source community. Open-source developers have long complained that Microsoft has not provided enough access to its products as agreed on in its anti-trust settlement.

Microsoft, for its part, has made renewed efforts to connect with Linux developers. Earlier this year the company joined forces with the Linux Foundation to overhaul controversial software licensing legislation.

Business groups want Congress to address E-Verify concerns

Trade associations that include TechAmerica and the U.S. Chamber of Commerce say Congress should deal with worries they have about the E-Verify employment eligibility verification system.

The language of provisions in the Senate bill to fund the Homeland Security Department for fiscal 2010 doesn’t address concerns that employers have about the E-Verify system, the associations said in a draft of a letter dated today and given to reporters.

The Senate version of the bill would require all federal contractors to enroll in E-Verify and require the system be used to re-verify current workers. The House version of the bill does not have that provision. The groups plan to send a letter to the chairmen and ranking members of the House and Senate Appropriations Committees.

The organizations said:

Mandatory verification should be limited only to newly hired employees.
Contractors should be protected against having to assume excess liability for their subcontractors.

Exceptions should be made for contracts that don’t meet a certain threshold for expense and length of performance.

States and localities shouldn’t be allowed to put in place different requirements on federal contractors that use E-Verify.

Jennifer Kerber, TechAmerica’s vice president for federal and homeland security policy, said her organization supports an online, workable employment verification system. However, Kerber said, “We have concerns with the scalability of the system. We have concerns that right now I can bring you someone else’s document and be employed whether that’s me or not.”

Cell phone users rack up accidental data charges

Verizon Wireless is looking into ways to prevent subscribers without data plans from accidentally starting up the Web browser on their phones and racking up $1.99 in fees each time.
On many phones, including ones on other carriers, it's easy to inadvertently hit a button that brings up the Web browser.

"It is obvious to us that we need to fix this aspect of our service," spokesman Tom Pica said.

He said the company is refunding data charges to subscribers who complain.

Customers of the No. 2 carrier, AT&T Inc., have the same problem. Their phones will usually warn them of extra charges the first time they try to start up the company's MediaNet browser, but if the customer agrees to the charges the first time, there is no warning on subsequent access.

Customers at Tracfone Wireless, the largest prepaid carrier, report similar problems.

The Plain Dealer in Cleveland tapped into a vein of frustration among Verizon Wireless customers in columns on the issue this month.

Most carriers will turn off all data access at the subscriber's request, but readers the newspaper talked to reported conflicting information from Verizon Wireless customer service representatives, with some being told that turning off data access would also stop picture messaging.

Assuring Quality in the Language E-Commerce Customers Speak

It's not enough to provide multilingual customer service in a contact center if it doesn't meet the same standards as the service provided in the dominant language. In order to ensure a high-quality customer experience overall, it's important to develop procedures that will improve communications and encourage rapport, regardless of the language spoken -- and to monitor actual outcomes.

Increase Opportunities for Upsell, Cross-Sell and Customer Satisfaction. Extend CRM functionality to enhance your customers' experiences -- by using business rules as a non-disruptive extension to your existing CRM system. Learn more today!

he last 10 years has brought sea changes to the customer service industry from both operations and technology standpoints. Organizations have moved away from traditional domestic live phone support toward new technologies and business models such as interactive voice response (IVR), intelligent scripting and offshoring.

E-commerce, in particular, has driven innovative sales and support models such as chat and email customer service by virtue of the global reach of the Internet as the channel of distribution. Despite radical changes in business models, too little attention has been paid to the growing field of multilingual customer support, especially in contact centers.

Case in point: The last U.S. census found that more than 28 million Americans spoke Spanish, with only about half saying they spoke English "very well." The Spanish-speaking segment of the population grew more than 60 percent from the previous census, and Spanish continues to rapidly outpace all other foreign language categories in the U.S.

What is also compelling for businesses is that Hispanic purchasing power is expanding at a disproportionate rate. According to HispanTelligence, the research division of Hispanic Business, domestic Hispanic purchasing power is in the hundreds of billions of dollars. This is but one example of the changing language and commerce mix in just the U.S. market today.

Focusing on the Customer Experience

Historically, foreign language customer support functions were only available at major utilities or other public-function types of organizations. Today, virtually all contact centers, particularly inbound sales and support contact centers, have some multilingual functionality.

Because multilingual -- particularly, Spanish-language -- calls are becoming a significant portion of all calls coming into U.S. contact centers, managers must ask themselves whether the rules are the same for quality assurance with foreign-language calls as they are for English calls. How does a contact center manager who is not multilingual know if there is quality problem?

The question of managing quality within a multilingual contact center revolves not around the technicalities of foreign-language syntax, but around the customer experience. There is every reason to think that Spanish-speaking, French-speaking or Farsi-speaking customers will share negative experiences within their social circles as frequently as English-speaking customers do, so it's vital to keep the quality high for all interactions in order to maintain a successful brand.

The first step in delivering excellence in customer service in any e-commerce environment is to ensure that essential information such as order-tracking, contact numbers and shipping dates are delivered in the customer's preferred language. Often, live support calls can be successful just by ensuring the customer understands the logistics of the transaction, thus generating more customer satisfaction results.

It often behooves e-commerce organizations to conduct a portion of their customer support functions via written communications such as email. This is because many foreign-language customers may have functional English skills and opt to attempt a customer service call in English -- yet due to language limitations between agents and customers, essential details may be lost. Written communications provide a more tangible and understandable mode of communication in many instances, further driving customer satisfaction.

Even with written communications as a vehicle, e-commerce organizations must still retain multilingual agents at their live customer service centers. Step one for an e-commerce retailer is to conduct baseline market research to determine which languages should be covered in their contact centers by examining geographic sales data.

Developing Rapport

Although most retailers are service-savvy and have multilingual agents on staff, many make a common mistake by utilizing the exact same quality evaluation scorecard for all interactions, regardless of language. In fact, there are several differences e-commerce contact center managers need to be aware of and account for when monitoring for quality.

The first notable difference relates to average call duration, a frequent measurement in contact centers. Quality evaluators must recognize that in most cases, foreign-language calls take longer than English-language calls. This is primarily due to agents using English-based scripts for their calls, and quite often words do not translate well -- especially technical words or industry jargon. As a result, agents must spend extra time providing additional explanations using a hybrid foreign language/English format. Agents frequently have to spend extra time breaking down terms and processes for customers.

The second common mistake in evaluating foreign language calls is monitoring for proper grammar, which is a general quality practice on English language calls. Because a vast majority of bilingual U.S. contact center agents have learned their second language informally and have not lived in the country of the foreign language-speaking contact/customer, it makes for imperfect communication.

For example, many Mexican-Americans who grew up and work in U.S.-based contact centers have an imperfect grasp of all Spanish dialects but can still communicate reasonably well. While it is important to strive for proper grammar and supervisors should coach agents on errors, what is more important is to work with agents on creating rapport with the customer while still adhering to the essential elements of the call.

Quality essentials mean that the agents are adhering to the call script and flow, as well as procedures and processes, and that they are actively servicing customers as they should be. In the end, these things will determine whether a customer is getting a quality experience -- in English, Spanish or any other language spoken.

Monitoring Quality

Another gaffe when managing quality in a multilingual e-commerce contact center is forgetting to actually manage the quality of multilingual calls. Too many contact centers monitor and evaluate only a small portion of their calls, typically around five per agent per month. Because foreign-language calls are only a fraction of most companies' calls, in many instances few, if any, foreign-language calls are being evaluated.

Most companies don't have a handle on whether their agents are providing the same quality of care in foreign languages as they do in English. Investing in additional resources for evaluating and monitoring all calls can help prevent this problem, and ultimately increase ROI within the contact center.

Overall, the global economy continues to grow, and enterprises continue to service a broader, more diverse and international population. There is no industry that has experienced this fact more than e-commerce, where it is now possible for virtually any retailer to service consumers around the globe merely through a low-cost Internet connection.

As a result, the need for multilingual customer support functions -- across mediums including live phone support, email, chat and IVR -- continues to expand. While it's admirable to add bilingual agents to the contact center, doing so without the proper quality measurements will only deliver poor results to a significant and growing portion of the customer base.

Google Maps Adds Back-Road Traffic Flow Data

Google has expanded the functionality of its Maps application to provide information on traffic congestion -- or the lack of it -- on surface streets. It previously was limited to interstate highways. Since the system relies in part on data culled from GPS chips in users' phones, its accuracy in less-populated areas is questionable. Then again, a lack of data may indicate light traffic.

Sharp eyes niche between netbooks, phones

TOKYO (Reuters) - Japan's Sharp Corp said it plans to launch a paperback-sized mini mobile PC that features a quick start-up time, touch-screen display and full keyboard, targeting niche demand between smartphones and netbooks.

Smartphones, such as Apple's iPhone, pack many computer functions in regular cellphones, and netbooks are smaller and cheaper than regular notebook PCs and optimized for simple computing tasks such as Web browsing and email. Both have enjoyed robust demand despite the global downturn.

"You can take cellphones anywhere with you, and they are always on. But you have to live with a small display. Notebook PCs offer a large display and full keyboard, but their battery life is short and it takes time to start them up," Sharp Executive Vice President Masafumi Matsumoto told a news conference.

"We are introducing a mobile device that you can take with you wherever you go and comes with all major notebook PC functions."

The new product, dubbed "NetWalker," has a high-resolution LCD screen and runs 10 hours on a single charge.

Amazon Looks to Take Cloud 'Virtually' Private
The champion of the public cloud aims to deliver the benefits of private clouds with a new offering.

Amazon (NASDAQ: AMZN) is aiming to cash in on businesses' growing interest in private cloud computing by building an offshoot of its existing public cloud offerings.

The idea behind the new Virtual Private Cloud (VPC) is that businesses can connect via Virtual Private Network (VPN) to compute resources located within Amazon's cloud. Those resources are separate from Amazon's public Elastic Compute Cloud (EC2) resources, and enterprises can extend their own management and security infrastructure to encompass the VPC instances.

"We built Amazon VPC for this purpose -- to allow any company to seamlessly connect their existing resources to the AWS [Amazon Web Services] cloud as if it were a part of their own datacenter," Andy Jassy, senior vice president for AWS, said in a statement.

Pricing is simple: 5 cents per connection-hour plus a per-gigabyte data transfer fee that starts at 17 cents and drops to 10 cents for volume users. The product is currently available in the U.S.-East region.

For some time, enterprises have shown growing interest in taking advantage of the cloud. But some observers have said that large businesses would be more willing to leverage cloud technologies as a part of a controllable, in-house deployment -- as opposed to public services like Amazon Web Services' EC2.

But Amazon CTO Werner Vogels also said that businesses don't want to give up the scalability and ease associated with a hosted cloud service. That's where VPC comes in.

In a blog post, Vogels said that CIOs around the world have told him they would "accelerate the adoption of cloud services if they could access a form of cloud that would give them the best of both worlds: the flexibility and cost-effectiveness of accessing a virtually infinite pool of resources without owning it, while being able to integrate those resources into their existing datacenter environments such that they could continue to leverage existing investments in their management and control infrastructure."

"By leveraging Amazon VPC, our mutual customers now have access to resources that appear as a natural extension of their current on-premises Citrix based applications," Frank Artale, vice president of business development at Citrix, said in a statement.

Titans fight cloud wars

For all the pleasant words today, tension remains between companies with public cloud offerings, such as Amazon's EC2, and those offering private cloud systems, in which a company buys all the hardware and runs it itself.

In his blog post, Amazon's Vogels said that the private cloud fails to deliver the benefits that businesses need. "Without the diversity and heterogeneity of the large number of AWS cloud customers to drive a high utilization level, [a private cloud] can never be a cost-effective solution," he wrote.

Vogels explained that users of public clouds get to focus on other things besides hardware management and obtain efficiency and productivity gains through using the private cloud, benefits that no private cloud rollout can replicate.

He added that the elasticity of the cloud, which gives Amazon's EC2 its name, is also key. "The ready access to vast cloud resources eliminates the need for complex procurement cycles, improving the time-to-market for its users. Many organizations have deployment cycles that are counted in weeks or months, while cloud resources such as Amazon EC2 only take minutes to deploy. The scalability of the cloud no longer forces designers and architects to think in resource-constrained ways and they can now pursue opportunities without having to worry how to grow their infrastructure if their product becomes successful," Vogels wrote.

The same argument is being played out in a high-profile war of words between Larry Ellison, Oracle's CEO, and Mark Benioff, CEO of Salesforce.com and a former Oracle executive. Ellison said earlier this year during an earnings call that private, on-demand Oracle (NASDAQ: ORCL) deployments win over Salesforce (NYSE: CRM) in large enterprise environments.

Benioff's reply to Ellison, during a presentation at a cloud conference, echoed Vogels' statements this week. Benioff said that no Oracle private cloud deployment will ever achieve the efficiencies of Salesforce's public cloud software, which resides in only a few datacenters.

Virtually private

Meanwhile, at least one critic has charged that Amazon's VPC may not be private enough for most businesses.

Cloud management vendor Rightscale, which offers a management platform for Amazon cloud customers, said that it's unclear how precisely Amazon keeps VPC activity separate the rest of its cloud.

"Instances in the VPC are separated from non-VPC instances at a deeper network level than instances in different security groups or belonging to different users," Rightscale said in a blog post. "Amazon doesn't say anything of substance about the nature of this isolation. Let's see how soon that will have to change to actually attract enterprises."

Rightscale, which itself also has a private cloud offering that runs on Ubuntu in collaboration with Canonical Software, additionally claimed that Amazon's VPC may at the same time be too tightly integrated into customers' datacenters.

"Instances in a VPC have no external network connectivity whatsoever," the company said. "All traffic in/out of the VPC has to go through the VPN, at the far end of which it may be routed to the Internet. This includes traffic to other AWS services ... and indeed any general Internet traffic. Sounds like #1 priority limitation to fix also from Amazon's point of view to me."

However, the company said that VPC's reliance on customers' VPN is a feature, not a flaw.

"Cloud traffic bound for the Internet routes over the VPN where it is examined by the customer's existing security and networking technologies before heading to the public Internet," Amazon said.

An Amazon representative pointed out that a blog post by Jeff Barr, Amazon senior Web services evangelist, said explicitly that VPC does not connect directly to the Internet.

"Adding [Internet connectivity to VPS] certainly makes sense and we plan to do it -- but this is where we’re starting because it's what is most important to our customers," Amazon's representative said.

Researchers crack WPA encryption in 60 seconds
Attack method could let hackers read encrypted traffic

Japanese researchers claim to have found a way to break the Wi-Fi Protected Access (WPA) encryption system used in wireless routers in just 60 seconds.

Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University plan to explain their method at a technical conference on 25 September in Hiroshima.

The attack potentially gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA encryption system.

The fact that WPA could be broken has been known for some months, but the researchers have exploited a theoretical attack and made it practical.

An earlier technique, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes.

Both attacks work on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm.

The WPA standard was originally designed as an interim encryption method as Wi-Fi security was developing, and has long since been superseded by WPA2. However, a fair bit of WPA with TKIP kit is still in use.

Newer WPA2 devices that use the stronger Advanced Encryption Standard algorithm remain safe for now.

Data governance and risk
By: Philip Howard, Research Director - Data Management, Bloor Research

I am going to make a radical suggestion. I am going to suggest that far from having a data governance council or some other body that oversees a corporate data governance structure that this structure should report to the corporate risk manager. Let me explain my reasoning.

First, consider the primary role of data governance. It is to assure the provision of accurate, complete and up-to-date information. This is not, in itself, of much value. Nor is having a consistent view of your customers à la MDM. Both may have marginal benefit in reducing costs (fewer duplicates means reduced disk requirement) but these are not enough to justify an investment in data quality, MDM or data governance. No, the real benefit deriving from better quality data is that it enables better decision making. For example, once you have a consistent customer view you are in a better place to decide how you can market more effectively to those customers.

Now think about risk management. What's that about? It's about balancing upside potential against downside risks. Note that it isn't typically about processes where you want to eliminate risk, these are usually the domain of compliance (remove risk of fines) or security (prevent fraud), but situations where there will always be risk but you would like to minimise it.

So, where does this risk management take place? When making decisions. Some of these will be big decisions such as whether to acquire a competitor or where to open a new branch office while some of them will be more operational in nature.

And what does risk management require? Essentially three things: appropriate processes, metrics (key risk indicators) and trustworthy underlying data. Without all of these three things risk management will prove hard to accomplish in any meaningful way.

You see the synergy? Risk officers need reliable data and so do operational managers. But the risk management function sees the bigger picture and is not limited to a specific department within the business. It therefore seems to me to make sense that data governance, rather than being in IT, or in the business generally, or in a separate structure of its own, should be in a structure reporting to the CRO (the chief risk officer—if there is such a beast).

I am not saying, of course, that the CRO should take a hand in every decision making process but I do think that risk management can act in a sort of compliance role for decision making: establishing principles and best practices for decision making, and ensuring high quality, trustworthy information. Note that giving a compliance role to risk management is in no way stepping on the toes of the compliance officer, as compliance functions are frequently derogated to other departments (for example, security will often be responsible for ensuring compliance with data protection acts).

Given that a lack of risk management (or proper attention being paid to the advice provided) has in large part been responsible for the current recession, we are seeing an increased emphasis being placed on the position of CRO and it is not unlikely that this will be reinforced through legislation. So, this would be a good place for data governance to live. Moreover, the CRO is someone who should really get the importance of data quality. So: more power to the CRO's elbow!

'Arrandale' chip will be an Intel laptop first

Intel's upcoming "Arrandale" will be the first highly integrated chip of its kind from Intel and is expected to run the gamut of laptop designs, from ultrathin to mainstream.

Due by the fourth quarter, it will be the first Intel product to put two processor cores and a graphics function together in the same chip package. Intel covered the underlying architecture in a presentation at the Hot Chips conference in Palo Alto, Calif., this week and in a recent blog, described the design, saying it "will be the basis of all upcoming new Core chips (Core i3, i5, and 7) over the next few months."

Arrandale will come initially under the Core i7 and Core i5 brands, using the chipmaker's most advanced 32-nanometer technology (Intel chips are currently built on a 45-nanometer process) and will populate consumer and business laptops.

The compact chip, however, is not without its challenges. "A high level of integration is always a compromise. There's never a free lunch," said Ashok Kumar, an analyst at investment bank Collins Stewart. "It's a question of how much performance you have to compromise to get that level of integration and low power consumption."

"There won't be a significant jump in performance, but price and power consumption will be lower," said Jon Peddie of president and founder of Jon Peddie Research.

Last month, Japanese-language technology Web site PC Watch published specifications for Arrandale and other upcoming Intel processors that were, PC Watch says, obtained from an OEM (original equipment manufacturer) computer manufacturer. It shows Arrandale coming in mainstream as well as low-voltage and ultra-low-voltage versions. The latter two classes of chips have typically gone into upscale svelte designs such as the Dell Adamo and Apple MacBook Air.

Arrandale-based chips, however, are expected to quickly go downmarket and bring Intel's new Core i "Nehalem" microarchitecture to the new category of laptops called ultrathins, which resemble the MacBook Air and Dell Adamo but are about half the cost.

A series of new chips for Netbooks, codenamed Pine Trail, will also appear by early 2010 and feature even higher levels of integration.

The Difference Between Compliance and Security

Perhaps your organization is exemplary. Maybe you've fully trained your staff in regulatory compliance, documented your policies and implemented your processes. Congratulations on your diligence. However, being compliant is not the same thing as being secure. There are no expectations that these regulations result in security, only that a minimum framework has been put in place.

With a seemingly endless supply of expert consultants and solutions on the market, many IT departments in critical infrastructure industries have made significant inroads in the past few years into becoming compliant, striking a balance between rigorous attention to regulatory chapter and verse, while still making time to support the critical projects and initiatives that keep the organization operating.

Although it may be difficult to confront, the fact of the matter is that not all IT groups in the critical infrastructure industry are fully compliant with information-security regulations. The area of NERC critical cyber-asset identification is one prominent example.

In any critical infrastructure sector, the very nature of self-certification means that it's easy to evade the letter of the law, however unintentionally. Even when a company is making progress toward compliance, human nature and the economic pressures of the times can lead overworked professionals to cut corners.

Two Different Things

Recently, Michael Assante, the vice president and chief security officer of the North American Electric Reliability Corporation (NERC), sent out a letter to power-industry stakeholders raising the issue of somewhat widespread misidentification of qualifying assets. In a letter about the self-certification survey for NERC Reliability Standard CIP-002-1 for the period July 1 through Dec. 31, 2008, Assante wrote:

"The survey results, on their surface, raise concern about the identification of Critical Assets (CA) and the associated Critical Cyber Assets (CCA) which could be used to manipulate them. In this second survey, only 31 percent of separate (i.e. non-affiliated) entities responding to the survey reported they had at least one CA and 23 percent a CCA. These results are not altogether unexpected, because the majority of smaller entities registered with NERC do not own or operate assets that would be deemed to have the highest priority for cyber protection. .... Closer analysis of the data however suggests that certain qualifying assets may not have been identified as 'Critical.' ... Although significant focus has been placed on the development of risk-based assessments, the ultimate outcome of those assessments must be a comprehensive list of all assets critical to the reliability of the bulk electric system."

Let's say that your organization is exemplary, that you've completed your regulatory compliance boot camp, you've trained your staff, you've documented your policies and procedures, implemented your processes and you're now fully compliant. Congratulations on your diligence, which may just give your business an advantage in its marketplace, and for which you will no doubt be rewarded in your career. However, being compliant is not the same thing as being secure.

Never Designed as Panaceas

Being compliant in today's threat environment simply isn't enough to guarantee your organization is secure and maintaining continuous operations -- or even its survival as a service provider. Industry regulations were never intended to be sufficient; they were designed to be used as frameworks within which IT groups could begin studying and outlining more rigorous security for their own particular environments. Most challenging of all is the fact that cyberthreats are growing, both in terms of the number of potential attackers and in scope.

The stated aim of some leading terrorist groups is not simply the disruption of daily life for American citizens. These groups also aim to harm our national economy, and they were successful in impacting the travel industry in the wake of the World Trade Center and Pentagon attacks -- an impact from which that industry has not yet fully recovered.

If the critical infrastructure your organization serves has a similar financial model to many large-scale power plants, there has been a significant capital investment, with financing based on 90 percent to 100 percent uptime. If your systems do go down and there is an interruption in operations, consequences might include:

1. Purchasing resource and commodities from other sources and at higher than market rates to satisfy immediate demand

2. Loss of production capacity that results lost profit opportunities, higher costs of goods, capital and labor

3. Customer-imposed penalties or loss of customers

4. Political fallout

Compliance leads organizations to accept a requirement based on the average risk analysis for an industry or segment. There are no expectations that these regulations or standards results in security, only that a minimum framework has been put in place. Unfortunately, some enterprises see compliance as a "get out of jail free card" to avoid a penalty or fine instead of a framework to develop an ongoing process to secure their operations against evolving cyber threats.

Risk Management

A risk-management model, versus compliance, takes a much broader approach to security, aiming for robust business-continuity plans with meticulous, organization-wide incorporation of best practices in all processes

The process of security requires the acceptance that it is part of the corporation's fiduciary responsibility to both the communities it serves and its investors. Cyber security should be an integral part of a business continuity plan that is reviewed, updated, implemented and managed on an ongoing basis. It cannot and must not be an "end state"

Every critical-infrastructure sector should accept the challenge to adopt a "big picture" approach that addresses small checkpoints daily. This approach would have your IT and Security groups commit to:

1. Ongoing evaluation and adoption of best practices and best technologies for cyber security

2. Continuous threat evaluation

3. Daily practice of security with rapid change in practices in response to changes in the risk environment

4. Treatment of security as an integral part of the business, not a one-time project or exercise

Budgeting for virtualization solutions

DESCRIPTION: The benefits of virtualization include better manageability of IT infrastructure and cost reduction. However, midmarket CIOs are still having to spend a substantial amount of money upfront on new hardware -- including memory, basic power upgrades (BPUs) and new servers -- to reap those benefits. In this podcast, learn about the best ways to budget for virtualization so you can get in on the cost-cutting benefits sooner rather than later.

In this podcast, SearchCIO-Midmarket Executive Editor Karen Guglielmo interviews industry analyst and consultant Laura DiDio about ways midmarket companies can make smarter decisions when it comes to spending and budgeting for virtualization solutions. She offers tips on how to cut costs and renegotiate your virtualization contracts.

SPEAKER'S BIOGRAPHY: Laura DiDio is a high-tech industry analyst and consultant, a professional writer and a former reporter. She is also principal at Information Technology Intelligence Corp., a company she founded. Prior to this role, DiDio spent more than six years at Yankee Group, a Boston consultancy, where she held the title of research fellow. She has expertise in a wide range of topics, including virtualization, desktops, server operating systems, OS security, hardware and business intelligence.

`Phishing' drops; are scammers switching tactics?

Internet criminals might be rethinking a favorite scam for stealing people's personal information.
A report being released Wednesday by IBM Corp. shows a big drop in the volume of "phishing" e-mails, in which fraud artists send what looks like a legitimate message from a bank or some other company. If the recipients click on a link in a phishing e-mail, they land on a rogue Web site that captures their passwords, account numbers or any other information they might enter.

IBM's midyear security report found that phishing accounted for just 0.1 percent of all spam in the first six months of this year. In the same period in 2008, phishing made up 0.2 percent to 0.8 percent of all spam.

It's not clear what, if anything, the decline means. (It also doesn't appear to be a statistical illusion caused by an increase in other kinds of spam. IBM said overall spam volume hasn't expanded, like it did in years past.)

Lamb believes phishing might have fallen off because computer users are getting smarter about identifying phony Web sites. Security software is also getting better at filtering out phishing sites before Web surfers ever seen them.

It could also be that criminals are moving on from phishing to another kind of attack, involving malicious software. IBM said it is seeing more instances of "Trojan horse" programs, which are used to spy on victims.

Dean Turner, director of Symantec Corp.'s global intelligence network, who was not involved in IBM's research, said Symantec has also noticed less phishing, but warned that it could increase again later in the year. Phishing scams spike around the holidays, he said.

IBM found that criminals are changing the types of businesses they attack with phishing. Sixty-six percent of phishing targets were banks, down from 90 percent last year. Meanwhile, companies that handle online payments, like PayPal, are being mimicked in phishing messages more frequently.

To protect yourself against phishing, access sensitive sites on your own, rather than by following links in e-mails, which might lead to phishing sites.

The wraps are coming off IBM's Power7

At Tuesday's Hot Chips conference IBM is scheduled to take the wraps off Power7, its next generation of RISC microprocessor. This is a big deal for IBM because Power is the foundation for its AIX Unix operating system, which has been one of the stars of its server portfolio in recent years. Power also supports the IBM i operating system and can also run Linux either natively or in an x86 binary translation mode that IBM acquired from Transitive. (Transitive is the company that developed the "Rosetta" technology that Apple used for the PowerPC to Intel transition.)

Modern microprocessors are incredibly complex machines. And major iterations, such as Power7, incorporate a multitude of new features, approaches, and techniques that are collectively far beyond the scope of a piece such as this to describe. Therefore, rather than trying to touch on everything, I'm going to touch on just a few aspects of the new processor generation that struck me as particularly noteworthy.

Power7 bumps both the number of cores and the performance per core over its predecessor. Its eight cores each support up to four simultaneous multithreading (SMT4) threads for a total of 32 threads per chip. SMT is a technique that helps make better use of the many execution units within a core by reducing the amount of time that software spends waiting for resources to become free. (One of the big issues with modern processor design is that some parts of the system run much more slowly than others so it's easy for a given thread to effectively create a roadblock while it's waiting; SMT is one way to alleviate this problem.)

This relative focus on multi-threading is a considerable departure from IBM's current Power6 which, at its 2006 unveiling, showed a focus on processor on frequency and hefty individual cores at a time when radical multi-core designs were grabbing the limelight. Despite its core count increase, Power7 continues to pay attention to per-core performance, but it's through techniques other than frequency; IBM says that the Power7 core has higher performance at lower frequency than the Power6 core.

One of these techniques is the aforementioned SMT4, coupled to an increase in the number of execution units per core. Power7 also reaches back to earlier Power playbooks and reintroduces out-of-order (OoO) execution, which was temporarily shelved for the Power6 generation. OoO execution can be thought of as a complementary technique to SMT that lets the processor skip over instructions that aren't ready to be processed because they are waiting on data.

Striking a balance between single-core and total-chip performance is one aspect of a general "balanced design" theme. Another is bandwidth. Each chip has dual-DDR3 memory controllers for a total of 100GB/sec of sustained memory bandwidth per chip. Scalability ports built into each chip are expandable to systems with a total of 32 sockets with 360GB/sec SMP bandwidth per chip.

Another aspect of balance is the design of the cache hierarchy, the memory physically near the processor that keeps frequently and recently used data near the processing units so that they can be accessed faster. Perhaps most notable is that there's a 32MB shared Level 3 (L3) cache in the middle of each chip. In the past, IBM has often implemented L3 caches as a separate die on a multi-chip module (MCM). This provides lots of room for the cache but means that the memory is physically further away (and therefore often slower) and demands lot of pins on the processor package to communicate with it.

Power7 takes a different approach. It's the first major commercial processor to implement an on-chip L3 cache using embedded DRAM (eDRAM). Caches are more typically constructed from static RAM (SRAM), which is faster and doesn't need to be refreshed on an ongoing basis but requires six transistors per device, rather than one for DRAM.

IBM estimates that the eDRAM has a 6:1 Latency improvement for L3 accesses relative to an external L3. Relative to an internal SRAM array, eDRAM takes about one third the space and consumes about one fifth the standby power. As for performance, IBM characterizes it as "almost as fast" and says that it handles the memory refreshes required by DRAM--memory contents have to be periodically written or they will decay--during "windows of opportunity" and generally won't have much of an impact on system performance.

As is increasingly the norm with microprocessor designs, power management also plays a big role in Power7. It's also an area where microprocessor designers are still learning. Power6 placed considerable focus on a feature called power gating, that effectively turned off portions of a core when they weren't being used. Power7's top power-saving mode, sleep, is less aggressive. It drops the voltage to the minimum level required to retail state. With the 45nm process used by Power7, IBM says that this almost eliminates leakage current and provides most of the power benefits of turning off the power entirely while saving a lot of verification complexities.

Finally, as the processing power of chips and the servers built on them grow, so too does the need to provide a level of resiliency against errors both transient and permanent in the literally billions of electronic features that make up these systems. It may be a cliche to note that if you're going to put a lot of eggs in one basket, you need to protect that basket well--but it's no less true for that.

Many of the new Power7 reliability features are focused on memory. For example, there's full X8 "chip-kill" with 64 byte error correcting code (ECC). This means that a full DIMM can die and the data can be steered over a spare device. For system partitions tasked with particularly critical workloads, Power7 can also do selective memory mirroring--think RAID 1 for memory. Power7 also just generally keeps building on error-checking and failover features; this includes the new ability to dynamically fail over if the main oscillator (clock) associated with the chip fails.

At a high level, Power7 shares a number of general design philosophies and directions with microprocessors from other vendors, including those from AMD and Intel that are more associated with scale-out designs and redundancy at the software level. This, in part, reflects that all vendors are fighting the same physical laws and are largely constrained by the same fabrication technologies. We see a general shift toward multi-core, an increased focus on power efficiency, and a need to protect against the inevitable glitches that affect ever smaller transistors--it doesn't matter who the vendor is.

However, that said, Power7 is a different design center than the scale-out standards bearers. While not literally a mainframe, its focus is very much the same sort of resiliency and performance balance at high vertical scale.

Swapping Web Sites Turn Trash Into Treasure
Web Sites Cater to Green Thumbs, Gadgeteers and More

One man's trash is another man's treasure and with the click of the mouse, you can both get rid of unwanted items and find your own goodies, practically free of charge.

A number of Web sites let you trade in items you no longer want for items that you really might need. There are all kinds of Web sites that let you trade items you no longer want or need, for something you really do need. The upside of all this trading, besides keeping you from having to buy these items full price at retail, is it keeps tons of trash out of our landfills.

Here are a few sites to get you started trading:

GardenWeb
If you have a green thumb, a garden and a low-end budget, the GardenWeb plant exchange is a great place to spend a rainy afternoon.

If not, sometimes people are willing to send the plants for postage.

If you've cleared out a patch of Siberian Iris or hostas from your garden but just can't bear to throw them in the compost bin, put it up for trade. You can ask for something specific in return, or let people make offers of what they have available. A quick trip to the post office with a flat-rate box makes this an easy way to spruce up your garden.

Freecycle
Forget about bulk trash day, someone on Freecycle will want what you're getting rid of.

The non-profit Freecycle Network was founded in 2003 to promote waste reduction in Tucson, Arizona, and help save desert landscape from being taken over by landfills. Today it's made up of 4,775 groups with 7,059,000 members across the globe.

Researchers Warn of Powerful New Data Theft "Cocktail"

Researchers with online security services provider ScanSafe are warning of a potent new blended attack that seeks to steal end users' personal data and is spreading rapidly across the Web.

Mary Landesman, senior security researcher with ScanSafe, said in a brief blog post that the powerful "cocktail" of backdoor, password stealing malware and Trojan downloader attacks is being discovered on a growing number of Web sites, having tracked over 55,000 such infected URLs in only several days time since first discovering the nefarious package.

The attack is being loaded onto sites via a malicious iframe, she said, infecting large numbers of otherwise legitimate URLs. The iframe itself is using an intermediary site which downloads the other threats from an assortment of other malware domains, Landesman said.

It's not unusual for attackers to use such a layered distribution approach these days to thwart efforts to stop their campaigns by shutting down individual URLs that they've employed.

A Google search on the intermediary site used in the blended attacks at the end of last week turned up masses of pages already owned by the sophisticated package, including www.feedzilla.com, latindiscover.com, and a number of charitable and nursing facilities, including howellcarecenter.com, sweetgrassvillagealf.com, www.foodsresourcebank.org, and morningsideassistedliving.com.

According to ScanSafe, the domains involved in spreading the attack were registered only in early August and include ahthja.info, gaehh.info, htsrh.info, car741.info, game163.info, car963.info, and game158.info, with ahthja.info leading the way in terms of distribution.

The involved attackers are using popular hosting providers including GoDaddy.com to register their domains, which remain online and volatile, the experts reported.

Researchers have long been warning of the increasing use of such combined attacks as schemers seek new ways to distribute their work faster and more effectively.

The newly discovered example appears to be particularly effective based on the fact that it has been able to find so many legitimate sites that it can load itself onto in a short period of time.

End users should expect to see continued use of both the blended approach and the multi-tiered distribution model, as they continue to see increased adoption among attackers as they seek to keep their threats rolling even as researchers sniff them out.

MessageLabs spots resilient new breed of botnets
Latest examples can recover from shut down in just 48 hours

Activity levels for Cutwail, one of the world's largest botnets, fell by 90 per cent after the recent shutdown of a Latvian ISP, but sprung back within just 48 hours, according to MessageLabs.

The security firm's latest Intelligence report makes for worrying reading, particularly concerning the increasing resilience of botnets.

By contrast, when the McColo web hosting firm was shut down in November last year it took the associated botnet activity several weeks to fully recover.

"The impact when the ISP in Latvia was taken offline was almost immediate but only lasted a short time. Within 48 hours it was back up and running, which is a worrying trend," said senior MessageLabs analyst Paul Wood. "A lot of efforts are being made behind the scenes to make them harder to take down."

Botnet herders are increasingly looking to peer-to-peer channels, distributed chat room and server operations and even HTTP traffic to manage and update the botnets and make them more difficult to track and take down, according to Wood.

"It needs increased law enforcement and greater [industry] co-operation," he said. "Anyone can set up an ISP, so it's often difficult to identify the bad ones from those which are genuinely struggling with the problems on their networks because they only have a small abuse department."

The report also highlighted the continued use of shortened URLs in spam emails, sent primarily from the Donbot botnet, as well as a 44.7 per cent increase in web-based malware since July, representing 3,510 new infected web sites every day.

Budget woes could hurt flu response
Md. looks for federal funding to help with prevention effort

Maryland's budget difficulties may impact the state's ability to respond to a resurgence of swine flu in the fall, and officials are hoping both creativity and federal funds can help bolster preparations for public health problems.

Gov. Martin O'Malley said yesterday that the state's continued financial issues "might affect, might compromise" efforts to stop the swine flu virus.

"We are down to affecting all of those core things … that we have in government to perform," O'Malley said during a news conference in Largo in Prince George's County. "With good management, with innovation, with hard work and with recruiting more and more people from our growing health care industry … we should be up to this challenge."

The Board of Public Works is scheduled to take up the second part of $700 million of reductions tomorrow to balance this year's budget, a plan that includes furloughs and cuts of up to $250 million of local aid.

Government officials discussed the budget implications on public health as the state announced the seventh swine-flu related death in Maryland. Efforts to battle the disease have been ongoing since the spring, with health and school workers convening in July to plan for the fall.

"There will be no core responsibility that we can truly spare from the difficult decisions that we have to make in order to get through this as a people," O'Malley said.

Based on initial projections from the federal Centers for Disease Control and Prevention, Maryland could receive between 746,000 and 3 million swine flu vaccine doses when the vaccine becomes available in mid-October. The vaccine is likely to be administered in two cycles, so the 2.6 million Marylanders in priority groups for vaccination would require more than 5 million doses.

A report released yesterday from the President's Council of Advisors on Science and Technology says a "plausible scenario" for swine flu is infection of 30 percent to 50 percent of the U.S. population in the fall and winter, with 30 million to 60 million people seeking medical attention.

John Colmers, the secretary of the state Department of Health and Mental Hygiene, said the state is working to secure federal funds to help in Maryland's response.

"We look to share a large portion of that with local governments, as they will be important partners," Colmers said.

Federal money has played an important role in blunting cuts to the state's budget, and the governor wants swine flu initiatives to be helped as well.

"Our hope is that (cuts) will be offset to a large degree by the federal government and that working together we can figure out a way to protect the public health even in a time when we see our revenues contracting," O'Malley said.

Officials also announced the participation of 46 acute-care hospitals, including Anne Arundel Medical Center and Baltimore Washington Medical Center, in a surveillance system that will gather symptom data from emergency rooms and track disease outbreaks and patterns.

O'Malley said the system will allow health responders to "get a jump on those bad bugs."

"We learned the value of this in the spring," he said. "We are able to respond more quickly to epidemics."

The Associated Press contributed to this story.

Rackspace debuts 'Cloud Tools' portal

Cloud infrastructure provider Rackspace on Tuesday announced a new portal that will help showcase and organize tools and applications built by its partners and independent developers.

Dubbed 'Cloud Tools,' the portal organizes partner offerings into four sections: system management, development tools, monitoring and reporting, and client software. It incorporates typical marketplace functions like user reviews, and overall is geared toward building up an ecosystem around Rackspace's service.

Some offerings are fee-based and others are free, but the site doesn't include an e-commerce component. Instead, interested customers click through to vendors' sites to make deals.

Nearly 20 companies are part of the initial rollout for Cloud Tools. Rackspace anticipates more will join soon. The portal will also help independent developers showcase their wares through a "From the Community" feature.

Rackspace competes with the likes of Amazon Web Services in the cloud computing infrastructure market, and uses a similar, pay-as-you-go pricing model.

Tuesday's news follows the company's recent launch of a public API (application programming interface), giving users of its service a finer-grained method of managing deployments. Rackspace has open-sourced the API.

Next-Gen Server Chips Emphasize Scalability
The first generation of multi-core processors just stuck cores on a die. Now Intel and AMD are working to improve scalability within the chip.

PALO ALTO, Calif. -- The strategy for multicore processing has, at least in the early years, been one of gluing multiple cores onto the processor die and wiring the cores together. With the next generation of chips, however, both Intel and AMD are aiming at true integration and making their multi-core chips scale to their fullest potential.

Both firms gave hints on their future server processors here on the campus of Stanford University at the 21st annual Hot Chips conference. The summer show, aimed at the fastest spinning propellerheads out there, is usually a deep dive into microprocessor technology.

AMD (NYSE: AMD), playing catch-up to Intel in server processors, discussed its Magny-Cours (M-C) 12-core processor, due next year. The name comes from a French race track but when pronounced sounds like "many cores."

Voice Search Faces Hurdles in Mobile
There's huge potential, but experts say there are still plenty of obstacles to making mobile voice search effective.

NEW YORK -- Search is a huge and evolving business. Facebook, not a traditional search company, recently said its own search offering is booming. Incumbent search giant Google (NASDAQ: GOOG) recently said that it will move beyond keywords at SES. And at the SpeechTEK conference this week, big search players talked up opportunities in mobile search.

"Companies are excited, eager, and fearful about the revenue opportunity in mobile search," said Microsoft (NASDAQ: MSFT) Senior Researcher, Geoffrey Zweig, who spoke on a voice search panel at SpeechTEK here.

"Nobody wants to be left behind," he added. He noted that companies have a strong business model for traditional Web-based search, but mobile voice search is a different animal.

While many see opportunities, they also see barriers, panelists said. Services are restricted by factors as various as noise conditions and the need to limit the vocabulary size of recognition engines, which are also known as recognizers, said moderator Michael Cohen, manager of Google's speech technology group.

Zweig listed numerous ways noise conditions can interfere with an attempted voice search. Ambient noise from cars, restaurants, parties, or televisions can make processing more difficult, as can the diversity of U.S. accents.

"About 30 percent of stored speech is repeated," he said, which means that systems frequently don't get it right the first time.

The importance of the first time

Getting it right immediately is very important, panelists said. "If an app doesn't work immediately, then on day two, users won't come back," said Johan Schalkwyk, manager of Google's mobile speech team.

Schalkwyk added that when Google launched its mobile search engine, it was optimized for U.S. English even though it was available worldwide. Google learned that users in Australia and the UK, who received lower quality results because the system was not designed for them, were less likely to use the service again.

Faster Printable Circuits
A new polymer simplifies organic circuits.

Organic circuits are cheap, flexible and printable. But unlike inorganic circuits, which require only silicon, high-performance organic circuits are usually made out of two different materials that must be carefully patterned. Now researchers have made a polymer that performs the function of both materials. By eliminating the need for two materials, they've made these circuits easier to fabricate. The researchers have used the new polymer to make some of the fastest organic circuits yet reported, and the process might be useful for solar cells, too.

To perform the logic operations that run computers, cell phones and other electronics without consuming too much power, transistors need to have alternating regions that conduct negative and positive charges. But until recently, chemists had only made polymers that conducted either positive or negative charges. To make circuits from them, these polymers have to be carefully aligned with each other. "When you have two materials requiring complex patterning processes, you lose or reduce the cost advantage and simplicity" of organic electronics, says Samson Jenekhe, professor of chemistry at the University of Washington in Seattle.

"The ultimate [goal] is to have one material that can transport electrons and holes," or positive charges, says Jenekhe. He and others have been working on making such a material, called an ambipolar polymer, for a few years. "In the past, it was largely trial and error," says Jenekhe. Now he and Mark Watson, associate professor of chemistry at the University of Kentucky in Lexington, have determined what sort of structures work well in such polymers. The new material and its performance are described in the journal Advanced Materials.

The new polymer is made up of two alternating units, one that conducts electrons and another that conducts holes. It's not the first polymer to be able to do this. But electrons and holes move much faster through the new material than through those that have been made in the past. This is important, because the rate at which charges move through a semiconductor determines circuit speed.

Jenekhe's group used the polymers to make individual transistors and circuits. They put the polymer into a solution, dropped it on a substrate patterned with electrical contacts, and then spun it out into a thin film using a process called spin coating. Jenekhe says that because the polymer is water soluble, ink-jets could also be used to print out circuits. The performance of the ambipolar polymer circuits was comparable to or better than those made from two polymers.

One of the devices Jenekhe's group made is called an inverter. "Inverters are the basic building blocks of integrated circuits," says Zhenan Bao, associate professor of chemical engineering at Stanford University, who was not involved with the research. Other groups have demonstrated inverters with ambipolar polymers, but Jenekhe's polymer can operate much faster than the others, says Bao.

Spending on Remote Managed Services Growing, Report Says

A report from market research analyst and consulting company Techaisle said small to medium-size businesses (SMBs) are to spend $3.6 billion in 2009 on remote managed services, which is up 9.2 percent from 2008. The company said overall SMB managed services spending will grow by 8.8 percent in 2009 to $14.3 Billion and SMBs would account for nearly half of all managed services spent by businesses.

The report said in 2010 SMBs are likely to spend $15.7 billion on managed services, exhibiting a growth rate of 9.6 percent. More than 36 percent of managed services spending by SMBs in 2009 will be made by 10-49 employee size categories, the report predicted, making it the most lucrative target segment but also most difficult to reach. The study that includes market sizing covers remote and onsite/remote managed services and includes sub-segments of PC management, server/network management, security, network storage and backup/recovery managed services. E-mail and Web-hosting, collaboration and software as a service (SaaS) services are excluded from managed services and are sized separately, Techaisle noted.

"SMBs are now looking beyond infrastructure investments as their respective countries slowly emerge from the global downturn. With continuing education by vendors and channels SMBs have begun embracing managed services with cautious optimism", said Techaisle CEO and vice president of research Anurag Agrawal. “Not surprisingly, SMB managed services spend represents a 46 percent share of the total managed services spend of $31.1 billion by businesses that include large enterprises with 1000+ employees.”

Midmarket network and server managed services account for highest level of spending at $3.5 billion, while PC managed services is expected to reach $2.7 billion in 2009. The study that includes extensive market sizing based on primary research shows that emerging markets would have the highest growth rate at 13.7 percent, while the established markets (mature markets) are projected to grow by 8.4 percent. The report projected regional shares (North America leads with 36 percent) change if only remote managed services is considered, and the share of emerging markets' spend will grow from 21 percent in 2008 to over 24 percent in 2010.

Security Showdown: Cloud Computing vs. On-Premise IT

Either in real terms or perceived terms, security is one of the biggest hang-ups people have, and it's a wide-open question. When we talk about the cloud and the enterprise, are we talking about something that is fundamentally different in terms of securing it, versus what people are accustomed to doing across their networks?

DARPA 3D reasoning engine to identify urban threats

DARPA is spending millions of dollars to identify trash cans, which may have raised a few eyebrows, except these and other common urban objects could in the course of today's combat missions prove to be tactically significant.

BAE Systems received a $7.1 million contract to work on Phase II of the Urban Reasoning and Geospatial Exploitation Technology (URGENT) program, which is designed to improve the quality and timeliness of geospatial intelligence U.S. troops receive when facing enemy threats in urban environments.

This phase of the program's goal will be to "develop a 3D reasoning engine to query over object shapes, locations, and classifications for rapid urban mission planning, mission rehearsal, and situation analysis," according to DARPA.

DARPA's contention is that since target recognition in urban environments is so far removed from what soldiers have historically focused on, i.e. military objects such as tanks and armored personnel carriers, that the need to preemptively identify urban objects has become an important requirement.

That's going to be news to veterans of Chechnya, Hue, and Sarajevo.

Still, the reasoning is that tanks and cannons have unique signatures and were usually positioned in relatively isolated areas away from civilians and that's not so with today's asymmetric threats, where troops are forced to engage enemy combatants in cities with large civilian populations.

"Even the most common urban objects can have tactical significance: trash cans can contain improvised explosive devices, doors can conceal snipers, jersey barriers can block troop ingress, roof tops can become landing zones, and so on," hence the need for an all-knowing system.

BAE contribution will be to fuse Light Detection, and Ranging and Geographic Information Systems' data to automatically detect and classify an urban object's attributes, function and geospatial features, company officials said.

The BAE team has already developed "a system that combines a suite of complementary feature extraction and matching algorithms with higher-level inference and contextual reasoning to detect, segment, and classify urban entities of interest in a fully automated fashion."

The Challenge of Automating Data Backups

For many enterprises, data backups used to be purely back office concerns -- but no more. A combination of burgeoning data repositories, greater security concerns, more regulatory guidelines, and growing awareness in executive offices of how data backups and policies impact failovers and business continuity have changed all that.

The result has been elevated enterprise interest in tools capable of automating corporate data backups as part of their overall policies in backup execution.

"Backups are different today because, while data and storage methodologies have changed, many sites are still using third-generation approaches, and the traditional methods simply can't keep up with all of the data," says Kelly Lipp, chief technical officer for STORServer, a provider of storage, systems, and data protection products. "Because backups with older toolsets and approaches require so much time, data center operations personnel spend all of their time just executing the backups. They never get to the top-level strategies concerning storage, data, and backups that can really focus on the priorities of the business."

Storage systems vendors have delivered a host of tools to address the dual problems of data management and backup, and several are generating much debate among storage professionals. These include data de-duplication to reduce storage needs (and costs) by eliminating redundant data; tape virtualization, which eliminates the security risks and time and expense of transporting tapes to off-site storage sites; and various types of integrated and automated turnkey systems that address data protection, storage provisioning, tiered storage, backup, archiving, and disaster recovery.

"Many enterprises prefer a solution that they can simply plug in and activate based upon the data backup, security, and retention policies that they define as system parameters," says Lipp. "All they need to know is the recovery point objective [RPO] for various types of data, and the recovery time objective [RTO]." This type of automation is ideal for managing the onslaught of unstructured data that makes its way into enterprises in files, but a lot of companies are cautious about trying to automate the crucial tasks involved in backing up important company data. "They have to be shown what [the products] can do before they actually will believe it," Lipp says.

There is often resistance to bringing in software applications that work with storage hardware to transform data backups in distributed systems shops, because there has traditionally been a looser set of data practices in those kinds of IT departments. Many companies, especially smaller and mid-sized companies, will let data accumulate and then add cheap storage whenever systems get overcrowded. However, resistance to new backup systems also exists in the more disciplined mainframe environment that houses 70 percent of the world's mission-critical data.

"Mainframe operations people in the data center are among the least likely to want to do something new," says Art Tolsma, CEO of Luminex, which provides storage systems to the mainframe market. "When that change does occur, it is usually coming from company executives who want to improve RTO, RPO, and corporate backup and disaster recovery plans. They want to see how they can share their storage architectures between coexisting mainframes and open systems -- and how they can save money in the process."

U.S. wants to define broadband, opens wireless inquiry

WASHINGTON (Reuters) - U.S. telecommunications regulators on Thursday sought public comment on how to define "broadband," a step that could impact how the industry delivers Internet services to consumers.

The Federal Communications Commission issued a fact-finding notice on its website (www.fcc.gov) seeking the public's input as it drafts a national broadband plan that is slated to be submitted to Congress in mid-February.

The FCC also said it plans to issue another public notice on its website to study the competitive nature of the U.S. wireless industry and how to "encourage further innovation and investment."

The notice to examine the wireless industry comes amid another inquiry by FCC Chairman Julius Genachowski seeking information about why Apple Inc rejected Google Inc's voice application for the popular iPhone.

AT&T Inc is the exclusive carrier for the iPhone in the United States. Responses to letters sent last month to the three companies from the FCC are due by late Friday.

The state of the wireless industry as well as fees on subscribers monthly bills will be discussed at an FCC meeting next Thursday, the first with all five commissioners in a new administration.

The inquiry into the wireless industry indicates that the new administration wants to take a fresh look into whether customers can get better services at more affordable prices.

The notice to define broadband also sets the stage for how regulators should proceed in trying to determine several issues such as speed, accessibility, affordability and increasing subscribership.

Among the questions posed is how often that definition should be updated.

"A static definition will fail to address changing needs and habits," the FCC notice said.

The United States lags behind many European and Asian countries in terms of broadband speed.

A 2008 study by the Organization for Economic Co-operation and Development showed that the United States ranked 19th with an advertised rate of 9.6 mbps. The top three countries were Japan with 92.8 mbps, Korea with 80.8 mbps and France with 51 mbps.

Flexible LED Breakthrough Allows Bus-size Displays

Displays created with new process would be transparent

The big benefit of producing displays using organic compounds is that the organic screens are flexible. The flexible nature of organic screens, typically made from carbon materials, is that the screens can be easily molded to follow the contours of a surface.

Reuters reports that researchers announced this week that they have devised a new way to make large-scale flexible displays that can be fitted to the contours of a bus, but are transparent. This would allow for video advertising on the displays, but passengers in the bus could still see out the windows.

The project was funded in part by Ford as a way to design brake lights that would conform to the contours of a car. The breakthrough could also be used to produce devices for medical use like imaging devices that can wrap around a patient like a blanket.

John Rogers from the University of Illinois at Urbana-Champaign told Reuters, "If you look at these giant billboard displays along the road side, those are made out of inorganic light emitting diodes (LEDs). Our feeling is those systems are quite impressive. The question became is it possible to take that technology and use it in a non-billboard format."

The current technology used to create screens using inorganic materials produces LED lights that have to be arranged individually with a robotic arm. The organic materials can be sprayed or painted onto a film. The catch for inorganic materials is that they are not as bright or durable as traditional LEDs.

Reuters reports that the team of researchers made their breakthrough by building LEDs on a thin film layer that was later dissolved by a chemical. After the film was dissolved, the LEDs left behind were stamped onto a glass, plastic, or rubber surface much as an ink stamp works.

Rogers told Reuters, "The new approach can lift large numbers of small, thin LEDs from the wafer in one step, and then print them onto a substrate in another step."

Once stamped onto a substrate, the LEDs can be connected with wires in a conventional process like the one used to wire computer chips today. The LEDs are bright enough that they can be placed far apart making the panel nearly transparent. This is the second breakthrough in flexible electronics this week, a team of researchers made a breakthrough allowing electrons and holes to flow in one layer this week.

IT Managers Weigh Virtualization Hurdles
Some say public cloud providers need to do a better job of providing access control, management and compliance features.

Tales from the frontline of companies deploying virtualization were among the highlights of a webinar this week sponsored by Hewlett-Packard. Constraints on physical space and power in the datacenter were among the key reasons companies participating in a panel discussion gave for moving to virtualization technology.

"We adopted virtualization initially to handle backup and fault tolerance for our primary machines and to handle space and power constraints in the datacenter," said Michael Diamant, CTO of procurement solution provider MoreDirect.

"We started virtualizing servers because of a lack of power and space in our computer center," said Debbie Karcher, CIO of Miami-Dade County Public Schools.

Successfully Navigating Cross-Border E-Discovery Disputes
TECHNOLOGY LAW CORNER

Conducting cross-border e-discovery is rife with challenges, but it has become an inescapable part of doing business globally. Fortunately, there are processes and policies that will help an enterprise successfully navigate these treacherous waters and ensure a successful outcome when engaged in a cross-border dispute.

Sun Microsystems (Nasdaq: JAVA) CEO Scott McNealy summed up the American policy on the disclosure of corporate and personal information when he said, "You already have zero privacy -- get over it."

Corporate America has widely accepted the erosion of data privacy and the fact that electronic data residing within an organization is no longer private. Legal and IT departments take it one step further, understanding that any and all electronic data housed within an enterprise is subject to discovery for litigation or investigatory purposes.

Without weighing in on the pros and cons of our lack of information privacy, it is interesting to note that the U.S.'s laissez-faire concept of privacy exists in stark contrast to the ideas held in much of the developed world, where data privacy is a "fundamental human right."

However, as regulators increasingly crack down under laws such as the Foreign Corrupt Practices Act (FCPA), and more and more business transactions cross international borders, this debate moves from the philosophical to the practical.

With the increase in global business comes more cross-border conflicts, lawsuits and investigations. It is in this global realm where it first becomes apparent how the differing ideas of dispute resolution and data privacy can cause significant headaches in litigation. In fact, the divide is so expansive that "cross-border e-discovery has become a major source of international legal conflict, and there is no clear, safe way forward," according to the Sedona (Nasdaq: SDNA) Conference report, "International Electronic Information Management, Discovery and Disclosure, Framework for Analysis of Cross-Border Discovery Conflicts."

Know the Lay of the Land

The launching point for safe passage needs to be a more nuanced understanding of the differences between concepts of privacy on opposite sides of the Atlantic. Without an appreciation of exactly how disparate the paradigms are, it becomes all too easy to assume too many similarities between the European and the admittedly insular American approach.
While the roots of expansive data privacy protections can be traced back to the European Convention on Human Rights of 1950 ("ECHR"), the privacy initiative really gained momentum with the passage of the 1995 European Union's Data Protection Directive (the "Directive").

Article 1 of the Directive states that "Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data."

Although the 30 member states have implemented the Directive in different ways, the main thrust is that data transfers to counties outside the EU are largely prohibited, unless the receiving country or party can provide adequate assurances about the data's confidentiality.

This level of customization means that a U.S.-based organization with international offices or partnerships should enlist counsel in the country where the requested data is located, in order to determine the safest path moving forward. Options include obtaining consent from individual employees or consulting other standards bodies, such as the Hague Convention, before processing or transferring data.

Beware of Criminal Penalties

In most instances, running afoul of privacy laws in a given jurisdiction will result in fines and sanctions, either per the Directive or other applicable blocking statutes. Yet certain jurisdictions wield an even larger club in the form of criminal penalties.

Within its borders, for example, France has criminalized e-discovery by private parties for litigation abroad: "Subject to international treaties or agreements and laws and regulations in force, it is forbidden for any person to request, seek or communicate, in writing, orally or in any other form, documents or information of an economic, commercial, industrial, financial or technical nature leading to the constitution of evidence with a view to foreign judicial or administrative procedures or in the context of such procedures."

As an example, in the case In re Advocat "Christopher X, the French Supreme Court upheld a conviction of a French attorney for violating the French Blocking Statute when he tried to conduct e-discovery for a civil action in an American federal court.

Processing Is Perilous

The implications of this privacy gap are wide ranging, especially for organizations dealing with an active cross-border dispute. Assuming they have acquired a base level of understanding of how complex our litigation and privacy regimes are, enterprises then must determine how to accomplish their given case objectives.

In most instances, those objectives will involve e-discovery and, as such ,will require data to be "processed," which is defined in broad terms by EU directives to include manual or automated "collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction."

This "processing" definition is in stark contrast to the narrow American concept, which is much more oriented toward technical data manipulations such as hashing, indexing, deduplication and the like.

As a result, in-country data processing is emerging as a new and important best practice. Initially, this approach keeps data within the country of origin -- and since the data isn't transported across borders, it reduces the chance for privacy violations.

Next, since the data is first screened for relevancy (presumably using keyword, date range and other transparent search tools), a significant tranche of potentially personal data can be culled and removed if it's not germane to the action.

Finally, when instances of personal data are still located amidst the relevant dataset, it's then advisable to redact or anonymize such information before it's moved out of the EU. This protocol, if executed properly, establishes a reasonable approach to privacy protection and reduces chances for unauthorized disclosure.

Another approach to the challenges of processing is to obtain Safe Harbor "certification," which has been developed by the U.S. Department of Commerce in consultation with the European Commission. It is designed to safely facilitate the transfer of personal information to the U.S.

Safe Harbor certification requires the certified company to validate that it adheres to seven safe harbor principles. Even assuming the certification can be obtained, the actual protections applied by the Safe Harbor are still nebulous, at best. For this reason, processing the data in-country still exists as the safest option.

Manage the Conflicts

As much of the foregoing illustrates, the U.S. e-discovery process (dictated in large part by the Federal Rules of Civil Procedure, aka FRCP) and the EU's data privacy regime are squarely in conflict. This often represents a losing battle for U.S. enterprises conducting business across borders, and there are several examples of what happens when this process isn't navigated successfully.

The Sedona Report cites a number of instances in which the difficulty of conducting e-discovery abroad is not an effective excuse for noncompliance, including United States v. Vetco. The Ninth Circuit upheld sanctions against Vetco for not complying with an IRS summons, despite its argument that this would violate Swiss banking secrecy laws.

In other instances, the FRCP have been upheld despite apparent conflicts. In the case Hagenbuch v. 3B6 Sistemi Elettronici Industriali S.R.L., a U.S. district court determined that the Federal Rules should apply despite Italy's express declaration against the obtaining of pretrial discovery documents in common law countries. Needless to say, these conflicts become difficult to both predict and resolve, since each will turn not only on the conflicts of laws, but also upon the unique facts in the case.

In sum, the existence of inherent conflicts between privacy and discovery means that legal and IT groups at enterprises doing business globally will need to instill some form of process and policy to minimize the impact when cross-border e-discovery disputes arise.

Understanding the landscape and emerging best practices is the only way to manage this issue, given the disconnect between governance in the U.S. and abroad. Savvy organizations will take a "belt and suspenders" approach by hiring local counsel, seeking certification, and processing data in-country, all of which will serve to demonstrate a reasonable approach to a basically unreasonable challenge. Failure to take these numerous precautions can lead to fines and criminal penalties -- which, for most, will result in proceeding with an abundance of caution.

The Government's Place in the Cloud
By Jeffrey M. Kaplan
E-Commerce Times
08/20/09 4:00 AM PT

Government agencies once notorious for living in the technological Dark Ages are being lured to SaaS, and it's easy to see why. They want to streamline their bureaucratic processes and reduce their operating costs. In one instance, the state of California spent just $7 for an evening's worth of hosted compute time vs. tens of thousands of dollars.

Hello Skynet: meet the robots that learn to lie

Asimov's three laws of robotics are well known - but it may be time to prepare some new ones, if research by a team in Lausanne is anything to go by. The group built robots that were able to find "food" and emit light to attract other robots to the food source. However, when the researchers increased the level of competition - effectively pitting the robots against each other for a decreasing amount of food - they discovered that the robots actually learned to suppress information. Instead of shining their light to help find food sources, they discovered that not emitting light meant more food for themselves. As MIT Technology Review puts it, "the researchers suggest that the study may help scientists better understand the evolution of biological communication systems". It could mean a lot more besides.

Micro injections: Score 1 for needle-phobes

I'll admit that I've never understood the fear of needles. Ever since I was little, I thought it was cool that something could go so deep with only a tiny little sting. My mom told me to think of Strawberry Shortcake, and I'd push out my little chin, watch the needle go in, and cheer.

Yet several people in my life, whose anonymity I'll do them the favor of preserving, practically faint at the mere sight of a needle. Score one for the afflicted, because a new "microneedle patch" supposedly takes the sting out of shots.

An array of "microneedles" could administer drugs without so much as a sting.

"It's our goal to get rid of the need for hypodermic needles in many cases and replace them with a patch that can be painlessly and simply applied by a patient," says Mark Prausnitz of the Georgia Institute of Technology, who announced this promising alternative at the 238th National Meeting of the American Chemical Society in Washington this week. "If you can move to something that's as easy to apply as a Band-Aid, you've now opened the door for people to self-administer their medicine without special training."

The microneedle relies on advances in microfabricating extremely tiny objects. Each needle in this patch is in fact only a few hundred microns long, or about the width of a few strands of human hair. Prausnitz's team, in collaboration with Emory University, administered flu vaccines to mice via both conventional injections and microneedle patches. The resulting antibody levels looked identical; on closer inspection, it turns out that the microneedle patch resulted in an even better immune resut.

Mice that Work on Any Surface!

Logitech has introduced two new mice with Darkfield Laser Tracking. Logitech claims these mice are usable virtually anywhere, including on clear glass (that's at least 4 mm thick) and high-gloss surfaces. The new mice are Logitech Performance Mouse MX and Logitech Anywhere Mouse MX.
Logitech Performance Mouse MX is a right-handed shape with a flexible micro-USB charging system that lets you recharge your mouse through your computer or a wall outlet - even while you're using it. Also, four customizable thumb buttons are provided for important controls - like application switching and zooming. It also features force-sensitive side-to-side scrolling (software enabled) - for fast navigate around Web pages is present too.

Logitech Anywhere Mouse MX is ideal for those who are always on the move and comes with a travel pouch. The tiny wireless receiver stays in your notebook, so there's no need to unplug it when you move around. Plus, you can easily add up to five other compatible Logitech keyboards and mice to the single receiver, including the recently announced Logitech Keyboard K350, Logitech Keyboard K340, Logitech Marathon Mouse M705 and the Logitech Wireless Mouse M505.

The Logitech Performance Mouse MX is expected to be available in U.S. and Europe from August for a suggested retail price of $99.99 (Rs. 4,866 approx.). The Logitech Anywhere Mouse MX is expected to be available in U.S. and Europe beginning in August for a suggested retail price of $79.99 (Rs. 3,892 approx.).

SkyTerra plans public safety cell-satellite system

A subsidiary of hybrid satellite-cellular company SkyTerra is seeking U.S. federal stimulus money to develop public-safety communications devices that work all across the U.S. and Canada.

The devices would be able to use 700MHz terrestrial wireless networks reserved for public safety agencies, but also two satellites that SkyTerra is planning to launch. It's seeking stimulus money to develop and deploy two dual-mode devices optimized for public safety use.

On Tuesday, SkyTerra Safety Access LLC applied for US$37 million from the National Telecommunications and Information Administration (NTIA) under the American Recovery and Reinvestment Act. The company would add $9 million of its own money to that sum for the project, according to a SkyTerra press release. The request was made under the Broadband Technology Opportunities Stimulus Program, designed to increase broadband adoption. SkyTerra's plan is intended to increase broadband adoption among public safety agencies, such as police and fire departments.

With the dual-mode devices, public safety agencies would be able to use their terrestrial network wherever it was available and then have calls automatically switch over to SkyTerra's satellite network wherever the 700MHz network wasn't available. An agency could also start out by using the devices on satellite and gradually transition to also using a terrestrial network as one is built, using the same model of handset, according to SkyTerra.

Much of the 700MHz band, which had been home to analog TV stations in the U.S., was opened up in June when analog TV was replaced with more efficient digital technology. Part of the band was set aside for public safety use.

SkyTerra is one of two companies building hybrid satellite-cellular networks. In July, TerreStar launched the TerreStar-1 satellite and announced AT&T Mobility would resell hybrid service, initially to state and local governments. TerreStar, SkyTerra and Infineon Technologies said in April they would develop a multi-standard mobile device platform about the size of a standard cell phone, using a software-defined radio. That handset is expected next year.

Desktop virtualization start-up Wanova emerges from stealth mode

A desktop virtualization start-up called Wanova is emerging from stealth mode Wednesday having secured $13 million in funding to build technology for managing and protecting mobile and remote desktops.

Wanova was founded last year by CEO Ilan Kessler and CTO Issy Ben-Shaul, who previously co-founded Actona, which made software that manages the backup and storage of files from remote offices and was purchased by Cisco in 2004 for $82 million.

Wanova’s Distributed Desktop Virtualization (DDV) software provides centralized management by storing a primary copy of an operating system image in the data center, while storing a cached copy on endpoints to boost performance and provide offline desktop use.

Burton Group analyst Chris Wolf is optimistic about Wanova, saying it combines the benefits of centralized management, including the ability to quickly provision new desktops, with an offline VDI experience delivered transparently to end users.

“If [DDV] does everything they’re saying it can do, it’s certainly unique and borderline groundbreaking,” Wolf says. “It combines the best of a lot of worlds.”

Many desktop virtualization deployments have been plagued by negative ROI, but Wanova requires minimal upfront investment in new hardware, Wolf says.

“Desktop management for distributed enterprises is a big problem,” Ben-Shaul says. “The problem we solve is the management, protection and support of mobile and remote endpoints.”

Although the technology cannot be used on thin clients, DDV lowers overall cost by offloading compute tasks to endpoints, such as laptops and netbooks, according to Ben-Shaul. The goal is to provide the security and management benefits of centralization without impacting user experience.

Up to 1,000 end points can be managed from a single 1U server, with storage needs minimized by de-duplication and the use of a single operating system image for many users, he says. IT administrators just have to support the primary OS image in the data center, while the cached copies on endpoints let individuals personalize their desktops by installing their own applications.

“User experience is the major impediment to the deployment of [desktop virtualization] on a wide scale,” Ben-Shaul says.

Wanova, based in San Jose, Calif., with facilities in Israel, has received $13 million in first-round funding from Greylock Partners, Carmel Ventures, and Opus Capital.

DDV is being tested in trials by enterprise customers, and could become generally available in early 2010, or sometime this year. Wanova said it expects to make another product announcement next quarter.

The company’s technology supports Windows XP and Windows 7, and Wanova plans to support Linux in the future. Ben-Shaul says Wanova decided not to support Vista because it hasn’t been deployed much in enterprises and many Vista users will move to Windows 7 anyway.

DDV itself is not a hypervisor, although it can work with either Type 1 or Type 2 desktop hypervisors from other vendors, Ben-Shaul says. If the customer doesn’t use a hypervisor, DDV runs on bare metal.

Wanova will be competing against established virtualization companies like VMware and Citrix, as well as a raft of start-ups targeting the desktop market. Although Wanova’s core architecture is impressive, the company will have work to do in lining up desktop application vendors to support its platform, Wolf says.

Broadband Penetration, Economy Boost Demand in Hosted Telephony, Report Says

A survey of enterprise to midmarket companies in the U.S. and abroad found increased demand for hosted telephony and related applications, due to quick ROI and a shaky economy.

According to market research firm T3i Group's most recent survey of almost 300 U.S. and international enterprise and small to medium-size business decision makers, the near-term market for hosted Internet Protocol telephony and applications is much larger than indicated by previous studies.

The survey addressed global demand for hosted telephony and seven hosted applications: contact center, audio conferencing, desktop video conferencing, Web conferencing, voice messaging, unified messaging and interactive voice response/speech recognition. In addition to the demand research, analysis included interviews with hosted service providers.

The company’s "Global Market Demand for Hosted IP Telephony and Hosted - SaaS UC Applications Market Outlook" report segments current and expected hosted telephony customers by their size, implemented or planned service usage, service provider selection criteria, financial and nonfinancial decision-maker criteria, and more than 15 measurements of customer satisfaction or dissatisfaction. The research found that the selection criteria for hosted applications has shifted with growing awareness of SAAS (software-as-a-service) solutions and cloud computing.

The survey found bundled access is a second factor in the growth of hosted services, with companies that provide wideband access for multiple business purposes finding that customers like the idea of consolidating their voice/PBX services with provider services. IT and telecom decision makers' disinterest in hosted telephony and applications was most frequently attributed to their preference for premises-based solutions and the need for total control over systems. The group’s research detected concern over these considerations has dropped substantially in comparison with earlier studies.

Russell Horowitz, market research specialist at T3i and author of the report, said service providers who previously had little to do with the desktop, and especially not the phone system, are encroaching on the telecom vendor's turf. "Interest in hosted telephony and these seven hosted applications was indicated by more than 50 percent of our surveyed research panel,” he said. “It is fair to say that service providers are doing a great job exhibiting their abilities to supply such advanced features as federating remote locations or administering collaborative applications by individual business departments."

Horowitz said quick ROI (return on investment), defined as applications and services that pay for themselves within the first year of deployment, has become a major factor in hosted application deployment. Representing a shift from prior T3i research, enterprise, SMB and international decision makers cited the same two types of service providers as being highly capable of providing quick ROI, based on two factors: the inherent financial benefits of the core (IPT) hosted service and the use of such cost-saving technologies as collaboration and IVR.

In addition, the company said a significant percentage of respondents now view hosted service as having more functionality than similar CPE solutions. “Enterprises of all sizes appear to be lured to advancing their capabilities and competitiveness without the need to ramp up/maintain internal staffing, and to purchase expensive systems and maintenance contracts,” noted Horowitz.

Linux is booming, but unpaid adoption may hurt vendors

Even as the recession continues to cool CIO appetites for software purchases, Linux is bucking the trend, according to a new IDC report.

IDC is projecting Linux revenue to expand at a compound annual growth rate of 16.9 percent from 2008 to 2013, topping $1.2 billion in 2013.

As IDC notes, this growth will comprise just 4 percent of total software market revenue by 2013, up from 2.2 percent in 2008. However, for the second time, IDC has also examined nonpaid deployments of Linux, revealing some troubling data.

I've always assumed Red Hat's primary Linux competitor is Novell. And based on IDC's numbers, it does appear that Novell is increasingly a real threat to Red Hat.

But it is the nonpaid usage of Red Hat's software that may well pose a bigger risk.

Novell has 27.9 percent market share of paid deployments and 20.1 percent of the total paid and nonpaid market. This doesn't look so great at first glance; after all, more people use Red Hat (including Fedora) for free than pay for Suse Linux Enterprise Server.

However, in growth, Suse stands out. On paid shipments, Red Hat's 2007 to 2008 growth was 1.9 percent, while Novell's Suse was nearly double that at 3.5 percent.

On revenue, Novell comes in at 29.8 percent market share. That represents 50.3 percent growth in market share, versus Red Hat's 14.8 percent growth. Granted, Red Hat has a much larger base of revenue from which it's growing ($319.5 million compared with Novell's $112.6 million in 2007), but Novell's Linux revenue growth has outpaced Red Hat's since 2007.

I don't particularly like Novell's partnership with Microsoft to promote Linux, but it does appear to be paying off for Novell.

If Red Hat could elect to eliminate one competitor tomorrow, though, I'm wiling to bet that it would not choose Novell's Suse. It would choose unpaid Red Hat Enterprise Linux (RHEL), which accounts for a big chunk of the overall Linux market.

This may seem trivial, given that Red Hat earned a 62.2 percent share in the overall market for new license paid shipments/subscriptions, measured by deployments, or 64.7 percent, measured by revenue.

Sounds great, right?

Maybe. Intriguingly, Red Hat also claims 28.6 percent of the nonpaid market...for RHEL, its Linux distribution that should only be available to paid subscribers, but which many companies dishonestly use without paying (e.g., they may violate their contract by running more RHEL servers than they actually pay for).

Add Red Hat's paid and nonpaid deployments together, and Red Hat accounts for 47.6 percent of the global Linux market, whether users are legitimate customers or pirates.

It gets better (or worse, depending on your view). If one adds in the RHEL clone CentOS and Red Hat's own community distribution Fedora Core, Red Hat and its offspring dominate the global Linux deployments market with 57.1 percent market share.

This might not be so bad, if the trend were toward more paid Linux adoption, but it's not. While paid Linux server deployments will grow at an impressive rate, nonpaid deployments will grow even faster, nearly reaching parity with paid deployments in 2013.

Why this growth in nonpaid Linux?

Undoubtedly some of it stems from enterprises wanting to get something for nothing. Rather than pay for value, they attempt to cheat the system, leaving less money to help develop Linux.

CBS to run video ads in magazines this fall

NEW YORK--Broadcast network CBS will be advertising its fall TV season with a video-chip ad embedded in an issue of Entertainment Weekly, CBS marketing president George Schweitzer announced at a press conference in the company's midtown Manhattan headquarters.

The September 18 issue of the Time Inc.-owned entertainment magazine will feature what Schweitzer said is the first video ad to appear in print, launched in partnership with advertiser PepsiCo to promote the soda brand's Pepsi Max drink and the network's Monday primetime lineup. Not everyone will be seeing it: the ad will appear in a magazine insert sent to subscribers in the New York and Los Angeles metro areas--an edition without the video chip will be sent to subscribers elsewhere as well as on newsstands.

The technology for the battery-powered ads was manufactured by a Los Angeles-headquartered company called Americhip, and each video ad can handle about 40 minutes of video.

"It's leadership in innovation, which we really stress at CBS in every part of our company," Schweitzer said of the ads, which were developed with the collaboration of the Ignition Factory, a division of the Omnicom Group's OMD media agency.

Cloud Security Panel: Is cloud computing more or less secure than on-premises IT?

Welcome to a special podcast discussion coming from The Open Group’s 23rd Enterprise Architecture Practitioners Conference in Toronto. This podcast, part of a series from the July 2009 event, centers on cloud computing security.

Much of the cloud security debate revolves around perceptions. ... For some cloud security is seeing the risk glass as half-full or half empty. Yet security in general takes on a different emphasis as services are mixed and matched from a variety of internal and external sources.
So will applying conventional security approaches and best practices be enough for low-risk, high-reward, cloud computing adoption? Most importantly, how do companies know when they are prepared to begin adopting cloud practices without undo security risks?

Here to help better understand the perils and promises of adopting cloud approaches securely, we welcome our panel: Glenn Brunette, distinguished engineer and chief security architect at Sun Microsystems and founding member of the Cloud Security Alliance (CSA); Doug Howard, chief strategy officer of Perimeter eSecurity and president of USA.NET; Chris Hoff, technical adviser at CSA and director of Cloud and Virtualization Solutions at Cisco Systems; Dr. Richard Reiner, CEO of Enomaly; and Tim Grance, program manager for cyber and network security at the National Institute of Standards and Technology (NIST).

The discussion is moderated by me, BriefingsDirect's Dana Gardner.

Here are some excerpts:

Reiner: There are security concerns to cloud computing. Relative to the security concerns in the ideal enterprise mode of operation, there is some good systematic risk analysis to model the threats that might impinge upon this particular application and the data it processes, and then to assess the suitability of different environments for potential deployment of that stuff.

There are a lot more question marks around today's generation of public-cloud services, generally speaking, than there are around the internal computing platforms that enterprises can use. So it's easier to answer those questions. It's not to say the answers are necessarily better or different, but the questions are easier to answer with respect to the internal systems, just because there are more decades of operating experience, there is more established audit practice, and there is a pretty good sense of what's going to be acceptable in one regulatory framework or another.

Howard: The first thing that you need to know is, "Am I going to be able to deliver a service the same way I deliver it today at minimum? Is the user experience going to be, at minimum, the same that I am delivering today?"

Because if I can't deliver, and it's a degradation of where my starting point is, then that will be a negative experience for the customers. Then, the next question is, obviously, is it secured as a business continuity? Are all those things and where that actual application resides completely transparent to the end user?

Brunette: Is cloud computing more or less secure than client-server? I don't think so. I don't think it is either more or less secured. Ultimately, it comes down to the applications you want to run and the severity or criticality of these applications, whether you want to expose them in a shared virtualized infrastructure.

... When you start looking at the cloud usage patterns and the different models, you're going to see that governance does not end at your organization's border. You're going to need to understand the policies, the processes, and the governance model of the cloud providers.

It's going to be important that we have a degree of transparency and compliance out in the cloud in a way that can be easily consumed and integrated back into an organization.

Hoff: One of the interesting notions of how cloud computing alters the business case and use models really comes down to a lot of pressure combined with the economics today. Somebody, a CIO or a CEO, goes home and is able to fire up their Web browser, connect to a service we all know and love, get their email, enjoy a robust Internet experience that is pretty much seamless, and just works.

NetGear Launches ProSafe Gigabit VPN Firewall

NetGear's $139 VPN firewall, the FVS318G, is aimed at cost-conscious businesses that require advanced security controls for the office and remote locations.

Networking solutions company NetGear announced the release of ProSafe 8-Port VPN Firewall (FVS318G) aimed at small to medium-size businesses (SMBs). The compact firewall, which delivers network security, remote access and Internet access, can support up to 10 users. Providing IPsec VPN for secure remote connections and firewall functions to protect small business networks from hackers, the FVS318G offers eight gigabit ports, one gigabit WAN port, and up to 25 megabit per second broadband throughput. The appliance also features a software-configurable hardware DMZ port to provide for server and other externally facing connections.

The company said the FVS318G is ideal for small businesses that need externally facing network resources like a Web server but have strict internal LAN security requirements. The DMZ port can be activated or deactivated using a user-friendly graphical user interface (GUI) and adds an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to the external-facing equipment in the DMZ, rather than the whole of the network.

Enterprise App Developers Use Insecure Data
Credit card numbers, customer information, and even employee records are inadequately protected in development environments, according to a new report.

A majority of IT practitioners feel their company lacks adequate policies, procedures, and security techniques in managing threats to data in development environments.
That's according to a study of IT pros conducted and released today by the Ponemon Institute and sponsored by Micro Focus.

The results of the survey are no surprise, Larry Ponemon, chairman and founder of the Ponemon Institute, told InternetNews.com.

"Over decades in security research, I have seen the real effort put into the production environment, not development and testing," he said. "But wherever the criminal or a company's competitor gets the data, it's still a real problem."

Part of the problem stems from the fact that real data is being used in development environments, and lots of it, according to the survey. Respondents said that the most common types of data used are, in order, customer records, employee data, and credit card numbers.

"That's surprising," Ponemon said. "There are PCI [Payment Card Industry standards] compliance issues with the use of credit card data."

eBay Opens Markplace for Third-Party Apps
The online auction giant's new app store is available for eBay sellers, giving developers new revenue opportunity.

eBay sellers today will be able to access third-party applications for the first time as the e-commerce giant opens its app marketplace.

The third-party apps offered through the store are aimed at eBay sellers, and provide tools for them to manage and streamline their online businesses. The apps run on eBay's Selling Manager and Selling Manager Pro services.

eBay first opened the platform to developers several months ago, shifting it from a console to manage listings to an open platform on which third-party developers can create and sell applications for sellers' my.ebay.com pages.

Through the arrangement, merchants using Selling Manager get access to new tools, which developers sell through the marketplace on a subscription basis. eBay, meanwhile, gets a share of the revenue from sales of the apps, and handles the billing for developers.

"eBay's Selling Manager Applications Platform ... makes it easy to find and subscribe to tools that can help our customers increase the efficiency and velocity of their businesses on eBay," Dinesh Lathi, vice president of eBay's seller experience, said in a statement.

For developers, it's a relatively sizable market: So far, eBay said it has 270,000 sellers using Selling Manager.

"Selling Manager Applications addresses the need of developers to more readily connect eBay sellers who are seeking useful tools for their eBay businesses," Kumar Kandaswamy, eBay's platform senior manager, said in a statement.

While the Selling Manager app service launches with only a dozen applications, eBay is optimistic about its future expansion. For one thing, the online auction giant already has a robust community of developers, with more than 96,000 having signed on to use its API and having authored more than 13,000 live applications. Kandaswamy also said that 28 percent of eBay listings in 2008 went through third-party applications using eBay APIs.

Palm plans for commercial application store launch

NEW YORK, Aug 18 (Reuters) - Software developers will be able to start charging for applications downloads to Palm Inc's (PALM.O) high-profile Pre smartphone with the company's launch of an e-commerce beta program set to start in mid-September.

Developers will still have the choice of giving apps away for free, but Palm said on Tuesday that software providers who want to charge for Pre apps will get 70 percent of revenue from the sale. The remaining 30 percent would go to Palm in an arrangement that mirrors Apple Inc's (AAPL.O) app store.

Palm shares were up 3.9 percent at $13.74 in morning trading.

Consumers will be able to easily pay for their purchases using Visa Inc (V.N) and MasterCard (MA.N) credit cards, according to Palm.

The company is betting on its brand new webOS operating system and App Catalog first used in Pre, to win back market share lost to rivals such as Apple's iPhone and Research In Motion's (RIM.TO) BlackBerry. Palm has said that Pre is the first of a whole line of phones to be based on webOS.

Palm said it aimed to launch a full developer program for the App Catalog in the United States this fall. Apple started a phone vendor craze for app stores after its software store, launched last year, helped boost iPhone sales. Sprint Nextel Corp (S.N) is currently the exclusive U.S. provider for Pre, but Verizon Wireless, a venture of Verizon Communications Inc (VZ.N) and Vodafone Group Plc (VOD.L), says it will start selling the phone early next year.

Patients Warm to Digital Records But Docs Shun Web
It's hit-and-miss for the latest trends in health IT, according to findings from a new IBM study.

At a time of raging debate over what the government should do to improve health care, an IBM-sponsored survey set for release next week indicates the Web is vastly underutilized.

Less than one-fifth of the 1,000 patients surveyed said their family doctor uses a Web site to communicate with patients.

But among patients visiting the Emergency Room more than four times in the past year, 70 percent said they'd like greater access to their doctors, like the ability to contact them after hours. To IBM, the results indicate the possibility of fewer ER visits if online communications were more in use.

That's not the only area where Big Blue sees IT playing a role in improving health care. IBM (NYSE: IBM) is one of several large tech giants supporting the implementation of electronic health records. Google (NASDAQ: GOOG), Microsoft (NASDAQ: MSFT) and IBM, among others, all have initiatives designed to make patient medical records available electronically, making them more accessible to consumers and more portable in the event they switch providers.

The study results suggest that consumers are open to the idea. Overall, 54 percent of those surveyed said they were interested in viewing their medical records online.

The interest bumps up among so-called Generation Y'ers (ages 18 to 29) -- 60 percent of that age group said they want online access to their medical records. But among Americans aged 50 or more, only 43 percent said they cared to access their records online.

Twitter used to control botnet

AN INSECURITY EXPERT investigating last week's Twitter attacks has stumbled across another security problem for the social notworking outfit.

According to AP, Jose Nazario with Arbor Networks said he found that a criminal was using a Twitter account to control a network of a couple hundred infected personal computers.

The botnet was in Brazil and Nazario said he found a Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious websites where they could download programs that steal banking passwords.

He contacted Twitter and the account was shut down, however Nazario also found the same person was doing the same thing on an account with a Google service called Jaiku, which is similar to Twitter.

Google said the affected account was shut down so there was nothing to see here move along please.

Nazario said that the techniques being used were not rocket science but were effective. In the old days it used to be ICQ that was the tool of choice for hackers to control botnets.

rHow 10 digits will end privacy as we know it

Internet denizens and urban dwellers alike need to recognize that an era of anonymity is ending.
The population of the world stands at about 7 billion. So it takes only 10 digits to label each human being on the planet uniquely.

This simple arithmetic observation offers powerful insight into the limits of privacy. It dictates something we might call the 10-Digit Rule: just 10 digits or so of distinctive personal information are enough to identify you uniquely. They're enough to strip away your anonymity on the Internet or call out your name as you walk down the street. The 10-Digit Rule means that as our electronic gadgets grow chattier, and databases swell, we must accept that in most walks of life, we'll soon be wearing our names on our foreheads.

A study of 1990 U.S. Census data revealed that 87 percent of the people in the United States were uniquely identifiable with just three pieces of information (PDF): five-digit ZIP code, gender, and date of birth. Internet surfers today spew considerably more information than that. Web sites can pinpoint our geographical locations, computer models, and browser types, and they can silently track us using cookies. Banking sites even confirm our identities by verifying that our log-ins take place at consistent times of day.

Verizon Wireless Completes First Successful LTE 4G Data Calls

Verizon Wireless completed its first successful LTE 4G data calls. The LTE technology, which will compete against Sprint- and Clearwire-backed WiMax, is also supported by LG, Samsung, Nokia, Ericsson and Alcatel-Lucent, among others.

Verizon Wireless is a step closer to its promise of offering nationwide Long Term Evolution (LTE) 4G coverage by 2013. On Aug. 14, the carrier reports, it completed successful LTE data calls in Boston and Seattle, both based on the 3GPP Release 8 standard and over 700MHz spectrum.

TomTom $99 GPS app heads to iPhone

A hundred-dollar makeover can turn your iPhone into a GPS device.

GPS specialist TomTom announced Monday that its new $99.99 iPhone app is now up for sale at the iTunes store.

TomTom for the iPhone comes with features typically found in standard GPS units, including voice directions and full maps of the U.S. and Canada. Maps for Europe, Australia, and New Zealand are available at varying prices.

The app uses a new technology called IQ Routes, said the company. Instead of suggesting the quickest route based on travel time, IQ Routes taps into the actual experiences of other TomTom drivers to determine the fastest route to take. TomTom said this technology lets people reach their destinations quicker up to 35 percent of the time.

In addition, the software can suggest alternative routes if a turn is missed or a road is blocked, the company said.

"With TomTom for iPhone, millions of iPhone users can now benefit from the same easy-to-use and intuitive interface, turn-by-turn spoken navigation and unique routing technology that our 30 million portable navigation device users rely on every day," said Corinne Vigreux, managing director of TomTom.

The company will also offer a car kit, so that drivers can attach their iPhones to the front window or dash.

IBM uses DNA to make next-gen microchips
Mon Aug 17, 2009 9:01am EDT

SAN FRANCISCO (Reuters) - International Business Machines Corp is looking to the building blocks of our bodies -- DNA -- to be the structure of next-generation microchips.

As chipmakers compete to develop ever-smaller chips at cheaper prices, designers are struggling to cut costs.

Artificial DNA nanostructures, or "DNA origami" may provide a cheap framework on which to build tiny microchips, according to a paper published on Sunday in the journal Nature Nanotechnology.

Microchips are used in computers, cell phones and other electronic devices.

"This is the first demonstration of using biological molecules to help with processing in the semiconductor industry," IBM research manager Spike Narayan said in an interview with Reuters.

"Basically, this is telling us that biological structures like DNA actually offer some very reproducible, repetitive kinds of patterns that we can actually leverage in semiconductor processes," he said.

The research was a joint undertaking by scientists at IBM's Almaden Research Center and the California Institute of Technology.

Right now, the tinier the chip, the more expensive the equipment. Narayan said that if the DNA origami process scales to production-level, manufacturers could trade hundreds of millions of dollars in complex tools for less than a million dollars of polymers, DNA solutions, and heating implements.

"The savings across many fronts could add up significantly," he said.

But the new processes are at least 10 years out. Narayan said that while the DNA origami could allow chipmakers to build frameworks that are far smaller than possible with conventional tools, the technique still needs years of experimentation and testing.

Is your Palm Pre spying on you?
User claims phone sends data on apps used and GPS info to the company
By Jared Newmanupdated
2 hours, 59 minutes ago

Is your Palm Pre spying on you and sending your GPS coordinates and more back to the Palm mothership on a daily basis? According to mobile application developer Joey Hess, that's exactly what is happening. He asserts on his personal blog that data on the location and app used on the Palm's Pre smartphone is being sent to Palm.

The report of Palm snooping on its customers is growing in volume within the blogosphere with many taking the allegations seriously. To be clear, the allegation can not be confirmed.

Palm responded to our request for comment with this statement:

"Palm takes privacy very seriously, and offers users ways to turn data collecting services on and off. Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer's information, all toward a goal of offering a great user experience. For instance, when location based services are used, we collect their information to give them relevant local results in Google Maps. We appreciate the trust that users give us with their information, and have no intention to violate that trust."

Hess says he took a close look at the code in his Pre's WebOS and found that the phone was periodically sending information to Palm. Some of this data is fairly benign, such as information on WebOS crashes. Things get a little freakier, however, if you believe Hess when he asserts Palm is gathering users' GPS information, along with data on every app used, and for how long you used it. This information gets uploaded to Palm on a daily basis, Hess claims.

Without the capability to hack into WebOS, there doesn't seem to be a way to disable this alleged communication, Hess says. According toPalm's terms and conditions for the WebOS there is nothing that mentions this exact type of data collection and reporting. However, a section of Palm's terms does say it has the right to "collect, store, access, disclose, transmit, process, and otherwise use your Registration Data, account or Device information," and may also do the same with your location data to provide location services.

Lauren Weinstein, co-founder of People for Internet Responsibility, said he's still collecting information and didn't want to comment on Hess' report until he could confirm it. But Weinstein says he's generally wary of usage terms and conditions that allow data collection, especially if the user can't opt out through the device. He said location data is particularly sensitive, because it can be requested or subpoenaed.

"Any time there's automatic reporting that includes what users are doing, and there hasn't been some kind of affirmative acknowledgment ... that opens up some questions," he said.

Netscape Founder Backs Next-Gen Browser
Ian Paul
Aug 14, 2009 8:08 am

The browser wars have gotten livelier with new entries and updates, with Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Opera, and Apple's Safari all scrambling for attention. But a warrior from the first browser war is apparently gearing up for battle once more. Netscape founder-turned-investor Marc Andreessen is backing a new company, Rockmelt, that is developing a next-generation Web browser, according to the New York Times.

Like Google's approach with its Chrome browser, Rockmelt is optimizing the Web browser for the current demands of the Internet, such as running Web-based applications or Web apps.

"There are all kinds of things that you would do differently [today] if you are building a browser from scratch," Andreessen told the New York Times earlier this year. Rockmelt was founded by Eric Vishria and Tim Howes, both of whom were executives at Opsware, a company co-founded by Andreessen and sold to Hewlett-Packard in 2007.

Few details are available about how Rockmelt's browser is different. The Times reports one interesting tidbit: Rockmelt's Website reportedly posted a privacy policy, since removed, that mentioned some sort of Facebook integration. The policy said you could "use a Facebook ID to log into RockMelt." It's not clear what this means, but I wonder if Rockmelt plans to store your Facebook credentials as an automatic login feature for Facebook Connect-enabled Web sites. Andreessen, it should be noted, serves on Facebook's board, but the Times says Rockmelt and Facebook are not working together on the Web browser.

Netscape is widely credited as the browser that helped popularize the Web during the early to mid-90s. In response to Netscape's popularity, Microsoft developed Internet Explorer and has bundled IE with copies of Microsoft Windows ever since (a practice that is now under scrutiny in Europe).

Netscape and Microsoft quickly developed a rivalry known as the first browser war. Microsoft ultimately won that battle, which effectively ended with Netscape being sold off to AOL and Internet Explorer becoming the dominant Web browser worldwide. Netscape then languished under AOL, before it was eventually spun off into an open-source project that led to the development of the popular and innovative Web browser Mozilla Firefox.

Considering that most browsers today can claim only marginal popularity, breaking into the Web browser market may be difficult for Rockmelt. In fact, Mozilla Firefox is really the only threat to Internet Explorer's still impressive dominance. The latest numbers from metrics firm Net Applications gives IE 68 percent of the worldwide browser market, with Firefox coming in a distant second at just under 23 percent. Other well-known browsers, including Chrome, Opera, and Safari, combine to make up less than 9 percent of the remaining browser market.

Rockmelt likely has a difficult fight ahead, but it's always interesting to try new browsers and Andreessen's endorsement will no doubt draw some interest to Rockmelt's entry. The new Web browser is in only early stages of development, but to keep tabs on Rockmelt you can sign up for e-mail updates at the company's Website.

Microsoft releases preview for next SQL Server

Microsoft has delivered the next iteration of its flagship database product, SQL Server 2008 R2, to developers for review.

The company released a preview of the software to MSDN and TechNet subscribers on Monday. A community technology preview (CTP) will be available on Wednesday for general download, Microsoft said in a blog post.

SQL Server 2008 R2, previously code-named "Kilimanjaro," is the next generation of the Microsoft SQL Server database platform. The product is planned for release in the first half of next year.

The updated database software lets businesses build their own business intelligence capabilities. It includes a new version of its report-making software, Report Builder 3.0, that can incorporate maps.

"Report Builder 3.0 supports geospatial visualization to produce new insights and discoveries by combining geospatial data with business information," according to Microsoft.

In addition, Report Builder 3.0 allows caching of datasets on the report server when toggling between design and preview modes.

Using the preview, administrators will be able to set up a multiserver environment and enroll instances into a central management component, without having to rely on technical support, said the company.

"New wizards enable administrators to quickly set up a multi-server management environment in minutes--no professional services required," said the blog post.

The SQL Server 2008 R2 is one of a tranche of Microsoft CTPs slated for an August release.

StreamInsight, which is low-latency complex event processing software, will be launched "in the coming weeks," according to the company.

It will be followed by the first CTP for SQL Azure Database, a limited preview of Project "Gemini" Excel and SharePoint add-ins, and a private technology preview of Project Madison, Microsoft's data-warehousing product.

Downloads of the preview are available on Microsoft's SQL Server 2008 R2 Web site.

Microsoft Team Traces Malicious Users
Three researchers find a way to trace compromised machines used to attack other computers.

Anonymity on the Internet can be both a blessing and a curse. While the ability to hide behind anonymous proxies and fast-changing Internet protocol (IP) addresses has enabled freer speech in nations with repressive regimes, the same technologies allow cybercriminals to hide their tracks and pass off malicious code and spam for legitimate communications.

In a paper to be presented next week at SIGCOMM 2009 in Barcelona, Spain, three researchers from Microsoft's research center in Mountain View, CA, demonstrate a way to remove the shield of anonymity from such shadowy attackers. Using a new software tool, the three computer scientists were able to identify the machines responsible for malicious activity, even when the host's IP address changed frequently.

"What we are really trying to get at is the host responsible for an attack," said Yinglian Xie, a member of the Microsoft team. "We are not trying to track those identifiers but associate them with a particular host."

The prototype system, dubbed HostTracker, could result in better defenses against online attacks and spam campaigns. Security firms could, for example, build a better picture of which Internet hosts should be blocked from sending traffic to their clients, and cybercriminals would have a harder time camouflaging their activities as legitimate traffic.

Xie and her colleagues, Fang Yu and Martin Abadi, analyzed a month's worth of data--330 gigabytes--collected from a large e-mail service provider, in an attempt to determine which users were responsible for sending out spam. To trace the origins of multiple spam outbreaks, the scientists studied records including more than 550 million user IDs, 220 million IP addresses, and a time stamp for events such as sending a message or logging into an account.

Distilling ERP Data Into Tasty BI Brew

Businesses' transaction processing systems typically accumulate mountains of data, and much of it could provide valuable insights if viewed through the right filters. Think of business intelligence as a layer on top of or embedded within ERP and other applications that wind up being giant repositories of data.

Enterprise resource planning (ERP) systems provide much-needed capabilities, such as management of financial, product/inventory, human capital, purchasing, and other transactional data within one environment. The value proposition for investing in ERP has traditionally been tied to the standardization of business processes and centralization of information that makes it easier and faster to collect and manage data across many areas of the business. Increasingly, ERP customers have come to realize that the value from ERP investments can be increased dramatically through analysis of the consolidated data captured within and around the ERP system.

Enterprises of all shapes and sizes today are sitting on mountains of data resident in their transaction processing systems of record. While ERP solutions are at the very core of this transactional data, the volume and complexity of that data grows as ERP is surrounded by applications which extend its reach into areas such as customer relationship management, supplier and supply chain management, product lifecycle management and others. Given huge volumes of data from ERP and potentially other disparate sources, analyzing this information can be a challenge. Yet achieving transparency and visibility is no longer simply a lofty goal, but a core necessity of the business.

Oracle Deepens Virtual Application Plans
The database giant taps Linux in a new template builder that puts Oracle into the virtual appliance business.

Do enterprise apps make for good virtual appliance apps? According to enterprise software vendor Oracle, they sure do, but they need to have the right technology behind them.

Oracle (NASDAQ: ORCL) today unveiled a new open source technology called Oracle VM Template Builder, which enables users to build their own virtual software appliances.

"When you talk about the virtual appliance market, much of the uses in the past have been focused on development and demo environments," Monica Kumar, senior director for Linux and open source product marketing at Oracle, told InternetNews.com. "What we're talking about is real production enterprise software. We're talking about really popular, well-deployed enterprise software that is in production. This is meant to enable and speed the deployment of enterprise applications."

The graphical utility uses the Oracle VM virtualization technology and a minimal JeOS ("Just Enough Operating System") version of Oracle's Linux operating system.

Oracle first released its Oracle VM virtualization hypervisor technology in 2007, and it is based on the open source Xen hypervisor. Last year, Oracle began its Oracle VM Templates program, which provides users with pre-built Oracle software virtual appliances.

Now with the Oracle VM Template Builder, Oracle is opening up its virtualization technology to build software appliances for any type of software.

Sitting underneath the hypervisor technology is Oracle's JeOS, which Kumar explained is a version of Oracle's Enterprise Linux tailored specifically for Oracle VM template.

"Basically, it is something that is only applicable for building Oracle VM templates," Kumar said. "It is not something that we directly support for users to deploy as an operating system."

Competition looming

While VM Template Builder is installed locally, other competitive virtual appliance building services are available as online Software-as-a-Service or cloud services.

Linux vendor Novell recently launched its online virtual appliance building service SUSE Studio application, while rPath Linux has had a similar service in market for several years.

That hasn't deterred Oracle, however.

"This is only the beginning for us," Kumar said. "It has only been a year and a half since we announced Oracle VM. Last year, we focused on creating templates of just Oracle software, and now we are taking the next step and we're helping ISVs build templates for their software. We're just taking one step at a time and this is a good first step for us."

Kumar said the VM Builder program is a free development tool and there is no charge to ISVs to use the software -- Oracle considers the virtual appliance just another deployment mechanism. Instead, enterprise software subscriptions and support for the actual applications is where money might change hands.

As part of its virtualization push, Oracle is also adding Oracle VM to its Oracle Validated Configuration program, which is a guide to best practices for deployment.

"What that means is that our best practices are no longer just for physical infrastructure, but we are also providing best practices for virtual software deployment," Kumar said. "The way Oracle looks at virtualization is part of a complete application deployment solution."

How to optimize your WiFi network

Based on its new wireless LAN survey, Aberdeen Group has specific recommended steps you can take to optimize enterprise Wi-Fi.

But you need to know where you're starting from.

Aberdeen in its "Wireless LAN 2009" report (read our review of it here) scores enterprises on various performance metrics, and then arranges them in three groups: best in class (the top 20%), average performers (the next 50%) and laggards (the bottom 30%). In the study, all of these groups over the preceding 12 months showed improvements in metrics such as growth in WLAN traffic, growth in area covered by Wi-Fi, and network uptime. But the best in class showed dramatically higher improvements in all three.

So, where are you?

Here are Aberdeen's recommended steps.

For those in the lowest scoring group:

* Start an in-depth performance and security assessment; inventory what you have, buy and use the basic tools for diagnosis, analysis and planning.

* Get the help you need: improve IT and help desk Wi-Fi expertise, evaluate outsourced support services.

* Lock down and lock up your wireless network.

For those in the average group:

* If you haven't done so, shift to a centralized approach for managing and monitoring the Wi-Fi network, and for deploying network updates.

* Start measuring: You can't improve what you don't measure, and you will need tools to be able to see into the WLAN in order to know what's happening and why.

* Allocate bandwidth priorities for applications, and for users including guests or visitors. About 75% of companies in this group are doing neither.

For those in the top group:

* Run cost-benefit analyses for bandwidth upgrades to see if they're worth it; and measure afterwards to see if you're getting what you expected.

* Use pilot programs for new gear, to uncover incompatibilities and performance problems.

* Create benchmarks for what is "normal" Wi-Fi application performance, and make sure you can measure whether your wireless network is meeting them.

Memeo Send: Like a digital UPS for businesses

Memeo Send uses Outlook integration and drag-and-drop to keep file transfers simple.
(Credit: Memeo)

Memeo Send (for Windows | Mac) is a brand-new application aimed at business professionals in small-to-medium size companies who frequently need to transfer large files to colleagues--including photos, videos, PowerPoint presentations, and hefty design files from InDesign and Adobe Illustrator.

Where Memeo Share (Windows | Mac), the company's free-to-try photo- and video-sharing app, focuses on gallery organization and consumer media, Memeo's impetus with Send is much more on tracking, management, and bulk deliveries.

Memeo Send opens as a simple, yet attractive desktop application that uploads files two ways: you can browse the file tree, or can drag and drop from an open folder to the Memeo Send interface. After that, selecting recipients and jotting down an optional description are all that's left to ship out your parcel of files.

To anticipate the needs of its business users, Memeo Send integrates the Microsoft Outlook address book into the 'Send to' field--just the personal Contacts portion, mind you, not a global corporate list if your company has one. You can also type or paste contacts' names by hand. We'd like a way to create new e-mail groups in Memeo to quickly access a recurring knot of recipients, in addition to accomplishing the task by creating a new Outlook group.

Immediately after beginning the transfer, Memeo Send navigates you to the Track tab, which, in the style of physical packages, produces and then hangs on to a tracking number. The app keeps stats on the date and time the files were sent, the number and size of the files, and on their sending and delivery status. A separate pane monitors the content and status of the file packs that you have received in return, viewable in icon or list form.

Open Source Web Anti-Malware Tool Released

An interesting new piece of security freeware was launched today as Dasient introduced an open source version of its Web server infection remediation technology.

An offspring of Dasient's Web Anti-Malware (WAM) remediation package, the open source Mod Anti-Malware Lite release is an Apache server module that promises to allow Web site operators, Web hosts and developers to better protect themselves against having their URLs corrupted by malware.

The software specifically promises to monitor for and identify online malware infection attempts before they can take root on protected URLs, and then quarantine the involved attacks to prevent them from spreading any further.

In addition to preventing actual attacks from propagating over their sites, the package also helps URL owners avoid the downsides of having their operations black-listed by security vendors and search engines, a significant issue to rebound from for many of the mom-and-pop type sites that are currently being infected in droves, Dasient claims.

"Now more than ever it's important for site owners to deploy defenses that can operate at the scale and speed required to deal with this problem," Dr. Neil Daswani, one of Dasient's three co-founders and a former Google engineer, said in an official announcement.

Dasient is making Mod Anti-Malware Lite available so that people can test certain elements of the technology, with hopes that some will be willing to pay for the paid monitoring and diagnostic services necessary to get the product to flex all of its muscles.

However, anyone who downloads and installs the freeware version will be granted a limited free trial of the paid services.

The company also launched a new partner program aimed at encouraging Web hosting providers to adopt its services to defend their customer domains.

Along with Daswani, Dasient was founded by former Google engineer Shariq Rizvi and former McKinsey strategy consultant Ameet Ranadive. The company's financial backers include some of the same people behind Twitter, VeriSign and Finjan.

Oracle offers virtualization template tool

Oracle will delve further into the server virtualization space Wednesday, offering a template-building tool to speed up deployments based on the open source Oracle VM software product.

The company will use the OpenSourceWorld conference in San Francisco as a launching platform for Oracle VM Template Builder, an open source graphical tool for end users and IVS. The tool leverages Oracle Enterprise Linux JeOS (Just enough OS) scripts for developing pre-packaged virtual machines.

[ Earlier this week, Virtualization vendor VMware bought Java software technology company SpringSource. ]

"These are virtual machines that contain preinstalled, preconfigured software, and basically, once you have that, anytime you have a need to put in a new system, you can copy the files," said Monica Kumar, Oracle senior director of Linux and open source product marketing.

Oracle also will offer a VM template for its Siebel CRM product, allowing for fast setup of a full Siebel environment, Monica said. The company also will roll out a test kit for testing of a stack before deployment as part of the Oracle Validated Configurations Program.

Oracle VM Template Builder, the test kit, and the Siebel template are free, but users must have a license for Siebel CRM.

State schools chief now on Twitter
by Extra.Credit

California’s Superintendent of Schools Jack O’Connell is on Twitter.

“Technology is helping break down the barriers between government and the people,” he said in a statement. “I hope that these Web-based tools will make information from the (California Department of Education) more accessible to Californians.”

As of Monday afternoon, O’Connell had 472 followers and submitted 155 “tweets” including an 11-part epic (by Twitter standards) on H1N1/swine flu. He’s following the likes of Gov. Arnold Schwarzenegger, USDA Food Safety, the L.A. Times and the White House.

Follow O’Connell on Twitter at http://twitter.com/SSPIJack

Panasonic, NEC Tap Linux for Mobile Phones
Latest step forward for the open-source LiMo initiative

Panasonic and NEC unveiled nine new cell phone models on Tuesday that run the open-source LiMo operating system, wireless Linux group LiMo said.

The focus of the cell phone market has been shifting to software development since Google and Apple entered the mobile market in the past two years, with phone vendors and operators increasingly looking for open source alternatives such as LiMo to cut costs.

The market for software platforms on cell phones is led by Nokia's Symbian operating system, but it has lost much ground over the last year to Apple (NASDAQ: AAPL) and BlackBerry maker Research in Motion.

Computer operating system Linux has had little success with cell phones so far, but its role is increasing with the LiMo platform and Google (NASDAQ: GOOG) is using Linux for its Android platform.

Linux is the most popular type of free or so-called open source computer operating system available to the public to be used, revised and shared. Linux suppliers earn money selling improvements and technical services and Linux competes directly with Microsoft, which charges for its Windows software and opposes freely sharing its code.

LiMo also said Japanese mobile carrier KDDI Corp and touchscreen company Immersion had joined the not-for-profit foundation.

But LiMo has been missing support from the largest cellphone vendors. So far, smaller phone makers NEC, Panasonic and Motorola have unveiled in total 42 phones using its software. At the same time, all the top handset vendors, except Nokia, have promised to produce phone models running Android software.

The world's second- and third-largest cell phone vendors, Samsung Electronics and LG Electronics, are members of LiMo, but have not unveiled commercial models.

LiMo hopes to benefit from its focus on giving greater say over software development to telecommunications operators. Its key members -- Vodafone, France Telecom's Orange, Japan's NTT DoCoMo, South Korea's SK Telecom, Telefonica and U.S. operator Verizon Wireless, a venture between Verizon Communications and Vodafone -- have pledged to introduce LiMo phones in 2009.

First Wi-Fi pacemaker in U.S. gives patient freedom

NEW YORK (Reuters) - After relying on a pacemaker for 20 years, Carol Kasyjanski has become the first American recipient of a wireless pacemaker that allows her doctor to monitor her health from afar -- over the Internet.

When Kasyjanski heads to St. Francis Hospital in Roslyn, New York, for a routine check-up, about 90 percent of the work has already been done because her doctor logged into his computer and learned most of what he needed to know about his patient.

Three weeks ago Kasyjanski, 61, became the first person in the United States to be implanted with a pacemaker with a wireless home monitoring system that transmits critical information to her doctor via the Internet.

Kasyjanski, who has suffered from a severe heart condition for more than 20 years, says the device has given her renewed confidence and a new lease of life, because if her pacemaker were to malfunction or stop working, only immediate action would save her life.

"Years ago the problem was with my lead, it was nicked, and until I collapsed no one knew what the problem was, no tests would show what the problem was until I passed out," she told Reuters Television.

Dr. Steven Greenberg, the director of St. Francis' Arrhythmia and Pacemaker Center, said the new technology helps him better treat his patients and will likely become the new standard in pacemakers.

Wireless Carriers Resist VoIP Across Mobile Networks; xG Technology Offers Alternative Path

WASHINGTON - (Business Wire) Resistance by wireless carriers to allowing customers access to VoIP services across their mobile networks has attracted the attention of the regulators, with the US Department of Justice (DOJ), the Federal Communications Commission (FCC) and the European Union all looking into the practice. xG Technology® has developed xMax--an alternative path that allows consumers to benefit from much lower cost mobile calls via the Internet, avoiding the incumbent carriers’ networks all together.

xG Technology developed xMax® an alternative solution that enables consumers to benefit directly using mobile VoIP technology. xMax is similar to Vonage or Skype, but in the form of a fully mobile handset that doesn’t require the use and extra cost of a computer or broadband Internet connection.

xMax offers consumers the prospect of lower phone bills because:

xMax transmits over unlicensed spectrum—the same as baby monitors and cordless phones. Major national cellular carriers paid billions of dollars for licensed spectrum that they recoup from customers.

xMax was built as a totally Internet-based digital system from top to bottom—an extremely cost efficient communication approach.

xMax networks can enable communication providers to aggressively compete with national carriers by offering customers unlimited voice and data plans both locally and long distance, extremely low-cost international calling, no contracts, as well as home phone and high-speed Internet service.

Google's Caffeine Sandbox Nets Speedy, Interesting Results

This morning I've been testing Google's new search sandbox, which I covered late last night after the furor over Facebook's FriendFeed purchase and new search service launch abated.

In that piece, I wondered whether Google opted to launch the sandbox, which you can access here, because of its Facebook's moves.

Matt Cutts, one of the Google engineers behind the new search infrastructure, said this was not the case in a Q&A on his personal blog last night:

He said the new infrastructure has been in the works for months, adding: "I think the best way for Google to do well in search is to continue what we've done for the last decade or so: focus relentlessly on pushing our search quality forward."

I'm positive the search was in the news for months, but I also believe announcing this at 4:14 PDT on a Monday afternoon is not the way you announce a major rewrite of your bread-and-butter business -- unless you want to attract some of the attention rivals are getting over their search improvements.

I'm not going to let that ruin some potentially fun search testing, but I also took to heart Cutts' comment that there won't be user interface or design changes:

This update is primarily under the hood: we're rewriting the foundation of some of our infrastructure. But some of the search results do change, so we wanted to open up a preview so that power searchers and web developers could give us feedback.
So I didn't get my hopes up to see anything special. I first searched for Twitter. In the current search engine, I saw:

Intel, Micron develop flash chips for USB drives

On Tuesday, Intel and Micron Technology announced the development of high-data-capacity flash memory technology for flash cards and USB drives.

And in a related announcement, Intel said Monday that it has validated a fix for its new 34-nanometer X25-M solid-state drive, which is based on similar flash memory technology. The bug affects users who set a BIOS drive password. That update is available here.

The two chipmakers, which partner in the manufacture of flash memory chips, said Tuesday that they have developed NAND flash memory capable of 3 bits per cell based on 34-nanometer technology. This allows greater data density than the standard 2-bits-per-cell technology and will result in high-capacity USB flash drives, according to Micron.

While packing more bits into a cell provides greater data densities, it is not as reliable as flash memory based on more standard technology, according to Micron. Therefore, the 3-bits-per-cell chips will be limited initially to flash drives, which don't require the data storage reliability of a solid-state drive.

Knowing Bus Arrival Times

Trying to catch a bus on 34th Street? Soon you’ll know just how long you’ll have to wait.

Electronic countdown displays will be installed at shelters along the heavily trafficked 34th Street crosstown route, allowing riders to see how many minutes are left until the next bus shows up, according to two officials familiar with the plans.

Satellite tracking and GPS devices will allow computers at the bus stop to estimate arrival times, as part of a pilot program organized by the Metropolitan Transportation Authority and the city’s transportation department. The project is set to be announced on Tuesday by city officials, including Mayor Michael R. Bloomberg.

The bus-tracking technology will be installed and provided without charge by Clever Devices, a Long Island firm that implemented a similar system in Chicago in 2006, the officials said. After an initial pilot stage, the Chicago program, called Bus Tracker, was later expanded to that city’s entire bus route, and now includes online and mobile applications.

Tracking systems are commonplace in other major cities like London and Washington, where subway straphangers know exactly when the next train will arrive. (The accuracy is high, even if not 100 percent.) In New York, electronic displays are already installed on the L train.

It is not the first time that New York has tried to provide bus customers with a more precise estimate of when their rides will arrive. In fall 2007, the city tested a similar satellite-based system along First and Second Avenues, which also included digital signs that displayed the number of minutes until the next bus.

That system was plagued by technical errors and was abandoned after just four months. Transit officials said the 34th Street pilot program would avoid the same problems.

The announcement of the program comes a week after Mayor Bloomberg announced a wide-ranging campaign platform to improve the city’s mass transit infrastructure.

The mayor pledged to install some form of tracking technology along half of the city’s bus routes by 2013. His plan also noted that buses along 34th Street will use “mesh network technology, similar to that used to track military vehicles in Iraq and Afghanistan.”

E-Mail Violations the Focus of Security Concerns
Businesses seem to be less concerned about social media, perhaps because e-discovery focuses on e-mail.

Companies have become very serious about their data retention policies and use of corporate assets, according to a new report from data loss prevention (DLP) provider Proofpoint. Thirty-one percent of those surveyed said they had fired an employee in the past 12 months for violating e-mail policies, and 51 percent said they had disciplined an employee for e-mail policy violations during the same period.

Companies are also cracking down on the use and misuse of social media. Eight percent had fired an employee for posting sensitive or private information to a media sharing site such as YouTube and Vimeo, nine percent for doing so on a blog, and eight percent for doing so on a social media site such as Facebook or LinkedIn.

The survey, now in its sixth year, covered responses from 220 employees at companies with over 1,000 employees during the month of June, 2009. The latest version of the report is always available here for download for free, after registration.

The news comes shortly after the release of a survey that said that the majority of businesses lack written policies for social media. In Proofpoint's survey, two-thirds of respondents had such a policy, Keith Crosley, Proofpoint director of market development and the author of the survey "Outbound Email and Data Loss Prevention in Today's Enterprise, 2009" told InternetNews.com.

In contrast, most (84.5 percent of those surveyed) have an e-mail retention policy and 93.6 percent have a policy governing e-mail use. "But why would anyone not have an e-mail policy," he asked. "Not having a policy could put you into a grey area if you need to discipline or terminate someone. In a litigious state like California, you couldn't get away with not having an Acceptable Use Policy (AUP) for e-mail."

The real costs of data policies

Crosley said that companies are more concerned about e-mail than about social media because of the cost of e-discovery (define). A single subpoena can cost millions.

"These are actual case studies," he said. "One company that became a customer of ours had 5,000 employees. Their old data system was 1,000 tapes' worth of e-mail backup and whenever they had an e-discovery event, the cost to get the consultant in and the cost of IT time added up to $2.5 million per attempt."

Subpoenas are not uncommon. Twenty-four percent of those surveyed said that employee e-mail had been subpoenaed at least once in the past 12 months.

U.S. Says ISP Broadband Data to Remain Secret
Major carriers like Verizon, Comcast and AT&T won't have to give up specific data on their high-speed Internet businesses.

Telecommunications providers will not have to give the government sensitive revenue and Internet speed data for a program to map broadband use in U.S. homes and bring high-speed Internet service to more people.

The U.S. Commerce Department said on Friday that companies such as Verizon Communications, Comcast and AT&T do not have to share how much money they make from each Internet subscriber. Nor must they say how fast their Internet connections typically run.

Instead, they will provide data by the block, usually about a dozen homes depending on the size of the block. They also will share the speed of Internet service that they advertise.

Companies do not want to share the specific data because they do not want their competitors to see it.

But failing to make it public allows the companies to advertise -- and charge for -- something that they often cannot deliver, said Joel Kelsey, a telecom policy analyst at Consumers Union, a watchdog group.

"The actual speeds delivered to particular areas simply doesn't match up," Kelsey said. "The government gave a lot and received very, very little in return."

Companies that sell Internet service advertise maximum service speeds as a way to entice customers. More speed means faster access to online entertainment and information.

Internet connections can work at slower speeds than the maximum speed advertised, especially when many subscribers are online at the same time.

"The agency's modifications will improve and expedite [the mapping] effort," ACA President Matthew Polka said.

Larry Landis, an Indiana utility regulatory commissioner and chairman of the federal-state group that will map high-speed Internet availability, praised the Commerce Department's National Telecommunications and Information Administration for being flexible.

The Commerce and Agriculture departments will award loans and grants to state and local governments, and nonprofit and for-profit companies, including telecommunications companies, to participate in the government's broadband program.

The first phase of the plan would release $4 billion of the $7.2 billion program included in President Barack Obama's economic stimulus plan. About $350 million will go to the mapping program, but the Commerce Department estimated that $240 million would be needed.

The rule changes come a day after the Federal Communications Commission launched its first workshop to gather ideas and proposals for a national broadband plan it plans to give to Congress in February.

Tr.im URL Shortener Axed

Social networking software developer The Nambu Network is discontinuing tr.im, a popular tool that allows users to shorten Internet URLs for posting on character-limited sites like Twitter.
Nambu said it could no longer support the cost of developing tr.im.

InformationWeek's Mitch Wagner demonstrates how to "get good" at Twitter.
"We simply cannot find a way to justify continuing to work on it, or pay its network costs, which are not inconsequential," Nambu officials said in a blog post, noting that the service was used to create "tens of thousands of URLs per day."

The officials added that attempts to sell the product failed, despite the fact that tr.im captures Web browsing data that could be valuable to marketers. "We were a little surprised to learn no one wanted to take it over," said Nambu.

eSolar flicks switch on first US solar tower
Google-backed solar thermal firm cuts ribbon on 5MW facility

The US solar industry ticked off a major milestone last week with the unveiling of the country's first solar thermal tower in southern California.

The 5MW Sierra SunTower solar plant features 24,000 mirrors that have been positioned to concentrate the sun's rays on two 160-foot towers containing water that is then turned into steam to drive turbines. The resulting energy is expected to provide power for more than 4,000 homes in California's Antelope Valley.

The plant has been developed by eSolar, the high-profile concentrated solar specialist which won headlines last year when it secured $130m (£77.6m) in funding from a raft of investors including Google and the Quercus Trust.

The company said that unlike other solar thermal technologies, the plant made use of advanced software algorithms to enhance efficiency and focus thousands of mirrors on a single point throughout the day.

"Today, we unveil a new blueprint for solar energy – one that leverages Moore's law rather than more steel," said Bill Gross, chief executive of eSolar, referring to the IT industry maxim that computing power increases exponentially over time.

Digital Certificates - Don't Do Business Online Without Them
By John Adams
E-Commerce Times
08/07/09 4:00 AM PT

It's becoming less and less common for business transactions to occur with direct eye contact and a personal handshake. In the age of e-commerce and digital document transfers, authentication is critical. Digital certificates fill that need, and with the emergence of the SaaS model, they're accessible and affordable for just about anyone.

hen you conduct business online -- whether it's selling merchandise through a Web site or simply using email for company communication, there is some level of digital risk. The Web has enabled instant global access to conduct business remotely like never before in history.

Personal meetings allow you to securely exchange physical documents and information, as well as positively identify the person with whom you're doing business. The downside of remote commerce is the inability to conduct business face to face. To address this risk, digital certificates were created. If you use the Web to transact business or communicate sensitive information with clients, then digital certificates are a must.

Digital Certificate Primer

A digital certificate, sometimes called a "digital ID," is a credential used on the Internet to identify people and machines. Not unlike a driver's license, it is issued by a reputable third-party source, called a "certificate authority." Because it contains cryptographic information, it can be used both to sign and encrypt digital content.

Digital encryption ensures that the contents of a message or attachment have not been changed or tampered with while in transit -- not unlike the old practice of using wax to seal documents.

Digital signatures ensure that digital content is from the person identified as the author, and that it is coming from the person who claims to be sending it. When you combine the two using a certificate, you know that the message is from the person or organization identified as the sender and that the contents have not been altered in transit.

The ability to support digital certificates has been built into the vast majority of Internet browsers, networks and applications over the last 30 years without requiring modifications from users.

How to Get a Digital Certificate

The easiest way to acquire a digital certificate is by using your Web browser to purchase one with a credit card. Depending on the type of certificate you order, you may be asked to fax over identification documents, so your identity can be verified -- known as "vetting" -- before a certificate is issued. Certificates come in different flavors, the most popular being client certificates and server certificates; the one you use depends on what it is you want to identify.

Once the certificate is loaded into your computer, which is an automated process, you use the functionality built into the relevant application. For example, within Microsoft (Nasdaq: MSFT) Outlook, there is a button to sign email messages and another one to encrypt them. Web server certificates are primarily used to secure sensitive transactions, such as credit card transactions, over the Web. A padlock icon is usually used to show the presence of the secure Web session enabled by the certificate.

Personal certificates for personal use are generally priced below US$20. Personal certificates for commercial use are generally priced between $5 and $90, depending on volume; the price of certificates for Web servers ranges from under $100 to over $1,000, depending on the features supported in the certificate. In general, more expensive certificates require a more rigorous identification process.

Personal certificates can be stored on a personal computer or on a USB token or smart card for portability. The certificate can be used to sign and encrypt email messages, sign documents, or authenticate an owner seeking access to sensitive information from a remote location. Many organizations also use this form of identification to allow physical facility access.

Digitally signing an email or a document addresses both the integrity and authenticity of the message or document. It establishes integrity, because if the document or email is altered, the signature will not verify. It establishes authenticity, because only the certificate holder could have signed the document. Not all emails require integrity or authenticity, but many do. Whenever this is a requirement, emails should be digitally signed. There have been cases where email has been rejected as evidence of a transaction because its authenticity and integrity could not be proven.

Why Aren't Certificates More Prevalent?

Until recently, each organization had to establish, build and maintain its own certificate authority before it could issue and maintain certificates, requiring capital expenditures, in-house training, changes to an organization's network footprint and ongoing maintenance.

Suppose each town had to create and maintain its own driver's license authority before issuing driver's licenses. It would certainly be expensive; without a large number of employees, there would be no economy of scale. Small and medium-sized businesses rarely have enough full-time IT staff to effectively perform all the security measures necessary to manage a certificate authority. Even in larger businesses, IT people take on many roles, which means that certificate authority management tasks often can get done only at the expense of other equally important business computing needs.

What changed was the ability to create an on-demand certificate authority accessible via the Internet. The Software as a Service, or SaaS, model effectively spreads the infrastructure costs among many, allowing organizations to start with a very small investment and buy as they grow.

A Cost-Effective Approach

The concept behind a SaaS certificate service is simple.

Rather than acquiring your own digital certificate and encryption technology -- plus the technical expertise to administer it internally -- you contract with a security vendor. Outsourcing certificate issuance eliminates most of the labor and infrastructure, while still giving you state-of-the-art protection.

Looking at it another way, SaaS security is simply a security capability delivered as a service instead of a product. As an example, some companies deliver certificates via a service that can be accessed by any Web browser; this is an alternative to setting up a product such as the Microsoft Certificate Authority. You don't need to set up machines, install software and cryptographic hardware, and create a secure physical environment. Instead, you just connect to the service vendor's environment using a Web browser.

A SaaS certificate service reduces the complexity, cost and ongoing investment in deploying digital certificates -- bringing strong authentication to a much larger audience. In fact, organizations of any size can use it.

Such a certificate service can deliver breakthrough economics and implementation speed to enterprises. It can cost up to 70 percent less than in-house implementations, 50 percent less than traditional managed services, and can be implemented in days -- not months. It is a proven approach, and it has provided a high level of digital security for well over a decade.

Digital certificates enable a wide range of digital trust applications, such as strong authentication, secure email, electronic signatures, data encryption, and code signing. They can be a key factor in supporting compliance with privacy regulations.

Certificates have been around for more than 30 years; they work, and they are proven. As more companies and individuals rely on remote commerce, the need for certificates and their security continues to grow. The infrastructure required to create and manage certificates has also grown and matured over the last 30 years. Certificates literally plug into today's computing environments -- and with breakthroughs such as on-demand delivery, the cost of getting started and maintaining certificates has dropped dramatically, while the ease of use has dramatically improved.

The bottom line is that for any business transaction in which sensitive information is being transferred, it makes good sense to use digital certificates, since they are both proven and inexpensive. The quickest and most cost-effective way to implement digital certificates is through a SaaS approach, an approach that has been successfully deployed by a number of firms.

Microsoft planning nine security fixes for August
Administrators face a busy Patch Tuesday
Shaun Nichols in San Francisco
V3.co.uk, 07 Aug 2009

Microsoft is planning to issue at least nine security fixes this month. The 11 August patch release will address issues in Windows, Office, Visual Studio and the Client for Mac software.

Five of the nine planned fixes have been rated 'critical', meaning that an attacker could remotely compromise a system and spread malware without user notification or interaction.

Only three of the five critical flaws affect Windows Vista, XP and Server 2008 users. Windows 2000 and Server 2003 are vulnerable to four of the flaws. The fifth critical vulnerability affects Office XP, 2003 and the Client for Mac component.

Another remote code execution vulnerability has been given the less serious rating of 'important'. This flaw affects Windows 2000, XP and Server 2003. The vulnerability also exists in Windows Vista and Server 2008, but has been given a 'moderate' risk rating due to built-in security protections.

Also included in the August update will be fixes for flaws in Windows and the .NET Framework, two of which could be exploited to obtain elevated privileges, and a third which could be used to perform a denial-of-service attack.

Taking FOSS Security Seriously
By Jack M. Germain
LinuxInsider
Part of the ECT News Network
08/07/09 4:00 AM PT

Developers of open source software projects should be just as concerned about security as anyone developing a proprietary app. However, the nature of the two development processes can be very different at times, and debate still rages about which is inherently more secure -- a secret code kept by a company, or a public one that all eyes can see. Just as important is how each community reacts once a problem is spotted.

iIowa 911 Call Center Becomes First to Accept Texts
Change in Policy Could Inspire Similar Moves Nationwide

An emergency call center in the basement of the county jail in Waterloo, Iowa, became the first in the country to accept text messages sent to "911," starting Wednesday.

An emergency call center in Iowa is the first to accept 911 text messages.
Call centers around the country are looking at following in its footsteps, as phone calls are now just one of many things phones can do.

"I think there's a need to get out front and get this technology available," Black Hawk County police chief Thomas Jennings said.

He said 911 texting should be of particular help to the county's deaf and hard-of-hearing residents, who have had to rely on more cumbersome methods to reach 911.

There have also been several cases around the country of kidnap victims summoning help by surreptitiously texting friends or relatives, who then called 911. With direct texting to 911, they should be able to get help faster.

For now, only subscribers to i wireless, a local carrier affiliated with T-Mobile USA, will be able to use the service, and only within Black Hawk County. Those on other carriers will get a reply saying they need to call 911 instead.

Snapp said Intrado is working with other carriers to help them handle 911 texts as well. As a future upgrade, call centers may be able to receive photos and video from cell phones, which could help emergency responders prepare for an accident scene or identify a suspect.

While most 911 call centers can now get a rough location for callers, that is not yet possible with texts. That means i wireless subscribers who text 911 will get a reply asking them for the city or ZIP code they're in. If the response corresponds to the Black Hawk County call center's area, the text messages goes through to an operator. Otherwise the texter is told to call 911.

Online voter registration now available

An online voter registration application is now available to Kansas residents, making it easier than ever to register to vote.

The new service, which had previously only been available in-person or by printing and completing an online paper form, allows citizens with a valid Kansas driver’s license to register to vote for the first time or make changes to an existing registration on the Secretary of State’s Web site, www.kssos.org.

“An online voter registration application is the next step in making the traditional elections process easier, faster, and cheaper,” said Secretary of State Ron Thornburgh. “As technology continues to change and evolve, it is important that we implement strategies that will allow the citizens of Kansas to register in a way that is most convenient to them, without sacrificing the security and uniformity that sets our elections system apart.”

The project was a joint effort between the Secretary of State’s office, the Department of Revenue, the Division of Motor Vehicles and software vendor Election Systems & Software.

Linux - The New 'Hot' Job Skill

Nationwide unemployment may be heading toward double-digits in the U.S., but among the skills that are in highest demand are those of a Linux sysadmin. That's partly due to the effects of the recession -- more companies are willing to experiment with lower-cost open source alternatives to proprietary software. Still, the good news is qualified: Many of those jobs can be done anywhere on the planet.

Smart Meters and Security: Locking Up the Grid

Public utility companies are really hot right now for smart grids -- electrical grids that use Internet technology and special meters to make energy delivery more efficient. However, they're getting static from both lawmakers and security researchers who say they're dragging their feet in making sure their systems are secure.

Sun releases Java security fixes

SUN MICROSYSTEMS HAS RELEASED updates to both the Java SE development kit and runtime environments.

JDK 6 Update 15 and JRE 6 Update 15 both include support for Windows 7, Internet Explorer 8, Windows Server 2008 SP2, and Windows Vista SP2.

New features include the G1 garbage collector and there are a raft of performance enhancements and security fixes as well as an update to the way the software deals with international timezone data.

Seven new root certificates have been added to the release and the blacklist entries have been updated. The blacklist feature, first seen in update 14, blocks certain signed jars that contain serious security vulnerabilities that can be exploited by untrusted applets or applications. It will refuse to load any class or resource contained in a jar file that's on the blacklist.

The update plugs 27 security vulnerabilities, including one where it was possible for remote sites to compromise user privacy and possibly hijack web session, and another which allowed read access to system properties from untrusted code.

Another ten bugs not considered to be security sensitive have also been patched.

Social Media Ban: Should Companies Join The Marines?

It's always hard to argue with the U.S. Marines. Social networks do pose a security risk, but should business let the Marines lead the way? Does banning Twitter, Facebook, MySpace, et al, make sense outside the military?

Reading the Marine Corps' order, valid for one year and issued by its CIO, General G. J. Allen, I am stuck that they may have it backwards. Rather than banning at-work usage, maybe they'd be better off banning social networking from members' homes?

"These Internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user-generated content and targeting by adversaries,” the memo said.

"The very nature of social-networking sites creates a larger attack and exploitation window, exposes unnecessary information to adversaries and provides an easy conduit for information leakage,” that puts the Corps and its networks in danger.

Here is my colleague Ian Paul's round-up of security risks and why the ban makes sense. Here is more background on the ban itself, from Computerworld.

The order, however, does not prohibit Marines or their dependents from accessing social networks from their personal computers, which seems to negate much of its effectiveness.

It might actually have been better to limit usage on personally owned computers, which the Corps probably can't monitor, instead allowing monitored social network access from its own network.

Theoretically, the Marines could watch keystrokes, look for forbidden content and filter for malicious code on its own network, but cannot do the same for a Marine sitting at home.

If unauthorized releases of information are a big issue, they may be easier to prevent on the Marine's corporate network than when users are networking from someplace else.

I am not sure whether the Marines have the right to control, or monitor, service members' off-duty computer usage, but if information security is a concern it might be a good idea.

Your company probably doesn't have the option of monitoring what employees do at home, but the Marines remind us that social networks do present a security risk.

Private businesses may be less concerned about information leaks and more about malicious code. Still, banning at-work use of social networks might make good sense.

An equally valid reason might be the amount of time users spend on their Facebook and MySpace pages or Twittering. Sure, there are business uses for social networks, but how many employees actually use them in a manner that's effective for their employers? Versus the number who use social networks from work to complain about work?

Facing an at-work social networking ban, I can imagine employees complaining, "It's not like this is the military!" But, it's hard to say the Marines don't have a point. For a business concerned with productivity and security, it just might make good sense to "Join the Marines."

Broadband Is This Generation’s Highway System, FCC Chief Says

Early this week the new FCC chairman Julius Genachowski, a former law school classmate of President Barack Obama’s, toured California in support of the FCC’s ongoing attempt to craft the nation’s first broadband plan, putting in appearances at a San Francisco public housing project Sunday and a children’s hospital in Palo Alto on Monday.

While ostensibly a fact-finding mission, Genachowski’s trip — along with the 18 broadband hearings the FCC will hold before the end of summer — is intended to send a message that the FCC is planning a very ambitious proposal for the country’s IT infrastructure, a plan that goes beyond simply giving grants to get YouTube and Twitter to farmers.

“Broadband is our generation’s infrastructure challenge,” Genachowski said at a meeting of executives, doctors and health companies at the Lucile Packard Children’s Hospital at Stanford on Monday. “It is as important as electricity and highways were for past generations.”

Those are ambitious, if not audacious, comparisons to programs that the government spent hundreds of billions of dollars over decades of commitment. By contrast, the stimulus package from February — which put aside $7 billion for broadband grants and loans — marks the largest federal commitment to broadband deployment.

But ambition is just what Obama and Congress asked for, according to Genachowski. He pointed out Monday that when Congress ordered the FCC to deliver a plan next February, they specified that the plan was supposed to do more than just encourage the spread and adoption of broadband. The third prong was to create a plan that enhanced national priorities, including health, anti-terrorism, education and disaster preparedness.

That explains why Genachowski suited up in hospital scrubs Monday morning, along with Silicon Valley’s tech-savvy Congresswoman Anna Eshoo, to see first-hand how broadband technology is helping doctors operate on sick children.

Eshoo, a Democrat, sits on an influential House telecom subcommittee and was ebullient in her praise for Genachowski, saying she’s eager for an effective FCC, a reference to the commission when it was under former head Kevin Martin, whose management style angered many.

“There was not a vision at the FCC, and people don’t realize the power of the FCC,” Eshoo said. “Words from the FCC will walk into people’s lives.”

The video of Eshoo and Genachowski watching the surgery was piped to a conference room of hospital executives, media and aides. Unfortunately, there was no sound – a technical glitch that perhaps illustrates the still nascent use of IT in the nation’s health care system, where the notion of e-mailing one’s doctors and setting up an appointment online seems cutting edge.

But the Packard Children’s hospital has IT successes as well, according to the hospital’s doctors, all of whom are Stanford Medical School faculty who handle cases too difficult or specialized for many hospitals.

For instance, Dr. Darius Moshfeghi showed off a technology system that saves ophthalmologists from having to drive to hospitals where the babies are, don headgear with magnifying glasses and then sketch out the blood vessels in a premature baby’s eyes, looking for abnormalities that indicate retinopathy, the leading cause of blindness in babies.

The technique is laborious, the drawings crude and the travel is inefficient.

Under a system championed by Moshfeghi, a special camera installed at a hospital instead takes six images of the baby’s eyes and email them to the ophthalmologist. The doctor can then easily track the blood vessels over time, schedule surgery at the proper moment and have photographic proof in case of a malpractice suit.

Dr. Dan Murphy uses ISDN phone lines to connect to rural hospitals that don’t have a cardiologist. When babies are born with a suspected heart condition, the baby’s doctor can immediately connect to the Packard Children’s hospital, where a video and audio conferencing session lets the cardiologist direct the EKG and see the results live.

From there the cardiologist can either reassure the doctor and family that all is well, or in the worst case, recommend that a chopper be sent immediately to transport the child to a critical care hospital.

But unfortunately, even cheaper broadband or technology may not be enough to persuade hospitals to upgrade to new technology because the nation’s byzantine health insurance reimbursement system often won’t pay for e-consults.

“We lose money on telemedicine,” Packard’s CEO Christopher Dawes, referring to the fact that many insurance companies and even Medicare often do not cover e-consultations.

Telemedicine can also costs hospitals revenue if visits are shortened by more efficient use of technology.

Genachowski was impressed by the hospital technology, but seemed eager for data that he could use to prove that IT — particularly broadband — saved lives and money. If proven, it would be a way to persuade the country that some policy — whether that be subsidies, market regulation or grants and loans — was necessary to speed up the nation’s still sluggish and pricey internet connections.

“We are just scratching surface of what broadband technology can do for the country,” Genachowski said. “I don’t think enough people appreciate the very real, practical benefits that a 21st century telecom infrastructure can provide.”

Warning Issued on Web Programming Interfaces

The rapid growth of Web applications has been fueled in part by application programming interfaces (APIs)--software specifications that allow sites and services to connect and interact with one another. But at the DEFCON hacking conference in Las Vegas last weekend, researchers revealed ways to exploit APIs to attack different sites and services.

Credit: Technology Review
APIs have been behind the meteoric rise of many key social sites. The social-networking site Facebook, for example, won huge gains in popularity and attention after opening its site to applications written by outside developers using its API.

The API of the microblogging media darling, Twitter, is also credited with partly driving its popularity. John Musser, the founder of Programmable Web, a website for users of mashups and APIs, says that the traffic that comes into Twitter through APIs--for example, from desktop clients--is four to eight times greater than the traffic that comes through its website. "The API has been crucial to the success of that startup," he says.

But researchers Nathan Hamiel of Hexagon Security Group and Shawn Moyer of Agura Digital Security say that APIs could also be exploited by hackers. They note that several APIs are often stacked on top of each other. For example, an API might be used by the developers of other websites who, in turn, publish APIs of their own. "There could be security problems at the different layers when this sort of stacking happens," Hamiel says.

Hamiel also notes that APIs can open sites to new kinds of threat. For example, he points to APIs for building applications that work across multiple websites. These tools may allow developers to pull in content from third-party websites, but Hamiel says that this also opens up possibilities for attacks.

During his presentation Hamiel showed that an attacker might be able to use an API in unintended ways to gain access to parts of a website that shouldn't be visible to the public. "Whenever you add functionality, you increase your attack surface," Hamiel says, noting that what makes an API powerful is often the same as what makes it risky.

BlackBerry Enterprise Server 5.0 Greatly Eases Centralized Management Tasks

BlackBerry Enterprise Server 5.0 provides server high availability, a new Web interface, improved deployment status visibility and role-based administration. eWEEK Labs' tests of BES 5.0 for Microsoft Exchange show that the updated platform will simplify day-to-day mobile device management and allow more effective delegation of tasks among front-line and second-tier administrators.

Keys to an Even Greener Data Center

By Ashish Nadkarni
E-Commerce Times
08/05/09 4:00 AM PT

Achieving greater power consumption efficiency in the data center is not an overnight change, but rather a multi-year journey that provides benefits in an incremental manner as initiatives are accomplished. However, every journey begins with a first step, and a data center energy audit is where your firm can begin to make sure you're getting the most out of every kilowatt hour.

2010 budgets to fund app security and DLP, study shows

Now in the early stages of budget planning for 2010, security professionals are "cautiously optimistic" that they will receive additional funds next year -- a chunk of which they plan to spend on application security solutions, a new study has found.

The 246 respondents to the study, released Tuesday and conducted by research firm TheInfoPro, remain hopeful for increased dollars, despite the fact that 42 percent reported their budgets dropped from 2008 to 2009 -- the first time in six years that the study showed a year-over-year decline.

Looking to the rest of 2009 and the first half of 2010, the respondents -- from Fortune 100 and midsized companies in North America and Europe -- said application security technologies are likely to receive increased budget dollars.

Many respondents said they already have devoted spending to perimeter security and encryption, and are now planning to invest in application code analysis tools and application firewalls.

“Organizations are now realizing applications are the weakest link in the chain, so to speak,” Bill Trussell managing director of security research at TheInfoPro, told SCMagazineUS.com on Tuesday.

Specifically, respondents said applications available outside the corporate firewall are their top application security concern, followed by unauthorized use of applications, third-party application vulnerabilities and malware injection into applications.

How to Save Costs by Streamlining Unruly IT Projects

In the face of the current economic downturn, many companies have begun to transition into survival mode, streamlining their businesses as much as possible in an effort to stay afloat. These companies are seeking to run their businesses as efficiently as possible and, now more than ever, don’t have the robust bottom lines to support technology initiatives that simply do not work. Here, Knowledge Center contributor Kleber Bacili explains how to streamline those wasteful and unruly IT projects that just have not been performing well.

Today, years past the beginning of their implementations, unruly IT projects left to grow uninhibited are being seen as exactly that—unruly. Now with economic uncertainties abound, many of these companies are unable, or simply unwilling, to give up on the IT projects in which they have so heavily invested. But, rather than suffer through these lean times with projects that are under-performing, forward-thinking companies are recognizing the need to revamp these projects to achieve the critical returns they once promised.

By implementing proper governance initiatives with a well-planned and incremental approach, these companies are able to streamline wasteful and unruly IT projects, thereby eliminating duplicated development through governance practices.

IT initiatives should aim to:

1. Reduce wastefulness

By reusing previously tested and validated components and services, the IT department can rapidly leverage concrete results to the business areas. By reusing these assets, companies are able to develop or integrate applications more rapidly, with better quality while reducing costs.

It is important to also objectively measure how many dollars of development hours the company has saved by using what they already have. This can be achieved by using tools that provide quantitative and qualitative metrics to measure reuse level and to calculate the ROI for the enterprise services and components portfolio.

2. Organize things during the down times

When the demand for business reduces due to economic downturn, IT should concentrate efforts to "clean up the room." By organizing and improving the way it develops applications, correcting inefficient processes, and clearly defining governance processes and policies, IT can be far better prepared to meet business needs when the economy picks up again.

This enables more visibility of the services and components portfolios, as well as more control of assets and IT investments. Furthermore, IT doesn't need to wait for when the economy resurrects to benefit from this effort because the reuse of services and components reduces cost and improves time to market (TTM) of applications.

3. Go with best practices and incremental steps

One size does not fit all! Many companies do not have a clear idea of governance, so they are left thinking that it requires large investments on software and consulting services from the beginning. Companies that were unable to get the return from IT projects that they expected may also think that they didn’t work because they didn't invest enough. But that is not the case.

One of the most important aspects of ensuring streamlined IT projects is that you can structure an incremental approach where the company can distribute investment efforts along the way. This is done by prioritizing the actions that will bring results more quickly, monitoring the process carefully (measuring the ROI and reuse level) and giving consistent steps towards more mature levels.

Facing the economic reality of our current times, companies simply cannot afford to fund projects that don't provide tangible benefits to meet business needs. Further, IT projects that were once immune to cutbacks due to poor performance are suddenly vulnerable. However, companies able to reuse existing assets, improve TTM and effectively measure results can achieve great benefits from IT implementations.

As companies continue to streamline their business processes, it is imperative that they carry these practices over into the IT department. A plethora of IT projects can deliver tremendous business benefits, but this cannot happen if the projects are not closely mapped back to the companies’ business objectives. By ensuring proper oversight of IT projects and ROI, companies can preserve their invested capital for projects that provide maximum agility and benefit. Ultimately, it can improve the overall ability of the company to thrive through today's economic challenges.

Kleber Bacili is the founder and CTO of Sensedia. Kleber is responsible for product development and operations at Sensedia. He is a SOA expert with published articles in various international publications. He is also a professor on SOA and component-based development at renowned universities. Kleber holds a degree in Computer Engineering from UNICAMP and an MBA from Fundação Getúlio Vargas (FGV). He can be reached at kleber.bacili@sensedia.com.

US cyber-security tsar steps down

The White House's acting cyber-security tsar has resigned from her post, according to the Wall Street Journal.

IBM Capitalizes the 'I' in IT

IBM is putting the "information" back in "IT." The launch of its new analytics system for managing unstructured data and its merger deal with SPSS don't hinge on bigger, faster computers. These initiatives are about optimizing the collection, collation and analysis of information from enormous, globally distributed systems.

Last week, IBM (NYSE: IBM) announced the new Smart Analytics System, a fine-tuned solution for analyzing both structured information in databases and unstructured, often incompatible data from sources such as blogs, emails, information archives, podcasts, videos, Web sites and wikis.

The Smart Analytics System can solve complex business problems as much as three times faster than other products, according to the company, while requiring up to 50 percent less storage. In addition, the systems are designed to be deployed and managed with a fraction of the time and effort required by traditional business analytics solutions.

In a separate announcement, IBM said it had entered into a definitive merger agreement to acquire SPSS (Nasdaq: SPSS) , a leading provider of predictive analytics software and solutions, in an all-cash transaction valued at approximately US1.2 billion. Following the close of the acquisition, IBM intends to fold SPSS into its Information Management software portfolio, and integrate it with existing offerings. Predictive analytics will also be an essential component of IBM's smarter business systems solutions. Msubhead> Taken together, IBM's announcements qualified as a notable addition to the company's information management efforts, but will their influence stop there? We think not. "IT" may be the high-tech industry's acronym of choice, but most vendors emphasize technology over information. This is understandable enough -- the salad days of high tech were (and often still are) defined by successions of bigger, faster computers.

However, that techno-centric worldview ignores a crucial point: Without information, without adding value to information through analysis, evolving technology is a bigger, faster car on a road to nowhere.

Better Toolbox

This is an increasingly critical issue as organizations create and store ever larger volumes of structured and unstructured data, and as information technologies extend to and are embedded within a widening array of devices and processes. In these scenarios, including IBM's vision of a smarter planet, the whole world will eventually become wired. Yet what is the best way to collect, collate and analyze information from such an enormous, globally distributed system?

For IBM, enhancing the value of information analytics is very old hat. The company introduced the original model for relational databases in 1969 and delivered its DB2 database solution on the mainframe in 1983. During the past six years, the company has reached numerous analytics milestones, including unstructured data analytics (UIMA -- 2004), entity Analytics (2005), the acquisition of Cognos (Nasdaq: COGN) and delivery of System S InfoSphere Streams (2008) and Business Analytics Optimization (BAO) practices and services (2009).

That provides the historical context for both IBM's Smart Analytics System and the SPSS acquisition. The first aims to leverage the company's hardware, software and middleware resources, along with its deep integration and research expertise, into an optimized, elegant and effective business analytics tool. Sectors IBM is likely to initially target with the Smart Analytics system -- financial services, healthcare, telecommunications, retail and government -- all need better tools to manage and gain full value from massive volumes of highly complex information.

Lower Costs, Greater Synergies

The new offerings also highlight significant financial and strategic opportunities. IBM noted that the market for business optimization is growing at nearly three times the rate of traditional business automation (8 percent vs. 3 percent). That does not mean that optimized solutions like the Smart Analytics System will replace traditional servers and storage, but they do represent billions of dollars in potential sales and fit particularly well within IBM's broader dynamic infrastructure strategy.

Optimizing these systems prior to deployment should help clients contain or lower IT ongoing operations expenses which far outweigh acquisition costs. Those features are bound to attract the attention of enterprises whose IT budgets are tight or shrinking. As a result, the future of other optimized systems IBM is planning -- for areas such as application development and testing, business services , collaboration, virtual desktops and virtual infrastructure -- could be very bright indeed.

SPSS has obvious synergies with the new Smart Analytics System. The company is a leading vendor in predictive modeling and statistical analysis, disciplines that help organizations move from a reactive "sense and respond" mode of data interaction to a proactive "predict and perform" approach -- capabilities that can help organizations reduce risk and expenses, and increase profitability.

In short, SPSS and the Smart Analytics System offerings play to IBM's strengths and support strong alternatives to traditional business analytics systems. Overall, IBM's are announcements intriguing and laudable. Both qualify as innovative steps in the company's business analytics journey, and both should bring significant value to IBM and its enterprise customers.

Smartbooks: The New Netbooks
Yes, there is a difference—one that could have major ramifications in the mobile computing market

By Tim Bajarin

Earlier this year, I pointed out, in one of my columns, that we were seeing what I called a bifurcation of the netbook market. Netbooks are really just small notebooks, and that's the way they're being positioned by Intel, Microsoft, and many PC vendors. Case in point: Dell, HP, and Toshiba refer to them as mini notebooks (for example, the Dell Inspiron Mini 12, HP Mini 5101, and Toshiba mini NB205.)

Now, another type of netbook is emerging: Qualcomm—and its telecomm partners—seem intent on calling it a smartbook. As they see it, a smartbook may look like a netbook, but it's ultimately designed to be more of an always-on connected device, with browser and Web- or cloud-based apps and services tied to what will be a complete set of telecom-related solutions.
While netbooks really do need the Windows eco-system that delivers compatibility with Windows apps and peripherals, a smartbook's real value is its connection to the Internet and Web apps and services; it does not need Windows or an X86-based processor. Instead, these smartbooks can have various versions of ARM processors and even different operating systems, such as Linux, as long as they can deliver a solid and easy-to-use connection to the Web and all that it has to offer.

Qualcomm, for example, is using its ARM-based Snapdragon chip. Nvidia, too, has its own chip called Tegra, which takes aim at this new netbook space. In many ways, it appears to have the highest profile among the worldwide carriers. The company has done a solid job pushing the Tegra as the ideal chip for the telecom market, and, apparently, it's seeing major design wins with telecom providers around the world. Of course, we expect that Intel's ATOM processor will also be in many smartbooks as well.

These differences are not minor. They're actually setting up what may become a major battleground for the hearts and minds of the digital consumer in the future. And, more importantly, it has the potential of really shaking up the overall distribution channels for these types of products and could eventually make telecom stores the main place you buy PC and CE products in the future.

As Qualcomm and the telecoms see it, the future of digital computing is tied directly to their wireless networks and a model in which many PC and CE digital devices will include a wireless modem that connects these devices to their networks. Today, most PCs and netbooks go out the door without wireless WAN-based connectivity. Instead, people either hardwire them to an office or home Ethernet connection, or they connect wirelessly via a Wi-Fi network.

To that end, the wireless carriers see themselves in the driver's seat. They believe that, in the future, mobile digital devices must pass through them. For example, smartbooks will have an integrated wireless modem, making them an always-on device. And they don't believe this will stop with mobile computers and smartphones. They envision that the next major generation of GPS devices, digital cameras, and even digital video camcorders will have a wireless modem in them, so you can upload and download content and services from anywhere. And, at some point, it is feasible that even your oven, refrigerator, and lights could end up with a cellular chip that delivers digital commands through a telecom's wireless network.

As more and more laptops and traditional netbooks move toward online apps and cloud services, they, too, become products that can be sold through a carrier store as well. This is why Acer, Apple, Dell, HP, etc. are all starting to cozy up to all of the major carriers here and abroad. They all see the handwriting on the wall. They realize that in an always-connected world, the carriers are destined to become one of their most important distribution channels.

It is for this very reason that smartbooks are important. I see them becoming a pivotal product for the carriers, as they transition from what has been a wireless cell phone business to one in which they are a wireless network provider for a plethora of digital devices. As you perhaps know, the mainstream cell phone business is flat and declining. Companies like AT&T, Sprint, and Verizon see their biggest growth in smartphones. However, they also recognize that growth lies in wireless data services. Of course, a lot of this growth will come from smartphone data. Our research suggests that by 2012, as much as 60 percent of all cell phones sold in the U.S. will be smartphones, and most of them will have data plans that come with them.

The telecoms see smartbooks as their bridge to the personal computing market. Actually, AT&T and Verizon already carry PC-like netbooks, but they see these as transitional products. Ultimately, they want more control of the user experience, which is why they are very bullish about Qualcomm's smartbook concept and will most likely adopt it or something similar in the future. The goal would be to provide a carrier-based approach to a complete solution for their customers. That means they would have control over the smartbook design itself, as well as the OS and user interface it uses and, more importantly, they way it links to and offers services. If this sounds more like an Apple strategy, it is.

Of concern to the traditional PC makers is a possible shift in the balance of power should the carriers succeed. Today, most PC vendors hold the cards and drive the mobile computing market. But they sense that, over time, the carriers could end up with a lot of power since they would end up pushing their own devices and services and be less inclined to partner with a mainstream PC maker.

Of course, for the carriers to pull this off, they would need faster networks and broader deployment of these networks, as well as lower data costs, to attract a broader consumer audience. They also have to figure out how to handle sales and service for this new breed of devices that will be sold and managed through their stores.

So, as the telecoms cut their teeth on the smartbook, they hope to establish new ground in the mobile computing market. Only time will tell if the balance of power will truly shift their way.

Tim Bajarin is one of the leading analysts working in the technology industry today. He is president of Creative Strategies (www.creativestrategies.com), a research company that produces strategy research reports for 50 to 60 companies annually—a roster that includes semiconductor and PC companies, as well as those in telecommunications, consumer electronics, and media. Customers have included AMD, Apple, Dell, HP, Intel, and Microsoft, among many others. You can e-mail him directly at tim@creativestrategies.com.

Mobile, Social Networks Threaten IT: Symantec
IT management is getting tougher as new threats (e.g. 'scareware') emerge and old ones persist.

In its mid-year security update, Symantec warned that IT managers face both old threats and new. Malware purveyors continue to use e-mail as a vector of infection, and spam now accounts for 90 percent of all mail, but the bad guys are also using new technologies such as social media and new business methods such as scareware to spread their reach.

The purpose of the mid-year report is to raise awareness about the problem. "If attacks are profit-motivated, they are taking advantage of all vulnerabilities, including human psychological vulnerabilities," Zulfikar Ramzan, Symantec (NASDAQ:SYMC) Security Response technical director, told InternetNews.com.

"To the extent we can shore up the human factor by raising awareness, we make the Internet a safer place," he explained.

But making the Internet safe for business is no simple task for the IT manager in 2009. "The IT manager's job is not getting easier," said Ramzan. "Attacks are getting more sophisticated and then there's the problem of what the IT budget will look like in six to nine months. Life is not getting easier."

New challenges

One new challenge is the incursion of home technologies into the office. "It's the consumerization of IT," said Ramzan. "Individuals use 'consumer tools' on-site, making it more challenging for the security manager."

Such tools include consumer mobile devices and also social networks, thus spanning the gamut from hardware to software. "Mobile has long been the next frontier for attackers," said Ramzan. He added that no one operating system or tool dominates the space, making attacks less profitable than they would be in a monoculture.

He said that there have been few attacks so far, but that could change. "Perhaps the adoption of the iPhone or another common technology may open up an opportunity for attackers," he said.

Social networks, on the other hand, have been a security headache for some time. Ramzan said that social networks are increasingly used as a conduit for attacks because messages sent through them are more likely to be trusted.

"There is an imbalance between who causes the problem and who cleans it up," he added diplomatically.

Old threats

Even as new security conundrums harass enterprise IT experts, worms and other old threats continue their assaults on corporate networks. "The reality is that these types of threats have not gone away, but have been overshadowed by profit-driven activity," said Ramzan.

Users don't need to do anything wrong, as cross-site scripting, comment spam with bad links, and poisoned ads can all make even legitimate sites risky. Some have argued that legitimate sites are riskier than the Web's back alleys.

The issue of P2P software in the enterprise is not new, but the problem was highlighted recently by congressional testimony. It is a subset of a larger problem: that of unauthorized software in enterprise networks.

"Take, for example, a program that can view online videos. On the one hand, there are benefits. There could be lectures on topics relevant to the user's work but maybe there are also videos that should not be viewed at work," Ramzan said.

"We need to maximize productivity but not allow so much flexibility that corporate information assets are put at risk," he added.

Applying IT Project and Portfolio Management to a Business scenario - Planview Enterprise

For a number of years there have been software products that have helped IT departments and software vendors to manage the process of delivering an IT project. These have of course included the simple project management tools such as Microsoft Project to very sophisticated tools such as those delivered by Planview Project Portfolio management. But when it comes to business projects other than using the project management tools or maybe lifecycle management system for product delivery there hasn't been much available to help. So it was a nice surprise when Planview requested a briefing to talk to me about Planview Enterprise.

Let's start by answering your question, who are Planview? Some of you reading this may already know, but others of you don't. Planview started life in 1989 providing IT portfolio management solutions. The company is headquartered in Austin, Texas, USA with offices across the U.S., Europe, and Asia-Pacific, The company has a customer base of some 550 customers, including Citi, T-Mobile, BP, R. J. Reynolds, Aetna and Hallmark. Their technology partners include the likes of Microsoft and Business Objects, whilst their service alliance partners include Fujitsu and Hitachi consulting. A number of value added resellers (VARs), international distributors, vertical solution providers, system integrators, and consulting firms currently participate in the Planview Global Partners Program.

So what about the product? What does it cover? Well Planview Enterprise covers a very large area of executive life. Starting with business strategy, it provides a means to document the priorities and strategies of the business, which drive revenue and competitive advantage. Next, of course, is the need for financial management and here Planview Enterprise provides the capabilities to record and monitor budgets and funds in terms of cost of delivery of various business projects. Now all projects need work and resource management so that people that scare resource can be effectively managed to the benefit of the enterprise. What is more important in today's rapidly changing business environment is the ability to manage changing requirements and priorities. That of course leads to the need to provide demand management capabilities so as to understand quickly the effect of any change on the ability to deliver. To survive in business, companies have to continually invest in new products and services. A lot of money is wasted in poor control of ideas and also the more concrete products/services that may be developed. Here Planview offers capabilities in its Requirements Management process accelerator that was launched in January 2009. Lastly in the management portfolio is the need to provide business process management to drive operational efficiency and effectiveness. Sounds too good to be true? Well having seen the complete suite in operation it is all there.

Figure 1: Planview Enterprise capability portfolio

Integrated with Planview Enterprise is the Planview PRISMS Best Practices library. This provides a set of some 200 best practices, all backed by thousands of process and procedural steps documented through online and on-site services, guides, and software. PRISMS includes 3 other components:

PRISMS RPM Solutions provide a set of fixed price solutions that integrate Planview Enterprise, Planview PRISMS and Planview's SaaS infrastructure.
PRISMS Process Maps are a set of predefined and populated process steps that can be used.
PRISMS E-Learning is a set of both instructor-led and self-paced education.
Planview Enterprise has been developed on top of Microsoft's .NET platform and data storage is provided on either Microsoft SQL Server or Oracle databases. The user interface is browser-based and works on any of the well-known browsers. Data from Planview ca be exported using any of the following forms—XLS, PDF, HTML, RTF or TXT. The XLS interface is two-way.

This is a most impressive application set. Planview have extended their knowledge of project and programme management of IT projects to business, but done it in such a way that the final product is extremely business user friendly.

The Vital Role of E-Presentment in Online Self-Service

Providing customers with a consolidated view of all their transactions across multiple lines of business, or over expanded periods of time, provides an immense feeling of personalization and exceptional service. That's just one of the many benefits of e-presentment for companies looking to differentiate themselves through an online self-service model.

Driven by competitive pressure to improve the customer experience, organizations are moving toward an online self-service model that pushes the boundaries of electronic information presentation, or e-presentment. Yet as they embrace this model, new challenges await, including how to ensure customers have seamless online access to relevant and accurate information in the format they want.

E-presentment is the process of delivering traditionally paper-based documents online in electronic formats. Its most significant application has been with high volume transaction output (HVTO). HVTO includes customer-facing documents such as statements, bills, policies, explanations of benefits and customer correspondence.

HVTO documents are usually produced in very large batches on a recurring basis, and have been typically designed and composed for paper-based fulfillment. With the advent of e-presentment, HVTO has become the highest value online content delivered through self-service environments. It is now an important factor in the overall customer experience.

At the Core

At the core of any e-presentment architecture is an enterprise content management (ECM) system.While most ECM systems can archive corporate information and automate content-related processes, there remains a disconnect between how and where information is stored and how it is retrieved and formatted for e-presentment.

HVTO documents are produced in print stream formats such as IBM (NYSE: IBM) AFP or Xerox (NYSE: XRX) Metacode -- the languages of large production printers. But AFP and Metacode are not "human visual" document formats. In order to present these documents online they must be transformed into alternative formats such as PDF, TIFF or HTML, using what is known as "print stream transformation technology."

Transforming HVTO formats into visual formats before loading into corporate archives would seem to answer the challenge of visual online presentation, but this approach brings its own challenges.

HVTO print streams and line data formats are relatively small in size when compared to visual presentation formats such as PDF and TIFF. Transforming documents to visual formats during the load into an ECM solution, prior to online presentation, can lead to significant additional storage requirements with documents growing exponentially in size as a result of the process.

Furthermore, by transforming documents prior to storage, organizations may be exposing themselves to potential compliance issues if legal requirements demand that unaltered originals of produced information be available for extended periods of time.

One solution, however, is to store native document formats within the corporate ECM system and transform documents "on the fly" to visual formats when documents are retrieved. This requires high-speed document retrieval and subsecond print stream transformation to deliver an optimized online self-service experience.

On the Fly

Document transformation on the fly uses single instancing concepts to reduce document storage requirements, especially for PDF and native print streams. Document storage reduction (DSR) is a data deduplication solution used to separate the transactional content within HVTO documents from the common resources that are duplicated, such as company logos, branding, graphics, fonts, forms, and marketing messages.

Saving a single copy of the composed resources can reduce storage requirements by as much as 90 percent. However, document reconstitution and any subsequent transformation or repurposing must occur with tremendous speed and accuracy when the document is requested, and the entire process must be unnoticeable to the end user.

Another major challenge for organizations moving toward e-presentment is dealing with the actual presentation of online information. Many organizations hold information in multiple electronic formats and in different physical locations to meet various internal business requirements. This presents a challenge when attempting to integrate this information with corporate portals and Web presences, and assuring that online document delivery performance meets corporate service level agreements (SLAs).

Often, the technology chosen for e-presentment must bridge the architectural gap between the presentation layer and the storage layer. Web service integration is offered by many of the leading ECM solutions in order to address this issue. The technology investment must, however, be scalable and provide configurable repository adapters that take advantage of resource caching solutions and connection pooling, as it is not uncommon for self-service environments to support millions of customers online.

Other Benefits

On top of financial and the obvious environmental benefits, e-presentment provides other benefits for companies looking to differentiate themselves through an online self-service model:

Content repurposing for straight-through processing: The statements currently produced by many organizations are no longer static printed documents. Many companies are already offering content extracts of previously static information in structured data formats such as XML or CSV. These structured data extracts can be directly imported into back-office applications in a straight-through processing manner or manipulated by individual recipients within personal spreadsheets. Content repurposing offers a massive reduction in downstream manual processing and results in real benefits -- including cost savings and error elimination from rekeying -- for both internal and external end customers.

Dynamic content consolidation for a complete picture: With dynamic content consolidation, multiple related pieces of information can be merged or linked together to provide an expanded and/or supportive view of a single transaction or holistic customer position. Think, for example, of a bank statement where all relevant check images are appended to the end of the statement or hyperlinked within it and then made available online. The time savings for end-users who would have to search for supporting materials is tremendous. Providing customers with a consolidated view of all their transactions across multiple lines of business, or over expanded periods of time, provides an immense feeling of personalization and exceptional service.

Post-processing composition: In post-processing composition, previously produced and archived documents are manipulated in real-time based on changing customer preferences, changes in corporate branding, and advanced analytics. In an online world, customer profiles are constantly updated, and what was true at the time of document production may no longer hold true at the time of presentation. With post-processing, composition documents are recomposed, assembled and presented online in real-time. These documents reflect the latest possible customer information and can take advantage of up-to-the- minute analytical trending reports extracted from corporate data warehouses. The online documents produced reflect the most current marketing messages and offers that are personally relevant to the consumer.

PDF Document Decomposition: HVTO documents that are produced in print stream or PDF formats offer a static presentation of information to the end customer. Advanced integrated document solutions promote the use of sophisticated business logic within an end-to-end process flow that combines print stream transformation with structured data translation in order to break down the static documents into individual XML elements. An HTML style sheet is created and applied to the extracted XML content, resulting in a very interactive customer experience.

For example, a mobile phone company wanted to completely differentiate itself from its competitors by allowing residential and corporate users to sort and extract their call transactions dynamically within their self-service portal. By allowing users and corporations to manipulate the content in real-time and extract to repurposable formats, the company saved its consumers tremendous time and effort and offered a truly exceptional customer experience.

In order to effectively benefit from e-presentment and enhance the overall customer experience, organizations must evaluate their current and future needs. They must also analyze the competitive landscape and invest in an adaptive technology framework that will meet their immediate and ongoing business requirements.

Cisco releases patches for IOS vulnerability

Cisco on Thursday posted a security advisory warning that recent versions of its Cisco IOS software contain two vulnerabilities that could allow hackers to launch a Denial of Service (DoS) attack when dealing with certain Border Gateway Protocol (BGP) updates.

The first vulnerability could force a device to reload when processing a BGP update that contains autonomous system (AS) path segments comprise of more than one thousand autonomous systems, the company says.

The second one could force a device to reload when it processes a malformed BGP update crafted to trigger the issue, Cisco says.

According to Cisco, these vulnerabilities only occur on devices running Cisco’s IOS network operating system that have four-octet AS Number Space and BGP routing configured. The company has released software updates to patch the security holes.

Earlier this week, Cisco issued a patch to fix holes in a number of its WLAN controllers, and warned users of its Unity unified communications products that they were at risk from the vulnerability Microsoft announced regarding its Active Template Library, since certain Cisco products leverage that library and therefore could be exploited by the hole.

Adobe updates Flash and Shockwave

ONLINE PUBLISHING software house Adobe has issued updates to its free web animationFlash and Shockwave players.

The releases address critical security vulnerabilities that had surfaced a little more than a week ago, which are described in a security bulletin issued by the company.

Adobe makes its Flash player available for Windows, Mac and Linux systems, but it only offers the Shockwave player for Windows and Mac systems. Users will have to shut down and restart their web browsers after installing the updated players.

The company hasn't released security updates for its Acrobat PDF authoring or (PDF) Reader products yet, but it is expected to do so later today.

Search Spammers Hacking More Websites

The head of Google's Web-spam-fighting team, Matt Cutts, warned last week that spammers are increasingly hacking poorly secured websites in order to "game" search-engine results. At a conference on information retrieval, held in Boston, Cutts also discussed how Google deals with the growing problem of search spam.

Credit: Technology Review
Search spammers try to gain unfair prominence for their Web pages in search results, thereby making money from the products that these sites offer or from advertising posted on them. The practice, also known as "spamdexing," exploits the way search engines' algorithms figure out how to rank different pages for a particular search query. Google's page-rank algorithm, for instance, in part gives prominence to pages that are heavily linked to other material on the Web. Spammers can exploit this by adding links to their site on message boards and forums and by creating fake Web pages filled with these links. Garth Bruen, creator of the Knujon software that keeps track of reported search spam, says that some campaigns involve creating up to 10,000 unique domain names.

"We're getting better at spotting spammy pages," said Cutts after his talk, adding that spammers are increasingly hacking legitimate websites and filling their pages with spam links or redirecting users to other sites.

"As operating systems become more secure and users become savvier in protecting their home machines, I would expect the hacking to shift to poorly secured Web servers," said Cutts. He expects "that trend to continue until webmasters and website owners take precautions to secure Web-server software as well."

"I've talked to some spammers who have large databases of websites with security holes," Cutts said. "You definitely see more Web pages getting linked from hacked sites these days. The trend has been going on for at least a year or so, and I do believe we'll see more of this."

Vulnerabilities Allow Attacker to Impersonate Any Website

Two researchers examining the processes for issuing web certificates have uncovered vulnerabilities that would allow an attacker to masquerade as any website and trick a computer user into providing him with sensitive communications.

Normally when a user visits a secure website, such as Bank of America, PayPal or Ebay, the browser examines the website’s certificate to verify its authenticity.

However, IOActive researcher Dan Kaminsky and independent researcher Moxie Marlinspike, working separately, presented nearly identical findings in separate talks at the Black Hat security conference on Wednesday. Each showed how an attacker can legitimately obtain a certificate with a special character in the domain name that would fool nearly all popular browsers into believing an attacker is whichever site he wants to be.

The problem occurs in the way that browsers implement Secure Socket Layer communications.

“This is a vulnerability that would affect every SSL implementation,” Marlinspike told Threat Level, “because almost everybody who has ever tried to implement SSL has made the same mistake.”

Certificates for authenticating SSL communications are obtained through Certificate Authorities (CAs) such as VeriSign and Thawte and are used to initiate a secure channel of communication between the user’s browser and a website. When an attacker who owns his own domain — badguy.com — requests a certificate from the CA, the CA, using contact information from Whois records, sends him an email asking to confirm his ownership of the site. But an attacker can also request a certificate for a subdomain of his site, such as Paypal.com\0.badguy.com, using the null character \0 in the URL.

The CA will issue the certificate for a domain like PayPal.com\0.badguy.com because the hacker legitimately owns the root domain badguy.com.

Then, due to a flaw found in the way SSL is implemented in many browsers, Firefox and others theoretically can be fooled into reading his certificate as if it were one that came from the authentic PayPal site. Basically when these vulnerable browsers check the domain name contained in the attacker’s certificate, they stop reading any characters that follow the “\0″ in the name.

More significantly, an attacker can also register a wildcard domain, such as *\0.badguy.com, which would then give him a certificate that would allow him to masquerade as any site on the internet and intercept communication.

Marlinspike said he will be releasing a tool soon that automates this interception.

It’s an upgrade to a tool he released a few years ago called SSLSniff. The tool sniffs traffic going to secure web sites that have an https URL in order to conduct a man-in-the-middle attack. The user’s browser examines the attacker’s certificate sent by SSLSniff, believes the attacker is the legitimate site and begins sending data, such as log-in information, credit card and banking details or any other data through the attacker to the legitimate site. The attacker sees the data unencrypted.

A similar man-in-the-middle attack would allow someone to hi-jack software updates for Firefox or any other application that uses Mozilla’s update library. When the user’s computer initiates a search for a Firefox upgrade, SSLSniff intercepts the search and can send back malicious code that is automatically launched on the user’s computer.

Marlinspike said Firefox 3.5 is not vulnerable to this attack and that Mozilla is working on patches for 3.0.

With regard to the larger problem involving the null character, Marlinspike said since there is no legitimate reason for a null character to be in a domain name, it’s a mystery why Certificate Authorities accept them in a name. But simply stopping Certificate Authorities from issuing certificates to domains with a null character wouldn’t stop the ones that have already been issued from working. The only solution is for vendors to fix their SSL implementation so that they read the full domain name, including the letters after the null character.

I.B.M. Expects On-Time Arrival for Power7 Chip

Good news has been tough to come by in the world of super-fancy server chips, with companies like Intel and Sun Microsystems delaying and killing off products.

So I.B.M. looked like a model of stability by confirming Tuesday that its Power7 chip should appear as planned in the first half of next year.

The Power7 chip will slot into I.B.M.’s line of Unix servers that run today on Power6 chips. Unix systems tend to cost more than servers running on Intel and Advanced Micro Devices chips, and as such they drive higher profits for companies like I.B.M., Sun and Hewlett-Packard. Traditionally, banks, telecommunications companies and other large businesses have bought Unix computers to handle their toughest data-crunching jobs.

The Unix server market is in serious flux at the moment.

Oracle, for example, has agreed to acquire Sun, which claims about one-third of the Unix server sales. Sun’s revenue has plummeted during the recession as customers froze their purchases of large servers. More recently, The New York Times reported that Sun had killed off an upcoming family of chips code-named Rock that were meant to revitalize the company’s position in the market.

Sun has declined to comment on Rock’s fate.

Chips of this kind tend to cost well over $1 billion to develop. And Sun had already canceled Rock’s predecessor. So the company essentially ended a decade of chip investments without a viable product.

Unlike I.B.M and Sun, H.P. does not build its own Unix server chips. Instead, the company buys Itanium chips from Intel.

H.P. saves money by avoiding the chip design and production costs, but it’s a slave to Intel’s schedule. And earlier this year, Intel revealed that it would delay its new version of Itanium, code-named Tukwila, until 2010.

Poor Tukwila had once been scheduled to ship in about 2007 and has been delayed over and over as Intel struggles to build the product, which boasts more than 2 billion transistors.

H.P. is waiting less than patiently for Intel to polish off Tukwila.

The recent woes of Sun, H.P. and Intel could translate into good fortune for I.B.M.

Big Blue already sells the fastest Unix servers on the market and appears set to upgrade its systems just as competitors are catching up to its existing hardware.

I.B.M. promises to make it easy for customers to buy Power6-based servers today and then slot Power7 chips into those same servers as they arrive next year. In addition, I.B.M. has fleshed out some of its home-grown virtualization software, which lets customers run many applications on the same physical server.

This hardware and software combination is likely to put serious pressure on Oracle/Sun and H.P., as all of the companies look to coax customers into buying big-ticket computers once again.

Adobe confirms Flash contains Microsoft dev code bug

Adobe stepped forward yesterday to acknowledge that it's the first major third-party vendor to have used Microsoft's flawed development code in its products.

According to multiple security advisories posted to its site on Tuesday, the Windows versions of Adobe's Flash Player and Shockwave Player harbor vulnerabilities because Adobe used a buggy Microsoft code "library" during their development.

It's no surprise that Flash Player is vulnerable to attack. Three weeks ago a pair of German researchers reported finding numerous third-party applications that contain the flawed library code, and named Flash as an example.

Adobe patched Shockwave Player yesterday, and will follow that tomorrow with a previously-scheduled update for the far-more-popular Flash Player.

"We evaluated the impact of the vulnerable versions of the Microsoft Active Template Library (ATL) on the Adobe product portfolio [and] determined that Flash Player and Shockwave Player are the two products that leverage vulnerable versions of ATL," said Wendy Poland, of Adobe's security team in an company blog entry.

Officials conducting amateur radio class

(Messenger-Inquirer - McClatchy-Tribune Information Services via COMTEX) -- Local officials are turning to older technology to solve some of the communication problems they encountered during the January ice storm and the windstorm following Hurricane Ike in 2008.

During the ice storm, cell phones throughout the area were disrupted -- sometimes for days at a time. Landlines were also affected, and communication was cited by multiple emergency response agencies as the biggest issue they faced.

"We lost communications for at least a day and a half," said Walter Atherton, deputy director of the Daviess County Emergency Management Agency. "It certainly started off bad." Amateur radio operators, on the other hand, were able to communicate throughout the ice storm, needing only batteries or generators to run on, said Bob Spears, a member and past president of the Owensboro Amateur Radio Club.

Microsoft Bing to Power Yahoo Search in 10-Year Deal Aimed at Google

Microsoft and Yahoo strike a 10-year search and advertising deal that has Microsoft Bing search engine powering Yahoo's search. Yahoo will power the search ad sales teams for both companies as Microhoo seeks to challenge search engine giant Google.

Microsoft and Yahoo officially inked the search ad deal everyone's been talking about July 29: Microsoft agreed to power Yahoo's search engine and Yahoo agreed Yahoo to become the exclusive worldwide relationship sales force for both companies' search advertisers.

The deal, coming 18 months after Microsoft failed to buy Yahoo for $44.6 billion, has a duration of 10 years during which the Microhoo combination will be working feverishly to chip away at search engine giant Google's 65 percent market share.

Microsoft and Yahoo hold 8.4 percent and 19.6 percent of the market, respectively; together, they believe closing the gap will make them a worthy adversary of Google. Yahoo and Microsoft said in a statement:

"Providing a viable alternative to advertisers, this deal will combine Yahoo and Microsoft search marketplaces so that advertisers no longer have to rely on one company that dominates more than 70 percent of all search. With the addition of Yahoo's search volume, Microsoft will achieve the size and scale required to unleash competition and innovation in the market, for consumers as well as advertisers."

Microsoft Chief Executive Officer Steve Ballmer said the agreement will give Bing, the scale it needs to more effectively compete, "attracting more users and advertisers, which in turn will lead to more relevant ads and search results."

Yahoo Chief Executive Officer Carol Bartz said in a statement the deal will enable Yahoo to improve its display advertising and mobile areas, while providing advertisers greater scale and efficiencies working with a single platform.

Ballmer and Bartz are hosting a conference call at 8:30 EDT this a.m. to discuss the deal.

Until then, terms of the deal are as follows:
Microsoft will acquire an exclusive 10 year license to Yahoo's core search technologies, and will be able to integrate Yahoo search technologies into its existing Web search platforms.

Microsoft's Bing will be the exclusive search platform for Yahoo sites, with Yahoo continuing to use its technology and data in other areas of its business such as enhancing display advertising technology.

Each company will maintain its own separate display advertising business and sales force; Yahoo will "own" the user experience on Yahoo properties, including the user experience for search, even though it will be powered by Microsoft technology.

Microsoft will compensate Yahoo through a revenue sharing agreement on traffic generated on Yahoo's network of both owned and operated (O&O) and affiliate sites; -- Microsoft will pay traffic acquisition costs (TAC) to Yahoo at an initial rate of 88 percent of search revenue generated on Yahoo's O&O sites during the first five years of the agreement; and Yahoo will continue to syndicate its existing search affiliate partnerships.

Microsoft will guarantee Yahoo's O&O revenue per search (RPS) in each country for the first 18 months following initial implementation in that country.

At full implementation, expected to occur within 24 months following regulatory approval, Yahoo estimates, based on current levels of revenue and current operating expenses, that this agreement will provide a benefit to annual GAAP operating income of approximately $500 million and capital expenditure savings of approximately $200 million. Yahoo also estimates that this agreement will provide a benefit to annual operating cash flow of approximately $275 million.

To preserve consumer privacy, the deal limits the data shared between the companies to the minimum necessary to operate and improve the combined search platform, and restricts the use of search data shared between the companies.

These actions will receive severe scrutiny by privacy watchdogs Consumer Watchdogs and the Center for Digital Democracy; these groups will press the Justice Department and Federal Trade Commission to regulate the Microhoo arrangement.

Yahoo will become the exclusive worldwide relationship sales force for both companies' premium search advertisers. Self-serve advertising for both companies will be fulfilled by Microsoft's AdCenter platform, and prices for all search ads will continue to be set by AdCenter's automated auction process.

Yahoo and Microsoft will continue competing in Webmail, instant messaging, display advertising, and other aspect of the companies' businesses.

The transaction is subject to regulatory review, but hope to close the deal in 2010.

Security Pros Cut Spending on Known Threats

The bottom line trumps clear security concerns at some companies, according to a survey of security professionals and C-level executives just released by the RSA Conference.

For example, even though 72 percent of those who responded to the survey said they've seen a rise in e-mail-borne malware (define) and phishing (define), eight percent said they plan on cutting funds that would previously have been earmarked to try and deal with those risks.

Mobile security also lacked less than a full commitment. Some 40 percent of survey responders said securing lost or stolen devices (BlackBerrys, iPhones, etc.) is a top concern for the coming year, but 15 percent said they would be reducing spending designed to ensure the safety of mobile devices.

Budgetary concerns were top of mind in the survey results. Budgetary constraints were cited by 57 percent of respondents asked to list the top organizational and security challenges they expect to face in the next 12 months. Forty-four percent cited employee education as a major concern followed by lost or stolen devices at 40 percent.

No clear winner emerged in response to the question of what technology investments were likely to be bypassed or curtailed in the coming year. Security related to Telelcom/VoIP, applications, authentication, encryption and key management and DDoS solutions all were came in at or near twenty percent. Endpoint security and mobile encryption/wireless security both came in at 15 percent. Messaging security trailed at only eight percent.

Enterprises seek better ways to discover, manage and master their information explosion headaches

Businesses of all stripes need better means of access, governance, and data lifecycle best practices, given the vast ocean of new information coming from many different directions.

By getting a better handle on information explosion, enterprises can gain clarity in understanding what is really going on within the businesses, and, especially these days, across dynamic market environments.

The immediate solution approach requires capturing, storing, managing, finding, and using information better. We’ve all seen a precipitous drop in the cost of storage and a dramatic rise in the incidents of data from all kinds of devices and across more kinds of business processes, from sensors to social media.

Cisco looks to ride smart-grid data deluge

Cisco is betting that utilities are more likely to invest in new data centers than new power plants in the coming years.

The tech giant is developing a suite of smart-grid products designed to add networking smarts to the existing grid, including routers for substations and home energy-monitoring systems. But a large chunk of the $20 billion per year in smart-grid spending that Cisco anticipates is in traditional data centers.

Since smart-grid technologies rely on a steady flow of information, Cisco expects that utilities will need to invest in more sophisticated IT systems, said Mark Weiner director of Data Center Solutions and a member of a Cisco smart-grid team.

Once utilities put in smart meters, their data processing and storage needs explode. Instead of sending a person to read meters once a month, information for billing or other applications can be sent back once a day, once an hour, or even every few minutes.

If utilities are regulated to reduce peak-time usage, their IT needs shoot up even higher. Demand response, where a utility can turn down energy use at participating customer sites, requires utilities to poll information regularly from a potential large number of locations.

"The requirements are for huge amounts of data to be involved when you have these more advanced pricing models where the goal is to mitigate power generation," said Weiner. "The catcher's mitt for that data is the data center."

Black Hat Exposes Smart Grid Security Risks
Those smart meters may not be as smart as the name implies.

Technology vendors and governments are racing towards adopting Smart Grid technologies which could help to improve energy use and conservation efforts. But the Smart Grid, and in particular the smart meter part of the grid, could also introduce a new class of security threats. In April, a report came out claiming that the current US electrical grid, without the smarts - is also at risk from attack.

In a presentation set to be delivered at the Black Hat security conference in Las Vegas on Thursday afternoon, IOactive security researcher Mike Davis will detail what his research found is wrong with smart meters today. Davis spoke with InternetNews.com in advance of his session, providing some details on the types of attacks that he found smart meters to be at risk from. Davis noted that the goal of his presentation isn't to teach people how to hack the power grid, but is intended as a wake up call to smart meter vendors, which he said have for the most part been receptive to his research.

Davis and his team were able to take control of vulnerable smart meters. With that control, Davis could potentially turn remote power on or off as well as anything he wanted to do by way of a worm that the smart meters could be infected by.

Microsoft Forges 3 New Security Tools

Organized crime, disorganized crime, petty theft, fraud -- the Web has it all, and combating it requires and ever-evolving set of tools. Microsoft offered some details on three new security projects at the Black Hat security conference. It also unveiled the progress it's made with some of the projects it announced at last year's event.

British government tells civil servants to tweet

The government published guidelines Tuesday for its departments on using the microblogging service Twitter.

In contrast to Twitter's limit of 140 characters per message, the document runs 20 pages, or more than 5,000 words.

It tells civil servants their tweets should be "human and credible" and written in "informal spoken English."

It advises government departments to produce between two and 10 tweets a day, with a gap of at least 30 minutes between each "to avoid flooding our followers' Twitter streams."

The advice says Twitter can be used for everything from announcements to insights from ministers, and in a crisis could be a "primary channel" for communicating with the electorate.

The document warns against using Twitter simply to convey campaign messages, but notes that "while tweets may occasionally be 'fun,'" they should be in line with government objectives.

IBM Talks Up 'Smart Analytics' Strategy
IBM puts its business analytics system on an integrated platform that's designed to speed up deployment and deliver data faster

At the same time that it's announcing the $1.2 billion acquisition of analytics player SPSS, IBM today unveiled its plans for an integrated analytics offering called the IBM Smart Analytics System.

The efforts build on IBM's unveiling earlier this year of its Business Analytics and Optimization (BAO) massively parallel technology designed to be able to handle huge data sets.

"Companies are constantly challenged by the volume of data, variety of information and velocity required for decision-making. Leveraging analytics capabilities can help turn this increasing mountain of data into predictive intelligence to help both business managers and IT analysts run new digital infrastructures smarter, faster and more efficiently," Ambuj Goyal, IBM general manager for information management, said in a statement.

"The announcement marries software and hardware plus IBM's world-class consultants and delivers real results in days, not months or years," Jeff Jonas, IBM chief scientist for analytics, told InternetNews.com.

IBM to acquire analytics provier for $1.2 billion

IBM will buy analytics and information forecaster SPSS for $1.2 billion in cash, the companies said Tuesday.

IBM is paying $50 per share for the publicly traded company, which closed Monday on Nasdaq at $35.09. At 6:45 a.m. PDT, the stock had jumped to $49.16.

Chicago-based SPSS makes predictive-analytics software and solutions. Its products tap into vast amounts of customer information that companies can use to try to stay competitive.

Predictive-analytics software is used to gather opinions from customers, forecast future demand, and package the information into business analytics. By capturing and analyzing trends, the software tries to help companies develop products and services better targeted to their customers.

Hackers may slip through hole found in Adobe tools

Cybercriminals may have a clear path to spread mayhem on computers this week by taking advantage of a newly discovered vulnerability in Adobe's (ADBE) ubiquitous Flash video player and Acrobat Reader, the widely used tool for opening PDF documents.

Since early July, troublemakers have been e-mailing PDF files with corrupted Flash video clips and hacking into websites to implant them. These clips, when activated, enable attackers to quickly install malicious programs on the user's computer.

Criminals typically take control of PCs, turning them into obedient "bots." They can use bot networks to steal data, siphon cash from online financial accounts, spread spam and trigger promotions to sell fake anti-virus programs.

The number of attacks could soar this week as Adobe scrambles to develop an emergency patch by Friday. The company recently began issuing security patches once a quarter, with the next update scheduled on Sept. 8.

"The volume of cybercrime has been increasing, so we've stepped up our efforts to supply best-in-class security," says Rob Tarkoff, Adobe's senior vice president and general manager of business productivit.y

Lab Watches Web Surfers to See Which Ads Work

A technician in a black lab coat gazed at the short, middle-aged man seated inside the Walt Disney Company’s secretive new research facility here last week, his face shrouded with eye-tracking goggles. Read ESPN.com on that BlackBerry, she told him soothingly, like a nurse about to draw blood. “And have fun,” she added, leaving the room.

At the Disney Media and Advertising Lab in Austin, Tex., computers follow the eye and facial movements of participants, providing data on what kinds of Internet ads attract attention.
Enlarge This Image

In reality, the man’s appetite for sports news was not of interest. (The site was a fake version anyway.) Rather, the technician and her fellow researchers were eager to know how the man responded to ads of varying size. How small could the banners become and still draw his attention?

A squadron of Disney executives scrutinized the data as it flowed in real time onto television monitors in an adjacent room. “He’s not even looking at the banner now,” said Duane Varan, the lab’s executive director. The man clicked to another page. “There we go, that one’s drawing his attention.”

Businesses Falling Victim to Cybercrime, Report Finds

A survey by cloud-based security specialist Panda Security announced its worldwide barometer on the status of security at small and medium-sized businesses (SMBs). According to the study, which surveyed 5,760 companies worldwide, 44 percent of the more than 1,400 US respondents have recently been infected by Internet threats. Worldwide, 58 percent were affected, with Brazil showing the highest infection rate at 86 percent. Only eight percent of SMBs in Germany reported infections.

The survey found 29 percent of U.S. SMBs lack anti-spam protection, 22 percent have no anti-spyware measures in place and 16 percent operate without a firewall. Fifty percent lost time or productivity as a result of being infected and 39 percent of respondents said either they or their employees have not received training about IT threats that could affect them.

U.S. SMBs cited that of any threat, viruses affected their companies the most, at 41 percent, and they ranked spyware second, at 26 percent. Worldwide, viruses also ranked first, with 55 percent of respondents naming them the most potent threat to their businesses. Ten percent of SMBs in the US were affected to the point of having to stop production, with a worldwide average of 30 percent, the survey found.

While 97 percent of US SMBs surveyed have installed antivirus and 95 percent claim their security systems are up to date, many SMBs still lack common security protection. Along with 29 percent of respondents that have no anti-spam in place, 22 percent with no anti-spyware and 16 percent with no firewall, 52 percent of SMBs said they lacked any Web filtering solution. Of those US SMBs without any security systems in place, 27 percent cited they have not implemented them because they aren't important or necessary, and 20 percent because they are expensive.

Do Device-Tracking Devices Really Enhance Our Lives?

The Location-Enabled Web and What It Means for Your Privacy
OPINION By LESLIE HARRIS
July 24, 2009

Unmet Potential?
The location-enabled Web has the potential to be a real boon for consumers and fertile ground for Internet innovation, but it will only fulfill that potential if it evolves within a legal and cultural framework that recognizes the privacy rights at stake and puts control over this information in the hands of consumers.

Leslie Harris is president and CEO of the Center for Democracy and Technology.

Not so long ago, if law enforcement officers wanted to track the movement and location of a suspect, they would plant a "bug" on the person, a tracking device to continually monitor the individuals whereabouts.

Device-tracking devices let us stay constantly connected with family and friends, but they may be constricting our privacy.

Today, millions of Americans willingly carry location devices with them everywhere.

(ABC News Photo Illustration/Google Maps)
Everyday devices like cell phones and global positioning systems (GPS) make it easy for the government -- as well as technology providers and advertisers -- to track your real-time location or put together a full record of your whereabouts over time.

Location-aware devices provide many benefits to your safety, security and overall convenience. Location-enabled phones improve response time to 911 emergencies and built-in vehicle navigation systems, such as those from OnStar, can send the car's GPS coordinates to emergency personnel.

Other popular location services use GPS satellites, Wi-Fi or cell towers so that users can make better use of their social networks and track where they are in relation to their friends and families. Advertisers can send more relevant ads and, of course, tracking location is an important tool in law enforcement investigations.

Growing Concern About Location-Based Tech
But for all its benefits, there is growing concern about just what is happening to the increasing amount of location information being collected by a variety of entities.

Of particular concern is the question of government access. A record of location can provide a detailed portrait of a person's activities and associations. Yet the legal standards for government access to location data held by a range of third parties are unclear, at best.

When Apple introduced its latest iPhone 3GS a few weeks ago, it instantly drew about 40 million iPhone users into the geo-location market, marking the dawn of a new era where our daily activities once considered mundane now can be tracked with ease, speed and accuracy over the Internet.

Apple joins other popular Internet companies that have also recently jumped to make their mobile devices and services location ready. Mozilla's Firefox, the second most popular browser behind Microsoft's Internet Explorer, has made it possible for Web sites to ask for users' physical locations.

Google's Latitude service, like early entrants Loopt and Where, make it possible for consumers to see their friends' location (assuming they, too, are using the same service) on a cell phone map.

A Legal Solution
Firefox has partnered with Google to be its "location provider." That means that if you're browsing the Web with Firefox and visit Google to search for a site that requests your location, Firefox is able to gather information about nearby Wi-Fi access points and share that information with Google.

Because Google keeps a database that maps Wi-Fi access points to exact locations around the globe, it is easy for them to plot your whereabouts -- in a cafe, office or at home -- and share that intelligence with the Web site you initially visited or, if ordered to do so, the government.

With the pace of innovation in location services quickening, it is too easy for consumers to unknowingly expose themselves to location-based surveillance. Users need to be put in charge of deciding whether such services are activated and with whom location information is shared.

That's why Internet companies need to offer transparent and granular controls for consumers that, in the first instance, ask permission before accessing their location. While all the companies providing location services have taken important steps to build the first generation of user controls, these controls must become more robust as location comes to pervade the Web experience.

Likewise, policymakers need to address the widening gap between America's aging and spotty privacy framework and the rapidly evolving technology landscape to which it applies.

Lawmakers Need to Act
Now is the time to enact a baseline, technology-neutral, consumer privacy law.

This law would require companies that collect personal information to follow fair information practices, including providing consumers with clear and concise notice of collection and use policies, a meaningful choice about the use of their information, access to information held about them, and remedies for misuse.

Location information, as well as other sensitive data, should be afforded heightened protection in that law.

Most important, however, the communications privacy laws that control government access to personal information need to be updated to take into account the changes in technology.

The legal standards for government access to both real-time and stored-location information remain unsettled and highly disputed. Rather than struggling to retrofit laws that were drafted before the digital age to today's technologies, those laws need to be rewritten to ensure that our Fourth Amendment rights against government search and seizure still have meaning.

Unmet Potential?
The location-enabled Web has the potential to be a real boon for consumers and fertile ground for Internet innovation, but it will only fulfill that potential if it evolves within a legal and cultural framework that recognizes the privacy rights at stake and puts control over this information in the hands of consumers.

Leslie Harris is president and CEO of the Center for Democracy and Technology.

Verizon cell phones might aid traffic jam monitoring

Location data from 120 million Verizon cell phones, including some of those used by federal agencies, will provide information about traffic jams to Google Maps and other users of real-time traffic congestion data.

Verizon Wireless, a joint venture of Vodaphone and Networx contract holder Verizon Communications Inc., will provide anonymized data to Atlanta-based location services provider AirSage Inc.

Cell phones need only be turned on, not in use, for their signal to be available. But no personally identifiable data will be made available, said Verizon wireless spokesman Jeffrey Nelson. "Just location data from the GPS in your cell phone if you have opted to turn it on for location-based services," he said.

The agreement will quadruple the number of signaling messages AirSage will use in its Wireless Signal Extraction (WiSE) application to provide traffic information, predictive analytics and location services, Cy Smith, AirSage chief executive officer, said in a statement. When the data is fully integrated, he said, the company will have a database of more than 12 billion signaling messages across more than 200,000 centerline miles of roadway to power applications for government agencies, businesses and consumers.

Although AirSage currently focuses on real time traffic condition monitoring, it also is developing location services for commercial and emergency management use.

That also could include traffic monitoring by government transportation departments.

“Highways have traditionally been monitored using static sensors, which include loop detectors built in the pavement, radars and cameras along the road, and more recently toll card readers such FastTrak or EZ-pass,” said University of California, Berkeley, researchers Daniel Work and Alexandre Bayen in their report, "Impact of the Mobile Internet on Transportation Cyberphysical Systems: Traffic Monitoring Using Smartphones."

Gates Faults U.S. on Data Privacy and Immigration

NEW DELHI, India — In a far-ranging speech Friday, Bill Gates criticized the American government’s policy on immigration and data privacy, predicted giant leaps in technology in the near future and explained why he had to shut down his Facebook page.

“Over the next decade, the entire way we interact” with computers will change, the chairman of Microsoft told hundreds of government officials and information technology executives in New Delhi. Mr. Gates spoke of cellphones that would recognize people around them or be used to test for diseases; computers equipped with voice recognition and an Internet that is used for much more than Web pages.

While the recession has been a “big deal” it has not slowed innovation, he said, in part because countries like India and companies like Microsoft are investing in education and research for a new generation of computer scientists.

Managing Mission Critical Databases Cost Effectively

The database sits at the heart of an organisations' IT systems. With the need for 24/7 availability increasing, it is vital that databases are optimised, monitored and maintained efficiently and effectively.

This paper aims to highlight the key challenges faced by IT organisations in maintaining their information management systems and the solutions to these challenges. In particular it focuses on the management of DB2 databases for both midrange and mainframe platforms.

The challenges of database management
Cost - With the current economic slowdown, IT budgets are static or reducing. The need to be more efficient and "do more with less" is increasing. Although software and hardware costs are falling, people costs are not and continue to consume an increasing proportion of the IT budget. This is especially true for highly skilled staff such as database administrators.

First Garmin-Asus smartphones due out next week

The first smartphones from the new joint venture between GPS device maker Garmin and electronics vendor Asustek Computer will be available in Taiwan next week and the rest of the world in the coming months, Garmin-Asus said Friday.

The Nuvifone G60, which has a 3.55-inch touchscreen and uses a Linux OS, will be in stores July 27 in Taiwan and then in Singapore and Malaysia by the end of August, the company said. The smartphone will be available in Europe and the U.S. later this year.

The smartphone will cost NT$16,999 (US$519) in Taiwan and will be sold in retail stores on the island, a company representative said. Details on pricing and where the handsets can be purchased in other markets will be announced in coming months.

The Nuvifone M20, which has a 2.8-inch touchscreen and runs Microsoft's Windows Mobile 6.1 Professional will hit stores in Hong Kong, Malaysia, Singapore, Taiwan and Thailand next month and in Europe later this year.

Pricing will be made available closer to the launch dates, the company said.

Garmin-Asus has said it will launch its first smartphone with Google's Android operating system next year. Android, developed by Google, is a Linux-based operating system and software platform for smartphones designed to take advantage of Google's online services, such as Gmail and Google Docs.

Air Force’s ‘Universal Translator’ Has Everybody Talking

In late June, the Air Force awarded Northrop Grumman a $280-million contract to install a range of electronic systems on three Bombardier business jets and two RQ-4 drones. Collectively, the installed systems are known as Battlefield Airborne Communications Node, or BACN. (Yes, that’s pronounced “bacon.”) It might look and sound hopelessly obscure, but BACN is a big, big deal: a sort of “universal translator” for the vast array of drones, jets and ground forces deployed by the U.S. and its allies.

The explosive growth in communication technology over the last several decades has resulted in military units that, as often as not, can’t talk to each other. Add civilians, attached to the military, and you’ve got an even more confused comms situation. If you’re a State Department reconstruction team carrying just cell phones and satellite phones, and you get ambushed in southern Afghanistan, you normally won’t be able to talk to the Air Force A-10s flying overhead.

Enter BACN, which “extends communications ranges, bridges between radio frequencies and ‘translates’ among incompatible communications systems,” using Internet Protocols, according to Defense Industry Daily. “That may sound trivial, but on a tactical level, it definitely isn’t,” DID notes.

Yahoo, Microsoft finally near deal

It's unclear whether they brought the requested "boatloads of money," but several top Microsoft executives are in Silicon Valley to try to finalize a search deal with Yahoo, according to an All Things Digital report late on Thursday.

According to the report, the two sides are "down to the short strokes" after years of excruciatingly well publicized on-again, off-again talks. A deal could come within a week, All Things Digital said.

Included in the Microsoft entourage, according to the report, are three of its top online executives: Yusuf Mehdi, Satya Nadella, and Qi Lu.

Yahoo CEO Carol Bartz said in May that she was open to a search deal if she believed in the partner's technology and they provided said boatloads of money. Microsoft CEO Steve Ballmer has indicated for more than a year now that he would like to strike some sort of search deal, although he no longer wants to acquire all of Yahoo as the company offered to do in February 2008.

With Microsoft's Bing getting some good reviews and Microsoft having billions in cash on hand, the ingredients would seem to be in place, if both sides have the will to make it happen.

Apple`s Lack of a Netbook Slowing Sales, Reports Indicate

Apple competitors HP, Dell and Acer pull away from Apple as a down economy makes netbooks, smaller, less expensive notebooks more attractive to consumers. Apple has repeatedly stated it has no interest in the netbook market.

Reports from research firms Gartner, Inc. and IDC show Apple, Inc., the company whose products are synonymous with style and substance—at a price—lagging behind its less sophisticated, but far less expensive, competitors Hewlett-Packard (HP), Dell and Toshiba. This week’s report from IDC projected Apple would take fifth place in second quarter U.S. market unit shipments, with 1.21 million units sold. This places the company behind Dell, HP, Acer and Toshiba.

Gartner, however, gave fourth place to Apple, estimating shipments for the quarter at 1.4 million units, to Toshiba’s 1.1 million units shipped. IDC also estimated Apple claimed fifth place in U.S. market share, with 7.6 percent (down from last year’s figure of 8.5 percent), placing the company behind Dell, HP, Acer and Toshiba again. Gartner, conversely, gives 8.7 percent of the U.S. market share to Apple and 6.8 percent to Toshiba.

Twitter Hack Shows Security Weakness in the Cloud

Twitter is reporting details on a hack that leaked internal Twitter documents to news Web sites, including TechCrunch. The social-media superstar is exposing the root of the vulnerability that allowed an attacker into an administrative employee's e-mail account.

"From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account, which contained Docs, Calendars, and other Google apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details, and more within the company," said Twitter cofounder Biz Stone.

Stone was quick to note that the attack had nothing to do with any vulnerability in Google Apps and Twitter is still using the software. Rather, Stone blamed the attack on Twitter's popularity. The attack is not about any flaw in Web apps, he stressed, but speaks to the importance of following personal-security guidelines such as choosing strong passwords.

Stone also stressed that the stolen documents downloaded and offered to various blogs and publications are not Twitter user accounts, nor were any user accounts compromised, save a screenshot of one person's account. In that case, Twitter contacted the user and recommended a password change.

Who's Typing Your Password?

Passwords can be one of the weakest links in online security. Users too often choose one that's easily guessed or poorly protected; even strong passwords may need to be combined with additional measures, such as a smart card or a fingerprint scan, for extra protection.

Delfigo Security, a startup based in Boston, has a simpler solution to bolstering password security. By looking at how a user types each character and by collecting other subtle clues as to her identity, the company's software creates an additional layer of security without the need for extra equipment or user actions.

The software, called DSGateway, can be combined with an existing authentication process. As a user enters her name and password, JavaScript records her typing pattern along with other information, such as her system configuration and geographic location. When the user clicks "submit," her data is sent to the Web server and, provided that the username and password are correct, the additional information is passed on to Delfigo. The company's system then evaluates how well this information matches the behavior patterns of the appropriate authorized user.

Delfigo's algorithms build up a profile of each user during a short training period, combing 14 different factors. The company's president and CEO, Ralph Rodriguez, developed the necessary algorithms while working as a research fellow at MIT. Rodriguez notes that recording multiple factors is crucial to keeping the system secure without making it unusable. If the user types a password with one hand, for example, while holding coffee in the other, the system must turn to other factors to decide how to interpret the variation, he says. If she does this every morning, the system will learn to expect to see this behavior at that time of day.

Microsoft Azure Could Curb Enterprise Fears About the Cloud

Microsoft has begun an aggressive push for Azure, its cloud-based developer platform, to be adopted by the enterprise. While companies have expressed reservations about moving applications and development to the cloud, the standardization and functionality offered by Azure could convince them to take the jump, even if they eventually end up on a rival platform offered by Amazon, Google, or Salesforce.

Google Voice Takes VoIP to Android, BlackBerry
Google's Internet phone service debuts in Android and BlackBerry apps. Should carriers and Skype be worried?

Google Voice -- the search giant's VoIP call-routing service -- is now available in Android and BlackBerry applications, offering users a centralized platform handling a unified phone number, SMS, and automated voicemail transcription.

The service functions primarily around connecting users' traditional phones via VoIP. The technology, based on Google's acquisition of GrandCentral Communications, first appeared as a Google product in March, when it entered a public beta. At that time, users could only initiate calls through a Web interface, which connected the two parties.

Microsoft Windows Mobile 6.5 Offers New Features to Counter iPhone

Microsoft's Windows Mobile 6.5, the newest version of its operating system for mobile devices, includes improved touch capabilities and several screens specifically designed to answer similar features available on Apple's iPhone, the Palm Pre and other smartphones. In addition, Microsoft plans on rolling out Windows Marketplace for Mobile, which will allow developers to submit applications for use in the Windows Mobile ecosystem.

Researchers to Spotlight Darknets at Black Hat

In one of the first talks at this year's Black Hat USA, Billy Hoffman and Matt Wood, both security researchers at HP, plan to demonstrate a darknet designed to run entirely within a browser. Darknets, which allow decentralized, private peer-to-peer communications between clients, are not new; they are currently used in academic environments to share data among researchers. Freenet and WASTE are two examples of desktop darknets. But Hoffman and Wood said both require configuration beyond the average user. For the last six months, they have been simplifying the process. What Hoffman and Wood are showing at Black Hat is Veiled, a proof of concept browser. Using newer browsers--Internet Explorer 8, FireFox 3.5, Opera, Chrome, Safari, even the PS3 browser--all of which support javascript and HTML 5--Wood was able to build what previously existed only in a desktop application. Darknets afford distinct advantages such as distributing content among all participants. Because of built-in redundancy, publishing to the darknet is resilient. Wood said if any client drops off and comes back, they'll be able to recreate lost content. When you close your browser you are removed from the darknet. When the last member leaves, the darknet, and all its content, disappears except for a few encrypted bits in the browser.Among the cool features of the Veiled browser is Web-in-Web, which allows darknet users to create their own private Web pages with links to content only available within the darknet itself. Darknets enjoy zero footprints and can't be viewed by the greater Internet.

Mozilla Foundation tackles Firefox bug

THE MOZARELLA FOUNDATION is investigating a cheesy Javascript flaw in Firebadger 3.5 that leaves one's computer open to a serious attack.

The critical flaw was revealed by insecurity outfit Secunia, which found that some exploit code is already available online. There have been no reports yet of the flaw being exploited in the wild, but that is likely just a matter of time.

The flaw is activated by a poisoned web page that is usually handed over by a wicked witch while the dwarfs are away at work and causes the user to fall asleep for a thousand years. [I think you have been writing too many insecurity stories.

There is a temporary fix for the problem. It involves disabling the new Javascript processing feature in Firefox 3.5 and thus rendering the upgrade to from 3.0 to 3.5 largely pointless.

However the Mozzarella Foundation says it's close to fixing the hole and will issue an update to patch it fairly soon. We guess the race is on to see who gets there first.

Microsoft Scores for Developers, Designers with Silverlight 3

Microsoft has delivered Microsoft Silverlight 3 and Expression 3, the latest versions of the company's rich Internet application (RIA) and web development and design platform, with the goal of more seamlessly integrating designer/developer workflow, among other benefits.

Microsoft officially launched Silverlight 3 on July 10. However, Expression 3 will be available within the next 30 days, including a free, 60-day trial version available at http://www.microsoft.com/expression/try-it. A Release Candidate of Expression Blend 3 with its new SketchFlow technology is available now for download.

In blog posts, conference presentations and briefings, Microsoft officials have offered a deeper view into many of the components in the new versions of Silverlight and Expression.

Google hits Lotus Notes users

THE GOOGLE STEAMROLLER is trundling towards Lotus Notes with the release of a tool to encourage Notes users to convert to Google Apps.

Google Apps Migration for Lotus Notes lets users migrate mail, calendar and contacts from Lotus Notes to Google Apps. The tool is a native Notes application and is free with the Google Apps Premier Edition (GAPE) and the education and nonprofit versions of the Google Apps suite.

The tool is offered as a trial version so that Notes users can give it a go before buying. It performs the migration completely from the server side so Notes users can continue to work while the migration is in progress.

Once migrated, Gmail will open Notes links with the Notes client. The software also includes monitor, management and logging tools to control the migration.

Analysts at Gartner told PC World that by targeting the Domino base with a server-side migration utility, Google has clearly identified domino as vulnerable to poaching.

Sean Poulley, vice president of IBM cloud collaboration said that Biggish Blue was confident in the long-term competitiveness of its Lotus position. LotusLive beat Google Apps in a side-by-side comparison and won the Enterprise 2.0 Conference Editor's Choice Award for Cloud Computing last month in Boston, he pointed out.

Poor IT job market may fuel online crime: Cisco

WASHINGTON (Reuters) - The ever-weakening job market could well lead to an increase in online crime as laid-off workers, especially those with computer skills, turn to scams to support themselves, Cisco Systems Inc said in a mid-year security report to be released on Tuesday.

Disgruntled employees may target their former employers, and Cisco warned that insiders "can be especially damaging for an organization because insiders know security weaknesses."

A former information technology analyst at the Federal Reserve Bank of New York was arrested in April along with his brother on suspicions of taking out loans using false identities. FBI investigators found a flash drive attached to the bank employee's computer with applications for $73,000 in loans in the names of stolen identities, the report said.

Cisco warned companies which use short-term IT consultants or who contract out the tasks to "be particularly vigilant about the level and term of their access to sensitive data."

The report included snippets of a conversation with a botmaster, or someone who remotely takes over computers without users' knowledge and often sells the resulting access to spammers.

IT budgets: Shifting by the week?

The technology earnings season kicks off in earnest on Tuesday when Intel reports its second-quarter results, but the outlook for the sector may sound like a broken record: visibility is low, and IT budgets fluctuate with everything from CEO mood swings to the stock market.

A handful of companies--Dell, Infosys, Red Hat, Oracle, and Lawson--have already riffed on technology budgets amid a volatile economic picture. The common thread: IT budgets are just as jumpy as your friendly neighborhood stock, but there are signs of stabilization.

Goldman Sachs expects an 8 percent decline of global IT spending, followed by a 2 percent gain in 2010. Other research outlets, such as Forrester and Gartner, have been cutting their spending projections but remain more optimistic than Goldman Sachs. To say these projections are moving targets is quite the understatement. Why? Executives appear to be changing their minds each week.

IBM tops Green500 supercomputer list

Big Blue's supercomputers are among the greenest in the world.

An IBM supercomputer won first place in a new list ranking the world's most energy-efficient supercomputers.

The June Green500 list, announced June 30 and published by Green500.org, also showed that 18 of the top 20 greenest supercomputers in the world are made by Big Blue.

The group also said that the average efficiency of the supercomputers rose by 10 percent, even as the aggregate power of the machines on the list increased 15 percent.

A key factor in determining a supercomputer's energy efficiency is the number of operations per watt.

Cisco: IT Struggling to Cope With Internal Security
Too many IT managers are mired in minutiae, fixing small holes while failing to see the big issues, Cisco said today.

For enterprise IT managers, key pain points are insider threats, Web 2.0, compliance, and application security. Cisco's bi-annual threat report, released today, delivers common sense recommendations to solve these problems, which are intimately related to one another.

The most difficult to defend against might seem to be insider threats. The issue has certainly been in the news, with an energy company and the U.S. State Department being recent high profile victims.

"There are three reasons why this problem is getting worse," Patrick Peterson, Cisco fellow and chief security officer, told InternetNews.com. "The first is the economy. Many employees are acting out of desperation. The second is that the employer-employee relationship has changed, and people are now more willing to screw their employer and not think twice. The third is globalization and outsourcing."

In response to this threat, Peterson said that enterprises have robust identification and auditing. But it's possible to get it wrong. Peterson noted that the city of Bozeman, Montana recently asked job applicants for all of their passwords. "They were concerned with a real threat but the policy they implemented was probably illegal and certainly unnecessary," he said.

Peterson said that businesses have to identify risks and apply policies to specific job functions and lines of business. "The business cannot have a one-size-fits-all policy," he said. "We have previously emphasized the need to know your risk (less so in this report).

"It's surprising how many businesses don't focus on knowing their risk, and don't have a strategy to minimize it," he said, and admitted that the fact that security policies are often driven by compliance rather than by risk management is a huge factor.

Peterson explained that means that they have to solve issues as they crop up. Nobody should be working now on an issue that was identified two years ago, but in the real world, many are.

Intel outlines the next-generation 'reality web'
Forget Web 2.0, the future is 'immersive connective experience'

Intel has been outlining its research into the future of the internet, and is predicting a greater merging of the online and real worlds.

Jerry Bautista, Intel's director of technology management and microprocessor research, said in his keynote address to the Semicon West 2009 conference that Intel is working on what it terms an 'immersive connective experience' (ICE) where devices will increasingly overlay the digital world onto the real one.

"There is another web coming, an ICE web," he said. "The digital world and the actual world are going to be connected, and we will find that we can create other worlds as well."

Bautista highlighted a number of areas where this is already taking place. Intel is working on automating the creation of 3D avatars which could be used to augment videoconferencing, for example. The computer could create an avatar of the participants and the room they are in, so that everyone appears to be in the same room and has realistic facial expressions.

Intel's laboratories have also been researching visual computing, using computers in conjunction with cameras and GPS in a smartphone. For example, a user could take a picture of a road sign on their smartphone, and the handset would use GPS to determine the global location, get a translation of the sign and provide directions from an overlaid mapping application.

Bautista explained that applications such as Second Life are merely the first generation of virtual worlds, and the experience will get much more immersive. Intel has been using software modelling techniques to render 3D images more effectively, including making computer-generated environments obey physical laws of movement and building in behavioural int elligence.

Another example of this would be users generating their own 3D images by sending in 20 pictures of an object to be rendered and letting the computer build the object automatically.

Bautista estimated that the techniques of using the camera to produce visual searches for data of a photographed object would come online in 2010, with information overlay on camera views by 2012 and a 2D and 3D visual overlay available by 2014.

He pointed out that there are plenty of virtual worlds bigger than Second Life; teen site Poptropica pulls in 21 million users and Neopets over 45 million. More than 50 per cent of all virtual world users are aged between four and 12, and the idea of interacting in virtual worlds will be normal and natural as they grow up.

However, all these functions will require a huge increase in computing power. Intel estimates that such a system would require servers to work 10 times faster, using 100 times the current bandwidth and a new generation of " many-core" computing processors.

AMD unveils new Opteron chips

CHIP MAKER AMD has announced five new six-core additions to its Opteron processor family that it says are even more power efficient that their predecessors.

The first three 55W ACP Opteron HE CPUs - the 2GHz 2423 HE, 2.1GHz 2425 HE and 2.1GHz 8425 HE - are aimed at cloud computing and webserver environments. Using AMD's Direct Connect architecture, they promise power savings of up to 18 per cent over the standard wattage versions.

"Since our initial introduction of multi-core processors for the server market, it's been the AMD mission to help IT managers reduce datacentre energy costs without compromising performance," said Patrick Patla, vice president and general manager of AMD's Server Business.

"These new lower power Six-Core AMD Opteron processors feature the highest performance-per-watt that we have brought to market, and help drive down power consumption while addressing the shifting cloud and Web landscape of today's datacentre."

The remaining two Opteron SE processors - the 2.8GHz SE 8439 and 2.8GHz SE 2439 - are designed for high performance and mission-critical workloads such as database and CRM applications. Both are rated at 105W, nearly double their HE counterparts.
The HE processors are shipping from today in HP ProLiant G6 systems and will be available from other OEMs, including IBM and Dell, over the course of this quarter with even more power efficient processors due out later this year.

Security Researchers Exploit Vulnerability in Handling of EV SSL Certificates

Two researchers have discovered a design flaw in Web browsers that can be exploited to launch man-in-the-middle attacks on extended validation SSL certificates.

Mike Zusman, principal consultant at Intrepidus Group, and independent security researcher Alex Sotirov plan to reveal the details of their findings at the Black Hat security conference coming up in Las Vegas later this month. In an interview with eWEEK, Zusman said that through a technique the duo calls 'SSL rebinding', attackers can exploit the behavior of the browser to effectively render an extended validation SSL (EV SSL) certificate meaningless.

EV SSL certificates are meant to offer additional authentication for Web sites and provide protection against phishing attacks. Before an organization can receive one, they must meet certain criteria as part of a vetting process. Sites that are given the certificate display a green icon in the address bar.

But for all the emphasis EV SSL puts on authentication, the browser does not treat the certificate very differently than a domain validated SSL (DV SSL) certificate - a fact that can be exploited by attackers, Zusman explaine

Where Are the Cybercops?

Everyone talks about Internet security, but no one does anything about it. That's not true, of course -- there are many organizations and businesses dedicated to keeping the Web safe. Yet it is true that no one is taking ultimate responsibility for policing the Web. No one is willing -- or perhaps, able -- to say "the buck stops here." Perhaps that's as it should be?

The month of June saw a host of Web-based attacks compromising legitimate Web sites. One, dubbed "Nine Ball," compromised more than 40,000 Web sites. Another attack injected a malicious script that antivirus vendor Sophos named "Troj/Iframe-CB" into large numbers of legitimate sites.

Victims who access or browse such tainted Web sites are infected with malware.

Facebook , the world's leading social networking site, has been hit repeatedly by cybercriminals.

In May, a hacker cracked into Twitter's internal administration system to gain access to the accounts of millions of users, including President Obama, singer Britney Spears and actor Ashton Kutcher.

What can be done about these attacks, and who's policing the Web anyhow?

Microsoft takes on Google with free Office programs

BOSTON (Reuters) - Microsoft Corp will release a free version of its dominant Office software that users can access over the Web, catching up with products that arch rival Google Inc launched three years ago.

The world's largest software maker will offer a word processor, spreadsheet, presentation software and a note-taking program with the same look and feel of their counterparts in the Office suites that it sells for personal computers.

It is the latest salvo in an intensifying war between the two technology giants. Google announced plans last week to challenge Windows with a free operating system. Microsoft introduced a new search engine, dubbed Bing, last month, that has taken a small amount of market share from Google.

Hands On: Microsoft Office 2010 Technical Preview

Microsoft today released a "technical preview" release of Microsoft Office 2010, the next version of the world's most widely used application suite. The beta is available to anyone who preregistered with Microsoft for a chance to download and test it. After running it for a few days of intense testing, I'm impatient for the final release. As far as I can tell, this should be the smoothest upgrade for Office in many years. If you're used to Office 2007, you'll need no help using Office 2010. Old features remain where they were, although some are now displayed on spacious menus with lots of explanatory text instead of the cramped menus of 2007. In fact, the new features are slotted in so smoothly that it may take you a few moments to realize that they're new.

You'll see major changes in the new version if your company also updates to SharePoint Server 2010. Office 2010 is packed with features that let SharePoint users edit and manage each other's files either through an internal connection to a SharePoint server or remotely through a Web browser or smartphone. Microsoft's obvious goal is to persuade corporations to pay for Microsoft's collaboration tools instead of using those from Google or any other cloud-based service. Microsoft's look technically dazzling, but it's an open question whether Microsoft can convince companies to lock themselves into a high-priced proprietary offering in a time of economic uncertainty.

One other innovation is that Office 2010 will be the first version of the suite available in both 32- and 64-bit versions. We haven't received the 64-bit version yet, but we'll report on its performance on a 64-bit version of Windows as soon as we can.

Intel adds vrtualization tech to five processors

Santa Clara (CA) – Intel informed system vendors that its virtualization technology (VT) will be available in five additional processors beginning in August.

The company said it is “initiating a conversion on the R stepping” of the boxed Core 2 Quad Q8300, Pentium E5300 and E5400, as well as the Core 2 Duo CPUs E7400 and E7500. These new processors will be available on August 3. System vendors will have to use a BIOS update to make VT available to customers.

VT is already supported in all Q9000 series quad-core CPUs as well as the (45 nm) Q8400 and the 65 nm Q6600/Q6700 processors. Availability in older processors is rather scarce; customers who are looking for a chip that supports VT should consult Intel’s VT product list before buying a specific processor.

Three critical Microsoft patches coming next week

Redmond (WA) - Microsoft is to patch three ActiveX vulnerabilities rated 'critical' next Tuesday (July 14).

Six patches will be available on Windows update from 1000 am PDT including three critical updates affecting Windows, one important update for Publisher, one important update to Internet Security and Acceleration (ISA) Server and one important update affecting Virtual PC and Virtual Server.

The critical patches include the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. Microsoft says it is aware of 'limited active attacks' that have allowed remote code execution after users opened specially crafted QuickTime files. Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable, but all versions of Windows Vista and Windows Server 2008 are safe, says the company.

Shifting Clouds

The trend toward cloud computing is growing, but not all cloud players are benefiting equally. Some of the early trailblazers have already disappeared, having failed to attract the investments needed to stay alive, or having been gobbled up as larger competitors lumbered onto the playing field. Best-of-breed innovators are going to have to be nimble and quick to survive.

Microsoft takes on Adobe with Silverlight 3

Redmond, WA - In a challenge to Adobe Flash, Microsoft has released its new web multimedia player Silverlight 3, a browser plug-in enabling audio, vector graphics and animation.

The company says it allows streaming of high-definition video in full screen with stutter-free live and on-demand video.

It supports Internet Explorer 6, 7 and 8, Firefox 2 and 3 and Safari 3 and 4 browsers - but not Opera or Chrome.

There are a number of improvements over the previous version, including Smooth Screening, which automatically provides the best quality video possible for the network and local PC connections - allowing instant playback of HD video for those with a high-badwidth connection and powerful hardware. It allows streaming of 720p HD content over the web with the ability to pause and rewind a live stream.

It features GPU hardware acceleration and support for H.264, AAC and MPEG-4, along with 3D support. New APIs allow developers to plug in their own codecs.

An out-of-the-browser capability similar to Adobe's AIR allows users to place their favorite Silverlight applications directly onto any PC or Mac desktop, start menu or application folder, without the need to download an additional runtime or browser plug-in. Applications work whether the computer is connected to the Internet or not.

Silverlight 3 is available here. The formal launch is today.

10 Things for Linux Desktop Evangelists to Ponder

This is the year of the Linux Desktop! Oh, um, so was `expr ${THISYEAR} - 1`. No, wait. It was `expr ${THISYEAR} - 2`. Just kidding. Next year is the year of the Linux Desktop!

Of course, many continue to dream and hope, cajole, and demand that one of these years be the year of the Linux Desktop. I'm a big fan, and I'm pulling for Linux's success, but it's a complex formula that determines if and when.

It's a puzzle with many pieces. I think Linux is close, but the pieces of the puzzle need to come together. Following is my take on 10 pieces of the puzzle that, if addressed, could bring the Linux Desktop closer to its year.

10. Find an anchor point. Rally around that.

People want something familiar, and if it isn't crazy-familiar like Windows(tm) it should be familiar and universal across Linux. Yes, the 733t want extensions, and customization, but the selling point to the world is an anchor point, a standard. Ubuntu comes close.

9. Be generous. Give your time. Give your old computers. Walk the walk.

Help friends and family (and the occasional foe) by setting their Linux up and supporting them. I've done this, and once past the fear factor, I've found that unless there's some show-stopper missing Windows application, people find Linux perfectly fine for their computing needs.

8. Convince the killer-apps owners to create real and usable ports of their products.

Not wine! Not emulations. The real deal .

I believe there is a dormant silent majority of users who, if given their treasured "have to have" applications on Linux, would more seriously consider Linux. Take away their reasons NOT to use Linux.

7. Find a sponsor willing to step up to real publicity for Linux.

Find a sponsor like Red Hat (NYSE: RHT) for Linux Desktop. Make it more than just a technical offering. A real and BIG sponsor like a Red Hat moves closer to the tip of the mainstream tongue. Again, as in #1, Ubuntu comes close.

6. Make Linux worth something.

I know Linux is free. I know the whole philosophy is "free." Consumers rarely brag about their latest "free" acquisitions.

By nature, people want to know their possessions are valuable. If you want to really understand this, you need only read the first chapter of this amazing book -- Influence: The Psychology of Persuasion on influencing people.

For things like OSes (say, Linux Desktop?), where owners have no way to assign worth or value to their Linux Desktop (possession), their common benchmark is how much they paid for it. This fits nicely with point #8, and point #7. It costs money to sponsor something. It costs money to market something. It costs money to port complex applications across platforms. This creates both "value" to the customer and business motive to providers.

The Linux l33t can still have theirs for free but not many find their brag interesting (no matter how great a feat that is).

5. Pay for Linux!

Continuing the theme from #6, be willing to pay for Linux. Be willing to discuss Linux as a product people buy. Be willing to say "not free" isn't always a bad thing.

I know Linux proscribes selling Linux, but there are many success stories where Linux is the cornerstone of a profitable product (think TiVo). A nicely constructed Linux Desktop is worth money, whether FOSS thinks so or not.

4. Know the competition. Critique the competition. Avoid criticizing the competition.

Don't say Windows sucks. It's not constructive. It doesn't add anything to the debate.

Microsoft (Nasdaq: MSFT) can say that about Linux; they're bigger. And if you pay attention, Microsoft is a master at crafting civil and reasoned arguments for their case, albeit with a little smoke and mirrors.

3. Be mainstream.

Don't bore users with facts, figures, numbers (see point #4.). Stop being surprised that users just don't care.

A short productive demo does more to show a potential user Linux's power, usability and reliability than any list of technical details interesting only to Linux gearheads. Hint: When your audience's eyes roll all the way back, you're arguing the wrong facets.

2. Be easy and compatible.

A gazillion Linux distros with a gazillion application management tools is impressive. Impressive doesn't equate to a sale.

Users don't care if there are unlimited ways to do the same task. They want it easy, and they want it familiar. Pick a management tool -- be it application installation, system administration, etc. -- and make it the standard. Pick one easy to use. Try to make it universal. If Linux isn't compatible with itself (cross-distribution), compatibility with Microsoft doesn't matter. (Okay, maybe it does a little.)

1. Lose the attitude! Lose the edge! Stop whining already!

I love Linux and have used it for more than 10 years. Even I have tired of the strident "we're better at ..." screeds. It doesn't matter!

The best product doesn't always win (look up Beta vs. VHS vs. Laserdisc). The best discussion is a civil discussion. (I know, I wasn't civil in my opening for this point. Sorry.) If you scream about Linux, the part of your conversation people remember is your screaming, not your acumen.

Hands-on Sony's first netbook, the Mini W

Sony is introducing a netbook for people who really want a netbook, and are willing to pay a bit extra to make it a Sony Vaio: the estimated street price is £399. It will be the cheapest machine in Sony's range, but of course, you can get full-size, full-spec notebooks from other firms for less than £300.

"It's a market that's got big potential," says Vaio product manager Robert Duncan. "We expect [the Mini W] to appeal to people we're not currently talking to: people who maybe are on a budget but aspire to having a Vaio."

The Mini W is a light (1.19kg) netbook with a 1.66GHz Atom processor running Microsoft Windows XP in 1GB of memory, with a 160GB hard drive. Connectivity includes two USB ports, Ethernet, and both SD and MagicGate card sots. If you're a Sony Memory Stick user, this may be the only netbook for you.

You also get a Sony isolated keyboard, which is a bit small (roughly 86%, says Sony) but quite usable. But the real difference is the native resolution of the 10.1-inch screen: 1366 x 768 pixels. This is the same as many notebooks with 13in or larger screens. Of course, it does mean on-screen text is rather small, but it seems a bit better than the sort-of-pocketable Sony P-series.

It also has one of the new textured touchpads, two buttons for mouse-clicks (better than a rocker bar) and a useful Wi-Fi on/off switch on the front left. Things it doesn't have include a SIM slot for mobile phone networks, and an HDMI slot.

Twitter suspends accounts of users with infected computers

Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace.

The malware, Koobface, is designed to spread itself by checking to see if person is logged into a social network. It will then post fraudulent messages on the person's Twitter account trying to entice friends to click the link, which then leads to a malicious Web site that tries to infect the PC.

The popular microblogging service has had a strong impact as a new communication platform, such as providing on-the-ground insight from participants in the recent protests over the presidential election in Iran. But it is also being targeted by fraudsters and hackers, who using it as a way to infect people's PCs with malicious software.

Twitter is the latest site to be targeted by a Koobface variant, said Rik Ferguson, senior security advisor for Trend Micro. Other sites have included Bebo, Hi5, Friendster and LiveJournal, according to the U.S. Computer Emergency Readiness Team.

Will Google's OS Make the Desktop Safe?

Google says that its forthcoming Chrome operating system will be so secure that "users don't have to deal with viruses, malware and security updates." But Google's claim is being met with skepticism within the Internet security world.

"I have serious doubts about their claims simply because an operating system must execute code and malware is code," says Dave Marcus, director of security research and communications for McAfee Avert Labs.

DirectX targeted in Microsoft security updates

Microsoft said on Thursday that it will issue six security updates on Patch Tuesday next week, including a critical one that will fix two outstanding holes in DirectX that have been targeted in attacks.

In May, Microsoft announced that there had been attacks against a DirectX vulnerability that could allow someone to take complete control of a computer using a maliciously crafted QuickTime file.

Earlier this week, Microsoft warned of attacks being launched that exploit a hole in the Video ActiveX Control when used in Internet Explorer for recording and playing video in DirectShow. Microsoft offered a workaround on Monday for that hole, which reportedly it had known about since last year.

Silverlight 3 debuts ahead of Friday's launch

The final version of Silverlight 3 has been released to the Web, a day ahead of the product's launch event in San Francisco. The release, noted by enthusiast site Neowin, marks Microsoft's latest effort to take on Adobe's Flash.

Microsoft detailed Silverlight 3 at the Mix09 event in March, releasing a beta version of the software.

Among the product's new features is technology that allows the software to utilize a PC's hardware to accelerate graphics processing. It also allows for programs that run outside a browser on both the PC and Mac.

Microsoft's New CRM Accelerators Embrace Social Networking, Web Portals

Microsoft will release free CRM Accelerators for Microsoft Dynamics CRM that allow the enterprise to pull data from social networks such as Twitter, centralize sales management across multiple channel partners through a common Web site, and integrate Dynamics CRM with Web portals. Microsoft has been heavily promoting its Dynamics CRM throughout 2009 as an alternative to Salesforce.com and other cloud-applications companies.

Internet Keeps Growing - And Getting Faster, Too

The economy may have faltered, but the Internet continues growing by leaps and bounds as people keep moving online in droves -- and at faster speeds.

Content delivery network vendor Akamai (NASDAQ:AKAM) today released its Q1 2009 State of the Internet report, showing that on both a year-over-year and quarterly basis, the Internet is growing despite the current global recession.

The total number of IP addresses seen by Akamai's network of global servers grew by 28 percent compared to last year. In the U.S. alone, Akamai saw growth of 20 percent. The speeds at which users are connecting to the Internet are also improving: Globally, connections grew faster by 29 percent on a year-over-year basis.

At present, average global connection speed to the Internet totals 1.7 Mbps, Akamai said. In the U.S., the average connection speed is now 4.2 Mbps, a 15 percent increase over the figure Akamai reported for the first quarter of 2008.

US government gives IT spending data some Flash

The Obama administration came to office with promises of greater openness about government activities and improved technical capabilities. On Tuesday, the US CTO, Vivek Kundra, announced a new Web resource that promises to allow citizens to track IT spending across all government agencies. Although this undoubtedly represents a positive step towards more useful public disclosure, on some levels it's simply the latest example of an ongoing trend in the US government's approach to public information.

The new site is called the IT Dashboard. (In a sign that the government truly gets the latest trends in Web services, it bears a prominent beta label.) The Flash-based application allows you to select any one of ten government agencies (or an "Other" category), and get a glimpse into what they're spending on IT projects, as well as whether the projects are considered on track. So, for example, Health and Human Services is spending $2.3 billion on IT, spread over 65 major projects. Although only one of these is rated as being of significant concern when it comes to cost, 15 are apparently behind schedule.

ITS to rebuild GSA inventory system
QinetiQ subsidiary will install a system to manage the agency's buildings and other real property

ITS Corp. will install an advanced inventory system for the General Services Administration under a five-year contract that could be worth as much as $39 million.

The new system will enable GSA to streamline the management of its 354 million square feet of office buildings and other real property, ITS officials said.

The award calls for ITS, a subsidiary of QinetiQ North America, to deliver a new, custom-developed enterprise application to replace the existing inventory system at GSA’s Public Buildings Service.

The new application will be the service’s core system and the first built specifically to take advantage of the PBS eCommon Service Oriented Architecture platform developed by QinetiQ North America, the officials said.

QinetiQ North America’s Mission Solutions Group will develop the new application at its Reston, Va., facility under GSA’s Information Technology Schedule 70.

ITS is a Schedule 70 prime contractor and a prime contract holder on GSA’s Alliant governmentwide acquisition contract.

IT and business must partner more effectively
Technology leaders must find ways to cope with changing business demands, says study

Business leaders are increasingly involved with technology strategy and getting value for investments, so IT executives need to ensure plans are aligned for the success of the overall strategy, according to research.

In response to the need for more co-operation between IT and the business, many companies have set up cross-functional steering committees to make decisions on current and future technology projects, according to a report published by the Economist Intelligence Unit and sponsored by CA.

The report suggests that keeping a close eye on such projects – often related to improving customer service and loyalty – is also becoming a norm and businesses are using metrics to track initiatives and ensure they are in line with overall expectations.

Recommendations for IT leaders in supporting changing demands include finding ways for technology staff to gain business experience.

“It is not necessary to move a technology worker into a business role per se. Simpler tactics - including locating the worker in the same office as business colleagues - can accomplish the same goal,” says the report.

Keeping key IT staff is also essential in the road to recovery, says the report, so managers need to rethink long-term expertise needs and set up retention programmes.

“The greatest need is for technology workers who can take business requirements and translate them into specifications. Business requirements management is a talent that companies need to cultivate and reward,” it says.

The report also recommends looking closely at processes for assessing value of IT work to ensure the right projects get funding, as well as consolidating software and systems to eliminate needless staff effort.

“Unnecessary waste not only bloats a company’s costs but can inhibit future growth,” said Debra D’Agostino, deputy director for industry and management research in the Americas at the Economist Intelligence Unit.

Acer M5800 Desktop Debuts, but Aspire One D250 Steals the Show

Acer has added the M5800 desktop tower to its summer lineup, which has included the 2.44-pound Aspire One D250 netbook and the Aspire Timeline notebook series. All three have Intel inside.

Acer seems to have a new desktop tower on offer, the M5800 — though you’d never guess it from the Acer Web site, which is splashed with images of its Aspire One D250 netbook.

Acer intends the M5800 for consumer home use, and it features a handsome brushed-metal exterior. Inside is a 2.66GHz Intel Core 2 Quad Processor with 6MB of L2 cache and 1,333MHz FSB, or a dialed-down 2.50GHz Intel Core 2 Quad Processor with 4MB of L2 cache and 1,333MHz FSB.

Cloud security and the changing role of IT
Experts debate the steps needed to secure the cloud, and how they will lead to a change in the IT administrator's role

Two press events in London last week saw security and privacy experts discuss the implications of cloud computing, including how it may change the role of the IT department, and what needs to be done to facilitate its safe use.

There were calls at Symantec's Security of the Future event for a new international kitemark system to allow organisations to judge the security competence of a cloud provider.

John Carr, secretary of the UK Children's Charities' Coalition on Internet Safety, argued that regulatory measures alone would not effectively deal with the potential risks of allowing third-party cloud providers to handle sensitive data.

"I am convinced that no institution is capable of formulating and delivering an enforceable regulatory solution dealing with the myriad issues," he argued. "Our best hope is a standards body we have confidence in developing some sort of kitemark."

Others at the event said that a mixture of regulations and other measures would be more suitable.

Steve Purser, deputy director of the European Network and Information Security Agency, argued that, while "regulation is powerful [it is] slow moving and not alone effective".

Purser said that measures such as the sharing of good practice are equally important in the fight to help secure the cloud, and warned that security teams need to start thinking about moving from old models of centralised security towards distributed environments.

NetGear Helps SMBs with Converged Networking

NetGear is rolling out two new ProSafe Advanced Gigabit Smart Switches, the GS724TPS and GS748TPS devices, which offer Giga-bit connectivity, PoE and stacking features. Such features are key for helping SMBs migrate to converged networks. It also comes at a time when larger vendors, including Cisco and HP, are looking to make inroads into the growing SMB space.

At last, universal phone charger on its way

CNN) -- The frantic hunt for the right cell phone charger will soon be a thing of the past -- in Europe at least -- as major manufacturers on Monday agreed to introduce a universal adaptor within six months. Most cell phones currently rely on different chargers, causing mountains of waste electronic.

Most cell phones currently rely on different chargers, causing mountains of waste electronic.

Industry leaders including Apple, Motorola, Nokia, Samsung and Sony Ericsson have struck a deal with the European Union to introduce the one-size-fits-all charger by January 1, 2010, offering a solution to one of modern life's chief frustrations.

As the number of cell phones has exploded over the past few years, so have the number of chargers -- generating mountains of waste technology as users change or upgrade handsets.

Now the cell phone industry has agreed to standardize its chargers, making all handsets compatible with a micro-USB plug already standard on handsets such BlackBerrys.

Last year an estimated 1.2 billion cell phones were sold worldwide, according to University of Southern Queensland data reported by industry umbrella group GSMA (Groupe Speciale Mobile Association), generating up to 82,000 tonnes of chargers.

With concerns over the level of waste generated by redundant charges, European legislators had, prior to Monday's agreement, considered forcing manufacturers to adopt universal technology.

"I am very pleased that industry has found an agreement which will make life much simpler for consumers," Gunter Verheugen, vice-president of the EU's executive arm, the European Commission, said in a statement.

"This also means considerably less electronic waste, because people will no longer have to throw away chargers when buying new phones."

Iranian hackers attack the US

SUPPORTERS OF IRAN'S President Mahmoud Ahmadinejad, who recently was announced to have won an election before many of the votes had even been counted, have been hacking into US websites.

Hackers defaced the home page of the Oregon University System, posting a message telling President Barack Obama to mind his own business and stop talking about the disputed Iranian election.

Talking about Iranian elections in the US is apparently what is leading to riots in the streets of Iran. While Iran's young and IT literate people have mostly been supporting Mir Hossein Mousavi's so-called 'green revolution' protests against the election result, it seems that Ahmadinejad's supporters included a few hackers too.

But for some reason they thought attacking the University of Oregon would bring the US to its knees, so we don't think that the brightest hackers in Iran are on Ahmadinejad's side.

Attempts to access the university system's website were automatically redirected to another page, where readers viewed a message said to be from Iran that claimed there was no cheating in the election.

Block scripts in Firefox

The Internet is full of threats like cross-site scripting attacks and clickjacking. A lot of these attacks work by injecting scripts in web pages that you don't even know are there. You can give yourself a modicum more protection by running a Firefox plug-in called NoScript NoScript blocks all scripts from running until you authorize them. Let me show you how it works.

Analysis: Veramark's Performance Advisor for Telecom and IT Expenses

To provide the greatest value, business intelligence functionality must be pervasive in the enterprise -- spread into as many job roles and functions as possible. Implementing pre-integrated BI for metrics and analytics is superior to relying on third-party BI products to control corporate spend.

Dell Two-Socket PowerEdge Servers Meet EPA Energy Star Spec

Dell officials are announcing that two of its PowerEdge server platforms, the R610 and R710, now meet the requirements needed for the EPA’s Energy Star program for servers, which was instituted in May. The Energy Star label means the systems are energy efficient and environmentally friendly. The federal specification comes at a time when businesses and the federal government are pushing vendors for more efficient data center products.

Microsoft rebuffs Twitter protest over Outlook's rendering of HTML e-mails

Showing again the power of Twitter for quick social organizing, Microsoft Corp. on Wednesday was forced to defend itself against complaints that its market-leading Outlook e-mail program wreaks havoc on rich-HTML e-mails.

Outlook 2007 and the upcoming Outlook 2010's use of Microsoft Word to display rich HTML content is to blame, according to blog posts by Dave Greiner, the Sydney, Australia-based organizer of the protest.

Greiner, whose firm sells e-mail marketing software called Campaign Monitor, argues that Word's poor display of HTML code results in garbled layouts.

Security can drive business, Microsoft survey finds

Though information technology professionals often say security is the toughest part of their job, many view it as an enabler of business, according to a new survey released by Microsoft.

In a survey of 1,200 IT decision makers at enterprise and small-to-medium-size businesses in the United States, U.K., Germany and Japan, 60 percent of respondents said that security was a "big" or "the biggest" challenge in managing their company's infrastructure. In addition, survey respondents said that protecting customer and company data is their No. 1 security priority.

Preventing data loss - what's needed - The search for standards

The UK's MPs may rue the day a disk listing details of their expenses was leaked to the Daily Telegraph from the House of Commons Fees Office earlier this year, but they were going to be made public at some point anyway, courtesy of the UK's Freedom of Information Act which the MPs themselves passed into law in 2000.

The leak has not just exposed the actual expenses claims but the ill-defined and opaque policies that underlie them—herein may lie the bigger lesson for others.

There are plenty of examples of data that has reached the public domain that should never have done so, not least from other parts of the UK government.

This has led to a burgeoning demand for methods to control the use and dissemination of data electronically—so called data loss prevention (DLP) technology. Effective DLP requires that three things are understood and controlled: people, data and policy.

Cisco IronPort and RSA Team Up on DLP
The partnership is designed to make technology that has been difficult to implement easy to use.

As the security market grows, vendors are on the lookout for competitive advantages. One potential path to greater profit is through partnerships.

One example is Cisco IronPort and RSA, the security division of EMC (NYSE:EMC). The two have combined IronPort's e-mail security appliances with RSA's Data Loss Prevention (DLP) technology to deliver new capabilities to Cisco customers.

Cisco (NASDAQ:CSCO) IronPort's C-Series e-mail security appliances incorporate RSA DLP technology today and its S-Series Web security appliances will incorporate RSA DLP technology in the future. In addition, Cisco has announced a DLP Risk Assessment consulting service.

New technology brings new features and capabilities, but also security challenges, the two companies said.

"Like never before, mobile devices and collaborative applications are allowing enterprise users to access and share information with ease, making it increasingly difficult for IT organizations to keep sensitive data protected," said Tom Corn, RSA vice president of marketing, in a statement.

Why You Need a Network Analyzer
You wouldn't want your doctor to strap you to a gurney and hook you up to all kinds of medical equipment to monitor your health day in and day out, but there's no reason not to subject your network to constant analysis. Just imagine addressing every little symptom before it can develop into a medical crisis. A network analyzer may not literally save lives, but it can save time, money -- and perhaps your job.

In today's world, it seems that more of the people I run across do not feel they need -- or, more accurately, don't understand why they need -- a protocol analyzer for their network.

In the old days (yes, just a few years back) it seemed that more people understood just how important the analyzer was. For some reason, as networks have become smarter and much more complex, this understanding seems to have dissipated. I am not sure whether it is due to the proliferation of network tools or the belief that a network can "heal" itself (trust me, it can't). Either way, this is a trend that is frightening.

Let me compare a doctor to a network engineer or administrator to make my point. Doctors are very smart individuals, as are network engineers. Doctors have had many years of education to be able to deal with the varieties of situations they might encounter, as have network engineers. They both, in a sense, save lives. Granted, the comparison gets a little skewed here, but the fact is that lives may truly be at stake without networks running properly and efficiently.

Pentagon approves creation of cyber command

WASHINGTON (Reuters) - The Pentagon will create a Cyber Command to oversee the U.S. military's efforts to protect its computer networks and operate in cyberspace, under an order signed by Defense Secretary Robert Gates on Tuesday.

The new headquarters, likely to be based at Fort Meade, Maryland, outside Washington, D.C., will be responsible for defending U.S. military systems but not other U.S. government or private networks, Pentagon spokesman Bryan Whitman said.

Asked if the command would be capable of offensive operations as well as protecting the Department of Defense, Whitman declined to answer directly.

"This command is going to focus on the protection and operation of DoD's networks," he said. "This command is going to do what is necessary to be able to do that."

U.S. officials have voiced growing concern in recent years about being vulnerable to attacks on the country's civilian or military networks as technology takes on an ever-increasing role, including in military operations.

Microsoft debuts power conservation website

NEW YORK (Reuters) - Microsoft Corp on Wednesday unveiled its Hohm website designed to help residential power consumers save money and reduce their environmental impact by conserving energy.

Microsoft has been selling technology to the energy industry for years and is now targeting the home power market as the weak economy forces consumers to find ways to save money and the government prepares to mandate the use of renewables and energy efficiency to curb carbon emissions.

"Conservation is the cheapest source of energy," Troy Batterberry, product manager for Hohm, told Reuters. If consumers use less power, he said, utilities will not need to build as many new polluting power plants. Everyone saves money.

Hohm uses complicated algorithms to analyze information provided by consumers and participating utilities to help them better understand their power usage, get recommendations and save money.

Those recommendations can include replacement of a thermostat, purchase of a new refrigerator and, maybe in the future, the installation of solar panels on the roof.

Batterberry estimated consumers could save about 5 percent to 10 percent on their energy bills, depending on how many recommendations they follow.

Microsoft Hohm is available for free to all 120 million households in the United States, whether their utility is a partner or not. Microsoft is partnering with utilities and meter vendors to capture information about consumer power use.

Google Inc this year rolled out a similar program called PowerMeter, which is available to a limited group of customers served by partner utilities. Google plans to expand PowerMeter this year.

IBM ties social networking into cloud platform

IBM has unveiled a new service for its LotusLive online service platform designed to match the company's current online communications services with new social networking components.

LotusLive Connections will help enterprises to interact internally and externally to better collaborate with individuals and companies on projects.

Users can access the service to collaborate on projects and share information on upcoming activities. The service will also offer instant messaging and file sharing capabilities.

Biamp's website to connect a-v and IT worlds

AVConnect.org is an online platform aimed to expedite the convergence of the two fields by enabling a-v and IT professionals to connect, increase their understanding about the other discipline and, ultimately, partner together tp grow the entire industry by sharing information.

The site features news articles that span both industries, identifies upcoming educational and networking events, shares tips for a-v and IT specialists and highlights cases studies from around the world. Additionally, the site features a locator tool, enabling industry-professionals to find qualified integrators in their area.

'My biggest hope for AVConnect.org is that it might bring together a-v and IT professionals to work on appropriate standards for a-v technology on networks,' said Tom Stimson, CTS, president, The Stimson Group, and creator of the AV Matters blog. 'AV folks might come to better understand the demands of the unified communication networks being implemented in the IT world. And IT folks can better understand how AV can present the "face" of communications in a more user-friendly form factor than a PC.'

Survey: CISOs worried about insiders, data breaches

Eighty percent of CISOs believe their company's own employees and contractors are the greatest threat to company data, according to a new study conducted by security vendor NetWitness and audit-and-information-security training company MIS Training Institute.

Conducted from June 10 to 12 at the sixth annual CISO Summit in Lisbon, Portugal, the survey of more than 60 information security professionals from across the world also found that just 18 percent viewed external sources as the biggest threat to company data.

When asked how concerned about data breaches they were, 97 percent of respondents said they were either “very concerned” or “concerned,” while just three percent said they don't worry about their network "because it's secure," the survey found.

Meanwhile, based on respondents' answers, the survey showed that 59 percent of sensitive data resides on Windows or Unix-based servers, 23 percent on mainframes, eight percent on end-user computers and another eight percent with third parties. Eddie Schwartz, CSO of NetWitness, told SCMagazineUS.com on Monday that he thinks those stats are concerning because they illustrate that many companies store their most sensitive data in places not necessarily in direct control of data center.

IBM supercomputer reuses heat to warm buildings

IBM’s latest green venture is a highly efficient supercomputer that uses water to siphon off waste heat, and then uses the excess energy to warm up a building.

High-tech giants from Microsoft to Google are eager to cut the huge amounts of power used to run their data centers, particularly now that the recession has companies leaving no stone unturned to slash costs and global warming is driving them to think green.

Developed by IBM jointly with the Swiss Federal Institute of Technology (ETH) — a sort of Swiss version of the Massachusetts Institute of Technology — the new supercomputer’s microchips avoid cooling with energy-sucking air conditioning.

Thanks to a network of water-carrying “micro-capillaries” that take water very close to the microchips, the system is cooled at a temperature of 60 degrees Celsius, rather than a “normal coolant” that requires a temperature of about 20 degrees Celsius, or air at around 6 to 12 degrees Celsius, according to IBM researcher Dr. Thomas Brunschwiler.

videoCloud launches Managed Telepresence -
HD Video Conferencing services requiring zero
upfront capital investment at rates affordable for businesses of all sizes

TORONTO, June 23 /CNW/ - videoCloud enables companies of all sizes looking for ways to reduce travel expenses, increase productivity and collaboration with employees, customers and partners, and enable services, training and other capabilities that in the past required significant technology investment and resources to manage.

With no upfront acquisition cost and a fixed monthly fee that includes
both equipment and managed services, a state-of-the-art system can be deducted
as an operating expense. videoCloud services are significantly lower than the
prices of competing telepresence systems. Clients can save additional expenses
by eliminating the need for IT support and facility build-outs.

videoCloud's managed telepresence - HD video communications services are
available in 12, 24, and 36 month service terms and for shorter term projects
from 1 to 12 months.

videoCloud services let customers enjoy the telepresence experience and
focus on their work while we make the technology seamless and virtually
invisible.

The benefits of videoCloud are virtually unlimited, however, most users
report immediate returns in the following areas:

- Travel cost reduction: An average two day trip between two North
American cities, fully burdened with air fare, hotel, car rental,
meals and entertainment averages $1700.00. That is over $20,000.00
per year if travel occurs monthly.

- Increased productivity: See more people more often at a lower cost.
Monthly trips can be replaced by weekly "face to face" meetings.

- Flexible & Convenient: videoCloud scales from a large boardroom
setting to the private office or cubicle. videoCloud leverages state
of the art furniture configurations creating easy movement of units
within an office environment.

- Green & Global: Video conferencing while saving money on travel also
inherently reduces your carbon footprint. With broadband you can meet
with anyone, anywhere at any mutually convenient time.

videoCloud services are sold through a network of highly skilled
Value-Added Resellers (VAR's), System Integrators, Independent IT Consultants
and Service Providers. If you are interested in becoming a Partner, please
email us at partners@video-cloud.com

Who Moved My Virtual Firewall?

Businesses want to virtualize everything in the data center, but is it a good idea to virtualize security appliances and applications? Virtualization lacks some key management capabilities critical to security, and taking down one virtual machine could leave an entire network exposed to threats.

Coming Soon: Adobe Flash on Android, WinMo and WebOS

Adobe is set to introduce Flash Player 10 for most mobile operating systems later this year, including Google Android, Microsoft Windows Mobile, Nokia Symbian and Palm WebOS.

Adobe's CEO Shantanu Narayen said during a recent earnings call that multiple partners of the company have already received an early version of Flash Player 10. Developers will be able to get their hands on a beta version of Flash Player 10 mobile later this year, at Adobe's Max conference in October.

Flash Player 10 will enable smartphones running on the above-mentioned operating systems to benefit from a richer Internet browsing experience, including watching videos embedded on some websites. Web-based applications can also be built on this platform, theoretically freeing developers from any applications stores.

By now, some mobile platforms, including Nokia's Symbian, have been enjoying a simplified version of Flash 8, which users know better as Flash Lite. The new Flash Player 10 is set to bring an improved graphical and audio performance, across more mobile OSs.

Managing the Sprawl of Cloud Computing

Solution providers are getting nervous about their future in a world dominated by cloud computing services that, in many cases, won’t need a middleman. Perhaps the opportunity for solution providers isn’t in selling the cloud, but rather managing the mass of clouds on clients’ behalf.

HP Debuts "World's First" Web-Connected Home Printer

HP announced Tuesday what they are calling the world’s first Web-connected home printer: The HP Photosmart Premium with TouchSmart Web. The new Web-enabled printing platform is expected to be available this fall.

The HP Photosmart Premium with TouchSmart Web distinguishes itself not only in its ability to connect to the Web, but also in its HP applications (apps) feature, similar to that of other Internet-connected devices. The feature includes preloaded apps on the printer and also allows users to download new apps via the HP Apps Studio.

In late 2009, users will be allowed to take the feature a step further, by creating and sharing their own personalized apps. HP’s first app partners include: USA TODAY, Google, Fandango, Coupons.com, DreamWorks Animation, Nickelodeon, Web Sudoku and Weathernews Inc. Among other things, these partnerships will allow users to view/print news stories, maps, weekly schedules, coupons, recipes, movie tickets, coloring pages, word finds and more.

The printing platform will also let users connect directly to their Snapfish accounts and will make additional projects available through the HP Creative Studio.

Apps, photos and additional projects will be viewed on a 4.33-inch touchscreen, which, according to HP, stands as the largest LCD touchscreen of any all-in-one inkjet printer on the market.

Intel finally gets Atom into mobile phones

After years of trying, Intel is believed to be on the verge of announcing that it's now a player in the mobile phone market.

Notorious Spammer Faces Federal Prison

A Michigan man called "the world's most notorious illegal spammer" by a federal prosecutor has pleaded guilty to fraud and money laundering charges.

As part of his plea, Alan M. Ralsky, 64, of West Bloomfield, Mich., admitted to overseeing a spam operation that sought to manipulate stock prices for profit. Ralsky was one of five defendants in the case to plead guilty June 22 for their roles in the scheme, which used spam to lure people into trading weak stocks. Once the recipients traded in the stocks and their price shares increased, the ring would trade in the stocks and pocket the profits.

The other defendants to plead guilty in the case June 22 include: Scott K. Bradley, 38, of West Bloomfield, Mich.; John S. Bown, 45, of Fresno, Calif.; William C. Neil, 46, of Fresno and James E. Fite, 36, of Culver City, Calif. Three other defendants pleaded
guilty previously.

Twitter message could be cyber criminal at work

Cyber criminals are setting snares that move at the speed of news. Savvy cyber criminals are taking advantage of our increasing reliance on computers and the Internet.

Savvy cyber criminals are taking advantage of our increasing reliance on computers and the Internet.

Panda Security, a Spain-based antivirus maker, has been monitoring an onslaught of links with malicious software, or "malware," on Twitter that tag hot topics such as the Air France crash, the NBA finals, "American Idol" runner-up Adam Lambert and the new iPhone.

"Cyber criminals have been targeting Twitter users by creating thousands of messages (tweets) embedded with words involving trending topics and malicious URLs," Sean-Paul Correll, a threat researcher for Panda Labs, wrote recently on a blog for the company.

The growing sophistication of malware attacks mirrors the growing threat -- and cash -- generated by online crime. Already, cyber crime is estimated to cost companies and consumers more than $100 billion worldwide. Some officials claim it has now eclipsed illegal drugs as a criminal moneymaker.

"It's very seldom reported ... if discovered by companies, they generally don't want the public to know they've been had," said Eugene Spafford, a computer security specialist at Purdue University who has advised two U.S. presidents and numerous companies and government agencies.

Cyber crime is one of the few industries benefiting from the financial crisis. Last year, antivirus maker McAfee saw a 500 percent increase in malware types -- more than the company had seen in the previous five years combined. In the United States, the FBI reported a 33 percent increase in Internet crime last year.

Companies lost an average of $4.6 million in intellectual property last year, according to a survey of 1000 firms worldwide by Purdue University and McAfee.

"As the economy has declined, we've seen the threat landscape increase," David DeWalt, president and CEO of McAfee, recently told Richard Quest for CNN International's "Quest Means Business."

That increase has helped antivirus makers such as McAfee snare record returns -- the company's first quarter profits were 21 percent higher than same period last year.

But companies and governments find themselves in a losing war with Web-savvy criminals, experts say.

"The fundamental fact is cyber criminals are highly organized with sophisticated corporate structures and business chains," said Michael Fraser, director of the Communications Law Centre at the University of Technology Sydney in Australia.

"They have R&D departments, strong distribution networks and Web sites for the discerning cyber criminal," Fraser said.

On these Web sites, would-be criminals can purchase toolkits to learn how to side step security measures or create their own "botnet" -- referring to software that can, unbeknownst to victims, turn their computers into spamming foot-soldiers for criminal networks. One Web site advertises software that can capture information for a popular Internet secured-payment provider for $500 -- discounted to $400 for the first 100 buyers.

Skimmed credit card numbers and other personal-identity information stolen from computers also can be found for sale on Web sites, Fraser said. "When police shut these Web sites down, they just mushroom up some other place," he said.

Newly Announced - ITC Information Technology Summit - March 30th, 2010

Previous Conferences

Newsfeed Sponsors:

These RSS Newsfeeds reflect the newest and most current information related to the many facets of intergovermental technology. Content will be added to and updated daily.

Microsoft confirms the existence of a bug in Windows Server 2008, Windows Vista and release candidates of Windows 7 that could be used to hijack PCs. While users await a patch, there are a few steps they can take to protect themselves.

Cisco Patches Critical TCP Vulnerability From the blogs: Networking giant patches critical flaw that could trigger massive DoS condition.

Cell Radiation: Where's Your Phone on the List? WXYZ) - A new study by the Environmental Working Group has found that some cell phones emit more radiation than others.

Microsoft to Show Off Silverlight 4 Microsoft's HD-quality video streaming technology is also on tap for an international broadcasters convention.

Gartner predicts new digital divide High-speed broadband to create communities of haves and have nots

Microsoft could hand patents to Linux firms Company said to be close to deal with open-source group

The organizations said:

Focusing on the Customer Experience

Developing Rapport

Monitoring Quality

Amazon Looks to Take Cloud 'Virtually' Private The champion of the public cloud aims to deliver the benefits of private clouds with a new offering.

Titans fight cloud wars

Virtually private

Researchers crack WPA encryption in 60 seconds Attack method could let hackers read encrypted traffic

Data governance and risk By: Philip Howard, Research Director - Data Management, Bloor Research

Two Different Things

Never Designed as Panaceas

Risk Management

Swapping Web Sites Turn Trash Into Treasure Web Sites Cater to Green Thumbs, Gadgeteers and More

GardenWeb If you have a green thumb, a garden and a low-end budget, the GardenWeb plant exchange is a great place to spend a rainy afternoon.

Freecycle Forget about bulk trash day, someone on Freecycle will want what you're getting rid of.

MessageLabs spots resilient new breed of botnets Latest examples can recover from shut down in just 48 hours

Budget woes could hurt flu response Md. looks for federal funding to help with prevention effort

Next-Gen Server Chips Emphasize Scalability The first generation of multi-core processors just stuck cores on a die. Now Intel and AMD are working to improve scalability within the chip.

Voice Search Faces Hurdles in Mobile There's huge potential, but experts say there are still plenty of obstacles to making mobile voice search effective.

Faster Printable Circuits A new polymer simplifies organic circuits.

IT Managers Weigh Virtualization Hurdles Some say public cloud providers need to do a better job of providing access control, management and compliance features.

Successfully Navigating Cross-Border E-Discovery Disputes TECHNOLOGY LAW CORNER