Spam poses as Internet Explorer 7 download Beware of emails from “email@example.com.” It may look like an invitation to download Internet Explorer 7, but it’s really a trick to infect machines with malware. [SearchSecurity.com]
California’s $1.4bn IT boondoggle More dollars than sense. [TheReg]
Symantec Backup Exec gets Vista-tized Fresh release Exchanged and x64ed too. [TheReg]
Cisco develops smart network bot Network connection drops and these little guys pick it right back up again. [DailyTech]
In a recent interview about Business Process Management Solution (BPMS) channel opportunities, industry expert AndreTruong said that BPMS hasn’t hit the mainstream yet but presents fruitful future possibilities.
According to the report, Forrester defines digital business architecture: as “an IT architecture centered on business metadata on which IT solutions act in a unified and consistent way to deliver rapid business change.” The report then lays out two core requirements for the technology supporting digital business architecture:
- Business policies must be constructed in such a metadata friendly way, which will make it easy for it to be electronically stored, accessed and manipulated.
- The metadata must work consistently across heterogeneous environments.
The report touts BPMS solutions as creating a “major paradigm shift” by capturing business models “…inside the BPMS solution in an executable format, providing direct alignment between business design, technology implementation and business measurements.” Furthermore, BPMS’s graphical process model makes it easy to change processes.
The following bullet points are a boiled down version of Forrester’s findings:
BPMS allows standards-based, model-driven, design, development and execution:
- Captures business process flows
- Supports model-driven development
- Enables process orchestration
- Stores service definition
- Provides SOA infrastructure
BPMS features add value:
- Captures business metadata beyond process models
- Stores business metadata
- Provides real-time user visibility into business process
BPMS features support digital business architecture including:
- Integrated analytics and inside business intelligence
- Complex event processing (CEP)
BPMS puts the business in digital business architecture:
- Increased business collaboration in process modeling
- Enhanced communication between business units and BTs.
- Alignment of business process role-models
- Allows flexible adjustment of business rules
- Improved focus on business process ownership
Are you a BPMS consultant, or are you interested in becoming one? Are you a business-owner with BPMS experiences? If so, we would love to hear from you.
Dell reports it has found financial‘misconduct’ Dell said “evidence of misconduct” had been uncovered in an internal investigation of its financial practices over several years. [NYT]
What happened in TJX security failings? If company execs need a lesson on what not to do before and after a data breach, experts say there’s plenty to learn from a regulatory document TJX filed with the SEC Wednesday.
Will data breach be the end of TJX? This week in Security Blog Log: Industry experts say companies can learn from a data breach and even prosper from it. But is TJX following the right example?[SearchSecurity.com]
PC Makers: Vista brings little joy so far After all the hype surrounding its January launch, Microsoft’s new
Vista operating system has yet to brighten the outlook for PC makers and could even lead to oversupplies for those who had built up inventory. [ChannelWeb]
It may not matter, if the apples are going out of season. Phone numbers’ days may be limited with the growing popularity of VoIP. Contrary to the traditional practice of telecommunications companies charging users a fee for their phone number, session initiation protocol (SIP), which handles most online calls, doesn’t need the traditional ten digit number (or even the 1, if dialing out of area) to know who you want to talk to.
It’s kind of a “duh” concept, but only recently has someone put a plan in motion to bypass this “ancient” tradition in telecom. John Todd, of TalkPlus, helped create Freenum, an organization partnered with over 200 universities looking to adopt this idea into their own communications systems. The implications for further savings that this sort of “numberless” system might offer businesses are clear. However, it will be up to SIs and VARs to look at what Freenum is doing and adopt it to the channel.
According to a report in the Boston Globe, Vonage is the “worst-performing US initial public offering in the past year” and may be facing bankruptcy in the next few years.
Wall Street analysts have given the company low marks after a Virginia court ordered Vonage to pay Verizon $58 million for patent infringement; saying that the result could threaten the embattled company’s profitability.
Without any more fanfare than is given to any standard press release, Oracle reported yesterday on some of its users’ experience with Unbreakable Linux. Given that Oracle sued SAP for “corporate theft on a grand scale” last week, it’s interesting to note some similarities — and some differences.
|Oracle – SAP||Red Hat – Oracle|
|Who took from whom?||SAP’s subsidiary TomorrowNow took from Oracle, according to the suit||Oracle took from Red Hat, according to Oracle|
|What’d they take?||Support materials||An OS and publicly available support materials|
|Was it allowed?||No, says Oracle. Maybe, says an analyst.||Yes — open source|
|End result?||Support for Oracle at half the cost||Support for Red Hat at half the cost|
|Why’d they do it?||To undercut a competitor||To undercut a competitor|
|Reaction?||A lawsuit||No lawsuit|
Of course, open source is open source, and proprietary information is proprietary. And Oracle may get a court to agree that when TomorrowNow allegedly downloaded support information for one client and used the same information to support others it was “stealing software products and other confidential materials that Oracle developed to service its own support customers.” Or the court could decide that proprietary information — once legitimately paid for by a customer and used by a VAR to support that customer — can be used for other purposes with no further obligation to the original owner. And that’s assuming the case even makes it to court — Oracle and SAP could settle, instead.
IP arguments are complicated, and VARs involved in this kind of support could be culpable to the vendor who supplied the software and the documentation. So the difference between open and closed is no joke.
But it’s interesting to note the parallels, nevertheless.
If you haven’t been paying attention to Oracle’s lawsuit against SAP subsidiary TomorrowNow, then you may want to start. If you’re in the business of providing after-market support for packaged applications, or migrating customers from one package to another, then how this suit plays out may have a direct effect on you.
Oracle is suing over alleged misuse of customers’ support licenses for PeopleSoft applications. TomorrowNow, a company started by ex-PeopleSoft execs, is in the business of getting clients off PeopleSoft and onto SAP’s applications; allegedly, TomorrowNow employees accessed support data from Oracle improperly to provide support for Oracle applications—and passing technical data along to other partners.
If Oracle is successful in this legal gambit, it could make life interesting for SIs and VARs who provide their own, discounted training and support to clients for packaged applications like Oracle’s, or other technology. If you provide technical assistance to a customer as part of a migration or upgrade, or offer alternatives to the support and training provided by suppliers, are you opening yourself up to the kinds of claims Oracle is making?
FBI wireless network at risk A report into the US Department of Justice’s wireless network project says that after six years and $195 million it is falling to bits. [Inquirer]
Survey: CIOs like their jobs, not their outsourcers With their salaries and budgets on the rise, a majority of CIOs speak highly of their jobs in a new survey. Yet they have mostly harsh words for their outsourcing relationships. [eWEEK]
Multiple Cisco Unified CallManager and Presence Server denial of service vulnerabilities Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Service (DoS) condition. There are no workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers. [Cisco]
Webroot study finds 43% of firms hit with malware The security vendor’s State of
Internet Security report surveys 600 companies on their experiences with malware threats. [eWEEK]
“Full exploit code” has been published that would let attackers cut-and-paste their way to an effective assault on Internet Explorer installs, according to a report Monday from Websense Security Labs.
Microsoft reported Feb. 13 that the flaw – known since February to affect the ADODB.Connection ActiveX control in the Microsoft Data Access Components – would allow attackers to hijack targeted machines.
Security services providers and IT administrators who have not yet updated their IE installations can download the patch from Microsoft.
The flaw was discovered last July by Metasploit Framework creator H.D. Moore. Separatelym Moore announced Tuesday that version 3.0 of his popular penetration testing tool is now available.
The original version of this story appeared on TechTarget sister site SearchSecurity.com.
Protecting customers from malware can be like juggling grenades — hectic enough while things are going well, but positively frantic (for a little while) when they’re not. Whatever their positive characteristics, customers tend to get angry at VARs who did (or didn’t do) something that lets a worm, virus or Trojan into their system.
On the theory that a little help is welcome and a lot doesn’t hurt, either , check out SearchSecurityChannel.com‘s new AV resources, including the Antivirus Project Guide, then stay up-to-date on antivirus news, strategies and tips aimed at the channel on SearchSecurityChannel.com‘s Viruses, Worms, and other Malware topic center.
For the next level of support, try antivirus software vendors and information sites that offer instructor-led and online courses and training to give you and your support engineers some of the AV skills they need, not to mention help explaining to customers what the threats are and what you can do to protect them :
- Panda Software Companies’ Basic Virus Course (online, free with registration)
- Symantec Antivirus Corporate Edition Training (onsite, in metro areas, online, cost varies)
- Introduction to Computer Viruses on About.com (online tutorial, free)
- CA’s eTrust Antivirus SPT Training Course (8 hours, load on computer, $800)
- Network Associates Antivirus Software Solutions by CBT Direct (online, price available upon request)
Napoleon Bonaparte — who knew something about how to overcome a persistent threat — said “victory belongs to the most persevering.” The perseverance is up to you, but we can help with the information on tools and techniques you can use to keep up. Let us know how it’s going, and what kind of information you need — from vendors, customers or each other — and we’ll enlist all three in the initiative. Until then, keep juggling.
Blog: Exploit code is out for a critical Internet Explorer vulnerability that Microsoft reported in its MS07-009 bulletin. [eWEEK]
A new tool called Jikto can turn any PC or device with a browser into a site attacker. [eWEEK]
IT pros eye Windows Server 2003 SP2 with caution Despite its security and stability enhancements, IT pros say they are in no rush to deploy Windows Server 2003 SP2, which arrived with little warning two weeks ago. [SearchSecurity.com]