Federal Web site exposes private U.S. citizen data Major federal website problem discovered by a farmer in Illinois who Googled herself. DailyTech]
Salesforce.com offers CRM-free product With its Platform Edition, users can deploy on-demand applications from the company’s AppExchange without buying and underlying CRM license. [SearchCRM.com]
Disgruntled techie attempts Californian power blackout Counter-terror feds swoop after data centre sabotage. [TheReg]
A SearchITChannel.com article penned by Nicole Lewis, Email archiving drives storage sales in channel, reported recently that email archiving is the “fastest growing market for resellers and possibly the most troublesome, because of the role email plays as evidence in lawsuits and financial investigations.”
As Attorney General Alberto Gonzales is now finding that out, the legal implications of email archiving are extensive. A recent Boston Globe article reported that last year Gonzales’s former chief of staff, Kyle Sampson, sent former White House counsel, Harriet Miers, a list of possible replacements for the White House prosecutors who were dismissed. This message contradicts Sampson’s testimony to the Senate Judiciary Committee last month, in which he said they had no replacements in mind. White House officials also announced an investigation into 5 million emails sent by President Bush’s top aides, which were allegedly lost when the administration switched computer systems.Congressional Democrats want to know whether the emails were deleted to cover up information.
Our IT glossary, whatis.com, defines email archiving “as a systematic approach to saving and protecting data contained in email messages to it can be accessed quickly at a later date.” It also says that “today’s compliance legislation and legal discovery rules make it necessary for IT departments to manage a company’s email in bulk, so messages can be located in minutes.”
It is probably worth considering what the legal implications are for the channel, and what policies a reseller should implement to protect him/herself? According to the aforementioned article regulations and policies implemented depend on the customer and the industry. What do you think?
“Insufficiently tested software” caused BlackBerry failure The installation of an insufficiently tested piece of software set off a chain reaction that eventually cut off BlackBerry service. [NYT]
Bulletin: Internet is risky: Staff use of Web 2.0 is unseen threat, survey says Companies underestimating leak risk. [TheReg]
March of progress? Dell is bringing XP back Amid significant customer demand, the computer maker said on Thursday that it has returned to offering the older Windows version as an option on some of its consumer PCs. [CNET]
Art of the deal: U.S. Joins kickback case against HP, Sun The government has joined in a whistle-blower case filed against Hewlett-Packard, Sun Microsystems and Accenture over improper payments connected to government contracts. [NYT] Continued »
Two announcements coming out of the Storage Networking World (SNW) conference in
San Diego this week once again remind the industry that the small to medium size (SMB) business segment is an important battleground that every vendor wants to play in, and every vendor admits that the vehicle to getting additional SMB customers is through value added resellers (VARs).
It’s not surprising that when Hewlett Packard Corporation (HP) unveiled at SNW its StorageEssentials Standard Edition, a storage resource management (SRM) tool that’s tailor made for the SMBs and priced at $37,000, it stressed that by bundling basic modules to the software rather than adding them separately, the company is making it easier for VARs to offer the product to SMB customers.
Another SMB play came from IBM who announced that its DS3200 and DS3400 products will now come with controllers, host bus adapters (HBAs) and cables. IBM estimates that the new packages are up to 20% cheaper than purchasing the parts separately.
A separate announcement is that IBM Global Technology Services will offer a set of new services to help customers with the design of their storage environment, the transfer of data to IBM technology and the management of data across vendor platforms as well as assistance with records and e-mail management. I’m sure VARs will be saddled with assisting customers to implement the bundled systems and services that vendors continue to offer.
Where are the VAR voices at SNW? A quick scan of the agenda will lead you to believe that VARs are not a critical part of the storage landscape. Could this be true? The biggest storage conference on earth and you can’t find a handful of VARs on the agenda. Does the storage industry take VARs seriously? Have a look at the SNW agenda and tell me what you think.
For our British readers, the UKPRwire is reporting that AppGate recently signed on a trio of new VARs to help it resell its network access control and mobile access products. No need for jealousy, however, as the network security vendor is looking to take on more. All in all, AppGate is hoping to double its reseller network in 2007.
According to the release, AppGate’s renewed interest in its partner initiatives is a response to increased demand and anticipated growth. Jamie Bodley-Scott, AppGate’s UK and Ireland operations manager said, “[Partners] are key in helping us to increase awareness and highlight how a new approach to working practices requires a new approach to network design.”
Unfortunately, while this news may be exciting for our audience in Great Britain, our other readers are left cooling their heels, at least until AppGate gets itchy to expand outside of Britannia. While they wait, however, they might be well-served to check out our networking vendor topic center to learn more about other vendors’ partner program offerings.
U.S. state dept. gets pwned A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government’s network. [AP]
Not-so-compliant: CVS leaves credit-card, SSN and prescription info to dumpster divers
The same Texas Attorney General that is suing Radio Shack for dumping into the trash all sorts of customer info, is now also ready to sue pharmacy chain CVS for similar moves. CVS employees were apparently dumping customer records where any dumpster diver can get them, including all the expected info: name, address, phone number, social security number, credit cards and prescription data
Extending the outrage: Malware authors exploit Virginia Tech tragedy Camera phone footage ruse leads to Trojan depository. [TheReg]
Oracle patches 36 holes Oracle Corp. on Tuesday issued patches for 36 holes in the database management system, application server, E-Business Suite and JD Edwards and PeopleSoft software.
[SearchSecurity.com] Continued »
The IT industry’s trend towards consolidation continued yesterday as USinternetworking Inc. (USi) announced that it has acquired Daniel IT Services Inc., a Madison, Ala.-based consulting firm focusing on WebSphere Commerce suite implementation.
USi, an application service provider which was itself bought by AT&T last year, says the acquisition will allow it to complement its hosting with front-end consulting.
“Our service model has always been to create an outstanding managed service capability, and really through that capability and provide clients the ability to maximize their purchase of that application,” said Curtis Hampshire, USi’s general manager of eBusiness. “In terms of WebSphere [Commerce] knowledge, our clients have wanted us to have deeper knowledge with the application.”
Daniel IT will help complement USi’s services, the interesting point may be that the move is further evidence that the IT industry is consolidating, said Gartner vice president of research Michele Cantara.
“It certainly gives them a lot of feet on the street — or more feet on the street — when there’s really a talent shortage” in the industry, she said.
Wireless security puts IRS data at risk Internal Revenue Service offices across the nation that use wireless technology are still vulnerable to hackers, according to the latest assessment of the agency’s security policies released Tuesday. [AP]
Intel Announces Ultra Mobile PC 2007 Platform Intel Ultra Mobile PC 2007 platform to encompass both MIDs and UMPCs. [Dailytech.com]
I read in Ryan Naraine’s Zero Day blog that hackers are using Microsoft Security Response Center pre-patch advisories to create exploits prior to the patch release.
Microsoft claims that keeping users informed (and yet not disclosing too much information) is a balancing act, and it’s obvious that they don’t always get it right.
As a VAR or consultant, you can help your customers prepare for patches with our Patch Management Project Guide, but how can you really protect them from pre-patch exploits?
The answer might be host-based intrusion prevention systems (HIPS) and network access control (NAC). See Kevin Fogarty’s Channel Marker blog post for one vendor’s take.
If the hackers have Microsoft’s number, you can make sure that’s all they have. We’ve got your circus high wire balancing pole on SearchSecurityChannel.com, so keep checking our network access control and network intrusion management topic centers for the latest news and advice for resellers.
On April 29 the company plans to announce a Host-Based Intrusion Prevention System (HIPS) that will plug into the administration console and function as a part of its overall Security Suite.
The system relies on fairly heavy duty software that sits on each client machine, tracking the activity and requests of each piece of software on it.
The client software (which LANDesk refers to as the host) stores in a local database comprehensive data about the activity of the software on the machine – when it asked for Internet access and whether it had permission; what new applications showed up and what they did; what activities forbidden by security policy the software attempted.
IT administrators create the policies from a central console, assigning individual end users to either profile that defines the applications they can run and what those applications can do, or create a custom set of permissions for one or more users.
The client software itself identifies “normal” activity for each application by sitting on the machine for enough time (LANDesk recommends two weeks) to establish normal activity for each application.
LANDesk execs, who emphasize that the company sells 100% of its products through the channel, said behavior-based analysis is a more reliable way to identify malicious code than by virus signatures that have to be updated frequently; they also said that storing the security profiles and analysis engine on laptops and PCs protects the machines even when they’re disconnected from the network, and doesn’t require a period of quarantine when they reconnect.
“Host-based protection is the last line of defense for the enterprise,” according to an estimation Dan Blum, a security analyst at The Burton Group, based in Midvale,
Utah provided to IT administrator site SearchWinIT.com.
LANDesk’s product will be released May 9; pricing was unavailable.