Our sister site SearchSecurity.com perused the blogosphere to see what people are talking about on the wire. Today’s word is that Microsoft’s pride and joy, Vista, is getting a beating over security issues.
I decided to see how people felt about Vista in general. On Microsoft’s blog newschannel, I discovered Vista’s “Wow” ad, which compares encountering Vista with seeing Apollo 11 launch, a suburban jogger encountering elk on his manicured lawn, and a panoramic view of mountainous terrain; in each scenario someone says, “Wow!” (sometimes repeatedly). Does Vista make you say, “Wow!”
Jethro Carr a systems engineer employed by Prophecy Networks is not saying “Wow!” He calls Vista a “Faustian bargain.” He airs a number of criticisms including that Vista doesn’t support HDCP — so those who want high resolution screens will have to wait for the Vista compatible hardware to come out. He also said Vista hardware requires a unique fingerprint, which will make getting specs for open-source drivers challenging. He claims that the SMB owners he’s spoken to will avoid Vista as long as possible because of the expense of upgrading all their computers.
But — despite the criticism — according to The NPD Group’s vice president of industry analysis, Stephen Baker, PC retail sales have increased significantly since Vista’s release. In a podcast interview with eWEEK’s Microsoft Watch, Baker said overall PC retail sales were up about 67% from the previous year: notebooks sales saw a 119% increase and desktop sales increased 20%. By the way, Baker recommends SMBs go with Vista Business. What do you think?
FBI shifts to watch-everyone, record-everything wiretaps After retiring “Carnivore” the FBI appear to have shifted to broad-based surveillance strategy that involves compiling massive databases of information on thousands of users at a time. [CNET]
FBI loses Iomega drive with personal info on 500K people The FBI is offering up to $25,000 for information leading to the return of a missing “Iomega hard drive.” Apparently, the drive, used to backup data on medical research, contains personal information on “at least a half-million people.” [Engadget]
Microsoft hit with $1.52 billion patent suit damages A U.S. federal jury found that Microsoft Corp. infringed audio patents held by Alcatel-Lucent and should pay $1.52 billion in damages. [Reuters]
Customers are demanding better application performance across wide-area networks and they’re willing to pay for it, according to research from Infonetics Research.
The WAN optimization market –one of the stronger networking segments – grew 23% during the fourth quarter of last year, compared to the previous quarter. It grew 37% during 2006 overal, compared to 2005.
Revenue for enterprise-class routers grew 6% during the last quarter of 2006, and demand will continue strong, growing 13% to $4.8 billion between 2006 and 2009, the report predicts.
Just under half the total revenue for routers worldwide came from enterprise-class units; 46% came from the midrange and 6% from the low.
Cisco is still the monster in the market, with 75% of worldwide revenue; Huawei ranked second and Juniper third among router vendors.
Ethernet switch revenues grew 3% during the fourth quarter of 2006, and will grow 20% between now and 2009, the report predicts. The mix of protocols is changing, however. Shipments of 10Gbit/sec ports almost doubled, power-over-Ethernet ports and 1Gbit/sec Ethernet ports both increased about 50%.
Market share in the rankings for managed Layer 2 switches put Cisco in front with 54%, Huawei in second wth 13%; in Layer 3, however, Cisco is at 24% and Hewlett-Packard’s ProCurve Networking is at 21%.
The full version of this story appeared on TechTarget sister site SearchNetworking.com.
RSA today announced that it would make the log-management software it bought along with the acquisition of Network Intelligence in September available to channel partners, through its SecurWorld Partner Program.
The platform, which has been renamed RSA enVision, automatically collects, analyzes and manages security event and operational data from customers’ network environments and then archives the data.
The decision by RSA, which is the security division of EMC Corp. means existing Network Intelligence and RSA channel partners will be able to purchase the RSA enVision technology through authorized RSA distributors worldwide.
Previously, Network Intelligence had operated a one-tier channel model in which all resellers held direct contracts with Network Intelligence. Network Intelligence partner categories will now merge into the corresponding RSA SecurWorld category – which depend upon current levels of training and accreditation. For instnace, channel partners who had achieved Platinum status with Network Intelligence won’t have to re-certify as part of the integration, but will have to fulfill requirements of the RSA SecurWorld program to maintain their status moving forward.
Network Intelligence partners who join the RSA SecurWorld program will enjoy benefits from deal regsitration, access to the RSA SecurWorld Partner Portal, instant rebates and other rewards and incentives offered to RSA channel partners.
Network Intelligence partners can also attain the accrditations to sell RSA’s portfolio of other security offerings. For RSA SecurWorld partners they can earn sales and technical authorizations for Network Intelligence solutions.
Google unveiled today its long-anticipated jump into enterprise office suite market with the launch of the Premier Edition of Google Apps. For $50 a year per user, companies can now use Google’s suite of word processor, spreadsheet, calendar, instant messenger, voice-over-IP and email programs — including extensions for the BlackBerry and other mobile devices — tech support, the promise of 99.9% uptime and online storage space of 10GB per user. The suite also includes a set of application programming interfaces to allow either IT or ISVs to create customized extensions.
Both versions require an individual domain name for the users’ e-mail addresses and the Start page. Google will help users sign up for a separate domain for $10 per year through partnerships with GoDaddy.com and eNom.
Google Docs and Spreadsheets — which had been a separate service but are now included in the suite — have group access and version control that allow several users to work on a document simultaneously, while the application keeps track of revisions. The suite also includes controls on each application that allow administrators to define who can use what applications, and how.
A standard edition of Google Apps is also available free. The company is offering the premier edition for free until April 30.
Google Apps are delivered as software as a service (SaaS), meaning that end-users and administrators can use them from the comfort of whatever Web browser they happen to be sitting in front of. SaaS applications also relieve IT departments from the headache of upgrading, since new versions are installed at the vendor’s servers, a process which is hopefully transparent to its customers.
SaaS has made headway in some business functions, most notably customer relationship management (CRM), where Salesforce.com has in the minds of many been the poster child for successful enterprise SaaS applications. Microsoft has also gotten behind the movement to some degree, with Microsoft Office Live offering email and document management over the Internet. The next version of Microsoft CRM will also be offered as hosted SaaS, although higher-end customers will probably still opt for the on-site edition.
TJX says theft of data may go back to 2005 TJX Cos. yesterday said computer hackers may have gained access to its consumer data in 2005, a year earlier than it had previously thought, potentially exposing millions more customers of stores such as T.J. Maxx and Marshalls to identity theft. [Boston.com]
Mass. bill would make retailers pay for data leaks Massachusetts lawmakers are about to consider a bill that would require retailers to pay for losses when hackers and thieves breach their security systems to steal consumers’ credit card and other financial information, the Wall Street Journal reported on Thursday. [Boston.com]
Cisco IP phone flaws discovered Hackers could get unauthorized access to some speaker phones, IP desktop phones, says company. [CNET]
Google offers business software via subscription Web search leader Google Inc. has begun delivering a set of essential business software tools to paying subscribers, in a move to widen its appeal to corporate customers, the company said on Wednesday. $50/year. 10GB storage; 99.9% uptime.
Microsoft walks tightrope with business services The company has good reason to expand into services and hosted software, but it must be careful not to alienate partners. [CNET]
It seems like somebody is a little cranky about the slow pace of sales for Microsoft’s Windows Vista. CEO Steve Ballmer, as Kevin Fogarty noted in today’s headline scan, has tried to place at least part of the blame for Vista’s slow start on software piracy, and is threatening to “dial up” Microsoft’s anti-piracy measures. At the same time, as the threat of losing some potential buyers to Linux desktops continues to rear its head, Ballmer once again is threatening legal action against Linux distributions that infringe on Microsoft’s intellectual property claims.
Sure, Vista is out there in Bitstream . Sure, Windows Genuine advantage is so hosed, you can install an upgrade copy onto a bare machine just by rebooting at the right time during install. But there’s a reason why Vista sales are so slack that has nothing to do with piracy, and that Linux has little to do with: people don’t trust it yet.
Cisco Systems is warning that customers who don’t change the default names and passwords on routers are vulnerable to an exploit publicized by Symantec and Indiana University last week.
Pharming is a malware technique more sophisticated than phishing because it requires no conscious effort on the part of the user, and can even change the code on a victimized computer to re-route its Web requests without the knowledge of the user.
The solution is to change the default password as soon as the router is brought online, according to Cisco. But, since compromised laptops could also be the source of such attacks, it may also be necessary to check the machines of users who bring laptops home and work from routers they configure (or leave the configuration as the factory default) themselves.
The original version of this story appeared on TechTarget sister site SearchSecurity.com.
You already knew that your customers’ employees are often a huge security liability. But if you needed any more proof, this week’s Stop and Shop scandal might help to convince you.
In a nutshell, thieves stole account and personal identification numbers from customers’ credit and debit cards at stores in Rhode Island and Massachusetts by tampering with checkout-lane keypads. At some point, these data thieves must have accessed the keypads by entering the building and physically tampering with them, then reinstalling. How could this have happened?
One NetworkWorld story may have the answer (if not to this particular breach, then possibly to others). A penetration tester from NTA Monitor Inc. got into a company’s building by waiting until a group of smokers finished their smoke break, then slipping in behind the last employee. He managed to get upstairs by saying that IT had sent him, and successfully attached his computer to the company’s VoIP network. Scary, I know.
If your customer is relying on employees to sound the intruder alarm — or if there are unsecured entry points into their buildings — all of the firewalls, IDS, VPNs, and monitoring devices you’ve implemented may not help. You CAN make sure you’ve given your customer a fighting chance, however, by checking out the brand new Penetration Testing Project Guide on SearchSecurityChannel.com.
As G.I. Joe used to say, “Knowing is half the battle.” Do your own penetration testing, and then educate, educate, educate your customer. You’ll be their greatest asset.
Notebook computers flew off shelves over the holidays, helping to bolster Hewlett-Packard’s lead atop the PC heap. [NYT]
Steve Ballmer has reissued Microsoft’s patent threat against Linux, warning open-source vendors that they must respect his company’s intellectual property. [CNET]