Dell reports it has found financial‘misconduct’ Dell said “evidence of misconduct” had been uncovered in an internal investigation of its financial practices over several years. [NYT]
What happened in TJX security failings? If company execs need a lesson on what not to do before and after a data breach, experts say there’s plenty to learn from a regulatory document TJX filed with the SEC Wednesday.
Will data breach be the end of TJX? This week in Security Blog Log: Industry experts say companies can learn from a data breach and even prosper from it. But is TJX following the right example?[SearchSecurity.com]
PC Makers: Vista brings little joy so far After all the hype surrounding its January launch, Microsoft’s new
Vista operating system has yet to brighten the outlook for PC makers and could even lead to oversupplies for those who had built up inventory. [ChannelWeb]
It may not matter, if the apples are going out of season. Phone numbers’ days may be limited with the growing popularity of VoIP. Contrary to the traditional practice of telecommunications companies charging users a fee for their phone number, session initiation protocol (SIP), which handles most online calls, doesn’t need the traditional ten digit number (or even the 1, if dialing out of area) to know who you want to talk to.
It’s kind of a “duh” concept, but only recently has someone put a plan in motion to bypass this “ancient” tradition in telecom. John Todd, of TalkPlus, helped create Freenum, an organization partnered with over 200 universities looking to adopt this idea into their own communications systems. The implications for further savings that this sort of “numberless” system might offer businesses are clear. However, it will be up to SIs and VARs to look at what Freenum is doing and adopt it to the channel.
According to a report in the Boston Globe, Vonage is the “worst-performing US initial public offering in the past year” and may be facing bankruptcy in the next few years.
Wall Street analysts have given the company low marks after a Virginia court ordered Vonage to pay Verizon $58 million for patent infringement; saying that the result could threaten the embattled company’s profitability.
Without any more fanfare than is given to any standard press release, Oracle reported yesterday on some of its users’ experience with Unbreakable Linux. Given that Oracle sued SAP for “corporate theft on a grand scale” last week, it’s interesting to note some similarities — and some differences.
|Oracle – SAP||Red Hat – Oracle|
|Who took from whom?||SAP’s subsidiary TomorrowNow took from Oracle, according to the suit||Oracle took from Red Hat, according to Oracle|
|What’d they take?||Support materials||An OS and publicly available support materials|
|Was it allowed?||No, says Oracle. Maybe, says an analyst.||Yes — open source|
|End result?||Support for Oracle at half the cost||Support for Red Hat at half the cost|
|Why’d they do it?||To undercut a competitor||To undercut a competitor|
|Reaction?||A lawsuit||No lawsuit|
Of course, open source is open source, and proprietary information is proprietary. And Oracle may get a court to agree that when TomorrowNow allegedly downloaded support information for one client and used the same information to support others it was “stealing software products and other confidential materials that Oracle developed to service its own support customers.” Or the court could decide that proprietary information — once legitimately paid for by a customer and used by a VAR to support that customer — can be used for other purposes with no further obligation to the original owner. And that’s assuming the case even makes it to court — Oracle and SAP could settle, instead.
IP arguments are complicated, and VARs involved in this kind of support could be culpable to the vendor who supplied the software and the documentation. So the difference between open and closed is no joke.
But it’s interesting to note the parallels, nevertheless.
If you haven’t been paying attention to Oracle’s lawsuit against SAP subsidiary TomorrowNow, then you may want to start. If you’re in the business of providing after-market support for packaged applications, or migrating customers from one package to another, then how this suit plays out may have a direct effect on you.
Oracle is suing over alleged misuse of customers’ support licenses for PeopleSoft applications. TomorrowNow, a company started by ex-PeopleSoft execs, is in the business of getting clients off PeopleSoft and onto SAP’s applications; allegedly, TomorrowNow employees accessed support data from Oracle improperly to provide support for Oracle applications—and passing technical data along to other partners.
If Oracle is successful in this legal gambit, it could make life interesting for SIs and VARs who provide their own, discounted training and support to clients for packaged applications like Oracle’s, or other technology. If you provide technical assistance to a customer as part of a migration or upgrade, or offer alternatives to the support and training provided by suppliers, are you opening yourself up to the kinds of claims Oracle is making?
FBI wireless network at risk A report into the US Department of Justice’s wireless network project says that after six years and $195 million it is falling to bits. [Inquirer]
Survey: CIOs like their jobs, not their outsourcers With their salaries and budgets on the rise, a majority of CIOs speak highly of their jobs in a new survey. Yet they have mostly harsh words for their outsourcing relationships. [eWEEK]
Multiple Cisco Unified CallManager and Presence Server denial of service vulnerabilities Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Service (DoS) condition. There are no workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers. [Cisco]
Webroot study finds 43% of firms hit with malware The security vendor’s State of
Internet Security report surveys 600 companies on their experiences with malware threats. [eWEEK]
“Full exploit code” has been published that would let attackers cut-and-paste their way to an effective assault on Internet Explorer installs, according to a report Monday from Websense Security Labs.
Microsoft reported Feb. 13 that the flaw – known since February to affect the ADODB.Connection ActiveX control in the Microsoft Data Access Components — would allow attackers to hijack targeted machines.
Security services providers and IT administrators who have not yet updated their IE installations can download the patch from Microsoft.
The flaw was discovered last July by Metasploit Framework creator H.D. Moore. Separatelym Moore announced Tuesday that version 3.0 of his popular penetration testing tool is now available.
The original version of this story appeared on TechTarget sister site SearchSecurity.com.
Protecting customers from malware can be like juggling grenades — hectic enough while things are going well, but positively frantic (for a little while) when they’re not. Whatever their positive characteristics, customers tend to get angry at VARs who did (or didn’t do) something that lets a worm, virus or Trojan into their system.
On the theory that a little help is welcome and a lot doesn’t hurt, either , check out SearchSecurityChannel.com‘s new AV resources, including the Antivirus Project Guide, then stay up-to-date on antivirus news, strategies and tips aimed at the channel on SearchSecurityChannel.com‘s Viruses, Worms, and other Malware topic center.
For the next level of support, try antivirus software vendors and information sites that offer instructor-led and online courses and training to give you and your support engineers some of the AV skills they need, not to mention help explaining to customers what the threats are and what you can do to protect them :
- Panda Software Companies’ Basic Virus Course (online, free with registration)
- Symantec Antivirus Corporate Edition Training (onsite, in metro areas, online, cost varies)
- Introduction to Computer Viruses on About.com (online tutorial, free)
- CA’s eTrust Antivirus SPT Training Course (8 hours, load on computer, $800)
- Network Associates Antivirus Software Solutions by CBT Direct (online, price available upon request)
Napoleon Bonaparte — who knew something about how to overcome a persistent threat — said “victory belongs to the most persevering.” The perseverance is up to you, but we can help with the information on tools and techniques you can use to keep up. Let us know how it’s going, and what kind of information you need — from vendors, customers or each other — and we’ll enlist all three in the initiative. Until then, keep juggling.
Blog: Exploit code is out for a critical Internet Explorer vulnerability that Microsoft reported in its MS07-009 bulletin. [eWEEK]
A new tool called Jikto can turn any PC or device with a browser into a site attacker. [eWEEK]
IT pros eye Windows Server 2003 SP2 with caution Despite its security and stability enhancements, IT pros say they are in no rush to deploy Windows Server 2003 SP2, which arrived with little warning two weeks ago. [SearchSecurity.com]
20 million copies of Vista reported sold Analysts questioned the figure and said it shed little light on the program’s popularity during its first month on the market. [NYT]
Linux kernel to add VMI The next stable update to the Linux kernel, Version 2.6.21, is slated to include a new feature submitted by VMware called Virtual Machine Interface. [eWEEK]
Next version of GPL to cover Novell-Microsoft deal The non-profit group that owns rights to much of the Linux operating system says it will seek to undermine a controversial deal between Microsoft Corp. and Novell Inc. through a new software licensing agreement to be unveiled on Wednesday. [Reuters]
Although Oracle’s lawsuit against SAP is directed against the German-based software giant, SAP’s channel partners could also be held culpable for any role they may have had for using software and documentation that turns out to have been illegally obtained, according to one lawyer specializing in intellectual property law.
Systems integrators (SIs) and consulting firms that provide support for Oracle products should prepare for any potential legal action by documenting what they did and didn’t know about the origins of materials given to them by SAP, according to Tucker Griffith, partner at McCormick, Paulding & Huber LLP.
Those partners are at risk if Oracle is “going on a theory that this was stolen material — and I’m pretty sure they are going on that theory — and if they’re going on the theory that some of the stuff was trade-secret protected,” Griffith said. “If you [the VAR] had reason to suspect it was stolen, or suspect it came from illegal means and illegal sources, then you might have some culpability.”
It would also be prudent for partners whose contracts with SAP do not include an indemnity clause to negotiate with the company to get one, he said. Indemnity clauses, in which one company insures another against lawsuits, can be written with generic language or be specific enough to, for example, specify whether the party offering indemnity will also cover court fees, he said.
Those partners who find themselves needing to negotiate for indemnity may have some leverage, though. Partners can point to the bad press the suit may generate for SAP and hint that they would consider migrating to other vendors if SAP does not earn their loyalty, Griffith said.
The lawsuit against SAP alleges that TomorrowNow, a provider of third-party Oracle support that SAP acquired in 2005, used Oracle customers’ login information to access Oracle’s support site. There, according to the 44-page complaint Oracle filed last week, TomorrowNow downloaded thousands of materials — software and documentation — which it then used to undercut Oracle’s own support.
But players at TomorrowNow, and SAP may have not thought they were doing anything wrong, Griffith said. They did not appear to try to cover up their tracks — the logins were traced back to computers in Bryan, Tex. where TomorrowNow is located — and Oracle did not take steps to prevent bulk downloads like those it accuses TomorrowNow of making.
“The defense would be well: we thought there was nothing wrong, because if we thought there was something wrong about it, we would have made it less obvious, less blatant,” Griffith said.
Oracle and SAP have continued to remain mostly silent about the suit, although SAP did issue a press release Friday saying that it will “aggressively defend against the claims made by Oracle.”