On February 6th, Julia Henderson, of SearchSecurityChannel.com fame, told us of a study that revealed some of the weaknesses of site-authentication images. This study was the most damning to banks, such as Bank of America, who have instituted the security method for their online banking sites.
However, an article in today’s Guardian offers a report that paying attention to the secure nature of the log-in page for your bank may be the least of your worries. According to the article, the Royal Bank of Scotland has been struggling with “systematic attempts” by “organized hacking gangs” to compromise the organization’s security via executives working from home.
The hackers, evidently, work under the assumption that systems used outside of the office are less secure than those under the umbrella if corporate IT. Through emails designed to appeal to the specific user targeted and keylogging software, the attackers are able to get into the company’s system through the VPN.
As telecommuting becomes more and more popular, VPN security, including its weaknesses, will become increasingly important to the integrity of corporate networks.
Okay. We know that blogging is the next big thing. We know that bloggers are getting invites to the coolest parties, the most exclusive criminal courtrooms, and IT product conferences.
Wait, what? That’s right, folks. An article from Information Week explained that 13 bloggers were invited to last week’s Fast Search and Transfer meeting. The idea was that the bloggers would rant, rave, criticize, and inform Fast right to the forefront of the new challenge to find solutions that gather unstructured data. Fast is a growing enterprise search platform vendor who thinks that group blogging is an important factor for search in Enterprise 2.0. (If you want to know what bloggers are saying about Enterprise 2.0, check out Dion Hinchcliffe’s blog)
As a VAR, SI or consultant, maybe you should plan to get a few friends together to blog in order to drive product improvements. Fast insists that it is paying attention to what the bloggers are saying — and taking criticism and fresh ideas seriously — because they think that bloggers inform companies like Fast about their core culture. So if you have a complaint, blog about it! Vendors are listening.
Speed could kill for Internet worms
Computer security researchers are developing ways of protecting PCs from malicious programs known as worms by monitoring how fast data is sent through networks. [TimesOnline]
Europe demands say on US data trawling
Wants to rein in war on terror. [TheReg]
SAP skills pay off big for IT pros
The values of CCIE, CISSP, PMP and Web development certifications held their own in 2006, but it was nothing compared to the 15 percent income growth experienced by ERP-skilled IT workers in 2006, according to a new report. [eWEEK]
Data center power update: power use is alarming; or…not
- U.S. servers slurp more power than Mississippi
Power-hungry servers consumed 45 million kilowatt-hours of power in 2005–double that of 2000. [CNET]
Demand grows, but data centers don’t hog power
Data centers are sucking up more electricity as more people and organizations log on to the Internet. But there’s been some disagreement over how power-hungry the servers running the nation’s network are. [SanFranChronicle]
- Microsoft accuses IBM of an ‘ulterior’ standards agenda
Chicken hawk. [TheReg]Office 14: Think first half of 2009
Office 14, the follow-on to Office 2007, is due out in the first half of calendar year 2009, according to a slide deck allegedly from Microsoft, posted on the AeroXperience blog. [All About Microsoft]
HP updates low-end Itanium servers
Two dual-processor models flesh out HP’s Itanium-based Integrity line, and new HP-UX boosts software performance. [CNET]
Citrix to marry workload management with presentation server
Citrix has acquired the workload management assets of the privately held Aurema.. [eWEEK]
Symantec CEO says no to Windows Vista
Leading security software chief says Windows Vista isn’t yet for him — or his company. Principled stand? Or PR grandstand?[DailyTech]
Visual Studio security updates released
Microsoft has released security updates for Visual Studio 2002 and Visual Studio 2003. The patches address a vulnerability that could allow for remote code execution. [SearchVB.com]
Microsoft Corp. issued six “critical” security patches on Tuesday to fix flaws in its software products that the company warned could allow attackers to take control of a user’s computer. [Reuters]
The Windows 7 genie is out of the bottle. Trying to stuff it back in will do nothing but create more customer confusion.
[All About Microsoft]
The Intrusion Prevention System (IPS) feature set of Cisco IOS. contains several vulnerabilities. These include: Fragmented IP packets may be used to evade signature inspection. IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine may cause a router to crash resulting in a denial of service. [Cisco]
IBM says it is developing new circuitry that could triple the data stored on a typical microprocessor, and thereby double the performance of computers, the Wall Street Journal reported on Wednesday. [Reuters]
The announcement comes as analysts tout virtualization’s entry into its 2.0 phase. [eWEEK]
Citrix Systems this week unveiled a major update to its flagship Citrix Presentation Server product line, a move that kills off its Access Suite and incorporates its functionality into a new Premium Edition. [ChannelWeb]
If you’ve only heard about Vonage and Skype when it comes to VoIP, you’ve only scratched the surface. Dozens of startup companies from the U.S., Canada and Europe are bringing out innovative IP telephony products. Here are our picks for the Top 25 new VoIP companies set to change the way we all work and do business [VoIPNews]
Unit picks up 3G signals, routes them over ‘net.. [TheRegister]
As chip engineers gather in
San Francisco, Intel shows off its teraflop chops, and AMD talks pricing pressure and power consumption. [CNET]
Linux license delayed by Novell/Microsoft review
The partnership between Microsoft Corp. and Novell Inc. has delayed completion of a new license that will govern rights to key parts of the Linux operating system. [Reuters]
IE and Firefox cough up hard drive contents
Updated Floor by flaw. [TheReg]
OIG report criticizes FBI over missing laptops, weapons
A report by the Office of the Inspector General finds that the FBI reported two to three laptops lost or stolen per month during a 44-month period. [eWEEK]
Congress pushes (again) for ISP data retention
Silicon Justice. More data = more damage, when breached. [TheReg]
Cisco’s new security target: consumers
The multibillion-dollar player in security tools for businesses plans to move into the lucrative consumer market later this year. [CNET]
Cisco Sees video surveillance as IP security opportunity
The networking giant says it can help enterprises integrate their existing video surveillance technologies—using a centralized IP network-based approach—to create new applications for keeping their operations even more tightly under wraps. [eWEEK]
Mobile malware menace hits high – McAfee
3GSM Should telcos be scared or skeptical? [TheReg]
Avaya to offer VOIP to small businesses
The new version of IP Office caters to businesses with 10 to 20 users, allowing them to use the SIP trunking services from service providers for their outside phone lines, potentially cutting calling plans by half. [eWEEK]
System integrators effectively serve federal government
More than half of U.S. government IT decision makers are satisfied with the overall performance of systems integrators, according to Government Insights, an IDC company. The survey also found that many SIs are shifting from performing the integration to managing the process of integration. [Tekrati]
IBM’s Power6: Bigger iron, lower power
IBM’s new chip works in 64-processor servers and contains features to let users cap system power consumption. [CNET]
One of the less-appreciated features of Office 2007 — whose arrival was overshadowed by the hype over Windows Vista — is its XML-based file format. XML has a lot going for it, but Microsoft’s implementation isn’t compatible with file-formats in earlier versions of Word.
So even if you don’t switch to Office 2007 you’ll have to deal with the file-format problems eventually, as other people switch. SearchITChannel.com’s first “unrecognized file format” Word doc came in today — from Microsoft.
To read it we had to download the Office Compatibility Pack from Microsoft.com. It wasn’t difficult, but it did delay things a bit as we figured out why our versio of Word 2003 wouldn’t open a Word document from Microsoft.
Just a reminder to download it yourself, and to remind your customers. You might mention to them that the download is 27.1MB, just so they don’t have all their employees download it themselves, all at once.
Oh, but don’t launch it before you install whatever critical Windows updates you have not yet loaded. The site doesn’t say, but presumably Bad Things Could Happen.
The past couple of weeks have been a constant stream of Microsoft related news. Vista this; Vista that. So today I’m going to take a break — sort of.
An interesting little news nugget came floating down today from Microsoft. Apparently, if you haven’t been able to get enough Vista information, you don’t have to wait for the next announcement: Microsoft Vienna. That’s right. The successor is already starting to get a little bit of press coverage.
As depressing as that may be to you, it looks like Big Blue has got some good news. IBM’s open desktop software is being released as a direct competitor to the Windows platform in the corporate environment. The goal is to allow enterprises to lower the cost of managing an Apple or Linux box in the workplace. This release could have an interesting ripple affect across the VAR community. Instead of focusing primarily on Microsoft support, you may begin having to support and maintain Apple-rich environments. Who knows if that switch will actually happen but it is worth watching over the next few months and years.
Twelve Microsoft patches to include fixes for OneCare, ForeFront
Patches are being readied to plug security holes in Windows, Office, Visual Studio, Windows Live OneCare, Defender and ForeFront. Per usual, Microsoft will release the mega-fix Tuesday. [SearchSecurity.com]
Sun x86 servers turn heads: Too bad you can’t get one
Users are impressed with Sun’s foray into low-end hardware. But analysts and bloggers say the engineering-centric firm needs to improve logistics. [SearchDataCenter.com]
IBM aims to lower cost of using Linux, Apple PCs
IBM said on Sunday it will offer an open desktop software system for businesses that puts the cost of managing Apple or Linux computers on a more equal footing with Microsoft’s Windows software, improving the economics of Windows alternatives. [Reuters]
The countdown clock is officially ticking: Windows 7 due in 2009
The countdown clock officially is ticking. The goal is Windows 7 in 2009. [All About Microsoft]
NetApp CEO to vars: Sell more software or risk ‘being left behind’
Network Appliance opened its kimono a bit to solution partners at its annual partner summit, held this week in San Francisco, to talk about some upcoming product and program changes. Dan Warmenhoven, CEO of NetApp, used his keynote address to push solution providers to look beyond NetApp hardware sales to make storage and services a bigger part of their sales. [ChannelWeb]
In a conversation Yuval Shavit and I were having with Rado Nikolov, director of strategy and emerging business, ISV & Developer Relations at IBM (try saying that title twice in one breath), something I had intuited finally got a number attached to it. Nikolov said that about 30% of the independent software vendors in IBM’s partner program are <i>also</i> systems integrators.
Software as a service, SOA-based integration of software packages, and the increasingly consultative nature of most software sales are all at least partially responsible for this phenomenon. Nikolov says that few ISVs would have considered themselves to be SIs a few years ago, and few SIs would have added the ISV label to themselves either. But the definition between packaged and “bespoke” software has been eroding for years, and now it’s becoming increasingly difficult to easily divide the roles of ISV and SI.
For its part, IBM is turning to ISVs to do for open-source applications what it had done with VARs for Linux–creating a channel for selling support services, hardware, and potential upgrades to end users. IBM’s latest initiative for business partners using open source gives ISVs and systems integrators access to IBM’s experts for support of its WebSphere Community Edition and DB2 Express-C software, integration testing in IBM’s “innovation centers,” sales assistance, telemarketing for lead generation and other marketing resources to create and sell on top of open-source software. The upside, according to Nikolav, is potential support contract sales for IBM and up-sales to full commercial versions of WebSphere and DB2.
Maybe you should wait for a joint Harvard/MIT study to come out on a security measure you’re considering before using it or recommending it to a customer.
According to a recent study on the use of site-authentication images to prevent fraud cited in the New York Times, users didn’t notice when their summary image had disappeared. The idea behind image-based authentication is that a user will refuse to provide their password if their personalized login page has changed. But Stuart Schechter, a computer scientist at the M.I.T. Lincoln Laboratory said “the premise is right less than 10 percent of the time.”
The debate is raging. While Mr. Gupta of Bank of America insists that the security measure makes the site more secure as part of a larger security posture, Rachna Dhamija, the Harvard researcher who conducted the study, argues that site-authentication images “detract from security by giving users a false sense of confidence.”
So is the appearance of security more important than security itself? The moral of the story might be that channel professionals in particular have an obligation to time-test any recommendations they make or security measures they implement.