BAe Systems: Office365 doesn’t fly
Image by Daves Portfolio via Flickr
Defence contractor BAe Systems ditched plans to adopt Microsoft Office365, the online version of the Microsoft Suite. The supplier could not guarantee the company’s data would not leave Europe, in spite of operating a data centre in Dublin.
0 Comments
RSS Feed
Email a friend
GE CEO and shareholders see value in strategic data centres
In this podcast recorded at the Gartner Data Center & Operations Summit 2011, Paul Higgins, Emea data centre leader at GE talks about how the company’s data centres have become so strategic, the CEO and shareholders take an interest in them
0 Comments
RSS Feed
Email a friend
Mike Lynch, CEO of Autonomy podcast on next gen IT
Read the Computer Weekly article covering Mike Lynch’s demo at Gartner ITxpo >>
0 Comments
RSS Feed
Email a friend
Gartner ITxpo 2011 Barcelona: Why IT matters to a CEO
In this podcast recorded at the Gartner ITxpo 2011 in Barcelona, Peter Ayliffe, president and CEO of Visa Europe talks about how his CIO, Steve Chambers, made the right call, when a brand new core system failed On Friday 13th April 2007. You can download the podcast here >>
0 Comments
RSS Feed
Email a friend
Microsoft Patch Tuesday Compatibility Report from ChangeBASE
Application Compatibility Update
By: Greg Lambert
Executive Summary
With this November Microsoft Patch Tuesday update, we see again a relatively small set of updates. In total there are 4 Microsoft Security Updates; 1 with the rating of Critical, 2 with the rating of Important, and 1 with the rating of Moderate. This is a small update from Microsoft and the potential impact for the updates is likely to be minor.
As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen little cause for potential compatibility issues.
Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this November Patch Tuesday release cycle.
Sample Results
Here is a sample of the results for one application and a summary of the Patch Tuesday results for one of our AOK Sample databases:
MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution.
And here is a sample AOK Summary report for a sample database where the AOK Patch Impact team has run the latest Microsoft Updates against a small application portfolio:
A RED issue is generally one that pertains to how the code or actual program works. In this case we will flag as Red issues where a package tries to use objects or functions that have been deprecated from the OS or where their use has been restricted. In this case there are no changes that a packager (or AOK Workbench) can make to the install routine to fix the problem. The problem needs to be dealt with at the program code level by the programmer that wrote it or by providing a more up to date driver. However it is reasonably straightforward once a programmer has the information provided by AOK Workbench to make these changes. For vendor MSIs an upgrade may be required.
An AMBER issue is one that pertains to the installation routine. A packager can change things in the installation routine and so can AOK Workbench. Anywhere an issue is found and a change can be made to the installation routine to get rid of it we will flag it as amber. AOK Workbench fixes almost all of the issues it flags as amber. For the few issues that require a decision to be made, a packager can manually remediate these using the issue data provided by AOK Workbench.
Applications flagged as GREEN have no issues identified against them.
Testing Summary
|
MS11-083 |
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) |
|
MS11-084 |
Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) |
|
MS11-085 |
Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) |
|
MS11-086 |
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) |
Security Update Detailed Summary
|
MS11-083 |
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) |
|
Description |
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. |
|
Payload |
Tcpipreg.sys, Tcpip.sys |
|
Impact |
Critical – Remote Code Execution |
|
MS11-084 |
Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) |
|
Description |
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message. |
|
Payload |
Win32k.sys |
|
Impact |
Moderate – Denial of Service |
|
MS11-085 |
Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) |
|
Description |
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. |
|
Payload |
Wab32.dll, Wab32res.dll, Wabimp.dll |
|
Impact |
Important – Remote Code Execution |
|
MS11-086 |
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) |
|
Description |
This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. |
|
Payload |
Adamdsa.dll |
|
Impact |
Important – Elevation of Privilege |
*All results are based on a ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications.
Listen to Olympics CIO Gerry Pennell interview at Gartner ITxpo
0 Comments
RSS Feed
Email a friend
Why the next app gold rush won’t just be on iTunes
In this guest blog post, Gavin Michael chief technology innovation officer at Accenture, covers the shift from monolithic applications to the Apple AppStore-style of application deployment.
It is easy to feel gloomy about the past three years, given the lingering economic turmoil across global markets. But through a different lens, it’s also quite reasonable to argue that the past 39 months have been one of the most prolific periods of creativity and innovation that mankind has ever seen. As the world has gone mobile, countless apps have been created to quickly, easily and cheaply cater to nearly any conceivable need.
On July 10th, 2008, Apple’s App Store debuted on its iTunes platform, providing a marketplace for its still-new iPhone. Less than 1,200 days later, over 500,000 apps are now available for download. This implies that over 415 new apps have been added for every day that the platform has been live. It’s not been alone. Google’s Android marketplace has over 300,000 apps for it, for example. Whatever the task, “there’s an app for that” is increasingly the reply. In a few taps, you can learn how to cook, check-in for your flight, find your car, entertain your children, watch the news, book a meeting, track your run, make a film, improve your golf, balance your budget, or just irritate your friends.
For consumers, the great app rush has delivered enormous new value, with over 15 billion apps installed so far. One fundamental reason behind this success has been the creation of dedicated, easy to use marketplaces that provide a distribution, marketing and sales platform for developers. They allow a lone programmer working weekends to compete squarely against a multinational. Here, the best idea wins, not just the biggest marketing budget.
For CIOs, a similar shift at the enterprise level is starting to drive new approaches to how enterprise applications are created. The era of monolithic applications, with long development and implementation cycles, is rapidly giving way to more flexible and adaptable businesses, dynamically provisioned via the cloud. CIOs will still develop proprietary tools to give their firms a competitive edge, but they will also draw on enterprise app stores to access a growing ecosystem of apps and useful code, supplied by a far wider pool of developers.
In turn, this enables CIOs to start planning a more strategic role. They can become service orchestrators that curate and assemble the most valuable pieces of code, whether from internal development or via app stores, and use that to speed both innovation and implementation. They’re still going to build enterprise applications; they’re just going to build them differently.
A growing range of enterprise app stores-such as Salesforce.com AppExchange, Intuit’s Marketplace or Apperion, among others-are steadily expanding and maturing. As such platforms become more commonplace, CIOs can start to focus more on the core business processes and services that help their firms stand out in the market, rather than worrying about the physical infrastructure to support this. They can focus on services, not servers.
One early example comes from Nongfu Spring, China’s largest bottled water company. It has developed a new backend system that can calculate the exact time and cost of any given shipment in just 37 seconds, down from 24 hours previously. This new competitive advantage is given wings by the fact that its 8,000-strong sales team can access it via a simple mobile app, empowering them to give customers information on demand. As this example highlights, CIOs are still going to build enterprise software to give them an edge in their market, but they’re going to do it differently than before.
Of course, this shift brings new challenges too. To really tap into this, CIOs will need to decouple their firm’s IT architecture, while freeing corporate data to move more easily between applications and the cloud. Interoperability needs to be enabled in application environments that are often heterogeneous. Most importantly, CIOs have to componentize their business model, controlling the processes that matter most, while commoditizing the rest.
All these are significant departures, but they can bring huge benefits. Just as consumers have been able to access apps for all needs, so too will firms. Developers of all shapes and sizes are rapidly creating tools for a range of sectors, with apps emerging for a wide range of needs: tracking electronic medical records, providing customer support, speeding logistics, entering expenses, and far more. These are freeing up CIOs to focus on the services that are core to their competitive advantage. For all else, well, there’s an app for that.
Gavin Michael is Chief Technology Innovation Officer at Accenture. Follow Gavin on Twitter @gavinmichael.
Gavin started working for Accenture in 2010. He previously worked at Lloyds Banking Group as the Retail Technology Director. At Lloyds he was also a member of the Retail Bank Board. Prior to this role, he served as CIO of Lloyds TSB – UK Retail Banking & General Insurance. In this capacity, Gavin set the information technology strategy and direction for growing the UK Retail Banking Division and drove strong collaboration and alignment of technology with the business.
0 Comments
RSS Feed
Email a friend
IT Disputes – Better Contracts Will Save You Money
On my previous blog, I talked about IT disputes and how they occur.
This blog advocates that you spend enough time on the preparation of your contracts so that they are properly negotiated and drafted.
Trying to save legal fees in relation to preparing your contracts (perhaps by rushing through the contract without considering or negotiating contractual clauses properly) can be a false economy.
This is because if a dispute or litigation arises then your contract will be what you are relying upon – if you have rushed your contract or not really taken enough time to ensure that it accurately reflects the deal then you might find that your contract does not have all of the contractual protections that you would normally expect to have.
Further, the legal costs that you might incur in relation to a dispute or litigation are likely to far outweigh the amount it would have cost in legal fees to have had your contract properly negotiated and drafted.
There are a string of IT disputes including:
BskyB v EDS
DeBeers v ATOS Origin
Pegler v Wang
GB Gas Holdings v Accenture
BMS Computer Solutions v AB AGRI Ltd
The problem with IT disputes from a commercial point of view is that as soon as they arise you can be pretty certain that a few things will happen. These will include:
1. lawyers will become involved (sooner or later).
2. your relationship with your supplier will probably become strained
3. you and the supplier might become focussed on the dispute rather than on the supplier providing excellent service to you
4. the dispute will absorb time, effort and resources where each party may think that this time, effort and resources is for no tangible gain
I agree that legal costs can rise as the contract is negotiated and drafted. However, I think that you should see this as an investment such that a well drafted contract leaves less room for there to be any disagreement between the parties regarding the deal. Hence, this leaves less room for there to be a dispute or litigation which, in turn, reduces the chances of you having to pay for lawyers to get involved in any dispute or litigation. As soon as a dispute or litigation arise then the legal fees can escalate rapidly without any real limit because it will be unclear as to how long the dispute will continue for and when and how it might be resolved.
In short, at least when you are having your contract drafted, you have some control over the legal fees and can contain the legal costs of the drafting and preparation of your contract whereas in litigation the legal costs will be very difficult to control.
0 Comments
RSS Feed
Email a friend
One to watch: Code-Breakers
0 Comments
RSS Feed
Email a friend
VMworld 2011: Listen to Paul Maritz’s keynote in Copenhagen
In his keynote presentaion at VMworld in Copenhagen, Paul Maritz, chief executive office at VMware, said, “One of the ways to categorise computing is by the type of application. In the cloud, we are seeing the emergence of a new type of applications, which cannot be done on a traditional RDBMS.” Maritz describes the new type of application architecture as a computing fabric. List to podcast below >>
0 Comments
RSS Feed
Email a friend
