Microsoft to patch IE zero-day bug next week

Microsoft today said it will deliver six security updates on Tuesday, including one that will patch a vulnerability in Internet Explorer (IE) the company admitted only last week. The update will address an IE zero-day vulnerability that Microsoft confirmed Nov. 23 in a security advisory. "I want to point out that Internet Explorer 8 is not affected on any platform and that running Protected Mode in Internet Explorer 7 on Windows Vista mitigates this issue," said Jerry Bryant, a spokesman for the Microsoft Security Response Center (MSRC), in a blog post announcing the advisory last week. The updates will patch a total of 12 flaws in Windows, IE and Microsoft Office, the company said in a follow-up entry to its security response center's blog . At the top of the patch list, even Microsoft's own, will be an update for IE 5.01, IE6, IE7 and IE8 that has been pegged as "critical," the firm's highest severity rating in its four-step scoring system.

Microsoft's advisory was its reaction to proof-of-concept attack code that had gone public several days before, when it was posted to the popular Bugtraq security mailing list. Next Tuesday's update, however, will quash bugs in all still-supported versions of IE, not just IE6 and IE7, a fact Microsoft confirmed today . "We want to make customers aware that we will be addressing the vulnerability discussed in Security Advisory 977981 in the IE bulletin on Tuesday," Bryant said in another blog post. The sample code exploited a flaw in IE's layout parser, and could be used to hijack fully-patched Windows machines. The advisory Bryant called out was the one Microsoft issued last week. "We know that customers are concerned about this issue and we are also aware that Proof of Concept (PoC) code is available publicly." Microsoft's advance notification spelled out the significance of the problem with IE: All versions of its browser contain one or more flaws when run on Windows 2000, Windows XP, Vista, Server 2003 and even Windows 7. Only the company's newest server products - Server 2008 and Server 2008 R2 - are somewhat safer. Microsoft confirmed to Storms that the IE update contains fixes for multiple vulnerabilities; it's not unusual for Microsoft to quash several bugs in a single update. "Last week's zero-day is still not applicable to IE8," Storms said after he consulted with MSRC. "Some other bug is also being patched in the same bulletin." The attack code that went public Nov. 20 was not only unreliable, according to security experts who dived into the exploit, but was touted as only affecting IE6 and IE7 on Windows XP. Later, Microsoft said that Vista users would be protected to a degree not enjoyed by XP customers because the former's "sandbox" would limit the ability of the exploit to compromise the PC. Most outside security researchers, including Storms, were pessimistic last week when asked whether Microsoft could scramble fast enough to fix the flaw in IE6 and IE7. Today, he was impressed. "I would have wavered last week [on] whether they would fix it," he admitted. "But given the impact [of the vulnerability] and the fact that there's code out there, I'm not surprised that they managed it." Other updates slated for release on Dec. 8 include patches for bugs in Windows; Office 2000 and Office 2003; and Microsoft Project 2000, 2002 and 2003. Three of the six updates will be tagged critical, while the remaining trio will carry the "important" label. "Frankly, the rest don't matter at this point," said Storms, referring to the non-IE updates. "IE is the top of the news for Microsoft today, and will be next week." The bright spot, said Storms, is that Microsoft keeps ladling more information onto its pre-Patch Tuesday notification , a preview customers rely on to plan their patching strategy for the following week. "They're blogging and telling us the number of vulnerabilities and the [affected] applications now, which is great," Storms said, applauding Microsoft's moves. "They continue to increase the amount of information they provide. However, that doesn't mean IE 5.01 and IE8 are suddenly vulnerable to last week's zero-day exploit, said Andrew Storms, director of security operations at nCircle Network Security.

They're setting a real trend here." Microsoft will release the six updates at approximately 1 p.m. ET on Dec. 8.

Chip sales to grow in 2010, iSuppli says

Worldwide semiconductor sales will grow in 2010 as chip sales gain steam in response to stabilizing economies, analyst firm iSuppli said on Wednesday. Chip sales could total $282.7 billion in 2012; sales tallied close to $273.4 billion in 2007. However, global chip sales will decline in 2009, albeit at a lower rate than iSuppli first projected. Semiconductor sales could grow by 13.8 percent on a year-over-year basis to reach US$246 billion in 2010. Chip revenue will keep growing through 2012 and could reach levels of 2007, after which chip revenue skid began. The analyst firm predicted year-over-year global chip sales would decline by 16.5 percent in 2009. Earlier in the year, iSuppli projected a 23 percent drop.

Semiconductor sales and inventory levels in the PC and mobile-handset markets - which account for a majority of semiconductor sales - improved in the second quarter, iSuppli said. Chip sales in 2009 will total US$216 billion, compared to $258 billion in 2008. Chip sales have "gained clarity" as economies stabilize and supplies improve in key markets after an unstable first quarter, iSuppli said in a statement. Major vendors have also increased their outlooks for PC and mobile-handset sales, which has given more clarity to project overall chip sales for the year. "Semiconductor shipments rebounded as inventories were replenished and modest forward-looking purchases were made," said Dale Ford, senior vice president, market intelligence services for iSuppli, in a statement. Otellini's comments were stronger than conservative outlooks provided for an expected PC industry recovery from companies like Advanced Micro Devices and Dell earlier in the year. Intel CEO Paul Otellini last week said that its chip shipments were stabilizing as PC shipments start to take off.

The companies said that PC shipments would grow as users look to buy new PCs with Microsoft's upcoming Windows 7 OS, which is due next month, and as companies look to refresh PCs. The global economy was partly boosted in the second quarter by worldwide economic stimulus efforts, especially in China, iSuppli said. The U.S. stimulus effort - the American Recovery and Reinvestment Act - has a lesser effect as it wasn't implemented on a wide basis, iSuppli said. China's stimulus efforts resulted in a massive increase in consumer purchasing, which benefitted worldwide economic conditions, iSuppli said. An economic stimulus package of $787 billion to spur economic activity was passed in February by Congress and signed into law by President Barack Obama.

US lawmakers question ICANN gTLD plan

Several U.S. lawmakers urged the Internet Corporation for Assigned Names and Numbers (ICANN) to back off on a plan to offer an unlimited number of new generic top-level domains until concerns about trademark protections and other issues can be addressed. You guys made us come here today." The board at ICANN, the nonprofit organization created in 1998 to oversee the Internet's domain name system, voted in June 2008 to move toward unlimited gTLDs, in addition to the 21 gTLDs available now, including .com, .biz, and .info. Members of a subcommittee of the U.S. House of Representatives Judiciary Committee on Wednesday questioned ICANN Chief Operating Officer Doug Brent about why the organization continues to move forward with its plan to sell new generic top-level domains, or gTLDs. Judiciary Committee Chairman John Conyers, a Michigan Democrat, complained that ICANN hasn't been able to resolve complaints about its plan to sell new gTLDs to compete with .com, .org and other current TLDs. "This is a hearing we shouldn't have had to call," Conyers said. "If the parties had come together, I doubt if we'd be here this morning.

Under the ICANN plan, anyone could apply for a new gTLD - some suggested have been .food, .basketball and .eco - at a cost of about US$100,000. Asked by lawmakers how soon ICANN planned to offer new gTLDs, Brent said he wasn't sure. Critics of the TLD expansion, including Hewlett-Packard and Dell, have complained that a huge expansion of gTLDs would force trademark owners to buy multiple domains on each new gTLD, potentially costing them and their customers billions of dollars. ICANN had originally planned to offer them this year, but the latest estimate is February, and Brent said he expects that deadline to slip as ICANN works with critics to resolve issues. This week, the Coalition Against Domain Name Abuse (CADNA), an organization with 19 large-business members, called on the U.S. government to conduct a "full-scale" audit of ICANN. "ICANN has not properly vetted this decision in an objective fashion," CADNA said. "This rollout expands the size of the Internet exponentially without first performing a sound cost/benefit and security and risk analysis to determine both desirability among and risk to Internet users." At the Wednesday hearing, Conyers seemed to connect the gTLD disagreements with the end of an oversight agreement ICANN has with the U.S. Department of Commerce. A spokesman for Conyers wasn't immediately available to clarify his comment.

ICANN's long-standing formal relationship with the U.S. government ends Sept. 30. "If you don't meet the 30th deadline, you're going to all be sorry that you didn't make it," Conyers said. ICANN's Brent defended the organization's decision to move forward with new gTLDs. Internet users, including the U.S. government, have long called for new TLDs, he said. Winners of new gTLDs will have to abide by a lengthy set of rules, he said. "ICANN did not casually think this plan up," Brent added. "This will not be an unbridled expansion. In addition, the expansion of TLDs would allow Internet users who don't use the Roman alphabet to have domain names in their native languages, he noted. It is the work of many hands from a bottom-up process." Representative Bob Goodlatte, a Virginia Republican, questioned whether ICANN had enough resources to enforce strong trademark protections and other rules in the new gTLDs. He asked if ICANN saw that there were still "a lot of things that need to be worked out here." "We might question 'a lot,' but I think, absolutely we have more work to do," Brent answered.

Instead, we should address these concerns." But Steve DelBianco, executive director of e-commerce trade group NetChoice, suggested the new gTLDs are little more than an effort to create new labels, when ICANN has more important issues to work on. "Every day our industry and my members create new applications, Web sites and services," he said. "Labels are just one of the ways people find these new services. Despite the continued concerns, Paul Stahura, CEO and president of domain-name registrar eNom, said the ICANN plan will lead to more competition among domain-name registries. "There is high consumer demand for many new gTLDs," he said. "There currently is little or no competition to satisfy this demand, and ... we shouldn't prohibit competition because of trademark concerns. The label is not the creation, it's just something we stick on it." One proposed gTLD is .food, he said. "Dot-food won't create a single new restaurant," DelBianco said. "It won't create a new Web page, it won't create new restaurant reviews or online reservation sites."

Lawsuits over Heartland data breach folded into one

A lawsuit consolidating 16 separate class-action complaints brought by financial institutions against Heartland Payment Systems Inc. has been filed in U.S. District Court for the Southern District of Texas. The complaints allege that the payment processor was negligent in its duty to protect card holder data. The claims stem from the massive data breach disclosed by Princeton, N.J.-based Heartland in January. The amended complaint includes for the first time several statements that Heartland is alleged to have made regarding the controls it had in place to protect credit and debit card data just prior to the breach.

The lawsuit seeks compensation from Heartland for the costs that the financial institutions say they've had to bear in notifying customers about the breach and in reissuing new payment cards. The fact that the company suffered the breach despite its claimed security measures shows that Heartland either negligently or deliberately misrepresented the facts, the lawsuit alleged. Among the financial institutions listed are the Pennsylvania State Employees Credit Union, Lone Star Bank of North America and Amalgamated Bank of New York. "There were multiple lawsuits filed all over the country on behalf of financial institutions, and all of those cases were sent to federal court in Houston" for consolidation, said Joseph Sauder, an attorney with Chimicles & Tikellis LLP. The Haverford, Penn.-based law firm is representing some of the plaintiffs in the lawsuit. "This complaint incorporates the strongest claims from all of the financial institution class-action lawsuits," Sauder said. "The next step is for Heartland to file a response to this complaint," he said. The breach, which is considered the biggest involving payment card data, compromised more than 100 million credit and debit cards. Heartland on Jan. 20 disclosed that unknown intruders had broken into its network sometime last year and accessed payment card data belonging to an undisclosed number of customers.

So far, Heartland has publicly admitted to spending nearly $13 million on breach-related costs, and analysts expect it will cost the company millions more in the coming years. The cases were consolidated in federal court in Texas because Heartland's data centers are located in that state, Sauder said. Heartland, one of the biggest payment processors in the U.S., manages about 100 million credit and debit-card transactions per month. A "separate track" of cases involving consumer lawsuits against Heartland is also being heard in the same court, Sauder said. BJ's Wholesale Club, Hannaford Bros. and Dave & Buster's restaurant chain. In September, Albert Gonzalez, 28, of Miami pleaded guilty to the data heist at Heartland and several other retailers, including TJX Companies Inc.

Gonzalez is scheduled to be sentenced in December and faces 15 to 20 years in prison under the terms of his plea agreement. Heartland did not immediately respond to a request for comment.

Win 7 Launch: Early Adopters Eager to Bid Farewell to XP

At the Windows 7 launch in downtown Manhattan, Microsoft CEO Steve Ballmer unveiled the general availability of Windows 7 with his usual enthusiasm, emphasizing ease of use, faster boot up times and the ability to bring together the PC and the television. Consumers. Ballmer drum-beating aside, Windows 7 has garnered some of the best reviews of any version of the OS. With user interface and networking features that are both slick and useful, and an army of hardware makers lined up with special deals on everything from netbooks to high-end gaming PCs running Windows 7, the setting seems ripe for consumers to upgrade or buy a new computer.

Check. Yet despite the testing, planning and time-consuming complexities of an enterprise OS upgrade, corporate customers at the Windows 7 launch interviewed for this story are hankering to deploy Windows 7 in their environments. [ For complete coverage on Microsoft's new Windows 7 operating system - including hands-on reviews, video tutorials and advice on enterprise rollouts - see CIO.com's Windows 7 Bible. ] Early adopters from different lines of business and at different stages of migration agree on three points: Windows XP has had its day; Vista was never worth it; and Windows 7 offers businesses too many security, networking and navigation features to ignore. Enterprises, on the other hand, are a more complicated bunch. XP Couldn't Last Forever Holland America Line, a Seattle-based cruise ship company with a fleet that travels all over the world, has been aggressively testing Windows 7 as part of a migration from Windows XP for its 3,900 PCs across 14 cruise ships. Though only 20 machines run Windows 7 right now, IT manager Phil Norman says that a year from now he plans to have 50 percent of all machines at Holland America Line running Windows 7. "We tested Vista with a small group, but there were too many application compatibility issues. Application managers in the company's IT and finance departments have been testing Windows 7 for application compatibility for about a year.

The benefit just wasn't there," says Norman, adding that Windows 7 is a "much more usable operating system, with better security features." Norman gives kudos to Windows XP for being a very stable and easy OS to maintain. "But only to a certain extent," he says. "More and more we're relying on third party vendors with XP, and it can't handle newer drivers." Yes, Windows 7 Can Save You Money Del Monte Foods, a San Francisco-based food production and distribution company that sells canned fruits and vegetables as well as pet foods, is at a similar stage in their Windows 7 deployment as Holland America Line, with 45 out of its 3,000 total business users running Windows 7 on their machines. The company skipped Vista because it was "cumbersome, hard to use and had too many compatibility issues," says David Glenn, Del Monte's director of enterprise operations. The other users run Windows XP. Del Monte plans to have Windows 7 on 1,000 machines within a year. Even though migrating from XP to Windows 7 is estimated to cost $1,035 to $1,930 per user, according to research firm Gartner, Glenn is confident that Windows 7 will ultimately save money for Del Monte. "The new Windows 7 hardware coming out is less expensive than hardware in XP's days," he says. "Also, Windows 7 is a lot easier to use, so our training and support costs will go down. One good example is connecting to a printer is so much easier with Windows 7," he says.

Glenn adds that because Microsoft is pushing Windows 7 in the home market, Del Monte will encourage employees to upgrade on their home machines. "There's a lot of functionality in Windows 7 they can learn at home and bring with them to work. Virtualize Those Apps Migrating to Windows 7 has been made smoother for both Holland America Line and Del Monte by using MDOP (Microsoft Desktop Optimization Pack), a suite of add-on applications available to members of Microsoft's Software Assurance program that help manage a network of PCs. Both companies are using the Application Virtualization feature of MDOP, called App-V, to virtualize applications and make them available to Windows 7 users even if those apps are not compatible with Windows 7. "It's a temporary fix while application vendors get compatible and it will help speed up our deployments to Windows 7," says Glenn. Al Gillen, a VP at research firm IDC, offered a reminder that not all enterprises are so gung ho about Windows 7 adoption. Windows 7: A Security Savior? But, he adds, there is a solid case for businesses to move on. "Mainstream support for XP has ended and that could become a liability for companies," says Gillen.

McBeth is in the process of testing and slowly migrating Starwood's 160 hotels (including the Sheraton and Westin brands) to Windows 7. With many different employees accessing the same computers at front desks, security poses a big concern. "Like most companies, we deal with external and internal security policies," says McBeth. "Any security breach and we are subject to fines, audits and bad PR. So obviously we want more security features in the OS, and Windows 7 provides that." Specifically, McBeth highlights the built-in security features of Internet Explorer 8, as well as AppLocker, a Windows 7 feature that protect users from running unauthorized software that could lead to malware infections, and BitLocker to Go, an encryption feature that protects the data on external hard drives and USB thumb drives. Mark McBeth, VP of IT at Starwood Hotels, has security on his mind as well. Norman of Holland America echoes the need to have security features baked into the OS. "In our industry there's lots of compliance. With XP, we have resorted to using third party security vendors and there have been compatibility problems along the way." A New Day for Microsoft IDC's Gillen says that every company's Windows 7 adoption experience will be different. "Like any OS upgrade, there will be early adopters, and there will be late adopters," he says. Our ships are basically floating cities," he says. "Windows 7 meets security needs better. But with positive reviews and a solid launch, Windows 7 could mark a new beginning for Microsoft, Gillen says. "Microsoft got a lot of criticism over Vista.

Follow him on Twitter at twitter.com/smoneill. This is a chance to rewrite the gamebook for both consumers and businesses." Shane O'Neill is a senior writer at CIO.com. Follow everything from CIO.com on Twitter at twitter.com/CIOonline.

Microsoft pushes switchover deal for CRM Online

Microsoft is trying to steal away Salesforce.com and Oracle CRM on Demand customers with a new offer that will provide them with six months' access to its own CRM Online application at no charge if they sign a 12-month contract. That compares to $65 per month per user for Salesforce.com Professional. Microsoft charges US$44 per month per user for CRM Online Professional edition. Oracle CRM on Demand pricing starts at $70 per month per user.

Microsoft will consider expanding access to customers of other CRM products once it sees how well the program is received, Wilson said. Meanwhile, Microsoft's application is comparable from a feature standpoint and "already about 35 percent cheaper" than the competition, said Brad Wilson, general manager of Dynamics CRM. The six-month offer is valid through the end of this year. Six months is about how long it takes a customer to know for sure whether an application is right for their business, said Ray Wang, partner with the analyst firm Altimeter Group. For one thing, a customer and Oracle or Salesforce.com may have a year-to-year deal, which might still be in effect when the six-month trial period expires, Wang said. But potential hurdles lie in the way of a smooth transition over to CRM Online, he added.

While contract terms may allow the customer to cancel, they may not get a refund on the year's remaining fees, according to Wang. "Hopefully you'd be [signed up] month-to-month. Microsoft on Monday also announced price cuts for its Business Productivity Online Suite. It's good to check and see where you are in that process." Overall, however, "users win" in price wars like this, Wang said. Other SaaS (software as a service) vendors, such as NetSuite, have made a steady stream of financial enticements in recent months too, as sales slowed during the global recession. It is also planning to roll out the software worldwide in the second half of 2010, he said.

Salesforce.com has also quietly lowered monthly per-user fees for its two lowest-end editions, Contact Manager and Group Edition, to $5 and $25 respectively, down from $9 and $35. Meanwhile, Microsoft is announcing the CRM switch-over deal in conjunction with an update to CRM Online, Wilson said. The service is now available in North America. No credit card information is required to sign up, although users need to provide an e-mail address. In the new release, Microsoft made signing up for CRM Online "super-simple," he said. They can then start a free trial with either Microsoft's Outlook client or a browser-based interface, Wilson said.

A series of help tools provide information on setup and maintenance. Thirty-day trials include sample data so users can begin experimenting with the system. Microsoft has also developed an improved data import wizard. In addition, mobile access is available at no additional charge for any phone with a HTML 4.0-compliant Web browser. "We specifically tried to engineer [the application] to make it really easy for people who don't have CRM systems," Wilson said.

In Autodesk case, judge rules secondhand sales OK

A Seattle judge ruled in favor of a man arguing that he has the right to sell secondhand software, in a case that had some people worried about an end to used-book and CD stores. EBay later banned Vernor from the site, based on Autodesk's complaints. The suit was initially filed by Timothy Vernor after eBay, responding to requests by Autodesk, removed the Autocad software that Vernor was trying to sell on the auction site. Vernor argued that since he was selling legitimate versions of the software - not illegal copies - he hadn't violated any laws.

But no matter how Autodesk describes the agreement with customers, it is transferring ownership to end-users, the judge, from the U.S. District Court for the Western District of Washington, found. Autodesk contends that it doesn't "sell" its software, but instead licenses it and therefore prohibits buyers from reselling it. Autodesk had argued that its restrictions on the way that buyers can use the software show that users license rather than own the software. "A person who buys a home is nonetheless restricted in his use and subsequent transfer of the home by property laws, zoning ordinances, and fair housing statutes," Judge Richard Jones wrote in his ruling. "No one would characterize the person's possession, however, as something other than ownership. Autodesk said it will appeal the decision. "We disagree with the Court's interpretation and application of copyright law so, on that basis, will appeal the decision to the Ninth Circuit Court of Appeals, the Court of Appeals with jurisdiction over this matter. Similarly, the court cannot characterize Autodesk's decision to let its licensees retain possession of the software forever as something other than a transfer of ownership, despite numerous restrictions on that ownership." The judge also agreed with Vernor's argument that owners of software have "first sale" rights under copyright law, which entitles them to "sell or otherwise dispose of" the copy they bought.

We will rely on more recent Ninth Circuit cases that, as the district court acknowledged, favor Autodesk's position," the company said in a statement. But he said he thinks the impact will be minimal. In previous arguments, both sides warned of dire consequences that could follow the judge's decision. Autodesk argued that if the judge decided that people own its software, prices will rise for end-users. Vernor has argued that if the judge ruled that the software was indeed licensed, then any copyright owner could impose severe restrictions on how their products are used.

But that argument ignores the secondhand market, which offers better prices for consumers, the judge noted. "Although Autodesk would no doubt prefer that consumers' money reaches its pockets, that preference is not a basis for policy," Jones wrote. For instance, book publishers could bar resale and lending, eliminating the used-book market as well as libraries. The judge denied Vernor's charges against Autodesk of copyright misuse. Even if he had ruled against Vernor, such fear was "misplaced," the judge said. "Although the interpretation of 'owner' in the Copyright Act no doubt has important consequences for software producers and consumers, the court is skeptical that its ruling today will have far-reaching consequences," he wrote.

Senate kills bid to make White House czars accountable

A proposed amendment that would have given Congress more oversight over the White House cybersecurity czar and at least 17 other czars appointed by President Obama was shut down in the U.S. Senate today. Susan Collins (R-Maine), sought to restrict federal funds for the expenses of White House-appointed czars unless two conditions are met. The amendment, proposed by Sen.

One of them was to require the president to agree that every czar would respond to "reasonable requests" to testify before Congress on matters related to the office. The proposed amendment was in an Interior Department environmental appropriations bill on the Senate floor. The other required White House-appointed czars to issue a report to Congress twice a year. In a statement , Collins said the amendment was needed to ensure greater transparency and accountability. The amendment however was ruled "non-germane" to the pending bill in the Senate this afternoon and will not move forward, a spokesman for Collins said in an e-mail. "The amendment fell," following an objection by Sen. She had claimed that direct White House appointees were largely insulated from congressional oversight and often duplicated or diluted the statutory authority and responsibilities of Cabinet-level appointees who had been vetted by Congress.

Dick Durbin (D-Ill.), he said. At a committee hearing in May on strategies for securing cyberspace, Collins had said that putting the White House in charge would make it harder for Congress to exercise oversight over critical cybersecurity policies and budgets. Collins, who is the ranking minority member of the Senate Homeland Security and Governmental Affairs Committee, had raised similar concerns previously, especially with regard to Obama's plans to appoint a White House cybersecurity czar, or agency coordinator. Collins proposed instead that the government consider adopting the model used in setting up the National Counterterrorism Center (NCTC). The NCTC, which was established in August 2004 on the recommendations of the 9/11 Commission, works in the Office of the Director of National Intelligence (ODNI), a setup that allows for greater congressional oversight, she had said. The president announced the position in May and stressed the need for a national strategy for securing U.S. interests in cyber space. The developments come amid a delay by the White House in naming a new cybersecurity coordinator.

The delay in making the appointment has fueled speculation about the likely candidates and the nature of the job . Earlier this month, the Reuters news service. quoting an unnamed source with "direct knowledge" of the matter, said the front runner for the post was Frank Kramer , an assistant defense secretary under President Bill Clinton.

IPass makes MiFi available for business users

MiFi is going to the enterprise. The actual MiFi device will be free for a two-year service commitment, or $99 for a one-year commitment, on top of a one-time $50 configuration fee per device as well as the iPassConnect service. IPass Inc. said today it will resell in December the Novatel Wireless MiFi 2200 mobile broadband device used by consumers but it will be preconfigured with customer-specific security and connections to iPassConnect mobility manager software for business users. That service runs $45 to $60 per month per user in the U.S. and gives 3G WAN wireless broadband access as well as easy Wi-Fi connections globally to 160,000 hot spots, said iPass vice president of product and offer marketing Rick Bilodeau.

With iPassConnect, the IT shop of each company also has a single console where it can manage potentially thousands of users. IPass, launched in 1996, is already used by about 400 of the world's largest companies whose workers can find wireless WAN and Wi-Fi access from laptops using broadband cards easily as they travel from country to country, Bilodeau said in an interview. Adding MiFi to its portfolio means iPass customers can connect wirelessly as many as five Wi-Fi-enabled devices to the 2-ounce MiFi device , which then connects to a wireless CDMA 1x EV-DO Rev network. IPass has been device agnostic and already provides access to its software from a variety of laptop broadband cards, but the relationship with Novatel has been longstanding and seemed logical, Bilodeau said. The MiFi device without a service plan would cost a user about $215, Bilodeau said. "Today, MiFi is just an open hot spot out there, and we see the primary use of MiFi with iPass by folks in consulting and accounting or professional services who visit customer sites and can't use a third-party Wi-Fi service," Bilodeau said. "This approach allows a 3G wireless connection to a corporate VPN, so you still have security." IPass is adding SSID and security keys to MiFi devices specific to each customer, with a configuration to iPassConnect, he said.

It is not exclusive to Novatel, however, he said. Paulak said iPass is basically reselling the MiFi service offered by CDMA carriers Verizon Wireless and Sprint Nextel Inc., but iPass will be able to offer a more complete managed mobility service than Verizon or Sprint. With support for MiFi, iPass is able to extend its management service from, for example, a single worker to a workgroup that could need a temporary office solution as the group travels together, said Eric Paulak, a Gartner analyst. In addition to the MiFi service, iPass also announced a new Open Device Framework to allow its customers to quickly integrate new 3G devices into the iPassConnect software. Paulak said the Open Device Framework sounds like a good idea because it offers a process for helping customers connect to new and different devices, but he had reservations about its impact on newcomers to mobile management. "My concern is that it is going to be lost on most companies that don't see [device management] as a problem today," he said. "This is mainly a promise to existing customers ... but it will be hard to convince non-customers of the value of this type of service."

The capability will come to IT managers and others in the form of templates that can be adapted to a growing number of devices that will be wirelessly capable, including machine-to-machine devices that aren't even voice capable, Bilodeau said.

MySpace replaces all server hard disks with flash drives

Social networking site MySpace.com announced today that it has switched from using hard disk drives in its servers to using PCI Express (PCIe) cards loaded with solid state chips as primary storage for their data center operations. MySpace said the solid state storage uses less than 1% of the power and cooling costs that their previous hard drive-based server infrastructure had and that they were able to remove all of their server racks because the ioDrives are embedded directly into even its smallest servers. "We looked at a number of solid state solutions, using many different kinds of RAID configurations, but we felt that Fusion-io's solution was exactly what we needed to accomplish our goals," Buckingham stated. The PCIe cards, from Fusion-io Inc., have allowed MySpace to replace multiple server farms made up of 2U (3.5-in high) servers that had used 10 to 12 15,000 RPM Fibre Channel drives each with 1U (1.75-in high) servers using a single ioDrive . "In the last 20 years, disk storage hasn't kept pace with other innovations in IT, and right now we're on the cusp of a dramatic change with flash technologies," said Richard Buckingham, vice president of technical operations for MySpace, in a statement. MySpace's new servers also have replaced its high-performance hosts that held data in large RAM cache modules, a costly method MySpace had been using in order to achieve the necessary throughput to serve its relational databases.

Salt Lake City-based Fusion-io claims the ioDrive Duo offers users unprecedented single server performance levels with 1.5GB/sec. throughput and almost 200,000 IOPS. The system can reach such performance levels because four ioDrive Duos in a single server can scale linearly, which provides up to 6GB/sec. of read bandwidth and more than 500,000 read IOPS. The cards come in 160GB, 320GB and 640GB capacities. MySpace said its new servers using the NAND flash memory modules give it the same performance as its older RAM servers. A 1.28TB card is expected in the second half of this year. "Social networking sites and other Web 2.0 applications are very database dependent. Ethernet pipe," David Flynn, CTO of Fusion-io, said in an interview. Our 320GB ioDrive can fill a 10Gbit/sec.

FCC Moves Toward Net Neutrality

The FCC convened this morning and voted to move forward with formalizing net neutrality guidelines. The FCC has already imposed net neutrality principles in past decisions such as banning broadband Internet provider Comcast from throttling peer-to-peer networking traffic. The vote was unanimous, including Republican Commissioners Robert McDowell and Meredith Attwell Baker, and initiates the process of debating the proposed rules before any net neutrality policy is actually implemented.

Without a formally sanctioned set of rules though, such decisions could be seen as arbitrary or capricious. Of course, in Washington DC today there are distinctly partisan battle lines involved in where to eat lunch or what color the sky is, so I suppose that should come as no surprise. When FCC chairman Julius Genachowski first announced his intention to pursue formalizing net neutrality, it did not take long to see that there are distinctly partisan battle lines involved. Still, it was a little shocking that within hours of Genachowski's statement regarding net neutrality GOP lawmakers had already filed an amendment (later retracted) to prohibit the FCC from pursuing it. This week AT&T was accused of astroturfing- creating a fake grassroots movement- by encouraging employees to voice their concerns on the FCC web site using their own personal email addresses. In the weeks between Genachowski's initial statement and today's vote the lobbying pressure and the rhetoric in the media have been relatively constant from net neutrality opponents.

Proponents of net neutrality were not as vocal until more recently. Verizon didn't completely defect, but it did break ranks with other broadband and wireless providers when it issued a joint statement with Google expressing agreed upon common ground for governing net neutrality. A coalition of 30 tech-focused venture capitalists, under the banner of the Open Internet Coalition, sent an open letter to Genachowski just yesterday urging support for net neutrality rules. Perhaps it's a reflection of the new partnership forged between Verizon and Google to develop Android-based mobile handsets like the upcoming Droid. Canada upheld the right of providers to 'manage' the traffic on their networks, but within certain guidelines. Just yesterday the Canadian government ruled on its version of net neutrality.

It also stipulated that traffic throttling should be a measure of last resort. Comcast talked about how the Internet has thrived without net neutrality, while tacitly admitting that it is only because of the threat of net neutrality that it has played by the rules. I maintain that net neutrality rules are essential. AT&T reversed its position on allowing VoIP over its wireless network and pointed to that decision as evidence that the industry can police itself, while not-so-subtly demonstrating that the new policy was a direct attempt to influence the net neutrality debate. If they thought they could act with impunity, they would. The bottom line is that the providers only treat consumers right and do the right thing because of government oversight or the threat of it.

Comcast is rumored to be pursuing a stake in NBC- would that give them the right to provide preferential bandwidth to NBC web content and throttle the other networks? Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. There is simply too much convergence and overlap creating conflicts of interest to allow the industry to police itself. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

Microsoft's CodePlex Foundation leader soaks in stinging critique

After a stinging critique from a noted expert in establishing consortia, the leader of Microsoft's new CodePlex Foundation says such frank evaluation is welcome because the open source group's structure is a work in progress. The CodePlex Foundation's aim is to get open source and proprietary software companies working together. Sam Ramji, who is interim president of the CodePlex Foundation, was responding to last week's blog by Andy Updegrove, who said the group has a poorly crafted governance structure and looks like a sort of "alternative universe" of open source development. Updegrove, a lawyer, noted expert on standards, and founder of ConsortiumInfo.org, laid out in a blog post five things Microsoft must change if it wants CodePlex to succeed: create a board with no fewer than 11 members; allow companies to have no more than one representative on the Board of Directors or Board of Advisors; organize board seats by category; establish membership classes with rights to nominate and elect directors; and commit to an open membership policy.

He added, however, "There are some best practices [for running the boards of non-profits] that we are not as familiar with as we would want to be." Slideshow: Top 10 open source apps for Windows  Stephanie Davies Boesch, the foundation's secretary and treasurer, is the only board member with experience sitting on a non-profit's board. Despite the stinging tone in Updegrove's assessment, Ramji says he is thankful for the feedback. "Andy's been incredibly generous with his expertise and recommendations," Ramji says. "It is the kind of input and participation we were hoping to get by doing what is probably non-traditional for Microsoft but not necessarily non-traditional for non-profit foundations, which is to basically launch as a beta." For instance, Ramji says that the decision to go with only five people on the board came from Microsoft's experience that larger groups often have difficulty with decision making. Ramji says Updegrove's suggestion to have academic representation on the board was "outstanding. And basically it is re-writable. We did not think of that." And to Updegrove's point on becoming an open membership organization, Ramji says, "our goal is to become a membership organization and Andy has some excellent recommendations for that."He says the fact that Updegrove took the time to respond "in the format that he did is more proof that there is something worth doing here." Ramji, compares the Foundation's formation to the early days of a software development project. "We have said in these first 100 days we are looking at everything as a beta.

Obviously, there are some areas like contributions and licensing agreements we put a lot of time into but even those can be modified." Microsoft announced the foundation Sept. 10 with a stated goal "to enable the exchange of code and understanding among software companies and open source communities." The company seeded the group with $1 million and Microsoft employees dominated the interim board of directors and board of advisors. One is a call for a broad independent organization that can bridge cultural and licensing gaps in order to help commercial developers participate in open source. Ramji says the foundation has spent the past couple of weeks listening to feedback in "Twitter messages, email, and phone calls in order to understand what people hope this can be." Within that feedback two patterns have emerged, Ramji says. The other focuses on creating a place where open source .Net developers can gain strong backing. "Look at projects related to Mono, you also can look at NUnit, NHibernate, we really feel optimistic that the Foundation could help them gain a higher level of credibility in the open source community. Miguel de Icaza, the founder of the Mono project and the creator of the Gnome desktop, is a member of the Foundation's interim board of directors. They feel they have been lacking that strong moral support," Ramji says.

From a high level, Ramji says the Foundation stands as a sort of enabler that helps independent developers, companies and developers working for those companies navigate the nuances and practices of open source development so they can either contribute source code to projects or open source their own technologies. "One suggestion has been that the Foundation should house all the best practices we have seen software companies and open source communities use," said Ramji. "We want to have a place where everyone interested in how to participate can come and read and if they choose they can use our license agreements or can use the legal structure of the Foundation to grant patent licenses and copyrights for developers and derivative works." Those licensing agreements have a distinct focus, Ramji said, on the rights that are related to code that is being contributed and on how to contribute the patent rights on that code. Ramji says the goal is to service multiple projects, multiple technologies and multiple platforms rather than having one specific technology base, which is how most current open source foundations are structured. "It's early days and we have received a lot of good ideas from experts in a variety of fields from law to code to policy that is what we had hoped for," says Ramji. "Someone wrote it is nice to see Microsoft engaging early on without all the answers and to have the community solve what they would like to see. Once those issues are settled, code would be submitted using existing open source licenses. That is satisfying for me and refreshing to others. This is the right way to proceed." Follow John on Twitter

Lotus simplifies client licensing; makes Designer free

IBM/Lotus Tuesday whittled its client licensing options from 11 to two and said its Domino Designer development tool would now be offered free of charge in hopes of increasing application development on the platform. The Messaging license, which allows access to Domino e-mail from any client, is $99 per user. The news came as Lotus unveiled Notes/Domino 8.5.1, a point release that includes support for real-time synchronization with Apple's iPhone (see related story here). As part of the 8.5.1 unveiling, IBM revealed two client options that will replace the laundry list of previous options.

The Enterprise license is $159 per user and adds Mobile Connect VPN software and Domino Designer tools that give users access to any existing Notes applications and any homegrown programs. The tool was originally built into the Notes client in its very earliest releases. IBM officials say giving away Designer was a major step toward expanding development on the Domino platform. The tool eventually became a separate offering that carried a price tag of $864. "When we started to sell to IT more, when Lotus was bought by IBM, we put the Designer into a separate product and it took it out of the hands of the power users, the people who are in the line-of-business and really sort of isolated Notes application development to this specialized universe," says Ed Brill, director of product management for Lotus Software. "What we are really trying to do by giving it away free is democratizing it again and getting it out into the hands of everybody." Users can download Domino Designer, which is based on the Eclipse platform, free at IBM deverloperWorks. Other features of the 8.5.1 release include updates to Domino Designer, which adds support for Lotus XPages application model running on a Notes or mobile client. Users who want to link the software with a Domino server will have to buy a $150 license.

Web browser support was added in 8.5. XPages lets users develop Web applications with little or no coding. Follow John Fontana on Twitter: twitter.com/johnfontana XPages also can be used to convert existing Notes applications to Web applications.

Gartner: Turn server heat up to 75

Data center managers should turn server temperatures up to 75 degrees Fahrenheit, and adopt more aggressive policies for IT energy measurement, Gartner says in a new report.  Five tools to prevent energy waste in the data center After conducting a Web-based survey of 130 infrastructure and operations managers, Gartner concluded that measurement and monitoring of data center energy use will remain immature through 2011. Only 7% of respondents said their top priorities include procurement of green products and pushing vendors to create more energy efficient technology. In a troubling sign, 48% of respondents have not yet considered metrics for energy management. In general, data center managers are not paying enough attention to measuring, monitoring and modeling of energy use. "Although the green IT and data center energy issue has been on the agenda for some time now, many managers feel that they have to deal with more immediate concerns before focusing attention on their suppliers' products," Rakesh Kumar, research vice president at Gartner, said in a news release. "In other words, even if more energy efficient servers or energy management tools were available, data center and IT managers are far more interested in internal projects like consolidation, rationalization and virtualization." About 63% of survey respondents expect to face data center capacity constraints in the next 18 months, and 15% said they are already using all available capacity and will have to build new data centers or refurbish existing ones within the next year.

Gartner issued four recommendations for improving energy management: • Raise the temperature at the server inlet point up to 71 to 75 degrees Fahrenheit (24 degrees Celsius), but use sensors to monitor potential hotspots. • Develop a dashboard of data center energy-efficient metrics that provides appropriate data to different levels of IT and financial management. • Use the SPECpower benchmark to evaluate the relative energy efficiency of servers. • Improve the use of the existing infrastructure through consolidation and virtualization before building out or buying new/additional data center floor space. CDW surveyed 752 IT pros in U.S. organizations for its 2009 Energy Efficient IT Report, finding that 59% are training employees to shut down equipment when they leave the office, and 46% have implemented or are implementing server virtualization. In addition to Gartner's report, a recent survey by CDW illustrates trends related to data center efficiency. The recession has helped convince IT organizations of the financial value of power-saving measures, with greater numbers implementing storage virtualization, and managing cable placement to keep under-floor cooling chambers open and thus reduce demand on cooling systems. Data center managers are finding it easier to identify energy efficient equipment because of the Environmental Protection Agency's new Energy Star program for servers.

CDW found that 43% of IT shops have implemented remote monitoring and management of their data centers, up from 29% the year before. But data centers are still missing many opportunities to save money on energy costs. "Energy reduction efforts are yielding significant results … Still, most are spending millions more on energy than necessary," CDW writes. "If the average organization surveyed were to take full advantage of energy-savings measures, IT professionals estimate they could save $1.5M annually." Follow Jon Brodkin on Twitter 

Microsoft changes 'ballot screen' to close antitrust case

Microsoft has changed its proposed browser "ballot screen" to wrap up a nine-month antitrust case in the European Union, but rivals remained noncommittal today about whether the modifications are enough. Today, the commission said Microsoft had altered some provisions of the ballot screen, and that it would take comments on those changes from consumers, software makers and computer manufacturers until Nov. 9. The comment period is required by EU law. "We agreed to make a significant number of changes to improve our proposals, and we believe that we've been able to do that," said Brad Smith, Microsoft's chief counsel, in a telephone press conference today. Three months ago, Microsoft told Brussels-based antitrust officials that it would give users a chance to download rivals' browsers with a "ballot screen," just one of the moves Microsoft has made since January in an effort to ward off fines or even more drastic measures by the European Commission.

Opera Software and Google said they were studying the changes. "Opera Software supports the concept of a ballot screen to give users easy access to better browsers," said Hakon Wium Lie, Opera's chief technology officer in an e-mail today. "The important question is how this ballot screen is implemented. Opera, Google and Mozilla, the maker of Firefox, have been allowed to see the charges against Microsoft, study the July ballot screen proposal, and suggest changes. We are still studying the announcement ... and will have further comments at a later stage." Opera's December 2007 complaint sparked the antitrust action, which the EC filed last January, accusing Microsoft of illegally bundling Internet Explorer (IE) with Windows and therefore shielding it from real competition . "The proposal to increase consumer choice in browsers has just been made public and we, like many others, will be reviewing it with interest," a Google spokesman added from Brussels today. "The test will be whether people can easily choose the browser they want to use." Google's interest comes from its Chrome browser, one of the 12 that will be offered users. Mozilla criticized Microsoft's July idea, with top executives claiming that it favored IE and failed to install other browsers. Microsoft's revised ballot screen proposal addresses several concerns of those rivals. Opera, meanwhile, called on Microsoft to offer the ballot screen to all customers, even though Microsoft is legally obligated to offer it only to EU Windows users.

According to the documentation ( download PDF ) released by the commission today, the "Install" link offered for the choices will not only download the selected browser - which is what Microsoft had proposed before - but will also install the application on the user's machine. "An 'install' link will connect to a vendor-managed distribution server, which, upon the user's confirmation, can directly download the installation package of the selected web browser for local execution & the resulting situation will therefore equal a scenario in which the user himself had downloaded and executed the installation package without being aided by the Ballot Screen," said Microsoft's new proposal. Other changes include a new screen that will provide some basic information about browsers, and remind users that they should be connected to the Internet before they proceed. The ballot screen will also display the choices - Apple's Safari, Chrome, IE, Firefox and Opera on the first screen, an additional seven on a second - in alphabetical order by the name of the browser maker - a change from before, when Microsoft had placed IE in the first spot on the far left based on its market share. Microsoft also modified the timing of the ballot screen, which will be delivered to Windows XP, Vista and Windows 7 users via Windows Update. Instead, Microsoft has agreed to start offering the ballot screen to all Windows users eight weeks after EU antitrust officials sign off on the proposal. Previously, Microsoft said it would push the ballot screen to Windows 7 owners on Oct. 22, or within two weeks of approval of the deal, then follow that three to six months later for Windows XP and Vista users.

For its part, the EU seems satisfied with the revised ballot screen. "We believe this is an answer," said commission chief Neelie Kroes in a press conference today in Brussels. Even so, Kroes acknowledged that the revamped proposal may not make everyone happy. "A number of people are never 100 percent satisfied," she said. She also indicated that it was likely the commission would accept Microsoft's ballot screen revisions. "At the end of the day that's what we are looking for," she added. Microsoft was "very pleased" with the EU's decision to move into the last month of the case, Smith said in his press conference. "We welcome the announcement by the European Commission to move forward with formal market testing of Microsoft's proposal relating to Web browser choice," he said.

Obama bars fed workers from texting and driving

A two-day Distracted Driving Summit in Washington concluded Thursday after experts raised multiple thorny questions on how to reduce cell phone and texting while driving, with a big emphasis placed on driver and employer responsibility. LaHood also announced that his department would ban text messaging altogether and restrict cell phone use by truck and interstate bus drivers, and disqualify school bus drivers from receiving commercial driver's licenses if they have been convicted of texting while driving. After mentioning that President Obama had just signed an executive order that tells all federal employees not to engage in texting while driving government vehicles, Transportation Secretary Ray LaHood urged private sector employers to avoid calling workers on their cell phones as they drive home from work.

His department also plans to make permanent some restrictions placed on the use of cell phones in rail operations, he added without offering further details. "Employers need to change their mindset, too, and if you know your staff has left for the day, do not expect them to instantly return a phone call or IM when they'e driving home," LaHood said in a concluding address. The executive order "shows the federal government is leading by example" and "sends a signal that distracted driving dangerous," he added. Obama's executive order, signed Wednesday night, also bars federal workers from texting with any government-owned electronic equipment while they are driving, and bars any texting while driving their own privately owned vehicles while on official government business, LaHood said. But LaHood was noncommittal about proposed laws, including a U.S. Senate bill that would require states to ban texting while driving or face partial loss of federal highway funding. But LaHood seemed to focus on drivers' personal responsibility as his key message. "Driving while distracted should feel wrong, just like driving without a seat belt or drinking," LaHood said. "We are not going to break all bad habits, but will raise awareness." LaHood said driving while distracted from using a cell phone or texting is "personally irresponsible and socially unacceptable behavior, but in the end we won't make the problem go away by just passing laws ... We cannot legislate behavior to get results to improve road safety." "People need to use common sense and show common decency to other drivers," he said.

LaHood showed a willingness to work on legislation, saying, "We will worth with Congress and state and local governments to ensure than the issue of distracted driving is appropriately addressed." He also said "high visibility enforcement" of drunk driving and seat belt laws had been effective and could work with distracted driving and related laws. He concluded with unprepared remarks, calling distracted driving "an epidemic" and referring to the summit as a "tremendous start ... that will lead all of us to save lives and save injuries." At the start of the conference, LaHood released new information that said nearly 6,000 people died in the U.S. in 2008 in crashes involving a distracted or inattentive driver, about one-sixth of the total number of deaths, or about 37,000. LaHood and several of the panelists who spoke urged parents to restrict their teenage children from using cell phones while driving. Adrian Lund, president of the Insurance Institute for Highway Safety, cast a blunt criticism of such efforts, citing years of research. "It would be wonderful to have training programs for teens to recognize the risks they take [by texting while driving], and change their driving dramatically.," he said. "But our experience with education programs for teens or even ticketed drivers who take remedial training ... is that essentially the programs have no effect," Lund said. "What they learn is to avoid tickets, but not typically to avoid crashes." Lund mimicked calls by several experts at the summit to find new methods that can reduce crashes from distracted driving. "We need to find out what works ... All this education doesn't do much good," he said. But the value of specialized training programs to teach the dangers of distracted driving came under question by some of the assembled experts.

Indian ban on spurious mobile phones found inadequate

The Indian government has asked mobile service providers not to allow calls on their networks from mobile phones without proper International Mobile Equipment Identity (IMEI) numbers from Dec. 1, citing security reasons. The IMEI number is used by GSM (Global System for Mobile Communications) networks to identify mobile devices. The order, however, has a glaring loophole as it does not provide for the blocking of calls from phones that use "clone" IMEIs, said Pankaj Mohindroo, national president of the Indian Cellular Association (ICA), a trade body that represents mobile handset makers and other mobile technology vendors. It is used by operators to block a stolen phone from using the network.

The Sept. 3 order from India's Ministry of Communications & IT only refers to phones that have no IMEI numbers or have a sequence of 0s in place of the IMEI number, or "non-genuine" numbers that are not, in fact, IMEI numbers. Clone IMEIs are those that have been issued to registered handset vendors but have been copied on to phones of dubious origins, Mohindroo said. ICA has told the government that handsets that have clone IMEI numbers should also be banned in the interest of security, Mohindroo said. A large number of mobile phones that are sold in India are either spurious or unbranded, often sold at low prices without bills or warranty. The use of mobile phones without proper IMEI numbers is seen by the government as a threat to the country's security, as terrorists have been found to use mobile phones extensively. A large number of consumers have bought these phones because of their low prices.

In a letter to service providers in April, the Ministry of Communications & IT recognized that some of the users of phones without proper IMEIs were "genuine innocent subscribers." Using software would be a far more attractive option than to have to throw out the phones, said Sridhar T. Pai, CEO of Tonse Telecom, a firm that researches the telecom market in India. The government approved earlier this year a Genuine IMEI Implant (GII) proposal from service providers that programs genuine IMEI on mobile handsets. Pai added that he had not evaluated the software yet. Operators have delayed implementing the ban because customers are their key assets and they will not do anything that will upset these customers, Pai said. Banning of the use of phones without adequate IMEI numbers has been delayed because of lack of clarity from the government and also because of a slow response from service providers that had earlier been ordered to block calls from phones without proper IMEIs from July 1, according to analysts.

The Cellular Operators Association of India, an association of GSM mobile operators, was not available for comment, but an official said in private that its members would be able to meet the Dec. 1 deadline. Phones with fake IMEI numbers are to be detected by reference to the IMEI database of the GSM Association (GSMA). The database of the GSMA will be able to detect fake IMEIs, but will not detect phones that have clone IMEIs, unless there is also a device management program that reveals the specification of the device, Mohindroo said. The Sept. 3 government order has expanded the ban to include mobile phones that have fake IMEIs, besides phones that have no IMEIs or a string of zeros in place of the IMEI. It has ordered service providers to make provisions in their Equipment Identity Register (EIR) so that calls from phones from all three types of defaulting phones are rejected from Dec. 1 by the networks. The EIR will then have to check whether the IMEI matches with the original device to which the number was issued, he added.

Can mainframe use really grow?

Some industry observers still like to kick dents in the mainframe saying it's not the corporate platform of the future but the Big Iron seemingly takes the licks and keeps on ticking. Only IBM mainframe users were included in the survey population, IDC noted. Case in point: According to a study out today of 300 end users by researchers at IDC nearly one-half of said they plan to increase annual spending on mainframe hardware and software over the next five years.

Network World Extra: How to really bury a mainframe Many mainframe users reported that they can plan another wave of investments in the System z platform over the next 2–5 years, citing the system's high availability, reliability, and security for mission-critical applications as major drivers, IDC stated. "Customers continue to collect dividends on their System z investments, which makes future investments much more palatable, even in difficult economic times," said Tim Grieser, program vice president, Enterprise System Management Software in a release. IBM has engaged in some price cutting to make some of these processors more palatable though. The study says IBM's strategy of building specialty processors for the mainframe, such as the Integrated Facility for Linux (IFL) System z Integrated Information Processor (zIIP) for ERP and CRM transactions and z Application Assist Processor (zAAP) processors for Java and XML transactions are key to ongoing success of the platform. According to a Network World article IBM has cut in half prices for some specialty Linux processors. Another source said the price changed from $90,000 to $47,500 for IFLs running on the System z Business Class mainframe. IBM acknowledged "new pricing" for the IFL processors, but did not offer specific numbers.

And IBM's mainframes haven't been immune to the economic downturn. Still all is by no means rosy in mainframeland. This summer IBM reported that System z mainframe server revenue decreased 39% year-over-year in the second quarter, while overall company revenue declined 13%. IDC however says the mainframe will benefit down the road from these new processors which will require additional mainframe-related database and storage facilities to handle new workloads. Another recent study raised an ever-increasing issue – retiring mainframers. However, while today individuals still train to become commercial pilots, the number of IT professionals going into the mainframe arena is fast disappearing. One study by system vendor Shoden found that 96% of respondents working for financial businesses said that they are concerned to some degree that with cloud computing and SaaS they will not be able to retain the necessary skills to operate and maintain legacy environments such as IBM mainframe or AS/400. The study said in the manufacturing sector, 88% of IT decision makers admitting to being concerned, while across all the markets polled, the average comes in at a staggering 83%. The retail, distribution and transport sectors come in just a little lower at 80%. The study went on to state that mainframe technology is as old as the Boeing 747 and, like the iconic aircraft, it is still the default workhorse for many of its original adopters.

A similar study funded by CA found that Financial Services organizations are leading the drive to tackle the shortage of mainframe skills in Europe where 60% of financial service firms use the mainframe for administering their critical data. In the CA study it found 57% of financial services organizations said an easy-to-use Web-enabled GUI would help close the skills gap.

Skype Founders Sue eBay: What's Going On?

The founders of Skype are suing eBay for copyright infringement, a move that could block eBay's deal to sell a majority stake in Skype to a group of private investors for $1.9 billion. The sale was seen as a big failure because the company was not able to further monetize the potential of the VoIP service in the years to come. eBay purchased Skype back in 2005 for $2.6 billion, but failed to acquire Joltid, the company supplying the core technology behind Skype, also owned by the founders of the VoIP software. So eBay sold a 65 percent stake in Skype two weeks ago to an investment group for $1.9 billion, managing to get back some of the money it invested initially.

At the core of the suit is a peer-to-peer technology called "global index", which is used by Skype's software to route calls over the Internet instead of traditional phones lines. But it's not all good for Skype, as Skype's original founders are now suing eBay, seeking damages for copyright infringement. This technology is owned by Joltid, which is still owned by the founders of Skype. Now moving to the U.S. courts, Joltid is seeking an injunction against Skype, which could affect Skype's operation. As if it wasn't complicated enough, eBay licensed "global index" from Joltid for continued use in Skype, but Joltid terminated the license in March and have been battling eBay in U.K. courts ever since.

The trial could jeopardise the closing of the Skype sale to the private investors, who are also named as defendants by Joltid. What's even more ironic is that that the money Joltid is using to sue eBay is probably the money they got from eBay when they sold Skype. While eBay is working on its own technology to replace Joltid's, Skype could be forced to close down its operation if Joltid wins the trial.

HP adds Snow Leopard printer drivers after customer complaints

Hewlett-Packard has added support for an additional 38 printer models or printer series to Snow Leopard, delivering on a promise made shortly after the release of Apple 's new operating system when angry users complained that older devices didn't work after upgrading. According to HP, 38 DeskJet, OfficeJet, and LaserJet drivers were added to those made available on Aug. 28, when Apple launched Snow Leopard . Although a list showing only the new drivers has not been published on either Apple's or HP's Web site, the complete list available on the former has been updated to include the new drivers, said Rick Spillers, a member of HP's Mac Connect team. On Thursday, Apple posted a printer driver update for Mac OS X 10.6 , aka Snow Leopard, but did not call out the specific drivers added to the 51MB driver download. Among the newly-supported printers are the HP 910 inkjet printer, the DeskJet D1300 series, the OfficeJet 5500 series and the LaserJet M1120. Almost immediately after Apple started selling Snow Leopard, users who upgraded began griping on the company's support forum that their long-reliable printers were not being recognized by the new OS. Others became angry when an HP representative told them they should buy a new printer if a driver wasn't available for Snow Leopard.

HP 1280 working!!!" crowed another user, "omarz," in a message Thursday. "I just update[d] to Snow Leopard 10.6.1 and now suddenly it was detected and it's working!" A driver for HP's PSC 1200 series was one of the 38 included in yesterday's update. After Thursday's update by Apple, several users reported on the same support forum that they were now able to use their formerly-bricked printers. "Today, I downloaded all the update software for printers and Mac [Snow Leopard], and everything now works fine," said someone identified as "AndyGump" on the same thread where users complained two weeks ago. "Incredible! HP's Spillers recommended that users update to Mac OS X 10.6.1 before applying the separate driver update. "Make sure that the printer is turned on and connected via [a] USB cable before launching Apple Software Update," said Spillers in an e-mail reply to questions. Apple built support into Snow Leopard for some printer makers' all-in-one devices, adding the functionality to the Image Capture application. Spillers also said that there has been confusion about how owners of HP all-in-one devices - which both print and scan, and in some cases also fax, documents - get their hardware to work with Snow Leopard. "The other interesting thing I've found is trying to educate customers on the new scan interface for HP inkjet All-in-Ones that we've integrated with Snow Leopard," he said. HP has posted instructions on how to use its all-in-one printer/scanner hardware with Snow Leopard on its customer support site.

Looking at the [support] forums, it seems that HP is the only print vendor really participating ... not sure I see much input from other print vendors." Snow Leopard users can manually download the HP driver update from Apple's site, or install it using the Mac's integrated update service. Spillers also took a shot at HP's rivals. "In general," he said, "HP did a great job providing full updated 10.6 drivers for almost all of our products, including LaserJets going back 10+ years.

Palm Pre readies app store e-commerce beta test

Palm is about to launch a beta test of an online system for selling and buying webOS applications. That means the "end of free" for Palm Pre users.

So far, the limited number of webOS applications on the Palm App Catalog (which is still in beta) are free downloads. The planned e-commerce capability for the catalog is essential for creating an incentive for developers to write software for the webOS platform. Users will be able to use credit cards for application purchases, according to Palm.

Slideshow: From Palm Pilot to Palm Pre: a brief history 

The handset maker Tuesday invited developers to apply for the beta test via e-mail, submitting a description of the application, price tag and other details along with the application itself in a .ipk file attachment.

Palm will consider whether to include them in the e-commerce beta test, due to start in mid-September. Later this year, the payment capability will be opened to all developers, according to Palm's blog.  

The blog post gives details about how to submit applications via e-mail for consideration.

The dearth of official webOS applications, and the spark of user innovation, has led to a rising tide of "homebrew" or unauthorized applications, which can be loaded on the Pre by a couple of techniques. Initially, hackers found a way to load an application via an e-mail attachment without needing root access to the operating system. But Palm closed that option with the webOS 1.04 release.

Many of the homebrew applicationss are utilities and simple games. PreCentral.net has both homebrew forums for the Pre and a new homebrew application gallery.  

During the upcoming App Catalog e-commerce beta test, software writers initially will be able to charge a one-time fee for their application to Palm users in the United States., who can pay by credit card and then download the application. No mention was made whether the beta or final versions will support online micropayments via such services as PayPal. The developers will keep 70% of all revenues, less any applicable sales tax.

The blog post lists some of the evaluation criteria Palm will apply to software submitted for the beta release: the application should be "useful and engaging to users;" the UI must have an "appealing design" and conform to Palm's guidelines; the applications must be native webOS programs, not browser-based, and leverage key features of the platform, such as multitasking and background operation, location services and so on. Finally, Palm will give preference this time for applications with good performance and minimal drain on the smartphone's battery.

Follow John Cox's wireless blog.

10 ways your voice and data can be spied on

Attackers seeking to do harm or mischief to networks work with an ever expanding arsenal of tools that sometimes seem to be the stuff of spy fiction, but they are all too real.

10 cutting-edge spy gadgets 

Here are 10 cloak-and-dagger ways, legal and illegal, to secretly tap into networks and computers to capture data and conversations.

1. Wireless keyboard eavesdropping: Remote-exploit.org has released an open source hardware design and accompanying software for a device that captures then decrypts signals from wireless keyboards. The device uses a wireless receiver that can be concealed in clothing or disguised as a common object that could be left on a desk near a PC to pick up signals.

Called Keykeriki, the technology targets 27MHz wireless keyboards to exploit insecurities that remote-expoit.org discovered earlier. The company plans to build and sell the hardware.

2. Wired keyboard eavesdropping: Electromagnetic pulses that keyboards make to signal what key is being hit travel through the grounding system of the keyboard and the computer itself as well as the ground for the electrical wiring in the building where the computer is plugged in.

Probes placed on the ground for the electric wiring can pick up these electromagnetic fluctuations, and they can be captured and translated into characters. The potential for this type of eavesdropping has been known for decades, and many experts believe spy agencies have refined techniques that make it practical. Andrea Barisani and Daniele Bianco, researchers for network security consultancy Inverse Path, are presenting their quick-and-dirty research on the topic at this year's Black Hat USA conference in the hopes of sparking more public research of these techniques.

3. Laptop eavesdropping via lasers: Bouncing lasers off laptops and capturing the vibrations made as keys are struck give attackers enough data to deduce what is being typed. Each key makes a unique set of vibrations different from any other. The space bar makes an even more unique set, Barisani and Bianco say.

Language analysis software can help determine which set of vibrations correspond to which key, and if the attacker knows the language being used, the message can be exposed, they say.

4. Commercial keyloggers: Early keyloggers were devices attached in-line with keyboards, but they advanced to software tools that grab keystrokes and store or send them to an attack server. Commercial versions have the software loaded on memory sticks that can dump the software on a computer and then be reinserted later to download the collected data.

5. Cell phones as remotely activated bugs: Software loaded onto certain models of cell phones can silence the ringers and cut off the light displays that would normally be triggered when calls are made to them. The caller can then listen in on conversations in the room where the phone is located.

According to press reports, the FBI received court permission to use this technique to spy on suspected Mafia members in New York.

6. Cell phone SIM card compromise: If attackers can get possession of a cell phone briefly, they can use commercially available software to download and read SIM cards and their store of phone numbers, call logs, SMS messages, photos and so on.

For instance PhoneFile Pro is software on a USB stick that claims to enable both the download and the display of the data.

7. Law enforcement wiretapping based on voice print: Phone company voice switches include software that can search all conversations going through it for voices that match sets of voiceprints. Whenever the switch makes a match, it can trigger a recording of the conversation and alert law enforcement officials, says James Atkinson, an expert in technical surveillance countermeasures.

The feature is designed to support communications assistance for law enforcement (CALEA) - the law that requires phone companies to provide wiretapping access under court order to specific communications traffic.

8. Remote capture of computer data: Under a sketchy technique called Computer and Internet Protocol Address Verifier (CIPAV), the FBI has remotely tracked down data about individual computers.

Details of the technology have never been publicly revealed, but they were used to track down high-school students who sent e-mail bomb threats.  CIPAV grabs IP and MAC addresses, running processes, visited Web sites, versions of operating systems, registered owner and logging of computers the target computers connect to. It is believed the software that does this is dropped in via exploiting instant messaging.

9. Cable TV as an exploitable network: Because most cable TV networks are essentially hubbed, any node can monitor any other node's traffic, says James Atkinson, an expert in technical surveillance countermeasures. By and large security is rudimentary and the encryption used could be hacked by someone with basic technical skills and readily available decryption tools, he says.

10. Cell phone monitoring: Commercially available software claims to capture cell phone conversations and texting. Attackers need to get physical access to the phone to upload the software that enables this.

There are several commercial brands on the market, but there are also online complaints that the software doesn't work as advertised or is more complicated to use than the vendors let on.

Prankster admits faking Google Chrome OS screenshots

File this under: Don't believe everything you see.

The anonymous blogger who earlier today posted "screenshots" of an early build of Google's Chrome OS has admitted he faked the images.

Before he confessed, however, numerous blogs and Web sites - from Engadget to Neowin.net - took the bait and accepted the screenshots as legitimate. Computerworld blogger Seth Weintraub was also duped.

The screenshots were accompanied by a backstory in which the blogger said he worked for a company that supplied parts for Acer, and had witnessed a demo of an early version of Chrome OS, the Linux-based operating system that Google announced yesterday.

"I was the last to leave the room and the Google Rep seemed to forget his privacy," the blogger wrote. "I happened to have my Mini-Cam with me and took these medium quality shots. I am sorry I couldn't get better. They were all taken in less than 10 seconds. Adrenaline was rushing like crazy."

Almost immediately, some readers called out the images as phony. "If these shots were real, and you really were putting your job on the line, you wouldn't say 'I was the last to leave the room,'" pointed out a commenter named, appropriately enough, "fake," in a message posted about three hours later. "It wouldn't be that hard to figure out who you are, would it? What's more, which Google rep demos a new OS on a kitchen bench?"

The prankster, who has not revealed his name, came clean about eight hours after his original post. "I am sorry if you beleived [sic] it. It was a really bad attempt. You all are smart people. I never planned on it getting this big. But it did," the blogger wrote. He included a video clip that illustrated how he created the bogus screenshots.

With interest in Chrome OS off the charts, it's not surprising that bloggers, reporters and users were fooled into thinking that the images were legitimate. News of the operating system, which some have said poses a long-term threat to Microsoft but not necessarily to Apple, was featured prominently yesterday on sites that generally don't follow technology news closely.

Fight against China's Web filtering software grows

A U.S. company that says its code was copied by a Chinese Internet filtering program has ordered more PC makers not to distribute the Chinese software.

Solid Oak Software has sent cease-and-desist orders to Lenovo, Acer, Gateway, Sony and Toshiba, following similar orders sent to Hewlett-Packard and Dell earlier this week, Solid Oak spokeswoman Jenna DiPasquale said in an e-mail Thursday.

The move added pressure over intellectual property theft to concerns that the Web filtering software, called Green Dam Youth Escort, could be used to bolster China's censorship of the Internet.

China last month ordered PC makers to distribute Green Dam with all computers sold in the country after July 1. The program blocks both pornography and some political content, including Web sites that mention Falun Gong, the spiritual movement banned as a cult in China. China has said the program is meant to protect children and can be disabled or uninstalled.

Solid Oak last week found that the Chinese software used code written in the proprietary format used by CyberSitter, the company's online content filter targeted at parents, DiPasquale said. The Chinese program contained blacklists and files apparently obtained from CyberSitter, according to a report by researchers at the University of Michigan.

An update distributed through the Chinese program has since disabled the copied blacklists, but the version available for download online does not yet reflect the changes, the researchers said in an addition to their report yesterday.

No one at the main company that developed Green Dam, Jinhhui Computer System Engineering, was immediately available for comment.

Solid Oak has not yet heard back from the PC makers it contacted, DiPasquale said. Its next steps could include seeking a U.S. court injunction to stop the companies from distributing Green Dam in China, she said.

An HP spokeswoman said the company is seeking more information regarding Green Dam in cooperation with the Information Technology Industry Council (ITI), a U.S. trade group. She confirmed HP had received Solid Oak's cease-and-desist order, but declined to comment further on its response.

Lenovo said it is closely monitoring developments involving Green Dam and will continue to obey the law in the countries where it does business.

Industry groups including the ITI have called on China to reconsider requiring distribution of the software, and Chinese state media yesterday said foreign companies might not be able to comply with the mandate on time.

"All domestic PC makers are ready to include the software by July 1, but some foreign PC makers, such as Dell, might not be able to meet the deadline," the China Daily quoted an unnamed official as saying.

Chinese Internet users have also filled Twitter streams and online forums with opposition to Green Dam.

Programming errors that left Green Dam vulnerable to some attacks have been patched since the University of Michigan researchers revealed them last week, their updated report says.

But a properly designed IP (Internet Protocol) address could still take control of a user's computer through holes that remain in the patched program, the report says.

The researchers again advised uninstalling the program, calling it unlikely that all of its security problems could be fixed before the deadline for its distribution with PCs.

One patch also updated Green Dam's help file with a license statement for OpenCV, an open source computer vision package developed by Intel, the report said. Green Dam's image recognition tool for pornographic images draws on the package, according to the report.

Earlier versions appeared to violate OpenCV's license by leaving out its text, the report said.

A Chinese foreign ministry spokesman defended China's support for the program and declined to answer a question on its use of copied code at a press briefing Thursday.

"China has the responsibility and the obligation to protect its youth from violation by harmful online information," the spokesman said.

DHS names key cybersecurity staff

U.S. Homeland Security Secretary Janet Napolitano tapped Philip Reitinger as director of the National Cybersecurity Center (NCSC), replacing Rod Beckstrom, who quit the post earlier this year citing turf battles with other agncies.

Reitinger will be responsible for collecting, analyzing, integrating and sharing cybersecurity information among federal agencies, the DHS said in a statement Monday.

Reitinger, a former Microsoft Corp. cybersecurity executive, will also continue in his current role as deputy undersecretary of the National Protection and Programs Directorate at the DHS.

His appointment was one of three key personnel announcements made by the DHS on the cybersecurity front. Napolitano also picked Greg Schaffer to be assistant secretary for cybersecurity and communications (CS&C), and Bruce McConnell as counselor to the deputy undersecretary at the NPPD.

McConnell will be a senior adviser to Reitinger on "strategic and policy matters" related to the NPPD, the DHS said. The NPPD includes the CS&C, the office of infrastructure protection and the US-VISIT program, which provides visa-issuing posts with biometric identification technology. He was also part of the Obama-Biden transition team and was involved in information policy and technology-related matters.

Schaffer, meanwhile, will be in charge of coordinating cybersecurity efforts across the NPPD and in ensuring that public and private sector organizations and international partners work together to mitigate threats to U.S. interests in cyberspace. He replaces Gregory Garcia who was the first to be appointed as assistant secretary of the CS&C by former DHS Secretary Michael Chertoff in 2006. Schaffer was previously a cybersecurity executive with Altell Communications and PricewaterhouseCoopers.

The DHS appointments come at a time when there are growing questions about what the agency's appropriate role should be on cybersecurity. The DHS continues to be the lead agency on cybersecurity matters, but it has been criticized for its inability to live up to that role.

When Beckstrom resigned as director of the NCSC in February, he lifted the lid on an ongoing turf war between the DHS and the National Security Agency over cybersecurity. He cited as reasons for his decision to leave the NSA's growing interference in domestic cybersecurity matters and the DHS' unwillingness to lend the needed financial support and other resources to the NCSC.

Many agree that the DHS needs to be empowered to take an operational role in cybersecurity. But they have also argued that the task of developing and enforcing a comprehensive national cybersecurity strategy belongs in the White House. Over the past few months, several groups have lobbied for the creation of a high-level cybersecurity post within the executive offices of the president.

It was against this backdrop that President Obama last week announced the creation of a White House level cybersecurity coordinator to oversee governmentwide information security efforts. Obama has yet to make the appointment and it remains unknown how the official will work with the DHS and other government agencies in pulling together a national cybersecurity strategy.