Sunday, January 31, 2010

Report: Google Android Gaining Mobile OS Share

Competition in the consumer mobile operating system space is starting to shift, according to a new report from IDC.

Nokia's Symbian mobile OS currently leads in market share, but Framington, Mass.-based IDC sees Google's Android mobile OS as the number two competitor by 2013. The report, "Worldwide Mobile OS 2009-2013 Forecast and Analysis: December 2009," announced on Monday, provides a high-level view of the various mobile OS platforms. IDC is predicting a 20.9 percent annual growth rate in worldwide shipments of "converged mobile devices."

The surprise showing in the report turned out to be Google's Android mobile OS platform, according to William A. Stofega, project manager at IDC.

"Nokia has a strong hold on the worldwide smart phone market, and we projected that Symbian would continue to lead the pack in mobility," Stofega said in a telephone interview. "We were a bit surprised by the strides Android is taking and its adoption by device makers and consumers."

Stofega said that Android has been gaining popularity with handset vendors because of its open platform for development and the absence of licensing fees.

"Google has made it easier for vendors to leverage the code base of Android for development," Stofega said. "Importantly, it is a high-level OS that supports high-end devices, but it also has the potential to go down-market with less expensive devices."

He noted that while Apple's iPhone enjoys huge success in the United States and areas of Western Europe, it has not done well in markets such as China and India, where price is a major factor.

Legacy players, such as BlackBerry, Symbian and Microsoft's Windows Mobile, are being outdone by "newcomers touting open standards, intuitive design and navigation," according to IDC's announcement of the study.

Microsoft has so far remained mum on when its next major mobile platform iteration (Windows Mobile 7) will be released. The company will hold a press conference on Feb. 15 at the Mobile World Congress in Barcelona, according to a Microsoft spokesperson. It could be the next springboard for any Microsoft mobile OS news.

"We have steadily delivered on our commitment to ship additional features and services through a regular stream of exciting new devices," a Microsoft spokesperson stated by e-mail on Tuesday. "We're always working on future versions and have nothing new to announce."

Speculation around Microsoft releasing a "Zune Phone" running on Windows Mobile 7 has been ongoing for many months. The device, sometimes rumored to be a "Project Pink" phone, is expected to go head-to-head with Apple's iPhone.

With a host of new devices hitting the market this year, Stofega noted that the definitions of smart phones, or converged mobile devices, and netbooks are getting a little blurry.

"There's a lot of fluidity and flexibility in the mobile device market, and we are seeing all kinds of adaptations morphing Internet connectivity to telephony," Stofega said. "The defining factors for these new devices will be the pain of adoptability and the cost."

Google’s Nexus One Looks To Reshape Smartphone MarketApple iPad Will Deliver New Ways To Watch Movies

Oracle-Sun Deal Gets Green Light

The European Commission today cleared Oracle's $7.4 billion agreement to acquire Sun Microsystems, paving the way for the two companies to close the deal.

Oracle is free to combine with Sun without any restrictions, meaning it does not have to spin off MySQL, Sun's open-source database that was the primary subject of the EC's review.

"Although MySQL and Oracle compete in certain parts of the database market, they are not close competitors in others, such as the high-end segment," the EC said in a statement. Even if Oracle were to impede the future of MySQL, there are viable open-source database alternatives, such as PostgreSQL, the EC noted, adding that so-called "forks" in the code-base of MySQL will allow for other open source alternatives.

One such alternative is the Open Database Alliance, launched last year by MySQL founder Monty Widenius. "Oracle's acquisition of Sun has the potential to revitalize important assets and create new and innovative products," EC competition commissioner Neelie Kroes, said in a statement.

Rivals such as IBM, VMware, Hewlett-Packard and Microsoft, have started preparing for a combined Oracle and Sun as a much larger competitor bringing together their respective hardware and software assets. Many have speculated the Oracle-Sun combination was among several reasons for last week's $250 million agreement between HP and Microsoft to work more closely on developing next-generation data center technology. Also last week, Microsoft began offering a MySQL migration tool for its SQL Server database.

Oracle CEO Larry Ellison next Wednesday will outline the merged company's strategy during a five-hour presentation at its Redwood Shores, Calif. headquarters.

Microsoft Woos MySQL Users with Migration ToolKristen Stewart And Dakota Fanning Talk ‘Runaways’ Kissing Scene

Google CEO Defends Stance on China

Google CEO Eric Schmidt confirmed the company's position with respect to China and said its engineers have made the necessary fixes to prevent future attacks on its systems.

Speaking on the company's quarterly earnings call Thursday evening, Schmidt was referring to the widely publicized attack on Google's data that was traced back to China. Schmidt also talked up Google's new Nexus One phone, as well as the company's plans to push further into the enterprise and advance its efforts in display advertising.

He described Google's reaction to the attacks, including a refusal to cooperate with Chinese government censorship. "We believe we've made the necessary technical changes to prevent such a future attack," Schmidt said on the investor call. "We discovered in the course of that, a perhaps related perhaps unrelated monitoring of human rights activists, which we disclosed, in the spirit that people would be aware that this may be occurring. For those reasons and other reasons, [we made] a decision for Google to no longer be willing to apply the censorship rules in China."

Google made a dramatic claim last week that it may pull back from China's market because of Chinese government censorship. However, while that claim has led to conversations with the Chinese government, Schmidt said that Google continues to do business in China.

"We continue to follow their laws; we continue to offer censored results, but at a reasonably short time from now we will be making some changes there," he said. "We've made a strong statement that we wished to remain in China. We like the Chinese people, we like our Chinese employees, we like the business opportunities, but we'd like to do that on somewhat different terms we have but we remain quite committed to being there."

U.S. Secretary of State Hillary Clinton yesterday endorsed Google's stance, urging the Chinese government to ease restrictions.

"Countries that restrict free access to information or violate the basic rights of Internet users risk walling themselves off from the progress of the next century," Clinton said in a speech on Thursday. "Now, the United States and China have different views on this issue, and we intend to address those differences candidly and consistently in the context of our positive, cooperative, and comprehensive relationship."

Craig Mundie, chief research and strategy officer at Microsoft, praised Clinton's speech, saying in a blog posting that "many Internet policy challenges require us to look at issues from a 'supra-national' perspective."

Foreign Ministry spokesperson Ma Zhaoxu today criticized Clinton's comments. In a statement released on the Chinese Ministry's Web site, Zhaoxu suggested Clinton's remarks and Google's threats could weaken ties between the two countries.

"China's Internet is open. China is a country with the most vibrant Internet development," Zhaoxu said in the statement. Zhaoxu added that China has 384 million Internet users, 3.68 million Web sites and 180 million blogs. "China's Constitution guarantees people's freedom of speech," Zhaoxu added. "It is China's consistent policy to promote the development of Internet. China has its own national conditions and cultural traditions. It supervises Internet according to law, which is in parallel with the international practice."

The issue of censorship is likely to remain a polarizing one between the two countries. Microsoft CEO Steve Ballmer last week maintained that Microsoft will continue to do business in China shortly after Google suggested it might withdraw.

Meanwhile, Google reported revenues of $6.7 billion, representing a 17 percent increase in the fourth quarter of 2009 compared with the same period in 2008. Google's shares were trading down more than three percent mid-day on Friday because the company's $2 billion profit fell short of expectations of $2.1 billion.

While Google's traditional search advertising remained the catalyst for revenues, Schmidt indicated on the call that the company will continue its push into the display ad business. Schmidt emphasized Google's objective to grow its enterprise business through its cloud computing initiatives and mobile computing efforts. He also made a plug for Chrome OS, Google's operating system in the cloud.

"We have quite a healthy enterprise business that's going to grow quite rapidly over the next few years as people move from the older legacy PC-centric, traditional operating system model, to the new Web-based application model, and the trend there is everyone is moving there and we are going to be one of the leaders there," Schmidt said.

Analysts questioned Google's strategy with the Nexus One, the company's own branded phone based on its Android platform launched earlier this month, a move that puts it in competition with its partners.

"What the Nexus One is really about is a new way of buying a phone, and the Nexus One is simply the first of a series of examples where you can essentially purchase a phone online from one or multiple manufacturers, self-provision and have it just work," Schmidt said.

"We think that's a natural evolution of a particularly model; it does not exclude the other models," he added. "I think it's compatible with them, in the sense that the retail model will continue to be more successful. So far, our partners have understood that message and they have been okay with it."

Gates: Chinese Internet Censorship ‘Very Limited’‘Edge of Darkness’: Dad Reckoning, By Kurt Loder

Friday, January 29, 2010

Microsoft Issues Alert on Windows Kernel Bug

On the eve of releasing an out-of-band Internet Explorer patch, Microsoft issued a new security advisory involving an obscure Windows kernel bug.

According to the advisory, an elevation of privilege exploit has been present in all 32-bit Windows versions since Windows NT. Possibly, this bug has been accessible for about 17 years, although someone exploiting it would need a network account to accomplish the deed.

The advisory says the bug affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7.

"Microsoft is investigating new public claims of a possible vulnerability in Windows," wrote Jerry Bryant, Microsoft's senior security program manager, in an e-mailed statement. "We are currently not aware of active attacks against this vulnerability and believe risk to customers, at this time, is limited."

Bryant added that to exploit this vulnerability, an attacker must "already have valid logon credentials and be able to log on to a system locally." The attacker would need to have an account established on the system and then run a program to take advantage of the flaw. Possibly, it might be exploited by a company insider or someone already trusted.

In any case, the attacker could elevate his privileges on the network to the administrative level, Bryant said.

The bug is based on the MS DOS system, first introduced in 1993. Computers using Windows for x64-based and Itanium systems aren't affected. Microsoft describes a workaround in the security advisory that will prevent access to 16-bit applications as a consequence of avoiding the bug.

Microsoft plans to "provide a security update on an upcoming Patch Tuesday release," according to the security advisory.

Google security team member Tavis Ormandy, who publicized the bug, said in numerous reports that he informed Microsoft of this hole on June 12, 2009. Security experts have noted the long time it has taken for Microsoft to respond. However, to Microsoft's credit, it has dealt with more than 80 vulnerabilities affecting Windows through 2009.

‘The Social Network’ Star Jesse Eisenberg Is One Of 10 To Watch In 2010Microsoft: IIS 6.0 Has ‘Inconsistencies,’ but No Bug

Gartner: IT Budgets, Spending Set for Rebound

Worldwide IT spending and IT department budgets are set to make something of a comeback following 2009's drastic declines. Furthermore, all major segments in IT are expected to see positive growth in 2010, according to two separate reports released this week by market research firm Gartner.

'Slow but Steady Growth'
According to one report, released Thursday, IT spending worldwide will climb 4.6 percent in 2010 to $3.364 trillion. Richard Gordon, research vice president at Gartner, said this increase came a bit sooner than previously anticipated.

"Last quarter, we did not expect to see IT spending levels recover to 2008 levels until 2011," Gordon said in a statement. "However, now, with the upward revision to the current dollar forecast, we are projecting that global IT spending this year will approach the level seen in 2008."

Gartner said the United States and Japan will see some of the slowest growth, at 2.5 percent and 1.8 percent respectively, while emerging markets will lead the way, with 9.3 percent growth predicted for Latin America, 7.7 percent in the Middle East and Africa, and 7 percent in the Asia/Pacific region. Western Europe is expected to experience 5.2 percent growth in IT spending in 2010.

In terms of IT categories, services will see the most growth, according to Gartner's forecast, climbing 5.6 percent to $824.2 billion. IT services spending had declined 3.5 percent in 2009 to $780.9. The modest 1.6 percent increase projected for overall computer hardware spending (to $331.7 billion) will follow a steep 13.9 percent decline experienced in the previous year. Software spending is projected to grow 4.9 percent to $231.5 billion. And telecom is expected to grow 4.7 percent to $1,976.6 billion.

Budgets on the Rise
Meanwhile, worldwide, CIOs have also indicated that their budgets will begin to recover somewhat from 2009's free fall. In a separate report released Tuesday, Gartner Executive Programs indicated that IT budgets across all sectors will increase "by a weighted global average of 1.3 percent in nominal terms, compared with 2009 levels where IT budgets declined 8.1 percent." Gartner described 2009 as "the most challenging year for IT since the survey began in 1999" and said that the miniscule increase would bring IT budgets essentially to their 2005 levels.

For the report, "Leading in Times of Transition: The 2010 CIO Agenda," Gartner surveyed 1,586 CIOs across public and private sectors, representing 27 industries in 41 different countries and accounting for $126 billion in IT spending.

"2009 was the most challenging year for CIOs in the corporate and public sectors as they faced multiple budget cuts, delayed spending and increased demand for services with reduced resources," said Mark McDonald, group vice president and head of research for Gartner EXP. "This is set to change in 2010, as the economy transitions from recession to recovery and enterprises transition their strategies from cost-cutting efficiency to value-creating productivity."

McDonald said the current situation could afford IT departments an opportunity to bring about a change in the role of IT within an organization: "CIOs see 2010 as an opportunity to accelerate IT's transition from a support function to strategic contributor focused on innovation and competitive advantage. They have aspired to this shift for years, but economic, strategic and technological changes have only recently made it feasible."

In addition, the survey also found that CIOs are realigning some of their priorities for 2010. Where business intelligence was the No. 1 priority in surveys from the previous five years, it dropped to fifth position for 2010, replaced by virtualization, with the overall trend shifting to "'lighter-weight' services-based and social media technologies," as Gartner described them.

The top 10 cross-sector CIO priorities for 2010, according to the survey, are as follows:

VirtualizationCloud computingWeb 2.0Networking, voice and data communicationsBusiness intelligenceMobile technologiesData/document management and storageService-oriented applications and architectureSecurity technologiesIT management

Internet Addresses Rapidly Running Out‘Avatar’ Breaks ‘Titanic’ Worldwide Box-Office Record

Microsoft Adds Rental Option for Office, Windows

Microsoft addressed a gap in its product licensing for businesses that rent out PCs by announcing an extra, one-time fee for Office and Windows.

Although countless kiosks, Internet cafes and business centers already rent time on Windows-based computers, the Microsoft Partner Network Web site indicates that Windows and Office system licenses do not permit renting, leasing, or outsourcing the software to third parties. Those that have done so have not been compliant with license requirements.

"Rental Rights are a simple way for organizations to get a waiver of these licensing restrictions through a one-time license transaction valid for the term of the underlying software license or life of the PC," according to the site.

Microsoft announced the new "Rental Rights" licensing on Jan. 1 for Windows and Office, adding it to the list of license types available worldwide. The company also announced a 30 percent discount on the license fees, available until June 30. With the discount, Rental Rights fees per software copy are $58 for Office Professional, $45 for Office Standard and $23 for Windows.

Enterprise customers won't be affected by the new pricing. However, the Rental Rights costs will be an additional expense for hotels, small businesses and office equipment leasing companies. Unaffected organizations include libraries, academic institutions, internal use (shared PCs) or traditional financing, such as rent-to-own programs.

Microsoft is merely plugging a hole in its licensing, according to Scott Braden, an analyst with NET(net) Inc.

"In the past, these types of business have skirted the gray areas of the license rules -- and in many cases stepped right across the line, since the Microsoft EULAs do clearly prohibit rental of the software," he stated in an e-mail. "I see this as a relatively minor announcement for many customers, but quite significant to those companies who are affected."

While the one-time fee is not significant for many businesses, major outsourcers may take a hit, Braden said. For example, for a company that has outsourced 2,000 PCs, Rental Rights fees will tack on roughly $50 per Office license in volume. The result is an unbudgeted $100,000 cost, due immediately.

Still, rental companies likely will be able to recoup the difference, according to Paul DeGroot, an analyst with Directions on Microsoft.

"I calculate that if you charge an extra 25 cents an hour and a PC gets used two hours a day during business hours, you'll get your money back in a bit over a year," he said.

Previously, companies renting out computers would have had to pay a monthly subscription fee through Microsoft's Services Provider Licensing Agreement (SPLA). Microsoft has considered alternatives. In 2006, Microsoft researched "pay-as-you-go" licenses in several countries in which users could choose three- or six-month subscriptions.

DeGroot said that companies that rented out computers without licenses faced a difficult decision in the past -- choosing between the SPLA or shutting down. If enforcement had been too rigorous, DeGroot said, many would have chosen closure or, less likely, would have switched to Linux and

DeGroot calls the new Rental Rights licensing a "velvet glove" approach to enforcement.

"For not a lot of extra money, you can keep doing what you're doing, but with Microsoft's blessing," he said. "I can't see it having much impact on upgrades, but it could have a measurable financial and antipiracy impact."

The idea of Microsoft issuing a new fee for something that was previously tolerated at no charge has met with critical opinion, although industry watchers have been more positive.

DeGroot noted that the agreement allows organizations that rent computers to get legal at a relatively low cost. In addition, Rental Rights are much more straightforward than SPLAs, which require legal review and special software to track license use. "This is a lot simpler, especially for a little guy," he said.

Companies with seasonal businesses involving holidays or tax time may find short-term rentals particularly attractive. Also, DeGroot suggested, because the one-time payment is simple, it could encourage new rental-only computer businesses in places like coffee shops and laundromats.

Both DeGroot and Braden said they were surprised that only Windows and Office are covered under the new licensing arrangement.

DeGroot suggested that Microsoft could consider making a broader product set available.

"People who need Visio and Project only occasionally, for example, might find it handy to sit down at a rental machine for the time they need them," he said. "It would also be interesting to see other vendors get into this game, notably Adobe."

‘Nightmare’ at Microsoft’s Volume Licensing Sites‘Avatar’ Breaks ‘Titanic’ Worldwide Box-Office Record

Wednesday, January 27, 2010

Gates: Chinese Internet Censorship 'Very Limited'

Microsoft Chairman Bill Gates downplayed Chinese government Internet censorship when asked about the matter in a Monday ABC TV interview.

"Fortunately, the Chinese efforts to censor the Internet have been very limited," Gates said on the "Good Morning America" show (comment starts at 5:18). "It's easy to go around it, and so I think keeping the Internet thriving there is very important."

The context for Gates' comment was Google's statement on Jan. 12 that it might reconsider its operations in China, which includes censoring its portal on behalf of the Chinese government. Google CEO Eric Schmidt confirmed last week that the company might change its approach to censorship of the portal.

Google's announcement drew praise from human rights organizations and Internet privacy organizations. A blog by the Electronic Frontier Foundation agreed with Google's approach. The EFF blog also concurred with Gates' idea that the censorship in China could be easily bypassed.

"There continue to be many ready means for circumventing China's censorship schemes, and we hope Google will continue to provide an uncensored Chinese language search engine, from servers outside China if need be," wrote Danny O'Brien, international outreach coordinator at the EFF.

Microsoft CEO Steve Ballmer told CNBC earlier this month that Microsoft would comply with Chinese law. However, outside China, Microsoft would only comply if given "legitimate requests" from the Chinese government, Ballmer said.

Ballmer also reportedly told Houston oil company executives last week that "the U.S. is the most extreme when it comes to free speech," according to a Forbes' account.

An organization called the Global Network Initiative -- supported by Google, Microsoft, Yahoo and various nongovernmental organizations -- was formed to provide guidance for Internet corporations with regard to government censorship and human rights issues. However, GNI has mostly issued bland statements and it has distanced itself from Google's stance on China, saying there is no single action for it or its members to follow.

Google, Microsoft Diverge on China Censorship‘Up In The Air’ Director Jason Reitman Reveals The Real George Clooney

SQL Server 2008 R2 To Ship in May

Microsoft on Tuesday said SQL Server 2008 R2, the next version of its database, will be generally available in May.

SQL Server 2008 R2 is the first major upgrade to Microsoft's flagship database since late 2007. Microsoft released a "feature-complete" community technology preview (CTP) in late November and had indicated it would ship in the first half of this year. Microsoft reported on its Data Platform Insider blog that there have been 150,000 downloads of the CTP.

With SQL Server 2008 R2, Microsoft is introducing new self-service business intelligence (BI) capabilities and master data services, which allows DBAs to manage and audit data records as data is altered.

The self-service BI will be offered by a new technology called PowerPivot (formerly code-named "Project Gemini"), which will allow users in Excel to load data sets of any size from any source, according to Microsoft. Users can then create their own OLAP cubes. A version of PowerPivot will also be offered for SharePoint Server 2010.

SQL Server 2008 R2 includes a new feature called StreamInsight, which allows high-end complex event processing and support for enterprise-grade systems with up to 256 logical processors.

Microsoft is also adding two new SKUs, one edition called Datacenter and one named Parallel Data Warehouse (formerly code-named "Project Madison"). The two represent the most scalable database servers offered by Microsoft to date, though it remains to be seen whether the company can capture high-end business from the likes of Oracle, IBM and Teradata.

Based on the technology Microsoft acquired from DATAllegro, Parallel Data Warehouse will be offered as appliances by partners IBM, HP, Bull and Dell, among others. Datacenter Edition and Parallel Data Warehouse will cost $57,500 per processor. Those two SKUs will not be offered with a server and CAL combo.

Microsoft SQL Server 2008 R2 Feature-Complete Preview‘Avatar’: The Early Reviews Are In!

Microsoft Issues IE Patch To Address Zero-Day Threat

Microsoft issued a cumulative "out-of-band" security patch on Thursday for a bug in all versions of Internet Explorer.

The patch notably falls outside of Microsoft's monthly security update cycle. Microsoft is responding to a flaw that has enabled remote code execution (RCE) attacks, particularly on Google and other companies from hackers in China, as described last week.

The release includes two "critical" bulletins, addressing IE on every supported Windows operating system. The first patch resolves a privately reported RCE vulnerability exploited via specially crafted Embedded OpenType font in client applications.

The second patch is the big umbrella hotfix expected to quell the technical problem associated with the Google attack. It fixes all versions of IE, from IE 5 through IE 8, on all supported Windows OSes.

"We've reached a point where we have become numb to 'reports of limited attacks' when vulnerabilities are disclosed publicly," said Sheldon Malm, senior director of security strategy at Rapid7. "This [release] is a great example of how the research community helps to bring real customer needs and vendor actions together."

Both patches will require restarts of the OS to take effect, but they come at the right time.

"Because of these in-the-wild exploits and the amount of media and customer attention on this specific exploit, Microsoft was right in deciding that it was in their customers' best interest to issue this out-of-band patch," said Don Leatham, senior director of solutions and strategy at Lumension.

IE has been subject to patching of late, with the last zero-day bug fix seen in late November. Prior to this latest out-of-band release, Microsoft faced a potentially damaging backlash against the browser, with cabinet leadership in both France and Germany suggesting that people use other browsers than Internet Explorer.

Microsoft and security researchers have recommended upgrading the browser and using a Windows setting called data execution prevention (DEP) to better secure IE. However, Microsoft confirmed on Wednesday that all current versions of Internet Explorer contain a DEP bypass vulnerability, but that IE 6 is the only affected version reported so far. Despite that warning, Microsoft and many other security observers have suggested that DEP can help in stopping the exploit code.

IE 6 is still the most popular Microsoft Web browser many years after its release. More than 20 percent of all Web traffic is associated with IE 6 use, according to Net Applications, which tracks browser market share. Still, Microsoft's newer browsers aren't immune. Joshua Talbot, security intelligence manager at Symantec Security Response, said he is certain that "bad guys are working overtime to create reliable exploits for the other affected versions of Internet Explorer, namely 7 and 8."

The exploit appears to rely on social engineering techniques to take effect, such as directing the victim to a specially crafted Web site for attack.

"Based on our in-the-field detections, this security vulnerability has only been used in a very limited number of targeted attacks so far," Talbot explained. "However they appear to be very high profile attacks. The most likely attack vector used in the incidents seen thus far is targeted e-mails containing legitimate looking attachments or links to Web sites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability springs into action and the computer becomes infected."

DEP is one factor in warding off attacks, but security becomes more effective when DEP is used with Address Space Layout Randomization (ASLR), according to Microsoft and researchers. Newer versions of the browser, such as IE 7 and IE 8, running on Windows Vista and Windows 7 are less vulnerable because they have ASLR.

In addition, Microsoft's newer OSes were designed with a better approach to security, according to Leatham.

"This security bug is a clear, real-world example of the superior security model implemented in Windows Vista and Windows 7," Leatham said. "This whole situation should be a wake-up call to organizations still running Windows XP to accelerate their migration plans."

‘New Moon’ Screenwriter Reveals Four Tweaks That Made The Film WorkMicrosoft Warns of IE 6 and IE 7 Bug

Tuesday, January 26, 2010

Evidence from Google Attacks Points to China

The fallout from the recent cyberattacks against Google and other companies, which occurred in December and were revealed by Google last week, continues to spread.

A security researcher for SecureWorks says he has found evidence to support Google's claim that last month's attacks on the company's systems originated in China, while another security expert called them the largest and most sophisticated attacks specifically aimed at businesses in years.

The attacks, which used the Hydraq Trojan to open a back door into infected systems, affected Google and 33 other companies. In addition to concerns over possible stolen information, the event has raised discussions about free speech and censorship in China.

Joe Stewart, SecureWorks' director of malware research, said he analyzed the software used in the attacks and found that it contained an algorithm from a Chinese technical paper that has been published only on Chinese-language Web sites, according to a report in The New York Times .

Google officials, in announcing the attack in a Jan. 12 blog post, have said they suspected that the attack originated in China, saying that the Gmail accounts of human rights activists in China had been monitored or hacked. The Gmail accounts ofВ foreign journalistsВ also have reportedly been hacked. The company is threatening to pull its operations out of the country.В 

Other companies reported to have been affected include Adobe, Microsoft, Juniper Networks, Northrop Grumman, Symantec, Yahoo and Dow Chemical.

The attacks in many cases exploited a zero-day flaw in Adobe Acrobat and Reader to infect systems with the Hydraq Trojan, which launched when a user clicked on a malicious .PDF attached to an e-mail. Adobe issued a patch for the vulnerability this week.

The security company McAfee also said the attacks had exploited a vulnerability in Internet Explorer. Microsoft reported that the vulnerability exists in IE 6, but has issued an out-of-cycle security patch for all versions of the browser.

The attacks are similar to a July 2009 attack that involved about 100 companies, according to VeriSign iDefense.

In a blog post, McAfee Chief Technology Officer George Kurtz, dubbing recent the attacks "Operation Aurora," called it "the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations."

"While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero-day exploits," Kurtz wrote. "What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property."

Meanwhile, Google is investigating whether some of its employees in China might have helped the attackers. Reuters reported that some employees in China had been placed on leave or transferred.

Adobe: Eclipsing Microsoft as Patch Concern?‘New Moon’ Screenwriter Reveals Four Tweaks That Made The Film Work

'Nightmare' at Microsoft's Volume Licensing Sites

Frustrated customers and partners continue to experience confusion and delays after Microsoft revamped its Volume Licensing Service Center (VLSC) and associated Web sites in December.

Users have reported similar instances in which they were unable to get past the site's initial security check. The problem is that the site's log-in procedure may reject users' access based on the e-mail address they entered. With Microsoft's revamp of the sites, a user's e-mail address now has to exactly match the one originally assigned with the contract.

Users have also complained about an inability to access specific features or create new accounts on the sites. Software downloads are sometimes blocked, even though users may have purchased the licensing before Microsoft began the upgrade.

A catalog of user woes can be read at this Microsoft blog. One commenter in that blog described being unable to access the VLSC's "Manage Software Assurance Benefits" feature, adding that "it's all a bit of customer service & public relations nightmare I think."

Microsoft has acknowledged the access problems, saying that they affect just some customers and partners. A step-by-step troubleshooting FAQ is described in a blog post by Eric Ligman, global partner experience lead for the Microsoft Worldwide Partner Group. If the FAQ isn't clear enough, Microsoft offers a 67-page illustrated "VLSC User Guide" as an 8MB download here.

Microsoft started updating its volume licensing sites sometime in December, taking them down for a period of days. Services were restored on Dec. 18 for the VLSC, Volume Licensing Contract Manager and Web sites, along with the eMSL and MOET ordering tools, according to a blog post by Ligman. He acknowledged that Microsoft is still having problems with the sites' registration system.

The sites were upgraded for a number of reasons, according to Stacie Sloane, a director at Microsoft. They were redesigned so that customers and partners now use the same portal, and that has had some spillover effects. Customers now have to validate access to the sites via an e-mail sent by Microsoft, which Sloane describes as a standard security practice. In addition, because customers are legally responsible for the agreements, they now must confirm that a partner is acting on their behalf by granting permission rights to that partner.

The redesign of the sites has led to problems for some users, Microsoft has acknowledged.

"We are taking all necessary steps to resolve the situation and we are working with each customer or partner to restore permissions if they can't be resolved online," Sloane wrote in an e-mail.

Some users have reported waiting 45 minutes and longer to talk with Microsoft's phone support to get their issues resolved.

"As with any new experience, we anticipate that many partners or customers may have questions, which can cause a longer than average hold time in some regions so we have increased customer service staffing to help partners or customers when they call or e-mail us for support," Sloane explained.

Some customers could face problems with contract renewals because of the delays associated with accessing Microsoft's volume licensing Web sites, but Sloane didn't think many would be affected in that way.

"To your question, Microsoft doesn't expect this to impact many customers," Sloane replied by e-mail. "If a customer is impacted, they [Microsoft] will do everything necessary to ensure their customers are taken care of."

Customers and partners typically don't access Microsoft's volume licensing sites often, according to Scott Braden, senior vice president for distributed desktop services at Net(net) Inc., a consulting company. However, when they do, it's typically "a time-urgent situation."

"Why they [Microsoft] chose to go live near the end of the quarter (December) -- that's their second largest transaction period (after June) -- I simply do not understand," Braden stated by e-mail. Those having access problems might try going through their large account resellers, he suggested.

Microsoft's problems may have stemmed from having to deal with some difficult legacy code, according to Paul DeGroot, research vice president and channel licensing strategies analyst at Directions on Microsoft.

"The main thing I know is that Microsoft's back end systems are very old and brittle," DeGroot stated in an e-mail. "It inhibits their licensing in certain ways. And the Open system is the oldest."

Braden noted the irony of users paying for Software Assurance and having to wait to gain access, especially since Software Assurance requires upfront payment for "non-guaranteed, undefined future products."

"The fact that they [Microsoft] can't post up a Web site that is essentially just a reporting front end to a relatively simple (but large) database should inspire customers to carefully reconsider their validity as an enterprise business software supplier," Braden said.

UPDATE: Microsoft’s Free SEO Tool ReleasedBrittany Murphy, Ashton Kutcher Discuss Love In 2002

Internet Addresses Rapidly Running Out

The Number Resource Organization (NRO), which oversees global allocation of IP addresses, announced this week that less than 10 percent of the available IPv4 address space remains unallocated.

"This is a key milestone in the growth and development of the global Internet," said NRO chairman Axel Pawlik. "It is vital that the Internet community take considered and determined action to ensure the global adoption of IPv6," the next-generationВ of Internet protocols.

The protocols areВ rules defining how devices communicate over networks such as the Internet, and the numerical addresses that identify network entities are a part of them. Without the availability of addresses afforded by IPv6, the world would run out of addresses,В Pawlik said.

The NRO is the international representative of the five Regional Internet Registries that allocate addresses. Those registries are AfriNIC, which covers Africa; APNIC, which covers Asia Pacific; LACNIC, which covers Latin America and the Caribbean; RIPE NCC, which covers Europe, the Middle East and parts of Central Asia; and ARIN, which covers North America and parts of the Caribbean.

The remaining pool of IPv4 addresses is expected to run out in less than two years. As of Jan. 20, the estimated time remaining was 592 days, said ARIN president John Curran.

Depletion of IPv4 addresses does not mean that the allocated addresses cannot be used or that the Internet will stop working. But it could put constraints on Internet growth and connectivity.

"We're down to the final 10 percent, and when we run out, the Internet carriers will not be able to add customers without going through translation gateways" that will connect new IPv6 addresses with older infrastructure using IPv4, Curran said. "Those gateways are going to slow down the Internet."

To avoid bottlenecks and make resources globally available, Web sites need to enable use of the new protocols. The U.S. government has mandated that its core networks be able to accommodate IPv6 traffic, but to date there has been no requirement that the protocols be enabled on servers and Web sites. The government does intend to actively deploy IPv6, however, and in May the Federal CIO Council released a document called "Planning Guide/Roadmap Toward IPv6 Adoption in the U.S. Government."

The roadmap, created by the CIO Council's IPv6 Working Group and the private sector, provides direction,В and is incorporated into version 3 of the Federal Enterprise Architecture Assessment Framework. It recommends that agencies:

Use their enterprise architecture and capital planning activities to plan for the deployment of IPv6-enabled network services; show how they intend to use these services to power IPv6-enabled applications; commit to specific, measurable improvements in agency performance; and reflect the same in their investment proposals.

Leverage the guidance and common milestones provided in this document to develop an effective transition plan.

Set up test laboratories and/or prototype networks to acquire IPv6 experience and expertise.

Deploy secure IPv6-enabled network services, as appropriate, during regular technology upgrade cycles.

Because of the increased complexity of managing and securing networks that use IPv6 as well as IPv4, it is important that organizations begin enabling the new protocols and gaining experience now, Curran said.

IPv4 addresses have been in use for more than 30 years, and are able to accommodate about 4 billion addressed devices. But during the late 1970s and early 1980s, there were only 26 sites on the old ARPAnet, precursor to the Internet, Curran said. The number grew to around 300 in the late 1980s, and to the thousands in the early 1990s.

"Over the last 20 years, the vast majority of the addresses have been assigned," he said. "Ninety percent are gone now, and the rate at which we are allocating addresses is increasing" as more people gain access, connectivity is extended into rural and developing areas, and as the number of devices used by each individual grows.

Not all of the allocated IPv4 addresses are being actively used, and some could be recovered for re-allocation.

"We might be able to get another 5 percent back," Curran said. "Maybe more. But it's not much. We might have another year" with reclamation. "But in the end, you're still going to have to deploy IPv6."

Microsoft Reduces Bing Data Retention Times‘Avatar’ Is #1 At Box Office For Fourth-Straight Week

Monday, January 25, 2010

Microsoft Reduces Bing Data Retention Times

Microsoft on Monday announced moves to reduce data retention times for Internet queries initiated through the company's Bing search engine.

Peter Cullen, Microsoft's chief privacy strategist, said in a statement that the company will delete IP addresses after six months and will remove cookie IDs and other cross-session IDs after 18 months.

"It's definitely a step in the right direction," commented Peter Eckersley, staff technologist for the Electronic Frontier Foundation (EFF), in a telephone interview "However, there's still an enormous gulf between what a reasonable person expects in matters of personal data, and the reality of the types and amount of data search engine companies actually retain."

EFF is a nonprofit consumer and legal advocacy group headquartered in San Francisco that focuses on a number of Internet issues, including data retention by search providers.

According to Eckersley, America's top three search companies are all making efforts to "at least look like" they are reducing the hold periods and limiting the amount of data they retain.

Yahoo's current IP address retention is three months, while Microsoft and Google are now holding onto IP info for six and nine months, respectively.

Search engine providers typically explain that the data needs to be retained to improve their search services.

"Data from our search queries represents a crucial arm in our battle to protect the security of our services against hacks and fraud," stated Peter Fleischer, global privacy counsel at Google, in an e-mail. "It also represents a critical element allowing us to help users by innovating and improving the quality of our searches."

Google earlier reduced its retention time for IP addresses in search logs, cutting it from 18 months to the current nine months. However, Google's concern over Internet privacy generally seemed in question after Google's CEO Eric Schmidt stated in December that "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

Questions remain about whether search queries typed by users might still be used to identify individuals, even with the precautions taken by search providers.

"What they [the search providers] aren't telling you is what they are keeping," Eckersley noted. "They can delete IP addresses, but keep cookie-based search histories, user strings and other bits of data that could lead to personal identities."

Such was the case in 2006 when AOL released Internet search histories for more than 600,000 unnamed individuals as part of a research project. According to an overview on the Privacy Rights Clearinghouse Web site, several people were identified, along with their medical records, interests, financial info and social security numbers.

Microsoft said it changed its search data retention policy after an evaluation of its business needs and as the result of an "ongoing dialogue with privacy advocates, consumer groups, and regulators -- including the Article 29 Working Party."

The Article 29 Working Party (PDF) was established by the European Union to oversee the EU's Data Protection Directive, which was written to regulate the processing of personal data within EU member states.

The United States still lags behind the EU in terms of legal data protections, according to Eckersley.

"There's no question the Europeans enjoy much better data protection than Americans," Eckersley said. "The big three [search providers] in the U.S. are making strides but they really need to address the gulf of what people expect, and what is actually happening….The problem is there are no magic glasses to see inside of the logs they [Google, Microsoft and Yahoo] keep, and there is no regulatory directive providing guidelines for what data is kept."

On Wednesday, Microsoft called for updating certain U.S. laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. Brad Smith, Microsoft's senior vice president and general counsel, suggested that without greater national attention to law enforcement, liability and privacy rules affecting the Internet cloud, the future of cloud computing could be stunted.

Microsoft and Yahoo Finalize Search ContractFoul Play Not Suspected In Brittany Murphy’s Death

Microsoft Joins W3C's Scalable Vector Graphics Effort

Microsoft is joining the World Wide Web Consortium's (W3C's) Scalable Vector Graphics Working Group.

The company announced the move on Tuesday with the aim of improving future versions of the W3C's scalable vector graphics (SVG) recommendation, currently at version 1.1. The nonprofit W3C's SVG recommendation is a document that describes two-dimensional graphics processing using XML. The technology can be used for Web graphics, animation and user interfaces.

In the past, Microsoft's Internet Explorer has been singled out as the one Web browser not following the W3C's SVG recommendation. Web pioneer Tim Berners-Lee suggested that Microsoft was "slow" in supporting that effort, according to an Associated Press story published in 2008. Currently, IE does not provide native SVG support but instead relies on browser add-ons for scalable vector graphics.

Browsers getting top marks for native SVG support today include Opera, Apple's Safari and Google's Chrome, according to a table produced by Jeff Schiller, co-chair of the W3C's SVG Interest Group.

So far, it's been a gradual process getting browsers up to speed, according to Doug Schepers, the W3C's team contact for the SVG and WebApps Working Groups.

"Because people relied on plug-ins at first, native SVG support in browsers took a few years to get started," Schepers explained by e-mail. "But support has been steadily improving, with new features, performance enhancements and HTML integration getting better with every release."

IE's support for the SVG recommendation would be "a watershed moment," according to Schepers.

"Organizations that weren't using it before because they don't want to rely on plug-ins will now have the option to take advantage of SVG's rich graphical features, and that will drive improvements to all browsers," Schepers stated. He added that Wikipedia and major newspaper Web sites have already started using SVG. The open source Inkscape graphical editor uses SVG natively, he added.

IE currently dominates the scene in terms of browser use, with about 63 percent of the market, according to Net Applications. Consequently, developers typically consider IE compatibility first when building their Web sites.

Lately, Microsoft has been leaning more toward standards compliance with its browser, especially with IE 8, which still lacks native SVG support. In particular, Microsoft contributed test cases to the W3C's working group on cascading style sheets as it developed IE 8. In a statement, Microsoft suggested it plans to do more such work with the W3C.

"Making the Web easier for developers continues to be important and we will continue to contribute to development of HTML5, along with other popular Web standards," a Microsoft spokesperson explained by e-mail. "And we bring a unique value -- the rigor of modern software engineering to the process. Just the other month, we were asked to bring the same expertise that we brought to the CSS 2.1 test suite to the HTML5 working group to lead the Testing Task Force, so that, for the first time for a major standard, everyone in the W3C will agree on a holistic test to measure implementation instead of these interesting but not particularly valuable subsets of tests."

At the Microsoft Professional Developers Conference (PDC) in November, Microsoft demonstrated scalable graphics in an IE 9 prototype, explaining that the experimental browser was taking advantage of hardware to produce graphics that can scale with greater smoothness. Microsoft described this technology in a blog post as "Direct2D," which is based on the DirectX APIs used for Windows-based systems. It's not clear at this point how Direct2D may relate to Microsoft's efforts with the W3C's SVG effort, if at all.

Standards tend to be a moving target for browser makers. A spokesperson for Google said by phone that it's important for browser makers to put standards-based features into browsers as soon as possible. He added that the latest trend has been to support the canvas HTML5 element for graphics. Apple introduced canvas as part of its WebKit rendering engine, but canvas is separate from the W3C's SVG recommendation.

In addition to its SVG recommendation for browsers, the W3C offers guidance on mobile devices (called "SVG Tiny 1.2") as well as printing (called "SVG Print").

‘Avatar’ And ‘Dances With Wolves’: How Similar Are They?Microsoft Settles with EC, Agrees To Offer Choice of Browsers

Microsoft Admits to Purloined Plurk Code

Microsoft confirmed on Tuesday that one of its software vendors copied code from a microblogging application called Plurk.

A blog post by Plurk, based in Mississauga, Canada, complained on Monday that a beta of Microsoft's Juku social networking software looked a lot like Plurk. Not only was the user interface similar, but Juku used nearly identical code.

"Microsoft has taken Plurk's custom developed libraries, css files and client code and just ported them directly over to their service without any attempt to even mask this!," the Plurk blog stated. The blog estimated that Microsoft had stolen about "80% of the client and product codebase" from Plurk.

Responding to Plurk's claims, Microsoft took responsibility for the intellectual property violation and announced that public access to the Juku beta has been suspended indefinitely.

"We apologize to Plurk and we will be reaching out to them directly to explain what happened and the steps we have taken to resolve the situation," Microsoft said in a released statement.

Juku was developed for Microsoft by a Chinese software vendor for use on MSN China, a Microsoft "joint venture." In response to the Plurk complaint, Microsoft and MSN China are reviewing their policies concerning code supplied by third-party software vendors, according to Microsoft's statement.

Microsoft has been tripped up by third-party software vendors in the recent past. In November, the company acknowledged that a Windows 7 installation tool built by a vendor contained open source code licensed under GNU General Public License v2.

As for Plurk, it has other problems besides just competing with its own stolen code. The startup company claimed in late April that China blocked its service for unknown reasons.

‘Youth in Revolt’: The Reviews Are In!Microsoft: IIS 6.0 Has ‘Inconsistencies,’ but No Bug

Sunday, January 24, 2010

Adobe: Eclipsing Microsoft as Patch Concern?

All eyes tend to focus on Microsoft's monthly patch cycle, but don't forget Adobe.

Microsoft's January security patch contained just one Windows fix, but IT pros likely will have to spend some time plugging holes in Adobe products too this month.

"It was a relatively light month in terms of Microsoft," said Ben Greenbaum, senior research manager at Symantec Security Response. "But because Adobe is addressing a number of security holes, at least one of them critical, IT administrators will still be busy."

On Tuesday, Microsoft released a security advisory about an Adobe vulnerability affecting Windows XP. On that same day, Adobe released patches of its own for several of its applications. The patches address Adobe Reader 9.2, Acrobat 9.2, Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh. There's also a patch for Adobe Reader 9.2 for Unix-based operating systems.

Last week, Adobe issued security patches for its Illustrator graphics program.

"After a solid year of security issues, Adobe's product security and secure product development practices are being seriously questioned," said Andrew Storms, director of security at nCircle. "It's ironic to consider that we may have reached the point where Microsoft Office documents are now more secure than [Adobe] PDF documents."

Microsoft's latest security advisory refers to a vulnerability in Adobe Flash Player 6 for Windows XP-based systems. The vulnerability, involving ActiveX controls, has been addressed in newer releases of the Adobe's software, according to Microsoft.

Microsoft recommends removing Adobe Flash Player 6 from XP-based systems and installing the newest Flash Player software. To remove the software, Microsoft points to this Adobe instruction page.

MTV News Picks The Best ‘Twilight’ Fan Q&As Of 2009January Patch ‘Critical’ for Windows 2000

Tool Checks for 'Custom XML' in Word Files

Microsoft's court loss to i4i LP has spawned a make-shift tool to check for patent-infringing technology in Word files.

The free tool can be used to scan .DOCX and .DOCM Word files. It generates a log file that lists "custom XML" code references in the Word files. The unsupported tool is described by Gray Knowlton, a Microsoft product management team leader for Office developers, and it can be downloaded at his blog page here.

Custom XML is a term used by Microsoft to describe user-defined schemas in XML, according to the inventor of the technology, Michel Vulpe, founder and CTO of i4i. Microsoft was enjoined from selling copies of Office 2007 and Office 2003 that use this technology after Jan. 10, according to a court decision, which was upheld on appeal.

The scanning tool may be just for the morbidly curious. Existing users of Office 2007 and Office 2003 do not have to stop using those products, nor do they even have to care that custom XML code is used in those products. Those who buy Office products today however will use updated technology, or they will be prompted by Microsoft to apply a patch that avoids the infringing technology.

"The documents identified by the tool as containing custom XML markup are themselves not affected by the ruling, and require no action on your part," Knowlton explained in the blog. "What positive scan results will indicate are documents that will behave differently when opened in patched and unpatched versions of Office."

Knowlton added that the tool can be used to help determine "possible areas of impact for your specific IT environment."

In other posts in his blog, Knowlton explained that the custom XML technology can also be identified by "pink tags" that show up around the tagged content. The court's judgment against Microsoft doesn't apply to ECMA and ISO/IEC standards for Office Open XML, according to Knowlton.

"Even if Word's specific implementation of custom XML support does infringe the i4i patent (which Microsoft does not believe to be the case), i4i has never claimed that its patent is essential to the OXML standard," Knowlton wrote in his blog. Microsoft is currently seeking a rehearing of the i4i case.

Some news accounts reported that copies of Office 2007 and Office 2003 were removed from store shelves after the Jan. 10 injunction date. However, the Microsoft Store in Mission Viejo, Calif. currently stocks all editions of the products, according to a "store associate" via telephone. Possibly, there's disruption in ordering the products online. An attempt to order full editions of Office 2007 from Microsoft's online store produced a "temporarily out of stock" message. However, a check at showed the products to be in stock.

‘Avatar’ Director James Cameron Says Fan Pressure Inspires HimHotfixes Issued for Office 2003 Bug

Microsoft Settles with EC, Agrees To Offer Choice of Browsers

The European Commission today ended its antitrust suit against Microsoft, accepting Redmond's agreement to allow users the choice of making any browser their default Web interface.

Microsoft has agreed to offer a "choice screen" that will allow Windows users to select as many as 11 Web browsers they choose to install on their PCs as an alternative or supplement to Internet Explorer. The agreement also allows PC makers to offer any Web browser as the default with the option of disabling IE.

"Millions of European consumers will benefit from this decision by having a free choice about which Web browser they use," said Competition Commissioner Neelie Kroes in a statement issued by the European Commission. "Such choice will not only serve to improve people's experience of the Internet now but also act as an incentive for Web browser companies to innovate and offer people better browsers in the future."

Under the agreement, Microsoft will report to the EC within six months on its progress, and routinely thereafter. "This is an important day and a major step forward," said Brad Smith, Microsoft's general counsel and senior vice president, in a statement.

While Microsoft's Internet Explorer is still by far the most widely deployed browser, its share has dropped to 63 percent, according to data released earlier this month by Net Applications. Competing makers of browsers have long maintained that offering choice would help extend the use of new features added to browsers.

"The browser wars have certainly been heating up again," said Redmonk analyst Michael Cote in an email, noting advances from Apple (Safari), Mozilla (Firefox), Google (Chrome) and Microsoft itself.

"If unleashed, we believe PC browsers could allow an exponential impact on Internet innovation," said Sundar Pichai, Google's vice president of product management, in a blog posting.

"With Google in the browser game with Chrome, you have to think (and hope) that they're looking at the EU's demands on Internet Explorer as guidance for how to avoid sticky situations with Chrome and their other efforts," Cote said.

In addition, Microsoft has agreed to provide developers, including those in the open source community, access to technical documentation to such key products as Windows, Windows Server, Office, Exchange and SharePoint.

"Microsoft will also support certain industry standards in its products and fully document how these standards are supported. Microsoft will make available legally-binding warranties that will be offered to third parties," Smith noted.

Saturday, January 23, 2010

CA Acquires BPM Vendor Oblicore

CA has acquired Oblicore, a closely held but established provider of software that measures the effect of system uptime on business performance. Terms of the deal, announced Monday, were not disclosed.

Analysts say what makes Oblicore's software stand out is its "top-down" approach to measuring IT performance and relating its impact in business terminology. CA said adding Oblicore's wares to its portfolio will also help organizations determine the impact of cloud services on business performance as those services become more widely implemented.

The company's Oblicore Guarantee software translates terms and conditions in IT business contracts into operational requirements. That enables IT organizations to manage their infrastructures to meet those requirements, said Richard Ptak, managing partner with IT consultancy Ptak, Noel & Associates LLC.

"Most of the emphasis to date has been a focus from the 'bottom-up' -- i.e., from the technical aspects of infrastructure operation and trying to relate that to service impacts," Ptak said in an e-mail. "The translation from technical performance and interactive characteristics to business-comprehensible metrics has been a continuing problem."

Vince Re, CA's senior vice president and chief architect, said in an interview that Oblicore's software already has connectors to 60 leading IT systems management platforms, allowing it to share data across various lines of businesses. The software provides business-impact analysis reports based on service-level agreements built into contracts. It also helps organizations determine their goals upfront in the procurement cycle, Re said.

"The idea of starting with the terms and conditions and the business contracts and going down from that is relatively unique," Re said.

"I don't know of anybody that's doing the contracts management in the way Oblicore does," said Lisa Erickson-Harris, an analyst at Enterprise Management Associates. "Oblicore is more designed around pulling in data from a multitude of different data sources. That will be a big advantage for CA going into shops that are just CA shops."

Over time, CA sees Oblicore having even more appeal to organizations that are considering the use of cloud services. "Where we see that going is much like IT as a supply chain, where its role isn't so much to be the factory but to kind of weave things together from lots of different suppliers," Re said. "Of course, some of those could be cloud, some of those can be things that you run internally as a private or hybrid cloud. Lots and lots of things that come together there, and to be successful you need service-level management between each of those component parts."

Ptak agreed. "Cloud computing is the other trend that makes Oblicore's technology interesting because we believe cloud services without serious service-level contracts are an enterprise disaster waiting to happen," he said in a blog post about the acquisition.

Oblicore's software is built on Microsoft's SQL Server database and provides dashboards to managers via a Web interface. Re said Oblicore's software already has connectors to CA's other key management tools as well as competitive offerings. CA is still determining how to evolve the technology but hinted that a cloud-based version may be in the works.

HP Extends Public, Private Cloud Portfolio2010 Golden Globes Winners List

Microsoft Woos MySQL Users with Migration Tool

Microsoft fired another salvo in the database wars by announcing a new toolkit to help users migrate their databases from MySQL to SQL Server -- or SQL Azure, the new cloud offering.

In a Data Platform Insider blog posting, Erika Sommer yesterday announced the release of a Community Technology Preview of an addition to the Microsoft SQL Server Migration Assistant (SSMA) program. Called CTP version 1.0 for MySQL, the tool "provides an assessment of migration efforts as well as automates schema and data migration from MySQL to SQL Server."

Two versions of the tool are available. The Microsoft SQL Server Migration Assistant 2005 for MySQL v1.0 CTP1 is aimed at MySQL users wishing to migrate to SQL Server 2005, and the Microsoft SQL Server Migration Assistant 2008 for MySQL v1.0 CTP1 targets users who want to move to SQL Server 2008 or SQL Azure, part of the cloud-based Windows Azure platform (the SQL Azure Team Blog announced the latter offering last week).

Microsoft is also using the cloud to court MySQL users who don’t want to migrate, having earlier reported that Azure would support MySQL databases, and its oft-used partners, Apache and PHP.

Amazon has also opened up its cloud-based service, EC2, to MySQL users.

Both of the new SSMA previews require the following:

Microsoft Windows Installer 3.1 or a later version.The Microsoft .NET Framework version 2.0 or a later version.MySQL Connector/ODBC v5.1.1 GB RAM.

Microsoft SQL Server 2008 R2 Feature-Complete PreviewSarah Jessica Parker Impressed By Miley Cyrus’ Height, Professionalism

Ballmer Highlights Two Screens at CES Talk

What's a high-tech trade show without a glitch? In this case, it was a power failure that delayed the opening keynote at the 2010 International Consumer Electronics Show (CES).

The outage in the Las Vegas facility on Wednesday night kept the crowd waiting for a talk by Microsoft's CEO Steve Ballmer. Event personnel had to scramble to reboot a slew of Windows 7 machines.

Ballmer's talk consisted primarily of incremental announcements and positioning statements, but there were no major surprises. Ballmer referred to filling "all of the screens of our lives," powered by Microsoft technologies, but his talk mostly centered on TV broadcasts, video-on-demand, and games running on televisions and Xbox 360 consoles, as well as PCs. The third screen, the mobile phone, was somewhat of a no-show at this kickoff talk.

For instance, there were no announcements about the forthcoming Windows Mobile 7. Details on Windows Mobile 7 may come some time in March at MIX 2010, according to a hint dropped at the Professional Developers Conference (PDC) by Microsoft Chief Software Architect Ray Ozzie. During the CES keynote, Ballmer simply noted the launch of Windows Mobile 6.5, which took place in October, although only a handful of devices based on that release are available.

Microsoft did announce a partnership with HTC and T-Mobile USA on a forthcoming HTC HD2 Windows phone. Ballmer said that Microsoft would reveal more at the Mobile World Congress, which is scheduled to take place in Barcelona on Feb. 15.

Ballmer's silence on Windows Mobile 7 was overshadowed by Google, which launched its Nexus One touch-based smartphone on Tuesday. Google's timing might have been intended to preempt Microsoft's mobile talk at the CES event.

Manufacturers have been producing new form factors for so-called "slate PCs," which Ballmer described as almost as portable as a phone but as powerful as a phone running Windows 7. On display during the CES talk was HP's touch-screen enabled slate PC, which is thin but large enough to serve as an electronic book-reading device (it was running's Kindle software). The HP slate PC will be available some time this year, Ballmer said.

A New York Times story had speculated that the slate PC would be Microsoft's big announcement at CES because Apple is expected to unveil its competing tablet device some time this month.

Ballmer also touted the arrival of Windows 7, which was released in October. He claimed that Windows 7 is "the fastest-selling OS in history," and that it bumped up retail sales on Black Friday compared with last year's retail sales. Microsoft's partners have delivered more than 800 unique Windows 7 apps so far, he added.

Speaking to the gadget-loving crowd in Las Vegas, Ballmer said that "Windows 7 is the rising tide that has helped lift many boats in our business."

Through Windows Media Center, Windows 7 can tap into TV broadcasts and even serve as a digital video recorder of programs. Ballmer claimed that "TV becomes a lot more fun when it's powered by a PC." Service providers can use Microsoft Mediaroom 2.0 technology to sell broadcast and on-demand video services that can now be received through a TV, PC and even certain compatible smartphones.

Mediaroom 2.0, a solution for IP-based TV transmissions, got its debut announcement at the CES talk. Mediaroom 2.0 allows broadcasts to be delivered in high-definition format due to Microsoft's integration of IIS "smooth streaming" technology. Microsoft describes smooth streaming technology as capable of adapting to the varying bandwidths of end users. Mediaroom-based services are currently available to more than 4 million users around the globe, according to the CES keynote.

Ballmer also touted Microsoft's Bing Internet search service. The company has struck a deal with HP, which will offer Bing as the default search engine installed on HP's PCs.В  Microsoft added 11 million Bing users in 11 months, Ballmer claimed. Bing uses Microsoft's Silverlight multimedia technology and Microsoft's Photosynth photo-stitching technology, particularly with Bing Maps.

Microsoft Sync technology is being used by the automobile industry. Ford plans to use Microsoft Sync and Microsoft's embedded auto technology in some of its cars. Kia Motors' UVO service will include Microsoft's speech technology, which will be seen in the 2011 Kia Sorento automobile some time in the third quarter of this year. Fiat has partnered with Microsoft on a carbon dioxide-reducing technology called EcoDrive.

Ballmer also touted the success of the Xbox 360 game console, which integrates with Facebook, Twitter and Project Natal technology. Natal is Microsoft's showcase "natural user interface" technology that allows human movements to control the computer. Ballmer said that there are more than 39 million Xbox 360s around the world. More than 500 million games have been sold for Xbox, generating more than $20 billion in game revenues, he said.

Robbie Bach, president of Microsoft's entertainment and devices division, concluded the keynote by revealing some upcoming game releases, including Microsoft's "Halo Reach" title, which is scheduled to be available in the fall of 2010. Microsoft currently has more than 20 million Xbox Live members, and they can now get live direct TV through their game consoles. Video-on-demand service is also available through the Xbox 360 as Microsoft has partnered on the service with Netflix.

Bach said that Natal -- which has been seen in Microsoft's demos -- will be available by this year's holiday season. No new device upgrade will be needed as Natal will work with existing Xbox 360 consoles, he said.

Tobey Maguire, Sam Raimi Talk ‘Spider-Man’ In Vintage InterviewsMicrosoft and Yahoo Finalize Search Contract

Friday, January 22, 2010

HP Extends Public, Private Cloud Portfolio

Hewlett-Packard this week bolstered its private and public cloud portfolio, looking to extend its reach to enterprises of all sizes. As part of its rollout, HP for the first time is enabling infrastructure and application provisioning services to third-party cloud providers, initially Amazon's EC2.

At its annual HP Software Universe conference in Hamburg, Germany this week, the company launched three new offerings that will extend its ability to offer cloud services to large enterprises as well as small- and medium-business (SMB) customers. They include Communications-as-a-Service, aimed at helping telecom providers offer cloud service packages, HP Cloud Assure for Cost Control, and an upgrade of its HP Operations Orchestration to support EC2.

HP Operations Orchestration is the company's software offering for provisioning enterprise applications and automating functions such as configuration and change management, archiving, and managing of physical and virtual infrastructures. It also supports application development and testing. The latest tweak will allow customers to add EC2 to that infrastructure, said Paul Muller, HP's vice president of Software and Solutions.

"We have added pre-integration into Amazon EC2 to allow organizations to add and remove that additional capacity as part of their regular operational procedures integrating with their traditional and existing management tools as they are deployed," Muller said in an interview.

The decision to support Amazon's EC2 was based on customer demand, he said. Asked if there are plans to support Microsoft's forthcoming Azure service, due out in January, Muller wouldn't say.

"We would like to integrate to all cloud providers that are predominant in the marketplace -- we will be adding them based on customer demand," he said. Demand for cloud services is still emerging, and many enterprises are skeptical of using public cloud services for mission-critical applications.

Like other cloud providers and analysts, Muller said the primary users of public cloud services are those looking to add capacity for application development and testing. "But we are increasingly seeing simple Web services, that type of workloads," he said. "It could be something that is suited to an application that scales between internal or external infrastructures often as an adjunct to an application that's already been moved into a hosting environment that may require additional capacity to meet unanticipated demand," he said.

The second offering, HP Cloud Assure for Cost Control, is a SaaS-based offering that will let developers and administrators determine how an application built for an enterprise will behave in the cloud, Muller said.

While the benefit of the cloud is its elasticity in its ability to stretch workloads beyond what an internal enterprise infrastructure might allow, the Cost Control tool will help customers determine the cost implications of using cloud infrastructure, according to Muller.

"We can not only predict the consumption of cloud resources but help you understand why the application uses the resources it is using and therefore better right-size your cost and performance," he said. The Cost Control service is the second such service offered by HP under its HP Cloud Assure offering; back in March, HP launched Cloud Assure, allowing customers and partners to determine security and performance implications of migrating applications to the cloud.

HP is also looking to help telecommunications providers offer packaged cloud services, such as interactive voice response applications, universal messaging, contact center tools and video surveillance, said Tim Marsden, chief technologist for HP's Communication and Media Solutions.

Communications-as-a-Service is intended to enable telecom and service providers to add these and ultimately other SaaS offerings by providing a mediation layer between the telco, the SasS provider and the customer, Marsden said in an interview.

"If a telco is looking to build Infrastructure-as-a-Service or build a private cloud using HP's technology, the aggregation platform for SaaS would actually mediate between the private cloud and the public cloud, and would enable the telco to sell that private cloud infrastructure externally," Marsden said.

Marsden would not name any telecom companies who are evaluating the service other than to say that HP is in discussion with numerous providers looking to target SMBs, where they see opportunity for public and private cloud services.

‘Takers’ Star Matt Dillon Discusses His Scenes With Chris Brown2010 a Boom Year for Cloud Computing?

UPDATE: Microsoft's Free SEO Tool Released

Microsoft on Tuesday released a free search engine optimization (SEO) tool for Web sites.

The software, called "SEO Toolkit," works with Web sites supported by Microsoft's Internet Information Services Web servers on Windows-based machines. According to a Microsoft spokesperson, "the SEO Toolkit does need to be run on Windows, but it can be pointed at and analyze any site --- Apache or IIS --- regardless of what it is hosted on." It was previously released as a beta back in June.

The SEO Toolkit crawls through local and external Web sites and checks for problems such as broken links, slow-loading pages and invalid markup. It can be used to optimize key words to improve Web site hit counts.

The SEO Toolkit manages site maps files, which search engines use to grab URLs. It can also check which URLs get excluded by search engines via a "robots exclusion module" that checks robots.txt files, according to Microsoft's description. It's designed to optimize Web sites searched by Bing, Google, Yahoo and other search engines.

To install the toolkit, Microsoft's Web Platform Installer needs to be used. The Web Platform Installer centralizes the installation of Microsoft software used for Web sites. It's also a free download available from Microsoft.

The SEO Toolkit will run on Windows Vista, Windows 7, Windows Server 2008 or Windows Server 2008 R2 operating systems. It can be downloaded at this Microsoft Web site, which provides support materials and a demo.

SharePoint 2010 Emerges as a Developer PlatformMTV News Picks The Best ‘Twilight’ Fan Q&As Of 2009

Microsoft and HP Ink Cloud, Virtualization Pact

Microsoft and Hewlett-Packard on Wednesday disclosed a $250 million, three-year partnership to develop and market next-generation datacenter technology and application infrastructure that combines virtualization, system management and cloud computing.

The companies made the announcement during a conference call led by HP CEO Mark Hurd and Microsoft CEO Steve Ballmer.

The pact is focused on the companies co-developing new systems and dedicating joint go-to-market efforts for delivering those technologies as bundled applications and services, the executives said.

Though the agreement is not exclusive, both companies suggested that they are working more closely with each other than with others. "This is the deepest level of collaboration and integration and technical work we've done that I am certainly aware of," Hurd said.

However, some questioned whether the deal is all that extraordinary. "If you discard all the hyperbole, this is simply another announcement of bundled solutions and an initiative by two major players attempting to cover major holes in their offerings," said Richard Ptak, managing partner of IT advisory firm Ptak, Noel & Associates, in an e-mail.

Ballmer said the end goal of the pact is to co-develop and deliver cloud-based application and system architectures. "This is entirely cloud motivated," he said.

For Microsoft, the deal underscores its quest to offer Windows Azure and SQL Azure as private cloud offerings. The public versions of Azure went live this month but many larger enterprises are awaiting private and hybrid cloud implementations.

Early deliverables are not expected to be groundbreaking. Bob Muglia, president of Microsoft's server and tools business, said on the call that engineers from both companies are already working to integrate Microsoft's System Center Management platform and Hyper-V virtualization technology into HP's ProLiant Servers and Insight Manager management software.

In the coming months, Microsoft will deliver power management capabilities in System Center that will be unique on HP hardware. "We have a whole set of milestones that will be coming associated with incremental deliveries to that virtualized environment -- things like run book automation to help simplify the management of both Windows environments and heterogeneous environments, as well as the next set of steps as we begin to implement that private cloud infrastructure that Steve [Ballmer] mentioned," Muglia said.

Also look for turnkey appliances that bundle applications such as Exchange Server, SQL Server and the forthcoming Parallel Data Warehouse integrated with System Center and Hyper-V, the executives said. "Please, bundled SQL Server and Exchange as a base for market penetration sounds a bit weak." Ptak noted.

Both companies, however, are looking to fill gaps in each of their enterprise datacenter and cloud efforts, said RedMonk analyst Michael CotГ©. Both companies are seeing broad challenges from IBM, Cisco, VMware, and the likely combination of Oracle and Sun, he said.

"HP and Microsoft can fill a lot of holes in each others' strategies," CotГ© said. "If they deliver on these optimizations and these go-to-market initiatives they are promising, they can help each other out."

While HP recently launched its own cloud initiative, CotГ© said it doesn't have the cloud ecosystem that Microsoft has. Meanwhile, Microsoft can gain from HP's enterprise hardware, storage, networking and systems management expertise.

Key to the agreement will be the ability to marry both companies' systems management offerings, said Forrester Research analyst Glenn O'Donnell. "The fact that they're joining forces on that software isn't in and of itself unique. Both HP and Microsoft have built technology partnerships for their systems management software with other vendors," O'Donnell said. "What I think is notable with this is they are really tying this into a turnkey packages of applications, where the systems and the management software that orchestrates everything happen under the covers."

Both companies will shortly introduce management software based on both System Center and HP Insight Manager, said Edwin Yuen, a Microsoft senior technical product manager for virtualization, in a blog post.

Eventually, the two will offer "Smart Bundles," intended to bring virtualization to small and medium-size business customers. Packages will consist of HP servers, storage and networking gear, bundled with Windows Server, Insight Manager, System Center Essentials and HP Operations Center, according to Yuen. "SMBs can really benefit from virtualization and these new Smart Bundles provide a single, cost-effective package for virtualization," Yuen noted.

Over time, enterprise customers can expect to see tighter integration of Insight Manager, System Center and HP's Business Technology Optimization software (which consists of the former OpenView and Mercury Interactive management tools), O'Donnell predicted.

Microsoft: We Will Steal Google’s LunchZoe Saldana Reveals The Secrets Behind Her ‘Avatar’ Alien

Tuesday, January 19, 2010

Microsoft: IIS 6.0 Has 'Inconsistencies,' but No Bug

Microsoft denied that its Internet Information Services (IIS) Web server software is subject to new-found security vulnerability.

The bug was first reported to Microsoft on Dec. 23, but Microsoft closed the investigation last week claiming that the potential problem isn't a vulnerability. Microsoft spokesperson Christopher Budd said in a Dec. 29 blog that there are some "inconsistencies" with IIS version 6.0, but no "new" exploits.

Details of the so-called vulnerability first surfaced on Christmas Day when security researcher Soroush Dalili posted findings on his personal blog. Dalili's assertion gained credence from third-party security company Secunia, which last updated its own findings on December 30.

Secunia explained that the IIS problem results from the Web server "incorrectly executing Active Server Page code in files with extensions separated by semicolons (e.g. 'file.asp;.jpg')." The security firm explained that this IIS bug "can be exploited to potentially upload and execute arbitrary ASP code via a third-party application using file extensions to restrict uploaded file types."

This discovery marked the third time in 2009 that IIS bugs or glitches have been identified. Microsoft's security researchers disagreed, saying that the exploit could only happen if the server was misconfigured to have both write and execute privileges, contrary to IIS 6.0 best practices for security. Budd suggested that Microsoft is considering changing IIS 6.0 to make its functionality more "in line with the other versions" of the Web server software.

"What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs," Budd said in his post. "It's this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server."

Dalili and Secunia explained the issue differently, saying that the real problem is that IIS can execute any extension as ASP code.

"By using this vulnerability, an attacker can bypass this protection and upload a dangerous executable file on the server," Dalili said in his post.

Budd suggested users should review Microsoft's best practices for IIS 6.0 security, particularly if the Web server is configured with both write and execute privileges on the same directory.

Microsoft Warns of IE 6 and IE 7 Bug‘Up In The Air’ Director Jason Reitman Reveals The Real George Clooney

Microsoft Advises Upgrading IE 6 To Avoid Bug

Microsoft provided more advice about a zero-day Internet Explorer vulnerability exploited by hackers last week.

The bug enabled attacks on Google and other companies, Microsoft has confirmed, but IE 6 appears to be the only browser version affected, the company announced this week. Microsoft hasn't heard of successful attacks against IE 7 and IE 8, according to George Stathakopoulos, Microsoft's general manager of Trustworthy Computing Security, in a blog post on Sunday.

On Monday, Jerry Bryant, Microsoft's senior security communications manager, added that Microsoft is investigating proof-of-concept vulnerabilities in IE 7 and IE 8.

"Earlier today, we were made aware of reports that researchers have developed Proof-of-Concept (PoC) code that exploits this vulnerability on Internet Explorer 7 on Windows XP and Windows Vista," Bryant wrote. "We are actively investigating, but cannot confirm, these claims."

Stathakopoulos downplayed the extent of the damage, saying that "we are only seeing very limited number of targeted attacks against a small subset of corporations."

German and French agencies reacted swiftly, advising people to switch from Internet Explorer to other browsers, according to a report published on Tuesday by the Wall Street Journal.

Microsoft may release an "out-of-band update," which will likely be announced sometime on Jan. 19, according to Ed Bott's blog. The company released a security advisory last week that outlines some steps to take in the meantime. Microsoft also recommended on Monday that users upgrade to more recent versions of IE, particularly IE 8, because of the "the improved security protection it offers," Bryant wrote.

Microsoft and third-party software security companies have recommended turning on a feature in Windows called "data execution protection" (DEP). DEP is turned on by default for Windows XP Service Pack 3 users, Stathakopoulos noted.

However, enabling DEP is just one step, according to Richie Lai, director of vulnerability research at security firm Qualys.

"First, you are protected from this specific known exploit if Data Execute Protection (DEP) is enabled in the operating system," Lai said. "While DEP has been proven to stop exploits like this, there are known ways to bypass DEP if you can get code running."

Another mitigating factor, Lai explained, is deploying address space layout randomization (ASLR). Lai added that IE platforms where both DEP and ASLR are enabled make "exploitation is extremely difficult."

Lai said Windows XP users should consult Microsoft's "Fix it" section from its advisory and that this will enable DEP for IE 6 or 7 on XP.

It's important to note that the problem doesn't begin and end with IE, according to Fraser Howard, principal virus researcher at SophosLabs.

"Actually, many other applications that the browser may interact with may be targeted by attackers (browser plug-ins, extensions and the like)," Howard wrote in a blog post on Monday. "A topical example currently would be (the ubiquitous) Adobe Reader, which has been somewhat hammered by malware throughout 2009…."

Microsoft pointed consumer users who think they have been affected by the bug to this page for help.

‘Up In The Air’ Director Raves About Anna Kendrick: ‘I Wrote This Role For Her’January Patch ‘Critical’ for Windows 2000