With Perot, Dell can get a chunk of IT's hottest market -- health care

There are a lot of reasons why Dell Inc. agreed to buy Perot Systems Corp. for $3.9 billion, but Congress' vote earlier this year to appropriate billions of dollars to spread the use of electronic medical records may be a key one. Even before today's announcment that Dell plans to buy Perot, the PC maker and IT services firm had agreements in place develop platforms dedicated to electronic health care applications. Perot, which says that about half of its $2.8 billion in annual revenue is derived from health care projects, is in a good position to gain a significant chunk of the $36 billion the federal government is poised to spend on IT related health care projects. During a conference call with reporters today, Michael Dell, CEO and chairman of Dell, called the move "the right acquisition" for his company, and that the two Texas-based firms share several similar characteristics. "Our products, services and structures are overwhelmingly complementary," Dell said.

EDS was spun off in 1996 as an independent firm and remained that way until it was acquired last year by Hewlett-Packard Co. for $13,9 billion . Ross Perot founded Perot Systems in 1988. Harry Greenspun, chief medical officer for Perot Systems' health care group, told investors garthered at an industry conference this month that there's tremendous opportunity for companies like Perot in the health care market. "Most hospitals, most physicians' offices are very immature in their adoption in their technology," he said, according to an archived recording on Perot's web site. Ross Perot, the chairman emeritus of Perot, added, "We saw this as a cultural match, and we saw what we could do together, and I think that made it a lot easier to jump on Michael's vision to build Dell," Perot founded Electronic Data Systems (EDS) in 1962 and sold it to General Motors Corp. in 1984 for $2.5 billion. Dell hopes to complete the deal by year's end, just after the federal fiscal year starts on Oct. 1, which is when federal spending on electronic records is set to begin in earnest. Dell and Perot are already jointly offering what Greenspan called a "dumb box" without ports of disk drives. The demand for help in implementing new health care IT projects should come quickly - Under the law, health care providers have to start upgrading e-health systems by 2015 or face federal penalties.

The Software-as-a-Service system delivers electronic records to virtual desktops that charge customers on a subscription basis. "This is a different way of delivering this service," said Greenspun. Bendor-Samuel said improved revenue from health care projects should be a strong side effect of the merger, but contended that Dell's primary interest is gaining access to a broader base of enterprise customers. "It's great to be a dominant player in the fastest growing segment of the economy, but I view that as a nice thing to have," he said. The purchase of Perot Systems will also give Dell some credibility among large users as a service provider, said Peter Bendor-Samuel, CEO of Everest Group, an Dallas-based outsourcing consultancy. "It both significantly improves their delivery capability and tremendously improves their credibility," he said. Dane Anderson, an analyst at Gartner Inc., believes that the deal shows only that Dell is finally embarking on a services strategy. It has not offered the broader consulting and integration services provided by IT services firms like Perot Systems, he added.. "Really, where the opportunity is in the nearest term is to bring more capabilities to the table for that Dell installed based of clients, he said. Dell's support operation has traditionally focused on providing services to meet the needs of existing users.

Anderson said that he doesn't expect Dell to quickly gain new services contracts due to the acquisition of Perot. Enterprise aren't likely to exit existing contracts with other services providers.

Verizon dances on grave of AT&T lawsuit

Verizon wasted no time gleefully mocking AT&T after the rival carrier dropped its lawsuit challenging the legitimacy of Verizon's "There's a Map for That" ads. The 25 funniest vintage tech ads In the day since AT&T announced it was dropping the suit, Verizon spokesman Jeffrey Nelson has updated his Twitter account 15 times to reference the failed suit. Priceless!

Typically, Nelson would retweet a comment from another tweeter making fun of AT&T. Prominent examples include "There's An Apology For That: AT&T Dismisses Its Pointless Lawsuit Against Verizon," "Now AT&T can focus on improving their 3G network," and "AT&T to Verizon: We give up, you win the ad war." Additionally, Nelson linked to an speech delivered by Verizon Chief Marketing Officer John Stratton detailing the company's plan to continue ridiculing AT&T throughout the holiday season. The ads then display maps that show the total geographical reach of 3G coverage for each carrier, with Verizon's map showing a far larger area of the country covered by its 3G service. Furthermore, Stratton said that Verizon has scrapped its original holiday ad campaign in favor of producing more ads attacking AT&T. "We tried to do some research to find out where our competitors' 3G coverage actually was, but we couldn't find it, they didn't provide it," he said. "So we went with an industry source, a third-party source who maps roaming for the industry and asked them to map our 3G coverage and map our competitors' 3G coverage… Now, we had already completed our fourth-quarter holiday work at considerable expense, but we have that stuff now sitting on a shelf." Verizon's "There's a Map for That" ads typically show AT&T users struggling to use applications on their mobile devices while Verizon customers happily watch live streaming videos. In its lawsuit, AT&T did not dispute that the maps used by Verizon in its ads were accurate. However, in Verizon's ads the company clearly marks the maps as "AT&T 3G Coverage" and "Verizon Wireless 3G Coverage."

Rather, it accused Verizon of misleading consumers by implying that AT&T has no wireless coverage in large parts of the country, when in reality parts not covered by AT&T's 3G HSPA network are still covered by its 2G EDGE network.

Intel/AMD deal could help solve virtualization compatibility problems

The $1.25 billion Intel/AMD settlement announced Thursday could improve competition in the server hardware market and solve some lingering problems related to server virtualization, analysts say. 50 greatest arguments in networking: AMD vs. But a new five-year cross-license agreement between the companies raises the possibility that Intel and AMD will share information on their instruction sets and enable live migration across servers with different processors, he says. Intel Today, a virtualization technology known as live migration lets customers move workloads from one physical server to another, but only if both servers contain processors from the same chip maker, according to Forrester analyst James Staten. "If you look at the virtualization instruction sets that have been implemented by AMD and Intel, they are incompatible with each other," Staten says. "If you build a virtualization pool and do live migration from one system to another, it has to be all Intel, or it has to be all AMD." The Intel/AMD settlement, which ends various antitrust and patent cross-license disputes, doesn't explicitly talk about virtualization, Staten notes. Gartner analyst Martin Reynolds agrees the Intel/AMD settlement could be good news for virtualization customers. "If they were to integrate virtualization more deeply into the processors as a single standard that companies use, it's possible virtualization could become less expensive," Reynolds says.

In the wake of the settlement, there are several other potential areas for new levels of compatibility between Intel and AMD processors, Staten says, including memory and power management, and security. The virtualization incompatibility has mainly harmed AMD, because the issue forces customers to standardize on one type of server and Intel has a dominant market share, according to Staten. Broad collaborations between the rivals should not be expected, though. "These are two fighters who just took a lot of bruises over the last two years," Staten says. "They're not about to run to the center of the ring and shake hands." In lawsuits filed against Intel, AMD claimed that Intel illegally forces customers into exclusive deals with cash payments, discriminatory pricing, marketing subsidies and other practices. I think that's beneficial for all." AMD benefits from the settlement more than Intel does, because it eliminates many concerns customers have about purchasing AMD-based servers, according to Staten. The settlement prohibits Intel from "offering inducements to customers in exchange for their agreement to buy all of their microprocessor needs from Intel," and other anticompetitive practices such as inducing customers to limit or delay sales of AMD products. "Intel agreed to a set of rules of the road for how they will conduct business going forward," says AMD spokesman Drew Prairie. "It should help create a fair and open competitive environment where products compete on their merits, and where innovation is rewarded by the marketplace. Even if customers like AMD technology, they might have chosen Intel-based servers instead because of concerns about AMD's viability.

The time and money allocated to fighting Intel in court may also have distracted AMD from product development. "Having those hindrances gone will definitely help AMD because their CPUs are quire competitive at this point," Staten says. Moreover, if AMD's allegations were correct, that means Intel's business practices were preventing OEM vendors from embracing AMD processors to the extent they would have liked. The settlement also makes AMD more attractive to outside investors, Reynolds says. While both companies are embracing multi-core processors, Intel is taking a homogenous approach in which every core is the same and AMD is using different types of cores in the same CPU for different workloads, according to Staten. AMD is taking a different approach than Intel to the server market. AMD is also trying to go down the multi-core path faster than Intel, with attempts to get 16- and 24-core processors on the market before its rival.

Generally, AMD is about a year behind Intel's technology, but turns a profit by making products that are cheaper and cost less to build, Reynolds said. "Generally the server vendors use the product that most meets their needs," he says. "They know their customers are smart and will buy the product that delivers the best value." Follow Jon Brodkin on Twitter. Reynolds said he doesn't expect the settlement to cause any major shifts in how OEM vendors approach Intel and AMD, however.

High-tech hardware spending returns, no help for IT jobs

IT decision makers will be investing in hardware in the coming six months, according to recent research, but high-tech executives say staffing will remain flat as companies not only slow the pace of jobs cuts but also hold off on new hires. The latest release of the CDW IT monitor reveals that more than two-thirds of some 1,043 IT decision makers in corporate and government sectors plan to make IT hardware purchases in the next six months. Podcast: Have IT budgets hit bottom yet? More than 80% of large businesses and 84% of federal government high-tech executives polled expect to invest in hardware, with a majority pointing to operational efficiency gains as motivation. "Hardware refresh cycles have been pushed to limits we've rarely seen, and anticipated investment in this area is encouraging as companies prepare for a larger economic recovery," said Mark Gambill, CDW vice president, in a statement.

Nearly 50% of both corporate and federal IT decision makers expect budgets to stay the same, with just more than 30% expecting slight budget increases. The survey, conducted over two weeks in September, also showed that more than 50% of federal government IT workers anticipate increased budgets in the next six months. Twenty-seven percent of those polled expect to also invest in software across a significant part of their organization, while 45% anticipate software purchases for a smaller portion of their companies. Eighty percent of IT decision makers do not anticipate adding staff and plan to keep their personnel counts at current levels. While spending is set to increase in various sectors in big and small ways, depending on the organization, questions regarding IT staff seemed to garner the same response across the board. Twelve percent do plan to hire additional IT workers in the next six months, and 8% continue to consider cutting staff, the research found. "The confidence we began to see emerge in April with decreases in planned job cuts has now evolved into planned capital investments in IT infrastructure to increase efficiency and productivity," Gambill stated. "The down side is that the percentage of organizations planning investments in IT staffing has held steady and in some cases declined." Do you Tweet?

Follow Denise Dubie on Twitter

Security service protects PCs from attack

Start-up InZero Systems Tuesday makes its debut with a security service that promises to protect PCs from possible malware, intrusions and other types of attacks. The device protects the PC from Internet threats without relying on the more traditional antivirus scanning model. The InZero Secure PC service features what the company calls a "little black box" that, when plugged into a PC and attached to Ethernet cable, offers a "hardware sandbox" with its own CPU, read-only memory and stateful inspection firewall and encryption engine. There's also a version of the hardware that would fit inside a PC. The InZero Secure PC device, which externally measures about 3" x 4" x 1", also acts as a gateway that can prevent malicious code from being sent out as well through what he calls a filtering and conversion-engine mechanism. 11 security companies to watch "This completely isolated area is dealing with anything from the outside," says co-founder Louis Hughes, chair and CEO of the start-up, which was founded in 2005 with undisclosed investment from financial partners and now has 60 employees.

The InZero Secure PC service also includes an encryption capability for protecting applications that might be stored on the user's own PC, says another co-founder, Alexander Pyntikov, president and COO. "We believe hardware is the key to this," he notes, since using just software wouldn't provide the level of protection the company is striving to achieve. InZero Secure PC is intended for use by either business or consumer, and as a service, it is managed through a data center in the Washington, D.C., area. The hardware-based service also includes a way to use a VPN to encrypt traffic. Wesley Clark, chair of the InZero Systems advisory board, is expected to make an appearance as well touting the InZero Secure PC service and product. In a press conference in Washington, D.C., Tuesday, Phil Zimmermann, creator of PGP, is expected to speak on the topic of evaluating the encryption in the product, and Gen. InZero Systems says it has about 37 businesses trying out the security service, which is being offered free for one month, with pricing around $70 per month, and lower based on volume discounts.

Google Voice Frees Your Voicemail, and Your Number

Until yesterday, signing up for a Google Voice account required you to pick a new phone number - not a pleasant option for those who have kept the same digits for years. When you sign up for Google Voice - which is still not widely available to the public (you need to get an invite or request one) - you can either choose Google one-stop phone number or keep your own for a more pared-down experience. Now Google has enabled users to keep their existing phone numbers and get (most of) the features Google Voice offers, including Google's excellent voicemail service. Keeping your old digits gives you: Online, searchable voicemail Free automated voicemail transcription Custom voicemail greetings for different callers Email and SMS notifications Low-priced international calling Going for the full-throttle Google experience gives you all of the above plus: One number that reaches you on all your phones SMS via email Call screening Listen In Call recording Conference calling Call blocking If you already have a Google Voice number, you can add the voicemail option to any mobile phone associated with the account.

Happily, Google circumvented this problem earlier this month. Some of the awesome benefits are explained in Google's YouTube explanation: Since voicemails are transcribed and placed online, even made publicly available for sharing purposes, there has been some danger of said voicemails appearing in search results. These new features are both freeing and limiting: you can keep your number but sacrifice some of the goodies that make Google Voice a powerful contender in the telephony business. Follow Brennon on Twitter: @neonmadman Full number portability is likely coming in the future, after, of course, Google deals with AT&T, Apple, and the FCC. But some have high hopes that eventually the opposition will grow to accept and embrace Google Voice.

Microsoft plans six patches next week, ties November record

Microsoft today said it will deliver six security updates Tuesday, less than half the number it issued last month, to fix flaws in Windows and Office. The six slated for next week, however, tie the record for the most issued in November, traditionally a light month for Microsoft updates. The updates will patch a total of 15 separate vulnerabilities , Microsoft said in a follow-up entry to its security response center's blog. "Six is the lucky number this month," said Andrew Storms, director of security operations at nCircle Network Security. "Really, anything less than 13 is a lucky number." Last month, Microsoft released 13 updates that patched 34 vulnerabilities, both records since the company started shipping monthly updates more than six years ago.

In November 2006, the company also delivered a half-dozen security updates. Four of the six affect one or more editions of Windows or Windows Server; the other two will patch Office, specifically Word and Excel. In 2007 and 2008, however, it shipped just two each year in November, while it released only one in 2005. Of the half-dozen updates, Microsoft tagged three as "critical," the highest severity rating in its four-step scoring system, while the remaining trio were labeled "important," the next-lowest ranking. Because there are no outstanding Microsoft-generated security advisories, Storms was at a loss about what next week's updates might fix. "But Bulletin 1 looks interesting," he said, noting that the critical update would patch only Vista and Server 2008. "Historically, you would expect a Vista patch to also affect XP, and maybe even Windows 7," Storms explained. Last month, Microsoft released the first patches for Windows 7's final code. "There aren't any Windows 7 patches at all," Storms said. "So, so far so good." Windows 7 will be worth watching, however. "It will be more interesting down the road to see if Microsoft disclosed bugs they found in Windows 7, and fixed during development, but are just now going back and fixing in the older OSes." Another update to watch carefully next week is the one Microsoft named "Bulletin 3" in its advance notification , the monthly forewarning that includes only the barest of details. None of Tuesday's updates will affect Windows 7, Microsoft's just-released operating system, or the also-new Windows Server 2008 R2, the companion server software.

That update, also rated critical, affects everything version from the aged Windows 2000 to Vista and Server 2008. "I think No. 3 is the big one to watch next week," said Storms. The first update will impact Word 2002 and Word 2003 on Windows, and Word 2004 and Word 2008 on the Mac. Another researcher agreed. "Our sources unanimously suggest that Bulletin 3 will be the issue that needs to be addressed first this month," echoed Sheldon Malm, senior director of security strategy at Rapid7, in an e-mail. "[Users] should take inventory of where Windows versions are within their environments so they can plan testing and roll-out of the patch for Bulletin 3 as quickly as possible." The two Office updates, both important, will address issues in Word and Excel. The Excel update, on the other hand, will patch one or more problems in Excel 2002, Excel 2003 and Excel 2007 on the PC, Excel 2004 and Excel 2008 on the Mac. "The Office updates are interesting, but from what Microsoft gave us today, I think they'll be the kind of file format parsing bugs we've all come to know and love," Storms said today. Earlier this week, Microsoft acknowledged that the bulk of all attacks targeting Office in the first half of 2009 were leveraging a single vulnerability, which Microsoft patched in June 2006. This is the second month in a row that Microsoft has disclosed not only the number of updates it will ship next week, but also the number of flaws those patches will fix. Vulnerabilities in Office file formats have been a treasure trove for hackers, who have successfully exploited them for years.

And that's a good thing, said Storms. "That's great," he said. "It aids the planning process, because six bulletins could be six vulnerabilities or 20." Microsoft will release the six updates at approximately 1 p.m. ET on Nov. 11.

Hijacked Web sites attack visitors

Here's the scenario: Attackers compromise a major brand's Web site. The issue goes unnoticed until it's exposed publicly. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. Such attacks are a common occurrence, but most fly under the radar because the users never know that a trusted Web site infected them, says Brian Dye, senior director of product management at Symantec Corp.

But word can get out, leaving the Web site's customers feeling betrayed, and seriously damaging a brand's reputation. When his company tracks down the source of such infections, it often quietly notifies the Web site owner. Attackers, often organized crime rings, gain entry using techniques such as cross-site scripting, SQL injection and remote file-inclusion attacks, then install malicious code on the Web server that lets them get access to the end users doing business with the site. "They're co-opting machines that can be part of botnets that send phishing e-mail, that are landing sites for traffic diversion and that host malware," says Frederick Felman, chief marketing officer at MarkMonitor. That possibility is one of Lynn Goodendorf's biggest worries as global head of data privacy at InterContinental Hotels Group. "I worry about attacks that use a combination of malware and botnets," she says, adding that she has watched this type of activity increase steadily over the past two years. "That's very scary," says Goodendorf. But because the business's Web site isn't directly affected, the administrators of most infected Web sites don't even know it's happening.

Most victims haven't associated such attacks with the Web sites that inadvertently infected them. The latest versions of Microsoft's Internet Explorer browser and Google's search engine detect sites infected with malware, issue a warning and block access to the site. "To me, this is serious online brand damage," says Garter analyst John Pescatore, and it can be disastrous for small and midsize businesses that totally depend on search engine traffic. But that may be changing. The next frontier, says Dye, may be attackers who use these types of exploits against the Web sites of high-profile brands and then publicize - or threaten to publicize - what happened. But Pescatore sees a more fundamental problem: rushing through Web site updates and ignoring development best practices designed promote security.

Preventing attacks like SQL injections requires using enterprise-class security tools, such as intrusion-prevention and -detection systems, with a focus on behavioral analysis to spot attacks, Dye says. Most organizations follow formal processes for major upgrades, but not for the constant "tinkering" that takes place. The result: Vulnerabilities creep into the code. "Security groups often are forced to put Web application firewalls in front of Web servers to shield [these] vulnerabilities from attack," says Pescatore.

Using the Internet makes people smarter, study finds

Could it be that the Internet actually - gasp! - makes you smarter? The researchers said they found that surfing the Web seemed to stimulate neural activity and possibly enhance cognitive functioning in the mature group of Internet users . Just a week online increased brain activity twofold in the oldest Internet users studied, noted the scientists. "The results suggest that searching online may be a simple form of brain exercise that might be employed to enhance cognition in older adults," said Teena D. Moody, a UCLA senior research associate, in a statement. That's the word from a team of scientists at the University of California, Los Angeles , who reported this week that new Internet users between age 55 and 78 improved their scores on decision-making and complex reasoning tests after just seven days online. The researchers reported that using the Internet triggers key centers in the brain that usually atrophy with age and lack of use.

The UCLA team studied 24 adults - half of whom used the Internet daily, and half with very little online experience. However, when people begin using the Internet, it positively affects cognitive functions and alters the way the brain encodes new information. "We found that for older people with minimal experience, performing Internet searches for even a relatively short period of time can change brain activity patterns and enhance function," said Gary Small, a professor of psychiatry at UCLA and the study's author, in a statement. At the start of the program, the volunteers did online searches for information while undergoing MRI scans that recorded brain circuitry changes. After the two week period, the participants underwent a second brain scan. The they each went home and conducted Internet searches for an hour a day for seven days over a two-week period.

According to the researcher, the volunteers that had little Internet experience showed a marked improvement in areas of the brain that control memory and decision making. The UCLA team now plans to investigate the affects of online search on younger adults.

UMC posts best Q3 in years on stronger chip sales

United Microelectronics (UMC), the world's second-largest contract chip maker, reported its best quarterly net profit in two years on Wednesday due to strong chip sales. It is optimistic about the fourth quarter, as it expects average selling prices to rise due to an improved product mix. The company's positive momentum in the second quarter carried over into the third quarter, it said.

The global chip industry has continued to rebound after bottoming in the first quarter of this year as the global recession gripped financial markets. The last time UMC posted a better net profit was in the third quarter of 2007, when it reported net profit NT$9.23 billion. Stronger chip shipments sent UMC's sales for the third quarter up 11 percent year on year to NT$27.41 billion (US$843.9 million) as it turned to a net profit of NT$6.1 billion from a loss of NT$1.4 billion in the same quarter last year. The chip maker warned that the appreciation of the Taiwan dollar and some seasonal factors may hurt its shipments in the fourth quarter. UMC expects its chip shipments to remain flat or drop as much as 3 percent in the fourth quarter compared to the third, but average selling prices could rise as much as 3 percent. Chip sales normally peak in the third quarter because gadget makers need to install them inside devices ahead of the gift buying season for end-of-the-year holidays.

Demand for chips in consumer electronics is expected to grow, while the computer segment might show some weakness, UMC said. UMC also on Wednesday announced it plans to buy all stock in UMC Japan Challenges in Japan's chip industry could cause a surge in outsourcing to contract chip makers such as UMC, the company said, but UMC Japan is losing money and could continue to lose money and be unable to capture new business without help from the parent company in Taiwan. The company will spend US$500 million on new factory equipment this year, and plans to substantially increase capital spending on cutting edge chip production gear next year. UMC will offer nearly NT$2.44 billion for outstanding shares of UMC Japan.

SAP, Salesforce.com make apps with Google Wave

Google's Wave communication and collaboration platform is getting early interest from enterprise application vendors like Salesforce.com and SAP. Both companies have built prototype applications using Wave, which was released in preview mode for about 100,000 users on Wednesday after being available only to developers. SAP Research and the vendor's NetWeaver development team created an application called Gravity using Wave. Wave combines a range of technologies such as document sharing and instant messaging into a system for real-time collaboration.

In a demonstration video, Gravity is used to develop process models for a hypothetical merger between an insurance company and a bank. Meanwhile, Salesforce.com created an extension that employs Wave for customer service. Once completed, the process models are exported into SAP's BPM (business process modeling) software for further refinement. A demonstration video shows how a customer in need of support can use Wave to start a dialogue with an automated support robot. If the robot can't answer the user's questions, the user can request a live representative, who joins the conversation.

The system also creates a case record in Salesforce.com. Google is mulling the prospect of a "monetizable wave extension store," according to an official blog post, through which these applications and others could conceivably be sold. But while Wave is an intriguing technology, at this point it doesn't quite meet the needs of enterprises, according to Redmonk analyst Stephen O'Grady. "For both ISVs and enterprises, the usability will have to be improved," he said. "It's still an intimidatingly new technology for less technical users, so Google would do well to work with potential partners to abstract needless complexity and exposing only the business functionality required." Google acknowledged that Wave remains a work in progress in an official blog post this week, saying it "isn't quite ready for prime time" and noting that key features, such as a draft mode, remain to be implemented.

Apple lays out carbon footprint data

Apple has been pretty forthcoming about its environmental policies in recent years, but given the company's high profile, groups such as Greenpeace have continually pushed for even more transparency. Apple has taken flak in this department for trailing behind the likes of Dell and HP, both of which publish their annual carbon emissions, to the tune of 471,000 tons and 8.4 million tons respectively. This week, Apple overhauled the environmental section of its website with more data about its efforts, most prominently featuring an extensive breakdown of the company's annual corporate carbon emissions.

Apple, on the other hand, calculates it generates 10.2 million metric tons of greenhouse gas emissions in a year. For example, those companies' figures don't take into account the impact their products have on the environment during their lifetime. Although Dell and HP's numbers might sound significantly more environmentally friendly, it turns out that they're limited in what they actually measure. Apple, on the other hand, has explicitly broken down exactly where those 10.2 million tons come from: 38 percent from manufacturing, 5 percent during transportation, 53 percent from product use, 1 percent from recycling, and 3 percent from its own facilities. It would seem the ball is now in the court of competitors like Dell and HP, who will may quickly come under pressure to provide results as extensive as Apple's own. More to the point, the information Apple is now providing about its carbon footprint aims to reframe the debate over what it means to be an environmentally-friendly company.

Some environmental experts have lauded Apple's efforts and are hopeful that the move will spur those competitors to follow Apple's lead. But even the harshest of Apple's critics have acknowledged that Apple seems to be making genuine strides in the direction of environment friendliness. [via BusinessWeek] As always, there are also naysayers who think that Apple is only disclosing selective information that paints it in a positive light.

Nook e-reader pushes Barnes & Noble into crowded market

Barnes & Noble's new e-reader, reportedly dubbed the Nook, propels the bookseller into an increasingly crowded market for similar devices. The Nook reportedly runs on the Android OS . An official announcement from Barnes & Noble about the device was expected today, but had not been made as of 1 p.m. ET. The Gizmodo Web site has already posted leaked photos of the Nook, and said it has a dual screen. Priced at $259, the Nook will compete directly with the latest Kindle device from Amazon.com, according to the New York Times and other reports.

That's similar to an Android e-reader called Alex, from Spring Design Inc. The Nook has a smaller secondary screen than Alex, however. Alex, which features dual screens - one for monochrome text displays and the other, in color, for Web browsing and to provide additional media to supplement the text - was unveiled yesterday. An important distinction for the Nook is that it will allow users to lend their digitized books to friends, according to the Times . It also downloads wirelessly, as the Kindle does via Sprint Nextel's network, and as the Reader Daily Edition from Sony will do when it goes on sale in December. Plastic Logic Ltd. is also planning an e-reader, and yesterday said it will unveil the QUE (pronounced Q), an e-reader for business professionals, at the Consumer Electronics Show on Jan. 7. It will be less than a third of an inch thick and measure 8.5 inches by 11 inches, but few details have been released. The e-reader market is further crowded by the iRex DR800SG from Irex Technologies, which is due out this month and uses the Verizon Wireless network.

Analyst firm iSuppli Corp. expects five million e-readers to be sold in 2009, although Codex Group expects that number to be less than four million. Barnes & Noble created an e-bookstore at BN.com in July, selling digital editions that can be read on BlackBerry, the iPhone, laptops and desktops. And iSuppli expects the number sold will exceed 13 million in 2010, given growing interest in the devices. At International CTIA two weeks ago, the Motorola Cliq was shown with the ability to access BN.com to read digitized books, and representatives from the bookseller said then that they were seeking a broad variety of smartphones for users to access e-books. The Nook will reportedly be sold at Barnes & Noble stores and nook.com.

But the Nook shows Barnes & Noble sees value in a specialized e-reader as well. The site was not live as of early afternoon.

Microsoft shows off Bing tool for measuring ad effectiveness

Microsoft on Monday demonstrated a new tool for its Bing search engine that will allow advertisers to measure the effectiveness of their ads with online users. Mehdi pointed out that statistics show that 39 percent of Web users do 65 percent of the online searches, so it would be beneficial for advertisers to see which of those "heavy users" are targeting certain ads, versus which ads are favored by "light users." The tool Microsoft created shows where the interest in a marketing or advertising campaign is specifically coming from, he said. Speaking at the IAB MIXX Conference and Expo 2009 in New York on Monday, Yusuf Mehdi, senior vice president of Microsoft's Online Audience Business group, showed off what he called a "user-level targeting" tool that allows Microsoft to see which search-based ads that appear in the Bing search engine are getting the most traffic and from where. "What we're doing with Bing for vigorous measurement is we're matching the exact ad online with the exact user," he said. This measuring ability for Bing was demonstrated as part of Mehdi's presentation, in which he discussed how Microsoft is applying lessons it's learned from studying advertising campaigns and creating technology to reflect that learning.

You have to pick and focus." Microsoft revamped and rebranded its Live Search engine "Bing" in June, and making it more effective for search advertising is something the company continues to work on, Mehdi said. One of those lessons was what he characterized as "relentless measurement and optimization" to find out what ads are most effective so they can be better targeted to their proper audience. "One of the big things is trying to build a loyal fan base for the product," he said. "You can't just go out and put your message everywhere. It was unclear from Mehdi's presentation whether this technology is available for advertisers using Bing today or whether it's just something Microsoft is using internally. This kind of ability to measure what kinds of online advertising is working with users is becoming essential as more and more business is being done on the Web. A representative from Microsoft's public relations firm, Waggener Edstrom, declined to answer follow-up questions about the technology or his presentation.

In fact, Microsoft competitor Adobe Systems - an executive from which spoke before Mehdi on Monday - last week said it was purchasing Web analytics company Omniture to build measuring technology directly into Adobe's tools for creating online media.

Piracy's global economic impact debated

There's no question that software piracy is a global problem with a heavy financial impact. A May 2009 report by the Business Software Alliance and IDC estimated that 20% of software programs installed in the U.S. last year were unauthorized copies. But just how heavy it is is a matter of debate. Worldwide, the figure is 41%, with an estimated financial impact of $53 billion - a figure based on the retail value of the pirated PC software.

If it were, the BSA's global loss figure of $53 billion would drop sharply, they maintain. "Obviously, not every piece of pirated software will be replaced immediately with legitimate software if underlicensing is addressed or sources of pirated stuff dry up," acknowledges Dale Curtis, the BSA's vice president of communications. But critics of the study say it fails to account for the possibility that pirated software could be replaced with Linux or other open-source options. But he says that over the years, IDC has found "a very strong correlation between piracy rates and software sales. One country that wasn't included is Canada - and that doesn't sit right with Michael Geist, a professor at the University of Ottawa. "What the BSA did not disclose is that the 2009 report on Canada (whose piracy rate declined from 33% to 32% in the study) were guesses since Canadian firms and users were not surveyed. In country after country, as the piracy rate falls, legitimate sales go up." A second criticism of the report is that its country-by-country figures are partly based on the results of an annual survey that in 2009 covered 24 countries.

While the study makes seemingly authoritative claims about the state of Canadian piracy, the reality is that IDC . . . did not bother to survey in Canada," Geist wrote in a May 27 blog post. Further, he says Canadian users were surveyed the previous year, and "there is no reason to assume large changes in results from one year to the next." Ivan Png, a professor of information systems and economics at the University of Singapore, says the BSA and IDC should explain how they applied the results from the 24 countries surveyed to all of the other countries not surveyed. "IDC should make the methodology transparent," Png says. Curtis responds that the study "is not a guess, nor is it a scientific measurement, nor is it based primarily on a survey of software users, as Geist suggests." A survey of 6,200 users is only a piece of the model, Curtis says.

Windows 7 drives RAM capacity explosion; Vista SP2 usage rising

Windows 7 will drive the average PC RAM capacity to 4GB in the next 18 months. There you'll find a collection of dynamic chart objects that provide a real-time view into data gathered from xpnet.com's nearly 20,000 contributing members. That's the conclusion of researchers at the exo.performance.network who are monitoring the ramp-up to Windows 7's launch on October 22. After evaluating data collected from early adopters of the Windows 7 RTM code spread across several hundred IT sites, the xpnet.com team observed that nearly 50 percent sported memory capacities of 4GB or higher, with some reaching as high as 12GB. The average of all Windows 7 PCs was 3.7GB, which is in stark contrast to Windows XP PCs, where the average RAM capacity (for all versions) hovers at just under 1.7GB. Windows 7 RAM installations also best Vista's average of 2.7GB. In fact, the move from a Vista-centric world to one defined by Windows 7 will likely drive a jump in RAM capacity (by 33 percent) comparable to the one experienced during the transition from Windows XP to Vista (a jump of 37 percent in installed RAM). [ Is your PC ready to run Windows 7? Find out by using InfoWorld's Windows Sentinel tool, which also lets you track performance and other aspects of your Windows PCs and servers. ] Note: You can check out the latest data from the exo.repository by visiting InfoWorld's Windows Pulse page. The bottom line: While much has been made about Windows 7's supposedly reduced memory footprint, the reality is that a combination of Moore's Law (as it applies to RAM density) and the harsh lessons of the Vista debacle are prompting customers to err on the side of caution and equip Windows 7 PCs with ample RAM out of the gate. [ If the charts in this story are not visible, you can see them in the original story at InfoWorld.com. ] Vista SP2 adoption risingThe adoption rate for Windows Vista Service Pack 2 ticked up a bit over the past few weeks.

Meanwhile, the number of systems reporting SP1 installed dropped 2 percentage points (now 72 percent), as did the few laggards still running the Vista RTM release (now at just under 8 percent). Given the breadth of bug fixes and performance enhancements provide by Vista SP2, including improvements to Bluetooth support and an improved wireless networking stack, xpnet.com researchers expect the adoption rate to climb steadily as IT shops finish internal testing and deploy it more widely. After lagging behind Service Pack 1 by a wide margin, SP2 is now gaining momentum, with nearly 20 percent of PCs reporting the newer service pack level. However, they also note that this trend may be tempered somewhat by the conversion of many long-term Vista deployment projects to Windows 7 when it becomes available. This should signal the tipping point for application developers who have been waiting for the technology to reach critical mass before investing in additional multithreading development/multicore tuning for the core product lines. Multicore pushes single-core into the minorityOne development the xpnet.com team has been watching closely is the transition from single- to multicore CPUs. Data from the exo.respository indicates that multicore is now the dominant CPU architecture, with fully 57 percent of the installed base sporting CPUs with two or more cores.

As InfoWorld's tests show, Windows 7 is strongly poised to take advantage of multicore PCs, more so than XP and Vista.

App Store success could change software-buying habits

More than 2 billion applications have been downloaded from Apple Inc.'s App Store, with more than 85,000 apps available to 50 million-plus iPhone and iPod Touch owners worldwide. After the App Store launched on July 11, 2008, it took nine months to hit 1 billion, and only six more months to hit 2 billion, noted Carl Howe, an analyst at Yankee Group Inc. "The more devices that are out there, the more people want to download software, and they see it's an easy and fun experience," Howe said in an interview. The numbers announced by Apple today are staggering to even normally reserved analysts, who noted that after a somewhat slower summer buying rate, App Store downloads globally have exceeded more than 10 million a day in much of September. It also helps that Apple has attracted 125,000 developers to its iPhone Developer Program, he noted.

With the success of the App Store and the growth in other application storefronts backed by BlackBerry, Android and others, "any digital media is fair game," Howe said. After the one-year mark was reached in July, analysts were heralding application stores, including several imitators of the App Store, as the new way to buy software. "You don't have to go to a store to a buy a disc and get the ultimate in instant gratification," Howe said. In fact, while games are a big hit on the App Store, both the free and the paid versions, Apple is calling attention to its "staff picks," which include a free app for the complete works of Shakespeare, with a text-sizing tool. Howe said one of the secrets of the App Store's success is the large number of devices downloading them, but another is the ease with which the apps are downloaded. "If you provide a friction-free way of buying things like App Store, which shortens the time it takes from an impulse to buy to actually buying something, you'll sell a lot," Howe said. "There's not a lot of time for buyer's remorse, and it's a lot like going past a magazine stand in a store and paying $3 for a magazine. In a 28.8 MB app, users get all 40 plays, 154 sonnets and six poems, as well as some works attributed to the Bard, although whether he wrote them remains in doubt. There's not a lot of remorse in buying that item." A Yankee survey of 1,200 U.S. smartphone owners showed that 18% of applications are paid for.

Even the recession has not held back this kind of impulse buying. "The recession doesn't seem to be having an impact. However with growth in the average cost of the paid apps, and the growth in the number of devices, the U.S. revenues from applications will grow by 10 times between 2009 and 2013, reaching $4.2 billion in 2013 . In that survey, more than 70% of all the apps downloaded in the U.S. were games. "It's interesting that you see how the App Store is doing when it was not that long ago - about 2001 when the dotcom bubble burst- that people were saying people would want information to be free on the Internet," Howe noted. These small impulse purchases are kind of recession-proof," Howe said. Enderle said the application store concept might have come along earlier had bricks-and-mortar retailers not objected. "The fact is, that with enough bandwidth, there's very little that can't be delivered over the Web," Enderle said. "We're witnessing what will probably be the end of the traditional software delivery model. Rob Enderle, an analyst at the Enderle Group, said the two billion mark is "outstanding" given the number of phones available for downloads.

App Store is an indicator that the times they are a changin'."

Microsoft defends its anti-malware software after Symantec piles on

Microsoft is defending the merits of its free Security Essentials anti-malware software after a top Symantec engineer badmouthed the new release. "Microsoft Security Essentials provides real-time protection that uses behavior monitoring and reputation services to help identify the malicious software as soon as it emerges in the ecosystem and then uses the Dynamic Signature Service to make the newest definitions available virtually real-time, without having to wait for the next signature download," Microsoft said in a statement. 11 security companies to watch Earlier in the week, Jens Meggers, vice president of engineering for Norton products, claimed the newly released Security Essentials is just an unimpressive recycling of Microsoft's discontinued Live OneCare technology for Windows desktops. "It's just stripped down OneCare," Meggers said, citing a report from Dennis Technology Lab that compared Norton AntiVirus 2009 to Microsoft Security Essentials and deemed Norton stronger in malware defense by about a 2-to-1 margin (the test was sponsored by Symantec). Microsoft expressed disappointment in Symantec's claims but did not rebut each of Meggers' remarks. In its statement Microsoft said it "continues to advocate for a defense in depth strategy that includes the use of anti-malware software, but also includes protections such as firewall and user account controls like those found in Windows, browser security like that in IE8 and continuous updates like those provided through Microsoft Update." Microsoft indicated it is offering Microsoft Security essentials for free because "we still see far too many consumers worldwide that do not have up-to-date protection either because they cannot afford it, are concerned about the impact the suites will have on the performance of their PCs, or because they simply do not realize their AV software is not up to date." Offering its software for free, said Microsoft, "will remove some of the barriers in the way of consumers having quality anti-malware protection today."

Microsoft aims to spark new business for Web developers

Microsoft has launched a program that gives Web development professionals the chance to get free software and technical support to help them get new businesses off the ground. The program is similar to Microsoft's BizSpark program launched last year, which provides software and other resources to startups, and the DreamSpark program, which does the same for students. Web development companies with less than 10 employees can apply for the new WebsiteSpark program, which was unveiled at the PICNIC conference in Amsterdam Thursday.

Eddie Amos, general manager for Microsoft's developer platform and tools group, said the company added WebsiteSpark because it realized there was a "hole" in the enablement programs where Web professionals are concerned. In the Web development and Web design space many companies already use products from Adobe and other Microsoft competitors. The programs also provide a way for Microsoft to get young companies and developers using its software in their businesses. Through WebsiteSpark - which companies can apply for online - Microsoft will provide three licenses for Visual Studio 2008 Professional Edition, two licenses for Expression Web 3 and one license for Expression Studio 3. Qualifying companies also receive four processor licenses for production use of both Windows Web Server 2008 and Microsoft SQL Server 2008 Web Edition. Cyrus Massoumi, whose company ZocDoc has been a part of Microsoft's BizSpark program, said getting free software and support has been a great benefit. The program also includes two technical-support incidents per company, access to community support through connections with other Microsoft partners and unlimited access to technical managed newsgroups on the Microsoft Developer Network.

ZocDoc provides a Web site through which people can book doctors' appointments. "The program enables us to work with Microsoft's latest technologies without worrying about cost, and the savings for our data center are significant," said Massoumi, ZocDoc's CEO and founder. The 2.0 version is available online for download. In addition to unveiling WebsiteSpark, Microsoft Thursday also updated its Web Platform Installer software, which simplifies the installation of Microsoft Web development software to make it easier to build Web applications.

You've got questions, Aardvark Mobile has answers

Aardvark has taken a different tack with search. And now the people behind Aardvark are bringing that same approach to the iPhone and iPod touch. The online service figures it's sometimes more productive to ask a question of an actual person-usually someone from within your social network-rather than brave the vagaries of a search engine and its sometimes irrelevant answers.

Aardvark Mobile actually arrived in the App Store nearly a week ago. Aardvark Mobile tackles the same problem as the Aardvark Web site-dealing with subjective searches where two people might type in the same keywords but be searching for two completely different things. "Search engines by design struggle with these types of queries," Aardvark CEO Max Ventilla said. But developer Vark.com waited until Tuesday to take the wraps off the mobile version of its social question-and-answer service. What Aardvark does is tap into your social networks and contacts on Facebook, Twitter, Gmail, and elsewhere to track down answers to questions that might otherwise flummox a search engine-things like "Where's a good place to eat in this neighborhood?" or "Where should I stay when I visit London?" With Aadvark's Web service, you'd send a message through your IM client to Aardvark; the service then figures out who in your network (and in their extended network) might be able to answer the question and asks them on your behalf. The majority of questions are answered in less than five minutes. Ventilla says that 90 percent of the questions asked via Aardvark get answered.

The iPhone version of Aardvark works much the same way. The service pings people for an answer, and sends you a push notification when there's a reply. Instead of an IM, you type a message directly into the app, tag it with the appropriate categories, and send it off to Aardvark. In previewing the app, I asked a question about affordable hotels in Central London-two responses came back within about three minutes from other Aardvark users. If you shake your mobile device when you're on the Answer tab, Aardvark Mobile looks up any unanswered questions that you may be able to provide a response for (while also producing a very alarming aardvark-like noise). "We think Aardvark is particularly well-suited to mobile, and especially the iPhone given how rich that platform is to develop for," Ventilla said.

In addition to push notifications, Aardvark Mobile also taps into the iPhone's built-in location features to automatically detect your location-a feature that can help when you're asking about local hotspots. You don't have to already be using Aardvark's online service to take advantage of the mobile app. Aardvark Mobile requires the iPhone OS 3.0. The free Aardvark Mobile app lets you set up a profile on your iPhone or iPod touch; Facebook Connect integration helps you instantly build up a network of friends who are also using the service.

Companies patch OS holes, but biggest priority should be apps

Corporations appear to be much slower in patching their applications than their operating systems - even though attackers are mainly targeting vulnerabilities in applications, according to a new report. "Now we know which vulnerabilities are being patched and which are not," says Alan Paller, director of research at the SANS Institute.   The report, "The Top Cyber Security Risks," is based on data collected between March and August and was a collaborative effort by SANS, TippingPoint and Qualys. The report shows that 80% of Microsoft operating system vulnerabilities are being patched within 60 days, but only 40% of applications, including Office and Adobe. The group analyzed six months of data related to online attacks, collected from 6,000 organizations using the TippingPoint intrusion-prevention system, along with data related to more than 100 million vulnerability scans performed on behalf of 9,000 customers of the Qualys vulnerability assessment service. Meanwhile, the majority of online attacks are aimed at applications, particularly client-side applications, making this the No. 1 priority named in the report.

The main attack methods used against Web sites were SQL injection and cross-site scripting. During the six-month timeframe, more than 60% of all attack attempts monitored by TippingPoint were against Web applications in order to convert trusted Web sites into malicious sites serving up malware and attack code to vulnerable client-side applications. In terms of vulnerability and exploitation trends, popular methods include attempting to brute-force passwords by guessing, with Microsoft SQL, FTP and SSH Servers among the most popular targets. Zero-day vulnerabilities - which occur when a flaw in software code is discovered and exploit code appears before a fix or patch for the flaw is available - were popular in targeted attacks, according to the report. Some of the main vulnerabilities being exploited include the malicious Apple QuickTime Image File download (CVE-20009-0007); Microsoft's WordPad and Office Text Converter Remote Code Execution Vulnerability (MS09-010); and multiple Sun Java vulnerabilities.

Six notable zero-day flaws in the past six months include: * The Adobe Acrobat & Flash Player Remote Code Execution Vulnerability (CVE-2009-1862)  * Microsoft Office Web Components, Active X Control Code Execution Vulnerability (CVE-2009-1136)  * Microsoft Active Template Library Header data Remote Code Execution Vulnerability (CVE-2008-0015)  * Microsoft Direct X DirectShow QuickTime Video Remote Code Execution Vulnerability (CVE-2008-0015)  * Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493)  * Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2009-0556) The report concludes by pointing out that finding zero-day vulnerabilities seems to be getting easier as "a direct result of an overall increase in the number of people having skills to discover vulnerabilities worldwide."

Oracle breaks silence on Sun plans in ad

Oracle Corp. ended it silence Thursday on its post-merger plans for Sun Microsystems Inc.'s Unix systems in an advertisement aimed at Sun customers to keep them from leaving the Sparc and Solaris platforms. Ever since Oracle announced in April its plans to acquire Sun, its competitors - notably IBM and Hewlett-Packard Co. - have been relentlessly pursuing Sun's core customer base, its Sparc and Solaris users. Oracle's ad to "Sun customers," makes a number of promises that includes spending more "than Sun does now," on developing Sparc and Solaris, as well as boosting service and support by having "more than twice as many hardware specialists than Sun does now." Analysts see Oracle's ad as a defensive move that doesn't answer some of the big questions ahead of the $7.4 billion merger with Sun . In fact, there may be a lot of room for skepticism and parsing of Oracle's claims, despite their apparent black and white assertions. Among the top hardware makers, Sun registered the biggest decline in server revenue in the second quarter, offering evidence that this protracted merger may be eroding Sun's value.

Europe is allowing until mid-January to sort this out, which keeps the merger in limbo for another quarter. Oracle wanted the acquisition completed by now but the European Commission this month said it would delay its antitrust review because of "serious concerns" about its impact on the database market. Analysts point out that Oracle's plans to spend more "than Sun does now," may be a little hallow because Sun's spending on developing Sparc and Solaris is probably at a low. "The ad sounds convincing - but perhaps being a word nitpicker, the Sun does now' might not mean much if Sun has drastically cut back due to plummeting sales," Rich Partridge, an analyst at Ideas International Ltd., said in an e-mail. "I think someone at Oracle suddenly realized that Sun was bleeding so badly that what would be left when Oracle finally got control would be worth a small fraction of what they paid and no one would buy the hardware unit," Rob Enderle, an independent analyst, said in an e-mail. But Enderle said the ad's claims do not preclude Oracle from selling its hardware division, and says the company "will have to support the unit for a short time after taking control; during that short time they can easily outspend Sun's nearly non-existent budgets." Gordon Haff, an analyst at Illuminata Inc., said if it was Oracle's plan to start on day one of the merger to shop the Sparc processor around, "would they have put this ad out? Taken at face value, the ad seems to indicate that Oracle will keep Sun's hardware and microprocessor capability and not spin it off, as some analysts believe possible. Probably not," he said. "Does it preclude Oracle from changing their mind?

Indeed, Oracle's major competitive concern was indicated in the ad in a quote by Oracle CEO Larry Ellison: "IBM, we're looking forward to competing with you in the hardware business." No. Companies change their mind all the time." An erosion of Sun's customer also hurts Oracle, because a lot of Sun customers are also Oracle customers, and Oracle doesn't want its existing customer to go to IBM and move away from Oracle's platform, Haff said.

Twitter attack relatively small potatoes

Although last week's distributed denial-of-service attack on garnered lots of headlines, analysts at Arbor Networks say that the attack was a relatively small operation that paled in comparison to big DDoS attacks that occur every day.

Arbor chief scientist Craig Labovitz says that Arbor's ATLAS 2.0 Internet monitoring system last week estimated that DDoS traffic directed at Twitter was not in the multi-gigabit range that characterizes most large attacks. Although he couldn't give specific data on just how large the Twitter attack last week was, Labovitz says that the attack was not as massive as media reports might suggest.

"We didn't see any evidence of a multi-gigabit surge towards twitter," he says. "Twitter has publicly said that they saw an increase in traffic but they haven't said anything about how much traffic yet."

When Rogue IT Staffers Attack: 8 Organizations That Got Burned 

In contrast, Labovitz notes that while Twitter was being attacked last week, an Asian ISP came under siege from a large DDoS attack that generated more than 30Gbps of DDoS traffic. According to Labovitz, such punishing attacks are commonly deployed against e-commerce sites, as well as sites that specialize in pornography and online gambling.

Moving forward, Labovitz says that Twitter will have to look hard at upgrading its ability to fend off more sophisticated attacks if it wants to maintain its uptime. In particular, Labovitz notes that even before being knocked offline by a relatively small DDoS attack, the microblogging site continuously experienced difficulties in keeping its site running smoothly during heavy usage hours.

"From everything I've read and observed about Twitter, it's come from nowhere and it looks like it's struggling with its growth," he says. "This DDoS attack and the continued Twitter growth has provided them with a need for upgrading their infrastructure."

Arbor's ATLAS Internet monitoring system is a collaborative effort that culls data from more than 100 ISPs, including British Telecom, Australian provider Netgen Networks and Indian provider Tata Communications. As part of their agreement with Arbor, all ISPs participating in the ATLAS system must share anonymous traffic data with one another on an hourly basis. Arbor recently upgraded its ATLAS system to monitor and collect real-time data for global Internet traffic, routing and application performance. Previously, the system had been used mostly to collect data on security-related traffic such as DDoS attack traffic.

Lawmakers: Electric utilities ignore cyber warnings

The U.S. electrical grid remains vulnerable to cyber and electromagnetic pulse attacks despite years of warnings, several U.S. lawmakers said Tuesday.

The electric industry has pushed against federal cybersecurity standards and some utilities appear to be avoiding industry self-regulatory efforts by declining to designate their facilities or equipment as critical assets that need special protection, said Representative Yvette Clarke, a New York Democrat and chairwoman of the U.S. House Homeland Security Committee's Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.

"This effort seems to epitomize the head-in-the-sand mentality that seems to permeate broad sections of the electric industry," Clarke said.

The U.S. electric grid is an "obvious target" for enemies of the nation, and a major outage would affect all aspects of everyday life, Clarke said during a Tuesday hearing. "We simply cannot afford to lose broad sections of our grid for days, weeks or months," she said.

Despite years of warnings from lawmakers, electric utilities' efforts to secure themselves against cyber or electromagnetic pulse, or EMP, attacks seem to be lagging, Clarke added. During a three-year subcommittee review of electrical grid security, committee members and staff talked to hundreds of experts and read thousands of pages of studies, she said.

"They all reached one conclusion: The electric industry has failed to appropriately protect against the threats we face in the 21st century," Clarke said.

While the hearing mostly focused on cybersecurity, lawmakers also talked about the threat of an EMP attack on the U.S. An EMP is a burst of electromagnetic radiation, usually from a nuclear explosion. While such an attack may be unlikely, an EMP attack could shut down the electricity grid over a wide area and bring the U.S. to a standstill, some lawmakers said.

Representatives of the electric industry said they've worked hard to improve cybersecurity, and they share the lawmaker concerns about EMP attacks. The electric industry needs better information about how to protect against EMP attacks, said Steven Naumann, vice president of wholesale market development at Exelon, an electric utility.

Part of the problem with cyberattacks is that the U.S. government doesn't share enough up-to-date information, Naumann added. "In general, the North American gird is well-protected against cyberattacks - at least those attacks that we know about," he said. "It's hard to protect against something you don't know."

Many electric utilities have taken significant steps in recent years to improve their cybersecurity, added Mark Fabro, president and chief security scientist at Lofty Perch, a control systems security vendor. The electricity grid will continue to converge with the Internet and that will introduce vulnerabilities, he added, but many utilities are working hard to improve security.

"We continue to witness excellent examples of effective cybersecurity activities from many entities, and observe progress that does not align with the popular opinion that the bulk power system is rife for total system compromise," Fabro said.

But several lawmakers said they're concerned that the electrical grid will become more vulnerable as its controls move onto Internet Protocol networks. "There is a massive computer espionage campaign being launched against the United States by our adversaries," said Representative Bennie Thompson, a Mississippi Democrat and chairman of the full Homeland Security Committee. "Intelligence suggests that countries seek or have developed weapons capable of destroying our grid."

Opera CEO defends Unite against security concerns

Opera Software's CEO defended the Unite feature of the forthcoming Opera 10 browser against charges that it will increase the risk that hackers can break into people's PCs.

In an interview in New York recently, Opera CEO Jon von Tetzchner said that the decentralized nature of Unite, a feature that turns each person's PC into a Web server by putting that capability in the browser, makes it more difficult for hackers to break into computer systems, not easier.

"When you're hacking a single system, if you have everything that belongs to everyone in one location, you only need to break in once," he said. "If you have it in different computers it's a little more complicated. If you get into one Web server and everyone's data is in there, that's easier than getting into a million computers."

Moreover, Tetzchner said some of the fear that hackers will have a field day with Unite has to do with the fact that it's a new and yet unproven technology about which security risks are an unknown, rather than a real danger with the technology.

"I think a lot of people are concerned because this is a new piece of technology," Tetzchner said. "I don't see this as making this more of a target that you have been before."

Opera Unite, introduced last month, is new software planned for Opera 10 that includes a Web server in the browser that connects it to an Opera proxy server, which then allows the browser to serve content to the rest of the Internet. It is currently available in alpha release.

The idea is to simplify things for people who want to host their own Web pages and share files with others via the Internet - with Opera's architecture, they don't have to configure firewalls or worry about their Internet service providers blocking Web server traffic.

However, security researchers have expressed concern that putting a Web server on every PC will make it easier for hackers to break into PCs. Web servers are the primary way hackers to break into computer systems and spread malicious code via the Internet.

While security experts may beg to differ about Tetzchner's assessment of the new service, Opera's CEO said that the company is spending a "fair amount of time" ensuring the new feature will be secure as possible.

However, he stopped short of saying how Opera might specifically address any threats that may crop up due to the new feature other than to stay on top of security risks to the Opera browser as vigilantly as the company does today.

IBM: Riding strong service component

Company: IBMEntry: IBM/Brocade/JuniperMorning Line: 3 to 1Tip sheet: Will try to ride strong service component to the winner's circle

Ask IBM about the next-generation data center and company officials will begin talking about the dynamic infrastructure, and describing how that is forever expanding outward as enterprises embrace mobility and increase the numbers and types of devices in use.

IBM is pulling together the server, storage and networking resources needed to support this expanding infrastructure, then topping that off with software for managing the environment. Virtualization across the entire infrastructure, meaning all classes of servers, storage, networking and applications, is a critically important enabling technology, and energy management an underpinning as well, describes Pete McCaffrey, director in IBM System and Technology Group.

If that doesn't sound so different from what Cisco and HP have planned that's because it isn't. But IBM does talk up its services capabilities more than the others. For example, McCaffrey touts the recently introduced IBM Service Management Industry Solutions, which pull together various service management services and software from IBM and its partners, to help organizations centrally manage their expanding infrastructures. He also pitches a new networking service aimed at helping enterprises with consolidation and virtualization.

"Our clients aren't only looking for technologies. They're also coming to us and saying, 'How do I move forward?'" McCaffrey says.

Some of IBM's more intriguing moves are networking-related, industry watchers say.

Although IBM officially says it is not backing away from Cisco as a strategic partner, the company has decided to put its label on and resell Ethernet gear from Brocade, and it is collaborating with Juniper Networks on hybrid public-private cloud capabilities.

That IBM is rebranding the Brocade switches and routers is telling about how frayed the Cisco relationship may be, says Zeus Kerravala, a senior vice president at Yankee Group. "That kind of move is more common in IT, not networking, he says.

On the compute side, IBM needs to do more work than either Cisco or HP in terms of creating the fabric over which the myriad resources are assembled, says George Weiss, a vice president and distinguished analyst with Gartner.

"It can do storage, and the server components in blades, and outboard the networking part, so it does deliver a fairly integrated type of architecture. But it's not as componentized and virtualized as what Cisco or HP are doing," he says.

If IBM can't compete on an architectural plane in the same ways the competition appears to be delivering benefits and ROI, then it could lose opportunities and market share, Weiss says.

Kerravala gives the nod to HP as having a bit of an advantage over IBM. "HP seems to have been thinking about this longer than IBM," he says. "IBM seems to be in a bit of reactionary mode."

But IBM stands by its looser architectural approach. "A one-size systems approach isn't going to work in this world," McCaffrey says. "We will continue to invest in different systems and platforms that are optimized to perform certain types of work, and we'll do this in a way that allows us to deliver a level of choice with special-purpose processing but still be manageable in a common, integrated fashion."

Tiny .biz domain names to be auctioned off to highest bidders

How much is x.biz or .ge.biz worth?

Clock is ticking on .me domain names

That's the question NeuStar is asking the Internet e-commerce community as it adds one- and two-character names to the .biz domain and makes them available to the highest bidders.

NeuStar on June 1 announced plans to sell one-character domain names - using the letters A through Z as well as the numbers 0 through 9 - with the .biz extension. For example, the domain names www.i.biz and www.7.biz will be for sale via auction.

Bids for the 36 possible one-character names are due to NeuStar on July 30. These names are expected to be operational in August.

Also in August, NeuStar will begin selling two-character domain names that can be used to represent company names, stock symbols, state or city names such as www.ms.biz or www.az.biz.

NeuStar said proceeds from the auction of the one- and two-character domains will be used to market the .biz brand to the benefit of all .biz registrants.

A handful of one-character domain names already exist on the Internet, dating back to the early 1990s when the late Jon Postel managed all domain name registrations. These names are: q.com, x.com, z.com, i.net, q.net and x.org. 

The .biz domain is the first top-level domain to get approval from the Internet Corporation for Assigned Names and Numbers to sell one-character domain names, NeuStar said.

"We think one-character domain names will have strong branding appeal," says Tim Switzer, NeuStar's vice president for Registry Services. "They'll make for a very memorable kind of domain name."

NeuStar also sees potential in two-character names, which will be available using a combination of letters and numbers such as www.aa.biz or www.a1.biz. Two-character .biz names will be operational in October.

Two-character domain names are likely to raise more intellectual property issues than one-character domain names because of their connection to company names, Switzer admitted.

"I can see two-character names being used with company names, stock symbols or the respective chambers of commerce for the states," Switzer says.

Two-character domain names are already available in the .net and .com domains.

The .biz domain has more than 2 million domain names registered, focused primarily on small and midsized businesses.

The phenomenon of short domain names may be spreading across the Internet. Switzer says the .pro and .travel domains have already requested permission from ICANN to sell one- and two-character domain names, too.