|
|
|
| Related Articles |
| Book ahead or be priced off the trains, says rail watchdog |
29 November 2007 |
| Flexible rail travel is becoming the preserve of the rich and everyone else
must book well in advance to get an affordable ticket, the official
passenger watchdog said yesterday in response to fare increases of double
the rate of inflation. |
| |
| Higher Royalty Rates Are Killing AOL and Yahoo's Web Radio Stations |
28 November 2007 |
| The recent hike in royalty rates for internet radio stations put many smaller stations out of business. Now it looks as though it will also kill AOL and Yahoo's radio services, which the two companies spent hundreds of millions of dollars to acquire. |
| |
| Congress' "anti-extremist" bill targets online thoughtcrime |
28 November 2007 |
| Warning that the Internet "aids" in promoting extremism and radicalization, the House has voted to create a commission to prepare a classified report on the topic. This may not turn out well. |
| |
| Web pioneer discusses science of the Internet |
28 November 2007 |
| Video: Web pioneer discusses science of the Internet. Tim Berners-Lee, considered to be the father of the Web, speaks with scientists and Silicon Valley executives at HP Labs in Palo Alto, Calif., about where he sees the Internet going in the next five years. |
| |
| Client-side vulnerabilities loom large |
28 November 2007 |
| Critical vulnerabilities in common PC software, including both applications and operating systems, continue to grow in number and stand as the leading cause for concern in the IT security landscape today, according to training experts at the SANS Institute.Holes in so-called client-side applications, including Web browsers, e-mail clients, productivity suites, and media players, have become particularly worrisome over the last year, according to SANS, which highlighted the issue as part of its annual report on the top 20 Internet security risks for 2007.As hackers have shifted their attention further away from operating system flaws and drilled down to applications-layer vulnerabilities they have found a seemingly endless wealth of possibilities for infecting PCs with everything from spyware to botnet programs, SANS researchers contend.Unless something can be done to improve software developers' coding habits or better test popular applications for such issues before they land on end-users' machines, attackers will be able to continue their successful assaults against enterprise networks and devices for the foreseeable future, said Rohit Dhamankar, project manager for the Top 20 report at SANS and a senior manager of security research for TippingPoint.?"There's just been such a dramatic rise in the numbers of vulnerabilities found in applications like Internet Explorer and Microsoft Office and a number of media players that attackers are having their way," said Dhamankar. "Enterprises are bolstering security, but desktop users still pose a massive risk if they can download anything they want from the Web; the attacks are also growing in sophistication to the extent that many can defeat antivirus and other security systems primarily by obfuscating their code."Some of the most powerful tools that hackers have adopted in hunting for potential targets are the same industrial-strength applications fuzzing tools that software vendors themselves are using to search for holes in their products, said the expert.Enterprises could do themselves a favor by enforcing stricter policies that dictate the types of applications that end-users are allowed to put on their work machines and using technical means to ensure that those rules are being followed, Dhamankar said.Other SANS researchers noted that while companies may not want to tell end-users that they cannot utilize media players, messaging clients, and other applications that have moved into the business world from the consumer sector, they could help themselves out by limiting the variety of client-side applications that people may choose from."IT departments can't focus on all the applications of the world, but they can choose several and keep their eye on those while allowing end-users some freedom," said Amol Sarwate, research manager at Qualys who studies vulnerability patterns for SANS. "What companies need to do is enforce standards for applications usage and utilize technical means to block unwanted software, devices, and even wireless access points."While many businesses have already realized that they need to shift more of their efforts toward defending client-side vulnerabilities, most have failed to embrace a proactive approach versus simply keeping track of publicly-reported flaws and patching those issues said Sarwate.Enterprises need to think about future security issues
It will be particularly important for firms to examine the additional security issues that will be introduced in the coming years with broader adoption of technologies including VoIP (Voice over IP), according to the expert."The key is for people to start thinking ahead of these client-side vulnerabilities to understand what the next big thing may be. Things like VoIP need to be examined for their security implications," said Sarwate. "Many companies are already adopting these tools because of all the advantages they offer, but there will be many attacks carried out against these systems as well."Among the advice that SANS is offering organizations hoping to improve their client-side security coverage is to mandate secure configurations at installation time for all applications, to constantly verify patching and upgrading of both applications and system software, to scan for new vulnerabilities frequently, and to keep their security systems up to date.Other leading areas of concern highlighted by SANS in its report included critical vulnerabilities in Web applications that allow for cross-site scripting attacks or for computers to be otherwise compromised simply by pointing their browsers at poisoned URLs."Gullible, busy, accommodating computer users," including executives, IT staff, and others with privileged access also remain a major weak point for enterprise security, according to SANS, as these seemingly more seasoned users of computers and software are still falling for increasingly targeted spear-phishing campaigns in large numbers.One of the best ways to educate users about the problem is for organizations to create fake spear-phishing threats and send them out to internal users to determine which individuals might be most likely to fall for the schemes and follow up with additional training, the group said.Critical vulnerabilities in the software and systems that provide the operating environment and primary services to computer users, or server-side software, remain another area of leading concern, according to SANS.Problems in Microsoft Windows services, Unix and Mac OS services, back-up and AV programs, management servers, database software, and VoIP technologies in particular are proving troublesome, according to the report.Many of those issues can be addressed by following the same advice offered for solving client-side vulnerabilities, SANS said in the research. |
| |
| Panelists: Content management, meet social networking |
28 November 2007 |
| Enterprise content management and social networking form a natural nexus that is already taking tangible form, a software executive said during a panel discussion Wednesday at the Gilbane Group's annual conference in Boston."People have real requirements to secure information, but also have a demand to interact with people," said John Newton, CTO of Alfresco, an open-source content management software maker. "We are starting to blur the lines between what's inside the enterprise and what's outside the enterprise."Panelist David Mendels, senior vice president of Adobe's enterprise and developer business unit, echoed the idea. "The biggest single shift we're seeing is from the infrastructure of content management to humans -- to how humans engage with it," he said. "The real question is, what experiences are you going to build for your end-users, and how are you going to securely connect that back to your back-end systems?"David Boloker, CTO of the company's emerging Internet technology group, touched upon security concerns as well. "When you end up in the Facebook world or the Web world, you have to ask yourself, is that information correct? Do you have to annotate it, do you have to clean that information?""There are people out there who will try to take your information or plant a worm," he added.Mendels predicted that enterprise rights management software for securing content will see wider use. "We've talked about this for a while, but I think we're really on the cusp of it starting to accelerate," he said.Beyond addressing bottom-line concerns, such as security, enterprises will soon be compelled to apply social-networking principles in a wider range of areas, said Andy MacMillan, vice president of product management in Oracle's enterprise content management division. "The Web is going to lead the way, but pretty soon, you're going to be talking about the call center, the checkout kiosk at the airport -- how do I personalize those things?"Panelists took questions following the main discussion. One audience member asked them to render an opinion on content management's adoption rate around the world.Newton said lower-cost options have diversified the roles of content management software: "We see content management being pulled into types of applications it normally wouldn't have been before.... It's changing -- it's much more democratized. It's not so much about compliance."Mendels said hosted content management services, such as Adobe's Share and Buzzword offerings, will see faster growth outside the U.S., particularly among SMBs.Panelists at one point peered into their respective crystal balls. Mendels said Adobe's goal moving forward is "creating applications and experiences that keep people in context."Ideally, he said, the current practice of jumping among e-mail programs, instant messaging services, and the phone would be no more. "We see a world where you should have all those experiences tied to one document," he said.Mendels gave the example of a person sending an e-mail that prompts the recipient to return the query by phone. "Instead of picking up the phone and calling you, the document can call you," he said.Boloker pointed to mashups, saying they represent a new "application paradigm we're all walking into." IBM is working on a drag-and-drop mashup development environment called QEDWiki, which Boloker demonstrated for IDG News Service following the panel discussion.MacMillan said enterprises must now focus on not just cataloging their structured and unstructured data, but also applying analytics against it. "I think the next big step for content management from the infrastructure layer is to turn BI loose on it," he said.But Newton's take centered more on philosophy than a given technology. The Web 2.0-social networking boom has unleashed a "wave of creativity" that stands in contrast to "introverted, left-brain thinking" types, in Newton's view. "What our industry needs to do is get out of our left-brain, introverted mindset," he said. |
| |
| Verizon Wireless' open network earns praise |
28 November 2007 |
| Verizon Wireless' decision to open its network to outside mobile devices and applications has won praise from several groups, including past critics.Verizon Wireless officials announced Tuesday they would open up their network to any devices and software customers want to use by the second half of 2008. Any device that passes a minimal connectivity test will be allowed on the Verizon Wireless network, officials said.That announcement drew applause from a wide variety of groups. Public Knowledge, a consumer rights group that has pushed for open network regulations from the U.S. Congress or the Federal Communications Commission, said it was "cautiously optimistic" about Verizon's decision.Verizon's decision could lead to "a more open network in the wireless industry at large," said Gigi Sohn, Public Knowledge's president. Wireless carriers have fought an FCC decision to require open access on a portion of spectrum in the 700MHz band to be auctioned starting in January, she noted."The Verizon announcement, however, is very limited," Sohn added. "If other carriers don't follow the same model, then consumers will still find their phones tied to a specific technology or wireless company. In order for an open network to become a reality, all carriers will have to participate."Verizon will still decide what phones can operate on its network, she said. Public Knowledge would prefer to have a third party decide what phones can operate on the Verizon network, she said.She also has continuing questions about prices. If Verizon continues to offer its preferred mobile phones at a discount, "then the adoption of the open model will be minimal, absent a rapid decline in cell phone prices," Sohn said. "We need to know whether the rates for Verizon service plans will vary for those with subsidized phones and for those customers with a phone bought elsewhere."Others were less guarded with their praise.Verizon's announcement, combined with the Google-led Open Handset Alliance, is a "significant" step toward the goal of more open wireless networks, FCC Chairman Kevin Martin, said in a statement."As I noted when we adopted open network rules for our upcoming spectrum auction, wireless customers should be able to use the wireless device of their choice and download whatever software they want onto it," Martin added. "I continue to believe that more openness -- at the network, device, and application level -- helps foster innovation and enhances consumers' freedom and choice in purchasing wireless service. I am optimistic that Verizon Wireless's commitment along with the upcoming spectrum auction will ensure an exciting new era in wireless technology for the benefit of all consumers."Solveig Singleton, an adjunct senior fellow with Maryland think tank the Free State Foundation, said Verizon's voluntary decision makes more sense than open network regulations, such as net-neutrality rules pushed by Public Knowledge and other groups."Requiring openness or neutrality beyond the basics now supported by demand would needlessly make development far more costly and slow," she said. "A company that wants to invent a new type of phone with cutting-edge features already has a good bit to think about without having to worry about new phones and networks being simultaneously built by everyone else."Many proposed net-neutrality rules would require wireless and broadband providers to treat all network traffic equally, she said."Mandate 'open' and 'neutral' everywhere all the time for everything, and innovation will slow to a snail's pace and network traffic will jam," she added. "Competition between operators to offer innovative combinations of services at special prices would become almost impossible. In this fast-changing context, a regulatory command to treat all traffic all the same is just a bad idea."Also praising Verizon's decision were Funambol, a developer of open-source calendar and messaging tools for mobile phones, and the New America Foundation, a think tank that has pushed for open access rules on the 700MHz spectrumThe FCC and Google deserve credit for pushing the issue forward, said Michael Calabrese, director of New America's Wireless Future Program."This appears to be a move to head off market entry and new wireless competition from Google and other Internet companies that would result if the incumbent carriers were unwilling to meet minimal FCC consumer choice requirements," he said in an e-mail. |
| |
| New software detects Web interference
(AP) |
29 November 2007 |
| AP - Increasingly worried over Internet providers' behavior, a nonprofit has released software that helps determine whether online glitches are innocent hiccups or evidence of deliberate traffic tampering. |
| |
 |
|
|
|