By Joan Goodchild
CSO (US)
May 11, 2010

FRAMINGHAM - Several reports today claim Facebook has hired former Federal Trade Commission Chairman Tim Muris to help the company defend their privacy policies. (See the San Jose/Silicon Valley Business Journal’s coverage.) 

The move comes after news last week that 15 consumer watchdog groups have filed a complaint with the FTC over Facebook’s new privacy settings, which, among other changes, now allows Facebook to share certain user information with several partner web sites.

Muris, who served as FTC chair for the Bush administration from 2001 until 2004, is currently an attorney with the Washington, D.C.-based firm O’Melveny & Myers and is co-chair of the firm’s antitrust and competition practice. Muris is known for creating the “Do Not Call” list during his time with the FTC. That list gives U.S. consumers an opportunity to limit the telemarketing calls they receive.

Facebook has been under increased scrutiny lately over revised privacy policies that give users less control over what data in their profile can remain out of public view. The site was also in the news recently after it was revealed that a flaw was causing some users private chat histories to be seen by other friends in their network. (Also see 10 Security Reasons to Quit Facebook). 

Reports Monday did not indicate when Muris would join Facebook. A report from AppScout claims Facebook issued a statement saying “Tim Muris has not joined Facebook.” 

Read more about data protection in CSOonline’s Data Protection section.

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Computerworld Philippines Staff
May 7, 2010

To secure an honest and orderly elections, local telco firm Eastern Communications and the Automated Election System (AES) Watch joined forces to focus primarily on the reporting of incidences related to the May 10 automated polls which will be the first time in Philippine history.

The AES Watch will use the so-called “Ushahidi crowdsourcing information software” to monitor the Philippine elections – the same platform deployed by monitoring groups for elections in India last year and in Sudan this year. Yet Eastern will utilize its tier 2 Data Center and connectivity to support the platform’s data management and transmission requirements.

AES Watch said the unique feature of the Ushahidi web-based platform is that the reports received are categorized and displayed on a digital map of the Philippines. The AES watch website (http://www.aeswatch.org) will be accessible to the public, and this, along with reports from various advocacy groups, will provide timely information with the hope that it will direct the Commission on Elections (Comelec) and proper authorities to address incidents that may affect the conduct of peaceful and credible elections.

Aside from monitoring elections, the AES Watch technology has been proven effective in monitoring emergency relief operations during the Haiti and Chile earthquakes; Ecology projects in Kenya, and the crisis from the Swine Flu pandemic. It was also used to track crime and violence in Atlanta, Kenya, South Africa and the Gaza Strip.  

Concerned citizens and other informants can simply send their incident reports via SMS, email or web. Moderators were assigned to upload incident reports to the website and will also be responsible to ferret out fabricated information – such as reports relating to different locations but coming from a single source – to ensure reliable reporting. TV stations and radio programs are expected to use the AES Watch generated data for reports and commentaries. 

The group added that aside from real-time reporting, the information can also be used for post-mortem analysis. – Tom S. Noda

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Computerworld Philippines Staff
May 7, 2010

Local power firm Visayan Electric Company, Inc. (VECO) went live recently with the Oracle Utilities Customer Care and Billing (CC&B) technology to achieve accurate reporting and faster response to regulatory requirements.

Bong Borja, assistant vice president, Information Services, Power Distribution Group, AboitizPower, described the CC&B as a highly configurable solution that helps VECO to manage all aspects of customer information and billing. VECO is a subsidiary of AboitizPower.

In photo are, from left: Peter Yates, project director, Oracle Utilities Consulting; Bien Garcia, VP - Admin , DLPC; Stephen Antig, project manager, Oracle Consulting; Jaime Jose Aboitiz, EVP and COO, AboitizPower; Joaquin Arambulo, country practice director, Oracle Consulting; Ben Arkoncel, AVP - Customer Services Group, VECO; Lito Masion, AVP - Information Services Group, VECO; and Bong Borja, project director, AVP - Information Services, Power Distribution Group, AboitizPower.

“With the help of Oracle Consulting, we now have the application we need to improve service delivery across all our DUs and to help us to compete more effectively,” Borja said, adding that his company AboitizPower has seven power distribution utilities, as well as 1,971 MW of installed generation capacity located throughout the Philippines.

According to Oracle, the CC&B is designed to deliver efficiency in processing customers’ requests for services, such as power connection, change of ownership, temporary disconnection, reconnection, billing adjustments and service retirement.  It also enables the utility to respond quickly to emergencies and customer complaints, as well as efficiently maintain customer records, integrate data for easier reconciliation, provide on-time and accurate billing and comply with changes in the power rate structure.

The application interfaces with Oracle Financials and business intelligence applications.

Oracle reported the implementation of CC&B at VECO provides AboitizPower with a standard, integrated and unified solution for its entire power distribution business. The solution will be rolled out to the other subsidiaries, starting with Davao Light and Power Company (DLPC).

“Around the world, utilities are under pressure to address customer demands, improve environmental quality and comply with regulatory requirements.  Oracle Utilities provides a choice of mission-critical applications to deliver tangible business results.  Our recent traction in the industry illustrates the solid value we bring to our customers,” said Jo-Anne Ruhl, vice president and general manager APAC, Oracle Utilities. – Tom S. Noda

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Tom S. Noda
Computerworld Philippines
May 6, 2010
 
Convergys announced Tuesday the worldwide availability of its Smart CIS Solutions, described as next generation billing and customer care solutions for the utility and energy markets.

The company said they designed their Smart CIS Solutions specifically to improve current utility operations while extending next generation functionality and scale for future utility operations.

Convergys said aging infrastructure coupled with continuing changes in new technology, customer awareness, and regulatory focus, are having a significant impact on the traditional utility business. Utilities all over the world, it said, are facing a future marked by high volumes of data, mandated complex rate structures, and new consumption models that include electric vehicles and consumer-based generation while saddled with legacy systems designed to support low transaction levels. 

Unfortunately, legacy systems are not only functionally challenged, they are also costly to operate, with small changes requiring months to complete and millions of dollars, Convergys added. For instance, existing billing and customer care options cannot fully realize the vision of the smart grid without a fundamental shift in the way they leverage data, manage customer relationships, and develop rate structures. 

“The smart grid will not be successful without the ability to put more information and choice into the hands of customers, empowering them to make wiser energy decisions,” said Stuart Ravens, principal analyst at Ovum.

He explained that utilities must carefully manage their customers both during and after smart meter deployment, particularly with regard to the introduction of time-of-use billing.

“Because the bill is the principal contact point a utility has with its customers, there must be a fundamental shift in the way utilities manage data, provide customer options, and bill for energy,” Ravens said.

Convergys claimed among the key benefits of the its Smart CIS Solutions include: risk minimization, faster time to market, and faster ROI breakeven.

“As smart grid rollouts expand, both the frequency and quantity of data are increasing exponentially.  This puts extraordinary stress on the systems that manage the data – but also presents opportunities to better optimize operations and enhance the customer experience through automation and real-time actionable intelligence,” explained Bob Lento, Convergys president, Information Management.  “Our solutions change the status quo of inflexible, costly, legacy systems.  Convergys’ 25-year experience helping large multi-national firms undergo network transformations gives us the technology and the process knowledge to ensure that our Smart CIS Solutions meet both current and future billing and customer care needs.”

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Computerworld Philippines Staff
May 6, 2010

EMC and IBM recently extended their technology licensing agreement for storage interoperability and technical support that allows customers to continue to deploy combinations of EMC storage and IBM Power Systems Technologies.

The five year agreement is both an extension and expansion of the two firm’s initial agreement in March 2006. It provides EMC with certain interfaces for storage interoperability and technical support for the IBM i operating environment. 

“This agreement underscores IBM’s commitment to open innovation and is consistent with our drive towards industry interoperability. The ability for IBM i clients to attach IBM or EMC storage provides them with broad industry choices to meet their growing workload needs,” said Jim Herring, director of IBM Power Systems Hardware Business Line.

According to Barbara Robidoux, vice president of EMC’s storage product marketing, the extension and expansion of the licensing agreement with IBM will help EMC in strengthening its commitment to provide mutual customers using the IBM i operating environment with industry leading storage systems, software and services.

The executives, however, did not disclose financial terms. The development is the latest in a series of agreements between EMC and IBM for the last seven years.

In October 2003, EMC and IBM announced a licensing agreement that provided EMC with access to a range of storage interfaces and functionality for other IBM Systems lines and agreed to a mutual exchange of open-standards based interfaces for improved manageability and interoperability.

Two years later in June 2005, the companies extended their cooperative support agreement, which facilitates mutual response to joint customer issues including, the IBM Power System and all other IBM Systems lines.

Later in June 2007, the companies extended their licensing agreement for the zSeries attachment architecture which enables the interoperability of EMC Symmetrix family of storage systems with IBM System z.  – Tom S. Noda

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Juan Carlos Perez
IDG News Service (Miami Bureau)
May 6, 2010

MIAMI - A bug allowed Facebook users to view their friends’ chat sessions on the site, prompting the social-networking company to disable its internal instant-messaging service. The bug also let people see their friends’ pending friend requests.

To exploit the now-patched hole, people had to manipulate “in a specific way” the site’s feature that lets members preview how their profile looks to each of their friends, Facebook said Wednesday on its official corporate page on the site.

The vulnerability existed “for a limited amount of time,” the company said. The chat function is now working again.

Technology news site TechCrunch first reported the bug and posted a video that demonstrates how the bug could be exploited.

“When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function,” a Facebook spokeswoman said via e-mail.

“We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented,” she added.

When asked how long the vulnerability existed, she replied: “We don’t have specifics on how long the vulnerability existed, but it was for a short period of time.”

John Simpson, an official with Consumer Watchdog, was displeased with the incident. “Once again we see what happens when companies push the technological envelope with little concern for consumers’ privacy rights,” he said via e-mail.

The bug reinforces the Electronic Frontier Foundation’s blanket recommendation for users on Facebook, said Peter Eckersley, an EFF senior staff technologist.

“What you don’t want the world to know about, don’t put it on Facebook,” he said in a phone interview.

“Facebook’s security engineering is improving, but it’s still not good enough that we’d ever advise people to put private, sensitive information there,” Eckersley said.

The bug comes at a time when privacy concerns regarding Facebook have heated up, after the company recently introduced features that allow third-party Web sites to tap into users’ profile data to personalize their experience for them.

Two weeks ago, Facebook announced it had revamped its application development platform so that its site and external sites can mesh their users’ “social graphs” to individually customize their interaction with them.

“People can have instantly social and personalized experiences everywhere they go,” said Mark Zuckerberg, Facebook’s CEO.

Key to this vision is Facebook’s Open Graph API (application programming interface) and Open Graph Protocol, a system to mark up objects in a uniform way so that Facebook and participating sites can understand them the same way.

Facebook also released plug-ins for developers to easily incorporate on their Web pages Facebook functionality, such as the already widespread “Like” button, which lets end-users express interest in content and inform participating Web sites.

Facebook’s site has become a highly complex technology operation serving a massive number of users, which increases the likelihood of breakdowns, so the company must be increasingly vigilant about preventing and fixing bugs and malfunctions, said Augie Ray, a Forrester Research analyst.

As Facebook grows in size and importance, with hundreds of millions of people using it to store and share very personal information, the stakes are sky-high whenever a bug causes a security or privacy breach, he said in a phone interview.

Not only can these incidents erode the trust end-users and advertising partners have on Facebook, but they also put the company at risk of civil lawsuits and government penalties, Ray said.

“Today’s incident doesn’t seem like an overwhelmingly substantial security breach, but it is serious enough to raise questions on the minds of end-users as to how much they can trust Facebook with their information,” he said.

“Facebook must make sure incidents like this one don’t accumulate to the extent they become a bigger legal or trust issue,” Ray added.

Once Facebook concludes its internal investigation of what went wrong and why, it would be in its best interest to provide more information about its findings, because transparency will help repair confidence among users and partners, he said.

Altimeter Group analyst Jeremiah Owyang predicts incidents like this will happen again. “Don’t expect this to be the last privacy mishap. As more users flock to Facebook, it’ll continue to innovate and change features in order to grow,” he said via e-mail. “Most consumers don’t give privacy a hard think until it impacts their lives directly.”

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Computerworld Hong Kong staff
May 6, 2010

HONG KONG - More than 95 percent of organizations expect to maintain or grow their use of software as a service (SaaS), Gartner said on Tuesday.

The research firm lately unveiled results of a survey where respondents cited significant integration requirements and a change in sourcing strategy as the top two reasons for adoption followed by high total cost of ownership (TCO).

The survey, said Gartner, was conducted in December 2009 and January 2010 and involved 270 IT and business management professionals from a variety of industries in North America, Europe, and AsiaPacific who were personally involved in the implementation support, implementation, planning and/or budget decisions related to the purchase of enterprise application software.

However, most companies still don’t have policies governing the evaluation and use of SaaS with only 39 percent of respondents indicating that such a policy or process exists, up just 1 percent from 38 percent in 2008, said Gartner.

“SaaS applications clearly are no longer seen as a new deployment model by our survey base, with almost half of those surveyed affirming use of SaaS applications in their business for more than three years,” said Sharon Mertz, research director at Gartner. “The varying levels of maturity within the user base suggest growing opportunities for service providers along the adoption curve, as organizations seek assistance with initiatives ranging from process redesign to implementation to integration services.”

Popular SaaS apps
The scope of functionality of SaaS applications has broadened significantly in recent years, Mertz noted. In terms of popularity for SaaS usage, the survey showed that e-mail, financial management (accounting), sales force automation and customer service, and expense management are the most popular in terms of current use, with more than 30 percent of the survey base using these types of applications.

In terms of expected investment levels in SaaS offerings over the next two years, survey respondents gave generally encouraging responses for software and service providers, with on average 53 percent of organizations expecting to increase investment levels slightly and 19 percent significantly, said Gartner. However, not all buyers intend to increase usage, with almost one-quarter of all respondents expecting investment levels to remain about the same, and 4 percent looking at a slight decrease in investment levels, the analyst house added.

In comparing current with new investments in future on-premises and SaaS investments within their organizations, 72 percent of respondents believe SaaS investments will increase, while 45 percent hold the same notion about on-premises budgets, according to the report.

Regionally, North America and Asia Pacific respondents indicated a stronger interest in procuring tools via a SaaS model, and, compared with those in Europe, show greater confidence that their organizations will increase investments in products offered as SaaS or through a subscription model through year-end 2010, Gartner noted.

Frowning customers
The survey also found that some organizations have found SaaS offerings to be less than optimal for some buyers, and 16 percent of respondents said that they are transitioning from SaaS to on-premises solutions.

Although there was no single outstanding reason that caused respondents to shift to on-premises, in general, the majority of organizations in this position was facing significant integration requirements and became unsatisfied with a TCO that became too high, said Gartner.

Despite the continuous adoption of SaaS across regions, more than one-third of the respondents have noted concerns on their recent SaaS deployments.

Most respondents with these issues are located outside North America, specifically in Asia Pacific where high-speed high-availability networks, are not as readily available as in North America, said Gartner, adding that issues with integration and customization were some of the primary issues cited by respondents overall.

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Grant Gross
IDG News Service (Washington Bureau)
May 6, 2010

WASHINGTON - Users of e-mail and cloud computing services need to have the same protections from law enforcement searches as do people who leave information on laptops or in office cabinets, witnesses told a U.S. House of Representatives subcommittee.

Congress should rewrite the 1986 Electronic Communications Privacy Act (ECPA), a law governing law enforcement agencies’ access to electronic information, to account for changes in technology in the past two decades, representatives of Microsoft and the Center for Democracy and Technology (CDT) said during a hearing Wednesday.

There’s widespread confusion over the law, said James Dempsey, CDT’s vice president for public policy.

The U.S. Department of Justice has asserted that federal agents do not need a court-issued warrant to request the contents of e-mail from vendors that store the e-mail, even though agents would need a warrant to see a document stored on a laptop or in a file cabinet, said Dempsey. Some courts have required warrants for stored e-mail, however.

In addition, beyond the confusion over warrants for e-mail stored for less than 180 days, the ECPA doesn’t require a warrant for e-mail stored by a vendor for longer than 180 days, even though many e-mail users expect those documents to be private, Dempsey said.

Many telecom and Internet service providers don’t understand the rules about what customer communications they are required to turn over, added Albert Gidari Jr., a partner with the Perkins Coie law firm in Seattle.

“These service providers are caught in the middle every day,” he said. “The best way to determine whether ECPA is out of balance is to take a look at what service providers do every day — that is, essentially, guess.”

Several members of the House Judiciary Committee’s Constitution, Civil Rights, and Civil Liberties Subcommittee said they were open to a revamp of the ECPA, although subcommittee chairman Jerrold Nadler, a New York Democrat, said Wednesday’s hearing would be the first of several on the subject.

A wide range of new technologies available since the ECPA was passed create challenges the law doesn’t address, Nadler said. “These robust new communications technologies bring with them new opportunities for law enforcement agencies, charged to protect us from … criminals, to intervene in our private lives,” he said.

In March, a group of tech vendors and civil liberties group, calling itself the Digital Due Process Coalition, launched a campaign for ECPA reform, saying Congress needs to make clearer wiretapping and surveillance rules for electronic communication.

Typically, law enforcement officials would have to get a court-ordered warrant to search a suspect’s PC or file cabinets, but law enforcement agencies can get access to some e-mail information, instant messages and other information stored in the cloud, as well as mobile-phone tracking information, through simple subpoenas, members of the coalition said.

The coalition’s launch came after the U.S. Department of Justice, in a February court hearing, asserted that it does not need a court-issued warrant to obtain cell site tracking information from mobile-phone carriers.

Representative Hank Johnson, a Georgia Democrat, called on Congress to rewrite the ECPA. “I would hate to see a [communications] company turned into an agency for law enforcement at the expense of their customers,” he said.

While several lawmakers appeared sympathetic to the arguments from Dempsey and Gidari, others seemed to struggle with the technologies discussed in the hearing. Representative Mel Watt, a North Carolina Democrat, said he hadn’t heard of the term “cloud computing” until Wednesday.

Watt also questioned if there were “horror stories” of law enforcement abuses because of confusion over the ECPA.

A handful of recent court cases deal with problems in the ECPA, Dempsey said. But cloud-based e-mail users should be concerned that their warrant protections expire after 180 days, he added.

“Every one of us probably has five, six, maybe 10 years of e-mail stored,” he said.

Back in 1986, service providers didn’t store e-mail, because of the cost of storage, Dempsey said. “You read it, you downloaded it, it was deleted from the computer,” he said. “Congress thought 180 days would be the absolute, conceivable outside limit, and after that, it was sort of like abandoned property.”

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Juan Carlos Perez
IDG News Service (Miami Bureau)
May 6, 2010

MIAMI - Google will begin rolling out design changes to its search results pages on Wednesday, including permanently opening a panel on the left-hand column that contains result-refinement controls.

That panel, introduced about a year ago, has been until now closed by default, and users have had to click on the “Show Options” link below the search box to open it up.

The panel’s menu of search options, which include the ability to filter, narrow and slice-and-dice results according to various criteria, is also getting an upgrade.

For example, the options to filter results by their type, such as images, videos, news or books, will not always be listed in the same order, but rather arranged so that the filters that Google determines are more appropriate for the query appear first.

The search options panel is also gaining a new section, called “Something Different,” which will list a new type of query-refinement suggestion: topics that are broadly related to the query.

The “Something Different” section is intended to complement the existing query-refinement suggestions that appear at the top or bottom of the result page’s center panel and which are more closely tied contextually to the original query.

For example, a query for the rock group Rolling Stones will trigger “Something Different” suggestions like other rock bands and artists such as Pink Floyd and Led Zeppelin, while the center-panel suggestions will be “Rolling Stones songs” and “Rolling Stones pictures.”

On the main Google.com page, users will notice a slight change to the Google logo on top of the search box: the rendering of the word “Google” has been simplified by eliminating the outline shading of each letter.

Google went through a lengthy testing process before settling on making these changes, said Patrick Riley, Google’s technical lead for Web search.

“We’re definitely well aware that small changes we make can have a high impact on how people use the site,” he said. “We’re happy with the results based on all the different forms of testing we’ve done.”

A major goal of implementing these changes is to offer people a more consistent experience across the different Google search engines, Riley said.

To that end, for example, the left-hand column search options panel will be open by default in most Google search engine result pages, including those for general Web search, Image search, Books search, News search, Video search and others, with the exception for now of Maps search and Shopping search.

In addition, the panel’s section to filter results by type, whose options will be dynamically sorted for each query, will nonetheless remain the same for a query across the different search sites.

“We really want to unify the search experience,” Riley said.

This builds up on the ambitious and ongoing universal search project, unveiled about three years ago, through which Google collates different types of search results on a single results page, mixing links to pages, videos, news articles, blogs, photos and the like depending on the query.

That way, the search experience has become more organic and less segmented than in the past, when images only showed up in the Image engine, articles only in News search and so on.

“We started down this path with universal search,” he said. “As universal search has gotten better and better, search has become one thing people interact with.”

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Owen Fletcher
IDG News Service (Beijing Bureau)
May 6, 2010

BEIJING - Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user.

Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software and a detailed instruction book are being sold online and at China’s bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year.

With one of the “network-scrounging cards,” or “ceng wang ka” in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people.

The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan (US$24), a price that included setup help from a man at the other end of the sprawling, multistory building.

The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network.

To crack a WEP key, the applications exploit weaknesses in the protocol that have been known for years. For WPA, they capture data being transmitted over the wireless network and target it with a brute-force attack to guess the key.

Security researchers said they did not know of similar kits sold anywhere besides China, even though tutorials on how to crack WEP have been online for years.

The kits appear to be illegal in China and it is unclear who is bundling the software with the USB adapters. One of the adapter makers is Wifly-City, a company that operates a Wi-Fi network covering coffee shops and other areas in Taipei, Taiwan. A woman surnamed Ren who answered the phone at the company said it does not supply the software that often appears with its products.

A developer of BackTrack said the operating system is meant for penetration testing, not malicious attacks. “It sounds like BackTrack is being abused in China for illegal purposes. This is done without our knowledge or approval,” the developer, who goes by the name Muts, said in an e-mail.

One of the kits took over an hour to crack the WEP key equivalent to the password “sugar” in a test attack on a personal router set up for the purpose using 40-bit encryption.

“Depending on many factors, WEP keys can be extracted in a matter of minutes,” Muts said. “I believe the record is around 20 seconds.”

The brute-force attacks on WPA encryption are less effective. But while WEP is outdated, many people still use it, especially on home routers, said one security researcher in China. That means an apartment building is bound to have WEP networks for a user to attack.

Since the kits capture data packets to perform their attacks, they may also let a user steal sensitive personal information that a victim sends over a network, the researcher said.

The kits have stayed popular despite Chinese laws against hacking.

“No matter where you go, you can use the Internet for free,” the researcher said.

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Computerworld Philippines Staff
May 4, 2010

Liberty Broadcasting Network, Inc., backed by San Miguel Corporation and QTel Group, ushers the Fourth Generation Technology (4G) era with its brand, “wi-tribe.”

Liberty claimed wi-tribe showcases the future of multimedia as it takes the online lifestyle a step further offering broadband services using 4G technologies. The wi-tribe brand recently introduced its “MOVE MORE” add-on product feature, a bandwidth on demand that enhances a subscriber’s current post-paid plan.

The company described wi-tribe’s MOVE MORE product feature as the first in the industry, where it allows netizens to surf and download more while maintaining their subscription plan’s speeds even after their monthly usage allowance runs out.

Wi-tribe’s MOVE UP Plan Php998 features a 1Mbps speed on a user’s first 6GB usage per month basis. Yet for netizens with bigger surfing appetites, wi-tribe has the MOVE UP Plan Php1998 witb up to 2Mbps speed on a customer’s first 12GB usage per month. The company said with normal internet usage, a user can enjoy his plan’s speed for the rest of the month. However, for heavy usage, Internet speed can go lower, but users can still surf and browse. – Tom S. Noda

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Denise Dubie
Network World (US)
April 29, 2010

FRAMINGHAM - IT jobs could return to healthier levels in 2010 along with an improved economy, according to the IEEE-USA, which this week reported that employment grew for three high-tech job categories.

10 best IT jobs right now

Based on data released in April from the U.S. Department of Labor’s Bureau of Labor Statistics, the IEEE-USA reports that employment for electrical and electronics engineers grew 7.8% in the first quarter of 2010 over the last quarter of 2009. The increase puts employment for this job category more than 16% higher than its “historical low” in the first quarter of 2009, the IEEE-USA states.

Software engineering employment remained unchanged from the last quarter of 2009, but it is up 5.3% in Q1 2010 from its low in the first quarter of 2009. Employment grew 4.7% in the first quarter for computer scientists and systems analysts as well.

Overall, the unemployment rate for electrical and electronics engineers fell from a high of 8.6% in the second quarter of 2009 to 4.6% in the first three months of 2010. In other high-tech employment categories, joblessness grew. For instance, the unemployment rate for software engineers grew from 4.1% to 5.5% quarter to quarter.

“As we watch for signs of recovery, we think it’s important to focus on the employment numbers. Re-employed engineers, scientists and other technology professionals will help create more jobs and ratchet the economy forward,” said IEEE-USA President Evelyn Hirt, in a statement.

Separately, Technisource surveyed about 220 technology workers and found that 32% of technology workers in the first quarter of 2010 believe the economy is getting strong (a 2% increase over the fourth quarter 2009). Forty-one percent of IT workers reported they were confident in their ability to find a new job, another 2% increase.

“CIOs and IT decision-makers are starting to see increased signs of stabilization within their own business. We are seeing technology investments being made within the telecommunication, finance and healthcare industries, which is certainly a positive sign,” said Michael Winwood, president of Technisource, in a statement. “To that end, companies are hiring more strategically than in the past and reevaluating their workforce make-up to one of a greater mix of contingent vs. permanent staff – ultimately one that is less vulnerable to the shifting economic winds.”

Do you Tweet? Follow Denise Dubie on Twitter here.

Read more about infrastructure management in Network World’s Infrastructure Management section.

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Joan Goodchild
CSO (US)
April 29, 2010

FRAMINGHAM - US corporations who are unfortunate enough to experience a data breach face much higher costs than organizations in other parts of the world. That’s according to research released today by the Ponemon Institute and sponsored by security firm PGP Corporation. The study is the first time the Institute, which conducts an annual study looking at breach costs, has undertaken a worldwide investigation.

A similar study released earlier this year by the Ponemon Institute looked at breach costs in the U.S.
The research calculated the average cost of a data breach globally at $3.43 million last year, the equivalent of $142 per compromised customer record. However, costs varied dramatically between regions, from $208 per lost record in the U.S., down to $98 per record in the UK. A total of 133 organizations, located in five countries - Australia, France, Germany, UK and U.S. - participated in the research, which was conducted in 2009, according to a release from the Ponemon Institute and PGP.

The report reveals that costs incurred in countries with data breach notification laws were significantly higher than in countries where no such legislation exists. For example, in the U.S., where 46 states have now introduced laws forcing organizations to publicly disclose the details of breach incidents, the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were passed July 2009, costs were second highest; 25 percent above the worldwide average. In Australia, France and the UK, where data breach notification laws have not yet been introduced, costs were all below the average.

“The over-arching conclusion from this study is the staggering impact that regulation has on escalating the cost of a data breach,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “The U.S. figures are testament to this and it’s clear that, as and when breach notification laws are introduced across the rest of the world, other countries will follow the same pattern and costs will rise.”

The report also looked at business lost as a result of a breach. Almost half (44 percent) of the incurred data loss expenses related to the cost of lost business, reflecting the added expense of consumer churn and the increased difficulty of attracting new customers in the wake of negative publicity. Again, costs varied dramatically between countries and were highest in the U.S., where the cost of lost business was on average equivalent to 66 percent of overall expenses, said the Ponemon Institute.

Strong CISO leadership helps costs fall

Where the organization’s chief information security officer or equivalent took personal responsibility for managing the breach, costs fell in all five countries. However, CISO-managed events only occur in a minority of cases, with the majority of organizations either not employing a CISO, or not making them directly responsible for data breach incidents.

Also see What is a Chief Security Officer? 

“Approaching the issue from a strategic perspective is the right way to go about addressing data breach,” Ponemon told CSO. “You can’t simply check compliance boxes, or throw technology at the issue and expect the problem will take care of itself. Instead, organizations must understand that technologies have to be part of a comprehensive strategy that takes into account the purpose for collecting data, policies for managing data throughout the entire lifecycle, enforcement of policies, training and awareness, and the development of contingency plans for when things go wrong, to name a few.  This is why we have also seen that organizations with a CISO/CSO do a much better job managing data, avoiding incidents, and responding more effectively to incidents when they occur. Capable leadership ensures that the strategy is in place, that execution is according to plan, and that the organization is prepared to deal with and respond to threats and contingencies. ”

Read more about data protection in CSOonline’s Data Protection section.

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Jon Brodkin
Network World (US)
April 29, 2010

FRAMINGHAM - Cloud computing is making it easier for start-ups to develop new technology, but once companies grow beyond a certain size they may find current cloud technologies do not meet their requirements, tech investors said during Interop in Las Vegas this week.

The ability to spin up multiple virtual machines on a hosted cloud computing service like Amazon EC2 makes testing new software products much simpler than in the days when companies were forced to provision their own servers, venture capitalists said during a panel discussion on cloud computing.

FAQ: Cloud computing, demystified

“You can iterate a lot and get feedback faster,” said Ping Li, an investor at Accel Partners. “You’re able to experiment in the wild, as opposed to experimenting in the labs or in your head.”

But the cloud is designed for the lowest common denominator, Li said. Eventually, a company’s technology becomes so complex that it must be customized to fit the needs of specific applications, and those levels of complexity are not yet available in the cloud. And at certain economies of scale, it may not be cheaper to rent storage or server space from Amazon than it is to host it internally, investors said.

“The higher levels of complexity in the cloud stack isn’t there yet to do the things a highly tuned application like Facebook and Twitter needs to do,” Li said. “That’s not to say the cloud won’t get there, but the cloud gap exists.”

That’s one of the reasons enterprises are interested in building so-called private cloud networks, which are managed internally but use a similar architecture as public cloud services.

“The gap between what IT does behind the firewall and what is done in the cloud is pretty wide,” said Guy Horowitz, a principal investor at Gemini Israel Funds. Horowitz also notes that cloud providers are typically not offering service-level agreements worthy of the enterprise, a problem that panelists said is unlikely to be solved anytime soon.

“There’s a reason these SLAs have no teeth,” Horowitz says. “If they were able to guarantee uptime and performance they would be selling it. … It’s not in the best interests [of cloud vendors] to provide specific SLAs that can be enforced.”

Although cloud computing is one of the hottest parts of the technology market, investors said there is risk in choosing the wrong cloud companies to invest in. Many start-ups are building technology that enhances the capabilities of Amazon EC2 and other cloud services, but they run the risk of Amazon developing the same functionality and eliminating the need for the third-party vendor.

“We all ask, is this a feature or is this a company? If it’s a feature, Amazon will innovate on it,” said Allan Leinwand of Panorama Capital.

That’s not always the case, though, Li said. Amazon’s core expertise is not enterprise software, even though it is the most prominent vendor offering cloud-based virtual server and storage capacity.

“Amazon’s not a software company,” Li said. “We’ve seen them not do as well building layers on top of the stack as you would think.”

Venture capitalists have one goal when they invest in start-ups: to make money through either an acquisition or IPO. There are many companies that seem poised to buy cloud start-ups, but the investors disagreed on which companies will do the buying.
Rackspace and GoGrid are likely to buy new technology to better compete against Amazon, Horowitz said.

Mark Fernandes, managing director of Sierra Ventures, said IBM, CA, HP, Dell and Microsoft will also be aggressive in the cloud acquisition market.

Fernandes also contended that AT&T and Comcast will make cloud buys, a notion Leinwand disagreed with. Service providers are unlikely to get in the enterprise software game, Leinwand said, and may look at AT&T’s Synaptic cloud service as a warning signal.

“AT&T announced Synaptic. Name a customer,” Leinwand said.

Oracle is a company to watch out for in the cloud M&A market, he said.

“Oracle has been relatively quiet in this space and that’s going to change,” he said.

Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

Read more about data center in Network World’s Data Center section.

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta

By Ellen Messmer
Network World (US)
April 29, 2010

FRAMINGHAM - In the latest chapter of what it calls its “Secure Borderless Network” initiative, Cisco Wednesday is announcing expanded reporting capability for its ScanSafe Web-filtering service as well as the addition of a data-loss prevention option for the company’s cloud-based e-mail security service.

Cisco launches new servers, switches, SANs to sweep through the data center

Cisco, which acquired ScanSafe in December, says its offering now provides user behavior trends, details on any company policy violations, malware statistics and forensic analysis information. “It shows you how people use your network for Internet [access], which Web sites they’re visiting, which sites you’re blocking,” says Garry Scott, Cisco product marketing manager.

NewPage, a Miamisburg, Ohio, coated-paper manufacturer, uses ScanSafe to control Web usage for thousands of employees and has been testing the new reporting tool for a few months and has seen a dramatic improvement.

“The old version just did basic reports, but the new version allows you to process a year’s worth of data, using at least 87 different attributes, extremely quickly,” says Paul Moorman, information technology strategist at NewPage.

Moorman says NewPage decided to block the vast majority of Web sites in China since it appears that country is an originating point for a very high level of viruses, and at this point there’s no specific business need to have access to most Chinese Web sites. NewPage, which has about 7,000 employees, is gradually moving away from an MPLS-based network to use of Internet pipes. This has proven economical, and Moorman says he expects use of Internet-based hosted services to continue to grow at the firm.

Cisco also announced it’s adding a DLP and encryption capability to its IronPort-based hosted e-mail security service, which customers can use in lieu of installing the IronPort appliance on their own premises.

The DLP service option for the cloud is based on the technology Cisco licenses from RSA and already added to the IronPort appliance last year.

Cisco says the new cloud-service option includes a way to transmit TLS-protected e-mail from the customer’s e-mail server to a Cisco data center — Cisco claims it will have 33 of these data centers globally by year-end — where the e-mail would be filtered to make sure it doesn’t contain sensitive information before re-transmitting it.

Cisco acknowledges it’s competing against Google’s Postini service, which has some basic DLP features.

Moorman says he expects NewPage might try the Cisco e-mail security service with DLP in the future, but noted the his company has a multi-year contract left to run with the Google Postini service, and that his contract with ScanSafe is actually through Postini. Cisco says there are no immediate plans to change the ScanSafe partner arrangements.

Pricing on the ScanSafe service typically runs $2 to $5 per user per month, and the DLP feature in Cisco’s e-mail security service costs between $1.25 to $1.50 per user per month.

Read more about data center in Network World’s Data Center section.

Possibly Related Posts:

• Social Media is Worth the Investment, say Indian CIOs
• Governments need to make digital services more relevant to their citizens: Accenture survey
• Microsoft Awaits $250 Mn Windfall from Facebook IPO
• Four Challenges Facebook will Face After the IPO
• Mozilla Releases Firefox for Android Beta