IBM boosted its software portfolio for small and medium-size businesses with plans announced Friday to acquire Net Integration Technologies, a software vendor in Markham, Canada.
Net Integration Technologies, which offers business management tools, will be become part of IBM's Lotus division when the deal closes, which is expected to occur this quarter. Terms of the acquisition were not disclosed.
"We plan to use the technology to go after Microsoft in the small business server market," said Michael Rhodin, general manager at IBM's Lotus Software division during a conference call about the acquisition. IBM could use the technology to compete with Microsoft's Windows Small Business Server, which provides collaboration, e-mail and communication tools.
Founded in 1997, Net Integration Technologies' tools include NitixBlue server software, which the company offers bundled with IBM Lotus Notes client software. The company also builds custom hardware and the Nitix Operating System, which is based on Linux and bundles system management, networking, security and storage services.
When Lotus was acquired by IBM in 1995, it was a great channel company in touch with SMBs, Rhodin said. "Somewhere along the lines we lost touch with the roots," he said.
The Net Integration Technologies acquisition is also in line with IBM's process of realigning operations to better define and serve customers. The company recently restructured sales operations and is lining up offerings to match those changes, Rhodin said.
IBM did not comment on any potential layoffs or relocation of Net Integration Technologies employees.
Sunday, January 20, 2008
CIA says hackers pulled plug on power grid
Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.
Speaking at a conference of security professionals on Wednesday, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.
Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.
"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," he said in a statement posted to the Web on Friday by the conference's organizers, the SANS Institute. "In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
"According to Mr. Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure," SANS said in the statement.
One conference attendee said the disclosure came as news to many of the government and industry security professionals in attendance. "It appeared that there were a lot of people who didn't know this already," said the attendee, who asked not to be identified because he is not authorized to speak with the press.
He confirmed SANS' report of the talk. "There were apparently a couple of incidents where extortionists cut off power to several cities using some sort of attack on the power grid, and it does not appear to be a physical attack," he said.
Hacking the power grid made front-page headlines in September when CNN aired a video showing an Idaho National Laboratory demonstration of a software attack on the computer system used to control a power generator. In the demonstration, the smoking generator was rendered inoperable.
The U.S. is taking steps to lock down the computers that manage its power systems, however.
On Thursday, the Federal Energy Regulatory Commission (FERC) approved new mandatory standards designed to improve cybersecurity.
CIA representatives could not be reached immediately for comment.
Speaking at a conference of security professionals on Wednesday, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.
Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.
"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," he said in a statement posted to the Web on Friday by the conference's organizers, the SANS Institute. "In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
"According to Mr. Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure," SANS said in the statement.
One conference attendee said the disclosure came as news to many of the government and industry security professionals in attendance. "It appeared that there were a lot of people who didn't know this already," said the attendee, who asked not to be identified because he is not authorized to speak with the press.
He confirmed SANS' report of the talk. "There were apparently a couple of incidents where extortionists cut off power to several cities using some sort of attack on the power grid, and it does not appear to be a physical attack," he said.
Hacking the power grid made front-page headlines in September when CNN aired a video showing an Idaho National Laboratory demonstration of a software attack on the computer system used to control a power generator. In the demonstration, the smoking generator was rendered inoperable.
The U.S. is taking steps to lock down the computers that manage its power systems, however.
On Thursday, the Federal Energy Regulatory Commission (FERC) approved new mandatory standards designed to improve cybersecurity.
CIA representatives could not be reached immediately for comment.
Royal Navy loses laptop with data on 600,000 people
A laptop containing personal information on about 600,000 people was stolen from an officer in the Royal Navy, the U.K.'s Ministry of Defense said on Friday.
The laptop contained information about new and potential recruits to the Royal Marines, the Royal Navy and the Royal Air Force, and was stolen in Birmingham last week, the ministry said.
The stolen data includes passport details, national insurance numbers, family details and doctors' addresses for people who submitted an application to the forces, the ministry said. The laptop also contained bank details for at least 3,500 people.
"The Ministry of Defence is treating the loss of this data with the utmost seriousness," it said in a statement.
It is writing to people whose bank details were on the laptop and has notified the Association for Payment Clearing Services to watch for unauthorized access, it said.
The ministry is investigating the theft with the West Midlands Police. The laptop was stolen Jan. 10, but the ministry said it didn't disclose the incident immediately for fear of compromising the investigation. It decided to go public with the loss after media reports surfaced about it on Friday, it said.
The laptop was stolen during the night from the car of a junior Royal Navy officer, who now faces a possible court martial, according to a report in the London Times.
This is the latest in a string of data security lapses in Britain that have embarrassed the government and called into question its plan to create a central database of patient records for the National Health Service.
In November, Her Majesty's Revenue & Customs lost two CDs containing personal data on about 25 million Britons. The discs, which were encrypted and password-protected, were sent via interoffice mail and never arrived.
The following month, the Driving Standards Agency said it lost a disc containing the records of 3 million learner drivers, and soon after that the Department of Health said that nine of its regional NHS trusts had lost patient data, including medical records for about 160,000 children in East London.
Des Brown, the U.K. defense secretary, will make a statement to Parliament about the latest incident early next week, the Defense Ministry said. It did not say if the information on the Navy's laptop was encrypted or protected by password.
People who think they have been affected can send an e-mail to recruitdata@check.mod.uk from Saturday at 10 a.m. U.K. time onward, the ministry said.
The laptop contained information about new and potential recruits to the Royal Marines, the Royal Navy and the Royal Air Force, and was stolen in Birmingham last week, the ministry said.
The stolen data includes passport details, national insurance numbers, family details and doctors' addresses for people who submitted an application to the forces, the ministry said. The laptop also contained bank details for at least 3,500 people.
"The Ministry of Defence is treating the loss of this data with the utmost seriousness," it said in a statement.
It is writing to people whose bank details were on the laptop and has notified the Association for Payment Clearing Services to watch for unauthorized access, it said.
The ministry is investigating the theft with the West Midlands Police. The laptop was stolen Jan. 10, but the ministry said it didn't disclose the incident immediately for fear of compromising the investigation. It decided to go public with the loss after media reports surfaced about it on Friday, it said.
The laptop was stolen during the night from the car of a junior Royal Navy officer, who now faces a possible court martial, according to a report in the London Times.
This is the latest in a string of data security lapses in Britain that have embarrassed the government and called into question its plan to create a central database of patient records for the National Health Service.
In November, Her Majesty's Revenue & Customs lost two CDs containing personal data on about 25 million Britons. The discs, which were encrypted and password-protected, were sent via interoffice mail and never arrived.
The following month, the Driving Standards Agency said it lost a disc containing the records of 3 million learner drivers, and soon after that the Department of Health said that nine of its regional NHS trusts had lost patient data, including medical records for about 160,000 children in East London.
Des Brown, the U.K. defense secretary, will make a statement to Parliament about the latest incident early next week, the Defense Ministry said. It did not say if the information on the Navy's laptop was encrypted or protected by password.
People who think they have been affected can send an e-mail to recruitdata@check.mod.uk from Saturday at 10 a.m. U.K. time onward, the ministry said.
Customers trust MicroStrategy's independent status
With consolidation at a fever pitch in the enterprise business intelligence (BI) market, it would be understandable if MicroStrategy customers felt nervous, given that the vendor remains as one of the market's few independents.
After all, Business Objects now has the support of new parent company SAP, thanks to a US$6.7 billion acquisition, while Hyperion is now part of Oracle, which spent $3.3 billion to buy it. Meanwhile, IBM is expected to soon finalize its $5 billion purchase of Cognos.
Yet, MicroStrategy customers interviewed at the company's MicroStrategy World 2008 conference in Miami expressed confidence in the vendor and said its independent status gives it certain advantages over Business Objects, Hyperion and Cognos.
In particular, several customers said they like that MicroStrategy will remain free of pressures stemming from having to prioritize supporting complementary products from a parent company and, conversely, diluting support for similar products from competing companies.
Lindsey Aubuchon, MIS director at W.E. Aubuchon Co., which operates hardware stores in New England, said her company likes to have flexibility to mix and match IT products as it sees fit, creating multi-vendor environments to achieve its desired implementations. "My company likes to have openness to choose what they want," said Aubuchon, whose employer has been a MicroStrategy customer for about seven years.
Consequently, she nodded in agreement when MicroStrategy's CEO Michael Saylor said in his keynote at the event that the vendor strives to be agnostic and neutral with respect to making its products work with complementary wares from other vendors.
"Our view is to be Switzerland in this business, and to make sure we protect your investment when we give you the ability to tap into lots of different vendors and technology architectures to achieve your goal," Saylor said.
He predicted that Cognos, Business Objects and Hyperion will see their product roadmaps re-routed based on competitive considerations handed down by their new parent companies.
As an independent, MicroStrategy will continue to support a wide variety of complementary, third-party products, such as Web browsers, operating systems, processors, databases and application servers, based on the needs of its customers and on market dynamics, Saylor said. "The market needs a vendor that provides the flexibility we can provide," he said.
Phillip Julian, sales operations and senior data management analyst at Inspire Pharmaceuticals in Durham, North Carolina, is all for product agnosticism and flexibility in IT vendors. The company recently acquired the MicroStrategy software to generate better, more interactive and visually appealing reports, he said. Until now, Inspire had been analyzing data with SAS Institute data-mining software and creating reports with Microsoft's Excel.
"We're doing it so we get into really good technology that would help us grow," Julian said. "I want to move us into another generation [of reporting software] where we're looking at something that's more graphical, more visual. We need to have something that the VP of sales and the sales force can understand."
Similar expectations led Robeks, a chain of fruit juice establishments, to make a hefty investment in the MicroStrategy platform, which it is in the process of implementing. With most of its presence in the U.S. West Coast, Manhattan Beach, California-based Robeks is looking to grow significantly in other parts of the U.S. and the world in the coming years, and, to support those efforts, it needs better reporting and analysis tools than the in-house ones it currently uses.
"Being able to analyze [sales and marketing] data more accurately will help us grow the business. We're in a very quick growth mode right now," said IS Director Pete Carvajal.
As a new customer, he was interested in hearing Saylor address the recent wave of market consolidation to find out what MicroStrategy's position is. "Them emphasizing that they're one of the players in the market that's not in the middle of all the turmoil of all the consolidation was good to hear and to understand what the future is," he said.
"It's important for them to come out and indicate the whys and whens of their business model moving forward. This is a huge investment for my company, and the last thing I want to do is spend all this time and money in an application that gets absorbed by a bigger company and maybe disappears," Carvajal said.
After all, Business Objects now has the support of new parent company SAP, thanks to a US$6.7 billion acquisition, while Hyperion is now part of Oracle, which spent $3.3 billion to buy it. Meanwhile, IBM is expected to soon finalize its $5 billion purchase of Cognos.
Yet, MicroStrategy customers interviewed at the company's MicroStrategy World 2008 conference in Miami expressed confidence in the vendor and said its independent status gives it certain advantages over Business Objects, Hyperion and Cognos.
In particular, several customers said they like that MicroStrategy will remain free of pressures stemming from having to prioritize supporting complementary products from a parent company and, conversely, diluting support for similar products from competing companies.
Lindsey Aubuchon, MIS director at W.E. Aubuchon Co., which operates hardware stores in New England, said her company likes to have flexibility to mix and match IT products as it sees fit, creating multi-vendor environments to achieve its desired implementations. "My company likes to have openness to choose what they want," said Aubuchon, whose employer has been a MicroStrategy customer for about seven years.
Consequently, she nodded in agreement when MicroStrategy's CEO Michael Saylor said in his keynote at the event that the vendor strives to be agnostic and neutral with respect to making its products work with complementary wares from other vendors.
"Our view is to be Switzerland in this business, and to make sure we protect your investment when we give you the ability to tap into lots of different vendors and technology architectures to achieve your goal," Saylor said.
He predicted that Cognos, Business Objects and Hyperion will see their product roadmaps re-routed based on competitive considerations handed down by their new parent companies.
As an independent, MicroStrategy will continue to support a wide variety of complementary, third-party products, such as Web browsers, operating systems, processors, databases and application servers, based on the needs of its customers and on market dynamics, Saylor said. "The market needs a vendor that provides the flexibility we can provide," he said.
Phillip Julian, sales operations and senior data management analyst at Inspire Pharmaceuticals in Durham, North Carolina, is all for product agnosticism and flexibility in IT vendors. The company recently acquired the MicroStrategy software to generate better, more interactive and visually appealing reports, he said. Until now, Inspire had been analyzing data with SAS Institute data-mining software and creating reports with Microsoft's Excel.
"We're doing it so we get into really good technology that would help us grow," Julian said. "I want to move us into another generation [of reporting software] where we're looking at something that's more graphical, more visual. We need to have something that the VP of sales and the sales force can understand."
Similar expectations led Robeks, a chain of fruit juice establishments, to make a hefty investment in the MicroStrategy platform, which it is in the process of implementing. With most of its presence in the U.S. West Coast, Manhattan Beach, California-based Robeks is looking to grow significantly in other parts of the U.S. and the world in the coming years, and, to support those efforts, it needs better reporting and analysis tools than the in-house ones it currently uses.
"Being able to analyze [sales and marketing] data more accurately will help us grow the business. We're in a very quick growth mode right now," said IS Director Pete Carvajal.
As a new customer, he was interested in hearing Saylor address the recent wave of market consolidation to find out what MicroStrategy's position is. "Them emphasizing that they're one of the players in the market that's not in the middle of all the turmoil of all the consolidation was good to hear and to understand what the future is," he said.
"It's important for them to come out and indicate the whys and whens of their business model moving forward. This is a huge investment for my company, and the last thing I want to do is spend all this time and money in an application that gets absorbed by a bigger company and maybe disappears," Carvajal said.
230 retailers affected by data breach after tape lost
A backup tape containing credit-card information from hundreds of U.S. retailers is missing, forcing the company responsible for the data to warn customers that they may become the targets of data fraud.
GE Money, which manages in-store credit-card programs for the majority of U.S. retailers, first realized that the tape was missing from an Iron Mountain secure storage facility in October, said Richard Jones, a company spokesman. "We were informed that one of the tapes could not be located. But at the same time there was no record of it ever having been checked out," he said.
The tape contained in-store credit-card information on 650,000 retail customers, including those of J.C. Penney, he said. GE Money employees are also affected by the breach.
The missing backup tape was unencrypted.
Although J.C. Penney was the only company that Jones would confirm as affected by the missing tape, that retailer accounts for just a small percentage of all accounts that were compromised. In total, 230 retailers are affected by the breach. "Clearly that number includes many of the national retail organizations," he said.
The tape also contained Social Security numbers of 150,000 customers. When matched with name and address information, Social Security numbers can be used to set up fraudulent credit-card accounts, a common form of identity theft.
Jones said that following a GE Money investigation, there is no evidence that the tape in question has been stolen or that the data it contained was misused.
After reconstructing the data that was on the missing tape, GE Money began sending out letters to those affected by the breach in December. The company has set up a toll-free number and is offering one year of free credit monitoring services to those affected by the breach.
In 2006, retailer TJ Maxx discovered that thieves had broken into its computer networks, stealing an estimated 94 million credit- and debit-card numbers. Costs related to that breach are expected to be in the hundreds of millions of dollars.
GE Money is a division of General Electric.
GE Money, which manages in-store credit-card programs for the majority of U.S. retailers, first realized that the tape was missing from an Iron Mountain secure storage facility in October, said Richard Jones, a company spokesman. "We were informed that one of the tapes could not be located. But at the same time there was no record of it ever having been checked out," he said.
The tape contained in-store credit-card information on 650,000 retail customers, including those of J.C. Penney, he said. GE Money employees are also affected by the breach.
The missing backup tape was unencrypted.
Although J.C. Penney was the only company that Jones would confirm as affected by the missing tape, that retailer accounts for just a small percentage of all accounts that were compromised. In total, 230 retailers are affected by the breach. "Clearly that number includes many of the national retail organizations," he said.
The tape also contained Social Security numbers of 150,000 customers. When matched with name and address information, Social Security numbers can be used to set up fraudulent credit-card accounts, a common form of identity theft.
Jones said that following a GE Money investigation, there is no evidence that the tape in question has been stolen or that the data it contained was misused.
After reconstructing the data that was on the missing tape, GE Money began sending out letters to those affected by the breach in December. The company has set up a toll-free number and is offering one year of free credit monitoring services to those affected by the breach.
In 2006, retailer TJ Maxx discovered that thieves had broken into its computer networks, stealing an estimated 94 million credit- and debit-card numbers. Costs related to that breach are expected to be in the hundreds of millions of dollars.
GE Money is a division of General Electric.
FBI warns of rise in phone-based 'vishing' attacks
With consumers finally getting wise to phishing attacks, scammers are hitting the phones.
The U.S. Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) warned Thursday that so-called "vishing" attacks are on the rise. These are scams where criminals send an e-mail or text message to a victim, saying there has been a security problem and the victim needs to call his or her bank to reactivate a credit or debit card.
"Upon calling the telephone number, the recipient is greeted with 'Welcome to the bank of ...' and then [is] requested to enter their card number in order to resolve a pending security issue," the IC3 said in its alert.
In the past few years, inexpensive VoIP (Voice over Internet Protocol) technology and open-source call-center software has made it inexpensive for scammers to set up phony call centers, paving the way for these new types of scams. Security experts say that vishing can be more effective than traditional phishing techniques -- which direct victims to fake Web sites -- because the voice-based attacks have not been as widely publicized.
A new vishing scam involves sending text messages to cell phones, instructing victims to contact the fake online bank to renew their accounts, the IC3 said.
Those who are unsure whether they have been targeted by this scam should look up the bank's phone number and call the bank directly, the IC3 advises.
Operated in partnership with the FBI and the National White Collar Crime Center, the IC3 is a clearing house for Internet crime complaints.
The U.S. Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) warned Thursday that so-called "vishing" attacks are on the rise. These are scams where criminals send an e-mail or text message to a victim, saying there has been a security problem and the victim needs to call his or her bank to reactivate a credit or debit card.
"Upon calling the telephone number, the recipient is greeted with 'Welcome to the bank of ...' and then [is] requested to enter their card number in order to resolve a pending security issue," the IC3 said in its alert.
In the past few years, inexpensive VoIP (Voice over Internet Protocol) technology and open-source call-center software has made it inexpensive for scammers to set up phony call centers, paving the way for these new types of scams. Security experts say that vishing can be more effective than traditional phishing techniques -- which direct victims to fake Web sites -- because the voice-based attacks have not been as widely publicized.
A new vishing scam involves sending text messages to cell phones, instructing victims to contact the fake online bank to renew their accounts, the IC3 said.
Those who are unsure whether they have been targeted by this scam should look up the bank's phone number and call the bank directly, the IC3 advises.
Operated in partnership with the FBI and the National White Collar Crime Center, the IC3 is a clearing house for Internet crime complaints.
Subscribe to:
Posts (Atom)