Search engine companies may be set for a clash with European regulators over how long personal data related to searches should be retained.
Europe mulls six-month limit for search engine data storage
IDG News Service 4/8/08
Jeremy Kirk, IDG News Service, London Bureau
Bookmark and Share
Search engine companies may be set for a clash with European regulators over how long personal data related to searches should be retained.
On this topic
FTC settles with TJX, LexisNexis
Analyst: Money will fuel mobile spying programs
Microsoft offers way to share data with social networks
The Case and Criteria for Combining Application Acceleration and Security
Get practical tips, IT news, how-tos, and the best in tech humor.
A new report from the European Commission's Article 29 Data Protection Working Party recommends that personal search data should be discarded after six months, despite the fact most search companies are retaining data much longer.
The report looked at how data handling by search engines complies with European regulations such as the Data Protection Directive.
Search data can be used to build a profile of a person's interests, relations and intentions, even if some identifying information is removed, the report said. The collection of data en masse by search engines has considerable privacy implications, it said.
The report, available on the Web site of the Dutch Data Protection Authority, recommends that search engine data should be either deleted or irreversibly made anonymous after it no longer serves a purpose, a period that should not exceed six months.
Beyond that period, search engines "must demonstrate comprehensively that it is strictly necessary for the service," the report said.
The report also rejected defenses by search engine companies that longer data retention periods help improve the service or to better security.
"After the end of a search session, personal data could be deleted, and the continued storage therefore needs an adequate justification," the report said. " However, some search engines seem to retain data indefinitely, which is prohibited."
The data collected by search engines can include a host of details, including IP (Internet protocol) address, search terms, data and time of the search as well brand of browser, operating system and language used.
The report takes aim at some of the biggest Internet players such as Google, Yahoo and Microsoft.
Google said on Tuesday it has reacted to concerns over search data, saying it was the first company to anonymize its search logs. It also changed the expiry times of data files it places on PCs, known as cookies, which allow for example a person to stay logged in to a Web site or for the site to remember particular preferences.
"Protecting users' privacy is at the heart of all our products," said Peter Fleischer, Google's global privacy council, in a statement.
Yahoo said it was reviewing the working party's report, adding it is committed to providing clear comprehensive privacy policies. Microsoft could not be immediately reached for comment.
All three companies retain some search data longer than six months, which could eventually put them at odds with the Commission. The working party report will be used by the Commission as it studies data protection.
Jeremy Kirk is London correspondent for the IDG News Service
Tuesday, April 8, 2008
Researcher: Web page can take over your router
On Tuesday, researcher Dan Kaminsky will show how a Web-based attack could be used to seize control of certain routers.
Researcher: Web page can take over your router
IDG News Service 4/8/08
Robert McMillan, IDG News Service, San Francisco Bureau
Bookmark and Share
On Tuesday, researcher Dan Kaminsky will show how a Web-based attack could be used to seize control of certain routers.
On this topic
Researchers: GSM mobile security on the ropes
Insider actions and the fight against network threats
RFID-hack hits 1B digital access cards worldwide
Formulating a wireless LAN security policy
Mobile Insecurity: A practical guide to threats and vulnerabilities
Wireless LAN policies for security and management
Get practical tips, IT news, how-tos, and the best in tech humor.
Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind the firewall. But at the RSA Conference in San Francisco, he will demonstrate how this attack would work on widely used routers, including those made by Cisco's Linksys division and D-Link.
The technique, called a DNS rebinding attack, would work on virtually any device, including printers, that uses a default password and a Web-based administration interface, said Kaminsky, who is director of penetration testing with IOActive.
Here's how it would work. The victim would visit a malicious Web page that would use JavaScript code to trick the browser into making changes on the Web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker's control.
Either way, the attacker would be able to control his victim's Internet communications.
The technical details of a DNS rebinding attack are complex, but essentially the attacker is taking advantage of the way the browser uses the DNS system to decide what parts of the network it can reach.
Although security researchers had known that this type of hack was theoretically possible, Kaminsky's demo will show that it can work in the real world, said David Ulevitch, CEO of DNS service provider OpenDNS. "I'm always a fan of when something that's theoretical gets made real, because it makes people act," he said.
On Tuesday, OpenDNS will offer users of its free service a way to prevent this type of attack, and the company will also set up a Web site that will use Kaminsky's techniques to give users a way to change the passwords of vulnerable routers.
The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said.
Although this particular attack takes advantage of the fact that routers often use default passwords that can be easily guessed by the hacker, there is no bug in the routers themselves, Kaminsky said. Rather, the issue is a "core browser bug," he said.
Router makers have known for some time how their default passwords can be misused by attackers. Three months ago, hackers showed how a similar attack could be launched, exploiting a flaw in the way Universal Plug-and-Play works on PCs.
Cisco tries hard to discourage Linksys customers from using routers with default passwords, said Trevor Bratton, a company spokesman. "One of the first things that our setup software does is change that default name," he said. "So anyone who does as we ask with the initial setup will be prompted to change that."
The problem is that home users rarely follow this advice, Kaminsky said. "The vast majority of home users have a device with a default password," he said.
Bob McMillan is Senior writer for the IDG News Service.
Researcher: Web page can take over your router
IDG News Service 4/8/08
Robert McMillan, IDG News Service, San Francisco Bureau
Bookmark and Share
On Tuesday, researcher Dan Kaminsky will show how a Web-based attack could be used to seize control of certain routers.
On this topic
Researchers: GSM mobile security on the ropes
Insider actions and the fight against network threats
RFID-hack hits 1B digital access cards worldwide
Formulating a wireless LAN security policy
Mobile Insecurity: A practical guide to threats and vulnerabilities
Wireless LAN policies for security and management
Get practical tips, IT news, how-tos, and the best in tech humor.
Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind the firewall. But at the RSA Conference in San Francisco, he will demonstrate how this attack would work on widely used routers, including those made by Cisco's Linksys division and D-Link.
The technique, called a DNS rebinding attack, would work on virtually any device, including printers, that uses a default password and a Web-based administration interface, said Kaminsky, who is director of penetration testing with IOActive.
Here's how it would work. The victim would visit a malicious Web page that would use JavaScript code to trick the browser into making changes on the Web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker's control.
Either way, the attacker would be able to control his victim's Internet communications.
The technical details of a DNS rebinding attack are complex, but essentially the attacker is taking advantage of the way the browser uses the DNS system to decide what parts of the network it can reach.
Although security researchers had known that this type of hack was theoretically possible, Kaminsky's demo will show that it can work in the real world, said David Ulevitch, CEO of DNS service provider OpenDNS. "I'm always a fan of when something that's theoretical gets made real, because it makes people act," he said.
On Tuesday, OpenDNS will offer users of its free service a way to prevent this type of attack, and the company will also set up a Web site that will use Kaminsky's techniques to give users a way to change the passwords of vulnerable routers.
The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said.
Although this particular attack takes advantage of the fact that routers often use default passwords that can be easily guessed by the hacker, there is no bug in the routers themselves, Kaminsky said. Rather, the issue is a "core browser bug," he said.
Router makers have known for some time how their default passwords can be misused by attackers. Three months ago, hackers showed how a similar attack could be launched, exploiting a flaw in the way Universal Plug-and-Play works on PCs.
Cisco tries hard to discourage Linksys customers from using routers with default passwords, said Trevor Bratton, a company spokesman. "One of the first things that our setup software does is change that default name," he said. "So anyone who does as we ask with the initial setup will be prompted to change that."
The problem is that home users rarely follow this advice, Kaminsky said. "The vast majority of home users have a device with a default password," he said.
Bob McMillan is Senior writer for the IDG News Service.
Microsoft to resume Vista 'endless reboot' update Tuesday
Microsoft Monday said it would resume automatic distribution of a Windows Vista update on Tuesday that two months ago sent some users' PCs into an endless wave of reboots.
The company assured users ahead of the release that it has fixed the problem and it is safe to download the update, one of two prerequisites needed before Vista Service Pack 1 (SP1) can be installed. Besides re-releasing the update for automatic download and installation, Microsoft will also issue a fix to prevent reboots from overwhelming the PC.
"These two updates should now install seamlessly through Windows Update, in the proper order, so those of you with [Windows Update] set to 'install updates automatically' who haven't already installed the [Servicing Stack Update] don't have to take any further action," said an unidentified company employee on the Microsoft Update team's blog.
On Feb. 12, Microsoft began pushing the Servicing Stack Update (SSU) and one other prerequisite to Vista users as the final stage of a two-month process of preparing the operating system for the release of SP1. Within days, however, users flooded Microsoft's support newsgroups with tales of stymied updates and locked-up computers. When these users switched off their machines to regain control, the systems rebooted endlessly.
Microsoft yanked the SSU from automatic distribution as a short-term solution, although it left it on the Windows Update servers.
Without SSU installed, users have been unable to download SP1 through Microsoft's update service. The lack of SSU, however, was just one of several reasons why many users grew frustrated over their inability to download and install the long-awaited service pack when it was posted last month to Windows Update.
The company also revealed more information today about the root cause of the reboot snafu. "SSU has special code to check whether there are any pending reboots or other updates to install," said the blog post. "If it sees either of these circumstances, it prevents the install from starting.
"During our investigation, we discovered that there were a few unknown and rare events during the middle of the installation of the update that could cause the update to think it needed a reboot to complete the installation. If this happened, the system entered a repeating reboot loop."
As it has previously, Microsoft today downplayed the extent of the problem, saying that "several million customers installed the updates successfully" while only "a few customers" lost control of their PCs to the reboots.
The pre-SSU update to be released Tuesday should prevent the PC from rebooting during the subsequent SSU install, Microsoft said.
Tuesday is also Microsoft's general security update day for the month. According to a notification published last week, the company will unveil eight security bulletins tomorrow to patch Windows, Office and Internet Explorer.
The company assured users ahead of the release that it has fixed the problem and it is safe to download the update, one of two prerequisites needed before Vista Service Pack 1 (SP1) can be installed. Besides re-releasing the update for automatic download and installation, Microsoft will also issue a fix to prevent reboots from overwhelming the PC.
"These two updates should now install seamlessly through Windows Update, in the proper order, so those of you with [Windows Update] set to 'install updates automatically' who haven't already installed the [Servicing Stack Update] don't have to take any further action," said an unidentified company employee on the Microsoft Update team's blog.
On Feb. 12, Microsoft began pushing the Servicing Stack Update (SSU) and one other prerequisite to Vista users as the final stage of a two-month process of preparing the operating system for the release of SP1. Within days, however, users flooded Microsoft's support newsgroups with tales of stymied updates and locked-up computers. When these users switched off their machines to regain control, the systems rebooted endlessly.
Microsoft yanked the SSU from automatic distribution as a short-term solution, although it left it on the Windows Update servers.
Without SSU installed, users have been unable to download SP1 through Microsoft's update service. The lack of SSU, however, was just one of several reasons why many users grew frustrated over their inability to download and install the long-awaited service pack when it was posted last month to Windows Update.
The company also revealed more information today about the root cause of the reboot snafu. "SSU has special code to check whether there are any pending reboots or other updates to install," said the blog post. "If it sees either of these circumstances, it prevents the install from starting.
"During our investigation, we discovered that there were a few unknown and rare events during the middle of the installation of the update that could cause the update to think it needed a reboot to complete the installation. If this happened, the system entered a repeating reboot loop."
As it has previously, Microsoft today downplayed the extent of the problem, saying that "several million customers installed the updates successfully" while only "a few customers" lost control of their PCs to the reboots.
The pre-SSU update to be released Tuesday should prevent the PC from rebooting during the subsequent SSU install, Microsoft said.
Tuesday is also Microsoft's general security update day for the month. According to a notification published last week, the company will unveil eight security bulletins tomorrow to patch Windows, Office and Internet Explorer.
Amazon Web Services has another outage
Amazon's cloud computing service was down on Monday morning for more than an hour, following an outage on its hosted storage service two months ago.
While Amazon appears to have learned some lessons since the previous outage, the incidents underscore the immaturity of the services, an analyst said.
"In terms of Amazon, what you need to know is that this is very new," said Phil Shih, an analyst with Tier 1 Research, a division of The 451 Group. "It's not something they've perfected. Because of this, we don't advise anybody to use this for anything mission-critical."
Amazon's Elastic Compute Cloud is a Web service that offers hosted computing. Users can quickly scale up or down the amount of processing power that they need, based on their changing requirements.
On Monday at around 2 a.m. Pacific Time, the first EC2 customer reported problems accessing the service on Amazon's Web services forum. Others quickly chimed in.
Within 15 minutes, an Amazon employee acknowledged reading about the problems and said the company was investigating them. That note, and subsequent messages at regular intervals, seemed to placate some customers. "Not all doom and gloom," one person wrote on the forum. "It should be noted that [Amazon Web Services] are keeping us up to date... 10 out of 10 for communication. Bravo!"
That's a very different type of response than customers had after the S3 outage in mid-February, when some users were quite angry at a lack of acknowledgement and information from Amazon about the outage, which lasted for as long as three hours.
At 3:21 a.m. Pacific Time on Monday, the first customer posted a note saying that the EC2 service was back up. Others followed. On the forum, Amazon said it would post more details about what caused the problem, but hadn't by Monday afternoon. An Amazon spokesman said he was working to get answers to questions about the outage.
Still, improvements in communication don't change the reliability of the services. Shih recommends that companies only consider using Amazon's Web services for small internal development products, where a company can absorb the risks and potential downtime.
But that recommendation could change in the future. "Do I expect them to raise their game and get better over time? Absolutely," Shih said. "They're pouring resources into this, and they're serious about it."
While these types of outages are a black eye for Amazon, they likely don't cost the company in terms of service level agreement payouts, Shih said. Late last year, Amazon created an SLA that lets companies apply for credits in the event of an outage. "Most people won't bother to get their money back," Shih said. "It's such a small amount, and it requires more paperwork to get the credit." But an SLA is something Amazon has to offer in order for companies to consider it a true enterprise-class service, he said.
While Amazon appears to have learned some lessons since the previous outage, the incidents underscore the immaturity of the services, an analyst said.
"In terms of Amazon, what you need to know is that this is very new," said Phil Shih, an analyst with Tier 1 Research, a division of The 451 Group. "It's not something they've perfected. Because of this, we don't advise anybody to use this for anything mission-critical."
Amazon's Elastic Compute Cloud is a Web service that offers hosted computing. Users can quickly scale up or down the amount of processing power that they need, based on their changing requirements.
On Monday at around 2 a.m. Pacific Time, the first EC2 customer reported problems accessing the service on Amazon's Web services forum. Others quickly chimed in.
Within 15 minutes, an Amazon employee acknowledged reading about the problems and said the company was investigating them. That note, and subsequent messages at regular intervals, seemed to placate some customers. "Not all doom and gloom," one person wrote on the forum. "It should be noted that [Amazon Web Services] are keeping us up to date... 10 out of 10 for communication. Bravo!"
That's a very different type of response than customers had after the S3 outage in mid-February, when some users were quite angry at a lack of acknowledgement and information from Amazon about the outage, which lasted for as long as three hours.
At 3:21 a.m. Pacific Time on Monday, the first customer posted a note saying that the EC2 service was back up. Others followed. On the forum, Amazon said it would post more details about what caused the problem, but hadn't by Monday afternoon. An Amazon spokesman said he was working to get answers to questions about the outage.
Still, improvements in communication don't change the reliability of the services. Shih recommends that companies only consider using Amazon's Web services for small internal development products, where a company can absorb the risks and potential downtime.
But that recommendation could change in the future. "Do I expect them to raise their game and get better over time? Absolutely," Shih said. "They're pouring resources into this, and they're serious about it."
While these types of outages are a black eye for Amazon, they likely don't cost the company in terms of service level agreement payouts, Shih said. Late last year, Amazon created an SLA that lets companies apply for credits in the event of an outage. "Most people won't bother to get their money back," Shih said. "It's such a small amount, and it requires more paperwork to get the credit." But an SLA is something Amazon has to offer in order for companies to consider it a true enterprise-class service, he said.
AMD announces layoffs, drops revenue forecast
Advanced Micro Devices on Monday said it plans to lay off 10 percent of its work force by the third quarter of 2008 in an effort to cut costs.
AMD currently has 16,800 employees worldwide, said Drew Prairie, an AMD spokesman. The layoffs will take place across business units around the world, he said.
"It's an action that will help create a better cost structure and help us return to profitability," Prairie said.
As a result of the layoffs, AMD expects to take restructuring charge of an undetermined amount in the second quarter of 2008.
The company also lowered its revenue expectations for the first quarter of 2008 is "due to lower than expected sales across all business segments," it said in a statement. AMD is predicting quarterly sales of US$1.5 billion, a 22 percent increase compared to the first quarter of 2007.
Analysts polled by Thomson Financial originally predicted net revenue of $1.61 billion.
The company will address these issues further on April 17, when it announces financial results for the quarter.
AMD has been struggling since acquiring graphics vendor ATI in 2006, reporting five consecutive quarterly losses due mostly to charges connected with the acquisition. AMD reported a net loss of $1.772 billion in the fourth quarter of 2007, which was higher than revenue of $1.770 billion. The net loss included charges of $1.675 billion mostly related to AMD's acquisition of ATI in 2006.
During a conference call announcing the fourth quarter results, AMD Chief Financial Officer Mario Rivet said the company hopes to return to profitability by the second quarter of 2008.
AMD currently has 16,800 employees worldwide, said Drew Prairie, an AMD spokesman. The layoffs will take place across business units around the world, he said.
"It's an action that will help create a better cost structure and help us return to profitability," Prairie said.
As a result of the layoffs, AMD expects to take restructuring charge of an undetermined amount in the second quarter of 2008.
The company also lowered its revenue expectations for the first quarter of 2008 is "due to lower than expected sales across all business segments," it said in a statement. AMD is predicting quarterly sales of US$1.5 billion, a 22 percent increase compared to the first quarter of 2007.
Analysts polled by Thomson Financial originally predicted net revenue of $1.61 billion.
The company will address these issues further on April 17, when it announces financial results for the quarter.
AMD has been struggling since acquiring graphics vendor ATI in 2006, reporting five consecutive quarterly losses due mostly to charges connected with the acquisition. AMD reported a net loss of $1.772 billion in the fourth quarter of 2007, which was higher than revenue of $1.770 billion. The net loss included charges of $1.675 billion mostly related to AMD's acquisition of ATI in 2006.
During a conference call announcing the fourth quarter results, AMD Chief Financial Officer Mario Rivet said the company hopes to return to profitability by the second quarter of 2008.
Samsung committed to torch relay despite protests
Samsung Electronics says it remains committed to its sponsorship of the Olympic torch relay despite large protests in London on Sunday that dogged the progress of the torch through the city.
"We understand there are concerns among consumers, customers and even internally within Samsung," said Louis Kim, a spokesman for Samsung in Seoul. He said Samsung has no control over the route of the torch or the cities it visits. "Just like the spectators we are trying to embrace the Olympic Games," he said.
Thousands of people turned out to see the Olympic torch and among them were a sizable number who were protesting China's human-rights record and its treatment of people in Tibet.
To enable the torch to travel through the city without interruption, a protective ring of Chinese security staff supplemented two rings of local police but at several points people managed to get close to the torch. At one point a protestor managed to grab the torch for a moment before being wrestled to the ground by police.
By the end of the day there had been 37 arrests by police involving incidents related to the relay.
On Monday the torch relay moved on to Paris and on Wednesday it is due to travel through San Francisco.
"We have to watch carefully but the torch will continue to travel until the end of the international relay," said Kim.
Television pictures from Paris show hundreds of mainly pro-Tibet protestors along part of the torch relay route and some clashes with police. Several arrests have reportedly been made. Perhaps most symbolically, the Olympic torch has been extinguished during the Paris leg, according to several reports from the city.
Samsung is one of a handful of major sponsors of the Olympic Games. It began sponsoring the torch relay at the 2004 games in Athens and will continue to do so until the 2016 games.
"We understand there are concerns among consumers, customers and even internally within Samsung," said Louis Kim, a spokesman for Samsung in Seoul. He said Samsung has no control over the route of the torch or the cities it visits. "Just like the spectators we are trying to embrace the Olympic Games," he said.
Thousands of people turned out to see the Olympic torch and among them were a sizable number who were protesting China's human-rights record and its treatment of people in Tibet.
To enable the torch to travel through the city without interruption, a protective ring of Chinese security staff supplemented two rings of local police but at several points people managed to get close to the torch. At one point a protestor managed to grab the torch for a moment before being wrestled to the ground by police.
By the end of the day there had been 37 arrests by police involving incidents related to the relay.
On Monday the torch relay moved on to Paris and on Wednesday it is due to travel through San Francisco.
"We have to watch carefully but the torch will continue to travel until the end of the international relay," said Kim.
Television pictures from Paris show hundreds of mainly pro-Tibet protestors along part of the torch relay route and some clashes with police. Several arrests have reportedly been made. Perhaps most symbolically, the Olympic torch has been extinguished during the Paris leg, according to several reports from the city.
Samsung is one of a handful of major sponsors of the Olympic Games. It began sponsoring the torch relay at the 2004 games in Athens and will continue to do so until the 2016 games.
Motorola, Icahn reach agreement on board
Motorola and Carl Icahn have reached an agreement that ends the activist investor's long battle to install members on Motorola's board and break up the company.
Two people Icahn has backed for the board will be nominated to it, and one will be seated immediately, the company and Icahn said in a statement Monday. In addition, Motorola agreed to seek input from Icahn regarding the spinoff of the company's handset division and the search for a leader of that unit. As part of the deal, all pending litigation between Motorola and Icahn will be dismissed.
Icahn owns about 6.4 percent of Motorola. He has been pressuring the wireless network and handset maker for several months, at first waging an unsuccessful battle for shareholders' proxy votes to get elected to the board himself. He also has argued that Motorola would be worth more broken up than as a whole. Icahn attacked while Motorola was suffering weak financial results after profits from its popular Razr handset faded and it failed to come up with another hit phone.
The pressure may have succeeded. CEO Ed Zander stepped down late last year, and last month the company announced plans to separate the handset division from its enterprise and home network units in 2009. Motorola would become two companies, each with its own stock. The plan still needs some approvals.
William Hambrecht, founder, chairman and CEO of financial services firm WR Hambrecht + Co., and Icahn investment funds managing director Keith Meister, will be nominated for the board at the company's 2008 Annual Meeting of Shareholders as part of the deal announced Monday. Meister also was appointed to begin serving on the board immediately. Hambrecht and Meister are allowed to communicate with Icahn about the board's activities, subject to certain confidentiality rules, according to the statement.
Icahn invests broadly and has a reputation for using his ownership of large stakes in various companies to bring about changes. Last year he demanded that BEA shareholders be allowed to vote on Oracle's proposal to buy the enterprise software maker. The deal passed a special shareholder vote last week. In 2005, he told Time Warner to reverse its troubled 2000 acquisition of AOL. It never did.
Two people Icahn has backed for the board will be nominated to it, and one will be seated immediately, the company and Icahn said in a statement Monday. In addition, Motorola agreed to seek input from Icahn regarding the spinoff of the company's handset division and the search for a leader of that unit. As part of the deal, all pending litigation between Motorola and Icahn will be dismissed.
Icahn owns about 6.4 percent of Motorola. He has been pressuring the wireless network and handset maker for several months, at first waging an unsuccessful battle for shareholders' proxy votes to get elected to the board himself. He also has argued that Motorola would be worth more broken up than as a whole. Icahn attacked while Motorola was suffering weak financial results after profits from its popular Razr handset faded and it failed to come up with another hit phone.
The pressure may have succeeded. CEO Ed Zander stepped down late last year, and last month the company announced plans to separate the handset division from its enterprise and home network units in 2009. Motorola would become two companies, each with its own stock. The plan still needs some approvals.
William Hambrecht, founder, chairman and CEO of financial services firm WR Hambrecht + Co., and Icahn investment funds managing director Keith Meister, will be nominated for the board at the company's 2008 Annual Meeting of Shareholders as part of the deal announced Monday. Meister also was appointed to begin serving on the board immediately. Hambrecht and Meister are allowed to communicate with Icahn about the board's activities, subject to certain confidentiality rules, according to the statement.
Icahn invests broadly and has a reputation for using his ownership of large stakes in various companies to bring about changes. Last year he demanded that BEA shareholders be allowed to vote on Oracle's proposal to buy the enterprise software maker. The deal passed a special shareholder vote last week. In 2005, he told Time Warner to reverse its troubled 2000 acquisition of AOL. It never did.
New attack targets ActiveX bugs
Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before, said a security company on Friday
Fewer than half of the flawed ActiveX controls have been patched.
The attack framework probes Windows PCs for vulnerable ActiveX controls from software vendors Microsoft Corp., Citrix Systems Inc. and Macrovision Corp., as well as hardware makers D-Link Corp., Hewlett-Packard Co., Gateway Inc., and Sony Corp., said a Symantec Corp. researcher.
"What's interesting about this attack is that there are so many vulnerabilities in one attack that have not been seen in the wild previously," said Symantec's Patrick Jungles, who wrote an analysis of the multi-strike package for customers of the company's DeepSight threat service.
According to Jungles, visitors to compromised Web sites are redirected by a rogue IFRAME to a malicious site serving the package. The attack pack tests the victim's PC for each ActiveX control, detects whether a vulnerable version of a control is installed, then launches an attack when it finds one.
Bugs in ActiveX, a Microsoft technology used most often to create add-ons for the company's Internet Explorer (IE) browser, have always been common, but so many serious flaws have been disclosed of late that some security experts have recommended users do without them.
The seven exploited in the package outlined by Jungles are a mix of old and brand-new flaws. For example, Microsoft's own ActiveX vulnerability -- a bug in IE's Speech API (application programming interface) -- was disclosed in June 2007, while the vulnerability in the Citrix Presentation Server Client control harks back even further, to December 2006. Others, such as the ActiveX bugs in D-Link's security Webcams and in Sony's ImageStation, are much more recent, having been revealed in February.
Four of the seven ActiveX flaws -- those in the D-Link, Gateway, Sony and Macrovision products -- have not been patched, said Jungles.
Assuming the exploit framework succeeds in compromising a PC, the hackers drop a Trojan on the machine that turns it into a spam-spewing zombie; the Trojan includes a rootkit component to mask the malware from anti-virus scanners.
Symantec added that while the initial IP address that sent users to the malicious site was no longer infected with the IFRAME code, other addresses were redirecting users.
"The list of IPs involved in the exploitation is by no means comprehensive," said Jungles, "because the nature of the exploitation indicates that several other sites are likely forwarding victims." The IFRAME code, he continued, had been found embedded in the legitimate sites' HTML and was at times distributed via online advertisements; DNS poisoning, he said, was also suspected.
Jungles' report recommended that users apply patches, when they're available, and set the "kill bit" on those ActiveX controls which have not yet been updated by their makers.
Fewer than half of the flawed ActiveX controls have been patched.
The attack framework probes Windows PCs for vulnerable ActiveX controls from software vendors Microsoft Corp., Citrix Systems Inc. and Macrovision Corp., as well as hardware makers D-Link Corp., Hewlett-Packard Co., Gateway Inc., and Sony Corp., said a Symantec Corp. researcher.
"What's interesting about this attack is that there are so many vulnerabilities in one attack that have not been seen in the wild previously," said Symantec's Patrick Jungles, who wrote an analysis of the multi-strike package for customers of the company's DeepSight threat service.
According to Jungles, visitors to compromised Web sites are redirected by a rogue IFRAME to a malicious site serving the package. The attack pack tests the victim's PC for each ActiveX control, detects whether a vulnerable version of a control is installed, then launches an attack when it finds one.
Bugs in ActiveX, a Microsoft technology used most often to create add-ons for the company's Internet Explorer (IE) browser, have always been common, but so many serious flaws have been disclosed of late that some security experts have recommended users do without them.
The seven exploited in the package outlined by Jungles are a mix of old and brand-new flaws. For example, Microsoft's own ActiveX vulnerability -- a bug in IE's Speech API (application programming interface) -- was disclosed in June 2007, while the vulnerability in the Citrix Presentation Server Client control harks back even further, to December 2006. Others, such as the ActiveX bugs in D-Link's security Webcams and in Sony's ImageStation, are much more recent, having been revealed in February.
Four of the seven ActiveX flaws -- those in the D-Link, Gateway, Sony and Macrovision products -- have not been patched, said Jungles.
Assuming the exploit framework succeeds in compromising a PC, the hackers drop a Trojan on the machine that turns it into a spam-spewing zombie; the Trojan includes a rootkit component to mask the malware from anti-virus scanners.
Symantec added that while the initial IP address that sent users to the malicious site was no longer infected with the IFRAME code, other addresses were redirecting users.
"The list of IPs involved in the exploitation is by no means comprehensive," said Jungles, "because the nature of the exploitation indicates that several other sites are likely forwarding victims." The IFRAME code, he continued, had been found embedded in the legitimate sites' HTML and was at times distributed via online advertisements; DNS poisoning, he said, was also suspected.
Jungles' report recommended that users apply patches, when they're available, and set the "kill bit" on those ActiveX controls which have not yet been updated by their makers.
In-flight mobile phone use approved across Europe
The European Commision has opened the door for mobile phones on planes, introducing measures to harmonize the technical and licensing requirements for mobiles services in the sky.
This means that 90 percent of European air passengers can remain contactable during flights, according to the Commission. The commercial systems currently envisaged for airlines are focussing on MCA services for GSM (Global System for Mobile Communications) phones operating in the 1800MHz frequency bands, which over 90 percent of air passengers are estimated to carry when travelling.
As a result of the introduction of the measures by the Commission, local regulators will be able to hand out licenses to make services a reality.
One regulatory decision for all of Europe was required for this new service to come into being, according to Viviane Reding, the European Union Telecommunicationss Commissioner.
"In-flight mobile phone services can be a very interesting new service especially for those business travellers who need to be ready to communicate wherever they are," she said in a statement.
At the same time, if users get "shock phone bills, the service will not take off," Reding warned.
The ability to make phone calls on board planes is moving forward on severel fronts.
Recently the world's first authorized in-flight mobile phone calls on a commercial flight, by Emirates Airline, took place last month following the introduction of the AeroMobile system, a joint venture between Telenor and ARINC, by Emirates Airline.
Field studies and market research clearly show that there is strong interest in in-flight mobile communications among passengers, particularly among business travellers and frequent flyers, but also by leisure travellers, according to Telenor.
But not everyone is convinced.
Airlines have to take into considiration the fact that many passengers don't want mobile coverage on airplanes, according to Monica Hultberg, spokeswoman at Scandinavian Airlines.
"A couple of years ago we did a survey, and 50 percent didn't like the idea," said Hultberg, adding that it's monitoring how the area develops.
This means that 90 percent of European air passengers can remain contactable during flights, according to the Commission. The commercial systems currently envisaged for airlines are focussing on MCA services for GSM (Global System for Mobile Communications) phones operating in the 1800MHz frequency bands, which over 90 percent of air passengers are estimated to carry when travelling.
As a result of the introduction of the measures by the Commission, local regulators will be able to hand out licenses to make services a reality.
One regulatory decision for all of Europe was required for this new service to come into being, according to Viviane Reding, the European Union Telecommunicationss Commissioner.
"In-flight mobile phone services can be a very interesting new service especially for those business travellers who need to be ready to communicate wherever they are," she said in a statement.
At the same time, if users get "shock phone bills, the service will not take off," Reding warned.
The ability to make phone calls on board planes is moving forward on severel fronts.
Recently the world's first authorized in-flight mobile phone calls on a commercial flight, by Emirates Airline, took place last month following the introduction of the AeroMobile system, a joint venture between Telenor and ARINC, by Emirates Airline.
Field studies and market research clearly show that there is strong interest in in-flight mobile communications among passengers, particularly among business travellers and frequent flyers, but also by leisure travellers, according to Telenor.
But not everyone is convinced.
Airlines have to take into considiration the fact that many passengers don't want mobile coverage on airplanes, according to Monica Hultberg, spokeswoman at Scandinavian Airlines.
"A couple of years ago we did a survey, and 50 percent didn't like the idea," said Hultberg, adding that it's monitoring how the area develops.
Asustek sues IBM in patent row
Asustek Computer has filed suit against IBM over alleged infringement of two patents, just a few months after IBM filed a similar action against the Taiwanese company earlier this year.
Asustek filed the complaint in the U.S. District Court for the Southern District of California last week. In the filing, Asustek asked the court for relief from the alleged IBM infringements as well as monetary damages.
One of the Asustek patents is for a method for providing remote storage for Internet appliances, while the other relates to servers. Asustek alleges the patents have been infringed by IBM in components, software and hardware related to storage area networking equipment and servers.
The Asustek suit comes four months after the U.S. International Trade Commission took up a case for IBM against Asustek for the importation of equipment using certain PC power supplies, cooling fans and clustering technologies that IBM says infringe three of its patents.
Asustek declined to comment. IBM could not immediately be reached for comment.
Asustek filed the complaint in the U.S. District Court for the Southern District of California last week. In the filing, Asustek asked the court for relief from the alleged IBM infringements as well as monetary damages.
One of the Asustek patents is for a method for providing remote storage for Internet appliances, while the other relates to servers. Asustek alleges the patents have been infringed by IBM in components, software and hardware related to storage area networking equipment and servers.
The Asustek suit comes four months after the U.S. International Trade Commission took up a case for IBM against Asustek for the importation of equipment using certain PC power supplies, cooling fans and clustering technologies that IBM says infringe three of its patents.
Asustek declined to comment. IBM could not immediately be reached for comment.
Orange launches TV service for PC, TV and mobiles
Mobile operator Orange will roll out a "cinéma séries" service where customers will be able to watch six TV channels and video-on-demand on their TV, PC and mobile device.
It's the first service of its kind, according to the carrier.
"We are taking our current triple-play offer one step further. Our customers will be able to choose how, where and when to watch content," said Béatrice Mandine, director of press relations at Orange.
Orange launched the service at the MIPTV 2008 event in Cannes, which opens Monday and continues through Friday.
The service will consist of six channels, five plus one duplicated in high definition, of films and TV programs. At the same time, Orange will offer on-demand programming to TVs, PCs or mobiles.
To watch movies on mobile phones, users will need 3G (third-generation) service, and the bigger the screen is on the device the better, according to Mandine.
Content will come in the form of exclusive access to new films and series from Warner Bros. International Television and HBO, as well as exclusive access to all new movies from French film producers Fidélité and Gaumont.
Orange cinéma séries will launch first in France in late 2008. Plans for other countries aren't set. Orange didn't announce pricing, but users will pay a monthly fee for the service, according to Mandine.
It's the first service of its kind, according to the carrier.
"We are taking our current triple-play offer one step further. Our customers will be able to choose how, where and when to watch content," said Béatrice Mandine, director of press relations at Orange.
Orange launched the service at the MIPTV 2008 event in Cannes, which opens Monday and continues through Friday.
The service will consist of six channels, five plus one duplicated in high definition, of films and TV programs. At the same time, Orange will offer on-demand programming to TVs, PCs or mobiles.
To watch movies on mobile phones, users will need 3G (third-generation) service, and the bigger the screen is on the device the better, according to Mandine.
Content will come in the form of exclusive access to new films and series from Warner Bros. International Television and HBO, as well as exclusive access to all new movies from French film producers Fidélité and Gaumont.
Orange cinéma séries will launch first in France in late 2008. Plans for other countries aren't set. Orange didn't announce pricing, but users will pay a monthly fee for the service, according to Mandine.
Application-sharing exchange takes cue from Salesforce
Following a path laid out by companies such as Salesforce.com, risk-compliance software vendor Archer Technologies is opening up the Archer Exchange, an online marketplace and community site for applications built with its development framework, SmartSuite.
While Archer is primarily known for applications centered around risk and compliance, customers began to find the framework was suitable for developing other types of programs as well, such as customer relationship management (CRM), said Archer CEO Jon Darbyshire.
"Now we're going to the CIO," he said. "The IT group has started to see they can use this for things besides compliance."
The exchange, launching Monday, had been in beta for roughly a month with more than 1,000 registered users kicking the tires, according to Darbyshire.
Archer charges customers US$8,000 per on-demand application license, which has no user limit. Quantity discounts are available, and customers can test an application in nonproduction form before committing it to a paid license. Customers who develop custom applications for the exchange can charge a separate royalty fee if they desire.
Anything that goes on the site -- which has clear echoes of Salesforce's AppExchange -- must first pass a "200-point" certification process, according to Darbyshire.
In addition to registered users, a group of about 10 workers at Archer is now focused on talking to customers and building applications they'd like to see, he said.
Beyond the applications, the Archer Exchange site has departments for certified consultants, data integration needs and third-party providers of specialized content.
The service will have 60 applications when it goes live Monday, according to Darbyshire, who predicted that figure will grow to 150 within six to eight months. "We're just being inundated by our customers with things they want to publish on the exchange."
Jeff Jenkins, vice president of information security governance and compliance at First American Corp., said his company, a large financial services provider, is an existing user of Archer's platform.
While the platform doesn't require heavy-duty programming skills, it delivers real functionality, he said. "The program is so flexible, we've kind of been fighting the good problem of holding back the reins."
Jenkins called the exchange "a particularly interesting concept."
"You can almost get lost sitting around thinking of ideas and how to do them. It's nice to have a sounding board of other customers to bounce ideas off of," he said.
First American plans to begin putting up its custom modules on the site, and the notion of garnering some royalty money from the applications is appealing, Jenkins said. "Given the time and effort we spend building something in Archer, it would be nice to recoup some of that effort."
While Archer is primarily known for applications centered around risk and compliance, customers began to find the framework was suitable for developing other types of programs as well, such as customer relationship management (CRM), said Archer CEO Jon Darbyshire.
"Now we're going to the CIO," he said. "The IT group has started to see they can use this for things besides compliance."
The exchange, launching Monday, had been in beta for roughly a month with more than 1,000 registered users kicking the tires, according to Darbyshire.
Archer charges customers US$8,000 per on-demand application license, which has no user limit. Quantity discounts are available, and customers can test an application in nonproduction form before committing it to a paid license. Customers who develop custom applications for the exchange can charge a separate royalty fee if they desire.
Anything that goes on the site -- which has clear echoes of Salesforce's AppExchange -- must first pass a "200-point" certification process, according to Darbyshire.
In addition to registered users, a group of about 10 workers at Archer is now focused on talking to customers and building applications they'd like to see, he said.
Beyond the applications, the Archer Exchange site has departments for certified consultants, data integration needs and third-party providers of specialized content.
The service will have 60 applications when it goes live Monday, according to Darbyshire, who predicted that figure will grow to 150 within six to eight months. "We're just being inundated by our customers with things they want to publish on the exchange."
Jeff Jenkins, vice president of information security governance and compliance at First American Corp., said his company, a large financial services provider, is an existing user of Archer's platform.
While the platform doesn't require heavy-duty programming skills, it delivers real functionality, he said. "The program is so flexible, we've kind of been fighting the good problem of holding back the reins."
Jenkins called the exchange "a particularly interesting concept."
"You can almost get lost sitting around thinking of ideas and how to do them. It's nice to have a sounding board of other customers to bounce ideas off of," he said.
First American plans to begin putting up its custom modules on the site, and the notion of garnering some royalty money from the applications is appealing, Jenkins said. "Given the time and effort we spend building something in Archer, it would be nice to recoup some of that effort."
Spectrum auction unlikely to shift carrier balance
Both Verizon Wireless and AT&T won enough spectrum licenses in the U.S. government's 700MHz auction concluded last month to roll out services a cut above what they offer today, though how fast they are for subscribers will be up to the carriers.
Both service providers will use the frequencies, at least in part, for LTE (Long-Term Evolution), an emerging mobile broadband technology sponsored by the organization that backs GSM (Global System for Mobile Communications). AT&T said the licenses would provide the foundation for rolling out HSPA+, a technology further along in its development, as well as LTE. The carriers released some details of their plans on Thursday after a quiet period imposed by the U.S. Federal Communications Commission (FCC) ended. Also on Thursday, Qualcomm said it will use eight new licenses to expand its FLO TV mobile broadcasting service.
The 700MHz spectrum, which TV stations are required to give up by mid-February 2009 when they drop analog broadcasts, can reach farther and penetrate walls better than current cellular frequencies. The auction brought in more than US$19 billion, with Verizon agreeing to pay more than $9 billion and AT&T about $6.6 billion. At the urging of Google and other parties, the FCC set requirements for use of some of the frequencies by any application or device. Google didn't win any licenses, but it hopes, along with Microsoft and others, to take advantage of "white spaces" between channels.
Verizon won a nearly nationwide block of spectrum that is 22MHz wide. That's broader than the block where AT&T said it won licenses covering the 200 largest markets in the U.S. But though AT&T's block is only 12MHz, the two carriers may be on roughly equal footing, according to IDC analyst Godfrey Chua. Anything over 10MHz is enough spectrum to take advantage of LTE, which can deliver higher speeds than current technologies and is also more efficient, he said. AT&T also recently acquired valuable 700MHz spectrum from Aloha Partners. Those licenses, for which AT&T said it would pay $2.5 billion, cover about two-thirds of the U.S. population.
As wireless technology continues its march through new standards, its speed can increase with each step. One of the latest, HSUPA (High-Speed Uplink Packet Access), will offer 600K bps (bits per second) to 1.4M bps downstream and between 500K bps and 800K bps upstream on average, according to AT&T. The carrier said it will finish building its HSUPA network using existing spectrum in the middle of this year.
But speed gains for individual subscribers don't have to follow that path directly, according to IDC's Chua. The bottom line is that LTE handles spectrum more efficiently, but carriers have to determine the best tradeoff between speed and subscriber base, he said.
"With that 22MHz, I can either serve more customers with less bandwidth or serve fewer customers with more bandwidth," Chua said.
Even the higher speeds that LTE can deliver won't meet the expectations of many users, in the view of Albert Lin, a mobile analyst at investment firm Sooner Cap.
"Ask any moderate or heavy user, and they'll start rattling off features that won't exist even with LTE," such as videoconferencing, certain types of community interaction and virtual sessions in enterprise applications, he said.
Consumers won't really benefit from the spectrum for some time. For one thing, some successful TV stations are likely to fight the handover of frequencies, Lin said. Verizon, for its part, said Thursday it doesn't plan to roll out LTE until 2010.
Both service providers will use the frequencies, at least in part, for LTE (Long-Term Evolution), an emerging mobile broadband technology sponsored by the organization that backs GSM (Global System for Mobile Communications). AT&T said the licenses would provide the foundation for rolling out HSPA+, a technology further along in its development, as well as LTE. The carriers released some details of their plans on Thursday after a quiet period imposed by the U.S. Federal Communications Commission (FCC) ended. Also on Thursday, Qualcomm said it will use eight new licenses to expand its FLO TV mobile broadcasting service.
The 700MHz spectrum, which TV stations are required to give up by mid-February 2009 when they drop analog broadcasts, can reach farther and penetrate walls better than current cellular frequencies. The auction brought in more than US$19 billion, with Verizon agreeing to pay more than $9 billion and AT&T about $6.6 billion. At the urging of Google and other parties, the FCC set requirements for use of some of the frequencies by any application or device. Google didn't win any licenses, but it hopes, along with Microsoft and others, to take advantage of "white spaces" between channels.
Verizon won a nearly nationwide block of spectrum that is 22MHz wide. That's broader than the block where AT&T said it won licenses covering the 200 largest markets in the U.S. But though AT&T's block is only 12MHz, the two carriers may be on roughly equal footing, according to IDC analyst Godfrey Chua. Anything over 10MHz is enough spectrum to take advantage of LTE, which can deliver higher speeds than current technologies and is also more efficient, he said. AT&T also recently acquired valuable 700MHz spectrum from Aloha Partners. Those licenses, for which AT&T said it would pay $2.5 billion, cover about two-thirds of the U.S. population.
As wireless technology continues its march through new standards, its speed can increase with each step. One of the latest, HSUPA (High-Speed Uplink Packet Access), will offer 600K bps (bits per second) to 1.4M bps downstream and between 500K bps and 800K bps upstream on average, according to AT&T. The carrier said it will finish building its HSUPA network using existing spectrum in the middle of this year.
But speed gains for individual subscribers don't have to follow that path directly, according to IDC's Chua. The bottom line is that LTE handles spectrum more efficiently, but carriers have to determine the best tradeoff between speed and subscriber base, he said.
"With that 22MHz, I can either serve more customers with less bandwidth or serve fewer customers with more bandwidth," Chua said.
Even the higher speeds that LTE can deliver won't meet the expectations of many users, in the view of Albert Lin, a mobile analyst at investment firm Sooner Cap.
"Ask any moderate or heavy user, and they'll start rattling off features that won't exist even with LTE," such as videoconferencing, certain types of community interaction and virtual sessions in enterprise applications, he said.
Consumers won't really benefit from the spectrum for some time. For one thing, some successful TV stations are likely to fight the handover of frequencies, Lin said. Verizon, for its part, said Thursday it doesn't plan to roll out LTE until 2010.
Companies struggle as Safari pops up on networks
Network administrators are complaining that Apple's recent decision to offer users its Safari Web browser as part of an iTunes and QuickTime update has made their lives harder, as they struggle to remove the software from PCs on their networks.
For Cody Wilson, the trouble began a few weeks ago, when he noticed that Safari had popped up as a download option with his Apple Software Update, the program that is used to update iTunes and QuickTime.
Wilson, a network administrator with Soy Capital Bank and Trust in Decatur, Illinois, soon found out that many of the users on his network had installed the software without realizing it. "I went into work the next day and I scanned my network, and my inventory software said I have Safari on 30 PCs," he said.
Because of the way Apple had configured the update, anyone who clicked OK automatically installed the company's Web browser. Most users thought that Safari was simply a component of the Apple software they'd already installed, Wilson said.
"This is not good; this is a security risk," he said. "We're a bank."
Wilson said it has taken him the better part of a week to remove Safari from his network and prevent it from being reinstalled.
In an e-mail interview, Susan Bradley agreed that the updates are creating a problem for administrators and making users less secure. "It impacts all of us when more potential attack surface is installed in a group of folks that are vulnerable enough as it is," said Bradley, who is chief technology officer with Tamiyasu, Smith, Horn and Braun, Accountancy Corp.
On Friday, patch management vendor Shavlik Technologies announced that it had updated its Shavlik NetChk Protect software to detect and remove Safari.
Administrators may see more support calls from users who have installed Safari without realizing it, said Eric Schultze, chief technology officer with Shavlik. "I could see administrators saying, 'I approved a standard desktop image, now [Safari is] showing up. I need to remove it.'"
One poster to the Patchmanagement discussion list described the situation more bluntly.
"What's the difference between a malware spreading across a corporate environment and a nagging system tray icon that installs another insecure default browser," wrote the poster, who identified himself as Emin.
For Cody Wilson, the trouble began a few weeks ago, when he noticed that Safari had popped up as a download option with his Apple Software Update, the program that is used to update iTunes and QuickTime.
Wilson, a network administrator with Soy Capital Bank and Trust in Decatur, Illinois, soon found out that many of the users on his network had installed the software without realizing it. "I went into work the next day and I scanned my network, and my inventory software said I have Safari on 30 PCs," he said.
Because of the way Apple had configured the update, anyone who clicked OK automatically installed the company's Web browser. Most users thought that Safari was simply a component of the Apple software they'd already installed, Wilson said.
"This is not good; this is a security risk," he said. "We're a bank."
Wilson said it has taken him the better part of a week to remove Safari from his network and prevent it from being reinstalled.
In an e-mail interview, Susan Bradley agreed that the updates are creating a problem for administrators and making users less secure. "It impacts all of us when more potential attack surface is installed in a group of folks that are vulnerable enough as it is," said Bradley, who is chief technology officer with Tamiyasu, Smith, Horn and Braun, Accountancy Corp.
On Friday, patch management vendor Shavlik Technologies announced that it had updated its Shavlik NetChk Protect software to detect and remove Safari.
Administrators may see more support calls from users who have installed Safari without realizing it, said Eric Schultze, chief technology officer with Shavlik. "I could see administrators saying, 'I approved a standard desktop image, now [Safari is] showing up. I need to remove it.'"
One poster to the Patchmanagement discussion list described the situation more bluntly.
"What's the difference between a malware spreading across a corporate environment and a nagging system tray icon that installs another insecure default browser," wrote the poster, who identified himself as Emin.
Good aims to manage all enterprise mobile devices
Enterprises don't want to have to use two different management systems to support mobile devices in the warehouse and smartphones for executives, and so Good Technology, with sister company Symbol, plans to offer products that can support all types of mobile devices.
"A Symbol device on the loading dock doesn't have the same security policies and applications as smartphones, but you don't need two products to manage them," said Brian Havener, group product manager at Motorola's Enterprise Mobility team.
In the coming months, Good plans to unveil more products and services that let an enterprise manage devices from the "shop floor to the corner office" using the same systems, he said.
Since Motorola acquired Good last year, Good has been working on ways to combine its enterprise e-mail offering with products from Symbol, which was also acquired by Motorola in 2007. Currently, the companies offer a variety of products in different "silos" within the same group, Havener said. "In the last six months we've been working on: Where does it make sense to put the investment to break the silos and have a common foundation of services and products," he said.
Good's product comprises two pieces: the e-mail client and the back-end server. In the next release, expected to become available in a couple months, the server will have many more management and security features, he said. It will support other mobile applications in addition to e-mail and will allow IT administrators to secure and manage devices as they operate over cellular networks and Wi-Fi networks.
Despite Good's ties to Motorola and Symbol, the technology will continue to support devices made by any manufacturer, Havener said. Other mobile-device management providers, like Nokia's Intellisync, have similar policies, but it's one that sets Good and Intellisync apart from a notable competitor: Microsoft.
"We don't have a single customer today, nor will we tomorrow, that has Exchange 07, all Windows Mobile 6.1 devices and the chops to essentially deploy a [Network Operations Center]," said Havener. In order to use Microsoft's Mobile Device Manager, enterprises must be running Exchange 2007 and only use mobile phones running Windows Mobile 6.1, the software that will become available possibly as soon as the second quarter this year.
Good argues that deploying its system will be easier than Microsoft's product and can offer some advantages. Because traffic to and from devices running Good's software passes through Good's network operations center, IT administrators can monitor that traffic. Checking the Good management console, they can discover a range of data about each device, including pending messages, device status, connection to networks and other history. He doesn't expect that Microsoft's Mobile Device Manager will offer all of those types of information about users.
Also to come in the near future is integration between the Good client and the PBX, Havener said. That will allow mobile users to take advantage of PBX features on their phones, such as four-digit dialing, conference calling and unified phone numbers.
"A Symbol device on the loading dock doesn't have the same security policies and applications as smartphones, but you don't need two products to manage them," said Brian Havener, group product manager at Motorola's Enterprise Mobility team.
In the coming months, Good plans to unveil more products and services that let an enterprise manage devices from the "shop floor to the corner office" using the same systems, he said.
Since Motorola acquired Good last year, Good has been working on ways to combine its enterprise e-mail offering with products from Symbol, which was also acquired by Motorola in 2007. Currently, the companies offer a variety of products in different "silos" within the same group, Havener said. "In the last six months we've been working on: Where does it make sense to put the investment to break the silos and have a common foundation of services and products," he said.
Good's product comprises two pieces: the e-mail client and the back-end server. In the next release, expected to become available in a couple months, the server will have many more management and security features, he said. It will support other mobile applications in addition to e-mail and will allow IT administrators to secure and manage devices as they operate over cellular networks and Wi-Fi networks.
Despite Good's ties to Motorola and Symbol, the technology will continue to support devices made by any manufacturer, Havener said. Other mobile-device management providers, like Nokia's Intellisync, have similar policies, but it's one that sets Good and Intellisync apart from a notable competitor: Microsoft.
"We don't have a single customer today, nor will we tomorrow, that has Exchange 07, all Windows Mobile 6.1 devices and the chops to essentially deploy a [Network Operations Center]," said Havener. In order to use Microsoft's Mobile Device Manager, enterprises must be running Exchange 2007 and only use mobile phones running Windows Mobile 6.1, the software that will become available possibly as soon as the second quarter this year.
Good argues that deploying its system will be easier than Microsoft's product and can offer some advantages. Because traffic to and from devices running Good's software passes through Good's network operations center, IT administrators can monitor that traffic. Checking the Good management console, they can discover a range of data about each device, including pending messages, device status, connection to networks and other history. He doesn't expect that Microsoft's Mobile Device Manager will offer all of those types of information about users.
Also to come in the near future is integration between the Good client and the PBX, Havener said. That will allow mobile users to take advantage of PBX features on their phones, such as four-digit dialing, conference calling and unified phone numbers.
Jury: Microsoft must pay Alcatel-Lucent $367 million
A jury in San Diego ordered Microsoft to pay Alcatel-Lucent US$367.4 million for infringing on two patents, adding a new chapter to a long-running dispute between the companies.
The jury, in U.S. District Court in San Diego, found that Microsoft had infringed on two patents involving user interface technology. It also found that Microsoft didn't infringe on another Alcatel-Lucent patent related to video decoding. The court ruled that patent, which Alcatel-Lucent alleged was infringed in MPEG2-based DVD playback in Windows, is invalid.
According to Microsoft, which will try to overturn the infringement verdict, Alcatel-Lucent had hoped to receive $1.75 billion in damages. Microsoft called the video patent ruling a victory for the many companies that use MPEG video-decoding technology.
The case dates back to 2003, when Alcatel-Lucent charged Microsoft, Dell and Gateway with patent infringement.
Last year, a court reversed a $1.5 billion patent infringement case against Microsoft in a case Alcatel-Lucent brought against the software giant related to MP3 technology.
There's more to come in the ongoing battle between the companies. On April 22, the San Diego court will hear a case Microsoft is bringing against Alcatel-Lucent, accusing it of infringing on nine patents.
The jury, in U.S. District Court in San Diego, found that Microsoft had infringed on two patents involving user interface technology. It also found that Microsoft didn't infringe on another Alcatel-Lucent patent related to video decoding. The court ruled that patent, which Alcatel-Lucent alleged was infringed in MPEG2-based DVD playback in Windows, is invalid.
According to Microsoft, which will try to overturn the infringement verdict, Alcatel-Lucent had hoped to receive $1.75 billion in damages. Microsoft called the video patent ruling a victory for the many companies that use MPEG video-decoding technology.
The case dates back to 2003, when Alcatel-Lucent charged Microsoft, Dell and Gateway with patent infringement.
Last year, a court reversed a $1.5 billion patent infringement case against Microsoft in a case Alcatel-Lucent brought against the software giant related to MP3 technology.
There's more to come in the ongoing battle between the companies. On April 22, the San Diego court will hear a case Microsoft is bringing against Alcatel-Lucent, accusing it of infringing on nine patents.
Microsoft to Yahoo: Make deal or face proxy fight
Microsoft Saturday threatened Yahoo's board of directors with a proxy battle if it won't agree to a buy-out in the next three weeks.
Breaking nearly two months of silence since Yahoo's board rejected Microsoft's US$44.6 billion bid, Microsoft's CEO Steve Ballmer sent an open letter Saturday to Yahoo saying it is prepared to take its offer directly to shareholders.
In blunt and harsh language, Ballmer reiterated Microsoft's opinion that its offer was "generous" and said the company had expected that a deal would be struck swiftly. "Despite this, the pace of the last two months has been anything but speedy," he wrote.
Ballmer also threatened to lower the price of Microsoft's offer if it is forced to mount a proxy battle.
"If we are forced to take an offer directly to your shareholders, that action will have an undesirable impact on the value of your company from our perspective which will be reflected in the terms of our proposal," he wrote.
Since it rejected Microsoft's offer Feb. 11, claiming it was too low, Yahoo has been holding out for a better offer from another company or the opportunity to strike up a partnership that would save it from agreeing to Microsoft's bid. However, Yahoo has so far been unable to negotiate another deal.
Ballmer used this leverage in the letter, telling Yahoo that Microsoft's offer is "the only alternative" to give its shareholders a fair return on their investment and input into the future of the company.
"By any fair measure, the large premium we offered in January is even more significant today," Ballmer said. "We believe that the majority of your shareholders share this assessment, even after reviewing your public disclosures relating to your future prospects."
He also accused Yahoo's executives of being unwilling to negotiate with Microsoft, and said Yahoo's stalling is wasting valuable time the combined company could be using to be more competitive in the Internet business.
Breaking nearly two months of silence since Yahoo's board rejected Microsoft's US$44.6 billion bid, Microsoft's CEO Steve Ballmer sent an open letter Saturday to Yahoo saying it is prepared to take its offer directly to shareholders.
In blunt and harsh language, Ballmer reiterated Microsoft's opinion that its offer was "generous" and said the company had expected that a deal would be struck swiftly. "Despite this, the pace of the last two months has been anything but speedy," he wrote.
Ballmer also threatened to lower the price of Microsoft's offer if it is forced to mount a proxy battle.
"If we are forced to take an offer directly to your shareholders, that action will have an undesirable impact on the value of your company from our perspective which will be reflected in the terms of our proposal," he wrote.
Since it rejected Microsoft's offer Feb. 11, claiming it was too low, Yahoo has been holding out for a better offer from another company or the opportunity to strike up a partnership that would save it from agreeing to Microsoft's bid. However, Yahoo has so far been unable to negotiate another deal.
Ballmer used this leverage in the letter, telling Yahoo that Microsoft's offer is "the only alternative" to give its shareholders a fair return on their investment and input into the future of the company.
"By any fair measure, the large premium we offered in January is even more significant today," Ballmer said. "We believe that the majority of your shareholders share this assessment, even after reviewing your public disclosures relating to your future prospects."
He also accused Yahoo's executives of being unwilling to negotiate with Microsoft, and said Yahoo's stalling is wasting valuable time the combined company could be using to be more competitive in the Internet business.
Yahoo previews online ad management platform
Yahoo said Monday it will have a Web-based system in place to buy online ad space across some 600 newspapers and other online sites as soon as July.
The system is designed to let publishers quickly find available ad space on their own sites for advertisers, and when none is available, on other sites. The system is "almost ready" and will be launched in the third quarter of this year, Yahoo said.
The announcement comes as Yahoo is expected to respond to Microsoft's renewed threat on Saturday to pursue a proxy battle if Yahoo doesn't agree to an acquisition within the next three weeks.
The new ad system, which Yahoo calls AMP and was formerly known as Project Apex, is likely one of the technologies Microsoft is eager to incorporate into its own operations.
Microsoft's justification for its $44.6 billion bid for Yahoo on Feb. 1 was largely centered on trying to invigorate its online advertising operations, which have trailed Google's.
Yahoo's early preview of AMP may also be a move designed to show the company's strength in order to force Microsoft to raise its bid. Yahoo has maintained Microsoft's offer undervalues the company.
But Yahoo's AMP already faces a competing up-and-running service: Google's PrintAds, which lets customers who are already buying contextual Web-based ads to also place ads in around 600 daily and weekly U.S. newspapers. PrintAds also offers ad-design tools.
AMP will be the technology platform that will leverage a historic ad revenue-sharing agreement Yahoo made in November 2006 with U.S. newspaper publishers.
As part of the agreement, Yahoo provides search services, places job ads on its own HotJobs site and sells Web advertising. The deal was expanded one year ago, and now Yahoo says 600 U.S. newspapers are part of the Newspaper Consortium.
AMP will link together the ad inventory of those publishers, offering advertisers the ability to buy search, display, local, mobile or video ads, Yahoo said.
Publishers have a couple problems with the way they sell ads now, Yahoo said in a preview of the system. When an advertiser approaches and wants, for example, 2 million impressions for a campaign advertising a new car, the publisher must use their ad systems to find out if they can deliver that many impressions. The process can take up to 15 minutes, which Yahoo describes as slow.
If the publisher can't deliver that many impressions, they must look to other Web sites to share in the deal. That typically involves phones calls, which starts another slow process by another publisher to see if they have inventory and can deliver a certain number of impressions, Yahoo said.
AMP wraps up the ability to see others' available ad space as well as a publisher's own through a Web-based interface, speeding up the ad placement process. Yahoo also describes it as a stock market for ads, with competitive bidding, as well as the ability to do behavioral, demographic and geographic targeting.
The system is designed to let publishers quickly find available ad space on their own sites for advertisers, and when none is available, on other sites. The system is "almost ready" and will be launched in the third quarter of this year, Yahoo said.
The announcement comes as Yahoo is expected to respond to Microsoft's renewed threat on Saturday to pursue a proxy battle if Yahoo doesn't agree to an acquisition within the next three weeks.
The new ad system, which Yahoo calls AMP and was formerly known as Project Apex, is likely one of the technologies Microsoft is eager to incorporate into its own operations.
Microsoft's justification for its $44.6 billion bid for Yahoo on Feb. 1 was largely centered on trying to invigorate its online advertising operations, which have trailed Google's.
Yahoo's early preview of AMP may also be a move designed to show the company's strength in order to force Microsoft to raise its bid. Yahoo has maintained Microsoft's offer undervalues the company.
But Yahoo's AMP already faces a competing up-and-running service: Google's PrintAds, which lets customers who are already buying contextual Web-based ads to also place ads in around 600 daily and weekly U.S. newspapers. PrintAds also offers ad-design tools.
AMP will be the technology platform that will leverage a historic ad revenue-sharing agreement Yahoo made in November 2006 with U.S. newspaper publishers.
As part of the agreement, Yahoo provides search services, places job ads on its own HotJobs site and sells Web advertising. The deal was expanded one year ago, and now Yahoo says 600 U.S. newspapers are part of the Newspaper Consortium.
AMP will link together the ad inventory of those publishers, offering advertisers the ability to buy search, display, local, mobile or video ads, Yahoo said.
Publishers have a couple problems with the way they sell ads now, Yahoo said in a preview of the system. When an advertiser approaches and wants, for example, 2 million impressions for a campaign advertising a new car, the publisher must use their ad systems to find out if they can deliver that many impressions. The process can take up to 15 minutes, which Yahoo describes as slow.
If the publisher can't deliver that many impressions, they must look to other Web sites to share in the deal. That typically involves phones calls, which starts another slow process by another publisher to see if they have inventory and can deliver a certain number of impressions, Yahoo said.
AMP wraps up the ability to see others' available ad space as well as a publisher's own through a Web-based interface, speeding up the ad placement process. Yahoo also describes it as a stock market for ads, with competitive bidding, as well as the ability to do behavioral, demographic and geographic targeting.
Yahoo again rebuffs Microsoft in letter
Yahoo called Microsoft's threat of a hostile takeover "counterproductive" on Monday, while also saying it is open to a deal but only at a higher price.
In a letter addressed to Microsoft CEO Steve Ballmer, Yahoo's CEO Jerry Yang and Chairman Roy Bostock said Microsoft has mischaracterized the negotiations since the initial offer was made, and that the two companies have had "constructive conversations."
"We consider your threat to commence an unsolicited offer and proxy contest to displace our independent board members to be counterproductive and inconsistent with your stated objective of a friendly transaction," the letter said.
Yahoo said Microsoft's falling stock price has devalued the value of the proposal. Microsoft offered Yahoo a cash-and-stock deal worth $44.6 billion.
Yahoo also said Microsoft has not responded to requests for more information on antitrust issues since a deal would be subject to regulators.
"To date, you have still not provided any of the requested information," the letter said.
Yahoo's response comes two days after Microsoft sent an open letter giving the company three weeks to agree on a deal. If one isn't reached, Microsoft said it will take its offer to Yahoo's shareholders in order to oust the company's board.
If that happens, Microsoft said it would also lower its offer.
Microsoft's claims that Yahoo has refused negotiate are wrong, Yahoo said, while taking a jab at Ballmer.
"Steve, you personally attended two of these meetings and could have advanced discussions in any way you saw fit," the letter said.
Yahoo also wrote that it had released a three-year financial and strategic plan and maintained it could meet its forecasts.
The company also noted its announcement on Monday of a new advertising management platform called AMP. The Web-based platform is designed to make it easier for publishers to manage and sell ad space on their Web sites.
"We have continued to launch new products and to take actions which leverage our scale," the company said.
In a letter addressed to Microsoft CEO Steve Ballmer, Yahoo's CEO Jerry Yang and Chairman Roy Bostock said Microsoft has mischaracterized the negotiations since the initial offer was made, and that the two companies have had "constructive conversations."
"We consider your threat to commence an unsolicited offer and proxy contest to displace our independent board members to be counterproductive and inconsistent with your stated objective of a friendly transaction," the letter said.
Yahoo said Microsoft's falling stock price has devalued the value of the proposal. Microsoft offered Yahoo a cash-and-stock deal worth $44.6 billion.
Yahoo also said Microsoft has not responded to requests for more information on antitrust issues since a deal would be subject to regulators.
"To date, you have still not provided any of the requested information," the letter said.
Yahoo's response comes two days after Microsoft sent an open letter giving the company three weeks to agree on a deal. If one isn't reached, Microsoft said it will take its offer to Yahoo's shareholders in order to oust the company's board.
If that happens, Microsoft said it would also lower its offer.
Microsoft's claims that Yahoo has refused negotiate are wrong, Yahoo said, while taking a jab at Ballmer.
"Steve, you personally attended two of these meetings and could have advanced discussions in any way you saw fit," the letter said.
Yahoo also wrote that it had released a three-year financial and strategic plan and maintained it could meet its forecasts.
The company also noted its announcement on Monday of a new advertising management platform called AMP. The Web-based platform is designed to make it easier for publishers to manage and sell ad space on their Web sites.
"We have continued to launch new products and to take actions which leverage our scale," the company said.
700MHz spectrum winners detail plans
Verizon Wireless, AT&T and Qualcomm -- three of the biggest winners in the U.S. Federal Communications Commission's recently completed 700MHz auction -- have announced plans for the spectrum they've won, with two of the companies focused on expanding their wireless voice and data networks.
Verizon and AT&T will both use the spectrum for high-speed fourth-generation wireless services.
Qualcomm won eight spectrum licenses in the 6MHz E block, including spectrum covering the Boston, Los Angeles, New York City and Philadelphia areas. The company will use that spectrum, which cost US$554.6 million, to expand its FLO TV service, which offers video over mobile devices. Qualcomm now offers FLO TV to areas containing 68 million people, and the new spectrum will allow the service to reach 130 million people in the U.S., Qualcomm said.
The E block licenses will allow Qualcomm to deliver more video content over FLO TV, Qualcomm said. Qualcomm also won three 12MHz B block licenses, at a cost of $3.5 million, near three Qualcomm research and development centers in California and New Jersey.
The FCC auction of spectrum in the 700MHz band raised more than $19.1 billion for the 1,090 spectrum licenses sold. The spectrum will be available to winning bidders in February 2009, when U.S. television stations must abandon the spectrum and move to all-digital broadcasts.
Verizon Wireless was the winning bidder for a nearly nationwide block of spectrum, the 22MHz C block, plus 102 licenses for individual markets around the country. Verizon did not win the Alaska portion of the C block. Verizon will pay nearly $9.4 billion for the licenses, it said in a press release.
Verizon will use the spectrum to deploy a wireless data network using the Long Term Evolution (LTE) standard, it said. The company announced plans for an LTE-based network last November, and it plans to launch an LTE network in the 700MHz band in 2010.
The 22MHz C block "provides a speed and performance advantage that will be ideal for connecting a variety of consumer electronics, from wireless phones to medical devices to gaming consoles," Verizon said.
"We now have sufficient spectrum to continue growing our business and data revenues well into -- and possibly through -- the next decade, and this is the very best spectrum," Lowell McAdam, Verizon Wireless’ president and CEO, said in a statement. "This is a wise investment in future data growth opportunities."
AT&T will pay about $6.6 billion for 227 licenses in the 12MHZ B block of spectrum. Paired with 700MHz spectrum that AT&T acquired when it purchased spectrum from Aloha Partners earlier this year, the spectrum will enhance quality and reliability of existing wireless broadband and voice services, the company said.
With the new spectrum, AT&T's spectrum will cover all of the 200 largest markets in the U.S. and 87 percent of the country's population, the company said.
The B block was the "most attractive, most valuable spectrum available, and it was the best investment for AT&T and our customers,” Ralph de la Vega, president and CEO of AT&T’s wireless unit, said in a statement.
Verizon and AT&T will both use the spectrum for high-speed fourth-generation wireless services.
Qualcomm won eight spectrum licenses in the 6MHz E block, including spectrum covering the Boston, Los Angeles, New York City and Philadelphia areas. The company will use that spectrum, which cost US$554.6 million, to expand its FLO TV service, which offers video over mobile devices. Qualcomm now offers FLO TV to areas containing 68 million people, and the new spectrum will allow the service to reach 130 million people in the U.S., Qualcomm said.
The E block licenses will allow Qualcomm to deliver more video content over FLO TV, Qualcomm said. Qualcomm also won three 12MHz B block licenses, at a cost of $3.5 million, near three Qualcomm research and development centers in California and New Jersey.
The FCC auction of spectrum in the 700MHz band raised more than $19.1 billion for the 1,090 spectrum licenses sold. The spectrum will be available to winning bidders in February 2009, when U.S. television stations must abandon the spectrum and move to all-digital broadcasts.
Verizon Wireless was the winning bidder for a nearly nationwide block of spectrum, the 22MHz C block, plus 102 licenses for individual markets around the country. Verizon did not win the Alaska portion of the C block. Verizon will pay nearly $9.4 billion for the licenses, it said in a press release.
Verizon will use the spectrum to deploy a wireless data network using the Long Term Evolution (LTE) standard, it said. The company announced plans for an LTE-based network last November, and it plans to launch an LTE network in the 700MHz band in 2010.
The 22MHz C block "provides a speed and performance advantage that will be ideal for connecting a variety of consumer electronics, from wireless phones to medical devices to gaming consoles," Verizon said.
"We now have sufficient spectrum to continue growing our business and data revenues well into -- and possibly through -- the next decade, and this is the very best spectrum," Lowell McAdam, Verizon Wireless’ president and CEO, said in a statement. "This is a wise investment in future data growth opportunities."
AT&T will pay about $6.6 billion for 227 licenses in the 12MHZ B block of spectrum. Paired with 700MHz spectrum that AT&T acquired when it purchased spectrum from Aloha Partners earlier this year, the spectrum will enhance quality and reliability of existing wireless broadband and voice services, the company said.
With the new spectrum, AT&T's spectrum will cover all of the 200 largest markets in the U.S. and 87 percent of the country's population, the company said.
The B block was the "most attractive, most valuable spectrum available, and it was the best investment for AT&T and our customers,” Ralph de la Vega, president and CEO of AT&T’s wireless unit, said in a statement.
Subscribe to:
Posts (Atom)