Thursday, February 28, 2008

Apple's Safari lags in security features, PayPal warns

If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud.
Safari doesn't make PayPal's list of recommended browsers because it doesn't have two important anti-phishing security features, according to Michael Barrett, PayPal's chief information security officer.

"Apple, unfortunately, is lagging behind what they need to do, to protect their customers," Barrett said in an interview. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

Safari is the default browser on Apple's Macintosh computers and the iPhone, but it is also available for the PC. Both Firefox and Opera run on the Mac.

Unlike its competitors, Safari has no built-in phishing filter to warn users when they are visiting suspicious Web sites, Barrett said. Another problem is Safari's lack of support for another anti-phishing technology, called Extended Validation (EV) certificates. This is a secure Web browsing technology that turns the address bar green when the browser is visiting a legitimate Web site.

When it comes to fighting phishing, "Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that's it," he said. Apple representatives weren't immediately available to comment on this story.

An emerging technology, EV certificates are already supported in Internet Explorer 7, and they've been used on PayPal's Web site for more than a year now. When IE 7 visits PayPal, the browser's address bar turns green -- a sign to users that the site is legitimate. Upcoming versions of Firefox and Opera are expected to support the technology.

But EV certificates have their critics. Last year, researchers at Microsoft and Stanford University published a study showing that, without training, people were unlikely to notice the green address-bar notification provided by EV certificates.

Still, Barrett says data compiled on PayPal's Web site show that the EV certificates are having an effect. He says IE 7 users are more likely to sign on to PayPal's Web site than users who don't have EV certificate technology, presumably because they're confident that they're visiting a legitimate site.

Over the past few months, IE 7 users have been less likely to drop out and abandon the process of signing on to PayPal, he said. "It's a several percentage-point drop in abandonment rates," he said. "That number is... measurably lower for IE 7 users."

Opera, IE, and Firefox are "safer, precisely because we think they are safer for the average consumer," he added. "I'd love to say that Safari was a safer browser, but at this point it isn't."

McNealy: Telcos falling behind in Internet race

Telecommunication companies need to go beyond just providing bandwidth and look into acquiring Internet destination sites that are heavily trafficked, says Sun Microsystems Chairman Scott McNealy.
"I have explained to every telco that either you become a destination site, or the destination site will become a telco," McNealy said at a news conference at Sun Microsystems' Worldwide Education and Research Conference in San Francisco on Wednesday.

Internet destination sites are already gaining on telecommunication companies, McNealy said, giving as examples eBay integrating Skype's VoIP (voice over Internet Protocol) technology and Google trying to buy wireless spectrum and help build cables across the Pacific Ocean. Microsoft's attempted acquisition of Yahoo would create another behemoth that could compete with carriers, such as by combining Microsoft's technology with Yahoo's existing VoIP and messaging services.

"I think the telcos have to make sure they don't get marginalized to being just bit providers and bandwidth providers," he said. On the other hand, carriers may be able to head off Internet sites by limiting the bandwidth available to them, so destination sites may need to affiliate with the carriers, he added.

While the future relationship between telecommunication providers and destination sites is unclear, both are looking at the Internet space to reach more users and generate advertising revenue, McNealy said. "There will be some very interesting challenges of who owns the subscriber and who owns the financial and advertising rights to those individuals."

"Stay tuned, the landscape's going to change enormously here in the next 10 years," McNealy said.

While a Microsoft acquisition of Yahoo would have an impact on the Internet and telecommunications industry, one thing it wouldn't affect is the open-source community, McNealy said.

"I'm not sure Yahoo is a great driver on open-source technology. Certainly Microsoft hasn't been on the leading edge of that, so I'm not sure that will impact open source," he said.

During a speech earlier in the day, McNealy slammed the U.S. government for not being interested in adopting open-source software. McNealy said the farther he goes from Washington, the more governments get interested in open source.

Sun on Wednesday signed a memorandum of understanding with China's Ministry of Education to give university students access to a set of open-source chip designs called OpenSparc. The OpenSparc designs are based on the company's UltraSparc server chips. Sun will provide the designs to universities including Peking University, Tsinghua University and Zhejiang University so those schools can develop teaching materials.

Sun is already incorporating OpenSparc in the curricula of U.S. universities including Carnegie Mellon and the University of Texas. Sun's efforts to promote open-source technology are succeeding, McNealy said, claiming there have been 50 million downloads of Sun's open-source Java Runtime Environment per month, McNealy said.

Decision against Qualcomm in Nokia case stands

A December decision against Qualcomm's bid to keep some Nokia phones out of the U.S. will stand, Nokia said Wednesday.
Administrative Law Judge Paul Luckern of the U.S. International Trade Commission made an initial determination in Nokia's favor on Dec. 12, in a case involving alleged patent infringement. The ITC has decided it doesn't need to review that decision, Nokia said in a statement.

Qualcomm will now decide whether to appeal the decision to the U.S. Court of Appeals for the Federal Circuit, according to a statement from the chip maker on Wednesday.

Qualcomm brought the ITC complaint against Nokia in June 2006, alleging patent infringement in handsets that use GSM/GPRS/EDGE (Global System for Mobile Communications/General Packet Radio Service/Enhanced Data Rates for GSM Evolution). The allegations involved power control systems. As part of the suit, it asked the ITC to ban importation of the phones.

In the Dec. 12 initial determination, an ITC judge found no infringement and ruled one of Qualcomm's patents invalid, according to Nokia. Afterward, Qualcomm said it planned to petition the ITC to review the finding. A final decision had not been scheduled to occur until April 14.

In an ongoing legal battle that Nokia claims is connected to the expiration of a cross-licensing agreement last year, Qualcomm has filed 11 patent infringement suits against Nokia over the past few years, according to Nokia. In December, Nokia Chief Financial Officer Rick Simonson said talks on the cross-licensing agreement were continuing.

DOJ clears Oracle's BEA acquisition

The U.S. Department of Justice and Federal Trade Commission gave the green light to Oracle's proposed acquisition of BEA on Wednesday, taking the deal one step closer to becoming final.
BEA stockholders still must approve the acquisition. They're expected to do so during a special meeting April 1. The deal, worth about US$8.5 billion, also still requires clearance from the European Commission.

The companies agreed on the purchase price in mid-January, after BEA turned down Oracle's initial offer late last year. The bid looked like it might get ugly when BEA called Oracle's initial offer inadequate and Oracle stepped up its rhetoric. BEA asked for a higher bid, which Oracle declined, but the two eventually met in the middle.

Although the companies have some overlapping products, BEA will boost Oracle's middleware offerings, Oracle has said. Oracle has also said it plans to continue to support BEA's software.

European Commission approves Acer's buying Packard Bell

The European Commission Wednesday gave the go-ahead for the takeover of Dutch computer maker Packard Bell by Acer of Taiwan, after a one-month examination of the deal.
In a statement Europe's top competition authority said the deal "would not significantly impede effective competition," even though the companies compete head-on in the markets for desktops and laptops for professional and private use.

"The market would remain competitive post-merger in all segments of the PC sector with established alternative suppliers such as Hewlett-Packard, Dell, Fujitsu-Siemens, Toshiba, Sony and Lenovo," the Commission said.

Acer announced it was buying a 75 percent stake in Packard Bell's parent company PB Holdings Co. for US$45.8 million at the end of January.

The move is seen as defensive, to prevent Chinese computer maker Lenovo from buying Packard Bell to gain a foothold in the European market. Acer commands a strong position in Europe, especially in the laptop market.

Nortel cutting 2,100 jobs

Nortel said it will cut 2,100 jobs and shift 1,000 more to "higher growth and lower cost geographies" after fourth quarter results fell short of Wall Street expectations.
Revenue in the fourth quarter of US$3.2 billion, was down 4% year over year. Full year 2007 revenue was $10.95 billion, also down 4%.

Analysts expected revenue to come in at $3.28 billion for the quarter. Nortel blamed lower than expected carrier spending in North America for the revenue shortfall in the fourth quarter.

Excluding the impact of the divestiture of its UMTS Access business, revenue would have increased 2% in the quarter and the year, Nortel says.

Nortel also posted a net loss in the fourth quarter of $844 million for the quarter, and $957 million for the year, because of a $1.1 billion non-cash charge the company took due to changes in Nortel's Canadian tax profile. This compares to a net loss of $80 million in the fourth quarter of 2006 and a profit of $28 million for the year 2006.

Analysts expected a profit of $219 million for the quarter and about $243 million for the year.

Despite the lowered results, Nortel increased gross and operating margins in the quarter, though fourth quarter operating margin fell short of the company's internal targets.

Revenue form Nortel's Enterprise Solutions (ES) group was $762 million in the fourth quarter, a decrease of 3% from the year-ago quarter but up 14% sequentially. ES revenues were negatively impacted by lower revenues from the LG-Nortel joint venture, the company said.
The workforce reduction, meanwhile, is expected to result in annual gross savings of approximately $300 million, Nortel says. Seventy percent of the reduction will take place this year.

Nortel will also sell certain real estate assets. At this time last year, Nortel cut 2,900 positions.
The restructuring will result in total charges to earnings of approximately $275 million and cash outlays of approximately $250 million, however the actual costs could be lower with the redeployment of resources, the company says. Nortel expects 70% of the charges to be incurred in 2008 and the remainder in 2009.

For 2008, Nortel expects revenue to grow in the low single digits.

Earlier this week, fellow telecom equipment vendor Siemens aired plans to cut 3,800 jobs at its Enterprise Communications subsidiary, including 2,000 jobs in Germany.

Ballmer launches Windows Server 2008, lauds user base

Besides launching a set of updated products Wednesday, Microsoft CEO Steve Ballmer lauded the company's IT user base, calling them the "heart and soul" of the industry.
The glowing rhetoric fit the theme of Microsoft's launch event, dubbed "Heroes Happen {here}" in homage to IT workers everywhere. But Ballmer quickly segued into a pitch for the new software, which includes Visual Studio 2008, SQL Server 2008 and Windows Server 2008.

"I see each and every one of them as simply an enabler of the heroes [in enterprise IT shops]," Ballmer said as he worked the massive stage at the Nokia Theater in Los Angeles during the event, which was webcast. Details of the products had already been released to the public and widely discussed, making the launch event anticlimactic.

Ballmer talked up Microsoft's "Dynamic IT" vision, which fits into four main topics that customers have been discussing with Microsoft: achieving agility and managing complexity; protecting information and controlling access; delivering business value; and making sure that IT professionals are "not the cobbler's children without shoes."

With characteristic gusto, Ballmer painted Microsoft as a company set to transform IT from the data center to the browser.

"This is the most significant Windows Server release we have made since the first version," he said, citing in particular hardened security and power savings.

Windows Server 2008 OS is set to ship next week, followed by SQL Server 2008 in the third quarter. It is expected that more customers will buy the 64-bit versions of the products, in part because of wider availability of 64-bit x86 server hardware and the trend toward server virtualization and consolidation.

"We think we now have the best platform, bar none, for hosting Web applications," Ballmer said later in the presentation, referring to Microsoft's Internet Information Services Web server and Silverlight, its browser plug-in for building rich Internet applications.

Ballmer also looked ahead to the upcoming release of Microsoft's virtualization hypervisor, Hyper-V, which will be offered free with the 64-bit version of Windows Server 2008.

"I think it's well-known we're not the market leader in server virtualization," he acknowledged, but added, "We want to democratize virtualization. Virtualization should be properly, if desired, run on 90 percent or 100 percent of servers, not the current 5 percent or 7 percent."

(Story includes information from previous articles.)

Verizon's first open-network specs coming March 19

Verizon Wireless will release Version 1.0 of the technical specifications for devices to use on its "Any Device, Any App" service at its developer conference on March 19.
The carrier plans to offer a "network-only" service later this year that will let subscribers reach the Verizon network via any device that meets a basic set of requirements. The offering will be a departure from traditional cellular services in the U.S., in which carriers sell all the handsets to be used on their networks and deliver their own sets of applications. Verizon's data network, based on EV-DO (Evolution-Data Optimized) technology, reaches 240 million people and offers average download speeds between 600K bps (bits per second) and 1.4M bps. Upload speeds average between 500K bps and 800K bps, according to Verizon.

The "network-only" plan, announced late last year, was widely seen as preparation for the auction of prized 700MHz radio spectrum by the U.S. Federal Communications Commission (FCC) that began Jan. 23. The auction rules require part of the spectrum to be open to any device and any application. Google and other companies and groups have argued for greater openness in mobile communications. Both Verizon and Google were approved to participate in the auction, but the FCC hasn't disclosed who is actually bidding in the ongoing sale.

At its conference, set for March 19-20 in New York, Verizon will introduce Version 1.0 of the technical specifications for devices to be used with the open service, the company said Tuesday. The meeting will focus on how manufacturers and designers can create devices under Verizon's Open Development Initiative. Verizon said it wants to streamline the introduction of new devices while preserving optimal performance on the network. The specifications may change based on input from participants, but Version 1.0 will give developers a foundation to start working on devices immediately, Verizon said.

An early version of Google's Android mobile software platform is already in developers' hands, and Apple has said it would introduce this month a software development kit for third parties to write applications for the iPhone.

Opera chooses Google as default search in mobile browser

Opera Mobile and Opera Mini users will start seeing a Google search bar on their browser start pages, based on an agreement between the companies.
Opera on Wednesday made Google the default search engine on both of its mobile browsers. Google replaces Yahoo, which had supplied search for Opera Mini and Opera Mobile based on a deal the companies formed early last year.

While Google has been the default option on Opera's desktop browser for seven years, the mobile browser deal is new.

Without explaining why their year-old deal has ended, Yahoo said it decided to call off the agreement. "Yahoo has elected not to continue its mobile search partnership with Opera at this time," it said in a statement. "Consumers with Opera browsers will continue to have access to Yahoo oneSearch, and as long-standing partners, Opera and Yahoo will continue to work together." OneSearch is Yahoo's search service designed to meet the needs of mobile users.

Opera Mobile is the full browser designed primarily for smartphones. Opera Mini consists of a small downloadable client that works on lower-end phones and that communicates with backend servers operated by Opera or in some cases a mobile operator. The servers strip down Web sites for quicker uploading on the phones.

More than 35 million people have downloaded Opera Mini and they browse more than 1.7 billion Web pages each month, Opera said. Much of that traffic comes from the search function in the browser, Opera said.

Opera Mobile has shipped on 100 million phones from manufacturers including Motorola, Sony Ericsson and HTC, according to Opera.
The announcement is another indication of the competition among search providers for a foothold in the mobile market. Google and Yahoo have each wracked up wins recently. The search providers hope to find a new and potentially significant revenue stream from mobile advertising as an increasing number of mobile users access the Internet from their devices.

Nokia recently announced that it will feature Google search on some of its phones. Yahoo also recently recorded a significant win, by replacing Google as the preferred mobile search provider for T-Mobile in Europe. Yahoo also powers search for AT&T.

Debate on OOXML standard continues behind closed doors

With 6,000 pages of text subject to 1,100 modifications, all to be approved by 120 delegates from 37 countries in just five days, the task facing the standards committee discussing Microsoft's Office Open XML (OOXML) document format in Geneva this week is mammoth.
Its work will influence whether OOXML is adopted as a standard by the International Organization for Standardization (ISO).

The members of ISO/International Electrotechnical Commission (IEC) Joint Technical Committee 1 have already rejected OOXML once, in a vote last September. National bodies made around 3,500 comments on the draft standard in that ballot. ISO passed the comments to ECMA International, an industry consortium that submitted the OOXML draft to ISO for standardization. ECMA has whittled them down to 1,100 recommendations for processing at the Ballot Resolution Meeting (BRM) in Geneva this week.

Delegates at the meeting must decide to accept each of ECMA's recommendations, reject them or make some other change instead.

It began calmly, with the meeting's convenor, the editor of the draft standard and other officials presenting themselves, according to people familiar with the proceedings, which is closed to outside observers. Then it was quickly down to business.

In alphabetical order, national delegations took turns to raise one of the 1,100 issues with the draft standard that they felt needed change.

Some matters raised were resolved, through a mix of consensus decision and voting, but others were remitted for later decision. Ad-hoc working parties formed, to talk through topics during breaks or overnight. Among those topics discussed was an idea for the creation of conformance criteria for the standard.

Other yet-to-be-resolved comments cover the spectrum from philosophical objections down to quibbles over punctuation.

Discussion was free and open on Monday, according to those involved, but became more polarized on day two. By Tuesday evening the committee was just half way through the second round of national delegates.

Wednesday's business included a proposal to approve a bundle of dozens of "purely editorial" modifications in one go.

National delegations come to the meeting with a view on what it will take to satisfy the objections they made in the September vote, but may have to formulate a position "on the fly" for others. Delegates may come from national standards bodies, or from companies with a technical interest in the matter. A number of them are employees of Microsoft, but also of IBM, seen as a staunch opponent of OOXML. IBM favors the rival OpenDocument Format, which has already won ISO approval as standard ISO/IEC 26300 and is used by StarOffice, Lotus Symphony and OpenOffice.org.

In the committee room, delegates are making use of technology, with some quietly exchanging views by instant messaging during debate, say insiders. The meeting room at Geneva's International Conference Center has an open Wi-Fi network and mobile phones are allowed in the room, although delegates have been asked not to take photographs.

There's not much to photograph, in any case, said one delegate. "There's no shouting, no throwing chairs. It's all very polite."

The committee must find some way to deal with all 1,100 comments by Friday night -- although that may not mean discussing them individually. Three proposals are apparently on the table for disposing of comments unresolved at the end of the meeting: to accept ECMA's recommendations without modification, to reject ECMA's recommendations and leave the draft unchanged on the unresolved matters, or to conduct a paper ballot on each.

While the third of those options sounds the most democratic, it robs national delegations of the opportunity to propose their own modifications, say those involved. Yet allowing delegations to submit other options to a paper ballot after the meeting is itself fraught with complications, as there is no guarantee of a majority vote -- and then no meeting in which to reach consensus.

After the meeting closes, the editor of the draft standard will compile all the approved modifications into a new draft. Delegates will report back to their national standards bodies, and each will have 30 days to decide whether they approve the revised text and seal OOXML's fate as an international standard.

Lawmakers debate mobile consumer rights bill

A proposed consumer rights bill for mobile telephone service drew mixed reviews during a hearing in Congress Wednesday, with detractors saying the legislation would place too much regulation on a competitive industry.
The draft legislation, floated by Representative Ed Markey, a Massachusetts Democrat, calls for the U.S. Federal Communications Commission to make rules requiring mobile carriers to offer unsubsidized handsets to customers, to offer service with no early termination fees and to detail charges such as termination fees.

The draft bill would also require the FCC to make rules for mobile carriers to provide detailed coverage maps and would prohibit carriers from tacking on additional charges not approved by the FCC. It would require carriers to offer 30-day, penalty-free trial periods for service, and it would prohibit state or local governments from outlawing municipal broadband projects.

Some lawmakers complained about early termination fees and the inability of customers to take their phones from carrier to carrier. Two major carriers, Verizon Wireless and AT&T, announced mobile-phone portability plans in recent months.

Four witnesses at the hearing, including the head of the CTIA, said that they like parts of the bill. The bill moves toward pre-empting state regulation of mobile carriers, said Steve Largent, president and CEO of CTIA, the trade group representing wireless carriers.

But several mobile carriers are already moving toward many of the changes required in the bill, Largent said.

The draft bill also would basically require mobile carriers to develop cost schedules for service and devices, Largent added. This would "result in protracted legal wrangling over the appropriate methodology for determining the cost of a device or subsidy," he said. "When prices for both service and devices ... are characterized by rapidly falling prices, [this requirement] would surely bring the pace of innovation in billing and service places to a grinding halt."

Several Republicans on the House Subcommittee on Telecommunications and the Internet suggested that the bill imposed too many regulations on mobile carriers. "Competition in the marketplace is what we should be constantly striving for," said Representative George Radanovich, a California Republican. "It is always far superior to meeting consumer needs than government regulation."

But Markey, chairman of the subcommittee, questioned why providing customers with more information would be a bad thing. "I believe we should establish a national policy for wireless consumer protection," he said.

Markey asked Largent whether customers who brought their own mobile phones to a service should be charged early termination fees.

Largent said early termination fees were still appropriate because they include more than the cost of a mobile-phone subsidy, but also include the costs of providing customer service and signing up customers.

Chris Murray, senior counsel for the Consumers Union, questioned why customer service and marketing costs were part of the early termination fees. "Isn't that the cost of doing business?" he asked.

'Out of office' spam dodges filters

Spammers have found a new trick that gets around many current anti-spam filters: abusing the "out of the office" auto-respond feature found in legitimate webmail services.
Security firm McAfee has come across several instances of the trick, the company said this week.

The spammer first signs up for a legitimate webmail account, switching on its auto-respond feature, with the spam text in place of the "out of the office" message.

The spammer then bombards the account with messages that have "from" addresses spoofed so that they appear to come from the desired recipients. The automatic responses are then sent to the spoofed addresses.

The advantage of the system is that the spam all comes from legitimate webmail accounts, with safeguards such as DKIM, DomainKey or Sender ID in place, meaning that the messages are able to get around many of the protections in place against more conventional spam techniques.

The spammers are likely to use automation techniques for creating the accounts and setting the responder text, meaning large numbers of accounts are likely to be at their disposal, according to McAfee.

The company is currently blocking auto-responder spam by analyzing header and message content.

HP aims to simplify midsize company life with storage array

As more medium-sized companies consolidate their storage, Hewlett-Packard seized an opportunity on Tuesday with a disk array it says is easier to work with than large-enterprise gear, but delivers more capabilities than entry-level storage.
Pursuing the efficiency of virtualization or just greater uptime, medium-size organizations are bringing storage out of their servers and into SANs (storage area networks). But many don't have the expertise required to set up and run enterprise-class SANs, according to HP. Thus the HP StorageWorks 4400 Enterprise Virtual Array (EVA4400), a platform with eight drives and two controllers all in one shelf that is designed to be discovered, configured and set up in less than an hour.

The EVA4400 is available now and destined for the low end of the midrange market, starting at a list price of US$15,000, said Kyle Fitze, director of marketing in the SAN division of HP's StorageWorks group. These customers tend to have about 1,000 employees, though some smaller enterprises may need this type of gear if they use a lot of storage, he said. Medium-sized businesses often see enterprise storage gear as too complex but need more than entry-level technology, he said.

Consolidating drives and controllers in one shelf cuts costs, Fitze said. The two controllers that manage the drives operate simultaneously and can keep the system running if one fails. The array can be configured with drives ranging from 146G bytes to 1T byte. Fully expanded on multiple shelves, the system can support as much as 96T bytes of storage.

Also Tuesday, HP introduced a set of 8G-bps (bit-per-second) Fibre Channel gear that can be used with the EVA4400. It delivers double the speed of the 4G-bps Fibre Channel technology now commonly used in SANs. The portfolio, including a switch, a PCI Express host bus adapter and software, is available now for $8,199.

Pattillo Construction uses an HP MSA1000 storage array that's about 6 years old, said IT Director Buzz Kaas. The industrial park development and management company in Stone Mountain, Georgia, has about 4T bytes of data, which is growing as records such as architectural drawings and leases become digital, Kaas said. He tested the EVA4400 and found he could install and set it up in about 10 minutes, a process that would have taken overnight with the older array. Pattillo has an IT staff of two and pays a consultant to manage the MSA1000. By contrast, the staff could handle daily management of the EVA4400 by itself, Kaas said.

Like other storage vendors, HP recently has been trying to make high-end storage easier to use so it can attract smaller customers, said IDC analyst Natalya Yezhkova. Most midsize companies don't have storage specialists, and if they buy advanced storage systems, they need to either get tools that simplify management or hire additional staff, she said.