« October 2006 | Main | December 2006 »

Security threats to strike everywhere in 2007

Malware authors are becoming more sophisticated. And given that there is money to be made, they will continue to expand the scope of software and device that they target.

If you didn't guess so yet from the introduction, McAfee has published its list of security predictions for 2007. The company no doubt is the first many others.

Generically you can assume that attackers will continue their battle as long as they can make money from creating botnets, installing spyware or stealing confidential information. Meanwhile it surely helps if many people are using the same application, just like pickpockets liking crowded shopping malls.

You can draw your own conclusions moving forward. Movies probably will make for attractive targets, as do mobile phones (will 2007 finally be the year of the mobile phone worm outbreak?).

But  the vendor stresses that there's no reason to panic. Because… ahem… they also happen to sell software that protects corporations and individuals from all the evils that lurk on the internet.

technorati tags: mcafee, security, 10, predictions, 2007

November 30, 2006 at 02:28 AM | Permalink | Comments (0) | TrackBack

Laptop battery recall to cause market share shifts

While users haven't lost faith in notebook computers following this fall's large scale Sony battery recall, it has prompted about 15 per cent of corporate buyers and consumers to consider switching suppliers, according to a survey by analyst firm IDC.

It makes sense that especially Dell users would be a bit more nervous these days, given that Dell accounted for more than half of the 7+ million recalled batteries. But then where should they go instead?

HP and Gateway are among the few manufacturers that didn't recall their batteries, but HP has recalled batteries last spring and last year.

Sony's batteries were to blame for the issue, and could also point to a potential solution. Under the hood all laptops are the same. They all use components from the same suppliers and are probably all assembled in the same factory.

A computer's case is by far the biggest differentiator. Underneath, it's all inbred. Happy shopping.

technorati tags: dell, battery, recall, idc, market+share

November 30, 2006 at 02:14 AM | Permalink | Comments (2) | TrackBack

OLPC does Doom

As the One Laptop per Child project is receiving more test units, developers working on the project installed the ultimate shoot-em-up game Doom on the Linux powered laptop.

In the movie below, the XO (as it's currently called) is shown running the 1993 computer game. The source code for the game's engine was released under the GPL in 1999.

The Linux powered noted seems to have little trouble running the game in e-book mode. But although the system features two scroll buttons, it is lacking a right click (required to open doors in Doom… know your classics!).

The top video shows the game running in colour with the backlight turned on. The second video shows the screen running in black-and-white mode that is designed for outdoor use (making the screen function like a calculator screen).

Remember, games can be educational too.

technorati tags: doom, oplc, xo, christopher+blizaard

November 29, 2006 at 12:30 AM | Permalink | Comments (1) | TrackBack

Meet Oracle: the new Microsoft

Pouring some salt into Oracle's security wounds, security researcher David Litchfield has published details of a new class of attack against the database. The vulnerability could allow an attacker to steal confidential information or insert coding time bombs in the database that will get executed at a later time.

Oracle can't do much about this one. Instead, application developers have to make sure that they follow best practices.

Although Oracle is trying to meet the challenges of today's security landscape, the company so far has failed to step up to the challenge. It isn't just that Oracle is unable to fight off the onslaught of new SQL injection vulnerabilities, as the unpatched vulnerabilities meter currently surpasses 200.

The database vendor also seems unable to handle a world in which information travels at the speed of light, and in which it needs to respond instantaneously.

The company has a "global product security blog" which published a paltry four postings last October, and none so far in November. Security related questions to Oracle's PR department as a rule remain unanswered.

Security seems an afterthought with Oracle. The company should consider looking at Microsoft for some inspiration.

technorati tags: oracle, patch, security, database, microsoft

November 27, 2006 at 10:11 PM | Permalink | Comments (0) | TrackBack

Podcasts: growing pains or the end of a hype?

About 12 per cent of the internet users in North America has downloaded a podcast, according to the PEW Internet & American Life project. The same study however suggests that the online audio broadcasts fail to captivate their audience: just one per cent of the internet population downloads podcasts on a regular basis.

The fact that most people don't even own an iPod or some other portable mp3 player probably plays a major part in this.

I'm also tempted to say that most podcasts are as boring as the slides of aunt Patty's Grand Canyon vacation. But given the success of words of wisdom distributed in vodcasts, its more likely that users have simply moved on the newest new thing.

Podcasts after all are so 2005.

technorati tags: podcast, blog, vblog, vodcast, PEW

November 27, 2006 at 09:33 PM | Permalink | Comments (2) | TrackBack

Red Hat's Jboss dance gets stranger

Red Hat appears to be moving away from Jboss software in favor of the work that is done by its old friend ObjectWeb.

The ObjectWeb open source consortium is most famous for developing the JOnAS application server. Red Hat in 2004 chose to use this application over the Jboss software as the foundation of its Red Hat application server. Even more famously, the software then failed miserably in the market place.

JOnAS failed despite its technological qualities. The application is said to be technologically superior to the Jboss software. And ObjectWeb in general has a reputation of delivering quality code.

When Red Hat shelled out $420m to acquire Jboss earlier this summer, the open source community raised quite a few eyebrows. The price was high by all standards, but justified by the fact that a slew of jesters was courting the company. But the move made perfect sense considering Red Hat's aspirations in the middleware space.

So Red Hat will discontinue its application server and move over to the Jboss application server. But the dust has far from settled.

This week, Jboss signed a strategic partnership with French IT integrator Bull, one of the major forces behind ObjectWeb. The two will collaborate on R&D and Bull will become a reseller of Jboss technology, causing ObjectWeb to loose another user of its JOnAS technology.

But the move will also link ObjectWeb to Jboss.

In the end, that could very well be a good thing. Jboss is known as a good marketing operating churning out mediocre code. ObjectWeb is the exact opposite, doing a poorly in the market department while delivering good code.

technorati tags: JOnAS, application+server, red+hat, objectweb, bull

November 23, 2006 at 12:06 AM | Permalink | Comments (0) | TrackBack

EpicRealm gets cornered in

The Public Patent Foundation has filed a request with the US Patent and Trademark Office to reexamine two patents owned by Epicrealm.

It turns out that IBM filed a nearly identical patent that was awarded about 16 months before the Epicrealm one. But somehow this one hadn't been noticed before.

Epicrealm claims that it owns the idea behind dynamic websites: the ability to present each visitor with a custom website. Most of today's websites are covered by the patent. Just thinking about that little factoid made dollar signs appear in the company's eyes.

So last year Epicrealm set out on a legal journey, filing 13 lawsuits against smaller companies that can easily be scared into paying licence fees. After all, trying to invalidate a patent through the courts costs an estimated $8m in legal fees, and could be catastrophic if you end up losing.

While five of the targeted victims have since settled, the Epicrealm's patent crusade also attracted the attention of PubPat. The foundation's executive director Dan Ravicher told vnunet.com that he was confident that the would win the case.

"This is one of the strongest cases that I've ever had," Ravicher.

By the way, IBM didn't seem to know it owned its patent. Earlier this year the company settled a lawsuit with Epicrealm on behalf of Safelite, on of its clients that held Big Blue to the indemnification provision in its software licence agreement.

Photo credit: Ken Duncan

technorati tags: putpat, epicrealm, oracle, patent

November 22, 2006 at 10:27 PM | Permalink | Comments (4) | TrackBack

PS1 + PS2 = PS3

Simple math determines that a PS1 and a PS2 combined make for a PS3. This prompted an entrepreneurial citizen of Canada to tape the two together and put his "custom built PS3" on Ebay.

With 4 days of bidding left, the highest offer currently stands at 160 Canadian dollars (about $140 US). Buyers will receive a working PS 1 and PS 2 machine, as well as the games Grand Turismo 1 and 4.

But buyer beware. As we learn in the question section, the seller can't make any guarantees about the quality of the tape that is used to marry the two units. The backward compatibility that issues that are plaguing the 'other' PS3 units however don't affect this custom built model.

technorati tags: ps3, sony, playstation, ebay

November 22, 2006 at 09:49 PM | Permalink | Comments (0) | TrackBack

Oracle's security record goes belly-up

Contrary to what Oracle likes to advertise in its marketing spin, the company's database is far from secure. The Central Intelligence Agency (CIA) might have been the application's first user, but these days the software is flooded with SQL injection flaws.

Contrary to Windows however, the flaws in Oracle remain largely invisible to the outside world. After all, few people have Oracle running on their desktop computers and we haven't seen any large scale worm attacks targeting Oracle databases. To the extent that attackers are targeting Oracle databases, they do so in targeted attacks to steal customer data or conduct industrial espionage.

So how do you make sure that the world finds out about Oracle's horrible security record?

By comparing the new devil with the old one, security researcher David Litchfield decided. Earlier today he published a whitepaper that drew a crystal clear picture. Around the same time that Microsoft succeeded to curb its security problems in SQL Server, Oracle completely lost control and saw the number of security vulnerability skyrocket.

Another researcher plans to have a "week of 0-day Oracle Database bugs" in an effort to draw the public's attention to the issue.

Larry Ellison in 2001 unwrapped a marketing programme that claimed that his database was "unbreakable", but reality has long since unveiled the hollowness behind the hype. Last month he dusted off the slogan once more, this time to market Oracle's support for Red Hat Linux.

If that's what Oracle's "unbreakable" respresents, Red Hat has nothing to worry about.

technorati tags: oracle, security, david+litchfield,

November 22, 2006 at 03:01 AM | Permalink | Comments (0) | TrackBack

Was Novell's Microsoft pact a mistake after all?

Novell executives must have known that they would draw some major fire from the free software corner when they forged their partnership with Microsoft.

But following the fallout between the two companies in the past days, they should seriously consider ask themselves if they haven't opened Pandora's box when they agreed to pay Microsoft a license fee for each copy of Suse Linux that Novell ships.

The issue is that there are two kind of patent threats. Real threats from bad patents, and bad threats from real patents. The first kind draws lots of media attention because the battles are waged in open court and involve patents that have a decent shot of getting invalidated. Examples included the case of NPT vs. Blackberry and Eolas vs. Microsoft.

The second group contains patents from large companies. Their patents might not be any better, but their owners aren't merely looking for licence fees. They can also use their intellectual property to protect their market position or use it as change in negotiations with other patent gorillas.

Just like nuclear weapons, these patents are hardly ever enforced. Because the result of a patent war is just as impossible to predict as that of a nuclear holocaust.

When Novell negotiated its patent truce with Microsoft, it must have thought that patents were thrown in as change. Customers from both Microsoft and Novell wanted a patent covenant, so let's give them one.

But as Microsoft chief executive Steve Ballmer said last Thursday, the company still considers open source a real threat to its patent portfolio and intellectual property. To Microsoft, the patent covenant is about paying respect to the power of Redmond.

After all, who cares about customers when there is money to be made?

Hovsepian and Ballmer cuddle up. Has the adrenaline rush worn off yet?

technorati tags: novell, microsoft, patent, covenant, ron+hovsepian, steve+ballmer

November 22, 2006 at 02:59 AM | Permalink | Comments (0) | TrackBack