If you're an IT professional, Microsoft made an announcement last week that may increase both your capital expenditures budget and your job security.
At the Embedded Systems Conference (ESC) in San José, California, Microsoft announced that the latest version of its OS for embedded systems, Windows Embedded Standard 7, had graduated to RTM status.
"Embedded systems?" you might say. "I manage servers, PCs, and laptops - I care not a whit for an OS that runs ATMs, fuel pumps, kiosks, in-car entertainment systems, and the like."
Microsoft thinks you should care. "For an IT professional, it's now becoming critical that you think through how to be able to manage, provision, monitor, and provide security to [embedded] devices just like you do today with a laptop or a PC," says Kevin Dallas, GM of Microsft's embedded unit. "That's the radical change that is starting to happen, and that's the future that we're building to."
Dallas' suggestion that you add embedded devices to your worry list is due to the fact that Windows Embedded Standard 7 is in essence a "componentized" version of Windows 7 that can provide all the internet connectivity of that operating system. And when your share of billions of internet-capable embedded devices start to communicate with your company's servers, you'll be the one who'll be told to manage them.
And, yes, we said billions. As the VP of Microsoft's OEM division Steve Guggenheimer noted in a recent blog post, the Artemis Embedded Computing Initiative estimates that there will be over 40 billion embedded devices by 2020. Intel's embedded chieftain Doug Davis has cited an IDC prediction that 15 billion embedded devices will be internet-connected by 2015.
"These devices will significantly outnumber the number of PCs, which will be in the hundreds of millions; will outnumber the number of TVs, which will be in the tens of millions; will outnumber the number of mobile phones that are shipped," Microsoft's Dallas told his audience at an ESC keynote.
Understandably, Dallas hopes that a sizable chunk of internet-enabled embedded devices will be built around Windows Embedded Standard 7. And Microsoft's offering has a few things going for it that may entice OEMs to use it in the specialized embedded systems that may one day be connected to your company's servers.
For one, as we mentioned above, it's "componentized" - meaning that Windows Embedded Standard 7 is essentially Windows 7 broken down into over 200 components that an OEM can assemble in any combination that works for their device. Among those components, of course, are internet-connectivity services.
As Dallas put it: "All the benefits of Windows 7 in the PC, laptop, netbook, and server arena can now be extended into the specialized devices space, into the embedded space."
The good news, from Dallas' point of view, is that since Windows Embedded Standard 7 is at heart Windows 7, all of the Microsoft back-end services that IT pros now use will be available to manage embedded devices.
"These devices need to connect seamlessly to back-end services. These services can range from management, to System Center, be able to participate in an Active Directory so you can set policies, you can push out software updates," he said.
He also cited some of Windows Embedded Standard 7's other virtues. "Agile VPN that really drives a more reliable VPN connection that can actually take advantage of multiple network paths. Also, you can build redundancy into your overall network with fail-over clustering - another feature that works in concert with Windows Server 2008 R2. We have the latest Remote Desktop client, RDP 7, also included in this, which supports one of the virtual-computing thin-client scenarios."
Irena Andonova, an exec in Microsoft's Embedded Windows and Enterprise Devices division, was even more direct about the new embedded OS's ability to work with existing management systems. "What is really, really important for us is for the enterprise customers to know that they can rely on the same infrastructure investment that they have made, therefore driving their TCO down by managing their devices in the same manner that they manage their PCs or servers, using the same technologies, plugging into the same existing infrastructure," she told us.
Andonova was ready with examples. "You want to bring in web services? You want to feed in data into SQL Server? Sure, we can do that. You want to read data from SQL Server? Sure, we can do that. Business intelligence where it makes sense? We'll take care of that."
The business intelligence information that embedded devices might provide to managers could include customer-specific data from point-of sale systems, machine-usage stats from production lines, real-time worldwide supply-chain analysis, and so on.
"These specialized devices are becoming mission-critical," Dallas explained. "Critical in terms of the tasks that they perform, but also critical in terms of the information that they can deliver back to that enterprise in terms of business intelligence. And...because you have that business intelligence, you can drive additional revenues."
And some of those additional revenues would reasonably be spent on the additional infrastructure needed to support some of those 15 billion internet-connected devices by 2015. Maybe some might be used to hire more IT staff.
"Raises?" you may ask. Sorry, but Windows Embedded Standard 7 can only do so much.
Sunday 2 May 2010
Student found guilty of obstruction in Sarah Palin email trial
The college student who used publicly available information to break in to the Yahoo! Mail account of then-vice presidential candidate Sarah Palin has been found guilty on two of the four charges filed against him.
David C. Kernell was convicted of felony obstruction of justice and a misdemeanor count of unauthorized access to a computer, according to news reports. He was acquitted of wire fraud and the jury hearing the case deadlocked on a charge of identity theft.
Federal prosecutors haven't said whether they will retry Kernell, who is the son of a Democratic Tennessee lawmaker, on that last charge.
Kernel faces a maximum of 20 years on the conviction of obstruction of justice, which was brought because he deleted evidence from his hard drive. He faces an additional year on the misdemeanor.
His defense attorney characterized the breach as a college prank that had no criminal intent. He was a student at the University of Tennessee who chronicled the stunt on the 4chan website. But federal prosecutors said it was a serious effort to derail Palin's bid for vice president during the 2008 campaign.
In a Facebook post that compared the breach to the Watergate burglaries, Palin appeared to agree with the prosecution.
"Besides the obvious invasion of privacy and security concerns surrounding this issue, many of us are concerned about the integrity of our country’s political elections," she wrote. "America’s elections depend upon fair competition. Violating the law, or simply invading someone’s privacy for political gain, has long been repugnant to Americans’ sense of fair play."
According to testimony in the trial, Kernell spent about 20 minutes online to compile information needed to reset the password for Palin's Yahoo Mail account. At the time, several published reports questioned whether the then-Alaska governor was improperly using it to conduct official state business.
Kernell said he didn't find anything incriminating and posted a handful of messages and pictures online.
He is free on bail. A sentencing hearing has not been set. ®
David C. Kernell was convicted of felony obstruction of justice and a misdemeanor count of unauthorized access to a computer, according to news reports. He was acquitted of wire fraud and the jury hearing the case deadlocked on a charge of identity theft.
Federal prosecutors haven't said whether they will retry Kernell, who is the son of a Democratic Tennessee lawmaker, on that last charge.
Kernel faces a maximum of 20 years on the conviction of obstruction of justice, which was brought because he deleted evidence from his hard drive. He faces an additional year on the misdemeanor.
His defense attorney characterized the breach as a college prank that had no criminal intent. He was a student at the University of Tennessee who chronicled the stunt on the 4chan website. But federal prosecutors said it was a serious effort to derail Palin's bid for vice president during the 2008 campaign.
In a Facebook post that compared the breach to the Watergate burglaries, Palin appeared to agree with the prosecution.
"Besides the obvious invasion of privacy and security concerns surrounding this issue, many of us are concerned about the integrity of our country’s political elections," she wrote. "America’s elections depend upon fair competition. Violating the law, or simply invading someone’s privacy for political gain, has long been repugnant to Americans’ sense of fair play."
According to testimony in the trial, Kernell spent about 20 minutes online to compile information needed to reset the password for Palin's Yahoo Mail account. At the time, several published reports questioned whether the then-Alaska governor was improperly using it to conduct official state business.
Kernell said he didn't find anything incriminating and posted a handful of messages and pictures online.
He is free on bail. A sentencing hearing has not been set. ®
Terry Childs juror explains why he voted to convict
By Robert McMillan
IDG News Service
April 28, 2010
Terry Childs' guilty conviction struck a nerve with IT staffers this week.
Here was a man who, by all accounts, was good at his job, though lacking in interpersonal skills. Suddenly, on July 9, 2008, he's pushed into a tense situation -- a hostile conference call with the human resources department, his boss and even a police officer, all listening in, and told to hand over the passwords to the City of San Francisco's FiberWAN network, which he helped build. He chokes and hands over bogus passwords. Later, he argues that he did this because nobody in the room was qualified to have administrative access to the network.
IT people are used to being held accountable for bad decisions made by their superiors, and some people who've read about the case feel some sympathy for Mr. Childs. After all, the city's network never went down, and Childs eventually did hand over control of the FiberWAN to San Francisco Mayor Gavin Newsom -- the only person Childs felt was competent to have the passwords.
"How exactly was he breaking the law?" wrote one Slashdot poster, reacting to news of Childs' conviction. "[H]e refused to disclose the passwords when the person requesting them did not follow proper protocols."
While the City of San Francisco apparently did a poor job in spelling out the protocols for handing over administrative control of its network, Childs was still guilty of a crime. A jury found him guilty of breaking California's hacking laws on Tuesday, and when he is sentenced on June 14, he will be facing a possible five-year prison term.
So how did Childs break the law? We put the question to one of the best people able to answer it: Juror # 4, also known as Jason Chilton. In addition to having listened to countless hours of courtroom testimony, he also happens to be a Cisco Certified Internetwork Expert (CCIE) and a senior network engineer with payroll administrator Automatic Data Processing. (ADP) He's spent the past five months of his life on the trial, which began jury selection in late November. According to him, there's much more to the Terry Childs case than most people realize.
Following is an edited version of an interview he gave the IDG News Service on Wednesday, the day after the verdict was handed down.
IDG News Service
April 28, 2010
Terry Childs' guilty conviction struck a nerve with IT staffers this week.
Here was a man who, by all accounts, was good at his job, though lacking in interpersonal skills. Suddenly, on July 9, 2008, he's pushed into a tense situation -- a hostile conference call with the human resources department, his boss and even a police officer, all listening in, and told to hand over the passwords to the City of San Francisco's FiberWAN network, which he helped build. He chokes and hands over bogus passwords. Later, he argues that he did this because nobody in the room was qualified to have administrative access to the network.
IT people are used to being held accountable for bad decisions made by their superiors, and some people who've read about the case feel some sympathy for Mr. Childs. After all, the city's network never went down, and Childs eventually did hand over control of the FiberWAN to San Francisco Mayor Gavin Newsom -- the only person Childs felt was competent to have the passwords.
"How exactly was he breaking the law?" wrote one Slashdot poster, reacting to news of Childs' conviction. "[H]e refused to disclose the passwords when the person requesting them did not follow proper protocols."
While the City of San Francisco apparently did a poor job in spelling out the protocols for handing over administrative control of its network, Childs was still guilty of a crime. A jury found him guilty of breaking California's hacking laws on Tuesday, and when he is sentenced on June 14, he will be facing a possible five-year prison term.
So how did Childs break the law? We put the question to one of the best people able to answer it: Juror # 4, also known as Jason Chilton. In addition to having listened to countless hours of courtroom testimony, he also happens to be a Cisco Certified Internetwork Expert (CCIE) and a senior network engineer with payroll administrator Automatic Data Processing. (ADP) He's spent the past five months of his life on the trial, which began jury selection in late November. According to him, there's much more to the Terry Childs case than most people realize.
Following is an edited version of an interview he gave the IDG News Service on Wednesday, the day after the verdict was handed down.
Study: Users OK with mobile devices for sensitive transactions
By Joan Goodchild
Senior Editor
CSO
April 29, 2010
Most mobile device users worldwide feel safe using their mobile devices for applications that involve highly-sensitive information, including accessing airline boarding passes; making payments in stores for low-cost items; or to access online banking, according to research conducted by Unisys Corporation. But acceptance levels vary by age, with younger users more comfortable conducting sensitive mobile transactions compared to older users.
The research, part of a bi-annual survey of more than 10,000 people in
11 countries called the Unisys Security Index, found that 83 percent of mobile device users in the United States said they would be comfortable using their device for these kinds of transactions. The numbers were similar in Spain (80 percent) and the United Kingdom (75 percent). About half of device users from the Netherlands (49 percent), Belgium (51
percent) and Germany (52 percent) said they would feel safe using mobile devices for these same services.
Of the 80 percent of Americans who said they own cell phones or handheld devices, 40 percent said they would feel safe using these devices to receive notifications if their credit cards are charged more than a specified amount. And 38 percent said they would feel safe using them to purchase cinema, sporting event or theater tickets.
While there was broad acceptance among device users towards one or more of the applications, users' responses frequently differed as to which of the applications they would feel safe using on their mobile devices.
However, there was greater confidence in the security of mobile devices across the board among younger consumers. For example, 76 percent of UK citizens 18-24 years-old said they would feel secure using their mobile devices as airline boarding passes, compared to just under half of all UK device users (49 percent). In the U.S., 53 percent of consumers aged
18-34 years-old said they would feel safe using them to purchase theater, sports or cinema tickets, compared to 38 percent acceptance rate for U.S. citizens overall.
Senior Editor
CSO
April 29, 2010
Most mobile device users worldwide feel safe using their mobile devices for applications that involve highly-sensitive information, including accessing airline boarding passes; making payments in stores for low-cost items; or to access online banking, according to research conducted by Unisys Corporation. But acceptance levels vary by age, with younger users more comfortable conducting sensitive mobile transactions compared to older users.
The research, part of a bi-annual survey of more than 10,000 people in
11 countries called the Unisys Security Index, found that 83 percent of mobile device users in the United States said they would be comfortable using their device for these kinds of transactions. The numbers were similar in Spain (80 percent) and the United Kingdom (75 percent). About half of device users from the Netherlands (49 percent), Belgium (51
percent) and Germany (52 percent) said they would feel safe using mobile devices for these same services.
Of the 80 percent of Americans who said they own cell phones or handheld devices, 40 percent said they would feel safe using these devices to receive notifications if their credit cards are charged more than a specified amount. And 38 percent said they would feel safe using them to purchase cinema, sporting event or theater tickets.
While there was broad acceptance among device users towards one or more of the applications, users' responses frequently differed as to which of the applications they would feel safe using on their mobile devices.
However, there was greater confidence in the security of mobile devices across the board among younger consumers. For example, 76 percent of UK citizens 18-24 years-old said they would feel secure using their mobile devices as airline boarding passes, compared to just under half of all UK device users (49 percent). In the U.S., 53 percent of consumers aged
18-34 years-old said they would feel safe using them to purchase theater, sports or cinema tickets, compared to 38 percent acceptance rate for U.S. citizens overall.
Symantec buys crypto firms PGP and GuardianEdge
By Tom Espiner
ZDNet UK
29 April, 2010
Symantec is buying encryption vendors PGP and GuardianEdge Technologies to boost its lineup, the company announced on Thursday.
The security company plans to integrate encryption products from PGP and GuardianEdge into its data loss prevention suite and endpoint protection products, said Symantec enterprise security group vice president Francis deSouza.
"The two acquisitions will give us a market-leading position in the $1.4bn per year encryption business," deSouza told ZDNet UK. "At Symantec, we're focused on making data protection easier to manage, and these acquisitions represent a big step forward."
The company will pay $300m (196m) in cash for PGP and $70m in cash for GuardianEdge, subject to approval from US and German antitrust bodies.
Symantec expects to gain the regulatory approval this quarter, said deSouza.
Many PGP and GuardianEdge products overlap. PGP's product portfolio includes disk encryption, email protection, file and server encryption, and authentication. GuardianEdge offers hard disk encryption and authentication, as well as storage encryption and smartphone protection.
Symantec already sells endpoint encryption and hosted email encryption.
ZDNet UK
29 April, 2010
Symantec is buying encryption vendors PGP and GuardianEdge Technologies to boost its lineup, the company announced on Thursday.
The security company plans to integrate encryption products from PGP and GuardianEdge into its data loss prevention suite and endpoint protection products, said Symantec enterprise security group vice president Francis deSouza.
"The two acquisitions will give us a market-leading position in the $1.4bn per year encryption business," deSouza told ZDNet UK. "At Symantec, we're focused on making data protection easier to manage, and these acquisitions represent a big step forward."
The company will pay $300m (196m) in cash for PGP and $70m in cash for GuardianEdge, subject to approval from US and German antitrust bodies.
Symantec expects to gain the regulatory approval this quarter, said deSouza.
Many PGP and GuardianEdge products overlap. PGP's product portfolio includes disk encryption, email protection, file and server encryption, and authentication. GuardianEdge offers hard disk encryption and authentication, as well as storage encryption and smartphone protection.
Symantec already sells endpoint encryption and hosted email encryption.
Blog lets readers decide alleged hacker's fate
By Andrew Ramadge
blogs.news.com.au
April 29, 2010
TALK about walking the walk -- one of the world.s biggest tech blogs is taking the idea of crowdsourcing to a new level by letting its readers decide whether or not to press charges against an alleged hacker.
Earlier this year, tech blog TechCrunch was compromised by a hacker who at various points redirected users to an adult site and defaced the homepage.
Now police think they've nabbed the culprit and TechCrunch has been asked if it wants to press charges.
But, in the spirit of Web 2.0, the blog is leaving that decision to its readers.
"We're going to let you decide -- do we press charges or just let this go? The poll is at the bottom of the post. Whatever you decide, we'll do," wrote founder Michael Arrington in a post.
blogs.news.com.au
April 29, 2010
TALK about walking the walk -- one of the world.s biggest tech blogs is taking the idea of crowdsourcing to a new level by letting its readers decide whether or not to press charges against an alleged hacker.
Earlier this year, tech blog TechCrunch was compromised by a hacker who at various points redirected users to an adult site and defaced the homepage.
Now police think they've nabbed the culprit and TechCrunch has been asked if it wants to press charges.
But, in the spirit of Web 2.0, the blog is leaving that decision to its readers.
"We're going to let you decide -- do we press charges or just let this go? The poll is at the bottom of the post. Whatever you decide, we'll do," wrote founder Michael Arrington in a post.
Study: Application Security Not An Enterprise Priority
By Kelly Jackson Higgins
DarkReading
Apr 29, 2010
With all of the attention and education surrounding secure coding practices and Web attacks, you'd think it would be sinking in to enterprises by now, but not so much, according to a new survey: Only 18 percent of IT security budgets are dedicated to Web application security, while 43 percent of budgets are allocated to network and host security.
"The State of Application Security" report by the Ponemon Institute and commissioned by Imperva and WhiteHat Security, published this week, found that 70 percent don't believe their organizations allocate enough money to securing and protecting their mission-critical Web apps. In addition, 55 percent said developers are too busy to fix security issues in their apps.
"Overall, the results of the study confirmed things WhiteHat and Imperva have believed and recognized for quite some time. The vast majority of attacks come through applications -- in particular, Web applications,"
says Stephanie Fohn, CEO of WhiteHat.
The survey found that 34 percent of major vulnerabilities are not fixed, and 38 percent said they believed it would take more than 20 hours of time for a developer to fix one bug.
[...]
DarkReading
Apr 29, 2010
With all of the attention and education surrounding secure coding practices and Web attacks, you'd think it would be sinking in to enterprises by now, but not so much, according to a new survey: Only 18 percent of IT security budgets are dedicated to Web application security, while 43 percent of budgets are allocated to network and host security.
"The State of Application Security" report by the Ponemon Institute and commissioned by Imperva and WhiteHat Security, published this week, found that 70 percent don't believe their organizations allocate enough money to securing and protecting their mission-critical Web apps. In addition, 55 percent said developers are too busy to fix security issues in their apps.
"Overall, the results of the study confirmed things WhiteHat and Imperva have believed and recognized for quite some time. The vast majority of attacks come through applications -- in particular, Web applications,"
says Stephanie Fohn, CEO of WhiteHat.
The survey found that 34 percent of major vulnerabilities are not fixed, and 38 percent said they believed it would take more than 20 hours of time for a developer to fix one bug.
[...]
Govt bans import of Chinese telecom equipment
By Thomas K. Thomas
New Delhi
April 28, 2010
The Government has officially told mobile operators not to import any equipment manufactured by Chinese vendors, including Huawei and ZTE.
Though the Department of Telecom had been informally telling the operators to keep away from Chinese telecom equipment, this is the first time that it has sent an order banning Chinese gear.
The order was sent out by the DoT on Tuesday to some of the operators that were planning to buy equipment from Chinese manufacturers. The ban order follows concerns raised by the Home Ministry that telecom equipment from some countries could have spyware or malware that gives intelligence agencies across the border access to telecom networks in India.
The Government had earlier banned import of Chinese handsets without IMEI number. The DoT move is a huge blow to ZTE and Huawei that are betting big on the Indian market. ZTE had a record-breaking performance in the last fiscal in India by registering a 50 per cent increase in sales compared with the previous year. The ban also puts the new mobile operators in a quandary as most were banking on attractive financing schemes by Chinese vendors to purchase network equipment.
The biggest gainers from the move could be European and American vendors that have been losing market share to aggressive Chinese equipment-makers.
New Delhi
April 28, 2010
The Government has officially told mobile operators not to import any equipment manufactured by Chinese vendors, including Huawei and ZTE.
Though the Department of Telecom had been informally telling the operators to keep away from Chinese telecom equipment, this is the first time that it has sent an order banning Chinese gear.
The order was sent out by the DoT on Tuesday to some of the operators that were planning to buy equipment from Chinese manufacturers. The ban order follows concerns raised by the Home Ministry that telecom equipment from some countries could have spyware or malware that gives intelligence agencies across the border access to telecom networks in India.
The Government had earlier banned import of Chinese handsets without IMEI number. The DoT move is a huge blow to ZTE and Huawei that are betting big on the Indian market. ZTE had a record-breaking performance in the last fiscal in India by registering a 50 per cent increase in sales compared with the previous year. The ban also puts the new mobile operators in a quandary as most were banking on attractive financing schemes by Chinese vendors to purchase network equipment.
The biggest gainers from the move could be European and American vendors that have been losing market share to aggressive Chinese equipment-makers.
Subscribe to:
Posts (Atom)
