Sameer Bhalotra, a former Senate intelligence committee cybersecurity staffer, will become a top advisor to cybersecurity coordinator Howard Schmidt, likely focusing on strategy.
The White House has named a key Senate staffer to a cybersecurity leadership role as senior director in the office of the cybersecurity coordinator, the White House confirmed on Friday.

The staffer, Sameer Bhalotra, was the lead staffer for cybersecurity and other technology issues for the Senate Select Committee on Intelligence, including the intelligence community's cybersecurity budget. He was also a contributor to the Center for Strategic and International Studies' report "Securing Cyberspace for the 44th Presidency," which served as the underpinnings for the Obama administration's initial cybersecurity strategy report released last May.

As senior director, Bhalotra should wield considerable influence, as the only other senior director in the cybersecurity coordinator's office is Chris Painter, who was the acting cybersecurity coordinator before cybersecurity coordinator Howard Schmidt came on board.

According to a spokesman for the White House's National Security Staff, Bhalotra's specific portfolio has yet to be decided. However, according to a source with knowledge of the situation, Bhalatra will most likely be focusing on strategy, while Painter will continue working as he has been recently on fostering international cooperation -- he's headed to China and other countries in the coming weeks -- and interagency coordination on cybersecurity.

Observers applauded the move, saying that Bhalotra was well-respected by Democrats and Republicans alike. SANS Institute research director Alan Paller called Bhalotra the "most technically savvy staffer on the Hill."

"He knows what really works and what doesn't," Paller said.

Before joining the Senate Select Committee on Intelligence in 2007, Bhalotra worked on cross-community technology efforts for the Office of the Director of National Intelligence. He has also worked for the Defense Intelligence Agency and Central Intelligence Agency, where he worked in a support role for the director of the CIA.

Bhalotra has a bachelor's degree in chemistry and physics from Harvard University and a doctorate in applied physics from Stanford University.

By J. Nicholas Hoover
Read the Original Article at InformationWeek

• 0 comments »

Promotional USB thumb drives carried an unintended freebie: a keystroke-monitoring Windows worm.

Call it a stealth attack: Attendees at this month's AusCERT information security conference in Australia received an apologetic e-mail last week from IBM warning them that gratis promotional USB thumb drives the company distributed came installed with an unintended freebie: malware.

"At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," IBM's chief technologist in Australia, Glenn Wightwick, wrote to attendees. "Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

It warned recipients to not use the drives, and requested their return to a postage-free address.

IBM didn't name the malware in question, noting only that it "is contained in the setup.exe and "autorun.ini" files, had been around since at least 2008, and could be detected "by the majority of antivirus products" on the market.

It warned that the malware would automatically run, and advised anyone who had actually plugged in the offending thumb drive to "contact your IT administrator for assessment, remediation and removal."

According to Graham Cluley at Sophos, the drives contained two different pieces of malware: The setup file is known as LibHack-A, and refers to "often otherwise legitimate applications that have been altered to load a malicious library file with a .dat extension," said Cluley on the Sophos blog. Thankfully, a crucial component is missing, which means it doesn't work.

But that's not true for the other piece of malware, a keystroke-monitoring Windows worm known as Agent-FWF. "Hardly the kind of code a security researcher would want running on their computer," said Cluley.

What can other companies do to ensure that their USB thumb drives aren't delivering hidden extras to conference-goers and potential customers? For starters, while auto-run features may seem mandatory to ensure that thumb-drive recipients receive your marketing message, avoid them.

"Auto-run files seem like a good idea because they force the user to view your pre-loaded information but you do, as IBM have discovered, run a very small risk with auto-run files of introducing malware," Phil Battison, director at memory stick vendor USB2U, said in a statement. Better, he said, to stick to just data files, such as Word documents, Excel spreadsheets, PowerPoint decks, or PDFs.

By Mathew J. Schwartz
Read the Original Article at InformationWeek

• 0 comments »

Read the Original Article at DarkReading

Have you ever been tempted to strike back against a hacker? Security pros should read this before they make the wrong move.

Let's face it: We are all tired of attacks against our enterprise networks. Heck, we'd love to stick it to bad guys plaguing our users and our corporate data -- but even though you might have the tools and skills to do it, being a vigilante can be a dangerous game.

Even if you put aside the legal issues -- taking matters into your own hands can constitute a violation of the law -- hacking back could make things worse for your users. If they feel they're in a firefight, then some attackers could choose to take a more persistent approach -- targeted directly at your organization.

As security professionals, we are regularly reminded of our ethical duties to keep data safe, protect our users, and not exploit a vulnerability we did not have specific permission to attack. These things don't apply just to our daily work. Our ethical obligations extend beyond the borders of our network and even to the machines being used in attacks against us.

When's the last time you received a phishing or spear-phishing attack against your organization? Did you stop to look deeper into it, click the link, and start exploring the site that was targeting your users? There are some interesting things that can be found just by viewing the site and attempting to navigate to the root of the attack site's directory.

In some cases, I've seen attackers who were dumb enough to allow directory browsing -- which exposed the entire collection of stolen credentials to anyone who took the file name from the URL. One particular attacker left his exploit kit in the directory -- along with the address he was having the credentials emailed to. Not very smart.

But where does casual browsing of the attacking site begin to go too far?

If the attacker is storing the stolen credentials or credit card numbers alongside his phishing pages, then do not view them. You don't want the FBI knocking on your door asking what you did with the 1,500 credit card numbers you downloaded. And don't go looking for a way to delete the data, either -- you could end up destroying critical evidence that could be used to legally go after the attacker.

For targeted spear-phishing attacks, contact your local FBI office. They may help you to take the site offline and, hopefully, track down the source of the attack. You can also approach your hosting provider to get the site taken offline, which many will do immediately when they realize what's being hosted on their servers. Ideally, the hosting provider will lock the accounts and prohibit access, while preserving the data for investigation by law enforcement.

What about malware and botnets? There has been some interesting research during the past several years into botnet communications and how they can be controlled and even taken over. In 2008, European researchers learned how the Storm botnet communicates and developed an effective attack to disrupt its peer-to-peer (P2P) botnet communications.

If I know how to disrupt a botnet -- making it effectively useless -- should I do it? Not necessarily. In fact, Jose Nazario, a security researcher with Arbor Networks, told Dark Reading, "This has been a taboo subject of exploration, as people do not want to mess with other peoples' PCs by injecting commands."

He's right. Injecting commands into a botnet could have undesired effects -- from the loss of simple connectivity to serious data loss.

However, botnet research like this can be used for good, under the right circumstances. Twice in the past six months (read "Microsoft, Researchers Team Up And Tear Down Major Spamming Botnet" and "Another Botnet Gets Dismantled, But This Time With Arrests)," large botnets have been targeted and taken down as a joint effort by researchers (including those above), private companies (including Microsoft), and law enforcement. By obtaining court orders to monitor the botnet operations and its controllers, researchers were able to gain enough information to help law enforcement arrest three Mariposa botnet hunters.

Next time you consider turning the tables on the attackers, step back and remember you're becoming an attacker yourself -- and could quickly get into hot water, both with your employer and the law.

Instead, take the time to learn how tools like OSSEC HIDS and its active response capabilities can automate blocking attacker IPs without any fuss. Just remember to whitelist your critical servers first.

• 0 comments »

The $750 million deal will lead to better mobile ads and more free mobile content, Google says.

Google on Thursday said it had completed its acquisition of AdMob, six months after it announced its intention to purchase the mobile advertising start-up.

The deal was delayed to make accommodate government regulators, who reviewed the possible antitrust ramifications of allowing the dominant Internet advertising company to take over one of the leading mobile advertising networks.

Last week, the Federal Trade Commission said that it concluded its inquiry and found that the deal was unlikely to harm competition.

The FTC said that Apple's decision to launch its own competing mobile ad network -- through the company's purchase of Quattro Wireless -- figured prominently in its decision.

With the consummation of the deal, Google took the opportunity to reiterate its commitment to mobile advertising.

"It's clear that mobile advertising is becoming a much larger part of our clients' and partners' strategies and with this acquisition, it's now a central part of our own business," said Google VP of product management Susan Wojcicki in a blog post. "In continuing to invest in this highly competitive area, we'll be bringing together our technology, resources and expertise in search advertising with AdMob's innovative solutions for advertising on mobile websites and in mobile applications."

The clarity Wojcicki mentions comes in the form of data: The number of mobile searches Google receives has increased fivefold in the past two years and users of smartphones with Web browsers based on the WebKit layout engine -- the iPhone, Android devices, and the Palm Pre -- searched 62% more in the first three months of the year than in the three months at the end of last year.

It's not just Google that sees profit in the mobile market. It's pretty much everyone in the tech sector, as can be seen from HP's $1.2 billion acquisition of Palm.

Revisiting some of the promising mobile advertising technology previewed at the company’s recent developer conference, Wojcicki pointed to new search ad formats the company has developed, like Click-to-call search ads and expandable rich media ads.

She also highlighted work Google has done to develop alternatives to text-based search, such as spoken queries, queries derived from images, and real-time voice translation.

By Thomas Claburn
Read the Original Article at InformationWeek

• 0 comments »

To quell the complaints of critics, Facebook has reworked its privacy controls to make them easier to understand.

In the wake of rising doubt about Facebook's commitment to privacy, the social networking site said on Wednesday that it plans to roll out simplified privacy controls designed to offer users more control over the information they share.

Facebook CEO Mark Zuckerberg announced the changes at a press conference. "It's been a pretty intense few weeks for us," he conceded as he described how the company had gathered a term of engineers together to address a problem that has attracted the attention government regulators in the U.S. and Europe.

Zuckerberg suggested that Facebook's recent actions had been misperceived and stressed that the company remains committed to giving users control over their information.

"The number one thing we've heard is through all these changes [is that] the settings have gotten complex and it has become hard for people to use them," he said.

Facebook's simplified privacy controls offer users one menu with three settings that determine who can see shared content: friends, friends of friends, and everyone.

This meta-setting will apply to all content shared by the user: past, present, and future.

The company's more granular controls will still be available to users who wish to use them.

Facebook is also reducing the amount of information visible through connections by giving users control over who can see their friends and pages. Facebook profiles will soon show only the user's name, profile picture (if one has been uploaded), gender (optional), and networks (if any).

The company has added a way to opt-out of the Facebook Platform completely, so users don't have to worry about their information being shared with third-party application providers.

Leslie Harris, president of the Center for Democracy and Technology, a group that has supported greater privacy on Facebook, offered cautious support for the new controls.

"Facebook's users have spoken and made it clear that they want control of their information," she said in a statement. "Despite all rumors to the contrary, privacy is not dead, it is on its way to a comeback in the form of simplified controls and better policies. While more work still needs to be done, these changes are the building blocks for giving people what they want and deserve."

Josh Abraham, a security researcher with Rapid7, said it was too early to tell whether the changes would be effective in protecting users and suggested that lack of privacy is the cost of using such services.

"Web sites like Facebook and Google make money off ads and data mining their users," he said. "All those services may not cost anything, but you give up your privacy to use them."

Or as Zuckerberg put it, "We believe that people come into this wanting to share and stay connected."

By Thomas Claburn
Read the Original Article at InformationWeek

• 0 comments »

With a bit of malicious JavaScript code, Web browser tabs can be altered when hidden from view.

Mozilla's creative lead for Firefox, Aza Raskin, has developed novel phishing attack that Firefox engineers will need address.

Raskin calls the attack "tabnapping" because it can replace the content of a Web page that's open in an inactive browser tab -- and thus isn't visible at the moment it's being changed -- with a page designed to capture personal information.

Image Gallery: Top 12 Firefox Add-Ons

While the user of a Web browser is looking at an active tab, malicious JavaScript code on one of the hidden, inactive tabs that happens to be open can replace the loaded page with new content, such as a fake Gmail login page.

As Raskin demonstrates on his Web site, the code also replaces the favicon -- the tiny graphic element that shows up on tabs and to the left of the browser address bar -- of the inactive tab page with the Gmail favicon.

The result is a phishing page that is very easy to mistake for a legitimate Gmail login page.

"As the user scans their many open tabs, the favicon and title act as a strong visual cue -- memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open," explains Raskin in a blog post. "When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs."

The attack works in current versions of Firefox, but not current versions of Chrome or Safari. It's certainly avoidable, if the user is alert. But such attacks rely on the fact that users are often not wary enough.

Raskin says there are many ways the attack can be made more effective. He adds that the attack shows the need for improvements on traditional password-based authentication, such as the Firefox Account Manager that Mozilla is developing.

By Thomas Claburn

Read the Original Article at InformationWeek

• 0 comments »

The National Oceanic and Atmospheric Administration plans to spend as much as $354 million on two new supercomputing contracts aimed at improving climate forecast models.

Supercomputing plays an important role at NOAA, as supercomputers power its dozens of models and hundreds of variants for weather, climate, and ecological predictions. However, a recently released 59-page, multi-year strategic plan for its high-performance computing found NOAA needs "new, more flexible" supercomputing power to address the needs of researchers and members of the public who access, leverage, and depend on those models.

In terms of a research and development computer, NOAA found it requires one the power of which will be ultimately measured in petaflops, which would make the future machine one of the world's most powerful supercomputers.

The new supercomputer would support NOAA's environmental modeling program by providing a test-bed for the agency to help improve the accuracy, geographic reach, and time length of NOAA's climate models and weather forecasting capabilities.

The more expensive of the two contracts, which goes to CSC, will cost NOAA $317 million over nine years if the agency exercises all of the contract options, including $49.3 million in funding over the next year from the Obama administration's economic stimulus package, CSC announced earlier this month.

CSC's contract includes requirements analysis, studies, benchmarking, architecture work, and actual procurement of the new system, as well as ongoing operations and support when the system is up and running. In addition, CSC will do some application and modeling support.

One of the goals is to build the system in such a way as to integrate formerly separate systems and to more easily transfer the research and development work into the operational forecasting systems, Mina Samii, VP and general manager of CSC's business services division's civil and health services group, said in an interview.

This isn't the first major government supercomputing contract for CSC. The company has a dedicated high-performance computing group and contracts with NASA Goddard Space Flight Center's computational sciences center as well as the NASA Ames Research Center.

Cray announced last Thursday that it will lead the other contract, which stems from a partnership between NOAA and the Oak Ridge National Laboratory. The $47 million Cray contract is also for a research supercomputer, the forthcoming Climate Modeling and Research System, and includes a Cray XT6 supercomputer and a future upgrade to Cray's next-generation system, codenamed Baker.

"The deployment of this system will allow NOAA scientists and their collaborators to study systems of greater complexity and at higher resolution, and in the process will hopefully improve the fidelity of global climate modeling simulations," James Hack, director of climate research at Oak Ridge and of the National Center for Computational Sciences, said in a statement.

While the two contracts are both related to climate research, it's unclear exactly how the two are related to one another. NOAA did not respond to requests for comment.

By J. Nicholas Hoover

Read the Original Article at InformationWeek

• 0 comments »

Whether you build your own penetration test team or hire a third party, pen testing is crucial for security.

The disclosure earlier this year of attacks originating in China and targeting Google and other large corporations proves that today's cybercriminals are sophisticated and out for financial gain, not bragging rights. These targeted, multipronged intrusions draw on a range of techniques and tools, including exploitable vulnerabilities, inside information, and attackers' sheer persistence. Could your systems stand up to these sophisticated threats? For many enterprises, the best way to find out is to attack yourself first, or hire somebody to do so. A good penetration test may spot security vulnerabilities before attackers do.

The issue is that our standard security product lineup focuses on the Internet as an attack vector, but that's not the only way in. A determined attacker can break in by gaining the cooperation of an insider or even through physical access to your buildings. To really test your defenses, you need to attempt penetration via all of these methods.

In the past, penetration test customers were typically limited to institutions, such as banks and government agencies, that had both large amounts of sensitive data and the resources to fund specialized tests. These days, there's a greater awareness of and interest in penetration testing. Some companies use internal assets, others bring in an outsider to rattle IT's cages.

"The two main drivers behind penetration testing achieving more mainstream recognition are the PCI Data Security Standards and boardroom attention," says Nick Selby, managing director of Trident Risk Management, a security consulting firm that conducts assessments. Other compliance standards, such as HIPAA, also carry pen test requirements. Penetration tests conducted by third parties are the norm, but there is a do-it-yourself option thanks to automated pen testing products from vendors such as Core Security Technologies, Immunity, and Rapid7. Open source tools are also available for companies that want to build their own pen test kits.

The Human Factor

A true penetration test involves far more than a scan and a report. Steve Stasiukonis, VP of Secure Network Technologies and a pen tester for more than a decade, says scannable network components are only one of three elements that must be evaluated.

"People, process, and technology are all part of a thorough test," Stasiukonis says. "Of the three, people are the weakest link, and a good pen tester will perform reconnaissance that determines what's needed to get past your people and into your systems."

We all know that employees with weak passwords are weak links. But there's much more to social engineering, in which the attacker gains a target's trust, which can then be exploited. Social engineering attacks are often used to gain physical access to a building or sensitive location. For instance, Stasiukonis and his colleagues will disguise themselves as service technicians--complete with uniforms and logo-emblazoned van--to gain physical entry into a client's business.

By Keith Ferrell
Read the Original Article at InformationWeek

• 0 comments »

VeriSign will refocus business on Internet infrastructure, naming services.

VeriSign, one of the best-known names in computer security, today took a step away from the security business by selling its authentication services business to Symantec for $1.28 billion.

VeriSign's authentication business, which includes the Secure Sockets Layer (SSL) encryption certification services, a managed Public Key Infrastructure (PKI) platform, and the company's ownership stake in VeriSign Japan, contributed approximately $101.9 million to VeriSign's revenues last quarter -- about 39 percent of the company's business.

Symantec's acquisition follows the $300 million purchase of encryption pioneer PGP and the $70 million purchase of GuardianEdge, which were announced simultaneously just three weeks ago.

"The security space is consolidating in a way that favors larger players that offer lots of products and services in an integrated package," said Mark McLaughlin, president and CEO of VeriSign, in an investor teleconference this afternoon. "If you want to succeed in this market, you have to have a broad range of services, as Symantec does."

"For 15 years, VeriSign has pioneered the SSL and related authentication services business," said Jim Bidzos, VeriSign founder and executive chairman. "Today Symantec is the best company to drive this business forward."

The agreement provides that Symantec will acquire the assets of VeriSign's Authentication Services business, including its ownership stake in VeriSign Japan, as well as certain brands and trademarks, such as VeriSign’s "check mark" logo.

Symantec has indicated that it expects to offer positions to most of VeriSign's authentication employees to support the business. VeriSign has agreed to support the business after the transaction's close by providing transitional services to Symantec. Following the close of the transaction, VeriSign expects to eliminate some positions that will not move to Symantec and that will not be required for its future operations. The boards of both VeriSign and Symantec have unanimously approved this transaction, which is not subject to financing contingencies or shareholder approval. The transaction is expected to close in 60 to 90 days or upon receipt of regulatory approval. Following the close of this transaction, VeriSign's remaining business will consist of its Naming Services business, which contributed approximately $162 million, or 61 percent, of the company's revenues in the quarter ended March 31, 2010.

"We will continue to focus on the growth strategies we've previously articulated for our domain name and infrastructure availability businesses," McLaughlin said. "These include leveraging our existing infrastructure capabilities for new services, expanding internationally, and pursuing new top-level domain opportunities."

"Trust and identity are key to the future of securing and managing information," Symantec said in its announcement. "VeriSign is the leading provider of digital authentication services, enabling trusted interactions within and across businesses, consumers, applications, and processes. With identity security, Symantec solutions can enable information access control, enhanced data security, and better enforcement of compliance policies."

By Tim Wilson
Read the Original Article at InformationWeek

• 0 comments »

Google search results now come wrapped in a digital lock to keep them from prying eyes.

Google on Friday introduced an encrypted version of Google Search, a move that makes it far more difficult for anyone to intercept and read communication between Google and users during search sessions.

Encrypted search is available by initiating an https:// connection to Google rather than an unprotected http:// connection.

Had Internet users in Europe been using Google's encrypted search, their searches would not have been exposed by Google's recently disclosed inadvertent collection of wireless network traffic from public WiFi hotspots.

But Google's introduction of encrypted search isn't in response to that incident, said Google product manager Murali Viswanathan in a phone briefing. It's part of a broad initiative to add encryption to its services.

In January, Google enabled https:// connections for Gmail by default, having previously made it an option available to users who wanted extra security.

As a consequence of using an https:// connection to reach Google, clicking on a search results link will send less information to the Web site at the end of the link. Encrypted search users will not transmit the search keywords they entered when they submitted their query or the fact that they used Google to find the site at the end of the search results link. This deprives publishers of information that may be useful to their marketing efforts, which may be why Google isn't forcing everyone to use encrypted search. But it provides Google users with more privacy.

Adding encryption represents a cost for Google, though Viswanathan was unable to provide data to quantify the expense. It costs Google in terms of computational resources and engineering time.

"It requires a lot of work from the development side," said Viswanathan. "We do realize those extra costs do bring extra benefits to our users."

There's also a cost for the user: Encrypted search is slightly slower, through Viswanathan says it shouldn't be noticeable.

Encrypted search is not a complete security solution. Data has to be presented to the user in unencrypted form so any person or malware that has access to the user's computer or mobile device may be able to read that information. Encryption does nothing to prevent users from being duped into supplying personal information to phishers. And the encryption only extends to Google Search at the moment; searches on Google Maps or Google Images, for example, will not be encrypted.

To prevent users from inadvertently shifting from encrypted to unencrypted search, Google is removing the Maps and Images links from the left-hand menu pane on its search results pages.

By Thomas Claburn
Read the Original Article at InformationWeek

• 0 comments »

The Secerno DataWall firewall appliance inspects commands, logs activities, and issues alerts to protect Oracle and other database systems.

Oracle announced Thursday that it will acquire Secerno, a supplier of firewalls that work to protect both Oracle and heterogeneous database systems. No price was given for the privately held company, located in Oxford, England. The deal is expected to close before the end of June, Oracle officials said.

Oracle already offers a set of products that protect internal operations of its systems. Secerno offers an additional external layer of protection, said Andrew Mendelsohn, senior VP of database server technologies. The Secerno DataWall firewall appliance inspects commands and SQL queries to the database to make sure they don't contain bogus commands or represent an imposter making inappropriate demands.

According to information posted on the Secerno Web site, DataWall can be configured to block activity based on user profile, domain name, application, or program type originating a command. It blocks in real time ineligible or illegitimate activity.

The April 27 announcement of release 4.2 of DataWall cites a Forrester Research report, "Data Security Predictions for 2010," from December 2009 as saying "inappropriate access by over-privileged employees continues to be a simmering security issue."

The rack-mount appliance also logs activities and issues alerts. An activity log allows any intrusive activity to be traced back to its initiator and a forensic record of the incident to be created.

"The Secerno acquisition is in direct response to increasing customer challenges around mitigating database security risk," said Mendelsohn in the announcement. "Secerno's database firewall product acts as a first line of defense against external threats and unauthorized internal access with a protective perimeter around Oracle and non-Oracle databases. Together, Oracle's complete set of database security solutions and Secerno's technology will provide customers with the ability to safeguard their critical business information."

Steve Hurn, CEO of Secerno, said in the announcement, "Secerno is a natural addition to Oracle. Secerno has been providing enterprises and their IT Security departments strong assurance that their databases are protected from attacks and breaches."

A Secerno firewall brain trust will be added to the Oracle staff to provide continued expertise in development of the product, he said.

Oracle's existing products include Oracle Advanced Security, Oracle Database Vault, and Oracle Audit Vault. They protect against internal threats, ensure data privacy, and enable audits of database operations, a regulatory compliance feature.

By Charles Babcock
Read the Original Article at InformationWeek

• 0 comments »

The agreement extends the Facebook Credits payment system to Zynga games like Mafia Wars and Farmville.

Facebook has announced a five-year "strategic relationship" with Zynga Game Network, ending speculation that the companies were preparing to end their partnership.

Zynga makes some of the most popular social networking games that run on Facebook, including Mafia Wars, Farmville, and Cafe World. The company's games attract 235 million users a month, which is more than half of Facebook's worldwide total of 400 million users.

Facebook and Zynga announced the five-year strategic relationship on Tuesday, saying the agreement provided a "solid foundation for both companies to continue to work together." The deal expands the use of Facebook Credits, a payment mechanism controlled by Facebook, to the Zynga Network.

The use of Credits for payment was a major disagreement between the companies, the blog TechCrunch reported this month. Tuesday's announcement indicated the companies had settled at least their major differences.

"We are pleased to enter into a new agreement with Zynga to enhance the experience for Facebook users who play Zynga games," Sheryl Sandberg, chief operating officer at Facebook. "We look forward to continuing our work with Zynga and all of our developers to increase the opportunities on our platform."

Credits are a form of virtual currency used to buy gifts and virtual goods in games and applications on Facebook. The social network plans to take a 30% cut of revenue generated from games and applications using Credits, which would be required for making payments on the site. The hefty revenue slice is what reportedly angered Zynga.

However, the game maker said in announcing the latest deal that it was currently testing Credits in select games would expand its use to more games over the coming months. Financial terms were not disclosed.

Credits is currently in beta and Facebook has yet to make the system mandatory for developers.

By Antone Gonsalves
Read the Original Article at InformationWeek

• 0 comments »

For $68.2 million, Global IP Solutions is set to become the latest in a series of several recent Google acquisitions related to voice and video.

Google on Tuesday said it had reached an agreement to purchase Global IP Solutions (GIPS), a provider of voice and video IP communication technology.

Google Acquisition Holdings, a Google subsidiary, will pay $68.2 million for the San Francisco-based Norwegian company, Google said.

That's 142.1% over the closing share price of GIPS on January 11 and 27.5% over the closing share price of the company on May 14.

Google engineering director Rian Liebenberg in a statement said that GIPS's technology allows for the delivery of high-quality real-time audio and video over an IP network and suggested that Google will use the technology to enhance the Web as a development platform.

Other recent Google acquisitions in this area include the company's purchases of Episodic, an online video platform, in April, of Gizmo5, a maker of VoIP software, in November last year, and of On2, a video compression technology company, last August.

Google did not provide specifics about how it intends to develop or deploy GIPS technology, but the company could use it to enhance Google Voice, Google Talk, or audio and video capabilities in its Android operating system or Chrome OS.

With Google reportedly set to launch an Android-based "Smart TV" platform in conjunction with Intel and Sony, GIPS technology could find its way into consumer electronic devices as well.

Google has been aggressively developing its real-time search capabilities and it's likely the company sees value in providing real-time audio and video wherever it can.

Emerick Woods, CEO of GIPS, promised in an open letter that his company will continue to serve its existing customers, a list that includes AOL, Nortel, Oracle, Samsung, WebEx, and Yahoo.

By Thomas Claburn
Read the Original Article at InformationWeek

• 0 comments »

Microsoft will pay the VirnetX Holding Corp. $200 million in a lump sum to settle a patent infringement case that was brought by VirnetX, which had claimed Microsoft was infringing on two of its patents on automatic and secure virtual private network (VPN) technology.

An announcement Monday by both firms said “all other aspects of the settlement and license were not disclosed.” Previously, Microsoft had lost a jury trial in the case.

The settlement could have ramifications for other high tech firms. VirnetX is an Internet security software company whose patent portfolio was developed for work carried out for the Central Intelligence Agency. VPN technology is utilized by several large US high tech firms including Cisco, Google, HP, AT&T, and Verizon among others.

“This agreement highlights the need for VirnetX’s Secure Domain Name Initiative,” said Kendall Larsen, chief executive officer and chairman of VirnetX in a statement. “We believe that this successful resolution of our litigation with Microsoft will allow us to focus on the upcoming pilot system that will showcase VirnetX’s automatic Virtual Private Network technology. We look forward to our continued work with our Secure Domain Name Initiative partners in that effort”.

VirnetX was founded by developers and inventors from Science Applications International Corp after they sought to market SAIC patents.

The settlement calls for Microsoft to take a license to the VirnetX patents for Microsoft’s products.

By W. David Gardner
Read the Original Article at InformationWeek

• 0 comments »

The company's Street View cars turn out to have been gathering more than pictures.

Google on Friday said it had mistakenly collected data sent over WiFi networks using its Street View cars, an admission sure to strengthen the position of the privacy groups critical of the company's practices.

Following a recent request from the data protection authority in Hamburg, Germany, to audit the WiFi data recorded by cars gathering Street View images for the company, Google discovered that a statement it had made last month was inaccurate.

The company had said that while its Street View cars collected publicly broadcast WiFi network names and MAC addresses from WiFi routers as the vehicles drove about snapping pictures, no "payload data" -- the packets of data being transmitted over open WiFi networks -- was collected.

In fact, Google was gathering that information, by mistake, the company says.

Alan Eustace, SVP of research and engineering for the company, said in a contrite blog post that back in 2006, a Google engineer had written some experimental WiFi code that grabbed unprotected WiFi network data.

When Google started gathering SSID (WiFi network names) and router MAC addresses from WiFi networks using its Street View cars a year later, the engineering team involved included the experimental code in its software, despite having no interest in or use for the payload data.

Now Google is asking the relevant authorities how to get rid of the unwanted information.

"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible," said Eustace. "We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."

Eustace states flatly that Google "failed badly" and that Google will stop collecting SSID and MAC data from WiFi networks, along with payload data, entirely.

"We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake," he said.

Noting that the incident demonstrates how accessible data is on open public WiFi networks, Eustace also revealed that Google next week will begin offering an encrypted version of Google Search.

By Thomas Claburn
Read the Original Article at InformationWeek

• 0 comments »

Ideal Life claims its wireless health monitoring system is the first to transmit and process data to cell phones, tablets, PDAs, and PCs.

Ideal Life, Inc., has announced that its wireless health monitoring system now offers universal mobile connectivity, which enables its medical devices to transmit and process data to cell phones, tablets, PDAs, and computers -- making it the first Telehealth vendor to offer this feature, the company said.

The Toronto-based firm revealed this week that its wireless monitoring system is compatible with devices from Apple, Nokia, Motorola, and Sony Ericsson.

Ideal Life develops telehealth devices such as blood pressure monitors and glucose meters which are mainly used in hospital and home care settings. These devices close the long distance gap between patients and doctors by using wireless communications to process health information via telecommunications and electronic information processing technologies.

“People’s communication preferences are moving away from wired to wireless options. Now, they can communicate their health information easily through their favorite communication channel or device.” said Jason Goldberg, president of Ideal Life. “To make it possible for remote health monitoring to be practiced on a broad scale, we must have this wide range of connectivity options available to patients and to providers,” Goldberg added.

According to Goldberg, Ideal Life’s remote health monitoring system uses a wireless gateway for all devices. In most cases the Ideal Life Pod is used to allow all devices to automatically record and send data to health care providers.

While telehealth devices offer great potential, however, they have not as yet evolved into a mainstream application, which is a difficulty that companies like Ideal Life face.

“Medical solutions such as those developed by Ideal Life face many challenges. Paramount among them is the need to gain acceptance among healthcare professionals and patients, as well as reimbursement by payers,” said Liz Boehm, analyst at Forrester Research covering healthcare and life sciences.

Boehm also said while Ideal Life’s universal wireless connectivity removes a potential technical barrier, it does not address the key issues that have hampered growth in the remote monitoring market.

“Until patients, [who] have strong personal and financial motivations to make serious lifestyle adjustments, and payers and providers [that] agree on an equitable reimbursement model that rewards physicians for outcomes without holding them responsible for bad behavior on the part of their patients, this market will continue to struggle,” Boehm said.

Goldberg acknowledges these problems, saying to date telehealth devices have primarily been pilot programs serving small groups of patients and health consumers.

He also pointed out other barriers to telehealth device adoption, such as the expense of products, the difficulty of use, especially for older patients, the limited connectivity options and the complexity of exchanging data between patients and doctors drawbacks that he thinks his company’s technology will overcome.

“Using technology that is easily integrated into providers’ data networks, including various health record applications, make it easy to use,” Goldberg said. “Our products are designed based on how people live, so they fit seamlessly into people’s lifestyles,” he added.

Ideal Life will be showcasing its products at the American Telemedicine Association conference, May 16–18, in San Antonio, Texas.

By Nicole Lewis
Read the Original Article at InformationWeek

• 0 comments »

The federal government hopes moving the stimulus-tracking Web site to Amazon EC2 will allow the recovery board to save money and refocus on its core mission.

The federal government has moved Recovery.gov, the Web site people can use to track spending under last year's $787 million economic stimulus package, to Amazon's Elastic Compute Cloud infrastructure-as-a-service platform, the Recovery Accountability and Transparency Board announced Thursday.

The move marks a milestone for the Obama administration's cloud computing initiative. Federal CIO Vivek Kundra said in a conference call with reporters it is the first government-wide system to move to a cloud computing infrastructure. It's also the first federal government production system to run on Amazon EC2, Kundra said.

Cloud computing has been one of Kundra's top priorities since becoming federal CIO in March 2009. In next year's IT budget requests, for example, federal agencies will have to discuss whether they've considered cloud computing as an alternative to investing in on-premises IT systems.

The recovery board expects to save about $750,000 over the next two years -- $334,000 this year and $420,000 in 2011 -- by running Recovery.gov on EC2. This represents about 10% of the total $7.5 million the board has spent overall on the site so far, including development costs. "Significantly" more savings are expected over the long term, according to the recovery board.

Those savings will allow the recovery board to place more emphasis on uncovering and preventing waste, fraud, and abuse, recovery board chairman Earl Devaney said on the conference call. In addition, they will free up resources to allow Recovery.gov's prime contractor, Smartronix, to focus on features and functionality instead of having to worry about keeping servers up and running.

"As the world’s largest consumer of information technology and as stewards of taxpayer dollars, the federal government has a duty to be a leader in pioneering the use of new technologies that are more efficient and economical," Kundra said in a blog post aimed squarely at federal agencies. "By using cloud services, the federal government will gain access to powerful technology resources faster and at lower costs. This frees us to focus on mission-critical tasks instead of purchasing, configuring, and maintaining redundant infrastructure."

Devaney said that the decision to go with Amazon EC2 to host the site was one made Smartronix, but that the decision to move to the cloud for Web hosting was made by the recovery board. "We had been having conversations with Smartronix about this for a while," he said.

Security has been and remains one of the primary concerns holding federal agencies back from considering cloud computing. Before moving Recovery.gov to Amazon EC2, the recovery board sought and received assurances from Amazon that none of the Recovery.gov data would be stored in foreign countries, and went through the certification and accreditation required to be compliant with the Federal Information Security Management Act, which regulates federal cybersecurity.

In fact, the recovery board's press release says that by running the site on EC2, Recovery.gov's security has actually improved by adding "greater protection against network attacks and real-time detection of system tampering."

While NASA and other agencies have been testing EC2, Kundra said that Recovery.gov is the first production system running on Amazon Web Services.

“Building on AWS enables Recovery.gov to reap the benefits of the cloud -- including the ability to add or shed resources as needed, paying only for resources used and freeing up scarce engineering resources from running technology infrastructure -- without sacrificing operational performance, reliability, or security,” Adam Selipsky, VP of Amazon Web Services, said in a statement.

Other agencies have begun moving some IT systems to the cloud as well. For example, in April, the Department of Health and Human Services decided to use Salesforce.com for CRM in support of the implementation of electronic health records systems. The Department of Energy, Department of Interior, and General Services Administration are all considering moving to cloud-based e-mail.

However, the cloud transition remains in early stages. "This shift is not going to happen overnight, but this move represents one of the first bricks in the foundation," Kundra said.

By J. Nicholas Hoover
Read the Original Article at InformationWeek

• 0 comments »

Reporting a 63% profits increase in its third quarter results Wednesday, Cisco Systems said it has been gaining market share and predicted the favorable conditions would continue in its next quarter.

Revenue in the third quarter jumped to $10.37 billion from $8.2 billion in the third quarter last year while income rose to $2.2 billion against $1.35 billion last year. The results generally beat predictions of investment banking analysts who follow the networking giant.

"We witnessed a return to strong balanced growth across geographies, products and customer segments that we haven't seen since before the global economic challenges began," said Cisco's chairman and CEO John Chambers in a statement. "We emerge from this downturn gaining market share, a larger share of the total wallet spend of our customers, dramatically improved customer relations as a trusted technology and business partner, and having next-generation products in almost every product category."

The company cited its acquisition of video communications provider Tandberg as a high point in the quarter. Cisco paid $3.3 billion for Tandberg after a lengthy and sometimes bruising struggle with the Norwegian firm's stockholders. Tandberg's video conferencing systems beefed up Cisco's already strong presence in video conferencing and Telepresence.

Cisco also singled out its accelerating partnership with VMware in which the two firms are cooperating to deliver Cisco's Unified Computing System and VMware vSphere. VMware is majority-owned by storage pacesetter EMC, which is moving aggressively with Cisco to stake out positions in data centers and cloud computing.

In the earnings report, released after the close of stock markets Wednesday, Chambers added: "From almost every measurement perspective - revenues, earnings per share, new products, successful acquisitions, internal startups -- our results in Q3 were the proof points that our strategy is working and was probably the strongest quarter in our history."

By W. David Gardner
Read the Original Article at InformationWeek

• 0 comments »

A $6 million award from the Department of Health and Human Services will analyze research data and discern best practices for serving people with disabilities.

The Department of Health and Human Services Office on Disability announced on Monday an award of more than $6 million to establish a research center that will build electronic data models to conduct comparative effectiveness research on disability services and quality of care.

Called the Center of Excellence in Research on Disability Services, Care Coordination, and Integration, the center will be established with American Recovery and Reinvestment Act funds. The research center will be part of the Office of Disability and will identify and evaluate data, conduct research, and share scientific and clinical information to help patients, providers, policy makers, consumers, caregivers, and family members make decisions on healthcare.

HHS also announced that Mathematica Policy Research, a Princeton, N.J. based research firm that provides a full range of research and data collection services, has been awarded a two-year contract to build the infrastructure necessary to support and conduct research on the effectiveness of systems of care for people with disabilities.

According to HHS secretary Kathleen Sebelius, the data collected will allow the Office on Disability and the Centers for Medicare and Medicaid Services to examine the effectiveness of different services and support . Sebelius also said in a statement that she is hopeful the center "will make necessary data improvements to better understand health and support services for people with disabilities."

The new research center will work with the Centers for Medicare and Medicaid Services Chronic Conditions Warehouse, a research data warehouse that supports the study of chronic illness, to document the public data available, identify and interpret data gaps, link existing sources of datasets relevant to disability, and ultimately support HHS agencies in making necessary data improvements to better capture information relevant to studies on services for people with disabilities.

Another source of information the center will rely on is Medicaid data, which contains information on state-based plan and waiver services. This data will be assessed and used to identify and propose ways to achieve greater consistency in how services are used and defined.

Looking ahead, Rosaly Correa-de-Araujo, deputy director of the Office on Disability, said the new research center offers an opportunity to advance the science, services, and support that benefit people with disabilities.

"This is a unique initiative that creates a broad array of future opportunities in comparative effectiveness research in the field of disability services, including those related to rehabilitation, behavioral, and psychosocial interventions," Correa-de-Araujo said.

By Nicole Lewis
Read the Original Article at InformationWeek

• 0 comments »

DISA, the military's IT and networking branch, gets a new CIO, head of strategy, and top networking official.

The Defense Information Systems Agency, which provides networking and computing services to the rest of the Department of Defense, is making a number of changes to its leadership, DISA director Lt. Gen. Carroll Pollett announced Friday.

Three of DISA's top officials -- the agency's director for strategic planning and information, CIO, and another top IT chief -- will soon leave or have recently left their positions, and DISA has hired and promoted replacements.

The top official to leave is director of strategic planning and information and former CIO John Garing, who is retiring at the end of June. Garing had served in a number of IT leadership positions for DISA after a long career in the Air Force and a few years in the private sector.

Replacing Garing will be Paige Atkins, former director of DISA's Defense Spectrum Organization, which helps plot out the military's electromagnetic spectrum plans. Atkins was previously director of advanced network systems at Cisco Systems.

Another internal hire is new CIO Henry Sienkiewicz, who's replacing Bobbie Stempfley. Stempfley left the agency last month to take over the Department of Homeland Security's National Cyber Security Division.

Sienkiewicz is best known as one of the key leaders behind DISA's private cloud computing infrastructure, the Rapid Access Computing Environment, and open source and DoD community-source software development and sharing effort Forge.mil. In addition to numerous positions in and outside of the military, most recently as DISA's technical program director for computing services, Sienkiewicz founded a hotel management and car rental business software company.

The final piece of the triumvirate of changes will be Daniel Bradford, who will replace recent retiree Richard Williams as principal director of Global Information Grid enterprise services engineering, where he'll head up DISA's networking efforts. Bradford will come on board from the Army, where he was senior technical director of the Army Network Enterprise Technology Command.

By J. Nicholas Hoover
Read the Original Article at InformationWeek

• 0 comments »

May 07, 2010 03:48 pm | Computerworld

Microsoft's work on SP1 means 'clock is ticking' on demise of rights, says analyst
by Gregg Keizer

The clock is ticking on the demise of some downgrade rights for Windows 7, an analyst said Thursday.

Last year, Microsoft said that customers could downgrade new machines purchased with Windows 7 Professional to the older Windows XP Professional for a limited period. The deal ends 18 months after the introduction of Windows 7 -- in other words, in late April 2011 -- or when Microsoft launches Windows 7 Service Pack 1 (SP1), whichever comes first.

Nearly two months ago, Microsoft acknowledged it's working on Windows 7 SP1 . It has not yet set a release timetable, however.

"So the clock is ticking down on that offer, after which time the only option for non-Software Assurance customers to deploy Windows XP is to use Windows XP Mode," said Al Gillen, an analyst with IDC, referring to Windows 7 Professional's built-in virtualized version of Windows XP.

Corporations that subscribe to Software Assurance (SA) -- MIcrosoft's annuity-like upgrade guarantee program -- or purchase Windows through volume licensing plans have downgrade rights from any edition, including Windows 7, to any previous version going as far back as Windows 95.

Calling SP1 an "important milestone for customers" because of the impending end of downgrade-to-XP rights, Gillen noted that the service pack will have relatively little impact on enterprise plans to deploy the new operating system.

"Historically, classic customer deployment behavior for new Windows client operating systems was to wait for the first service pack to arrive," Gillen said in a research note published yesterday.

That's no longer the case, he said, echoing opinions expressed earlier by other analysts, including Michael Cherry of Directions on Microsoft and Diane Hagglund of Dimensional Research.

"The Windows patching process ... has changed the rules of the game for many customers," Gillen argued. "The continuous stream of patches, over time, delivers a significant portion of service pack content."

Recent surveys conducted by IDC with IT professionals and end users showed that budget limitations and application compatibility were the biggest concerns about migrating to Windows 7, not the lack of a service pack.

Although Microsoft originally wanted to limit Windows 7-to-Windows XP downgrade rights to just six months after the release of the former, it quickly backtracked last June after another analyst, Michael Silver of Gartner Research, called the plan a "real mess." Instead, said Microsoft, it would allow downgrades to Windows XP until 18 months went by, or until it released Windows 7 SP1.

• 0 comments »

Max Palevsky was a mainframe computing pioneer and one of Intel's initial investors, but grew disenchanted with technology later in life.

Computer industry pioneer Max Palevsky, who helped finance several important high tech firms including Intel, died Wednesday at age 85. In recent years he turned against the high tech world, refusing to use a computer, or even a cell phone.

Palevsky built a considerable fortune based on the sale of his Scientific Data Systems small mainframe company, which he sold to Xerox for $1 billion in 1969.

A native of Chicago, Palevsky graduated from the University of Chicago, which he attended on the G. I Bill. He and a group of scientists and engineers spotted an opening below IBM’s dominance of business machines and formed Scientific Data Systems in 1961. Eager to compete with IBM, which had entered the copier business, Xerox bought SDS, but it failed to gain much traction in business computing.

The renamed Xerox Data Systems quickly foundered and was closed in 1975, costing Xerox hundreds of millions more. Some critics said Xerox had bought a pig in a poke while others said the operation was mismanaged.

Flush with money from the sale of SDS, Palevsky went on to finance Rolling Stone magazine, and produce movies. He became one of Hollywood’s most prominent escorts of beautiful young starlets, and was married and divorced several times.

Palevsky contributed heavily to several liberal political candidates including Robert Kennedy and Los Angeles Mayor Tom Bradley, but he later gave $1 million to conservative candidate Ron Unz, irritating many of his old liberal friends.

He made several successful investments in California high tech firms including Intel. But gradually he become disenchanted with the industry he had played such an important role in founding. Toward the end of his life, Palevsky complained that searching on Google had become a replacement for genuine inquiry and that instant messaging had replaced social discourse.

“I am a Luddite,” he told the Los Angeles Times in 2001. “I haven’t touched a computer, watched TV, or used a credit card in 15 years.”

By W. David Gardner
Read the Original Article at InformationWeek

• 0 comments »

The counterfeit networking hardware was intended for U.S. Marines in Iraq.

A citizen of Saudi Arabia was sentenced to 51 months in prison on Thursday and ordered to pay $119,400 in restitution to Cisco Systems for trafficking in counterfeit Cisco computer equipment.

Ehab Ashoor, 49, a resident of Sugarland, Texas, was found guilty in January of buying counterfeit Cisco Gigabit Interface Converters (GBICs) from an online vendor in China.

According to the FBI, evidence presented at the trial indicates that Ashoor intended to sell the counterfeit gear to the Department of Defense for use by the U.S. Marine Corps in Iraq.

"Trafficking in counterfeit computer components is a problem that spans the globe and impacts most, if not all, major network equipment manufacturers," said Assistant Attorney General Breuer, in a statement. "As this operation demonstrates, sustained cooperation between law enforcement and the private sector is often a critical factor in disrupting and dismantling criminal organizations that threaten our economy and endanger public safety."

Ashoor's conviction is one of 30 felony convictions and over 700 seizures of counterfeit Cisco network equipment and labels arising from Operation Network Raider, an ongoing domestic and international law enforcement effort to target the illegal distribution of counterfeit network hardware made in China.

As of February 2008, Operation Network Raider had resulted in over 400 equipment seizures.

The FBI, ICE and CBP, in conjunction with various U.S. Attorneys’ Offices and other government agencies in the U.S. and abroad, have participated in Operation Network Raider. In the years that the operation has been active, ICE and CBP have seized counterfeit Cisco products and labels worth over $86 million.

According to a study conducted by the U.S. Commerce Department in November, 2009, nearly 46% of original component manufacturing companies surveyed and 55% of microcircuit manufacturers said they had encountered counterfeit versions of their products.

By Thomas Claburn
Read the Original Article at InformationWeek

• 0 comments »

In the latest sign it may be readying an all-purpose operating system that could ultimately compete with Windows, HP on Wednesday tapped former Microsoft OS boss Bill Veghte as executive VP for Software and Solutions.

Veghte headed the Windows 7 launch in October but quit Microsoft earlier this year to look for opportunities where he could run an "end-to-end" business.

PC's without operating systems are hardly end-to-end, and HP exec Ann Livermore said Veghte will help the company in "expanding our software and solutions business."

It's just one more indication HP has ambitions that don't necessarily include its long-time partner.

HP last month disclosed plans to acquire Palm for $1.2 billion, mostly to get its hands on Palm's WebOS.

The operating system was designed for smartphones, but there's no reason it can't be bolstered for use on, say, laptops and netbooks.

"Palm's innovative operating system provides an ideal platform to expand HP's mobility strategy and create a unique HP experience spanning multiple, mobile connected devices," said Todd Bradley, executive VP of HP's Personal Systems Group, at the time of the announcement.

There's been lots said about Windows lately—but "innovative" hasn't come up much in the conversation—a fact surely not lost on HP. To boot, HP's decision to hitch its wagon to Windows Mobile for smartphones has gotten the company mostly nowhere. More people report seeing Bigfoot in the wild than HP's Windows-based Glitter.

Within days of the Palm news, word crept into the blogosphere that HP's highly touted Windows 7 slate might not happen. Either a newly emboldened HP pulled the plug, the thinking ran, or Microsoft scuttled the project in retaliation for its "partner's" planned move into smartphone operating systems.

There's no confirmation HP's Windows slate is dead, but the company has suddenly clammed up when just weeks ago it wouldn't stop talking about the product and pitching it via YouTube videos. Microsoft, for its part, refers journalists who inquire about the slate's fate to HP.

If HP is planning to go its own way, its acquisition of Palm would be widely seen as the precipitating event.

But the fact is HP's disaffection with Microsoft, and a resulting desire not to be dependent on a single partner for a piece of technology as key as the OS, began much earlier—in the year prior to the January 2007 roll out of Windows Vista, to be precise.

HP officials were livid over Microsoft's decision in early 2006 to dumb down technical specs for what could be branded a "Vista Capable" PC. They'd invested millions developing a new series of motherboards that could accommodate the horsepower hungry Vista—and they were the only vendor that had them.

But then Microsoft caved to Intel's demand that Vista Capable requirements be lowered so machines equipped with the Intel 915 graphics chipset could limp over the bar. The move killed HP's first mover advantage in the Vista PC market and sparked a series of flame mails between Redmond and Palo Alto.

"The decision you have made and communicated has taken away an investment we made consciously for competitive advantage knowing that some players would choose not to make the same level of investment as we did in supporting your program requirements," HP consumer PC executive Richard Walker wrote to former Microsoft co-presidents Jim Allchin and Kevin Johnson, in an e-mail dated Feb. 1, 2006.

(It became public during a related, third-party lawsuit.)

"You have demonstrated a complete lack of commitment to HP as a strategic partner and cost us a lot of money in the process," wrote Walker. In an e-mail to Microsoft CEO Steve Ballmer about the situation, Allchin said Microsoft had "destroyed" its credibility with HP.

Finally, there's evidence HP CEO Mark Hurd is up for bold moves when he senses opportunity. Beyond the proposed Palm buyout, Hurd's dissatisfaction with HP's progress in IT services led to a $13.9 billion acquisition in 2008 of Electronic Data Systems, the world's largest, pure play outsourcer.

To be sure, HP may stick with Microsoft despite it all. Windows, for all its foibles, still holds a 90% market share in computer operating systems. And the vendors struck a deep alliance around server technology earlier this year.

But the tech giants will surely clash when HP ultimately rolls out WebOS phones against Windows Phone 7 devices later this year. That will put them in the unfamiliar position of being direct competitors—in tech's hottest and arguably most strategic sector.

How far will the rivalry extend? There are lots of indications it won't stop at smartphones.

By Paul McDougall
Read the Original Article at InformationWeek

• 0 comments »