Industry News

In the upcoming weeks, Facebook will be rolling out additional updates to personal profiles and business pages. That means more scams and scares probably will be forthcoming. The most recent scam has to do with Facebook turning into some sort of subscription service. The scares generally concern privacy issues.

The scam has no basis to it, although it sounds plausible. Facebook has released a new feature that allows users to “subscribe” to other profiles. It’s easy to extrapolate that idea and to reach the conclusion that Facebook itself will turn into a paid service. Scammers did see that conclusion and have been using it to their advantage. A chain letter has been making its way across Facebook stating that Facebook users will have to pay between $3.99 and $9.99 per month in order to use the service. A variation of the letter is pure mischief; users are told to share the chain letter in order to continue using the “free” service. 

The Facebook scares are understandable. Some of the new features, such as the ticker, appear to be an invasion of privacy. Upcoming updates, such as the Timeline and the integration with Open Graph, seem to tread into that same territory. The truth is that Facebook actually didn’t change anything with the privacy settings in the latest slew of updates. If people are seeing information they didn’t expect to see in the ticker, it’s due to the fact that they or their friends haven’t utilized the privacy settings properly or to their fullest. 

The upcoming updates also don’t “invade.” People have to authorize applications, such as Spotify or Hulu. It’s only then that updates to those applications will begin to appear on a person’s Timeline and in the ticker. If enough people watch the same show on Hulu or listen to the same song on Spotify, that information is then shared in the newsfeed. Other applications, such as Nike’s running one, could be viewed as a trespassing of privacy; however, Facebook users agree to the terms and conditions of the application. If a person doesn’t want that information shared on the Timeline or in the newsfeed, he or she needs to take measures to do so.

What the updates actually do is reinforce personal responsibility. Yes, privacy probably will be invaded in some instances. When doesn’t that happen? Companies mine data for both selfish and selfless purposes. Scammers and spammers find ways around privacy protocols all the time. It’s up to people to be diligent about their data and their protection of it.

Blecko - I'm not sure who decided on the name; it sounds a little like a cross between a cough and a sneeze - is a public, beta search engine. Its search results are based on people's slashtags and are supposed to show you reliable, non-spammy search results. Blecko has an admirable goal; unfortunately, its social-media features and less than stellar search results may prove to be its undoing.

Blecko appears to be simple, and that's intentional. The home page plays off of Google's minimalist aesthetic but with the addition of a Blecko mascot and a row of featured Blecko users - none of whom have changed during the past week - underneath the search box. Once you leave that home page, things get a little more complicated.

On the home page, you can click on user's profiles, which takes you to profile pictures, information, activity, created slashtags, and followed slashtags. You can also choose to set up your own profile and contribute to the slashtag community by creating tags, adding keywords, and sharing applicable sites. You can also make your slashtags public or private. If they're public, other people - with your permission - can edit them; if they're private, only you can see and edit them. You can also visit the "Global" and "Chatter" pages, which are similar to Twitter's. Finally, you can also "Find Slashtags," a feature that allows you to select slashtags from a list. If all of that sounds like a lot of time and effort in order to find information about the best apps for the iPad, it is. I would much rather visit a reliable source and do some perfunctory investigating rather than spend all day browsing slashtags in the hopes that I'll find the information I'm seeking.

Blecko's search results also aren't that great, although that may or may not be due to its beta status. For example, the search for "macbook" turned up some relevant sources, such as Apple and Wikipedia, but it also turned up results like "MacBook Mart" and "001spycamera," sites that either would have been banned by Google or relegated to a page that nobody would frequent. The results you receive also can be tagged, marked as spam, or "chattered." You can click on "link" underneath each search result; my links for the MacBook search included the Kalamazoo Public Library and the MINI Space T-shirt Design Competition. You will also see an "seo" link beneath each search result, which allows you to see siterank, inbound links, and some other fun statistics. 

Is Blecko interesting? It is, but unless you want to contribute to the cause and aren't busy with sites like Digg or Slashdot, you're not likely to create or follow slashtags. In addition, the reason Google is still the reigning search engine is its simplicity. Blecko's search results aren't stellar already, and they're sometimes buried under the social-media features. I could give Blecko a little slack since it's a beta, but it's a public beta. That means it needed to be prepared to duke it out with Google prior to its launch. It wasn't.

The beginning of the new year often is a time of reflection. We remember the past year. If we’re business owners, we evaluate what worked and what didn’t. We revise our plans for the upcoming year. We determine what steps we need to take in order to make our businesses more successful this year than in the last.

For those of us in the IT industry, we also decide which trends to follow. We consider new software, particularly software as a service (SAAS). We contemplate Application Programming Interfaces (APIs). Some of us may be beating those trends and already are using things like Salesforce or NetSuite in our day-to-day business.

We also follow what the giants are doing. How will Google impact our businesses? What will Apple and Microsoft introduce this year? We already know that Microsoft will launch Windows 8, and we expect certain things from it. How will other leaders in the tech industry respond to it?

We have to consider the gadgets, too. iPads remain the number one choice of many corporations, but we could see some competition from other entities. The Kindle isn’t necessarily a contender with the iPad, but it does skew the results for Microsoft, especially when it comes to consumer purchases.

Finally, we’ll be measuring. We’ll see analytics take even more precedence this year. It is the age of the consumer, and we have to be trying new things and measuring the results so that we can meet the needs of those consumers.

How are you getting ready for the new year? What trends are you watching or implementing?

Firefox celebrates its sixth birthday today. Six years ago, Mozilla launched Firefox as an open source and innovative web browser. Since its inception, Firefox has proven to be a better and more secure alternative to Internet Explorer.

Firefox can relish in birthday revelries today; it deserves to do so. It's the second most popular browser with a 31.5 percent market share. It's also available in more than 70 languages and has an extensive Add-ons library. As of today, nearly 400 million people worldwide use Firefox and more than 150 million users choose to customize their web browsing with Firefox Add-ons.

Firefox 4 will be the next major upgrade for the web browser. Firefox 4 was expected to release at the end of this year but has been postponed until early 2011. The upgraded version of Firefox will incorporate a redesigned user interface, HTML5 support, a multi-touch feature, improved HD videos, and more. 

Source: The Mozilla Blog

Does it seem strange to compare a computer network to a fruit fly's nervous system? According to scientists at Tel Aviv University and Carnegie Mellon University (CMU), the comparison isn't all that odd. Ziv Bar-Joseph, an associate professor or machine learning and computational biology at CMU and an author of the new study, states that computational and mathematical models are often used by scientists to analyze biological systems. The new study takes a different approach; it looks at nature first, then brings that model to bear upon a computer science problem relating to computer networks.

The scientists are examining fruit flies because the flies, like computer networks, take a distributive approach to performing tasks. The bristles flies use to sense the outside world develop from nerve cells. Each nerve cell has the capability of becoming a sensory program precursor (SOP). If a nerve cell is an SOP, it can connect to adjoining nerve cells but not other SOPs. The method used to determine which nerve cells become SOPs is a probabilistic one and occurs during the larval and pupal stages of the fly's development. The method shares similarities with how points are created in computer networks, but the process is much simpler. The fly's cells have no information about how they are connected to each other, and they don't need that information in order to perform correctly. As some cells develop into SOPs, they release a chemical signal that inhibits neighboring cells from becoming SOPs. The process continues for several hours until all of the cells are in the perfect arrangement of SOPs and cells. Once the process is complete, the fly emerges from the pupal stage.

Like fruit flies, computer networks use a distributive approach to performing tasks. Networks typically use a probabilistic method in creating a small set of processors, called a maximal independent set (MIS), that relay messages to the other, non-MIS processors. Discovering that small set is complicated. Many messages, most of them elaborate, are sent across the network. In addition, all of the processors must have advance knowledge of how they relate to the network in order to work and interact with the MIS. Like the flies' bristles, the processors included in an MIS also must be arranged so that they can interconnect with other processors but not with another MIS. One of the problems with the method is that the MIS processors can't transmit a chemical signal so that other processors are unable to vie for the MIS designation. Processors become part of an MIS based in part on the number of connections they have with other processors. As messages are transmitted around the network, the processors are constantly determining which ones are part of the MIS.

In a simple network, the probabilistic method isn't too much of a hassle. It occurs rapidly, but it could be better, which is why scientists are intrigued by the fruit fly's nervous system. The system the fly develops isn't based on the number of connections each cell has; rather, it develops as a function of time. In addition, the fly's system doesn't require knowledge of how the cells are arranged, meaning, if not fewer, at least less complicated messages being sent around the fly's system. 

The scientists at Tel Aviv University and CMU have already developed a distributed computer algorithm based on the fly's approach. During tests, the scientists found that the algorithm provides a fast solution to the MIS conundrum. The solution isn't quite as fast as current approaches, such as the probabilistic method, but the approach is much more efficient and can be applied to different networks, especially ones in which the number and position of points isn't certain. For example, the fruit fly approach holds great promise for wireless sensor networks, including environmental monitoring, in which sensors are distributed randomly and may not be in communication range of each other. 

Sources: Carnegie Mellon University, ScienceDaily

LulzSec has all but gone off the grid lately. After wreaking hacking havoc over the summer, the group disbanded before more members could be sought and arrested. The group may not be in the spotlight these days, but it is ensuring that it is not forgotten. The leader of LulzSec, known as “Sabu,” claims the group has a cache of hacked emails and damaging data at its disposal.

According to LulzSec, part of that cache contains approximately 4GB of emails by The Sun, a sister site of News of the World. News of the World, in addition to its public demise, now faces criminal charges. LulzSec refuses to jeopardize the case by releasing the other emails. It’s uncertain what will happen once the case goes to court, and a verdict is given. Will LulzSec publish the emails? Will the group hold onto the emails as a bargaining chip? Does LulzSec even have the emails, or is the group playing a game of smoke and mirrors?

It’s impossible to know the answers to those questions, but LulzSec’s actions in the past seem to indicate that the group probably does hold incriminating information. The group also claims that part of its cache contains information about banking targets and financiers, including HSBC. HSBC appears to be safe; Sabu states that HSBC’s documents are on the “up-and-up.”

Such knowledge is small comfort to any company or organization that might have been hacked by LulzSec or Anonymous. LulzSec is a ticking time bomb. Sabu maintains a semi-active Twitter profile and tweeted that he and the group are sitting on information due to timing. When they will release it is anybody’s guess.

Are you concerned about the information LulzSec purports to have? Do groups like LulzSec and Anonymous worry you? Why or why not? Let us know in the comments.

Accuvant recently released a study touting the benefits of Google Chrome. According to Accuvant, Chrome has the most and the best security measures. The problem? Accuvant’s study was funded by Google. The study, therefore, is biased at best. Accuvant isn’t upfront about the conflict of interest, either. It says the study was an objective and independent assessment.

The study itself did focus on four important browser concerns: URL blacklisting, IT hardening, plug-in security, and sandboxing. URL blacklisting is meant to protect against bad URLs. Browsers are supposed to detect bad URLs, then blacklist them. IT hardening is a process in which a computer’s system is “hardened” toward security vulnerabilities. The process eliminates as many security risks as possible, usually by removing all non-essential programs and utilities from the computer. Plug-in security refers to the safety of the add-ons that come with browsers, such as plug-ins for email or other applications. Sandboxing is a security mechanism that separates running programs. For instance, if an anti-virus doesn’t recognize a particular program, the anti-virus may “sandbox” it in order to prevent it from corrupting the computer’s system.

All three main browsers of choice - Chrome, Firefox, and Internet Explorer - failed in the area of URL blacklisting. The browsers’ performance varied in the other three categories. Based on those four areas, Accuvant ranked Chrome first, Internet Explorer second, and Mozilla Firefox third.

Of course, Accuvant’s ranking is questionable due to the conflict of interest. What should be remembered is that browsers will need to continue to improve in the areas of URL blacklisting, IT hardening, plug-in security, and sandboxing. Browsers also will need to be kept up-to-date; if they aren’t, their abilities in those four areas decrease significantly and open a computer’s system to potential threats.

Microsoft unleashes its newest patch tomorrow, December 14. The patch includes seventeen security bulletins and updates that will address forty vulnerabilities. Some of those vulnerabilities are already known to be critical; more may be discovered once the patch is live.

To date, two of the vulnerabilities already have been designated as critical. As many as twenty-five could be critical, but the actual numbers and the extent of the vulnerabilities won't be known until the patch is released. The two known critical vulnerabilities affect Internet Explorer and Windows.

Of the seventeen security bulletins, thirteen of them, including the two critical ones, affect Internet Explorer and all versions of Windows. Two of the bulletins affect two important vulnerabilities within Microsoft Office. Another bulletin will repair an important vulnerability in SharePoint Server 2007. The final bulletin, rated moderate, will affect x64-based Exchange Server 2007.

The patch intends to repair some bugs. One will be the last of the Stuxnet zero-day vulnerabilities. Those vulnerabilities appear to be localized privilege elevation attacks. Microsoft states that such attacks have not been seen, as of yet, in the wild outside of Stuxnet.

The patch also includes several non-security updates. One will resolve issues caused by the revised Daylight Saving Time and time zone laws in several countries; the update will enable an automatic adjustment of computer clocks on the correct date in 2011. Microsoft will also include its usual updates to the Malicious Software Removal Tool and Windows Mail Junk Filter.

Sources: Microsoft Support, Microsoft Security Response Center, PCMag

We all knew that the lowered spam activity during the holidays could only last for a certain period of time. Alas, that period has expired. Spam email is on the rise as are attacks on social media networks.

During the past few weeks, we've been offered a reprieve from emails touting weight-loss cure alls, Viagra products, and herbal medicines. It was a nice change of pace, but it's time to return to the real world of spam inundation. This past week has seen an increase in spam emails offering a wide range of products, especially pharmaceuticals. 

Pharmaceuticals typically account for sixty-four percent of all email spam globally. That percentage equals approximately sixty billion emails per day. During the holidays, pharmaceuticals fell to 0.1%, or seventy million messages. Analysts at Symantec attribute that plunge to Rustock, the botnet responsible for almost half of all spam, which fell silent during the holidays. With Rustock and the other two major botnets, Gheg and Cutwail, on a seeming vacation the past few weeks, the total volume of email spam fell from 200 billion daily in August to thirty billion per day in December.

Symantec has been following spam email levels closely and immediately noticed when Rustock returned to the stage. On Monday, January 10, overall spam email rose to seventy billion per day, with Rustock accounting for thirty percent of those emails. That percentage continues to increase, and analysts at Symantec predict a corresponding rise in email spam globally.

Symantec also expects to see more spam and malware on social media networks. The first status scam continues to proliferate on Facebook as does a virus bearing similarities to Koobface. No known attacks have occurred on Twitter since the Gawker incident last month, but it's only a matter of time. It always is.

Source: Guardian

Virtual desktop integration (VDI), or desktop virtualization, is a nifty alternative to the traditional desktop or workstation. Users are no longer tied to their desktops since virtualization decouples the one-to-one relationship between the hardware and the operating system or applications that run on that system. In addition, virtualization consolidates desktop resources in the data center, resulting in greater efficiency, reduced costs, and greater security. Virtualization typically occurs in one of three ways: locally, hosted from a central location, or hosted from a private or public cloud.

Most people have already started to virtualize their desktop experience without even realizing it. Just think of the freedom that delicious provides. You no longer have to e-mail links to yourself; rather, you save your favorite pages on delicious and access them from any laptop, workstation, or mobile device. That's a simplistic example, but all virtualized applications work on basically the same principle. Users can access the information and applications they need without having to visit the physical location where that data is stored.

Companies are seeing the benefit of virtualization, especially with everyone working under tighter financial constraints. In addition, many companies are hiring telecommuters, which means that these employees have to be able to access the applications and data they need without being physically present at the actual company or data center. Companies see other benefits, including decreased costs. How many times have we had to pay for desktop maintenance, upgrades, and system patches? With virtual desktop integration, these costs are decreased dramatically since the repairs and upgrades are only made at the data center but are felt by all users at all locations. End users see very little, if nothing, of this behind-the-scenes work; they merely continue on their merry way with their new and improved applications and systems. 

Another benefit of VDI is increased security. Desktop virtualization allows data and applications to be regularly archived, meaning better disaster recovery and business continuity. For example, if data is lost at a remote location, the data can ostensibly be easily recovered since it resides in a virtual environment rather than at the remote location or desktop. This factor is particularly important to the industries of finance and healthcare, where sensitive information is regularly shared. In the past, this information was often stored on desktops or even laptops only to have a file become corrupted or, in the worst case scenario, be stolen or hacked. With VDI, some of these losses can be prevented.

VDI is the next wave of information technology advancement. It is going to affect anyone who uses a computer on a day-to-day basis because VDI makes business, environmental, and financial sense. It reduces our carbon footprint and power consumption. It also offers better control over patches and updates, reduces the need for upgrades and repairs on every desktop and workstation, facilitates identity and access management, and protects data. Finally, VDI increases the speed of application development and testing, addresses compliance requirements and business continuity, and centralizes storage control.  

The landscape in the IT world shifts quickly. In many ways, the landscape consists of sand dunes. A wind blows, and the dunes shift. The landscape looks entirely different within a few minutes or hours.

It can be difficult to stay on top or ahead of trends in the shifting IT landscape, but it is possible. IT professionals who pay attention to the trends and learn to forecast will be able to plan a response and to work with that shifting landscape. What shifts might occur or already occurring? Three areas come to mind:

• Mobile. This trend probably is the most obvious, but IT professionals are looking at it even more closely. Some web designers now are proposing that they focus on building for mobile devices first and developing desktop experiences second.
• Touch. Touch technology continues to grow. It may be well-known to people with smartphones or tablets, but the technology isn’t limited to those devices. IT professionals who are looking forward to new trends this year are going to be following the developments in touch technology, particularly multi-touch and sensors, closely.
• Programming languages. More dynamic programming languages, such as Ruby and Python, are coming to the fore. Other dynamic languages exist, and they should be used when needed. IT professionals are focusing on using the right language for the project, not making the project fit to a particular language.

What trends are you following? How are you preparing for them? Let us know in the comments.

Communication between Wi-Fi devices isn't exactly shocking. The Nintendo DS has had device-to-device connections for years, but the technology is proprietary. For that reason alone, Wi-Fi Direct is going to have a huge impact on Wi-Fi devices and wireless networking.

Wi-Fi Direct will enable peer-to-peer wireless networking using current Wi-Fi standards. The Wi-Fi Alliance, whose members include Apple, Cisco, Intel, and other major technology vendors, will begin certifying devices today. What does this mean for users of certified devices? It means that users no longer need to worry about routers and hubspots because their devices have their own micro-hotspots. For example, devices such as notebooks, tablets, cameras, and printers can "find" each other and establish wire connectivity without the presence of a wireless router, access point, or hubspot.

Wi-Fi Direct speeds are based on 802.11b/g/n channels. This means that devices could ostensibly have an intra-device throughput at rates exceeding 300Mbps. Range will also be affected by Wi-Fi Direct; future Wi-Fi Direct devices are expected to achieve distances similar to those of home wireless networks. Other features of note include:

• Wi-Fi Direct uses Soft AP. Soft AP is a software-based access point functionality built into Wi-Fi Direct certified devices. It allows devices to route and direct network traffic.
• Legacy Wi-Fi devices are supported. If a device is Wi-Fi Direct certified, it can connect with 802.11n/b/g devices. 
• Wi-Fi Direct has built-in security. WPA2 is bundled into the Wi-Fi standard. Unlike traditional wireless routers and access points, WPA2 cannot be disabled.
• Applications reign supreme with Wi-Fi Direct. Portable devices will be able to connect to a number of available applications without having to access a Wi-Fi network.
• Wi-Fi Direct is not the same as traditional wireless networking. The main difference is security. In Windows ad-hoc networks, the highest level of security is WEP. Wi-Fi Direct's is WPA2. Wi-Fi Direct devices also can simultaneously connect to existing wireless networks. More granular control and better device discovery are other differences between the two networking systems.
• Wi-Fi Direct won't replace traditional wireless networks. Wi-Fi Direct merely creates more flexibility with APs and routers and allows for greater signal strength among wireless devices. In addition, there are other security considerations. For instance, IT departments with corporate wireless networks may have problems controlling Wi-Fi Direct devices.
• Some products are already Wi-Fi Direct certified. Although today is the official certification day, the following products are already certified: Atheros XSPAN® Dual-band 802.11n PCIe Mini Card (AR928x), Broadcom BCM43224, Intel® Centrino® Advanced-N 6200 internal PCIe half mini card, Ralink MIMObility 802.11n Reference Design, and Realtek RTL8192CE-VA4 HM92C00 PCIe mini card.

With this new development in Wi-Fi, some technologies, including Bluetooth, probably are going to suffer. Although Bluetooth's aim - close connectivity, such as headsets - is different from Wi-Fi Direct's, Bluetooth is going to find it difficult to overcome Wi-Fi Direct's speed, connection, and range capabilities. In addition, Wi-Fi Direct will use the same transponders as other Wi-Fi functions, meaning that device manufacturers likely will excise redundant technologies.

Sources: Mashable, PC Mag