Local News  |  PSEB Activities  |  Offshoring/Outsourcing  
        		 
 
 


IT NEWS

Oracle, SAP Agree to Time Extension in Trade Secrets Suit

It appears both sides in Oracle's contentious trade-secrets lawsuit against SAP would appreciate a little more breathing room.

Although there's little love lost between the bitter applications rivals, they have agreed to a legal stipulation extending the time for Oracle to file an amended complaint and for SAP to respond to that filing. The lawyers representing the companies signed the agreement on Tuesday.

Oracle fired the opening salvo against SAP on March 22, filing a surprise lawsuit in the U.S. District Court for the Northern District of California. In the suit, Oracle charged SAP, its SAP America division, its TomorrowNow subsidiary and 50 unnamed individuals Oracle claimed were SAP employees violating U.S. fraud legislation and engaging in unfair competition and civil conspiracy.

Oracle's complaint alleged that one or more staff at TomorrowNow, SAP's third-party maintenance subsidiary, pretended to be Oracle customers and illegally hacked into Oracle's secure support Website for users of PeopleSoft and JD Edwards applications. The employees then allegedly downloaded vast amounts of confidential Oracle software and support material.

Oracle further charged that SAP copied the Oracle content and used it to offer Oracle customers cut-rate support services with the ultimate aim of persuading them to dump Oracle applications in favor of SAP's alternative software.

So far, both sides appear at loggerheads, with Oracle not backing down and SAP saying it will defend itself aggressively. While Oracle executives have not commented publicly on the lawsuit, SAP CEO Henning Kagermann spoke out in April. "We have no intention to settle; why should we?" he said during SAP's first-quarter earnings call. "We don't think anything is wrong with our company."

Oracle had been set to file an amended complaint to its lawsuit between April 21 and May 18, but instead that date has now been put back to no later than June 1, according to Tuesday's court stipulation. Likewise, SAP was on track to respond to Oracle's amended complaint within 20 days of its appearance, the vendor now has until July 2 to file a response.

Source: IDG News Service (Boston Bureau)

 

 

Microsoft to Pay $6B for aQuantive

Microsoft didn't waste much time taking a shot at rival Google's plan to buy DoubleClick for $3.1 billion, offering a hefty $6 billion to buy aQuantive, a digital marketing services agency, as a way to boost Microsoft's Internet advertising business. Speculation remains rife that Google wants to buy Yahoo. Time will tell if the deal announced this week is part of a bigger plan. Talking about Microsoft, —time will tell where aQuantive fits as part of a bigger plan.

Source: CIO.com

 

 

IBM and Amazon.com Settle All Patent Litigation

Amazon.com has paid IBM an undisclosed amount of money to settle all outstanding patent lawsuits between the two companies. They have also agreed on a long-term patent cross-licensing agreement, giving Amazon access to IBM's patents on Web technology, the vendors said.

The agreement will give Amazon greater freedom to innovate, the online retailer said, while IBM for its part looks forward to a more productive relationship between the two companies than they have had of late.
The two companies have been haggling over patents since September 2002: That's when IBM said it first approached Amazon about a licensing deal.

However, they failed to reach an agreement, and so IBM sued Amazon in October 2006, alleging that the company was infringing on a number of its U.S. patents, including those relating to storing data in an interactive network (number 5,442,771), adjusting hypertext links with weighted user goals and activities (5,446,891) and ordering items using an electronic catalog (5,319,542).

Two months later, Amazon countersued, claiming that IBM's WebSphere application server infringed on Amazon patents.

In its suit, Amazon said IBM's patent claims were so broad as to be ridiculous, as they would potentially cover everyone using a browser to surf the Web. The suit also pointed out that IBM had waited for seven years after Amazon launched its online store, finally approaching the Internet Company just as it became profitable.

In the field of patents, Amazon is perhaps best known for its claim to ownership of the one-click online shopping method. It sued bookseller rival Barnes & Noble.com for infringement of this patent in 1999, with the two finally settling the case on undisclosed terms in March 2002.

Source: IDG News Service

 

 

TRENDS

Symantec: Chinese Hackers Grow in Number, Skills
China's hacking scene appears poised for growth, as the number of Internet users with a commensurate interest in criminal hacking and government spying rises, according to a new Symantec study.

"China’s hacking scene is clearly an active one," the report said. "These individuals and groups are known for discovering vulnerabilities, writing exploit code and developing sophisticated hacking techniques."

China ranks second behind the United States as far as malicious activity on the Internet as a whole, Symantec said, citing its own data. The country had 131 million Internet users as of the end of 2006, accounting for about 10 percent of its population and 11 percent of the world's Internet users.

A well-known cyber war between Chinese and American hackers erupted in April 2001 following the collision of a U.S. military spy plane and Chinese fighter. U.S. government websites were hacked and defaced with slogans such as "Beat down imperialism of American," courtesy of a group calling itself the Honker Union of China.

Not to be out hacked, U.S. hackers responded over China's handling of the incident, which involved an awkward demand for an apology.

But perhaps more disturbing has been the efficient ways through which Chinese hackers are believed to have obtained sensitive information. In June 2004, South Korea was reportedly victimized by a concerted attack using Trojan horse programs—which appear harmless but have malicious functions—to pilfer classified documents on weapons systems.

In total, 211 South Korean government computers are believed to have been compromised, in addition to 67 other machines belonging to companies, media groups and universities, according to Symantec.

Chinese computer gurus have also experimented with the "pump-and-dump" scheme, a trick used to inflate stock prices for profit, Symantec said. Starting in October 2004, a group used a Trojan horse to steal account details for users of several online stock traders, and then used the accounts to run up certain stocks.

The victims lost more than US$1.3 million, with the attackers profiting around $114,000.

But in recent years, some of the bad guys have come clean, starting up their own computer security companies. China now has about six antivirus vendors, in addition to a number of computer security research and consulting groups.

However, there's "growing concern of an escalated cyber threat from China, from the perspective of both governments and enterprises", Symantec said

Source: IDG News Service




ERP, Security among Top Concerns for Higher-Ed IT Pros

A new EDUCAUSE survey of college and university CIOs finds that administrative and ERP systems, infrastructure and security are the leading strategic concerns for 2007.
 
Those three issues were among the top 10 identified in all four survey categories: most important to strategic success, potential to become much more significant in the coming year, those taking most of IT leadership time, and those getting the most in human and dollar resources.

Four other issues showed up in three of the categories: course/learning management, disaster recovery, IT funding and identity/access management.

EDUCAUSE is a leading association of college and university IT professionals. The 2007 Current Issues Survey Report is the eighth by the group and this year drew responses from 587 senior IT executives in higher education, mainly CIOs. The survey asks respondents to rank their top 10 issues in the four categories mentioned above. The study's authors list for each of the 10 issues, a set of questions for IT leaders to consider.

Overall, the top 10 issues in all four categories stayed pretty stable compared with 2006. Course/learning management, which is based on commercial or open-source enterprise software, grew in importance, as did electronic classrooms/technology buildings/common facilities, which require considerable infrastructure investment in wireless networks, physical layout design, and an array of instructional technologies such as Web-based courses, digital content and collaboration tools.

This year's survey split what had been one issue—security and identity management—into two. Last year, the combined issue was the number-one IT-related issue in strategic importance, edging out IT funding, which had held the top position for three years in a row. For 2007, IT funding was again the top issue in the strategic importance category, with security second and identity/access management fourth. But in terms of the amount of time devoted to it by IT leaders, identity/access management ranked ninth, and didn't appear at all in terms of the human/financial resources devoted to it.

The disparity in the rankings reflects the high-profile damage to institutions, and to their public image, caused by identity theft and data breaches, of which there were a growing number in 2006. But so far, identity and access management doesn't seem to be claiming a disproportionate share of IT resources.

Source: Network World




Verisign Plugin Brings Green Address Bars to Firefox

Verisign brings a new technology, used to identify trusted Web sites, to the Firefox browser.

The Internet services vendor has released a Firefox plugin that will show the same type of green address bar that is displayed by Internet Explorer 7 when it lands on certain highly trusted Web sites that use EV SSL (Extended Validation Secure Sockets Layer) certificates.

Companies like Verisign, Entrust, and Network Solutions have been issuing these certificates since late 2006, but browser makers have been slower to adopt them. They were adopted by Internet Explorer 7 in late January, and Firefox is expected to support the certificates in Firefox 3.0, expected late this year.

The EV SSL certificates are essentially an antiphishing technology designed to give Web surfers extra information and visual clues when they are visiting secure Web sites, who’s URLs begin with "https://."

It's harder for a business to obtain an EV SSL certificate than it is to acquire the ubiquitous SSL certificates currently used by most secure Web sites.

Before companies like Verisign will issue an EV SSL certificate, they take extra steps to make sure that it is going to a legitimate organization. For example, they will make sure that the business in question is registered with local authorities, has a real address, and actually has control over the Web domain in question.

Verisign's Tim Callan says that more than 500 Web sites, including sites run by eBay's PayPal division and ING Groep, have now completed EV SSL certification. Nearly 90 percent of them are certified by Verisign, said Callan, a director of product marketing with the company's SSL group.

That's an important point because Verisign's Firefox plugin doesn't identify sites that are certified by its competitors. Callan said it would have been too much work to maintain a list of legitimate EV SSL providers. "At that point, we're creating a whole new simultaneous real-time checking system," he said. "We were willing to invest in this one-off code development, but we didn't want to inherit this legacy of constantly maintaining this service, especially because this is a stop-gap measure. At the end of the year, this will be built into Firefox proper."

Because of this limitation, Verisign isn't recommending that nontechnical users download the plugin. It's for "technology early adopters and the people who really want to be on the state-of-the-art," Callan said. "For somebody who recognizes the limitations of it and is still asking for it, this is a good solution."

Source: IDG News Service




STUDIES

Websites Filtering Rises Worldwide, Study Finds

The study predicts a rise in more subtle forms of filtering, such as political Web sites made inaccessible during election periods.

Internet censorship is on the rise around the world, according to a year-long global survey by the OpenNet Initiative (ONI) to be released at a conference in the Oxford, England, on Friday.

"Online censorship is growing in scale, scope, and sophistication around the world," said John Palfrey, Executive Director of the Berkman Center for Internet and Society, and a professor at Harvard Law School, in a statement. "The regulation of the Internet has continued to grow over time -- not surprising, given the importance of the medium. As Internet censorship and surveillance grow, there's reason to worry about the implications of these trends for human rights, political activism, and economic development around the world."

As if to prove that point, Google Korea said Thursday that it would introduce an age-verification system later this year to block adult-oriented searches for users 18 and under. The ONI study found that "South Korea's filtering efforts are very narrow in scope, but heavily censor one topic, North Korea."

The ONI is a partnership between universities in Cambridge, Harvard, Oxford, and Toronto, and is funded by the John D. and Catherine T. MacArthur Foundation.

The organization's study found that 25 out of 41 countries surveyed showed evidence of Internet filtering. Unsurprisingly, countries such as China, Iran, and Saudi Arabia filter a wide variety of topics, as well as content related to those topics.

Burma, China, Iran, Syria, Tunisia, and Vietnam were found to engage in politically motivated filtering. Iran, Saudi Arabia, and Tunisia were found to practice "substantial social content filtering." Burma, China, Iran, Pakistan and South Korea were found to filter Web sites associated with extremism and separatism for national security reasons.

A number of countries showed no signs of official filtering: Afghanistan, Egypt, Iraq, Israel, West Bank and Gaza, Malaysia, Nepal, Venezuela and Zimbabwe. Russia also appears to refrain from government-directed filtering, though the survey results are inconclusive because of the limited number of Moscow ISPs tested.

In a conference call, Rafal Rohozinski, a research fellow in the Cambridge Security Programme and the director of Cambridge's Advanced Network Research Group, described the study as "an interesting model for how networked intelligence can gather intelligence on networks" that was focused on "state-sponsored filtering occurring at the backbone level."

"We found more filtering than we expected," said Rohozinski.

Filtering in the North America and Europe was not tested because the filtering that occurs tends to be done at the behest of the private sector.

"The bad news here is that very few countries seem to have a policy mechanism where people can have a say [in what gets filtered]," said Rohozinski. "The good news is that many countries still continue to subscribe to an open Internet. This for us is encouraging that the marketplace of ideas still seems to be favored over a regulatory path."

Source: InformationWeek




Beware P2P Networks with a Tunnel to Confidential Data, Study Warns

Many of the biggest breaches in recent years were inadvertent disclosures, Dartmouth business school researchers found.

Peer-to-peer networks could be more than a nuisance in the workplace; they might also be providing cyber thieves with a tunnel into your most confidential data. So says a new study of corporate data leaks released Tuesday by Dartmouth business school researchers.

"Many of the biggest breaches in recent years were inadvertent disclosures," says Eric Johnson, professor of operations management at Dartmouth's Tuck School of Business and director of the school's Glass Meyer/McNamee Center for Digital Strategies. Johnson co-authored the study along with Scott Dynes, a senior research fellow at Dartmouth's Institute for Security Technology Studies.

One of the major problems, they found, was that users were insufficiently protecting their files and data from peer-to-peer networks. "Like most people I talked to, I underestimated the scope of the problem," Johnson told InformationWeek. "The kinds of leaks coming out of these organizations would make their hair stand on end, in terms of both the amount and type of information leaked."

The Dartmouth study notes that there are an estimated 10 million users sharing music, video, software, and photos over peer-to-peer networks, up from about 4 million in 2003. This doesn't even include BitTorrent, a popular peer-to-peer application for video files that's difficult to monitor. Meanwhile, efforts by ISPs, corporations, and copyright holders to limit peer-to-peer through technology (such as site blocking, traffic filtering, and content poisoning) or through the courts (the most notable being the Recording Industry Association of America prosecution of individual users and file sharing firms) have prompted peer-to-peer developers to create decentralized, encrypted, anonymous networks that can find their way through corporate and residential firewalls.

"These networks are almost impossible to track, are designed to accommodate large numbers of clients, and are capable of transferring vast amounts of data," the study says.

And now the bad news is, criminals are actively searching peer-to-peer networks for any personal information they can use to commit identity theft. There are several ways for confidential data to find its way to a peer network, including instances where users accidentally share folders containing such data, users store music and other data in the same folder that is shared, or users download malware that exposes their file directories to the network. A lot of identity theft victims "don't realize that their son was on LimeWire last night sharing their financial information," Johnson says. "Much of this software has interface designs that are confusing and even deceptive in a way that gets people to share, without knowing it, their whole hard drive."

Source: InformationWeek




Get More from Outsourcing, essence of studies

Most of us fear outsourcing, and with reason: Our jobs are on the line. Still, most of us work for organizations that will engage in one or more outsourcing deals. Learning how to deal with the changes outsourcing brings can actually work in our favor. Here are some tips.

Work on the outsourcing relationship. Most companies put little time or effort into these relationships, which soon become little more than a battle over invoices, due dates and other contract-related issues.

It's critical to treat the relationship formally, assigning specific point personnel to handle it (even if at this point you have only a small internal office of the CIO). This is especially critical when most of the people on the "other side" are your own ex-colleagues. You might like the "feel good" factor of seeing your former colleagues continue to identify themselves as members of your team, but beware.

Focus on the future. Most long-term sourcing transactions go through at least one major contract renegotiation midstream. There's nothing wrong with this—few of us are brilliant enough to anticipate 10 or more years of changing needs. But if you're going to go through a year's worth of renegotiation, why settle for a few minor tweaks in the pricing algorithm and not much more?

It's not enough to enter into renegotiations focused on what has changed about your company's IT needs since you engaged the sourcing firm. Focus on change itself, the inevitable byproduct of passing time. You'll see, for instance, that tying the sourcing partner's resources to the configuration just makes it difficult for the partner to make changes that could save power, servers and other underlying costs. Another idea for renegotiation: Pay the sourcer a bonus for cutting costs more than expected or consistently delivering quality results.

Commit yourself. When you outsource a business process, do it cleanly. Commitment can only come with trust, but it's important to make up your mind that your objectives are indeed trust and commitment.

By the end of 2008, more than US$120 billion in outsourcing deals will be up for renewal. Many clients are in deeply unhappy relationships, yet most will end up outsourcing again. Now is the time to hone your ability to form partnerships. You'll be mastering an in-demand skill.

Source: Computerworld

Tel: 051-9211124  |  Fax: 051 9204075  |  Email: info@pseb.org.pk  |  URL: www.pseb.org.pk

Disclaimer: PSEBulletin is an assimilation of major IT business news. It mostly contains third party content from cited
sources, therefore, please note that these are not the views of PSEB. Please note that the items have been
edited for purpose of brevity.
To unsubscribe, please send an e-mail with Subject ‘Unsubscribe from PSEBulletin’ to info@pseb.org.pk