In This Issue: 1. Editor's Note: Security Research Isn't Pretty, But It's Necessary 2. Today's Top Story - Langa Letter: XP's Little-Known 'Rebuild' Command 3. Breaking News - Review: Google Calendar Beta Is A Hot Date - Vista Upgrades May Be Slowed By Graphics - Intel's Q1 Outlook Appears Gloomy - Report: South Koreans Putting $1.6 Billion In Web Infrastructure - Gaming Technology And Business IT Begin To Meld - Red Hat-JBoss: Hitching Open To Service-Oriented Architecture - Speed Bumps Await Cisco In App Accelerator Market - Microsoft Launches Specialized Search Engine - Can Salesforce.com Fix What's Wrong With Mobile Apps? - Gap Embraces E-Learning - Ready For The Next Big One - Lightning Rod No Longer - You're Hired! - How To: Podcasting In Four Easy Steps - Microsoft To Tap Health Insurance Market - MySQL Adds Second Option As Storage Engine 4. Grab Bag: - Price, Interface Dampen 'Origami' PC Debut (The Korea Times) - A Sinister Web Entraps Victims Of Cyberstalkers (The New York Times) - Man Trading Up From Paper Clip To House (Netscape News) 5. In Depth: Reviews And Personal Tech - The Fear Industry - Web App Vulnerabilities Are Getting More Attention; Now's The Time For IT To Get Defensive - Steps For Better, Simpler Wireless Network Security - Microsoft Offers Registry Fix To Patch IE, Office 6. Voice Of Authority - IT Confidential: E-Business Calls For Born Optimists 7. White Papers - Making The Business Case For IP Communications 8. Get More Out Of InformationWeek 9. Manage Your Newsletter Subscription
Quote of the day: "Sunlight is said to be the best of disinfectants; electric light the most efficient policeman." -- Justice Louis Brandeis
1. Editor's Note: Security Research Isn't Pretty, But It's Necessary
Security research is a dirty job, but somebody has to do it. Security researchers run an assembly line of self-aggrandizing publicity, churning out press releases and announcements patting themselves on the back for discovering security vulnerabilities in software by Microsoft, Oracle, and other major vendors.
The researchers operate under a constant cloud of suspicion: Are they simply creating a climate of useless fear, stifling innovation, E-commerce, and technology implementation? Are they providing guideposts to computer criminals on where and when to attack?
But as reported in today's package of articles, featuring "The Fear Industry" by Larry Greenemeier, security researchers provide an essential function. They apply pressure on vendors to fix security flaws instead of simply denying the flaws exist and hoping they go away. And they help fill IT managers' insatiable need for information about vulnerabilities and security.
Larry describes how security researchers drove exposure of the Windows Metafile vulnerability earlier this year, discovering the flaw, posting a sample exploit, releasing a third-party patch when Microsoft moved too slowly to fix the problem, and eventually driving Microsoft to release its own patch for the vulnerability five days ahead of schedule. The relentless action by security researchers drove people like Connie Sadler, director of IT security at Brown University, to tear up their schedules for several days and focus on fixing the Windows Metafile vulnerability on their own networks.
Vendors like Cisco, Apple, and Oracle have similarly had their feet held to the fire.
Security vendors like 3Com and iDefense offer bounties of up to $10,000 to researchers who discover a serious security flaw. They say they provide an alternative to security researchers, who can be paid up to $4,000 for selling those vulnerabilities to crooks.
So are these researchers providing a service, or are they little better than crooks themselves? IT managers like Sadler love them, despite the inconvenience they cause. "Yes, sometimes that backfires. But from a high level, it's a good thing. The folks who use this information to do damage are going to know about it long before us anyway," she says. And she likes knowing which vendors are producing insecure products.
What do you think? Should security vulnerabilities be covered up, or aggressively exposed to public scrutiny? Leave a comment on the InformationWeek Weblog and let us know.
Vista Upgrades May Be Slowed By Graphics A pair of software industry analysts argue that the graphics requirements called for in Windows Vista, Microsoft's forthcoming operating system, will be a barrier for end users. Consumers will wait to get the new operating system, they say, until they need new hardware.
Intel's Q1 Outlook Appears Gloomy Don't look for a stellar quarter from Intel. Intel, which is expected to report its first-quarter results on Wednesday, is seeing slower-than-expected growth in the PC sector.
Speed Bumps Await Cisco In App Accelerator Market The market for application acceleration jumped more than 30% last year to $1.2 billion, and it's expected to grow even faster this year, according to Gartner. The potential isn't lost on Cisco Systems, which is trying to elbow its way back to the No. 1 spot.
MySQL Adds Second Option As Storage Engine MySQL users can now choose the SolidDB storage engine. The storage engine MySQL had been using, Innobase, has been acquired by Oracle, but still remains a MySQL option, at least for the time being.
InformationWeek 500 Entry Call Is your company one of the best technology innovators? The InformationWeek 500, an annual study that identifies and honors 500 of the nation's most innovative users of information technology, provides an opportunity for recognition. If your company has $500 million or higher in annual revenue, register today for this year's InformationWeek 500.
Podcast Central Get the best technology audio and video delivered at our new Podcast Central page, including The News Show, the InformationWeek Daily News Podcast, Dr. Dobbs' .NET Casts, and more.
4. Grab Bag: News You Need From Around The Web
Price, Interface Dampen 'Origami' PC Debut (The Korea Times) Samsung Electronics Wednesday said it will start to market the much-hyped mini-PC, or Origami, next month, but its high price and uncomfortable user interface are casting doubt on its commercial viability. The new product will be sold at around 1.2 million won ($1,200), which far exceeds Microsoft's initial estimation of $500 to $700.
Man Trading Up From Paper Clip To House (Netscape News) Kyle MacDonald had a red paper clip and a dream: Could he use the community power of the Internet to barter that paper clip for something better and trade that thing for something else--and so on and so on until he had a house? After a cross-continental trading trek involving a fish-shaped pen, a town named Yahk, and the Web's astonishing ability to bestow celebrity, MacDonald is getting close. He's up to one year's free rent on a house in Phoenix.
5. In Depth:
The Fear Industry Shameless self-promoters? Fear mongerers? Sure, security researchers aren't always model citizens, but business technology pros want them on the job.
Steps For Better, Simpler Wireless Network Security Intrusion detection and prevention are often overlooked in WLAN security deployments. And security pros sometimes don't realize that unauthorized access points aren't always the work of mischievous hackers.
Making The Business Case For IP Communications This white paper describes the factors to consider in developing a strategic and financial business case for Cisco IP communications solutions. It covers the distinct value delivered for different IP communications technologies and deployment scenarios. It also discusses the measurable, highly attractive financial returns and productivity.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list: InfoWeek@update.informationweek.com
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.