Other
Commentary
4/18/2006
04:00 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Google Calendar Beta

Listen to a podcast version of this newsletter


In This Issue:
1. Editor's Note: Security Research Isn't Pretty, But It's Necessary
2. Today's Top Story
    - Langa Letter: XP's Little-Known 'Rebuild' Command
3. Breaking News
    - Review: Google Calendar Beta Is A Hot Date
    - Vista Upgrades May Be Slowed By Graphics
    - Intel's Q1 Outlook Appears Gloomy
    - Report: South Koreans Putting $1.6 Billion In Web Infrastructure
    - Gaming Technology And Business IT Begin To Meld
    - Red Hat-JBoss: Hitching Open To Service-Oriented Architecture
    - Speed Bumps Await Cisco In App Accelerator Market
    - Microsoft Launches Specialized Search Engine
    - Can Salesforce.com Fix What's Wrong With Mobile Apps?
    - Gap Embraces E-Learning
    - Ready For The Next Big One
    - Lightning Rod No Longer
    - You're Hired!
    - How To: Podcasting In Four Easy Steps
    - Microsoft To Tap Health Insurance Market
    - MySQL Adds Second Option As Storage Engine
4. Grab Bag:
    - Price, Interface Dampen 'Origami' PC Debut (The Korea Times)
    - A Sinister Web Entraps Victims Of Cyberstalkers (The New York Times)
    - Man Trading Up From Paper Clip To House (Netscape News)
5. In Depth: Reviews And Personal Tech
    - The Fear Industry
    - Web App Vulnerabilities Are Getting More Attention; Now's The Time For IT To Get Defensive
    - Steps For Better, Simpler Wireless Network Security
    - Microsoft Offers Registry Fix To Patch IE, Office
6. Voice Of Authority
    - IT Confidential: E-Business Calls For Born Optimists
7. White Papers
    - Making The Business Case For IP Communications
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription

Quote of the day:
"Sunlight is said to be the best of disinfectants; electric light the most efficient policeman." -- Justice Louis Brandeis


1. Editor's Note: Security Research Isn't Pretty, But It's Necessary

Security research is a dirty job, but somebody has to do it. Security researchers run an assembly line of self-aggrandizing publicity, churning out press releases and announcements patting themselves on the back for discovering security vulnerabilities in software by Microsoft, Oracle, and other major vendors.

The researchers operate under a constant cloud of suspicion: Are they simply creating a climate of useless fear, stifling innovation, E-commerce, and technology implementation? Are they providing guideposts to computer criminals on where and when to attack?

But as reported in today's package of articles, featuring "The Fear Industry" by Larry Greenemeier, security researchers provide an essential function. They apply pressure on vendors to fix security flaws instead of simply denying the flaws exist and hoping they go away. And they help fill IT managers' insatiable need for information about vulnerabilities and security.

Larry describes how security researchers drove exposure of the Windows Metafile vulnerability earlier this year, discovering the flaw, posting a sample exploit, releasing a third-party patch when Microsoft moved too slowly to fix the problem, and eventually driving Microsoft to release its own patch for the vulnerability five days ahead of schedule. The relentless action by security researchers drove people like Connie Sadler, director of IT security at Brown University, to tear up their schedules for several days and focus on fixing the Windows Metafile vulnerability on their own networks.

Vendors like Cisco, Apple, and Oracle have similarly had their feet held to the fire.

Security vendors like 3Com and iDefense offer bounties of up to $10,000 to researchers who discover a serious security flaw. They say they provide an alternative to security researchers, who can be paid up to $4,000 for selling those vulnerabilities to crooks.

So are these researchers providing a service, or are they little better than crooks themselves? IT managers like Sadler love them, despite the inconvenience they cause. "Yes, sometimes that backfires. But from a high level, it's a good thing. The folks who use this information to do damage are going to know about it long before us anyway," she says. And she likes knowing which vendors are producing insecure products.

What do you think? Should security vulnerabilities be covered up, or aggressively exposed to public scrutiny? Leave a comment on the InformationWeek Weblog and let us know.

Mitch Wagner
mwagner@cmp.com
www.informationweek.com


2. Today's Top Story

Langa Letter: XP's Little-Known 'Rebuild' Command
There's an easy fix for "Missing HAL.DLL," "Invalid Boot.Ini," and several other fatal startup errors, Fred Langa says.


3. Breaking News

Review: Google Calendar Beta Is A Hot Date
The beta release of Google Calendar offers a lot of interesting features, but may have been premature.

Vista Upgrades May Be Slowed By Graphics
A pair of software industry analysts argue that the graphics requirements called for in Windows Vista, Microsoft's forthcoming operating system, will be a barrier for end users. Consumers will wait to get the new operating system, they say, until they need new hardware.

Intel's Q1 Outlook Appears Gloomy
Don't look for a stellar quarter from Intel. Intel, which is expected to report its first-quarter results on Wednesday, is seeing slower-than-expected growth in the PC sector.

Report: South Koreans Putting $1.6 Billion In Web Infrastructure
South Korean small businesses are preparing to invest $1.6 billion to improve their Internet infrastructure and solutions this year, according to a report.

Gaming Technology And Business IT Begin To Meld
The two worlds have a lot to learn from each other as businesses try to make applications more fun, and game developers learn how to manage large projects.

Red Hat-JBoss: Hitching Open To Service-Oriented Architecture
To make the merger pay, the companies need to prove they can be a foundation in shifting business IT strategies.

Speed Bumps Await Cisco In App Accelerator Market
The market for application acceleration jumped more than 30% last year to $1.2 billion, and it's expected to grow even faster this year, according to Gartner. The potential isn't lost on Cisco Systems, which is trying to elbow its way back to the No. 1 spot.

Microsoft Launches Specialized Search Engine
Windows Live Academic Search scours the Web for journal articles, academic papers, and notes and slides from scholarly conferences.

Can Salesforce.com Fix What's Wrong With Mobile Apps?
Salesforce.com buys a vendor specializing in delivering mobile applications to handhelds.

Gap Embraces E-Learning
The clothing retailer turns to an E-learning program to improve the leadership skills of its IT management team.

Ready For The Next Big One
Insurance companies, blindsided by the 2005 hurricane season, are using technology to become better prepared.

Lightning Rod No Longer
Open-source advocate and former Massachusetts CIO Peter Quinn, cleared of ethics charges, exits the public sector, but shares his experiences with kids on the speaking circuit.

You're Hired!
Strong tech skills pay off as online job recruitment sites report employer demand is up for entry-level IT jobs across all sectors.

How To: Podcasting In Four Easy Steps
Here are four helpful steps for getting started with your own podcast.

Microsoft To Tap Health Insurance Market
This week at the World Health Care Congress, the software giant will provide developers of health insurance apps guidance for working with Microsoft products.

MySQL Adds Second Option As Storage Engine
MySQL users can now choose the SolidDB storage engine. The storage engine MySQL had been using, Innobase, has been acquired by Oracle, but still remains a MySQL option, at least for the time being.

All Our Latest News

Watch The News Show

In the current episode:

John Soat With 'News You Can Use'
Firefox patches vulnerabilities, AMD subpoenas Microsoft in its antitrust suit against Intel, and Bill Gates hosts the President of China.

Larry Greenemeier With 'The Analytical Edge'
Professor Tom Davenport discusses how businesses use analytics.

Stephanie Stahl With 'Security Is A Game'
Play the computer game "IT Defender" from Fortify Software. The goal: to prevent security breaches in your office.


----- The latest research, polls, and tools -----

InformationWeek 500 Entry Call
Is your company one of the best technology innovators? The InformationWeek 500, an annual study that identifies and honors 500 of the nation's most innovative users of information technology, provides an opportunity for recognition. If your company has $500 million or higher in annual revenue, register today for this year's InformationWeek 500.

Podcast Central
Get the best technology audio and video delivered at our new Podcast Central page, including The News Show, the InformationWeek Daily News Podcast, Dr. Dobbs' .NET Casts, and more.

-----------------------------------------


4. Grab Bag: News You Need From Around The Web

Price, Interface Dampen 'Origami' PC Debut (The Korea Times)
Samsung Electronics Wednesday said it will start to market the much-hyped mini-PC, or Origami, next month, but its high price and uncomfortable user interface are casting doubt on its commercial viability. The new product will be sold at around 1.2 million won ($1,200), which far exceeds Microsoft's initial estimation of $500 to $700.

A Sinister Web Entraps Victims Of Cyberstalkers (The New York Times)
The problem of cyberstalking can be devastating, and it's not easily legislated away.

Man Trading Up From Paper Clip To House (Netscape News)
Kyle MacDonald had a red paper clip and a dream: Could he use the community power of the Internet to barter that paper clip for something better and trade that thing for something else--and so on and so on until he had a house? After a cross-continental trading trek involving a fish-shaped pen, a town named Yahk, and the Web's astonishing ability to bestow celebrity, MacDonald is getting close. He's up to one year's free rent on a house in Phoenix.


5. In Depth:

The Fear Industry
Shameless self-promoters? Fear mongerers? Sure, security researchers aren't always model citizens, but business technology pros want them on the job.

Web App Vulnerabilities Are Getting More Attention; Now's The Time For IT To Get Defensive
The number of vulnerable sites is small but growing rapidly, and attacks can happen without victims even knowing they've been hit.

Steps For Better, Simpler Wireless Network Security
Intrusion detection and prevention are often overlooked in WLAN security deployments. And security pros sometimes don't realize that unauthorized access points aren't always the work of mischievous hackers.

Microsoft Offers Registry Fix To Patch IE, Office
Beware: Microsoft is advising editing Windows' registry, a chore usually left to advanced users.


6. Voice Of Authority

IT Confidential: E-Business Calls For Born Optimists
Americans' optimism helps explain why we continue to do business on the Internet despite the dangers, John Soat says.


7. White Papers

Making The Business Case For IP Communications
This white paper describes the factors to consider in developing a strategic and financial business case for Cisco IP communications solutions. It covers the distinct value delivered for different IP communications technologies and deployment scenarios. It also discusses the measurable, highly attractive financial returns and productivity.


8. Get More Out Of InformationWeek

Try InformationWeek's RSS Feed

Discover all InformationWeek's sites and newsletters

Recommend This Newsletter To A Friend
Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.


9. Manage Your Newsletter Subscription

To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
InfoWeek@update.informationweek.com

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

We take your privacy very seriously. Please review our Privacy Policy.

InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2006 CMP Media LLC
600 Community Drive
Manhasset, N.Y. 11030

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.