Daniel Osburn

Cyber-Ark Software Inc. this week released an enhanced version of its Privileged Identity Management Suite, with new features designed to give IT officials a single tool for managing privileged accounts across both Windows and Unix environments. Adam Bosnian, vice president of product, strategy and sales at Cyber-Ark, said the new offering can help large companies more easily manage multi-operating system environments that generally require separate tools for each OS. There's a growing demand for tools that can manage manage, control and audit of privileged accounts across the enterprise, said Mark Diodati, an analyst with the Burton Group in Midvale Utah. The upgraded product adds support for managing so-called Unix 'superusers' who typically have a full range of rights and permissions to everything on a system. He cited the growing need meet state and federal compliance and governance requirements and growing concerns about the security risks posed by insiders with access to privileged accounts. "One of the things that is driving demand is that auditors are getting smarter," Diodati said. "They have figured that this thing about privileged access management is crucial." The demand for such tools has attracted the attention of a variety of vendors, including BeyondTrust, which last month unveiled what it termed the first first privileged account management product for heterogeneous IT environments, along with CA, Quest Software and Novell.

For example, in July a former computer support technician at Quantum Technology Partners (QTP) in Miami, was sentenced to a year in jail for illegally using his administrator account and password to shut down the company's servers from his home computer. The security concerns follow a string of highly public incidents where users holding administrator accounts created IT havoc for a variety of reasons. Lesmany Nunez also changed the passwords of all the IT systems administrators at the company and deleted files that made data restoration from backup tapes more difficult for the company. Perhaps the most sensational example of abuse by a privileged user came when Terry Childs , a former systems administrator at the City of San Francisco, allegedly locked access to a crucial city network for days by changing key network passwords. His actions resulted in more than $30,000 in damages to QTP. And in January, a Fannie Mae engineer was indicted for planting a logic bomb on the corporation's network that could have destroyed and altered all data on the company's servers.

After blasting off Monday afternoon, the crew of the space shuttle Atlantis is using a robotic arm to inspect the shuttle for damage while getting ready to dock with the International Space Station tomorrow. On the second day of the mission, the astronauts used the shuttle's 50-foot-long robotic arm , along with its 50-foot-long orbiter boom sensor system, to take pictures of Atlantis's wings and nosecap for any damage that might have occurred during takeoff. Loaded up with 27,250 pounds worth of spare parts for the space station, the shuttle lifted off from Kennedy Space Center in Florida yesterday on schedule at 2:28 p.m. The 11-day mission is focused on getting the station stocked up with equipment like gyroscopes, two nitrogen tank assemblies and parts for the onboard robotic system before the space shuttle fleet is retired and these kinds of shipments are much more difficult to make.

According to NASA, the astronauts running the inspection, which takes about five hours, will use a suite of cameras and lasers designed to give them 3-D views of the shuttle's heat shield. NASA noted that the astronauts also are inspecting their spacesuits today. The images will be sent back to ground control, where engineers will inspect them for any problems with the shuttle's thermal protection system, which will be needed to protect the craft during the blazing temperatures it will encounter during re-entry into the Earth's atmosphere. And in preparation for tomorrow's docking with the space station , they're extending the shuttle's Orbiter Docking System ring and going over their rendezvous tools. The equipment that needs to go up is being delivered in order of highest priority. The equipment being delivered during this mission is considered highly critical to the operation of the space station, according to NASA. At this point, there are only six flights left for the space shuttle fleet before it's scheduled to be retired.

Since this is the first mission to deliver what scientists hope will turn into a trove of spare parts, they're taking up the most important pieces. The astronauts are expected to make three space walks to unload the parts from the shuttle and connect them to the sides of the station's truss .

Hewlett-Packard has agreed to buy 3Com for about US$2.7 billion, pushing forward the giant IT vendor's strategy for combining computing, storage, services and networking under one roof. HP is offering $7.90 per share for 3Com, about $2 per share above the stock's price of $5.69 at the close of trading on Wednesday. The deal has been approved by both companies' boards of directors and is expected to close in the first half of next year. U.S. and foreign regulatory approvals will be required, the companies said. 3Com will add to HP's Ethernet switching portfolio, which is already a growing competitor to Cisco Systems, and add routing products to its lineup. "Companies are looking for ways to break free from the business limitations imposed by a networking paradigm that has been dominated by a single vendor," said Dave Donatelli, executive vice president and general manager, Enterprise Servers and Networking, at HP, in a prepared statement. "We will enable customers to build a next-generation network infrastructure that supports customer needs from the edge of the network to the heart of the data center." The acquisition will also give HP access to a research and development team and strong sales channels in China, where 3Com operates the H3C subsidiary it originally formed as a joint venture with Huawei Technologies.

As data centers are centralized and virtualized, the largest IT vendors are pursuing data-center strategies that span all parts of what is increasingly a single infrastructure of networks, storage, computing and software. The deal would also bring in 3Com's TippingPoint line of intrusion prevention products. Cisco's introduction of servers earlier this year made it a more direct competitor to HP as well as IBM. HP's own ProCurve networking line has already gained ground on Cisco in enterprises over the past few years. 3Com has trailed the dominating Cisco in the networking arena since the late 1990s and has pursued several different strategies to find its place in the market. Its TippingPoint acquisition gave it a strong position in intrusion prevention, and the company has also focused on networking gear for small and medium-sized businesses.

Brian Kendall has released an updated version of xGestures for Snow Leopard, which allows you to drive your Mac with "mouse gestures"-a particular combination of mouse movements that triggers a menu item, keystroke, or AppleScript. Users of recent MacBooks with multi-touch trackpads may also want to check out Macworld's recent review of Jitouch, which does similar things with multi-touch gestures. For example, I'm constantly hitting the wrong function key on my MacBook when I try to view all Spaces; with xGestures, I can hold the control key and flick up and down on my trackpad, and xGestures will zip me into the all Spaces view.

xGestures installs as a preference pane and, unlike Jitouch, you have to define all of your gestures from scratch. xGestures requires a mouse button or keyboard press to start listening. Getting started with xGestures was a bit frustrating; you have make sure that "Enable xGestures" is checked under Options and then click the "Start xGestures" button on the same pane. I used the Control-Shift keys along with "hold down key while gesturing" since this combination doesn't conflict with any of my other utilities. You can also set xGestures to change the mouse pointer and draw a line on the screen when it's active, both of which I recommend for testing out the software.

The Command or Option keys, though, could easily trigger a gesture when I don't wish to. Once you're set up, you can define either global gestures or specific gestures for each application. xGestures provides a drop-down menu of actions which a gesture can trigger; the most useful of these are probably "Perform Keystroke" and "Choose Menu Item." (Note: to assign a keystroke, you may need to turn it off first. For my testing, I made my Spaces actions global, but I set up different gestures for Web-browsing which were specific to Safari. Assigning F8 to my Spaces gesture didn't work so long as Spaces was intercepting it.) Be sure to click on "Apply Settings" whenever you set up a new gesture-skipping this led to some frustrating moments during my testing.

I'm on the fence about it, but if I find myself using gestures frequently in two weeks, the price makes this a no-brainer purchase. xGestures requires Mac OS X 10.3 or higher, and costs $5 after a 15-day free demonstration period.

Responding to criticism that its anti-piracy mechanisms could slow the growth of the eBook industry, Adobe Systems Inc. plans to liberalize its approach toward Digital Rights Management (DRM) with eBooks. Seemingly minor, the move is important both because of Adobe's growing behind-the-scenes importance in the burgeoning eBook industry, but also in how it moves ahead with content protection. The next major version of its Content Server software will give book publishers, authors and libraries the option to protect encrypted eBooks with a password. The current Adobe Content Server 4 software lets publishers choose whether or not to encrypt their eBooks.

That number is meant to give owners flexibility to move purchased eBooks among various devices. It also lets eBook buyers choose up to 12 devices - six desktop and six handhelds, including eBook readers or smartphones - on which they can read eBooks protected by encryption. But what if people want to share their eBooks with a relative, close friend or colleague? Users would then enter in a username and password to open up and read a book on any device or PC. On the flip side, that means a cracked Adobe ID and password could be distributed and used to let pirates read an eBook, just as stolen license keys are used to enable the installation of pirated software. Content Server 5 will allow that by letting owners link eBooks to an Adobe ID account. That possibility is why publishers want Adobe to provide the option for weak or strong encryption, said Nick Bogaty, senior business development manager for digital publishing at Adobe. "I think it's legitimate concern on publishers' part to make it somewhat difficult to mass copy their files, and that's what our DRM does," he said. "Their business is copyrights, and if they don't have that, they don't have a business anymore." Some critics point out that Adobe, by promoting its flavor of encryption on top of the open ePub standard, is promoting a version of vendor lock-in.

Critics also say that DRM measures remain confusing and unnatural for consumers. "Publishers always feel better if things are locked down, but consumers can't stand it," says David Rothman, editor of the eBook-focused blog, TeleRead. Users will be forced to rely on Adobe's eBook-reading software - either Digital Editions for PCs, or Adobe Mobile Reader on smartphones, E-Ink devices and tablets - to read their eBooks. Rothman is an advocate of "social DRM" techniques, such as watermarking eBooks with the owner's name and address, rather than preventing their redistribution. "It's using the forces of peer pressure in a good way. And that could stunt the eBook market, which remains small. But Adobe keeps wanting to think in terms of encryption," he said. Wholesale trade in eBooks in the U.S. for the first three quarters this year totaled $110 million , according to the International Digital Publishing Forum (IDPF). While that is up more than three-fold from last year, it remains a fraction of the paper-based publishing market.

Adobe's Bogaty, the former executive director of IDPF, is skeptical that such a revenue model would work in the book publishing business. "Until I see a book reading fill up Madison Square Garden, or a bunch of kids wearing Tom Wolfe t-shirts, I just don't see a big ancillary market for publishers," he said. Rothman and others point to the music industry, where some artists and record companies and retailers are starting to favor audio watermarks over DRM, employ P2P networks to give away songs for radio-like promotion , or substituting CD sales with concert tours and merchandise sales.

A federal court in Missouri has thrown out a class-action lawsuit that was brought against pharmacy benefits company Express Scripts over a 2008 data breach in which millions of customer records were believed to have been illegally accessed. In a 22-page ruling last week, Buckles said that the plaintiff in the case, John Amburgy, failed to show how the data breach caused him any direct injury or even put him in imminent danger of any injury. "Abstract injury is not enough to demonstrate injury-in fact," Buckles wrote. "The injury or threat of injury must be concrete and particularized, actual and imminent; not conjectural or hypothetical." The $22 billion Express Scripts in October 2008 disclosed that extortionists were threatening to publicly release millions of patient records that they had accessed from the company's databases unless the company paid an undisclosed amount of money. In dismissing the lawsuit, Magistrate Judge Frederick Buckles reiterated a position that has been taken by other judges in similar cases: Without any actual harm done, there can be no damages sought. St. Louis-based Express Scripts said it had received a letter with the names, birth dates, Social Security numbers and some prescription information for 75 patients, with the threat that more would be released if it did not pay up.

In his lawsuit, Amburgy accused Express Scripts of negligence in its duty to protect customer records. As of November, Express Scripts said it had notified about 700,000 individuals that their information may have been compromised in the incident. He accused the company of breach of contract, breach of implied contract and violations of data breach notification laws in various states. He claimed that he and others similarly affected had to spend time and money monitoring their credit accounts and reports, prescription records and other financial accounts. Amburgy claimed that as a result of Express Scripts' failure to maintain adequate security measures, he and others affected by the breach were at increased risk of identity theft fraud and extortion. But like other judges in similar cases , Buckles brushed aside those contentions and said Amburgy failed to show that he was directly affected by the breach and that his claims relied on too many "ifs." "Plaintiff alleges that he would be injured 'if' his personal information was compromised, and 'if' such information was obtained by an unauthorized third party, and 'if' his identity was stolen as a result, and 'if' the use of his stolen identity caused him harm." These multiple "ifs" put his claims in the realm of the hypothetical, the judge noted.

In October, for instance, a U.S. District Court judge in Maine asked the state's highest court to weigh in on the question of whether the time and effort spent in mitigating the fallout from a data breach constituted a cognizable injury under Maine law. Though other cases have ended the same way, some courts have begun to show a willingness to at least hear the sort of claims raised by Amburgy. The question stemmed from a motion filed by plaintiffs in a data breach lawsuit involving supermarket chain Hannaford Bros. In September, a federal court in Illinois allowed a couple's whose bank account had been depleted by cyber thieves to go ahead with their lawsuit against Citizens Financial Bank. The judge had previously thrown out all other claims in the case. The judge in the case noted the couple had shown there was a reasonable basis for arguing that the bank had failed in its duty to protect the couple's money.

For the fourth time this year, Adobe has admitted that hackers were using malicious PDF documents to break into Windows PCs. The bug in the popular Reader PDF viewer and the Acrobat PDF maker is being exploited in "limited targeted attacks," Adobe said yesterday. Adobe promised to patch the vulnerability on Tuesday, Oct. 13, the same day that Microsoft plans to issue its biggest-ever collection of security updates . The bug exists in Reader and Acrobat versions 9.1.3 and earlier on Windows, Mac OS and Linux, said Adobe in a security advisory published Thursday, but as far as the company knows, it is being exploited only to hijack Windows PCs. "There are reports that this issue is being exploited in the wild in limited targeted attacks," said Adobe. "The exploit targets Adobe Reader and Acrobat 9.1.3 on Windows." Adobe will plug the hole next week as part of its quarterly security update for Reader and Acrobat. That phrasing generally means hackers are sending the rigged PDF documents to a short list of users, oftentimes company executives or others whose PCs contain a treasure trove of confidential information.

Last June, Adobe announced it would follow the lead of companies like Microsoft and Oracle, and release regular security updates for Reader and Acrobat. It said more than a month ago that it would instead push the patch date into October. Originally, Adobe was to post patches last month, but a scramble during July to fix several flaws, including some introduced by Microsoft in a code "library" used by its own developers, as well as those in other companies, wreaked havoc on Adobe's schedule. Until a patch is released next week, Windows Vista and Windows 7 users can protect themselves by enabling Data Execution Prevention (DEP), a security feature designed to stop some kinds of exploits - buffer overflow attacks in particular - by blocking code from executing in memory that's supposed to contain only data. Windows XP users should disable JavaScript in Reader and Acrobat, added Adobe.

Instructions on how to enable DEP are available on Microsoft's support site. That wouldn't block all possible attacks, but will stymie the exploit now in the wild. In March, the company quashed a PDF bug that attackers had been using for more than two months . It again patched Reader and Acrobat in May to block another zero-day . In July Adobe fixed a Flash PDF-related flaw that was being used by hackers. Adobe has struggled this year to stay ahead of hackers. Next Tuesday's Reader and Acrobat updates will also patch a unknown number of other vulnerabilities, Adobe said.

Unix software vendor SCO, struggling through bankruptcy and a Unix copyright trial involving Novell, has fired president and CEO Darl McBride. McBride had been CEO and president of SCO since June 2002. The move and a restructuring come after an operations and cost analysis performed by Edward Cahn, SCO's Chapter 11 Trustee. SCO "has eliminated the Chief Executive Officer and President positions and consequently terminated Darl McBride," the company reported last week in a filing with the Securities and Exchange Commission.

Since the CEO position was eliminated, the SCO management team now consists of COO Jeff Hunsaker, CFO Ken Nielsen and general counsel Ryan Tibbitts. A "modest reduction in SCO's workforce" and other changes will help improve SCO's financial position, the company says. The SEC filing says these three executives "will continue to work closely with the Chapter 11 Trustee and his advisors to implement the restructuring plan, move the intellectual property litigation [against Novell] forward … and emerge from Chapter 11 bankruptcy." SCO says it will finalize details of the restructuring and reach "cash flow breakeven for core operations" within a month. SCO is attempting to raise additional funding and sell "non-core assets." "These actions, while difficult, are essential to SCO becoming a more agile and efficient company, not just for this year, but for years to come," Hunsaker says in the SEC filing. "This restructuring plan reinforces SCO's ability to continue to sell and support its products while servicing the needs of our customers and partners on a worldwide basis through the stabilization of our financial situation." SCO filed for Chapter 11 bankruptcy protection on Sept. 14, 2008. The company is also involved in an ongoing legal battle against competitor Novell over the rights to Unix technology. As a result, Novell and SCO are heading to a trial. In 2007, a U.S. District Court judge ruled that Novell was the owner of Unix and UnixWare copyrights, but that decision was http://www.networkworld.com/news/2009/082409-sco-unix-copyright-decision... ">overturned in August of this year.

In 2003, SCO attempted to sue IBM for $1 billion in another Unix-related matter. Perhaps tellingly, last week's filing with the SEC says that SCO plans to "pursue litigation against, among others, IBM and Novell." Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin The case was closed in 2007 but may be reopened after SCO emerges from bankruptcy.

Opera Software today released the beta of Opera Unite, a platform for authoring peer-to-peer (P2P) and Web server-based applications that it's promised will reinvent the Web. Opera 10 launched in final form more than a month ago. In June, Opera touted Unite as a collaborative technology that would "enable every single computer to be a two-way street on the Internet." Four months ago, Opera delivered an alpha version of Unite with a preliminary edition of Opera 10, its next-generation browser.

Today, Opera delivered the Unite beta embedded in the preview of Opera 10.10. It's not given up on the idea that Unite will dramatically change the Internet. "We invite developers all over the world to use their creativity and imagination to push the boundaries of what is possible with Opera Unite," Jon von Tetzchner, Opera's CEO, said in a statement Wednesday. "We are moving closer to our goal of reinventing the Web." Opera's pitching Unite to developers, who it hopes will come up with new applications and Web-based services for sharing, collaboration and social networking. That last turns any Unite-equipped computer into a server, letting users host an already-created Web site via a special URL that Opera assigns. The beta of Unite includes a half-dozen Opera-made services that include file sharing, a media player, photo sharing, a Facebook-style "wall" dubbed "Fridge" where users can leave notes and a Web server. So far, Opera has had little luck in convincing developers to commit time and resources to crafting Unite applications and services. The most popular third-party Unite application is a music-streaming service, which has been downloaded approximately 12,000 times. Of the 21 Unite applications now available , 10 come from Opera itself.

Some security experts, however, have questioned Unite's security and wondered whether it was smart to put a Web server on every desktop. "Bad guys always need Web servers," SecureWorks research Don Jackson told IDG News last June . "Anything that runs a Web server is prone to attack." Although Opera 10 is needed to run Unite and its peer-to-peer (P2P) and server-style services, any browser can access the shared content. According to the most recent data from Web metrics company Net Applications, Opera accounted for just 2.2% of all browsers used last month. Although Opera has led development of some browser features - it was the first major Web browser to institute tabs, for instance - the program's share of the desktop market has remained small. Google's Chrome, which has been available for just over a year and only on Windows, held a 3.2% share in September. That case appeared to near a resolution last week when the EU said it had asked for and obtained changes to Microsoft's proposed "ballot screen," which will let European users of Windows to choose which browser they install on their PCs. Opera Unite is available with Opera 10.10, which can be downloaded for Windows, Mac and Linux from the Opera site. The company has received more attention lately as the instigator of the complaint against Microsoft that led European Union (EU) antitrust regulators to charge the U.S. firm with illegally bundling its Internet Explorer with Windows.

Google's Gmail and Yahoo's Mail were also targeted by a large-scale phishing attack, perhaps the same one that harvested at least 10,000 passwords from Microsoft's Windows Live Hotmail, according to a report by the BBC. Microsoft , for its part, said late yesterday that it had blocked all hijacked Hotmail accounts, and offered tools to help users who had lost control of their e-mail. The BBC also said it has seen a list of some 20,000 hijacked e-mail accounts; the list included accounts from Gmail, Yahoo Mail, AOL, Comcast and EarthLink. Gmail was the target of what Google called a large-scale phishing campaign, the company told the BBC . "We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for Web-based mail accounts including Gmail accounts," a Google spokesperson told the news network. The latter two are major U.S. Internet service providers. "As soon as we learned of the attack, we forced password resets on the affected accounts," the Google spokesperson also told the BBC. "We will continue to force password resets on additional accounts when we become aware of them." Neither Google's or Yahoo's U.S. representatives responded to e-mails from Computerworld seeking confirmation that their Gmail and Yahoo Mail services were targeted by phishers, or answers to questions about how many accounts had been compromised and what the firms are doing to help users.

Late Monday, Microsoft said it was blocking access to all the accounts whose details had been posted on the Web last week. "We are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts," the company said on its Windows Live blog . Microsoft posted an online form where users who have been locked out of their accounts can verify their identity and reclaim control, and also pointed users to a support page from October 2008 that spells out steps users can take if they think their accounts have been hijacked. Neowin.net, the site that first reported the Hotmail account hijacking early Monday, today added that it had seen the same list of compromised accounts as the BBC. "Neowin can today reveal that more lists are circulating with genuine account information and that over 20,000 accounts have now been compromised," said the Windows enthusiast site . "[The] new list contains e-mail accounts for Gmail, Yahoo, Comcast, EarthLink and other third-party popular Web mail services." Microsoft has acknowledged that log-on credentials for "several thousand" Hotmail accounts had been obtained by criminals, probably through a phishing attack that had duped users into divulging their usernames and passwords. After a slump earlier this year, phishing attacks are on the upswing, according to the Anti-Phishing Working Group (APWG). Its most recent data - for the first half of 2009 ( download PDF ) - noted that the number of unique phishing-oriented Web sites had surged to nearly 50,000 in June, the largest number since April 2007 and the second-highest total since the industry association started keeping records. Yesterday, Dave Jevans, the chairman of APWG, called the Hotmail phishing attack one of the largest ever, but cautioned that the usernames and passwords may have been harvested over several months, and not by a single, defined attack.

Eight months after announcing they would make their virtualization wares interoperable, Microsoft and Red Hat delivered the goods Wednesday on their first major collaboration. Evans emphasized there was no financial arrangement, patent licensing or other deals. "It is straightforward interoperability testing," he said, hinting at other deals Microsoft has cut with Sun and Novell. The two companies announced they have completed testing and validation and that they now fully support virtualization environments that combine Microsoft Windows Server 2008 and Red Hat Enterprise Linux 5.4. "It was a fairly big deal [in February 2009], there had never been an interoperability agreement between Microsoft and Red Hat," said Mike Evans, vice president of corporate development for Red Hat.

But cooperation on the virtualization front has become the order of the day as virtualization has established itself as an integral part of data centers. Red Hat already supports VMware, while Microsoft has a support deal with Novell and its Suse Linux platform. The work by the duo helps expand support on both platforms. In July, Microsoft shocked the industry by contributing virtualization device drivers to the Linux kernel. Microsoft's Mike Neil, general manager of Windows Server and server virtualization, said in a blog post that the cooperation goes beyond the operating system and both companies "have select applications that would receive technical support when running on certified server virtualization software." Neil said the Microsoft applications include BizTalk Server, Exchange Server, SharePoint server and others.

The completed certifications include: Validation of Red Hat Enterprise Linux 5.4 using the Kernel Virtual Machine (KVM) hypervisor with Windows Server 2003, 2008 and Windows Server 2008 R2 guests; and certification of host platforms running Windows Server 2008 Hyper-V,  Microsoft Hyper-V Server 2008, Windows Server 2008 R2 Hyper-V and Microsoft Hyper-V with Red Hat Enterprise Linux 5.2, 5.3 and 5.4 guests. On the Red Hat side, users can run JBoss Enterprise Middleware within a virtual machine guest on Hyper-V and receive coordinated technical support. Microsoft customers without agreements can purchase support per incident. Evans said the agreement grants support to any customer with a valid Red Hat Enterprise Linux subscription, while Microsoft customers with support agreements for Windows Server 2008 are eligible for support. Evans said Red Hat is not discussing how it will support Windows Server 2008 guests within its management tools.

Red Hat also will ship a stand-alone hypervisor called Red Hat Enterprise Virtualization Hypervisor that will also support Windows guests. He said there would be more information on that at year-end when Red Hat ships Red Hat Enterprise Virtualization Manager, a set of management tools for desktops and servers. Microsoft supports Red Hat Enterprise Linux version 4.x and 5.x on its System Center Operations Manager 2007 R2, but will need to update its Virtual Machine Manager software to manage Red Hat guest operating systems on Hyper-V. Follow John Fontana on Twitter: twitter.com/johnfontana

SAP said Wednesday that Siemens has signed a three-year renewal of its software maintenance agreement, an announcement that would seem to quell widespread speculation that the global engineering and electronics company was considering dumping vendor-provided support in favor of lower-cost alternatives. It will use SAP's SRM (supplier relationship management) application in support of procurement efforts around the world. In addition, Siemens has expanded its use of SAP software, according to the announcement.

Siemens' new maintenance agreement includes SAP's high-end MaxAttention service. An SAP spokesman said last month that the rumors about Siemens dropping support created "an inaccurate portrayal about the SAP-Siemens relationship" and that the vendor was "currently working with Siemens to deepen the relationship in a multitude of areas." On Wednesday, an SAP spokesman wouldn't discuss whether the company provided Siemens any sort of discount or other special accommodation in order to sign the new agreement, but said, "this was at usual costs for large SAP customers." If an SAP customer as big as Siemens had chosen to drop vendor maintenance, the high-profile example could have provided a boost to the third-party maintenance market. SAP is also going to provide support for some internally developed applications that are integrated with SAP, the announcement said. But some observers treated the rumors with skepticism. The specter of third-party maintenance has loomed large around SAP since its controversial decision last year to move customers to a fuller-featured but pricier Enterprise Support service.

Right now, there are few third-party SAP support companies, and the best-known one, Rimini Street, probably couldn't handle the job, analyst Josh Greenbaum said in a blog post last month. "I don't see how they can gear up to provide comprehensive maintenance and support ... for what is either the world's largest or the world's second largest SAP installation (Nestle is the other contender)," he wrote. "It would take something more than a Rimini to handle a customer of this size, despite their track record in third party maintenance." In addition, large systems integrators such as IBM would likely be unwilling to take on the project, for fear of alienating SAP, Greenbaum said. After a protracted public debate, SAP and the SAP User Group Executive Network (SUGEN) agreed to work out a set of KPIs (key performance indicators) meant to show the value provided by Enterprise Support. SAP has agreed to hold off on an incremental price increase schedule for Enterprise Support "until the targeted improvements measured by the SUGEN KPI Index are met."

Facebook now claims 300 million active users. Naturally, social media growth has also been seen in the workplace, both with regard to employee use as well as functioning as a communication and/or marketing tool for some companies. And Twitter, the micro-blogging site that was almost unheard of at the beginning of 2008, is now one of the internet's 50 most popular sites, according to Alexa Internet Inc.'s web traffic statistics. And according to a survey recently conducted by IANS, a Boston-based research company that focuses on information security, regulatory compliance and IT risk management, the number of enterprises with a social media policy in place has jumped dramatically, too, in just twelve months.

The take away, according to Phillips, is that social media is front and center now in organizations and the discussion is taking place not only among the security team, but within marketing, sales, human resources and even executives. Also see The Seven Deadly Sins of Social Networking Security Jack Phillips, IANS co-founder and CEO, said when IANS conducted the same survey in 2008, the majority of respondents did not have a social media policy. "They really hadn't done the hard thinking," said Phillips. "But then jumping forward to 2009 we saw about a third of the audience now has something in place and another large percentage is considering these kinds of policies." Specifically, just under ten percent of respondent enterprises said their social media policy was fully implemented and communicated in 2008. That jumped to 34 percent in 2009, with another third responding that they had either created or implemented a policy for social media use. Phillips believes this is an opportunity for security folks to raise their profile and take part in an important issue from its inception. Instead, said Phillips, use this as an opportunity to draw attention to existing policies. "Most purists will say: This stuff isn't really new. He shared with CSO four things he thinks organizations should consider when putting together policies and practices for use of Facebook, Twitter, Linked In and other social media within an organization. 1. Don't start from scratch The media landscape is so dynamic that if you create policy for today's hot technology, tomorrow it will be obscure.

It should be part of our HR and acceptable use policies," said Phillips. "The same sort of norms apply to this new world that has applied to the world before today." (See How to Write an Information Security Policy for more on the basics of effective policy.) Phillips noted most of the organizations IANS polled with a social media policy already in place said they had not named specific medias because of changing pace of new media. "It's Twitter today, but it may be something else tomorrow," he said. 2. Use social media policies to raise security awareness "This issue is an opportunity for info sec leaders to refocus attention on information security and risk management, said Phillips. For instance, when compliance regulations came into play, savvy security teams were able to create new policies to comply, while also letting employees know why they were important. IANS is dispelling what Phillips says is age-old advice for enterprises when it comes to adapting to change. Same holds true this time around, said Phillips. "We are finding some innovative awareness tactics that focus on these technologies because they are front and center. The percentages are so low in terms of success of awareness campaigns, this is an opportunity to jump in." 3. Use social media access to raise security's positive profile within the organization While the initial security reaction to new media is often to block, Phillips said most organization now need to consider that not only may allowing access be necessary, but also useful from an info sec perspective. A Twitter campaign, or a Facebook campaign, a Linked In campaign, can all have real impact in terms of receptivity.

Also see Security Awareness Programs: Now Hear This! "The advice we have given is, instead of just knee-jerk blocking everything, we find that this as an opportunity to record usage and activity among the employee base," said Phillips. "When the original data-loss-protection technologies were introduced, they were not in blocking mode, but in monitoring mode." Phillips believes the new technology of social media gives information security what he calls "an interesting opportunity" to see how critical these technologies are to the enterprise. "That kind of information is quite useful to other functions of the enterprise," he said "Sales, marketing, HR are all going to be interested and that raises information security's profile among management." 4. Be prepared for the next phase As social media platforms come and go, some will ultimately become commonplace and integral to an enterprise. As it stands now, he said, he finds his clients are more comfortable with some mediums and with others; not so much. While creating entire new policies around social media doesn't make sense right now, at some point, said Phillips, it will become necessary for policies to be more specific. Most organizations find Linked In to be the most controllable and with the least potential for damage. Particularly, said Phillips, because many employees are not respecting that line between personal and enterprise. "Because these technologies are so different, it is at some point we expect policies are going to have to get granular," he said. "Our sense is high-performing teams will have to create unique Facebook, Twitter, Linked In and Google Docs policies.

But Facebook, with its security vulnerabilities, and the nature of its content, still makes many uncomfortable. And they are going to have to get that granular about what is appropriate and inappropriate with each tool. "We will end up with an open environment, but we will end up with some asterisks that say, it's open, but not 100 percent open. For example, some might say: 'It is not appropriate to use the company's name on your Facebook profile.'

Fraudsters are targeting social networking sites with increased frequency and users need to take precautions, the FBI warned. Clearly, the Data Snatchers have found a way to automate the creation of Facebook accounts, which means they've found a way to bypass the Facebook Capcha (the image of letters which are required for a new account, which are supposed to ensure that a human is involved)," said Thompson. Just today Roger Thompson, chief of research at AVG Technologies, blogged about an automated rogue spyware attack using Facebook in which hackers create new Facebook pages. "We're seeing rather a lot of these, all from different profiles, but with the same picture and link. Network World Extra: 12 tips for safe social networking The FBI meanwhile states that fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques.

Other spam entices users to download an application or view a video. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Some spam appears to be sent from users' "friends", giving the perception of being legitimate. Another fraudster favorite involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software, the FBI stated. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected, the FBI stated. Other malicious software gives the fraudsters access to your profile and personal information.

Symantec's Zulfikar Ramzan wrote in a recent CSO article that there's no question that online social networking continues to rise in popularity due to the numerous conveniences and opportunities it provides. These programs will automatically send messages to your "friends" list, instructing them to download the new application too, the FBI stated. There's also no question that social networking provides phishers with a lot more bait than they used to have. Games, links and notifications are the low-hanging fruit for phishers to use as they lead people into dangerous territory. Threats can come from all sorts of avenues within a social networking site.

As society picks up one end of the social networking stick, it finds that it inevitably picks up the security problems on the other end, he stated. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.•Be selective of your friends. The FBI recommended the following basic tips to help prevent most nefarious activities: •Adjust Web site privacy settings. Once selected, your "friends" can access any information marked as "viewable by all friends."•You can select those who have "limited" access to your profile. Users should consider how they want to use the social networking site.

This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.•Disable options and then open them one by one such as texting and photo sharing capabilities. If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.•Be careful what you click on. If you want to report an incident, the FBI says to file a complaint at its Internet Crime Complaint Center (IC3). Just because someone posts a link or video to their "wall" does not mean it is safe.

A proposed amendment that would have given Congress more oversight over the White House cybersecurity czar and at least 17 other czars appointed by President Obama was shut down in the U.S. Senate today. Susan Collins (R-Maine), sought to restrict federal funds for the expenses of White House-appointed czars unless two conditions are met. The amendment, proposed by Sen.

One of them was to require the president to agree that every czar would respond to "reasonable requests" to testify before Congress on matters related to the office. The proposed amendment was in an Interior Department environmental appropriations bill on the Senate floor. The other required White House-appointed czars to issue a report to Congress twice a year. In a statement , Collins said the amendment was needed to ensure greater transparency and accountability. The amendment however was ruled "non-germane" to the pending bill in the Senate this afternoon and will not move forward, a spokesman for Collins said in an e-mail. "The amendment fell," following an objection by Sen. She had claimed that direct White House appointees were largely insulated from congressional oversight and often duplicated or diluted the statutory authority and responsibilities of Cabinet-level appointees who had been vetted by Congress.

Dick Durbin (D-Ill.), he said. At a committee hearing in May on strategies for securing cyberspace, Collins had said that putting the White House in charge would make it harder for Congress to exercise oversight over critical cybersecurity policies and budgets. Collins, who is the ranking minority member of the Senate Homeland Security and Governmental Affairs Committee, had raised similar concerns previously, especially with regard to Obama's plans to appoint a White House cybersecurity czar, or agency coordinator. Collins proposed instead that the government consider adopting the model used in setting up the National Counterterrorism Center (NCTC). The NCTC, which was established in August 2004 on the recommendations of the 9/11 Commission, works in the Office of the Director of National Intelligence (ODNI), a setup that allows for greater congressional oversight, she had said. The president announced the position in May and stressed the need for a national strategy for securing U.S. interests in cyber space. The developments come amid a delay by the White House in naming a new cybersecurity coordinator.

The delay in making the appointment has fueled speculation about the likely candidates and the nature of the job . Earlier this month, the Reuters news service. quoting an unnamed source with "direct knowledge" of the matter, said the front runner for the post was Frank Kramer , an assistant defense secretary under President Bill Clinton.

In the days leading up to NASA's crashing of two halves of a space probe into the moon, doubters turned to the Internet to express fears that the lunar bombing would have negative effects on the Earth. In a quest to find out if there's water on the moon , NASA sent two separated halves of a spacecraft crashing into a permanently dark crater on the south pole of the moon this morning. Scientists and astronomers were quick to step forward to refute any rumors and quell concerns, but rumors are still circulating online. The crashes were meant to send up a huge debris plume that could be measured and analyzed for evidence of water ice hiding in the cold, dark crater.

But detractors were quick to post online warnings about possible negative effects of the experiment. With NASA still hopeful to one day create a viable human outpost on the moon , it would be helpful for anyone there to find water rather than haul it up from Earth. Amy Ephron, an author and screenwriter, wrote an article for the Huffington Post earlier this week, questioning NASA for taking the risks associated with sending two spacecraft crashing into the surface of the moon. "Who did the risk assessment? Ephron was far from alone in her concerns. I mean, what if something goes wrong?" asked Ephron. "I could say something scientifically lame and ask, 'What if it gets thrown off its axis?' or something funny and suggest something (that I actually sort of believe), like, 'What if it somehow throws off the astrology?' Or that we're not risking - as we have the earth with continued experiments of this kind - sending the solar system out of balance. The Chicago Surrealist Movement posted an online petition , which was signed by 560 people, calling for NASA to halt the bombing of the moon.

Faith Vilas, director of the MMT Observatory , said she's been amazed by such negative reactions to the mission. And people against the LCROSS mission started their own Twitter presence with @helpsavethemoon . While some people said they felt NASA's plan was simply too aggressive an attack on the Earth's orbiter, some claimed that the impacts would change the Earth's tides, throw the moon off its axis or even affect women's menstrual cycles. There's simply no danger, she added. "The moon is impacted by nature and meteors all the time," said Vilas. "Nature has done much more damage to the moon than we just did. What we did was nothing. We were not likely to have any effect on the moon at all. We didn't have much of an impact at all." Bruce Betts, director of projects at The Planetary Society , said in an email to Computerworld that this morning's crashes will have no negative impact on the moon or the Earth. "The spacecraft are far too tiny compared to the moon, in fact, to have any significant effect on the moon's orbit or dynamics," he added. "The impact might be likened to a gnat hitting the windshield of a truck."

Microsoft CEO Steve Ballmer received a 5.5% decrease in his overall compensation last year as the company suffered through its first-ever drop in overall revenue, according to documents filed with the SEC Tuesday. Elop joined the company in January 2008 moving from Silicon Valley to the Seattle area. CEOs still getting big perks despite pay backlash The documents also reveal that Microsoft paid Stephen Elop, who heads Microsoft's business division, a hefty $4.1 million in relocation expenses.

Ballmer and three of the other executives named in the report – CFO Chris Liddell, COO Kevin Turner and Entertainment and Devices Division head Robbie Bach – also saw their 2009 overall compensation decrease. Overall, compensation for all Microsoft executives was down 29%. Ballmer's base salary actually rose from $640,833 to $655,833, but his cash incentives payments were down $100,000 to $600,000 in 2009. Ballmer since becoming CEO in January of 2000 has not taken any stock compensation. Elop was the only one of the five executive's listed who saw his compensation rise in fiscal year 2009. Elop's comparable figure for fiscal year 2008, however, only reflects six month's salary as he joined the company half way through the fiscal year. He already owns more than 400 million shares, which gives him ownership of 4.5% of the company. Turner's base salary rose $21,000 to $641,667, but his overall compensation dropped 37% from $8.6 million to $5.4 million.

Liddell, saw his salary increase by $20,000 to $561,667, but his overall compensation dropped 26% from $4.7 million to 3.5 million. Bach's base salary also rose $21,000 to $641,667, but his overall compensation dropped 24% from $8.2 million to $6.2 million. Turner was the lone exception as he also suffered a loss in his cash incentive payment of $47,981. The number likely won't brighten in fiscal year 2010, which started July 1 for Microsoft. All the executives suffered their losses based on drops in the fair market value of their stock awards at the time they were granted. The company decided in January 2009 to eliminate merit-based salary increases for fiscal year 2010. The decision also includes freezing base salaries for executive officers at their 2009 levels for fiscal year 2010. The report also lists the evaluation the Board put forth on Ballmer's performance in 2009 and his merit for compensation via the companies incentive plan.

This amount was recommended by the Compensation Committee to the Board based on his performance appraisal by the independent members of the Board and other information deemed relevant, including Mr. Ballmer's performance against his individual commitments, the Company's progress in key product development areas such as Windows and online search, his leadership in expense management which helped to offset the declines in revenue due to the economic downturn, and the financial performance of the Company relative to the 25 largest technology companies (measured by operating income). The independent members of the Board of Directors considered the recommendation of the Compensation Committee and approved Mr. Ballmer's Incentive Plan award." Follow John on Twitter. The evaluation states: "For fiscal year 2009, Mr. Ballmer's Incentive Plan award was $600,000 which was 90% of his base salary.

Research firm Gartner is projecting that 20% of households worldwide will be connected to the Internet through a broadband connection by year-end. Following behind South Korea in broadband penetration rate are the Netherlands (80%), Denmark (75%), Hong Kong (72%), Canada (69%) and Switzerland (69%). Gartner says that the United States lags behind many developed countries with a 60% broadband penetration rate, although this still ranks the United States ahead of countries such as Japan (58%), Germany (55%), Australia (55%) and Sweden (54%). Over the next four years, however, Gartner expects broadband penetration in the United States to rise rapidly, as it is projected to add 27 million new connections and hit a penetration rate 78% by 2013. If the United States is successful in adding these new connections, Gartner projects that it will leapfrog several countries that it now trails in terms of broadband penetration rate, including New Zealand, the United Kingdom and Norway. WiMAX changes lives in rural Thailand In all, Gartner projects that 422 million households worldwide will have a fixed broadband connection by the end of this year, an increase of 10.5% from the 382 million households that had a fixed broadband connection at the end of 2008. Looking further down the road, Gartner projects that 580 million households worldwide will have a fixed broadband connection, an increase of 37% over the number projected to have broadband by the end of 2009. South Korea is currently the leader in household broadband penetration, Gartner reports, as 86% of South Korean households have broadband connections. South Korea is still projected to be the king of broadband penetration, however, as Gartner predicts that 93% of South Korean households will be connected to the Web via broadband in 2013. Gartner also predicts that developing countries will add 135 million new broadband connections over the next four years, with Brazil, Russia, India and China accounting for more than two-thirds of new connections in the developing world and nearly half of all new connections worldwide.

Federal Communications Commission Chairman Julius Genachowski announced Monday, that the FCC would prevent broadband carriers from limiting your access to high speed Internet for things like Internet-based voice calls, video streaming, and legal file sharing (that carriers might wish to block or at least charge extra for). In a speech to the Brookings Institution in Washington, D.C. on Monday, Genachowski said the FCC will begin to formalize net neutrality rules in the United States. This is particularly important with the emergence of data-intensive smartphone handsets, 3G netbooks, and wireless broadband cards. Genachowski also wants to have a public discussion about how net neutrality regulations would apply to mobile broadband providers. As expected, not everyone is happy with Genachowski's concept of what a free and open Internet should be.

To keep the Internet neutral, Genachowski wants the FCC to formally adopt six principles, four of which have been employed by the FCC on a case-by-case basis since 2005. 1. Consumers are entitled to access the lawful Internet content of their choice. 2. Consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement. 3. Consumers are entitled to connect their choice of legal devices that do not harm the network. 4. Consumers are entitled to competition among network providers, application and service providers, and content providers. Here's what's going on: The FCC's Four Freedoms Grow to Six On Monday, Genachowski described the Internet as a "blank canvas" that has inspired "innovation and ubiquitous entrepreneurship." He cited online success stories like Netscape, Facebook, and eBay, arguing that businesses like these could not have been successful without a free and open Internet. The two additions: 5. Broadband providers cannot block or degrade lawful traffic over their networks, favor certain content or applications over others and cannot "disfavor an Internet service just because it competes with a similar service offered by that broadband provider." 6.Broadband providers must be transparent about the service they are providing and how they are running their networks. In a blog post entitled "Does the Internet Need More Regulation? Don't force us to be free While the principle of net neutrality has been embraced for years by many Internet advocates including Craig Newmark of Craig's List, Google, and Microsoft; broadband providers and mobile operators aren't so sure about Genachowski's plan.

FCC to Decide," David L. Cohen, executive vice president of broadband for Comcast - one of the largest broadband providers in the United States - points out that net neutrality debates have been going on for years. Wired's Dylan F. Tweney has an interesting take on the FCC's net neutrality moves, arguing that intervention will actually stifle your Internet access. During that time, however, the "Internet has enjoyed immense growth... [and the] Internet in America has been a phenomenal success." With that in mind, says Cohen, it is "fair to ask whether increased regulation of the Internet is a solution in search of a problem." Despite Cohen's questions about government intervention, he says Comcast is committed to working with the FCC on this issue. Tweney's three-point argument suggests that broadband providers may be forced to give up on flat-rate Internet service in favor of bandwidth caps. Tweney believes formal net neutrality will cause problems in broadband that we've already seen with iPhone users' inconsistent service from AT&T. Enforcement may also be difficult for the FCC to carry out, according to Tweney, because it will be hard to prove when a service provider has run afoul of neutrality regulations. Bandwidth, Tweney argues, is not unlimited - especially for mobile providers - and therefore must be managed.

Tweney also says an open and free Internet has already won out over closed networks, and points to the failures of services like AOL and CompuServe as examples. However, the FCC Chairman did say he wanted the regulatory body to "analyze fully the implications of the principles for mobile network architectures and practice." Cell phone companies were not too thrilled to hear about this. "We are concerned the FCC appears ready to extend the entire array of net neutrality requirements to what is perhaps the most competitive consumer market in America , wireless services," AT&T said in a statement. Mobile Provider Backlash In his speech, Genachowski didn't lay out any specifics for how net neutrality would apply to mobile providers. Verizon also spoke up, saying the FCC should not start regulating the Internet and arguing net neutrality would "limit customer choices and affect content providers, application developers, device manufacturers and network builders," according to the BBC. Republicans Move Against Net Neutrality Reacting to the FCC's announcement, Senator Kay Bailey Hutchinson from Texas, who is the ranking Republican on the Senate Commerce Committee, attached an amendment to an appropriations bill that would deny the FCC any funding for "developing or implementing new Internet regulations," according to Eweek. The amendment was co-sponsored by four other Republicans. Republican objections to the FCC proposal include concerns that government intervention would stifle innovation.

What's next for the FCC Genachowski said he wants to initiate a public discussion about net neutrality that is "fair, transparent, fact-based, and data-driven." The FCC Chairman says nothing is predetermined, and will schedule public workshops as well as online discussion. Watch Julius Genachowski's Introduction to OpenInternet.gov: To that end, the FCC has launched a new Website called OpenInternet.gov, where, you can submit comments, view Genachowski's speech, and connect with the FCC through social networks and new media like Twitter, Facebook and YouTube.

The man described by federal authorities as the mastermind of the massive data thefts at TJX Companies Inc., Heartland Payment Systems and other retailers today pleaded guilty to charges in a 19-count indictment that include conspiracy, wire fraud and aggravated identity theft. That case was being prosecuted separately in New York but was merged with the case in Boston under a plea agreement negotiated with prosecutors a few days ago. Albert Gonzalez, 28, of Miami, also pleaded guilty to one count of conspiracy to commit wire fraud related to a data theft at Dave & Buster's restaurant chain. Gonzalez is scheduled to be sentenced Dec. 8 by U.S. District Court Judge Patti Saris in Boston.

Under the plea agreement, Gonzalez will serve between 15 and 25 years for both cases and will be fined as much as $250,000 for each of the charges. He faces a maximum of 25 years in prison for the charges in Boston and 20 years for the case in New York. Gonzalez will also forfeit more than $2.7 million in cash as well as multiple pieces of real estate and personal property, including a condominium in Miami, a BMW and several Rolex watches that he is alleged to have acquired through his ill-gotten gains. Gonzalez was arrested in Miami in 2008 along with 10 other individuals on charges relating to the thefts at TJX, Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. In August, federal authorities in New Jersey indicted Gonzalez on charges involving breaches at Heartland Payment Systems, Hannaford, 7-Eleven Inc. and two other unnamed retailers. About $1 million of the money being forfeited was recovered from a container buried in Gonzalez' back yard, according to a statement released today by the U.S. Department of Justice. Prosecutors alleged that Gonzalez, along with two unnamed Russian conspirators, stole more than 130 million credit and debit cards from the five retailers.

It is not clear if Gonzalez was the leader of a worldwide criminal gang or merely acting at the behest of powerful crime gangs based in Russia and East Europe. Today's plea brings to an end, for the moment, to the career of a hacker who federal authorities say has been the mastermind of the biggest data thefts in U.S. history. But his actions, which his lawyer has claimed stemmed from a computer addiction , have caused millions of dollars in losses to his victims. In addition, some of the companies that were Gonzalez's victims have had to pay fines to Visa and the other card brands for being noncompliant with the credit card industry's Payment Card Industry Data Security Standard and to spend more money to revamp their security controls. TJX has publicly estimated that costs to the company from the data breach will touch $200 million . Heartland has already spent or set aside more than $12 million and is facing numerous lawsuits from affected institutions.

Every year it seems that some foreign telecom company is in the running to purchase Sprint and this year is no exception. Hottest tech M&A deals of 2009 Deutsche Telekom is the parent company of U.S. wireless carrier T-Mobile USA, meaning that any purchase of Sprint would probably mean a merger of the two carriers. According to a report in the U.K.-based Telegraph newspaper, German carrier Deutsche Telekom is interested in purchasing Sprint and could submit an offer that will likely at least match the $10.6 billion that the company is estimated to be worth.

Sprint is the third-largest wireless carrier in the United States with an estimated 48.8 million wireless subscribers, while T-Mobile is the fourth-largest carrier with an estimated 33.5 million wireless subscribers. Deutsche Telekom was rumored to be interested in Sprint last year, when the company's credit rating was downgraded to junk status by Standard and Poor's. South Korean carrier SK Telecom was also rumored to have an interest in purchasing Sprint. A merger between the two companies would help T-Mobile match the subscriber numbers fielded by wireless giants AT&T, which has approximately 78 million subscribers, and Verizon, which has approximately 86 million subscribers. In 2007, Sprint nixed a $5 billion investment offer from SK Telecom and buyout firm Providence Equity Partners that also would have installed former Sprint chairman Tim Donahue as Sprint's CEO. SK Telecom and Providence Equity partners had proposed the investment to Sprint earlier in the month in a letter written to the telco in tandem to Donahue. Sprint's competitors, meanwhile, all seemed to extend their advantages over the beleaguered carrier.

Sprint has taken a major hit to its finances and market share in recent years, as the carrier not only posted an annual loss of $2.8 billion in 2008 but also lost more than 4 million wireless subscribers and wound up laying off 8,000 workers this past January. Buoyed by the release of the iPhone 3G, AT&T added nearly 7 million wireless subscribers in 2008 while posting earnings of $12.9 billion for the year, a 7.7% increase over its 2007 earnings. Verizon, meanwhile, added 6.3 million wireless customers while posting a net income of $6.4 billion, a 16.4% increase from 2007.

TransferJet, a data transfer technology that allows information to be exchanged between gadgets by simply bringing them close to each other, should begin appearing in products next year.

Both Sony and Toshiba are demonstrating the technology at this week's IFA electronics fair in Berlin and said products should be available in early 2010.

TransferJet works over a distance of a few centimeters and users will see speeds of up to 375Mbps. It's designed for data exchange between a user's gadgets and uses radio spectrum around 4.5GHz, which is available for unlicensed applications in most countries, so worldwide use should be possible.

"The idea of TransferJet is not to compete with technologies like WiFi. It can be viewed as a connector replacement," said Chris Clifton, chief technology officer at Sony UK's Semiconductor and electronic solutions division. "So instead of looking for the USB cable or the hassle of trying to connect from one device to another, just touch and go and transfer data in a few seconds."

The products will follow the completion of version 1.0 of the TransferJet standard, which is due next month, said Clifton.

Sony originally developed the technology but work was handed over to a consortium last year. It counts 40 major consumer electronics companies among its members, including Samsung, Toshiba, Kodak, Canon, Nikon, Panasonic, Sharp, Olympus, Pioneer and Sony Ericsson.

Details of the first products are not available but as many of the major digital still camera, video camera and cellular telephone companies are among the early supporters it's likely that it will appear in these products first.

At IFA Sony was demonstrating data transfer from a Walkman to a cell phone and from a cell phone to a digital picture frame, and also downloading of movies from a retail kiosk. Toshiba was using TransferJet to send photos from a cell phone to a laptop computer.

TransferJet's short range brings several advantages, said Clifton.

It uses a low power to transmit data so doesn't have the same problems with interference that other wireless technologies can suffer, and has a lesser impact on battery life. It also means that set-up can be made easier without all of the pairing and security in systems like Bluetooth. Because it works over a few centimeters it typically would require a user to be in possession of the gadgets being used.

TransferJet was first unveiled by Sony at the Consumer Electronics Show in Las Vegas in January 2008. A prototype system transferred pictures from a digital camera to a television. The technology was again demonstrated at this year's CES when Toshiba showed a prototype PDA with the technology.

A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers.

Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious "rogue" antivirus products, according to a researcher using the pseudonym Jart Armin, who works on the Hostexploit.com Web site. "This is maybe one of the top European centers of crap," he said in an e-mail interview.

"It was a cesspool of criminal activity," said Paul Ferguson a researcher with Trend Micro.

The ISP was disconnected from the Internet by its upstream provider, Junik, on Monday, after its provider, TeliaSonera told it to stop servicing Real Host or face sanctions Armin said.

Real Host was considered a "bullet proof" hosting provider, that would allow customers to remain online even after they had been linked to malicious activity. It had been linked to the Zeus botnet-making software.

This isn't the first time this type of hosting provider has been knocked offline. In the past year, at least three U.S. ISPs: Atrivo, McColo and 3FN have been unplugged after security researchers built cases against them. Atrivo and McColo were also taken offline by their upstream providers. 3FN was shut down by the U.S. Federal Trade Commission.

But according to Armin, this may be the "first time an international group has achieved this across borders and in Eastern Europe."

In the past, these takedowns have had a serious affect on spam. And while some observers reported a noticeable drop in spam over the weekend, security experts say that this was probably not attributable to the Real Host takedown.

Observers expect to see the criminal activity linked to Real Host resume soon, but they say that the takedown puts some pressure on the bad guys and the networks that provide service to them. "The precedent that's being set right now is that you need to take some responsibility for your network," said Lawrence Baldwin, owner of security research firm Mynetwatchman. "There actually are some consequences now for allowing an obviously heavy concentration of criminal activity on your networks. It's just not going to be accepted anymore."

A former Microsoft employee and prominent analyst warned the financial community not to be misled by Microsoft's claims about early corporate adoption of Windows 7.

Microsoft said this week at its annual Worldwide Partner Conference that it has already licensed 51 million desktops for Windows 7, which won't be available to business customers through its volume-licensing program until Sept. 1.

However, Rob Horowitz, the founder and CEO of analyst firm Directions on Microsoft and who worked at the company for eight years, said that many of those corporate licenses are likely tied to its existing enterprise-agreement contracts with customers and don't represent any specific interest in the new OS.

"When Microsoft says it has 51 million seats already for Windows 7, that's probably 51 million PCs covered by enterprise agreements," he said, speaking to financial analysts on a conference call hosted by Citibank.

On the call, Horowitz discussed the mechanics of Microsoft's volume-licensing, enterprise agreement (EA) and Software Assurance (SA) programs, which large corporate customers use to purchase Microsoft software.

The SA program provides software updates and other extras to corporate customers that purchase software in high volumes. Companies that want the enterprise version of the Windows client OS must purchase SA to get it, and SA is a part of EAs, which cover all the licenses needed to deploy Windows and Office across corporate desktops.

Though companies do get automatic software upgrades through SA, the update program is not the main draw for customers to purchase EAs, Horowitz said.

Rather, companies sign EAs to avoid any complexity later if Microsoft decides to audit them to ensure they're paying for every desktop using its software, he said.

"It's a huge pain to show you have enough licenses to cover your use," Horowitz said. With an EA, customers need merely to count their desktops each year, tell Microsoft how many they have and then pay for those desktops, he said.

In fact, many customers don't even update their desktops to the latest software they receive through SA, even if they get it under the terms of their contracts, Horowitz said. This was certainly the case with Windows Vista, which was not popular with many enterprises, which opted to continue using Windows XP instead.

It's hard to tell how Windows 7 will fare with corporate customers beyond those who get the product through an SA contract, which doesn't necessarily mean they will use it.

Early reports have mixed projections for how well Windows 7 will do in its early days. Research firm IDC is predicting 177 million Windows 7 PC shipments by the end of the year, but that represents a mix of corporate and consumer users. Following its September release to volume licensing, the OS will be available to everyone on Oct. 22.

Another report published Monday predicts adoption by businesses could be sluggish. A survey based on feedback from 1,000 IT administrators and conducted by ScriptLogic found that nearly 60 percent of businesses don't currently plan to adopt Windows 7. ScriptLogic provides network administration software for Windows-based networks.

A representative at Microsoft's external public-relations agency said she would look into issues regarding Windows 7 adoption that Horowitz raised. No one was otherwise immediately available to comment.

The .eu TLD (top-level domain name) for Web sites allows non-ASCII characters in its Web addresses, after it opened up the TLD to addresses written in Cyrillic and Greek letters, the European Commission said Friday.

Currently, all TLDs, including .com, .org and the like have to be written in ASCII characters, which include the Roman alphabet and numerals.

However, three European Union countries don't use the Roman alphabet: Greece and Cyprus use modern Greek script while Bulgaria shares the Cyrillic alphabet with the non-E.U. country Russia.

It is "only natural that the domain names chosen by Europeans be permitted to be as diverse as Europe itself," Commissioner for the Information Society Viviane Reding said in a statement, announcing the decision to expand .eu beyond ASCII characters.

Some E.U. languages such as Czech, Polish and Lithuanian have the odd letter in their alphabets that steps beyond the ASCII character list. Even more use accents attached to Roman letters - those include French, Spanish and Danish. Users of these languages will also be able to write TLDs using their full alphabets from now on, the Commission said in a statement.

The Internet Corporation for Assigned Names and Numbers is also looking into stretching other TLDs so they can use non-ASCII characters.

No one was immediately available at ICANN to say when these internationalized domain names will become available but ICANN is understood to be working on expanding the choice of characters to include Chinese, Japanese and Arabic characters.

The number of .eu Web sites has reached just over 3 million, the Commission said. But the rate at which people and firms have been signing up for an .eu Web address has slowed after an initial rush to register Web sites in 2006, the TLD's first year in existence.

The number of new .eu Web sites last year and in 2007 was around 300,000 each year, while in 2006, 2.5 million .eu TLDs were registered.

The .eu TLD is now the ninth most-used top-level domain name in the world, ahead of .biz but still way behind TLDs such as .com, .ge (Germany), .net, .org and .nl (Holland). Germany has registered the biggest number of .eu Web site addresses with just under 1 million. Next comes the Netherlands with 415,000, followed by the U.K. with around 378,000.

The management of .eu is entrusted to EURid , an independent nonprofit organization.