Categories
Goverment IT News Open Source

Swiss Government Has Microsoft “Dependency”

Open source advocates claim that a Swiss government department must open its doors to non-proprietary software

An ongoing case brought by Red Hat and other open source vendors against the Swiss government’s decision to award an uncontested IT contract to Microsoft could prove pivotal, according to experts.

Commenting on a recent decision by Swiss courts to reject the group of open source suppliers objections against the Microsoft contract, Mark Taylor of the UK-based Open Source Consortium, said the case shows how some government departments find it extremely difficult to extracate themselves from using Microsoft’s technology.

“In effect the Judge said the Swiss Public Sector is so addicted that it would be damaging to withdraw the dependency right now,” said Taylor.

Taylor added that if the ongoing case finds in favour of Microsoft when it finally concludes, it could set a troubling precedent for open source technology uptake in the public sector.

“I suspect this is a watershed moment and this case will play a pivotal part in the public debate from now on…,” said Taylor.

According to comments sent to eWeek Europe by the Swiss law firm, BCCC AVOCATS, last month the Swiss Administrative Court reportedly rejected the claim filed by 18 open source software providers against the Swiss Confederation’s decision to renew a three-year agreement with Microsoft to supply servers and desktops to the Swiss Federal Bureau for Building and Logistics.

In May this year, the open source group led by Red Hat protested what they claim was a Swiss government contract given to Microsoft without any public bidding. The Red Hat group asked a Swiss federal to overturn a contract issued to Microsoft for 14 million Swiss Franc (£8 million) each year. The contract, for “standardised workstations”, was issued with no public bidding process, Red Hat’s legal team reported in a blog – because the Swiss agency asserted there was no sufficient alternative to Microsoft products.

Also commenting on the ongoing case, Karsten Gerloff from the Free Software Foundation said that the Swiss department concerned should break free from its dependance on one vendor.

“Free Software offers users strategic control over their infrastructure. This problem is by no means limited to Switzerland. Across Europe,
it’s quite common for public bodies to either hand out contracts to proprietary software vendors without a proper public bidding procedure,” he said in a blog posting.

Categories
News

Symantec Reveals SaaS Plans For 2010

The security company has discussed its plans for the SaaS space in the coming year

One of the underlying trends in security of late has been the adoption of cloud-based services. On the acquisition front, the past few years have seen several independent SaaS security vendors get gobbled up.

Among those was Symantec’s acquisition of MessageLabs. After more than a year under Symantec’s wing, former MessageLabs CEO Adrian Chamberlain—now senior vice president of Symantec’s Software-as-a-Service group—said he sees a future with even more security technology in the cloud.

“The world is moving toward security-based services,” Chamberlain said in an interview with eWEEK earlier in December. “You can see the penetration in the developed countries of hosted security displacing licensed software and appliances.”

For Symantec, taking advantage of that means blending not only hosted and on-site technology but also the respective sales forces and channels. In the year since the acquisition, Symantec has recognised the inherent differences between customer operations and R&D; in its services and licensed software businesses as well as the relationship between those units and marketing, Chamberlain said. Looking ahead, the company will stress what it feels is appropriate bundling of services and software businesses.

“Stage two, which is about to happen quite soon, is to put hosted variations of our offerings within the Symantec protection suites,” he said.

The company is on that road with Symantec Data Loss Prevention 10, which allows users of hosted e-mail security services to monitor and protect outbound e-mails without requiring on-site e-mail gateway infrastructure.

“In many ways I think not just with us, but with almost all the hosted services providers, many of our customers are ahead of us in saying they’d like services in the cloud we simply haven’t developed yet because it’s just tough … We know we see big demand for Web services … and for more and more sophistication in the ability to set policy around the Web usage,” Chamberlain said. “We see a big demand for archiving, business continuity and encryption.”

Customers are also showing an interest in URL filtering, he said.

“The services I’ve just described really are in their infancy in being developed … I think you will see further developments where technology will be able to manage files in the cloud … that will further advance the argument for shifting on-premises or licensed software solutions into the cloud to set policy,” he said.

Symantec’s emphasis on SAAS should not come as a surprise. Symantec CEO Enrique Salem predicted SAAS would account for 15 percent of the company’s business in five years. However, a number of challenges remain before the acquisition can be truly successful, opined Forrester Research analyst Jonathan Penn.

“Most notably, there’s the technical integration between [on-premises] e-mail security and hosted: There shouldn’t be a notable difference in quality of protection between [on-premises] and hosted, and for that to happen they must run off of a unified technology platform that creates parity between the two offerings,” Penn said. “Second is the way in which Symantec takes all this to market, which today is as two distinct solutions. Symantec should be packaging this such that customers selecting Symantec for e-mail security should be able to select their preferred delivery model simply as an implementation option. As it stands today, the packaging is not at all integrated in this fashion.”

Other vendors will also face the same challenges. There were a number of acquisitions in the security SAAS space in 2009, including McAfee’s purchase of MX Logic, Cisco Systems’ acquisition of ScanSafe and Barracuda Networks buying Purewire. Where Symantec will seek to differentiate itself, Chamberlain said, is by trying to offer the most complete and integrated portfolio of security technologies.

“You can buy these services at the moment through a series of point plays, you can get archiving specialists, you can get Web specialists … what we expect customers will want is to buy the hosted services of one provider who can offer a universal interface on which you can set policy and authentication once,” he said.

Categories
News Security

Symantec: Targeted Cyber Attacks On The Rise

2010 was the year targeted attacks got serious, using multiple zero-day flaws and social engineering

2010 was the year of the targeted attack, with attacks such as Hydraq and Stuxnet using sophisticated techniques such as the use of multiple zero-day vulnerabilities to break into high-level computer systems, according to Symantec.

In the latest edition of the security firm’s Internet Security Threat Report, released on 5 April, Symantec also highlights the growing use of social networks and a growing number of attacks on mobile devices.

Maturing market

“Overall, it’s becoming a much more mature underground market,” Symantec security strategist Sian John told eWEEK Europe UK. “Everything’s moving on, as it has been for years, from being about kudos to being about making money and the market. The targeted attacks, the growing sophistication, the use of social networking, the attacks on mobile devices, all link back to that. We’re seeing a growing commercial element to the underground economy.”

Symantec noted that Stuxnet alone exploited four different zero-day vulnerabilities and that attacks were launched on a wide range of publicly traded, multinational corporations and government agencies, as well as a surprising number of smaller companies.

In many cases the attackers researched key victims within organisations and used tailored social engineering techniques to gain entry into the victims’ networks, allowing them to get around existing security measures, Symantec said.

Data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly four times that of any other cause, Symatec said.

Social network malice

Social networks became a major attack vector last year, with attackers in particular making use of millions of shortened links to spread malware, often via users’ news feeds.

Sixty-five percent of malicious links in news feeds used shortened URLs, and of these 73 percent were clicked on 11 times or more, with 33 percent receiving between 11 and 50 clicks, Symantec said.

Symantec noted that attack toolkits continued to see widespread use last year, and increasingly targeted Java, which accounted for 17 percent of all vulnerabilities affecting browser plug-ins for the year. The Phoenix toolkit was responsible for most web-based attack activity for the year.

Symantec estimated that attack kits are responsible for two-thirds of all web-based threat activity, and found that the number of measured web-based attacks per day increased by 93 percent over 2009.

The major mobile platforms are beginning to attract serious attention from attackers, with Symantec documenting 163 flaws during 2010 that could be used to gain partial or complete control over devices. In the first few months of 2011 attackers have leveraged these to infect hundreds of thousands of devices, the company said.

The threats to date have taken the form of Trojan Horse programs posing as legitimate applications, as was the case with the recent Pjapps Trojan, the company said.

Identity theft

However, to date such Trojans are less of a threat than data loss via lost or stolen mobile devices, according to Symantec’s John.

“Although mobile threats are increasing, until people start to do more financial transactions on mobile devices, it’s about managing and controlling devices that might get lost,” she said. “It’s the back-of-a-taxi problem.”

Most identity theft during 2010 resulted from the theft or loss of a computer or other data-storage device, accounting for 36 percent of the total, Symantec said. That proportion is almost unchanged from 2009, when it accounted for 37 percent of the total.

Categories
News Security

Symantec Warns Of Spam Campaign Using Shortened URLs

Symantec MessageLabs has warned that the proportion of spam containing shortened hyperlinks has increased significantly over the last year

In an effort to beat spam filters, Symantec’s MessageLabs has warned that spammers linked to the Storm botnet are increasingly turning to shortened URLs.

According to Symantec’s July 2010 MessageLabs Intelligence Report, spam with shortened hyperlinks reached a peak of 18 percent 30 April, translating to 23.4 billion spam emails. An analysis of the spam campaign has linked some of it to the notorious Storm botnet, which first appeared in 2006 before declining in 2008. The botnet re-emerged in May, and now accounts for 11.8 percent of all the spam containing shortened hyperlinks circulating the web.

Shortened URLs

“While botnets are often the source of short URL spam, 28 percent of this type of spam originated from sources not linked to a known botnet such as unidentified spam-sending botnets or non-botnet sources such as webmail accounts created using CAPTCHA-breaking tools,” said Paul Wood, MessageLabs Intelligence Senior Analyst for Symantec Hosted Services, in a statement.

The peak of 18 percent this year is more than double last year’s highpoint of 9.3 percent recorded last 28 July. In the second quarter of 2009, there was only a single day when shortened hyperlinks appeared in more than 1 in 200 spam messages, Symantec reported. In the second quarter of 2010 however, there were 43 days when that happened.

Dodging Filters

Security pros have repeatedly warned users to be wary about shortened URLs in emails and on social networks because they are sometimes used to trick people into visiting malicious sites. That wariness however should not necessarily transform into panic, as an analysis of shortened URLs in Twitter’s public timeline by Zscaler revealed they were far less likely to lead to malicious sites than search results on Google.

Still, for spammers pushing pharmaceuticals and other goods, using shortened emails can be relatively effective. According to the report, researchers found an average of one website visit for every 74,000 spam emails with the shortened URLs. The most frequently visited shortened links from spam received more than 63,000 website visits.

When it comes to spam, the name of the game is dodging filters, and any tactic that can make it harder to block email messages is going to be adopted by the spammers out there, Wood said.

“When spammers include a shortened URL in spam messages, these shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional anti-spam filters to identify the messages as spam based on the reputation of the domains found in the spam emails,” he said.

Categories
News

Symantec Warns Over Rising Use Of Scareware

Cybercriminals are getting rich with online scare tactics that convince users to hand over money for useless rogue security software, says Symantec

Symantec has warned in a new report that online criminals are duping members of the public into purchasing rogue security software, by employing increasingly persuasive online scare tactics.

Symantec defines rogue security software (or ‘scareware’) as software that pretends to be legitimate security software. It warns that these rogue applications provide little or no value and may even install malicious code or reduce the overall security of the computer.

In its findings of its ‘Rogue Security Software report’, Symantec said that that cybercriminals are potentially growing very rich indeed by employing this technique. It says a new generation of organised criminals are earning more than 34 times the average UK worker’s salary every year.

For example, Symantec says scareware can net cybercriminals profits of more than £850,000 a year. In order to get to the £850k figure, Symantec looked at an average week’s sales on a leading rogue security software distribution site, where affiliates can register to obtain the appropriate files and links to market the scam. It then multiplied the figure by 52 and converted it into pounds.

And even more alarming is the fact that according to the study, 93 percent of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user, believing they are doing the ‘right’ thing.

Professor David Wall, an expert in cybercrime from Leeds University told eWEEK Europe that scareware manufacturers are becoming increasingly adept at manipulating people emotions.

“The typical scenario is someone is busy working away on their PC and up flashes this warning. With sophisticated scareware, the warning looks like it has come from their own operating system,” said Wall.

“The warning will say something like ‘you are under attack and in 20 seconds, your hard disk will be erased. Please click here for remedies,’” Wall said. “People click the link and are hooked. In four minutes it is all over. Sophisticated scareware can claim to fix a problem. It is a scammer’s dream if people think they have brought a service, as there is little to no come back.”

Professor Wall also noted that scareware is moving away from criminal boundaries, and is increasingly lurking in a grey area, where it is hard to justified punitive action. “Some scareware is like a nasty form of entrapment marketing,” said Wall. “I have it on good authority that there is a distinct trend to make it more like a clean scam, but it is still wrong. Indeed, many victims actually don’t believe they have been a victim.”

He said that often police cannot act in these cases, and the Crown Prosecution Service will not think it is in the public interest to prosecute, and therefore cyber security companies don’t have the authority to intervene.

“Someone is getting away with a lot of other people’s money,” Wall said. “A lot of findings from various companies in the cybercrime industry all point to same trend. In the last 6 months of this year, there has been a marked increase in the amount of scareware circulating.”

“It is all about plausibility when these pop up warnings appear,” he said. “People trust these symbols because it runs their computers. If they tell people to download software and then people are asked to pay for an upgrade, the user doesn’t feel scammed. In earlier days a skull would have appeared on your screen threating to eat your hard drive. Now it has become silky smooth social engineering.”

“The public has to be more cyber savy and they must use their gumption,” said Wall. “People must also make sure they keep their operating system up to date, as well as installing some security software.”

As of June 2009, Symantec has detected more than 250 distinct rogue security software programs. The initial monetary loss to consumers who download these rogue products ranges from $30 (£18) to $100 (£61).

Categories
Mobile & Wireless News Open Source

Symbian 3 Is Ready To Go

The Symbian 3 operating system is ready but Nokia’s N8 smartphone will be a bit late to take on Apple’s iPhone 4

The new version will run on the Nokia N8 phone due to appear shortly, and improves the Symbian operating system – the most widespread smartphone OS in the world – in various ways. Symbian 3 (also called Symbian^3 or S^3) was demonstrated at Mobile World Congress in February, when the second version of Symbian was released as open source.

Functionally complete – but is it an iPhone competitor?

“This is an important milestone for the Symbian Foundation as it marks the first time this point has been reached for a fully open source release and the time at which Symbian 3 is considered ready for community use,” said Rafe Blandford of All About Symbian, following the announcement that Symbian 3 is “functionally complete,” in the Symbian developer newsletter.

“This is an important stage for device creators and developers, but is not of major significance to consumers, other than to indicate that Symbian 3 is well on track for being in devices in the second half of the year,” said Blandford. “The Nokia N8 was the first Symbian 3 device to be announced, but there are many more on the way from multiple manufacturers.”

Symbian 3 having now been declared officially Functionally Complete marks an important milestone in the platform and represents a transition from feature submission and stability into the hardening phase. However, “functionally complete” is not the same as “feature complete,” Symbian officials said.

There could still be some minor changes to the platform – even though the software is slated to begin to appear on devices in the later in the year – following a delay to the original shipping date of the Nokia N8

Symbian 3 features include home screen improvements, next generation graphics, better data networking and a better entertainment experience including HD video, smart remote controls, interactive radio, music store integration and podcasts.

For developers, Symbian 3 delivers support for the Qt application framework version 4.6. Availability of Qt 4.6 for Symbian 3 means developers can start using the power of this new runtime, to plan new applications and to start the migration of their existing applications. Where used, Qt application framework will sit alongside the Avkon UI framework, enabling both forward and backward compatibility. Avkon is the name of the legacy UI framework that Qt replaces.

Nokia is pinning its hopes on Symbian 3, along with a general upgrade and simplification of its phone and smartphones, but has downgraded its sales forecasts

Categories
Mobile & Wireless News

Symbian 3 Is Ready To Go

The Symbian 3 operating system is ready but Nokia’s N8 smartphone will be a bit late to take on Apple’s iPhone 4

The Symbian Foundation has said version 3 of the Symbian open source mobile phone operating system is finished and ready for use by device makers and developers.

The new version will run on the Nokia N8 phone due to appear shortly, and improves the Symbian operating system – the most widespread smartphone OS in the world – in various ways. Symbian 3 (also called Symbian^3 or S^3) was demonstrated at Mobile World Congress in February, when the second version of Symbian was released as open source.

Functionally complete – but is it an iPhone competitor?

“This is an important milestone for the Symbian Foundation as it marks the first time this point has been reached for a fully open source release and the time at which Symbian 3 is considered ready for community use,” said Rafe Blandford of All About Symbian, following the announcement that Symbian 3 is “functionally complete,” in the Symbian developer newsletter.

“This is an important stage for device creators and developers, but is not of major significance to consumers, other than to indicate that Symbian 3 is well on track for being in devices in the second half of the year,” said Blandford. “The Nokia N8 was the first Symbian 3 device to be announced, but there are many more on the way from multiple manufacturers.”

Symbian 3 having now been declared officially Functionally Complete marks an important milestone in the platform and represents a transition from feature submission and stability into the hardening phase. However, “functionally complete” is not the same as “feature complete,” Symbian officials said.

There could still be some minor changes to the platform – even though the software is slated to begin to appear on devices in the later in the year – following a delay to the original shipping date of the Nokia N8

Symbian 3 features include home screen improvements, next generation graphics, better data networking and a better entertainment experience including HD video, smart remote controls, interactive radio, music store integration and podcasts.

For developers, Symbian 3 delivers support for the Qt application framework version 4.6. Availability of Qt 4.6 for Symbian 3 means developers can start using the power of this new runtime, to plan new applications and to start the migration of their existing applications. Where used, Qt application framework will sit alongside the Avkon UI framework, enabling both forward and backward compatibility. Avkon is the name of the legacy UI framework that Qt replaces.

Nokia is pinning its hopes on Symbian 3, along with a general upgrade and simplification of its phone and smartphones, but has downgraded its sales forecasts.

Categories
Cloud Mobile & Wireless News

Symbian Foundation Backs Open Cloud Manifesto

The Symbian Foundation is publicly backing the Open Cloud Manifesto and has pledged to move more deeply into the cloud:

The Symbian Foundation has thrown its weight behind the Open Cloud Manifesto, saying the manifesto can help lead to a more open cloud environment.

In a 1 July blog post, Ian McDonald, head of IT for Symbian, said, “With the popularity of cloud computing quickly rising there is a real need to ensure that the cloud is open and not a proprietary lock-in.”

Open Cloud

As such, Symbian has become an official supporter of the Open Cloud Manifesto. The tagline for the Open Cloud Manifesto is that it is “dedicated to the belief that the cloud should be open.” The manifesto outlines the challenges facing organisations that want to take advantage of the cloud.

A description of the manifesto on the Open Manifesto website defines it as follows:

“The Open Cloud Manifesto establishes a core set of principles to ensure that organisations will have freedom of choice, flexibility, and openness as they take advantage of cloud computing. While cloud computing has the potential to have a positive impact on organisations, there is also potential for lock-in and lost flexibility if appropriate open standards are not identified and adopted.”

McDonald said Symbian is a big user of cloud computing and will soon take even greater advantage of the cloud.

Passionately Open

Said McDonald in his post:

“Inside Symbian we use the cloud thanks to a wide range of providers – over twenty in fact – and we don’t even run our own file or email servers! Symbian Ideas, Symbian Horizon and this blog run on cloud infrastructure, and we have plans to shift nearly all our sites onto the cloud in the next few months.”

Moreover, McDonald said Symbian is an organisation that is passionate about being open. “The planning for our releases, the decision making processes (including the councils) and all our code are out in the open,” he said in the blog post. “As such we totally support the Open Cloud Manifesto which is working to ensure that different cloud offerings can work together and that there are open standards.”

Categories
News Security

Syrian Internet Cut Off During Protests

About two-thirds of Syria’s Internet access was cut off on Friday, amidst some of the biggest protests to date

Syrian networks were reconnected to the Internet on Saturday, a day after two-thirds of the country’s networks were reportedly cut off.

The Internet shutdown coincided with what were reportedly some of the largest anti-government protests yet on Friday, in the course of which at least 40 protesters were killed, according to activists cited by the New York Times.

Cutoff

Renesys, a company that tracks Internet flows, reported on Friday that starting at 3:35 UTC about two-thirds of all Syrian networks became unreachable from the wider Internet, with 40 of 59 networks withdrawn from the global routing table.

Some government network prefixes remained reachable, while networks belonging to SyriaTel’s 3G mobile data networks and smaller downstream Internet service providers were no longer reachable, according to Renesys.

Seven of the 40 unreachable networks then returned at around 19:00 UTC, or 22:00 Damascus time on Friday night, Renesys said. The remaining networks returned to connectivity shortly after 04:00 UTC.

US Secretary of State Hillary Clinton issued a statement on Saturday criticising the service interruption.

“We condemn any effort to suppress the Syrian people’s exercise of their rights to free expression, assembly, and association,” Clinton stated.

Several governments in the Middle East have cut off Internet service as part of their efforts to control protests, as Internet services – and notably social networking services – have grown in importance as tools for organising protests.

Egypt cut off its Internet service from the rest of the world in January during protests, while in February the Libyan government carried out a similar manoeuvre.

The Egyptian protests were partly inspired by a Facebook page set up by a Dubai-based Google executive.

The Egyptian government’s blocking of Internet services for five days is likely to have cost the country roughly $90 million (£56m), according to the Organisation for Economic Co-operation and Development (OECD).

The blocked telecommunication and Internet services account for between three and four percent of Egypt’s GDP, equivalent to a loss of $18 million (£11m) per day. However, the OECD warns that the long-term impact could be far greater, as the cut-off could have deterred foreign investors from expanding their operations in Egypt.

Industry reaction

Ghoneim’s support was an out-of-hours activity, but Google itself helped the protesters by providing a service that would tweet messages sent by phone, after Egypt banned Twitter. Other social media giants also weighed in, with Facebook upgrading its security after it became known that the Tunisian government had tried to steal the passwords of all Facebook users.

Categories
News

T-Mobile And Orange Play Down Charity Charge Jibes

Everything Everywhere drops charges for texted charity donations but claims it did not usually collect anyway

Everything Everywhere has complained that its support for charities has been misrepresented by reports that it imposed a ten percent handling charge on SMS-borne charity donations which was waived by other operators.

The company, which is a joint operation between the Orange and T-Mobile UK networks, claimed that it often absorbs costs such as bank charges and bad debts. It said that it absorbed around £700,000 of costs last year in supporting its partner charities, such as Comic Relief, Children in Need and Unicef.

Charity CEOs Asked For Help

This did not stop leading charity CEOs from writing to Nick Hurd MP, the minister for civil society, to ask for help in pressurising Everything Everywhere to withdraw its charges. Signatories included Bruce Leeke of the Institute of Fundraising. Thomas Hughes-Hallett of Marie Curie Cancer Care and David Nussbaum of the WWF.

“We are writing to you to raise a serious concern over text donations,” the letter stated. “While O2, Vodafone, 3 and now Virgin are committed to passing on 100 percent of text donations to charities. Orange and T-Mobile (Everything Everywhere) are the only remaining mobile operators not to do this. We consider this to be an impediment to effective fundraising via mobile text giving.”

According to The Times, Hurd’s reply emphasised the work Orange and T-Mobile were doing in other areas, including their participation in the Apps for Good campaign but he added: “I urge them to take this opportunity to show their commitment in this way as well.”

Robin O’Kelly, director of corporate communications at Everything Everywhere, responded to an article on Left Foot Forward’s Website: “ Everything Everywhere passes on 100 percent of all donations, including any costs incurred, to all the main text-to-donate users. For some other charities, we have passed on costs incurred (around £9,000 in the past 12 months – relative to £7 million raised).”

“More importantly,” he continued, “we’re working on a Gift Aid solution for text-to-donate and while this is happening we will absorb all costs for all charities – and will probably make this permanent.”