Issue No.06 - November/December (2006 vol.8)
Published by the IEEE Computer Society
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2006.141
New Panel Aims to Identify Risks and Challenges; IPv6 to Influence $97 Billion in US Government Spending; Microsoft Debuts MySpace for IT; Report: New Hackers Up to Old Tricks; Study: People and Processes Important in Security; Internet Explorer 7 for Windows XP Available; Mozilla Releases Newest Firefox; MySQL Boosts Service Features for Enterprise Clients; Cisco Presents Next-Generation Virtual Meeting Technology; Dell Unveils Two- and Four-Socket Servers, Integrates Oracle; Sophos Confident in its Vista Protection; Microsoft to Release EU-Compliant Vista; EPA Announces New Computer Efficiency Requirements; Skype Introduces Video Calling for Mac Users, Aims for Legitimacy; Sony Recalls Additional Notebook Batteries.
New Panel Aims to Identify Risks and Challenges of E-Health Systems
Early adopters of technology often learn the hard way what works and what doesn't. But now some pioneers in the deployment of digital health record systems want to share with other health-care providers the lessons they've learned about the pitfalls, challenges, and safety risks of implementing e-health systems, according to an article in InformationWeek.
A new US national advisory panel was launched in early November to study the safety and effectiveness of e-health records, according to the article.
Geisinger Health System, which 10 years ago began digitizing the medical records of its two million patients in rural Pennsylvania, is spearheading the effort. Also on the panel are representatives from other early-adopters of e-medical records, including the Regienstrief Institute in Indiana and Kaiser Northwest Health Plan. In addition, the panel includes representatives from academia and industry, as well as philanthropic organizations.
Government and industry researchers in recent years have studied the potential benefits in quality-of-care, patient safety, and cost-savings that widespread adoption of e-health record and other clinical IT systems can generate. However, little attention has been paid to the "gaps" of safety and effectiveness in these systems as they're being deployed, says Ron Paulus, a medical doctor and Geisinger's chief technology and innovation officer.
The implementation of e-health records, e-prescription, and computerized physician order-entry systems means big disruptions and changes in workflow and processes for doctors and nurses. Plus, the integration of disparate clinical systems—like linking e-health record applications from one vendor to the e-prescription system of another vendor—can also present interoperability challenges. All of these factors can potentially put patients at risk, Paulus tells Information Week. "We want to provide information to identify risk areas and how to mitigate the risks," he said.
Survey: IPv6 to Influence $97 Billion in US Government Spending
The transition to Internet Protocol version 6 (IPv6) is about more than a federal mandate and replenishment of available IP addresses—it's also about the US$97 billion in IT purchases that will occur as a result during the next five years, according to a Juniper Networks survey of government and industry communities.
Juniper surveyed 1,076 representatives from defense, civilian, state and local government agencies, and industry about a variety of issues relating to IPv6 in government, including progress, expected spending and buying habits, possible impact, and management strategies. According to the respondents, IPv6 will influence US$41 billion of federal IT purchasing and US$21 billion of state and local IT purchasing within two years. By 2011, those numbers will grow to US$60 billion and US$37 billion, respectively.
"These fantastic numbers are all fine, but it's not all hardware," says Tom Gillman, director of federal channels at Juniper. "For [Juniper], it could just involve a code update in a lot of cases. Really, it's about a whole lot of services," which he expects to make up more than half of the expected spending.
Microsoft Debuts MySpace for IT
Microsoft launched in November what it bills as a social networking site for IT professionals, called Aggreg8. The company aims for the site to become a MySpace-like forum for developers to share scripts, tools, or best practices, or even to just connect with others within the profession.
The site will allow users to either collaborate with fellow developers through preset working groups, or allow them to create their own. Additionally, space would be provided in the groups to allow users to post messages and files, and share events, the company said in a press release.
Aggreg8 has no relation to the RSS reader project that carried the same name. Philip Roche, the creator of that program, was approached in July by Microsoft and asked to sell the domain names. Both Aggreg8.com and Aggreg8.net were sold for $5,000, he said in a blog post. Since then, the RSS reader was to move to Aggreg8.org and Aggreg8.co.uk, but both sites still showed a "coming soon" message.
Report: New Hackers Up to Old Tricks
Older threat techniques, malicious code, and Web 2.0 and AJAX attacks will be the most problematic hacking trends and issues over the next 6 to 24 months, according to a new report from Symantec. The latest release of the Symantec Internet Security Threat Report, Volume X, examines the Internet's threat environment, malicious codes, vulnerabilities, and attacks during the first half of 2006.
Older threat techniques can bypass newer detection technologies because they rely on nontechnical means of compromise, such as social engineering, to carry out successful attacks. Instead of battling robust enterprise-level security systems, more hackers are targeting end users, believing that they represent the weakest link in the security chain. The newer attacks also propagate at a slower rate and avoid detection by targeting client-side applications rather than server vulnerabilities.
Malicious code is making a comeback, the report said. Symantec's Security Response noticed an increase in polymorphic viruses in the first half of 2006. A polymorphic virus mutates itself by changing its byte pattern as it propagates throughout an attack, in essence, changing its code to avoid detection. According to the report, there was a significant increase in malicious-code attacks designed to target specific, individual organizations. This emerging threat promises to challenge enterprise IT departments due to the difficulty in detecting and removing polymorphic viruses.
As Web applications continue to gain in popularity, Symantec expects to see an increase in the number of attacks taking advantage of the interconnected, interactive nature of AJAX to increase the number of potential targets.
Volume X drew on the expertise of more than 1,600 security analysts worldwide and more than 40,000 sensors in 180 countries. To view the full report, visit http://www.symantec.com/ enterprise/threatreport /index.jsp.
Study: People and Processes Important in Security
According to an annual study by the International Information Systems Security Certification Consortium ( http://www.isc2.org/ workforcestudy), the top three success factors of information-systems security highlight the need for public and private entities to focus more time and attention on policies, processes, and people. These three areas have been traditionally overlooked in favor of trusting hardware and software to solve security problems. Respondents in the Global Information Security Workforce Study say organizations are now beginning to recognize that technology is an enabler, not the solution, for implementing and executing a sound security strategy.
According to more than 4,000 information security professionals from more than 100 countries, in what (ISC 2) bills as the largest study of its kind, the most important elements in effectively securing their organizations' infrastructures are (in order of importance)
• management support of security policies,
• users following security policy,
• qualified security staff,
• software solutions, and
• hardware solutions.
The study also found that responsibility for executing a security strategy is increasingly shared across the organization, making C-level officers accountable as part of a well-defined and articulated risk management program. Continuing a trend identified in last year's study, responsibility for securing information assets is shifting from the CIO to other senior-management personnel, including chief executive officer, chief financial officer, chief risk officer, and chief information security officer, as well as legal and compliance departments.
Internet Explorer 7 for Windows XP Available
Microsoft Corp. has released Internet Explorer 7 to the public, touting stronger security features, a new look, and enhanced capabilities. According to the company, the new version provides advanced safeguards against phishing and malicious software attacks. IE 7 adds the tabbed browsing feature, which enables users to flip through several sites in the same browser window, and view all open tabs in one window.
IE 7 is IT manager-friendly, with enhanced browser-control features and adherence to popular Web development standards, the company said.
IE 7 for Windows XP is now available in English and runs on Windows XP Service Pack 2, Windows XP 64-bit Edition, and Windows Server 2003 Service Pack 1.
Mozilla Releases Newest Firefox
Fresh on the heels of Microsoft's Internet Explorer 7 release, Mozilla has released Firefox 2, the latest version of the company's popular browser. Some of the browser's new and improved features include an updated user interface, built-in phishing protection, enhanced search capabilities, and improved tabbed browsing. Firefox 2 is available in several languages for Windows, Mac OS X, and Linux at www.mozilla.org.
MySQL Boosts Service Features for Enterprise Clients
Open source company MySQL announced that it will offer a server-based database monitoring and advisory service to accompany its MySQL Enterprise commercial subscription service, according to an IDG News Service report ( http://www.linuxworld.com/ news/2006/101706-mysql- formally-announces- merlin-database.html). The monitor continually checks a user's MySQL database to identify potential problems such as system crashes, performance bottlenecks, or security weaknesses.
The service technology, called Merlin, will be included in the company's new version of MySQL Enterprise. Hoping to gain more business clients in the coming year, MySQL plans to make more tools and services available to small- and medium-sized companies that cannot afford to hire a database administrator. Enterprises will benefit because they often have trouble finding a DBA with MySQL skills, the report said.
Cisco Presents Next-Generation Virtual Meeting Technology
Cisco has unveiled its TelePresence Meeting solution—a hardware-software audiovisual component system that seeks to enhance virtual-meeting realism with advanced audio and video technologies. Meeting participants are able to experience each others' voice inflections, subtle facial expressions, and body movements, according to a company news release.
The system uses ultra-high definition 1,080-pixel video and high-quality, wideband spatial audio, imperceptible low latency, and comprehensive environmental design, allowing users to experience the nuances of in-person conversation. Cisco claims that the video image is two times better than HDTV and that its specially designed microphones eliminate noise interference, while the multidirectional speakers project participants' voices to listeners.
The system is available in two sizes. The TelePresence 1000 is designed for one-on-one conversations and small group meetings. The TelePresence 3000 is designed for meetings of 12 or more people around a virtual table. In this application, life-size, eye-level video screens are placed around a meeting table, each screen housing cameras that record and display participants in a way the company says makes everyone feel like they are in the same room together.
In both arrangements, backgrounds are chosen to match the viewer's environment and people appear the same size on screen as they would in person.
According to Cisco, the system's high costs will be justified by savings from reduced travel and time wasted in ineffective virtual meetings that use inferior technology. TelePresence 1000 will cost around US$80,000. The TelePresence3000 model will cost about US$300,000. No monthly operating fee is required. Both are expected to be available in December 2006.
Dell Unveils Two- and Four-Socket Servers; Integrates Oracle
Dell has debuted two PowerEdge servers featuring AMD's Opteron 64-bit processor. The company unveiled the PowerEdge 6950 and PowerEdge SC1435, along with the integration of OpenManage and Oracle Enterprise Manager at a press conference at Oracle Open World in San Francisco. The PowerEdge 6950 is a four-socket server designed for applications such as database, server consolidation, virtualization, and migration from RISC-based systems, according to a Dell press release.
The PowerEdge SC1435 is a two-socket, rack-dense server optimized for high-performance computer clusters, distributed Web serving, and small- to medium-sized businesses. AMD's Commercial Segment senior vice president Marty Seyer said the servers are part of Dell and AMD's efforts to optimize performance-per-watt in their products.
Dell and Oracle have integrated Dell OpenManage and Oracle Enterprise Manager to offer a solution to help manage the Oracle application infrastructure. The integration of these standards-based tools is designed to enable users to natively manage Dell PowerEdge servers within a single management console familiar to Oracle database administrators, the press release said.
The PowerEdge 6950 and PowerEdge SC1435 are priced from US$6,499 and US$1,299, respectively.
Sophos Confident in its Vista Protection
IT security firm Sophos claims it has the most capability when it comes to properly protecting enterprise systems running the forthcoming 64-bit version of Vista, and says it has received sufficient cooperation from Microsoft to gain the kernel access necessary to develop a robust security tool for the operating system.
According to a press release, Sophos Anti-Virus will offer full protection against malware threats on Vista because it has formed its code based on both low-spec and high-spec versions of Microsoft's new OS. Sophos insists its approach works because it has tried to build its technology to work with Vista's PatchGuard instead of developing solutions that work around it.
Sophos believes that PatchGuard is a positive step by Microsoft to improve security in Windows Vista, and is not in itself anticompetitive, provided that Microsoft delivers on its commitment to provide the same level of kernel support and integration to third party security vendors as it does to its own security product team.
Microsoft to Release EU-Compliant Vista
Microsoft confirmed in a news release that it will deliver its Windows Vista operating system to its volume business clients in January 2007. This is despite renewed complaints from antivirus firms Symantec and McAfee. The two IT security companies made extensive efforts to have the European Union stall Vista's release until Microsoft provided API access to security vendors.
The software giant has battled the European Commission for at least two years over security features and other issues that kept Vista from achieving compliance with the commission's competition-ensuring guidelines. Microsoft General Counsel Brad Smith said "constructive discussions" with the EC and Korea Free Trade Commission contributed to the operating system's European compliance and also enabled changes to Vista in Korea, satisfying legal obligations there, the news release said.
EPA Announces New Computer Efficiency Requirements
Estimating savings of more than US$1.8 billion over the next five years, the US Environmental Protection Agency (EPA) announced new Energy Star specifications for computers and related equipment. The EPA hopes that the new standards will prevent greenhouse gas emissions equal to the output of about 2.7 million cars.
According to the EPA ( http://www.epa.gov/newsroom), only the top tier of computer-related products will be able earn the Energy Star label under the new specifications, which include improved efficiency across all modes of a computer's operation and require use of highly efficient internal and external power supplies.
The EPA estimates that if every computer purchased by businesses conforms to the new Energy Star requirements, businesses will save US$1.2 billion over the computer's lifetime.
The EPA also reports that, on average, equipment that qualifies for the Energy Star rating will be 65 percent more efficient than conventional products. The new specifications are set to take effect on 20 July 2007.
Skype Introduces Video Calling for Mac Users, Aims for Legitimacy
Skype has released the beta version of Skype for Mac 2.0, a cross-platform application that lets Macintosh users make video calls on the Internet to another Skype user, whether that user is on a Windows or Mac computer. Skype video for Mac also includes a small window for users to view how they appear to the person they are calling.
The company has developed a notorious reputation among IT administrators because of its encryption, power- and bandwidth-sapping habits, and subversion of traditional enterprise communications channels. Now, the London-based VoIP provider appears to have begun an effort to mend fences with enterprises.
Skype is planning to release a new version of its popular client designed to be more enterprise-friendly, allowing IT managers to control its use much more than prior versions, according to a VoIP News report ( http://www.voip-news.com/ feature/new-skype-enterprise -voip-101706/). This will not be an enterprise-only application, but merely the latest release of the software that will allow administrators to turn on or off certain features that control messaging, file transfer, and privacy settings, the report said.
Sony Recalls Additional Notebook Batteries
In voluntary cooperation with the US Consumer Product Safety Commission (CPSC), Sony initiated another product recall, according to the Office of Information and Public Affairs ( http://www.cpsc.gov/ cpscpub/prerel/prhtml07/ 07011.html). The rechargeable, lithium ion batteries containing Sony cells were packaged in notebooks made by Fujitsu, Toshiba, Gateway, and Sony itself between September 2004 and October 2006.
To date, 16 reports of notebook batteries overheating have been reported, causing minor property damage and two minor burns. The latest recall brings the total number of recalled batteries to more than 9 million, which includes all of the recalls initiated by companies such as Dell and Apple. Cost estimates have reached US$500 million for the product mishap that has affected notebook computers worldwide.
The US CPSC advises users to stop using the battery packs in their notebooks immediately. The CPSC Web site ( http://www.cpsc.gov/) contains links to information on obtaining replacements.