Issue No.03 - May/June (2008 vol.10)
Published by the IEEE Computer Society
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2008.53
Industry trends, new releases, and recent events in the technical world.
Wireless Skills Top Future Hiring Priorities
Technology workers looking to keep their skills in line with employers' future needs would be wise to focus on wireless technologies, according to research commissioned by the Computing Technology Industry Association (CompTIA; www.comptia.org).
A survey of more than 3,500 IT managers reveals that demand for wireless and radiofrequency (RF) mobile technology skills is poised to grow significantly over the next five years. Among specific industries, IT managers in healthcare and education (63 percent each) identified expertise with wireless technology as the skill that will be most important by 2013.
A related survey commissioned by CompTIA identified IT security skills as high in demand but short in supply. Among organizations surveyed in nine countries with established IT industries (Australia, Canada, France, Germany, Italy, Japan, the Netherlands, the UK, and the US), 73 percent identified security and data privacy skills as the most important. Yet, just 57 percent said their IT employees were proficient in those areas. The gap is even wider (19 percentage points) in five countries in which strong IT industries have emerged relatively recently (China, India, Poland, Russia, and South Africa).
More information on the surveys is available at www.comptia.org/sections/research.
Technology Trade Groups Consolidate their Power
The Information Technology Association of America (ITAA), formed in 1961, is joining forces with the four-year-old Cyber Security Industry Alliance (CSIA), whose 14 members are primarily CEOs of major computer security companies.
ITAA made the announcement just a week after it formally merged with another technology trade group, the Government Electronics and Information Technology Association (GEIA), which has been around since 1952.
As a result of these mergers, ITAA will have more than 350 members.
The groups' preexisting agendas are largely complementary: ITAA has worked on broad policy issues, such as security, trade, and labor; CSIA has focused primarily on security matters; and GEIA has concentrated on technical standards and government technology market analysis.
In 2007, CSIA focused on legislation to curb data breaches and identity theft, improve privacy, and bolster security for federal computer systems and critical infrastructures in the US and Europe.
ITAA's mergers could signal further consolidation within the technology industry, which is represented by several major trade groups, such as the Information Technology Industry Council, the Consumer Electronics Association, and the Business Software Alliance. Other industries, such as oil and pharmaceutical, are considered more effective in influencing governments because they pool resources in one or two prominent associations.
Open Source Changed the Game
Microsoft has dramatically changed its approach to software development because of open source software, according to Ray Ozzie, the company's chief software architect, who spoke as part of a wide-ranging discussion during the annual Most Valuable Professional summit in Seattle, Washington, in April.
As people have increasingly adopted open source software, the need for interoperability between Microsoft's systems and others has also grown. When Microsoft begins developing new products, it now considers what components it will want to open up to outside developers from the very start, Ozzie said.
Of course, that doesn't mean that Microsoft is changing its approach to business, says Ozzie. The company will open source aspects of what it does where it believes there will be a "benefit to the community"—as with the .Net framework, for example—but its business model is still based on proprietary software.
Bottom-Line Success Tied to Strategic IT
Atlanta-based strategic advisory firm, the Hackett Group ( www.thehackettgroup.com) recently released a report arguing that companies need to get strategic about IT as a business-value generator.
According to the research, when compared by industry, top IT business-value management performers generate US$1.1 billion more in operating profit annually and $645 million higher net profit than typical Global 1000 companies.
Although business-value management—which concentrates on business value governance, performance management, portfolio management, and IT financial management—represents "only 3 to 7 percent of the overall IT processes and resources," according to Hackett chief research officer Michael Janssen, "excelling in these areas, companies can drive dramatic bottom-line benefits."
Data Center Convergence Becoming a Reality
Several companies announced in April their first products for Fibre Channel over 10-Gbit Ethernet. Fibre Channel is a high-speed transport technology used to build storage area networks. Although it can be used as a general-purpose network to carry ATM, IP, and other protocols, Fibre Channel has been used primarily for transporting Small Computer System Interface (SCSI) traffic from servers to disk arrays. The Fibre Channel Protocol serializes SCSI commands into Fibre Channel frames, although it uses IP for in-band Single Network Management Protocol (SNMP) traffic. Fibre Channel supports singlemode and multimode fiber connections, coaxial cable, and twisted pair cable.
Cisco Systems, Emulex, Intel, Mellanox, and QLogic announced their first crop of Fibre Channel-over-Ethernet (FCoE) products at the Storage Networking World conference in Orlando, Florida, in April. But many of the companies are waiting for standards to be completed before attempting to field high-volume FCoE products.
At the same time, startup SolarFlare announced a transceiver that can power 10-Gbit Ethernet up to 100 meters over copper on a single 65-nanometer CMOS (complementary metal-oxide semiconductor) chip that dissipates just 5.5 watts. Running 10-Gbit signals over copper has usually required multiple chips using up to 12 watts of power. The SolarFlare SFT 9001 transceiver could cut the power budget in half, but the company is still developing the part, which it hopes to sample in May at less than US$100.
Although this work aims primarily to lower the cost of and expand the market for 10-Gbit Ethernet (which has been limited thus far to expensive optical and short-reach copper cables), it could combine with the new Fibre Channel products to ignite a broad industry drive to run networking, storage, and clustering traffic over single mainstream pipes in future data centers. The aim is to create a converged fabric, reducing the cost and power requirements of supporting cables, multiple switches, and adapter cards.
The rise of 10-Gbit Ethernet has been sluggish because of the lack of a long-reach copper option. According to EETimes, less than 400,000 10-Gbit Ethernet switch ports were shipped last year—perhaps half of them not populated—and only about 30,000 server cards have been sold.
Oracle Announces Content, E-mail Archiving Products
Oracle recently launched two enterprise products aimed at securely archiving content and e-mail.
The Universal Online Archive is designed to sit on top of Oracle's database, so that users can leverage features such as the SecureFiles file-encryption and compression system native to Oracle's 11-Gbyte database release. The company developed the core of the software organically, but also employed some technology from Oracle's late-2006 acquisition of Stellent, a provider of enterprise content management software solutions.
Despite its name, Universal Online Archive's initial release is available as an on-premises install.
Oracle also announced its new E-Mail Archive Service, designed to store content from Microsoft Exchange, IBM Lotus Notes, and other SMTP-based mail systems.
New Attack Targets ActiveX Bugs
According to Symantec, a multiple-attack package composed of seven ActiveX exploits is gaining popularity with hackers. What's more, less than half of the flawed ActiveX controls have been patched.
The attack framework probes Windows PCs for vulnerable ActiveX controls in Microsoft and Macrovision software, as well as hardware from D-Link, Hewlett-Packard, and Gateway.
Visitors to compromised Web sites are redirected by rogue inline frame ( IFRAME) elements to malicious sites serving the package. The attack pack tests each victim's PC for each ActiveX control, detects whether a vulnerable version of a control is installed, and then launches an attack when it finds one.
Bugs in ActiveX, a Microsoft technology frequently used to create add-ons for the Internet Explorer (IE) browser, have always been common, but so many flaws have been disclosed recently that some security experts have told users do without them, according to an article in ComputerWorld ( www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9074979).
The seven exploits in the package are a combination of old and new flaws: Microsoft's own ActiveX vulnerability—a bug in IE's Speech API—was disclosed in June 2007, and the vulnerability in the Citrix Presentation Server Client control harks back to December 2006. Others, such as the ActiveX bugs in D-Link's security webcams and Sony's ImageStation, were just revealed in February 2008.
The ActiveX flaws in the D-Link, Gateway, Sony, and Macrovision products have yet to be patched.
If the exploit framework succeeds in compromising a PC, the hackers drop a Trojan on the machine that includes a rootkit component to mask it from antivirus scanners as it turns the PC into a spam-spewer.
For more, see http://security.itworld.com/4337/attack-targetsactivex-bugs-080407/pfindex.html.
Early Warning Systems for Infrastructure Attacks?
US federal cybersecurity officials are trying to develop an early warning system to alert authorities to incoming computer attacks targeting critical US infrastructure, according to Homeland Security Secretary Michael Chertoff.
Chertoff gave few details about this or other initiatives when speaking at the RSA security conference in April. He did, however, acknowledge the technical challenge in developing such a system.
Some security experts have said the idea of an early warning system seems far-fetched. Robert Graham, chief executive of Atlanta-based Errata Security and an expert on computer-intrusion prevention, said current technology can only detect when a hack has already occurred—even then, breaches usually happen too fast for early warnings.
Chertoff said the system would improve on the government's current tools for analyzing computer threats, which he said are built on a backward-looking architecture—that is, they scrutinize threats coming into the networks and work backward to identify the nature and source of the attack. He was referring to the Einstein program, run out of the US Computer Emergency Readiness Team (US-CERT), a partnership between the US homeland security department, other public agencies, and private companies.
US officials have acknowledged that hackers have broken into the networks of at least one government research laboratory and even the Pentagon over the past year and are intensifying their attacks. Chertoff said there are too many openings into government networks for criminals to explore and exploit with viruses or other malicious code.