UR Solutions

From eWeek.com

Opinion: 2007 is the year that attackers get more creative. The low-hanging fruit is gone.

I'm always annoyed when it comes to the end-of-year retrospectives and predictions, especially the predictions. "More of the sam­e" is never an acceptable answer, even if it's true, because it's boring. But I do think that the security landscape has been changing over the last year and should accelerate in 2007.­

The "malware winter" began some time before client vulnerabilities began to shrink in urgency. There have been some pretenders to the malware-of-the-year throne, but no real winners.

We could see in 2006 the shift from mass vulnerability-based attacks, even as a rash of "zero day" attacks emerged. Almost all of these zero-day attacks affected very few users.

This is not to say that there are no threats out there, far from it. Leave an unprotected computer out there and act irresponsibly with it, and you'll be "0wned" in no time flat. But protection against these threats has gotten much better and cheaper; anyone who is interested in protecting themselves can for a reasonable amount of money.

Security vendors are even beginning to be more reasonable with their pricing. The Norton 2007 line permits you to use one copy on up to three computers. That's a big step forward for consumer protection.

But we've also been hearing for years about the more sophisticated next generation of attacks. Recently I've seen a few examples that really concern me. Consider the "man-in-the-middle" phishing attack described by Brian Krebs.

In this example, instead of hosting a real phishing site, the site runs a program that proxies for the site being phished, in this example Amazon.com. The user sees what appears to be Amazon.com in the window, and, in fact, it is Amazon.com, having passed through the phishing program on its way to the user.

The attack site just tries to get log-in info, but it could keylog a lot more than that, including credit card info. The user can even buy merchandise and get it delivered! All this particular attack needs is a better domain name.

Another "advance" in phishing came my way today from F-Secure, which identifies phishing sites based on Flash content. This allows realistic sites that can elude many anti-phishing filters.

In the long term I'm optimistic about the ability of security software to combat phishing; there's so much more that it can do, but we're still in the baby steps.

Expect to see many more attacks this year moving up the application stack, both on the client and server, as the base operating system and the browser have become much harder to attack.

On the client, attacks may find it easier to get through more narrow targets. Maybe the scariest bug I've heard of in the last few months was the Broadcom Wireless Driver Probe Response SSID Overflow from the Month of Kernel Bugs. A stranger nearby can exploit you through this over wireless!

One way to avoid phishing sites is to look for the Extended Validation certificate.

But in fact, as Oliver Friedrichs of Symantec Security Response says, the real action in vulnerabilities and exploits is on the server, where more than 70 percent of vulnerabilities are from Web apps, PHP, Perl and similar systems. Many of the sites with these vulnerabilities are front ends for important databases.

With such potential you can expect to see Web app worms going nuts this year, causing massive damage. And since PHP has suffered them before and so much research is focused on it, expect the attacks to center on those servers. If you run a PHP server, better keep up with those updates.

It's going to be a harder year for security in 2007 because it will be harder to explain problems, and perhaps harder to write tools to detect them. But part of this is because we've already made things hard for the bad guys.

From ZDNet

I've been using Mandriva's new Linux-distribution-on-a-USB-stick, Mandriva Flash, and most impressive it is too. On a small 2GB USB key, you get a fully portable Linux desktop comprising the Linux Kernel 2.6.17 plus KDE 3.5.4, Mozilla Firefox 1.5.06, OpenOffice 2.0.3, KMPlayer, Adobe Flash Player and a number of other applications and plug-ins.

I'll post a full review soon, but the main advantages over a similar Live CD distro are that there's a spare 1GB of capacity on the USB stick for downloading additional software and storing your own data, and that any CD drive on a host system will be available for use rather than occupied by the Live CD.

Not every PC has a BIOS that allows booting from a USB drive, but there is a workaround involving a small CD image on the stick that you burn onto a disc and boot from with the USB stick inserted. Stay tuned for the full report.­

From Linuxworld
This year promises to be a big one for Linux
This year promises to be a big one for Linux, at least according to predictions by analysts and pundits in the early part of this decade. Some examples:

• Linux will be installed on 45% of new servers shipped by 2007 (Meta Group, 2002).
• Linux will run on 6% of desktops by 2007 (IDC, 2004).
• Linux will account for 7% of the worldwide cell phone operating market by 2007 (ARC Group, 2004).

 
Whether or not these predictions pan out ("no" on servers, "close" on desktop, "maybe" on cell phone, I say), here's a rundown of Linux and open source happenings you can reasonably expect to see in 2007:

• Early 2007

  • OpenOffice + Microsoft Office

    Novell says its Linux-based OpenOffice.org suite will be compatible with Microsoft's Open Office XML format by the end of January. This development stems out of the wide-ranging partnership between the two companies made in November 2006. Novell, the first translation code between OpenOffice.org and Microsoft Office, will allow Microsoft Word and OpenOffice's WRITER to share documents freely under the Office Open XML standard for multiplatform document creation.

  • Red Hat Enterprise Linux 5

    The long-awaited RHEL5 is slated to ship in early 2007, and should be one of the most significant Linux products introduced this year. Virtualization will be at the core of the distribution, with the Xen virtualization stack built into the code. Advances in security, with enhancements in SELinux and IPSec, and improved Microsoft Active Directory integration are among the myriad upgrades in the product.

  • Flash Player 9

    Flash Player 9 for Linux is expected to ship in "early 2007." Beta 2 for Flash Player 9 for Linux was released in November, and Adobe hopes to get the final kinks out of the code before the end of winter.

  • Enemy Territory: Quake Wars

    Diversion time: the game "Enemy Territory: Quake Wars" is expected to be released by February 27 for Linux machines.

  • Novell BrainShare 2007

    Once the NetWare administrators' show of shows, this event has taken a Linux angle since Novell's shift to SUSE and open source. It runs from March 18-23 in Salt Lake City, Utah.

• Mid-year

  • GPLv3

    The Software Freedom Foundation is expected to release the first major update to the GNU General Public License (GPO). Now in its second-draft release, proposed GPLv3 provisions are causing controversy on how digital rights management (DRM) and software is handled under the license, among other issues. Software with DRM relies on secretive source code and software keys, which unlock the rights to play digital content on a piece of software, as prescribed by content creators. GPLv3 basically wants any player apps licensed under GPL to also include the source code for its DRM mechanisms, which some argue, defeats the purpose. Expect much debate and rancor over this right up until GPLv3's release.

  • LAMP lovers unite

    LAMP (Linux, Apache, MySQL and PHP) server admins have a lot to get amped-up about this spring:

    • MySQL Conference - April 23-26, Santa Clara
    • ApacheCon Europe 2007 - May 1-4, Amsterdam
    • PHP Tek - May 16-18, Chicago

  • Bon Chance, Tux

    The French parliament is expected to swap over 1,150 Windows desktops for Linux PCs by June. Firefox browsers and OpenOffice software will be the programs French government officials use on a daily basis by this time.

  • Longhorn stampede

    Microsoft's Windows Server "Longhorn" is expected to hit mid-year. While not a directly-related Linux event, this launch will sure be on the minds of admins who manage mixed Windows/Linux server rooms.

  • LinuxWorld Expo 2007

    LinuxWorld is down to a single major annual show, so expect the San Francisco event to be more packed with the things that made this event great in the past. It runs from August 6-9.

• Late 2007

  • Sun's Niagara II

    Sun's next-generation UltraSparc T1 server chip is expected to launch, promising the appearance of up to 64 processors on a chip, and advanced power-usage for lower wattage consumption. In early 2006, Sun technologists got Linux running on the first iteration of Niagara - its 32-chips-on-a-chip processor. Sun also made ties to the Ubuntu Linux distribution in 2006. These are developments high-end server admins might want to see converge.

  • Intel shrinks

    Not to be outdone, Intel is expected to launch 45-nanometer versions of its Core Duo 2 processors, offering 20% more performance and lower power consumption than the larger 65-nanometer chips shipping currently.

  • Teraflopping

    The massive, Linux-based parallel supercomputer at Oak Ridge National Laboratory could become the largest Opteron-based supercomputer in the world, with 250 teraflops of processing power. The current supercomputer champ is supposedly IBM's BlueGene/L, with 367 teraflops of power (and also a Linux system). But Cray, which is delivering Oak Ridge's supercomputer, says it can go up to 1 petaflop - a goal for early 2008.

From iTWire

That the idea has been floated again does not surprise me. This is a year when Microsoft will be seeking to pu­sh a new version of its Windows operating system down consumers' throats. It's also a year when several GNU/Linux distributions can claim to be sufficiently desktop-oriented for the average person to have no problem using any one of them.

The idea is pushed by those with a stake in its coming to fruition - the biztech media, several so-called pundits and businesses which stand to gain monetarily. Were GNU/Linux to gain serious marketshare in the business space, then all these peole would see their bank balances start to swell. In order to achieve this objective, any and every means will justify the end.

That's why there have been several people justifying the deal which Novell struck with Microsoft last year. One of them, the chief executive of the Open Source Development Labs, Stuart Cohen, is believed to have been forced to resign shortly thereafter as his public support for this deal did not sit well with the stated mission of the organisation he was heading. That's the extent to which people go.

What will happen during the year? Will any organisations look to replace the Windows desktops which they use with GNU/Linux? Why would businesses change platforms at any point unless they have to? And the only scenario one can visualise for a change is when hardware is upgraded - and that always comes with a version of Windows installed! If any OEMs are selling GNU/Linux machines, that would be news.­

All organisations that use Windows, generally use Word, a software package which has hundreds of functions, only 20 percent of which even the most advanced user utilises. Why would one need to upgrade to a newer version with even more functions which are not going to be used unless one is forced to?

People tend to talk of software migrations taking place due to security concerns. If any business was serious about security and feared a break-in due to the use of Windows, the switch to something like the Mac or GNU/Linux would have taken place years ago. Any additional security which is part of a new Windows O-S is something like a chimera.

One recent study claimed, "open source, especially Linux, is being legitimised by the major enterprise vendors, and user executives are more than happy to believe them." It is difficult to believe that such nonsense is taken seriously. Open source gained credibility a long time ago and anyone who isn't aware of that is just plain ignorant.

There are plenty of factors which inhibit a migration from the desktop, chief among them being a lack of properly trained administrators. Point-and-click monkeys are available by the dozen but an admins with hands-on experience, hackers in the true sense of the word, are few and far between. Hence, any advice from such admins will revolve around the easiest option - which is to follow the old saying "no-one ever got fired for buying IBM" with a small twist - now IBM is replaced by Microsoft.

The year of the Linux desktop? Rubbish. By the end of the year, there would have been enough arm-twisting by the people in Redmond and the upgrades will begin. You can count on it.

From AMD Solutions Center

News Analysis: The technology's focus will move from simply saving money ­on communications to improving productivity.

In the networking space in 2007, voice over IP will be less about reducing communications cost on a converged IP network and more about improving productivity and creating new business applications that incorporate voice to generate new streams or enhance customer service.

The steady vendor drumbeat in 2006 around unified communications helped lay the groundwork for new Web 2.0-style applications that use voice as one of several components.

"The year 2007 will be the year of VOIP apps," said Zeus Kerravala, an analyst with The Yankee Group. "Every major vendor in [the space] now has some sort of [development] community around them, like Avaya's DevConnect. Cisco has one, 3Com is starting one and Microsoft pushes that further along as well."

Microsoft's joint partnership this year with Nortel Networks, which will allow the Redmond, Wash., software giant to develop IP PBX functions that can run on any Windows server, will in 2007 hasten the demise of the hardware-based IP PBX, said Dave Passmore, an analyst at the Burton Group.

"Nortel is throwing in the towel. Their new identity is to work with Microsoft to turn Office Communication Server into a next-generation unified communications server for text messaging, voice, and so on. That turns Microsoft into a direct competitor with Cisco and ­­Avaya," said Passmore.

At the same time, Kerravala said service providers will begin offering voice as a hosted service, creating a "business version of Vonage."

Meanwhile, video conferencing, which has languished due to high costs and poor video quality, will start to take off, but not because of the kinds of quality advances achieved by Cisco's new Telepresence room-based system or Hewlett-Packard's studio-based Halo. Instead, it will be because of the growth of cheap cameras and instant messaging, Passmore said.

"IP PBXes and enterprise instant messaging systems now have video. I think you'll see it become a more routine part of how people communicate sitting at their desktops," he said. "The beauty of that is desktop PCs have sufficient horsepower and nice displays; cameras are dirt cheap and [users] can leverage [Session Initiation Protocol] signaling for VOIP."

After a year of heady growth, eWEEK­ Labs expects the VOIP product market to take a step back in 2007.

At the edge of the network, two trends will change the way enterprises bring remote offices into the corporate network. The continued consolidation of IT data center resources—especially servers—will move WAN optimization and application acceleration into the mainstream of enterprise networks.

"You will see large-scale deployment of WAN optimization and a lot more WAN optimization in big networks," said Joe Skorupa, an analyst with Gartner.

As that market takes off, more of those deployments will be client-based versions rather than appliances installed in remote offices. "They will be deployed for very small offices or home offices, and even on handhelds for the mobile work force," said Skorupa.

Service providers will also begin offering WAN optimization services in earnest next year. While only smaller service providers such as Akamai and Netli to date have launched such services, "toward the second half of next year you will see more of larger service providers get serious about WAN optimization and application delivery controllers as a service," he said.

More enterprises will also look to link sites at the edge of the network directly to the Internet, rather than leasing more costly T-1 lines that are nailed up, said Passmore. "In the past people would use Frame Relay, private lines and so on, but now they're discovering you can buy 10 times as much Internet access bandwidth [for the same price]. Business DSL is still very cheap compared to a T-1 line and you can add on encrypted tunnels to connect sites using the public Internet," he said.

Other trends will affect the way data center networks are architected. The completion this year of a new IEEE standard for 10 Gigabit Ethernet running twisted pair wiring will fuel adoption of that technology in the data center. While it has seen limited success as a network aggregation technology, it has also been gated by costly optics required for connectivity. "This ought to get prices down to hundreds of dollars per port, rather than thousands of dollars per port," said Passmore.

With the rollout next year of cheaper products based on the new standard, it is likely to be used to connect high-performance servers directly to the core network or to each other in grid configurations.

"Ten Gigabit Ethernet could displace Infiniband for grid links," said Rob Whiteley, an analyst with Forrester Research.

Check out eWEEK.com's VOIP & Telephony Center for the latest news, views and analysis on voice over IP and telephony.­

From destinationCRM.com

Gartner highlights new tren­ds and technologies that will influence the way that IT departments operate -- and the way companies do business -- in 2007 and beyond.

New outsourcers, the end of major software overhauls, and the continued rise of the Internet are just a few of the events that will transform the way IT departments operate, according to Gartner. Today, the analyst firm released the latest report in its "Gartner Predicts" series, highlighting predictions, trends, and events that will alter the nature of business and IT in the coming years.

The predictions are for technology in general, not specific to CRM, but will nonetheless have influence over a company's CRM initiatives. "These changes will require that IT and business change their approach to delivering and quantifying value," says Daryl Plummer, a managing vice president and Gartner fellow. "IT professionals must examine these predictions for opportunities to increase their support of consumer-driven requirements and their ability to help the business deliver stronger services to those customers."

First and foremost, and perhaps counter-intuitively, Gartner says that through 2009 market share for the top-10 IT outsourcers will decline to 40.0 percent (from 43.5 percent now), equaling a revenue shift of $5.4 billion. As market share declines, some key outsourcing vendors will cease to exist in their current form. The reduced number of large contracts, increased amount of competition and reduction in contract sizes have placed great pressure on outsourcers, which will have to "sink or swim," based on support for selective outsourcing and disciplined multisourcing competencies. "Most people think outsourcing is in an uncontrollable climb, but saturation of the marketplace by multiple outsourcing providers and not enough business to support them all is going to change that," Plummer says, He sees many smaller outsourcers receiving increased business as companies become more selective about their outsourcers.

Plummer sees the Web having the biggest impact: By 2010, 60 percent of the worldwide cellular population will be "trackable" via an emerging "follow-me Internet." Despite local regulations to protect users' privacy, growing demands for national safety and civil protection are relaxing some of the initial privacy limitations. Marketing incentives will also push users to forgo privacy concerns, and many other scenarios will enable outsiders to track their users, according to the report.

To that end, blogging and community contributors will peak in the first half of 2007. Given the trend in the average life span of a blogger and the current growth rate of blogs, there are already more than 200 million ex-bloggers. Consequently, the peak number of bloggers will be around 100 million at some point in the first half of 2007. And on the negative side, by the end of 2007, 75 percent of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses. Plummer says the threat environment is changing--financially motivated, targeted attacks are increasing, and automated malware-generation kits allow simple creation of thousands of variants quickly. Worst yet, security processes and technologies haven't kept up.

Last, Plummer sees Vista being the last major release of Microsoft Windows. The next generation of operating environments will be more modular and will be updated incrementally as the era of monolithic deployments of software releases is nearing an end. Microsoft will be a visible player in this movement, and the result will be more-flexible updates to Windows and a new focus on quality overall, according to the report. "There's a lot of work involved with deployments of this magnitude; this applies to all software in general. We've altered the manner in which software is purchased, distributed, and updated."

From Playfuls.com

McAfee unveiled its top ten predictions for security threats in 2007 from McAfee Avert Labs. According to McAfee Avert Labs data, with more than 217,000 various types of known threats and thousands more as yet unidentified, it is clear that malware is increasingly being released by professional and organized criminals.

In no particular order, McAfee Avert Labs' top 10 security threats for 2007 are:

• The number of password-stealing Web sites will increase using fake sign-in pages for popular online services such as eBay
• The volume of spam, particularly bandwidth-eating image spam, will continue to increase
• The popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code
• Mobile phone attacks will become more prevalent as mobile devices become "smarter" and more connected
• Adware will go mainstream following the increase in commercial Potentially Unwanted Programs (PUPs)
• Identity theft and data loss will continue to be a public issue – at the root of these crimes is often computer theft, loss of back-ups and compromised information systems
• The use of bots, computer programs that perform automated tasks, will increase as a tool favored by hackers
• Parasitic malware, or viruses that modify existing files on a disk, will make a comeback
• The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well
• Vulnerabilities will continue to cause concern fueled by the underground market for vulnerabilities

 
Today, McAfee researchers are seeing evidence of the rise of professional and organized crime in malware creation, whereby development teams are creating malicious software, testing it and automating its production and release. Sophisticated techniques such as polymorphism, the recurrence of parasitic infectors, rootkits, and automated systems with cycling encryption releasing new builds are becoming more prevalent. Furthermore, threats are being packed or encrypted to disguise their malicious purpose on a more rapid and complex scale.

McAfee Avert Labs' 2007 Threat Forecast:

• Password-stealing Web sites are on the rise More attacks that attempt to capture a user's ID and password by displaying a fake sign-in page, and increased targeting of popular online services such as eBay, will become more evident in 2007. As evidenced by the phishing attacks that followed Hurricane Katrina, McAfee Avert Labs also expects more attacks that take advantage of people's willingness to help others in need. In contrast, the number of attacks on ISPs are expected to decline while those aimed at the financial sector will remain steady.
• Spam, particularly image spam, is on the rise In November 2006, image spam accounted for up to 40 percent of the total spam received, compared to less than ten percent a year ago. Image spam has been significantly increasing for the last few months and various kinds of spam, typically pump-and-dump stocks, pharmacy and degree spam, are now sent as images rather than text. Image spam is typically three times the size of text based spam, so this represents a significant increase in the bandwidth used by spam messages.
• The popularity of video on the Web will make it a target for hackers The increasing use of video formats on social networking sites such as MySpace, YouTube and VideoCodeZone will attract malware writers seeking to easily permeate a wide network. Unlike situations involving email attachments, most users will open media files without hesitation. Furthermore, as video is an easy-to-use format, functionality such as padding, pop-up ads and URL redirects become ideal tools of destruction for malware writers. In combination, these issues make malicious coders likely to achieve a high degree of effectiveness with media malware.
• More mobile attacks Mobile threats will continue to grow as platform convergence continues. The use of smartphone technology has played a pivotal role in the threat's transition from multifunction, semi-stationary PCs to palm-sized "wearable" devices. With increased connectivity through BlueTooth, SMS, instant messaging, email, WiFi, USB, audio, video and Web, there are more possibilities for cross device contamination.
  SMiShing, which involves taking the techniques of phishing by email and porting them to SMS (SMiShing instead of phishing), is also expected to increase in prevalence. In August 2006, McAfee Avert Labs received its first sample of a SMiShing attack with VBS/Eliles, a mass mailing worm that also sends short message service (SMS) messages to mobile phones. By the end of September 2006, four variants of the worm had been discovered. In addition, for-profit mobile malware is expected to increase in 2007. While most of the malware Avert Labs has run across includes relatively simple Trojan horses, the outlook has changed with the J2ME/Redbrowser Trojan. J2ME/Redbrowser is a Trojan horse program that pretends to access Wireless Access Protocol (WAP) web pages via SMS messages. In reality, instead of retrieving WAP pages, it sends SMS messages to Premium Rate numbers, thus costing the user more than intended. A second J2ME, Wesber, appearing in late 2006, also sends out messages to a premium SMS number.
• Late 2006 saw a flurry of spy-ware offerings in the mobile world. Most are designed to monitor phone-numbers and SMS call-logs, or to steal SMS messages by forwarding copies to another phone. One spyware in particular, SymbOS/Flexispy.B, is able to remotely activate the microphone of the victim's device, allowing someone to eavesdrop upon that person. Other spyware can activate the camera. McAfee expects that the offerings of commercial spyware targeting mobile devices to grow in 2007.
• Adware will go Mainstream In 2006, McAfee Avert Labs saw an increase in commercial Potentially Unwanted Programs (PUPs), and an even larger increase in related types of malicious Trojans, particularly keyloggers, password-stealers, bots and backdoors. In addition, misuse of commercial software by malware with remotely controlled deployment of adware, keyloggers and remote control software is on the rise. However, despite the social, legal and technical challenges, there is so much commercial interest in advertising revenue models that McAfee expects to see more legitimate companies using or attempting to use advertising software in ways (hopefully) less objectionable to consumers than most current adware.
• strong>Identity theft and data loss will continue to be a public issue According to the U.S. Federal Trade Commission, approximately 10 million Americans are victims of identity fraud each year. At the root of these crimes is often computer theft, loss of backups or compromised information systems. While McAfee expects the number of victims to remain relatively stable, company disclosures of lost or stolen data, increasing incidents of cyberthefts and hacking into retailer, processor and ATM systems and reports of stolen laptops that contain confidential data will continue to keep this topic of public concern.
• Bots will increase Bots, computer programs that perform automated tasks, are on the rise, but will move away from Internet Relay Chat (IRC)-based communication mechanisms and towards less obtrusive ones. In the last few years, there has been increasing interest within the virus-writing community in IRC threats. This was due to the power afforded by the IRC scripting language and the ease of coordinating infected machines from a chat-room type of structure.
• "Mules" will also continue to be an important aspect in bot-related money making schemes. These are work-at-home type jobs which are offered through very professional-looking websites, through classified ads, and even through instant messaging (IM). These are a crucial part of the reason so many bots are able to be run from places around the globe. In order to get merchandise (often to resell) or cash with stolen credit card credentials, the thieves have to go through more strict regulations if the goods are going to another country. To get around these regulations, they use mules within those originating countries.
• Parasitic malware is making a comeback Even through parasitic malware accounts for less than 10 percent of all malware (90 percent of malware is static), it seems to be making a come back. Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides. When the user runs the infected file, the virus runs too. W32/Bacalid, W32/Polip and W32Detnat are three popular polymorphic parasitic file infectors identified in 2006 that have stealth capabilities and attempt to download Trojans from compromised Web sites. Also important to note is that 80 percent of all malware is packed, encrypted, or obfuscated, in some attempt to disguise its malicious purpose. Examples of parasitic infectors that are obfuscated include w32/Bacalid and w32/Polip. Rootkits will increase on 32-bit platforms -- but protection and remediation capabilities will increase as well.
• Vulnerabilities continue to cause concern The number of disclosed vulnerabilities is expected to rise in 2007. Thus far in 2006, Microsoft has announced 140 vulnerabilities through its monthly patch program. McAfee Avert Labs expects this number to grow due to the increased use of fuzzers, which allow for large scale testing of applications, and due to the bounty program that rewards researchers for finding vulnerabilities. This year to date, Microsoft has already patched more critical vulnerabilities than in 2004 and 2005 combined. By September 2006, the combined 2004 and 2005 total of 62 critical vulnerabilities had already been surpassed.
• McAfee Avert Labs has also noted a trend in zero-day attacks following Microsoft's monthly patch cycle. Since the patches are issued only once per month, this encourages exploit writers to release zero-day Microsoft exploits soon after a month's Patch Tuesday to maximize the vulnerability's window of exposure. - www.playfuls.com
  

From C|NET News.com

France's gendarmes and Ministry of Culture and Communication have done it, and now members of the country's parliament are about to switch to open source.­

Starting in June 2007, PCs in French deputes' offices will be equipped with a Linux operating system and open-source productivity software.

The project, backed by parliament members Richard Cazenave and Bernard Carayon of the Union for a Popular Movement party, will see 1,154 French parliamentary workstations running on Linux, with OpenOffice.org productivity software, the Firefox Web browser and an open-source e-mail client.

A spokesperson for the parliament's administration said a decision as to the choice of Linux distribution and e-mail client hasn't yet been made. Currently, some of the parliament's servers have been running Linux, with Apache Web servers and the Mambo content management system.

The project was the subject of a study by technology services company Atos Origin, whose conclusions convinced the French National Assembly to make the switch.

"The study showed that open-source software will from now on offer functionality adapted to the needs of MPs (members of parliament) and will allow us to make substantial savings despite the associated migration and training costs," the parliament said.

Open-source supporters have welcomed the decision. Benoît Sibaud, president of April, the association for the research into and promotion of open-source computing, said the decision to migrate to open source will enable the French parliament to have greater control over its information technology without depending on any one vendor and to make better use of public money.

This will be the first case of a French public institution switching its PCs to a Linux operating system. Previous open-source initiatives concerned servers, as was the case with the Minstry of Agriculture, and with OpenOffice and Firefox, which were adopted by France's gendarmerie.

Christophe Guillemin of ZDNet France reported from Paris.

Mandriva today is proud to introduce its brand new distribution: Mandriva Linux 2007. This new version of the operating system was designed to be an even better fit for the needs and expectations all users, from the beginner to the SOHO user.

The key innovation of Mandriva Linux 2007 is the spectacular AIGLX and Xgl 3D-accelerated desktop. Mandriva is the only distribution to provide both technologies, making it compatible with the widest range of hardware; a special tool features auto-detection of the best 3D solution for your hardware. Mandriva is particularly happy to have achieved this major breakthrough in desktop appearance.

Mandriva launches Mandriva One , which brings you a top-notch operating system and best-in-class software applications, all on one CD! Simply insert the Mandriva One CD in your CD-ROM drive to launch the system and access office, Internet and multimedia tools, with no need to install. For more information, visit the Mandriva Linux official website and download a copy today!­

IBM launches a new set of POS models to upgrade their popular SurePOS line-up. Their touchscreen ­SurePOS 500 4840-532 is replaced by a new model, the 4840-514. The 514 comes with a new dual-bulb resistive touch interface. The SureOne 4614-P80 model replaces the AO4. Both models come with a VIA C3 1.2GHz processor as standard, and 256MB and 128MB RAM, respectively.

STM releases RMS version 5.7, in time for the opening of its 900th store, a branch of Burger King in Singapore! At the cu­rrent rate, the 1000th store will very likely open sometime in 2006. For more news about STM and RMS check out their website.

UR Solutions becomes the first Mandriva Linux Silver Partner in the Philippines furthering its advocacy for Linux and Open ­Source solutions.

UR Solutions renews RMS System Integrator (SI) accreditation. To date the only company in the Philippines (outside of ST­MPI) with an SI, UR Solutions forged its commitment to yet another year of supporting local RMS users.