<a href="http://www.networkworld.com/news/2008/011008-torvalds-linux.html">Linus Torvalds</a>, creator of the Linux kernel, says he's fed up with what he sees as a "security circus" surrounding software vulnerabilities and how they're hyped by security people. Torvalds explained his position in an e-mail exchange with Network World this week. He also expanded on critical comments he made last month that caused a stir in the IT industry.
Stories by Ellen Messmer
Symantec is still spending hundreds of millions of dollars annually to develop new products, but the company recently stepped up spending on acquisitions as well to bolster its offerings.
Symantec this month completed buyouts of Sygate Technologies and WholeSecurity for undisclosed amounts, and reached a deal to acquire BindView Development for US$207 million.
The promise of the giant Chinese auto market has spurred carmakers worldwide to rally around a new standard for data exchange that they say is needed to exploit the opportunity.
Announced at this week's Auto-Tech Conference in Detroit by European, Japanese and U.S. standards bodies, the Joint Automotive Data Model (JADM) is designed to provide a common way for manufacturers and suppliers to swap XML-formatted data. The format-neutral XML is widely viewed as far more flexible for Internet-based machine-to-machine data sharing than the decades-old electronic data interchange (EDI).
Wireless vendors are rolling out a new generation of handheld computers called smartphones for corporate users, but many network executives say they won't consider them until the means to manage and secure them are clear.
The Black Hat conference - an annual event where security professionals get in touch with their inner hacker and vice versa - has for nine years been a stage for detailing new security exploits and sharing visions of the future.
News has been dominated by the saga of security researcher Michael Lynn, who defied his employer Internet Security Systems by delivering a forbidden presentation on hacking unpatched Cisco routers - and was subsequently sued by ISS and Cisco. But Black Hat had much more, including:
Although Cisco and Internet Security Systems had abruptly cancelled a planned technical talk and demo at the Black Hat Conference to reveal how unpatched Cisco routers can be remotely compromised, the researcher who had originally uncovered the problem went ahead with the talk anyway, igniting a spate of lawsuits against himself and the Black Hat Conference.
Baylor University learned about wireless LAN security in the school of hard knocks. Three years ago, Baylor began installing 270 Enterasys Networks Inc. wireless access points across its Waco, Texas, campus in libraries, classrooms and dorms so students and faculty could access the campus LAN from computers outfitted with 802.11b WLAN cards. That was the easy part, according to Baylor's IT staff. But finding a way to add authentication to enable unimpeded wireless access has meant a crash course in security technologies that hasn't yet ended.
In fact, 802.1x, the authentication technology Baylor just started using last month, is causing the WLAN network to crash from time to time. "We're forcing the wireless access points to do more than we had them do in the past," says Bob Hartland, director of IT servers and networking systems at Baylor.
The decision to outsource about 20 percent of its application outsourcing overseas came down from Aetna Inc.'s upper management, and it's hard to argue that the move hasn't paid off financially.
The insurance company pays developers in India US$20 an hour vs. $60 an hour for U.S. workers, and the quality of the work has met expectations. The company is looking to outsource as much as 30 percent of its apps development going forward.
The IT auditor, whose security-related job is watching over IT systems and corporate employees for signs of trouble, was once seen as the techie office curmudgeon. But after last year's financial accounting scandals in the US, the IT auditor's status is rocketing in the role as key adviser to upper management.
Usually found in the information security department, the IT auditor is being invited to spend more time with the top business management and the audit committees of the board of directors, who are anxious to be assured that things are all right.