Flaw finders brewing trouble? [TECH UPDATE]

Welcome to ZDNet's Tech Update Today for Thu., January 27, 2005 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IN THIS ISSUE: DAN FARBER - Are flaw finders brewing trouble? TOP NEWS HEADLINES FROM ZDNN - Trojan piggybacks on Microsoft patching - Intel's mystery mark sparks intrigue - Microsoft, regulators to meet over Longhorn - Sun warms to open-source server software - Oracle's eye on the future - Net telephone fees have users fuming LATEST BLOGS - Oracle vs. SAP: Duel to the finish or peaceful co-existence? -- David Berlind - SSL VPN vs. IPSec: Give the debate a rest -- Chris Jablonski - Is Cisco VoIP vulnerable to DoS attacks? -- Russell Shaw - This year, we separate Web services and SOA -- Joe McKendrick - IP telephony migration and the 'what if' factor -- Russell Shaw DAVID BERLIND'S PICKS - Sun ups the patent ante--but not enough - Evaluating open source Windows - One-to-one RSS? Yes and no - Reader: 'Adapting your process to COTS is horridly wrong' AUDIOCAST - Simplifying VoIP deployment and management VIDEOCAST - Business phone flips its lid COMMENTARY - What if? An alternative history of tech DOWNLOADS - Take your PC with you PODCAST - Novell exec chats on Open Enterprise Server PREVIOUSLY ON TECH UPDATE TODAY - Too much innovation or too little talent? - Can technology close the media's credibility gap? - Sun issues open letter to IBM's Palmisano ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <---------------Advertisement---------------> Upgrade Your WinXP Pro Skills with This Guide TechRepublic's WINDOWS XP PROFESSIOANL RESOURCE GUIDE, SECOND EDITION contains a wealth of tips and advice to help you set up, configure, and optimize your organization's Windows XP machines. With TechRepublic's informative guide, you'll find it easier than ever to master the ins and outs of the Windows XP Professional desktop operating system. To order your copy, click here: http://ct.zdnet.com.com/clicks?c=6374-45018394&brand=zdnet&ds=5 <-------------------------------------------> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DAN FARBER Are flaw finders brewing trouble? While many security researchers delay the announcement of security holes so that manufacturers have time to patch them, the question of when and how customers ought to be informed of security risks is far from settled. Despite pressure from Microsoft and other companies about the dissemination of alerts, independent researchers like Immunity's David Aitel have their own vision of flaw disclosure. "If you find out some information," says Aitel, "you should be able to use that information as you wish." So, are these instant disclosers making your networks safer? Or are they simply making software makers' work harder tougher? http://ct.zdnet.com.com/clicks?c=6332-45018394&brand=zdnet&ds=5 Cisco finds more security flaws in router software http://ct.zdnet.com.com/clicks?c=6333-45018394&brand=zdnet&ds=5 Expert: Flaw still dogs Windows patch http://ct.zdnet.com.com/clicks?c=6334-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TOP NEWS HEADLINES FROM ZDNN Trojan piggybacks on Microsoft patching http://ct.zdnet.com.com/clicks?c=6335-45018394&brand=zdnet&ds=5 Intel's mystery mark sparks intrigue http://ct.zdnet.com.com/clicks?c=6336-45018394&brand=zdnet&ds=5 Microsoft, regulators to meet over Longhorn http://ct.zdnet.com.com/clicks?c=6337-45018394&brand=zdnet&ds=5 Sun warms to open-source server software http://ct.zdnet.com.com/clicks?c=6338-45018394&brand=zdnet&ds=5 Oracle's eye on the future http://ct.zdnet.com.com/clicks?c=6339-45018394&brand=zdnet&ds=5 Net telephone fees have users fuming http://ct.zdnet.com.com/clicks?c=6340-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ LATEST BLOGS Oracle vs. SAP: Duel to the finish or peaceful co-existence? -- David Berlind http://ct.zdnet.com.com/clicks?c=6341-45018394&brand=zdnet&ds=5 SSL VPN vs. IPSec: Give the debate a rest -- Chris Jablonski http://ct.zdnet.com.com/clicks?c=6342-45018394&brand=zdnet&ds=5 Is Cisco VoIP vulnerable to denial-of-service attacks? -- Russell Shaw http://ct.zdnet.com.com/clicks?c=6343-45018394&brand=zdnet&ds=5 This year, we separate Web services and SOA -- Joe McKendrick http://ct.zdnet.com.com/clicks?c=6344-45018394&brand=zdnet&ds=5 IP telephony migration and the 'what if' factor -- Russell Shaw http://ct.zdnet.com.com/clicks?c=6345-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DAVID BERLIND'S PICKS Sun ups the patent ante--but not enough Sun"s anti-climactic OpenSolaris announcement contained one surprise -- the company's offer of 1,600 patents to the open source community. Nice gesture, says Joe Brockmeier, but it's not enough. "If Sun and IBM are serious about encouraging innovation and open source, they need to be working to get rid of software patents entirely...rather than propping up a broken system by offering a token set of patents as a gesture of goodwill." http://ct.zdnet.com.com/clicks?c=6346-45018394&brand=zdnet&ds=5 Analyst: IBM's patent pledge good for Web services http://ct.zdnet.com.com/clicks?c=6347-45018394&brand=zdnet&ds=5 Evaluating open source Windows Dana Blankenhorn speculates that programs like Firefox, Thunderbird, Open Office and the Chandler project may be more of a threat to Windows than Linux. Could these open source Windows apps demonstrate the true power of the open source model? http://ct.zdnet.com.com/clicks?c=6348-45018394&brand=zdnet&ds=5 Open source blog http://ct.zdnet.com.com/clicks?c=6349-45018394&brand=zdnet&ds=5 One-to-one RSS? Yes and no Now that phishing has destroyed e-mail as an effective communications tool for commerce-enabled sites, I askeded: Why not use the Really Simple Syndication protocol as an end-run around the e-mail infrastructures -- with a separate RSS feed for every customer? Member Dump-at-sign-Email says it won't work: "RSS was not built for one-to-one communications ...It will be impossible to scale." But member David White's already on the case: "We've implemented one-to-one RSS--it works fine." JOIN THE DISCUSSION http://ct.zdnet.com.com/clicks?c=6350-45018394&brand=zdnet&ds=5 Reader: 'Adapting your process to COTS is horridly wrong' Several of you took issue with Nick Carr's suggestion that the FBI's $170 million software project was derailed by a desire to innovate. Counting on COTS (commerical-off-the- shelf) applications is "horridly wrong," writes member Erik Engbrecht. "Software vendors [are] consistently pushing unextensible vaporware that corporate IT can't make meet the business's needs--so they tell the business what its needs are." JOIN THE DISCUSSION http://ct.zdnet.com.com/clicks?c=6351-45018394&brand=zdnet&ds=5 Too much innovation or too little talent? http://ct.zdnet.com.com/clicks?c=6352-45018394&brand=zdnet&ds=5 More reader comments: "There's probably any number of COTS things that'd get the FBI 75% of the way." -- cwbutler http://ct.zdnet.com.com/clicks?c=6353-45018394&brand=zdnet&ds=5 "It's just the IT guys creating work for themselves to improve their funding. -- gsbtech http://ct.zdnet.com.com/clicks?c=6354-45018394&brand=zdnet&ds=5 "We need to reinvent how the government interacts with IT firms." -- rthrasher http://ct.zdnet.com.com/clicks?c=6355-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AUDIOCAST Simplifying VoIP deployment and management While IP telephony promises reduced costs, increased productivity and state of the art communications systems, implementing a VoIP system can be a maze of considerations and preparation, including network analysis and upgrades, traffic requirements and management. In this audiocast, we look at what it takes to roll out a system that best fits the business requirements of your customers, employees, management and support team. http://ct.zdnet.com.com/clicks?c=6356-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ VIDEOCAST Business phone flips its lid The Motorola MPX, a true business phone for the overachiever, offers a dual-hinged display, QWERTY keyboard, Windows Mobile, GMS and GPRS, Bluetooth, Wi-Fi and a 1.2 megapixel camera. CNET Editor in Chief Patrick Houston and Motorola's Monica Rohleder take a look http://ct.zdnet.com.com/clicks?c=6357-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ COMMENTARY What if? An alternative history of tech CNET News.com's Michael Kanellos imagines a world where Apple licensed the Mac and wrestling is a corporate sport. http://ct.zdnet.com.com/clicks?c=6358-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DOWNLOADS Take your PC with you Once installed on the PC you'd like to control, I'm InTouch 4.0 lets you log in from any Internet-connection device, such as your BlackBerry, your cell phone, your PDA, or a PC. http://ct.zdnet.com.com/clicks?c=6359-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PODCAST Novell exec chats on Open Enterprise Server Novell has failed, twice so far, to sell ported versions of Netware (Netware on Solaris and HP-UX, Netware on x86 Unix), which makes its just announced Open Enterprise Server -- a SuSE Linux-based version of Netware -- the company's last chance to avoid a strikeout. In our latest IT Matters podcast interview, Novell's Charlie Ungashick stops by to discuss the prospects for OES. http://ct.zdnet.com.com/clicks?c=6360-45018394&brand=zdnet&ds=5 ZDNet's podcasts: How to tune in http://ct.zdnet.com.com/clicks?c=6361-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CONTEST Write your own ticket to PC Forum 2005 What IT innovation have the experts underplayed...or even completely missed? Your answer could win you free admission to PC Forum 2005 -- and the opportunity to address the PC Forum audience. http://ct.zdnet.com.com/clicks?c=6362-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PREVIOUSLY ON TECH UPDATE TODAY Too much innovation or too little talent? In a New York Times op-ed piece, Nicholas "IT Doesn't Matter" Carr attributes the FBI's $170 million software train wreck to the fact that most large-scale IT projects fall short of expectations, sometimes spectacularly. What's more, Carr suggests, the FBI's biggest problem may be its desire to innovate. Dan Farber thinks the FBI failure has more to do with a lack of the right human resources and culture than it does with technical innovation. What do you think? http://ct.zdnet.com.com/clicks?c=6363-45018394&brand=zdnet&ds=5 Can technology close the media's credibility gap? A growing disenchantment with the established media has many of us turning to alternate sources of information. Earlier this week, David Berlind asked: Can bleeding-edge publish-and-subscribe technology -- like podcasting -- help to close the media's credibility gap? Several ZDNet readers were fast out of the gate with opinions. JOIN THE DISCUSSION http://ct.zdnet.com.com/clicks?c=6364-45018394&brand=zdnet&ds=5 Sun issues open letter to IBM's Palmisano Sun is turning up the heat on Big Blue. An open letter from Jonathan Schwartz to Sam Palmisano calls on IBM to serve its customers by porting IBM applications to Sun's Solaris for x86 systems. Faced with Sun's relentless deployment of such guerilla tactics as blogs, open letters and customer testimonials, it's hard to imagine IBM coming up with any reasonable excuse that the IT community would accept...even if, as IBM says, Solaris 10 doesn't have enough market share today to justify development costs. http://ct.zdnet.com.com/clicks?c=6365-45018394&brand=zdnet&ds=5 See also: Schwartz to IBM--don't lock us out http://ct.zdnet.com.com/clicks?c=6366-45018394&brand=zdnet&ds=5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Visit ZDNet's Tech Update home page: http://ct.zdnet.com.com/clicks?c=6367-45018394&brand=zdnet&ds=5 HELP WANTED: COOL JOB OF THE WEEK: USE YOUR POWERS FOR GOOD Like most IT pros, security is probably foremost on your mind these days. Put your network engineering and security expertise to good use by working as an Ethical/Legal Hacker. Some of your tasks will include implementing network security systems that perform intrusion detection, identifying violations, and performing fixes. Visit Dice.com to learn more about this position (search for position ID: KTHack, Dice ID: fastoh), as well as more than 50,000 other tech listings. http://ct.zdnet.com.com/clicks?c=6375-45018394&brand=zdnet&ds=5 ------------------------------------------ *******************ELSEWHERE ON ZDNET!**************** Find tech jobs http://ct.zdnet.com.com/clicks?c=6368-45018394&brand=zdnet&ds=5 Free TechRepublic downloads http://ct.zdnet.com.com/clicks?c=6369-45018394&brand=zdnet&ds=5 Improve your tech skills http://ct.zdnet.com.com/clicks?c=6370-45018394&brand=zdnet&ds=5 Enterprise server solutions http://ct.zdnet.com.com/clicks?c=6371-45018394&brand=zdnet&ds=5 Clearance Center http://ct.zdnet.com.com/clicks?c=6372-45018394&brand=zdnet&ds=5 *********************************************************** NEW! ZDNet professional e-mail publishing for just $24.95/month. FREE for 30 days. Click here! http://ct.zdnet.com.com/clicks?c=6373-45018394&brand=zdnet&ds=5 ************************************************************* Elsewhere Find tech jobs http://ct.zdnet.com.com/clicks?c=6376-45018394&brand=zdnet&ds=5 Free TechRepublic downloads http://ct.zdnet.com.com/clicks?c=6377-45018394&brand=zdnet&ds=5 Improve your tech skills http://ct.zdnet.com.com/clicks?c=6378-45018394&brand=zdnet&ds=5 Enterprise server solutions http://ct.zdnet.com.com/clicks?c=6379-45018394&brand=zdnet&ds=5 Clearance Center http://clearance.zdnet.com White Papers from our partners Managing (and Mastering) Your Customer Data (Siebel Systems) http://ct.zdnet.com.com/clicks?c=6380-45018394&brand=zdnet&ds=5 Transform Technical Support into Competitive Advantage with Citrix GoToAssist (complimentary trial) (Citrix Online) http://ct.zdnet.com.com/clicks?c=6381-45018394&brand=zdnet&ds=5 Service Desk Evaluation Guide for the Mid-sized Business -- How to Choose the Right Service Desk Solution and Improve Your ROI (Remedy) http://ct.zdnet.com.com/clicks?c=6382-45018394&brand=zdnet&ds=5 Defending your network at the gateway. Panda Software’s GateDefender Internet appliance. (Panda Software) http://ct.zdnet.com.com/clicks?c=6383-45018394&brand=zdnet&ds=5 The e-mail address for your subscription is gdewilde@gmail.com To sign up for more ZDNet newsletters, please visit: http://nl.com.com/servlet/url_login?email=gdewilde@gmail.com&brand=zdnet To unsubscribe from this e-mail, please visit: http://ct.com.com/click?q=f7-N6anr8gnmk0Gj_D2ruOSbRQzfOOwtxpP To manage your account settings, or to remove yourself from all ZDNet communications, please visit: http://nl.com.com/servlet/url_login?email=gdewilde@gmail.com&brand=zdnet For the ZDNet Newsletters FAQ, please visit: http://ct.zdnet.com.com/clicks?c=6384-45018394&brand=zdnet&ds=5 To learn about advertising opportunities in ZDNet Newsletters, click here: http://ct.zdnet.com.com/clicks?c=6385-45018394&brand=zdnet&ds=5 Copyright 2005 CNET Networks, Inc. All rights reserved. ZDNet is a registered service mark of CNET Networks, Inc. CNET Networks, Inc. 235 Second Street San Francisco, CA 94105 U.S.A.