The Week’s Top 10 IT News Stories: Security Flaws of Many Kinds

1. Microsoft Rushes Out Patch for WMF Flaw, Network World, 1/5.

Not the best week for Redmond on the security front, with the company scrambling to respond to a flaw in its Windows Metafile (WMF) image-rendering engine which could be exploited by hackers. Security experts criticized Microsoft’s slow reaction and initially recommended users install a third-party patch to fix the threat which they characterized as severe. The software giant had hoped to issue its own patch Jan. 10, but, after all the negative feedback from users and experts, Microsoft released the patch Jan. 5.

2. Gates Shares His Vision of the Digital Lifestyle, InfoWorld, 1/5.

In his keynote address to attendees of the International Consumer Electronics Show (CES) in Las Vegas this week, Microsoft’s Bill Gates provided future scenarios for how users will access digital media at any time from anywhere using a variety of intelligent, wireless devices. Turning to the present, he talked a lot about home entertainment, unveiling a number of new partnerships with the likes of DirectTV and MTV. Gates also resurrected two older Microsoft technologies yet to really catch fire—Tablet PCs and Internet Protocol television (IPTV)—which he believes will go mainstream during the coming year.

3. CA Buys Wily for $375 Million in Cash, Computerworld, 1/5.

Looking to fill in another hole in its software portfolio, CA announced plans to purchase application management specialist Wily Technology. CA hopes the purchase will give it the ability to manage all kinds of applications from packaged enterprise software to custom-built apps. CA intends to continue on the acquisition trail, having already spent US$1.6 billion on purchases over the past 12 to 15 months.

4. EMC Getting More Serious About Grids, InfoWorld, 1/5.

For the past couple of years, EMC has been actively involved in grid standard bodies, but hasn’t really got its feet wet in grid technology. That’s set to change with the storage giant taking an interesting approach to its first acquisition in the space by paying US$30 million to buy the grid software of one of its customers, Acxiom. EMC and the customer information management company will jointly develop and market an Acxiom-hosted grid over the next two years while also working on a non-hosted version of the product.

5. DHS Inspector General Says Agency’s CIO Needs More Power, Influence, Computerworld, 1/5.

Scott Charbo, the CIO of the U.S. Department of Homeland Security, doesn’t have sufficient authority or influence to create a single DHS IT infrastructure from the more than 20 individual IT systems in use today. This is one of the findings of a recently released report by Richard Skinner, inspector general of the DHS. Charbo isn’t a member of the senior management team at the agency nor does he have enough staff to follow through on his IT Infrastructure Transformation Program, according to Skinner. The DHS disagreed with the inspector general’s findings, claiming Charbo has all the authority he needs.

6. Government Web Sites Are Keeping an Eye on You, CNET News.com, 1/5.

U.S. government agencies have been using Web bugs or permanent cookies to track visitors to their sites, despite long-standing rules to protect online privacy. The agencies include the Air Force, the Treasury Department and the National Security Agency. Many agencies weren’t aware that their Web sites had been set up to record user activity.

7. Microsoft Shuts Blog’s Site After Complaints By Beijing, New York Times, 1/6.

Microsoft is in hot water again over its cooperation with the Chinese authorities on censoring websites. Microsoft recently shut down the blog site of Zhao Jing, a well-known Chinese blogger who uses the online pen name An Ti, after he discussed a local newspaper strike. Microsoft previously came under fire for the design of its blog tool in China which filtered out words including “democracy” and “human rights” from blog titles.

8. IBM to Freeze Pension Plans to Trim Costs, New York Times, 1/6.

Big Blue, long the operator of the third largest corporate pension fund in the United States, plans to freeze pension benefits for its 117,000 American staff come 2008. Instead, IBM will offer its U.S. employees a 401(k) retirement plan. The move should enable IBM to realize as much as US$3 billion in cost savings over the next five years.

9. Mobile Viruses: If Not Now, Soon, BusinessWeek, 1/5.

With Research In Motion responding swiftly to a potential security vulnerability to its BlackBerry device as 2006 opened, the threat of mobile viruses was again averted. However analysts suggest as many of 18 percent of new phones and PDA could be hit by virus attacks in 2009, particularly as the uploading of music from computers to cell phones grows in popularity.

10. McAfee Fined $50 Million in SEC Settlement, San Jose Mercury News, 1/5.

Security software vendor McAfee has agreed to pay a US$50 million fine to compensate investors harmed by an accounting scandal dating back to early 1998 through 2000. As part of a settlement with the U.S. Securities and Exchange Commission (SEC), McAfee will also expand its ethics program and appoint an independent consultant to conduct a one-time review of its accounting practices. Criminal charges in relation to the scandal are ongoing against three former top executives at the company.

—China Martens