With world governments advising citizens to switch from Internet Explorer to alternative browsers, and an unpatched security hole in at least two major versions of Internet Explorer, Microsoft has to do something to restore faith in their browser. Easiest way to do it, apparently, is saying that other browsers are even worse than IE.

Microsoft’s UK security chief Cliff Evans told Techradar that “The net effect of switching [from IE] is that you will end up on less secure browser,” and that “the risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.”

Evans then downplays the seriousness of this problem. “The reality of the risk is minimal, even if you have IE6; you would have to go to a website running the exploit,” he says. Even if we disregard the fact that many very serious browser vulnerabilities work in that way – e.g. you have to visit a website running an exploit to be affected – there’s still the fact that this particular vulnerability isn’t just lab-tested, it’s been successfully used on unsuspecting victims in the real world. This alone makes it as serious as security holes go.

Evans continues to undermine the security record of other browsers. “There are broader risks and issues with other browsers,” he claims, at the same time admitting that the IE vulnerability that caused this entire mess probably isn’t present with other browsers. “I’m not aware that the vulnerability exists in other products, but those products may have other vulnerabilities,” he says.

While one can say that absolutely no piece of software is ever completely secure, this logic is flawed. Microsoft’s IE has a serious, unpatched security vulnerability, and pointing to possible holes that other browsers may or may not have won’t make it go away.

Dan Worth, V3.co.uk, Tuesday 19 January 2010 at 11:51:00

 The number one problem facing carriers and their customers over the coming year will be botnet-driven distributed denial-of-service (DDoS) attacks, according to Arbor Networks’ fifth annual security report.Arbor surveyed 132 large IP network operators globally, and found that more than a third of respondents believe that sophisticated DDoS attacks against services and applications will be the biggest threat in 2010, replacing large-scale botnet-enabled attacks.

There was also a reported rise in the size of DDoS attacks to a high of 49Gbit/s, up from 40Gbit/s in 2007, although this was a slow down in growth compared to recent years.

James Clegg, regional director for northern Europe at Arbor, warned that, although the attacks have slowed down, they are becoming more intelligent.

“Because DDoS attacks are now targeted at specific areas of web sites rather than the entire site, the speed of the attacks has not increased as dramatically because the more defined nature of the attacks means that speed is not as important,” he said.

Clegg also argued that the rise in cloud-based attacks shows that firms must be more aware of security measures given the open nature of cloud services.

“With applications on cloud services, any security breaches are visible for all to see so businesses can no longer attempt to cover up any hacks. We’ve seen attacks like this take on a political nature recently, such as on Twitter or the Estonian and Georgian attacks of 2007,” he said.

The report also uncovered grave concerns about the move from IPv4 to IPv6. Many companies are worried that a “perfect storm” is arising because they are not ready for the move, and admit to a lack of testing and deployment experience that could lead to vulnerabilities.

Others complained of missing IPv6 security features in routers, firewalls and other critical network infrastructure.

The findings will be backed up by a warning from the Number Resource Organisation today that IPv4 addresses will be exhausted within two years.

Many firms also said that several non-technical obstacles, such as a lack of skilled resources, management understanding and clearly-defined operational responsibilities, are preventing them from better managing threats.

Daniel Robinson, V3.co.uk, Tuesday 19 January 2010 at 11:59:00

Open Mobile Platform can pick the most cost-effective connection for mobile users

 

Mobile access firm iPass has introduced a major overhaul of its service with the goal of cutting costs and giving enterprise customers greater flexibility in the communications services they use.

The new platform is also designed to make it simpler for end users to get connected while on the move, according to the firm.

Available immediately, the iPass Open Mobile Platform gives customers greater freedom to choose which networks they wish mobile staff to use, doing deals with local carriers, for example, rather than buying into global access through a single provider or relying on networks already affiliated with iPass.

“We’re giving enterprises the tools for carrier independence, so they can decrease connection costs. At the same time we’re bringing down user support costs, making it simpler for users to get connected,” said iPass senior product marketing manager Matt Cooke.

The Open Mobile Platform is a cloud-based service with access via a portal for administrators to apply policy controls, as well as analysis on mobile network usage in order to hone those policies in the future.

“Customers have told us that things are chaotic, with employees buying their own 3G adapters and devices and enterprises struggling to manage. At the same time, workers are using the virtual private network less as more use is being made of cloud-based resources,” said Cooke.

Because the iPass service has always used a software client on each endpoint, the company is “uniquely placed to help”, according to Cooke.

The lightweight Open Mobile Connect client will make life easier for workers by automatically selecting the best available connection based on policy rules set by the IT department, and the most cost-effective connection.

“Open Mobile Connect will characterise all networks to make a decision, and it will also walk you through connecting to a public hotspot if you need to enter a key or buy a voucher,” said Cooke.

However, while iPass is positioning its client as the mobile connection manager of choice, it will “play nicely” with other connection managers, such as those supplied with 3G modems by mobile operators, applying security policies to ensure that the endpoint protection is up to date.

Licensing for the new iPass service is on a per-active user basis, and costs “just a few dollars per seat”, according to Cooke.

“But the real value of the service is how much it saves you on network usage costs,” he added.

Existing customers will given a migration path to the new platform, iPass said.

Having previously crunched the numbers on smartphone features and cost of ownership, service comparison site BillShrink now offers an informative infographic showing the costs of every carrier’s 500, 1000, and unlimited minute plans, with and without texting and data.

BillShrink’s chart shows the cost per month of having a standard cell or smartphone on Verizon, Sprint, AT&T, or T-Mobile, in the average plan divisions, with extras like a messaging plan and basic or smartphone data. It’s really helpful, but there’s a caveat—no contract purchase is ever a straightforward process. One-time deals, promotions, and slight variations offered on each plan make this chart more of a starting point for your shopping, not a final word.

Here’s the full-size chart. Click on the link at bottom for a full-size download version and BillShrink’s further notes on the real costs of cellular contracts.

Cell Phone Plans: The Ultimate Comparison [BillShrink]

After news about the landing of US Airways 1549 in the Hudson first broke on Twitter in January 2009, the microblogging service quickly captured the imagination of a new group of potential users. Throughout the first months of 2009, Twitter grew at a rapid pace, peaking at a growth rate of 13% in March 2009.

Now, however, according to the latest data from HubSpot, Twitter’s growth is slowing dramatically. In October 2009, Twitter’s growth rate had fallen to 3.5%. On a positive note, though, the average active user on Twitter today is more engaged than six months ago.

Most Twitter users, however – even if they are now more engaged on average – still have fewer than 100 followers. Only 18% of all Twitter users have more than 100 followers. A total of 81% of all users are currently also following less than 100 people. Just 6 months ago, the average user was just following around 40 accounts.

HubSpot’s analysis also shows that more Twitter users now include bios (54%), links (65%) and location data (41%) in their profiles.

International Footprint Increases

As we pointed out earlier this month, social media analytics firm Sysomos also noted that most of Twitter’s growth is currently happening internationally. According to HubSpot’s analysis of over 5 million Twitter accounts, 40% of the top 20 Twitter locations are now outside of North America. In July 2009, only 15% were from outside North America.

For Twitter, this means that its current user base is making better use of the service, but the company also has to worry that its growth is slowing down. Maybe some of the earlier high growth rates were inflated by spam accounts, but a 3.5% growth rate is very low and the overall trend is only pointing down at this time.

Everyone is trying to come up with the next generation cool gadget but most doesn’t even come close to the success of the most sought after gadgets. Searches goes beyond the material boundaries and some companies even spend silly amounts of money trying to incorporate the phone into our very own biological protection layer, the skin. There is a lot of speculation going on where things might be heading in the year of 2010 but it’s really anyones guess what will make us all greed over having it.

Some suggest that the “Palm Phone” (striking sounding like the Palm Pilot, however this really means it) will be the next phone that everyone will use. It’s a wearable wrist phone that easily can be twisted into a palm projected dial pad on which you can maneuver the many features of the phone. I am sure that there’s even going to be a video mode on the phone which somewhat brings it to sound like something straight taken from Star Trek.

However, I think we have a long way to go in order to be able to accept such a concept. We’re far too used to the touchscreen and the many applications that can be utilized with it to step back and get half the features just in order to have it projected and worn on our wrists. But this again only my own suggestions and ideas. With a bit of development maybe this could be something cool and unusual but that’s really up to some heavy guessing. At the present time this is of course only a concept and there’s no telling if it will ever be realized.