It has been a long time since anyone thought seriously about the encryption debate that hung over the discussion around privacy rights in the 1990s. It has also been a long time since Phil Zimmermann — creator of the Pretty Good Privacy software that so many people adopted to encrypt their email — was the target of a federal criminal investigation that derived from his making it widely available for download. The government dropped its case in 1996. Today, PGP is the most widely used encryption program in the world. PGP, the company, is part of Symantec, and encrypting your email is now super easy, though most people don’t go to the trouble of doing it.

PGP is the reason Zimmermann is going to be inducted into the Internet Hall of Fame today, at a dinner in Geneva. Which, of course, raises the question: What is he doing these days?

The answer: Launching a new venture. It’s called Silent Circle, for which Zimmermann has teamed up with two former Navy SEALs and one of his PGP Corp. co-founders. The plan is to offer encrypted email, encrypted mobile calls, encrypted VOIP teleconferencing and encrypted instant messaging, all in one place.

Joining Zimmermann in Silent Circle are Mike Janke, a former Navy SEAL sniper, special operations communications expert and privacy advocate; Vic Hyder, another former Navy SEAL and founder of Maritime Security; and Jon Callas, a cryptographer and Zimmermann’s co-founder of PGP Corp., whose current day job is CTO at Entrust.

Silent Circle will offer services both to consumers and corporations, but also to human-rights groups, dissidents and nongovernmental organizations working in dangerous or sketchy places where governments tend to monitor communications. There’s also a promise of no backdoors offered for any individual, organization or government.

Though Silent Circle is now running a private beta, the plan, as I understand it, is to launch a public beta on July 15. We’ll hear more about it then.

Update: I initially spelled Zimmermann’s name with only one N. Sorry about that.

Those fears were theoretical for a while. If you could attack the industrial computers controlling nuclear centrifuges and make them explode, as happened in the case of Stuxnet, you could, in theory, use the same approach to attack industrial computers controlling critical infrastructure in the U.S. The only thing needed is knowledge about vulnerabilities lurking in those systems.

The bad news is that, as of yesterday, those vulnerabilities are no longer a theory. The good news is that the good guys found them first.

Yesterday, researchers for a volunteer program called Project Basecamp have discovered three vulnerabilities inside a common model of industrial computer known as a programmable logic controller (PLC). These PLCs basically sit between a regular computer running Windows and a big piece of industrial equipment — say, a pump or a generator or a nuclear centrifuge.

PLCs are part of a larger set of industrial computers known as Supervisory Control And Data Acquisition (SCADA) systems. Security research into SCADA systems has increased dramatically since the revelation of the Stuxnet worm in 2010.

The work was done by researchers at Digital Bond, a security research firm specializing in work on SCADA systems. What they built was a software module called “modiconstux,” which carries out a Stuxnet-like attack on a PLC device called a Modicon Quantum, made by Schneider Electric.

Borrowing techniques learned from the Stuxnet worm, modiconstux does two things: It downloads the current set of instructions the PLC is using — a set of programming commands known as “ladder logic” — giving the attacker the ability to understand what the PLC is doing day in and day out. This is key: If you’re going to hijack a PLC to make the machine it’s controlling explode, you have to first understand the process you’re going to sabotage.

The second thing that modiconstux does is upload new ladder logic. The classic example I think of in explaining this comes from the first public demonstrations of Stuxnet carried out by researchers at Symantec. In that case, a Siemens PLC had been programmed to blow up a balloon by instructing a pump to send a certain amount of air to the balloon and then stop. After being hijacked by Stuxnet, the logic was changed in such a way that the pump didn’t stop, and the balloon popped. Not very menacing, but if you use your imagination, you can see that popping balloon as a metaphor for a lot of very dangerous outcomes.

What’s even scarier than the outcome is the fact that the exploit works without any actual computer hacking having to take place beforehand. Dale Peterson, Digital Bond’s CEO, said the attack works because the PLC is insecure in the first place. There isn’t so much as a password required to download the existing ladder logic, nor to upload the altered ladder logic. And if that PLC is connected to the Internet in any way, it is wide open to attack.

The team also released two other vulnerabilities. One tells the same Scheider Electric PLC to stop, essentially freezing it in place until it can be reset. The third is a vulnerability for a type of PLC device made by General Electric.

The vulnerabilities have been released to the wider world through Metasploit, an open source vulnerability monitoring service that’s owned by Rapid7, a Cambridge, Mass-based company that specializes in helping companies stay ahead of new computer security vulnerabilities. Metasploit subscribers can download the exploit code and test it on their own systems, and demonstrate simulated attacks that in all likelihood will scare the heck out of their bosses.

It should also scare the heck out of legislators and policymakers who have talked incessantly about the need to prepare for a “cyberattack.” Chances are, the next time there’s a serious conflict, attacks carried out by way of a computer will be used to sabotage infrastructure, sow confusion, interfere with logistics and so on. Stuxnet proved what could be done, and what to that point had generally been considered only a theory.

Created by parties unknown — though the smart money says it was Israel, with some help from the U.S. — the Stuxnet worm burrowed its way into PLCs at an Iranian nuclear installation, made the centrifuges spin too fast, and caused some of them to explode. The Iranian nuclear enrichment program was thought to be set back by anywhere from one to two years.

Since then, researchers have been on the lookout for the next Stuxnet, assuming that a second worm would be easier to construct. They’ve also been studying the inherent weaknesses in SCADA systems like PLCs. What they’re finding should give us all pause.

Motive

As the saying goes, people are motivated by either greed or fear. I think for many big companies, it’s more the latter. And Microsoft has a lot to be scared about.

If you poke behind its $71 billion in revenue and 39 percent operating margins, 30 percent of the goldmine comes from multiyear volume licensing agreements, which Microsoft calls Enterprise Agreements (EAs). According to industry analyst firm Forrester Research, “these profitable agreements bring in the kind of regular revenue preferred by financial-market analysts that monitor Microsoft’s performance.”

What motivates a customer to sign up for an Enterprise Agreement instead of simply buying Microsoft products, like Office, off the shelf? Well, historically, Microsoft pitched EAs as a way to ensure you can cover your workforce with Microsoft products at a discounted price level.

With companies investing in post-PC devices like smartphones and tablets, and evaluating alternatives to Microsoft productivity solutions, such as Google Apps or Salesforce.com, CIOs are starting to wonder whether renewing their EA is still a top priority.

In response to this threat, Microsoft is now pushing its Software Assurance (SA) licensing model, which allows customers to upgrade to newer products and also use its cloud services. The reason for the possible shift, Forrester says, is that “the twin revolutions of client mobility and cloud servers will kill device-based licensing, which is Microsoft’s existing model.”

So if Microsoft doesn’t embrace the cloud in a big way, the EA gravy train could come to an end.

Means

Apple is cool. Facebook is friendly. And Google isn’t evil. Yet look across a sea of computers in a typical company, and you’ll still see Microsoft everywhere.

And I’m not just talking about Windows. Microsoft has two key assets that will help it win the enterprise cloud:

• Office: While the Web and Web-based apps are fabulous for consuming content and even collaborating around it, Microsoft Office is still the standard in productivity to create corporate content. Love or hate those PowerPoint presentations, but they are still how most companies run. And for flexible analysis, Excel is unmatched. Heck, the Macintosh Business Unit at Microsoft (which is primarily Office for Mac) is a $350 million business on its own.
• Outlook/Exchange: For many workers, Microsoft Outlook (with Microsoft Exchange Server on the backend) is the first thing they boot up to start their workday, and the program they remain in all day long. According to industry analyst firm Radicati, 301 million corporate mailboxes used Outlook in 2010. Indeed, some companies have switched from Microsoft Outlook/Exchange to Google Apps and back, because users are too addicted to the interface and functionality of Microsoft Outlook.

So Microsoft still owns two of the key ways “knowledge workers” work with knowledge.

Opportunity

Microsoft isn’t working from a standing start. It actually jumped into the cloud relatively early in 2008 with its Business Productivity Online Suite (BPOS), a hosted platform for collaboration. While BPOS suffered from many challenges, mainly because it was based on a platform that wasn’t designed for the cloud, Microsoft made it clear several years ago that they are “all in” as a company in the cloud.

This year, after many delays and much anticipation, Microsoft finally announced its first platform built for the cloud, Office 365. The new version of Exchange is finally on par with its on-premise alternative. Microsoft SharePoint Online is now flexible enough to meet many enterprise use cases. And Microsoft Lync Online, a real-time chat and videoconferencing system, could be a game changer for company productivity.

In parallel, Microsoft is working away on Windows 8, its big bet on the tablet revolution. With all of Microsoft’s failed past attempts at mobility and tablets, some level of cynicism is expected. But some believe Microsoft’s conviction is real. If Microsoft even gets it 80 percent right on tablets, they will likely win in enterprises that are used to the manageability of Windows, and will be attracted to the inevitably deeper Office integration.

Conclusion

Don’t get me wrong: The innovation in the cloud is coming from all over, mainly from start-ups. For many of these start-ups and other non-enterprise organizations, a non-Microsoft approach will likely be the winner. But for the millions of you working in corporate America, Microsoft is probably the one bringing the cloud to a desktop near you.

Nick Mehta is CEO of LiveOffice and has served in senior operating roles in the enterprise and consumer technology markets for much of his career. He spent more than five years at Symantec Corporation and Veritas Software Corporation (now Symantec), where he served as vice president and general manager of the Enterprise Vault information archiving and discovery software business.

Many industry pundits have talked about the Consumerization of the Enterprise — the idea that enterprise users expect the mobility, integration and ease of consumer technologies in their work lives. People often cite the move to user-purchased mobile devices like the iPhone or user-provisioned collaboration services like Box, DropBox and Yammer as evidence of this phenomenon. And because many of these services have freemium models, IT departments are finding that huge numbers of their employees are already using these services for business purposes in addition to personal ones. So in many ways, consumer expectations are driving the ways enterprise CIOs think.

But what about the other side of the phenomenon? Eddie Murphy’s character Billy Ray Valentine influenced Dan Aykroyd’s character, Louis Winthorphe, III, as much as the reverse. What’s less discussed — but equally fascinating — is the impact of enterprise requirements on the consumerization trend.

Many of the aforementioned start-ups initially focused entirely on end-user needs, providing simple user interfaces and sign-ups, and building multi-million user customer bases in the process. But as these vendors switched focus from user acquisition to monetization, they realized some IT department requirements are legitimate, and more importantly, are barriers to sale.

The most recent example: Box. Box founder Aaron Levie probably never imagined his company would be working with enterprise IT directors in designing his product roadmap when he started his file sharing company, but nonetheless it recently announced partnerships and integrations around identity federation, mobile security, e-discovery, and other IT-centric areas.

In contrast, DropBox has continued to focus heavily on end-user adoption with limited IT focus. Indeed, their total reported user counts dwarf those of Box or any other service. Yet the CIOs I’ve spoken with had a proliferation of users on DropBox and Box when they decided to standardize on a collaboration service. Despite the fact that their companies may have had more DropBox users, Box’s enterprise functionality tipped the scale in its favor. So while user adoption gets you in the door, without some enterprization you don’t get the sale.

Similarly, for Google’s Enterprise team, bringing Gmail to companies involved a lot more than just learning how to charge for the service. Google has spent the past several years trading places with Microsoft, investing in policy management, security, compliance and other IT-centric functionality to address early inhibitors to adoption. And it has worked. Analyst firm Gartner now sees Google as a viable alternative to Exchange for enterprise collaboration.

Indeed, even in the truly consumerized world of mobile devices, iPhones and Androids don’t roam free in most large companies. Many security-sensitive organizations are investing in Mobile Device Management (MDM) solutions like those from Good, MobileIron, Zenprise and Symantec, to bring enterprise manageability to smartphones.

The Enterprization of these traditionally consumer apps is going to center around three legitimate enterprise requirements:

1. Data ownership: While enterprises are excited to leverage the flexibility and fluidity of cloud apps, the idea of an enterprise’s intellectual property spread across hundreds of cloud services, many times in user-provisioned accounts where the enterprise has no access, is scary. What if the company is involved in a lawsuit and has to put a user’s data on legal hold? How can the company recover data if the cloud service loses it? And most importantly, how can the company get its data back if it wants to change services? Tough questions if the data is trapped behind a user’s personal cloud account.
2. Data security: Similarly, the thought of sensitive customer information living in cloud accounts where users choose passwords like “password” or, for the more secure, “password1,” is nerve-wracking to a security officer. How can the company ensure that its data is protected with strong passwords? When an employee leaves, how can the company revoke access to all cloud apps at once? Without company administrative rights, the enterprise is dependent on the judgment of the user.
3. Data compliance: Whether data is stored on your G:\ drive or in Gmail, if it’s work-related, for the most part the same compliance rules apply. While SOX, FRCP and GLBA are not as sexy as FourSquare, Angry Birds and AirBnB, they are still critical for most companies. How can companies meet regulatory requirements around searchability, records retention, logging and other areas?

The real challenge as start-ups address the needs of enterprises is to maintain the core value that earned users in the first place. If they add every feature IT asks for, will the products lose their usability? If they make it easier to lock down access to the systems with two-factor logins when you can’t remember one factor, will users revolt? If these tools were used to get around IT, will the fact that they can now be monitored scare users away?

Time will tell. But this grand experiment would make the “Trading Places” brothers proud. And a lot more than $1 is at stake.

Nick Mehta is CEO of LiveOffice and has served in senior operating roles in the enterprise and consumer technology markets for much of his career. He spent more than five years at Symantec Corporation and Veritas Software Corporation (now Symantec), where he served as vice president and general manager of the Enterprise Vault information archiving and discovery software business.

As happened last week to its centralized marketing division, Yahoo has broken up its Customer Advocacy organization, with its staff distributed to the various regions and the product unit of the Silicon Valley Internet giant.

Customer Advocacy has been led by EVP Jeff Russakow, whose fate is now similarly unclear as it is for CMO Elisa Steele, whose division was diced up to the regions last week.

Both execs — who were hired by fired CEO Carol Bartz — plan to remain at the company until at least January, sources said.

Russakow, according to his Yahoo bio, has had “global responsibility for all of Yahoo!’s customer support functions, including audience, small business, ad operations, and search network quality.” He came to Yahoo from previous jobs at Symantec and Adobe.

Interim CEO Tim Morse sent a memo to employees about the change, noting Russakow is looking for his next opportunity, using much the same language as Steele used in her internal email.

The moves are interesting, given Yahoo’s current effort to find a new strategy, which includes a possible sale of all or parts of the company. But there is also a strong sentiment within the company to reorganize around strengthening its advertising platform and products.

I have a call into Yahoo PR for comment (but let’s assume I am accurate about this, shall we?).

More, obviously, to come.

Next we saw Violin Memory — which makes flash-based storage arrays that are intended to make enterprise applications run faster — land $40 million in venture capital funding.

Now we see a third player entering the “flash madness” narrative. Pure Storage is coming out of stealth today, announcing its plans to sell flash-based storage arrays. It is also announcing that it has landed a $30 million C-round led by Redpoint Ventures, with Samsung Venture Investment joining. (Yes, that would be the venture capital arm of the South Korean electronics giant that happens to be the world’s biggest manufacturer of flash memory.) Greylock Partners and Sutter Hill Ventures also participated. The latest round brings Pure’s total funding raised to date to $55 million.

So what is Pure Storage all about? I met up with CEO Scott Dietzen last week and got the download.

The fundamental problem with enterprise storage is that hard drives just can’t keep up with everything else that’s gotten faster in the data center. Flash memory is fundamentally faster, it uses less energy and it takes up less space. We all know this.

The problem with flash is that it has always tended to be more expensive than hard drives. Today, you can buy a one terabyte hard drive for $100 or less. But just try getting that same amount in flash memory and see if the price isn’t, well, a lot higher.

The same principles apply in the data center. CIOs would love to convert to flash-based systems, as long as they’re reliable and affordable and work with the applications and other hardware they already have.

Pure Storage is essentially promising to deliver just that, Dietzen says. The company’s first product is an all-flash storage array that is 10 times faster and 10 times smaller than hard-disk-based systems. It’s called the Pure Storage FlashArray, and it is being aimed at mainstream enterprises in a manner that’s easy to deploy.

Pure’s founders are John Colgrove — one of the founding engineers at Veritas, now part of Symantec — and John Hayes, a founding engineer at Bix, which was ultimately swallowed up by Yahoo. Dietzen hails from Yahoo as well, by way of its acquisition of Zimbra, where he was CTO.

An early key hire was Michael Cornwell, who was lead technologist for flash at Sun Microsystems (now part of Oracle). Cornwell also worked at Apple, where he was Manager of Storage Engineering for the iPod division, and oversaw that product’s transition to — you guessed it — flash memory. Remember the first iPod nano? That was his baby.

Another key name: Greylock venture partner Frank Slootman, the former CEO of Data Domain, is on Pure’s board.

So what’s so special about a storage array built on flash memory? “Disks get slower every year,” Dietzen says. “Intel says processors have gotten 175 times faster over the last 15 years.” Disks just keep getting more data packed onto them, which doesn’t really make them any faster. The mechanical arm inside the disk that grabs data from the platter really can’t go much faster. “Disks today are comparably slower than tape was 15 years ago,” he says.

This creates a problem. Storage needs are going up, but hard drives are slowing data centers down, preventing them from reaching their full potential. It’s only because of cost — about $5 per gigabyte — that hard drives are still appealing. Enterprise-grade flash, on the other hand, tends to cost $40 to $100 per gigabyte, and because flash is historically less reliable, you have to buy double what you really need.

Pure’s play is to get over the cost hurdle. Dietzen says the company can get the cost down to $5 per gigabyte and less.

How does it do that? By reducing the amount of data you actually store. What happens in enterprise environments is that various bits of data get copied and recopied, over and over. Imagine a big filing cabinet with 50 copies of each document scattered around in different folders, when you really only need one. Suddenly the size of that file cabinet need not be so big. The same applies in data storage: Why bother having 10 copies of the same block of data, when one or two will do?

Using a technique known as deduplication, a system can eliminate all those unneeded copies and thus streamline the whole operation. Deduplication, combined with compression, was the primary principle behind Slootman’s Data Domain, which is now part of EMC.

But deduplication is expensive on hard drives, and really doesn’t make sense. Because the mechanical arm in a hard drive is always searching around for where its next needed block of data is to be found, if you employ deduplication, you end up with a bunch of reference signs telling the arm where to go, Dietzen says. The end result is that the disk has to spin more, not less. Flash memory chips don’t have that problem. “We make that process fast, because there’s no performance hit to the deduping process,” he says.

On top of that, Pure has created some algorithms that make the process a lot more granular than on hard-disk-based systems, by working with smaller disk-sector sizes. How small? He wouldn’t say exactly.

Unlike other storage companies — like, say, EMC — Pure’s array, Dietzen says, is built from the ground up for running flash. “The disk-centric companies are slotting flash into places where disks used to be, but they’re not changing the software to take advantage of the flash, to protect the flash from uneven wear and other things.”

A few early companies have tried the hardware, among them the law firm of Fenwick & West, whose CIO Matt Kesner is quoted in Pure’s press release as saying that the data used for various workloads was reduced from 50 to 90 percent.

One key thing that’s going on in the data center these days is virtualization — running several virtual computers within one single physical computer. When you run a lot of virtual machines, you have a lot of data that, like the paper in that big file cabinet, is essentially the same. Dietzen says that Pure’s flash array is able to eliminate a lot of that data. “Even if those virtual machines are a mix of Windows and Linux, there are a lot of commonalities between them,” he says. It’s not uncommon to see the data footprint for virtual machines reduced by a factor of 15 or 20 to one.

And that has caused some interesting reactions among early customers trying out the array. “Some people try it and are shocked when they put 15 terabytes on it and see there’s only one terabyte and think we’ve lost a lot of their data,” Dietzen says. “It’s a little scary at first, but then they run all their workloads and see all the data is there.”

Facebook referenced Symantec’s assistance Tuesday in a blog post announcing it would require all developers to use a more secure combination of HTTPS and OAuth 2.0 (which allows users to connect various Web apps to each other without resupplying their passwords) by October 1 of this year.

Following hacking attempts attributed to Tunisian government censors a few months ago, Facebook had started giving users the option to route its site through more secure HTTPS servers. But many third-party app developers have yet to revise their Facebook apps to support HTTPS, too.

Facebook downplayed the significance of Symantec’s discovery, issuing various comments saying it has found no evidence that the loophole enabled users’ private information to be shared with unauthorized third parties.

“Over the past few weeks, we determined that OAuth is now a mature standard with broad participation across the industry,” said the Facebook developer blog post, authored by Facebook’s Naitik Shah.

Please see the disclosure about Facebook in my ethics statement.

The company’s 16th report still sees attacks in which specific industries or even individuals, are targeted as one of the main threats, but highlights the developing vulnerabilities that social media and mobile devices open up.

The report identified more than 286 million unique variants of malware, which together were responsible for 3.1 billion attacks on computer users in 2010. The number of attacks delivered via the internet almost doubled, Symantec reported a 93 percent increase in the volume of Web-based attacks in 2010 over the volume observed in 2009. Shortened URLs appear to be playing a role here too. During a three-month observation period in 2010, 65 percent of the malicious URLs observed on social networks were shortened URLs.

Read the rest of this post on the original site

The story comes only days before Apotheker, whom Bloomberg’s Aaron Ricadela describes in one passage as a “peripatetic polyglot,” is to have his formal public debut next Monday before an assembled mass of reporters and analysts at HP headquarters in Palo Alto. (I’ll be there.) The story drops a lot of the same hints that have been making the rounds for some time. HP is going to be shopping for software companies. We heard that hint last year from key HP execs like Marius Haas.

So whom might HP buy? An analyst trots out the usual list of targets: Informatica, BMC Software, SAS, Symantec are among them. Apotheker himself rules out two: SAP and Salesforce.com. HP has “no interest” in SAP’s business and financial software–and being a former SAP CEO, he would know whether its a worthy target or not–or in Salesforce’s cloud-based CRM product. His eschewing of Salesforce probably has more to do with its lofty $17 billion valuation than with its actual line of business. HP has about $11 billion in cash plus another $14 billion or so in borrowing resources, according to its 10K.

A fund manager that holds HP stock argues in the story, as so many others have, that the company is missing out on the cloud computing trends. Apotheker doesn’t seem to express any interest in it whatsoever. He goes on to talk about how HP will put webOS, the smart phone/tablet operating system it acquired when it bought Palm last year, on all its PCs. The idea is to get software developers interested in writing applications for webOS. Well, that’s kinda cloudy, maybe.

Apotheker also says the Mark Hurd era of zealous cost-cutting is over. Product quality is in. Those quality-assurance experts that Hurd fired? Those jobs are coming back. Machines that work right when they’re first turned on, incur lower service costs over time, he says: “We have cut enough costs.”

The attack, which cropped up Tuesday evening, was attached to multiple applications posted to both the Google-run store and various third-party app markets.

Although Google managed to expunge the 50 or so affected apps within minutes of learning of their presence in the store, the fact they made it that far indicates the game is changing. In the latest attack, the malicious code was attached to legitimate applications, but also was collecting identifying data from the phone and sending that information to a remote server.

Experts have warned for a while now that as smartphones gain traction, there will be an increasing number of attacks. Anti-virus firm Symantec says that threats have been increasing significantly in recent months after being quite rare, often limited to more proof-of-concept type exploits.

Not only are today’s smartphones the equivalent of a desktop computer, each one has a connection to not only personal information and the Internet, but also to a carrier billing system–putting would-be attackers one step closer to where the money is.

“For first time in history, a malicious attacker can send a packet of data and money goes flying,” said John Hering, CEO of phone security software maker Lookout Mobile Security. “Think about that.”

Already there have been attacks that cause an infected phone to send a premium text message, generating instant revenue for the attackers. Those attacks, against both Symbian and Android, have been confined largely to Europe and Asia–areas where premium SMS is more common and where carriers are sometimes less vigilant about monitoring traffic, Hering said. An attack in December, centered in China, took a significant amount of data from Android phones and sent it to remote servers.

That the phone has been seen as less vulnerable than the PC is largely an artifact of the fact that the devices have only recently gained powerful operating systems and fast Web connections.

“It’s not like phones are inherently safer than computers,” Hering said. “It’s just been more attractive in the past to attack computers.”

In general, Android malware has been attached to applications–often to legitimate applications–and posted to various third-party stores, rather than to the Google-run Android market. Indeed, sticking to the official stores has been one of two major recommendations from security experts (the other is to pay careful attention to what permissions an app is requesting).

Keeping up to date on a phone’s operating system can also help. Droid Dream, for example, exploited a security flaw that was closed with the Gingerbread release of Android. However, unlike on the PC side, users don’t always get to choose which updates they install, as carriers and device makers often get a say in which apps are provided to customers.

The Android attack is also sure to raise the question of whether an open platform is less secure than a more closed one and also whether it is better to have a curated market or one that is community-managed. Hering said it is not fair to say that Droid Dream suggests Android is more vulnerable, noting that both open and closed systems have their benefits. Open-source code does mean everyone can look at things, but it also gives the community a chance to report flaws before the bad guys do.

Naturally, there is also a market that has emerged for security software that can be installed on a device. Lookout and Symantec both offer phone products, and Hering said that Lookout’s software was updated within hours to protect against infected applications from both official and non-official sources.

Given how quickly Google removed the infected apps, it still makes sense for the cautious to stick to the Android market. However, it is clearly not a failsafe.

The other big recommendation is to not just blindly click OK to all those warnings that pop up when installing an app. On Android and many other platforms, users have to explicitly give an application permission to do certain things, such as access location data or make phone calls.

“If someone is downloading a scientific calculator and it wants to send text messages, it should raise some eyebrows,” said Vikram Thakur, a principal security response manager at Symantec.

Lookout raised $11 million in Series B funding back in May.

The company was launched in 2007, with its founders taking 18 months to develop a new core technology focused on mobile devices. While some of the big-name security firms are in the mobile arena, their approaches are brought over from desktop and PDA security efforts, CEO and co-founder John Hering told Mobilized.

“I think there’s a very reasonable opportunity to create the next Symantec but built around the mobile platform,” Hering said, noting that over the next three to seven years mobile devices will become the primary computing device for millions of people.

Although threats to mobile devices are still comparatively rare, their highly mobile and always connected nature makes them an increasingly attractive target for those seeking to do harm. A year ago, Hering said that most attacks were proof-of-concept or attacks for notoriety. This year, though, has seen the rise of financially motivated malware, including an attack on Android where an app posing as a movie player sent premium SMS messages costing infected users $5 a pop. A separate attack in China infected more than one million phones, Hering said.

Lookout aims to stop those kinds of attacks and also allow capabilities like device tracking and remote wipe capabilities. Its software currently works on Android, BlackBerry and Windows Mobile (but not the new Windows Phone 7) operating systems. Hering said the company plans to expand to other popular operating systems and said some of the new funding will be used to expand to new platforms.

Ping Li, a partner at Accel and a board member at Lookout said the company’s approach of splitting work between the device and the cloud to more efficiently work on a mobile device is part of what attracted him to the company. He also pointed out that Hering and his co-founders are in their twenties and just have a different awareness of the devices than their older competitors.

“They grew up hacking mobile phones,” Li told Mobilized. “They never grew up hacking PCs.”

Part of growing as a security company is having the right product in place when a new threat emerges, Li said, pointing to Webroot, which came out of nowhere to become a significant business when spyware emerged as a major security issue.

The company has more than four million users of its software, although the vast majority are getting the software for free. The company recently launched a $3 per month premium service, but Hering won’t say how many customers it has.

Hering said Lookout’s model aims to follow that of desktop antivirus firm AVG, which has a popular and well-known free product but makes money by selling a premium service.

As for whether the company could make an attractive acquisition target for another security company looking to jump-start its mobile efforts, Hering was noncommittal.

“We’re just trying to keep up with the growth,” he said.

The closely held firm was co-founded by former Microsoft Corp. chief technology officer Nathan Myhrvold, who had avoided litigation for years but never ruled it out.

Intellectual Venture’s lawsuits focus on patents in the fields of computer security and semiconductor technology. One suit names Symantec Corp., McAfee Inc., Trend Micro Inc. and Check Point Software Technologies Ltd.

Read the rest of this post on the original site »

Dubbed “Hack is Wack,” the competition invites aspiring law-loving lyricists to bust some malware rhymes on video for a chance to win an all-expenses-paid trip to L.A. to see a Snoop concert and “meet with select members of Snoop Dogg’s management team,” plus every gangsta’s dream: A Toshiba laptop with full Norton security suite (word to your sysadmin, yo).

“We’re trying to get people to raise awareness by making a rap song about cybercrime,” Snoop Dogg told Security Week, noting that his brand will inevitably bring mass attention to this important issue. “Come on man, you know when my team come after you, we gonna get you.”

My God, what an unfortunate alliance this is. I had no idea street cred was so important to the antivirus software industry.

What the hell is Symantec’s PR team smoking, you ask?

Evidently some of the same stuff Snoop is so fond of.

With a flick of the switch today at 5 pm PT, a critical chapter in Silicon Valley will finally go dark.

That’s when AOL (AOL) officially moves out of the legendary HQ buildings of Netscape Communications in Mountain View, Calif.–along Ellis Street and East Middlefield Road–to new, snappier digs it is subleasing from Google (GOOG) in Palo Alto on Page Mill Road.

AOL will occupy one floor in the new space, while the first floor will be dedicated to start-ups and entrepreneurs.

AOL bought Netscape in late 1998 for $4.2 billion and located its office where the iconic but doomed browser company had made Internet history.

It was the spectacular August 9, 1995, IPO of Netscape that heralded in the dot-com boom for the Web, showering down wealth and fame on its employees, such as co-founder Marc Andreessen.

BoomTown came out to visit Netscape then, right in the middle of those glory days, and I will always recall its vibrant campus as a hubbub of activity and games that were the template for all other digital companies to follow.

No longer–AOL’s new location, said the company’s man-in-Silicon-Valley Brad Garlinghouse, is better for the future as it seeks to reinvent itself.

Netscape, as most know, is no longer used by AOL as a brand or supported technology.

“Fundamental to change at AOL is a cultural change,” Garlinghouse said in an interview yesterday. “For good or bad, those buildings are full of ghosts and we need a new space to start a new chapter.”

Plus the new space is closer to the train and a lively street life (you can see a rendering here).

“AOL is trying to reestablish its tech presence as we grow,” said Garlinghouse of the more than 200 employees in the area. “This is part of that.”

AOL’s new HQ is the former headquarters of Agilent Technologies (A), and Garlinghouse said Symantec (SYMC) will take over the old Netscape space.

The beat, as they say, goes on.

Accel Partners has been pretty busy handing over giant wads of dough to start-ups this week–and today is focusing its largess on San Francisco-based Lookout, a smartphone security provider.

The Palo Alto, Calif.-based venture firm will be the lead investor in an $11 million Series B funding round for Lookout, which offers solutions to protect phones from malware and viruses, back up and restore valuable data and help users find their phones in the event they are lost or stolen.

Accel Partner Ping Li will join the start-up’s board.

Lookout currently works only on phones using Google (GOOG) Android, Research in Motion (RIMM) BlackBerry and Microsoft (MSFT) Windows Mobile operating systems.

Previous venture investors Khosla Ventures and Trilogy Partnership are also participating. The pair, along with angel investors such as Chris Sacca, had already put $5.5 million into Lookout late last year. The company was founded as Flexilis in 2007.

Lookout said the former CEO of Vontu and executive at Symantec (SYMC), Joseph Ansanelli, would become chairman of Lookout and that it had brought in other execs, including a former Yahoo (YHOO) staffer. Ansanelli has been an angel investor in Lookout.

Here’s the official press release:

Lookout Closes $11 Million in Series B Funding Led by Accel Partners

Explosive Growth in Smartphone Market Underscores Need for Mobile Security

SAN FRANCISCO–May 18, 2010–Lookout, the leader in smartphone security, today announced an $11 Million Series B round of funding led by Accel Partners with Khosla Ventures and Trilogy Partnership also participating. The company also announced that it has added several new executives to its leadership team, including former CEO of Vontu and executive at Symantec, Joseph Ansanelli, as Chairman of the Board.

“The smartphone market is exploding, and consumers are downloading third-party apps by the hundreds, making security an increasingly vital component of the mobile market,” said Ping Li, Partner at Accel Partners, who will join the board. “Consumers need to know that their applications, their data, and their phone itself are protected. We are excited to work with Lookout as they continue to extend their lead in this dynamic market.”

The global smartphone market grew more than 50% during the past year and as a result, consumers have been introduced to thousands of third-party applications across leading mobile platforms through app stores and downloaded sites. The Android Marketplace alone gives consumers access to more than 50,000 applications. While they enjoy the benefits of these applications, consumers are often unaware of the risks that accompany their increased data and application usage. Similar to the PC market, as consumers do more with their phones, they need protection from threats such as mobile viruses and malware, data loss and theft of the phone itself.

Lookout has developed cross-platform, cloud-connected applications that immediately identify and block threats before they compromise a consumer’s mobile phone, backup and restore mobile content, find a lost or stolen phone and wipe data from a phone if necessary. Available now on more than 400 mobile networks in 170 countries, Lookout prevents thousands of malicious applications, finds countless lost phones and restores important information for users every month.

“We are thrilled to receive such enthusiastic support from Accel Partners,” said John Hering, CEO and founder of Lookout. “Their backing is recognition of Lookout’s accomplishments to date and a testament to the importance of this market. With this additional financing, we’ll continue to invest in new technology and infrastructure so that we can provide the most comprehensive smartphone protection available to millions of consumers worldwide.”

Lookout Executive Additions

Joseph Ansanelli brings his extensive knowledge of security to Lookout as Chairman of the Board. Prior to Lookout, he served as CEO and co-founder of Vontu, turning the company into the leading provider of data loss prevention solutions before being acquired by Symantec in 2007.

In addition to Ansanelli, Lookout has also added several key members to the company’s executive team including Eric Bothwell as vice president of engineering, who formerly held engineering leadership positions at Vontu and Symantec; Chris Jones as vice president of product management, formerly senior director of portfolio product management at Symantec; and Julie Herendeen as vice president of marketing, formerly vice president of network products and advertising solutions for Yahoo! Inc.

Symantec Corp. (SYMC), the security software company behind such programs as Norton, every month cleans out its industrial-sized spam filters and issues a monthly State of Spam & Phishing report based on the result. In its April 2010 report, the company found the tea leaves suggest economic prospects are picking up, at least according to spam email using economic terms.

“While the United States consumer sentiment remained unchanged in March 2010, top ten subject lines containing economic keywords show that spammers have an optimistic view of the economy with job offer spam among their top spam subject lines,” Symantec said in its report.

Read the rest of this post on the original site

My productivity lapses don’t come from Facebook. My problem is a combination of world news sites and Twitter. Using RescueTime, an online time management tool, I’ve named two productivity goals for myself. One goal sets my unproductive time at less than 90 minutes per day. The other sets my highly productive time at greater than five hours per day. After setting up these goals, I’ve been able to monitor what applications I use, what internet sites I visit, and the exact duration of both. It quickly becomes painfully clear how easily I can become distracted and miss these goals. As I only report to myself, this tool is obviously self-policing, but it has been extremely useful to see when I’m not being as focused as I need to be. For example, I’ve adjusted my morning time with a cup of coffee and reading the news from 45 minutes down to about 15.

Read the rest of this post on the original site

Although the company said it is seeing continuing caution among corporate buyers, it has stemmed some of the sharp declines it reported in the previous quarter. Executives also flagged an increase in the number of large-sized deals, and evidence that the company is beginning to reverse some market share losses in its corporate security business.

“We are encouraged by signs of stabilization in the markets we serve and are confident that we will continue to see gradual improvement over the next few quarters,” said Chief Executive Enrique Salem.

Read the rest of this post on the original site

But that’s not the only portion of cyber-history that’s in dispute.

Media outlets are celebrating Sept. 2 as the 40th anniversary of the day the Internet was invented. Security company Symantec (SYMC) even chose to ring the day in by creating a top-10 list of the most notorious online threats, with No. 1 as 2000’s “I Love You” worm, which infected an estimated 5 million computers.

UCLA’s engineer school, on the other hand, is recognizing Oct. 29 as the 40th anniversary. That’s where computer-science professor Leonard Kleinrock and his team were credited with sending the first computer-to-computer messages.

Well, which is it?

Read the rest of this post on the original site

An odd turn of events, considering Hathaway led the administration’s 60-day review of governmentwide cybersecurity preparedness and seemed its likely choice to head up the new cybersecurity office. With the post now vacant and the list of candidates who’ve been considered for the job rumored to have reached at least 30, the administration may have a tough time finding the right person for this difficult job–and convincing him or her to accept it.

“As it stands right now, the cyber czar would have two bosses, the National Security Council and National Economic Council, as well as a chief information officer and chief technology officer,” Greg Garcia, former assistant secretary for cybersecurity and communications at the Department of Homeland Security, told Dark Reading. “In addition, that individual would have to herd all of the cats at DHS and other agencies. Those are big shoes to fill–in fact, I’m skeptical that anyone could succeed in the [cyber czar] job.”

And Garcia’s not the only one. Among other potential candidates who’ve reportedly told the White House they’re not interested: former Republican U.S. Representative Tom Davis of northern Virginia, Microsoft (MSFT) executive Scott Charney, Symantec (SYMC) Chairman John Thompson and retired Air Force General Harry Raduege Jr., the former Defense Information Systems Agency director and co-chair of the Commission on Cybersecurity for the 44th Presidency.

An odd turn of events, considering Hathaway led the administration’s 60-day review of governmentwide cybersecurity preparedness and seemed its likely choice to head up the new cybersecurity office. With the post now vacant and the list of candidates who’ve been considered for the job rumored to have reached at least 30, the administration may have a tough time finding the right person for this difficult job–and convincing him or her to accept it.

“As it stands right now, the cyber czar would have two bosses, the National Security Council and National Economic Council, as well as a chief information officer and chief technology officer,” Greg Garcia, former assistant secretary for cybersecurity and communications at the Department of Homeland Security, told Dark Reading. “In addition, that individual would have to herd all of the cats at DHS and other agencies. Those are big shoes to fill–in fact, I’m skeptical that anyone could succeed in the [cyber czar] job.”

And Garcia’s not the only one. Among other potential candidates who’ve reportedly told the White House they’re not interested: former Republican U.S. Representative Tom Davis of northern Virginia, Microsoft (MSFT) executive Scott Charney, Symantec (SYMC) Chairman John Thompson and retired Air Force General Harry Raduege Jr., the former Defense Information Systems Agency director and co-chair of the Commission on Cybersecurity for the 44th Presidency.

Non-GAAP revenue of $1.44 billion was down 13 percent, year over year, and slightly below the $1.49 billion analyst estimate, while profit per share of 34 cents was a penny light of estimates.

Forex played a big role, with sales down only 4 percent when measured in constant-currency terms.

The company forecast Q2 sales of $1.4 billion to $1.45 billion, below the roughly $1.5 billion estimate on the Street. Earnings per share excluding some costs is expected to be between 32 cents and 34 cents, below the average 36-cent estimate.

Read the rest of this post on the original site

BoomTown has had some good leaked internal memos from Yahoo, but I have never enjoyed one quite as much as this one from newly installed Yahoo PR head Eric Brown, who started today.

While it is clear that Yahoo (YHOO) has had its troubles in understanding and offering social-networking products to its users, Brown certainly knows how to share.

Yahoo could use some of that DNA!

New Yahoo CMO Elisa Steele named Brown, a colleague from her former job at NetApp (NTAP), as SVP of global communications at the Internet giant in June.

He was the VP of corporate relations at the data storage company, on whose board Yahoo CEO Carol Bartz has also served. Before that, he was at Adaptec (ADPT).

Brown is filling a slot left when former Yahoo PR head Jill Nash left Yahoo in February. She was briefly replaced by her deputy, Brad Williams, who was laid off from Yahoo in a recent round of cuts.

Like Steele, he is yet another executive from the business software arena to be hired under Bartz, who also comes from that background. Bartz also hired Jeff Russakow from Symantec (SYMC), which makes antivirus software and other security, for the post of Customer Advocacy SVP.

Yahoo’s whole marketing organization is undergoing a rejiggering under Steele, including a major brand overhaul. Along with Brown, she also recently hired Penny Baldwin as SVP of global integrated marketing and brand management.

Brown will be taking on Yahoo’s image-making, a task that has been a challenge over the last two years as the Silicon Valley icon has been buffeted by a series of external and internal challenges.

But Bartz has publicly talked about the need to now focus attention on Yahoo’s many assets and strengths.

In fact, in an onstage interview with me at the seventh D: All Things Digital conference in late May, Bartz said: “The best way to change the perception is to do a good job and then talk about it.”

From this memo, Brown seems like he knows how to do that.

And since he likes writers Kate Chopin and David Sedaris at the same time, it is obvious that Brown and I are on the path to become besties.

(Potential deal-breaker: I like piña coladas and getting caught in the rain.)

Here’s the memo–based on a form that sources tell me all Yahoo PR folks fill out in a getting-to-know-you questionnaire, but don’t make public–in which Brown says hello to his new team:

From: Eric Brown (SVP Global Communications)
Sent: Monday, July 06, 2009 6:00 PM
Subject: It’s great to be here!

Global comms team,

Thank you so much for the wonderful intro materials you gave me. I’m going to spend quite a bit of time on the org charts, budgets, plans, and results package you compiled for me. But I’ve been especially thrilled with the personal profiles you sent my way. I’ve seen other people whose phobias are the same as mine: spiders and heights; enjoyed how many of you put Paris as your favorite place on Earth; and am impressed with how many amazing books this group has collectively read.

I must also admit to being slightly intimidated by all of you who put “bad grammar” as a pet peeve and will triple check this email to avoid any grammar infractions…

I know I have a Thursday group meeting with you, but thought the least I could do on day one is return the favor and complete my own handbook profile. So here goes…

Date I joined Yahoo!: today (6 July 2009), though I did spend two days at the senior leaders meeting in mid-June and thank all of you who were there for the warm welcome in Half Moon Bay.

What I do here: lead a team of amazing, intelligent, motivated people who put Yahoo! in the best light possible and tell our story in compelling ways that make users and advertisers around the world want to embrace Yahoo! heartily.

Where I grew up: Warsaw, Virginia–a tiny town about 90 minutes from Richmond, Virginia and 150 minutes from Washington, D.C. For those of you who are American history buffs, Warsaw is about 10 minutes from the birthplace of Robert E. Lee and 15 minutes from the birthplace of George Washington.

Where I live now: Sunnyvale, California. Can’t beat the commute.

College: William and Mary in Williamsburg, Virginia. BA in English. Loved lit crit. Senior honors thesis was on post-WWII masculinity in American society as represented by the works of Norman Mailer.

My first job: an internship for the U.S. Navy (my parents’ employer—they were civilians) analyzing different process flow diagram software packages for a team creating warship defense systems. For the rest of high school and college, I had LOTS more fun as a waiter at dive restaurant called The Stagecoach. The food was ghastly; the people were amazing.

What I did before Yahoo!: I ran comms (PR, social media, internal comms, and exec comms) for NetApp, managing a global team of about 60+ people doing amazing enterprise and B2B work in 30+ companies worldwide. I’m very excited to learn “consumer” from all of you–and equally excited to share experiences from my almost 20 years in the business in return.

What I do when I’m not here: I love travel (had a super 3 days in the Blue Mountains outside Sydney two weekends ago), cooking (yes, seriously—cooking is very therapeutic and relaxing for me), and reading (though I haven’t picked up a Norman Mailer since my undergrad days).

If the Internet didn’t exist, what I’d be doing right now: teaching literature to high school students. I believe that at some point in my life, I have to return to society what it has given me. And I’d be a better teacher than firefighter or doctor!

Favorite place on Earth: Paris. I try to go there 3 or 4 times a year and have a couple of very close friends who are kind enough to let me crash with them. Second favorite is Hong Kong.

Proudest accomplishment: professionally–being part of the “inner counsel circle” for NetApp execs on a variety of comms and marketing issues (which I hope to be here at Yahoo! as well); personally–being a good friend, partner, and family member.

Favorite Yahoo! moment: there have only been 3 days of them so far—and all have been great. I felt very honored and lucky to be part of the Half Moon Bay leadership summit–and meeting people from all over Yahoo! there was inspiring.

Favorite book: someone who majored in literature can’t just name one, so I’ll split them into categories…Favorite works of literature: The Scarlet Letter by Hawthorne, The Awakening by Kate Chopin, and To Kill a Mockingbird by Harper Lee. Favorite work that kindled my imagination: The Hobbit by Tolkien. Favorite works that make me laugh: anything by David Sedaris (the man is wicked funny).

Favorite movie: two–Moulin Rouge and Orlando–both visually stunning.

My first car: a Buick Skyhawk in a horrible shade of brown–the thing was so ratty that I had to add oil to it every other day so it wouldn’t break down–it made its last hurrah on a cross-country trip from Virginia to California and made it over the Rocky Mountains without any issues but then was quite unhappy crossing the Sierra Nevada range.

My next vacation destination: somehow I think I’m going to be very busy for the next few months so I’m not planning any big trips, though I have told a friend I’ll attend his 50th birthday party in Munich and from there I’ll try to drive to Vienna for a few days.

My hidden talent: navigating subway systems when everyone else insists on taking a taxi (the exception: Tokyo–because it is just too darned crowded).

My favorite online video: I like online videos to catch up on things that MTV no longer carries–like videos from Gus Gus (though I only see one of their videos on Yahoo! Music…)

My guiltiest pleasure: ice cream in bed with the Kindle (yes, just as Elisa put in her email)–the ice cream HAS to be Ben & Jerry’s (LOVE being on this floor with the conference room names!) and my favorite is Peach Cobbler.

I have an intense fear of: spiders and heights–I even had a spider vacuum for a while so I didn’t have to come near ‘em or smash ‘em–but then I was scared they’d survive the suction and electric shock and crawl back somewhere–so now they’re routinely smashed.

My biggest pet peeve: beating around the bush–tell me what you want me to know because I’m not telepathic and say it without a lot of metaphor or subtlety–if you really want me to know something, please make it crystal clear.

My best celebrity encounter: dinner with friends in the outdoor section of the Restaurant du Palais Royal in Paris on a gorgeous May evening–next to us was Tom Ford (at the height of his Gucci power)–I have never wanted to NOT eat so much in my life.

Something few people know about me: I abhor cava (sorry to those of you in Spain)–champagne is my favorite drink on Earth, prosecco will do in a pinch, and New World sparklings are hit and miss–but I universally detest cava.

Best for advice for working with me (yes, a little changed from what you all submitted): honesty really IS the best policy–unless I’m having a bad hair day in which case please just don’t say anything about that at all.

Thanks again for having me here–and we’ll speak more on Thursday.

Best regards,
Eric