DEMOfall ’09 product spotlight: HP Skyroom

SAN DIEGO - One of the most striking enterprise products on display at this year's DEMOfall show has been HP's Skyroom videoconferencing software that combines instant messaging capabilities with high-definition video streaming. Even more interesting was the software's ability to create windows on their desktops where they can drag and drop pictures, audio files and video files that the person on the other end of the videoconference will then see on their own screen. During the product's demonstration at DEMOfall Tuesday, HP workstation global business unit vice president and general manager Jim Zafarana showed how users can simply click on names displayed on their Skyroom buddy lists to start impromptu HD videoconferences. During the demonstration, Zafarana received a streaming trailer for the film "Monsters, Inc." after his friend dropped it into the Skyroom conference window.

So when I purchase HP Skyroom, I'm not paying for any additional equipment? Slideshow: 13 hot products from DEMOfall '09 After his presentation, Zafarana sat down with Network World to discuss Skyroom's system and bandwidth requirements, its security features and its ability to integrate with existing enterprise chat protocols. I'm only paying for software? You have to meet the minimum system requirements of having a 2.3 GHz Intel Core Duo processor, and your machine has to run on Windows XP or Vista. Yes.

We're planning on having a version that runs on Windows 7 out in November. One of my colleagues in Boston, for instance, has fiber-to-the-home and he uses a VPN to hook onto the HP network and conference with us using Skyroom. We're targeting business customers and this software can really be optimized through company networks, whether it's an onsite network or a VPN with a good network connection. How fast of a data connection do you need to make Skyroom effective? If you have a one-on-one conference, then it's a 1Mbps requirement for high-quality video and you can dial down the quality to make it work at around 500Kbps.

It depends on what you're doing. If you do things such as video and picture sharing it'll take up more bandwidth. Is this designed for people who want to talk to people in other companies, or is it just for coworkers who want to collaborate? With the Monsters, Inc. video clip I shared today during the demonstration, for instance, I was probably adding 5Mbps to the requirements. At this point it only allows for intra-company conferencing.

The bits traveling over the network are encrypted at 256Kbps and they can only go through a VPN or a secure corporate network, so it's pretty secure. What are its security features? How much does Skyroom cost? Additionally, every new HP desktop workstation will ship with Skyroom as a complementary part of the entire package. The pricing model we have now is $149 per user for a license to use the software and there's no subscription fee.

How do I add "buddies" to my Skyroom videoconferencing list? If you have corporate Microsoft infrastructure with Office Communicator, for instance, it will pull your Office Communicator buddy list into Skyroom and all your colleagues on that list will show up as available for you to connect to as long as they have Skyroom installed. There are multiple ways for you to populate your buddy list. You can also use other communication software products such as Jabber Server, to leverage you buddy list into HP Skyroom. Any plans on expanding that? And finally, Skyroom currently limits that number of people who can participate in an HD videoconference to four.

Obviously we could do that in the future but we're not talking about that at this point.

Health Net says 1.5M medical records lost in data breach

A hard drive with seven years' worth of personal financial and medical information on about 1.5 million customers of Health Net of the Northeast Inc. was reported missing to state officials yesterday - six months after the drive went missing. Connecticut has data breach laws requiring individuals be notified of the loss of their personal data without reasonable delay. Along with medical records, the hard drive contains names, addresses and Social Security numbers of Health Net customers from Arizona, Connecticut, New Jersey and New York. The data loss, which occurred in May, was only reported by the insurance company to the Connecticut state attorney general's office and the Department of Insurance yesterday.

The data had not been encrypted. The device containing the data was an external, portable hard drive. Health Net, based in Shelton, Conn., had no information about the data breach on its Web site . Connecticut Attorney General Richard Blumenthal said his office is investigating the data breach. "Health Net's incomprehensible foot-dragging demonstrates shocking disregard for patients' financial security, as well as loss of their highly sensitive and confidential personal health information," he said in a statement. "I will demand immediate answers and action, including at least two years of comprehensive identity theft protection for consumers," he said. "We will demand identity theft insurance and reimbursement for credit freezes as well as credit monitoring for at least two years for all 446,000 consumers" in Connecticut whose data is at risk. According to a statement by Health Net, the information on the drive was saved in an image format that cannot be read without special software. The state's insurance commissioner, Thomas Sullivan, said he is requiring Health Net to offer credit protection monitoring through Debix, a company that provides identity-theft protection services.

Health Net plans to send letters to its customers officially notifying them of the incident. "Protecting the privacy of our members is extremely important to us," Health Net said. "We apologize for any inconvenience or concern this may cause our members." The company said that, to date, it has received no reports of misused data arising from the breach and pledged to provide credit monitoring for over two years "free of charge to all impacted members who elect this service, and will provide assistance to any member who has experienced any suspicious activity, identity theft or health care fraud between May 2009 and their date of enrollment with our identity protection service." Health Net of the Northeast is a subsidiary of managed health care provider Health Net Inc., based in Woodland Hills, Calif. Health Net Inc. is a $15.3 billion company that provides managed medical coverage to some 6.7 million customers in the U.S. Health Net of the Northeast currently has about 580,000 members and a physician network comprising more than 160,000 doctors, 5,440 pharmacies, and 244 hospitals throughout Connecticut, New York, New Jersey, and Pennsylvania.

U.S. house decommissions its last mainframe, saves $730,000

The U.S. House of Representatives has taken its last mainframe offline, signaling the end of a computing era in Washington, D.C. The last mainframe supposedly enjoyed "quasi-celebrity status" within the House data center, having spent 12 years keeping the House's inventory control records and financial management data, among other tasks. How to really bury a mainframe The cost and energy savings contribute to the Green the Capitol program designed to improve efficiency in the halls of Congress. But it was time for a change, with the House spending $30,000 a year to power the mainframe and another $700,000 each year for maintenance and support. Applications running on the last mainframe have been moved to x86 and Unix servers, many of which are using virtualization technology that first appeared on the mainframe decades ago.  "It's a symbolic transition into the latest and greatest in terms of green technology, virtualization, consolidation and all those things," says Jack Nichols, director of enterprise operations at the House of Representatives. "The mainframe plug was pulled, but it was pulled in favor of something that was started in the mainframe world."  The House had been using mainframes since at least the early 1970s, and at one time had a 13,000-square-foot data center dedicated to mainframe and mainframe operations.

The last mainframe was an IBM model in place since 1997, and was situated in the http://en.wikipedia.org/wiki/Ford_House_Office_Building ">Ford House Office Building. "It wasn't the fastest box in the world," says Rich Zanatta, director of facilities for the House. "Some of our blades and some of our standard servers have more capability than that entire 8-cubic-foot box has. As mainframes grew stronger, the House moved down to just one machine, in addition to other types of servers. Technology-wise, it's obviously been surpassed." New mainframes are far more powerful and efficient than those built in the 90s, of course. It will be turned over to the U.S. General Services Administration, and could resurface in the used mainframe market. But the House decided not to buy another mainframe in part because its IT staff has more expertise running x86 and Unix boxes. "We really don't' have those [mainframe] skill sets in house anymore," Zanatta says. "We try not to maintain architecture that we can't support ourselves." The staff for House Chief Administrator Officer Daniel Beard held a ceremony to take the mainframe offline Friday.

The House also had a second mainframe in a backup site, the location of which is secret, which was also shut off.  Decommissioning the mainframe involved getting rid of lots of large, bulky cables, not to mention migrating applications to newer systems. But the House staff has been working to move those applications to new servers for the past five years, a process that just ended. The mainframe had been running a half-dozen applications including staff payroll, inventory management, committee calendars and other legislative tasks. Turning off the mainframe is a big step in reducing the House's server footprint. The mainframe was consuming 10,000 to 15,000 watts an hour, and maintenance and support costs were increasing because it was so out-of-date. "As it increases in age, so does the maintenance cost," Zanatta says. "We were starting to hit that threshold of pain."

Already, the House consolidated about 150 test servers down to 20 through virtualization, and consolidated about 120 production servers onto 15 or 20. "Those are dramatic savings for us in the way of power and cooling," Zanatta says.

What's replacing P2P, BitTorrent as pirate hangouts?

Driven by increased crackdowns on BitTorrent sites such as The Pirate Bay, software pirates are fast-moving their warez to file-hosting Web sites. Hyperlinks to the software can then be distributed by pirates via Web sites, instant messages, or social media sites such as Twitter, said Vic DeMarines, CEO of anti-piracy software vendor V.I. Labs. "It's incredibly easy to use. Sites such as RapidShare, Megaupload, and Hotfile let anonymous users upload large files such as cracked software for free.

And what you get is essentially your own private FTP server," DeMarines said. These memberships, such as the 30-day premium access for $6.99 Euros at Rapidshare, let users download files immediately and without any caps on bandwidth. While sites such as RapidShare allow free downloads, they make their money by charging heavy downloaders for premium memberships. Trade in pirated digital goods , whether it is movies, music or e-books or software, is what drives the popularity and business model of firms like RapidShare. A spokeswoman for Cham, Switzerland-based Rapidshare declined to comment on the V.I. Labs report, saying she would need more information. The site told The New York Times earlier this year that it hosted 10 petabytes of data and up to 3 million downloaders at a time . The Association of American Publishers estimates that half of the pirated books found by its members were linked to Rapidshare. "There's a lot of money being made," said DeMarines. "Without hosting pirated goods, I'm not sure what their revenue model would be." According to a recent investigation by V.I. Labs into the availability of pirated software from a sample of 43 vendors, 100% were on RapidShare.

The site is already among the top twenty most popular in the world, according to Alexa. Though Rapidshare has faced lawsuits related to piracy, DeMarines says it and other file-hosting sites are tricky to prosecute legally becuase uploaders are not required to register or identify themselves. Uploads and downloads to Rapidshare account for 5% of all Internet traffic globally, says German networking vendor Ipoque. Also, Rapidshare tries to distance itself from any knowledge of the pirated goods by not filtering or monitoring the content on its servers. "For us, everything is just a file, no matter what," a spokeswoman told The Times in March. The company even grants certain organizations direct access into their service, so that they can go ahead and delete the hyperlinks and pirated files themselves, DeMarines said. DeMarines said Rapidshare does comply with the Safe Harbor Provisions of the U.S.' Digital Millennium Copyright Act (DMCA) by quickly taking down pirated files when notified by the copyright holders.

Peer-to-peer networking (P2P) does still remain the largest channel for distributing pirated software, movies and other digital content. The most popular network remains BitTorrent , which is used by six out of 10 P22 users, V.I. Labs said. Ipoque said it enables between 43% to 70% of piracy, depending on the region of the world. eDonkey is a distant second, with 20% share, despite hosting almost 900,000 users and 77 million files at any given time. But file-hosting is growing much faster, Ipoque said, already enabling between 15% to 35% of digital piracy, depending on the region of the world. Once-popular Gnutella is ranked third, with a market-share in the single digits.

DeMarines said he expects file-hosting sites to eventually supplant P2P. "P2P is on its way down. Other long-running methods for distributing warez are either stagnant or shrinking. They're too visible, and so the copyright organizations are going to take these BitTorrent tracker sites out," he said. Usenet newsgroups, for instance, have lost popularity due to the large amount of pornography and malware mingled in with the warez, DeMarines said. Internet Relay Chat (IRC) is "not favored" as a way to transmit files, though announcements and links on IRC to warez hosted on file-hosting sites is growing, DeMarines said.

Microsoft patches 12 bugs, including IE8-only flaws

Microsoft today patched 12 vulnerabilities in Windows, Office and Internet Explorer (IE), including three critical bugs in the company's newest browser, IE8. Of the 12 flaws fixed in Tuesday's six security updates, seven were rated "critical," the highest severity ranking in Microsoft 's four-step scoring system. It trumps the bunch." Richie Lai, the director of vulnerability research at security company Qualys, echoed Storms. "MS09-072 affects IE, which is a big attack surface," said Lai, "and the vulnerabilities are primed to be exploited by classic drive-by attacks." "Definitely take a look at that one," chimed in Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. "Browser attacks are the most prevalent of all attacks." One of the five fixes included in the IE update addressed the zero-day vulnerability that Microsoft confirmed last month after sample attack code that exploited a flaw in IE's layout parser went public. Four of the remaining flaws were pegged as "important," one step lower on the scale, while the final vulnerability was labeled "moderate." Security researchers unanimously voted MS09-072 , the five-patch update for IE, as the one that demands immediate attention. "That's certainly the one to watch," said Andrew Storms, the director of security operations at nCircle Network Security. "You can't focus enough attention on the IE update. Storms applauded Microsoft's speed in quashing the bug. "That was record time for Microsoft, to patch in just two weeks," he said, adding that it usually takes the company a month or more to ready a fix. "The holiday online shopping season had to increase the pressure to patch, but then again, it looks like Microsoft already knew about the bug," said Storms, referring to the credit that Microsoft gave to VeriSign iDefense for reporting the flaw.

But the fact that two are IE8-only makes us wonder if Microsoft's Security Development Lifecycle is working." Security Development Lifecycle, or SDL, is the term Microsoft's given to a development process that stresses security testing as a piece of software is being written. "[The flaws] could be in new code or old code, but we don't know where they were brought into the process," Storms said. But the big news today, said Storms, Lai and Miller, was the fact that of the five IE vulnerabilities in MS09-072, three affect the newest edition of the browser, IE8. Two of those three affect IE8 only; Microsoft's other browsers were immune. "You can bet that engineers at Microsoft are as depressed about these bugs as much as we are," Storms said of the IE8 vulnerabilities. "The question is why they're there," Storms continued. "It would be easier to explain if both IE8 and IE7 were vulnerable, as is the case with one of the vulnerabilities. Even so, Storms, Lai and Miller all bet that the fault lay in new code Microsoft crafted for IE8. "I'd say it was in new features," said Lai. "Microsoft made a lot of HTML updates to IE8 to reach standards compliance, so I'm pretty sure the bugs are in the new code base." "New features means more code to be reviewed, and more likelihood of something slipping through," Storms noted. "Old code, you would expect has been reviewed more than once already." "Sometimes code is dropped [from a program] and new code is used instead," said Miller. "They're in the brand-new code and the new technologies in IE8." Attackers will likely come up with working exploits for the IE vulnerabilities patched today, Microsoft said, giving four of the five bugs an exploitability index rating of "1." That means reliable attack code will probably appear in the next 30 days. Lai's colleagues at Qualys didn't agree with Storms. " MS09-070 needs attention," said Amol Sarwate, the manager of Qualys' vulnerability research lab, pointing to the bulletin that patched two vulnerabilities in Microsoft's Active Directory, a critical component within enterprises. The remaining five security updates, which patched an additional seven vulnerabilities - just two of them considered critical - are also-rans in Storms' mind. "All the rest of them have some kind of mitigation," he said, ranging from a requirement to have authenticated access to a wireless-only attack vector. Wolfgang Kandek, Qualys' chief technology officer, added MS09-073 to the list of apply-now updates.

Although an exploit won't exactly be easy, [attackers] won't have trouble finding out how to do it." The bright spot on this Patch Tuesday was the immunity of Microsoft's newest operating system, Windows 7 , to any of today's updates, said the researchers. "Except for the IE8 bugs, there were none for Windows 7," said Miller. "So that's a good sign." But it's too early to call Windows 7 a resounding security success, Miller cautioned. "Remember, Vista was much the same when it came out," he said. The bulletin patches WordPad, the minimalist text editor included with all versions of Windows, and the text converters used by Microsoft's Office suite to parse Word 97 documents. "File format vulnerabilities tend to be downplayed," acknowledged Kandek, "but everyone has WordPad. Microsoft also released a pair of security advisories today that spelled out additional tactics for users and company administrators to further protect Windows against attacks already disclosed, or that have actually been used in the past. This month's security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

Week in Windows 7 news: Family Guy, Michael Dell embrace OS; the netbook OS of choice?

A look back at the week's biggest Microsoft Windows 7-related news stories:   Family Guy meets Windows 7 According to PC World, "Microsoft is sponsoring a Windows 7 television extravaganza next month in collaboration with FOX and 'Family Guy' creator/voice actor Seth MacFarlane. It's a dramatic improvement."   Existing PCs, laptops okay with Windows 7  Nearly 90% of existing desktops and laptops within corporations can support Windows 7, but many of those assets are aging and will provide only limited grease on the skids of a migration to the new Microsoft operating system, according to a new survey. The program's working title is 'Family Guy Presents: Seth & Alex's Almost Live Comedy Show,' and will weave Windows 7 promotions into the television special."   Michael Dell: hates netbooks, loves Win7 The Dell CEO, answering questions at a Churchill Club dinner in Silicon Valley, gave netbooks a big thumbs down, but said he thinks Windows 7 can restore our faith in PCs. "If you get the latest processor technology and you get Windows 7 and Office 2010, you will love your PC again," Dell said. "And we actually have not been able to say that for a long time.

Companies will have to weigh the potential costs associated with maintaining those aging machines against the cost of a migration to new hardware/software and upgrading of some existing applications.   Windows 7 is hot pick in enterprise netbook market  Microsoft has a lock on the enterprise netbook market. IT staffers were asked by Chadwick Martin Bailey, a custom market research and consulting firm, which netbook operating systems they had decided to standardize on in the next 24 months (respondents could standardize on more than one). Nearly a third, 29%, said they planned to standardize on Windows XP, which Microsoft repositioned in 2008 and 2009 as it saw netbook sales beginning to soar.   Apple stealing some Windows 7 thunder  The latest reports on PC sales are relatively encouraging given the overall economy, with Gartner saying they were up 2.5% in September vs. last September and IDC finding them up 3.9%. But sales of Apple Macs are up even more.   Acer can't wait for official Windows 7 announcement  Acer has unveiled a new version of its Aspire One netbook running Windows 7 and plans to put it on sale simultaneously with the new operating system's debut next week. According to a new study of 145 IT professionals, the operating system of choice for IT netbooks is Windows 7, followed by Windows XP. The three alternatives, Linux, Mac OS X and Google Chrome, each won the allegiance of 10% or fewer respondents. The Aspire One D250 has a 10.1-inch screen, which is the same size as current Aspire One computers but the resolution has been increased to 1,280 pixels by 720 pixels. The computer features a 1.66GHz version of Intel's Atom N280 processor and a 160GB hard-disk drive.   For more on Microsoft, visit Network World's Microsoft subnet, an independent community.  IDG News Service and Network World's sister publications contributed to this report.

Verizon CTO: 'We told you so' about FiOS

Verizon CTO Dick Lynch has a simple message to anyone who doubted his company's wisdom in building out a fiber-to-the-home (FTTH) network: We were right, you were wrong. Lynch put particular emphasis on chiding skeptical analysts and rival companies that tried to cast doubt upon Verizon's fiber plans. "In an attempt to maintain the status quo, our competitors did their best to create customer confusion around fiber-optic services," he said. "They claimed that their networks had been fiber for a decade, and they distributed misleading messages about the quality of FiOS. Their communications strategy was to create confusion and apathy and some people fell for it." Slideshow: Ma Bell's 25-year oddysey   Specifically, Lynch singled out a "potential customer" that told The Washington Post a few years back that "there's nothing on the Internet that requires that kind of bandwidth." Now, with the rise of YouTube, Facebook and other bandwidth-intensive Web applications, Lynch said that Verizon is having the last laugh. "With the exception of our competitors, everyone secretly hoped we would succeed," he said. "The industry experts would publicly say, 'Verizon is spending too much' or 'consumers don't need fiber.' But then they'd turn around and call us to find out how soon FiOS would be coming to their neighborhood." Verizon's FiOS services offer customers peak download speeds of 50Mbps and peak upload speeds of 20Mbps. Speaking at the FTTH Conference and Expo in Houston Tuesday, Lynch crowed about his company bringing FiOS Internet services to an estimated 3.1 million subscribers in the United States. Cable companies this year have begun ramping up their tests for faster services to compete with FiOS, as Comcast and Cablevision have started rolling out new Internet services based on the DOCSIS 3.0 standard that will offer businesses potential peak download speeds of 100Mbps.

Verizon has said in the past that it is trialing 100Mbps FiOS technology, although the company has given no timeline for when that technology might hit the market.