Virtual Licensing Shifts
Virtualization is supposed to make computing cheaper. But if you simply create
VM after VM, your costs will rise faster than Michael Phelps' net worth. And
if you move these VMs around, extra license fees will hit as vendors like Microsoft
treat the moved VM as a brand-new install.
Microsoft is loosening
up a bit. Before, an app had to be in place for three months before it could
be moved for free. Now, 41 different apps can moved around from server to server
for free. This isn't exactly a revolution, but will certainly support IT agility.
HP and Cisco Unify on Communications
When Microsoft entered the unified communications market, the folks at Cisco
were far from pleased. In fact, I'd gather you could hear the curses from Cisco's
San Jose headquarters all the way to Redmond.
Cisco wasn't going to take this laying down. Its most recent response is to
partner
with HP to jointly sell and market unified tools to IT.
The HP deal might also be designed to shore up some weaknesses in Cisco's unified
lineup, particularly VoIP, the cornerstone of any unified solution. Service
providers, the most demanding of VoIP customers, know and respect the Cisco
brand, but Cisco is clearly not
their No. 1 vendor.
Living with XP
Many of you...well, most of you...OK, nearly all of you are avoiding Vista and
sticking with XP. But Microsoft ain't making it easy. Go to Circuit City and
all you'll see is Vista, Vista, Vista. And Microsoft volume agreements are pushing
the new OS over the old.
How are you dealing with XP? Buying new machines and downgrading? Just not
using Vista licenses that come with your existing agreements? Tell us your story
by writing to [email protected].
Mailbag: Interop Future, Teaching
Hacking
After it was announced that Microsoft's OOXML has
been approved as an official standard, Doug asked readers about their thoughts
on interoperability and Microsoft's standards play. The outlook isn't very optimistic:
Redmond's history with standards development and interoperability has
ranged from a high of poor, to a low of deliberate sabotage. While I find
it amusing that everyone sees this as a move to a more open, competitive,
software environment, it is still inconsistent with Microsoft's business model.
In the history of man, there has never been an altruistic monopoly. No reason
to expect one now.
-Anonymous
I have old 16-bit Windows Write files that NO later
MS editor displays right. Not WordPad, not WinPad, not Word for Win 95 or
Word 97 or Word 2000, nor the Win 95 Write stub -- only old Win 31's original
Write.exe seems able to display or print those critters the way they were
originally designed to look and print. It'd be really refreshing if Windows
7 could offer some means of displaying and printing these correctly again
-- and maybe even editing them.
On another tack, it would be nice if whatever IE MS includes in Windows
7 would let itself be closed even when (indeed, especially when) not
all tabs have finished loading. Currently, the only way I can close IE 6 (in
XP) or IE 7 (in [ugh!] Vista) before everything has finished loading is to
kill its process with Process Explorer. I'm not holding my breath, though,
on either count.
-Fred
And readers share their thoughts on George Ledin, a professor
who teaches
his students hacking techniques -- and apparently gets a lot of grief for
it.
I also read this Newsweek article and I think he is right on the
money. If I were hiring someone to help with our security, I would place high
value on someone that had a clear understanding of hacker methodologies.
I sat in on a Microsoft Tech-Ed session on security once. It was conducted
by a Microsoft security professional who obviously knew how hackers operate.
I think this knowledge would be essential to a competent security professional.
-Anonymous
Keep your friends close and your enemies closer. Yes, teach hacking.
-Milton
Is it wrong to teach hacking techniques? If it is, then every police officer
is a criminal. Every computer science student needs to learn how to attack
a system. Otherwise they will not know how to defend against it or recognize
such attacks.
And for a very bad reference, look at Bruce Wayne in "Batman Begins."
He could not understand the criminal mind until he became one.
-Brian
How about looking at this question from a slightly different point of
view? How many good security analysts out there do not understand how the
attacks are committed? Zero. There aren't any. It is their business to know
how the attacks happen, and thus how to protect from those attacks.
Anybody can follow a list of best practices, but it takes people who
understand the attacks to be able to write and change those best practices,
and to understand how and under what circumstances you can deviate from those
practices.
-Dan
Like you, I believe the only way to fight hacking is to know hacking.
I believe learning hacking techniques is vital to anyone wishing to have a
career in computer security. Look at it this way: Wouldn't everyone like to
have some inside knowledge of their competition? Sports teams spend huge amounts
of time studying their competition. Companies are in a constant struggle to
not only find out what the competition is up to but to figure out how to be
one step ahead of them, as well. Why shouldn't we as computer security professionals
use the same techniques against our competition?
Learning hacking techniques has drastically changed my role as a network
administrator. When I prepare to publish a new application on my Web site,
it is no longer enough to simply make sure it looks good and functions properly.
The first thing that comes to mind is whether the application is vulnerable
to cross-site scripting attacks or buffer overflow attempts, and whether all
user input is properly validated and sanitized. Thanks to my knowledge of
hacking, I now look at everything I do from the perspective of my competition.
If you think that is a bad thing, then be prepared. Because your competition
is going to walk all over you -- and your network.
-Steven
I think you are absolutely on track. The outrage being expressed against
Ledin seems to fall into two camps. There's the Atomic Bomb Theory, which
says that making this information available to the student base greatly increases
the dissemination of knowledge that could otherwise be contained. Sort of
a Malware Non-Proliferation Treaty. However, the vast amount of malware out
there from disparate sources refutes this supposition. The people out there
that we need to worry about already have ample access to this information.
Then, there's the Secret Algorithm Theory. This is hinted at in the article,
where the state of malware protection is compared to that of cryptography
some decades ago. It was discovered that "secret" algorithms seldom
stay secret for long, and the real strength is known algorithms that are tested
on many fronts and still survive. In short, true security consists of finding
the risks and applying a disciplined approach to destroy them without mercy
(my true feeling on malware leaking through a bit). I would hazard a guess
that the major security players have internal training very similar to what
Dr. Ledin is offering at Sonoma State University. If there is any justice,
he will years from now be remembered as a leader in the emergence of computer
security engineering.
-David
Share your thoughts! Leave a comment below or send an e-mail to [email protected].
About the Author
Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.