Security flaws affecting Microsoft’s Content Management Server (MCMS) 2001 product have prompted the Redmond Wash.-based software maker to issue a “critical” security bulletin and urge system administrators to immediately apply a just-released patch. MCMS 2001 is a .Net Enterprise Server product for building and maintaining Web sites.
The most serious vulnerability lies in a user authentication function of the application, Microsoft noted, adding that an attacker could get complete control over the system running the software by entering malformed data into a Web page that uses this authentication function. Microsoft urges MCMS 2001 users to “immediately” apply the patch. Earlier versions of the product may be affected, but are no longer supported, Microsoft said. More information can be found at http://www.microsoft.com/technet/security/bulletin/MS02-041.ASP.
Storage partners target the enterprise
With bytes of corporate data growing like blackflies in June, Mississauga, Ont.’s NexInnovations Inc. has partnered with EMC Canada to offer storage systems and software. With the capability to assess, design, implement, train and support networked-storage infrastructures, NexInnovations is now one of 15 EMC premier solution partners in North America and the only one in Canada, said Rob Stroud, EMC’s Ottawa-based Canadian partner manager.
Hole discovered in Symantec firewall product
A vulnerability has been discovered in Symantec Corp. firewall products that would let a knowledgeable attacker hijack any connection to Symantec’s software-based or appliance-based firewalls, thereby potentially gaining unauthorized access to internal corporate resources. The remedy has now been made available at Symantec’s Web site for eight basic models of its Raptor, Enterprise Firewall and VelociRaptor firewall products.
The software patch remedies weaknesses in the algorithm used in the firewall to randomly generate initial sequence numbers. The main problem, it appears, is the algorithm wasn’t generating new sequence numbers quickly enough to thwart potential hijacking attempts to break in. Symantec has made the software fix available at http://securityresponse.symantec.com/.
U.S. IT spending to stabilize in 2002
IT spending by U.S. companies is expected to recover this year from its recent downward slide, with IT executives in North America spending 2.3 per cent more on computer hardware, software and services this year than last, according to a study published by Forrester Research Inc.
The survey painted a cautiously optimistic outlook on IT spending during the second half of the year, with 19 per cent of the companies surveyed indicating an intention to raise IT budgets by the end of 2002, Forrester said. On the down side, 12 per cent said they plan to cut their IT budgets. The most profitable products in the services market will be “specialized, smaller-scale offerings,” while data dissemination products like portals and business intelligence software will carry the software market, Forrester said.
HP, Sun spruce up Unix server lines
Hewlett-Packard Co. and Sun Microsystems Inc. are boosting their Unix server offerings. HP will now ship its 875MHz PA-8700+ processor with its four-, eight- and 16-way servers, which use the HP-UX operating system. The faster 875MHz processors were already available in HP’s high-end Superdome Unix system. HP has also added faster chips to its AlphaServer products – the ES45 and SC45 now ship with 1.25GHz EV68 processors, up from 1GHz.
Sun, meanwhile, announced its push further into the Unix server market with the addition of its fastest processor to its line of Sun Fire servers. While the technology is already available in some workstations, the Sun Fire 3800, 4800, 6800, 12K and 15K servers will all integrate the 1.05GHz UltraSPARC III processor.
More IT shops try portfolio approach
A growing number of U.S. businesses – led by blue-chip companies such as J.P. Morgan Chase & Co., Johnson & Johnson and Metropolitan Life Insurance Co. – are evaluating their IT investments with a more discerning eye by treating technology assets and projects more like financial portfolios.
According to research conducted by Stamford, Conn.-based Meta Group Inc., one in eight U.S. companies say they are now applying a portfolio management approach to evaluate their IT investments. IT executives and analysts said portfolio management can help companies better manage technology. The cost of IT projects is measured against their potential financial value, risk and business impact, and budgets can then be allocated to the ones with the highest potential returns.
Green Steak offers IBM users discounts
An IBM Corp. migration program (dubbed Green Steak) offers discounts of up to 50 per cent on hardware for users who move from old AS/400 server models to qualified new iSeries systems. The program is aimed at users of older green-screen AS/400 systems, such as those in the 4xx, 5xx and 6xx series.
Users of such systems can save up to half the cost of hardware if they migrate to either the iSeries server Model 270-2433 or Model 820-2436 before Dec. 31. In addition, users can receive a discount of up to 32 per cent off the one-time charge for software or software subscriptions if they order those items when they buy their hardware. But analysts say many users remain on older AS/400 models because there’s little reason to upgrade.
Linux stalls, Windows grows: survey
Revenue from new licences of the Linux operating system declined last year, after a two-year growth spurt. However, a shift in the business model around the open-source operating system is setting Linux up for a boost in revenue through 2006, a recent survey shows.
Sales of new Linux operating system licences declined five per cent from 2000 to 2001, according to a survey by research company IDC. But over the next five years, revenue from the sale of Linux systems is expected to grow from US$80 million in 2001 to US$280 million in 2006. Microsoft Corp.’s Windows operating system was the only system to show revenue growth from 2000 to 2001, said Al Gillen, research director of system software at IDC.