The iPad mini: 2013's next big business tool?

Not long after the iPad mini launched last fall, Cameron Yuill, the founder of AdGent Digital, started using the device to make business presentations.

Convenience was one reason: The iPad mini has all the capabilities of its bigger predecessor, including wireless AirPlay mirroring that allows him to project the tablet's screen onto a nearby TV. But salesmanship was a factor, too: There's nothing like arriving at a meeting, seemingly empty-handed, only to pull the latest and greatest Apple technology from a jacket pocket.

"I pull it out and people are quite astounded," says Yuill, whose company provides advertising on mobile platforms. "We're in the business, so we're promoting the usage as much as we can."

Months after the iPad mini launched to the public, the device appears to be a hit in the consumer sector, combining with the fourth-generation iPad to sell more than 3 million units in the opening days of the product's life. But analysts have yet to determine whether the new, miniature tablet will follow its larger iOS predecessors from the living room to the boardroom--and if so, what route it will take to get there.

Schools and hospitals

Two institutions likely to be big iPad mini adopters are schools and hospitals. The first is understandable. Schools already use the iPad, but want to cut down on technology costs. At $329, the iPad mini's starting price is $170 less than that of the iPad with Retina display. Lynn University in Florida will distribute the tablet to freshmen next fall, and the East Jordan, Michigan, school district is buying 770 units of the iPad mini. In the meantime, KinderTown--a developer of educational apps aimed at the 3- to 8-year-old set--saw a dramatic rise in iPad mini usage after the holidays. Inside Higher Ed has endorsed the iPad mini's suitability for classroom use.

But why hospitals? For an unexpected reason: The 7.87-inch-long iPad mini is just the right size to fit in the 8.5-inch-deep pocket of a standard medical lab coat.

"It really fits that lab coat pocket," says Marianne Braunstein, vice president of product management atEpocrates, which makes medical apps for iOS devices. A survey that her company conducted ahead of the iPad mini launch found that one in three doctors planned to buy the new, smaller tablet.

"They're moving constantly between exam rooms, around the hospital...they're very, very mobile people in their careers," Braunstein says. "They need to have devices that allow them to be very portable."

The iPad mini might seem to be at a disadvantage in a hospital, since it doesn't offer the high-resolution Retina display of its bigger counterparts. But Dr. Stephen Ferzoco, chief medical officer atMobiquity Inc., agrees that doctors will be seeking out the mini: The bigger iPad, he says, is just too cumbersome.

"From a form factor standpoint, doctors can now carry the mini device around in their coat pockets," he says. "This effectively means that their electronic medical records, order entry, reference materials, and imaging capabilities are within arm's reach at all times."

Even in hospitals, though, Braunstein expects that doctors will have to bring in the iPad mini themselves, rather than using hospital-issued models.

"For the most part, it's going to be the individuals," she says. "These devices make their lives easier, so that's what they're going to be bringing into the workplaces."

The winding path to adoption

Previous iOS devices entered the workplace quickly, but by wildly different routes.

The iPhone, for example, was initially disdained by IT departments that had built their security infrastructure to support the then-dominant Blackberry line of phones from Research in Motion. But the iPhone elbowed its way into the office anyway, initially brought in by top executives and then, increasingly, their underlings--forcing IT departments to adapt. The "bring your own" approach worked for Apple: More than five years later the iPhone is one of the dominant smartphones in the enterprise market.

The iPad, in contrast, was more immediately embraced by institutions--and ended up being distributed in businesses and other workplaces on more of a top-down basis. Within months of its 2010 launch, the tablet was at work in car dealerships, cockpits, and medical schools, as institutions recognized that it could help reduce paperwork and provide more mobility to users than traditional laptop computers.

Analysts say that they expect the iPad mini to follow the iPhone's trail into the workplace, arriving initially as a BYO device before institutions grasp how to use the small tablet to their advantage.

"I think it's hard to say it's going to definitively follow one [route] or the other," says Frank Gillett, a vice president and principal analyst with Forrester Research in Massachusetts. "The mini, because it's so small, will follow an individual approach initially--though some businesses will find a smaller, less expensive screen appealing."

The larger iPad should remain the device of choice for many businesses, Gillett says, since cash register applications such as Square Register and business applications such as SalesForceprobably make more sense on the bigger tablet. But in other instances--particularly where device cost is a major factor--the iPad mini has an advantage. It could also prove advantageous in situations where space is at a premium, particularly for users who spend lots of time on planes and in other cramped locations.

"It's like a lot of other things," Gillett says. "You pick the right tool for the job."

Read more »

What IT needs to know about near-field communications

The rise of near-field communications (NFC) has been part of the discussion in the mobile industry for years. Unfortunately, the technology hasn't generated much more than discussion to this point.

So far, all who have predicted the ubiquity of the point-to-point communications technology have been wrong. Executives at major tech companies - Apple and eBay, for example - have scoffed at the idea of NFC as an everyday tool, and consumers in general still have no idea what it is.

Regardless, the technology provides ample opportunity for businesses, and is still expected to make a slow climb to relevance over the next few years. With separate factors helping to drive growth of the technology into new markets, it's time to consider how NFC can help in the enterprise.

Read more »

Samsung investigates worker's death following chemical leak at chip plant

A chemical leak at a Samsung Electronics plant in South Korea has resulted in the death of a contract worker, while four others have been discharged from a hospital after treatment, the company said Monday.

Hydrofluoric acid leaked from a chemical supply system during a maintenance operation at Samsung's Hwaseong site, the company said. A service company sent the contract workers to deal with the problem, Samsung said.

"Sadly, one worker died due to complications," the company said in a statement offering condolences to the contractor's family.

The Hwaseong site, near Seoul, is home to one of the world's largest memory chip factories. Last June Samsung said it will invest almost US$2 billion in a new production line due to open there by the end of this year. The line will use 20-nanometer and 14nm production processes to make mobile application processors on 300 millimeter wafers.

Korean media reports said the leak, of about 10 liters of hydrofluoric acid from a tank with a capacity of 500 liters, began around 11 p.m. local time on Sunday.

Yonhap News Agency reported that the company delayed reporting the leak for up to 15 hours after it occurred.

Hydrofluoric acid is used to etch away silicon oxides in the manufacture of semiconductor wafers.

It is highly corrosive and can also dissolve glass and stainless steel. It burns exposed skin, and over-exposure to vapor or mist can cause tissue damage and death.

Samsung said the leak has been contained and that it will investigate the circumstances surrounding the incident.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter atpeter_sayer@idg.com.

Read more »

Security software showdown! 9 antivirus suites empirically tested

If you're like a lot of people, when it comes time to renew your security software, you may ask yourself, "Do I really need to upgrade to the latest version?" The answer is yes. Keeping up-to-date is generally a good idea, as new threats surface constantly. And if you value mobile security or use a social network, this year's crop of security suites is worth paying attention to.

An increasing number of security suites now feature special tools to help protect you on social networks--a growing target for spammers, scammers, and other parties who want to get at your personal information. For example, Trend Micro's Titanium Internet Security suite comes with a handy tool that highlights any possible areas of concern involving your Facebook privacy settings. Various suites also include tools that will scan links on social networks so that you aren't duped into clicking a malicious link hidden behind a URL shortener.

If you own a smartphone or tablet, or both, the security class of 2013 has some new tools for you. And some security packages come with a mobile app that provides protection against mobile malware or includes other features such as GPS tracking to help you find your phone should it go missing. These apps often also include remote-wipe capabilities that let you delete the contents of a missing phone or tablet so your private data doesn't end up falling into the wrong hands.

In addition, Windows 8 has changed the way security software makers design their programs. Many of the suites we looked at this year sport redesigned interfaces that include larger buttons and controls made to be more touch-friendly.

As usual, we teamed up with the fine folks at AV-Test, a respected antivirus testing lab based in Germany. AV-Test ran each suite through a comprehensive battery of tests to find out how well each would stand up to the worst malware currently in existence. AV-Test also performed speed testing to determine whether the suites will slow your PC to a crawl. We analyzed the data that AV-Test provided, and then tried each of the products ourselves to give you an idea of which suites you should go for--and which ones you should pass on.

Here are the suites we tested. You can click on each link to read individual reviews, or simply read this list for quick star ratings and summaries.

1. F-Secure Internet Security 2013 -- 4.5 stars (Superior). F-Secure's latest suite offers excellent protection and a friendly user interface.

2. Norton Internet Security 2013 -- 4.5 stars (Superior). With its great detection rate and Windows 8-ready design, Norton's suite is definitely worth a look.

3. Trend Micro Titanium Internet Security 2013 -- 4.5 stars (Superior). This "titanium" suite earned high marks in almost all our detection tests, and it has a nice interface.

4. Bitdefender Internet Security 2013 -- 4.5 stars (Superior). Bitdefender has a user-friendly interface that will appeal to people of all experience levels.

5. Kaspersky Internet Security 2013 -- 4 stars (Very Good). Kaspersky lets both beginners and advanced users get the most out of its suite, and scored well in our tests.

6. McAfee Internet Security 2013 -- 4 stars (Very Good). McAfee didn't earn top marks, but it's still a proficient, user-friendly antimalware program.

7. G Data InternetSecurity 2013 -- 3.5 stars (Very Good). G Data has an effective suite, but in­­stallation is a hassle, with a settings panel that's more suited to advanced users.

8. AVG Internet Security 2013 -- 3.5 stars (Very Good). AVG's security program is perfectly re­­spectable. But perfectly respectable just doesn't cut it these days.

9. Avira Internet Security 2013 -- 3.5 stars (Very Good). This suite is competent at detecting, disabling, and cleaning up malware, but its user interface is unfriendly.

BEST OVERALL: F-Secure Internet Security 2013 F-Secure's 2013 suite kept our test system free of malware and did a great job of cleaning up infections that made it onto our PC. It's speedy and well designed, too.

BEST PROTECTION: Trend Micro Titanium Internet Security 2013This suite had the most well rounded protection of all the suites we looked at. It proved effective at keeping malware at bay and at cleaning up infected PCs.

BEST SPEED: Norton Internet Security The days of Norton being ridiculed as slow are long gone: Norton's newest suite had lightning-quick scan times, and its impact on overall PC performance was minimal.

BEST INTERFACE: Norton Internet Security We liked Norton's polished, easy-to-use interface and one-click installation process. It's also designed to be Windows 8-friendly.

A competitive field

The security software market is highly competitive and it showed in our test results. In our testing, no suite detected less than 97.8 percent of recent known malware samples, and blocked below around 94.4 percent of new malware in our "real-world" attack-blocking tests. False positives were also largely a non-issue. But if you look closely,there are still some notable differences.We noticed a fairly wide difference in terms of ease of use between the suites we looked at. While some--like Norton and Trend Micro--were very user friendly and polished, others--like Avira and G Data--were less so and seemed to be designed withexpert users in mind.In the end, even the lower-ranked suites performed reasonably well, but simply didn't stand out enough to claim a higher ranking.

What you don't get in these suites

For the sake of this story, we looked at mainstream Internet security suites, but most security companies also sell more feature-complete "advanced" suites. These suites include products like Norton 360, Trend Micro Titanium Maximum Security, and AVGPremium Security.For the most part, these advanced suites feature the same basic antivirus engine as the more basic suites, but will also include PC maintenance tools, online backup, additional parental controls and privacy controls, and more.What comes in the more advanced packages compared to the more basic suites does very between manufacturers, though: Some include a mobile app with the basic suite, while others include it only in their advanced suites. In general, though, the basic suitescontain just about everything you'll need to keep your PC protected.

Threats to watch for in 2013

(by Tony Bradley)

More sophisticated phishing Email and text messages that contain links to malicious websites will improve in quality to the point that they'll be virtually indistinguishable from legitimate communications. The messages will become more polished and professional--no more broken English and poor grammar.

Watering-hole attacks A drive-by download is a twist on the concept of browser-based attacks. In this sort of attack, cybercriminals post malicious content on a Web page, and then try to figure out some way to lure you to visit the website. If the PC you use to visit the website is vulnerable to the exploit used by the attack, malware is downloaded and the system is compromised. In 2013, though, attackers will continue to hone in with more precise attacks known as "watering hole" attacks. Rather than casting a wide net (as attackers do with drive-by downloads), the watering hole attack is more precise.

Data breaches In 2013, attackers will continue to target weak security on Internet-facing database systems to acquire thousands or millions of compromised records at once rather than going after individual users. Unfortunately, there isn't much you can do to prevent this sort of attack, but you can go on the defensive by being vigilant. Monitor your bank and credit card statements and report anything suspicious to your financial institution.

  Note: Click on the chart image below to see a summary of our findings.

Read more »

Acquisition math: Belkin CTO predicts outcome of Linksys deal will be "1+1=3"

News that Cisco intended to divest its Linksys home-networking business unit broke last December, but Belkin's decision--announced last Thursday--to acquire that division came as a surprise. Belkin's intentions are even more interesting: The company isn't just buying a prestige brand to slap on its existing home-networking product line; it plans to market networking products under both brands.

When I asked Belkin's Chief Technology Officer Brian Van Harlingen how that might benefit consumers, he replied that Belkin's employees "strive to understand user needs, and deliver a good user experience. The philosophy at Linksys isn't fundamentally different, but each company has different strengths. Linksys did [the cloud-based router administration software] Smart Wi-Fi, and we've done great work in terms of quality of service [QoS describes the ability to assign priorities to different data flows, so that gaming and video traffic are given priority over downloads]. Where do those things come together? We think the ultimate outcome of putting the two companies together will be 'one plus one equals three.'"

According to Van Harlingen, Belkin "sees Linksys as a premier brand. They brought wireless networking into the home. But our intention is to maintain both brands in networking; each has a unique appeal to consumers, and we think we can create differentiation for the two product lines."

Van Harlingen says Belkin also sees an opportunity to grab some market share in the small to medium-size business market, a market that Linksys had largely drifted away from while under Cisco's control. "We're still working on long-terms plans and product roadmaps, but Linksys goes back a ways and [the brand] had some real credibility in the SMB space. We see some opportunity there."

Van Harlingen said the Linksys acquisition would also help Belkin grown its budding line of home-automation products, marketed under the WeMo brand. "Those are some of the products we're proudest of, and we are expanding in that area. We announced a new light switch at CES, as well as Android support, and we're integrating video cameras."

"The beauty of the WeMo line using a Wi-Fi network, as opposed to Z-Wave or ZigBee" Van Harlingen continued, "is that you can buy a product that will perform a function without depending on another product. You don't need a gateway [as a master controller that integrates lighting and other home controls, as the Z-Wave and ZigBee protocols generally require]. It's much less confusing for the consumer."

I couldn't resist the opportunity to ask Van Harlingen if Belkin had learned anything from Cisco's poorly conceived decision to proactively install new firmware on some of its high-end Linksys routers that were already in the field without informing the people who had purchased them. The new firmware not only forced users to switch to Cisco's cloud-based admin tool, but it also came with terms of service that many viewed as an egregious invasion of privacy. Cisco eventually reversed its decision.

"I can't criticize them [Linksys] for that," said Van Harlingen. "We've made our own missteps over the years. They were really excited about delivering the benefits of Smart Wi-Fi to as many of their customers as quickly as possible. Our approach will be 'let's listen to our customers very carefully before we take any dramatic actions.'"

Since mergers and acquisitions rarely occur without some job losses, I also asked Van Harlingen if Belkin planned to retain Linksys employees across the board, or if the company wanted only the Linksys engineering teams. "Across the board," he replied. "We intend to merge the two companies. Linksys has incredibly talented people in key roles. But we will be looking for places, where there are opportunities, where it makes sense to leverage--I guess redundancy is the word."

Read more »

HP offering data-breach response and remediation services

HP today announced data-breach remediation services intended to help organizations prepare for an incident related to data loss that would require fast response to meet both legal and digital forensics requirements.

"It's not if, it's when a breach occurs," said Andrzej Kawalec, global chief technology officer at HP Enterprise Security.

[ Symantec CEO on reorg: "Our system is just broken" ]

HP's services from consultants include working with internal security and management teams to prepare for regulatory notifications and public response by establishing a clear set of practices and processes for data breach incidents. It also includes the HP Breach Response Service for round-the-clock monitoring to detect and respond to intrusions, with HP on call to dispatch its security team to the client's location to investigate any breach and work through remediation.

Jeremy Ward, manager at HP Security Services in the U.K., said HP can provide digital and computer forensics services to pull together evidence related to a data breach. "The forensics readiness services gets the clients prepared," Ward said. HP anticipates its services, which would cost about $20,000 depending on the size of the business, will have the most initial demand in North America and Europe, though the need could come from "anywhere in the world."

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Read more »

IBM to beef up content management, analytics in Connections enterprise social product

IBM will launch before midyear several new and improved collaboration and communication products, including a new suite for human resources tasks and a major upgrade of its Connections enterprise social networking product.

The company, which will unveil the products at its Connect 2013 conference in Orlando on Monday, will also announce improvements to its enterprise social suite for marketers.

The upgrade to its IBM Connections enterprise social networking platform will feature new analytics features so that administrators can monitor usage, such as collaboration trends among employees and engagement with customers in social media services like Twitter and Facebook.

IBM Connections 4.5, which will be available in March, will also feature new document and content management capabilities, as well as an "ideation" tool to manage brainstorming processes. This new version will also feature deeper integration with Microsoft Outlook, so that users can access IBM Connections features within their Outlook interface.

"This 4.5 version is a momentum announcement," said Rob Koplowitz, a Forrester Research analyst. "IBM continues to grow, add functionality to and improve Connections."

The content management functionality makes Connections a stronger competitor to Microsoft's SharePoint, which in turn is encroaching further into the Connections territory with its upcoming integration with the Yammer enterprise social networking software.

The suites for human resources and marketing departments are designed to give employees collaboration tools like microblogging, IM, video conferencing, activity streams, employee profiles, document sharing, content rating, wikis and discussion forums.

The new IBM Employee Experience Suite will include existing IBM enterprise social and communication software along with human resources management applications from Kenexa, a company IBM acquired in December for $1.3 billion. This new suite will be available in this year's first half.

Meanwhile, the existing IBM Customer Experience Suite, designed for marketing departments, will gain a new capability to let marketers push content, like ads and promotions, to social networks "with one simple click" and without requiring IT involvement.

IBM also plans to ship in March an upgrade of its Notes-Domino email and collaboration software, called IBM Notes and Domino Social Edition 9.

"We have an enterprise social business platform that is for social networking, content management, analytics, and can be leveraged across all business departments," said Jeff Schick, vice president of social software at IBM.

During the opening session of the conference, Jeff Bowman, global e-business manager at Caterpillar, the maker of heavy machinery equipment and industrial engines, said that his company is using IBM enterprise social products to extend its traditional face-to-face interactions with customers into the online realm.

"We're funding e-business at an unprecedented rate at Caterpillar," he said, adding that the efforts are at an early stage, but driven by a sense of urgency prompted by competitive pressure.

The online effort attempts to fine-tune the entire "customer experience lifecycle," including being where current and prospective clients are, such as in search results and social media channels, and delivering a "virtual" sales representative experience that manages "to make tractors sexy online," he said.

Caterpillar is also sharpening its online support capabilities and launching a new e-commerce platform that makes it faster and easier to purchase parts online, Bowman said.

Meanwhile, Ross Grossman, vice president of human resources at Regeneron Pharmaceuticals, said the company has been using Kenexa software and services since 2007 to improve recruitment, training and hiring, and increase employee engagement and retention, all of which have played a big part in the company's ability to grow fast and compete against bigger rivals.

"In HR, we want to have a meaningful impact on the business," he said, adding that his department now plays a critically important role in the company's operations and performance.

At a press conference after the session, Mike Rhodin, senior vice president of IBM's Software Solutions Group, said that the impact of enterprise social technologies in collaboration and front-office business processes like HR and marketing amounts to a "generational shift" that is transforming how companies function, and will do so for the next two decades.

Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at@JuanCPerezIDG.

Read more »

WhatsApp could face prosecution on poor privacy

A yearlong investigation by government privacy watchdogs in Canada and the Netherlands identified major weaknesses in the way the WhatsApp cellphone messaging application handled the personal information of its users.

Many of the problems have since been fixed, but Dutch authorities have yet to decide whether they will attempt to prosecute WhatsApp under Dutch privacy law, the two organizations said in a joint statement on Monday.

WhatsApp allows users to exchange messages like conventional instant messaging software, but rather than use screen names the system identifies users by their phone number. When a user signs up, they upload their cellphone's address book to WhatsApp to discover who among their existing contacts is available via WhatsApp.

That method was one of the things that originally drew the attention of the Office of the Privacy Commissioner of Canada and The Dutch Data Protection Authority.

Their investigation found that after uploading the address book and using the data to match existing users, the WhatsApp servers failed to delete the phone numbers of non-users as required by Canadian and Dutch law.

The app was also initially found to be sending messages in an unencrypted form, which leaves them vulnerable to eavesdropping and interception, particularly when sent over an unsecure Wi-Fi network. WhatsApp added encryption to messages in September 2012.

Finally, the investigation found the app was generating passwords for message exchanges based on things like the phone's IMEI (international mobile equipment identity) or MAC (media access control) address. Both are relatively easy to discover, opening the possibility that a third party could send and receive messages in the name of users without their knowledge. WhatsApp has since strengthened password generation, but users need to update their software to benefit from the change.

WhatsApp, which is based in Silicon Valley, could not immediately be reached for comment.

News of the investigation comes as the issue of mobile app privacy is increasingly coming into the spotlight.

In December, the State Attorney General of California launched a prosecution of Delta Airlines for failing to comply with California's privacy laws. California's online privacy law requires commercial operators of websites and online services, including apps, which collect personally identifiable information conspicuously to post a privacy policy. The state attorney general has begun looking at apps that either don't include such a policy or don't make it obvious to users.

But even if a privacy policy is put in front of consumers, many often click the "read and understood" button without looking at it, said Pat Walshe, privacy director at the GSM Association, an organization representing network operators. His organization has published guidelines for privacy by design for mobile phone applications.

"We want consumers to have confidence in the industry and that means a commitment to protect consumer privacy. Industry has to fill in the gaps or policy makers will do it, possibly in an overly prescriptive way," said Walshe.

(Jennifer Baker in Brussels contributed to this report.)

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address ismartyn_williams@idg.com

Read more »

Apple makes good on CEO's promise to expand iPhone 5's 4G carriers

iOS 6.1 patches more than two-dozen security vulnerabilities and adds three-dozen LTE carriers to the supported list for the iPhone 5. Apple today released iOS 6.1, the first major update for the mobile operating system since its September 2012 launch, patching 27 security vulnerabilities and adding three dozen LTE carriers to the iPhone 5's support list.

At the top of Apple's list of improvements was an expansion of the LTE networks compatible with the iPhone 5, a move announced last week by CEO Tim Cook during a quarterly earnings call with Wall Street analysts.

"Next week, we are adding 36 more carriers for LTE support," Cook said Jan. 23. "And these carriers will be in countries that were currently not supporting LTE."

Among the iPhone 5 markets where customers now can connect to an LTE carrier are Denmark, Finland, Greece, Italy, Kuwait, Saudi Arabia, Switzerland and South Africa.

iOS 6.1 also added carriers in countries already served by LTE. In the U.S., for example, the update expanded the list from AT&T, Sprint and Verizon to add Alaska Communications, Bluegrass Cellular and Pioneer Cellular.

A complete list of all iOS 6.1-supported LTE carriers can be found on Apple's website.

Other enhancements in iOS 6.1, according to Apple's typically terse note, included Fandango movie ticket purchases using Siri (U.S. only) and individual track downloads from iCloud for iTunes Match subscribers.

iTunes Match is the $25-per-year service launched in November 2011 that acts like a music storage locker in the sky, storing tracks purchased via iTunes or ripped from CDs in iCloud, then making the library available on all of a user's iOS, OS X and Windows devices.

Prior to today's update, iTunes Match automatically downloaded all tracks in an album, making it difficult to grab just a single tune to place, say, on a storage space-strapped iPhone.

iOS 6.1 also included patches for 27 security vulnerabilities, most of them labeled with the phrase "arbitrary code execution," Apple's way of saying they are critical.

Of the 27 total, 22 were in WebKit, the browser engine that powers Safari in iOS and OS X, as well as Google's Chrome. Not surprisingly, most were reported to the WebKit open-source project, and from that to Apple, by Google security engineers.

Eleven of the WebKit bugs were uncovered by the prolific Abhishek Arya, a Google engineer who goes by the nickname "Inferno."

The update also revoked several digital certificates improperly issued in mid-2011 by TurkTrust, a Turkish "certificate authority," or CA. While Google, Microsoft and Mozilla had previously revoked those same certificates, this was Apple's first move. It has yet to update Safari for OS X to do the same.

Today's update was the third for iOS 6, although the first two were minor refreshes that either fixed a handful of security flaws (November's iOS 6.0.1) or addressed a single issue ( December's iOS 6.0.2).

Owners of the iPhone 3GS, iPhone 4, iPhone 4S and iPhone 5; iPad 2, third- and fourth-generation iPad, and iPad Mini; and iPod Touch fourth-generation and later can retrieve 6.1 over the air by tapping the "Settings" icon, then the "General" tab, and finally "Software Update."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about ios in Computerworld's iOS Topic Center.

Read more »

Winzip 17 adds integration with Box cloud storage

Winzip has been a household name in file compression for two decades. WinZip 17 takes file compression and management to the cloud with Google Drive, SkyDrive, and Dropbox integration--and now a new update is available that adds Box to the mix.

WinZip was a pioneer of the freemium software business model--basically providing the software for free, and relying on the moral compass of customers to pay for the product if it proved to be useful to them. I used to download a wide variety of shareware applications following a similar strategy, but WinZip was the first one I ever felt compelled to actually pay for.

Over the years, hard drive and flash drives have grown exponentially in size, and the cost of storage has gone down, so the need for a file compression utility has declined. However, the rise of photos and videos--which can be massive files--and the desire to upload information to social networks or cloud storage services has brought it back in vogue. It's much easier and faster to upload a 100Mb file instead of a 1GB file.

WinZip has evolved to be a much more comprehensive file management tool than it once was. It still provides file compression, but now it also includes the ability to convert documents to PDF, add custom watermarks to PDF files, and post files directly to popular social networks.

Another advantage of WinZip 17 is that it ties disparate services together. Rather than dealing with your PC, Google Drive, Dropbox, SkyDrive, and Box as separate entities, WinZip 17 gives you a single tool from which to manage all of your data no matter where it's stored.

There are two flavors of WinZip 17, Standard and Pro. The Pro version includes features that strengthen and speed up file encryption, as well as the ability to view photos within a ZIP file without extracting them first, and features that make it easier to transfer and manage photos from supported cameras and mobile devices, among other things.

You can get WinZip 17 directly from the WinZip site starting at $30. WinZip 17 Pro is $50. WinZip offers volume licensing discounts for businesses that purchase the software in bulk. WinZip 17 is only available for Windows (XP or later), but there are versions available for Mac OS X, iOS, and Android as well.

Customers who already have WinZip 17 can download an update to add integration with Box cloud storage.

Read more »

Yahoo's Marissa Mayer looks to new products, mobile to restore company growth

Yahoo CEO Marissa Mayer has identified new products and mobile investments as among several strategies aimed at keeping the company relevant as it tries to compete against the likes of Google and Facebook.

On Monday, Mayer highlighted recently revamped hiring protocols and product launches, such as its redesigned Flickr iOS app and Yahoo Mail, as positive steps for the company, though she stressed that "there's a lot of work still to be done." Mayer spoke on a conference call Monday to discuss the company's mixed results for the fourth quarter of 2012, which showed revenue up but profit down from a year earlier.

"Flickr and Yahoo Mail marked the start of these efforts," Mayer said.

Yahoo will focus on developing or redesigning roughly a dozen products in the months and years to come, each built around people's "daily digital habits," Mayer said.

She cited search, the homepage, finance, sports and news as areas the company would be focusing on, without giving more details.

Yahoo said its three key business challenges going forward are, in order of priority, increasing usage, growing its international presence and appealing to a broader set of users.

Mayer also said mobile products are "incredibly important to our strategy," and that the company is working to make them a substantial part of its business. As part of that effort, the company recently acquired the mobile recommendations app Stamped and the video chat broadcasting app OnTheAir. "This is a nascent source of revenue for us," Mayer said.

Though the company said it does not break out financial performance metrics for its mobile products individually, mobile adoption of Yahoo products grew to more than 200 million monthly unique users in the fourth quarter, the company reported.

Yahoo also reported on its progress toward having at least 50 percent of its engineering workforce dedicated to mobile. Though it is not there yet, the company hired 120 new employees with computer science degrees in the fourth quarter and allocated them largely to new mobile product areas, Mayer said.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Read more »

Google publishes detailed maps of North Korea

Google has published detailed maps of North Korea, based on information entered by users via its online Map Maker tool.

The maps now include details about the ultra-secretive nation including highways and smaller roads, country borders, parks, schools and features such as an amusement park in Pyongyang, the capital. Most of the areas were blank previously, and the information supplements Google's existing satellite imagery of the country.

Google said in a blog entry that the new data was collected via its Map Maker software over several years. The company said that from now on, it will publish approved updates entered using the tool as part of its official Google Maps offering.

"While many people around the globe are fascinated with North Korea, these maps are especially important for the citizens of South Korea who have ancestral connections or still have family living there," wrote Jayanth Mysore, a Google product manager, in the blog.

Earlier this month, Google Executive Chairman Eric Schmidt visited North Korea with his daughter and former New Mexico governor Bill Richardson. The U.S. government was negative about the trip, which was deemed a "personal" visit by the executive, coming just after North Korea's launch of a long-range rocket.

After the trip, Schmidt's daughter Sophie, posted details of the trip online in an account titled "It might not get weirder than this," with details including a visit to an electronic library at a university and Doritos for sale at a supermarket.

Map Maker is an online tool that Google uses to solicit map information from users about certain countries, with the goal of eventually adding it to the official version of Google Maps. The tool can be used to add features such as natural landscape, political boundaries, roads, railways and buildings, although the company usually does not immediately publish the data.

Users are currently able to add information on about 200 countries, which are often places where traditional map data is difficult to obtain. These include locations in many countries in Africa and central America, Afghanistan, Iraq, and even Antarctica.

Read more »

Pentagon to add thousands of new cybersecurity jobs

The Pentagon is planning to expand its cyber security force nearly five fold over the next several years in a bid to bolster its defensive and offensive computer capabilities.

The plan is to add about 4,000 more troops and civilians to the existing 900 personnel in the Defense Department's Cyber Command, the Washington Post reported today citing several unnamed sources.

The planned expansion is in response to growing threats against critical U.S. assets in cyberspace, a defense official told Computerworld on Monday.

"As Secretary Panetta stated in his cyber speech last October, we are faced with an increasing threat of a cyber attack that could be as destructive as the terrorist attack on 9/11," the official said. "The department recognizes this growing danger and is working with a sense of urgency to put the right policies and structures in place to enable us to carry out our role."p>

The official said the Department of Defense (DoD) will work closely with U.S. Cyber Command and the Combatant Commands to develop an "optimum force structure" for dealing with emerging cyber threats.

The goal is to create three separate types of cyber forces each tasked with specific roles and responsibilities. The cyber force structure will include Cyber National Mission Forces, Cyber Combat Mission Forces and Cyber Protection Forces, the official noted.

The national force and cyber protect force will focus on addressing threats to critical infrastructure targets and DoD networks respectively. Meanwhile, the combat mission force will be responsible for planning and executing offensive operations and attacks in cyberspace.

"While the basic cyber force structure model is clear, the implementation plan to achieve it is still being developed and is pre-decisional at this time," the official said.

The planned expansion comes amid heightening concerns about U.S. vulnerabilities in cyber space. Many believe that the U.S. is already in the midst of an undeclared and mostly unseen cyberwar directed against it by unfriendly nation states and well-funded highly organized criminal gangs and hactivist groups.

Countries like China and Russia are well ahead of the U.S. in terms of having cyber forces of the kind that the Pentagon is trying to build up, said Alan Paller, director of research at the SANS Institute. The challenge for the DoD will be to find enough qualified cybersecurity professionals to meet its ambitious expansion plans, he said.

"The key to putting the 4,000 in perspective is that every other critical part of the economy also needs the same people -- banks, power companies, telecom, defense contractors, civilian and state government and hospitals."

But while the hunger for cybersecurity professionals with advanced skills is very real, the supply line is near empty, he said. If the DoD wants to meet its expansion goals it will have to find innovative ways to find talent, Paller said.

He pointed to a recently launched program called Cyber Corps Challenge by New Jersey Governor Chris Christie as an example of the kind of approach the DoD needs to take to find talent. Under the program, the state invited veterans of the U.S armed services and others to take part in a competition for spots in a community college-based cyber security program and six month residencies at banks, the FBI and other organizations.

"China has been running competitions and training programs that work well in every ... district since at least 2003," Paller said. "Russia set up its first advanced school in 1994. We are way behind in quantity and quality."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Read more »