Lotus user wary of social networking tool rollout

As IBM moves to upgrade its cache of social networking tools, some users are taking a cautious approach to the technology while figuring out where it will apply and how to measure its effectiveness. The new 2.5 version software includes micro-blogging, file sharing and new mobile capabilities. Where IT pros do their social networking IBM Tuesday unveiled Lotus Connections 2.5, its upgraded lineup of social networking tools that are a major expansion to the company's suite of collaboration software. But some of the features are expanding faster than users' plans to utilize the software.

The company's manager of messaging and collaboration asked for anonymity because he was not authorized to speak on the record. One Connections 2.5 beta tester, a global consumer product corporation, is taking a deliberately slow approach to rolling out the social collaboration tools. The company started slow with a few hundred users who were only allowed to communicate with each other. At that point, the manager says, the number of users exploded by 650% to a few thousand. The group's size was eventually doubled and then the tools were opened up companywide. Despite the growth, the company is still "seeding the environment," said the manager, but a broader rollout is planned.

We will likely "wind up doing it anecdotally," said the manager. "The things we're struggling with there is that this doesn't match the ROI [metrics that executives] are used to looking at. The harder part to plan is the expected results because the company has yet to figure out how to measure its return on investment. How do you measure, 'we recruited this person because of the [collaboration tool]?'" While results are hard to gauge, the broader, anticipated benefits are being defined in the context of capturing and recording corporate knowledge. The worker could develop a how-to guide for use by others, he said. For example, a certain administrative assistant may routinely be tasked with booking a certain type of event, said the manager.

The manager said it is a good time to ramp up internal communities and knowledge-sharing because as the economy and job markets rebound, workers who may have suffered pay or benefit cuts amid the recession will be looking to move on. "Now is the time to get people to put information in, so you're not losing it on the back of a Post-it note." Follow John on Twitter. -Kanaracus is with the IDG News Service Follow Chris on Twitter.

Snow Leopard bug deletes all user data

Snow Leopard users have reported that they've lost all their personal data when they've logged into a "Guest" account after upgrading from Leopard, according to messages on Apple's support forum. The MacFixIt site first reported the problem more than a month ago. The bug, users said in a well-read thread on Apple's support forum, resets all settings on the Mac, resets all applications' settings and erases the contents of critical folders containing documents, photos and music.

Users claimed that they lost data when they'd logged into their Macs using a "Guest" account, either purposefully or by accident. Specifically, Snow Leopard's home directory - the one sporting the name of the Mac's primary user - is replaced with a new, empty copy after users log-in to a Guest account, log out, then log-in to their standard account. Reports of the bug go back to Sept. 3, just six days after Apple launched Snow Leopard , or Mac OS X 10.6. Users who said they'd encountered the bug said that they had upgraded their systems from Mac OS X 10.5, known as Leopard. All the standard folders - Documents, Downloads, Music, Picture and others - are empty, while the Desktop and Dock have reverted to an "out-of-box" condition. "I had the Guest account enabled on my MacBook Pro," said a user identified as "tcnsdca" in a message posted Sept. 3. "I accidentally clicked on that when I went to log in. All of doc, music, etc. gone." "Add my parents to the list of people waxed by this bug," added "Ratty Mouse" today on the same thread. "Brand new iMac, less than one month old, EVERYTHING lost. It took a few minutes to log in, then after I had logged out of that account and back into mine, my [entire] home directory had been wiped.

Just as I convinced them to go Mac after years of trying." On the thread, several users urged others to disable any Guest accounts to prevent any accidental data loss. This morning I had access to Guest Account and than all my data were lost!!!" bemoaned someone tagged as "carlodituri" last Saturday. "I had 250GB of data without backup and I lost everything: years and years of documents, pictures, video, music!!! Some people were able to restore their Macs using recent Time Machine backups, but others admitted that they had not backed up their machines for weeks or months. "Just my luck I hadn't made a backup since 11th August," acknowledged "rogerss" on a different support forum thread. "So annoyed now, in the process of restoring from Time Machine, but have lost loads of my work due to this fault." Others users, however, had neglected to back up their Macs. "Nooooo!!! Is it possible to recover something? Some, for instance, wondered if the data loss would be triggered on Macs upgraded to Snow Leopard when the Guest account was simply set to "Sharing only," which is the default. Please help me!!!!" Not surprisingly, users unaffected by the bug were reluctant to attempt to reproduce the problem.

Apple did not respond today to questions about the bug.

Heartland CEO: Credit card encryption needed

Credit card transactions in the U.S. are often not encrypted, and credit card vendors, payment processors and retailers need to embrace an encryption standard to protect credit card numbers, the CEO of a breached payment processor said Monday. Heartland in January announced the discovery of a data breach that left tens of millions of credit card numbers exposed to a gang of hackers. "I now know that this industry needs to, and can, do more to better protect it against the ever-more-sophisticated methods used by these cybercriminals," Carr told the Senate Homeland Security and Governmental Affairs Committee. "I believe it is critical to implement new technology, not just at Heartland, but industrywide." The purpose of the committee hearing was, in part, to determine whether new legislation is needed to fight cybercrime. Credit card numbers are not now required in payment card industry guidelines to be encrypted in transit between retailers, payment processors and card issuers, Robert Carr, chairman and CEO of Heartland Payment Systems, told a U.S. Senate committee. Heartland is pushing for the credit card industry to adopt an end-to-end encryption standard, he said, and the company is deploying tamper-resistant point-of-sale terminals at its member retailers. "Our goal is to completely remove payment account numbers of credit and debit cards and magnetic-stripe data so they are never accessible in a useable format in the merchant or processor systems," Carr said.

The company has also helped to form an information-sharing council for payment processors, where the companies can share information about threats, vulnerabilities and best practices, he said. "We are working on these solutions, both technological and cooperative, because I don't want anyone else in our industry, or our customers, or their customers ... to fall victim to these cybercriminals," he said. Heartland has asked credit card companies to accept encrypted transactions and the company has engaged standards bodies and encryption vendors, Carr said. Carr didn't give details about the Heartland breach, in which the company was compromised for about a year-and-a-half. However, Heartland paid about US$32 million in the first half of 2009 for forensic investigations, legal work and other charges related to the breach, he said. The company remains involved in investigations and lawsuits involving the breach, he said.

Senators asked Carr some pointed questions about the breach. Senator Joe Lieberman, an independent from Connecticut, asked Carr about the extent of the breach. Senator Susan Collins, a Maine Republican, wanted to know how the company could be compromised from October 2006 to May 2008 without discovering the breach. "I was astounded at what a long period elapsed where these hackers were able to steal these credit card numbers," she said. "Explain to me how a breach of that magnitude could go undetected for so long." Card holders were not reporting major breaches, Carr answered. "The way breaches are normally detected is that fraudulent uses of cards are determined," he said. "There was no hint of fraudulent use of cards that came to our attention until toward the end of 2008." Collins pressed him further. "But are there no computer programs that one can use to check to see if an intrusion has occurred?" she asked. "There are, and the cybercriminals are very good at masking themselves," Carr said. In August, Albert Gonzalez of Miami was indicted in New Jersey for the theft of more than 130 million credit and debit cards, according to the U.S. Department of Justice. Gonzalez pleaded guilty last week to separate charges in Massachusetts and New York.

He was charged, along with two unnamed co-conspirators, with using SQL injection attacks to steal credit and debit card information from Heartland, 7-Eleven and Hannaford Brothers, a Maine-based supermarket chain. It's too soon to tell how many credit card numbers processed by Heartland were compromised, Carr said. "We don't know the extent of the fraud at this point," he said. "It's a significant compromise."

The six greatest threats to US cybersecurity

It's not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. From the GAO: "The growing connectivity between information systems, the Internet, and other infrastructures creates opportunities for attackers to disrupt telecommunications, electrical power, and other critical services. But such was the case today as the Government Accountability Office today took yet another critical look at the US federal security systems and found most of them lacking.

As government, private sector, and personal activities continue to move to networked operations, as digital systems add ever more capabilities, as wireless systems become more ubiquitous, and as the design, manufacture, and service of information technology have moved overseas, the threat will continue to grow. " Within today's report, the GAO broadly outline the groups and types of individuals considered to be what it called key sources of cyber threats to our nation's information systems and cyber infrastructures. According to the Director of National Intelligence, a growing array of state and nonstate adversaries are increasingly targeting—for exploitation and potential disruption or destruction—information infrastructure, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. From the GAO: Foreign nations: Foreign intelligence services use cyber tools as part of their information gathering and espionage activities. Criminal groups: There is an increased use of cyber intrusions by criminal groups that attack systems for monetary gain. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites.

Hackers: Hackers sometimes crack into networks for the thrill of the challenge or for bragging rights in the hacker community. Thus, attack tools have become more sophisticated and easier to use. These groups and individuals overload e-mail servers and hack into Web sites to send a political message. Hacktivists: Hacktivism refers to politically motivated attacks on publicly accessible Web pages or e-mail servers. Disgruntled insiders:The disgruntled insider, working from within an organization, is a principal source of computer crimes.

The insider threat also includes contractor personnel. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a victim system often allows them to gain unrestricted access to cause damage to the system or to steal system data. Terrorists: Terrorists seek to destroy, incapacitate, or exploit critical infrastructures to threaten national security, cause mass casualties, weaken the U.S. economy, and damage public morale and confidence. The Central Intelligence Agency believes terrorists will stay focused on traditional attack methods, but it anticipates growing cyber threats as a more technically competent generation enters the ranks. However, traditional terrorist adversaries of the United States have been less developed in their computer network capabilities than other adversaries. Testifying before the Senate Judiciary Committee, Subcommittee on Terrorism and Homeland Security today, FBI Deputy Assistant Director, Cyber Division said that while the FBI has not yet seen a high level of end-to-end cyber sophistication within terrorist organizations, it is aware of and investigating individuals who are affiliated with or sympathetic to al Qaeda who have recognized and discussed the vulnerabilities of the U.S. infrastructure to cyber attack; who have demonstrated an interest in elevating their computer hacking skills; and who are seeking more sophisticated capabilities from outside of their close-knit circles. "In addition, it is always worth remaining mindful that terrorists do not require long term, persistent network access to accomplish some or all of their goals.

The likelihood that such an opportunity will present itself to terrorists is increased by the fact that we, as a nation, continue to deploy new technologies without having in place sufficient hardware or software assurance schemes, or sufficient security processes that extend through the entire lifecycle of our networks," Chabinsky said. Rather, a compelling act of terror in cyberspace could take advantage of a limited window of opportunity to access and then destroy portions of our networked infrastructure.

Mac News Briefs: PDFpen has new OCR engine

SmileOnMyMac Software has updated PDFpen, incorporating Nuance Communications' OmniPage OCR engine into the PDF editing program. SmileOnMyMac lauded the OmniPage OCR engine for its accuracy. PDFpen 4.5 uses version 15.5 of the OmniPage OCR, replacing the Tesseract open-source OCR engine in PDFpen on Intel-based Macs. Beside the new OCR engine, PDFpen 4.5 lets Snow Leopard users scan directly into the application from Image Capture or TWAIN scanners.

The 4.5 update is free for registered users of PDFpen 4.x. The PDF editing application costs $50, with a Pro version available for $100. Both PDFpen and PDFpenPro run on Mac OS X 10.4 and later.-Philip Michaels Typinator features DropBox syncing Ergonis Software released a new version of Typinator, its text-replacement utility. There's also a new text highlighting tool that selects and highlights text in a single action. Typinator 3.6 features automatic syncing with DropBox, a tool for syncing files across multiple machines (and online). Taking advantage of the new capability is as simple as modifying Typinator's preferences to store its settings folder within the DropBox folder. Typinator 3.6 is available now from the company's web site, for €19.95 per single-computer license, or €34.99 for a two-machine license. The updated Typinator also allows abbreviations that begin with a space, features a simplified registration interface, and offers numerous speed and memory usage improvements. The update is free to anyone who bought the application in the last two years.-Rob Griffiths Real Software updates development applications RealBasic and Real Studio 2009, Release 4 shipped Tuesday, adding 97 enhancements and 39 new features to the cross-platform software development tools, according to developer Real Software.

The report editor lets developers visually create a layout for printing by dragging and dropping labels, fields, images, and more. Leading the changes to this latest version of RealBasic is a new report editor, which Real Software says will be included in all RealBasic versions. The editor creates both single- and multi-page reports. The feature lets developers automate the most common functions of building applications without having to write IDE scripts. Real Studio also gets a new build animation feature for its Project Editor.

A complete list of what's new in Release 4 is available on Real Software's downloads page. It supports many formats including AVI, WMV, MOV, MPG, ASF, and DivX. The application automatically provides ideal default settings and offers the flexibility to crop video, set duration, adjust quality, and control many other audio and video preferences. The software maker also provides a video highlighting new features in RealBasic and Real Studio.-PM Macvide announces VideoFlash Converter 2.9 Macvide has announced VideoFlash Converter 2.9, an update of its video-to-Flash conversion utility for Mac OS X. VideoFlash Converter allows conversion of QuickTime-compatible video files to Adobe Flash. Version 2.9 also includes a new Web update and other fixes. VideoFlash Converter gives you the option of creating an HTML file along with the video and lets you customize how viewers see it. You can use the program to have Flash videos play directly in a Web page, not in a new window or separate page.

You can designate that the video start automatically and continuously play when viewers access the page, for example. The software works with OS X 10.4 (Tiger) or 10.5 (Leopard) and is a Universal app. The app also integrates with iWeb. VideoFlash Converter is available for $40 per single license, and can be downloaded from the Macvide Web site.-Jackie Dove Algoriddim releases Djay3 Algoriddim has released Djay 3, a revamped version of its music software application for Mac and iTunes. The program's interface has also been redesigned. It offers a host of new features, including automatic tempo and beat detection, auto-cut scratching, and MIDI support.

With the new version, users can match the playback speed of two songs for a perfect transition. The changes are aimed at making the program easy enough for novices while letting professional DJs do more with their mixes. In addition, the Auto-Cut feature allows users to scratch music in sync with a song's beat and rhythm. Djay 3 costs $50. A free 15-day trial is available from Algoriddim. The software runs on Mac OS X 10.4 or later.-JD