H-1B VISA DEMAND AFFECTED BY RECESSION

By D.E.Levine

For years there have been outspoken complaints about the number of H-1B visas requested and issued so that foreign workers can come to and work in the United States.

Demand for those visas generally does fluctuate with the economy and running true to form, this year, when the economic recession is going full force, requests for H-1B visas has dropped.

In April 2008 the U.S. Bureau of Citizenship and Immigration Services (USCIS) had 85,000 available visas and in 5 days (beginning April 1, 2008) received 163,000 applications. USCIS resorted to a lottery system to award the visas.

On April 1, 2009 USCIS began accepting application for 2010 visas. As of April 9, 2009 only 62,000 visa petitions had been submitted.

The applications consisted of 42,000 for the regular 65,000 visas that can be issued. Foreigners with advanced degrees from U.S. universities have 20,000 visa applications set aside for them and has received a sufficient number of applications for those.

USCIS is continuing to accept applications and expect to exhaust the supply of available visas although the recession and cutbacks at IT vendors have reduced demand.

One of the extenuating circumstances that caused the Bush administration to extend the period during which students could work on their student visas was the restriction that foreign students can't apply for H-1B visas until they graduate and graduations are generally in May.

The government has announced that since there is a backlog of foreign nationalists who are in the U.S. already but couldn't get visas a year ago, many of the visas are expected to be issued to them.

Overall though, it's agreed that the H-1B visa program tracks with the broader demand for workers based on the economy.

Additionally, controvery over the visas still remains as groups such as IEEE-USA (formerly the Institute of Electrical and Electronics Engineers) site a significant jump in unemployment rates among U.S. native workers.

Government officials have been talking about proposing H-1B reforms that would require companies to make efforts to hire U.S. workers before bringing in H-1B workers. Controversy remains as officials are undecided whether to include such reforms in overall immigration reforms.

GOOGLE AND YAHOO LAUNCH ELECTION SITES

By J.C.Bishope

Google Inc. and Yahoo Inc. both launched Web sites to cover India's federal elections during April.

Both companies claimed to have taken this action in order to build their brands in India's Internet user community.

Google commented that India has a voting age Internet base of 25 million and many of those were using online sources to obtain election information.

MICROSOFT FINED IN GERMANY

By M.S.Welles

While not agreeing with the decision made by The Bundeskartellamt, Microsoft has agreed to pay a 9 million euro fine ($11.9 million).

The Bundeskartellamt is Germany's competition authority that this month found Microsoft illegally working with a retailer to fix prices of its Office software.

According to German authorities, there were at least two meetings between employees of a German national retailer and Microsoft where they agreed on fixing the resale price of the Office Home and Student 2007 suite

Microsoft acknowledged the meetings but denied that it reflected any ongoing or consistent practice and involved only one retailer.

SALLIE MAE ABANDONNING SET COURSE

By J.C.Bishope

Good news for the current Obama administration as Sallie Mae, the student loan provider, announced a reversal in course policy.

Reston, VA-based Sallie Mae switched about 2,000 IT, operations and call center jobs to India, Mexico and the Philippines in late 2007 and early 2008.

According to Sallie Mae CEO Albert Lord US communities are struggling with job losses due to the economic recession and although a shift back to the US will increase costs by $35 million at Sallie Mae, the provider feels putting the jobs back in the US is important.

There is some speculation, however, that since Sallie Mae is currently fighting student loan changes proposed by President Obama, the lender might want to use the move of jobs back to the US as a bargaining chip with the White House.

FOLLOW THE SUN?

By M.S.Welles

in April talks between Sun Microsystems Inc. and IBM fell through and now there's a great deal of speculation regarding what will become of Sun.

There are several things that could happen. First, Sun could seek another buyer, which might take time and might not result in a purchase, just like the negotiations with IBM.

There are several companies that might benefit by acquiring Sun. Fujitsu Ltd. already makes servers based on Sun's Sparc technology. Cisco, a very successful company, wants to expand into the server market. Hewlett Packard, IBM's top server rival could acquire the company and insure that the technology didn't reach IBM at a future date.

Second, Sun could change it's current management. The question if, of course, who could lead Sun out of it's current problems and into the "sunlight"?

Chairman and co-founder Scott McNealy gave up the CEO job to Jonathan Schwartz four years ago. McNealy is said to be unhappy with the current Sun and considering stepping back in. However, McNealy personally trained Schwartz as his protege, to take over and has always publicly supported him and his strategies.

The third choice is that Sun could decide to make no changes and just keep doing what it's doing.

While Sun expects to release new Sparc systems and new systems based on the Intel Xeon 5500 processor, two problems make that route uncertain. First is the problem of releases that are far behind initially anticipated dates. Second, since the future of Sun is so uncertain, the question remains whether corporate users will be willing to continue buying new hardware from the company.

Many current Sun users have already voiced the opinion that they think the best strategy for them to switch from Sparc machines running Solaris to Linux and X86 machines.

Adding to Sun's difficulties is the economic recession which is making it harder for Sun to compete for server sales.

Analysts and users alike remain expectant for news of what Sun will do and how it will affect their future.

CONFICKER

By D.E.Levine

Conficker.e, an update to the previously release Conficker worm, is downloading and installing Waledac, a noted Trojan horse bot. Additionally, Conficker.e is downloading and installing fake security software.

Waledac bots are rented out to spammers. Spammers then use the infected PCs to send the Waledac.bot to their spam recipients.

The fake security software attempts to provoke users with bogus infection warnings that keep popping up until the user pays $50 for a useless program.

CREDIT AND DEBIT CARD DATE AT RISK

By D.E.Levine

When Representative Yvette Clarke (D-NY) recently stated "I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure", she was stating the well known fact that although the Payment Card Industry Data Security Standard (PCI DSS) will be in effect for four years as of June 30, 2009, the standard's effectiveness is in question due to ongoing security breaches.

The PCI DSS was created by Visa and other credit card companies and was supposed to stop all or at least most security breaches.

However, been major breaches have continued and have continued to attract a great deal of press coverage i.e. thousands of names and private information stolen from Designer Shoe Warehouse (DSW), major thefts of cardholder information at Citibank, and other high profile violations.

Although legislators like Rep. Clarke admit that the security rules have some value and aren't worthless, they state PCI compliance is insufficient to keep companies secure.

In most instances, companies like Hannaford Bros. Co., Heartland and RBS WorldPay received PCI certification just before or just after disclosing large system intrusions.

While credit card companies have the option of dropping companies from their list of PCI-compliant service providers and requesting they become recertified, that action appears ineffective as companies are permitted to continue conducting business and accepting credit cards in the interim.

Retailers who testified at the House hearings held in March 2009 claimed that the PCI rules were developed from the perspective of the credit card companies and do not effectively cover the needs of the retailers expected to follow the rules.

Retailers are required to keep the data in their systems in case of disputes over transactions. That requirement is imposed by the credit card companies, but when breaches occur it is generally the retailer that receives the negative publicity.

PCI supporters insist that when used properly the PCI standard is an effective tool for mitigating threats to credit card data.

According to Bob Russo, general manager of the PCI Security Standards Council which overseas PCI DSS, the breached companies weren't actually compliant with PCI standards when the breaches. occurred.

Russo contended that even certification as PCI compliant represented "a snapshot in time" instead of a "full-length film where the organization is compliant in each and every frame."

Russo's comments were supported by Ellen Richey, Visa's chief enterprise risk officer at the company's Global Security Summit held in early March. Richey also claimed that incidents that receive widespread negative press obscure the substantial progress made on the credit card security front.

Adding that rumors regarding the possible demise of the PCI standard were dangerous to ongoing efforts to protect credit card data, Richey did acknowledge that it's time for security controls to go beyond those now included in PCI.

Pointing to a couple of pilot projects now underway, Richey said that Visa is looking for ways to improve data security.

In one private project, Fifth Third Bancorp is testing the use of magnetic stripe technology to create unique digital fingerprints for each card. Although about 1000 retailers involved in the project haven't been informed of the test, their new readers use data from the magnetic stripe information on the back of the credit card to create a picture which is matched against baseline information during the transaction authorization processing stage.

According to Dan Roeber, vice president and manager of merchant PCI compliance at the bank, even if someone got into the database and made counterfeit credit cards, the "fingerprint" created won't match. He feels that the new technology is an advantage over the currently used end-to-end encryption.

Another pilot project at OfficeMax involves a challenge-and-response technique used to authorize card transactions. The retailer requests certain information from the customer, such as their zip code, three-digit area code or last four digits of their telephone number in order to authenticate the transactions against previously submitted answers.

Although successful thus far and extended at the request of Visa, implementation of the new system requires changes to point-of-sale systems, which is time consuming and expensive.

Ellen Richey, speaking about these pilot programs stated that the new systems aren't ready yet for broad usage but eventually could be used to make stolen credit card data useless at the point of sale.

Richey outlined new efforts by Visa to develop new fraud-fighting tools for consumers, some of which are alert systems usable on mobile devices that send information on real-time purchases to the phones. However, there is sufficient reticence on the part of the smartphone users to supply their private phone numbers, because it's one more bit of private information that can be stolen and misused.

Visa's rep indicated that eventually in the US Visa might adopt the same type of chip technologies that are part of the chip-and-PIN security approaches used in Europe. These systems can assign card-verification values on the fly when transactions are being authorized.

Adopting the chip-and-PIN technologies will require major upgrades to the payment center infrastructure in the US. So far banks and credit card companies have been unwilling to invest in that type of technology.

But according to Rep. Clarke the current payment card security is outdated and it's necessary for the industry to do more now in order to safeguard consumer credit card data.

ANOTHER SOCIAL NETWORK IN CHI.MP

By D.E.Levine and M.S.Welles

With Facebook, Linked, Twitter and a multitude of other social networking sites available free of charge, it's difficult to decide which to use.

Each has it's own pros and cons, and only the individual who sets up and uses the site can decide whether it's worth having. Remember, every site and online identity requires a great deal of time for upkeep and maintenance.

Now we've discovered chi.mp, another social networking free site.

Chi.mp (sounds like chimp) gives you your own domain name and Web space, allowing you to link to other social networking sites and Web feeds and permitting you to post updates, photos and videos.

One added feature is the chi.mp service has a contact aggregator pulling in contacts or friends from all of your other networks and databases. That may or may not be a good thing.

Some people choose to keep certain people on Facebook for social reasons and other people on LinkIn, for professional purposes. Do you want all of your contacts on one site?

The unusual thing is that chi.mp allows you to create multiple personalities or profiles that are displayed to designated contacts. So you may be able to limit your social contacts to your social profile and your professional contacts to your professional profile and keep everything on one site.

This site is probably going to be extremely popular with people juggling multiple social network web sites and profiles because you may be able to manage everything from one site.

Please remember though, recent incidents and experiences have proved that while you may think you are limiting your site to your friends and designated people, once you post something on the Web there's no such thing as privacy.

Recent incidents have resulted in derogatory remarks a job applicant made about Cisco caused the rescinding of a job offer and a lawsuit because a company infiltrated a Facebook private chat where unflattering remarks were made about the company.

MICROSOFT DOMINATES NETBOOKS

By J.C.Bishope

It's interesting that while netbooks started out using the Linux system, Microsoft now has a 96% share of the netbook market.

According to IDC 10 million netbooks shipped in 2009. Linux had a 24% share and Microsoft Windows had the other 76%.

It's estimated that even in a down market 20 million netbooks will ship in 2009. That number is expected to increase by 25% in 2010.

While it's expected that Microsoft will dominate the market there is a possible derailment in the works. The ARM processor is the platform for Google's Android operating system, Canonical's Ubuntu and other Linux distributors.

Netbooks with the ARM processor are expected to hit the market in late 2009. Additionally, the Moblin open source project is focusing its platform efforts on netbooks and mobile devices.

With competition increasing, the Linux-based operating operating systems netbooks could gain a bigger share of the netbook market. However, Microsoft still is richer in developers and applications and to be really competitive Linux will have to gain a larger base of developers.

Another aspect that will influence sales and systems is that as users use more online services without downloading and installing applications on computers, the dynamic of which operating system to buy could change.

It's anticipated that the netbook will be the entry level into the PC market because they're smaller and have smaller hard drives and fewer applications installed.

As someone who uses a netbook constantly while traveling, it will continue to be a remarkably lightweight, small and effective device for professionals.

IBM/LOTUS LAUNCHES FIRST PIECE OF LOTUSLIVE

By M.S.Welles

IBM/Lotus launched the first major piece of its LotusLive online strategy. This is the biggest move yet for IBM/Lotus to deliver collaboration services online to corporate users.

LotusLive Engage is a bundle of services that includes instant messaging, Web conferencing, file sharing and lightweight project management.

Prices vary between $15 to $55 per user depending on which services are used. Engage is only the first part of LotusLive.

IBM/Lotus plans to follow with an online e-mail service based on technology IBM acquired then it bought Outblaze earlier in 2009.

After the e-mail service other services will follow but IBM/Lotus declined to comment on their functionality.

MICROSOFT AND ORACLE TO ISSUE PATCHES

By D.E.Levine

April seems to be a month full of updates and patches. Both Microsoft and Oracle will issue numerous patches for their systems.

Microsoft will release eight updates as part of its Patch Tuesday program, including a fix for an Excel bug that has been used by cybercriminals.

Five of the updates are for Windows, with a single update each for Internet Explorer, Excel and Microsoft's Internet Security and Acceleration server.

Oracle's patches will include 43 security fixes, including 16 patches for the company's flagship database software. Also issued will be 12 vulnerabilities patched in the Oracle Application Server, some fixes for the Oracle E-Business Suite, PeopleSoft and JD Edwards Suite, and for the BEA application server suite.

MICROSOFT DETECTS PHONY SECURITY SOFTWARE

By D.E.Levine

Microsoft has detected two Trojan horse programs masquerading as security software on more than 3 million computers in the last six months of 2008.

Identified as Win32/FakeXPA and Win32/FakeSecSen, Microsoft is not taking the scams lightly.

The company launched eight lawsuits in conjunction with the Washington State Attorney General, in September 2008 aimed at tracking down the perpetrators. Delays in reporting the scams and Microsoft's actions was because instead of separate announcements, the company chose to announce everything in the company's most recent Security Intelligence Report.