Spearphishing. The deluxe (but easy) way to get unwary employees to put malware on your network. It's basically the same as phishing, except more targeted. That is, a plain phishing scam might offer an unwary web-browsing employee a chance to see a famous starlet naked, while a spearphishing attack might purport to be an urgent request from your Bizzaro County office for 200 Kg of Unobtainium Oxide. Open that email, and... ZAP! So this is social hacking (cracking for the old-timers), and cannot necessarily be fought entirely by technical means. So how about setting up fake spearphishing attempts and immediately sending employees who fall for them to an IT security class with an emphasis on how to avoid phishing scams? You can do this yourself, possibly with help from a bright person or two from a nearby University. Or you can contact PhishMe or another anti-phish training company and have them help you teach spearphishing awareness to your people. Either way, every computer-using person in your company should know about phishing -- and should know how to avoid getting hooked by phishers.

alphadogg writes "Microsoft's $2 billion loan to Dell is a sign that the software maker wants to influence hardware designs in a post-PC world while protecting itself from the growing influence of Linux-based operating systems in mobile devices and servers, according to analysts. As the world's third-largest PC maker, Dell is important to the success of Microsoft's server and PC software. Even though Microsoft's loan does not represent a big part of the total value of the transaction, the software maker does not throw around money lightly and its participation in the deal might be an attempt by the software maker to influence hardware designs in the post-PC world of touch laptops, tablets and smartphones, analysts said. It may also be an attempt to secure the partnership and to stop the PC maker from looking toward alternative operating systems like Linux, analysts said. Dell offers Linux servers and in late November introduced a thin and light XPS 13 laptop with a Linux-based Ubuntu OS, also code-named Project Sputnik. Major PC makers in recent months have also introduced laptops with Chrome OS." HP has released a statement in response to the deal which talks about how Dell "faces an extended period of uncertainty and transition that will not be good for its customers." Perhaps they're right; HP is certainly familiar with such a situation. However, it's likely Dell is simply hoping to avoid the same struggles HP has faced over the past several years.

HerculesMO writes with word that "Looks as though Mozilla is considering using H264, one step closer to unification of a single protocol for video encoding. It's a big deal for HTML5 traction, but it still leaves Google holding onto WebM." The article, though a bit harsh on Ogg Theora, offers an interesting look at the way standards are chosen (and adopted by the browser makers).

Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

lgmac writes "A new survey on the results of Enterprise use of virtualization shows that the process is seeing wide and appreciative use. Technical hurdles are obviously the biggest problem facing corporate IT shops. Just the same, political squabbles among IT staffers fighting for turf after being forced to work together in new ways seems to be a going concern as well. 'Technical woes rank higher--to be expected when CIOs deploy a new technology such as virtualization. However, the politics pain many of you. Remember, virtualization not only asks people to cede some control over their physical server kingdoms, but also asks IT experts from different realms to work more closely together.'"

Snarfed has an interesting review on Gmail vs Pine. From the article: "I've used Pine as my email client for, well, pretty much forever. I use it because it's fast, powerful, stable, and very keyboardable. (I hate the mouse.) However, since I work at Google, I'm constantly bombarded with people who ask me why I don't use Gmail. After hearing the nth person brag about how much it increased their productivity, I finally broke down and tried it. I didn't expect much, since I've never liked web-based email clients. However, I made myself use it as my only email client, for a month, to give it a fair shot."