Ashley Bell

As IBM moves to upgrade its cache of social networking tools, some users are taking a cautious approach to the technology while figuring out where it will apply and how to measure its effectiveness. The new 2.5 version software includes micro-blogging, file sharing and new mobile capabilities. Where IT pros do their social networking IBM Tuesday unveiled Lotus Connections 2.5, its upgraded lineup of social networking tools that are a major expansion to the company's suite of collaboration software.

But some of the features are expanding faster than users' plans to utilize the software. The company's manager of messaging and collaboration asked for anonymity because he was not authorized to speak on the record. One Connections 2.5 beta tester, a global consumer product corporation, is taking a deliberately slow approach to rolling out the social collaboration tools. The company started slow with a few hundred users who were only allowed to communicate with each other. At that point, the manager says, the number of users exploded by 650% to a few thousand. The group's size was eventually doubled and then the tools were opened up companywide.

Despite the growth, the company is still "seeding the environment," said the manager, but a broader rollout is planned. We will likely "wind up doing it anecdotally," said the manager. "The things we're struggling with there is that this doesn't match the ROI [metrics that executives] are used to looking at. The harder part to plan is the expected results because the company has yet to figure out how to measure its return on investment. How do you measure, 'we recruited this person because of the [collaboration tool]?'" While results are hard to gauge, the broader, anticipated benefits are being defined in the context of capturing and recording corporate knowledge. The worker could develop a how-to guide for use by others, he said. For example, a certain administrative assistant may routinely be tasked with booking a certain type of event, said the manager.

The manager said it is a good time to ramp up internal communities and knowledge-sharing because as the economy and job markets rebound, workers who may have suffered pay or benefit cuts amid the recession will be looking to move on. "Now is the time to get people to put information in, so you're not losing it on the back of a Post-it note." Follow John on Twitter. -Kanaracus is with the IDG News Service Follow Chris on Twitter.

A dangerous combination of a massive increase in Web server attacks and poor patching practices is a major cause of concern for experts, according to a report issued today by several security organizations. Hackers are after a foothold in the corporate network, to conduct client-side attacks against visitors of the site, but also once they have that foothold, to gain much higher privileges and use those to also steal data." Dhamankar pointed to the recent spread of malware from the New York Times Web site as a perfect example of the alarming increase in server attacks. In a groundbreaking study that matched attack trends with patching cycle data, some conclusions came as a shock, said Rohit Dhamankar, the director of security research at 3Com TippingPoint, which contributed real-world attack information - acquired from its intrusion detection systems - to the report. "The sheer number of attacks against Web servers was surprising," said Dhamankar. "In terms of attack volume, they were almost 60% of all so far this year.

Over the weekend, hackers duped the newspaper into using a malicious ad, which in turn tricked users into downloading and installing fake antivirus software . "The New York Times is a respected brand, and so it's a perfect avenue to infect lots and lots of users," he noted. The report - which can be read on the SANS Institute's Web site - correlated the high number of Web server attacks with another trend: poor patching practices by the Web's highest-profile third-party applications. "Applications that are widely installed are not being patched at the same speed as the operating system," said Wolfgang Kandek, the chief technology officer of Qualys, which contributed its patching data to the study. "For Adobe Reader, Adobe Flash, Sun Java, Microsoft Office, Apple QuickTime, the patch cycles are much much slower than for operating system," he added. Some servers, once compromised, are even attacking other servers to pillage back-end information and to host malware fed to unsuspecting users, said Dhamankar. That's a major problem. "From our point of view, this is a big deal, said Kandek, speaking for security professionals in general. "There are real-life examples, where you can see attackers attacking corporate Web servers, then from there infecting client machines, until eventually a client machine is compromised that has full access to the network. The combination of hacked servers and unpatched client applications is critical. "The lack of patching opens up a huge window of vulnerabilities," Kandek acknowledged. "It shows that patching is crucial." Adding salt to the wound, said Dhamankar and Kandek, is that while users are patching, they're patching the wrong software. Then [attackers] are stealing that corporation's data." "Attackers have realized that patching of these third-party apps is complex," added Dhamankar. "They know that a lot of people are focused on patching operating systems rather than patching applications like Flash or Reader." And thus they dig into the most widely-installed applications, looking for flaws.

While operating systems, particularly Windows, are patched by users and organizations at a relatively rapid - and complete - clip, the number of attacks exploiting OSes has dropped precipitously. "Enterprises are focused on OS patching rather than on application patching," said Dhamankar. "They don't have their resources allocated properly." Putting a stop to the threat trend won't be easy, but it is possible, argued Kandek. "Some enterprises have patching policies in place for third-party applications, and there are industry-standard tools to do this," he said. "The technical solutions are out there. [Third-party] patching could be much better, and I see vendors being pressured to do more to integrate their patching into these tools. "But we've done this before," Kandek continued, referring to the security situation several years ago, when Windows was the main target of attackers. Microsoft beefed up its then-OS, Windows XP, dedicated itself to writing more secure code and pushed customers to update religiously. "That means we can do something about this, too," Kandek concluded.

Microsoft Corp.marketed i4i Inc.'s XML software to potential customers at the same time it planned to drive the small company out of business by infringing on its patent for the technology, according to court documents filed last week. Federal Judge Leonard Davis issued the injunction in August, barring Microsoft from selling Word 2003 and Word 2007 after Oct. 10. The decision came about three months after a Texas jury found that Microsoft had illegally used patented i4i technology to build XML features into its word processing software. In a brief submitted to the U.S. Court of Appeals for the Federal District in Washington, Toronto-based i4i argued that an injunction blocking Microsoft from selling current versions of Word should stand. The jury had awarded i4i $200 million, but Davis increased the amount to just under $300 million when he issued the injunction.

Earlier this month, the three-judge appeals panel decided to stay the injunction while it weighs Microsoft's appeal . I4i filed the patent infringement lawsuit in 2007. The new i4i brief charges that in 1991, "at the same time Microsoft was praising the improved functionality that i4i's product brought to Word, and touting i4i as a 'Microsoft Partner,' Microsoft was working behind i4i's back to make i4i's product obsolete." According to the brief, just days after a 1991 meeting in which Microsoft had sought to find ways to work with i4i, Microsoft executives discussed XML plans for Word that would eventually "make obsolete any competitive attempts by third parties to conquer that market." Microsoft must file its rebuttal to i4i's brief by Sept. 14; the appeals court is slated to hear oral arguments from the two sides on Sept. 23. Asked to comment on i4i's briefs, a Microsoft spokesman said, "We're looking forward to the hearing on the merits of our appeal." This version of the story originally appeared in Computerworld 's print edition.

With three spacewalks behind them, the International Space Station restocked with supplies and a new tank of coolant in place, the space shuttle today Discovery is undocking and heading for home.

The shuttle, set to undock from the space station at 3:26 p.m. EDT, is scheduled to land at Cape Canaveral in Florida on Saturday. But first, after today's undocking, the shuttle craft will move about 450 feet away from the orbiter so the station crew can examine the outside of the shuttle to see if there's any damage. At the same time, the shuttle crew will inspect the space station for any as-yet undiscovered damage.

The fly-around maneuver is standard procedure for every shuttle that undocks from the space station.

After the space station crew checks out the exterior of the shuttle, Discovery's own crew will use its onboard robotic arm, with an attached boom and camera, for one last inspection of the shuttle's heat shields before heading for re-entry with the Earth's atmosphere. Engineers on the ground will examine the images and data to check Discovery's thermal protection system.

NASA has been especially diligent about studying the heat shields since the space shuttle Columbia broke apart on reentry on Feb. 1, 2003. According to NASA, an investigation found that the disaster was caused by a hole in the heat-resistant panels that protected the wing from the high temperatures of reentry.

On Saturday, the shuttle's crew wrapped up the third and last spacewalk of the 13-day mission, installing two GPS antennas, routing avionics cables and installing a payload attachment system.

In the two previous spacewalks, astronauts uninstalled an empty ammonia tank and then installed a new, full tank. The ammonia is used to cool the interior of the space station.

The astronauts also used a spacewalk to move the new Colbert treadmill into the space station.

NASA in April had named the treadmill after comedian Stephen Colbert , who had waged a massive online effort to have the new wing of the space station named after him.

NASA had launched an online poll to choose a name for the new wing, which will house life support equipment, controls for the space station's robotic arm and the new treadmill. Colbert rallied his fans , known as Colbert Nation, to go to NASA's Web site to cast write-in votes for "Colbert" as the new name. The name "Colbert" got more than 230,000 votes - 40,000 more than "Serenity," the top-ranked NASA-suggested name.

Naming the wing Colbert didn't sit right with the folks at NASA so they named the wing Tranquility and named the treadmill after the enterprising comedian.