Daily Archives: August 2, 2006

OpenTV CTO Defects to Google

Vincent Dureau, CTO at OpenTV, has joined Google.

In a press release issued by OpenTV earlier today, the company, a leading vendor of IPTV-enabling technologies and services, announced “a series of management moves to align the company’s senior management team with its business focus.”

At the top of the list was news that Dureau, 46, had “accepted a senior engineering role with Google Inc.” There’s no word yet from Google as to what Dureau will be doing at his new corporate home, but Google had been aggressively recruiting IPTV engineers earlier this year, looking for candidates with experience in content management systems, user interface development for content-rich applications, cable and IPTV headend systems, and embedded digital-video technology.

Google serves streaming video today, but IPTV would give the company a full-fledged interactive platform.

As CTO at OpenTV, Dureau had been responsible for developing the company’s key technologies and helping establish worldwide business relationships to deliver integrated IPTV solutions to content and service providers. He had been with OpenTV since the company’s inception in 1995, and was directly responsible for building its engineering organization.

Interestingly, Dureau had taken a leading role in the development of OpenTV’s advanced advertising technologies. He published a white paper last year titled, “Addressable Advertising On Digital Television.”

In the abstract for that paper, he wrote:

We believe that addressable advertising, where specific video ads are targeted to specific audiences will become central to advertising on digital television within the next 5 years. In this paper, we are demonstrating that advertisers will be ready to pay premium rates to cable operators who can demonstrate increased efficiency of their advertising network through targeting. We also describe the impact of deploying addressable advertising on the infrastructure and operation of a digital television network.

Looking into the very near future, we describe how other forms of advertising, including telescoping and interactive advertising will complement addressability on digital television networks.

I have a feeling we’ll be hearing a lot more from Google regarding IPTV and interactive video advertising.

McAfee Cuts Channel Jobs, Focuses on SMB Markets

In a move that was to be announced today, but hasn’t been mentioned on the company’s website or elsewhere, McAfee will slash about 25 jobs from a group that deals with channel sales to large enterprises.

According to an anonymous company representative cited in a brief article on CNET’s News.com, the cuts are part of McAfee’s strategy to focus its efforts increasingly on channel partners in the SMB space rather than on those serving larger enterprises.

Nearly all of McAfee’s sales go through channel partners, so this move says a lot about where McAfee believes it can compete most effectively.

Microsoft’s Targeted Security Acquisitions to Continue

Since 2003, Microsoft has made six security-related acquisitions, nearly all of them involving small companies with classes of products and technologies that Microsoft could not built fast enough on its own.

Microsoft isn’t done yet. A CNet News.com report quotes a UK-based Microsoft security manager, who says pinpoint acquisitions combined with organic growth will continue to be a mainstay of Microsoft’s security strategy.

Said Gopal Kutwaroo, Microsoft’s UK security product manager:

"Our strategy is clear. We don’t do point solutions, but are trying to create integrative services, with products and solutions that work right across the computing environment. . . . Acquisitions are locked into building our capability. There’s an appetite for (fitting) the right part into the (existing) bed of technology."

All of which means that more security acquisitions by Microsoft are pending, but don’t expect any blockbusters. Microsoft believes it can get more value, and a quicker return on its investment, by acquiring smaller concerns with unique technological capabilities that can be easily assimilated into the Microsoft’s engineering culture and whose products can be incorporated quickly into Microsoft’s solution offerings and channel programs.

It’s difficult to argue with the approach, given that security is one area where Microsoft has made considerable progress in the last three years. The company’s acquisitions of FrontBridge (messaging security, content filtering, and archiving services), Sybari (customizable antivirus, antispam, and content-filtering system), GECAD (antivirus engine), and GIANT (anti-spyware) all have contributed to and made their way into Microsoft security products for consumers and enterprises.

In short order, recent acquisitions of SSL VPN vendor Whale Communications and Winternals (system recovery and data protection) will make similar contributions. There’s no reason for Microsoft to stray from an acquisition mode, or a larger strategy, that seems to be working, enabling the company to assemble a security portfolio that has market incumbents Symantec, McAfee, and Trend looking to diversify their offerings and reallocate many of their resources.

It’s anybody’s guess as to what security properties Microsoft will buy next, but I wouldn’t be surprised to see it acquire a VoIP-security specialist and a company involved in Web-services security.

AOL Breaks Down Walled Garden; Is It Too Late?

After providing plenty of preliminary notice that such an announcement was forthcoming, Time Warner’s AOL unit officially announced today that it will make its email, instant messaging, security software, and other services free of charge to anybody with a broadband connection.

It’s a belated attempt by Time Warner to breathe new life into its online advertising business, currently a distant fourth behind Google, Yahoo, and Microsoft’s MSN. Not everybody is convinced that will make an appreciable difference, with many market analysts suggesting that it’s a case of too little, too late.

AOL says it wants to migrate all of its remaining dial-up subscribers broadband Internet connection, and it also wants to drive more broadband traffic to rich multimedia content, such as streaming video, the resides on AOL.com. Interestingly, though, AOL will continue to offer and sell its dial-up access service, but it will no longer market it aggressively.

That seems like a mistake. What AOL ought to do, I believe, is give its installed base of 17.7 million dial-up subscribers — down from 20.8 million a year ago and from 35 million at the pinnacle of its popularity in 2002 — early warning that it will be shuttering its dial-up business within six months. That will give customers plenty of time to find a new access provider, offering either broadband or dial-up services; and it will allow AOL to focus resolutely on drawing broadband traffic to its site to boost ad-generated revenue.

AOL needs focus. It says it will introduce a variety of new products over the coming weeks, including personalized e-mail domains, video-search services (including searches of Google and YouTube video databases as well as its own), and additional security-related services. It will have to keep moving in that direction, providing innovative services the clearly differentiate it from Yahoo, Google, and Microsoft.

I doubt that it can win that battle with the old dial-up business along for the ride.

Security Vendors Stoke VoIP Fears at BlackHat

Tomorrow and Friday in Las Vegas, TippingPoint’s David Endler and SecureLogix’s Mark Collier will make a presentation at the BlackHat conference demonstrating how VoIP systems, such as IP PBXes from Cisco and others, can be breached and hacked.

Based on what I can discern from a BusinessWeek article on the basic theme of their argument — VoIP systems are as susceptible to attacks as any other Internet-based application — Endler and Collier are not saying anything that isn’t true. The exploits mentioned in the article, and which will be covered in their presentation at BlackHat, are widely acknowledged by the cognoscenti in the VoIP-security community.

So, if these threats exist, you might ask, why haven’t we seen and heard a greater number of news reports about them? Well, it’s primarily because not many of these exploits have occurred outside the confines of meeting rooms at security conferences. True, a small number of incidents have occurred, and one is mentioned in the BusinessWeek article, but, at this juncture, VoIP attacks and hacking aren’t widespread and won’t be for some time.

While email, instant messaging, and Web traffic ride across an all-IP Internet, that isn’t true for the vast majority of traffic traveling to and from an enterprise IP PBX.

Typically, because the vast majority of the world doesn’t own an IP phone or an IP PBX, most calls that originate from an enterprise PBX today don’t traverse an all-IP network. Most of the time, a voice session initiated from within an IP PBX-equipped enterprise will travel through a gateway that converts it into a call that can travel across the PSTN and be received as a regular POTS call on a landline telephone. Conversely, calls from outside the enterprise typically are converted from the PSTN into IP packets that can be handled by the enterprise IP PBX.

Notwithstanding vulnerabilities inherent in the Session Initiation Protocol (SIP) or in proprietary protocols that have been used by Cisco, Avaya, and others, VoIP hacking can only occur on and across IP networks. Once the calls enter the PSTN, they’re no longer composed of IP packets, they’re no longer running on an IP network, and they are impervious to nefarious parties and tools that reside on IP networks.

Until carriers and their enterprise customers move their voice networks overwhelmingly to IP, we aren’t going to see a shockingly high number of the exploits Endler and Collier will be presenting and demonstrating at the BlackHat gathering in Las Vegas. Most voice communication today isn’t on the Internet, so it isn’t vulnerable to the same range or intensity of exploits that have been so deleterious to email and other types of IP-based communication.

Telephony will make the switch to IP networks eventually, of course, and we’ll all have to do a far better job securing and protecting VoIP traffic than we’ve done with email. One would hope that many of the mistakes made with other IP-based applications won’t be made again as VoIP adoption grows. Experience is a good teacher, and you’d think we’ve learned a few things from our struggles with spam, viruses, worms, trojans, and other Internet-borne threats.

In that regard, security companies need to be responsible about the content and tone of what they present, whether at BlackHat or in any other forum.

By representing a theoretical, though looming, threat as something that is a ubiquitous real-world danger, security vendors do the industry and the user community a disservice. Prospective VoIP adopters come away more frightened than enlightened, more fearful of the future than hopeful of it, and perhaps more conservative about how quickly they roll out services that not only could be secured effectively, but that have the potential to bring new types of real-time communication and greater productivity to their employees.

Security vendors need to put these VoIP exploits and vulnerabilities into the proper context while offering a fuller, more honest perspective. Scare tactics are irresponsible and unbecoming, even for security companies.