But Wait, There's More

• So is the war in Iraq going to hinder IT spending or not? That's one of the questions that IT vendors and Wall Street analysts are all trying to answer. The answer seems to depend on who you ask and when you ask them. According to a straw poll survey of 100 chief information officers in the United States and Europe, conducted by analyst Steven Milunovich of Merrill Lynch, 17 percent said they would slow their spending after the war started, and 73 percent said they would not slow spending. (The other 10 percent were unsure.) Some 90 percent of those questioned said that a quick end to the war would not cause them to accelerate IT spending. A survey by Duke University that was cited in the Merrill Lynch report found that 67 percent of chief financial officers surveyed just as the war was starting said they were spending cautiously on capital equipment because of the war. Another survey by InfoTech Research Group, a Toronto-based IT market researcher, did a poll of U.S.-based companies, and under 12 percent of those companies surveyed said that the war would impact their IT spending. However, 57 percent of the companies surveyed by InfoTech did say that the war was affecting their IT operations, particularly in the area of security. As InfoTech correctly notes, IT spending is one of the first things that takes a hit when the economy heads south, and the fact that a larger number of IT managers are not saying they will cut back on spending is probably a good sign at this point.
  
  

• At least two computer security groups have reported a security vulnerability in IBM's WebSphere Application Server 4.04 that could leave passwords exposed to hackers. SecuriTeam, a small group in the security scanning company Beyond Security, first reported the WebSphere password vulnerability on its Web site. The vulnerability has to do with WebSphere's weak encryption of the XML configuration file. "If the exported configuration gets into the hands of a malicious user," SecuriTeam reports, "he or she can de-obfuscate passwords easily and can gain access to the password-protected resources." A few days later, the O'Reilly Network reported the same vulnerability. SecuriTeam recommends that WebSphere administrators follow a workaround that involves making sure the configuration file is exported to a directory that is only accessible to administrators, and to destroy the export file after use.
  
  
• According to the latest market research from IDC, worldwide sales of disk storage subsystems declined by 15 percent in the fourth quarter even as server sales diminished. It has always been generally true that server processing and storage capacities tend to be acquired by companies in more or less consistent quantities. The price competition in the server and storage markets is so intense, and the sales mix has shifted toward so-called entry machines (which have more power or capacity than so-called midrange machines of only a few years ago), that both server and storage sales are declining. The mix of richer and fatter file formats, the addition of the Web infrastructure layer to IT organizations, and the increasing use of mirrored disk arrays are all driving storage capacity sales, but the price competition is killing growth and causing declines. IDC said that Hewlett-Packard was the leader in disk storage sales in the fourth quarter of 2002, with $1.372 billion in sales, giving it 25 percent share of worldwide disk array sales, according to IDC. IBM was in a statistical dead heat with HP, with $1.34 billion in sales in the quarter, giving it a 25 percent share as well. EMC, the former industry leader, raked in only $614 million in array sales in the fourth quarter, followed by Sun Microsystems with $297 million, Dell with $287 million, and Hitachi with $258 million. Other vendors accounted for $1.233 billion in sales, and the total market in the fourth quarter came to $5.4 billion. For all of 2002, IDC reckons that $19.954 billion in disk arrays were sold worldwide, with HP getting $5.28 billion, IBM getting $3.994 billion, EMC getting $2.382 billion, Sun getting $1.276 billion, Dell getting $1.086 billion, Hitachi getting $1.069 billion, and others getting $4.867 billion. The market declined by 15 percent, and IBM, with 15 percent growth, and Dell, with 13 percent growth, were the only major vendors to see revenue growth in 2002. HP (including Compaq) saw its disk array sales decline by 14.4 percent, EMC saw a 37 percent decline, and Sun saw its sales shrink by 7 percent.
  
  
• NetIQ, which last year acquired PentaSafe Security Technologies, has announced VigilEnt Password Manager 2.0, the latest release of its password management software for Windows, Linux, and Unix platforms, as well as OS/400. VigilEnt Password Manager uses native login IDs and controls to synchronize passwords across applications on a variety of platforms, allowing users to access all of their applications with a single, universal password. With version 2.0, NetIQ has added new installation features, enhanced support for Windows, and included other administrative improvements. NetIQ says Password Manager works well with VigilEnt User Manager 1.0, a relatively new product that automates the creation, modification, and deletion of accounts, user IDs, passwords, and access privileges across multiple platforms.
  
  
• GMx Solutions has responded to the recently reported vulnerabilities in the Secure Sockets Layer (SSL) security protocol by bolstering the security framework of CM_SAFE, its configuration file management utility for use in Linux and Unix operating environments. With CM_SAFE 1.6, the Tampa, Florida, software company has bolstered the product's security framework. "Because the recent reports of Open SSL vulnerabilities, we have included major enhancements to our communications security layer," says GMx Solutions' chief information officer, Samuel Howard. No details of the new security framework were announced. With a renewed focus on security, the company also touted CM_SAFE's role as a passive intrusion detection tool. With its capability to monitor specific files and file types and report changes, CM_SAFE could provide early warning that a hacker has entered the system. CM_SAFE runs on GMx Solutions' VAPServer appliance and includes a variety of client components that install on several strains of Unix and Linux running on Intel, IBM PowerPC, Sun Microsystems SPARC, and Hewlett-Packard PA-RISC architectures.
  
  
• Manhattan Associates and PeopleSoft formed an alliance last week that will see Manhattan certify its warehouse management software with PeopleSoft's supply chain software package. Manhattan, based in Atlanta, has joined PeopleSoft's alliance program and plans to integrate its warehouse management system, PKMS, which runs on Windows, Unix, and OS/400 platforms, with PeopleSoft's Supply Chain Management, which is supported on Windows and Unix platforms. By integrating their offerings, the two companies expect to offer manufacturers and distributors better coordination among production, order management, and fulfillment processes, as well as an easier upgrade path and reduced integration and maintenance costs moving forward. Manhattan says it expects to qualify to begin interoperability testing with PeopleSoft in the third quarter of 2003.
  
  

Sponsored By STALKER SOFTWARE

COMMUNIGATE PRO MAIL SERVER BY STALKER SOFTWARE, INC. Stalker Software is the technology leader in messaging and provides email solutions for thousands of Telco's, ISP's and corporations worldwide. Our flagship solution, CommuniGate Pro, is a comprehensive messaging solution incorporating high performance, speed, reliability, security and an extensive feature set. It supports over 30 hardware/OS combinations. KEY FEATURES: Anti-spam, Calendaring, IMAP4rev1, ESMTP, POP3, WebEmail, MailList, Central Directory LDAP services and much more. FREE TRIAL: www.stalker.com