Will Yahoo CEO's misstep kill company momentum?

Computerworld - All the momentum and vision that Yahoo CEO Scott Thompson has been building for the struggling company may have been thrown off course.

Yahoo said late Thursday that its board of directors is looking into a discrepancy in the new CEO's resume that likely means big trouble not just for Thompson but for the company that he's been steering since January.

"Resume-padding is the most bush-league of the many dissimulations available to ambitious executives," said Hadley Reynolds, an analyst with IDC. "His enemies must be amazed at their luck in unearthing a public misrepresentation issue that calls Scott Thompson's ethical judgment, professional competence, and basic intelligence into question all at once."

The issue, added Reynolds, may be enough to make Thompson's reign at Yahoo a short one and put an end to his plans for reviving the financially struggling company, that was once an Internet pioneer.

"He can't survive this assault, and the Yahoo board will be left to its own devices once again," he said. "I expect this episode to hasten Yahoo's transition to its alternative future, just not the one Scott and the board probably had in mind."

Thompson's resume and the company's regulatory filings with the U.S. Securities and Exchange Commission overstated his technology background to include a degree in computer science. The company called it "an inadvertent error."

Thompson received a bachelor of science degree in business administration with a major in accounting from Stonehill College in Easton, Mass. However, Thompson's resume claimed that he also held a degree in computer science.

The claim also made it onto Thompson's biography page on Yahoo's site, as well as on Paypal, where Thompson had served as president. His college credentials are no longer on his Yahoo bio.

In statements to the news media, Yahoo called the misrepresentation "inadvertent," but Reynolds is doubtful about that.

"There's no credible way that 10 years or so of public misrepresentation could be inadvertent," he said. "Also, I ... assume that Scott is personally responsible for the accuracy and veracity of Yahoo's SEC filings under Section 302 of Sarbanes-Oxley. If that's the case, he's at least culpable under those regulations for misrepresenting material info pertinent to investors, inadvertent slips in the curriculum vitae or no."

Rob Enderle, an analyst with the Enderle Group, said the issue should result in Thompson's dismissal from the company.

It's common for large companies to have policies that call for the termination of an executive who misrepresents his background, Enderle said. This kind of discrepancy also speaks to the person's ethics, which would call into question his action as leader of a major company, he said.

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

View the original article here

Jury nears verdict in Oracle-Google trial over Android

IDG News Service - The jury has reached a partial verdict in the copyright phase of Oracle's intellectual property dispute with Google, and the judge has given them one more day to try to resolve the remaining issue.

The jury foreman told the court on Friday that the 12-member panel had reached unanimous agreement on all but one of the questions on the verdict form, but that they're at an "impasse" over that final issue.

The verdict form has four questions, each broken into multiple parts. The judge had indicated previously he would accept a partial verdict from the jury, so there was tension in the courtroom Friday when it appeared the jury was about to reveal their decisions.

But after a few minutes of discussion, Judge William Alsup decided there was hope that the jury might be able to agree on the final question after a break for the weekend. They will reconvene on Monday at 8 a.m. to try to complete their deliberations.

The jury didn't disclose which question it couldn't agree on, so the attorneys will have to wait until Monday to find out.

"OK, I'll let you go home and speculate," Alsup told the two legal teams after the jury had been dismissed, getting a chuckle from the courtroom.

Oracle accuses Google of infringing its Java patents and copyrights in Google's Android OS. Google denies any wrongdoing, saying it developed a clean-room version of Java and built Android without using Oracle's protected code.

The trial is being heard in three phases. Lawyers made their closing arguments in the copyright portion of the trial Monday morning, and the jury has been in deliberations ever since. The next phase, expected to start next week, will address Oracle's patent claims, and the final phase will determine any damages it should be awarded.

The jury indicated Thursday evening that they might have reached a deadlock in their copyright deliberations, but the judge told them to keep trying. Just before 1 p.m. Pacific Time Friday, they sent a note to the judge saying they were ready to deliver a partial verdict.

Before the jury entered the courtroom, the judge asked the lawyers how they wanted to proceed.

"They've worked hard, they've asked good questions, and if they have a partial verdict, we should take that," Michael Jacobs, an attorney for Oracle, told the judge. Google's Robert Van Nest agreed.

But after the jury entered, the foreman told Alsup that a minority of the jury had not wanted to send the note saying they had reached a partial decision. Those jurors believed there was hope of resolving all the issues after the weekend.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Adobe patches new Flash zero-day bug with emergency update

Computerworld - Adobe today warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.

"There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message," the Friday advisory said.

Although all editions of Flash Player contain the vulnerability and should be patched, the active exploit is targeting only users of Microsoft's Internet Explorer (IE).

Flash Player for IE is an ActiveX plug-in, the Microsoft-only standard; other browsers, including Firefox and Chrome, use a different plug-in structure.

The update was pegged with Adobe's priority rating of "1," used to label patches for actively-exploited vulnerabilities or bugs that will likely be exploited. For such updates, Adobe recommends that customers install the new version within 72 hours.

Adobe disclosed relatively few details about the vulnerability -- its usual practice -- other than to label it an "object confusion vulnerability," note the Common Vulnerabilities & Exposures ID of CVE-2012-0779, and acknowledge that triggering the bug "could cause the application to crash and potentially allow an attacker to take control of the affected system."

It's unclear how extensive the active attacks are, although Adobe's calling them "targeted" hints at a low volume of attempts aimed at specific individuals or companies.

Today's Flash Player update was the fourth this year -- the latest before Friday was on March 28 -- putting the frequently-patched program on about the same pace as last year, when Adobe issued a total of nine Flash security updates.

In March, Adobe addressed the frequent updating pain point -- at least for Windows users -- by shipping Flash Player 11.2, which uses a silent, background update mechanism. The silent update is supposed to kick in in some situations to automatically patch the plug-in in IE, Firefox, Safari and Opera on Windows without notifying or bothering users.

At the time, Adobe said it would switch on silent updates " on a case-by-case basis," but hinted that the service would primarily be used to distribute patches for zero-day vulnerabilities, such as today's.

Friday, Adobe confirmed that it has, in fact, enabled Flash silent updates for Windows in this instance.

A Computerworld Windows 7 system, however, was not silently updated to 11.2.202.235, the patched version within an hour of booting the PC, the interval the tool uses to check for new updates. Adobe's explanation: It did not begin serving Flash Player via silent update until about 10:30 a.m. PT, after the Windows 7 machine had pinged Adobe's servers. If the silent updater receives no response from Adobe, it waits 24 hours before trying again.

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

View the original article here

Oracle wants ex-Sun CEO Schwartz's testimony barred in Google suit

IDG News Service - Oracle has asked a judge to bar Google from using testimony given by former Sun Microsystems CEO Jonathan Schwartz in the companies' intellectual-property suit over the Android mobile OS, saying it has "no legal and factual predicate."

Schwartz provided some of the strongest testimony for Google in the case so far. Appearing on the stand last week, Schwartz was asked by a Google attorney whether, as CEO of Sun, he had made a decision not to sue Google over its use of Java in Android.

"Yes," Schwartz replied. "We didn't feel we had any grounds."

Oracle acquired Sun early in 2010, gaining control of the Java programming language. It sued Google later that year, claiming Android violated patents and copyrights it holds on Java. Google has denied wrongdoing, saying Android is a "clean room" Java implementation that doesn't violate Oracle's rights. The trial's first phase, which covers copyright liability, began in April and went to the jury this week.

Oracle asked the court to bar Google from referencing Schwartz's testimony during the trial's second and third phases, which will cover Oracle's patent claims and damages, respectively.

"Google's question called for a yes or no answer, but Mr. Schwartz in response volunteered an opinion as to what 'we' 'felt' about the grounds for pursuing litigation against Google over Android," its motion states.

"The question appeared to ask only whether Mr. Schwartz had made a decision not to pursue litigation," Oracle added. "But Mr. Schwartz's answer -- and Google's subsequent use of that answer -- implicates Sun's (now Oracle's) privileged discussions by suggesting that there was an unidentified group of people ("we"), who had made some final decision as to whether to pursue litigation and the strength of those claims."

"What legal grounds Sun's management felt they had or what decisions they were considering is clearly privileged," Oracle said. "Moreover, Mr. Schwartz had no right nor any basis to make such a statement which subjects Oracle to privilege waivers that Mr. Schwartz has no authority to invoke."

Also, "the suggestion that Oracle had decided not [to] sue is clearly against the weight of the evidence presented in this case," Oracle said.

Evidence presented in the trial showed that Sun and Google had discussions following the announcement of Android in 2007, that those talks went on after Oracle bought Sun, and that Google officials considered buying "all the rights to Java" from Sun in order to ward off lawsuits, according to the filing.

If Oracle had decided to rebut Schwartz's testimony at the time he made it, that would have placed the company "in the quandary of having to decide whether to waive privilege on the spot," Oracle added. "If Google is allowed to rely on this testimony, and the jury is allowed to believe that it matters, the trial will divert into an irrelevant sideshow over Mr. Schwartz's subjective state of mind, instead of Sun's affirmative acts.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Less than half of Facebook, Google users understand sites' privacy policies

IDG News Service - Most users of Facebook and Google had fundamental gaps in understanding, even after reading privacy policies, about how the websites handled their information and how other Web users could discover it, according to a study released by the digital branding firm Siegel+Gale.

Users understood the privacy policies less well than they did government documents or bank card agreements, the study said. They earned comprehension scores between 35 and 40 out of 100 for both policies. The survey asked just over 400 people to read the companies' policies and then answer questions about them online.

"We forced users to pay attention to this, but even through forcing them to pay attention, they still couldn't understand what was in these privacy policies and were failing to grasp the basic information that was supposed to be communicated," said Brian Rafferty, global director of insight at Siegel+Gale.

The study is hardly the first to find that users are uneasy with how much of their information becomes public through their use of websites and mobile applications. It is among a growing body of research demonstrating the ineffectiveness of privacy policy statements as a way to keep users informed about how their data is used.

After reading the policies, just 23 percent understood that their Google+ profile is visible to anyone online. Just 30 percent knew that even with the strictest privacy settings activated, their Facebook user names remain public.

The study also pointed to problems with Google's efforts earlier this year to notify users that it was consolidating the privacy policies for its diverse services. Less than half of users understood that the company's privacy policy related to their use of YouTube and Google Maps.

A Google spokesman called the company's user education campaign "the most extensive notification effort in Google's history."

The study suggests that informing users within the app or website how their information is being shared is a better way to safeguard privacy.

Justin Brookman, director of the Project on Consumer Privacy at the Center for Democracy and Technology, agreed.

"Privacy policies are not a great way to inform users," he said.

"When I'm trying to figure out a privacy question on Facebook, I go to the help center or FAQs or whatever it is," Brookman said. "I don't ever go to the privacy policy. Same thing with Google."

Brookman pointed out that both Google and Facebook have begun including more intuitive notification methods.

A Google spokesman pointed to those features, and said its "privacy center, published FAQs, Help Center articles, Good to Know website andA in-product notifications help explain what data we collect, how we use it and how people can manage their information."

Facebook has also moved toward including more information about how users' information can be accessed. The company did not respond to a request for comment.

Cameron Scott covers search, web services and privacy for The IDG News Service. Follow Cameron on Twitter at CScott_IDG.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here