Unisys service uses the cloud to manage mobile devices

Unisys is introducing a new service on Wednesday that will allow its customers to better manage, secure and support mobile devices carried around by employees, company executives said on Tuesday. CIOs are concerned about corporate data "roaming the streets," he added. Staff now expect to use their choice of devices anytime and anywhere, and this causes problems for CIOs around cost, the cost of support, and the security of applications and data, said Tony Doye, president of Unisys' Global Outsourcing and Infrastructure Services group, in a telephone interview.

The service framework for the new end-user productivity services will support Windows Mobile phones and BlackBerry devices, with support for the iPhone and other devices available in later releases. Some early-adopter customers, mainly in Central Europe, are already using the mobile-device management framework, he said. Currently organizations generally manage devices with specific technologies that only work with a specific platform, rather than with a consistent framework across a variety of devices, said Sam Gross, Unisys' vice president for global IT outsourcing solutions. The framework is managed by Unisys for customers, and the management and support of the devices is also done from the company's services delivery centers around the world, he added. Unisys is also offering access to standard office suites by subscription through a service called Virtual Office as a service from the Unisys Secure Cloud.

The new service will enable CIOs to reduce end-user costs by providing support for different devices, desktop PCs, applications and mobile data access through a mix of traditional, virtualized and secure cloud-based service delivery models, Unisys said. The Unisys Secure Cloud has technology that protects both data in mobile devices and in storage, using a combination of encryption and dispersion of data. "The model that we are delivering is server-side virtualization services, and in this situation the data never ends up on the end-point," Gross said. Unisys' Unified Communications as a Service, also delivered through Unisys Secure Cloud, offers Microsoft Exchange, Microsoft Office SharePoint Server and Microsoft Office Communicator applications in a multi-tenant environment. Unisys is also offering generic services such as the ability to destroy the image on a device if it is reported lost, he added. Besides offering these productivity applications, customers can also provide their employees with access to other applications running at the company, through the Unisys cloud, Gross said.

Indian ban on spurious mobile phones found inadequate

The Indian government has asked mobile service providers not to allow calls on their networks from mobile phones without proper International Mobile Equipment Identity (IMEI) numbers from Dec. 1, citing security reasons. The IMEI number is used by GSM (Global System for Mobile Communications) networks to identify mobile devices. The order, however, has a glaring loophole as it does not provide for the blocking of calls from phones that use "clone" IMEIs, said Pankaj Mohindroo, national president of the Indian Cellular Association (ICA), a trade body that represents mobile handset makers and other mobile technology vendors. It is used by operators to block a stolen phone from using the network.

The Sept. 3 order from India's Ministry of Communications & IT only refers to phones that have no IMEI numbers or have a sequence of 0s in place of the IMEI number, or "non-genuine" numbers that are not, in fact, IMEI numbers. Clone IMEIs are those that have been issued to registered handset vendors but have been copied on to phones of dubious origins, Mohindroo said. ICA has told the government that handsets that have clone IMEI numbers should also be banned in the interest of security, Mohindroo said. A large number of mobile phones that are sold in India are either spurious or unbranded, often sold at low prices without bills or warranty. The use of mobile phones without proper IMEI numbers is seen by the government as a threat to the country's security, as terrorists have been found to use mobile phones extensively. A large number of consumers have bought these phones because of their low prices.

In a letter to service providers in April, the Ministry of Communications & IT recognized that some of the users of phones without proper IMEIs were "genuine innocent subscribers." Using software would be a far more attractive option than to have to throw out the phones, said Sridhar T. Pai, CEO of Tonse Telecom, a firm that researches the telecom market in India. The government approved earlier this year a Genuine IMEI Implant (GII) proposal from service providers that programs genuine IMEI on mobile handsets. Pai added that he had not evaluated the software yet. Operators have delayed implementing the ban because customers are their key assets and they will not do anything that will upset these customers, Pai said. Banning of the use of phones without adequate IMEI numbers has been delayed because of lack of clarity from the government and also because of a slow response from service providers that had earlier been ordered to block calls from phones without proper IMEIs from July 1, according to analysts.

The Cellular Operators Association of India, an association of GSM mobile operators, was not available for comment, but an official said in private that its members would be able to meet the Dec. 1 deadline. Phones with fake IMEI numbers are to be detected by reference to the IMEI database of the GSM Association (GSMA). The database of the GSMA will be able to detect fake IMEIs, but will not detect phones that have clone IMEIs, unless there is also a device management program that reveals the specification of the device, Mohindroo said. The Sept. 3 government order has expanded the ban to include mobile phones that have fake IMEIs, besides phones that have no IMEIs or a string of zeros in place of the IMEI. It has ordered service providers to make provisions in their Equipment Identity Register (EIR) so that calls from phones from all three types of defaulting phones are rejected from Dec. 1 by the networks. The EIR will then have to check whether the IMEI matches with the original device to which the number was issued, he added.

China's Alibaba expects India joint venture this year

Top Chinese e-commerce site Alibaba.com aims to announce an Indian joint venture this year as the company expands its global footprint, it said Friday. A deal in India, where Alibaba.com recently surpassed 1 million registered members, would be the latest in the site's efforts to grow abroad. "I've got a lot of confidence in India," said Jack Ma, CEO of Alibaba Group, the parent company of Alibaba.com. Alibaba.com is in talks with an Indian reseller about forming a joint venture, CEO David Wei told reporters at a briefing.

Alibaba.com is a platform for small and medium businesses to trade everything from lumber and clothes to iPods and PC components. Alibaba.com already works with Indian publishing company Infomedia 18, its likely joint venture partner, to promote its platform in the country. Its main member base is in China, but the site also has 9.5 million registered users in other countries and facilitates many cross-border trades. The site also has a joint venture in Japan and recently launched a major U.S. advertising campaign to attract more users there. Ma said Alibaba knows it needs to "do something" in Latin America as well. Ma and other top Alibaba executives visited the U.S. early this year for meetings with potential partners including Amazon.com, eBay and Google.

When asked if the company would also seek to expand in Eastern Europe, Ma said, "I will be there." Alibaba will not hold a majority stake in joint ventures it forms, instead taking a share similar to the 35 percent it has in its Japan operation. "Our global strategy means partner with local people," Ma said. "We want partners and we want partners to control their business." Users place total orders of more than US$200 million each day on the Alibaba.com international platform, Wei said. About 50 percent of those orders go to Chinese exporters, he said.

Researchers slam fickle iPhone anti-fraud feature

The iPhone's new defense - meant to prevent users from reaching phishing sites - is inconsistent at best, a security researcher said today, with some users getting warnings about dangerous links, while others are allowed to blithely surf to criminal URLs. Other experts said that the fickle feature is worse than no defense at all. But according to Michael Sutton, the vice president of security research at Sunnyvale, Calif.-based Zscaler, the new protection is "clearly having issues." At first, said Sutton, the anti-phishing feature was simply not working. "It was blocking nothing," Sutton claimed after testing iPhone 3.1's new tool Wednesday against a list of known fraudulent sites. Apple quietly added an anti-fraud feature to the iPhone's Safari browser with the update to iPhone 3.1 , released Wednesday.

By Thursday, things had improved, but just barely. "Yesterday, it started blocking some sites, for some users, but it was inconsistent. Apple relies on Google 's SafeBrowsing API (application programming interface) for the underlying data used to build anti-phishing and anti-malware blocking lists for the desktop edition of its Safari browser. Some sites are being blocked, others are not." That led Sutton to believe that the feature's functionality wasn't the issue, but how Apple updates users with a "blacklist" of malicious sites. Other browser makers, including Google and Mozilla, also use SafeBrowsing. "It appears some iPhones are getting timely updates [from Apple], but others are not, or are getting different [block list] feeds," Sutton said. "I'm feeling better about the feature than I was Wednesday, but clearly Apple is still have issues. URLs that are blocked by Safari in Mac OS X open and direct users to malicious pages [on the iPhone]." Like Sutton, James reported inconsistencies in the anti-fraud feature's effectiveness. "All we've come up with is that sometimes it works and sometimes it doesn't," said James. "This is clearly more dangerous than no protection at all, because if users think they are protected, they are less careful about which links they click." The new feature is turned on by default in iPhone 3.1; the option to turn it off is in Settings/Safari/Security, and is listed as "Fraud Warning." Sutton, although willing to concede that Apple overall is improving its security track record, bemoaned the state of mobile security in general, and the iPhone's in particular. "The greater concern to me is that we're making the same mistakes in mobile that we made on the desktop," he said. "On the desktop, security has gotten slowly better, but [with mobile] we have a fresh start. With the [media] coverage of the problem, maybe they're resolving it, or trying to." On Thursday, researchers at Intego, a Mac-only antivirus vendor, echoed Sutton's findings. "This feature should warn users that they may be visiting a known malicious Web site and ask if they wish to continue," said Peter James, a spokesman for Intego who writes the company's Mac security blog . "However, we have extensively tested this feature, tossing dozens of phishing URLs at it, and it simply does not seem to work.

I would have thought we would have learned from our mistakes, but there's virtually no protection in mobile browsers." According to research conducted by NSS Labs, which was hired by Microsoft to benchmark different desktop browsers' ability to block malware-laden sites, Safari in Mac OS X and Windows blocked only one-in-five malicious sites . Internet Explorer and Firefox, meanwhile, blocked 80% and 27%, respectively. Last month, NSS Labs attributed the disparities between Firefox, Safari and Google - all which use SafeBrowsing as the basis for their blacklists, to differences in how each browser tweaked, then applied, the lists. Google's Chrome blocked a paltry 7% of the sites.