Dr. Oliver Williamson may not be a household name in IT outsourcing circles, but a consortium of academics is hoping to change that. Williamson, professor emeritus of business, economics and law at the University of California-Berkeley, won the Nobel Prize in Economics in 2009 for his examination of economic governance. Some outsourcing researchers say his lifelong study of transactional cost economics—the practice of accounting for the total costs of a contract, both obvious and hidden—contains valuable lessons for anyone engaging in outsourcing today.

Kate Vitasek, a faculty member in the University of Tennessee’s Center for Executive Education and author of Vested Outsourcing: Five Rules That Will Transform Outsourcing, along with three other academics culled Williamson’s work for lessons on improving performance, reducing costs and increasing satisfaction when outsourcing. 1. Build cooperation into the contract.

In an article on transaction cost economics and outsourcing management, Williamson wrote that “efficiency gains from trade go back to when our ancestors traded nuts for berries on the edge of the forest, [in] which exchanges were both transparent and simple.”

Modern outsourcing relationships, by contrast, are manifestly more complex. But Williamson maintains that additional gains can be realized if the outsourcing customer and supplier create processes to preserve cooperation throughout the life of the deal. For example, outsourcing partners should ask, “What’s in it for we?” instead of “What’s in it for me?” says Vitasek. “Don’t just say ‘win-win’. Contract for a ‘win-win’.”

2. Factor in hidden transaction costs.

No outsourced project ever costs what it purports to in the contract. In fact, the dotted line and the bottom line can be pretty far apart. Figuring out what an outsourcing deal will actually cost in the long run is tricky, but crucial.

“Every contract structure and relationship, especially in a vested, collaborative partnership, should account for risk, asset specificity, frequency and work to be done,” Vitasek says, “or else it’s not much of a contract.”

One-sided contracts that push all the risk on either the service provider or the customer will cost more in the long run.

3. Use the contract as a framework, not a weapon.

Outsourcing customers—particularly those who’ve been burned before—may be tempted to create an overly detailed contract to cover every possible contingency. That’s a mistake, according to Vitasek’s interpretation of Williamson, not to mention impossible.

“It limits innovation and encourages finger-pointing when there is inevitable scope creep and changes,” Vitasek says. “Instead of trying to guess about the future, it is better to indicate an outline of the work to be done and provide recourse for ultimate appeal. For work yet to be determined, focus on the process and tools to be used, not on the work to be done.”

4. Make end-of-life arrangements early.

Outsourcing partnerships can’t last forever, so it’s constructive to plan for the end early on. With “feasible foresight,” Williamson wrote in the Journal of Supply Chain Management in April 2008, an outsourcing customer can mitigate the effects of a defection from its services provider.

“It is important to recognize that business relationships may need to change due to changes in the market, and for this reason, contracts need a well thought out exit management plan,” says Vitasek. “Practitioners should clearly identify the costs associated with terminating a contract [and] create safeguards in the contract that are fair and equitable in terms of keeping either party whole in the event that a contract needs to be terminated prematurely.”

5. Create a shared vision statement.

If you can identify strategic points of alignment with your outsourcer, you will minimize additional transaction costs over the life of an IT services deal. Vitasek advises creating a shared vision statement to guide the relationship. She also recommends developing pricing models that reward service providers for achieving joint goals.

6. Play nice (but not too nice).

Sure, you can strong arm your supplier at the negotiating table—or be strong-armed—but either style of contracting will come back to bite you. Organizations that use what Williamson calls “one-sided muscular contracting” to gain advantage over an outsourcer will see only short-term gains, says Vitasek.

“[They] will ultimately face higher market costs and transaction costs from switching or transitioning suppliers, or from suppliers being forced to use conventional negotiations to put in myopic and costly contractual provisions and behaviors that simply drive up hidden costs.” Williamson also warned against “idealistic benign contracting,” which assumes that most people will do what they say—and some will do more—most of the time.

The Nobel laureate recommends a middle ground of “credible contracting,” which he describes as more “hardhearted wise” than its extreme alternatives. Credible contracting is “also flexible enough to acknowledge that complex contracts, by their very nature, are incomplete and thus require cooperative adaptation,” Vitasek says.

7. Always leave money on the table.

Most outsourcing customers and suppliers assume that leaving money on the table is, at best, wasteful, and at worst, foolish. Not so, says Williamson. Hard bargaining negotiations to get to the lowest possible price actually cost both the customer and the provider in the long run.

“Successive ploys and counterploys of this kind could plainly jeopardize the joint gains from a simpler and more assuredly constructive contractual relationship,” wrote Williamson. “Always leaving money on the table can thus be interpreted as a signal of constructive intent to work cooperatively,” thereby mitigating “concerns over relentlessly calculative strategic behavior.”

Of course, he also notes the effectiveness of this tactic varies based on the level of trust among those involved.

Source

Virgin Media is all set to release a revolutionary new modem and router with the ability to handle speeds of up to 400Mbps.

The network upgrades will be officially launched by the end of this year.

Virgin Media has around 70,000 subscribers for its current network, providing speeds of up to 50Mbps.

Along with the superior speed router, Virgin Will also provide its costumers with new services including consumer telepresence, cloud computing and home working.

Jon James, Virgin Media’s director of broadband stated: “We want to be ready for the evolution of network speeds in the coming years as we roll out ever-improving services, including our 100Mps service due at the end of the year and trials of 200Mbps ongoing,”

Virgin Media will also try and work out a deal with utility companies to use telegraph poles, allowing them to offer broadband connections to homes in located in rural areas.

Source

Comodo announced today that it requested an independent third-party to notify VeriSign of a security vulnerability affecting its customers’ web sites, including a major financial institution. VeriSign received notification by the independent third-party last Tuesday.

While Comodo is not in a position to fully evaluate the scope of the vulnerability, Comodo believes it is a significant security concern for VeriSign’s customers (and users of their customer’s web sites) that rely on secure SSL Digital Certificates to transmit business and personal data.

Using publicly available information, Comodo found that a VeriSign customer account of a major financial institution can be easily accessed without authentication. Comodo believes that the vulnerability is not limited to this single account.

Communicating through the independent third party, Comodo urged VeriSign to take immediate steps to correct and remediate the vulnerability and notify all their customers who may be affected by this vulnerability.

“When we uncovered this serious security vulnerability, we knew we had to do the right thing to notify VeriSign immediately to correct the design problem,” explained Melih Abdulhayoglu, chief executive officer and founder of Comodo. “With millions of customer’s financial transactions at stake, we wasted no time to help correct the problem even though it wasn’t ours to begin with.”

VeriSign responded, “We thank you for bringing this to our attention, but the information you have accessed is public information that can be found in a multitude of ways. The pages you have accessed are merely pubic portals for our customers authenticated work to be performed.”

Comodo CEO Melih Abdulhayoglu demonstrated the vulnerability to me in confidence. By not notifying its customers, VeriSign seems to be selling people security while not totally secure itself. It would seem as if their customers should be notified to decide on a case by case basis if they are ok with the issue or if they want it fixed.

The independent third party who notified VeriSign on behalf of Comodo does not wish for his identity to be revealed at this time. Comodo followed the Vulnerability Disclosure Guidelines of the Common Computing Security Standards Forum (CCSS) by using an independent third-party as a medium for disclosure. It provided a disclosure document to VeriSign outlining the vulnerability.

But let’s also point out that today, press releases by Comodo went out to the media and were posted on the Web … a mere one week after notifying Verisign of the hole. To its credit, it didn’t completely “pull a Google” and publish the hack on the Web. But how long will it take before the black hats figure it out anyway?

It should be noted that Comodo is Verisign’s competitor and also sells security, antivirus, firewall, and SSL digital certificates.

On May 19th, Symantec Corp. purchased VeriSign authentication-services unit for $1.28 billion in cash. VeriSign’s revenue from authentication-related services was of $410 million for 2009 fiscal year. 85% of it was generated from their SSL business alone. 900 of VeriSign’s employees joined Symantec’s Enterprise Security Group.

Source

At the Kiev offices of Innovative Marketing Ukraine, hundreds of programmers, translators and database engineers created a software product that made the company a world leader — an exceptional achievement in the impoverished former Soviet republic.

But the way the company made its multimillion-dollar profits is nothing to celebrate, according to the criminal charges its owners now face in a district court in Chicago.

Innovative Marketing, say investigators and Internet-security researchers, was one of the biggest and cleverest propagators of “scareware” — programs that run fake scans on computers of unsuspecting users and then claim to find viruses that can only be removed by downloading some software. Except the viruses don’t exist and the software — which can cost between $30 and $70 — is either useless or can infect the computer itself.

Scareware is one of the fastest-growing and most prevalent types of Internet fraud. Security-software firm McAfee says it saw a 400% increase in incidents reported last year and predicts the use of scareware will be the most costly online scam in 2010, infecting around 1 million computers per day and bringing in illegal global profits of over $300 million. Charges against Innovative Marketing, run by Swede Bjorn Daniel Sundin and Indian-born Shaileshkumar Jain, put it squarely in the frame as one of the leading perpetrators of the scam.

Sundin and Jain are yet to appear before the Chicago court, which on May 27 charged them with computer fraud and wire fraud, but two months before that indictment they had already been ordered to pay $163 million by a court in Maryland by a default judgment in a civil suit brought against them by the Federal Trade Commission (FTC). The FTC case was a rare victory in the fight against cybercriminals, who use lax law enforcement in countries like Ukraine to stay beyond the reach of the law. “This is one of the largest Internet-based fraud cases the FTC has ever prosecuted,” says Ethan Arenson, an attorney at the FTC who led that investigation. “[Innovative Marketing] were the biggest players in scareware operations for a long time.”

According to the FTC, in 2003, Innovative Marketing began peddling hundreds of antivirus products under names such as WinAntiVirus and DriveCleaner. Misleading advertisements placed on websites — including those of the National Hockey League, the Economist magazine and Major League Baseball — were used to automatically launch the bogus scans before directing the user to purchase the malicious software.

After receiving more than 1,000 complaints from computer users who had been duped, the FTC began tracking the suspects through shell companies set up around the world. A major breakthrough came when Dirk Kollberg, a researcher with McAfee in Germany, decided to investigate Innovative Marketing’s servers in 2008, after discovering that some of its ads were being used to automatically download software without the user’s consent.

Astonishingly, the company’s servers were not password-protected, meaning the information they held was publicly available. The data gave Kollberg an insight into the inner workings of the company and its products. What he saw convinced him that, behind its smart logo and customer-care hotline, Innovative Marketing was producing and selling fake antivirus software on a massive scale. Using figures obtained from the servers, Kollberg calculates that the alleged scam scored $180 million in sales in 2008 alone. His findings helped the FTC build its case against the company.

Attempts to crack down on the scareware industry are hamstrung by the fact that many of the companies are run out of countries with weak legislation, ineffective law enforcement and corrupt officials. Paul Ferguson, a threat researcher at California-based Trend Micro, says a number of major threats have emanated from Ukraine, including the Zeus trojan, which steals bank-account details and ran rampant in early 2009. According to Ferguson, the shifty business is run by organized criminal gangs who trade control of infected computers — and the information stolen from them — for cash “like at a bazaar.” “It’s like the Wild West,” he says. “There’s no sheriff.”

Ukraine is slowly waking up to the need to take on its cybercriminals. The Interior Ministry set up an anticybercrime unit last year, but according to unit leader Ruslan Pakhomov they are fighting an uphill battle. Pakhomov says he lacks vital resources and laments that judges and prosecutors don’t have the knowledge they need to bring cases to a conviction. And in a country where the average wage is a miserable $200 a month, young computer specialists are queuing up for work wherever they can find it — even if it’s at a scareware company. “There are lots of talented, well-educated programmers, but there aren’t enough jobs,” says Pakhomov. “They try to find a place to use their skills.”

According to profiles posted on the LinkedIn careers networking website, former Innovative Marketing staff are now working at leading banks and consulting companies, while others have moved to another Kiev-based antivirus software company. Innovative Marketing’s former bosses, meanwhile, are facing their day in court. According to the U.S. Department of Justice, Sundin is believed to be in Sweden, while Jain is thought to be in Ukraine and is listed as wanted by Interpol. A third defendant from Ohio is expected to present himself for arraignment at the Chicago court at a later date.

As far as anyone can tell, Innovative Marketing shut its doors last year, but Ukraine’s Interior Ministry says it could still be operating from another location. McAfee researcher Kollberg says many of the scareware scams traced to the company are still running, although it’s difficult to tell who is behind them now. “If you have a business and you’re making hundreds of millions,” he says, “why would you just give it up?”

Cybercriminals sent 3.7 billion phishing e-mails over the last year, in a bid to steal money from unsuspecting web users, says CPP.

Research by the life assistance company revealed that 55 percent of phishing scams are fake bank e-mails, which try and dupe web users into giving hackers their credit card number and online banking passwords.

Hoax lottery and competition prize draws and Nigerian ’419′ scams that involve e-mail requests for money from supposedly rich individuals in countries such as Nigeria, were also among the most popular phishing e-mails.

Furthermore a quarter of Brits admitted to falling for the scams, losing on average £285.

Online banking fraud has surged by 132 percent during the last year. The report also highlighted that 46 percent of web users worry their credit card details will be used to make illegal online purchases.

CPP also revealed social networking scams are on the rise. Nearly one fifth of Brits have received phoney Facebook messages claiming to be from friends or family in the past year.
One in 10 fear that fraudsters are using Twitter to follow them, while a third are concerned their social networking account could be hacked.
“It seems that not a day goes by without a new case of online fraud hitting the headlines. But what’s concerning is that consumers are still falling victim,” said Nicole Sanders, an identity fraud expert at CPP.

“Fraudsters are becoming ever more skilled in their techniques and tactics. It can be extremely difficult to spot a legitimate email from a scam, so we advise caution at all times when online.”

Sanders also said web users should be mindful of what they post on social networks.

“Their identity is as valuable to a thief as a credit card, so protecting personal details is key.”

CPP advises web users to concerned about online fraud to keep their personal information safe and think twice about giving the details to someone that ask for them.

Banks will never ask for your personal information online, CPP said.

According to Steve Furnell, senior IEEE member and head of the Centre for Security, Communications and Network Research at the University of Plymouth, the increasing skill of the fraudsters and other online attackers is effectively raising the bar for what the average user needs to know in order to remain protected.
“Knowing that users tend to rely upon antivirus and internet Security packages, malware writers now seek to block this software from downloading the latest updates,” said Furnell.

“So, while users may see that their package is running and assume all is well, the protection may actually be outdated and therefore not working as effectively as promised.”

Furnell said in order to avoid this happening, users should make periodic manual checks to ensure that their antivirus has downloaded recent signatures.

“Similarly, while the advice to guard against fraud by looking for https and the padlock icon is perfectly sound in web context, this doesn’t prevent people from falling victim in other contexts (e.g. responding to a direct request via email),” he added.

“Consequently, web users need to develop broader skills; to consider the nature and importance of the information they’re being asked for, the likely legitimacy of the request and its source, and whether there are any avenues they can use to check before responding.”

Source

As the iPhone 4′s Thursday release inches closer, Apple whets our appetite Monday with the release of its latest iPhone and iPod Touch operating system. First announced in April, iOS 4 adds a gallery of features, from the long-awaited and expected to the small and surprising.

For a refresher on the look and feel of iOS 4, check out our initial hands-on of the developer release.

To get the update, simply connect your device to iTunes and follow the steps. It’s free for both iPhone and iPod Touch users–in the past the latter group users had to pay a small fee–though iOS 4 is not compatible with first generation models of either device. Also, remember that the iPhone 3G will not support the new multitasking feature.

We’ll follow up with a review of iOS 4 later Monday, but here’s a recap of the new features in the meantime.

Multitasking
Finally, the iPhone joins its smartphone rivals with the ability to run multiple apps simultaneously.

Home screen folders
Now you’ll be able to save home screen by organizing related–or even unrelated–apps into folders.

E-mail in-box
Among other things, you’ll you get a unified e-mail in-box, support for multiple Exchange accounts, and the option for viewing e-mails by thread.

Enterprise
IT departments will welcome enhanced data protection, mobile device management, and wireless app distribution.

iBooks
You can share books between the iPhone and the iPad with one purchase.

Game Center
This feature is scheduled for release later this year so we won’t get it right away. But when it comes it will bring options like a social gaming network, the ability to invite friends to games, and the opportunity for setting up two people to play.

Additional changes

* Spell check
* Larger fonts for e-mail, texts, and alerts
* Persistent Wi-Fi
* Tap to focus in video recorder
* Customizable wallpapers for the home screen
* Search text messages
* Choose image size in mail messages
* Recent Web searches
* 5x digital zoom in camera
* Gifting of apps
* Birthday calendar
* File and delete mail search results
* Web search suggestions in universal search
* Rotate photos
* Playlist creation on the device
* Support for Bluetooth keybords

Source

You know that 32GB iPhone 4 you just pre-ordered? The amount of internal storage is going to seem comparatively quaint if Toshiba follows through with its plan to mass produce 128GB embedded NAND flash memory modules by the end of this year.

That’s right folks, 128 awesome gigabytes of storage capacity could become standard on everything from high-end smartphones to tablet PCs, digital cameras, and everywhere else you find embedded flash chips. It’s the highest capacity yet achieved in the industry, part of which is the result of Toshiba’s 32nm manufacturing technology. The other part of the equation involves stuffing sixteen 64Gbit (equal to 8GB) NAND chips onto a dedicated controller into a package measuring just 17 x 22 x 1.4mm.

The implications here are huge, especially with competition ramping up in the mobile market. With 1GHz Snapdragon chips strutting through the smartphone scene and 2GHz chips on the horizon, smartphones are finally powerful enough to truly be considered handheld PCs. And with a spate of Android, WebOS, and Windows 7 tablets on the horizon, Apple’s flagship 64GB iPad could suddenly become far less appealing, and for reasons other than lack of Flash support.

Starbucks is stirring up a few changes to its Wi-Fi access that should make Web-surfing coffee drinkers happy.

Starting July 1, the coffee brewer said it will launch free Wi-Fi access throughout all of its stores nationwide, with no special registration or account required and no limits on the time people can spend online.

Available through AT&T, the enhanced Wi-Fi improves on the current access, which is free to customers who use their AT&T accounts or Starbucks cards to log in, $3.99 for everyone else, and restricts the time online to no more than two hours.

Appearing at Wired’s business conference Disruptive by Design on Monday, Starbucks CEO Howard Schultz spoke about the new Wi-Fi access as part of the company’s goal to embrace social and digital media and look for new ways to bridge a customer’s coffeehouse experience with the digital world.

Beyond the enhanced Wi-Fi access, Schultz also unveiled plans for a new in-store service called the Starbucks Digital Network, slated to come online this fall. Teaming up with Yahoo, Starbucks will offer customers free and unrestricted access to different paid sites and services. Content partners will include WSJ.com, iTunes, The New York Times, Patch, USA Today, Yahoo, and Zagat. Additionally, Schultz said the new network will provide exclusive content, free downloads, and local community news.

Though Starbucks has offered its limited brand of Wi-Fi service for years, first through T-Mobile and then through AT&T, the company has lagged some of its competitors in offering unlimited free access.

McDonald’s, which sells coffee alongside its thick milkshakes, added free, unrestricted Wi-Fi access via AT&T to its menu in January, while nationwide cafe chains like Panera Bread also offer instant and free Wi-Fi.

Since his return to the CEO role in 2008, Schultz has been busy trying to promote Starbucks as a spot where people can work and socialize, especially online. He has spoken before about creating a third place between work and home and reiterated that point at the Wired business conference.

Given the company’s track record at tapping into the online world, Schultz’s new Wi-Fi initiatives may pay off. In a study from last July, Starbucks was named the biggest brand on the Web at using social media to promote itself and engage its customers.

Source