It’s been a week since Apple debuted its latest operating system, called Leopard, and the initial reactions by users and analysts is, well, not good. At all.

According to numerous reports, security researchers believe Leopard’s firewall is actually worse than Apple’s previous OS, Tiger, “having more holes than its namesake cat has spots,” as eWEEK put it yesterday. Ouch.

Having not had the chance to check out Leopard myself, here’s a sampling of opinions I’ve come across in the last day or so:

“The first security hole is that Leopard’s firewall turns itself off by default on installation — even if a user had the firewall turned on before upgrading. … Security researchers are also chagrined that Leopard only allows a choice between allow all, deny all, or pick by application, and that it completely hides the firewall rules in a black box that isn’t user accessible.” - eWEEK

“Leopard introduces a number of important security features to the Mac, but they are often incomplete, leaving users vulnerable to attack, said Thomas Ptacek, a researcher at Matasano Security.” - IDG News Service

“Leopard’s sprint out of the gate could slow if Apple is unable to solve some major installation problems encountered by early adopters. Among other things, thousands of users said their Macs froze up and displayed the so-called blue-screen-of-death after they attempted to install Leopard.” - InformationWeek

You’d think so many negative reviews would put a damper on Leopard’s early sales figures. You’d think that, but you’d be wrong.

As InformationWeek reported, Apple says it has sold more than 2 million copies of Leopard since its Oct. 26th debut. If Apple wants to keep up this brisk pace, though, I suggest it waste no time in responding to users’ security concerns. After all, what good is a leopard if it has no bite?

I’m writing this blog post from my home office, and there’s a good chance you’re reading this blog post from your home office. That’s good news for mobile IT vendors.

With mobility becoming an increasingly important IT priority, investments by SMBs in smartphones and virtual private networks (VPNs) could rise by as much as 44% and 32%, respectively, over the next 12 months, according to a recent report by CompTIA.

The report, which was conducted in conjunction with AMI-Partners and surveyed 518 North American SMBs, found that the average SMB has 7% of its workforce telecommuting one or more days per week, while 75% of SMBs have at least one employee who works from home.

“With a growing portion of their workforce either mobile or remote, SMBs need to provide cost-effective, safe and secure remote access for these employees,” said CompTIA president and CEO John Venator in a statement. “This suggests there is a sizeable market opportunity associated with productivity-enhancing solutions such as virtual private networks (VPNs), smartphones and other applications.”

Sounds like good news for smartphone vendors like RIM and Palm. Who knows, maybe even the iPhone will find its way into more SMBs. So far, though, I’m getting along just fine with my “old school” mobile phone. It doesn’t have many cool features, but it gets the job done. Not that I’d complain if TechTarget handed me a BlackBerry (hint, hint).

As for my VPN, I’d be in a world of hurt without it. Sans VPN, instead of using Outlook, I’d have to access my email with our Web-based email service, which is far from the easiest application to work with. And that’s being kind.

So look for the ranks of mobile workers to continue to grow in the coming months and years and, with it, opportunity and profits for mobile IT vendors.

Bashing help desks and tech support sometimes feels too easy.

With that in mind, I’ll try something different. I want to offer kudos to the tech support call center at Digimarc Corp., for helping the U.S. Secret Service nab a thief.

Apparently Timothy Scott Short, 33, allegedly stole a Digimarc printer on Oct. 5 from a contractor that prints driver’s licenses for the state of Missouri. When Short, who has also been investigated in the past for unrelated identity theft charges, couldn’t get the printer to work, he called Digimarc’s tech support line two days later. He said he wanted to buy driver software for a printer.

Digimarc isn’t commenting on how the Secret Service ended up listening to a recording of the call Short made to the call center, but it’s pretty obvious that the company did a good job of identifying this apparently clueless alleged thief and helping to facilitate his arrest.

Here we go again.

Not Your Average Joe’s restaurant announced today that credit card information of up to 3,500 customers was recently stolen by hackers (or a hacker … the company isn’t sure how many crooks were involved). The data breach took place between early August and late September, the company said.

In response, the Massachusetts-based chain said it has hired an outside “forensic analyst” to identify the cause of the breach, taken steps to tighten its security operations, and is working with credit card companies, local authorities and even the Secret Service to root out the perpetrator(s).

“We take this issue seriously, and want our customers to understand how they may be impacted,” the company said in a statement. “If a customer had fraudulent charges placed on his or her card, he or she would not be held responsible for those charges; the problem can be resolved by calling your credit card company, reporting the issue and cancelling the card.”

Not Your Average Joe’s said the data breach affected only its Massachusetts customers. The company operates 14 restaurants, all in Massachusetts save one located in Leesburg, Va.

According to The Boston Globe, the breach was discovered when officials at a Cape Cod bank notified police that a number of customers had reported unauthorized charges on their credit card statements.

Not Your Average Joe’s spokesperson Diana Pisciotta told the Globe that no unauthorized credit card activity has been reported since Sept. 29, adding, “We’re fairly confident that a customer walking into one of our places today could use their credit card safely.”

Fairly confident? Call me a cynic if you must, but I’m less than reassured by that declaration. Following the TJX data breach (which continues to get worse and worse by the day), you’d think that businesses would have gotten the message by now that customer data security should be priority A-1. But I guess understanding the importance of data security and actually securing your data are two different things.

Google is riding high these days. Its stock price is up over $600 a share and it holds a commanding lead in the Internet search engine wars. And thanks to its customizable homepage, users can manage virtually every aspect of their lives via Google RSS feeds, email, stock quotes, weather, etc.

But all those Google tools have a downside. Scanning my monthly copy of Wired magazine last night, I came across this piece by Seth Mnookin. Needless to say, I can relate to Seth’s problem, and I’m betting many of you can, too (emphasis added):

So I set up a Google homepage. After that it seemed silly — stubborn, even — not to put a Google Toolbar on my browser. And since I had a Google Toolbar, I figured I might as well use Google Bookmarks and add on Google Reader. Oh, and Google Scholar. And Google Books. I set up a Google Calendar, ignoring the fact that it doesn’t sync with my Treo (at least, not without some kludgy third-party app). I quit using del.icio.us and started using Google Notebook.

When my fiance came home from work each evening, we’d ask each other how our respective days had gone. She’d describe the small frustrations and victories that punctuate office life. I’d say something along the lines of “Today I spent three and a half hours organizing my Google Bookmarks” or “You’d be amazed at what you can turn up if you play around with Google US Government Search.” Then we’d both laugh. It took a couple of weeks before I finally noticed the concern in her eyes. Then she asked: “What else did you do?”

That’s when I realized I wasn’t actually accomplishing anything. My campaign to increase productivity had become yet another distraction — and a significant one. Suddenly I needed to time-manage my time management. So last week I installed a timer on my desktop (and, no, it’s not a Google Timer) to help me limit how long I spend on Google-related sites. I allot myself a half hour a day; after that, I force myself to quit optimizing how I get things done and start actually getting things done. Of course, I still check the Links to Google Services tab on my Google homepage every day. How else will I know when one of the whizzy new tools will be just the thing to make my life easier?

Thanks, Google. You’ve turned me into the most efficient time-waster ever.

Now, if you’ll excuse me, I have to go check my Google homepage for Bart Simpson’s Phrase of the Day. Then maybe I’ll add a language translator or a currency converter to my page. The possibilities are endless. Damn you Google!

It’s finally here! Talking spam!

This morning Commtouch Software Ltd., the Israeli antispam service vendor, announced that its Commtouch Detection Center has identified a huge outbreak of MP3 spam. Other antispam vendors have also detected it. These messages come with MP3 attachments that, when opened, play voice messages promoting stocks.

To hear an edited version of one of these messages, click here: click here

That distorted voice is creepy. It sounds like a female version of HAL 9000 in 2001: A Space Odyssey.

Commtouch says it hasn’t detected a virus threat in the spam yet and the files are larger than standard spam, averaging around 85 KB, and reaching up to 147 KB. The message contents are mostly empty. The MP3 files carry the marketing message.

According to Commtouch, these messages have accounted for 7% to 10% of all global spam over the last day or so.

The spammers have of course given names to these MP3 files that are supposed to induce you to open them. Sample file names include dadsong.mp3, oursong.mp3, weddingsong.mp3, smashingpumpkins.mp3, bspears.mp3, gloariaestefan.mp3, beatles.mp3 and coolringtone.mp3. Would anyone really want to open an MP3 from Britney Spears these days?

Slowly but surely, SMBs are increasingly turning to unified communications (UC) technologies to improve productivity and shorten response times of businesses-critical decisions, according to a new report by AMI-Partners.

Still, AMI says that SMBs are only just scratching the surface of UC, picking and choosing individual UC components rather than realizing its full potential as an integrated technology.

“Whether using Skype on their smartphones, or installing in-house IP-PBXs or using Web conferencing services, SMBs are clearly signaling their desire to utilize all available communications and collaboration solutions,” says AMI Partners VP Sanjeev Aggarwal in a statement. “However, SMBs are not familiar with the notion of unified communications, nor are they aware of the various platforms being cobbled together through acquisitions in the IT space.”

The fact that no one, fully integrated UC platform has emerged as a market leader is the single-biggest obstacle to widespread UC adoption at SMBs, the report said. AMI identified Cisco, Microsoft and “possibly” Google as the likeliest vendors to do so in the coming months and years.

Another reason SMBs may not be wholeheartedly jumping into UC, in my opinion, is the difficulty in determining ROI. At SMBs especially, justifying a quick ROI on any new technology is critical to getting management on board. ROI is even more important for a technology so potentially disruptive to traditional, deeply entrenched communications technologies, as UC is.

The ROI of UC, however elusive, is not unattainable, at least according to UC vendors. At VoiceCon in August, I attended a session by reps from INX, ShoreTel and Microsoft, all of whom had some good advice on calculating ROI of UC. The vendors said it is important to understand there are different ROI criteria for different types of workers and that the first step in evaluating UC is to quantify likely “hard” savings.

Check out the full post I wrote back then summarizing their recommendations here. And for those of you who’ve already launched an integrated UC solution, share the wealth. How did you determine likely ROI and, more importantly, were your forecasts on target?

The federal government is really cracking down on spammers. Here’s a video of the feds processing spam complaints:

http://www.youtube.com/watch?v=IjarLbD9r30

The federal government hopes its criminal prosecution of spammers will act as some sort of deterrent. On Friday, two men who were convicted of spamming millions with pornographic emails were sentenced to five to six years in prison.

I suppose prison time is a sharp deterrent to just about any crime, from murder to shoplifting. But read the details of that story. Jeffrey A. Kilbride and James R. Schaffer, who were convicted in June, earned $1 million in just over a year in 2003. That’s a lot of money for a business that requires very little overhead.

These two men were charged in part under the 2003 CAN-SPAM Act, which bans false and misleading header information and subject lines, requires opt-out methods for recipients of spam (for those of us who are stupid enough to click on anything in a spam message), and mandates that commercial email be clearly identified as an advertisement.

I don’t know about you, but a few dozen spam messages have gotten through the filters on my various email addresses today, and absolutely none of the senders of those messages adhered to any of these requirements.

Hence, the video of Charlie Chaplin above.

But the feds will continue to fight the good fight. Last week, the FTC ordered a halt to spam messages from a company called eHealthylife.com, which was offering “Hoodia” weight loss products and human growth hormone. The FTC is planning to prosecute the company and its owners for violating the CAN-SPAM act.

It’s good that the federal government is making an effort here, but this strategy is similar to building a moat around a sandcastle at the beach. Digging a hole in the sand won’t stop the ocean from washing over it. The vast majority of email traffic across the globe is made up of spam. Prosecuting one case at a time might deter some potential spammers, but it won’t stop all of them.

Analysts have repeatedly told me that Internet service providers (ISP) are the key here. They have to step up their efforts to monitor how their networks are used. They should be policing their own IP addresses for spam abuse. Unfortunately, so many spammers rely on ISPs based in the developing world, where the regulatory environment is pretty loose. The FTC could require better policing by every U.S.-based ISP, and spam would still be flooding our inboxes.

 This story pretty much speaks for itself, but here’s a brief setup.

Jammie Thomas was sued by the Recording Industry Association of America for sharing a couple of dozen songs she illegally downloaded. Thomas’ defense in court was that someone spoofed her IP address and it was actually that person who downloaded and shared the songs.

CNET News Blog picks up the story from there:

In the interview with Wired’s David Kravets, [juror Michael] Hegg, a steelworker, said that during deliberations, the jury concluded after only five minutes that Thomas was guilty … “Spoofing? We’re thinking, ‘Oh my God, you got to be kidding.’ She’s a liar.”

Needless to say, Thomas is appealing, hoping to draw a slightly more tech-savvy jury next time around.

In defense of the tech-illiterate juror, the IT industry does have a lot of ridiculous terms and acronyms that you can’t expect nontechies to understand. But still, couldn’t Hegg just have looked it up on the Internet? I guess the jury room didn’t have wireless access.

I didn’t need a survey to tell me this.

Sixty-four percent of Americans say they spend more time with their computers than they do with their significant others. I have two laptops. One belongs to my employer and the other belongs to me. And I spend entirely too much time with both of them.

SupportSoft Inc., an IT service management vendor, is thinking of expanding into the consumer space, so it conducted a new consumer survey about how people interact with their computers.

I’m not sure why SupportSoft wanted to know if people get the urge to throw the computers out the window when they crash. But it did. And apparently 19% of people feel that way sometimes. Nine percent said they feel stranded and alone when their computers crash, and 11% curse at their dead machines.

And apparently 84% of people feel more dependent on their computers than they did three years ago. This also makes sense to me. Nowadays, whether I want to know who directed the movie Poltergeist or whatever happened to the makers of ColecoVision, I go online. What would I do with myself if I couldn’t look up this trivial information? I’d probably spend more time with my significant other. And with that in mind, gotta go!