Matthew Dorn

The U.S. Secret Service is investigating a poll posted on Facebook asking people to vote on whether President Barack Obama should be assassinated. He said the poll, which went online Saturday, was taken down Monday morning after the Secret Service alerted Facebook to its presence on the site. Special Agent Ed Donovan, a spokesman for the Secret Service, said this afternoon that the agency launched a probe into the matter and currently is looking for the person who posted the poll. The poll asked Should Obama be killed? and gave users the choice of yes; maybe; if he cuts my health care; and no.

A screen shot of the poll , which was posted on the blog, The Political Carnival , shows that at some point at least 387 people had voted. Neither the Secret Service nor Facebook would say how many people voted in the poll and what the results were. Barry Schnitt, a spokesman for Facebook, was quick to point out that this was not a poll that originated from the social networking site itself. A source within law enforcement noted that while posting the poll, in and of itself, is not illegal, federal investigators can t discount the possibility that the person behind the poll has malicious intentions. The third-party application that enabled an individual user to create the offensive poll was brought to our attention this morning, wrote Schnitt in an e-mail to Computerworld . The application was immediately suspended while the inappropriate content could be removed by the developer and until such time as the developer institutes better procedures to monitor their user-generated content. The source said the Secret Service needs to interview the person to gauge his or her ultimate intent.

Dell has agreed to buy Perot Systems for around US$3.9 billion in cash, and intends to make the company its global services delivery division, the companies said Monday. It will also allow Dell, in the future, to address customer demand for next-generation services including cloud computing, said CEO Michael Dell in a conference call with analysts. The deal will allow Dell to expand its range of IT services, and potentially allow it to sell more hardware to existing Perot customers, it said.

Dell is counting on its international reach to turn Perot into a global services company, Dell CFO Brian Gladden said during the call. Around 25 percent of revenue comes from government customers, he said. Perot Systems is one of the largest services companies serving the health-care sector, from which it derives about 48 percent of its revenue, its CEO Peter Altabef said during the call. Perot is already working at increasing its international revenue: on Friday it announced a 10-year deal to outsource IT operations for Indian hospital group Max Healthcare. Over the last four quarters, Dell and Perot together had revenue of $16 billion from enterprise hardware and IT services, with $8 billion coming from enhanced services and support, Dell said. Dell's rival Hewlett-Packard expanded its own global services unit with the acquisition of EDS for $13.9 billion in May 2008. EDS was founded by H. Ross Perot, who sold the company to General Motors before going on to found Perot Systems, of which his son is now chairman.

Perot's contribution to that is relatively small: In 2008, the company reported total revenue of $2.78 billion. In after-hours trading, the stock traded at $29.70 early on Monday morning. At $30 per share, Dell's offer represented a significant premium over Friday's closing price of $17.91 for Perot Systems shares. The boards of Dell and Perot agreed to the terms of the transaction on Sunday, they said. Dell expects that overlaps between the two companies will allow it to cut Perot's costs by between 6 percent and 8 percent, Gladden said during the conference call.

Dell expects to complete the deal in its November-to-January fiscal quarter. Upon completion of the acquisition, Dell plans to make Perot Systems its services unit, and will put Altabef in charge of the unit. The services unit will fit alongside Dell's existing divisions for selling to large enterprises, government customers and small and medium-size businesses. It also expects Ross Perot Jr., chairman of the Perot Systems board, to be invited to join the Dell board of directors. Dell created the three divisions in a major reorganization of its business sales teams last December, shifting from a geographic structure to one aligned with customer types.

Four months after it modified Windows 7 to stop the Conficker worm from spreading through infected flash drives, Microsoft has ported the changes to older operating systems, including Windows XP and Vista, the company announced on Friday. Conficker copied a malicious "autorun.inf" file to any USB storage device that was connected to an already-infected machines, then spread to any other PC if the user connected the device to that second computer and picked the "Open folder to view files" option under "Install or run program" in the AutoPlay dialog. In April, Microsoft altered AutoRun and AutoPlay, a pair of technologies originally designed for CD-ROM content, to keep malware from silently installing on a victim's PC. The Conficker worm , which exploded onto the PC scene in January, snatching control of millions of machines, used several methods to jump from PC to PC, including USB flash drives.

Microsoft responded by changing Windows 7 so that the AutoPlay dialog no longer let users run programs, except when the device was a nonremovable optical drive, like a CD or DVD drive. Four months ago, Microsoft promised to make similar changes in other operating systems - Windows XP, Vista, Server 2003 and Server 2008 - but declined to set a timeline. After the change, a flash drive connected to a Windows 7 system only let users open a folder to browser a list of files. On Friday, Microsoft used its Security Research & Defense blog to announce the availability of the updates for XP, Vista and the two Server editions. Links to the download are included in a document posted on the company's support site. Microsoft issued the updates almost three weeks ago, on Aug. 25, but did not push them to users automatically via Windows Update, or the corporate patch service Windows Server Update Services (WSUS). Instead, users must steer to Microsoft's download site, then download and install the appropriate update manually.

The Windows XP update weighs in at 3MB, while the one for Vista is about 7MB. The AutoRun and AutoPlay changes debuted in the Windows 7 Release Candidate (RC), which was available for public downloading from May 4 to Aug. 20 . Windows 7 is set to go on sale Oct. 22.

Microsoft's federated identity platform passed its first SAML 2.0 interoperability test with favorable marks, signaling the end to the vendor's standoff against the protocol. 11 security companies to watch The eight-week, multivendor interoperability workout conducted by the Liberty Alliance and the Kantara Initiative also resulted in passing marks for two other first-time entrants – SAP and Siemens. Results were announced Wednesday. "The Liberty Interoperable testing was a great opportunity to verify that Active Directory Federation Services (AD FS) 2.0 is interoperable with others' SAML 2.0 implementations. Return testers Entrust, IBM, Novell and Ping Identity also passed. This should give our customers confidence that their federation deployments using ADFS will 'just work,'" says Conrad Bayer, product unit manager for federated identity at Microsoft.

The company previously supported the SAML token, but never the transport profiles of the protocol. "It is significant that Microsoft participated given their previous stance on the SAML protocol," says Gerry Gebel, an analyst with the Burton Group. "For the first product version that supports SAML, they have covered the core bases." Microsoft's interoperability testing focused on SAML's Service Provider Lite, Identity Provider Lite and eGovernment profiles. In the past, Microsoft has been dismissive of the Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorization data between and among security checkpoints, preferring the WS-Federation and other protocols it helped develop. The company says it plans to support other SAML profiles based on demand. In addition, it was the first test to include an international group to test the eGovernment SAML 2.0 profile v1.5. The test featured the United States, New Zealand and Denmark. "The fact that we were able to put so many new implementations through a full matrix, rigorous interoperability test speaks to the maturity of the SAML 2 protocol," says Brett McDowell, executive director of the Kantara Initiative. "And it is not just implementation; there is a tremendous amount of deployments." "Full matrix" testing means all participants must test against each other. The interoperability event featured the largest group of participants ever for the testing, which has been run twice previously.

The test was conducted over the Internet from points around the globe using real-world scenarios between service providers and identity providers as defined by the SAML 2.0 specification. ADFS 2.0 is part of a larger identity platform that includes Windows Identity Foundation and Windows Cardspace. Microsoft participated in the testing with Active Directory Federation Services 2.0 (formerly code-named Geneva), which is slated to ship later this year. Microsoft said earlier this year it would have SAML 2.0 certification before it released Geneva. ADFS 2.0 provides identity information and serves as a Security Token Service (STS), a transformation engine that is key to Microsoft's identity architecture.

The SAML profiles ADFS 2.0 supports cover the core features of federation. ADFS lets companies extend Active Directory to create single sign-on between local network resources and cloud services. The issue was noted in a report by the Drummond Group, which conducted the testing, and centered on long URL values mostly when encryption was enabled during specific operations. It wasn't all smooth sailing for Microsoft, however, as some participants reported problems using Internet Explorer 6.0 and 7.0 for SAML single sign-on, which is primarily a Web browser action. Internet Explorer does not accept URLs longer than 2,083 characters.

Microsoft tested against IE 8 and Firefox 3.5.2. While Microsoft's participation was an important milestone for the advancement of SAML, McDowell says the current testing is significant on other fronts. Testers got around the issue by using other browsers. The test marks a transition with the Kantara Initiative now taking over future tests. The level of cooperation between governments will serve as a model for other industries, he says. The group will adopt the Liberty Alliance testing methods and expand the scope of tests to include other protocols in addition to SAML. And it will build off the eGovernment profile testing as new profiles for other vertical markets, including healthcare and telecommunications, are developed. "Having countries come together and agree on a deployment profile, that is not to be understated," McDowell says. In addition, next year Kantara will pick two other protocols to test from a list made up of WS-Security, Information Card, Identity Metasystem Interoperability, OAuth and XRD. Kantara also will take cues from Project Concordia and eventually begin to test cross-protocol interoperability.

Follow John on Twitter. The next Kantara interoperability test is slated for next year.

A bank that inadvertently sent confidential account information on 1,325 of its customers to the wrong Gmail address is suing Google for the identity of the Gmail account holder. According to court documents, the bank in August received a request from one of its customers asking for certain loan statements to be sent to a third-party. The case, filed in the U.S. District Court for the Northern District of California, involves Rocky Mountain Bank of Wyoming. An employee of the bank, responding to the request, sent the documents to the wrong Gmail address.

When it discovered the error, the bank immediately sent an e-mail to the Gmail address asking the recipient to delete the previous email and the attachment. In addition to the requested loan information, the bank employee also inadvertently attached a file containing names, addresses, tax identification numbers and other details on 1,325 account holders to the same address. The bank also asked the recipient to contact the bank to discuss what actions had been taken to comply with the bank's request. When Google refused to provide any information on the account without a formal subpoena or court order, the bank filed a complaint asking the court to force Google to identify the account holder. When it received no reply, the bank sent an e-mail to Google asking whether the Gmail account was active or dormant and also what it could do to prevent unauthorized disclosure of the inadvertently leaked information.

Rocky Mountain Bank also requested that its complaint and all of the pleadings and filings in the case be sealed. U.S. District Court Judge Ronald Whyte dismissed that request, saying there was no need for the proceedings to be sealed. "An attempt by a bank to shield information about an unauthorized disclosure of confidential customer information until it can determine whether or not that information has been further disclosed and/or misused does not constitute a compelling reason," Whyte wrote last week. The bank said it hopd to prevent unnecessary panic among its customers and a "surge of inquiry from its customers." The bank argued that if the complaint and motion papers are not sealed, all of its customers would learn of the inadvertent disclosure. This is the third time in recent weeks that Google has faced a similar issue. The man alleged that the contributors to the paper had unfairly linked him to government corruption. Earlier this month, the Associated Press reported that a resort developer in Miami had obtained a court order requiring Google to disclose the identities of anonymous contributors to an online newspaper in the Turks and Caicos Islands.

In that case, Google indicated that it would disclose the data only after first informing the paper about the request and giving it a chance to appeal for the court order to be quashed. In the other incident, a court in New York compelled Google to disclose the identity of a blogger who had made disparaging comments about a Vogue model in her blog "Skanks in NYC."

SolarWinds Tuesday announced an updated product that the company says will enable IT departments to use Cisco IP SLA to better manage WAN connections, router performance statistics and VoIP metrics. It could potentially have a pretty negative impact," says Josh Stephens, head geek for SolarWinds. "That has changed a lot over the past few years and now you can configure devices in such a way that IP SLA and NetFlow don't impact the operation of the device, but still add value when it comes to network performance monitoring." The software, targeted at network engineers ideally, can understand from every point on the network how voice applications, for instance, are performing, Stephens says. View SolarWinds' Orion IP SLA Manager in Network World's Products of the Week slideshow   SolarWinds' Orion IP SLA Manager replaces the vendor's Orion VoIP Monitor and combines capabilities to track voice metrics such as jitter, latency and packet loss with visibility into Cisco's IOS IP SLA. According to Cisco, IOS IP SLAs  "use active monitoring to generate traffic in a continuous, reliable and predictable manner, thus enabling the measurement of network performance and health." SolarWinds says it decided to monitor the Cisco technology with a commercial product (the vendor already made a free IP SLA monitoring tool available) because enterprise IT managers are overcoming the traditional barriers to such Cisco tools as http://www.cisco.com/en/US/products/ps6602/products_ios_protocol_group_h... ">IP SLA and NetFlow, for instance.   "Traditionally there were key barriers to the deployment of IP SLA in customer environments.

The product can help network managers get from one tool metrics on how each site is operating from a WAN perspective as well. It tracks edge-to-edge router performance statistics that can be exported into a dashboard for quick reference as well, SolarWinds says. "Performance can vary greatly across sites," Stephens explains. "This product helps to make the process of collecting this data simple and helps network engineers better understand the performance of the networks, applications and services." Competitive products include CA's eHealth, which CA obtained via its Concord Communications buy, and tools developed by InfoVista. Because IP SLA is already built into Cisco routers, network managers can quickly generate network and services performance data to identity site-specific or WAN-related performance issues. SolarWinds Orion IP SLA Manager pricing starts at $1,495, including first year maintenance. A free 30-day trial of the product is available for download here.   Do you Tweet? Orion IP SLA requires an installation of Orion Network Performance Monitor (NPM). Pricing starts at $2,475 for Orion NPM, including first year maintenance.

Follow Denise Dubie on Twitter here.