Hewlett-Packard said Tuesday it will slash its work force by 14,500 jobs, or about 10 percent, the biggest move yet by new Chief Executive Mark Hurd as he seeks to boost the No. 2 computer maker’s profitability.

HP, which employs about 150,000 workers across the globe, said the majority of staff reductions will come in support functions, such as information technology, human resources and finance. The remainder will be made inside business units, in areas where work can be reduced by improving processes.

The cuts, which are expected to save HP $1.9 billion annually, are the biggest since former CEO Carly Fiorina slashed thousands of jobs after HP’s controversial $19 billion acquisition of rival Compaq Computer in May 2002.

Hurd has said that HP needs to get its costs more in line with other technology companies, such as Dell, the hyper-efficient No. 1 PC maker.

“They’ve gotten themselves in fighting shape here,” said Caris & Co. analyst Mark Stahlman, who said the announcement should eliminate uncertainty in the workforce as well. “I think this is going to give a big boost to morale internally.”

Its shares hit a high unseen since January 2004 on Monday, in anticipation of the announcement. The restructuring included changes to workers’ benefit plan and the elimination of the Customer Solutions Group, a standalone business group responsible for sales to business and public-sector customers.

Palo Alto, California-based HP said it would carry out the widely anticipated restructuring and job cuts over the next year and a half, during which it expects to record pretax restructuring charges of about $1.1 billion.

Beginning in fiscal 2007, HP expects ongoing annual savings of about $1.9 billion, composed of $1.6 billion in labor costs and $300 million in benefits savings. In fiscal 2006, HP expects savings of between $900 million and $1.05 billion.

The company said that the savings will be reinvested in the business to boost competitiveness, with some also expected to flow through to operating profit. The cuts inside business units were planned for areas where work can be reduced through streamlining and prioritization.

Analysts had been expecting as many as 25,000 job cuts from Hurd, who joined HP in April from NCR Corp. following the ouster of Fiorina in February.

The company has already trimmed jobs in its lucrative imaging and printing business. In May about 2,000 workers in that unit accepted voluntary severance packages.

HP’s fiscal third quarter concludes at the end of July.

© 2005 Reuters Limited. All rights reserved.

Hacking magazine Phrack is closing after 20 years of publishing after its editorial team decided to call it a day. The final date for submissions for the special hardback last issue of the mag was Sunday 10 July. Issue 63 will be released at the Defcon and WhatTheHack2005 hacker conventions later this month.

The first issue of the magazine (which styles itself as the house magazine of the international computer underground) was released on 11 November, 1985, and concentrated almost exclusively on phreaking or hacking into the telephone system. Since that time, the magazine has been through a lot, including a law suit from Bell South. Phrack editor Knight Lightning was indicted for reprinting the contents of a “confidential” document, called E911, but the case against him collapsed after it was revealed the E911 could be purchased over the phone for $13. The magazine spanned the evolution of hacking from the days of bulletin boards to 3G mobiles with a knowledgeable, politically aware and frequently controversial take on information security. Topics covered included hacking, phreaking, spying, carding, cybernetics, radio, electronics, forensics, reverse engineering, cryptography, anarchy, conspiracy and world news. The magazine is made available to the public, as often as possible, and free of charge with content republished on Phrack’s website.

“Phrack is still really well known,” said Ollie, current editor of the magazine told BBC online. “There are a lot of security magazines but no hacking magazines.”

What about 2600, the hacker quarterly? Anyway Noted SF author Bruce Sterling reckons its likely Phrack will be revived in some form. “Any set of unruly teenagers could start Phrack back up because that’s who started it in the first place,” he said. In a statement, Phrack outgoing editorial team said it would hand over to a new group that wanted to restart the magazine. Meanwhile there’s a promise that Phrack’s website will be maintained until 2007. ®

Security notification service Secunia rates the cross-platform update as “highly critical”. The Mozilla Foundation promises to release a related sub-set of patches for its Thunderbird email client. A security update for Mozilla’s internet software suite covering a seperate group of security vulns is also promised for later this week.

Along with the Firefox security update, Tuesday also brought three critical security patches from Microsoft and the release of security fixes from Apple making it an exceptionally busy day. ®
By John Leyden

Net infrastructure firm VeriSign has bought security intelligence firm iDefense for $40m in cash. iDefense’s 45 employees will join VeriSign in a move designed to bolster its managed security services offering with proactive threat warning and security remediation advice.

iDefense is best known for its controversial vulnerability contributor program, which rewards hackers for advance notification of unpublished vulnerabilities or exploit code. It’s not immediately clear if the program will continue post acquisition.

VeriSign’s rivals in the managed security market include Symantec and Cybertrust, both of which came into the market niche through acquisitions, and Counterpane. In a statement, VeriSign said revenue and earnings contribution from the acquisition wouldn’t affect its financial results in 2005. ®

More security issues:

Could RSS feeds become a conduit for the transmission of computer worms? Security experts are at odds over the possibility. Those who play down the threat point to the fact that no virus has ever used the propagation technique while others say it’s only when a network reaches critical mass (as in the case of instant message and file sharing networks) that malware threats show their ugly head.

Personal firewall firm Zone Labs describes RSS feeds (together with mobile phones and PDAs) as the “next battleground in security”. Gregor Freund, chief exec and co-founder of the Check Point Software subsidiary, said RSS feeds are a potential threat because whenever you have unstructured or unfiltered data you can end up with viruses. He added that Zone Labs had spotted malicious behaviour over RSS feeds but wasn’t able to supply any details on what this malfeasance might be.

Trivial exploits would involve pointing readers of RSS feeds towards maliciously constructed websites. Peter Craig, UK product marketing manager at Trend Micro, explained: “RSS feeds point to HTML pages and as such, they can be made to point to HTML-exploits or malicious JavaScript. It certainly can be a possible way of distributing malicious code over the internet to the subscribers of the RSS feed. The impact of this distribution method would be related to the popularity of the feed. As far as I know it has never been used in any live virus so far.”

More complex attacks are also at least theoretically possible. Dave Rand, chief technologist for Internet content security at Trend Micro, said that worms might be created that exploited vulnerabilities in RSS readers to spread.

But Craig played down the likelihood of an attack based on this approach, at least in the short term. “RSS feeds can’t ever be a solid propagation method until there are enough RSS feeds with lots of subscribers in normal end-user machines or there’s a way to access server-based feeds more easily,” he said. ®