Not all of this week's news involved global financial turmoil: while IT budgets are being cut and AMD is breaking itself up, a security tool was released for Firefox that prevents "clickjacking" and Microsoft said that Windows 7 will fix issues in Vista's user account control feature.

1. Economic malaise hits IT industry : Disappointing earnings from some IT companies, fewer initial public offerings, lowered earnings forecasts -- all are part of the grim global economic outlook. On the bright side, though, IBM reported this week that its net income rose 20 percent in its third quarter and maintained its profits will be strong for the full fiscal year.

[ Video: Catch up on the latest tech news with the World Tech Update ]

2. AMD to spin off chip fabs to raise funds : Advanced Micro Devices is splitting into two companies, with one designing chips and the other making them. The company also said that two investment funds owned by the Abu Dhabi government will provide capital to AMD and help it compete better with Intel. The news was hailed by analysts, investors, customers and employees as a way to strengthen AMD, particularly in the harsh economic climate.

[ Related: Rival Intel has launched an investigation into AMD's spinoff plans | Intel may be worried because analysts think the split could help AMD make up market share quickly ]

3. Firefox extension blocks dangerous Web attack : An update of a free security tool for Firefox blocks "clickjacking," one of the most dangerous and vexing problems on the Internet. Clickjacking happens when a Web user clicks on an invisible, malicious link without knowing it. The tool, called NoScript, now includes ClearClick, which can tell if a Web page contains a hidden, embedded element. Users of NoScript who click on such links will be asked if they really want to do that.

4. Microsoft to improve Vista's problematic UAC in Windows 7 : Microsoft is tweaking the user account control feature in its Windows client OS and admits that what was meant to be a security feature in Vista has been a hassle for users. The idea behind UAC in Vista is to give primary PC users more control of applications and settings, but it hasn't quite worked out that way. "What we've learned is that we only got part of the way there in Vista and some folks think we accomplished the opposite," said a blog post attributed to Ben Fathi, Microsoft corporate vice president of development in the Windows Core Operating System Division.

5. Microsoft elaborates on Oslo : Microsoft shed some more light on its Oslo vision for model-based software development this week, detailing the "M" declarative modeling language and the Domain Specific Languages concept that are integral to the overall Oslo package. The company also offered reassurances to developers thattheir role is not being minimized by this raising of the level of abstraction.

6. Apple to hold special notebook event on Oct. 14 : Apple sent out an invitation to reporters to attend an event next Tuesday, saying that "the spotlight turns to notebooks." We assume this means that new Macbooks will be out in time for the all-important holiday shopping season.

7. For a promising IT career, go east, young techie : The IT job market had tightened up even before global financial turmoil gave us all a whack, but opportunities are more plentiful in China, India and Russia, according to analysis of growth trends. Working in such countries also can be good for the old resume. "IT is going global. The IT profession is going global. Developing product for markets all over the world is something you have to learn how to do. Overseas work is a huge enhancer for IT professionals," said Rob McGovern, CEO of JobFox, an international IT employment agency.

8. Mono 2.0 lets .Net apps run on Linux: Considered a major upgrade, the open-source Mono 2.0 runtime leverages Microsoft's .Net Framework 2.0 programming model, letting developers build desktop and server applications using Microsoft-based environments and deploy them across multiple platforms, including Windows, Linux, and Mac OSX. By bringing apps beyond Windows, Mono will help developers reach a larger audience.

9. 11 Microsoft security updates due next week : There will be no rest for weary systems administrators next week -- Microsoft expects to roll out 11 security updates, with four of them rated critical. The monthly patchathon will apply to bugs in Windows Active Directory, Internet Explorer, Excel and the Microsoft Host Integration Server. Besides the critical patches, six others will be rated important and one will be moderate.

10. NASA: Messenger sends back never-before-seen Mercury images : NASA's Messenger spacecraft transmitted images of Mercury to scientist this week, proving them with data about parts of that planet that have never been seen before. The Mariner 10 mission in the 1970s identified the Kuiper crater on Mercury, the planet nearest the sun, and an image of the crater was among the first to be relayed to NASA. Messenger took hundreds of photos of Mercury as it got within 125 miles (201 kilometers) of the planet's surface.

If you know one thing about Linux users, it's probably this: They enjoy the challenge of installing their operating system of choice on pretty much anything with a transistor in it. It's only a matter of time before they get around to replacing all those electronic singing greeting cards to make the sound of penguin mating calls.

So the news that Linux has been ported to the iPhone and the iPod touch shouldn't exactly come as a shock; please hold your cries of heresy until the end. OpeniBoot, which brings the Linux 2.6 kernel to the iPhone platform was developed by members of the iPhone DevTeam, the same folks who have long been working on cracking the iPhone's firmware every time a new version comes out.

[ Special report: IT's guide to the iPhone ]

The capabilities of OpeniBoot are still incredibly limited--at present, there's no support for writing to the flash memory, using the touch screen, wireless networking, the cell phone, sound, or the accelerometer. So if you thought that you'd be ending up with a fully operational Linux iPhone--or even a partially operational phone--I'm afraid you're going to be disappointed for now.

There's also some talk that this may pave the way for installing Google's Android OS on the iPhone, though as someone who's been using a G1 for a few days now, that seems like overhauling a Porsche to run like a Hyundai. But then again, there's always somebody who wants to prove that it's possible. So knock yourself out, guys.

Macworld is an InfoWorld affiliate

Consumer electronics giants Apple, Dell, Motorola, Microsoft, Nintendo, and Samsung have been slow to get serious about climate change, and are notably lagging behind, according to the latest edition of the Greenpeace Guide to Greener Electronics.

Many companies still show little engagement with the issue, which is a disappointment, according to Greenpeace International Climate & Energy campaigner Mel Francis.

[ For more on technology and the environment, see Ted Samson's Sustainable IT blog | Stay ahead of advances in technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

"They are basically lagging behind on what we need for a good climate package. They haven't demonstrated any real commitment to cutting their own CO2 emissions, or to lobbying politicians to get a good deal post-Kyoto," said Francis.

"They assume that growth in their business also must therefore mean growth in their CO2 emissions. At Greenpeace we think that's not necessarily true," said Francis.

Greenpeace would like to see a lot more action going forward. "We are simply asking them to become climate leaders. They need to put their words into action and follow through on the claims they're making," said Francis.

Still, there are a few exceptions: Fujitsu Siemens Computers, Philips and Sharp support the level of cuts in greenhouse gases that science requires, according to Greenpeace.

In its latest Guide to Greener Electronics, Greenpeace gives Philips marks for committing to making absolute reductions in its own greenhouse gas emissions from the product manufacture and supply chain, which HP has done as well.

Both Philips and HP have also committed to making cuts in greenhouse gas emissions from their own operations. Nokia has done the same, said Francis.

Its overall ranking -- which takes into account company policies on toxic chemicals, recycling and climate change -- is topped by Nokia (Greenpeace likes its take-back program and use of renewable energy), followed by Sony Ericsson and Toshiba.

Philips and HP are in the bottom half of the list: good energy policies aren't enough, and both companies must improve how they handle e-waste, said Greenpeace.

Motorola, Toshiba and Sharp made the biggest moves up the chart, while the companies falling down the ranking are the PC brands Acer, Dell, HP -- and Apple, although it still gets a thumbs-up for improving its score, by better reporting on the carbon footprint of its products.

Apple's new iPods are also are now free of both PVC and brominated flame retardants, according to Greenpeace.

In general, the PC manufacturers need to improve the handling of e-waste.

Dell and Acer also need to reduce their use of toxic chemicals, said Greenpeace. Dell loses points for withdrawing from its commitment to eliminate all PVC plastic and brominated flame retardants by the end of 2009.

The use of toxic chemicals has in the past been a focus area for Greenpeace, but here there has been some positive movement. Consumer electronics companies have been allies to Greenpeace as it has tried to reduce the use of toxic materials and get legislation passed, according to Francis.

Nintendo remains in last place in the ranking, although it is taking small steps to remove or monitor the presence of some potentially toxic additives in the plastics it uses, Greenpeace said.

JetBrains released TeamCity 4.0, a continuous integration server and distributed build management tool featuring enhanced build capabilities, this week.?

Version 4.0 offers build chains support for breaking down a single build procedure into several parts that can be run on different build agents using the same sets of sources.?

Other improvements in version 4.0 include the ability to redo a particular build from a particular control revision, known as a history build, and improved authentication mechanics.

With version 4.0, statistics are offered for an entire project. Extensibility is enabled via a Java API, the company said. A tests reordering capability determines which tests are likely to fail and performs those first during the next project build.

TeamCity 4.0 automates routines and streamlines the software development process. Team communication is improved, and teams can implement agile methodology, JetBrains said. The product integrates with multiple IDEs.

Eclipse integration is highlighted as is integration with ClearCase, with Eclipse backing bringing IntelliJ Idea IDE capabilities to Eclipse users.

"Since its creation, TeamCity has been a key element in our own development process," said JetBrains CEO Sergey Dmitriev, in a statement released by the company. "The production TeamCity server at JetBrains is currently having over 50 build configurations in a build grid with more than 50 build agents, with literally every project and every developer using it on a daily basis

Version 4.0 also has an improved search engine and user interface improvements, JetBrains said. TeamCity automates more than 600 Java code inspections.

TeamCity 4.0 is available free to individual developers and small-to-medium-size teams. The free edition is restricted to 20 build configurations and three build agents.

TV network CBS has become the latest big name to have it Web site used to host malware, a security company has reported.

It appears that Russian malware distributors were able to launch another iFrame attack on a subdomain of the cbs.com site so that it was serving remote malware to any visitors. A user's vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs," said Finjan CTO, Yuval Ben-Itzhak, who has devoted a fair amount of time in recent months to finding these hacks.

"Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," Ben-Itzak continued, taking a pop at the anti-virus products against which his company in part competes.

"It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he said.

Finjan has it had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being.

iFrame and SQL injection attacks on big-name Web sites have been one of the fashionable attacks of 2008, embarrassing a string of household names.

Techworld is an InfoWorld affiliate.

As President-elect Barack Obama prepares to take office, the task of upgrading the security of federal computer systems continues to be a work in progress.

Several cybersecurity initiatives launched during the Bush administration are still years away from being completed. Others are closer to completion but don't do enough by themselves to defend networks and systems against increasingly sophisticated attacks, according to IT security analysts.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

And, they said, resolving the security issues will require Obama to focus on more than just finishing the ongoing initiatives.

For starters, he needs to end the policy of tying federal cybersecurity efforts so closely to the post-9/11 war on terror, said Gartner analyst John Pescatore. "The terrorist attacks sent the Bush administration in the wrong direction" on cybersecurity, Pescatore said, adding that more immediate threats to federal systems have been overlooked.

Progress has been made, claimed Karen Evans, administrator of e-government and IT at the White House Office of Management and Budget (OMB). Evans said several security initiatives launched over the past few years are already making, or will soon make, a difference.

At the top of her list is a 2004 mandate by President Bush that required federal agencies to issue new smart-card identity credentials to all employees and contractors. But even that program hasn't been fully implemented. Agencies were supposed to finish issuing the new ID cards in late October, but most will need at least two more years to do so.

Other projects that Evans pointed to include a recent upgrade of federal networks to the more secure IPv6 protocol and the Trusted Internet Connections program, under which agencies are working to reduce their external network connections.

Evans also cited the Federal Desktop Core Configuration (FDCC) project, which is aimed at cutting costs and boosting security by requiring agencies to employ standard security settings on all Windows PCs.

Earlier this year, President Bush also put in motion a highly classified, multiagency program called the Cyber Initiative, with a goal of bolstering the nation's ability to detect and respond to cyberthreats against critical infrastructure targets.

Tom Kellerman, vice president of security awareness at Core Security Technologies in Boston, said the Cyber Initiative marked an "awakening" in Washington about the need for stronger cybersecurity efforts.

But Kellerman, who is a member of a commission that's developing cybersecurity recommendations for Obama, said much remains to be done. "The existing administration has only just begun to pay attention to cybersecurity" as a national security issue, he said.

Many of the ongoing initiatives are helping to improve security in bits and pieces, Pescatore said. But, he added, they were the result of "random edicts" from the OMB, not broad cybersecurity objectives.

Increasingly, new funding has been moving toward surveillance and monitoring initiatives related to fighting terrorism. While such efforts are needed, Pescatore said, they do little to protect federal agencies from cybercriminals.

Franklin Reeder, an independent consultant and former chief of information policy at the OMB, said the most important step for Obama is to use the government's purchasing clout to compel IT vendors to build more security capabilities into products. The FDCC program has shown that such an approach can be successful, Reeder said.

More spending is needed on security training, he added. He also thinks the feds must change how they work with the private sector on security. Existing programs, Reeder contended, "have just been convened by the government for the government."

This version of the story originally appeared in Computerworld's print edition. Computerworld is an InfoWorld affiliate.

Got something to add? Let us know in the article comments.