Intel opens up the Atom processor to TSMC

Intel on Monday announced a partnership that could provide access to the chip design of its low-cost Atom processor to Taiwan Semiconductor Manufacturing Co.

The partnership with TSMC could lead to customized chips that could provide Intel access to new markets it can't reach alone, said Sean Maloney, Intel executive vice president and chief sales and marketing officer, during a conference call with reporters.

TSMC will be able to provide its customers with details of Atom's design so that they can design chips based on the chip's core.

Atom chips currently go into low-cost laptops, also known as netbooks, and devices such as mobile Internet devices (MIDs) and smartphones. Future Atom chips will include more integrated PC capabilities, such as graphics and Internet connectivity, that could push the processor into embedded devices and consumer electronics.

To date, Intel has alone developed and sold its Atom processors for netbooks and MIDs. The company wants to maintain tight control over the types of products the derivative Atom chips will go inside, Maloney said. Intel will not be transferring Atom's manufacturing process technology to TSMC, so any chips that result from the deal will be manufactured by Intel.

"What we're doing here ... we will be picking the segments we go after," Maloney said.

The companies have collaborated for close to 20 years on products that include WiMax chips.

Intel officials shied away from answering questions on whether the TSMC deal would affect Atom's product road map or future smartphone chips like Moorestown. Details surrounding the deal are still being worked out, Intel officials said.

This agreement is similar to a strategy employed by Arm, which generates revenue by licensing smartphone and embedded chip designs to chip makers, said Jack Gold, principal analyst at J. Gold Associates. Arm has licensed its chip cores to companies such as Texas Instruments and Qualcomm, which provide chips for smartphones.

"This is a direct attack on competing processors, especially the Arm processor, which is trying to move upstream from phones and embedded gadgets, while Intel is trying to move downstream with Atom into this overlapping space. The battleground in the middle will be aggressive and potentially bloody, with huge potential returns," Gold wrote in a research note.

The partnership will help Intel add a revenue stream by licensing out its Atom core, and adds "massive market potential" through TSMC's customers, Gold wrote. TSMC has connections to many consumer and lower-end products like smartphones and embedded device markets, especially in Taiwan and Japan, Gold wrote.

The partnership is a win for both companies, said Rick Tsai, president and chief executive officer of TSMC, during the call. It is mutually beneficial as it will allow both companies to generate additional revenue and reach new markets, especially at a time when the semiconductor industry is struggling.

"People in our industry must work together ... so we can share the benefits," Tsai said.

Intel has taken a number of steps to develop integrated chips that could fit into new products like set-top boxes and TVs. Intel in February said it was prioritizing its move from the 45-nanometer process to the new 32-nanometer process technology, which should help the company produce faster and more integrated chips.

To that effect, the company said it would spend US$7 billion over the next two years to revamp manufacturing plants. It will also help Intel make more chips at lower costs and add efficiencies to the production process. Intel will begin producing chips with 32-nm circuitry starting in late 2009.

Read More

Salacious content driving the adoption of ebooks?

This week's ebook news continues with the announcement that Barnes & Noble has purchased ebook seller Fictionwise for $15.7 million in cash, plus undisclosed earn-out payments if the company meets certain objectives over the next two years.

Fictionwise, founded in 2000 by Steve and Scott Pendergrast, operates the eReader.com site as well as Fictionwise.com. Barnes & Noble says the founders will continue to operate the sites as a separate business unit within Barnes & Noble.

eReader.com sells books only for the eReader Pro software which is available for a wide range of mobile platforms (the notable exception being the Blackberry), as well Windows and OS X computers.

Fictionwise.com, on the other hand, covers a broad range of digital book formats, including audiobooks.

One of the challenges of selling ebooks (pre-Kindle) has been the plethora of formats available. Grabbing a random example off of Fictionwise.com, here's what we find under "available formats":

Available eBook Formats [MultiFormat]: Adobe Acrobat (PDF) [828 KB], eReader (PDB) [289 KB], Palm Doc (PDB) [284 KB], Rocket/REB1100 (RB) [252 KB], Microsoft Reader (LIT) [279 KB] - PocketPC 1.0+ Compatible, Franklin eBookMan (FUB) [280 KB], hiebook (KML) [659 KB], Sony Reader (LRF) [329 KB], iSilo (PDB) [235 KB], Mobipocket (PRC) [294 KB], Kindle Compatible (MOBI) [356 KB], OEBFF Format (IMP) [412 KB]

This strikes me as both a strength and a weakness of ebook sellers. If you've got any kind of device with a screen you can probably find an ebook reader that supports one of these formats. But as a new user hitting the site, the choices can seem overwhelming. Presumably this is the reason for the more focused eReader.com site: Step 1, download our reader software for your device. Step 2, Start buying books from us.

This is also why Amazon probably has the best shot of taking ebooks mainstream.

Barnes & Noble abandoned ebooks once, so why are they coming back to them now? Because the format is starting to take off. Why is that? What's popular on Fictionwise? Well, once again it seems like porn is blazing a path to a new media format. Of the top 10 bestsellers under the "Multiformat" category, nine are tagged "erotica" amd the last is "dark fantasy".

Hey, I'm not judging anyone (one of my dearest friends is an erotic romance author) and yes, I've used the most salacious Top 10 list on the site in my example, but this data backs up my anecdotal observations. People who read erotic romance and 'bodice rippers' love ebooks because of the privacy they offer, both during purchase and when reading.

One of my favorite geek thespians, Felicia Day, apparently agrees with me. Here're a few recent tweets from her:

My Dad got me a Kindle 2.0! Thx Dad! Buying all the trashy novels I'm too embarrassed to buy because of the cover art. Oiled up Chests FTW!

BTW third trashy paranormal romance book read on my Kindle. Just told someone I am reading Dickens, LOL!!! I love this!

Let's take that last one with a grain of salt, shall we? But I do honestly believe that the success of the ebook is being fueled by the romance and erotic romance market. My aforementioned author friend, Samantha Lucas, sells almost all of her novels in ebook format for publishers like Cobblestone Press and Siren Publishing (google Ms. Lucas or the publishers if interested; links not really appropriate for ITWorld!) and tells me the market is growing in leaps and bounds.

It'd be fascinating to learn what percentage of Kindle book sales fall into this category, and I'm looking forward to seeing how much of the more explicit Fictionwise content makes it onto the Barnes & Noble site.

I've danced around this point but let me just say it: most of these erotic romance books are purchased by women (presumably) while most of the visual pornagraphy that drove the success of the VHS and arguably video on the web was consumed by men (again, presumably).

Separate but equal, indeed.

Read More

Myths, gods, and titanic disasters: How servers really get their names

Last month we looked into the practice of naming servers, half expecting to discover it was a quirky, geeky thing to do -- and nothing more. To our surprise, readers flooded the story with comments, chiming in about their own naming schemes -- what worked, what didn't, and flashes of brilliance. Let's just say that server naming is a surprisingly complex undertaking. Here's what we learned.

What's in a name?

The practice of naming servers and other machines was born of the basic need to distinguish among machines. In fact, as one reader reminds us, this was a convention in factories long 'before computers ever existed. It helped people working on the machines distinguish which one they were talking about when they had dozens or hundreds of the same machine on the factory floor.'

Photo by Lamerie

And, let's face it, naming things is just part of being human. "Anthropomorphizing gear is a very nice way of making sure that people remember what it does and kind of care for it," says Retep Vosnul. "Picking a suitable name [for] a server is very satisfying as well. For example, a server that needs to have very high service uptime, you might want to give a name that reflects that.... I used Belgarath (7000 year old wizard) and other characters from the Eddings novels and I used to use A'tuin and other Discworld persona for other networks. My former employer did not want names for some reason and I never felt at home in that datacenter, it lacked something."

Courting disaster

If uptime is important to you, why tempt fate?

Consider the case of one reader who named a Windows NT domain "Hades" in an attempt to be "ironic and edgy." Should it really have come as any surprise when 4 computers on that network died in 2 months time?

Photo by cliff1066

Or what about the government agency that named all their servers after disasters? With a main server called Hindenberg (as it used to go down so often), why would you take the chance of backing it up with a server called Titanic?

And then there's the "meaningful" naming convention gone awry: "When told to move to a global standard," a reader writes, "we were told to name Norway's mail server to NOMAIL (at the mail server level), and Canada's physical server name to CANTMAIL (NT was to signify the OS)."

Now that is courting disaster.

Up to the job

Photo by <>

You might think it would be too literal-minded to name a machine after its function but there's something downright elegant about printers named after writers or a plotter named "Moriarty" after the Mr. Moriarty who continually 'plotted' against Sherlock Holmes.

Mail servers, in particular, seem to make good targets for job-based names. MikeH names his servers after constellations, with the mail server being Pegasus, of course. Jim Haynes "always wanted to have a mail server named Norman Mailer." And one reader named his outgoing SMTP server "Newman" from the Seinfield television series. "When it relays to other servers it sends the command 'HELO newman'."

Glenn continued this theme, naming his mail server Hermes, his domain controllers Zeus and Hera, and a tech playground Eris (the goddess of discord). At home his machines are: Tyr (the war driving laptop), Castor and Pollux (a dual boot machine) and Athena (the server).

One if by land...

The natural world is a, er, natural place to look for server naming schemes. One anonymous reader writes that in his Colorado-based company, "the servers are all named after the various 14ers (mountains > 14k feet). This was started by an admin a few years back who set up most of the servers and whose father was in the process of hiking all of the mountains. Between Elbert, Massive, Challenger, Pyramid, Blanca, Crestone, and the rest of the gang, it's a bit of a hike (mentally) to keep them all straight. But darn if I don't hate Quandary some days."

Photo by Dan Hershman

But if it's an ecosystem you're looking for, you might turn to the sea. "All of the groups of systems I've been responsible for over the years had something of an 'ecosystem'," writes one reader. "The best one was based on the notion that test servers would be slower and less functional than production servers. The overarching theme was undersea creatures, production systems getting names like barracuda and test systems getting names like sponge, coral and my favorite, nudibranch. It just so happens that nudibranch became the overall test server for orgs far and wide and I was questioned about the tastefulness of the name more than once. No one ever forgot the name though."

"In our company," writes another reader, "we named servers after fish. steelhead, sturgeon, walleye, king. But the best was 'crappy'. None of our customers wanted to be on crappy."

An eye on the sky

"Most of my machine names come from stars," says egon. "The hardest part is picking a name that short and easy to spell. Some over the years... Nova, Aurora, Polaris, Celaeno, and Orion. All my firewalls have been named Turais, it means 'little shield'. The best machine name was my P6 FreeBSD server. It was held together with duct tape, had sharp edges, was black and safety orange. Hazard."

Photo by provos@monkey

Another reader writes that his company quickly ran through the planets and their moons and "began using, in order, the standard list of (thousands of) smaller asteroids, in order of discovery. The christening of a new server involved learning about the new mythological character, and always helped me keep them straight.... All my workstations are, therefore named after astronomers, since they watch the skies."

And this word of warning from Jeff, who chimed in about a place he worked where the "servers were named after the planets - Mercury, Venus, Earth, Mars, etc. Which was all well and fine, until in a meeting someone stood up and admitted we were 'pulling financial data out of Uranus."

LoTR

Photo by Ryan McD

What article about server naming would be complete without a nod to Lord of the Rings? There are plenty of names to go around and the roles carry particular meaning. One reader, for example, named his "various development boxes after Tolkien names in Middle Earth. Of course, the Linux boxes get names like 'bree' or 'bagend', while the Windows boxes get names like 'mirkwood' or 'doom'. For some reason, I've named laptops after characters like 'gandalf' or 'sam'. [The] best part was when my central server was named 'rivendell'."

"For our research," writes a grad student, "we got many laptops, and I was the first one to pick the names. First we got three, so I named them after the three elven rings from lord of the rings: Narya, Nenya and Vilya. Later my advisor ordered a fourth one, that happened to have slightly better specifications. I thought it would be just perfect to name that 'theOne,' and my advisor being a team player agreed, funny enough he ended up taking over the computer, and we didn't see it for more than a year and a half... and then one day ... it resurfaced, I thought that was very funny, just like the real one ring."

Too clever for their own good

"At U.C. Santa Cruz," writes Jim Haynes, "the acronym for the computing organization was CATS, so the machines were named for famous cats. Except the file servers for the Athena system were named with Greek puns, like Ailurophile (cat lover), Dendrophile (tree lover), etc. At U.C. Berkeley they have a thing of naming things as puns on celebrities. Thus the shuttle that runs between the campus and the BART station is Humphrey Go-Bart. Their first VAX machine was named Ernie Co-Vax."

Photo by Elaine Vigneault

Another reader writes that in a previous job, they "named all the servers after computer scientists:

Fileserver: Bernoulli
Auto-build machine: Babbage
Firewall: Schneier
CVS server: Ritchie
Router: Metcalfe

One day he had to explain the naming convention to Mr. Metcalfe when he responded to a thread on a forum board about an issue we were having."

Rules for success

Like so many things in life, you know a good naming scheme when you see it, but there are a few things you may want to consider:

• Choose a theme that provides enough names that you won't run out. "All of the machines on my home network (laptops, printers, desktops, routers, cell phones, iPods, portable hard disks, Wii, PS3, etc.) are named after Peanuts characters," says Kwami. "It all started 5 years ago with my laptop named Snoopy, and it's gone on since then. Unfortunately, I'm running out of names!"
• Steer clear of "meaningful" names: they're boring and they're not at all as meaningful as they seem. One anonymous reader writes that in his company, there is one server "whose name has not changed in the last ten years - even as we have rebuilt its functions onto different hardware, the name keeps being returned to SERVER. Yup, that's right - a file server named Server. This name was chosen by the same person who decided naming our printers after presidents was too confusing and insisted we give them location names instead - like 5Counter (a printer on a countertop on the 5th floor) and 4Cabinet (a printer on a cabinet on the 4th floor)."
• Spelling matters. Choose names that are too long or complicated and users will get confused and make mistakes. One anonymous reader named servers after characters from Greek, Roman and Egyptian Mythology, each covering a separate operating district. Unfortunately, the naming scheme wasn't in operation a month before he was asked to change it. It seems people couldn't remember how to spell Clytemnestra, Agamemnon, Ashtoreth, Aesculapius, etc.
• Don't choose something too dear to your heart. One reader writes that he named machines after classical composers but drew the line at Wagner because he didn't want to subject it to the mangled mispronunciation that befell Haydn, Bizen, and Grieg.
• Go with what you know. A reader writes that he "decided a while ago to go with a Greek Mythology theme for my boxes. About a year ago, my mother's laptop started having problems with both the battery and the power adapter. She gave it to me, and I named it Oedipus, because I recognized it as a Greek name, but couldn't bring to mind the story. I recently looked it up, and I feel cold inside."
• Still unsure where to start? Read these "official" rules for computer naming

Read More

Judge kicks notorious spammer off Facebook

A federal judge in San Jose, California, has ordered convicted spammer Sanford Wallace to stay away from Facebook.

Facebook sued Wallace and two other men last week in an effort to cut down on spam and phishing schemes on the social-networking site. On Monday, Judge Jeremy Fogel of the U.S. District Court for the Northern District of California issued a temporary restraining order barring Wallace and two other alleged spammers, Adam Arzoomanian and Scott Shaw, from accessing Facebook's network.

Wallace was served with notice of the lawsuit on Monday in Las Vegas, said Sam O’Rourke, senior litigation counsel with Facebook. "Basically, he's not allowed to have any contact with our site or our physical location," he said. "Should Mr. Wallace choose to continue to spam us we can actually go out and have a bench warrant and try to have him arrested, so we think it's a pretty significant ruling."

In court filings, Facebook argues that these men gained access to legitimate Facebook accounts and then used them to spam the profile pages of the account holders' friends. Facebook allows users to post messages on the "Wall" of the profile pages of their friends.
·
The Facebook spam messages served two functions -- they enticed users into visiting phishing Web sites where they could be tricked up into giving up their Facebook login credentials; they routed victims to commercial Web sites that paid the spammers for the traffic, Facebook said.

Wallace would entice users with typo-filled messages that had subjects such as "has anyone emailed youu to let you know your defauult image is diisplayed on dynafaces.com," or "I'm not sure if you know but your pix are all over bakescream ^dot^ com->you gotta see it," Facebook said.

Sometimes Wallace would get users to register on these sites and then try to log into Facebook with the same usernames and passwords, hoping the victims used the same credentials for both sites.

News of the lawsuit was first reported Friday by Inside Facebook, a Web site for Facebook developers.

Wallace is one of the country's most notorious spammers, with a career that dates back to the 1990s. Last May a federal judge found him and a partner guilty under the CAN-SPAM act and ordered them to pay US$230 million for phishing and spamming MySpace users with links to gambling, ringtone and pornography Web sites.

Spammers and phishers have been hitting Facebook particularly hard over the past year and a half, said Dave Jevans, chairman of the Anti-Phishing Working Group. Because Facebook spam often looks like it comes from a friend it can be very effective. And because it's Web-based, it skirts traditional e-mail spam filtering tools, Jevans said.

"Some of the bigger guys can get a million people a day to look at their stuff," he said. "It's occasional, but you'll see it."

Spam is just one of several ills plaguing the social network. Over the past few days, Facebook users have also been hit with a new variant of the Koobface worm, which tries to trick victims into installing malicious software onto their PCs. Also, fake applications that send out messages such as "F a c e b o o k - closing down!!!" or "Error Check System" to try to trick victims into sending the messages to their friends have also been circulating around the social network.

Late last year, the judge in the Wallace case awarded Facebook a record US$873 million in damages after Facebook accused other spammers of using stolen logins to pump out more than 4 million spam messages. Facebook says that it doesn't expect the spammers in that case to pay up, but the company hopes that it may serve as a deterrent.

Jevans agreed that lawsuits probably won't stop the big-time Facebook spammers, but he said they could deter the little guys.

Despite criminals best efforts, spam has not become a major problem on the social network O’Rourke said. "I think we're being targeted just because we have 175 million users now. No self-respecting spammer can not pay attention to that."

Read More

Gmail outage caused by rogue code

New code triggered a failure during routine maintenance of Google's European data centers, which led to a two hour shutdown of its Gmail system around the world last week.

The outage was an "unforeseen side-effect of some new code that tries to keep data geographically close to its owner," Acacio Cruz, Google's Gmail site reliability manager, wrote in a Google blog post.

The rogue software caused a datacentre in Europe to become overloaded, which caused cascading problems from one datacentre to another.

"It took us about an hour to get it all back under control," wrote Cruz.

Users around the world could either not get access to their inboxes or had to wait a minute or more for them to open during the two-hour outage last Tuesday.

Google has had trouble with Gmail before, and users have voiced concerns over the reliability of the service. In the past six months, Gmail has suffered some form of downtime on five separate occasions. In the month of August alone, Gmail had three significant outages that affected not only individual consumers of the free web mail service but also companies and organisations paying for Apps Premier, the company's hosted suite of collaboration, messaging and office productivity services.

According to Google, the bugs have been found and fixed.

Cruz wrote: "We know how painful an outage like this is - we run Google on Gmail, so outages like this affect us the same way they affect you."

Read More

Windows 7: The Six Versions Explained

Despite pleas from users to stop the confusion and craft one version of Windows 7, Microsoft is continuing down the path it followed with XP and Vista releasing multiple versions or SKUs (stock-keeping units) of Windows 7.

Six Windows 7 versions, to be precise. But most users only need to decide between two versions. Microsoft has said that 80 percent of users will be deploying Windows 7 Home Premium (consumers) or Windows 7 Professional (small businesses, remote workers). This is where Microsoft will put most of its marketing muscle.

"We have over 1 billion customers. It's hard to satisfy all of them [with a single version]," Windows General Manager Mike Ybarra has said. "There are vocal customers who want every feature, and more regular consumers who say 'I want a version that can grow with me.'"

Yet some analysts are accusing Microsoft of manipulating customers and padding profit margins with the high number of versions and bloggers are emphasizing that three versions are enough.

Here's a look at the features of each of the six Windows flavors and who might want them. Microsoft has not yet announced pricing for Windows 7.

Windows 7 Starter

This is the bare-bones, 32-bit only version of Windows 7 intended for users in developing countries, to serve the most basic computing needs.

Starter is designed for lightweight, portable netbooks, though Microsoft claims any of its versions will be able to run on netbooks.

Windows Starter 7 will not have the Aero Glass graphical user interface that is included in all other versions of Windows 7 (except Windows 7 Home Basic) and can only run three applications at a time. It will include the revamped taskbar and jump lists, Windows Media Player, the file-sharing feature Home Group (you can participate in a Home Group but cannot create one) and other basic features such as Action Center and Backup and Restore.

Starter will not be available in retail stores, and will only be offered pre-installed on new PCs by Microsoft OEMs.

Windows 7 Home Basic

Home Basic sits somewhere between Starter and Home Premium. It has all the features of Windows 7 Starter and will also only be available through OEM partners in developing countries. Also like Starter, it will not include the Aero Glass GUI.

Some of the features Home Basic has over Starter: the ability to run more than three applications at once; a 64-bit version; thumbnail previews from the taskbar; and Mobility Center, which allows you to manage the various networks that you connect to with your laptop.

Based on what Microsoft has announced about Home Basic (which is not very much), it shares the same features as Windows 7 Home Premium except there are no Aero Glass GUI features and other UI tweaks such as Aero Snap, Aero Peek

and multi-touch. This version will not will not legally be available for sale in the United States.

Windows 7 Home Premium

Windows 7 Home Premium has all the features of Starter and Home Basic and then some. This is the mainstream retail version that nearly all consumers will be using. Windows 7 Home Premium will be available worldwide to Microsoft OEMs and sold in retail stores loaded on new PCs.

A step up from Windows Home Basic, Home Premium includes the Aero Glass GUI and new Windows navigation features such as Aero Glass, Aero Background, Windows Touch, Home Group creation, Media Center, DVD playback and creation, premium games and Mobility Center.

Windows 7 Professional

Also available worldwide, to OEMs and in retail, Windows 7 Professional has the features of Home Premium, but with added networking and data protection features for small businesses and those who frequently work at home.

Microsoft may have a hard time convincing customers that Home Premium isn't good enough for a small business - considering it is bound to be less expensive than Professional - but if it succeeds it will be by marketing Professional features such as Domain Join to connect to business networks, Encrypting File System for data protection and Location Aware Printing to better connect to printers at work and home.

Windows 7 Professional will not include the more buzzed-about business features such as DirectAccess and BranchCache. They show up in the next version up the food chain, Windows 7 Enterprise.

Windows 7 Enterprise

Windows 7 Enterprise is only available to businesses through volume licensing. It includes all the features of Windows 7 Professional plus more security and networking features.

Businesses covered by Microsoft's Software Assurance will get Windows 7 Enterprise at no additional charge. Features that differentiate Enterprise from Professional are: BitLocker (encrypts data on internal and external drives); DirectAccess (connectivity to a corporate network without VPN); AppLocker (prevents unauthorized software from running); and BranchCache (speeds up the accessing of large remote files at branch offices).

Windows 7 Enterprise is designed for the corporate world and will only be used by large businesses. It will not be available at retail or by OEMs for pre-installation on a new PC.

Windows 7 Ultimate

Ultimate, the supersize version of Windows, includes all the features of all the other versions. Think of it as Windows 7 Enterprise for consumers.

Ultimate will be the most expensive version, so it's doubtful that many people will use it other than the occasional super-user who wants every possible feature. Microsoft is not likely to heavily promote Windows 7 Ultimate. Most regular users do not need all the security and networking features and there doesn't appear to be much in Ultimate for businesses that isn't already in Windows 7 Enterprise.

Microsoft has said that OEMs will be able to pre-install Windows 7 Ultimate on new machines and that there will be limited availability in retail.

Read More

Five Facebook Scams: Protect Your Profile

Beny Rubinstein knows computer security. An employee of a Seattle-area tech giant with 20 years of IT experience under his belt, Rubinstein has seen a side of the industry that most people will never know. He holds a degree in computer engineering, and--oh yeah--he just got scammed out of $1100 on Facebook.

Rubinstein's experience isn't entirely uncommon. (We'll get to the specifics in a moment.) What's striking about his story, though, is that it demonstrates how easily anyone--even a highly trained expert in computer security--can be ensnared by a seemingly simple social network scam. And all kinds of these scams are on the loose.

More than 20,000 pieces of malware attacked social networks in 2008 alone, estimates the online-security firm Kaspersky Lab. That's no surprise, either: While e-mail is still the most spam-filled medium, researchers suspect that social network cybercrime is growing at a far faster rate.

"People are used to receiving spam and malicious messages in their e-mail, but it is much less common on Facebook," says Graham Cluley, a senior technology consultant with Sophos. "They are lulled into a false sense of security and act unsafely as a result."

You can avoid becoming one of the many who make that mistake. We've dug up the dirt on five scams currently posing a threat on Facebook. We turned to analysts who study them as well as to users who have fallen for them, all to help spread the word about how these things work and how you can best dodge them. (Facebook representatives did not respond to our request for comment.)

Knowledge is the greatest weapon against becoming a victim. Read on, and arm yourself well.

Scam #1: The Nigerian 419

The Scam: It may sound like a hip new emo band (or a somewhat old e-mail scam), but the Nigerian 419 will do more than just offend your ears--it'll also empty your wallet. The moniker refers to a scam dating back decades that has recently entered the social network scene.

Back to Beny Rubinstein. A couple of months ago, Rubinstein received some alarming Facebook messages from a friend and fellow tech professional.

"[He said] he was in the UK and was robbed, and needed $600 to fly back to Seattle," Rubinstein recalls.

The messages came both in Facebook-based IMs and in e-mail. They included details such as family members' names, making the notes appear all the more authentic. It wasn't until 2 hours and $1100 later that Rubinstein realized what had happened: Someone had hijacked his buddy's account, contacted his friends, and--at their expense--made off like a bandit.

"Scammers figured out that even though social networks don't have direct access to money, they have access to information that gives you a good shot at getting someone else's money," says Vicente Silveira, a product management director at VeriSign and a personal friend of Rubinstein's.

you send cash to a pal who seems to be in trouble, try to contact him or her outside of the social network--either by phone or by external e-mail. Not feasible? Ask an extremely personal question that a hacker couldn't possibly figure out from information within the profile. We'll leave the specifics up to you.

Next: Be Wary of Widgets, The Koobface Virus, Facebook Phishing

Scam #2: The Widget Warrior

The Scam: Facebook is famous for its widgets--you know, the third-party applications that you can add onto your account. Sometimes, though, widgets turn into warriors with a single mission: stealing your data.

The first rogue widget reared its head in 2008, when researchers realized that a program called Secret Crush had anything but sweet intentions. The application, which was supposed to help you find your virtual admirers, instead installed spyware onto your computer. Even worse, it encouraged you to spread the love by getting other friends on-board--essentially "manipulating humans to pass it along on their own," says Guillaume Lovet, senior manager of Fortinet's Threat Response Team.

Secret Crush has since been crippled, but the potential for similar threats still exists. Just days ago, security experts determined that an application called Error Check System was misusing profile details and possibly stealing personal information. A few months earlier, researchers from Greece's Institute of Computer Science uploaded a malicious app to Facebook as an experiment (PDF). The team was able to configure the widget, which posed as a "Photo of the Day" displayer, to utilize its users' Internet connections for denial-of-service attacks.

The Protection: Use extra caution when installing third-party applications. "When you accept to install one, malicious or not, you are granting its author access to all the info in your profile," Lovet says. Make sure you know what the app's creator will do with it.

Scam #3: The Koobface Virus

The Scam: Don't be fooled by the name--there's little to laugh about when it comes to the quickly spreading Koobface virus. (The word, by the way, is an anagram of "Facebook.") Once the virus infects your PC, it starts sending messages or wall postings to your Facebook friends, directing them to a "hilarious video" or some "scandalous photos" of someone you both know.

"The link promises an enticing video, but when the user clicks, he is presented with a Web page with a fake Adobe Flash update or a fake codec that needs to be downloaded," explains Ryan Naraine, a security evangelist with Kaspersky Lab. "That download is malware."

The Protection: Antivirus software can help keep you safe, but some common sense can also go a long way. "Be wary of any kind of direct URL in messages or postings," advises Jamz Yaneza, a threat research manager with Trend Micro. If a site asks you to download a software update, Yaneza says, click Cancel and go directly to the vendor's page to see if the update is legit.

Scam #4: The Phishing Pond

The Scam: Phishing, a favorite hacker tactic, has found new life at social networking sites. Scammers trick users into following links that open official-looking Facebook log-in prompts. If you enter your user name and password, the information is logged--and your account is theirs.

Brandon Donaldson, a pastor at the Lifechurch.tv Internet Campus, fell for the scam. Someone gained control of his Facebook account and started sending messages to his friends and followers, trying to persuade them to follow the same links and unwittingly give up their accounts, too.

"This was a pretty bad ordeal, since I regularly put video content up on the Web, and I use the Internet as a tool for many relationships," Donaldson says. "You build a certain social trust in these spaces, and you want to keep that trust without these kinds of incidents."

The Protection: The previous plan also applies here: Watch where you click. Plus, if you're ever asked for your password midsession, don't enter it. Manually navigate back to the Facebook.com home page instead, and then log in there if need be.

Next: Fake Facebook Communities, Web of Trust

Scam #5: The Contrived Community

The Scam: Community enthusiasts, be cautioned: Facebook user groups can sometimes be cleverly disguised vehicles for marketing. And--whether you realize it or not--when you click the join link, you're effectively opting in.

Brad J. Ward was one of the first users to find such a scheme in action. Ward, then a member of Butler University's admissions department, discovered a Facebook group called "Butler Class of 2013." The only problem: The people behind it had nothing to do with Butler. After posting about the issue on his blog SquaredPeg.com, Ward soon learned that the names of nearly 400 other schools appeared in similarly suspicious groups, all created by the same small set of people.

"My initial reaction was that some company or person was essentially setting themselves up to be the administrator for hundreds of groups, which provides the opportunity to send out mass messages or to collect data," Ward says.

His instinct was right: The publisher of a college guidebook had set up the groups, seemingly with the goal of building a mass mailing list for marketing its products, Ward discovered.

"Was any of it illegal? Not necessarily," Ward points out. "But was it unethical, and could it be misconstrued as an official university presence? Yes."

Once exposed, the publishing company College Prowler admitted its involvement and agreed to back out of the groups. Still, that's only one company. More than likely, countless others haven't been detected, and are actively using groups to gain the trust (and information) of unsuspecting users.

The Protection: Be very selective in deciding what groups you join. If you aren't sure who runs a given Facebook community, or whether it's officially linked to the organization that it claims to be, don't accept the request. Your privacy is worth more than any membership.

The Web of Trust

In the end, staying safe comes down to maintaining control of your information and carefully selecting with whom you share it--because you never truly know who's on the other end of electronic communication. This past month, for example, a high school student was charged with 12 felonies after investigators say he posed as a girl on Facebook and tricked male classmates into sending him nude photos.

"An online version of the 'web of trust' is formed among users," notes Trend Micro's Jamz Yaneza. "Although this does work in the noncyberspace environment, the platform ... is really different when someone else is in charge of your medium."

It's easy to feel invulnerable while reading about such scams. The second you let your guard down, though, it's even easier to become the next victim. Just ask people who know Beny Rubinstein, the IT pro who lost more than a grand to a Facebook scammer.

"Worse than losing the money, he realized how exposed you are in a social network," says Vicente Silveira, Rubinstein's friend. "We're exposing things now that are in many ways a lot more valuable than money."

Read More

Visa: New payment-processor data breach not so new after all

Days after Visa Inc. seemingly confirmed that a data breach had taken place at a third payment processor , following on the recent breach disclosures by Heartland Payment Systems Inc. and RBS WorldPay Inc., the credit card company now is saying that there was no new security incident after all.

In actuality, Visa said in a statement issued Friday, alerts that it sent recently to banks and credit unions warning them about a compromise at a payment processor were related to the ongoing investigation of a previously known breach. However, Visa still didn't disclose the identity of the breached company, nor say why it is continuing to keep the name under wraps.

Visa said that it had sent lists of credit and debit card numbers found to have been compromised as part of the investigation to financial institutions "so they can take steps to protect consumers." It added that it currently "is risk-scoring all transactions in real-time, helping card issuers better distinguish fraudulent transactions from legitimate ones."

Visa's latest statement follows ones issued by both it and MasterCard International Inc. earlier this week in response to questions about breach notices that had been posted by several credit unions and banking associations. The notices made it clear that they weren't referring to the system intrusion disclosed by Heartland on Jan. 20 and suggested that a new breach had occurred.

Visa's initial statement, and the one from MasterCard, were both carefully worded; neither said specifically that the breach being referred to was a new one, but they also didn't say that it was a previously disclosed incident. Visa said it was "aware that a processor has experienced a compromise of payment card account information from its systems," while MasterCard said it had notified card issuers of a "potential security breach" affecting a payment processor in the U.S.

MasterCard officials didn't respond Friday to requests seeking clarification on whether its statement referred to a previous breach or a new one.

Benson Bolling, vice president of lending at the Alabama Credit Union in Tuscaloosa, said Friday that officials there had understood the breach to be a new one based on the alerts sent out by Visa - but couldn't say that for sure. According to Bolling, the credit union, which posted an advisory on Feb. 17 and updated it two days later, was informed by Visa of a "big breach" shortly after getting the word about the intrusion at Heartland.

The identifying number that was used in the so-called Compromised Account Management System alert issued by Visa appeared to suggest a new breach, because it was different from those used in previous CAMS notices, Bolling said. It was his understanding, he added, that CAMS alerts related to a previous breach would use the same identifier as the original notifications.

Almost 50% of the credit and debit cards issued by the ACU have been affected between the Heartland breach and the compromises detailed by Visa in the latest CAMS alert, Bolling said, without disclosing the number of compromised cards.

The Pennsylvania Credit Union Association also issued an advisory, dated Feb. 13, in which it described the recent alerts from Visa and MasterCard as being related to a new breach. "As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor," the PCUA said. The advisory appears to have since been removed from the association's Web site, but a cached version can be found via the Google search engine.

An advisory posted by the Tuscaloosa VA Federal Credit Union in Alabama also indicated that "another" payment processor had been breached and said that the compromise involved so-called card-not-present transactions, such as those made online or via the phone. Tuscaloosa VA noted that the "window of exposure" provided by both Visa and MasterCard was from February 2008 to this January. And like the PCUA, the credit union said that because the affected payment processor had yet to publicly announce the breach, Visa and MasterCard were unable to identify it.

Heartland has yet to disclose the scope of the breach in its systems, saying that it still doesn't know how many card numbers were compromised. The company, which processes more than 100 million transactions per month, also has yet to specify when exactly the system intrusion took place, beyond saying that malware was operational on its systems "during part of 2008."

RBS WorldPay, the Atlanta-based payment processing division of The Royal Bank of Scotland Group, disclosed Dec. 23 that its systems had been breached by unknown intruders, resulting in the compromise of personal information belonging to about 1.5 million owners of prepaid payroll and gift cards (download PDF). The compromised information included the Social Security numbers of 1.1 million people, according to the company, which said it had discovered the breach in early November.

Read More

Roku & Amazon: Cloud vs Hard Drive

I've owned a Roku video player for almost a year now, and I'm not ashamed to admit that I'm a fan. In case you aren't familiar with the Roku, it's a $99 device that initially was for streaming Netflix's "Watch Now" content to a television. The device is compact and works like a charm, and back when I bought it, it was the only out-of-the-box option for getting a Netflix stream direct to your TV.

Of course since that time, the XBox 360 has added Netflix support, as have a number of Blu-ray players, and this spring, you'll even be able to buy a TV with Netflix streaming built in. (There are plenty of companies betting that Netflix isn't going anywhere!) Roku wasn't sitting still during all this, though. They've promised to add new sources of content to their box, and this morning the first of those promises came true: you can now stream Amazon's Video on Demand service to the Roku.

As I was surfing around reading about this announcement, I read a comment that got me thinking. Amazon allows renting or purchasing content, but the Roku has no hard drive. This commenter — and I honestly can't remember where I read this; it may have been on Twitter (where else?) — questioned why anyone would buy content if it was going to remain "in the cloud." If you watch Amazon's Video on Demand on a TV or a Tivo, you can download purchased content and keep it locally. Obviously this isn't an option on the Roku.

I don't think I really care all that much if my content is in the cloud, to be honest. Ideally, I'd still like a store-bought hard copy with a spiffy case and all that. I like to browse our shelves of movie boxes looking for a DVD or Blu-ray to watch, but if I'm not going to own the physical media, I don't really care where my digital version "lives."

I can see where people who travel a lot would want to download a copy to keep on their laptop for watching on the go, but they can still do that. The only drawback I can see with the Roku is, what happens if your internet goes out? And that's a valid concern, but I'm blessed with a very reliable net connection (knock on wood). My counter argument is this: if you're downloading your content, what happens when your hard drive fails? Sure, you can burn a DVD copy or something, but then you're back to having physical media.

I think I'm very content letting Amazon store my digital copies of any Amazon Video On Demand content I might purchase. That feels easy to me. Let them worry about backups and storage space and all that. (The big caveat here is all the noise we're hearing about ISPs putting bandwidth caps in place. That could rain on everyone's parade.) I love that the Roku is silent and small with no moving parts. I just want to turn on my TV and let the Roku stream my content to me.

What do you think? Am I on the right track, or am I just making excuses for my treasured Roku box? Would you purchase content that was going to remain in the cloud?

Read More

Google blocks paid apps for unlocked G1 users

People who bought an unlocked version of the Android G1 phone are no longer allowed to download new paid applications from the Market, after a change Google made late last week.

Google is prohibiting users of the unlocked phones from viewing copy-protected applications, including those that cost to download.

The Developer version of the G1 comes unlocked to any particular mobile operator and is priced at US$400. Anyone who joins the Android developer program for $25 can buy the phone.

Last week, Google employees began replying to questions people posted on the Android Market Help Web site about being unable to see copy protected applications in the store. "If you're using an unlocked, developer phone, you'll be unable to view any copy-protected application," wrote Google employee Ash on the help site in reply to a user's question on Friday. "This is a change that was made recently."

While Google offered only slim details about why it made the change, it could be an attempt to close a loophole that reportedly allows users of the unlocked phone to download paid applications for free. "The Developer version of the G1 is designed to give developers complete flexibility," Google said in a statement. "These phones give developers of handset software full permissions to all aspects of the device... We aren't distributing copy protected applications to these phones in order to minimize unauthorized copy of the applications."

A couple of developers have theories about the issue behind the move. Tim at the Strazzere.com blog discovered that protected applications are automatically downloaded into a private folder on Android phones. Most phone users can't access that file but users of the Developer phone can.

That means a Developer phone user could buy an application, copy it from the private folder, return the application for a refund and then re-download the application to the phone, the developers say. The Android Market allows anyone to return an application within 24 hours.

The Phandroid blog and a few developers commenting on the blog said they were able to download and copy-protected applications. Some developers are surprised that assigning the application to a specific folder is the only copy protection given to applications.

It's unclear how many people have the unlocked version of the phone. But some vocal developers are very annoyed that they paid $400 for the phone and aren't allowed to access all of the apps in the store.

One, who goes by the name bakgwailo, is proposing a "developer revolt," where all developers pull their applications from the store. "It would be the only way to show Google that this is NOT acceptable, and that devs are not second (third?) class citizens on the Market," he wrote. "I do not know about you, but I am beyond angry that I can not even see my own paid app on the Market with my 400 dollar dev phone!"

"This is a big problem for everyone who has a Dev phone," one developer using the name oscillik wrote. "Assuming that we're pirates is very offensive."

Read More

App Store grows, but apps are seldom used

At least that's the conclusion from data collected by Pinch Media, a company that helps developers track the use of their iPhone applications.

Pinch found that of the users who download free applications from the App Store, only 20 percent use the app the next day, and far fewer do as the days pass. For paid applications, the return rate is only slightly better: 30 percent of people use the application the day after they buy it. The drop-off rate for paid applications is about as steep as for free applications after the first day.

Generally, 1 percent of users who download an application turn into long-term users of it, Pinch found. Pinch has noticed some differences based on the kind of application. For example, sports applications get more use than others in the short term, while entertainment applications tend to keep users for longer than others.

Pinch has discovered, or at least confirmed, some other interesting usage trends as well. Developers have a far greater success rate once they rise to the top of the store, which Apple ranks based on popularity. Once applications hit the top 100, the number of daily new users increases by 2.3 times, Pinch said.

Also, free applications tend to get more use than those that cost. Users run free applications, on average, 6.6 times as often as paid applications, Pinch said.

The findings might surprise and disappoint developers, many of whom regard the iPhone's application ecosystem as the first real opportunity to build a business around wireless applications. Prior to the launch of the easy-to-use App Store, few phone users ever downloaded new applications to their phones. That meant that the best way for developers to offer their applications was to convince operators to preload the applications on phones -- an expensive, time-consuming and challenging proposition.

Pinch Media collected data from "a few hundred" applications in the App Store that use its hosted analytics product. Applications that use the analytics offering include those that have been the number-one paid and free applications available in the store, Pinch said. The store currently has more than 15,000 applications, and users have downloaded applications more than 500 million times.

The data from Pinch might be valuable for developers who are also considering building applications for other stores that have been planned following the success of the App Store. Stores for Android, Windows Mobile, BlackBerry and Palm Pre applications have either been announced or are already open.

Read More

Would a server by any other name be as functional?

When I graduated from college, my parents bought me a new computer as a graduation gift (a Power Computing Mac clone, if you remember that odd little interlude in Apple's history). It was an order of magnitude more powerful than my Mac Plus, and I was so thrilled to have it that I decided that it would be auspicious to christen it. Since I was in grad school studying ancient history at the time, I changed the name of the hard drive from whatever the boring default was (it may have actually just been "HARD DRIVE") to "Kleopatra," using the more correct Greek spelling of the ancient queen's name.

Over the next few years -- especially after I fled academia -- I wondered if maybe I should cast aside this little bit of whimsy, but I did like thinking of my computer as more than just another grey-beige box of silicon taking up desk space. So Kleopatra stayed, and when I got a second internal hard drive, I named it after her husband Marc Antony, just to keep her company. I thought that this affectation made me unique and just a little bit weird. But then I got my first real job.

The job was as a copy editor at a San Francisco Web publishing startup, and I quickly learned that all of the Unix servers upon which our internal and external processes depended had names. And not boring names like PRODUCTION_SERVER; these machines were all named after African nations. This didn't exactly turn every trip into the office into an exotic vacation, but dealing every day with machines named Rwanda and Angola at least gave us something concrete to rant about when tech difficulties beset our work. (I hope the good people of Angola weren't hurt by the invectives we hurled when their country's namesake computer went out of commission for good, leaving us in two weeks of limbo before we eventually replaced it with Congo.) But more to the point, it taught me about the feeling of of hominess and community you get from a consistent naming system for your machines.

It's possible to give them too much personality
Photo by c.j.b.

When our business unit was merged with another one back east, and they started foisting their own, non-geographical naming conventions onto us -- well, that's when we knew that an era was ending.

The spy who named me

As it happens, such a naming system wasn't unique to our little office. Sandra Henry-Stocker was our company's Unix admin when I started that job, though she wasn't the originator of the African naming scheme. However, she did once work with a similar server naming scheme at another workplace with a slightly more exciting mission. "When I worked at the CIA," she says, "the office I worked in named its servers after states -- like Alaska and NewHampshire. We'd briefly considered wineries, but figured most of the staff would have no hope of pronouncing them, so we abandoned that idea pretty quickly."

It didn't stop there, though: "Client systems in each subnet were named after cities in the associated states. So we had systems with names like Juneau and Portsmouth. Some analysts grumbled that they wanted to 'move,' but it was easy to tell which subnet a particular analyst was on just by knowing his or her workstation's name and a bit of geography. The funny part was the looks I'd get in the elevator when I'd say to a coworker with a tone of annoyance something like 'I don't know what we're going to do about Maine! We're seeing crashes every day now.'"

It seems that this concept -- giving your servers a naming system that is at once arbitrary and consistent -- is a near-universal one, either passed down from admin to admin or reinvented dozens of times over the years. There are thousand-post Slashdot threads on the subject, and enthusiastic user discussions at O'Reilly and ISP discussion sites. What's really interesting to me is how these arbitrary conventions can take on a life of their own and affect how we think about the machines we use every day, like they did for Henry-Stocker's CIA analysts who wanted to move to better "locations."

Sometimes mere names can get downright philosophical . Lee Mandell, now the president of communications agency Matlin Mandell, recalls, "At a small agency I worked for back in the dot-com days we named our servers after quarks. Thus our file server and its mirrored backup were TRUTH and BEAUTY, because, after all 'Beauty is truth, truth beauty -- that is all Ye know on earth, and all ye need to know.' And our Web server and its mirrored backup were UP and DOWN. Unfortunately I never got the chance to say to my boss that, due to a server crash, UP was down -- but don't worry because DOWN is up.'"

However, naming schemes can go beyond whimsy and enter what strikes me as enabling. "At my current agency," says Mandell, "we name all our computers after playwrights. Notably our main file server was named O'Neill. It was always problematic, given to disk crashes (twice), BSOD lockups and slowness. 'But,' my partner once said to me, 'what else would you expect from a server named after an alcoholic depressive?'" Would a box merely named FILESERVER1 have been so indulged? Fortunately, since O'Neill was just a server after all and not a beloved family member or Nobel-winning playwright, it was not confronted in an elaborate intervention, but eventually merely replaced. Kaufman, the new server, "is doing just fine," Mandell reports.

Method to the madness

Is there something more to this than just whim, and an aid to anthropomorphism that may or may not be healthy? Perhaps. Sandra Henry-Stocker describes the arrangement at her current workplace. "The naming scheme, largely resulting from the fact that one of our prior sysadmins was a diver, started with Caribbean Islands -- like StCroix and StBarts -- and then moved to the Mediterranean with names like Malta and Sicily. One of the other development groups uses a naming scheme that mimics the project and system types. So we have systems named gwx1a and gwx1b where the 'gwx1' stands for 'Gateway Netra X1'. These names are so boring and easily confused (e.g., did you just say 'gwx1b' or 'gwx1d'?) that the users all refer to them by their IP addresses! The islands, on the other hand, seem to invoke some enthusiasm on the users' part. In fact, we often refer to them as 'the islands' rather than 'the servers.'"

I think there's a couple of important data points in this story. The first is that server names that seem "logical" to a particular kind of very systematic and linear computer geek -- like gwx1 -- are actually pretty difficult to remember. Our language-focused brains aren't really built to accommodate them. (It's a really bad sign when your naming scheme is less user-friendly than IP addresses!)

It's also interesting to note that enthusiasm for one scheme -- in this case, the islands -- can inhibit the adoption of another scheme viewed as inferior. Presumably the more enthusiastc you are about one, the less likely you are to brook changes. "Sometimes it seems people pay nearly as much attention to this as to how they name their kids!" says Henry-Stocker. And that reminds me of another situation I heard about second-hand. A former roommate was a research scientist, and in the department where he worked, most of the servers were named after chemical elements; however, my roommate's boss wanted to keep things a little closer to home -- so he named his group's servers after his own theories.

The march of history

And what about Kleopatra? The Egyptian queen died famously of a snakebite suicide; my Power Computing machine went less glamorously, to a tinkerer from a Mac mailing list who volunteered to take her off my hands. She was followed by a series of ancient rulers, with gaps of a few centuries between each; there was Theodosius, then Justinian, and my current laptop is named Heraclius, after the 7th-century Byzantine emperor. I even have a little ecosystem going on at home: my Wi-Fi access points, set up when I had my previous computer, are named Belisarius and Narses (after Justinian's great generals) and my iPhone is named Niketas (after Heraclius's cousin).

When my wife wanted to name her phone Pinky, rather than after some ancient figure, I didn't make too much of a fuss, even though it wounded me inside. I have something bigger to worry about: if I jump forward a few centuries with every new computer, what do I do when I catch up with the present?

Read More

Apple still has 'ideas' for Mac netbook, says analyst

An analyst who met with Apple recently believes the company has "ideas" about producing a Mac netbook, an ultra portable laptop computer.

Analyst Toni Sacconaghi of Sanford C. Bernstein & Co met with Apple's Chief Operating Officer Tim Cook, covering for CEO Steve Jobs during a leave of absence, Apple's Chief Financial Officer Peter Oppenheimer and Apple's marketing chief Phil Schiller.

According to Sacconaghi, Apple's Cook hinted at "ideas" for a netbook as well iPhone price changes, and new smartphone handsets.

"Tim Cook stated that since Steve Jobs announced his leave of absence, he was spending more time on new products, how Apple could take the iPhone into new markets and examining iPhone's business model," said Sacconaghi, who is ranked the top computer analyst by Institutional Investor magazine.

The MacBook Air is Apple's smallest, lightest laptop.

Sanford C. Bernstein & Co manages portfolios for private and institutional investors currently valued at $85 billion.

"Several interesting tidbits point to new iPhones, potentially with different pricing/price points this year," Sacconaghi added.

A Mac netbook has long been rumoured since the success of smaller lighter laptops, typically with a 10" screen, from companies such as Asus, Acer, Dell, HP and MSI Wind.

Last week Asus said they had sold 4.9 million Eee PC netbooks last year despite the economic downturn.

Netbooks are traditionally competitively priced due to their relative lack of power and limited upgradability.

Apple's smallest, lightest laptop the MacBook Air starts at £1,271, which is a long way from what Apple would need to charge to make the a Mac netbook a success.

Apple has also previously said that the iPhone was there netbook, offering email and web surfing on the move.

Analyst Sacconaghi added that he expects Apple's stock to outperform the S&P 500 in the next year.

Sacconaghi also said he expects new Apple iMacs as earlier as next month and an new Apple iPhone in the summer.

Read More

Charge dropped against Pirate Bay four

A Swedish prosecutor on Tuesday dropped a charge levied against four men on trial for running The Pirate Bay, one of the most popular BitTorrent search engines and trackers on the Internet.

Tuesday's proceedings saw Swedish prosecutor Håkan Roswall drop a charge of aiding in the making of copies of works under copyright, said Peter Sunde, one of the four on trial. The charge was dropped due to the inability of the prosecution to prove copies of content were made, he said.

"We have definitely won this round," Sunde said.

One charge -- essentially aiding the making of material under copyright available -- remains. Sunde and the other three defendants, Fredrik Neij, Gottfrid Svartholm Warg and Carl Lundström, could face prison time. Swedish authorities want them to forfeit 1.2 million Swedish kronor (US$140,000) in advertising revenue generated from the site.

A lawyer for the music industry, Peter Danowsky, denied that dropping the charge hurt the overall case.

"It's a largely technical issue that changes nothing in terms of our compensation claims and has no bearing whatsoever on the main case against The Pirate Bay," Danowsky said in a statement published by The Local, a Swedish newspaper published in English. "In fact it simplifies the prosecutor's case by allowing him to focus on the main issue, which is the making available of copyrighted works," he said in a statement.

The Motion Picture Association is seeking 93 million Swedish kronor in damages, and the IFPI (International Federation of the Phonographic Industry) is seeking €1.6 million (US$2.06 million) in damages.

Evidence presented by Roswall on Tuesday included screenshots showing computers were connected to The Pirate Bay's tracker, or software that coordinates P-to-P (peer-to-peer) file sharing.

But a majority of the screenshots show that The Pirate Bay was actually down at the time and that the client connections timed out, Sunde said. The clients, or peers, were still connecting with each other, but through a distributed hash table, another protocol for coordinating downloads unrelated to The Pirate Bay.

The schedule for Wednesday includes testimony from a Swedish antipiracy agency as well as the Motion Picture Association, Sunde said.

Read More

Hackers attack IE7 flaw

Less than a week after the last round of Microsoft Internet Explorer patches, security experts are already warning that exploit code is in circulation.

The particular flaw, MS09-002, is being exploited using a specially crafted Word document which is emailed to users. Once opened it installs malware onto the target system, including a Trojan to allow the malware to update itself.

"Several anti-virus vendors reported MS09-002 exploits in the wild. We can confirm that the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working on an unpatched Windows XP machine," said Bojan Zdrnja of the Sans Internet Storm Center.

"Initially there was some confusion about this attack as most anti-virus vendors mentioned Word documents. The exploit targets Internet Explorer 7, but so far it has been delivered to the end user as a Word document.

"That being said there is absolutely nothing preventing attackers from using the exploit in a drive-by attack and we can, unfortunately, expect that this will happen very soon."

The first malware to try and exploit the flaw looks to have been reverse-engineered rather than being in existence before the patch was announced, experts said. The malware collects information from infected computers, encrypts it and sends it to a server in China.

The short turnaround time from patch to malware will leave IT administrators racing to update corporate servers in time, and they are advised to warn users about potential threats.

Read More

Obama pours billions into IT with recovery package

Obama's economic stimulus package, which was signed into law yesterday, will see billions of dollars poured into technology in the US.
A significant part of the $787bn total will be spent on IT-related measures. A main beneficiary will be healthcare IT, which is set to receive around $19bn.

Obama wants to introduce electronic care records, computerising all health records in the next five years.

The project will be similar to the UK's £12bn national programme for IT, a part of which aims to automate records, which has weathered a few storms since Tony Blair first introduced the plan.

Obama said in a speech yesterday, "It is an investment that will take the long overdue step of computerising America's medical records to reduce the duplication and waste that costs billions of healthcare dollars, and medical errors that cost thousands of lives each year."
ADVERTISEMENT

In addition, $2.5bn has been earmarked for loans for improving broadband infrastructure in the US, $200m will go into expanding public computer capacity at community colleges and public libraries, and $250m will be available in grants for innovative programmes encouraging broadband adoption.

An innovative technology loan guarantee programme, which will provide loan guarantees for renewable technologies and transmission technologies, will receive $6bn.

The US government will also allow some students to claim money for IT equipment used for studying.

A further $30bn will go towards clean energies and an upgrade of the country's electricity grid.

The US government hopes to be able to detail its economic recovery spending on its recently launched website, recovery.gov, although observers have pointed out that collecting and reporting the data will be a difficult task.

Read More

US Congess passes huge economic stimulus bill

The U.S. House of Representatives and Senate have both passed the final version of a huge economic stimulus package, including billions of dollars for broadband deployment and electronic health records.

The House Friday afternoon voted 246-183 to approve a compromise version of the estimated US$787 billion American Recovery and Reinvestment Act. All 176 House Republicans present voted against the bill.

Late Friday evening, the Senate voted 60-38 to approve the bill, with three Republicans joining Democrats in supporting it.

U.S. President Barack Obama pushed for the legislation and he is likely to sign the bill in the next couple of days.

The House and Senate both passed versions of the bill within the past three weeks, and negotiators from both chambers agreed on a compromise version of the bill earlier this week.

The bill includes $7.2 billion to help deploy broadband in rural and other unserved areas, $17 billion for incentives for health care providers to adopt electronic health records, and $11 billion to update the nation's electricity grid by hooking it up to the Internet.

Republicans complained that the bill included so-called pork-barrel spending and that Democrats didn't seek their input in crafting the bill. "A bill that was supposed to be about jobs, jobs, jobs has turned into a bill about spending, spending, spending," said Representative John Boehner, an Ohio Republican and House minority leader. "We owe it to the American people to get this right."

Republicans also complained they had less than 24 hours to digest the final version of the bill, about 1,000 pages long. No lawmaker has had the time to read the entire bill, Boehner said.

"This is a sad day for our country," said Senator John Thune [cq], a South Dakota Republican. "And it's a sad day for future generations who will be left paying for this billion-dollar spending bill."

Democrats argued the bill is necessary to jump-start the U.S. economy. Senator Joe Lieberman [cq], a Connecticut independent who caucuses with Democrats, said he's confident the bill will "begin the turnaround of the American economy."

Senator Amy Klobuchar, a Minnesota Democrat, applauded the bill for including money for grants and loans to broadband providers that deploy in unserved areas. Residents of the rural United States need broadband to train for high-tech jobs of the future, she said.

"Broadband Internet deployment creates jobs," she said. "I want those jobs to go to Thief River Falls, Minnesota ... instead of India or Japan."

Read More

Curiosity drives Twitter "social virus"

If you were hanging out on Twitter today, you probably noticed a lot of very similar Tweets coming through, saying "Don't Click" followed by a shortened URL.

Many people, upon receiving that Tweet, immediately clicked the link, which took them to a page with a "Don't Click" button. And when they clicked on that button (assuming they were logged into Twitter in their web browser) they ended up posting a Tweet from their account. This Tweet repeated the original message: "Don't Click" followed by a shortened URL. Which all their Followers clicked. And so on.

The end result of this was huge numbers of "Don't Click" Tweets, a lot of puzzlement on the part of the Twitter community, and nothing more serious. This time at least.

The security community immediately got to work investigating the event and found that it was accomplished via clickjacking. Chris Shiflett has a done a great job of explaining the exploit, as has Sunlight Labs. This wasn't a case of using clever javascript or any scripting at all. It was just done with an IFrame, pulling the Twitter page into the "Don't Click" page and populating the Status Update box on the Twitter page. However the IFrame was rendered invisible via CSS. You thought you were clicking this "Don't Click" button on the page, but you were actually clicking the (now invisible) Update button on the embedded Twitter page. If that went over your head, the links above step through it much more clearly.

To their credit, the Twitter Engineers blocked the problem very quickly, and no real harm was done. But their fix isn't bulletproof, as Jeff Jones discovered.

In some ways, the most interesting part of this story was the way it was the "virus" was distributed. Apparently the very best way to get people to click on something is to label it "Don't Click"!

Read More

Blockbuster, Inc announced today that it would add video games to its BLOCKBUSTER Total Access online rental service. A pilot program is planned for Q2 of this year with a goal of national availability by the second half of the year.

This puts Blockbuster in competition with online game rental services such as Gamefly, Gamerang and Gottaplay, none of which have the breadth of distribution centers that Blockbuster has. Additionally, renting games will offer a differentiation point from rival Netflix. Game platforms covered include Nintendo Wii, Sony PS & PS3, and Microsoft Xbox & Xbox 360. As with movies, users will be able to return rentals to a brick and mortar Blockbuster store.

Game enthusiast site Joystiq contacted Bob Barr, vice president and general manager of Blockbuster Online, for further details, including the price. A 3-disk Total Access account costs $19.99 per month. During any month that a game is rented, a $5 charge gets added to that price. During the testing phase, a game counts as a disk.

One of the biggest problems with existing game-rental services is availability of new titles; it'll be interesting to see if Blockbuster can overcome this hurdle.

Read More

T-Mobile issues firmware update for G1, adds voice search

T-Mobile began pushing out an update that adds a couple of new features and fixes some glitches in the G1, its phone that runs Google's Android software.

The most notable new capability is voice search. Once G1 users get the firmware update, they'll notice an icon for a microphone in the Google search bar on the home screen. When users hit the button they'll hear a "speak now" prompt, after which they can say their query, said Jeff Hamilton, a software engineer for Android, in a blog post.

If voice search doesn't properly interpret the query, users will be able to hit a "down" arrow next to the search box to find other suggestions, one of which might be correct, he said. G1 users will also be able to dial phone numbers and search in their contacts lists using voice commands.

The voice command capability follows the introduction of Google's voice search application for the iPhone in November.

Another minor addition with the Android update is the ability to save attachments sent via MMS. Users will also start seeing notifications when new software updates are available, including for applications in the Android Market. Phone users will also be able to report offensive comments in the Market as spam.

The update fixes a few glitches as well, such as one that automatically ended an instant messaging session when users turned their Wi-Fi connection on or off. Another glitch caused reminders for calendar items not to be delivered.

T-Mobile started pushing the update out Monday and expects all customers to receive it in two weeks.

On a T-Mobile Forum hosted by the operator, an administrator said the update is not related to "cupcake," the name of another update that will include a wider range of new capabilities and bug fixes.

Read More