Intel opens up the Atom processor to TSMC

Intel on Monday announced a partnership that could provide access to the chip design of its low-cost Atom processor to Taiwan Semiconductor Manufacturing Co.

The partnership with TSMC could lead to customized chips that could provide Intel access to new markets it can't reach alone, said Sean Maloney, Intel executive vice president and chief sales and marketing officer, during a conference call with reporters.

TSMC will be able to provide its customers with details of Atom's design so that they can design chips based on the chip's core.

Atom chips currently go into low-cost laptops, also known as netbooks, and devices such as mobile Internet devices (MIDs) and smartphones. Future Atom chips will include more integrated PC capabilities, such as graphics and Internet connectivity, that could push the processor into embedded devices and consumer electronics.

To date, Intel has alone developed and sold its Atom processors for netbooks and MIDs. The company wants to maintain tight control over the types of products the derivative Atom chips will go inside, Maloney said. Intel will not be transferring Atom's manufacturing process technology to TSMC, so any chips that result from the deal will be manufactured by Intel.

"What we're doing here ... we will be picking the segments we go after," Maloney said.

The companies have collaborated for close to 20 years on products that include WiMax chips.

Intel officials shied away from answering questions on whether the TSMC deal would affect Atom's product road map or future smartphone chips like Moorestown. Details surrounding the deal are still being worked out, Intel officials said.

This agreement is similar to a strategy employed by Arm, which generates revenue by licensing smartphone and embedded chip designs to chip makers, said Jack Gold, principal analyst at J. Gold Associates. Arm has licensed its chip cores to companies such as Texas Instruments and Qualcomm, which provide chips for smartphones.

"This is a direct attack on competing processors, especially the Arm processor, which is trying to move upstream from phones and embedded gadgets, while Intel is trying to move downstream with Atom into this overlapping space. The battleground in the middle will be aggressive and potentially bloody, with huge potential returns," Gold wrote in a research note.

The partnership will help Intel add a revenue stream by licensing out its Atom core, and adds "massive market potential" through TSMC's customers, Gold wrote. TSMC has connections to many consumer and lower-end products like smartphones and embedded device markets, especially in Taiwan and Japan, Gold wrote.

The partnership is a win for both companies, said Rick Tsai, president and chief executive officer of TSMC, during the call. It is mutually beneficial as it will allow both companies to generate additional revenue and reach new markets, especially at a time when the semiconductor industry is struggling.

"People in our industry must work together ... so we can share the benefits," Tsai said.

Intel has taken a number of steps to develop integrated chips that could fit into new products like set-top boxes and TVs. Intel in February said it was prioritizing its move from the 45-nanometer process to the new 32-nanometer process technology, which should help the company produce faster and more integrated chips.

To that effect, the company said it would spend US$7 billion over the next two years to revamp manufacturing plants. It will also help Intel make more chips at lower costs and add efficiencies to the production process. Intel will begin producing chips with 32-nm circuitry starting in late 2009.

Read More

Salacious content driving the adoption of ebooks?

This week's ebook news continues with the announcement that Barnes & Noble has purchased ebook seller Fictionwise for $15.7 million in cash, plus undisclosed earn-out payments if the company meets certain objectives over the next two years.

Fictionwise, founded in 2000 by Steve and Scott Pendergrast, operates the eReader.com site as well as Fictionwise.com. Barnes & Noble says the founders will continue to operate the sites as a separate business unit within Barnes & Noble.

eReader.com sells books only for the eReader Pro software which is available for a wide range of mobile platforms (the notable exception being the Blackberry), as well Windows and OS X computers.

Fictionwise.com, on the other hand, covers a broad range of digital book formats, including audiobooks.

One of the challenges of selling ebooks (pre-Kindle) has been the plethora of formats available. Grabbing a random example off of Fictionwise.com, here's what we find under "available formats":

Available eBook Formats [MultiFormat]: Adobe Acrobat (PDF) [828 KB], eReader (PDB) [289 KB], Palm Doc (PDB) [284 KB], Rocket/REB1100 (RB) [252 KB], Microsoft Reader (LIT) [279 KB] - PocketPC 1.0+ Compatible, Franklin eBookMan (FUB) [280 KB], hiebook (KML) [659 KB], Sony Reader (LRF) [329 KB], iSilo (PDB) [235 KB], Mobipocket (PRC) [294 KB], Kindle Compatible (MOBI) [356 KB], OEBFF Format (IMP) [412 KB]

This strikes me as both a strength and a weakness of ebook sellers. If you've got any kind of device with a screen you can probably find an ebook reader that supports one of these formats. But as a new user hitting the site, the choices can seem overwhelming. Presumably this is the reason for the more focused eReader.com site: Step 1, download our reader software for your device. Step 2, Start buying books from us.

This is also why Amazon probably has the best shot of taking ebooks mainstream.

Barnes & Noble abandoned ebooks once, so why are they coming back to them now? Because the format is starting to take off. Why is that? What's popular on Fictionwise? Well, once again it seems like porn is blazing a path to a new media format. Of the top 10 bestsellers under the "Multiformat" category, nine are tagged "erotica" amd the last is "dark fantasy".

Hey, I'm not judging anyone (one of my dearest friends is an erotic romance author) and yes, I've used the most salacious Top 10 list on the site in my example, but this data backs up my anecdotal observations. People who read erotic romance and 'bodice rippers' love ebooks because of the privacy they offer, both during purchase and when reading.

One of my favorite geek thespians, Felicia Day, apparently agrees with me. Here're a few recent tweets from her:

My Dad got me a Kindle 2.0! Thx Dad! Buying all the trashy novels I'm too embarrassed to buy because of the cover art. Oiled up Chests FTW!

BTW third trashy paranormal romance book read on my Kindle. Just told someone I am reading Dickens, LOL!!! I love this!

Let's take that last one with a grain of salt, shall we? But I do honestly believe that the success of the ebook is being fueled by the romance and erotic romance market. My aforementioned author friend, Samantha Lucas, sells almost all of her novels in ebook format for publishers like Cobblestone Press and Siren Publishing (google Ms. Lucas or the publishers if interested; links not really appropriate for ITWorld!) and tells me the market is growing in leaps and bounds.

It'd be fascinating to learn what percentage of Kindle book sales fall into this category, and I'm looking forward to seeing how much of the more explicit Fictionwise content makes it onto the Barnes & Noble site.

I've danced around this point but let me just say it: most of these erotic romance books are purchased by women (presumably) while most of the visual pornagraphy that drove the success of the VHS and arguably video on the web was consumed by men (again, presumably).

Separate but equal, indeed.

Read More

Myths, gods, and titanic disasters: How servers really get their names

Last month we looked into the practice of naming servers, half expecting to discover it was a quirky, geeky thing to do -- and nothing more. To our surprise, readers flooded the story with comments, chiming in about their own naming schemes -- what worked, what didn't, and flashes of brilliance. Let's just say that server naming is a surprisingly complex undertaking. Here's what we learned.

What's in a name?

The practice of naming servers and other machines was born of the basic need to distinguish among machines. In fact, as one reader reminds us, this was a convention in factories long 'before computers ever existed. It helped people working on the machines distinguish which one they were talking about when they had dozens or hundreds of the same machine on the factory floor.'

Photo by Lamerie

And, let's face it, naming things is just part of being human. "Anthropomorphizing gear is a very nice way of making sure that people remember what it does and kind of care for it," says Retep Vosnul. "Picking a suitable name [for] a server is very satisfying as well. For example, a server that needs to have very high service uptime, you might want to give a name that reflects that.... I used Belgarath (7000 year old wizard) and other characters from the Eddings novels and I used to use A'tuin and other Discworld persona for other networks. My former employer did not want names for some reason and I never felt at home in that datacenter, it lacked something."

Courting disaster

If uptime is important to you, why tempt fate?

Consider the case of one reader who named a Windows NT domain "Hades" in an attempt to be "ironic and edgy." Should it really have come as any surprise when 4 computers on that network died in 2 months time?

Photo by cliff1066

Or what about the government agency that named all their servers after disasters? With a main server called Hindenberg (as it used to go down so often), why would you take the chance of backing it up with a server called Titanic?

And then there's the "meaningful" naming convention gone awry: "When told to move to a global standard," a reader writes, "we were told to name Norway's mail server to NOMAIL (at the mail server level), and Canada's physical server name to CANTMAIL (NT was to signify the OS)."

Now that is courting disaster.

Up to the job

Photo by <>

You might think it would be too literal-minded to name a machine after its function but there's something downright elegant about printers named after writers or a plotter named "Moriarty" after the Mr. Moriarty who continually 'plotted' against Sherlock Holmes.

Mail servers, in particular, seem to make good targets for job-based names. MikeH names his servers after constellations, with the mail server being Pegasus, of course. Jim Haynes "always wanted to have a mail server named Norman Mailer." And one reader named his outgoing SMTP server "Newman" from the Seinfield television series. "When it relays to other servers it sends the command 'HELO newman'."

Glenn continued this theme, naming his mail server Hermes, his domain controllers Zeus and Hera, and a tech playground Eris (the goddess of discord). At home his machines are: Tyr (the war driving laptop), Castor and Pollux (a dual boot machine) and Athena (the server).

One if by land...

The natural world is a, er, natural place to look for server naming schemes. One anonymous reader writes that in his Colorado-based company, "the servers are all named after the various 14ers (mountains > 14k feet). This was started by an admin a few years back who set up most of the servers and whose father was in the process of hiking all of the mountains. Between Elbert, Massive, Challenger, Pyramid, Blanca, Crestone, and the rest of the gang, it's a bit of a hike (mentally) to keep them all straight. But darn if I don't hate Quandary some days."

Photo by Dan Hershman

But if it's an ecosystem you're looking for, you might turn to the sea. "All of the groups of systems I've been responsible for over the years had something of an 'ecosystem'," writes one reader. "The best one was based on the notion that test servers would be slower and less functional than production servers. The overarching theme was undersea creatures, production systems getting names like barracuda and test systems getting names like sponge, coral and my favorite, nudibranch. It just so happens that nudibranch became the overall test server for orgs far and wide and I was questioned about the tastefulness of the name more than once. No one ever forgot the name though."

"In our company," writes another reader, "we named servers after fish. steelhead, sturgeon, walleye, king. But the best was 'crappy'. None of our customers wanted to be on crappy."

An eye on the sky

"Most of my machine names come from stars," says egon. "The hardest part is picking a name that short and easy to spell. Some over the years... Nova, Aurora, Polaris, Celaeno, and Orion. All my firewalls have been named Turais, it means 'little shield'. The best machine name was my P6 FreeBSD server. It was held together with duct tape, had sharp edges, was black and safety orange. Hazard."

Photo by provos@monkey

Another reader writes that his company quickly ran through the planets and their moons and "began using, in order, the standard list of (thousands of) smaller asteroids, in order of discovery. The christening of a new server involved learning about the new mythological character, and always helped me keep them straight.... All my workstations are, therefore named after astronomers, since they watch the skies."

And this word of warning from Jeff, who chimed in about a place he worked where the "servers were named after the planets - Mercury, Venus, Earth, Mars, etc. Which was all well and fine, until in a meeting someone stood up and admitted we were 'pulling financial data out of Uranus."

LoTR

Photo by Ryan McD

What article about server naming would be complete without a nod to Lord of the Rings? There are plenty of names to go around and the roles carry particular meaning. One reader, for example, named his "various development boxes after Tolkien names in Middle Earth. Of course, the Linux boxes get names like 'bree' or 'bagend', while the Windows boxes get names like 'mirkwood' or 'doom'. For some reason, I've named laptops after characters like 'gandalf' or 'sam'. [The] best part was when my central server was named 'rivendell'."

"For our research," writes a grad student, "we got many laptops, and I was the first one to pick the names. First we got three, so I named them after the three elven rings from lord of the rings: Narya, Nenya and Vilya. Later my advisor ordered a fourth one, that happened to have slightly better specifications. I thought it would be just perfect to name that 'theOne,' and my advisor being a team player agreed, funny enough he ended up taking over the computer, and we didn't see it for more than a year and a half... and then one day ... it resurfaced, I thought that was very funny, just like the real one ring."

Too clever for their own good

"At U.C. Santa Cruz," writes Jim Haynes, "the acronym for the computing organization was CATS, so the machines were named for famous cats. Except the file servers for the Athena system were named with Greek puns, like Ailurophile (cat lover), Dendrophile (tree lover), etc. At U.C. Berkeley they have a thing of naming things as puns on celebrities. Thus the shuttle that runs between the campus and the BART station is Humphrey Go-Bart. Their first VAX machine was named Ernie Co-Vax."

Photo by Elaine Vigneault

Another reader writes that in a previous job, they "named all the servers after computer scientists:

Fileserver: Bernoulli
Auto-build machine: Babbage
Firewall: Schneier
CVS server: Ritchie
Router: Metcalfe

One day he had to explain the naming convention to Mr. Metcalfe when he responded to a thread on a forum board about an issue we were having."

Rules for success

Like so many things in life, you know a good naming scheme when you see it, but there are a few things you may want to consider:

• Choose a theme that provides enough names that you won't run out. "All of the machines on my home network (laptops, printers, desktops, routers, cell phones, iPods, portable hard disks, Wii, PS3, etc.) are named after Peanuts characters," says Kwami. "It all started 5 years ago with my laptop named Snoopy, and it's gone on since then. Unfortunately, I'm running out of names!"
• Steer clear of "meaningful" names: they're boring and they're not at all as meaningful as they seem. One anonymous reader writes that in his company, there is one server "whose name has not changed in the last ten years - even as we have rebuilt its functions onto different hardware, the name keeps being returned to SERVER. Yup, that's right - a file server named Server. This name was chosen by the same person who decided naming our printers after presidents was too confusing and insisted we give them location names instead - like 5Counter (a printer on a countertop on the 5th floor) and 4Cabinet (a printer on a cabinet on the 4th floor)."
• Spelling matters. Choose names that are too long or complicated and users will get confused and make mistakes. One anonymous reader named servers after characters from Greek, Roman and Egyptian Mythology, each covering a separate operating district. Unfortunately, the naming scheme wasn't in operation a month before he was asked to change it. It seems people couldn't remember how to spell Clytemnestra, Agamemnon, Ashtoreth, Aesculapius, etc.
• Don't choose something too dear to your heart. One reader writes that he named machines after classical composers but drew the line at Wagner because he didn't want to subject it to the mangled mispronunciation that befell Haydn, Bizen, and Grieg.
• Go with what you know. A reader writes that he "decided a while ago to go with a Greek Mythology theme for my boxes. About a year ago, my mother's laptop started having problems with both the battery and the power adapter. She gave it to me, and I named it Oedipus, because I recognized it as a Greek name, but couldn't bring to mind the story. I recently looked it up, and I feel cold inside."
• Still unsure where to start? Read these "official" rules for computer naming

Read More

Judge kicks notorious spammer off Facebook

A federal judge in San Jose, California, has ordered convicted spammer Sanford Wallace to stay away from Facebook.

Facebook sued Wallace and two other men last week in an effort to cut down on spam and phishing schemes on the social-networking site. On Monday, Judge Jeremy Fogel of the U.S. District Court for the Northern District of California issued a temporary restraining order barring Wallace and two other alleged spammers, Adam Arzoomanian and Scott Shaw, from accessing Facebook's network.

Wallace was served with notice of the lawsuit on Monday in Las Vegas, said Sam O’Rourke, senior litigation counsel with Facebook. "Basically, he's not allowed to have any contact with our site or our physical location," he said. "Should Mr. Wallace choose to continue to spam us we can actually go out and have a bench warrant and try to have him arrested, so we think it's a pretty significant ruling."

In court filings, Facebook argues that these men gained access to legitimate Facebook accounts and then used them to spam the profile pages of the account holders' friends. Facebook allows users to post messages on the "Wall" of the profile pages of their friends.
·
The Facebook spam messages served two functions -- they enticed users into visiting phishing Web sites where they could be tricked up into giving up their Facebook login credentials; they routed victims to commercial Web sites that paid the spammers for the traffic, Facebook said.

Wallace would entice users with typo-filled messages that had subjects such as "has anyone emailed youu to let you know your defauult image is diisplayed on dynafaces.com," or "I'm not sure if you know but your pix are all over bakescream ^dot^ com->you gotta see it," Facebook said.

Sometimes Wallace would get users to register on these sites and then try to log into Facebook with the same usernames and passwords, hoping the victims used the same credentials for both sites.

News of the lawsuit was first reported Friday by Inside Facebook, a Web site for Facebook developers.

Wallace is one of the country's most notorious spammers, with a career that dates back to the 1990s. Last May a federal judge found him and a partner guilty under the CAN-SPAM act and ordered them to pay US$230 million for phishing and spamming MySpace users with links to gambling, ringtone and pornography Web sites.

Spammers and phishers have been hitting Facebook particularly hard over the past year and a half, said Dave Jevans, chairman of the Anti-Phishing Working Group. Because Facebook spam often looks like it comes from a friend it can be very effective. And because it's Web-based, it skirts traditional e-mail spam filtering tools, Jevans said.

"Some of the bigger guys can get a million people a day to look at their stuff," he said. "It's occasional, but you'll see it."

Spam is just one of several ills plaguing the social network. Over the past few days, Facebook users have also been hit with a new variant of the Koobface worm, which tries to trick victims into installing malicious software onto their PCs. Also, fake applications that send out messages such as "F a c e b o o k - closing down!!!" or "Error Check System" to try to trick victims into sending the messages to their friends have also been circulating around the social network.

Late last year, the judge in the Wallace case awarded Facebook a record US$873 million in damages after Facebook accused other spammers of using stolen logins to pump out more than 4 million spam messages. Facebook says that it doesn't expect the spammers in that case to pay up, but the company hopes that it may serve as a deterrent.

Jevans agreed that lawsuits probably won't stop the big-time Facebook spammers, but he said they could deter the little guys.

Despite criminals best efforts, spam has not become a major problem on the social network O’Rourke said. "I think we're being targeted just because we have 175 million users now. No self-respecting spammer can not pay attention to that."

Read More

Gmail outage caused by rogue code

New code triggered a failure during routine maintenance of Google's European data centers, which led to a two hour shutdown of its Gmail system around the world last week.

The outage was an "unforeseen side-effect of some new code that tries to keep data geographically close to its owner," Acacio Cruz, Google's Gmail site reliability manager, wrote in a Google blog post.

The rogue software caused a datacentre in Europe to become overloaded, which caused cascading problems from one datacentre to another.

"It took us about an hour to get it all back under control," wrote Cruz.

Users around the world could either not get access to their inboxes or had to wait a minute or more for them to open during the two-hour outage last Tuesday.

Google has had trouble with Gmail before, and users have voiced concerns over the reliability of the service. In the past six months, Gmail has suffered some form of downtime on five separate occasions. In the month of August alone, Gmail had three significant outages that affected not only individual consumers of the free web mail service but also companies and organisations paying for Apps Premier, the company's hosted suite of collaboration, messaging and office productivity services.

According to Google, the bugs have been found and fixed.

Cruz wrote: "We know how painful an outage like this is - we run Google on Gmail, so outages like this affect us the same way they affect you."

Read More

Windows 7: The Six Versions Explained

Despite pleas from users to stop the confusion and craft one version of Windows 7, Microsoft is continuing down the path it followed with XP and Vista releasing multiple versions or SKUs (stock-keeping units) of Windows 7.

Six Windows 7 versions, to be precise. But most users only need to decide between two versions. Microsoft has said that 80 percent of users will be deploying Windows 7 Home Premium (consumers) or Windows 7 Professional (small businesses, remote workers). This is where Microsoft will put most of its marketing muscle.

"We have over 1 billion customers. It's hard to satisfy all of them [with a single version]," Windows General Manager Mike Ybarra has said. "There are vocal customers who want every feature, and more regular consumers who say 'I want a version that can grow with me.'"

Yet some analysts are accusing Microsoft of manipulating customers and padding profit margins with the high number of versions and bloggers are emphasizing that three versions are enough.

Here's a look at the features of each of the six Windows flavors and who might want them. Microsoft has not yet announced pricing for Windows 7.

Windows 7 Starter

This is the bare-bones, 32-bit only version of Windows 7 intended for users in developing countries, to serve the most basic computing needs.

Starter is designed for lightweight, portable netbooks, though Microsoft claims any of its versions will be able to run on netbooks.

Windows Starter 7 will not have the Aero Glass graphical user interface that is included in all other versions of Windows 7 (except Windows 7 Home Basic) and can only run three applications at a time. It will include the revamped taskbar and jump lists, Windows Media Player, the file-sharing feature Home Group (you can participate in a Home Group but cannot create one) and other basic features such as Action Center and Backup and Restore.

Starter will not be available in retail stores, and will only be offered pre-installed on new PCs by Microsoft OEMs.

Windows 7 Home Basic

Home Basic sits somewhere between Starter and Home Premium. It has all the features of Windows 7 Starter and will also only be available through OEM partners in developing countries. Also like Starter, it will not include the Aero Glass GUI.

Some of the features Home Basic has over Starter: the ability to run more than three applications at once; a 64-bit version; thumbnail previews from the taskbar; and Mobility Center, which allows you to manage the various networks that you connect to with your laptop.

Based on what Microsoft has announced about Home Basic (which is not very much), it shares the same features as Windows 7 Home Premium except there are no Aero Glass GUI features and other UI tweaks such as Aero Snap, Aero Peek

and multi-touch. This version will not will not legally be available for sale in the United States.

Windows 7 Home Premium

Windows 7 Home Premium has all the features of Starter and Home Basic and then some. This is the mainstream retail version that nearly all consumers will be using. Windows 7 Home Premium will be available worldwide to Microsoft OEMs and sold in retail stores loaded on new PCs.

A step up from Windows Home Basic, Home Premium includes the Aero Glass GUI and new Windows navigation features such as Aero Glass, Aero Background, Windows Touch, Home Group creation, Media Center, DVD playback and creation, premium games and Mobility Center.

Windows 7 Professional

Also available worldwide, to OEMs and in retail, Windows 7 Professional has the features of Home Premium, but with added networking and data protection features for small businesses and those who frequently work at home.

Microsoft may have a hard time convincing customers that Home Premium isn't good enough for a small business - considering it is bound to be less expensive than Professional - but if it succeeds it will be by marketing Professional features such as Domain Join to connect to business networks, Encrypting File System for data protection and Location Aware Printing to better connect to printers at work and home.

Windows 7 Professional will not include the more buzzed-about business features such as DirectAccess and BranchCache. They show up in the next version up the food chain, Windows 7 Enterprise.

Windows 7 Enterprise

Windows 7 Enterprise is only available to businesses through volume licensing. It includes all the features of Windows 7 Professional plus more security and networking features.

Businesses covered by Microsoft's Software Assurance will get Windows 7 Enterprise at no additional charge. Features that differentiate Enterprise from Professional are: BitLocker (encrypts data on internal and external drives); DirectAccess (connectivity to a corporate network without VPN); AppLocker (prevents unauthorized software from running); and BranchCache (speeds up the accessing of large remote files at branch offices).

Windows 7 Enterprise is designed for the corporate world and will only be used by large businesses. It will not be available at retail or by OEMs for pre-installation on a new PC.

Windows 7 Ultimate

Ultimate, the supersize version of Windows, includes all the features of all the other versions. Think of it as Windows 7 Enterprise for consumers.

Ultimate will be the most expensive version, so it's doubtful that many people will use it other than the occasional super-user who wants every possible feature. Microsoft is not likely to heavily promote Windows 7 Ultimate. Most regular users do not need all the security and networking features and there doesn't appear to be much in Ultimate for businesses that isn't already in Windows 7 Enterprise.

Microsoft has said that OEMs will be able to pre-install Windows 7 Ultimate on new machines and that there will be limited availability in retail.

Read More

Five Facebook Scams: Protect Your Profile

Beny Rubinstein knows computer security. An employee of a Seattle-area tech giant with 20 years of IT experience under his belt, Rubinstein has seen a side of the industry that most people will never know. He holds a degree in computer engineering, and--oh yeah--he just got scammed out of $1100 on Facebook.

Rubinstein's experience isn't entirely uncommon. (We'll get to the specifics in a moment.) What's striking about his story, though, is that it demonstrates how easily anyone--even a highly trained expert in computer security--can be ensnared by a seemingly simple social network scam. And all kinds of these scams are on the loose.

More than 20,000 pieces of malware attacked social networks in 2008 alone, estimates the online-security firm Kaspersky Lab. That's no surprise, either: While e-mail is still the most spam-filled medium, researchers suspect that social network cybercrime is growing at a far faster rate.

"People are used to receiving spam and malicious messages in their e-mail, but it is much less common on Facebook," says Graham Cluley, a senior technology consultant with Sophos. "They are lulled into a false sense of security and act unsafely as a result."

You can avoid becoming one of the many who make that mistake. We've dug up the dirt on five scams currently posing a threat on Facebook. We turned to analysts who study them as well as to users who have fallen for them, all to help spread the word about how these things work and how you can best dodge them. (Facebook representatives did not respond to our request for comment.)

Knowledge is the greatest weapon against becoming a victim. Read on, and arm yourself well.

Scam #1: The Nigerian 419

The Scam: It may sound like a hip new emo band (or a somewhat old e-mail scam), but the Nigerian 419 will do more than just offend your ears--it'll also empty your wallet. The moniker refers to a scam dating back decades that has recently entered the social network scene.

Back to Beny Rubinstein. A couple of months ago, Rubinstein received some alarming Facebook messages from a friend and fellow tech professional.

"[He said] he was in the UK and was robbed, and needed $600 to fly back to Seattle," Rubinstein recalls.

The messages came both in Facebook-based IMs and in e-mail. They included details such as family members' names, making the notes appear all the more authentic. It wasn't until 2 hours and $1100 later that Rubinstein realized what had happened: Someone had hijacked his buddy's account, contacted his friends, and--at their expense--made off like a bandit.

"Scammers figured out that even though social networks don't have direct access to money, they have access to information that gives you a good shot at getting someone else's money," says Vicente Silveira, a product management director at VeriSign and a personal friend of Rubinstein's.

you send cash to a pal who seems to be in trouble, try to contact him or her outside of the social network--either by phone or by external e-mail. Not feasible? Ask an extremely personal question that a hacker couldn't possibly figure out from information within the profile. We'll leave the specifics up to you.

Next: Be Wary of Widgets, The Koobface Virus, Facebook Phishing

Scam #2: The Widget Warrior

The Scam: Facebook is famous for its widgets--you know, the third-party applications that you can add onto your account. Sometimes, though, widgets turn into warriors with a single mission: stealing your data.

The first rogue widget reared its head in 2008, when researchers realized that a program called Secret Crush had anything but sweet intentions. The application, which was supposed to help you find your virtual admirers, instead installed spyware onto your computer. Even worse, it encouraged you to spread the love by getting other friends on-board--essentially "manipulating humans to pass it along on their own," says Guillaume Lovet, senior manager of Fortinet's Threat Response Team.

Secret Crush has since been crippled, but the potential for similar threats still exists. Just days ago, security experts determined that an application called Error Check System was misusing profile details and possibly stealing personal information. A few months earlier, researchers from Greece's Institute of Computer Science uploaded a malicious app to Facebook as an experiment (PDF). The team was able to configure the widget, which posed as a "Photo of the Day" displayer, to utilize its users' Internet connections for denial-of-service attacks.

The Protection: Use extra caution when installing third-party applications. "When you accept to install one, malicious or not, you are granting its author access to all the info in your profile," Lovet says. Make sure you know what the app's creator will do with it.

Scam #3: The Koobface Virus

The Scam: Don't be fooled by the name--there's little to laugh about when it comes to the quickly spreading Koobface virus. (The word, by the way, is an anagram of "Facebook.") Once the virus infects your PC, it starts sending messages or wall postings to your Facebook friends, directing them to a "hilarious video" or some "scandalous photos" of someone you both know.

"The link promises an enticing video, but when the user clicks, he is presented with a Web page with a fake Adobe Flash update or a fake codec that needs to be downloaded," explains Ryan Naraine, a security evangelist with Kaspersky Lab. "That download is malware."

The Protection: Antivirus software can help keep you safe, but some common sense can also go a long way. "Be wary of any kind of direct URL in messages or postings," advises Jamz Yaneza, a threat research manager with Trend Micro. If a site asks you to download a software update, Yaneza says, click Cancel and go directly to the vendor's page to see if the update is legit.

Scam #4: The Phishing Pond

The Scam: Phishing, a favorite hacker tactic, has found new life at social networking sites. Scammers trick users into following links that open official-looking Facebook log-in prompts. If you enter your user name and password, the information is logged--and your account is theirs.

Brandon Donaldson, a pastor at the Lifechurch.tv Internet Campus, fell for the scam. Someone gained control of his Facebook account and started sending messages to his friends and followers, trying to persuade them to follow the same links and unwittingly give up their accounts, too.

"This was a pretty bad ordeal, since I regularly put video content up on the Web, and I use the Internet as a tool for many relationships," Donaldson says. "You build a certain social trust in these spaces, and you want to keep that trust without these kinds of incidents."

The Protection: The previous plan also applies here: Watch where you click. Plus, if you're ever asked for your password midsession, don't enter it. Manually navigate back to the Facebook.com home page instead, and then log in there if need be.

Next: Fake Facebook Communities, Web of Trust

Scam #5: The Contrived Community

The Scam: Community enthusiasts, be cautioned: Facebook user groups can sometimes be cleverly disguised vehicles for marketing. And--whether you realize it or not--when you click the join link, you're effectively opting in.

Brad J. Ward was one of the first users to find such a scheme in action. Ward, then a member of Butler University's admissions department, discovered a Facebook group called "Butler Class of 2013." The only problem: The people behind it had nothing to do with Butler. After posting about the issue on his blog SquaredPeg.com, Ward soon learned that the names of nearly 400 other schools appeared in similarly suspicious groups, all created by the same small set of people.

"My initial reaction was that some company or person was essentially setting themselves up to be the administrator for hundreds of groups, which provides the opportunity to send out mass messages or to collect data," Ward says.

His instinct was right: The publisher of a college guidebook had set up the groups, seemingly with the goal of building a mass mailing list for marketing its products, Ward discovered.

"Was any of it illegal? Not necessarily," Ward points out. "But was it unethical, and could it be misconstrued as an official university presence? Yes."

Once exposed, the publishing company College Prowler admitted its involvement and agreed to back out of the groups. Still, that's only one company. More than likely, countless others haven't been detected, and are actively using groups to gain the trust (and information) of unsuspecting users.

The Protection: Be very selective in deciding what groups you join. If you aren't sure who runs a given Facebook community, or whether it's officially linked to the organization that it claims to be, don't accept the request. Your privacy is worth more than any membership.

The Web of Trust

In the end, staying safe comes down to maintaining control of your information and carefully selecting with whom you share it--because you never truly know who's on the other end of electronic communication. This past month, for example, a high school student was charged with 12 felonies after investigators say he posed as a girl on Facebook and tricked male classmates into sending him nude photos.

"An online version of the 'web of trust' is formed among users," notes Trend Micro's Jamz Yaneza. "Although this does work in the noncyberspace environment, the platform ... is really different when someone else is in charge of your medium."

It's easy to feel invulnerable while reading about such scams. The second you let your guard down, though, it's even easier to become the next victim. Just ask people who know Beny Rubinstein, the IT pro who lost more than a grand to a Facebook scammer.

"Worse than losing the money, he realized how exposed you are in a social network," says Vicente Silveira, Rubinstein's friend. "We're exposing things now that are in many ways a lot more valuable than money."

Read More

Visa: New payment-processor data breach not so new after all

Days after Visa Inc. seemingly confirmed that a data breach had taken place at a third payment processor , following on the recent breach disclosures by Heartland Payment Systems Inc. and RBS WorldPay Inc., the credit card company now is saying that there was no new security incident after all.

In actuality, Visa said in a statement issued Friday, alerts that it sent recently to banks and credit unions warning them about a compromise at a payment processor were related to the ongoing investigation of a previously known breach. However, Visa still didn't disclose the identity of the breached company, nor say why it is continuing to keep the name under wraps.

Visa said that it had sent lists of credit and debit card numbers found to have been compromised as part of the investigation to financial institutions "so they can take steps to protect consumers." It added that it currently "is risk-scoring all transactions in real-time, helping card issuers better distinguish fraudulent transactions from legitimate ones."

Visa's latest statement follows ones issued by both it and MasterCard International Inc. earlier this week in response to questions about breach notices that had been posted by several credit unions and banking associations. The notices made it clear that they weren't referring to the system intrusion disclosed by Heartland on Jan. 20 and suggested that a new breach had occurred.

Visa's initial statement, and the one from MasterCard, were both carefully worded; neither said specifically that the breach being referred to was a new one, but they also didn't say that it was a previously disclosed incident. Visa said it was "aware that a processor has experienced a compromise of payment card account information from its systems," while MasterCard said it had notified card issuers of a "potential security breach" affecting a payment processor in the U.S.

MasterCard officials didn't respond Friday to requests seeking clarification on whether its statement referred to a previous breach or a new one.

Benson Bolling, vice president of lending at the Alabama Credit Union in Tuscaloosa, said Friday that officials there had understood the breach to be a new one based on the alerts sent out by Visa - but couldn't say that for sure. According to Bolling, the credit union, which posted an advisory on Feb. 17 and updated it two days later, was informed by Visa of a "big breach" shortly after getting the word about the intrusion at Heartland.

The identifying number that was used in the so-called Compromised Account Management System alert issued by Visa appeared to suggest a new breach, because it was different from those used in previous CAMS notices, Bolling said. It was his understanding, he added, that CAMS alerts related to a previous breach would use the same identifier as the original notifications.

Almost 50% of the credit and debit cards issued by the ACU have been affected between the Heartland breach and the compromises detailed by Visa in the latest CAMS alert, Bolling said, without disclosing the number of compromised cards.

The Pennsylvania Credit Union Association also issued an advisory, dated Feb. 13, in which it described the recent alerts from Visa and MasterCard as being related to a new breach. "As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor," the PCUA said. The advisory appears to have since been removed from the association's Web site, but a cached version can be found via the Google search engine.

An advisory posted by the Tuscaloosa VA Federal Credit Union in Alabama also indicated that "another" payment processor had been breached and said that the compromise involved so-called card-not-present transactions, such as those made online or via the phone. Tuscaloosa VA noted that the "window of exposure" provided by both Visa and MasterCard was from February 2008 to this January. And like the PCUA, the credit union said that because the affected payment processor had yet to publicly announce the breach, Visa and MasterCard were unable to identify it.

Heartland has yet to disclose the scope of the breach in its systems, saying that it still doesn't know how many card numbers were compromised. The company, which processes more than 100 million transactions per month, also has yet to specify when exactly the system intrusion took place, beyond saying that malware was operational on its systems "during part of 2008."

RBS WorldPay, the Atlanta-based payment processing division of The Royal Bank of Scotland Group, disclosed Dec. 23 that its systems had been breached by unknown intruders, resulting in the compromise of personal information belonging to about 1.5 million owners of prepaid payroll and gift cards (download PDF). The compromised information included the Social Security numbers of 1.1 million people, according to the company, which said it had discovered the breach in early November.

Read More

Roku & Amazon: Cloud vs Hard Drive

I've owned a Roku video player for almost a year now, and I'm not ashamed to admit that I'm a fan. In case you aren't familiar with the Roku, it's a $99 device that initially was for streaming Netflix's "Watch Now" content to a television. The device is compact and works like a charm, and back when I bought it, it was the only out-of-the-box option for getting a Netflix stream direct to your TV.

Of course since that time, the XBox 360 has added Netflix support, as have a number of Blu-ray players, and this spring, you'll even be able to buy a TV with Netflix streaming built in. (There are plenty of companies betting that Netflix isn't going anywhere!) Roku wasn't sitting still during all this, though. They've promised to add new sources of content to their box, and this morning the first of those promises came true: you can now stream Amazon's Video on Demand service to the Roku.

As I was surfing around reading about this announcement, I read a comment that got me thinking. Amazon allows renting or purchasing content, but the Roku has no hard drive. This commenter — and I honestly can't remember where I read this; it may have been on Twitter (where else?) — questioned why anyone would buy content if it was going to remain "in the cloud." If you watch Amazon's Video on Demand on a TV or a Tivo, you can download purchased content and keep it locally. Obviously this isn't an option on the Roku.

I don't think I really care all that much if my content is in the cloud, to be honest. Ideally, I'd still like a store-bought hard copy with a spiffy case and all that. I like to browse our shelves of movie boxes looking for a DVD or Blu-ray to watch, but if I'm not going to own the physical media, I don't really care where my digital version "lives."

I can see where people who travel a lot would want to download a copy to keep on their laptop for watching on the go, but they can still do that. The only drawback I can see with the Roku is, what happens if your internet goes out? And that's a valid concern, but I'm blessed with a very reliable net connection (knock on wood). My counter argument is this: if you're downloading your content, what happens when your hard drive fails? Sure, you can burn a DVD copy or something, but then you're back to having physical media.

I think I'm very content letting Amazon store my digital copies of any Amazon Video On Demand content I might purchase. That feels easy to me. Let them worry about backups and storage space and all that. (The big caveat here is all the noise we're hearing about ISPs putting bandwidth caps in place. That could rain on everyone's parade.) I love that the Roku is silent and small with no moving parts. I just want to turn on my TV and let the Roku stream my content to me.

What do you think? Am I on the right track, or am I just making excuses for my treasured Roku box? Would you purchase content that was going to remain in the cloud?

Read More