In the latest of a long line of data and storage-related buys, IBM said Friday it has acquired Diligent Technologies for an undisclosed sum.
Diligent, which has offices in Framingham, Massachusetts, and Tel Aviv, is known for its de-duplication technology, a technique for saving storage space by eliminating redundant data, such as multiple copies of the same e-mail attachment within an e-mail archive. The company's ProtecTIER product employs an in-line de-duplication engine that does the work as data is brought into a system, not after the fact, which saves time, according to Diligent's Web site.
Diligent's technologies and its workers will be brought under IBM's system storage business unit within the systems and technology group.
One observer questioned whether the Diligent deal could hurt players such as Hitachi Data Systems, given that it has been reselling ProtecTIER.
"Now that the IBM acquisition of Diligent Technology appears to be all but a done deal, where does that leave HDS and their customers, as HDS is now left without a viable de-duplication technology in one of the hottest sectors in data storage?" wrote Jerome Wendt, president and lead analyst of DCIG Inc., a consulting firm, on his blog.
The buy marks the third storage-related grab by IBM in just the past few months, following its moves to acquire XIV and FilesX. IBM, which posted strong second-quarter earnings on Wednesday, said the Diligent deal is also part of its planned earnings-per-share growth strategy.
De-duplication is seen as a hot trend within the storage space. The 451 Group last year predicted the market sector could grow to US$1 billion by 2009. The space includes a range of independents such as ExaGrid, along with major vendors like Symantec.
Oracle also features the capability in its flagship 11g database, and Sun Microsystems recently made a de-duplication announcement as well.
Saturday, April 19, 2008
PayPal to block users with old browsers to curtail phishing
PayPal, eBay's electronic payment service, plans to take the dramatic step of locking out people using older versions of Web browsers in PayPal said a "significant" group of people still use Microsoft's Internet Explorer 3, released in 1996, and IE 4, which debuted in 1997. Those browsers lack a phishing filter, which can block users from accessing a reported phishing Web site.
"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," according to a paper released during the RSA security conference in San Francisco earlier this month.
It also could mean eventual trouble for users of Apple's Safari browser, which has no phishing filter. PayPal warned users in February to stay clear of Safari.
Phishing sites are designed to look like the legitimate Web sites of major brands such as banks and seek to elicit financial and personal information. Users are often lured to the sites through unsolicited e-mail, or can unwittingly land on one if a phisher has bought a domain with a convincing-looking name or one with slightly differently spelling.
PayPal has been one of the brands hit hard by phishing since the service allows people to transfer money. The company has taken steps to strengthen authentication controls and worked with ISPs (Internet service providers) to block e-mails purporting to be from PayPal but lacking a valid digital signature.
PayPal said it plans to warn users who come to its site that they are using an old browser. Eventually, those users will be blocked, although the company did not say when.
The plan won't necessarily prevent a person from being victimized by a phishing attack. A user could still be duped by an e-mail with a link to a phishing site and then divulge their details.
But by preventing access to its site, PayPal hopes those users will then upgrade their browsers, which will then give them an additional security protection against phishing.
Internet Explorer 7, Firefox 2 and Opera 9 have phishing filters, but Apple's browser -- Safari -- does not. Safari also does not support Extended Validation SSL (Secure Socket Layer) Certificates, issued to Web sites that have been vetted as legitimate.
For Web site with that certificate, IE shows a green bar. Firefox's address bar changes with white to beige and Opera denotes a safe site.
order to stem phishing attacks.
"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts," according to a paper released during the RSA security conference in San Francisco earlier this month.
It also could mean eventual trouble for users of Apple's Safari browser, which has no phishing filter. PayPal warned users in February to stay clear of Safari.
Phishing sites are designed to look like the legitimate Web sites of major brands such as banks and seek to elicit financial and personal information. Users are often lured to the sites through unsolicited e-mail, or can unwittingly land on one if a phisher has bought a domain with a convincing-looking name or one with slightly differently spelling.
PayPal has been one of the brands hit hard by phishing since the service allows people to transfer money. The company has taken steps to strengthen authentication controls and worked with ISPs (Internet service providers) to block e-mails purporting to be from PayPal but lacking a valid digital signature.
PayPal said it plans to warn users who come to its site that they are using an old browser. Eventually, those users will be blocked, although the company did not say when.
The plan won't necessarily prevent a person from being victimized by a phishing attack. A user could still be duped by an e-mail with a link to a phishing site and then divulge their details.
But by preventing access to its site, PayPal hopes those users will then upgrade their browsers, which will then give them an additional security protection against phishing.
Internet Explorer 7, Firefox 2 and Opera 9 have phishing filters, but Apple's browser -- Safari -- does not. Safari also does not support Extended Validation SSL (Secure Socket Layer) Certificates, issued to Web sites that have been vetted as legitimate.
For Web site with that certificate, IE shows a green bar. Firefox's address bar changes with white to beige and Opera denotes a safe site.
order to stem phishing attacks.
Bull crams crypto chips into bootable USB hard disk drive
Bull has a gadget for businesses worried about the security of data stored on laptops: a bootable, portable password-protected hard disk drive with an embedded cryptographic processor that protects data if the device is lost or stolen.
Globull (pronounced globule) is a bright red package about the size and weight of an iPod Classic. It has a color display, houses a 60G-byte hard disk drive and has a USB 2.0 cable that wraps around the device for storage.
Plug it into any PC that can boot from an external USB 2.0 drive, switch on the computer, enter your password on Globull's tiny touch-sensitive display, and you have access to your regular working environment, applications and data. Switch off the computer again and you can take your data away without leaving a trace, according to Bull.
Most recent PCs have the ability to boot from an external USB (Universal Serial Bus) drive -- although IT managers may have chosen to disable this option in the BIOS settings for security reasons: it's not always desirable if staff can boot up an operating system of their choice, bypassing antivirus or other security software installed on company PCs.
The 120-gram Globull package contains the hard disk and a cryptographic processor that scrambles data on the fly at 100M bps (bits per second), using the Advanced Encryption Standard with a 256-bit key (AES-256), protecting the data if the disk is lost or stolen. Without the password, the data cannot be decrypted.
Bull envisages a number of scenarios in which the drive could be useful to secure data: mobile workers with their own laptop; staff working on shared PCs, or for performing demonstrations on a client's computer. The company suggests installing a complete operating system -- Windows or Linux -- and applications on the device, but warns buyers to ensure that their existing software licenses allow such a use.
For now, Bull is offering the device only in France, but despite the defense-level encryption it contains, there's no legal reason why it can't be sold elsewhere, said company spokeswoman Anne Marie Jourdain: Bull just preferred to concentrate on France first, and an international launch is planned for the second half of the year, she said.
Globull has a price tag of €460 (US$685), but the price is negotiable in quantity, Jourdain said.
Globull (pronounced globule) is a bright red package about the size and weight of an iPod Classic. It has a color display, houses a 60G-byte hard disk drive and has a USB 2.0 cable that wraps around the device for storage.
Plug it into any PC that can boot from an external USB 2.0 drive, switch on the computer, enter your password on Globull's tiny touch-sensitive display, and you have access to your regular working environment, applications and data. Switch off the computer again and you can take your data away without leaving a trace, according to Bull.
Most recent PCs have the ability to boot from an external USB (Universal Serial Bus) drive -- although IT managers may have chosen to disable this option in the BIOS settings for security reasons: it's not always desirable if staff can boot up an operating system of their choice, bypassing antivirus or other security software installed on company PCs.
The 120-gram Globull package contains the hard disk and a cryptographic processor that scrambles data on the fly at 100M bps (bits per second), using the Advanced Encryption Standard with a 256-bit key (AES-256), protecting the data if the disk is lost or stolen. Without the password, the data cannot be decrypted.
Bull envisages a number of scenarios in which the drive could be useful to secure data: mobile workers with their own laptop; staff working on shared PCs, or for performing demonstrations on a client's computer. The company suggests installing a complete operating system -- Windows or Linux -- and applications on the device, but warns buyers to ensure that their existing software licenses allow such a use.
For now, Bull is offering the device only in France, but despite the defense-level encryption it contains, there's no legal reason why it can't be sold elsewhere, said company spokeswoman Anne Marie Jourdain: Bull just preferred to concentrate on France first, and an international launch is planned for the second half of the year, she said.
Globull has a price tag of €460 (US$685), but the price is negotiable in quantity, Jourdain said.
Android developers' competition draws 1,788 entries
Developers from over 70 countries have submitted 1,788 entries to the Android Developer Challenge, according to Google.
The goal of the challenge is to drum up interest in the Android platform, a software package for mobile devices that includes an operating system, middleware and some key applications. Applications, built by anyone who has the requisite the skills, will be a huge part of the Android vision, according to Google.
Any phone manufacturer or carrier could use the platform to build tailor-made phones faster than previously possible, according to the platform's supporters, the Open Handset Alliance.
The challenge entries cover many different application areas, including games, social-networking, utilities, productivity and developer tools, according to a Google blog entry submitted by Azhar Hashem, product marketing manager for Android.
The U.S. generated the largest number of entries, with others from Germany, Japan, China, India, Canada, France and the U.K., Hashem wrote.
Now it's time for the judges to get to work: They will soon receive laptops loaded with all the submissions, according to Hashem.
Next month 50 semifinalists will be awarded $25,000 each to fund further development. They will then compete for ten $275,000 awards, and ten $100,000 awards.
The winners will be announced on July 21.
The goal of the challenge is to drum up interest in the Android platform, a software package for mobile devices that includes an operating system, middleware and some key applications. Applications, built by anyone who has the requisite the skills, will be a huge part of the Android vision, according to Google.
Any phone manufacturer or carrier could use the platform to build tailor-made phones faster than previously possible, according to the platform's supporters, the Open Handset Alliance.
The challenge entries cover many different application areas, including games, social-networking, utilities, productivity and developer tools, according to a Google blog entry submitted by Azhar Hashem, product marketing manager for Android.
The U.S. generated the largest number of entries, with others from Germany, Japan, China, India, Canada, France and the U.K., Hashem wrote.
Now it's time for the judges to get to work: They will soon receive laptops loaded with all the submissions, according to Hashem.
Next month 50 semifinalists will be awarded $25,000 each to fund further development. They will then compete for ten $275,000 awards, and ten $100,000 awards.
The winners will be announced on July 21.
Chinese blogs detail zero-day flaw in Microsoft Works
Chinese-language blogs are detailing a zero-day vulnerability in Microsoft Works, the company's lower-end office productivity suite, according to security vendor McAfee.
The vulnerability is within an ActiveX control for the Works' Image Server, wrote McAfee analyst Kevin Beets. A PC would need to visit a Web site engineered to exploit the flaw, Beets wrote.
A zero-day flaw is a software vulnerability that has become public knowledge but for which no patch is available. It is particularly dangerous since users are exposed from day zero until the day a vendor prepares a patch and notifies users it is ready.
Proof-of-concept code was posted on a Chinese blog showing how the problem could cause Windows to crash, Beets wrote. Then, a few hours later, a working exploit appeared, which could allow malicious code to run on a machine.
ActiveX is Microsoft's technology that lets Web site designers add extra functionality to Web pages or allows different applications to access the same software component, such as a spell-checker. But ActiveX controls have also been employed by hackers in order to trick people into downloading malicious code.
As with most ActiveX controls, users will get a warning asking whether they want to download it or not, Beets wrote, but the vulnerability is "easily exploitable" once the control has been downloaded. McAfee tried it out using Windows XP Service Pack 2 and Internet Explorer 7.
One way to halt the attack is to block the particular ActiveX control, Beets wrote. Microsoft has instructions on its Web site for this procedure.
The company did not have an immediate comment as of Friday morning.
The vulnerability is within an ActiveX control for the Works' Image Server, wrote McAfee analyst Kevin Beets. A PC would need to visit a Web site engineered to exploit the flaw, Beets wrote.
A zero-day flaw is a software vulnerability that has become public knowledge but for which no patch is available. It is particularly dangerous since users are exposed from day zero until the day a vendor prepares a patch and notifies users it is ready.
Proof-of-concept code was posted on a Chinese blog showing how the problem could cause Windows to crash, Beets wrote. Then, a few hours later, a working exploit appeared, which could allow malicious code to run on a machine.
ActiveX is Microsoft's technology that lets Web site designers add extra functionality to Web pages or allows different applications to access the same software component, such as a spell-checker. But ActiveX controls have also been employed by hackers in order to trick people into downloading malicious code.
As with most ActiveX controls, users will get a warning asking whether they want to download it or not, Beets wrote, but the vulnerability is "easily exploitable" once the control has been downloaded. McAfee tried it out using Windows XP Service Pack 2 and Internet Explorer 7.
One way to halt the attack is to block the particular ActiveX control, Beets wrote. Microsoft has instructions on its Web site for this procedure.
The company did not have an immediate comment as of Friday morning.
British police use Facebook to gather evidence
The Greater Manchester Police force is looking for friends -- on Facebook.
It has created a Facebook application to collect leads for investigations, marking the first use of the social networking site by U.K. law enforcement.
The application delivers a real-time feed of police news and appeals for information. Next to that content is a feature to share a particular story with other friends in a person's network, as well as post comments.
One of the recent updates is an appeal asking for information about four men, one of whom was armed with an axe, who robbed a betting shop.
A "Submit Intelligence" link takes a Facebook user to the police Web site where they can anonymously submit tips. Another link leads to the videos on YouTube featuring information on the police force, ongoing investigations and other advisories.
One video contains closed-circuit TV footage of two men in hooded sweatshirts seen near the place where a 15-year-old, Jessie James, was shot and killed in Manchester in November 2006.
So far about 750 people have put the application on their profile, the police said. They estimate about seven million of the 59 million worldwide Facebook users live in the U.K.
The application has received a universally positive response. "Good thinking GMP [Greater Manchester Police]!" wrote Facebook user Sammie Jane. "This is a sure-fire way to branch out to the younger generation and also to encourage anonymous information."
It has created a Facebook application to collect leads for investigations, marking the first use of the social networking site by U.K. law enforcement.
The application delivers a real-time feed of police news and appeals for information. Next to that content is a feature to share a particular story with other friends in a person's network, as well as post comments.
One of the recent updates is an appeal asking for information about four men, one of whom was armed with an axe, who robbed a betting shop.
A "Submit Intelligence" link takes a Facebook user to the police Web site where they can anonymously submit tips. Another link leads to the videos on YouTube featuring information on the police force, ongoing investigations and other advisories.
One video contains closed-circuit TV footage of two men in hooded sweatshirts seen near the place where a 15-year-old, Jessie James, was shot and killed in Manchester in November 2006.
So far about 750 people have put the application on their profile, the police said. They estimate about seven million of the 59 million worldwide Facebook users live in the U.K.
The application has received a universally positive response. "Good thinking GMP [Greater Manchester Police]!" wrote Facebook user Sammie Jane. "This is a sure-fire way to branch out to the younger generation and also to encourage anonymous information."
Microsoft confirms testing of 'Albany' low-cost Office suite
Microsoft on Friday confirmed it is planning to release a subscription-based "value box" of low-end productivity software code-named Albany, and has sent an early version of the product to thousands of beta participants for private testing.
News surfaced last month that Microsoft was planning the suite -- a combination of Office Home and Student 2007; Office Live Workspaces; Windows Live Mail, Messenger and Photos client software; and Windows Live OneCare -- to compete with Google Docs and other free or low-cost productivity suites available in the consumer market. Microsoft late last month sent out select invitations to test Albany, asking people to sign nondisclosure agreements just to sign up for the test, sources close to the company said at the time.
However, Microsoft Product Manager Bryson Gordon said that Albany -- which the company internally had called a "value box" of software -- isn't simply a productivity play. "The free applications online address one portion of this," he said.
Albany goes beyond that and provides what consumers have told Microsoft are the "essential" products they use on a computer, Gordon said. "It extends both into the security value proposition and extends into the category of helping people connect and share with others," he said.
In addition to Word, Excel and PowerPoint applications found in Office, a plug-in for Office Live Workspaces in Albany will give customers the ability to store and share documents online from directly within the Office interface. Albany also covers basic PC security needs with Windows Live OneCare, Microsoft's service that includes firewall and antivirus protection, as well as basic consumer e-mail, instant-messaging and photo-sharing needs with the Windows Live software.
Albany suggests that Microsoft recognizes it must differentiate Office from less costly or even free software such as Google Docs or IBM's Symphony. These suites threaten to commoditize the consumer market for productivity software, where low-end versions of Office, for now, remain prevalent.
While people can separately purchase or download all of the products that will be a part of Albany, a key feature of the package will be that it provides for unified installation instead of customers having to install all of the offerings separately. "We don't want them to go through a cumbersome process to set this up," Gordon said.
Albany also will feature a "welcome" window that shows customers all of the features and offerings in the suite and from which customers can begin using the software, he said.
Microsoft has not set pricing for Albany yet, saying only that it will be sold on a subscription basis. Whether that subscription will be monthly or yearly also has yet to be determined. Moreover, the company is still deciding through which channels Albany will be sold, although sources close to the company previously said retail outlets such as Best Buy would be among places people could purchase it.
Gordon said Microsoft is not planning a public beta for Albany, which it expects to release before the end of the year. The company will use the feedback from the private beta to come up with a final version of the product.
News surfaced last month that Microsoft was planning the suite -- a combination of Office Home and Student 2007; Office Live Workspaces; Windows Live Mail, Messenger and Photos client software; and Windows Live OneCare -- to compete with Google Docs and other free or low-cost productivity suites available in the consumer market. Microsoft late last month sent out select invitations to test Albany, asking people to sign nondisclosure agreements just to sign up for the test, sources close to the company said at the time.
However, Microsoft Product Manager Bryson Gordon said that Albany -- which the company internally had called a "value box" of software -- isn't simply a productivity play. "The free applications online address one portion of this," he said.
Albany goes beyond that and provides what consumers have told Microsoft are the "essential" products they use on a computer, Gordon said. "It extends both into the security value proposition and extends into the category of helping people connect and share with others," he said.
In addition to Word, Excel and PowerPoint applications found in Office, a plug-in for Office Live Workspaces in Albany will give customers the ability to store and share documents online from directly within the Office interface. Albany also covers basic PC security needs with Windows Live OneCare, Microsoft's service that includes firewall and antivirus protection, as well as basic consumer e-mail, instant-messaging and photo-sharing needs with the Windows Live software.
Albany suggests that Microsoft recognizes it must differentiate Office from less costly or even free software such as Google Docs or IBM's Symphony. These suites threaten to commoditize the consumer market for productivity software, where low-end versions of Office, for now, remain prevalent.
While people can separately purchase or download all of the products that will be a part of Albany, a key feature of the package will be that it provides for unified installation instead of customers having to install all of the offerings separately. "We don't want them to go through a cumbersome process to set this up," Gordon said.
Albany also will feature a "welcome" window that shows customers all of the features and offerings in the suite and from which customers can begin using the software, he said.
Microsoft has not set pricing for Albany yet, saying only that it will be sold on a subscription basis. Whether that subscription will be monthly or yearly also has yet to be determined. Moreover, the company is still deciding through which channels Albany will be sold, although sources close to the company previously said retail outlets such as Best Buy would be among places people could purchase it.
Gordon said Microsoft is not planning a public beta for Albany, which it expects to release before the end of the year. The company will use the feedback from the private beta to come up with a final version of the product.
Amazon adds support options for hosted services
Amazon is adding new support options for its hosted computing services, a move that could make them more attractive for running business applications.
Amazon introduced two premium support options on Thursday for users of its EC2, S3 and SQS services. Both options guarantee subscribers a response within an hour, allow them to open an unlimited number of support incidents and provide diagnostic tools to help identify the sources of problems. They also provide an online tool where customers can view all of their open and resolved cases.
The more expensive Gold plan includes support at any time of day, 365 days a year, including live telephone support. Gold subscribers pay US$400 a month or a sliding-fee scale based on usage, whichever is greater. The Silver plan costs $100 a month or $0.10 per dollar of monthly service usage, whichever is greater.
Amazon Web Services are hosted computing services that customers pay for based on usage, so they don't have to invest a potentially large sum to buy and manage their own hardware and software. EC2, or the Elastic Compute Cloud, offers remote computing power, while S3, or the Simple Storage Service, lets customers store and retrieve essentially any amount of data online. SQS, or the Simple Queue Service, is a developer tool for storing messages sent between computers.
When the services first launched, customer support consisted of an online forum that Amazon staff took turns monitoring in part-time shifts, according to a blog post announcing the new support programs. Later, dedicated workers monitored the site. But some customers are using the services for critical applications and have asked for more direct and discreet ways to seek help when issues come up, Amazon said, so it decided to offer the new plans.
Amazon also launched a new Web page that displays the health of each of the services. It lists the current status and will include historical data for 35 days, although for now the data goes back only to April 14. If a service has a problem, users can report an issue and find information on the site about the status of the problem.
The new support options should help to address complaints that customers had during two recent service outages. During the first in particular, some users were upset at the lack of information from Amazon about the cause of the problem and when it might be fixed. Some suggested in the forum that Amazon create a Web page where customers could visit to find out about service problems.
While some businesses already depend on Amazon Web Services, others may be wary about their reliability. Phil Shih, an analyst with Tier 1 Research, a division of The 451 Group, said recently that he doesn't recommend companies use AWS for anything but internal projects that can absorb downtime. However, he expects Amazon will improve the services so that in the future, he may recommend that companies use them for more critical applications.
Amazon introduced two premium support options on Thursday for users of its EC2, S3 and SQS services. Both options guarantee subscribers a response within an hour, allow them to open an unlimited number of support incidents and provide diagnostic tools to help identify the sources of problems. They also provide an online tool where customers can view all of their open and resolved cases.
The more expensive Gold plan includes support at any time of day, 365 days a year, including live telephone support. Gold subscribers pay US$400 a month or a sliding-fee scale based on usage, whichever is greater. The Silver plan costs $100 a month or $0.10 per dollar of monthly service usage, whichever is greater.
Amazon Web Services are hosted computing services that customers pay for based on usage, so they don't have to invest a potentially large sum to buy and manage their own hardware and software. EC2, or the Elastic Compute Cloud, offers remote computing power, while S3, or the Simple Storage Service, lets customers store and retrieve essentially any amount of data online. SQS, or the Simple Queue Service, is a developer tool for storing messages sent between computers.
When the services first launched, customer support consisted of an online forum that Amazon staff took turns monitoring in part-time shifts, according to a blog post announcing the new support programs. Later, dedicated workers monitored the site. But some customers are using the services for critical applications and have asked for more direct and discreet ways to seek help when issues come up, Amazon said, so it decided to offer the new plans.
Amazon also launched a new Web page that displays the health of each of the services. It lists the current status and will include historical data for 35 days, although for now the data goes back only to April 14. If a service has a problem, users can report an issue and find information on the site about the status of the problem.
The new support options should help to address complaints that customers had during two recent service outages. During the first in particular, some users were upset at the lack of information from Amazon about the cause of the problem and when it might be fixed. Some suggested in the forum that Amazon create a Web page where customers could visit to find out about service problems.
While some businesses already depend on Amazon Web Services, others may be wary about their reliability. Phil Shih, an analyst with Tier 1 Research, a division of The 451 Group, said recently that he doesn't recommend companies use AWS for anything but internal projects that can absorb downtime. However, he expects Amazon will improve the services so that in the future, he may recommend that companies use them for more critical applications.
AT&T to lay off more than 4,000 employees
Telecom giant AT&T plans to lay off 1.5 percent of its employees, primarily in management, in an effort to streamline its operations, the company announced Friday.
AT&T had about 310,000 employees at the end of 2007, meaning the layoffs would affect about 4,650 workers. The layoffs are the "next step" in streamlining company operations in an effort to operate more efficiently after recent mergers between parent company SBC, the old AT&T and BellSouth, the company said in a filing with the U.S. Securities and Exchange Commission.
AT&T expects its total number of employees to remain stable in 2008 "as the company hires additional employees to support growth areas," AT&T said in the filing.
The company did not announce a time line for the layoffs in its SEC filing. The streamlining effort is focused on jobs that don't interact with customers, the company said.
"This initiative is part of the company's move from a collection of regional companies to one AT&T focused on customers," AT&T said in the filing.
The layoffs mean AT&T will take a one-time charge of US $374 million during the first quarter of 2008. AT&T is scheduled to announce its first-quarter earnings Tuesday.
AT&T reported a net income of $3.1 billion for the fourth quarter of 2007. It's revenue for the quarter was $30.3 billion.
AT&T had about 310,000 employees at the end of 2007, meaning the layoffs would affect about 4,650 workers. The layoffs are the "next step" in streamlining company operations in an effort to operate more efficiently after recent mergers between parent company SBC, the old AT&T and BellSouth, the company said in a filing with the U.S. Securities and Exchange Commission.
AT&T expects its total number of employees to remain stable in 2008 "as the company hires additional employees to support growth areas," AT&T said in the filing.
The company did not announce a time line for the layoffs in its SEC filing. The streamlining effort is focused on jobs that don't interact with customers, the company said.
"This initiative is part of the company's move from a collection of regional companies to one AT&T focused on customers," AT&T said in the filing.
The layoffs mean AT&T will take a one-time charge of US $374 million during the first quarter of 2008. AT&T is scheduled to announce its first-quarter earnings Tuesday.
AT&T reported a net income of $3.1 billion for the fourth quarter of 2007. It's revenue for the quarter was $30.3 billion.
Google stock soars in after-market trading
Shares of popular search engine Google soared in after market trading and could portend a close above US$500 for the first time in months.
The company's stock ended after-market trading at $525.96 on Thursday, up 17 percent, or $76.42 above its close in regular trading hours on the same day. Google reported earnings that beat analyst expectations after regular stock trading closed.
Google's stock closed at $449.54 during normal hours. The last time the stock closed above $500 during regular trading was on Feb. 22, at $507.80. On Feb. 25, the shares traded as high as $506.50, but ended the day at $486.44. Because fewer shares are available during after-hours trading, share prices can push higher on positive results released after the market closes.
On Friday, Google shares may not hit the same price as Thursday's after-market, but there is a good chance they will rise significantly, given the after-market surge.
The shares have not hit $500 since that time, but Friday could be different. Stocks often follow what happens in after-market trading, but shares may not soar as high and news overnight could also affect the stock market.
Google's revenue soared 42 percent year-on-year in the first quarter to $5.19 billion and it posted net income of $1.31 billion. The company's pro-forma net income, which excludes certain items, was $4.84, which beat analysts' expectations of $4.52 per share.
The company also reported paid-click growth of 20 percent compared to the same time last year, higher than the figures reported by third parties. Negative reports on Google's paid-click growth from Internet watchers such as comScore and Hitwise had been a key factor in the stock's decline over the past few months.
The company's stock ended after-market trading at $525.96 on Thursday, up 17 percent, or $76.42 above its close in regular trading hours on the same day. Google reported earnings that beat analyst expectations after regular stock trading closed.
Google's stock closed at $449.54 during normal hours. The last time the stock closed above $500 during regular trading was on Feb. 22, at $507.80. On Feb. 25, the shares traded as high as $506.50, but ended the day at $486.44. Because fewer shares are available during after-hours trading, share prices can push higher on positive results released after the market closes.
On Friday, Google shares may not hit the same price as Thursday's after-market, but there is a good chance they will rise significantly, given the after-market surge.
The shares have not hit $500 since that time, but Friday could be different. Stocks often follow what happens in after-market trading, but shares may not soar as high and news overnight could also affect the stock market.
Google's revenue soared 42 percent year-on-year in the first quarter to $5.19 billion and it posted net income of $1.31 billion. The company's pro-forma net income, which excludes certain items, was $4.84, which beat analysts' expectations of $4.52 per share.
The company also reported paid-click growth of 20 percent compared to the same time last year, higher than the figures reported by third parties. Negative reports on Google's paid-click growth from Internet watchers such as comScore and Hitwise had been a key factor in the stock's decline over the past few months.
MacBook Air spurring LED use in screens: DisplaySearch
The MacBook Air has become the best advertisement for why companies should use LED (light-emitting diode) backlights in notebook screens, and is driving adoption, according to market researcher DisplaySearch.
LED backlights in display screens are an improvement over old CCFL (cold-cathode florescent lamps) technology for several reasons, including a stunning picture due to more vibrant contrasts, better power savings, and they're easier on the environment because they contain no mercury and last longer.
They also helped make the MacBook Air a marvel of thinness because they take up less space inside a screen. LED backlights are about half as thick as CCFL backlights, according to Luke Yao, an analyst at DisplaySearch.
"The problem with LED backlights is still cost, but prices are coming down," he said during a conference in Taipei.
The price of an LED backlight is still twice as much as that of CCFL or more. And the screen of a laptop is often its most expensive component, or second only to the microprocessor.
LED costs are falling as makers increase production. The technology is gaining ground in more and more devices, including mobile phones and auto lights, after getting their start in toys, MP3 players and other small displays. As production increases, the cost per unit comes down.
Notebook PCs, desktop monitors and LCD-TVs (liquid crystal display televisions) are the next ground for LEDs to conquer, and DisplaySearch believes the technology will perform well this year. The number of laptops, monitors and LCD-TVs with LED backlights will quadruple to 16.7 million units in 2008 from 4.0 million units last year, the market researcher said.
In laptops alone, LED backlights will increase to 7.2 percent of the entire market in 2008 on screens smaller than 14-inches, from 3.4 percent last year, DisplaySearch said. The MacBook Air carries a 13.3-inch screen.
On laptops with screens 14-inches or larger, LED backlight use will rise to 4.6 percent of the market this year, from just 0.1 percent last year. Next year will be a breakout year for LEDs in this category, as LED backlights go into 19.9 percent of all notebook PCs shipped, a figure that will nearly double to 38.8 percent in 2010.
The MacBook Air didn't start the trend to using LED backlights, but its stunningly thin design will prompt other companies to put out similar notebooks, Yao said, further spurring the LED industry.
LED backlights in display screens are an improvement over old CCFL (cold-cathode florescent lamps) technology for several reasons, including a stunning picture due to more vibrant contrasts, better power savings, and they're easier on the environment because they contain no mercury and last longer.
They also helped make the MacBook Air a marvel of thinness because they take up less space inside a screen. LED backlights are about half as thick as CCFL backlights, according to Luke Yao, an analyst at DisplaySearch.
"The problem with LED backlights is still cost, but prices are coming down," he said during a conference in Taipei.
The price of an LED backlight is still twice as much as that of CCFL or more. And the screen of a laptop is often its most expensive component, or second only to the microprocessor.
LED costs are falling as makers increase production. The technology is gaining ground in more and more devices, including mobile phones and auto lights, after getting their start in toys, MP3 players and other small displays. As production increases, the cost per unit comes down.
Notebook PCs, desktop monitors and LCD-TVs (liquid crystal display televisions) are the next ground for LEDs to conquer, and DisplaySearch believes the technology will perform well this year. The number of laptops, monitors and LCD-TVs with LED backlights will quadruple to 16.7 million units in 2008 from 4.0 million units last year, the market researcher said.
In laptops alone, LED backlights will increase to 7.2 percent of the entire market in 2008 on screens smaller than 14-inches, from 3.4 percent last year, DisplaySearch said. The MacBook Air carries a 13.3-inch screen.
On laptops with screens 14-inches or larger, LED backlight use will rise to 4.6 percent of the market this year, from just 0.1 percent last year. Next year will be a breakout year for LEDs in this category, as LED backlights go into 19.9 percent of all notebook PCs shipped, a figure that will nearly double to 38.8 percent in 2010.
The MacBook Air didn't start the trend to using LED backlights, but its stunningly thin design will prompt other companies to put out similar notebooks, Yao said, further spurring the LED industry.
Oracle to expand SAP lawsuit, may target execs
Oracle plans to expand its lawsuit against SAP to include charges that its TomorrowNow subsidiary stole software applications from Oracle, and that it did so with the knowledge of SAP executives, according to court papers filed Thursday.
Oracle said it plans to file a second amended complaint against SAP and TomorrowNow that will reveal "a pattern of unlawful conduct that is different from, and even more serious than," the conduct described in its initial complaint.
SAP's lawyers accused Oracle of exaggerating its claims, using court filings as "press releases" and trying to prolong the case unnecessarily. "Ignoring Judge Jenkins's admonitions, Oracle continues to submit hyperbolic argument in the guise of (court documents)," SAP's lawyers wrote.
Oracle filed its suit against SAP a year ago, alleging that TomorrowNow employees posed as Oracle customers in order to download software patches and other support materials from an Oracle support Web site. TomorrowNow used the materials to provide cut-price services to Oracle customers, and try to switch them to SAP's platform, Oracle said.
Based on recent depositions, Oracle now claims that TomorrowNow workers downloaded Oracle business applications, as well as just its support materials. "TomorrowNow then used the software "to service other customers, train its employees, and create fake 'SAP' branded fixes, updates and related documentation for distribution," Oracle said.
It also said SAP executives may have been complicit -- something SAP has vehemently denied. "It appears that SAP AG and SAP America knew -- at executive levels -- of the likely illegality of TN's [TomorrowNow's] business model from the time of their acquisition of TN and, for business reasons, failed to change it," Oracle said. It did not name any SAP executives.
The new charges are outlined in a 30-page joint filing submitted ahead of a case management conference scheduled for next week at the U.S. District Court for the Northern District of California in San Francisco. Oracle said it hopes SAP will agree to its filing the amended complaint, otherwise it will amend the new charges to the current one.
SAP did not return a call for comment Thursday evening. It posted the documents on its Web site about the case. Oracle also has a Web page about the suit.
SAP has admitted that TomorrowNow may have made some "inappropriate downloads" from Oracle, and has replaced top executives at the subsidiary since the case was filed. But it has characterized any wrongdoing as isolated incidents, rather than the pattern of illegal behavior that Oracle alleges.
Oracle is seeking damages to be proven at trial, an injunction for SAP to return any Oracle software, and legal costs.
SAP reluctantly agreed with Oracle to push the jury trial date back by a year to February 2010, the new documents show. Oracle said it needs the time to complete discovery. SAP wants to retain the date for a settlement conference this October, but Oracle asked the court to delay that by a year also.
SAP's lawyers repeatedly expressed frustration at Oracle for what they view as delaying the case by demanding "limitless discovery." They asked the court to make Oracle explain soon how SAP's conduct has damaged the company.
"Oracle recites essentially every element of every one of its claims as a factual dispute, ignoring that its repetitive claims all boil down to the same basic issues -- what was allegedly copied; was that copying permissible; how was Oracle harmed? Those are the factual issues in dispute," SAP said.
"Oracle does not want to be focused, nor does it apparently want to effectively or timely resolve this case," it said.
Oracle said the case involves an "extraordinary" amount of discovery, including terabytes of computer records that take weeks just to copy, forensic scientists, and "potentially hundreds of third parties." It also asked to extend the length of the trial from four weeks to six.
Oracle said it plans to file a second amended complaint against SAP and TomorrowNow that will reveal "a pattern of unlawful conduct that is different from, and even more serious than," the conduct described in its initial complaint.
SAP's lawyers accused Oracle of exaggerating its claims, using court filings as "press releases" and trying to prolong the case unnecessarily. "Ignoring Judge Jenkins's admonitions, Oracle continues to submit hyperbolic argument in the guise of (court documents)," SAP's lawyers wrote.
Oracle filed its suit against SAP a year ago, alleging that TomorrowNow employees posed as Oracle customers in order to download software patches and other support materials from an Oracle support Web site. TomorrowNow used the materials to provide cut-price services to Oracle customers, and try to switch them to SAP's platform, Oracle said.
Based on recent depositions, Oracle now claims that TomorrowNow workers downloaded Oracle business applications, as well as just its support materials. "TomorrowNow then used the software "to service other customers, train its employees, and create fake 'SAP' branded fixes, updates and related documentation for distribution," Oracle said.
It also said SAP executives may have been complicit -- something SAP has vehemently denied. "It appears that SAP AG and SAP America knew -- at executive levels -- of the likely illegality of TN's [TomorrowNow's] business model from the time of their acquisition of TN and, for business reasons, failed to change it," Oracle said. It did not name any SAP executives.
The new charges are outlined in a 30-page joint filing submitted ahead of a case management conference scheduled for next week at the U.S. District Court for the Northern District of California in San Francisco. Oracle said it hopes SAP will agree to its filing the amended complaint, otherwise it will amend the new charges to the current one.
SAP did not return a call for comment Thursday evening. It posted the documents on its Web site about the case. Oracle also has a Web page about the suit.
SAP has admitted that TomorrowNow may have made some "inappropriate downloads" from Oracle, and has replaced top executives at the subsidiary since the case was filed. But it has characterized any wrongdoing as isolated incidents, rather than the pattern of illegal behavior that Oracle alleges.
Oracle is seeking damages to be proven at trial, an injunction for SAP to return any Oracle software, and legal costs.
SAP reluctantly agreed with Oracle to push the jury trial date back by a year to February 2010, the new documents show. Oracle said it needs the time to complete discovery. SAP wants to retain the date for a settlement conference this October, but Oracle asked the court to delay that by a year also.
SAP's lawyers repeatedly expressed frustration at Oracle for what they view as delaying the case by demanding "limitless discovery." They asked the court to make Oracle explain soon how SAP's conduct has damaged the company.
"Oracle recites essentially every element of every one of its claims as a factual dispute, ignoring that its repetitive claims all boil down to the same basic issues -- what was allegedly copied; was that copying permissible; how was Oracle harmed? Those are the factual issues in dispute," SAP said.
"Oracle does not want to be focused, nor does it apparently want to effectively or timely resolve this case," it said.
Oracle said the case involves an "extraordinary" amount of discovery, including terabytes of computer records that take weeks just to copy, forensic scientists, and "potentially hundreds of third parties." It also asked to extend the length of the trial from four weeks to six.
AMD reports sixth consecutive quarterly loss
A weak first quarter has yielded a sixth consecutive quarterly loss at struggling chipmaker Advanced Micro Devices (AMD).
The company posted revenue of $1.51 billion for its first fiscal quarter of 2008, ended March 29, and a net loss of $358 million, or $0.59 per share. Excluding charges related to the company's 2006 acquisition of graphics chipmaker ATI Technologies, losses were $308 million, or $0.51 per share.
The bad results were in line with analyst expectations. AMD had warned the financial community last week that it would miss earnings expectations by about $100 million, blaming lower-than-expected results because of poor sales across all segments of its business. AMD plans to lay off 10 percent of its 16,800-employee workforce by the third quarter of 2008.
A few days after last week's earnings warning, the company's chief technology officer, Phil Hester, stepped down, adding to the bad news.
AMD had been hoping to turn things around by its second quarter. On Thursday it said it was hoping to again be profitable by year's end.
The company posted revenue of $1.51 billion for its first fiscal quarter of 2008, ended March 29, and a net loss of $358 million, or $0.59 per share. Excluding charges related to the company's 2006 acquisition of graphics chipmaker ATI Technologies, losses were $308 million, or $0.51 per share.
The bad results were in line with analyst expectations. AMD had warned the financial community last week that it would miss earnings expectations by about $100 million, blaming lower-than-expected results because of poor sales across all segments of its business. AMD plans to lay off 10 percent of its 16,800-employee workforce by the third quarter of 2008.
A few days after last week's earnings warning, the company's chief technology officer, Phil Hester, stepped down, adding to the bad news.
AMD had been hoping to turn things around by its second quarter. On Thursday it said it was hoping to again be profitable by year's end.
SEMs crave more search ad competition, eye MS-Yahoo
If Microsoft acquires Yahoo, the search engine ad market could gain a viable and sorely needed competitor to Google, but only if the post-merger integration is done with speed and precision.
That's the opinion of several search engine marketing (SEM) firms with experience helping clients design and manage campaigns on the Google, Yahoo and Microsoft search ad platforms.
As things stand now, Google has an overwhelming dominance of this market thanks to the massive popularity of its search engine, which gives its ads a wider and deeper distribution reach that dwarfs that of Microsoft and Yahoo.
Inevitably, most search ad budgets are devoted to Google campaigns, but advertisers would benefit from a more balanced competitive environment in which an alternative ad platform isn't discarded as an option purely on the basis of its limited reach, those interviewed said.
"We feel that a successful acquisition and integration of their [Microsoft's and Yahoo's] offerings offers the potential of forming a credible competitor to Google," said Noah Elkin, vice president of corporate strategy for digital marketing firm Steak Media.
This is important, especially now that Yahoo may outsource its search advertising business to Google. "The dominance of any one company in a given area is not good for the industry. We believe that competition is key to delivering value to advertisers," Elkin wrote via e-mail.
Search advertising is the largest segment of the overall online ad market, accounting for about 40 percent of spending in the U.S. last year, according to IDC. Google nabbed almost 80 percent of the about US$10.2 billion spent in search ads in the U.S. in 2007, followed by Yahoo with about 12 percent and Microsoft with 6 percent, according to IDC.
Anna Sebestyen, a freelance search marketer, works primarily with small and medium-size clients whose search ad budgets are smaller than those of large companies, so the opportunity to give Yahoo and Microsoft a shot at clients' campaigns is more limited.
"I give a chance to MSN and Yahoo whenever I can to see the specific reaction in a certain campaign, but my tests so far have shown that my clients' money is better spent, ROI is higher -- with the limited budget they have -- on Google, currently," she said via e-mail.
Interestingly, some SEM experts have found that Microsoft and Yahoo sometimes do a better job of targeting search ads than Google, especially in certain industries. This has been the experience of Nick Stamoulis, president of Brick Marketing, and so he's hoping that Microsoft succeeds in acquiring Yahoo and creating a search ad business that can compete in distribution volume with Google.
On the other hand, he's not enthused with the possibility of Yahoo outsourcing its search ad business to Google. "This would increase the costs for everyone. I don't think this would be a good move for the Search Engine Marketing and Pay Per Click industries," Stamoulis said via e-mail.
Others, like Jon Pape, an Internet marketing specialist at Meijer.com, think Yahoo should remain independent because it has the talent and resources required to make a run at Google.
"Best case scenario would be for Yahoo to unify all their Web assets under one brand, stop playing catch-up with Google and come out with some innovative technology that advertisers find useful, and attract more users. Buying Yahoo will get Microsoft more user data, consumers, and eyeballs but I think the purchase will hurt innovation and consumers in the end. Having three large search firms fosters innovation," Pape said via e-mail.
Google, with its dominant position, has gotten complacent, creating the opportunity for competitors to get advertisers' attention, he said. "Google made it easy for advertisers of any size company to advertise but they treat most of their advertisers with a condescending attitude. I think there would be a lot of advertisers that would be happy to just use Yahoo or Microsoft and not Google at all. However, when 80 percent to 90 percent of most companies' revenue comes from Google, it's basically Google and everyone else," Pape said.
Of course, simply acquiring Yahoo will do little good if Microsoft bungles the integration process. This in fact would give Google the chance to further boost its dominance. "They would have to quickly rationalize how they're going to integrate Yahoo," John Squire, Coremetrics' chief strategy officer, said in a phone interview.
Otherwise, if the integration drags on and the Yahoo and Microsoft search ad teams operate independently for an extended period of time, publishers and advertisers might get confused and turned off by the conflicting strategies and messages, Squire said.
Specifically, Squire worries that, as far as he has been able to tell, both Microsoft and Yahoo have been recently quick to acquire multiple online ad companies, but not as quick to merge their operations and technologies into their respective ad platforms.
Many things -- operational, cultural and technical -- can go awry during an integration of the Microsoft-Yahoo magnitude, Elkin said. "If the integration takes too long, if good engineers leave and if the momentum of one or both of the companies stalls, there is potential for negative consequences," he said.
The companies should also strive, as they proceed with the integration, to minimize the need for their advertisers and publishers to relearn how to use the Microsoft and Yahoo search ad tools and services. Having to embark on a steep learning curve would be a major turn-off for these partners and customers, said several of those interviewed.
"Should the deal go ahead, we hope to leverage our relationships with both engines to ensure that we're closely accompanying any changes in tools and systems. We would want any transition to be seamless for our clients and expect that new or revised tools would enable us to deliver more value for our clients' online campaigns," Elkin said.
That's the opinion of several search engine marketing (SEM) firms with experience helping clients design and manage campaigns on the Google, Yahoo and Microsoft search ad platforms.
As things stand now, Google has an overwhelming dominance of this market thanks to the massive popularity of its search engine, which gives its ads a wider and deeper distribution reach that dwarfs that of Microsoft and Yahoo.
Inevitably, most search ad budgets are devoted to Google campaigns, but advertisers would benefit from a more balanced competitive environment in which an alternative ad platform isn't discarded as an option purely on the basis of its limited reach, those interviewed said.
"We feel that a successful acquisition and integration of their [Microsoft's and Yahoo's] offerings offers the potential of forming a credible competitor to Google," said Noah Elkin, vice president of corporate strategy for digital marketing firm Steak Media.
This is important, especially now that Yahoo may outsource its search advertising business to Google. "The dominance of any one company in a given area is not good for the industry. We believe that competition is key to delivering value to advertisers," Elkin wrote via e-mail.
Search advertising is the largest segment of the overall online ad market, accounting for about 40 percent of spending in the U.S. last year, according to IDC. Google nabbed almost 80 percent of the about US$10.2 billion spent in search ads in the U.S. in 2007, followed by Yahoo with about 12 percent and Microsoft with 6 percent, according to IDC.
Anna Sebestyen, a freelance search marketer, works primarily with small and medium-size clients whose search ad budgets are smaller than those of large companies, so the opportunity to give Yahoo and Microsoft a shot at clients' campaigns is more limited.
"I give a chance to MSN and Yahoo whenever I can to see the specific reaction in a certain campaign, but my tests so far have shown that my clients' money is better spent, ROI is higher -- with the limited budget they have -- on Google, currently," she said via e-mail.
Interestingly, some SEM experts have found that Microsoft and Yahoo sometimes do a better job of targeting search ads than Google, especially in certain industries. This has been the experience of Nick Stamoulis, president of Brick Marketing, and so he's hoping that Microsoft succeeds in acquiring Yahoo and creating a search ad business that can compete in distribution volume with Google.
On the other hand, he's not enthused with the possibility of Yahoo outsourcing its search ad business to Google. "This would increase the costs for everyone. I don't think this would be a good move for the Search Engine Marketing and Pay Per Click industries," Stamoulis said via e-mail.
Others, like Jon Pape, an Internet marketing specialist at Meijer.com, think Yahoo should remain independent because it has the talent and resources required to make a run at Google.
"Best case scenario would be for Yahoo to unify all their Web assets under one brand, stop playing catch-up with Google and come out with some innovative technology that advertisers find useful, and attract more users. Buying Yahoo will get Microsoft more user data, consumers, and eyeballs but I think the purchase will hurt innovation and consumers in the end. Having three large search firms fosters innovation," Pape said via e-mail.
Google, with its dominant position, has gotten complacent, creating the opportunity for competitors to get advertisers' attention, he said. "Google made it easy for advertisers of any size company to advertise but they treat most of their advertisers with a condescending attitude. I think there would be a lot of advertisers that would be happy to just use Yahoo or Microsoft and not Google at all. However, when 80 percent to 90 percent of most companies' revenue comes from Google, it's basically Google and everyone else," Pape said.
Of course, simply acquiring Yahoo will do little good if Microsoft bungles the integration process. This in fact would give Google the chance to further boost its dominance. "They would have to quickly rationalize how they're going to integrate Yahoo," John Squire, Coremetrics' chief strategy officer, said in a phone interview.
Otherwise, if the integration drags on and the Yahoo and Microsoft search ad teams operate independently for an extended period of time, publishers and advertisers might get confused and turned off by the conflicting strategies and messages, Squire said.
Specifically, Squire worries that, as far as he has been able to tell, both Microsoft and Yahoo have been recently quick to acquire multiple online ad companies, but not as quick to merge their operations and technologies into their respective ad platforms.
Many things -- operational, cultural and technical -- can go awry during an integration of the Microsoft-Yahoo magnitude, Elkin said. "If the integration takes too long, if good engineers leave and if the momentum of one or both of the companies stalls, there is potential for negative consequences," he said.
The companies should also strive, as they proceed with the integration, to minimize the need for their advertisers and publishers to relearn how to use the Microsoft and Yahoo search ad tools and services. Having to embark on a steep learning curve would be a major turn-off for these partners and customers, said several of those interviewed.
"Should the deal go ahead, we hope to leverage our relationships with both engines to ensure that we're closely accompanying any changes in tools and systems. We would want any transition to be seamless for our clients and expect that new or revised tools would enable us to deliver more value for our clients' online campaigns," Elkin said.
Google grows profit and revenue in Q1
Google posted solid growth in its revenue and profit during 2008's first quarter and exceeded Wall Street expectations in both categories, amid widespread concern that the search engine giant's results would be weak.
Google generated revenue of US$5.19 billion for the quarter that ended March 31, up 42 percent compared with 2007's first quarter, Google said Thursday.
Excluding the advertising commissions it pays to Web site publishers that carry its ads, Google posted revenue of $3.7 billion, beating the $3.608 billion consensus expectation of financial analysts polled by Thomson Financial.
The company had net income of $1.31 billion, or $4.12 per share, compared with $1 billion, or $3.18 per share in 2007's first quarter.
On a pro-forma basis, excluding certain items, net income was $1.54 billion, or $4.84 per share, topping analysts' expectation of $4.52 per share.
Google's ability to continue generating solid revenue and profits from its search advertising business came under scrutiny in recent months, as several independent studies suggested that people were clicking less than expected on its pay-per-click ads and that rival Yahoo is stealing market share. However, the first quarter results at first glance don't seem to indicate any major breakdown in Google's revenue-and-profit making machine.
Google reported paid-click growth of 20 percent year-on-year, during a quarter when the company tightened its ad-targeting technology to serve fewer but more relevant ads, executives said during a conference call.
"Paid-click growth was much higher than has been speculated by third parties. In search, we continue to invest in quality, particularly internationally, and quality improvements lead to increased traffic and share," said Eric Schmidt, Google's chairman and CEO.
Reports from comScore in January, February and March indicated that Google's paid-click growth rate had slowed down significantly in the U.S., leading to concerns that the company would report disappointing results.
But Schmidt repeated explanations given recently by other Google executives, that the company has been purposefully serving fewer but more targeted ads to its users, and that these efforts increase the value of those clicks to advertisers.
"We're showing fewer but much better ads in each cycle. That's a key part of the Google success story," Schmidt said. "We're putting more and more flexibility and control in the hands of advertisers so they can decide exactly where the ads should go and measure it in a way that … they couldn't before."
Also contributing to Google's success is the company's three-pronged strategy of ads, applications and search, which "is beginning to show transformative effects" because it fosters increased Web use and propels ad revenue, he said. Schmidt added that Google hasn't been significantly affected by the recent economic downturn in the U.S.
Sergey Brin, co-founder and technology president, said Google rolled out about 100 material improvements to its core search engine during the first quarter.
Schmidt and other executives on the call stressed time and again that with DoubleClick, Google is poised to finally give its anemic graphic/display ad business a boost. "DoubleClick is hugely strategic for us. It allows us to offer a much more comprehensive solution for advertisers and publishers," Schmidt said.
Jonathan Rosenberg, senior vice president of product management, made a bold prediction for Google's graphic/display ad business. "From a big-picture perspective, we really feel we're in a position to become the world's largest display ad provider," he said.
In addition to DoubleClick, Google is counting on YouTube to boost its graphic/display ads, as well as potentially other Google-owned sites like the Orkut social network and Images search engine, as well as in partner sites, Brin said. "We're pretty optimistic on both fronts," Brin said.
So far, most of Google's revenue comes from the pay-per-click text ads it serves up along with its search results and in the sites of its advertising partners. While being the best provider of this type of ad has been enough to power the company's eye-popping revenue and profit growth, the consensus inside and outside of Google is that it needs to diversify into other online and offline ad formats.
Asked about last week's surprising announcement that Yahoo would test running Google search ads, Schmidt said: "We're very excited to be participating in this test. I don't think it's really appropriate to speculate beyond that, but it's nice to be working with Yahoo and we like them very much."
The test is the latest maneuver by Yahoo to avoid being acquired by Microsoft, which has said it will resort to hostile tactics because it needs the acquisition to compete against Google. If the test goes well, it is believed that Yahoo would consider outsourcing all or most of its search ad business to Google, because doing so could significantly increase Yahoo's cash flow.
Google's first quarter results include the operations of DoubleClick starting on the date when the acquisition closed, March 11, until the quarter's end, but their impact was immaterial to revenue and "only slightly dilutive" to net income and earnings per share, Google said.
Google generated revenue of US$5.19 billion for the quarter that ended March 31, up 42 percent compared with 2007's first quarter, Google said Thursday.
Excluding the advertising commissions it pays to Web site publishers that carry its ads, Google posted revenue of $3.7 billion, beating the $3.608 billion consensus expectation of financial analysts polled by Thomson Financial.
The company had net income of $1.31 billion, or $4.12 per share, compared with $1 billion, or $3.18 per share in 2007's first quarter.
On a pro-forma basis, excluding certain items, net income was $1.54 billion, or $4.84 per share, topping analysts' expectation of $4.52 per share.
Google's ability to continue generating solid revenue and profits from its search advertising business came under scrutiny in recent months, as several independent studies suggested that people were clicking less than expected on its pay-per-click ads and that rival Yahoo is stealing market share. However, the first quarter results at first glance don't seem to indicate any major breakdown in Google's revenue-and-profit making machine.
Google reported paid-click growth of 20 percent year-on-year, during a quarter when the company tightened its ad-targeting technology to serve fewer but more relevant ads, executives said during a conference call.
"Paid-click growth was much higher than has been speculated by third parties. In search, we continue to invest in quality, particularly internationally, and quality improvements lead to increased traffic and share," said Eric Schmidt, Google's chairman and CEO.
Reports from comScore in January, February and March indicated that Google's paid-click growth rate had slowed down significantly in the U.S., leading to concerns that the company would report disappointing results.
But Schmidt repeated explanations given recently by other Google executives, that the company has been purposefully serving fewer but more targeted ads to its users, and that these efforts increase the value of those clicks to advertisers.
"We're showing fewer but much better ads in each cycle. That's a key part of the Google success story," Schmidt said. "We're putting more and more flexibility and control in the hands of advertisers so they can decide exactly where the ads should go and measure it in a way that … they couldn't before."
Also contributing to Google's success is the company's three-pronged strategy of ads, applications and search, which "is beginning to show transformative effects" because it fosters increased Web use and propels ad revenue, he said. Schmidt added that Google hasn't been significantly affected by the recent economic downturn in the U.S.
Sergey Brin, co-founder and technology president, said Google rolled out about 100 material improvements to its core search engine during the first quarter.
Schmidt and other executives on the call stressed time and again that with DoubleClick, Google is poised to finally give its anemic graphic/display ad business a boost. "DoubleClick is hugely strategic for us. It allows us to offer a much more comprehensive solution for advertisers and publishers," Schmidt said.
Jonathan Rosenberg, senior vice president of product management, made a bold prediction for Google's graphic/display ad business. "From a big-picture perspective, we really feel we're in a position to become the world's largest display ad provider," he said.
In addition to DoubleClick, Google is counting on YouTube to boost its graphic/display ads, as well as potentially other Google-owned sites like the Orkut social network and Images search engine, as well as in partner sites, Brin said. "We're pretty optimistic on both fronts," Brin said.
So far, most of Google's revenue comes from the pay-per-click text ads it serves up along with its search results and in the sites of its advertising partners. While being the best provider of this type of ad has been enough to power the company's eye-popping revenue and profit growth, the consensus inside and outside of Google is that it needs to diversify into other online and offline ad formats.
Asked about last week's surprising announcement that Yahoo would test running Google search ads, Schmidt said: "We're very excited to be participating in this test. I don't think it's really appropriate to speculate beyond that, but it's nice to be working with Yahoo and we like them very much."
The test is the latest maneuver by Yahoo to avoid being acquired by Microsoft, which has said it will resort to hostile tactics because it needs the acquisition to compete against Google. If the test goes well, it is believed that Yahoo would consider outsourcing all or most of its search ad business to Google, because doing so could significantly increase Yahoo's cash flow.
Google's first quarter results include the operations of DoubleClick starting on the date when the acquisition closed, March 11, until the quarter's end, but their impact was immaterial to revenue and "only slightly dilutive" to net income and earnings per share, Google said.
Ray Ozzie talks open source, mesh
Microsoft has "dramatically" changed because of open-source software, the company's Chief Software Architect Ray Ozzie said Thursday as part of a wide-ranging discussion during the annual Most Valuable Professional summit in Seattle. He also talked about Microsoft's mesh concept and the importance of virtualization.
"Microsoft fundamentally, as a whole, has changed dramatically as a result of open source," Ozzie said. "As people have been using it more and more, the nature of interoperability between our systems and others has increased." That means that from the very start when Microsoft begins developing new products, it considers what components it will want to open up to outside developers, he said.
Still, that doesn't mean that Microsoft is changing its approach to business. "We have a software business that is based on proprietary software. We tactically or strategically will take certain aspects of what we do and open source them where we believe there will be a real benefit to the community," he said. The open sourcing of the .Net framework is an example of that, he said.
Ozzie also spoke a bit about Microsoft's vision for using the Web to connect devices and content, in what may foreshadow an announcement the company plans for next week. "The Web really is a hub. It can be viewed conceptually as a hub for a social mesh and device mesh," he said. Using the Internet as a hub for a social mesh means people can connect a wide range of online content like information they tag and rank, content they publish and information they subscribe to, he said.
Ozzie's vision could hint at a service, Live Mesh, that Microsoft plans to unveil on Tuesday. The company has not revealed any details about the offering except to say it will be unveiled next week during the Web 2.0 Expo in San Francisco. Ozzie briefly described a similar mesh vision earlier this year at the Mix 08 conference.
Microsoft already offers an online sharing service, SkyDrive, which is still in beta. SkyDrive is an online storage system that users can access from their PCs and from any other device with a browser, like a smartphone.
Beyond content, the Internet can also serve as a hub for devices, Ozzie said. "From a device standpoint, the Web can be a hub in terms of bringing devices we have together," he said. While enterprises often connect and manage thousands of computers in a business, individuals have a variety of devices such as phones, PCs, media centers and music players that are mostly unconnected, he said.
Microsoft has already done some connecting of devices, including a service that lets Xbox and Zune users share media between the devices via the Web.
That model can also be extended to broaden the way that enterprises connect devices, he said. For example, a mobile user could take a photograph and use the picture in a project the user is working on via a PC and the Web, he said.
Ozzie also touched on two other principles guiding the work at Microsoft, including getting the mix of software and services right and moving away from "monolithic" programs to fragmented pieces of software that end-users can choose to use as appropriate.
Virtualization is another area that Microsoft thinks will be increasingly important. "Within the enterprise, virtualization is the simplest and most straightforward way to make the best use of data center resources," he said.
Ozzie also praised the work the MVPs do in providing feedback to Microsoft. The software industry "used to be so supply constrained," he said. "You could build almost anything and there'd be an audience waiting for it." Today, however, there's an abundance of software and services that users can choose from. That means Microsoft's challenge is to better understand what users want in order to best target their needs, he said.
About 4,000 technology experts make up Microsoft's MVP program. Nearly 1,800 of them met this week in Seattle at an annual summit.
"Microsoft fundamentally, as a whole, has changed dramatically as a result of open source," Ozzie said. "As people have been using it more and more, the nature of interoperability between our systems and others has increased." That means that from the very start when Microsoft begins developing new products, it considers what components it will want to open up to outside developers, he said.
Still, that doesn't mean that Microsoft is changing its approach to business. "We have a software business that is based on proprietary software. We tactically or strategically will take certain aspects of what we do and open source them where we believe there will be a real benefit to the community," he said. The open sourcing of the .Net framework is an example of that, he said.
Ozzie also spoke a bit about Microsoft's vision for using the Web to connect devices and content, in what may foreshadow an announcement the company plans for next week. "The Web really is a hub. It can be viewed conceptually as a hub for a social mesh and device mesh," he said. Using the Internet as a hub for a social mesh means people can connect a wide range of online content like information they tag and rank, content they publish and information they subscribe to, he said.
Ozzie's vision could hint at a service, Live Mesh, that Microsoft plans to unveil on Tuesday. The company has not revealed any details about the offering except to say it will be unveiled next week during the Web 2.0 Expo in San Francisco. Ozzie briefly described a similar mesh vision earlier this year at the Mix 08 conference.
Microsoft already offers an online sharing service, SkyDrive, which is still in beta. SkyDrive is an online storage system that users can access from their PCs and from any other device with a browser, like a smartphone.
Beyond content, the Internet can also serve as a hub for devices, Ozzie said. "From a device standpoint, the Web can be a hub in terms of bringing devices we have together," he said. While enterprises often connect and manage thousands of computers in a business, individuals have a variety of devices such as phones, PCs, media centers and music players that are mostly unconnected, he said.
Microsoft has already done some connecting of devices, including a service that lets Xbox and Zune users share media between the devices via the Web.
That model can also be extended to broaden the way that enterprises connect devices, he said. For example, a mobile user could take a photograph and use the picture in a project the user is working on via a PC and the Web, he said.
Ozzie also touched on two other principles guiding the work at Microsoft, including getting the mix of software and services right and moving away from "monolithic" programs to fragmented pieces of software that end-users can choose to use as appropriate.
Virtualization is another area that Microsoft thinks will be increasingly important. "Within the enterprise, virtualization is the simplest and most straightforward way to make the best use of data center resources," he said.
Ozzie also praised the work the MVPs do in providing feedback to Microsoft. The software industry "used to be so supply constrained," he said. "You could build almost anything and there'd be an audience waiting for it." Today, however, there's an abundance of software and services that users can choose from. That means Microsoft's challenge is to better understand what users want in order to best target their needs, he said.
About 4,000 technology experts make up Microsoft's MVP program. Nearly 1,800 of them met this week in Seattle at an annual summit.
Ballmer: Windows Vista is 'a work in progress'
As PC users clamor for Microsoft to continue to support Windows XP, company CEO Steve Ballmer called the Vista OS "a work in progress" at an annual Seattle event on Thursday.
"It's a very important piece of work. We did a lot of things right and have a lot of things we need to learn from. You never want to let five years go between releases," he said.
While Microsoft recently extended the date when the XP software will be available for low-cost PCs, it doesn't plan to listen to some other complaints, including that Vista is too big. "Vista is bigger than XP and it's gonna stay bigger than XP," Ballmer said. "We have to make sure it doesn't get bigger still."
During the lively session, peppered with flag waving by a rowdy group of Canadians, hoots and applause, Ballmer spoke about a few other key areas that the company will focused on in the near future. "It's virtualization time for Microsoft," he said. "We're gonna make sure we democratize virtualization." Probably less than 5 percent of servers in the world are virtualized today, he said. "It's too darn expensive and too hard to manage. We intend to take major strides around addressing both of those."
He also said to expect more work from Microsoft in the search market. "There's an opportunity to knock the socks off in terms of innovation," he said.
Once Microsoft introduces some blog services later this year, Ballmer intends to ask its MVPs (Most Valuable Professionals) to switch their default searches to Live Search for one week. After that week, he'll ask for their feedback about what they liked and what they didn't, as part of a broad effort to improve Microsoft's third-place standing in the search market.
Another key area for the future of Microsoft is services. Overall, the use of hosted services worldwide is small, but Ballmer expects that in two to three years there will be an inflection point after which millions of people will use hosted services, he said.
There are 4,000 Microsoft MVPs around the world, and nearly 1,800 of them gathered in Seattle this week for an annual summit. MVPs are technology experts who provide feedback to Microsoft about its products -- Ballmer said they are his favorite group to address.
The topics Ballmer tackled during his talk were sometimes similar, but much broader compared to the big issue that he, Bill Gates and Paul Allen, Microsoft's founders, discussed while beginning to develop software at Harvard University. "Our strategy and mission have expanded," Ballmer said. In the very beginning, year after year, Allen would approach Gates with the idea to start building computers. And each time Gates sagely said, 'No, Paul, we're not hardware guys,'" Ballmer said. "We're on that same strategy 30 years later ... but we do have an expansive vision."
"It's a very important piece of work. We did a lot of things right and have a lot of things we need to learn from. You never want to let five years go between releases," he said.
While Microsoft recently extended the date when the XP software will be available for low-cost PCs, it doesn't plan to listen to some other complaints, including that Vista is too big. "Vista is bigger than XP and it's gonna stay bigger than XP," Ballmer said. "We have to make sure it doesn't get bigger still."
During the lively session, peppered with flag waving by a rowdy group of Canadians, hoots and applause, Ballmer spoke about a few other key areas that the company will focused on in the near future. "It's virtualization time for Microsoft," he said. "We're gonna make sure we democratize virtualization." Probably less than 5 percent of servers in the world are virtualized today, he said. "It's too darn expensive and too hard to manage. We intend to take major strides around addressing both of those."
He also said to expect more work from Microsoft in the search market. "There's an opportunity to knock the socks off in terms of innovation," he said.
Once Microsoft introduces some blog services later this year, Ballmer intends to ask its MVPs (Most Valuable Professionals) to switch their default searches to Live Search for one week. After that week, he'll ask for their feedback about what they liked and what they didn't, as part of a broad effort to improve Microsoft's third-place standing in the search market.
Another key area for the future of Microsoft is services. Overall, the use of hosted services worldwide is small, but Ballmer expects that in two to three years there will be an inflection point after which millions of people will use hosted services, he said.
There are 4,000 Microsoft MVPs around the world, and nearly 1,800 of them gathered in Seattle this week for an annual summit. MVPs are technology experts who provide feedback to Microsoft about its products -- Ballmer said they are his favorite group to address.
The topics Ballmer tackled during his talk were sometimes similar, but much broader compared to the big issue that he, Bill Gates and Paul Allen, Microsoft's founders, discussed while beginning to develop software at Harvard University. "Our strategy and mission have expanded," Ballmer said. In the very beginning, year after year, Allen would approach Gates with the idea to start building computers. And each time Gates sagely said, 'No, Paul, we're not hardware guys,'" Ballmer said. "We're on that same strategy 30 years later ... but we do have an expansive vision."
Ballmer: Windows Vista is 'a work in progress'
As PC users clamor for Microsoft to continue to support Windows XP, company CEO Steve Ballmer called the Vista OS "a work in progress" at an annual Seattle event on Thursday.
"It's a very important piece of work. We did a lot of things right and have a lot of things we need to learn from. You never want to let five years go between releases," he said.
While Microsoft recently extended the date when the XP software will be available for low-cost PCs, it doesn't plan to listen to some other complaints, including that Vista is too big. "Vista is bigger than XP and it's gonna stay bigger than XP," Ballmer said. "We have to make sure it doesn't get bigger still."
During the lively session, peppered with flag waving by a rowdy group of Canadians, hoots and applause, Ballmer spoke about a few other key areas that the company will focused on in the near future. "It's virtualization time for Microsoft," he said. "We're gonna make sure we democratize virtualization." Probably less than 5 percent of servers in the world are virtualized today, he said. "It's too darn expensive and too hard to manage. We intend to take major strides around addressing both of those."
He also said to expect more work from Microsoft in the search market. "There's an opportunity to knock the socks off in terms of innovation," he said.
Once Microsoft introduces some blog services later this year, Ballmer intends to ask its MVPs (Most Valuable Professionals) to switch their default searches to Live Search for one week. After that week, he'll ask for their feedback about what they liked and what they didn't, as part of a broad effort to improve Microsoft's third-place standing in the search market.
Another key area for the future of Microsoft is services. Overall, the use of hosted services worldwide is small, but Ballmer expects that in two to three years there will be an inflection point after which millions of people will use hosted services, he said.
There are 4,000 Microsoft MVPs around the world, and nearly 1,800 of them gathered in Seattle this week for an annual summit. MVPs are technology experts who provide feedback to Microsoft about its products -- Ballmer said they are his favorite group to address.
The topics Ballmer tackled during his talk were sometimes similar, but much broader compared to the big issue that he, Bill Gates and Paul Allen, Microsoft's founders, discussed while beginning to develop software at Harvard University. "Our strategy and mission have expanded," Ballmer said. In the very beginning, year after year, Allen would approach Gates with the idea to start building computers. And each time Gates sagely said, 'No, Paul, we're not hardware guys,'" Ballmer said. "We're on that same strategy 30 years later ... but we do have an expansive vision."
"It's a very important piece of work. We did a lot of things right and have a lot of things we need to learn from. You never want to let five years go between releases," he said.
While Microsoft recently extended the date when the XP software will be available for low-cost PCs, it doesn't plan to listen to some other complaints, including that Vista is too big. "Vista is bigger than XP and it's gonna stay bigger than XP," Ballmer said. "We have to make sure it doesn't get bigger still."
During the lively session, peppered with flag waving by a rowdy group of Canadians, hoots and applause, Ballmer spoke about a few other key areas that the company will focused on in the near future. "It's virtualization time for Microsoft," he said. "We're gonna make sure we democratize virtualization." Probably less than 5 percent of servers in the world are virtualized today, he said. "It's too darn expensive and too hard to manage. We intend to take major strides around addressing both of those."
He also said to expect more work from Microsoft in the search market. "There's an opportunity to knock the socks off in terms of innovation," he said.
Once Microsoft introduces some blog services later this year, Ballmer intends to ask its MVPs (Most Valuable Professionals) to switch their default searches to Live Search for one week. After that week, he'll ask for their feedback about what they liked and what they didn't, as part of a broad effort to improve Microsoft's third-place standing in the search market.
Another key area for the future of Microsoft is services. Overall, the use of hosted services worldwide is small, but Ballmer expects that in two to three years there will be an inflection point after which millions of people will use hosted services, he said.
There are 4,000 Microsoft MVPs around the world, and nearly 1,800 of them gathered in Seattle this week for an annual summit. MVPs are technology experts who provide feedback to Microsoft about its products -- Ballmer said they are his favorite group to address.
The topics Ballmer tackled during his talk were sometimes similar, but much broader compared to the big issue that he, Bill Gates and Paul Allen, Microsoft's founders, discussed while beginning to develop software at Harvard University. "Our strategy and mission have expanded," Ballmer said. In the very beginning, year after year, Allen would approach Gates with the idea to start building computers. And each time Gates sagely said, 'No, Paul, we're not hardware guys,'" Ballmer said. "We're on that same strategy 30 years later ... but we do have an expansive vision."
Mozilla patches Firefox JavaScript bug
Mozilla on Wednesday patched a single critical security vulnerability in the JavaScript engine of Firefox, updating the open-source browser to Version 2.0.0.14.
According to the associated advisory, Mozilla patched the bug primarily for stability reasons, but said that attackers might leverage crashes in JavaScript's garbage collector. "We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past," the advisory read.
JavaScript's garbage collector reclaims memory and returns it to the system; its efficiency is an important factor in the performance of JavaScript specifically and Firefox in general.
Firefox 2.0.0.14 can be downloaded from the Mozilla site in versions for Windows, Mac OS X and Linux. Users running Firefox can call up the browser's built in updater, or wait for the automatic update notification, which typically appears within 24 to 48 hours after Mozilla posts a new version.
As with Firefox fixes issued in March, Wednesday's wasn't added to Thunderbird, even though the e-mail client uses Firefox's engine. A month ago, David Ascher, the head of Mozilla Messaging Inc. pleaded lack of resources when he explained why JavaScript bugs in Thunderbird weren't fixed, but said the e-mailer would be patched in "several weeks."
Thunderbird has not been updated since early February.
Wednesday, Mozilla again warned Thunderbird users that JavaScript was potentially dangerous because patches hadn't been applied. "Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail," the advisory said. "This is not the default setting and we strongly discourage users from running JavaScript in mail."
According to the associated advisory, Mozilla patched the bug primarily for stability reasons, but said that attackers might leverage crashes in JavaScript's garbage collector. "We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past," the advisory read.
JavaScript's garbage collector reclaims memory and returns it to the system; its efficiency is an important factor in the performance of JavaScript specifically and Firefox in general.
Firefox 2.0.0.14 can be downloaded from the Mozilla site in versions for Windows, Mac OS X and Linux. Users running Firefox can call up the browser's built in updater, or wait for the automatic update notification, which typically appears within 24 to 48 hours after Mozilla posts a new version.
As with Firefox fixes issued in March, Wednesday's wasn't added to Thunderbird, even though the e-mail client uses Firefox's engine. A month ago, David Ascher, the head of Mozilla Messaging Inc. pleaded lack of resources when he explained why JavaScript bugs in Thunderbird weren't fixed, but said the e-mailer would be patched in "several weeks."
Thunderbird has not been updated since early February.
Wednesday, Mozilla again warned Thunderbird users that JavaScript was potentially dangerous because patches hadn't been applied. "Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail," the advisory said. "This is not the default setting and we strongly discourage users from running JavaScript in mail."
SANS solves mystery of mass Web site infections
The SANS Institute has uncovered what they've termed a "rare gem" as far as computer security investigations go that sheds new light on how up to 20,000 Web sites have been hacked since January.
They found a sneaky software tool that uses Google's search engine to hunt for Web sites running certain kinds of vulnerable applications, wrote Bojan Zdrnja, on the institute's blog.
"While we had a general idea about what they do during these attacks, and we knew that they were automated, we did not know exactly how the attacks worked, or what tools the attackers used," Zdrnja wrote.
When the tool finds a site that is vulnerable, it kicks into action. "The exploit just consisted of an SQL statement that tried to inject a script tag into every HTML page on the web site," Zdrnja wrote.
That SQL statement was crafted to target Web sites running Microsoft's Internet Information Server and SQL Server. Once compromised, the Web sites were then rigged to serve malicious software to visitors using JavaScript, which tried various exploits based on known software vulnerabilities.
Among the malicious programs served up was a password-stealing program for the game "Lord of the Rings Online," security vendor McAfee said last month.
SANS said the software tool also reports to a server based in China, a feature that may be used to count the number of infections in order for the person using the tool can get paid, Zdrnja wrote. The tool may have other functions, but SANS is still analyzing it.
Among the victims from these attacks were the Web sites of security vendor Trend Micro as well as CA.
They found a sneaky software tool that uses Google's search engine to hunt for Web sites running certain kinds of vulnerable applications, wrote Bojan Zdrnja, on the institute's blog.
"While we had a general idea about what they do during these attacks, and we knew that they were automated, we did not know exactly how the attacks worked, or what tools the attackers used," Zdrnja wrote.
When the tool finds a site that is vulnerable, it kicks into action. "The exploit just consisted of an SQL statement that tried to inject a script tag into every HTML page on the web site," Zdrnja wrote.
That SQL statement was crafted to target Web sites running Microsoft's Internet Information Server and SQL Server. Once compromised, the Web sites were then rigged to serve malicious software to visitors using JavaScript, which tried various exploits based on known software vulnerabilities.
Among the malicious programs served up was a password-stealing program for the game "Lord of the Rings Online," security vendor McAfee said last month.
SANS said the software tool also reports to a server based in China, a feature that may be used to count the number of infections in order for the person using the tool can get paid, Zdrnja wrote. The tool may have other functions, but SANS is still analyzing it.
Among the victims from these attacks were the Web sites of security vendor Trend Micro as well as CA.
AMD's Quad-Core Opteron available in Dell servers
Five Dell servers based on Advanced Micro Devices' Quad-Core Opteron processors are available on the computer company's Web site, bringing the number of server models that use the chip to 13, AMD said.
The announcement is further evidence that AMD's troubled quad-core processor is back on track, following months of production delays and a bug discovered last year that further postponed the chip's release. Last week, AMD revealed it had begun shipping the processors, which had already found their way into systems available from Hewlett-Packard.
The five Dell server models based on the Quad-Core Opteron that are now available are the PowerEdge SC1435, 2970, M605, 6950, and T605. The servers are available in rack and tower models aimed at a range of corporate users, from small business to large corporations.
The availability of servers based on the Quad-Core Opteron is a boost for AMD, but the company still faces significant hurdles and recently announced plans to trim its workforce by 10 percent. At the same time, the company cut its revenue forecast for the first quarter.
The announcement is further evidence that AMD's troubled quad-core processor is back on track, following months of production delays and a bug discovered last year that further postponed the chip's release. Last week, AMD revealed it had begun shipping the processors, which had already found their way into systems available from Hewlett-Packard.
The five Dell server models based on the Quad-Core Opteron that are now available are the PowerEdge SC1435, 2970, M605, 6950, and T605. The servers are available in rack and tower models aimed at a range of corporate users, from small business to large corporations.
The availability of servers based on the Quad-Core Opteron is a boost for AMD, but the company still faces significant hurdles and recently announced plans to trim its workforce by 10 percent. At the same time, the company cut its revenue forecast for the first quarter.
Sunday, April 13, 2008
IPhone has hurt Palm, BlackBerry
Palm is facing deep challenges to compete with Apple's iPhone, while Research In Motion's BlackBerry also seems set to lose market share to the device, at least in the consumer market, an analyst reports
Needham & Co. analyst Charles Wolf has commenced coverage of Palm and RIM, and notes both companies face challenges as iPhone wins hearts and minds in the consumer and enterprise markets.
Palm faces the deepest challenge. Wolf warns the company has "lost its way". The lack of a new OS release in five years means the company is increasingly reliant on in-development products to regain its lost market lead.
"Neither is likely to be introduced until late in the year. Even then, it's an open question whether they'll be successful. We're initiating coverage with an under perform rating," Needham & Co. said.
Wolf also believes that Apple's iPhone may take market share from both competing firms once it introduces new enterprise-friendly features in June. RIM will see some impact in its core enterprise markets, while the expected diversity of third-party iPhone applications will hammer Palm's place in the consumer market.
"We believe BlackBerry's supercharged growth in this [consumer] market could slow materially when far more versatile applications developed for the iPhone begin to appear in the second half of the year," Wolf warned.
The analyst does note that this triptych of smartphone developers still hold a great lead on most competitors, because other firms (such as Motorola or Samsung) are tied to Microsoft's Windows Mobile system, which Needham & Co. calls "a non-starter in the consumer world".
The introduction of Google's Android platform for mobile phones may change the game once again, the analyst said, as it will offer a more extendible base OS than Windows Mobile to competing firms.
Despite it all, Wolf notes that Apple changed the smartphone industry when it chose to launch iPhone, describing the market as "totally disrupted" by the product's introduction.
"The iPhone is a game changer, weaving together a wide array of computer-like functions," he explained. "Given the choice between a BlackBerry and iPhone, we believe a material percentage of consumers will opt for the iPhone once exciting applications for the phone begin to proliferate in the second half of the year. BlackBerry sales should continue to grow but at a materially slower rate than they would have in the absence of the iPhone."
Research In Motion's market leadership is based entirely on the incompetence of the competition, the analyst also said: "RIM's competitors until quite recently were simply inept. Their failure stemmed less from their ability to design sleek phones than in their choice of an operating system on which to run them," he explained.
The analyst rates Palm shares as under-perform, while RIM takes a hold rating pending the effects of June's release of iPhone Software 2.0.
Needham & Co. analyst Charles Wolf has commenced coverage of Palm and RIM, and notes both companies face challenges as iPhone wins hearts and minds in the consumer and enterprise markets.
Palm faces the deepest challenge. Wolf warns the company has "lost its way". The lack of a new OS release in five years means the company is increasingly reliant on in-development products to regain its lost market lead.
"Neither is likely to be introduced until late in the year. Even then, it's an open question whether they'll be successful. We're initiating coverage with an under perform rating," Needham & Co. said.
Wolf also believes that Apple's iPhone may take market share from both competing firms once it introduces new enterprise-friendly features in June. RIM will see some impact in its core enterprise markets, while the expected diversity of third-party iPhone applications will hammer Palm's place in the consumer market.
"We believe BlackBerry's supercharged growth in this [consumer] market could slow materially when far more versatile applications developed for the iPhone begin to appear in the second half of the year," Wolf warned.
The analyst does note that this triptych of smartphone developers still hold a great lead on most competitors, because other firms (such as Motorola or Samsung) are tied to Microsoft's Windows Mobile system, which Needham & Co. calls "a non-starter in the consumer world".
The introduction of Google's Android platform for mobile phones may change the game once again, the analyst said, as it will offer a more extendible base OS than Windows Mobile to competing firms.
Despite it all, Wolf notes that Apple changed the smartphone industry when it chose to launch iPhone, describing the market as "totally disrupted" by the product's introduction.
"The iPhone is a game changer, weaving together a wide array of computer-like functions," he explained. "Given the choice between a BlackBerry and iPhone, we believe a material percentage of consumers will opt for the iPhone once exciting applications for the phone begin to proliferate in the second half of the year. BlackBerry sales should continue to grow but at a materially slower rate than they would have in the absence of the iPhone."
Research In Motion's market leadership is based entirely on the incompetence of the competition, the analyst also said: "RIM's competitors until quite recently were simply inept. Their failure stemmed less from their ability to design sleek phones than in their choice of an operating system on which to run them," he explained.
The analyst rates Palm shares as under-perform, while RIM takes a hold rating pending the effects of June's release of iPhone Software 2.0.
Opera previews mobile browser for Google Android
Opera on Thursday added Google's Android to the list of platforms that can run its mobile browser.
Opera released a technical preview of its Opera Mini browser for Google's mobile OS and middleware on its Web site, the company said Thursday. The company also released a software development kit for the platform.
Developers can test the browser and share feedback about it that will be considered before Opera releases a beta version, which it will do once it collects feedback from the community.
In a company blog posting, Opera's Developer Relationship Manager Chris Mills explained why the company decided to create a version of its mobile browser for Android and the particulars and challenges of writing the code.
According to the post, Opera considered the "cool factor" in providing a browser for Google's much-ballyhooed mobile platform, but also wanted to give users and developers the broadest possible choice for deploying its browser.
Because Android is so new and there is not yet hardware available for it, however, Opera developers ran into some challenges in creating the software, he said.
Mills said that because the platform is comprised of "a very fresh set of APIs," there is not much information available on the Web about it, and the community, while helpful, is still in its nascent stage of developing. "Sometimes it is difficult to find an answer if something during development is not going very well and you have questions," he wrote.
Not having access to hardware that will run the platform makes it "impossible to say how fast Opera Mini will run on real devices," Mills added.
Google introduced Android last November; it includes a mobile OS, middleware and applications for mobile devices. So far HTC, Motorola, Samsung and LG are among handset providers that have committed to building devices for Android, and Sprint Nextel, T-Mobile and AT&T are among the carriers who will offer service on Android handsets.
According to Opera, more than 40 million people use Opera Mini. Other mobile platforms that can run the browser include Symbian OS, Windows Mobile, Palm OS, BlackBerry OS, Samsung's SHP and Motorola's P2K.
Opera released a technical preview of its Opera Mini browser for Google's mobile OS and middleware on its Web site, the company said Thursday. The company also released a software development kit for the platform.
Developers can test the browser and share feedback about it that will be considered before Opera releases a beta version, which it will do once it collects feedback from the community.
In a company blog posting, Opera's Developer Relationship Manager Chris Mills explained why the company decided to create a version of its mobile browser for Android and the particulars and challenges of writing the code.
According to the post, Opera considered the "cool factor" in providing a browser for Google's much-ballyhooed mobile platform, but also wanted to give users and developers the broadest possible choice for deploying its browser.
Because Android is so new and there is not yet hardware available for it, however, Opera developers ran into some challenges in creating the software, he said.
Mills said that because the platform is comprised of "a very fresh set of APIs," there is not much information available on the Web about it, and the community, while helpful, is still in its nascent stage of developing. "Sometimes it is difficult to find an answer if something during development is not going very well and you have questions," he wrote.
Not having access to hardware that will run the platform makes it "impossible to say how fast Opera Mini will run on real devices," Mills added.
Google introduced Android last November; it includes a mobile OS, middleware and applications for mobile devices. So far HTC, Motorola, Samsung and LG are among handset providers that have committed to building devices for Android, and Sprint Nextel, T-Mobile and AT&T are among the carriers who will offer service on Android handsets.
According to Opera, more than 40 million people use Opera Mini. Other mobile platforms that can run the browser include Symbian OS, Windows Mobile, Palm OS, BlackBerry OS, Samsung's SHP and Motorola's P2K.
IBM to buy FilesX for data protection software
IBM has signed an agreement to buy FilesX, a storage software company in Haifa, Israel, and Newton, Massachusetts, it announced Thursday. Terms of the deal, which IBM said will close shortly, were not disclosed.
FilesX's technology centers on continuous data protection and "nearly instant" data and application recovery for enterprises and branch offices running Windows environments.
Following the sale's close, FilesX's software will become part of IBM's Tivoli Storage Manager product line and be complementary to Tivoli Continuous Data Protection for Files, which IBM aims at SMBs and individuals, IBM said.
The acquisition will "reinforce IBM's mid-market strategy by adding a simple and easy to use full data protection solution -- one that also is attractive to enterprise remote offices and departmental situations," said Al Zollar, general manager of Tivoli software, in a statement.
The purchase also appears to tie into IBM's ongoing Information on Demand push, which has seen the company pull together a flock of data management, access and analysis software in part through a relentless series of acquisitions.
FilesX has more than 100 customers in the U.S. and Israel, according to IBM.
FilesX's technology centers on continuous data protection and "nearly instant" data and application recovery for enterprises and branch offices running Windows environments.
Following the sale's close, FilesX's software will become part of IBM's Tivoli Storage Manager product line and be complementary to Tivoli Continuous Data Protection for Files, which IBM aims at SMBs and individuals, IBM said.
The acquisition will "reinforce IBM's mid-market strategy by adding a simple and easy to use full data protection solution -- one that also is attractive to enterprise remote offices and departmental situations," said Al Zollar, general manager of Tivoli software, in a statement.
The purchase also appears to tie into IBM's ongoing Information on Demand push, which has seen the company pull together a flock of data management, access and analysis software in part through a relentless series of acquisitions.
FilesX has more than 100 customers in the U.S. and Israel, according to IBM.
When roses won't do, e-mail a fragrance with NTT
After satisfying the senses of sight and sound through video streams and music downloads, NTT Communications aims to tap into the sense of smell with a new system that allows users to send fragrances from their cell phones.
When roses won't do, e-mail a fragrance with NTT
ITworld 4/10/08
Martyn Williams and Chiara Castañeda, IDG News Service
Bookmark and Share
After satisfying the senses of sight and sound through video streams and music downloads, NTT Communications aims to tap into the sense of smell with a new system that allows users to send fragrances from their cell phones.
A trial of the service will take place later this month during which users will be able to select and send certain fragrance recipes to an in-home unit that is responsible for concocting and releasing the various fragrances. Each holds 16 cartridges of base fragrances or essences that are mixed to produce the various scents in a similar way that a printer mixes inks to produce other colors.
Transforming the mood of room with a new scent is quite easy with this technology.
The first step is to choose a scent from the multitude of fragrance recipes available through an I-mode site on a cell phone. Once chosen the instructions on how to make the scent are then transmitted to the fragrance device through infrared from the phone, and from there the scent is quickly mixed and emitted.
On this topic
Toshiba shows prototype home control robot
Gates: Next decade will bring huge software advances
Microsoft's cutting edge on display at TechFest
Get practical tips, IT news, how-tos, and the best in tech humor.
If distance is an issue, the other option is to send the instructions to the device via an e-mail message. The message is intercepted by a home gateway unit that is latched to the home’s broadband connection and sends the instructions to the fragrance device at home. Using this method users can set the time and date of fragrance emission, so one can come home to the relaxing scent of lavender, for example.
There's even room for creating customized scents, which can be shared with other users through the fragrance "playlist" on the Web site.
The technology is not only limited to creating a pleasant-smelling workplace or home. NTT also sees it as a way to enhance multimedia content. For example, instead of just sending an image of a bouquet of roses to a friend, one can boost the experience by sending the fragrance as well.
NTT hopes the fragrance emitter will cost about ¥20,000 (US$195) when eventually launched commercially. Cartridge refills should cost about ¥1,600 it said.
NTT Communications believes that fragrance is the next important medium for telecommunications, as more value is placed on high sensory information. Through a company sponsored Internet survey, NTT found that 56 percent of people polled use aromatherapy or believe that it has positive benefits.
"Aromatherapy can reduce stress and help you relax, and to be able to control smell implies one has the power to manipulate feelings as well," said Akira Sakaino, from NTT Communications' Net Business Division.
NTT has been developing this technology, which it calls "kaori tsushin," since 2004, and has collaborated with various outfits to test the service.
Applications have ranged from fragrance rooms in hotels in Tokyo and Osaka to aroma advertising through digital signage, where fragrances were made to match audio-visual content, located in pubs, parking lots and railway stations around Tokyo.
The fragrance communication mobile service test will take place from April 10 to 20 and involves 20 monitors who are tasked to give feedback on the service.
Martyn Williams is Tokyo bureau chief for the IDG News Service.
If distance is an issue, the other option is to send the instructions to the device via an e-mail message. The message is intercepted by a home gateway unit that is latched to the home’s broadband connection and sends the instructions to the fragrance device at home. Using this method users can set the time and date of fragrance emission, so one can come home to the relaxing scent of lavender, for example.
There's even room for creating customized scents, which can be shared with other users through the fragrance "playlist" on the Web site.
The technology is not only limited to creating a pleasant-smelling workplace or home. NTT also sees it as a way to enhance multimedia content. For example, instead of just sending an image of a bouquet of roses to a friend, one can boost the experience by sending the fragrance as well.
NTT hopes the fragrance emitter will cost about ¥20,000 (US$195) when eventually launched commercially. Cartridge refills should cost about ¥1,600 it said.
NTT Communications believes that fragrance is the next important medium for telecommunications, as more value is placed on high sensory information. Through a company sponsored Internet survey, NTT found that 56 percent of people polled use aromatherapy or believe that it has positive benefits.
"Aromatherapy can reduce stress and help you relax, and to be able to control smell implies one has the power to manipulate feelings as well," said Akira Sakaino, from NTT Communications' Net Business Division.
NTT has been developing this technology, which it calls "kaori tsushin," since 2004, and has collaborated with various outfits to test the service.
Applications have ranged from fragrance rooms in hotels in Tokyo and Osaka to aroma advertising through digital signage, where fragrances were made to match audio-visual content, located in pubs, parking lots and railway stations around Tokyo.
The fragrance communication mobile service test will take place from April 10 to 20 and involves 20 monitors who are tasked to give feedback on the service.
When roses won't do, e-mail a fragrance with NTT
ITworld 4/10/08
Martyn Williams and Chiara Castañeda, IDG News Service
Bookmark and Share
After satisfying the senses of sight and sound through video streams and music downloads, NTT Communications aims to tap into the sense of smell with a new system that allows users to send fragrances from their cell phones.
A trial of the service will take place later this month during which users will be able to select and send certain fragrance recipes to an in-home unit that is responsible for concocting and releasing the various fragrances. Each holds 16 cartridges of base fragrances or essences that are mixed to produce the various scents in a similar way that a printer mixes inks to produce other colors.
Transforming the mood of room with a new scent is quite easy with this technology.
The first step is to choose a scent from the multitude of fragrance recipes available through an I-mode site on a cell phone. Once chosen the instructions on how to make the scent are then transmitted to the fragrance device through infrared from the phone, and from there the scent is quickly mixed and emitted.
On this topic
Toshiba shows prototype home control robot
Gates: Next decade will bring huge software advances
Microsoft's cutting edge on display at TechFest
Get practical tips, IT news, how-tos, and the best in tech humor.
If distance is an issue, the other option is to send the instructions to the device via an e-mail message. The message is intercepted by a home gateway unit that is latched to the home’s broadband connection and sends the instructions to the fragrance device at home. Using this method users can set the time and date of fragrance emission, so one can come home to the relaxing scent of lavender, for example.
There's even room for creating customized scents, which can be shared with other users through the fragrance "playlist" on the Web site.
The technology is not only limited to creating a pleasant-smelling workplace or home. NTT also sees it as a way to enhance multimedia content. For example, instead of just sending an image of a bouquet of roses to a friend, one can boost the experience by sending the fragrance as well.
NTT hopes the fragrance emitter will cost about ¥20,000 (US$195) when eventually launched commercially. Cartridge refills should cost about ¥1,600 it said.
NTT Communications believes that fragrance is the next important medium for telecommunications, as more value is placed on high sensory information. Through a company sponsored Internet survey, NTT found that 56 percent of people polled use aromatherapy or believe that it has positive benefits.
"Aromatherapy can reduce stress and help you relax, and to be able to control smell implies one has the power to manipulate feelings as well," said Akira Sakaino, from NTT Communications' Net Business Division.
NTT has been developing this technology, which it calls "kaori tsushin," since 2004, and has collaborated with various outfits to test the service.
Applications have ranged from fragrance rooms in hotels in Tokyo and Osaka to aroma advertising through digital signage, where fragrances were made to match audio-visual content, located in pubs, parking lots and railway stations around Tokyo.
The fragrance communication mobile service test will take place from April 10 to 20 and involves 20 monitors who are tasked to give feedback on the service.
Martyn Williams is Tokyo bureau chief for the IDG News Service.
If distance is an issue, the other option is to send the instructions to the device via an e-mail message. The message is intercepted by a home gateway unit that is latched to the home’s broadband connection and sends the instructions to the fragrance device at home. Using this method users can set the time and date of fragrance emission, so one can come home to the relaxing scent of lavender, for example.
There's even room for creating customized scents, which can be shared with other users through the fragrance "playlist" on the Web site.
The technology is not only limited to creating a pleasant-smelling workplace or home. NTT also sees it as a way to enhance multimedia content. For example, instead of just sending an image of a bouquet of roses to a friend, one can boost the experience by sending the fragrance as well.
NTT hopes the fragrance emitter will cost about ¥20,000 (US$195) when eventually launched commercially. Cartridge refills should cost about ¥1,600 it said.
NTT Communications believes that fragrance is the next important medium for telecommunications, as more value is placed on high sensory information. Through a company sponsored Internet survey, NTT found that 56 percent of people polled use aromatherapy or believe that it has positive benefits.
"Aromatherapy can reduce stress and help you relax, and to be able to control smell implies one has the power to manipulate feelings as well," said Akira Sakaino, from NTT Communications' Net Business Division.
NTT has been developing this technology, which it calls "kaori tsushin," since 2004, and has collaborated with various outfits to test the service.
Applications have ranged from fragrance rooms in hotels in Tokyo and Osaka to aroma advertising through digital signage, where fragrances were made to match audio-visual content, located in pubs, parking lots and railway stations around Tokyo.
The fragrance communication mobile service test will take place from April 10 to 20 and involves 20 monitors who are tasked to give feedback on the service.
Yahoo to test Google search ads
Yahoo will test displaying Google search ads in a small number of its search engine queries, a move likely to be interpreted as the latest in a series of Yahoo maneuvers to resist Microsoft's acquisition attempt.
The test, expected to last up to two weeks and be limited to up to 3 percent of Yahoo search queries in the U.S., is specifically for Google's AdSense for Search service. In other words, Yahoo would be acting as one of the Web publishers that carry pay-per-click text ads from Google. The ads will appear only in Yahoo.com.
Yahoo noted that "the testing does not necessarily mean that Yahoo will join the AdSense for Search program or that any further commercial relationship with Google will result." Yahoo will not comment on the nature or timing of any potential relationship with Google.
Microsoft, whose acquisition offer was rejected by Yahoo's board in February, on Saturday said it will launch a proxy fight to attempt a hostile takeover if Yahoo doesn't agree to the acquisition in the next three weeks.
On Wednesday, Microsoft blasted the Google-Yahoo announcement, saying that a broad outsourcing deal would inevitably run into regulatory trouble because it would give Google more than 90 percent of the search advertising market.
"This would make the market far less competitive, in sharp contrast to our own proposal to acquire Yahoo. We will assess closely all of our options," said Brad Smith, Microsoft’s general counsel, in a statement.
"Our proposal remains the only alternative put forward that offers Yahoo shareholders full and fair value for their shares, gives every shareholder a vote on the future of the company, and enhances choice for content creators, advertisers, and consumers," Smith said.
Google has a share of between 70 percent and 75 percent of U.S. search ad spending, and Yahoo has about 15 percent, said Karsten Weide, an IDC analyst. If Yahoo fully outsourced its search ads, Google would have a monopoly in this segment of the market, but such a deal wouldn't give Google a monopoly on overall ad spending, he said.
With Yahoo's search business, Google's share of the U.S. online ad spending would have been around 36 percent in 2007's fourth quarter, Weide said. This could be an argument against antitrust concerns, along with the fact that Yahoo would likely get most of the money per click, and that while Google rules search advertising, it is a minor player in other online ad segments, like display ads such as banners, he said. Still, it's clear that a search ad outsourcing deal would attract a lot of regulatory attention.
Beyond the regulatory issue, this deal wouldn't be good for Yahoo in its attempts to compete broadly against Google, he said. Yahoo should have its own search ad business, Weide said.
"The question is: Is this real? Is Yahoo seriously considering replacing [its search ad system] with Google's?" Weide said. "Or is Yahoo doing this merely to annoy Microsoft and drive Microsoft away from its acquisition attempt? It's not clear."
Eric Goldman, assistant professor at the Santa Clara University School of Law, points out that the potential outsourcing deal again brings up the often-discussed issue of how to delineate the relevant online ad market that would be impacted. Should the regulatory bodies narrow their focus to the online search ad segment, expand it to the overall online ad market, or open it up widely by considering the ad market in general, including radio, TV, print and the like?
"I'm torn about this," said Goldman, who is also director of the university's High Tech Law Institute. While Google leads in search advertising, there are plenty of opportunities for competitors to come up with a system that puts Google's dominance at risk by offering ad targeting that gives advertisers a better return on investment, he said. On the other hand, scale is also key, and Google has a massive distribution network, which it can use to trump competitors that offer better ROI results, Goldman said.
The announcement was first reported Wednesday afternoon by The Wall Street Journal, quoting anonymous sources. A broader agreement to outsource its search ads to Google could let Yahoo increase its cash flow, because Google ads generate more revenue per search, the Journal reported, referring to a consensus belief among financial analysts and Yahoo investors.
Since Feb. 1, when Microsoft made its US$44.6 billion offer, Yahoo's CEO Jerry Yang and the members of Yahoo's board have been reportedly trying to come up with an alternative deal. In addition to this Google plan, Yahoo has also held discussions with AOL, News Corp. and Disney, according to various reports in the past two months.
Should Yahoo enter into this deal with Google, it would be an acknowledgement that it has failed to attain its goals in search advertising, despite numerous efforts, including a significant upgrade of its system called Panama.
It's not clear what would happen to Yahoo's search marketing division, which runs the company's search advertising, in the event that Yahoo outsourced this business to Google. For Microsoft, it clearly wouldn't be palatable to have an agreement of this sort bundled in with its acquisition of Yahoo.
Google reiterated Yahoo's announcement, saying the deal is a limited test and doesn't necessarily mean that Yahoo will join the AdSense for Search service.
The test, expected to last up to two weeks and be limited to up to 3 percent of Yahoo search queries in the U.S., is specifically for Google's AdSense for Search service. In other words, Yahoo would be acting as one of the Web publishers that carry pay-per-click text ads from Google. The ads will appear only in Yahoo.com.
Yahoo noted that "the testing does not necessarily mean that Yahoo will join the AdSense for Search program or that any further commercial relationship with Google will result." Yahoo will not comment on the nature or timing of any potential relationship with Google.
Microsoft, whose acquisition offer was rejected by Yahoo's board in February, on Saturday said it will launch a proxy fight to attempt a hostile takeover if Yahoo doesn't agree to the acquisition in the next three weeks.
On Wednesday, Microsoft blasted the Google-Yahoo announcement, saying that a broad outsourcing deal would inevitably run into regulatory trouble because it would give Google more than 90 percent of the search advertising market.
"This would make the market far less competitive, in sharp contrast to our own proposal to acquire Yahoo. We will assess closely all of our options," said Brad Smith, Microsoft’s general counsel, in a statement.
"Our proposal remains the only alternative put forward that offers Yahoo shareholders full and fair value for their shares, gives every shareholder a vote on the future of the company, and enhances choice for content creators, advertisers, and consumers," Smith said.
Google has a share of between 70 percent and 75 percent of U.S. search ad spending, and Yahoo has about 15 percent, said Karsten Weide, an IDC analyst. If Yahoo fully outsourced its search ads, Google would have a monopoly in this segment of the market, but such a deal wouldn't give Google a monopoly on overall ad spending, he said.
With Yahoo's search business, Google's share of the U.S. online ad spending would have been around 36 percent in 2007's fourth quarter, Weide said. This could be an argument against antitrust concerns, along with the fact that Yahoo would likely get most of the money per click, and that while Google rules search advertising, it is a minor player in other online ad segments, like display ads such as banners, he said. Still, it's clear that a search ad outsourcing deal would attract a lot of regulatory attention.
Beyond the regulatory issue, this deal wouldn't be good for Yahoo in its attempts to compete broadly against Google, he said. Yahoo should have its own search ad business, Weide said.
"The question is: Is this real? Is Yahoo seriously considering replacing [its search ad system] with Google's?" Weide said. "Or is Yahoo doing this merely to annoy Microsoft and drive Microsoft away from its acquisition attempt? It's not clear."
Eric Goldman, assistant professor at the Santa Clara University School of Law, points out that the potential outsourcing deal again brings up the often-discussed issue of how to delineate the relevant online ad market that would be impacted. Should the regulatory bodies narrow their focus to the online search ad segment, expand it to the overall online ad market, or open it up widely by considering the ad market in general, including radio, TV, print and the like?
"I'm torn about this," said Goldman, who is also director of the university's High Tech Law Institute. While Google leads in search advertising, there are plenty of opportunities for competitors to come up with a system that puts Google's dominance at risk by offering ad targeting that gives advertisers a better return on investment, he said. On the other hand, scale is also key, and Google has a massive distribution network, which it can use to trump competitors that offer better ROI results, Goldman said.
The announcement was first reported Wednesday afternoon by The Wall Street Journal, quoting anonymous sources. A broader agreement to outsource its search ads to Google could let Yahoo increase its cash flow, because Google ads generate more revenue per search, the Journal reported, referring to a consensus belief among financial analysts and Yahoo investors.
Since Feb. 1, when Microsoft made its US$44.6 billion offer, Yahoo's CEO Jerry Yang and the members of Yahoo's board have been reportedly trying to come up with an alternative deal. In addition to this Google plan, Yahoo has also held discussions with AOL, News Corp. and Disney, according to various reports in the past two months.
Should Yahoo enter into this deal with Google, it would be an acknowledgement that it has failed to attain its goals in search advertising, despite numerous efforts, including a significant upgrade of its system called Panama.
It's not clear what would happen to Yahoo's search marketing division, which runs the company's search advertising, in the event that Yahoo outsourced this business to Google. For Microsoft, it clearly wouldn't be palatable to have an agreement of this sort bundled in with its acquisition of Yahoo.
Google reiterated Yahoo's announcement, saying the deal is a limited test and doesn't necessarily mean that Yahoo will join the AdSense for Search service.
Europe rejects plan to criminalize file-sharing
The European Parliament rejected attempts to criminalize the sharing of files by private individuals, and threw out the idea of banning copyright abusers from the Internet, in a plenary vote Thursday.
The vote was close, with 314 Members of the European Parliament (MEPs) voting in favor of an amendment to scrap what many consider draconian and disproportionate measures to protect copyright over the internet, and 297 voting against the amendment.
"The vote shows that MEPs want to strike a balance between the interests of rights holders and those of consumers, and that big measures like cutting off Internet access shouldn't be used," said Malene Folke Chaucheprat, a European Parliament spokeswoman, shortly after the vote.
The report isn't legally binding, but it could help thwart efforts by France, which has already adopted such measures, to push the issue at a European political level.
France's so-called Oliviennes strategy to combat copyright abuse includes a "three strikes and you are out" approach: offenders lose the right to an Internet account after being caught sharing copyright-protected music over the Internet for a third time.
France takes over the six-month rotating presidency of the European Union in the second half of this year and many observers, including the U.K.-based Open Rights Group, expect it to push for E.U.-wide rules similar to its own.
The report is significant because it "signifies resistance among MEPs to measures currently being implemented in France to disconnect suspected illicit filesharers," the Open Rights Group said in a statement.
The record industry was disappointed with the vote. "One badly drafted, rushed through amendment was adopted which is in contradiction to the rest of the text," said Frances Moore, executive vice president of the International Federation of the Phonographic Industry (IFPI), in a statement.
"If the aim of the report is to protect creative content, including in the online environment, we should be looking at all options available in the fight against copyright theft. Instead, this amendment suggested discarding certain options before there is even a proper debate," the IFPI said.
But the Open Rights Group argued that criminalizing copyright abuse by individuals eager to build their media library and not profit from copyright-protected material is draconian and inefficient at tackling illegal file sharing.
"As the European Parliament have recognized today, [the measures] are disproportionate, they lack consumer safeguards and they won't stop illicit filesharing," the Open Rights Group said.
The vote was close, with 314 Members of the European Parliament (MEPs) voting in favor of an amendment to scrap what many consider draconian and disproportionate measures to protect copyright over the internet, and 297 voting against the amendment.
"The vote shows that MEPs want to strike a balance between the interests of rights holders and those of consumers, and that big measures like cutting off Internet access shouldn't be used," said Malene Folke Chaucheprat, a European Parliament spokeswoman, shortly after the vote.
The report isn't legally binding, but it could help thwart efforts by France, which has already adopted such measures, to push the issue at a European political level.
France's so-called Oliviennes strategy to combat copyright abuse includes a "three strikes and you are out" approach: offenders lose the right to an Internet account after being caught sharing copyright-protected music over the Internet for a third time.
France takes over the six-month rotating presidency of the European Union in the second half of this year and many observers, including the U.K.-based Open Rights Group, expect it to push for E.U.-wide rules similar to its own.
The report is significant because it "signifies resistance among MEPs to measures currently being implemented in France to disconnect suspected illicit filesharers," the Open Rights Group said in a statement.
The record industry was disappointed with the vote. "One badly drafted, rushed through amendment was adopted which is in contradiction to the rest of the text," said Frances Moore, executive vice president of the International Federation of the Phonographic Industry (IFPI), in a statement.
"If the aim of the report is to protect creative content, including in the online environment, we should be looking at all options available in the fight against copyright theft. Instead, this amendment suggested discarding certain options before there is even a proper debate," the IFPI said.
But the Open Rights Group argued that criminalizing copyright abuse by individuals eager to build their media library and not profit from copyright-protected material is draconian and inefficient at tackling illegal file sharing.
"As the European Parliament have recognized today, [the measures] are disproportionate, they lack consumer safeguards and they won't stop illicit filesharing," the Open Rights Group said.
Fujitsu to monitor data center heat with optical fiber
Fujitsu is looking to optical fiber to help increase efficiency in the cooling of large data centers. The company has developed a prototype monitoring system that can measure the temperature in up to 10,000 points using a single optical fiber connected to a measuring device.
It works by sending pulses of light down the fiber, which is laid around the data center and through the server racks, and measuring the minute amount of light that is sent back down the line due to Raman scattering, said Fumio Takei, a research fellow at Fujitsu who has been working in the system.
The intensity of the light varies depending on the temperature so this can be used to estimate the temperature along the fiber while the time it takes to come back can be used to measure the distance from the start of the fiber. Combining the two together means that the temperature can be estimated at numerous points along the fiber.
The basic idea isn't new and fiber optic cables have been used for some time to monitor the temperature of things like tunnels, but the resolution of the system has never been precise enough to be useful in a data center, said Ei Yano, president of Fujitsu's device and materials laboratory.
The Fujitsu system is accurate to within half a degree Celsius and one meter. The temperature range that can be measured is between -10 degrees and 300 degrees Celsius.
In a demonstration at the company's research and development laboratory here near Tokyo a fiber was strung around a small server room and displays showed temperature read-outs for each rack starting at 32.4 degrees at the bottom of the rack and rising steadily -- 33.9, 34.1, 34.4 and 35.9 -- to 37.8 degrees at the top.
Fujitsu said the system can be used with fiber optic cables up to 10 kilometers long and at one-meter resolution that means approximately 10,000 points can be measured.
The company hopes to commercialize the system sometime in 2009. There is no word on price but Yano said such a system isn't likely to be cheap but comparably good value for a 10,000-point measurement system.
As computers get more powerful the amount of heat generated by them is increasing making datacenter cooling an increasingly difficult job. The new technology should be able to help better employ cooling systems so hot areas are more efficiently cooled and less power wasted.
An added benefit is that the system relies solely on light and not electrical measurements so stringing the cable close to servers won't cause interference.
It works by sending pulses of light down the fiber, which is laid around the data center and through the server racks, and measuring the minute amount of light that is sent back down the line due to Raman scattering, said Fumio Takei, a research fellow at Fujitsu who has been working in the system.
The intensity of the light varies depending on the temperature so this can be used to estimate the temperature along the fiber while the time it takes to come back can be used to measure the distance from the start of the fiber. Combining the two together means that the temperature can be estimated at numerous points along the fiber.
The basic idea isn't new and fiber optic cables have been used for some time to monitor the temperature of things like tunnels, but the resolution of the system has never been precise enough to be useful in a data center, said Ei Yano, president of Fujitsu's device and materials laboratory.
The Fujitsu system is accurate to within half a degree Celsius and one meter. The temperature range that can be measured is between -10 degrees and 300 degrees Celsius.
In a demonstration at the company's research and development laboratory here near Tokyo a fiber was strung around a small server room and displays showed temperature read-outs for each rack starting at 32.4 degrees at the bottom of the rack and rising steadily -- 33.9, 34.1, 34.4 and 35.9 -- to 37.8 degrees at the top.
Fujitsu said the system can be used with fiber optic cables up to 10 kilometers long and at one-meter resolution that means approximately 10,000 points can be measured.
The company hopes to commercialize the system sometime in 2009. There is no word on price but Yano said such a system isn't likely to be cheap but comparably good value for a 10,000-point measurement system.
As computers get more powerful the amount of heat generated by them is increasing making datacenter cooling an increasingly difficult job. The new technology should be able to help better employ cooling systems so hot areas are more efficiently cooled and less power wasted.
An added benefit is that the system relies solely on light and not electrical measurements so stringing the cable close to servers won't cause interference.
Tuesday, April 8, 2008
Europe mulls six-month limit for search engine data storage
Search engine companies may be set for a clash with European regulators over how long personal data related to searches should be retained.
Europe mulls six-month limit for search engine data storage
IDG News Service 4/8/08
Jeremy Kirk, IDG News Service, London Bureau
Bookmark and Share
Search engine companies may be set for a clash with European regulators over how long personal data related to searches should be retained.
On this topic
FTC settles with TJX, LexisNexis
Analyst: Money will fuel mobile spying programs
Microsoft offers way to share data with social networks
The Case and Criteria for Combining Application Acceleration and Security
Get practical tips, IT news, how-tos, and the best in tech humor.
A new report from the European Commission's Article 29 Data Protection Working Party recommends that personal search data should be discarded after six months, despite the fact most search companies are retaining data much longer.
The report looked at how data handling by search engines complies with European regulations such as the Data Protection Directive.
Search data can be used to build a profile of a person's interests, relations and intentions, even if some identifying information is removed, the report said. The collection of data en masse by search engines has considerable privacy implications, it said.
The report, available on the Web site of the Dutch Data Protection Authority, recommends that search engine data should be either deleted or irreversibly made anonymous after it no longer serves a purpose, a period that should not exceed six months.
Beyond that period, search engines "must demonstrate comprehensively that it is strictly necessary for the service," the report said.
The report also rejected defenses by search engine companies that longer data retention periods help improve the service or to better security.
"After the end of a search session, personal data could be deleted, and the continued storage therefore needs an adequate justification," the report said. " However, some search engines seem to retain data indefinitely, which is prohibited."
The data collected by search engines can include a host of details, including IP (Internet protocol) address, search terms, data and time of the search as well brand of browser, operating system and language used.
The report takes aim at some of the biggest Internet players such as Google, Yahoo and Microsoft.
Google said on Tuesday it has reacted to concerns over search data, saying it was the first company to anonymize its search logs. It also changed the expiry times of data files it places on PCs, known as cookies, which allow for example a person to stay logged in to a Web site or for the site to remember particular preferences.
"Protecting users' privacy is at the heart of all our products," said Peter Fleischer, Google's global privacy council, in a statement.
Yahoo said it was reviewing the working party's report, adding it is committed to providing clear comprehensive privacy policies. Microsoft could not be immediately reached for comment.
All three companies retain some search data longer than six months, which could eventually put them at odds with the Commission. The working party report will be used by the Commission as it studies data protection.
Jeremy Kirk is London correspondent for the IDG News Service
Europe mulls six-month limit for search engine data storage
IDG News Service 4/8/08
Jeremy Kirk, IDG News Service, London Bureau
Bookmark and Share
Search engine companies may be set for a clash with European regulators over how long personal data related to searches should be retained.
On this topic
FTC settles with TJX, LexisNexis
Analyst: Money will fuel mobile spying programs
Microsoft offers way to share data with social networks
The Case and Criteria for Combining Application Acceleration and Security
Get practical tips, IT news, how-tos, and the best in tech humor.
A new report from the European Commission's Article 29 Data Protection Working Party recommends that personal search data should be discarded after six months, despite the fact most search companies are retaining data much longer.
The report looked at how data handling by search engines complies with European regulations such as the Data Protection Directive.
Search data can be used to build a profile of a person's interests, relations and intentions, even if some identifying information is removed, the report said. The collection of data en masse by search engines has considerable privacy implications, it said.
The report, available on the Web site of the Dutch Data Protection Authority, recommends that search engine data should be either deleted or irreversibly made anonymous after it no longer serves a purpose, a period that should not exceed six months.
Beyond that period, search engines "must demonstrate comprehensively that it is strictly necessary for the service," the report said.
The report also rejected defenses by search engine companies that longer data retention periods help improve the service or to better security.
"After the end of a search session, personal data could be deleted, and the continued storage therefore needs an adequate justification," the report said. " However, some search engines seem to retain data indefinitely, which is prohibited."
The data collected by search engines can include a host of details, including IP (Internet protocol) address, search terms, data and time of the search as well brand of browser, operating system and language used.
The report takes aim at some of the biggest Internet players such as Google, Yahoo and Microsoft.
Google said on Tuesday it has reacted to concerns over search data, saying it was the first company to anonymize its search logs. It also changed the expiry times of data files it places on PCs, known as cookies, which allow for example a person to stay logged in to a Web site or for the site to remember particular preferences.
"Protecting users' privacy is at the heart of all our products," said Peter Fleischer, Google's global privacy council, in a statement.
Yahoo said it was reviewing the working party's report, adding it is committed to providing clear comprehensive privacy policies. Microsoft could not be immediately reached for comment.
All three companies retain some search data longer than six months, which could eventually put them at odds with the Commission. The working party report will be used by the Commission as it studies data protection.
Jeremy Kirk is London correspondent for the IDG News Service
Researcher: Web page can take over your router
On Tuesday, researcher Dan Kaminsky will show how a Web-based attack could be used to seize control of certain routers.
Researcher: Web page can take over your router
IDG News Service 4/8/08
Robert McMillan, IDG News Service, San Francisco Bureau
Bookmark and Share
On Tuesday, researcher Dan Kaminsky will show how a Web-based attack could be used to seize control of certain routers.
On this topic
Researchers: GSM mobile security on the ropes
Insider actions and the fight against network threats
RFID-hack hits 1B digital access cards worldwide
Formulating a wireless LAN security policy
Mobile Insecurity: A practical guide to threats and vulnerabilities
Wireless LAN policies for security and management
Get practical tips, IT news, how-tos, and the best in tech humor.
Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind the firewall. But at the RSA Conference in San Francisco, he will demonstrate how this attack would work on widely used routers, including those made by Cisco's Linksys division and D-Link.
The technique, called a DNS rebinding attack, would work on virtually any device, including printers, that uses a default password and a Web-based administration interface, said Kaminsky, who is director of penetration testing with IOActive.
Here's how it would work. The victim would visit a malicious Web page that would use JavaScript code to trick the browser into making changes on the Web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker's control.
Either way, the attacker would be able to control his victim's Internet communications.
The technical details of a DNS rebinding attack are complex, but essentially the attacker is taking advantage of the way the browser uses the DNS system to decide what parts of the network it can reach.
Although security researchers had known that this type of hack was theoretically possible, Kaminsky's demo will show that it can work in the real world, said David Ulevitch, CEO of DNS service provider OpenDNS. "I'm always a fan of when something that's theoretical gets made real, because it makes people act," he said.
On Tuesday, OpenDNS will offer users of its free service a way to prevent this type of attack, and the company will also set up a Web site that will use Kaminsky's techniques to give users a way to change the passwords of vulnerable routers.
The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said.
Although this particular attack takes advantage of the fact that routers often use default passwords that can be easily guessed by the hacker, there is no bug in the routers themselves, Kaminsky said. Rather, the issue is a "core browser bug," he said.
Router makers have known for some time how their default passwords can be misused by attackers. Three months ago, hackers showed how a similar attack could be launched, exploiting a flaw in the way Universal Plug-and-Play works on PCs.
Cisco tries hard to discourage Linksys customers from using routers with default passwords, said Trevor Bratton, a company spokesman. "One of the first things that our setup software does is change that default name," he said. "So anyone who does as we ask with the initial setup will be prompted to change that."
The problem is that home users rarely follow this advice, Kaminsky said. "The vast majority of home users have a device with a default password," he said.
Bob McMillan is Senior writer for the IDG News Service.
Researcher: Web page can take over your router
IDG News Service 4/8/08
Robert McMillan, IDG News Service, San Francisco Bureau
Bookmark and Share
On Tuesday, researcher Dan Kaminsky will show how a Web-based attack could be used to seize control of certain routers.
On this topic
Researchers: GSM mobile security on the ropes
Insider actions and the fight against network threats
RFID-hack hits 1B digital access cards worldwide
Formulating a wireless LAN security policy
Mobile Insecurity: A practical guide to threats and vulnerabilities
Wireless LAN policies for security and management
Get practical tips, IT news, how-tos, and the best in tech humor.
Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind the firewall. But at the RSA Conference in San Francisco, he will demonstrate how this attack would work on widely used routers, including those made by Cisco's Linksys division and D-Link.
The technique, called a DNS rebinding attack, would work on virtually any device, including printers, that uses a default password and a Web-based administration interface, said Kaminsky, who is director of penetration testing with IOActive.
Here's how it would work. The victim would visit a malicious Web page that would use JavaScript code to trick the browser into making changes on the Web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker's control.
Either way, the attacker would be able to control his victim's Internet communications.
The technical details of a DNS rebinding attack are complex, but essentially the attacker is taking advantage of the way the browser uses the DNS system to decide what parts of the network it can reach.
Although security researchers had known that this type of hack was theoretically possible, Kaminsky's demo will show that it can work in the real world, said David Ulevitch, CEO of DNS service provider OpenDNS. "I'm always a fan of when something that's theoretical gets made real, because it makes people act," he said.
On Tuesday, OpenDNS will offer users of its free service a way to prevent this type of attack, and the company will also set up a Web site that will use Kaminsky's techniques to give users a way to change the passwords of vulnerable routers.
The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said.
Although this particular attack takes advantage of the fact that routers often use default passwords that can be easily guessed by the hacker, there is no bug in the routers themselves, Kaminsky said. Rather, the issue is a "core browser bug," he said.
Router makers have known for some time how their default passwords can be misused by attackers. Three months ago, hackers showed how a similar attack could be launched, exploiting a flaw in the way Universal Plug-and-Play works on PCs.
Cisco tries hard to discourage Linksys customers from using routers with default passwords, said Trevor Bratton, a company spokesman. "One of the first things that our setup software does is change that default name," he said. "So anyone who does as we ask with the initial setup will be prompted to change that."
The problem is that home users rarely follow this advice, Kaminsky said. "The vast majority of home users have a device with a default password," he said.
Bob McMillan is Senior writer for the IDG News Service.
Microsoft to resume Vista 'endless reboot' update Tuesday
Microsoft Monday said it would resume automatic distribution of a Windows Vista update on Tuesday that two months ago sent some users' PCs into an endless wave of reboots.
The company assured users ahead of the release that it has fixed the problem and it is safe to download the update, one of two prerequisites needed before Vista Service Pack 1 (SP1) can be installed. Besides re-releasing the update for automatic download and installation, Microsoft will also issue a fix to prevent reboots from overwhelming the PC.
"These two updates should now install seamlessly through Windows Update, in the proper order, so those of you with [Windows Update] set to 'install updates automatically' who haven't already installed the [Servicing Stack Update] don't have to take any further action," said an unidentified company employee on the Microsoft Update team's blog.
On Feb. 12, Microsoft began pushing the Servicing Stack Update (SSU) and one other prerequisite to Vista users as the final stage of a two-month process of preparing the operating system for the release of SP1. Within days, however, users flooded Microsoft's support newsgroups with tales of stymied updates and locked-up computers. When these users switched off their machines to regain control, the systems rebooted endlessly.
Microsoft yanked the SSU from automatic distribution as a short-term solution, although it left it on the Windows Update servers.
Without SSU installed, users have been unable to download SP1 through Microsoft's update service. The lack of SSU, however, was just one of several reasons why many users grew frustrated over their inability to download and install the long-awaited service pack when it was posted last month to Windows Update.
The company also revealed more information today about the root cause of the reboot snafu. "SSU has special code to check whether there are any pending reboots or other updates to install," said the blog post. "If it sees either of these circumstances, it prevents the install from starting.
"During our investigation, we discovered that there were a few unknown and rare events during the middle of the installation of the update that could cause the update to think it needed a reboot to complete the installation. If this happened, the system entered a repeating reboot loop."
As it has previously, Microsoft today downplayed the extent of the problem, saying that "several million customers installed the updates successfully" while only "a few customers" lost control of their PCs to the reboots.
The pre-SSU update to be released Tuesday should prevent the PC from rebooting during the subsequent SSU install, Microsoft said.
Tuesday is also Microsoft's general security update day for the month. According to a notification published last week, the company will unveil eight security bulletins tomorrow to patch Windows, Office and Internet Explorer.
The company assured users ahead of the release that it has fixed the problem and it is safe to download the update, one of two prerequisites needed before Vista Service Pack 1 (SP1) can be installed. Besides re-releasing the update for automatic download and installation, Microsoft will also issue a fix to prevent reboots from overwhelming the PC.
"These two updates should now install seamlessly through Windows Update, in the proper order, so those of you with [Windows Update] set to 'install updates automatically' who haven't already installed the [Servicing Stack Update] don't have to take any further action," said an unidentified company employee on the Microsoft Update team's blog.
On Feb. 12, Microsoft began pushing the Servicing Stack Update (SSU) and one other prerequisite to Vista users as the final stage of a two-month process of preparing the operating system for the release of SP1. Within days, however, users flooded Microsoft's support newsgroups with tales of stymied updates and locked-up computers. When these users switched off their machines to regain control, the systems rebooted endlessly.
Microsoft yanked the SSU from automatic distribution as a short-term solution, although it left it on the Windows Update servers.
Without SSU installed, users have been unable to download SP1 through Microsoft's update service. The lack of SSU, however, was just one of several reasons why many users grew frustrated over their inability to download and install the long-awaited service pack when it was posted last month to Windows Update.
The company also revealed more information today about the root cause of the reboot snafu. "SSU has special code to check whether there are any pending reboots or other updates to install," said the blog post. "If it sees either of these circumstances, it prevents the install from starting.
"During our investigation, we discovered that there were a few unknown and rare events during the middle of the installation of the update that could cause the update to think it needed a reboot to complete the installation. If this happened, the system entered a repeating reboot loop."
As it has previously, Microsoft today downplayed the extent of the problem, saying that "several million customers installed the updates successfully" while only "a few customers" lost control of their PCs to the reboots.
The pre-SSU update to be released Tuesday should prevent the PC from rebooting during the subsequent SSU install, Microsoft said.
Tuesday is also Microsoft's general security update day for the month. According to a notification published last week, the company will unveil eight security bulletins tomorrow to patch Windows, Office and Internet Explorer.
Amazon Web Services has another outage
Amazon's cloud computing service was down on Monday morning for more than an hour, following an outage on its hosted storage service two months ago.
While Amazon appears to have learned some lessons since the previous outage, the incidents underscore the immaturity of the services, an analyst said.
"In terms of Amazon, what you need to know is that this is very new," said Phil Shih, an analyst with Tier 1 Research, a division of The 451 Group. "It's not something they've perfected. Because of this, we don't advise anybody to use this for anything mission-critical."
Amazon's Elastic Compute Cloud is a Web service that offers hosted computing. Users can quickly scale up or down the amount of processing power that they need, based on their changing requirements.
On Monday at around 2 a.m. Pacific Time, the first EC2 customer reported problems accessing the service on Amazon's Web services forum. Others quickly chimed in.
Within 15 minutes, an Amazon employee acknowledged reading about the problems and said the company was investigating them. That note, and subsequent messages at regular intervals, seemed to placate some customers. "Not all doom and gloom," one person wrote on the forum. "It should be noted that [Amazon Web Services] are keeping us up to date... 10 out of 10 for communication. Bravo!"
That's a very different type of response than customers had after the S3 outage in mid-February, when some users were quite angry at a lack of acknowledgement and information from Amazon about the outage, which lasted for as long as three hours.
At 3:21 a.m. Pacific Time on Monday, the first customer posted a note saying that the EC2 service was back up. Others followed. On the forum, Amazon said it would post more details about what caused the problem, but hadn't by Monday afternoon. An Amazon spokesman said he was working to get answers to questions about the outage.
Still, improvements in communication don't change the reliability of the services. Shih recommends that companies only consider using Amazon's Web services for small internal development products, where a company can absorb the risks and potential downtime.
But that recommendation could change in the future. "Do I expect them to raise their game and get better over time? Absolutely," Shih said. "They're pouring resources into this, and they're serious about it."
While these types of outages are a black eye for Amazon, they likely don't cost the company in terms of service level agreement payouts, Shih said. Late last year, Amazon created an SLA that lets companies apply for credits in the event of an outage. "Most people won't bother to get their money back," Shih said. "It's such a small amount, and it requires more paperwork to get the credit." But an SLA is something Amazon has to offer in order for companies to consider it a true enterprise-class service, he said.
While Amazon appears to have learned some lessons since the previous outage, the incidents underscore the immaturity of the services, an analyst said.
"In terms of Amazon, what you need to know is that this is very new," said Phil Shih, an analyst with Tier 1 Research, a division of The 451 Group. "It's not something they've perfected. Because of this, we don't advise anybody to use this for anything mission-critical."
Amazon's Elastic Compute Cloud is a Web service that offers hosted computing. Users can quickly scale up or down the amount of processing power that they need, based on their changing requirements.
On Monday at around 2 a.m. Pacific Time, the first EC2 customer reported problems accessing the service on Amazon's Web services forum. Others quickly chimed in.
Within 15 minutes, an Amazon employee acknowledged reading about the problems and said the company was investigating them. That note, and subsequent messages at regular intervals, seemed to placate some customers. "Not all doom and gloom," one person wrote on the forum. "It should be noted that [Amazon Web Services] are keeping us up to date... 10 out of 10 for communication. Bravo!"
That's a very different type of response than customers had after the S3 outage in mid-February, when some users were quite angry at a lack of acknowledgement and information from Amazon about the outage, which lasted for as long as three hours.
At 3:21 a.m. Pacific Time on Monday, the first customer posted a note saying that the EC2 service was back up. Others followed. On the forum, Amazon said it would post more details about what caused the problem, but hadn't by Monday afternoon. An Amazon spokesman said he was working to get answers to questions about the outage.
Still, improvements in communication don't change the reliability of the services. Shih recommends that companies only consider using Amazon's Web services for small internal development products, where a company can absorb the risks and potential downtime.
But that recommendation could change in the future. "Do I expect them to raise their game and get better over time? Absolutely," Shih said. "They're pouring resources into this, and they're serious about it."
While these types of outages are a black eye for Amazon, they likely don't cost the company in terms of service level agreement payouts, Shih said. Late last year, Amazon created an SLA that lets companies apply for credits in the event of an outage. "Most people won't bother to get their money back," Shih said. "It's such a small amount, and it requires more paperwork to get the credit." But an SLA is something Amazon has to offer in order for companies to consider it a true enterprise-class service, he said.
AMD announces layoffs, drops revenue forecast
Advanced Micro Devices on Monday said it plans to lay off 10 percent of its work force by the third quarter of 2008 in an effort to cut costs.
AMD currently has 16,800 employees worldwide, said Drew Prairie, an AMD spokesman. The layoffs will take place across business units around the world, he said.
"It's an action that will help create a better cost structure and help us return to profitability," Prairie said.
As a result of the layoffs, AMD expects to take restructuring charge of an undetermined amount in the second quarter of 2008.
The company also lowered its revenue expectations for the first quarter of 2008 is "due to lower than expected sales across all business segments," it said in a statement. AMD is predicting quarterly sales of US$1.5 billion, a 22 percent increase compared to the first quarter of 2007.
Analysts polled by Thomson Financial originally predicted net revenue of $1.61 billion.
The company will address these issues further on April 17, when it announces financial results for the quarter.
AMD has been struggling since acquiring graphics vendor ATI in 2006, reporting five consecutive quarterly losses due mostly to charges connected with the acquisition. AMD reported a net loss of $1.772 billion in the fourth quarter of 2007, which was higher than revenue of $1.770 billion. The net loss included charges of $1.675 billion mostly related to AMD's acquisition of ATI in 2006.
During a conference call announcing the fourth quarter results, AMD Chief Financial Officer Mario Rivet said the company hopes to return to profitability by the second quarter of 2008.
AMD currently has 16,800 employees worldwide, said Drew Prairie, an AMD spokesman. The layoffs will take place across business units around the world, he said.
"It's an action that will help create a better cost structure and help us return to profitability," Prairie said.
As a result of the layoffs, AMD expects to take restructuring charge of an undetermined amount in the second quarter of 2008.
The company also lowered its revenue expectations for the first quarter of 2008 is "due to lower than expected sales across all business segments," it said in a statement. AMD is predicting quarterly sales of US$1.5 billion, a 22 percent increase compared to the first quarter of 2007.
Analysts polled by Thomson Financial originally predicted net revenue of $1.61 billion.
The company will address these issues further on April 17, when it announces financial results for the quarter.
AMD has been struggling since acquiring graphics vendor ATI in 2006, reporting five consecutive quarterly losses due mostly to charges connected with the acquisition. AMD reported a net loss of $1.772 billion in the fourth quarter of 2007, which was higher than revenue of $1.770 billion. The net loss included charges of $1.675 billion mostly related to AMD's acquisition of ATI in 2006.
During a conference call announcing the fourth quarter results, AMD Chief Financial Officer Mario Rivet said the company hopes to return to profitability by the second quarter of 2008.
Samsung committed to torch relay despite protests
Samsung Electronics says it remains committed to its sponsorship of the Olympic torch relay despite large protests in London on Sunday that dogged the progress of the torch through the city.
"We understand there are concerns among consumers, customers and even internally within Samsung," said Louis Kim, a spokesman for Samsung in Seoul. He said Samsung has no control over the route of the torch or the cities it visits. "Just like the spectators we are trying to embrace the Olympic Games," he said.
Thousands of people turned out to see the Olympic torch and among them were a sizable number who were protesting China's human-rights record and its treatment of people in Tibet.
To enable the torch to travel through the city without interruption, a protective ring of Chinese security staff supplemented two rings of local police but at several points people managed to get close to the torch. At one point a protestor managed to grab the torch for a moment before being wrestled to the ground by police.
By the end of the day there had been 37 arrests by police involving incidents related to the relay.
On Monday the torch relay moved on to Paris and on Wednesday it is due to travel through San Francisco.
"We have to watch carefully but the torch will continue to travel until the end of the international relay," said Kim.
Television pictures from Paris show hundreds of mainly pro-Tibet protestors along part of the torch relay route and some clashes with police. Several arrests have reportedly been made. Perhaps most symbolically, the Olympic torch has been extinguished during the Paris leg, according to several reports from the city.
Samsung is one of a handful of major sponsors of the Olympic Games. It began sponsoring the torch relay at the 2004 games in Athens and will continue to do so until the 2016 games.
"We understand there are concerns among consumers, customers and even internally within Samsung," said Louis Kim, a spokesman for Samsung in Seoul. He said Samsung has no control over the route of the torch or the cities it visits. "Just like the spectators we are trying to embrace the Olympic Games," he said.
Thousands of people turned out to see the Olympic torch and among them were a sizable number who were protesting China's human-rights record and its treatment of people in Tibet.
To enable the torch to travel through the city without interruption, a protective ring of Chinese security staff supplemented two rings of local police but at several points people managed to get close to the torch. At one point a protestor managed to grab the torch for a moment before being wrestled to the ground by police.
By the end of the day there had been 37 arrests by police involving incidents related to the relay.
On Monday the torch relay moved on to Paris and on Wednesday it is due to travel through San Francisco.
"We have to watch carefully but the torch will continue to travel until the end of the international relay," said Kim.
Television pictures from Paris show hundreds of mainly pro-Tibet protestors along part of the torch relay route and some clashes with police. Several arrests have reportedly been made. Perhaps most symbolically, the Olympic torch has been extinguished during the Paris leg, according to several reports from the city.
Samsung is one of a handful of major sponsors of the Olympic Games. It began sponsoring the torch relay at the 2004 games in Athens and will continue to do so until the 2016 games.
Motorola, Icahn reach agreement on board
Motorola and Carl Icahn have reached an agreement that ends the activist investor's long battle to install members on Motorola's board and break up the company.
Two people Icahn has backed for the board will be nominated to it, and one will be seated immediately, the company and Icahn said in a statement Monday. In addition, Motorola agreed to seek input from Icahn regarding the spinoff of the company's handset division and the search for a leader of that unit. As part of the deal, all pending litigation between Motorola and Icahn will be dismissed.
Icahn owns about 6.4 percent of Motorola. He has been pressuring the wireless network and handset maker for several months, at first waging an unsuccessful battle for shareholders' proxy votes to get elected to the board himself. He also has argued that Motorola would be worth more broken up than as a whole. Icahn attacked while Motorola was suffering weak financial results after profits from its popular Razr handset faded and it failed to come up with another hit phone.
The pressure may have succeeded. CEO Ed Zander stepped down late last year, and last month the company announced plans to separate the handset division from its enterprise and home network units in 2009. Motorola would become two companies, each with its own stock. The plan still needs some approvals.
William Hambrecht, founder, chairman and CEO of financial services firm WR Hambrecht + Co., and Icahn investment funds managing director Keith Meister, will be nominated for the board at the company's 2008 Annual Meeting of Shareholders as part of the deal announced Monday. Meister also was appointed to begin serving on the board immediately. Hambrecht and Meister are allowed to communicate with Icahn about the board's activities, subject to certain confidentiality rules, according to the statement.
Icahn invests broadly and has a reputation for using his ownership of large stakes in various companies to bring about changes. Last year he demanded that BEA shareholders be allowed to vote on Oracle's proposal to buy the enterprise software maker. The deal passed a special shareholder vote last week. In 2005, he told Time Warner to reverse its troubled 2000 acquisition of AOL. It never did.
Two people Icahn has backed for the board will be nominated to it, and one will be seated immediately, the company and Icahn said in a statement Monday. In addition, Motorola agreed to seek input from Icahn regarding the spinoff of the company's handset division and the search for a leader of that unit. As part of the deal, all pending litigation between Motorola and Icahn will be dismissed.
Icahn owns about 6.4 percent of Motorola. He has been pressuring the wireless network and handset maker for several months, at first waging an unsuccessful battle for shareholders' proxy votes to get elected to the board himself. He also has argued that Motorola would be worth more broken up than as a whole. Icahn attacked while Motorola was suffering weak financial results after profits from its popular Razr handset faded and it failed to come up with another hit phone.
The pressure may have succeeded. CEO Ed Zander stepped down late last year, and last month the company announced plans to separate the handset division from its enterprise and home network units in 2009. Motorola would become two companies, each with its own stock. The plan still needs some approvals.
William Hambrecht, founder, chairman and CEO of financial services firm WR Hambrecht + Co., and Icahn investment funds managing director Keith Meister, will be nominated for the board at the company's 2008 Annual Meeting of Shareholders as part of the deal announced Monday. Meister also was appointed to begin serving on the board immediately. Hambrecht and Meister are allowed to communicate with Icahn about the board's activities, subject to certain confidentiality rules, according to the statement.
Icahn invests broadly and has a reputation for using his ownership of large stakes in various companies to bring about changes. Last year he demanded that BEA shareholders be allowed to vote on Oracle's proposal to buy the enterprise software maker. The deal passed a special shareholder vote last week. In 2005, he told Time Warner to reverse its troubled 2000 acquisition of AOL. It never did.
New attack targets ActiveX bugs
Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before, said a security company on Friday
Fewer than half of the flawed ActiveX controls have been patched.
The attack framework probes Windows PCs for vulnerable ActiveX controls from software vendors Microsoft Corp., Citrix Systems Inc. and Macrovision Corp., as well as hardware makers D-Link Corp., Hewlett-Packard Co., Gateway Inc., and Sony Corp., said a Symantec Corp. researcher.
"What's interesting about this attack is that there are so many vulnerabilities in one attack that have not been seen in the wild previously," said Symantec's Patrick Jungles, who wrote an analysis of the multi-strike package for customers of the company's DeepSight threat service.
According to Jungles, visitors to compromised Web sites are redirected by a rogue IFRAME to a malicious site serving the package. The attack pack tests the victim's PC for each ActiveX control, detects whether a vulnerable version of a control is installed, then launches an attack when it finds one.
Bugs in ActiveX, a Microsoft technology used most often to create add-ons for the company's Internet Explorer (IE) browser, have always been common, but so many serious flaws have been disclosed of late that some security experts have recommended users do without them.
The seven exploited in the package outlined by Jungles are a mix of old and brand-new flaws. For example, Microsoft's own ActiveX vulnerability -- a bug in IE's Speech API (application programming interface) -- was disclosed in June 2007, while the vulnerability in the Citrix Presentation Server Client control harks back even further, to December 2006. Others, such as the ActiveX bugs in D-Link's security Webcams and in Sony's ImageStation, are much more recent, having been revealed in February.
Four of the seven ActiveX flaws -- those in the D-Link, Gateway, Sony and Macrovision products -- have not been patched, said Jungles.
Assuming the exploit framework succeeds in compromising a PC, the hackers drop a Trojan on the machine that turns it into a spam-spewing zombie; the Trojan includes a rootkit component to mask the malware from anti-virus scanners.
Symantec added that while the initial IP address that sent users to the malicious site was no longer infected with the IFRAME code, other addresses were redirecting users.
"The list of IPs involved in the exploitation is by no means comprehensive," said Jungles, "because the nature of the exploitation indicates that several other sites are likely forwarding victims." The IFRAME code, he continued, had been found embedded in the legitimate sites' HTML and was at times distributed via online advertisements; DNS poisoning, he said, was also suspected.
Jungles' report recommended that users apply patches, when they're available, and set the "kill bit" on those ActiveX controls which have not yet been updated by their makers.
Fewer than half of the flawed ActiveX controls have been patched.
The attack framework probes Windows PCs for vulnerable ActiveX controls from software vendors Microsoft Corp., Citrix Systems Inc. and Macrovision Corp., as well as hardware makers D-Link Corp., Hewlett-Packard Co., Gateway Inc., and Sony Corp., said a Symantec Corp. researcher.
"What's interesting about this attack is that there are so many vulnerabilities in one attack that have not been seen in the wild previously," said Symantec's Patrick Jungles, who wrote an analysis of the multi-strike package for customers of the company's DeepSight threat service.
According to Jungles, visitors to compromised Web sites are redirected by a rogue IFRAME to a malicious site serving the package. The attack pack tests the victim's PC for each ActiveX control, detects whether a vulnerable version of a control is installed, then launches an attack when it finds one.
Bugs in ActiveX, a Microsoft technology used most often to create add-ons for the company's Internet Explorer (IE) browser, have always been common, but so many serious flaws have been disclosed of late that some security experts have recommended users do without them.
The seven exploited in the package outlined by Jungles are a mix of old and brand-new flaws. For example, Microsoft's own ActiveX vulnerability -- a bug in IE's Speech API (application programming interface) -- was disclosed in June 2007, while the vulnerability in the Citrix Presentation Server Client control harks back even further, to December 2006. Others, such as the ActiveX bugs in D-Link's security Webcams and in Sony's ImageStation, are much more recent, having been revealed in February.
Four of the seven ActiveX flaws -- those in the D-Link, Gateway, Sony and Macrovision products -- have not been patched, said Jungles.
Assuming the exploit framework succeeds in compromising a PC, the hackers drop a Trojan on the machine that turns it into a spam-spewing zombie; the Trojan includes a rootkit component to mask the malware from anti-virus scanners.
Symantec added that while the initial IP address that sent users to the malicious site was no longer infected with the IFRAME code, other addresses were redirecting users.
"The list of IPs involved in the exploitation is by no means comprehensive," said Jungles, "because the nature of the exploitation indicates that several other sites are likely forwarding victims." The IFRAME code, he continued, had been found embedded in the legitimate sites' HTML and was at times distributed via online advertisements; DNS poisoning, he said, was also suspected.
Jungles' report recommended that users apply patches, when they're available, and set the "kill bit" on those ActiveX controls which have not yet been updated by their makers.
Subscribe to:
Posts (Atom)