The electronics of Boeing's new 787 Dreamliner jet could be vulnerable to hackers due to the way critical flight systems are linked with those used by passengers, the U.S. Federal Aviation Administration has warned.
The 787 "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane," the FAA said in the warning, which has been posted on Cryptome.org.
The design of those electronic systems "may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."
The document doesn't have a response from Boeing, but a company spokeswoman told Wired magazine it was aware of the problem and had been working on it for several years with the FAA.
The FAA document includes comments on the issue from the Air Line Pilots Association (ALPA) and competitor Airbus.
ALPA said Boeing should find a way to allow the flight crew to disable the passengers' ability to connect to the systems. In response, the FAA said it preferred not to dictate specific design features but let Boeing determine the appropriate security protections.
Airbus, whose comments support Boeing, said that physically separating the passenger and critical networks -- one sure-fire method of stopping tampering -- means that passengers may not then have access to satellite and other network connections. The company argued that a minimum amount of communication between the networks is necessary.
The FAA responded that airlines could then use technology "which allows sharing of resources without allowing unauthorized access and inappropriate actions to systems and data."
Boeing has sold more than more than 740 Dreamliners so far. The midsize plane is scheduled for a test flight early this year, with a full rollout of the planes later this year, according to Boeing's Web site.
Tuesday, January 8, 2008
Wikia search engine to go live on Monday
Search Wikia, the widely awaited search engine from Wikipedia founder Jimmy Wales, is slated to make its official debut on Monday, with the bet that an open-source, community-driven effort can disrupt and reshape this Google-dominated market.
However, people who give the search engine a test drive on Monday shouldn't expect a Google killer, because they will be looking at a project that is at a very early stage and will need participation from volunteers to grow and be refined, Wales said.
In that sense, Search Wikia is expected to develop in a similar fashion to Wikipedia, an online encyclopedia written and edited by a community of volunteer collaborators who have expanded it and improved it organically over the years.
"Search Wikia is an extremely alpha project. It's a project to build a search engine and not a full-fledged competitor to Google yet. We want to make sure people understand that it's in its very early days," Wales said.
Still, Wales fully expects Search Wikia to eventually be a better alternative to commercial search engines from the likes of Google, Yahoo, Microsoft, AOL and Ask.com.
"I don't know how long it will take to reach industry-standard quality search results, but I'd say at least two years," he said.
People interested in volunteering will find a variety of options at Search Wikia, including working with the software to improve and extend it, as well as suggesting pages for the index and evaluating and rating search results.
Those who register to participate in the project will join a social networking environment where they can have a list of friends, upload photos, build profiles and be notified of friends' actions.
Users of the search engine will be presented with what Wales calls a "mini article" at the top of the results list. This can be a photo, a text definition, an external link or whatever else has been determined is the best answer to that particular query.
Below the "mini article" will be the list of results, picked from the Search Wikia index, which on Monday will have anywhere between 50 million and 100 million Web pages. Wales concedes that number is small, but said it will continue to grow over time.
Users will be able to rank the quality of individual search results, and Search Wikia will factor in that feedback when solving future queries. "That way, people will be able to influence the algorithmic search results," he said.
Those who try to abuse the system for, say, search engine spamming purposes, are bound to be quickly noticed by administrators and other community members, and they will swiftly be blocked and banned, Wales said.
Initially, people will only be able to do general Web searches, but the plan is to add tabs for image and news searches later. Likewise, Search Wikia's index will only contain links to English-language Web sites at first, but more languages will be supported progressively. "The goal is to be in as many languages as possible as fast as possible," Wales said.
Improvements to Search Wikia will be added on a rolling basis. "It's release early, release often. We want to be constantly updating the software every day," he said. Search Wikia will be supported by advertising revenue, but it hasn't yet been determined how.
Search Wikia's software and data, including its Web crawl index, will be freely available to anyone wishing to use them to create their own engine or search application, Wales said.
"With an open-source search engine, lots of people will download and use our software to compete with the major players. We think we have a chance of actually restructuring the industry to be much more competitive," Wales said.
In the past, Wales has said that search isn't a "defensible business" because it's easy for users to switch among providers, so democratizing search is a good thing for all companies in this market. What is a defensible business is the ad brokerage that rides on top of the search engine activity, and that's where a company such as Google should focus, according to Wales.
Search Wikia and Wikipedia operate under two organizations that were both founded by Wales: Wikia Inc. is a commercial, for-profit company with about 40 full-time employees. Wales is its board chairman. The Wikimedia Foundation, which oversees Wikipedia, is a nonprofit entity, and Wales is its chairman emeritus.
Wikia Inc. and Wikimedia operate independently. Search Wikia is one of several projects and services at Wikia Inc.
However, people who give the search engine a test drive on Monday shouldn't expect a Google killer, because they will be looking at a project that is at a very early stage and will need participation from volunteers to grow and be refined, Wales said.
In that sense, Search Wikia is expected to develop in a similar fashion to Wikipedia, an online encyclopedia written and edited by a community of volunteer collaborators who have expanded it and improved it organically over the years.
"Search Wikia is an extremely alpha project. It's a project to build a search engine and not a full-fledged competitor to Google yet. We want to make sure people understand that it's in its very early days," Wales said.
Still, Wales fully expects Search Wikia to eventually be a better alternative to commercial search engines from the likes of Google, Yahoo, Microsoft, AOL and Ask.com.
"I don't know how long it will take to reach industry-standard quality search results, but I'd say at least two years," he said.
People interested in volunteering will find a variety of options at Search Wikia, including working with the software to improve and extend it, as well as suggesting pages for the index and evaluating and rating search results.
Those who register to participate in the project will join a social networking environment where they can have a list of friends, upload photos, build profiles and be notified of friends' actions.
Users of the search engine will be presented with what Wales calls a "mini article" at the top of the results list. This can be a photo, a text definition, an external link or whatever else has been determined is the best answer to that particular query.
Below the "mini article" will be the list of results, picked from the Search Wikia index, which on Monday will have anywhere between 50 million and 100 million Web pages. Wales concedes that number is small, but said it will continue to grow over time.
Users will be able to rank the quality of individual search results, and Search Wikia will factor in that feedback when solving future queries. "That way, people will be able to influence the algorithmic search results," he said.
Those who try to abuse the system for, say, search engine spamming purposes, are bound to be quickly noticed by administrators and other community members, and they will swiftly be blocked and banned, Wales said.
Initially, people will only be able to do general Web searches, but the plan is to add tabs for image and news searches later. Likewise, Search Wikia's index will only contain links to English-language Web sites at first, but more languages will be supported progressively. "The goal is to be in as many languages as possible as fast as possible," Wales said.
Improvements to Search Wikia will be added on a rolling basis. "It's release early, release often. We want to be constantly updating the software every day," he said. Search Wikia will be supported by advertising revenue, but it hasn't yet been determined how.
Search Wikia's software and data, including its Web crawl index, will be freely available to anyone wishing to use them to create their own engine or search application, Wales said.
"With an open-source search engine, lots of people will download and use our software to compete with the major players. We think we have a chance of actually restructuring the industry to be much more competitive," Wales said.
In the past, Wales has said that search isn't a "defensible business" because it's easy for users to switch among providers, so democratizing search is a good thing for all companies in this market. What is a defensible business is the ad brokerage that rides on top of the search engine activity, and that's where a company such as Google should focus, according to Wales.
Search Wikia and Wikipedia operate under two organizations that were both founded by Wales: Wikia Inc. is a commercial, for-profit company with about 40 full-time employees. Wales is its board chairman. The Wikimedia Foundation, which oversees Wikipedia, is a nonprofit entity, and Wales is its chairman emeritus.
Wikia Inc. and Wikimedia operate independently. Search Wikia is one of several projects and services at Wikia Inc.
CES: Intel: It's early for mobile quad-core processors
Intel Monday officially launched Penryn-based dual-core processors for notebooks, but also indicated that users expecting quad-core mobile processors may have to wait until issues surrounding power consumption are resolved.
The company's Core 2 Duo processors will be delivered to laptops based on the Centrino mobile platform. Manufactured using the 45-nanometer process, the new CPUs (central processing units) will provide laptops with better performance and improved battery life, said Mooly Eden, vice president and general manager, Intel Mobile Platforms Group.
Intel's dual-core processors are good enough for notebooks at present as they perform required tasks and do not strain battery life, Eden said. Quad-core processors have power-consumption issues and are not ideal for laptops yet, Eden said.
Although Eden did not talk about Intel's mobile quad-core processor road map, he said notebooks in the near future will continue to see energy-efficient dual-core processors. Quad-core processors may first make their way to the high-end gaming and workstation notebooks that require heavy processing power, Eden said.
To preserve battery life, the Penryn-based Core 2 Duo processors have an advanced power management state called Deep Power Down Technology, which reduces a processor's power when not functional.
While cutting down on power usage, Penryn processors jump to higher clock rates and feature cache and design improvements that boost the processors' performance compared with earlier 65-nm processors, Intel has said. The improved processors deliver better video performance with the help of instruction sets designed to process graphics and high-definition video tasks.
Penryn processors feature smaller transistors and cut down on electricity leaks, according to Intel. The processors use high-k metal-gate transistors, which make the processors faster and less leaky compared with earlier processors that have silicon gates.
The improved Centrino mobile platform, called Santa Rosa Refresh, will feature the Intel Mobile 965 processor and support for 802.11n wireless networking. An upgrade to the platform code-named Montevina is already being planned by Intel, and is due out in the second half of 2008. The Montevina platform will include Echo Peak, a mini-card that integrates WiMax and Wi-Fi wireless technology on one chip.
The new Core 2 Duo processors -- the T8100, T8300, T9300 and T9500 -- feature clock speeds between 2.10Ghz and 2.6Ghz, with 3M bytes to 6M bytes of shared L2 cache. Prices for the chips range from US$209 for the T8100 chip to $530 for the T9500 chip.
Intel also introduced the Core 2 Extreme X9000 processor, which runs at 2.8GHz, includes 6M bytes of shared L2 cache and is priced at $851.
No vendors made announcements of systems including the new processors at the time of press.
Intel also added Penryn-based server and desktop processors on Monday.
It released Core 2 Quad quad-core desktop processors with clock speeds of 2.5GHz to 2.83GHz and prices ranging from $266 to $530. Intel also released four dual-core desktop processors, including the Intel Core 2 Duo E8500 processor, which runs at 3.16GHz, includes 6M bytes of L2 cache and is priced at $266.
Intel will ship three new Xeon quad-core processors, with clock speeds ranging from 2.5Ghz to 2.83GHz and shared L2 cache from 6M bytes to 12M bytes, with prices from $266 to $530. The company's new dual-core Xeon E3110 processor, which runs at 3GHz and includes 6M bytes of shared L2 cache, is priced at $188.
The company's Core 2 Duo processors will be delivered to laptops based on the Centrino mobile platform. Manufactured using the 45-nanometer process, the new CPUs (central processing units) will provide laptops with better performance and improved battery life, said Mooly Eden, vice president and general manager, Intel Mobile Platforms Group.
Intel's dual-core processors are good enough for notebooks at present as they perform required tasks and do not strain battery life, Eden said. Quad-core processors have power-consumption issues and are not ideal for laptops yet, Eden said.
Although Eden did not talk about Intel's mobile quad-core processor road map, he said notebooks in the near future will continue to see energy-efficient dual-core processors. Quad-core processors may first make their way to the high-end gaming and workstation notebooks that require heavy processing power, Eden said.
To preserve battery life, the Penryn-based Core 2 Duo processors have an advanced power management state called Deep Power Down Technology, which reduces a processor's power when not functional.
While cutting down on power usage, Penryn processors jump to higher clock rates and feature cache and design improvements that boost the processors' performance compared with earlier 65-nm processors, Intel has said. The improved processors deliver better video performance with the help of instruction sets designed to process graphics and high-definition video tasks.
Penryn processors feature smaller transistors and cut down on electricity leaks, according to Intel. The processors use high-k metal-gate transistors, which make the processors faster and less leaky compared with earlier processors that have silicon gates.
The improved Centrino mobile platform, called Santa Rosa Refresh, will feature the Intel Mobile 965 processor and support for 802.11n wireless networking. An upgrade to the platform code-named Montevina is already being planned by Intel, and is due out in the second half of 2008. The Montevina platform will include Echo Peak, a mini-card that integrates WiMax and Wi-Fi wireless technology on one chip.
The new Core 2 Duo processors -- the T8100, T8300, T9300 and T9500 -- feature clock speeds between 2.10Ghz and 2.6Ghz, with 3M bytes to 6M bytes of shared L2 cache. Prices for the chips range from US$209 for the T8100 chip to $530 for the T9500 chip.
Intel also introduced the Core 2 Extreme X9000 processor, which runs at 2.8GHz, includes 6M bytes of shared L2 cache and is priced at $851.
No vendors made announcements of systems including the new processors at the time of press.
Intel also added Penryn-based server and desktop processors on Monday.
It released Core 2 Quad quad-core desktop processors with clock speeds of 2.5GHz to 2.83GHz and prices ranging from $266 to $530. Intel also released four dual-core desktop processors, including the Intel Core 2 Duo E8500 processor, which runs at 3.16GHz, includes 6M bytes of L2 cache and is priced at $266.
Intel will ship three new Xeon quad-core processors, with clock speeds ranging from 2.5Ghz to 2.83GHz and shared L2 cache from 6M bytes to 12M bytes, with prices from $266 to $530. The company's new dual-core Xeon E3110 processor, which runs at 3GHz and includes 6M bytes of shared L2 cache, is priced at $188.
Dutch company sells media player -- with a worm
A batch of digital media players sold by a Dutch importer over the holidays appear to have been infected with a nasty stocking stuffer -- a worm.
One user reportedly discovered the worm, Worm.Win32.Fujack.aa, after opening the Victory LT-200, a 512 M-Byte USB media player sold by Victory Nederland, wrote Roel Schouwenberg, a senior research engineer, for Kaspersky Lab, on a company blog.
At least one other variant of the Fujack worm has been observed to spread other programs that can steal passwords for online games, according to information previously published by Kaspersky.
"We've contacted the company concerned," Schouwenberg wrote. "They told us they were aware that a few months ago there was a partially infected batch of these MP3 players, and that they'd taken steps to fix the problem."
A Victory employee contacted Monday said the company knows of the problem, but further information was not immediately available.
Worms and viruses on removable storage devices can be particularly dangerous since the applications can be set to automatically run when the devices are plugged into a PC running Windows XP, Schouwenberg wrote. Microsoft fixed this in its Vista OS, which prompts a user before automatically running a program.
It's not the first time storage drives have been infected at some point during the manufacturing process. Seagate warned in November that a small number of its Maxtor drives were infected with a malicious software program that also stole passwords for online games.
The malware targeted the popular World of Warcraft game, as well as the Chinese games QQ, WSGame and AskTao.
The best countermeasure for users is to ensure antivirus software is up-to-date and scan new drives for malware upon connection to a PC.
"This case shows clearly that you should always exercise caution when handling unknown external storage media, whether it's fresh out of the box or passed to you by a friend or colleague," Schouwenberg wrote.
One user reportedly discovered the worm, Worm.Win32.Fujack.aa, after opening the Victory LT-200, a 512 M-Byte USB media player sold by Victory Nederland, wrote Roel Schouwenberg, a senior research engineer, for Kaspersky Lab, on a company blog.
At least one other variant of the Fujack worm has been observed to spread other programs that can steal passwords for online games, according to information previously published by Kaspersky.
"We've contacted the company concerned," Schouwenberg wrote. "They told us they were aware that a few months ago there was a partially infected batch of these MP3 players, and that they'd taken steps to fix the problem."
A Victory employee contacted Monday said the company knows of the problem, but further information was not immediately available.
Worms and viruses on removable storage devices can be particularly dangerous since the applications can be set to automatically run when the devices are plugged into a PC running Windows XP, Schouwenberg wrote. Microsoft fixed this in its Vista OS, which prompts a user before automatically running a program.
It's not the first time storage drives have been infected at some point during the manufacturing process. Seagate warned in November that a small number of its Maxtor drives were infected with a malicious software program that also stole passwords for online games.
The malware targeted the popular World of Warcraft game, as well as the Chinese games QQ, WSGame and AskTao.
The best countermeasure for users is to ensure antivirus software is up-to-date and scan new drives for malware upon connection to a PC.
"This case shows clearly that you should always exercise caution when handling unknown external storage media, whether it's fresh out of the box or passed to you by a friend or colleague," Schouwenberg wrote.
CES: Gates bids adieu to CES, sense of humor intact
Bill Gates has never taken himself as seriously as he does his company. So it was only fitting that it was with a humorous and star-studded video parody that he kicked off his final pre-show keynote at the Consumer Electronics Show (CES) Sunday night in Las Vegas.
Gates fictionally portrayed his last day of full-time work at CES in a video that had everyone from presidential candidates Hillary Clinton and Barack Obama to The Daily Show host Jon Stewart turning him down for a job, and music mogul Jay-Z and film actor Matthew McConaughey patiently enduring his painful attempts at new extracurricular activities -- rapping and hitting the gym.
When the laughs and well-received applause from a crowd of several thousand at The Venetian hotel and casino died down, Gates once again outlined his vision for a world of service-connected devices that allow for human interactions through speech and touch -- a vision he's been promoting for years from the CES stage.
"Getting the latest software, getting your data -- you'll just take that for granted," Gates said. "When you take a photo it will show up in a place you like it to show up. That will be very simple."
He added that eventually, devices also will know the context and location of the people using them, so location-based information from a device will be automatic.
Gates' vision for a connected world of devices and services has always been impressive. But as he makes his full-time exit from Microsoft, the company has yet to bring it to the mainstream user.
Although some of the news in Gates' keynote seems to suggest Microsoft is poised to change that, the company's strategy remains rooted in disparate product lines that haven't quite come together. And the company is facing increased pressure from competitors such as Apple and Google, which have turned ideas Microsoft has bandied about for years -- such as touch-screen technology and Web-based services -- into profits the software giant has not come close to achieving with its own efforts.
Still, Microsoft introduced some new deals and services on stage Sunday that show the company is on the right track. In particular, Microsoft has struck some savvy deals with entertainment companies MGM and ABC to bring films and popular TV shows, respectively, to Xbox Live. That service and community, aimed at gamers using the Xbox console, has turned the Xbox into a viable television platform, tying together Microsoft's gaming strategy with its aim to provide premium entertainment. Along those lines, the company also announced a deal Sunday with British Telecom to deliver its IPTV service Mediaroom through the Xbox console.
Other offerings that tie together multiple services and devices on display Sunday also showed that Gates' connected services vision is coming into focus. A demo during the keynote showed how users can take photos from within a Windows Live hosted service and post them seamlessly to a blog or e-mail them to friends. Another showed how users can purchase movie tickets on a Windows Mobile device using voice commands and then text-message those tickets to other mobile devices.
Microsoft also showed some progress on the Zune media player front, even though many still view the device as a poor competitor to Apple's enormously popular line of iPods. During the keynote Microsoft introduced Zune Social, an online community where Zune users can share playlists, track what their friends are listening to on their own devices and connect automatically to the Zune Marketplace to purchase songs.
Toward the end of Gates' keynote, he and Microsoft President Robbie Bach demonstrated a prototype device from Microsoft Research that seemed to represent the culmination of the company's connected-device strategy. The device used visual recognition to identify people and places in its line of "sight," and remind a user of events related to them. For example, when Gates aimed the device at Bach, the device identified him and reminded Gates that Bach owed him US$20. However, information neither Gates nor Bach could provide was how long it would take for such a device to be fully developed and released.
When all was said and done on Sunday, Gates ended his CES legacy not with a bang but a whimper, allowing a special guest star to steal what would have been his final CES thunder.
During what was poised to be a $20 contest between Gates and Bach on the popular Guitar Hero game, Gates instead introduced a ringer to take his place -- former Guns N' Roses guitarist Slash. As the shaggy-haired guitarist played a loud riff from the band's song "Welcome to the Jungle," Gates stood smiling on the stage and let Bach say the final goodbye, assuring attendees that he, at least, would be back again next year.
Gates fictionally portrayed his last day of full-time work at CES in a video that had everyone from presidential candidates Hillary Clinton and Barack Obama to The Daily Show host Jon Stewart turning him down for a job, and music mogul Jay-Z and film actor Matthew McConaughey patiently enduring his painful attempts at new extracurricular activities -- rapping and hitting the gym.
When the laughs and well-received applause from a crowd of several thousand at The Venetian hotel and casino died down, Gates once again outlined his vision for a world of service-connected devices that allow for human interactions through speech and touch -- a vision he's been promoting for years from the CES stage.
"Getting the latest software, getting your data -- you'll just take that for granted," Gates said. "When you take a photo it will show up in a place you like it to show up. That will be very simple."
He added that eventually, devices also will know the context and location of the people using them, so location-based information from a device will be automatic.
Gates' vision for a connected world of devices and services has always been impressive. But as he makes his full-time exit from Microsoft, the company has yet to bring it to the mainstream user.
Although some of the news in Gates' keynote seems to suggest Microsoft is poised to change that, the company's strategy remains rooted in disparate product lines that haven't quite come together. And the company is facing increased pressure from competitors such as Apple and Google, which have turned ideas Microsoft has bandied about for years -- such as touch-screen technology and Web-based services -- into profits the software giant has not come close to achieving with its own efforts.
Still, Microsoft introduced some new deals and services on stage Sunday that show the company is on the right track. In particular, Microsoft has struck some savvy deals with entertainment companies MGM and ABC to bring films and popular TV shows, respectively, to Xbox Live. That service and community, aimed at gamers using the Xbox console, has turned the Xbox into a viable television platform, tying together Microsoft's gaming strategy with its aim to provide premium entertainment. Along those lines, the company also announced a deal Sunday with British Telecom to deliver its IPTV service Mediaroom through the Xbox console.
Other offerings that tie together multiple services and devices on display Sunday also showed that Gates' connected services vision is coming into focus. A demo during the keynote showed how users can take photos from within a Windows Live hosted service and post them seamlessly to a blog or e-mail them to friends. Another showed how users can purchase movie tickets on a Windows Mobile device using voice commands and then text-message those tickets to other mobile devices.
Microsoft also showed some progress on the Zune media player front, even though many still view the device as a poor competitor to Apple's enormously popular line of iPods. During the keynote Microsoft introduced Zune Social, an online community where Zune users can share playlists, track what their friends are listening to on their own devices and connect automatically to the Zune Marketplace to purchase songs.
Toward the end of Gates' keynote, he and Microsoft President Robbie Bach demonstrated a prototype device from Microsoft Research that seemed to represent the culmination of the company's connected-device strategy. The device used visual recognition to identify people and places in its line of "sight," and remind a user of events related to them. For example, when Gates aimed the device at Bach, the device identified him and reminded Gates that Bach owed him US$20. However, information neither Gates nor Bach could provide was how long it would take for such a device to be fully developed and released.
When all was said and done on Sunday, Gates ended his CES legacy not with a bang but a whimper, allowing a special guest star to steal what would have been his final CES thunder.
During what was poised to be a $20 contest between Gates and Bach on the popular Guitar Hero game, Gates instead introduced a ringer to take his place -- former Guns N' Roses guitarist Slash. As the shaggy-haired guitarist played a loud riff from the band's song "Welcome to the Jungle," Gates stood smiling on the stage and let Bach say the final goodbye, assuring attendees that he, at least, would be back again next year.
CA's Web site hacked by malware authors
Part of security software vendor CA's Web site was hacked earlier last week and was redirecting visitors to a malicious Web site hosted in China.
Although the problem now appears to have been corrected, cached versions of some pages in the press section of CA.com show that earlier this week the site had been redirecting visitors to the uc8010.com domain, which has been serving malicious software since late December, according to Marcus Sachs, director of the SANS Internet Storm Center.
The hack is similar to last year's attack on the Dolphin Stadium Web site, which infected visitors looking for information on the Super Bowl football game, Sachs said. "It's exactly the same setup," he said. "It's JavaScript that they've managed to insert into the title or the body of the HTML."
CA itself may not even host the press release section of its site, as that job is often outsourced to a third party, Sachs said. Often a misconfigured application server or a Web or database programming error can give hackers all the opening they need to insert their malicious code.
"When you outsource, you've got to be just as (demanding) about security as you are with your own site," Sachs said.
CA representatives could not be reached immediately for comment.
The uc8010.com domain serves attack code that exploits a recently patched vulnerability in the RealPlayer multimedia software, Sachs said.
The criminals behind this domain have hacked tens of thousands of Web pages and inserted code that redirects visitors to the malicious server, he added.
SANS has posted a note on the uc8010.com issue and recommends that IT staff block access to the domain. Sachs said another domain, ucmal.com -- also hosted in China -- should also be blocked because it is associated with a similar type of attack.
Although the problem now appears to have been corrected, cached versions of some pages in the press section of CA.com show that earlier this week the site had been redirecting visitors to the uc8010.com domain, which has been serving malicious software since late December, according to Marcus Sachs, director of the SANS Internet Storm Center.
The hack is similar to last year's attack on the Dolphin Stadium Web site, which infected visitors looking for information on the Super Bowl football game, Sachs said. "It's exactly the same setup," he said. "It's JavaScript that they've managed to insert into the title or the body of the HTML."
CA itself may not even host the press release section of its site, as that job is often outsourced to a third party, Sachs said. Often a misconfigured application server or a Web or database programming error can give hackers all the opening they need to insert their malicious code.
"When you outsource, you've got to be just as (demanding) about security as you are with your own site," Sachs said.
CA representatives could not be reached immediately for comment.
The uc8010.com domain serves attack code that exploits a recently patched vulnerability in the RealPlayer multimedia software, Sachs said.
The criminals behind this domain have hacked tens of thousands of Web pages and inserted code that redirects visitors to the malicious server, he added.
SANS has posted a note on the uc8010.com issue and recommends that IT staff block access to the domain. Sachs said another domain, ucmal.com -- also hosted in China -- should also be blocked because it is associated with a similar type of attack.
Motorola buys Soundbuzz to expand music offerings
Motorola will acquire online music store Soundbuzz in a bid to expand its mobile music offerings in Asia, the company said Monday.
"Soundbuzz will become part of the Motorola entertainment family," said Ian Chapman-Banks, vice president of marketing at Motorola Asia-Pacific's mobile devices unit, at a press conference in Singapore.
Terms of the deal, which is expected to close during the current quarter, were not disclosed.
Motorola hopes the acquisition of privately-held Soundbuzz will make it the top online music seller in Asia, Chapman-Banks said, citing Soundbuzz's existing relationships with recording companies as well as mobile operators in India, Australia, Singapore, and other countries in Asia.
The Soundbuzz acquisition will complement Motorola's own mobile music service, called MotoMusic, which is available in China, Chapman-Banks said.
For its part, Soundbuzz is counting on Motorola's backing to expand its reach in Asia. "Through the resources we're going to have access to, it's going to help us expand our offerings," said Sudhanshu Sarronwala, Soundbuzz's CEO, without disclosing details of the company's plans.
Soundbuzz offers mobile downloads based on OMA (Open Mobile Alliance) DRM (digital rights management) technology. An online music store for PCs operated by the company offers music downloads based on DRM technology developed by Microsoft.
The use of OMA DRM for mobile downloads, such as ringtones and ringback tones, means Soundbuzz's mobile download service will continue to support handsets made by a variety of companies, not just Motorola, Sarronwala said.
Both the PC music store and the mobile-download service will continue to operate as usual following the Motorola acquisition, Sarronwala said.
"Soundbuzz will become part of the Motorola entertainment family," said Ian Chapman-Banks, vice president of marketing at Motorola Asia-Pacific's mobile devices unit, at a press conference in Singapore.
Terms of the deal, which is expected to close during the current quarter, were not disclosed.
Motorola hopes the acquisition of privately-held Soundbuzz will make it the top online music seller in Asia, Chapman-Banks said, citing Soundbuzz's existing relationships with recording companies as well as mobile operators in India, Australia, Singapore, and other countries in Asia.
The Soundbuzz acquisition will complement Motorola's own mobile music service, called MotoMusic, which is available in China, Chapman-Banks said.
For its part, Soundbuzz is counting on Motorola's backing to expand its reach in Asia. "Through the resources we're going to have access to, it's going to help us expand our offerings," said Sudhanshu Sarronwala, Soundbuzz's CEO, without disclosing details of the company's plans.
Soundbuzz offers mobile downloads based on OMA (Open Mobile Alliance) DRM (digital rights management) technology. An online music store for PCs operated by the company offers music downloads based on DRM technology developed by Microsoft.
The use of OMA DRM for mobile downloads, such as ringtones and ringback tones, means Soundbuzz's mobile download service will continue to support handsets made by a variety of companies, not just Motorola, Sarronwala said.
Both the PC music store and the mobile-download service will continue to operate as usual following the Motorola acquisition, Sarronwala said.
CES: Yahoo invites third-party mobile widget developers
Yahoo plans to introduce new versions of its two primary mobile services and expects to launch documentation that will let any developer or publisher write mobile widgets for the Yahoo services on Monday.
Yahoo offers two ways for mobile users to access its services from their phones: through a browser or through Yahoo Go, an application that users download to their phones. Both are getting facelifts.
The new Yahoo mobile home page, which hasn't changed much in the past few years, will be customizable, said Adam Taggart, a director of product marketing at Yahoo. Users will be able to choose "content modules" that will appear on their home page, displaying content such as the latest bid on an eBay item the user is tracking. Clicking on the module opens a widget that feeds that information to the page. Users will also be able to place frequently used links on their home pages.
Yahoo Go, the downloadable application, is also getting an overhauled look and feel, Taggart said. In addition, starting on Monday the Yahoo Go client will begin showing display advertisements to users.
In addition to the new look of the mobile Web page and client, Yahoo plans to release on Monday documentation that will let third-party developers build mobile widgets. Over the next couple of weeks, Yahoo expects to release a more robust software development kit, tools and support, Taggart said.
Developers will build the widgets using Yahoo's own XHTML-based programming language, he said.
End-users will be able to choose widgets from a portal much like Yahoo's existing PC-based widgets Web page. They'll be free to use, but developers will be able to include display ads and sponsored search in their widgets in order to earn revenue. Yahoo even plans to support other competitive advertising networks if the developer or publisher has an existing relationship they'd like to maintain, he said. "We'll build a plug-in so you can bring that in," Taggart said.
The new widget development offering is Yahoo's attempt to solve the fragmentation issues that plague the mobile industry. Building mobile applications is hard, but only the first hurdle, Taggart said. "Once the experience is built, you have the much larger and painful problem of scaling them across the different device types out there," he noted. Application developers must re-write or tweak their applications for the various operating systems and even for different handsets running the same OS.
Yahoo Go 2.0, the previous client, runs on more than 250 phones but the new Yahoo Go 3.0 client will initially only be available on 30 handsets in the U.S. The browser-based service runs on many more phones because it can be accessed from a browser. Users of either Yahoo service will be able to access the new widgets, offering a large market to developers, he said.
Widgets, however, typically don't offer the same types of capabilities as full-fledged applications. In the future, Yahoo hopes to allow developers who create widgets for the Yahoo Go client to access native phone resources such as the address book and location information from a phone's GPS (Global Positioning System) radio, Taggart said.
Yahoo offers two ways for mobile users to access its services from their phones: through a browser or through Yahoo Go, an application that users download to their phones. Both are getting facelifts.
The new Yahoo mobile home page, which hasn't changed much in the past few years, will be customizable, said Adam Taggart, a director of product marketing at Yahoo. Users will be able to choose "content modules" that will appear on their home page, displaying content such as the latest bid on an eBay item the user is tracking. Clicking on the module opens a widget that feeds that information to the page. Users will also be able to place frequently used links on their home pages.
Yahoo Go, the downloadable application, is also getting an overhauled look and feel, Taggart said. In addition, starting on Monday the Yahoo Go client will begin showing display advertisements to users.
In addition to the new look of the mobile Web page and client, Yahoo plans to release on Monday documentation that will let third-party developers build mobile widgets. Over the next couple of weeks, Yahoo expects to release a more robust software development kit, tools and support, Taggart said.
Developers will build the widgets using Yahoo's own XHTML-based programming language, he said.
End-users will be able to choose widgets from a portal much like Yahoo's existing PC-based widgets Web page. They'll be free to use, but developers will be able to include display ads and sponsored search in their widgets in order to earn revenue. Yahoo even plans to support other competitive advertising networks if the developer or publisher has an existing relationship they'd like to maintain, he said. "We'll build a plug-in so you can bring that in," Taggart said.
The new widget development offering is Yahoo's attempt to solve the fragmentation issues that plague the mobile industry. Building mobile applications is hard, but only the first hurdle, Taggart said. "Once the experience is built, you have the much larger and painful problem of scaling them across the different device types out there," he noted. Application developers must re-write or tweak their applications for the various operating systems and even for different handsets running the same OS.
Yahoo Go 2.0, the previous client, runs on more than 250 phones but the new Yahoo Go 3.0 client will initially only be available on 30 handsets in the U.S. The browser-based service runs on many more phones because it can be accessed from a browser. Users of either Yahoo service will be able to access the new widgets, offering a large market to developers, he said.
Widgets, however, typically don't offer the same types of capabilities as full-fledged applications. In the future, Yahoo hopes to allow developers who create widgets for the Yahoo Go client to access native phone resources such as the address book and location information from a phone's GPS (Global Positioning System) radio, Taggart said.
Subscribe to:
Posts (Atom)