The completion of the 700MHz wireless spectrum auction on Thursday should bring more choice and new types of services for end users, although the results were not as rosy as some observers had hoped for.
For the first time in such an auction, the FCC required winners of some of the spectrum to allow any phone and any application to run on their new networks. These "open access" terms mean that end users should be able to choose from a wider selection of devices, along with new types of Web 2.0 services to run on them.
The change affects mainly Verizon, which won almost all of the licenses that must follow the open access rules. Google entered the auction but did not win any licenses, although its participation was seen by many as way to promote the open access requirement, rather than as an attempt to become a network operator.
Verizon and AT&T, another big winner, will most likely use the spectrum to offer high-speed data services -- either mobile or fixed line -- which would provide an alternative to cable or DSL (Digital Subscriber Line) Internet services. The networks will probably use the new LTE (Long Term Evolution) cellular technology. Trials could begin by the end of next year, although broad availability probably won't come until 2010 or 2011, said Bill Ho, an analyst with Current Analysis.
The new networks are unlikely to deliver cheaper services for users as some had hoped, however, at least not for a while. The operators will need to pay off the billions of dollars they pledged for the spectrum, in addition to the investment in the new networks. "It won't be cheap right off the bat," said Ho. "At some point there will be mainstream adoption, and then the price goes down."
Nor did the auction result in completely new types of companies entering the wireless market, which had been another possibility when the auctions were announced. Some said they expected all along that the incumbent operators would dominate.
"The whole thing was set up from them beginning for [the incumbents] to win all the licenses," said Vince McBride, who won just two licenses at the auction, covering only a small geographic area. The big winners in the auction picked up hundreds of licenses.
A former mail carrier, McBride has been trying his luck at FCC auctions since 1996. He said new rules for the auction favored large companies with deep pockets. For example, the FCC shortened the amount of time that the winners would have to build their networks. "All that did was prevent small businesses from coming in. They were scared of the build-out requirements," he said.
Still, the open access rules lead some to call the auction a success. In a blog post, Google called it a victory for end users.
"Consumers soon should begin enjoying new, Internet-like freedom to get the most out of their mobile phones and other wireless devices," wrote Richard Whitt, Washington telecom and media counsel for Google, and Joseph Faber, corporate counsel.
Many insiders didn't expect that Google would bid to win in the auction, even though it entered the contest. "It would have been foolish on their part to try to run a network," said Nadine Manjaro, a senior analyst with ABI Research. "It's not their core competency."
Google has developed its own mobile phone software platform, called Android, and stands to benefit from the open access rules in any case.
"They're trying to become bigger and looking at means to expand their advertising into other areas beside the PC without incurring the cost," Manjaro said. "They accomplished that. They got the networks opened up."
The high price the operators paid for the spectrum may also have an upside, since they may have to come up with innovative services to recoup their costs, she said. "They'll have to be more creative to pay for these networks,"
One potential casualty could be the rural telephone companies. That's because the 700MHz spectrum is ideal for supporting services across long distances. That means the operators may use it as an easier and cheaper way to deliver DSL-like service to rural areas -- where rural telephone companies have a lock on the market today, Manjaro said.
Saturday, March 22, 2008
Bugs found in Kerberos
The MIT developers of the Kerberos authentication system have released patches for several serious security holes, which could allow remote attackers to obtain sensitive information, shut down a system or execute malicious code.
The first problem is with the Kerberos Key Distribution Center (KDC) and involves the way the KDC handles incoming krb4 requests. The problem can be exploited to crash the KDC server, execute malicious code or disclose memory, according to MIT.
The second problem is in the way the KDC sends responses for krb4 requests, which can be exploited to disclose potentially sensitive stack memory via a specially crafted krb4 request.
Exploitation for these first two bugs requires that krb4 support is enabled in the KDC; it is disabled by default in newer versions. These bugs affect Kerberos 5 versions 1.6.3 and earlier.
The third bug is in the Kerberos RPC library when handling open file descriptors. Under certain conditions, an attacker could send an overly large number of RPC connections, causing a memory corruption and allowing the execution of malicious code.
This bug affects Kerberos 5 versions 1.2.2 to 1.3 and 1.4 through 1.6.3, according to MIT.
Independent security firm Secunia gave the bugs a "highly critical" ranking.
The first problem is with the Kerberos Key Distribution Center (KDC) and involves the way the KDC handles incoming krb4 requests. The problem can be exploited to crash the KDC server, execute malicious code or disclose memory, according to MIT.
The second problem is in the way the KDC sends responses for krb4 requests, which can be exploited to disclose potentially sensitive stack memory via a specially crafted krb4 request.
Exploitation for these first two bugs requires that krb4 support is enabled in the KDC; it is disabled by default in newer versions. These bugs affect Kerberos 5 versions 1.6.3 and earlier.
The third bug is in the Kerberos RPC library when handling open file descriptors. Under certain conditions, an attacker could send an overly large number of RPC connections, causing a memory corruption and allowing the execution of malicious code.
This bug affects Kerberos 5 versions 1.2.2 to 1.3 and 1.4 through 1.6.3, according to MIT.
Independent security firm Secunia gave the bugs a "highly critical" ranking.
Microsoft acquires security company Komoku
Microsoft hopes to beef up its security capabilities with the acquisition of Komoku, a developer of rootkit detection products, announced on Thursday.
Financial terms of the deal were not disclosed.
Microsoft plans to add Komoku's technology into its Forefront and Windows Live OneCare products. Forefront is Microsoft's suite of enterprise security software that includes malware protection for PCs, security tools for Exchange and SharePoint servers, and gateways that secure remote access to corporate data.
OneCare is a package of security software for PC users that scans for viruses and spyware, backs up files and helps with network management.
Komoku, a Maryland company founded in 2004, develops products that detect rootkits, malicious software that can take control of a computer in a way that often evades detection by other antimalware software. The company has served organizations with high security requirements, such as the Department of Homeland Security, the Department of Defense and the Defense Advanced Research Projects Agency.
As part of the deal, Microsoft will hire William A. Arbaugh, the president and CTO of Komoku, who is also an associate professor of computer science at the University of Maryland. He spent many years working at the National Security Agency where he did research in information security and networking.
Microsoft's statement said that the majority of Komoku's staff will join Microsoft's Access and Security Division. Komoku's simple Web site calls the company a small business and lists three workers, including Arbaugh.
Microsoft doesn't plan to keep the Komoku name or product line. The deal was completed on Wednesday.
Financial terms of the deal were not disclosed.
Microsoft plans to add Komoku's technology into its Forefront and Windows Live OneCare products. Forefront is Microsoft's suite of enterprise security software that includes malware protection for PCs, security tools for Exchange and SharePoint servers, and gateways that secure remote access to corporate data.
OneCare is a package of security software for PC users that scans for viruses and spyware, backs up files and helps with network management.
Komoku, a Maryland company founded in 2004, develops products that detect rootkits, malicious software that can take control of a computer in a way that often evades detection by other antimalware software. The company has served organizations with high security requirements, such as the Department of Homeland Security, the Department of Defense and the Defense Advanced Research Projects Agency.
As part of the deal, Microsoft will hire William A. Arbaugh, the president and CTO of Komoku, who is also an associate professor of computer science at the University of Maryland. He spent many years working at the National Security Agency where he did research in information security and networking.
Microsoft's statement said that the majority of Komoku's staff will join Microsoft's Access and Security Division. Komoku's simple Web site calls the company a small business and lists three workers, including Arbaugh.
Microsoft doesn't plan to keep the Komoku name or product line. The deal was completed on Wednesday.
Deal to buy 3Com falls apart
Bain Capital Partners and China's Huawei Technologies have abandoned their bid to buy U.S. networking firm 3Com because of security concerns by the U.S. government, Bain said.
The companies said last month that the proposed purchase of 3Com was on hold because of security concerns at the U.S. Committee on Foreign Investment in the United States (CFIUS), but they announced Thursday that the deal was terminated because CFIUS intended to take action to prohibit the sale, Bain said in a press release.
Bain, based in Boston, would have controlled an 83.5 percent stake in 3Com, with China's Huawei getting the remainder. But some critics, including U.S. Representative Thaddeus McCotter, a Michigan Republican, had raised concerns that Huawei has strong ties to the Chinese government.
The U.S. Department of Defense uses 3Com intrusion detection products, and Chinese hackers have targeted the agency, McCotter said in an October speech.
Bain and Huawei announced in September that they intended to buy 3Com for US $2.2 billion. They voluntarily filed a notice with CFIUS.
The companies have withdrawn their request for approval "because CFIUS made clear that it intended to take action to prohibit the proposed transaction," Bain said in a press release.
A CFIUS representative didn't immediately respond to a request for comments.
Bain made several alternative proposals to 3Com that it believed "could have satisfied the concerns raised by CFIUS,” Bain added in the press release. But the two sides were unable to come up with an agreement.
A 3Com spokesman wasn't immediately available to comment. As late as Wednesday, 3Com had announced that it intended to proceed with a shareholder meeting, scheduled for Friday, in which shareholders would decide whether to accept the Bain offer.
The companies said last month that the proposed purchase of 3Com was on hold because of security concerns at the U.S. Committee on Foreign Investment in the United States (CFIUS), but they announced Thursday that the deal was terminated because CFIUS intended to take action to prohibit the sale, Bain said in a press release.
Bain, based in Boston, would have controlled an 83.5 percent stake in 3Com, with China's Huawei getting the remainder. But some critics, including U.S. Representative Thaddeus McCotter, a Michigan Republican, had raised concerns that Huawei has strong ties to the Chinese government.
The U.S. Department of Defense uses 3Com intrusion detection products, and Chinese hackers have targeted the agency, McCotter said in an October speech.
Bain and Huawei announced in September that they intended to buy 3Com for US $2.2 billion. They voluntarily filed a notice with CFIUS.
The companies have withdrawn their request for approval "because CFIUS made clear that it intended to take action to prohibit the proposed transaction," Bain said in a press release.
A CFIUS representative didn't immediately respond to a request for comments.
Bain made several alternative proposals to 3Com that it believed "could have satisfied the concerns raised by CFIUS,” Bain added in the press release. But the two sides were unable to come up with an agreement.
A 3Com spokesman wasn't immediately available to comment. As late as Wednesday, 3Com had announced that it intended to proceed with a shareholder meeting, scheduled for Friday, in which shareholders would decide whether to accept the Bain offer.
Qualcomm can't hold off injunction in Broadcom suit
In the latest of many legal setbacks for Qualcomm, a federal court has turned down the company's request to postpone an injunction against sales of some of its mobile-phone chips.
The injunction was ordered late last year after a lower court found that Qualcomm violated three Broadcom patents. Qualcomm is appealing the case and requested a stay of the injunction while it goes through that process. On Tuesday, the U.S. Court of Appeals for the Federal Circuit, in Washington, D.C., rejected that request. As a result, the injunction is in immediate effect, according to Broadcom, although Qualcomm is allowed to keep selling certain infringing products until Jan. 31, 2009.
Cellular pioneer Qualcomm, based in San Diego, is embroiled in a series of legal disputes with Broadcom, a relative newcomer to the mobile processor market based in nearby Irvine, California. In this case, Broadcom sued Qualcomm in May 2005 in the U.S. District Court for the Central District of California and won the case last May, when a jury awarded it US$19.6 million in damages. The district court judge entered the injunction on Dec. 31.
"We are gratified that the U.S. Court of Appeals rejected Qualcomm's motion for a stay, leaving in force the injunction against Qualcomm's infringement issued by the U.S. District Court in Santa Ana," Broadcom said in a statement attributed to David Dull, senior vice president of business affairs and general counsel.
"Although our motion for a stay was denied, the Federal Circuit has recognized the need for speedy resolution of the many issues raised by the verdict and remedy in this case, and has therefore granted Qualcomm’s motion for an expedited schedule for briefings and oral argument," Qualcomm said in a statement.
According to Broadcom, the three patents cover technology for improved video performance in mobile phones, for accessing more than one network at a time and for "push-to-talk" capability. The push-to-talk technology is used in Qualcomm's QChat, a system Sprint Nextel is counting on to extend the walkie-talkie capability popularized on Nextel's legacy iDEN network to its larger CDMA (Code-Division Multiple Access) service.
Sprint had moved to intervene on Qualcomm's side in the district court but was turned down last August. On Tuesday, the appeals court rejected Sprint's appeal of that decision. The carrier filed its appeal too late, the appeals court said.
The injunction was ordered late last year after a lower court found that Qualcomm violated three Broadcom patents. Qualcomm is appealing the case and requested a stay of the injunction while it goes through that process. On Tuesday, the U.S. Court of Appeals for the Federal Circuit, in Washington, D.C., rejected that request. As a result, the injunction is in immediate effect, according to Broadcom, although Qualcomm is allowed to keep selling certain infringing products until Jan. 31, 2009.
Cellular pioneer Qualcomm, based in San Diego, is embroiled in a series of legal disputes with Broadcom, a relative newcomer to the mobile processor market based in nearby Irvine, California. In this case, Broadcom sued Qualcomm in May 2005 in the U.S. District Court for the Central District of California and won the case last May, when a jury awarded it US$19.6 million in damages. The district court judge entered the injunction on Dec. 31.
"We are gratified that the U.S. Court of Appeals rejected Qualcomm's motion for a stay, leaving in force the injunction against Qualcomm's infringement issued by the U.S. District Court in Santa Ana," Broadcom said in a statement attributed to David Dull, senior vice president of business affairs and general counsel.
"Although our motion for a stay was denied, the Federal Circuit has recognized the need for speedy resolution of the many issues raised by the verdict and remedy in this case, and has therefore granted Qualcomm’s motion for an expedited schedule for briefings and oral argument," Qualcomm said in a statement.
According to Broadcom, the three patents cover technology for improved video performance in mobile phones, for accessing more than one network at a time and for "push-to-talk" capability. The push-to-talk technology is used in Qualcomm's QChat, a system Sprint Nextel is counting on to extend the walkie-talkie capability popularized on Nextel's legacy iDEN network to its larger CDMA (Code-Division Multiple Access) service.
Sprint had moved to intervene on Qualcomm's side in the district court but was turned down last August. On Tuesday, the appeals court rejected Sprint's appeal of that decision. The carrier filed its appeal too late, the appeals court said.
Verizon Wireless wins huge block of 700MHz spectrum
Verizon Wireless has won a nationwide block of spectrum that could be used to create a wireless data network, the U.S. Federal Communications Commission announced Thursday.
Verizon was the winning bidder in the 22MHz band of spectrum called the C block in the FCC's 700MHz auction, which concluded Tuesday. The company bid US$4.7 billion for the spectrum, which covers nearly all of the U.S., while the high bids on the entire 700MHz auction totalled nearly $19.6 billion.
The FCC put so-called open-access provisions on the C block, meaning Verizon must allow outside devices such as mobile handsets from other carriers and must allow users to run outside applications on the network. Verizon originally filed a lawsuit against the FCC's open access rules, but dropped out while trade group the CTIA continued with the lawsuit.
Google, which had expressed interest in the C block, did not win any of the C block licenses.
Verizon said it was "very pleased" with the auction results. "Specifically, we were successful in achieving the spectrum depth we need to continue to grow our business and data revenues, to preserve our reputation as the nation's most reliable wireless network, and to continue to lead in data services and help us satisfy the next wave of services and consumer electronics devices," the company said in a statement.
Among the other winners in the 700MHz auction was AT&T, which won spectrum covering the metropolitan areas of New York, Philadelphia, Detroit, Dallas, Boston, San Francisco, Washington, D.C. and dozens of other large cities. Qualcomm won spectrum covering New York City, Philadelphia, Boston, Los Angeles and other areas.
Public Knowledge and Free Press, groups that had pushed for the open-access rules, gave mixed reactions to the auction's results.
"We are not surprised" at the auction's results, said Art Brodsky, Public Knowledge's spokesman. "We look forward to the company working within the letter and the spirit of the open access policies the commission approved," he added."Perhaps they could even persuade CTIA to drop their court challenge to the auction."
The spectrum auction raised more than the $10 billion budgeted by the U.S. Congress, but failed to provide a public safety network and failed to create a new wireless competitor to cable and telecom-based broadband providers, said Ben Scott, policy director of Free Press.
"The auction also failed to produce a much-needed competitor to the phone and cable giants," Scott said in an e-mail. "Since Verizon -- winner of the C Block -- is already a dominant provider of DSL, the prospect of a genuine third pipe from the wireless world is now slim to none."
On Thursday, the FCC voted to de-link the so-called D block from the rest of the auction results. The D block was a 10MHz block that was to be paired with another 10MHz controlled by public safety agencies, and the winning bidder would have been required to build a nationwide voice and data network to serve both public safety and commercial needs. But the FCC failed to receive its $1.33 billion minimum bid for the D block, with the lone $472 million bid coming from Qualcomm.
The FCC has no plans to immediately re-auction the D block, a spokeswoman said. Instead, the agency "will consider its options for how to license this spectrum in the future," the FCC said in a news release.
Many members of Congress pushed for a public safety network after emergency responders couldn't communicate with each other during the Sept. 11 terrorist attacks and more recent disasters. Police and fire departments in neighboring cities often use different communication devices on different blocks of spectrum.
Many telecom experts see the 700MHz spectrum, which U.S. television stations are required to abandon by February 2009, as optimal for long-range wireless broadband services. Wireless signals in the 700MHz band travel three to four times farther and penetrate obstacles such as buildings more easily than wireless signals in higher spectrum bands.
Other auction winners included Triad 700, a Silicon Valley startup, which won spectrum covering Alaska, Puerto Rico, eastern Maryland and northwestern Pennsylvania. Frontier Wireless, a Colorado-based subsidiary of EchoStar Communications, and Cavalier Wireless, which has bid in past FCC auctions, won several licenses in small cities and rural areas.
Verizon was the winning bidder in the 22MHz band of spectrum called the C block in the FCC's 700MHz auction, which concluded Tuesday. The company bid US$4.7 billion for the spectrum, which covers nearly all of the U.S., while the high bids on the entire 700MHz auction totalled nearly $19.6 billion.
The FCC put so-called open-access provisions on the C block, meaning Verizon must allow outside devices such as mobile handsets from other carriers and must allow users to run outside applications on the network. Verizon originally filed a lawsuit against the FCC's open access rules, but dropped out while trade group the CTIA continued with the lawsuit.
Google, which had expressed interest in the C block, did not win any of the C block licenses.
Verizon said it was "very pleased" with the auction results. "Specifically, we were successful in achieving the spectrum depth we need to continue to grow our business and data revenues, to preserve our reputation as the nation's most reliable wireless network, and to continue to lead in data services and help us satisfy the next wave of services and consumer electronics devices," the company said in a statement.
Among the other winners in the 700MHz auction was AT&T, which won spectrum covering the metropolitan areas of New York, Philadelphia, Detroit, Dallas, Boston, San Francisco, Washington, D.C. and dozens of other large cities. Qualcomm won spectrum covering New York City, Philadelphia, Boston, Los Angeles and other areas.
Public Knowledge and Free Press, groups that had pushed for the open-access rules, gave mixed reactions to the auction's results.
"We are not surprised" at the auction's results, said Art Brodsky, Public Knowledge's spokesman. "We look forward to the company working within the letter and the spirit of the open access policies the commission approved," he added."Perhaps they could even persuade CTIA to drop their court challenge to the auction."
The spectrum auction raised more than the $10 billion budgeted by the U.S. Congress, but failed to provide a public safety network and failed to create a new wireless competitor to cable and telecom-based broadband providers, said Ben Scott, policy director of Free Press.
"The auction also failed to produce a much-needed competitor to the phone and cable giants," Scott said in an e-mail. "Since Verizon -- winner of the C Block -- is already a dominant provider of DSL, the prospect of a genuine third pipe from the wireless world is now slim to none."
On Thursday, the FCC voted to de-link the so-called D block from the rest of the auction results. The D block was a 10MHz block that was to be paired with another 10MHz controlled by public safety agencies, and the winning bidder would have been required to build a nationwide voice and data network to serve both public safety and commercial needs. But the FCC failed to receive its $1.33 billion minimum bid for the D block, with the lone $472 million bid coming from Qualcomm.
The FCC has no plans to immediately re-auction the D block, a spokeswoman said. Instead, the agency "will consider its options for how to license this spectrum in the future," the FCC said in a news release.
Many members of Congress pushed for a public safety network after emergency responders couldn't communicate with each other during the Sept. 11 terrorist attacks and more recent disasters. Police and fire departments in neighboring cities often use different communication devices on different blocks of spectrum.
Many telecom experts see the 700MHz spectrum, which U.S. television stations are required to abandon by February 2009, as optimal for long-range wireless broadband services. Wireless signals in the 700MHz band travel three to four times farther and penetrate obstacles such as buildings more easily than wireless signals in higher spectrum bands.
Other auction winners included Triad 700, a Silicon Valley startup, which won spectrum covering Alaska, Puerto Rico, eastern Maryland and northwestern Pennsylvania. Frontier Wireless, a Colorado-based subsidiary of EchoStar Communications, and Cavalier Wireless, which has bid in past FCC auctions, won several licenses in small cities and rural areas.
Protecting endpoint devices
Small and mid-sized businesses (SMBs) are keenly aware of the need to protect their endpoints from exposure. Endpoint devices that are vital to business operations -- like servers, laptops, and desktops -- are increasingly being targeted by attacks designed to compromise and steal company data. And even as these threats are becoming more sophisticated and targeted toward endpoint devices, end users are demanding increased flexibility and access into the network (remote, VPN, web-based, telecommuting, use of unmanaged devices). When you add regulatory compliance mandates to the equation, SMBs are finding they must scramble to implement, monitor, and enforce controls that protect endpoint devices.
How can SMBs protect themselves and their customers? The following five tips for securing endpoints will help build a strong defense against the increasing stream on attacks and threats:
1. Use layered security: Deploy defense-in-depth strategies for employees and other end users, including an integrated endpoint security solution and security patch updates. Antivirus definitions and intrusion prevention signatures must be updated regularly, and all desktops, laptops, and servers should also be updated with the necessary security patches from the operating system vendor. Consider deploying a personal firewall to help control network traffic to the endpoint device. Also, make sure to enable the security settings on Web browsers and disable file sharing.
Additionally, teach users to develop strong passwords with at least eight characters and a combination of numbers, letters, and special characters. Change all passwords every 45-60 days to make it more difficult for intruders to access your data.
2. Implement a network access control solution: All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorized entry and malicious activity. Ensure that any infected computers are removed from the network and disinfected as soon as possible. Also, create and enforce policies that identify and restrict applications that can access the network.
To ensure they have the latest protection, SMB's should apply operating system and security software updates and patches as soon as they are released and all browsers should be upgraded to the latest versions.
3. Stay informed: Several companies publish reports that help define the threat landscape for SMBs. These reports can be found on the various companys' websites or through online searches. This is a great way to stay informed about the threat landscape so you know what you're up against.
Spam is the leading source of malware entering networks today. Spam not only diminishes productivity, it also puts a strain on storage and bandwidth requirements. Deploy antispam technologies at the mail gateway to proactively protect your environment.
4. Don't forget physical security: There are a number of routine physical security tactics SMB employees can use to help strengthen their companies' security defenses. These include using the screen-locking feature when away from the computer, shutting the computer off when done for the day, locking laptops with a cable, not leaving passwords written down, and being mindful of physical security of PDAs and handheld devices, which are a popular target of thieves.
5. Back up data: For any number of reasons -- disaster, human error, hardware failure, etc. -- your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data offsite. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.
A well-executed endpoint protection strategy provides companies with the confidence that their corporate assets are protected and their business infrastructure is secure. By following these five tips companies can build a strong defense against these sophisticated and targeted attacks.
How can SMBs protect themselves and their customers? The following five tips for securing endpoints will help build a strong defense against the increasing stream on attacks and threats:
1. Use layered security: Deploy defense-in-depth strategies for employees and other end users, including an integrated endpoint security solution and security patch updates. Antivirus definitions and intrusion prevention signatures must be updated regularly, and all desktops, laptops, and servers should also be updated with the necessary security patches from the operating system vendor. Consider deploying a personal firewall to help control network traffic to the endpoint device. Also, make sure to enable the security settings on Web browsers and disable file sharing.
Additionally, teach users to develop strong passwords with at least eight characters and a combination of numbers, letters, and special characters. Change all passwords every 45-60 days to make it more difficult for intruders to access your data.
2. Implement a network access control solution: All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorized entry and malicious activity. Ensure that any infected computers are removed from the network and disinfected as soon as possible. Also, create and enforce policies that identify and restrict applications that can access the network.
To ensure they have the latest protection, SMB's should apply operating system and security software updates and patches as soon as they are released and all browsers should be upgraded to the latest versions.
3. Stay informed: Several companies publish reports that help define the threat landscape for SMBs. These reports can be found on the various companys' websites or through online searches. This is a great way to stay informed about the threat landscape so you know what you're up against.
Spam is the leading source of malware entering networks today. Spam not only diminishes productivity, it also puts a strain on storage and bandwidth requirements. Deploy antispam technologies at the mail gateway to proactively protect your environment.
4. Don't forget physical security: There are a number of routine physical security tactics SMB employees can use to help strengthen their companies' security defenses. These include using the screen-locking feature when away from the computer, shutting the computer off when done for the day, locking laptops with a cable, not leaving passwords written down, and being mindful of physical security of PDAs and handheld devices, which are a popular target of thieves.
5. Back up data: For any number of reasons -- disaster, human error, hardware failure, etc. -- your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data offsite. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.
A well-executed endpoint protection strategy provides companies with the confidence that their corporate assets are protected and their business infrastructure is secure. By following these five tips companies can build a strong defense against these sophisticated and targeted attacks.
Software group files lawsuits against eight eBay sellers
The Software & Information Industry Association (SIIA) has filed eight new lawsuits against eBay-based software sellers, alleging that they are selling counterfeit products.
The lawsuits, announced Thursday, come in addition to nine lawsuits the trade group filed against eBay sellers in February. The SIIA has filed more than 25 lawsuits against eBay sellers in the last two years, and has reached several settlements, said Scott Bain, SIIA's litigation counsel.
The most recent lawsuits were filed in U.S. District Court for the Northern District of California on behalf of Adobe Systems. The lawsuits accuse eBay sellers in Arizona, Texas, Pennsylvania, New Jersey, California, Connecticut and Florida with selling illegal copies of Adobe PhotoShop CS3 and other software.
SIIA officials have said that the trade group has approached eBay about ways to cut down on the sale of counterfeit software, but eBay has rejected the trade group's ideas. The SIIA has asked eBay to end one-day and buy-it-now auctions of software, but eBay has not agreed. EBay has also rejected a SIIA banner advertisement aimed at educating customers, said Keith Kupferschmid, senior vice president of the trade group's antipiracy division.
SIIA has estimated that about 90 percent of software sold on eBay is illegal, Kupferschmid said.
The 17 lawsuits in the last two months represent SIIA's "most aggressive campaign yet" to go after online auction sales of counterfeit software, Bain said. "Unsuspecting consumers and legitimate software sellers pay a steep price when software pirates are allowed to operate freely on auction sites," he added.
EBay has taken steps to limit sales of counterfeit software, said Nichola Sharpe, a company spokeswoman. EBay has put volume restrictions on software sellers, and it has eliminated one-day and most three-day auctions, she said. It also requires sellers to verify themselves through PayPal, and it has had its VERO (Verified Rights Owner) program in place since 1989, she said.
VERO allows rights owners to contact eBay and have items removed from auction listings. There are millions of items sold on eBay, and the auction site can't verify the authenticity of each item, Sharpe said. "We can't be the experts on what's fake or not," she added. "We're not the experts on counterfeits."
When SIIA files lawsuits against an eBay seller, it doesn't typically contact the buyers of the software, although the trade group runs a periodic program where customers who have purchased counterfeit software can turn it in for a rebate, Bain said.
Customers using auction sites to buy software should be wary, he advised. "They need to look at the source ... and look at the price," he said. "If you're paying $100 for $700 Adobe PhotoShop software, the odds are not good that you're getting legitimate software."
The lawsuits, announced Thursday, come in addition to nine lawsuits the trade group filed against eBay sellers in February. The SIIA has filed more than 25 lawsuits against eBay sellers in the last two years, and has reached several settlements, said Scott Bain, SIIA's litigation counsel.
The most recent lawsuits were filed in U.S. District Court for the Northern District of California on behalf of Adobe Systems. The lawsuits accuse eBay sellers in Arizona, Texas, Pennsylvania, New Jersey, California, Connecticut and Florida with selling illegal copies of Adobe PhotoShop CS3 and other software.
SIIA officials have said that the trade group has approached eBay about ways to cut down on the sale of counterfeit software, but eBay has rejected the trade group's ideas. The SIIA has asked eBay to end one-day and buy-it-now auctions of software, but eBay has not agreed. EBay has also rejected a SIIA banner advertisement aimed at educating customers, said Keith Kupferschmid, senior vice president of the trade group's antipiracy division.
SIIA has estimated that about 90 percent of software sold on eBay is illegal, Kupferschmid said.
The 17 lawsuits in the last two months represent SIIA's "most aggressive campaign yet" to go after online auction sales of counterfeit software, Bain said. "Unsuspecting consumers and legitimate software sellers pay a steep price when software pirates are allowed to operate freely on auction sites," he added.
EBay has taken steps to limit sales of counterfeit software, said Nichola Sharpe, a company spokeswoman. EBay has put volume restrictions on software sellers, and it has eliminated one-day and most three-day auctions, she said. It also requires sellers to verify themselves through PayPal, and it has had its VERO (Verified Rights Owner) program in place since 1989, she said.
VERO allows rights owners to contact eBay and have items removed from auction listings. There are millions of items sold on eBay, and the auction site can't verify the authenticity of each item, Sharpe said. "We can't be the experts on what's fake or not," she added. "We're not the experts on counterfeits."
When SIIA files lawsuits against an eBay seller, it doesn't typically contact the buyers of the software, although the trade group runs a periodic program where customers who have purchased counterfeit software can turn it in for a rebate, Bain said.
Customers using auction sites to buy software should be wary, he advised. "They need to look at the source ... and look at the price," he said. "If you're paying $100 for $700 Adobe PhotoShop software, the odds are not good that you're getting legitimate software."
E-voting vendor's Web site hacked
The Web site for a company whose e-voting machines have come under fire from election officials in New Jersey was hacked Thursday morning, according to an computer scientist who was asked to investigate voting-machine discrepancies in the state's primary election.
The "Ballot Blog" portion of the Sequoia Voting Systems Web site had no content early Thursday afternoon Eastern Standard Time (EST), and earlier in the day there were messages on the page that it had been hacked, Princeton computer science professor Edward Felten told the IDG News Service in an e-mail Thursday. Felten, a critic of e-voting systems, had been asked by a group representing New Jersey county clerks to examine Sequoia machines used in a Feb. 5 New Jersey presidential primary election.
In his e-mail, Felten said that around 6:30 a.m. EST, the Ballot Blog, in which Sequoia gave an in-depth explanation of what had gone wrong in New Jersey, had been replaced with a message saying it had been hacked. He said the message named those who were responsible for the hack, but he could not remember what that name was other than "it was a mixture of lower-case letters and numbers."
By mid-morning, the site had been taken offline by its Web-hosting provider and redirected to a hosting-provider page that said the page had been suspended temporarily for maintenance.
"My guess is that the took the site down temporarily while they were clearing out the stuff left behind by the intruder," Felten said.
Eventually, the blog page returned to its normal appearance Thursday afternoon, but there was still no blog content on the site. Sequoia did not respond immediately to requests for comment.
Sequoia has come under scrutiny for discrepancies in the voting tallies generated by approximately 60 of the state's Sequoia Voting Systems AVC Advantage e-voting machines during last month's election. On Wednesday, a group representing clerks from a half-dozen New Jersey counties wrote to State Attorney General Anne Milgram asking her to investigate the problems.
In most cases, the discrepancy involved a one- or two-vote difference between the paper tape logged by the machine and the number of votes stored in the machine's memory cartridges. Sequoia blamed the discrepancy on poll worker error and said the problem could be fixed with a software update, but state clerks requested a third-party investigation.
Last Tuesday, the clerks group asked Felten to examine the Sequoia machines. However, Sequoia threatened legal action against Felten, saying that such a review would violate the company's licensing agreement, so he did not carry out his investigation.
(Robert McMillan in San Francisco contributed to this article.)
The "Ballot Blog" portion of the Sequoia Voting Systems Web site had no content early Thursday afternoon Eastern Standard Time (EST), and earlier in the day there were messages on the page that it had been hacked, Princeton computer science professor Edward Felten told the IDG News Service in an e-mail Thursday. Felten, a critic of e-voting systems, had been asked by a group representing New Jersey county clerks to examine Sequoia machines used in a Feb. 5 New Jersey presidential primary election.
In his e-mail, Felten said that around 6:30 a.m. EST, the Ballot Blog, in which Sequoia gave an in-depth explanation of what had gone wrong in New Jersey, had been replaced with a message saying it had been hacked. He said the message named those who were responsible for the hack, but he could not remember what that name was other than "it was a mixture of lower-case letters and numbers."
By mid-morning, the site had been taken offline by its Web-hosting provider and redirected to a hosting-provider page that said the page had been suspended temporarily for maintenance.
"My guess is that the took the site down temporarily while they were clearing out the stuff left behind by the intruder," Felten said.
Eventually, the blog page returned to its normal appearance Thursday afternoon, but there was still no blog content on the site. Sequoia did not respond immediately to requests for comment.
Sequoia has come under scrutiny for discrepancies in the voting tallies generated by approximately 60 of the state's Sequoia Voting Systems AVC Advantage e-voting machines during last month's election. On Wednesday, a group representing clerks from a half-dozen New Jersey counties wrote to State Attorney General Anne Milgram asking her to investigate the problems.
In most cases, the discrepancy involved a one- or two-vote difference between the paper tape logged by the machine and the number of votes stored in the machine's memory cartridges. Sequoia blamed the discrepancy on poll worker error and said the problem could be fixed with a software update, but state clerks requested a third-party investigation.
Last Tuesday, the clerks group asked Felten to examine the Sequoia machines. However, Sequoia threatened legal action against Felten, saying that such a review would violate the company's licensing agreement, so he did not carry out his investigation.
(Robert McMillan in San Francisco contributed to this article.)
Adobe backtracks on Flash for iPhone
Adobe has poured cold water on its previous claims it will bring Flash support to the iPhone.
Company CEO Shantanu Narayen made the claims when speaking to investors during Adobe's Q1 financial announcement on Tuesday. He indicated that now Apple has introduced the iPhone Software Development Kit, Adobe will develop Flash for the iPhone.
"We believe Flash is synonymous with the internet experience, and we are committed to bringing Flash to the iPhone," Narayen said. "We have evaluated [the software developer tools] and we think we can develop an iPhone Flash player ourselves."
In a follow-up statement, Adobe then warned that this isn't the whole story, pointing out that Apple will need to be involved to bring the software to the device.
"However, to bring the full capabilities of Flash to the iPhone Web-browsing experience, we do need to work with Apple beyond and above what is available through the SDK and the current license around it," the company said.
"We think Flash availability on the iPhone benefits Apple and Adobe's millions of joint customers, so we want to work with Apple to bring these capabilities to the device."
The latest comment casts some doubt on whether Adobe is in the process of building such a player.
Company CEO Shantanu Narayen made the claims when speaking to investors during Adobe's Q1 financial announcement on Tuesday. He indicated that now Apple has introduced the iPhone Software Development Kit, Adobe will develop Flash for the iPhone.
"We believe Flash is synonymous with the internet experience, and we are committed to bringing Flash to the iPhone," Narayen said. "We have evaluated [the software developer tools] and we think we can develop an iPhone Flash player ourselves."
In a follow-up statement, Adobe then warned that this isn't the whole story, pointing out that Apple will need to be involved to bring the software to the device.
"However, to bring the full capabilities of Flash to the iPhone Web-browsing experience, we do need to work with Apple beyond and above what is available through the SDK and the current license around it," the company said.
"We think Flash availability on the iPhone benefits Apple and Adobe's millions of joint customers, so we want to work with Apple to bring these capabilities to the device."
The latest comment casts some doubt on whether Adobe is in the process of building such a player.
Reports: US to name head of new cybersecurity center
Tech entrepreneur and author Rod Beckstrom will be named to run a new National Cyber Security Center at the U.S. Department of Homeland Security, according to news reports.
Beckstrom, founder of Cats Software and co-founder of Twiki.net, a company offering an open-source wiki software system, would head the center, created by U.S. President George Bush in a January directive, according to reports in The Washington Post and The Wall Street Journal. The Bush administration has largely been silent about the cybersecurity center.
In addition to founding a handful of tech companies and nonprofit groups, Beckstrom is co-author of the book, "The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations," which praises the nimbleness of decentralized organizations. Beckstrom has suggested the U.S. government could better fight terrorist groups by taking a more decentralized approach, including using outsourcing and deploying more autonomous special operations units on the battlefield.
Beckstrom would reportedly report directly to DHS Secretary Michael Chertoff. Chertoff, in September 2006, appointed Greg Garcia, the former vice president for information security policy and programs at the Information Technology Association of America, as DHS assistant secretary for cyber security and telecommunications. Garcia reports to a DHS under secretary.
An official announcement about Beckstrom's appointment could come as soon as Thursday.
Beckstrom, founder of Cats Software and co-founder of Twiki.net, a company offering an open-source wiki software system, would head the center, created by U.S. President George Bush in a January directive, according to reports in The Washington Post and The Wall Street Journal. The Bush administration has largely been silent about the cybersecurity center.
In addition to founding a handful of tech companies and nonprofit groups, Beckstrom is co-author of the book, "The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations," which praises the nimbleness of decentralized organizations. Beckstrom has suggested the U.S. government could better fight terrorist groups by taking a more decentralized approach, including using outsourcing and deploying more autonomous special operations units on the battlefield.
Beckstrom would reportedly report directly to DHS Secretary Michael Chertoff. Chertoff, in September 2006, appointed Greg Garcia, the former vice president for information security policy and programs at the Information Technology Association of America, as DHS assistant secretary for cyber security and telecommunications. Garcia reports to a DHS under secretary.
An official announcement about Beckstrom's appointment could come as soon as Thursday.
Sources: AOL close to India call center sale
AOL is close to selling its call center in India to Aegis, a BPO (business process outsourcing) company of India's Essar Group, according to informed sources.
Aegis was one of several companies that bid to acquire the 1,000-staff call center in Bangalore. A formal announcement is expected next week.
An AOL spokesman did not confirm the proposed sale of the call center. Essar dismissed the report as speculative.
The Times of India reported Thursday that an announcement of the deal was likely Friday. By an agreement between AOL and Aegis, AOL will continue to give its call center business to Aegis for the next couple of years, the newspaper said.
Research firm Forrester has forecast that a number of Indian call center and software development subsidiaries of multinational companies will sell out, as it is now more cost-effective for foreign companies to outsource to a service provider than run their own operations.
However, AOL's decision to sell its Indian call center is linked to the company withdrawing from the Internet access business, instead emphasizing its Web-based business, as it needs less staff support, sources said.
The company has already sold some of its call center in other locations, including one in Albuquerque, New Mexico to outsourcer Convergys.
Aegis was one of several companies that bid to acquire the 1,000-staff call center in Bangalore. A formal announcement is expected next week.
An AOL spokesman did not confirm the proposed sale of the call center. Essar dismissed the report as speculative.
The Times of India reported Thursday that an announcement of the deal was likely Friday. By an agreement between AOL and Aegis, AOL will continue to give its call center business to Aegis for the next couple of years, the newspaper said.
Research firm Forrester has forecast that a number of Indian call center and software development subsidiaries of multinational companies will sell out, as it is now more cost-effective for foreign companies to outsource to a service provider than run their own operations.
However, AOL's decision to sell its Indian call center is linked to the company withdrawing from the Internet access business, instead emphasizing its Web-based business, as it needs less staff support, sources said.
The company has already sold some of its call center in other locations, including one in Albuquerque, New Mexico to outsourcer Convergys.
Foundry chip makers face more cutbacks
Flash memory giant Spansion on Wednesday announced it will reduce orders to contract chip makers by US$50 million per quarter in the first half of 2008 due to new production technology at its own factories. But the order changes couldn't come at a worse time for manufacturers because other companies are cutting back as well.
Contract chip makers (foundries) such as Taiwan Semiconductor Manufacturing (TSMC) and United Microelectronics (UMC) make money by producing chips on behalf of clients such as Spansion and Texas Instruments (TI). TSMC is Spansion's main foundry partner through a joint chip development agreement, and is also one of TI's foundry partners.
"We remain fully committed to our agreement with Spansion," said JH Tzeng, a spokesman for TSMC. He declined to comment on possible order cuts to his company.
The global technology industry faces the prospect of slower consumer demand this year due to U.S. economy woes. Many economists have already pronounced the U.S. in a recession as a result of problems in home loans and financial industries, and many fear those woes will spill over into consumer spending on gadgets.
The mobile phone industry has already taken a hit.
Last week, TI indicated it will cut orders to contract chip makers in response to declining orders for chips used in high-end mobile phones. TI lowered its sales and net profit forecasts for the first quarter due to the problems.
Sony Ericsson followed TI's handset warning by Wednesday saying it sees slowing market growth for mid-to-high end mobile phone sales in Europe, a sign there might be more pain for handsets and, ultimately, for chip makers. Sony Ericsson reduced its sales forecast for the first quarter, which ends March 31, to below that of the first quarter last year.
Spansion faces falling prices for its chips on global markets. The flash memory business has faltered this year amid a chip glut that has sent prices tumbling.
The price of mainstream 4G bit NAND flash chips has fallen 33 percent so far this year to US$4.06 Thursday, according to DRAMeXchange Technology, which runs an online memory chip market.
The company's increased manufacturing efficiency should help bolster its finances, but the memory chip business remains tough. Spansion's stock, which trades on the NASDAQ exchange, has fallen 37 percent so far this year to close at US$2.47 Wednesday.
One hope for foundry chip makers such as TSMC is that any reductions in chip orders by one company may be made up in increased orders by other chip companies. Qualcomm, for example, reiterated its first quarter guidance at a meeting last week. The company usurped TI's position as the world's largest mobile phone chip maker last year. Qualcomm also taps TSMC and other foundries for chip making services.
Contract chip makers (foundries) such as Taiwan Semiconductor Manufacturing (TSMC) and United Microelectronics (UMC) make money by producing chips on behalf of clients such as Spansion and Texas Instruments (TI). TSMC is Spansion's main foundry partner through a joint chip development agreement, and is also one of TI's foundry partners.
"We remain fully committed to our agreement with Spansion," said JH Tzeng, a spokesman for TSMC. He declined to comment on possible order cuts to his company.
The global technology industry faces the prospect of slower consumer demand this year due to U.S. economy woes. Many economists have already pronounced the U.S. in a recession as a result of problems in home loans and financial industries, and many fear those woes will spill over into consumer spending on gadgets.
The mobile phone industry has already taken a hit.
Last week, TI indicated it will cut orders to contract chip makers in response to declining orders for chips used in high-end mobile phones. TI lowered its sales and net profit forecasts for the first quarter due to the problems.
Sony Ericsson followed TI's handset warning by Wednesday saying it sees slowing market growth for mid-to-high end mobile phone sales in Europe, a sign there might be more pain for handsets and, ultimately, for chip makers. Sony Ericsson reduced its sales forecast for the first quarter, which ends March 31, to below that of the first quarter last year.
Spansion faces falling prices for its chips on global markets. The flash memory business has faltered this year amid a chip glut that has sent prices tumbling.
The price of mainstream 4G bit NAND flash chips has fallen 33 percent so far this year to US$4.06 Thursday, according to DRAMeXchange Technology, which runs an online memory chip market.
The company's increased manufacturing efficiency should help bolster its finances, but the memory chip business remains tough. Spansion's stock, which trades on the NASDAQ exchange, has fallen 37 percent so far this year to close at US$2.47 Wednesday.
One hope for foundry chip makers such as TSMC is that any reductions in chip orders by one company may be made up in increased orders by other chip companies. Qualcomm, for example, reiterated its first quarter guidance at a meeting last week. The company usurped TI's position as the world's largest mobile phone chip maker last year. Qualcomm also taps TSMC and other foundries for chip making services.
Google's U.S. search share up, Yahoo and Microsoft down
Google continued to increase its share of the U.S. search market in February, widening the gap that Microsoft hopes to fill by buying Yahoo.
In February, Google's share of core searches by U.S. Internet users rose to 59.2 percent, up from 58.5 percent in January, according to figures from market research company comScore.
During the same period, Yahoo's share slipped to 21.6 percent, from 22.2 percent a month earlier, while Microsoft's share slipped to 9.6 percent from 9.8 percent. AOL is clinging to a 4.9 percent share, while Ask saw its share rise slightly to 4.6 percent from 4.5 percent in January. Comscore excludes mapping, local directory and video sharing sites off the core domain from its search.
Worldwide, the number three search engine is China's Baidu.com, behind Google and Yahoo but ahead of Microsoft's MSN-Windows Live properties, according to comScore.
Microsoft's US$44.6 billion offer for Yahoo is not just about bolstering its share of the search market: Microsoft wants to strengthen its position against Google in a broader range of online services including advertising, not all of which is search-based.
The reach of the companies' advertising networks is far broader than the audience for their home pages. In February, 90 percent of U.S. Internet users saw a page served by advertising network Platform A, and 88 percent a page from advertising.com, both of which are operated by AOL, even though only 49 percent of surfers visited an AOL.com page, according to comScore.
Likewise, pages from Yahoo's advertising network were seen by 85 percent of U.S. surfers in February, while only 51 percent visited the Yahoo.com home page. Google's advertising network snared 79 percent of U.S. surfers, while Google's site was visited by 69 percent. Only 31 percent visited the MSN.com home page, with 56 percent visiting MSN or other Windows Live services, comScore said.
In February, Google's share of core searches by U.S. Internet users rose to 59.2 percent, up from 58.5 percent in January, according to figures from market research company comScore.
During the same period, Yahoo's share slipped to 21.6 percent, from 22.2 percent a month earlier, while Microsoft's share slipped to 9.6 percent from 9.8 percent. AOL is clinging to a 4.9 percent share, while Ask saw its share rise slightly to 4.6 percent from 4.5 percent in January. Comscore excludes mapping, local directory and video sharing sites off the core domain from its search.
Worldwide, the number three search engine is China's Baidu.com, behind Google and Yahoo but ahead of Microsoft's MSN-Windows Live properties, according to comScore.
Microsoft's US$44.6 billion offer for Yahoo is not just about bolstering its share of the search market: Microsoft wants to strengthen its position against Google in a broader range of online services including advertising, not all of which is search-based.
The reach of the companies' advertising networks is far broader than the audience for their home pages. In February, 90 percent of U.S. Internet users saw a page served by advertising network Platform A, and 88 percent a page from advertising.com, both of which are operated by AOL, even though only 49 percent of surfers visited an AOL.com page, according to comScore.
Likewise, pages from Yahoo's advertising network were seen by 85 percent of U.S. surfers in February, while only 51 percent visited the Yahoo.com home page. Google's advertising network snared 79 percent of U.S. surfers, while Google's site was visited by 69 percent. Only 31 percent visited the MSN.com home page, with 56 percent visiting MSN or other Windows Live services, comScore said.
Hacker pleads guilty to computer fraud for adware
A 21-year-old could face up to 10 years in prison in the U.S. after pleading guilty to installing advertising software on PCs located around Europe without permission.
Robert Matthew Bentley, of Panama City, Florida, is scheduled for sentencing May 28 in U.S. District Court for the Northern District of Florida. He could also face a fine of up to US$250,000.
Bentley's plea culminates a wide-ranging international investigation that started with London's Metropolitan Police Computer Crime Unit in December 2006, according to an FBI news release.
Around that time, U.S.-based Newell Rubbermaid, whose products include Sharpie markers and plastic food-storage containers, reported their European computer network had been hacked. One other European-based company also complained.
That launched a law enforcement effort called "Bot Roast II" that included the U.S. Secret Service, the Federal Bureau of Investigation, the Finland National Bureau of Investigation and other local U.S. agencies.
Bentley was indicted by a federal grand jury in November last year for computer fraud and conspiracy to commit computer fraud. He and others infected hundreds of computer in Europe with advertising software, or adware, using botnets, which are networks of hacked computers. His botnet was located within Newell Rubbermaid's network.
Once a computer is hacked, it can be used to accomplish other malicious actions, such as sending spam or attacking other computers via software vulnerabilities. Because of the global nature of the Internet, the attacks can be very difficult for law enforcement to trace, as the investigations are time-consuming and technical.
Many countries have computer crime or fraud laws that forbid installing software through deceptive means. Advertising software companies pay Web site publishers if their software is downloaded. But hackers have also used tricky means to put adware on computers without the user knowing it in order to make money. In many cases, the adware is difficult or nearly impossible to completely remove from a PC.
Bentley installed adware called DollarRevenue, which causes unwanted pop-up advertisements to appear on a machine, the FBI said.
Last December, Dutch authorities fined two companies behind DollarRevenue €1 million (US$1.54 million) one of the largest fines ever levied in Europe for adware operations. Hackers were paid €0.15 each for installation of DollarRevenue on European computers and $0.25 for PCs in the U.S.
Robert Matthew Bentley, of Panama City, Florida, is scheduled for sentencing May 28 in U.S. District Court for the Northern District of Florida. He could also face a fine of up to US$250,000.
Bentley's plea culminates a wide-ranging international investigation that started with London's Metropolitan Police Computer Crime Unit in December 2006, according to an FBI news release.
Around that time, U.S.-based Newell Rubbermaid, whose products include Sharpie markers and plastic food-storage containers, reported their European computer network had been hacked. One other European-based company also complained.
That launched a law enforcement effort called "Bot Roast II" that included the U.S. Secret Service, the Federal Bureau of Investigation, the Finland National Bureau of Investigation and other local U.S. agencies.
Bentley was indicted by a federal grand jury in November last year for computer fraud and conspiracy to commit computer fraud. He and others infected hundreds of computer in Europe with advertising software, or adware, using botnets, which are networks of hacked computers. His botnet was located within Newell Rubbermaid's network.
Once a computer is hacked, it can be used to accomplish other malicious actions, such as sending spam or attacking other computers via software vulnerabilities. Because of the global nature of the Internet, the attacks can be very difficult for law enforcement to trace, as the investigations are time-consuming and technical.
Many countries have computer crime or fraud laws that forbid installing software through deceptive means. Advertising software companies pay Web site publishers if their software is downloaded. But hackers have also used tricky means to put adware on computers without the user knowing it in order to make money. In many cases, the adware is difficult or nearly impossible to completely remove from a PC.
Bentley installed adware called DollarRevenue, which causes unwanted pop-up advertisements to appear on a machine, the FBI said.
Last December, Dutch authorities fined two companies behind DollarRevenue €1 million (US$1.54 million) one of the largest fines ever levied in Europe for adware operations. Hackers were paid €0.15 each for installation of DollarRevenue on European computers and $0.25 for PCs in the U.S.
Intel offers Classmate PC to vendors in developed countries
Intel's Classmate PC isn't just for students in emerging markets anymore. The low-cost laptop will be made available to companies that want to sell it to consumers in developed countries, an Intel executive said Wednesday.
"During the last quarter, we have seen tremendous interest in the Classmate PC from customers outside education," said Tom Rampone, an Intel vice president and general manager of the company's Channel Platforms Group, adding that Asustek Computer's Eee PC helped stoke wider interest in low-cost laptops.
Originally designed for schools in emerging markets where computer access is rare, the Classmate PC uses a low-power version of the Celeron M processor and a 7-inch screen. Intel is working on a second version of the Classmate PC, earlier revealing plans to use its upcoming Atom processor in the new laptop. Detailed specifications of the device have yet to be revealed.
Intel sees the Classmate PC as just one of a range of low-cost laptops now being developed that the chip maker and others call "netbooks." These laptops are generally expected to cost between US$250 and $300, depending on how they are configured, when they hit the market later this year.
The move to expand the availability of Classmate PC to PC vendors in developed markets follows a push to make the Classmate PC more widely available to consumers in emerging markets. For example, HCL Infosystems of India announced a laptop, called MiLeap X, earlier this year that is based on the Classmate PC design but marketed as a low-cost computer for consumers and businessmen instead of students.
The second version of the Classmate PC will be available to PC vendors in a range of configurations, but will retain the same basic design when sold by different vendors, Rampone said. In addition to versions for consumers, running either Linux or Windows, the laptop will be available in configurations, complete with educational software, aimed at schools in developed countries, he said.
"During the last quarter, we have seen tremendous interest in the Classmate PC from customers outside education," said Tom Rampone, an Intel vice president and general manager of the company's Channel Platforms Group, adding that Asustek Computer's Eee PC helped stoke wider interest in low-cost laptops.
Originally designed for schools in emerging markets where computer access is rare, the Classmate PC uses a low-power version of the Celeron M processor and a 7-inch screen. Intel is working on a second version of the Classmate PC, earlier revealing plans to use its upcoming Atom processor in the new laptop. Detailed specifications of the device have yet to be revealed.
Intel sees the Classmate PC as just one of a range of low-cost laptops now being developed that the chip maker and others call "netbooks." These laptops are generally expected to cost between US$250 and $300, depending on how they are configured, when they hit the market later this year.
The move to expand the availability of Classmate PC to PC vendors in developed markets follows a push to make the Classmate PC more widely available to consumers in emerging markets. For example, HCL Infosystems of India announced a laptop, called MiLeap X, earlier this year that is based on the Classmate PC design but marketed as a low-cost computer for consumers and businessmen instead of students.
The second version of the Classmate PC will be available to PC vendors in a range of configurations, but will retain the same basic design when sold by different vendors, Rampone said. In addition to versions for consumers, running either Linux or Windows, the laptop will be available in configurations, complete with educational software, aimed at schools in developed countries, he said.
Red Hat open-sources security framework
Red Hat has open-sourced its identity-management and security system to promote its assertion that open-source software provides the most secure infrastructure.
The Linux vendor said Wednesday it has released the entire source code for the Red Hat Certificate System, its security framework for managing user identities and transactions on a network. Red Hat acquired the system from AOL three years ago, but only parts of the system, which uses the Apache Web server and the Red Hat Directory Server, were open source.
According to a blog post by Red Hat's security team, the move "further demonstrates Red Hat’s belief that the open source development model creates more secure software." In addition to offering the Red Hat Certificate System to users of its Red Hat Enterprise Linux product, the company also uses it internally.
The team said now that the system is open source, it will be easier for developers to integrate the technology with other security- and network management-related projects from Red Hat.
One of those is the freeIPA project, which provides central management of identity, policy and auditing for Unix and Linux using open-source and open-standards technologies. According to Red Hat, by integrating technology from the certificate system, the freeIPA project eventually will offer central management and provisioning for machine and service digital certificates.
Red Hat is best known for its Linux distribution, but has been working steadily for several years to broaden its open-source portfolio beyond the OS. New CEO Jim Whitehurst said recently that the company, more than ever, needs to demonstrate more support for the open-source community outside of Linux and visibly promote the continued adoption of open-source software among businesses. Whitehurst took over CEO duties from longtime Red Hat leader Matthew Szulik in January.
The Linux vendor said Wednesday it has released the entire source code for the Red Hat Certificate System, its security framework for managing user identities and transactions on a network. Red Hat acquired the system from AOL three years ago, but only parts of the system, which uses the Apache Web server and the Red Hat Directory Server, were open source.
According to a blog post by Red Hat's security team, the move "further demonstrates Red Hat’s belief that the open source development model creates more secure software." In addition to offering the Red Hat Certificate System to users of its Red Hat Enterprise Linux product, the company also uses it internally.
The team said now that the system is open source, it will be easier for developers to integrate the technology with other security- and network management-related projects from Red Hat.
One of those is the freeIPA project, which provides central management of identity, policy and auditing for Unix and Linux using open-source and open-standards technologies. According to Red Hat, by integrating technology from the certificate system, the freeIPA project eventually will offer central management and provisioning for machine and service digital certificates.
Red Hat is best known for its Linux distribution, but has been working steadily for several years to broaden its open-source portfolio beyond the OS. New CEO Jim Whitehurst said recently that the company, more than ever, needs to demonstrate more support for the open-source community outside of Linux and visibly promote the continued adoption of open-source software among businesses. Whitehurst took over CEO duties from longtime Red Hat leader Matthew Szulik in January.
HTC names Google phone, 'Dream'
The mobile phone High Tech Computer (HTC) has been developing to run on the Android software from Google will be called "Dream," have a large touchscreen and full QWERTY keypad, a person close to the situation said Thursday.
HTC may become the first handset maker in the world to put out a mobile phone developed around Android, but it faces stiff competition from Samsung, a separate source said. Samsung has stepped up its effort to put out a Google phone, the person said.
HTC's Google handset is just over 5-inches long and 3-inches wide, with a keypad underneath the screen that either slides out or swivels out. The aim of the keypad is for easy e-mail, note-taking and writing Web addresses.
Internet navigational controls are situated below the screen on the handset.
The handset will likely hit the market near the end of this year, the person said.
The company officially remained mum on the handset.
"We cannot comment on this product," said Maggie Cheng, an HTC representative.
Last November, HTC became the first company to admit to developing a mobile phone based on Android, although Samsung, Motorola and other handset developers are part of the group dedicated to furthering the software, the Open Handset Alliance.
Android, an open source software platform that includes an OS, is designed to take advantage of Internet services for mobility. The software could become a potent new rival to Windows Mobile and other handset operating systems. At the launch ceremony, Google announced that over 30 companies had joined the Open Handset Alliance.
HTC may become the first handset maker in the world to put out a mobile phone developed around Android, but it faces stiff competition from Samsung, a separate source said. Samsung has stepped up its effort to put out a Google phone, the person said.
HTC's Google handset is just over 5-inches long and 3-inches wide, with a keypad underneath the screen that either slides out or swivels out. The aim of the keypad is for easy e-mail, note-taking and writing Web addresses.
Internet navigational controls are situated below the screen on the handset.
The handset will likely hit the market near the end of this year, the person said.
The company officially remained mum on the handset.
"We cannot comment on this product," said Maggie Cheng, an HTC representative.
Last November, HTC became the first company to admit to developing a mobile phone based on Android, although Samsung, Motorola and other handset developers are part of the group dedicated to furthering the software, the Open Handset Alliance.
Android, an open source software platform that includes an OS, is designed to take advantage of Internet services for mobility. The software could become a potent new rival to Windows Mobile and other handset operating systems. At the launch ceremony, Google announced that over 30 companies had joined the Open Handset Alliance.
Best Buy offers gift cards to HD DVD buyers
Best Buy said Wednesday it will offer US$50 gift cards to U.S. consumers who bought HD DVD players and accessories, a month after the retailer abandoned HD DVD to push the rival format, Blu-ray Disc.
The gift card will be available starting March 21 to consumers who bought HD DVD players or accessories before Feb. 23, Best Buy said. The gift card can be used to make in-store or online purchases from the retailer.
Best Buy expects to distribute more than $10 million in gift cards to U.S. customers, the company said.
The offer comes after Toshiba and movie studios abandoned the HD DVD format, conceding to Sony's Blu-Ray Disc format. Video rental companies like Netflix and Blockbuster and major electronics vendors including Wal-Mart and Circuit City have already abandoned HD DVD, expressing preference to distribute Blu-ray Disc products.
"The DVD format war has divided our customers in a way we haven't seen since Betamax took on VHS more than 20 years ago," said Brian J. Dunn, president and chief operating officer for Best Buy, in a statement.
Best Buy will mail cards to customers that purchased HD DVD players, the company said. The company may not be able to identify all customers, but a user can call Best Buy with a proof of purchase.
Owners of Toshiba HD DVD player models including the HD-A1, HD-A2, HD-A20, HD-XA2, HD-A3, HD-A30 and HD-A35 qualify for the offer. Users who purchased the Microsoft Xbox 360 HD DVD player accessory model 9Z5-00013 also qualify for the offer, according to Best Buy.
The offer does not extend to HD DVD-equipped computers and laptops, or "the so-called 'dual-format' or 'universal' high-definition disc player models designed to play both Blu-ray Disc and HD DVD media," Best Buy said.
Best Buy will also allow customers to trade in their HD DVD players at Best Buy's Online Trade-In Center.
The gift card will be available starting March 21 to consumers who bought HD DVD players or accessories before Feb. 23, Best Buy said. The gift card can be used to make in-store or online purchases from the retailer.
Best Buy expects to distribute more than $10 million in gift cards to U.S. customers, the company said.
The offer comes after Toshiba and movie studios abandoned the HD DVD format, conceding to Sony's Blu-Ray Disc format. Video rental companies like Netflix and Blockbuster and major electronics vendors including Wal-Mart and Circuit City have already abandoned HD DVD, expressing preference to distribute Blu-ray Disc products.
"The DVD format war has divided our customers in a way we haven't seen since Betamax took on VHS more than 20 years ago," said Brian J. Dunn, president and chief operating officer for Best Buy, in a statement.
Best Buy will mail cards to customers that purchased HD DVD players, the company said. The company may not be able to identify all customers, but a user can call Best Buy with a proof of purchase.
Owners of Toshiba HD DVD player models including the HD-A1, HD-A2, HD-A20, HD-XA2, HD-A3, HD-A30 and HD-A35 qualify for the offer. Users who purchased the Microsoft Xbox 360 HD DVD player accessory model 9Z5-00013 also qualify for the offer, according to Best Buy.
The offer does not extend to HD DVD-equipped computers and laptops, or "the so-called 'dual-format' or 'universal' high-definition disc player models designed to play both Blu-ray Disc and HD DVD media," Best Buy said.
Best Buy will also allow customers to trade in their HD DVD players at Best Buy's Online Trade-In Center.
Subscribe to:
Posts (Atom)