It looks as if Vista's reputation for improved security could be heading for the pages of history. PC Tools has renewed last week's attack on the platform with new figures that appear to back up its claim that Vista is almost as vulnerable as its predecessors.
According to analysis from the Australian company's ThreatFire user base, 58,000 PCs running Vista were compromised by at least one piece of malware over the six months to May 2008, equivalent to 27 percent of all Vista machines probed. Vista made up 12.6 percent, or 190,692, of the 1,513,502 machines running Windows in the user base.
In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to.
Only a week ago, PC Tools revealed that Vista was as likely to be hit with software vulnerabilities as Windows 2000, a claim that was denied by a Microsoft staffer in a blog.
The problem with the figures given in all cases is that it is still hard to make direct - and therefore meaningful - comparisons. As PC Tools makes clear, that malware was detected did not mean harm had been done, simply that Vista's own security had in some way been circumvented to the degree that its ThreatFire tool stepped in.
"It is important to highlight that all systems used in the research pool were at the very least running PC Tool's ThreatFire and that because the technology is behavioral-based, the data refers to threats that actually executed and triggered our behavioral detection on the client machine", said PC Tools' CEO, Simon Clausen, before aiming a kick at Microsoft's own security software.
"Furthermore, in response to alternative research from Microsoft's Malicious Software Removal Tool, PC Tools highlights that the MSRT is not a comprehensive anti-virus scanner, but a malware removal tool for a limited range of "specific, prevalent malicious software."
An obvious objection to this is that any operating system will suffer a degree of malware compromise, which could be traced back to a variety of issues including user behavior. The acid test for Vista will be its ability to resist serious attacks over the longer term, something it has so far managed to do. However, the figures do suggest that malware writers are mastering the OS, a possible sign of trouble to come
PC Tools has publicized details of some of the malware types it has found on Vista systems during its scans, including three pages of variants based on Trojan.Agent, a few of which were described as serious.
At time of writing, Microsoft had not responded to PC Tools' allegations.
Monday, May 19, 2008
SEC goes after eight former AOL executives in fraud case
The U.S. Securities and Exchange Commission on Monday filed a lawsuit against four former AOL Time Warner executives, charging them with falsely boosting the company's advertising revenue by US$1 billion. In addition, four other former AOL executives settled with the SEC on related fraud charges, agreeing to pay hundreds of thousands of dollars each in penalties.
The SEC filed the charge on Monday in the U.S. District Court for the Southern District of New York against John Michael Kelly, former chief financial officer of AOL Time Warner; Steven E. Rindner, former senior executive in the company's Business Affairs unit; Joseph A. Ripp, former chief financial officer of the company's AOL division; and Mark Wovsaniker, former head of accounting policy. The executives, according to the SEC, essentially funded AOL's own advertising revenue by giving companies money to buy online advertising.
AOL conducted the "round-trip" funding in several ways, the SEC says. For example, in some cases it would pay inflated prices for goods or services in exchange for the vendor purchasing advertising in the amount that AOL overpaid. AOL also paid more for businesses it purchased so that the seller would then buy advertising, the SEC alleges.
The scheme boosted the company's advertising revenue by more than $1 billion, the SEC says. The SEC is asking that the executives return ill-gotten gains, pay civil penalties and be barred from serving as company officers or directors. The SEC is also charging Kelly and Wovsaniker with misleading the company's external auditor about the transactions.
The AOL executives engineered the fraudulent practices in order to boost the company's advertising performance in a struggling market, the SEC said. "In mid-2000 ... AOL faced a growing crisis with regard to its advertising revenue as the market for online advertising began shrinking," the suit reads. "Kelly insisted that AOL achieve the revenue targets that he and others in AOL's executive offices had set in 2000."
In addition to that complaint, the SEC has settled a suit against former AOL Time Warner executives for their involvement in the same scheme. The executives who settled include David M. Colburn, former head of the Business Affairs unit; Eric L. Keller, former senior manager in the Business Affairs unit; James F. MacGuidwin, former controller; and Jay B. Rappaport, former senior manager in the Business Affairs unit. Colburn agreed to pay disgorgement and prejudgment interest of about $3.2 million and a penalty of $750,000; MacGuidwin will pay disgorgement and prejudgment interest of $2.1 million and a penalty of $300,000; Rappaport agreed to pay disgorgement and prejudgment interest of $493,629 and a penalty of $250,000; and Keller will pay disgorgement and prejudgment interest of $699,868 and a penalty of $250,000.
In addition, Colburn and MacGuidwin agreed not to serve as officers or directors of a public company for 10 years and seven years, respectively.
The fraudulent filings occurred between 2000 and at least 2003, and the company has since restated its earnings for those periods, the SEC said.
AOL has been struggling as it shifts its business from one that was primarily built on monthly dial-up subscription charges to one based on advertising-supported online content.
AOL did not reply immediately to a request for comment on the suits.
The SEC filed the charge on Monday in the U.S. District Court for the Southern District of New York against John Michael Kelly, former chief financial officer of AOL Time Warner; Steven E. Rindner, former senior executive in the company's Business Affairs unit; Joseph A. Ripp, former chief financial officer of the company's AOL division; and Mark Wovsaniker, former head of accounting policy. The executives, according to the SEC, essentially funded AOL's own advertising revenue by giving companies money to buy online advertising.
AOL conducted the "round-trip" funding in several ways, the SEC says. For example, in some cases it would pay inflated prices for goods or services in exchange for the vendor purchasing advertising in the amount that AOL overpaid. AOL also paid more for businesses it purchased so that the seller would then buy advertising, the SEC alleges.
The scheme boosted the company's advertising revenue by more than $1 billion, the SEC says. The SEC is asking that the executives return ill-gotten gains, pay civil penalties and be barred from serving as company officers or directors. The SEC is also charging Kelly and Wovsaniker with misleading the company's external auditor about the transactions.
The AOL executives engineered the fraudulent practices in order to boost the company's advertising performance in a struggling market, the SEC said. "In mid-2000 ... AOL faced a growing crisis with regard to its advertising revenue as the market for online advertising began shrinking," the suit reads. "Kelly insisted that AOL achieve the revenue targets that he and others in AOL's executive offices had set in 2000."
In addition to that complaint, the SEC has settled a suit against former AOL Time Warner executives for their involvement in the same scheme. The executives who settled include David M. Colburn, former head of the Business Affairs unit; Eric L. Keller, former senior manager in the Business Affairs unit; James F. MacGuidwin, former controller; and Jay B. Rappaport, former senior manager in the Business Affairs unit. Colburn agreed to pay disgorgement and prejudgment interest of about $3.2 million and a penalty of $750,000; MacGuidwin will pay disgorgement and prejudgment interest of $2.1 million and a penalty of $300,000; Rappaport agreed to pay disgorgement and prejudgment interest of $493,629 and a penalty of $250,000; and Keller will pay disgorgement and prejudgment interest of $699,868 and a penalty of $250,000.
In addition, Colburn and MacGuidwin agreed not to serve as officers or directors of a public company for 10 years and seven years, respectively.
The fraudulent filings occurred between 2000 and at least 2003, and the company has since restated its earnings for those periods, the SEC said.
AOL has been struggling as it shifts its business from one that was primarily built on monthly dial-up subscription charges to one based on advertising-supported online content.
AOL did not reply immediately to a request for comment on the suits.
McAfee anti-fraud researcher charged with fraud
One of the researchers behind ScanAlert, the "Hacker Safe" certification company McAfee recently acquired, is facing fraud charges in Indiana.
Brett Oliphant, whose title had been vice president of security services before the Napa, California, company was acquired by McAfee in January, is facing 11 counts of securities fraud in transactions that allegedly brought in more than US$1.215 million.
Oliphant and his brother Bryan were charged in December. Their trial is set for Nov. 18 at the Elkhart County Superior Court in Indiana.
ScanAlert built technology for auditing and then certifying Web sites as "Hacker Safe." McAfee paid $54.9 million for the company in January and has since renamed the certification service "McAfee Safe."
The Hacker Safe and McAfee Safe marks are designed to reassure potential customers that the Web site they are visiting has been tested for vulnerabilities and is unlikely to have been hacked by online fraudsters.
Oliphant's arrest was not widely known until blogger Ronald van den Heetkamp posted news of it on Monday. Van den Heetkamp has been critical of McAfee's certification service in the past.
The ScanAlert vice president had led the development of his company's vulnerability scanning technology and managed the company's research division.
A McAfee spokesman declined to comment on the matter or confirm whether Oliphant was still with the company. "McAfee does not comment on the private affairs of others, legal or otherwise," he said in an instant message.
Brett Oliphant, whose title had been vice president of security services before the Napa, California, company was acquired by McAfee in January, is facing 11 counts of securities fraud in transactions that allegedly brought in more than US$1.215 million.
Oliphant and his brother Bryan were charged in December. Their trial is set for Nov. 18 at the Elkhart County Superior Court in Indiana.
ScanAlert built technology for auditing and then certifying Web sites as "Hacker Safe." McAfee paid $54.9 million for the company in January and has since renamed the certification service "McAfee Safe."
The Hacker Safe and McAfee Safe marks are designed to reassure potential customers that the Web site they are visiting has been tested for vulnerabilities and is unlikely to have been hacked by online fraudsters.
Oliphant's arrest was not widely known until blogger Ronald van den Heetkamp posted news of it on Monday. Van den Heetkamp has been critical of McAfee's certification service in the past.
The ScanAlert vice president had led the development of his company's vulnerability scanning technology and managed the company's research division.
A McAfee spokesman declined to comment on the matter or confirm whether Oliphant was still with the company. "McAfee does not comment on the private affairs of others, legal or otherwise," he said in an instant message.
Users report more trouble with Windows XP SP3
The latest service pack for Windows XP continues to cause problems for users. According to an online user forum, the latest glitch in Windows XP Service Pack 3 (SP3) causes problems with the remote desktop access feature of Windows Home Server.
On the We Got Served U.K.-based Windows user forum, Windows XP users running Windows Home Server, Microsoft's home storage and local networking server, report that SP3 is cutting off their access to the server from their PCs. The remote desktop access feature would ask users to add their home server's Web site address in order to access it even after they already had, users reported.
According to a user on Microsoft's Windows Home Server forum, the problem arose because Windows XP SP3 by default disables Terminal Services Active X control as part of its security model. The user, ColinWH, posted a fix for the problem that outlines how to enable the Terminal Services ActiveX control in Internet Explorer.
The Windows Home Server problem is not the first that users -- or Microsoft -- have had with the latest XP service pack. Scheduled for release on April 29, Windows XP SP3 was held up for a week by Microsoft because of incompatibilities between the service pack and one of Microsoft's own applications, retail chain management software called Microsoft Dynamics RMS. The problem even affected the Windows Vista Service Pack 1 set of updates.
Then, after the service pack's release on May 6, users reported that XP SP3 put some AMD-based PCs into endless reboots. Eventually, the problem was identified as affecting certain Hewlett-Packard PCs, and Microsoft posted information for fixing it on the Web.
Microsoft could not be immediately reached for comment on Monday.
On the We Got Served U.K.-based Windows user forum, Windows XP users running Windows Home Server, Microsoft's home storage and local networking server, report that SP3 is cutting off their access to the server from their PCs. The remote desktop access feature would ask users to add their home server's Web site address in order to access it even after they already had, users reported.
According to a user on Microsoft's Windows Home Server forum, the problem arose because Windows XP SP3 by default disables Terminal Services Active X control as part of its security model. The user, ColinWH, posted a fix for the problem that outlines how to enable the Terminal Services ActiveX control in Internet Explorer.
The Windows Home Server problem is not the first that users -- or Microsoft -- have had with the latest XP service pack. Scheduled for release on April 29, Windows XP SP3 was held up for a week by Microsoft because of incompatibilities between the service pack and one of Microsoft's own applications, retail chain management software called Microsoft Dynamics RMS. The problem even affected the Windows Vista Service Pack 1 set of updates.
Then, after the service pack's release on May 6, users reported that XP SP3 put some AMD-based PCs into endless reboots. Eventually, the problem was identified as affecting certain Hewlett-Packard PCs, and Microsoft posted information for fixing it on the Web.
Microsoft could not be immediately reached for comment on Monday.
Network management SaaS provider pushing into U.S.
Paul Beliveau, the network solutions architect for Cambridge, Mass.-based Biogen, recalls coming into work one day in 2006 only to discover that one of the biotechnology company's networks was being clogged by World Cup soccer.
Specifically, he found that capacity at one of his Madrid circuits was being completely used up by employees streaming live video of the tournament while at work. When he called the Madrid branch to tell them of the problem, however, the branch office manager shrugged it off.
"He was willing to live with poor application performance for the time being," says Beliveau, who monitors network health for Biogen offices in 22 countries. "I think he was afraid that shutting off the World Cup would cause a revolt."
But despite the fact that this particular branch manager didn't want his help, Beliveau says he is able to quickly identify and isolate similar network problems at offices around the world by using software produced by NetEvidence, a software-as-a-serivce (SaaS) provider based in the United Kingdom. This particular SaaS, known as Highlight, gives its users a browser-based user interface designed to help companies monitor and manage network performance around the globe.
"What we're trying to do is make the visibility of what's going on in the network accessible to a wider range of people," says Andi Willmott, the business development director for NetEvidence. "In the same way that Apple is trying to make phone functionalities easier with the iPhone, we're trying to take a similar approach to network management software with Highlight."
One of Highlight's key features is its color-coded tile interface that delivers network performance measurements for stability, load and health. Thus, when Beliveau starts up his computer every morning, he sees a series of tiles on his screen that display network health for every Biogen office in the world. If an office's tile is "green," then it's generally healthy. Yellow or red indicate that the network is or may become overloaded.
From there, Beliveau says he can dig deeper into the trouble areas and figure out the root cause right down to the application level. For instance, he can figure out how much in-the-cloud network traffic is produced by Lotus Notes, and how much is produced by peer-to-peer applications such as eDonkey. What makes the software so special, Beliveau says, is its ease of use and the accuracy of the measurements it uses to grade network performance.
"The logic that goes behind the changing color tiles is exceptional," he says. "The NetEvidence engineers know what makes networks perform so well. They measure the thresholds for network performance in a way that I could never figure out on my unless I put lot of time and effort into it."
As a SaaS, Highlight is continuously collecting data on traffic patterns and their effects on network stability, load and health. The software takes that data and stacks it up against NetEvidence's own measurements and thresholds for network health. The data is then sent back to the user with updates every three minutes.
Willmott says that many companies in Europe and in Asia have been using the Highlight software for years, but that the company is only now aggressively marketing it within the United States. He says that the company has had to account for certain cultural changes between the United States and Europe when developing its marketing strategy, which is why the company has decided to partner with various cable, wireless and telecom carriers to create its route to the U.S. market.
"The European market has historically been very slanted toward fully managed services," Willmott says. "Whereas out here, they balance has shifted the other way. People want more ownership and control over their network."
Highlight generally costs about US$50 a month per router, although networks with highly customized architecture might require more expensive services. NetEvidence says that Highlight is also a completely customizable commercial model where users can purchase the software for a smaller number of routers to start, and can then add it to more routers as they see fit. The SaaS requires no installation by the user and no hardware on the premises, and can be fully managed by the company.
Specifically, he found that capacity at one of his Madrid circuits was being completely used up by employees streaming live video of the tournament while at work. When he called the Madrid branch to tell them of the problem, however, the branch office manager shrugged it off.
"He was willing to live with poor application performance for the time being," says Beliveau, who monitors network health for Biogen offices in 22 countries. "I think he was afraid that shutting off the World Cup would cause a revolt."
But despite the fact that this particular branch manager didn't want his help, Beliveau says he is able to quickly identify and isolate similar network problems at offices around the world by using software produced by NetEvidence, a software-as-a-serivce (SaaS) provider based in the United Kingdom. This particular SaaS, known as Highlight, gives its users a browser-based user interface designed to help companies monitor and manage network performance around the globe.
"What we're trying to do is make the visibility of what's going on in the network accessible to a wider range of people," says Andi Willmott, the business development director for NetEvidence. "In the same way that Apple is trying to make phone functionalities easier with the iPhone, we're trying to take a similar approach to network management software with Highlight."
One of Highlight's key features is its color-coded tile interface that delivers network performance measurements for stability, load and health. Thus, when Beliveau starts up his computer every morning, he sees a series of tiles on his screen that display network health for every Biogen office in the world. If an office's tile is "green," then it's generally healthy. Yellow or red indicate that the network is or may become overloaded.
From there, Beliveau says he can dig deeper into the trouble areas and figure out the root cause right down to the application level. For instance, he can figure out how much in-the-cloud network traffic is produced by Lotus Notes, and how much is produced by peer-to-peer applications such as eDonkey. What makes the software so special, Beliveau says, is its ease of use and the accuracy of the measurements it uses to grade network performance.
"The logic that goes behind the changing color tiles is exceptional," he says. "The NetEvidence engineers know what makes networks perform so well. They measure the thresholds for network performance in a way that I could never figure out on my unless I put lot of time and effort into it."
As a SaaS, Highlight is continuously collecting data on traffic patterns and their effects on network stability, load and health. The software takes that data and stacks it up against NetEvidence's own measurements and thresholds for network health. The data is then sent back to the user with updates every three minutes.
Willmott says that many companies in Europe and in Asia have been using the Highlight software for years, but that the company is only now aggressively marketing it within the United States. He says that the company has had to account for certain cultural changes between the United States and Europe when developing its marketing strategy, which is why the company has decided to partner with various cable, wireless and telecom carriers to create its route to the U.S. market.
"The European market has historically been very slanted toward fully managed services," Willmott says. "Whereas out here, they balance has shifted the other way. People want more ownership and control over their network."
Highlight generally costs about US$50 a month per router, although networks with highly customized architecture might require more expensive services. NetEvidence says that Highlight is also a completely customizable commercial model where users can purchase the software for a smaller number of routers to start, and can then add it to more routers as they see fit. The SaaS requires no installation by the user and no hardware on the premises, and can be fully managed by the company.
Workday revs on-demand ERP
On-demand ERP (enterprise resource planning) vendor Workday announced an update to its software Monday as it rides a wave of publicity from a recent high-profile customer win.
Payroll is a major new component of Workday 4.0. To date the company, which was formed by PeopleSoft founder Dave Duffield, has focused on human capital management (HCM) -- otherwise known as human resources -- as well as financials and procurement. A company spokesman described the payroll capability as key to landing bigger customers.
"I think as we get into these larger enterprise deals, those are the places where payroll is tightly coupled with HCM ... We'll continue to link to [payroll providers such as] ADP or Ceridian, but this does open up new opportunities in larger enterprises," said Andrew McCarthy, communications director.
McKee Foods is serving as a pilot customer for the payroll function, which will be generally available later this year. Initially, Workday will support processes for U.S. payroll, with Canada and Europe to follow. The company claims its underlying payroll framework and calculation engine mean it won't have to rewrite the entire stack from scratch for new regions.
Workday made the right move by developing the capability, according to one observer. "Definitely, payroll is a must," said China Martens, an analyst with the 451 Group.
"Clearly, they've learned from the past on the internationalization front," she added. "Where PeopleSoft, like its peers, to be fair, ran into some trouble was in not doing enough on the internationalization of its software when going global."
Workday is also integrating its software with third-party products. A link to Salesforce CRM will enable users to automatically activate and deactivate users from the Salesforce system as they are hired and leave the company.
While customers would require a separate license for those third-party applications, Workday will support the integration, spokesmen said.
The software updates arrive as Workday is enjoying a wave of buzz. News broke last week that it had scored a major deal with manufacturer Flextronics, which has 200,000 employees, and that Salesforce is now using its HCM module.
Observers say the Flextronics win -- beyond a major boon for Workday -- serves as a general validation that the software as a service (SaaS) model can work in the largest enterprises.
"Workday is on the forefront," said Ray Wang, an analyst with Forrester Research. "Their win against Oracle and SAP proves that SaaS can scale in the big leagues."
.
But as Workday begins servicing such sizable accounts, there are lingering questions about the cost efficiency of the on-demand model. ERP juggernaut SAP has drawn back its rollout plans for Business ByDesign, its hosted ERP offering for the midmarket, saying it needs to fine-tune it to ensure a satisfactory profit.
Workday's product has a smaller footprint, which will help it avoid such growing pains, spokespeople asserted.
Payroll is a major new component of Workday 4.0. To date the company, which was formed by PeopleSoft founder Dave Duffield, has focused on human capital management (HCM) -- otherwise known as human resources -- as well as financials and procurement. A company spokesman described the payroll capability as key to landing bigger customers.
"I think as we get into these larger enterprise deals, those are the places where payroll is tightly coupled with HCM ... We'll continue to link to [payroll providers such as] ADP or Ceridian, but this does open up new opportunities in larger enterprises," said Andrew McCarthy, communications director.
McKee Foods is serving as a pilot customer for the payroll function, which will be generally available later this year. Initially, Workday will support processes for U.S. payroll, with Canada and Europe to follow. The company claims its underlying payroll framework and calculation engine mean it won't have to rewrite the entire stack from scratch for new regions.
Workday made the right move by developing the capability, according to one observer. "Definitely, payroll is a must," said China Martens, an analyst with the 451 Group.
"Clearly, they've learned from the past on the internationalization front," she added. "Where PeopleSoft, like its peers, to be fair, ran into some trouble was in not doing enough on the internationalization of its software when going global."
Workday is also integrating its software with third-party products. A link to Salesforce CRM will enable users to automatically activate and deactivate users from the Salesforce system as they are hired and leave the company.
While customers would require a separate license for those third-party applications, Workday will support the integration, spokesmen said.
The software updates arrive as Workday is enjoying a wave of buzz. News broke last week that it had scored a major deal with manufacturer Flextronics, which has 200,000 employees, and that Salesforce is now using its HCM module.
Observers say the Flextronics win -- beyond a major boon for Workday -- serves as a general validation that the software as a service (SaaS) model can work in the largest enterprises.
"Workday is on the forefront," said Ray Wang, an analyst with Forrester Research. "Their win against Oracle and SAP proves that SaaS can scale in the big leagues."
.
But as Workday begins servicing such sizable accounts, there are lingering questions about the cost efficiency of the on-demand model. ERP juggernaut SAP has drawn back its rollout plans for Business ByDesign, its hosted ERP offering for the midmarket, saying it needs to fine-tune it to ensure a satisfactory profit.
Workday's product has a smaller footprint, which will help it avoid such growing pains, spokespeople asserted.
Analysts: Microsoft likely eyeing Yahoo search assets
Although Microsoft provided no details Sunday about what deal it might cut with Yahoo, it seems highly likely that search advertising would be a major piece.
Search advertising continues to be the largest segment of online advertising and is the fuel that has propelled Google's revenue and profits to levels that have made Microsoft green with envy. "There's got to be some search component to the deal," said industry analyst Greg Sterling of Sterling Market Intelligence.
What shape the tie-up might take is anyone's guess. It could be some sort of joint venture in which the companies pool assets and create a larger ad network, Sterling said. Or it could be an agreement for Yahoo to outsource part of its search advertising business to Microsoft, along the lines of what Yahoo has reportedly been negotiating for weeks with Google, he said.
What's clear is that since Microsoft withdrew its offer to buy Yahoo for $33 per share on May 3, Yahoo's management and board have been bombarded with complaints from shareholders.
Last week, billionaire investor Carl Icahn turned up the heat even more when he put forth a slate of 10 candidates and announced his intention to launch a proxy fight to oust Yahoo's board at the company's shareholders meeting in July, and strike an acquisition deal with Microsoft.
"Yahoo is under pressure to show shareholders some deal, probably with Google but maybe not just with Google, to give them some assurance of value on the immediate term," he said.
Of course, it's not great news for Yahoo shareholders that Microsoft is now only interested in doing a limited, narrow deal with Yahoo, said Brian Bolan, research director at Jackson Securities.
To Bolan, it seems evident that Microsoft has rethought its plan to buy all of Yahoo. "The clear indication of this is that Microsoft has looked through this soup-to-nuts and it has realized there's only a couple of parts of Yahoo that they really want. They don't want to duplicate services and features much in the way Yahoo has done over the years within its own properties," Bolan said.
One thing Microsoft does want and need is better search technology and better search monetization, so it's likely that Microsoft is eyeing Yahoo's assets in this specific area. But whatever form the deal takes, it will not be worth anywhere near what Microsoft had been ready to pay to acquire Yahoo, he said.
Consequently, Bolan expects Yahoo's stock to take a significant hit on Monday, as disappointed investors react to Microsoft's statement that it's not currently interested in a full-blown acquisition. "That's going to take a lot of the M&A [merger and acquisition] premium out of the stock," Bolan said.
"The stock has been running up on the idea of a bunch of people buying shares to try to force this [Microsoft acquisition] deal, to try to make this happen," he added.
A limited deal with Microsoft means that Icahn will likely push ahead with his proxy fight, so that with control of the board, he can carve out an acquisition deal, which at that point will likely be for somewhere at or a bit above the mid-$20 per share range, Bolan said.
And if no acquisition deal materializes for Yahoo, its stock will likely fall apart, said Bolan, who currently has a "sell" recommendation and a $17 price target on the stock.
Microsoft announced its $44.6 billion cash-and-stock bid for Yahoo on Feb. 1, but abandoned its three-month courtship on May 3, saying that Yahoo had rejected a revised offer for $33 per share, an increase of about $5 billion. Yahoo formally rejected Microsoft's original offer on Feb. 11, saying it undervalued the company.
Yahoo's stock closed at $19.18 per share on the day before the initial Microsoft offer, which boosted it to almost $30. However, on Monday, May 5, the first day of trading after Microsoft's offer withdrawal, Yahoo's stock closed down 15 percent at $24.37, after dropping as low as $22.97 during the day.
Not surprisingly, various large Yahoo shareholders have expressed their displeasure with Yahoo's board and management for, in their view, not negotiating in good faith with Microsoft and causing the talks to collapse.
Yahoo co-founder and CEO Jerry Yang and other top Yahoo executives have since then tried to shift the blame to Microsoft, alleging that the $33-per-share offer was never put in writing and that Microsoft unexpectedly walked away at a time when Yahoo was still open to negotiating.
At the same time, Yang has failed to seal a deal in which Yahoo would outsource part of its search advertising business to Google, a move that could give Yahoo a significant revenue boost. Those negotiations with Google were cited by Microsoft CEO Steve Ballmer as a major reason to withdraw the offer because, in Ballmer's view, outsourcing search ads to Google would weaken Yahoo's competitive position in online advertising.
After Microsoft withdrew its offer, its top officials have repeatedly said that the company is no longer interested in acquiring Yahoo, arguing that Microsoft can strengthen its Internet business via internal efforts. On Sunday, Microsoft reiterated that it "is not proposing to make a new bid to acquire all of Yahoo at this time." However, Microsoft did add that it "reserves the right to reconsider that alternative."
Search advertising continues to be the largest segment of online advertising and is the fuel that has propelled Google's revenue and profits to levels that have made Microsoft green with envy. "There's got to be some search component to the deal," said industry analyst Greg Sterling of Sterling Market Intelligence.
What shape the tie-up might take is anyone's guess. It could be some sort of joint venture in which the companies pool assets and create a larger ad network, Sterling said. Or it could be an agreement for Yahoo to outsource part of its search advertising business to Microsoft, along the lines of what Yahoo has reportedly been negotiating for weeks with Google, he said.
What's clear is that since Microsoft withdrew its offer to buy Yahoo for $33 per share on May 3, Yahoo's management and board have been bombarded with complaints from shareholders.
Last week, billionaire investor Carl Icahn turned up the heat even more when he put forth a slate of 10 candidates and announced his intention to launch a proxy fight to oust Yahoo's board at the company's shareholders meeting in July, and strike an acquisition deal with Microsoft.
"Yahoo is under pressure to show shareholders some deal, probably with Google but maybe not just with Google, to give them some assurance of value on the immediate term," he said.
Of course, it's not great news for Yahoo shareholders that Microsoft is now only interested in doing a limited, narrow deal with Yahoo, said Brian Bolan, research director at Jackson Securities.
To Bolan, it seems evident that Microsoft has rethought its plan to buy all of Yahoo. "The clear indication of this is that Microsoft has looked through this soup-to-nuts and it has realized there's only a couple of parts of Yahoo that they really want. They don't want to duplicate services and features much in the way Yahoo has done over the years within its own properties," Bolan said.
One thing Microsoft does want and need is better search technology and better search monetization, so it's likely that Microsoft is eyeing Yahoo's assets in this specific area. But whatever form the deal takes, it will not be worth anywhere near what Microsoft had been ready to pay to acquire Yahoo, he said.
Consequently, Bolan expects Yahoo's stock to take a significant hit on Monday, as disappointed investors react to Microsoft's statement that it's not currently interested in a full-blown acquisition. "That's going to take a lot of the M&A [merger and acquisition] premium out of the stock," Bolan said.
"The stock has been running up on the idea of a bunch of people buying shares to try to force this [Microsoft acquisition] deal, to try to make this happen," he added.
A limited deal with Microsoft means that Icahn will likely push ahead with his proxy fight, so that with control of the board, he can carve out an acquisition deal, which at that point will likely be for somewhere at or a bit above the mid-$20 per share range, Bolan said.
And if no acquisition deal materializes for Yahoo, its stock will likely fall apart, said Bolan, who currently has a "sell" recommendation and a $17 price target on the stock.
Microsoft announced its $44.6 billion cash-and-stock bid for Yahoo on Feb. 1, but abandoned its three-month courtship on May 3, saying that Yahoo had rejected a revised offer for $33 per share, an increase of about $5 billion. Yahoo formally rejected Microsoft's original offer on Feb. 11, saying it undervalued the company.
Yahoo's stock closed at $19.18 per share on the day before the initial Microsoft offer, which boosted it to almost $30. However, on Monday, May 5, the first day of trading after Microsoft's offer withdrawal, Yahoo's stock closed down 15 percent at $24.37, after dropping as low as $22.97 during the day.
Not surprisingly, various large Yahoo shareholders have expressed their displeasure with Yahoo's board and management for, in their view, not negotiating in good faith with Microsoft and causing the talks to collapse.
Yahoo co-founder and CEO Jerry Yang and other top Yahoo executives have since then tried to shift the blame to Microsoft, alleging that the $33-per-share offer was never put in writing and that Microsoft unexpectedly walked away at a time when Yahoo was still open to negotiating.
At the same time, Yang has failed to seal a deal in which Yahoo would outsource part of its search advertising business to Google, a move that could give Yahoo a significant revenue boost. Those negotiations with Google were cited by Microsoft CEO Steve Ballmer as a major reason to withdraw the offer because, in Ballmer's view, outsourcing search ads to Google would weaken Yahoo's competitive position in online advertising.
After Microsoft withdrew its offer, its top officials have repeatedly said that the company is no longer interested in acquiring Yahoo, arguing that Microsoft can strengthen its Internet business via internal efforts. On Sunday, Microsoft reiterated that it "is not proposing to make a new bid to acquire all of Yahoo at this time." However, Microsoft did add that it "reserves the right to reconsider that alternative."
First Firefox 3.0 release candidate launches
Mozilla has launched Firefox 3.0 release candidate 1 (RC1), which it claims includes 14,000 updates.
Mozilla claims that Firefox 3.0 will see improved performance, stability and code simplification.
In Firefox 3.0 Mozilla has aimed to improve password management, and has added a new download manager and resumable downloading. Key security features in Firefox 3.0 include enhanced malware and web forgery protection, as well as greater antivirus integration and Vista parental control accessibility.
Mozilla also claims that Firefox 3.0 integrates better with the Windows, Mac and Linux platforms.
Mozilla claims that Firefox 3.0 will see improved performance, stability and code simplification.
In Firefox 3.0 Mozilla has aimed to improve password management, and has added a new download manager and resumable downloading. Key security features in Firefox 3.0 include enhanced malware and web forgery protection, as well as greater antivirus integration and Vista parental control accessibility.
Mozilla also claims that Firefox 3.0 integrates better with the Windows, Mac and Linux platforms.
Mass SQL injection attack targets Chinese Web sites
Web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web sites, according to a security company in Taiwan.
First detected on May 13, the attack is coming from a server farm inside China, which has made no effort to hide its IP (Internet Protocol) addresses, said Wayne Huang, chief executive officer of Armorize Technologies, in Taipei.
"The attack is ongoing, ... even if they can't successfully insert malware, they're killing lots of Web sites right now, because they're just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim websites," Huang said.
In a SQL injection attack, an attacker attempts to exploit vulnerabilities in custom Web applications by entering SQL code in an entry field, such as a login. If successful, such an attack can give the attacker access to data on the database used by the application and the ability to run malicious code on the Web site.
A screenshot of a Web site belonging to the Mackay Memorial Hospital in Hsinchu, Taiwan, showed the rendering of the site had been affected and displayed the SQL string injected by the attack, Huang said.
Thousands of Web sites have been hit by the attack, he said, noting that 10,000 servers alone were infected by malware last Friday. Most of the affected servers are located in China, while some are located in Taiwan, Huang said. The attackers appear to be using automated queries to Google's search engine to identify Web sites vulnerable to the attack, he said.
Among the sites hit by the attack on Friday were Soufun, a real estate Web site, and Mycar168, a site for automobile enthusiasts.
The attackers aren't targeting a specific vulnerability. Instead they are using an automated SQL injection attack engine that is tailored to attack Web sites using SQL Server, Huang said. The attack uses SQL injection to infect targeted Web sites with malware, which in turn exploits vulnerabilities in the browsers of those who visit the Web sites, he said, calling the attack "very well designed."
The malware injected by the attack comes from 1,000 different servers and targets 10 vulnerabilities in Internet Explorer and related plugins that are popular in Asia, Huang said.
The vulnerabilities are MS06-014 (CVE-2006-0003), MS07-017 (CVE-2007-1765), RealPlayer IERPCtl.IERPCtl.1 (CVE-2007-5601),GLCHAT.GLChatCtrl.1 (CVE-2007-5722), MPS.StormPlayer.1 (CVE-2007-4816), QvodInsert.QvodCtrl.1, DPClient.Vod (CVE-2007-6144), BaiduBar.Tool.1 (CVE-2007-4105), VML Exploit (CVE-2006-4868) and PPStream (CVE-2007-4748).
Mass SQL injection attacks have increasingly become a security threat. In January, tens of thousands of PCs were infected by an automated SQL injection attack. That attack exploited a vulnerability in Microsoft's SQL Server.
First detected on May 13, the attack is coming from a server farm inside China, which has made no effort to hide its IP (Internet Protocol) addresses, said Wayne Huang, chief executive officer of Armorize Technologies, in Taipei.
"The attack is ongoing, ... even if they can't successfully insert malware, they're killing lots of Web sites right now, because they're just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim websites," Huang said.
In a SQL injection attack, an attacker attempts to exploit vulnerabilities in custom Web applications by entering SQL code in an entry field, such as a login. If successful, such an attack can give the attacker access to data on the database used by the application and the ability to run malicious code on the Web site.
A screenshot of a Web site belonging to the Mackay Memorial Hospital in Hsinchu, Taiwan, showed the rendering of the site had been affected and displayed the SQL string injected by the attack, Huang said.
Thousands of Web sites have been hit by the attack, he said, noting that 10,000 servers alone were infected by malware last Friday. Most of the affected servers are located in China, while some are located in Taiwan, Huang said. The attackers appear to be using automated queries to Google's search engine to identify Web sites vulnerable to the attack, he said.
Among the sites hit by the attack on Friday were Soufun, a real estate Web site, and Mycar168, a site for automobile enthusiasts.
The attackers aren't targeting a specific vulnerability. Instead they are using an automated SQL injection attack engine that is tailored to attack Web sites using SQL Server, Huang said. The attack uses SQL injection to infect targeted Web sites with malware, which in turn exploits vulnerabilities in the browsers of those who visit the Web sites, he said, calling the attack "very well designed."
The malware injected by the attack comes from 1,000 different servers and targets 10 vulnerabilities in Internet Explorer and related plugins that are popular in Asia, Huang said.
The vulnerabilities are MS06-014 (CVE-2006-0003), MS07-017 (CVE-2007-1765), RealPlayer IERPCtl.IERPCtl.1 (CVE-2007-5601),GLCHAT.GLChatCtrl.1 (CVE-2007-5722), MPS.StormPlayer.1 (CVE-2007-4816), QvodInsert.QvodCtrl.1, DPClient.Vod (CVE-2007-6144), BaiduBar.Tool.1 (CVE-2007-4105), VML Exploit (CVE-2006-4868) and PPStream (CVE-2007-4748).
Mass SQL injection attacks have increasingly become a security threat. In January, tens of thousands of PCs were infected by an automated SQL injection attack. That attack exploited a vulnerability in Microsoft's SQL Server.
'Tukwila' Itanium servers due early next year, Intel said
Intel will start shipping a quad-core version of its Itanium processor to system vendors in about six months, with the first servers based on the chip due in early 2009, Intel said Monday.
Intel said the new chip, code-named Tukwila, will roughly double the performance of the current, dual-core version of Itanium. Aside from the additional cores, Tukwila includes 30M bytes of on-chip cache memory -- about 15 percent more than its predecessor -- and Intel's QuickPath Interconnect technology, which should speed data transfer between components.
Intel won't say yet what clock-speeds the chip will be offered at, except that it will launch at up to 2GHz. It will be manufactured using a 65-nanometer process, a step up from the current Itanium.
Itanium is designed for high-end servers running large databases, data warehouses, and transaction-heavy business applications. Intel positions it as a substitute for RISC-type processors like IBM's Power and Sun's Sparc, and as a lower-cost alternative to mainframes. Most Itanium servers are sold by Hewlett-Packard, although they are also offered by Fujitsu, NEC and others.
The chip has not lived up to the expectations of Intel, which at one time thought it would eclipse x86-type processors such as the Xeon and Opteron. Itanium has suffered from frequent delays and a lack of compatible applications, and from the fact that AMD and Intel extended the trusty x86 design by adding 64-bit extensions.
Intel and HP, which helped develop Itanium, are therefore keen to show momentum behind the chip. Joan Jacobs, executive director of the Itanium Solutions Alliance, said there are now 13,000 applications available for Itanium, up from 10,000 two years ago. The alliance announced Monday that Sophos will port its anti-virus software to Itanium systems running Red Hat Enterprise Linux by the end of the year.
Proponents also point to growing sales. The number of Itanium systems sold in the fourth quarter climbed 36 percent from a year earlier, led by Europe and the Asia Pacific region, according to IDC. Analysts note that the Itanium sales are starting from a lower base, however, so big percentage gains are easier to come by.
In fact Itanium holds only a sliver of the overall server market. Vendors sold about 55,000 Itanium servers in 2007, compared to 417,000 RISC servers and 8.4 million x86 servers, according to Gartner. Intel estimates that 184,000 Itanium-based systems had been sold altogether by the end of last year.
Analysts say Intel needs to generate more sales from other vendors besides HP, which accounts for as much as 80 percent of Itanium systems revenue, said IDC Research Director Steve Josselyn.
HP plans to retire its own PA-RISC processor at the end of the year, so customers who want to stay with HP's HP-UX or OpenVMS operating systems have little choice but to buy Itanium servers.
"Itanium is basically HP's high-end processor, in the same vein that Power6 is for IBM and Sparc is for Sun," said Illuminata analyst Gordon Haff. "If you look at it in that context, Itanium is doing fine. If you look at it in the context of taking over the world, it's not doing so fine."
Still, he said Tukwila should roughly match the performance of IBM's and Sun's current RISC processors. "It probably puts Itanium where it ought to be in terms of competitive performance, against Power6 in particular," Haff said. "Itanium has been a little bit on the slow side versus Power6 today."
Nathan Brookwood, principal analyst at Insight64, said there is a market for Itanium beyond HP customers. He pointed to NEC, Fujitsu and SGI, among others, who are switching to Itanium from their proprietary mainframe platforms. The volume of sales there is small but the revenue is fairly significant, he said.
Microsoft also is throwing some weight behind Itanium. The processor is valuable for the company because it gives it a hardware platform to compete in high-end environments where RISC-based and mainframe computers are dominant, Brookwood said.
Microsoft has kicked off a program to persuade financial institutions that Windows on Itanium is a good low-cost alternative to mainframes, said Ward Ralston, technical product manager for Windows Server marketing. "These are long sales cycles, but these are the rocks we're flipping over to start moving the needle with Itanium," he said.
IDC's Josselyn said what happens on the Windows side over the next 18 months will be important for Itanium. "If they can't get a lot of additional Windows-based applications developed for the platform, it's going to stump the growth. Windows-based servers is the biggest segment of the overall server market these days," he said.
Intel is developing follow-ons to Tukwila, code-named Poulson and Kittson, although it still won't say much about them. Poulson will have more than four cores, a new microarchitecture and be manufactured on a 32-nanometer process, said Robert Shiveley, worldwide marketing manager for Intel's server group.
Most analysts agreed that Itanium is here for the long term, which wasn't always certain given its rocky start. "Like John McCain thinks we can't walk away from Iraq, Intel thinks they can't walk away from Itanium," Brookwood said. "One thing you have to give Intel credit for is that they are nothing but persistent."
Intel said the new chip, code-named Tukwila, will roughly double the performance of the current, dual-core version of Itanium. Aside from the additional cores, Tukwila includes 30M bytes of on-chip cache memory -- about 15 percent more than its predecessor -- and Intel's QuickPath Interconnect technology, which should speed data transfer between components.
Intel won't say yet what clock-speeds the chip will be offered at, except that it will launch at up to 2GHz. It will be manufactured using a 65-nanometer process, a step up from the current Itanium.
Itanium is designed for high-end servers running large databases, data warehouses, and transaction-heavy business applications. Intel positions it as a substitute for RISC-type processors like IBM's Power and Sun's Sparc, and as a lower-cost alternative to mainframes. Most Itanium servers are sold by Hewlett-Packard, although they are also offered by Fujitsu, NEC and others.
The chip has not lived up to the expectations of Intel, which at one time thought it would eclipse x86-type processors such as the Xeon and Opteron. Itanium has suffered from frequent delays and a lack of compatible applications, and from the fact that AMD and Intel extended the trusty x86 design by adding 64-bit extensions.
Intel and HP, which helped develop Itanium, are therefore keen to show momentum behind the chip. Joan Jacobs, executive director of the Itanium Solutions Alliance, said there are now 13,000 applications available for Itanium, up from 10,000 two years ago. The alliance announced Monday that Sophos will port its anti-virus software to Itanium systems running Red Hat Enterprise Linux by the end of the year.
Proponents also point to growing sales. The number of Itanium systems sold in the fourth quarter climbed 36 percent from a year earlier, led by Europe and the Asia Pacific region, according to IDC. Analysts note that the Itanium sales are starting from a lower base, however, so big percentage gains are easier to come by.
In fact Itanium holds only a sliver of the overall server market. Vendors sold about 55,000 Itanium servers in 2007, compared to 417,000 RISC servers and 8.4 million x86 servers, according to Gartner. Intel estimates that 184,000 Itanium-based systems had been sold altogether by the end of last year.
Analysts say Intel needs to generate more sales from other vendors besides HP, which accounts for as much as 80 percent of Itanium systems revenue, said IDC Research Director Steve Josselyn.
HP plans to retire its own PA-RISC processor at the end of the year, so customers who want to stay with HP's HP-UX or OpenVMS operating systems have little choice but to buy Itanium servers.
"Itanium is basically HP's high-end processor, in the same vein that Power6 is for IBM and Sparc is for Sun," said Illuminata analyst Gordon Haff. "If you look at it in that context, Itanium is doing fine. If you look at it in the context of taking over the world, it's not doing so fine."
Still, he said Tukwila should roughly match the performance of IBM's and Sun's current RISC processors. "It probably puts Itanium where it ought to be in terms of competitive performance, against Power6 in particular," Haff said. "Itanium has been a little bit on the slow side versus Power6 today."
Nathan Brookwood, principal analyst at Insight64, said there is a market for Itanium beyond HP customers. He pointed to NEC, Fujitsu and SGI, among others, who are switching to Itanium from their proprietary mainframe platforms. The volume of sales there is small but the revenue is fairly significant, he said.
Microsoft also is throwing some weight behind Itanium. The processor is valuable for the company because it gives it a hardware platform to compete in high-end environments where RISC-based and mainframe computers are dominant, Brookwood said.
Microsoft has kicked off a program to persuade financial institutions that Windows on Itanium is a good low-cost alternative to mainframes, said Ward Ralston, technical product manager for Windows Server marketing. "These are long sales cycles, but these are the rocks we're flipping over to start moving the needle with Itanium," he said.
IDC's Josselyn said what happens on the Windows side over the next 18 months will be important for Itanium. "If they can't get a lot of additional Windows-based applications developed for the platform, it's going to stump the growth. Windows-based servers is the biggest segment of the overall server market these days," he said.
Intel is developing follow-ons to Tukwila, code-named Poulson and Kittson, although it still won't say much about them. Poulson will have more than four cores, a new microarchitecture and be manufactured on a 32-nanometer process, said Robert Shiveley, worldwide marketing manager for Intel's server group.
Most analysts agreed that Itanium is here for the long term, which wasn't always certain given its rocky start. "Like John McCain thinks we can't walk away from Iraq, Intel thinks they can't walk away from Itanium," Brookwood said. "One thing you have to give Intel credit for is that they are nothing but persistent."
China limits entertainment sites during mourning
The Chinese government has limited access to online entertainment content during a three-day period of national mourning beginning Monday.
The Web site of the State Council, China's Cabinet, published the declaration for observation (in Chinese) of the mourning period on Sunday: "To express the deep grief of all of country's nationalities for the Wenchuan earthquake victims, the State Council decided that May 19 to 21 will be a period of national mourning. During that time, national and foreign institutions will fly flags at half-mast, public recreational activities will be stopped, and the Foreign Ministry and China's embassies and consulates will set up condolence books. At 2:28 p.m. (local Beijing time) on May 19, people across the country will observe silence for three minutes, while cars, trains, ships, and air defense alarms will sound."
"In accordance with a public notice issued by the Chinese government on May 18, 2008, Shanda will observe a national period of mourning beginning on May 19, 2008, for victims of last week's earthquake. Shanda will resume its game services at 1:00 A.M. on May 22, 2008," game site Shanda said in a statement. The statement also seems to confirm a separate government notice aimed at Web sites with entertainment content mentioned by a Shanghai-based blog.
Major portals Sina.com and Sohu.com limited their home page offerings to news content. Sohu adopted an all-black font, with most of the links on the top half of the page relating to earthquake news. Video sites Youku.com and Tudou.com both offered only quake-related material on their home pages, but other videos, such as music or amateur clips, could be accessed on both sites using search functions.
Game site The9, which is the China distributor for the exceptionally popular "World of Warcraft" MMPORG (Massively MultiPlayer Online Role-Playing Game), offered no links to any of its games. Instead, it offered information on how to donate to relief efforts. Players could still access their accounts for top-up payments and to view account information.
Representatives from the various companies did not respond to requests for comment.
"The national outpouring of sympathy and grief is very real. I believe that most people are not treating the suspension as a crackdown of a police state but as an understandable reaction to a national tragedy," said Jeremy Goldkorn , editor of Danwei, a Beijing-based media site, by e-mail. "Americans can get a sense of the mood here now by recalling the weeks after 9-11, when many people felt that it was inappropriate to hold parties, tell jokes or have fun," he said.
China is also suspending the Olympic torch relay for the three days of mourning. The government is asking people to observe three minutes of silence beginning at 2:28 p.m. local Beijing time, the time when the earthquake, which measured 7.8 on the Richter scale, occurred on May 12. By 2:00 p.m. Sunday, the official death toll stood at 32,476, with hundreds of thousands more injured.
The Web site of the State Council, China's Cabinet, published the declaration for observation (in Chinese) of the mourning period on Sunday: "To express the deep grief of all of country's nationalities for the Wenchuan earthquake victims, the State Council decided that May 19 to 21 will be a period of national mourning. During that time, national and foreign institutions will fly flags at half-mast, public recreational activities will be stopped, and the Foreign Ministry and China's embassies and consulates will set up condolence books. At 2:28 p.m. (local Beijing time) on May 19, people across the country will observe silence for three minutes, while cars, trains, ships, and air defense alarms will sound."
"In accordance with a public notice issued by the Chinese government on May 18, 2008, Shanda will observe a national period of mourning beginning on May 19, 2008, for victims of last week's earthquake. Shanda will resume its game services at 1:00 A.M. on May 22, 2008," game site Shanda said in a statement. The statement also seems to confirm a separate government notice aimed at Web sites with entertainment content mentioned by a Shanghai-based blog.
Major portals Sina.com and Sohu.com limited their home page offerings to news content. Sohu adopted an all-black font, with most of the links on the top half of the page relating to earthquake news. Video sites Youku.com and Tudou.com both offered only quake-related material on their home pages, but other videos, such as music or amateur clips, could be accessed on both sites using search functions.
Game site The9, which is the China distributor for the exceptionally popular "World of Warcraft" MMPORG (Massively MultiPlayer Online Role-Playing Game), offered no links to any of its games. Instead, it offered information on how to donate to relief efforts. Players could still access their accounts for top-up payments and to view account information.
Representatives from the various companies did not respond to requests for comment.
"The national outpouring of sympathy and grief is very real. I believe that most people are not treating the suspension as a crackdown of a police state but as an understandable reaction to a national tragedy," said Jeremy Goldkorn , editor of Danwei, a Beijing-based media site, by e-mail. "Americans can get a sense of the mood here now by recalling the weeks after 9-11, when many people felt that it was inappropriate to hold parties, tell jokes or have fun," he said.
China is also suspending the Olympic torch relay for the three days of mourning. The government is asking people to observe three minutes of silence beginning at 2:28 p.m. local Beijing time, the time when the earthquake, which measured 7.8 on the Richter scale, occurred on May 12. By 2:00 p.m. Sunday, the official death toll stood at 32,476, with hundreds of thousands more injured.
I spy your PC: Researchers find new ways to steal data
Researchers have developed two new techniques for stealing data from a computer that use some unlikely hacking tools: cameras and telescopes.
In two separate pieces of research, teams at the University of California, Santa Barbara, and at Saarland University in Saarbrucken, Germany, describe attacks that seem ripped from the pages of spy novels. In Saarbrucken, the researchers have read computer screens from their tiny reflections on everyday objects such as glasses, teapots, and even the human eye. The UC team has worked out a way to analyze a video of hands typing on a keyboard in order to guess what was being written.
Computer security research tends to focus on the software and hardware inside the PC, but this kind of "side-channel" research, which dates back at least 45 years, looks at the physical environment. Side-channel work in the U.S. was kicked off in 1962 when the U.S. National Security Agency discovered strange surveillance equipment in the concrete ceiling of a U.S. Department of State communications room in Japan and began studying how radiation emitted by communication components could be intercepted.
Much of this work has been top secret, such as the NSA's Tempest program. But side-channel hacking has been in the public eye too.
In fact, if you've seen the movie "Sneakers," then the University of California's work will have a familiar ring. That's because a minor plot point in this 1992 Robert Redford film about a group of security geeks was the inspiration for their work.
In the movie, Redford's character, Marty Bishop, tries to steal a password by watching video of his victim, mathematician Gunter Janek, as he enters his password into a computer. "Oh, this is good," Redford says, "He's going to type in his password and we're going to get a clear shot"
Redford's character never does get his password, but the UC researchers' Clear Shot tool may give others a fighting chance, according to Marco Cova, a graduate student at the school.
Clear Shot can analyze video of hand movements on a computer keyboard and transcribe them into text. It's far from perfect -- Cova says the software is accurate about 40 percent of the time -- but it's good enough for someone to get the gist of what was being typed.
The software also suggests alternative words that may have been typed and more often then not the real word is in the top five suggestions provided by Clear Shot, Cova said.
Clear Shot works with an everyday Web cam, but the Saarland University team has taken thing up a notch, training telescopes on a variety of targets that just might happen to catch a computer monitor's reflection: teapots, glasses, bottles, spoons, and even the human eye.
The researchers came up with this idea during a lunchtime walk about nine months ago, said Michael Backes, a professor at Saarland's computer science department. Noticing that there were a lot of computers to be seen in campus windows, the researchers got to thinking. "It started as a fun project," he said. "We thought it would be kind of cute if we could look at what these people are working on."
It turned out that they could get some amazingly clear pictures. All it took was a US$500 telescope trained on a reflective object in front of the monitor. For example, a teapot yielded readable images of 12 point Word documents from a distance of 5 meters (16 feet). From 10 meters, they were able to read 18 point fonts. With a $27,500 Dobson telescope, they could get the same quality of images at 30 meters.
Backes said he's already demoed his work for a government agency, one that he declined to name. "It was convincing to these people," he said.
That's because even though the reflections are tiny, the images are much clearer than people expect. Often, first time viewers think they're looking at the computer screen itself rather than a reflection, Backes said.
One of his favorite targets is a round teapot. Looking at a spoon or a pair of glasses, you might not get a good view of the monitor, but a spherical teapot makes a perfect target. "If you place a sphere close by, you will always see the monitor," he said. "This helps; you don't have to be lucky."
The Saarland researchers are now working out new image analysis algorithms and training astronomical cameras on their subjects in hopes of getting better images from even more difficult surfaces such as the human eye. They've even aimed their telescopes and cameras at a white wall and have picked up readable reflections from a monitor 2 meters from the wall.
Does Backes think that we should really be concerned about this kind of high tech snooping? Maybe, just because it's so cheap and easy to do. He said he could see some people shelling out the $500 for a telescope just to try it out on their neighbors.
So how to protect yourself from the telescopic snooper? Easy. "Closing your curtains is maybe the best thing you can do," he said.
In two separate pieces of research, teams at the University of California, Santa Barbara, and at Saarland University in Saarbrucken, Germany, describe attacks that seem ripped from the pages of spy novels. In Saarbrucken, the researchers have read computer screens from their tiny reflections on everyday objects such as glasses, teapots, and even the human eye. The UC team has worked out a way to analyze a video of hands typing on a keyboard in order to guess what was being written.
Computer security research tends to focus on the software and hardware inside the PC, but this kind of "side-channel" research, which dates back at least 45 years, looks at the physical environment. Side-channel work in the U.S. was kicked off in 1962 when the U.S. National Security Agency discovered strange surveillance equipment in the concrete ceiling of a U.S. Department of State communications room in Japan and began studying how radiation emitted by communication components could be intercepted.
Much of this work has been top secret, such as the NSA's Tempest program. But side-channel hacking has been in the public eye too.
In fact, if you've seen the movie "Sneakers," then the University of California's work will have a familiar ring. That's because a minor plot point in this 1992 Robert Redford film about a group of security geeks was the inspiration for their work.
In the movie, Redford's character, Marty Bishop, tries to steal a password by watching video of his victim, mathematician Gunter Janek, as he enters his password into a computer. "Oh, this is good," Redford says, "He's going to type in his password and we're going to get a clear shot"
Redford's character never does get his password, but the UC researchers' Clear Shot tool may give others a fighting chance, according to Marco Cova, a graduate student at the school.
Clear Shot can analyze video of hand movements on a computer keyboard and transcribe them into text. It's far from perfect -- Cova says the software is accurate about 40 percent of the time -- but it's good enough for someone to get the gist of what was being typed.
The software also suggests alternative words that may have been typed and more often then not the real word is in the top five suggestions provided by Clear Shot, Cova said.
Clear Shot works with an everyday Web cam, but the Saarland University team has taken thing up a notch, training telescopes on a variety of targets that just might happen to catch a computer monitor's reflection: teapots, glasses, bottles, spoons, and even the human eye.
The researchers came up with this idea during a lunchtime walk about nine months ago, said Michael Backes, a professor at Saarland's computer science department. Noticing that there were a lot of computers to be seen in campus windows, the researchers got to thinking. "It started as a fun project," he said. "We thought it would be kind of cute if we could look at what these people are working on."
It turned out that they could get some amazingly clear pictures. All it took was a US$500 telescope trained on a reflective object in front of the monitor. For example, a teapot yielded readable images of 12 point Word documents from a distance of 5 meters (16 feet). From 10 meters, they were able to read 18 point fonts. With a $27,500 Dobson telescope, they could get the same quality of images at 30 meters.
Backes said he's already demoed his work for a government agency, one that he declined to name. "It was convincing to these people," he said.
That's because even though the reflections are tiny, the images are much clearer than people expect. Often, first time viewers think they're looking at the computer screen itself rather than a reflection, Backes said.
One of his favorite targets is a round teapot. Looking at a spoon or a pair of glasses, you might not get a good view of the monitor, but a spherical teapot makes a perfect target. "If you place a sphere close by, you will always see the monitor," he said. "This helps; you don't have to be lucky."
The Saarland researchers are now working out new image analysis algorithms and training astronomical cameras on their subjects in hopes of getting better images from even more difficult surfaces such as the human eye. They've even aimed their telescopes and cameras at a white wall and have picked up readable reflections from a monitor 2 meters from the wall.
Does Backes think that we should really be concerned about this kind of high tech snooping? Maybe, just because it's so cheap and easy to do. He said he could see some people shelling out the $500 for a telescope just to try it out on their neighbors.
So how to protect yourself from the telescopic snooper? Easy. "Closing your curtains is maybe the best thing you can do," he said.
Facebook CEO wants to talk on Google Friend Connect
Facebook CEO Mark Zuckerberg wants to sit down with Google and work out the privacy issues that caused Facebook to block Google's Friend Connect last week, he said Monday.
"We want to talk to Google about this and see if there's a way we can make it work," said Zuckerberg at a news conference in Tokyo. He was in the Japanese capital to launch the a local-language version of the social networking site.
Google Friend Connect allows Web site operators to add social networking functions to their Web sites. Users visiting the sites will be able to interact with new people or existing friends from social networking sites like Facebook, Orkut and Plaxo. It's the possibility of data redistribution to third-party sites by Google that caused Facebook to block access, it said last week.
"Part of the issue with Google's Friend Connect is that when users grant access to Google's product, Google might share their information with another application, or some part of it, maybe not all of it, without that user knowing. And part of what makes our system work is that people know exactly who they are sharing all their information with," he said.
Zuckerberg contradicted Google Engineering Director David Glazer, who said last week in a phone interview with IDG News Service that Google had spoken to Facebook about the service prior to its launch.
"They launched that without asking us or talking to us about it first so we had no choice but to follow the rules that we had set forth for any developer on top of our platform and we followed them," said Zuckerberg. "But Google's a big player in the space and they make good things and our goal is to work with them to figure this out."
Zuckerberg also noted that Facebook has had a similar service, Facebook Connect, available since late 2006.
"We think it's good that other people are picking up on this trend now," he said.
Facebook faces a tough market in Japan. The number one social networking site, Mixi, has the market virtually sewn up with more than 10 million users, and some doubt whether Facebook's top selling point, that people use real names, will appeal to Japanese users, many of whom only feel free to express themselves when hiding behind a pseudonym.
Zuckerberg hinted that an update to the company's site for cell phone users, Facebook Mobile, might be coming for Japan and other advanced mobile markets.
"We have a mobile version of the site and that's just a first version. We realize that in a lot of more advanced, technical cultures that phones are in many ways more important than the Web but this is just a first approach to that," he said.
The number of people accessing the Internet via cell phones in Japan outnumbers those accessing the network from personal computers, so a strong mobile site is also important.
"We want to talk to Google about this and see if there's a way we can make it work," said Zuckerberg at a news conference in Tokyo. He was in the Japanese capital to launch the a local-language version of the social networking site.
Google Friend Connect allows Web site operators to add social networking functions to their Web sites. Users visiting the sites will be able to interact with new people or existing friends from social networking sites like Facebook, Orkut and Plaxo. It's the possibility of data redistribution to third-party sites by Google that caused Facebook to block access, it said last week.
"Part of the issue with Google's Friend Connect is that when users grant access to Google's product, Google might share their information with another application, or some part of it, maybe not all of it, without that user knowing. And part of what makes our system work is that people know exactly who they are sharing all their information with," he said.
Zuckerberg contradicted Google Engineering Director David Glazer, who said last week in a phone interview with IDG News Service that Google had spoken to Facebook about the service prior to its launch.
"They launched that without asking us or talking to us about it first so we had no choice but to follow the rules that we had set forth for any developer on top of our platform and we followed them," said Zuckerberg. "But Google's a big player in the space and they make good things and our goal is to work with them to figure this out."
Zuckerberg also noted that Facebook has had a similar service, Facebook Connect, available since late 2006.
"We think it's good that other people are picking up on this trend now," he said.
Facebook faces a tough market in Japan. The number one social networking site, Mixi, has the market virtually sewn up with more than 10 million users, and some doubt whether Facebook's top selling point, that people use real names, will appeal to Japanese users, many of whom only feel free to express themselves when hiding behind a pseudonym.
Zuckerberg hinted that an update to the company's site for cell phone users, Facebook Mobile, might be coming for Japan and other advanced mobile markets.
"We have a mobile version of the site and that's just a first version. We realize that in a lot of more advanced, technical cultures that phones are in many ways more important than the Web but this is just a first approach to that," he said.
The number of people accessing the Internet via cell phones in Japan outnumbers those accessing the network from personal computers, so a strong mobile site is also important.
Microsoft puts new Yahoo deal on the table
Microsoft said on Sunday that it has raised the possibility of a new deal with Yahoo, one that may involve buying a part of the company but not all of it.
"Microsoft is considering and has raised with Yahoo an alternative that would involve a transaction with Yahoo but not an acquisition of all of Yahoo," Microsoft said in a brief statement.
The company did not elaborate on the proposal. It said it did not plan at this time to make a new bid to acquire all of Yahoo, but that it was continuing to explore its options to expand its online services and advertising businesses.
Microsoft withdrew its offer to buy Yahoo on May 3 after the two sides failed to agree on a price. Since then, the activist investor Carl Icahn has said he will launch a proxy battle to replace Yahoo's board and force it back to the negotiating table with Microsoft.
Microsoft could not immediately be reached for comment, although published reports said the company is not discussing its plan further in public.
"There of course can be no assurance that any transaction will result from these discussions," Microsoft said in its statement. It said it reserved the right to reconsider its decision not to buy Yahoo outright, depending on any future talks with Yahoo, third parties or the shareholders of either company.
Meanwhile, Yahoo issued a statement later on Sunday confirming that Microsoft isn't at this time interested in acquiring the entire company.
"Yahoo and its Board of Directors continue to consider a number of value maximizing strategic alternatives for Yahoo, and we remain open to pursuing any transaction which is in the best interest of our stockholders," the statement said. "Yahoo's Board of Directors will evaluate each of our alternatives, including any Microsoft proposal, consistent with its fiduciary duties, with a focus on maximizing stockholder value."
That Microsoft is discussing a new deal could be a sign that Yahoo's leadership wants to avoid the spectacle of a proxy battle ahead of its annual meeting on July 3, the Wall Street Journal reported.
Yahoo responded to Icahn's threats on Friday, arguing that its own board gave Microsoft's offer fair consideration, and that the current board, led by Chairman Roy Bostock, can best manage Yahoo's future.
It was unclear Sunday what type of alternative deal Microsoft has in mind. It said it issued its statement "in light of developments" that have taken place since it withdrew its offer.
Microsoft indicated earlier that it had moved on from the deal and that it was looking for other ways to grow its online business, internally or through smaller acquisitions.
"Microsoft is considering and has raised with Yahoo an alternative that would involve a transaction with Yahoo but not an acquisition of all of Yahoo," Microsoft said in a brief statement.
The company did not elaborate on the proposal. It said it did not plan at this time to make a new bid to acquire all of Yahoo, but that it was continuing to explore its options to expand its online services and advertising businesses.
Microsoft withdrew its offer to buy Yahoo on May 3 after the two sides failed to agree on a price. Since then, the activist investor Carl Icahn has said he will launch a proxy battle to replace Yahoo's board and force it back to the negotiating table with Microsoft.
Microsoft could not immediately be reached for comment, although published reports said the company is not discussing its plan further in public.
"There of course can be no assurance that any transaction will result from these discussions," Microsoft said in its statement. It said it reserved the right to reconsider its decision not to buy Yahoo outright, depending on any future talks with Yahoo, third parties or the shareholders of either company.
Meanwhile, Yahoo issued a statement later on Sunday confirming that Microsoft isn't at this time interested in acquiring the entire company.
"Yahoo and its Board of Directors continue to consider a number of value maximizing strategic alternatives for Yahoo, and we remain open to pursuing any transaction which is in the best interest of our stockholders," the statement said. "Yahoo's Board of Directors will evaluate each of our alternatives, including any Microsoft proposal, consistent with its fiduciary duties, with a focus on maximizing stockholder value."
That Microsoft is discussing a new deal could be a sign that Yahoo's leadership wants to avoid the spectacle of a proxy battle ahead of its annual meeting on July 3, the Wall Street Journal reported.
Yahoo responded to Icahn's threats on Friday, arguing that its own board gave Microsoft's offer fair consideration, and that the current board, led by Chairman Roy Bostock, can best manage Yahoo's future.
It was unclear Sunday what type of alternative deal Microsoft has in mind. It said it issued its statement "in light of developments" that have taken place since it withdrew its offer.
Microsoft indicated earlier that it had moved on from the deal and that it was looking for other ways to grow its online business, internally or through smaller acquisitions.
Subscribe to:
Posts (Atom)