« November 2004 | Main | January 2005 »
December 29, 2004
AOL members report significantly less spam in 2004
By Juan Carlos PerezAmerica Online Inc. has declared 2004 a "banner year" in its fight against unsolicited commercial e-mail messages, most commonly referred to as spam. Spam reports from America Online Inc.'s members fell from a daily average of almost 11 million in November 2003 to a daily average of about 2.2 million in November 2004, the provider of Internet service and content said on Monday.
Meanwhile, AOL blocked at its e-mail gateway 50 percent fewer spam messages in 2004 than in 2003, from a daily average of about 2.4 billion to 1.2 billion, the Dulles, Virginia company said.
"Though there have been, and continue to be, variations in the overall rate of spam, 2004 was the first year with a substantial and consistent - and likely sustainable - drop in spam on AOL since 1999," AOL said in a statement.
In addition to an improvement in its e-mail fighting technology and operations, AOL also credited tougher enforcement activities by the government for the drop in spam.
AOL, a Time Warner Inc. subsidiary, had 22.7 million members in the U.S. and 6.3 million in Europe, at the end of September 2004.
Posted by Chad Dickerson at 06:20 PM
Netherlands issues first fines to spammers
By John BlauDutch authorities have issued their first fines for spam originating in the country. Telecommunications regulator OPTA, which is responsible for regulating spam in the Netherlands, issued three separate fines on Tuesday, the first since the Dutch government agreed in May to a ban on unsolicited e-mail to consumers.
"We have been collecting complaints about spam on a special spam Web site since May," said an OPTA spokesman in a telephone interview on Wednesday. "Now we're going after major spammers in this country, and these are the first results."
The largest fine, €42,500 (US$58,000), was slapped on an individual who was involved in four spam runs, according to the spokesman.
A second fine, amounting €25,000, was issued to a one-man printing company, called Gorenendaal, which was soliciting orders for the book Mein Kampf, written by Adolf Hitler. "Apart from the fact that the company was sending spam, this publication is banned," the spokesman said.
The third fine for €20,000 was issued to a group called Yellow Monday, which sent spam to mobile phones via SMS (Short Message Service). "This spam was the nastiest of all because consumers who opened the spam were automatically billed €1.10," the spokesman said.
Asked about spam originating outside of Netherlands, the spokesman conceded that "this is a big problem."
In a move to coordinate cross-border efforts to fight spam in Europe, OPTA has initiated an information-sharing program for regulators and other government bodies fighting spam. The program aims to establish an exchange of information about spammers across the European Union (EU).
So far, eight countries have signed up, according to the spokesman. The goal is to have all 25 EU member states on board.
"We have to be honest; we don't expect to root out spam completely -- this would be an illusion," the spokesman said. "But we're trying to do our best."
To that end, the Dutch economics ministry plans to propose a new law that would extend the ban on spam to the business community, the spokesman said.
Posted by Chad Dickerson at 06:20 PM
PeopleSoft CEO resigns
By Juan Carlos PerezDavid Duffield has resigned as PeopleSoft Inc.'s chief executive officer and chairman less than three months after taking over again as CEO at the company he founded and which is in the process of being acquired by rival Oracle Corp. According to a filing made by PeopleSoft with the U.S. Securities and Exchange Commission (SEC), Duffield resigned on Dec. 21, only eight days after Oracle announced it had reached an agreement to buy PeopleSoft for about US$10.3 billion [b], ending a nasty takeover battle that lasted for about 18 months.
Duffield also gave up his position as PeopleSoft director, according to Tuesday's filing.
Duffield is a PeopleSoft founder and had been its chairman since its incorporation in 1987. He was the company's CEO from August 1987 until May 1999, when he was replaced by Craig Conway. Duffield took over again as CEO in October of this year when Conway was fired after the company said the board lost faith in him.
Back in October, Duffield said his re-appointment to the CEO spot was permanent.
Asked whether PeopleSoft had already chosen someone to replace Duffield as CEO and chairman, PeopleSoft spokesman Steve Swasey said the company had no comment beyond what it said in the SEC filing.
The SEC statement only contains one sentence related to Duffield's resignation and offers no details beyond stating that he resigned as CEO, chairman and director.
Posted by Chad Dickerson at 06:20 PM
Amazon says holiday sales beat last year
By Stephen LawsonOnline retailer Amazon.com Inc. beat its own holiday-season sales record this year, and on its flagship U.S. site, Amazon.com, consumer electronics sales beat the company's traditional book business for the first time on Thanksgiving weekend, the company announced Monday. The company's holiday shopping season, from Thanksgiving (Nov. 25) through Dec. 23, also saw Amazon's busiest day ever, when customers on all its shopping sites ordered 2.8 million items, [m] the equivalent of 32 items per second, according to spokesman Craig Berman. Amazon would not reveal what day that occurred, for competitive reasons, Berman said.
The season also came with at least one headache: The Amazon.com site was intermittently inaccessible for several hours on Dec. 6, for reasons the company declined to detail.
Amazon's rising holiday sales came during a strong season for online shopping overall, in which sales grew significantly from last year, according to industry analysts. ComScore Networks Inc. last week projected that non-travel online retail spending would grow by between 23 percent and 26 percent year over year to between US$15.1 billion and $15.5 billion in November and December.
Amazon, in Seattle, was founded as an online bookstore in 1995 and now operates separate online shopping sites in the U.K., Germany, France, Japan, Canada and China. The company shipped items to 217 countries during the holiday period, according to an Amazon statement.
The company's Web sites now sell a wide variety of items, but until the four-day Thanksgiving weekend this year no other category had surpassed books in any period, Berman said. Consumer electronics was the best-selling product category on Amazon.com that weekend in terms of sales revenue.
Top electronics items for the season on Amazon.com included the Apple Computer Inc. 20G-byte iPod and 4G-byte Silver Mini iPod as well as Apple's iTunes $15 prepaid card. The Philips DVP642 DivX Progressive Scan DVD player and the Canon Inc. PowerShot SD 110 3MP Digital Elph camera also were popular items, according to an Amazon statement.
Watches and music also sold briskly. Amazon.com's U.S. site sold more than one watch per minute during the holiday period and music sales for the first time surpassed 1 million units per week for two consecutive weeks in December, according to the company.
By speeding up its own order processing, Amazon was able this year to extend the deadline for customers to have items sent before Christmas (Dec. 25) using standard delivery. Customers could wait until Dec. 20 and get their items delivered on time without having to upgrade to Amazon's 2-day or 1-day delivery, Berman said.
The holidays were good to the U.S. satellite radio business, too. Both major nationwide satellite radio broadcasters, XM Satellite Radio Holdings Inc. and Sirius Satellite Radio Inc., reported Monday that strong holiday sales helped them surpass their year-end goals for signing up subscribers. XM surpassed its goal of 3.1 million total subscribers and Sirius beat its own prediction of having 1 million subscribers by year's end, according to statements from the companies.
Posted by Chad Dickerson at 06:19 PM
CAN-SPAM not seen to be effective
By Grant GrossA year after the U.S. Congress passed the first federal antispam law, observers see no evidence that it has cut the amount of unwanted commercial e-mail arriving in U.S. residents' inboxes. Most vendors of antispam products have charted an increase in the amount of spam since the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act went into effect on Jan. 1.
CAN-SPAM includes criminal penalties, ranging up to five years in prison, for some common spamming practices, including hacking into someone else's computer to send spam and using open relays to send deceptive spam. The law allows fines of up to US$250 per spam e-mail with a cap of $6 million for aggravated violations.
But some antispam activists assert that the law has aided spammers because CAN-SPAM requires recipients to opt out of unwanted commercial e-mail by contacting each sender, instead of forcing senders to get opt-in permission. The federal law also hurt spam-fighting efforts by pre-empting parts of some tougher state laws, including a California opt-in requirement, said Laura Atkins, president of the SpamCon Foundation.
CAN-SPAM also prohibits private citizens from suing spammers, instead allowing only state attorneys general or ISPs (Internet service providers) to file civil suits. People like Atkins, who operate their own mail servers and receive thousands of spam e-mail, have no recourse against spammers under CAN-SPAM.
"CAN-SPAM has not made it any easier to find spammers," Atkins said. "It has not decreased the amount of spam."
Backers of CAN-SPAM say it provides for the possibility of civil lawsuits and jail time for spammers. ISPs have used CAN-SPAM to file hundreds of civil lawsuits against spammers in 2004, and the key to making the law work is more enforcement, said a spokeswoman for Senator Conrad Burns, a Montana Republican and main sponsor of CAN-SPAM.
"Senator Burns has said from day one that enforcement is key for this legislation to be effective," said Jennifer O'Shea, his spokeswoman. "We have seen several big lawsuits, which have been helpful, but we need to continue to see more of these lawsuits in order to keep up with big time spammers and keep spam out of inboxes."
Burns believed businesses should have an opportunity to market over e-mail, instead of having to get opt-in permission from all e-mail recipients, she added.
"The opt-out provision … gives the e-mail user the responsibility of opting out if there is something they do not want to receive messages about," O'Shea said in an e-mail.
Statistics supplied by vendors of antispam products seem to bear out the criticism of CAN-SPAM. Postini Inc., an e-mail security service provider, said the percentage of legitimate nonspam e-mail it sees dropped from 22 percent of all e-mail at the beginning of 2004 to just 12 percent by December. The company processes 2.4 billion e-mail messages a week.
MX Logic Inc., another antispam vendor, found 67 percent of all e-mail to be spam in February. By November, 75 percent of all e-mail was spam, according to MX Logic.
Spammers, apparently in response to CAN-SPAM, changed tactics this year, said Andrew Lochart, director of product marketing at Postini. More spammers are using so-called zombies networks -- computers hijacked with Trojan horse programs -- to send spam, and spammers are using increasingly sophisticated directory harvest attacks to spam corporate mail servers, he said.
About 30 percent to 50 percent of spam came through zombie spam relays in April, MX Logic estimated. In a three-week survey in November and December, the company found 69 percent of spam sent through zombies.
"I think CAN-SPAM caused spammers to change their tactics significantly," Lochart said. "The spammers got even more creative at hiding, and they've always been pretty good at it."
Although CAN-SPAM hasn't resulted in less spam, the law gives law enforcement agencies a new tool in the fight spam, Lochart said. "It's a good thing we have a law, so when we find some of these roaches, we can prosecute them," he said. "It's a good thing that the federal government recognizes how important spam is.�
ISPs and law enforcement agencies have used CAN-SPAM provisions, including requirements to include a valid postal address and an unsubscribe option in commercial e-mail, to go after spammers. Four large U.S. ISPs filed hundreds of lawsuits against spammers this year, and the U.S. Federal Trade Commission filed criminal CAN-SPAM charges against two companies in April.
Despite these efforts, antispam vendors predict more spam in 2005, not less. "Even from a service provider perspective, after all the lawsuits and convictions, we still have not seen a deterrence effect happen," said Scott Chasin, chief technology officer at MX Logic. "Spam has continued to increase and saturate inboxes, and we've not seen a decline whatsoever. From that perspective, CAN-SPAM is pretty toothless." SEE CHART: CAN-SPAM key events during 2004
Posted by Chad Dickerson at 06:19 PM
Santy.E worm poses threat to sites badly coded in PHP
By Peter SayerThe latest version of the Santy worm poses an elevated risk to many Web sites built using the PHP scripting language, and protection of those sites may involve individually recoding them, security experts warned over the weekend. Early versions of the Santy worm exploited a specific bug in a bulletin-board software package called phpBB, and their attacks could be prevented by applying a patch to the software. However, the security flaw exploited by newer versions of the worm such as Santy.C or Santy.E is more general, and can occur anywhere a site designer has left the door open for the inclusion of arbitrary files into PHP scripts, experts at K-OTik Security in Montpellier, France, warned.
Santy.C and Santy.E behave so differently from Santy.A that the K-OTik is renaming the worm PhpInclude.Worm in its advisories, the company said Sunday. The worm doesn't exploit the vulnerabilities in phpBB targeted by its predecessor, instead aiming for a wider range of common programming errors in PHP Web pages. It uses search engines including Google, Yahoo and AOL to identify exploitable Web pages written in PHP which use the functions "include()" and "require()" in an insecure manner, K-OTik said.
These functions can be used to embed the contents of a file within a Web page. If the site designer used them without sufficient checking of the parameters passed to the function, then an attacker could exploit them to incorporate an arbitrary file in the Web page, rather than the limited range presumably intended by the site designer. From there, depending on the configuration of the Web server, the attacker could move on to take control of the entire machine, K-OTik warned.
To prevent these attacks, it may be necessary to recode the site to use the include() and require() functions in a safe manner.
K-OTik's advisory can be found, in French, on its Web site: http://www.k-otik.com/news/20041226.PhpIncludeWorm.php
Eliminating the security flaws exploited by the newer versions of Santy involves no new tricks, and is simply a matter of applying long-known sound programming principles. K-OTik pointed site designers to this guide to secure programming in PHP, written in 2001: http://www.phpsecure.info/v2/article/php-security.php
Posted by Chad Dickerson at 06:18 PM
December 24, 2004
Vast event shows evolution of digital entertainment
By Tom KrazitAs usual, more than 100,000 technologists are expected to flood Las Vegas right around the holiday season. But instead of arriving the week before Thanksgiving for Comdex, the IT and consumer electronics industry now takes its annual tour of the desert during the first week of January at the 2005 International Consumer Electronics Show (CES). With the legendary Comdex trade show officially closing its doors earlier this year, CES now ranks as the primary event of the year for the North American IT and consumer electronics industries. Only the massive CeBIT show in Germany exceeds the sheer volume of attendees, exhibitors and announcements expected in Las Vegas from Jan. 6 through Jan. 9.
The crush of attendees can be overwhelming for first-time visitors who weren't around for the Comdex crowds of the late 1990s, but this year fewer people will attend the show than last year, according to the Consumer Electronics Association (CEA), which produces the International CES show.
The CEA spent more time qualifying attendees this year to make sure everyone in attendance has a legitimate attachment to the consumer electronics industry, said Kristen Peiffer, a CEA spokeswoman. The show is not open to the general public, and the CEA does not allow the blogging community or other independent observers to attend the show.
About 120,000 people are expected to gawk at large digital televisions and listen to national recording artists perform their songs courtesy of the satellite radio industry, she said. Last year, around 130,000 people attended the event, Peiffer said.
The 2005 show will have a record number of exhibitors with 2,400 companies expected to hawk their wares, Peiffer said. These companies will occupy 1.5 million square feet of the sprawling Las Vegas Convention Center, including space in the parking lot in front of the center, she said.
The content of this year's show should be similar to last year's, in which a number of PC and consumer electronics companies laid out their visions of how the two product categories are becoming intertwined.
Companies such as Hewlett-Packard Co. (HP), Microsoft Corp., Sony Corp. and Koninklijke Philips Electronics NV have used past shows to paint a picture of this "converged" world, but those companies are now showing consumers the products that will make it all happen, said Stephen Baker, director of research with NPD Techworld in Reston, Virginia. The modest success of products such as portable music players, smart phones, wireless home networking devices and satellite radio receivers shows where the rest of the industry is headed, he said.
Microsoft Corp.'s Chairman and Chief Software Architect Bill Gates will open the show on the evening of Jan. 5. Gates unveiled concepts such as smart watches and Tablet PCs to CES attendees in past years. Last year, he discussed the Portable Media Center, a handheld video device.
HP's Chairman and Chief Executive Officer (CEO) Carly Fiorina will also address conference attendees in a keynote speech. HP rolled out several digital cameras, printers and media-oriented products over the past year to introduce consumers to the concept of managing their media files on a PC.
Fiorina is expected to introduce new PCs and new partners during her speech. Last year, she surprised conference attendees with news of a partnership with Apple Computer Inc. to distribute the HP iPod and bundle the iTunes music store software with HP PCs.
Some PC-related companies, such as Intel Corp. and Gateway Inc., reworked their approach to the consumer electronics market for 2005.
Paul Otellini, Intel's president and chief operating officer, used last year's show to announce Intel's intention to produce a microprocessor for digital rear-projection televisions, in hopes of capturing some of the market dominated by Texas Instruments Inc. (TI). But the company canceled that project in October, and now wants to spend more time getting its existing processors into new niches, such as set-top boxes and digital video recorders.
Intel is scheduled to make an announcement at the show with Linksys Group Inc., a leader in wireless home networking devices, and Intel CEO Craig Barrett will also give a keynote address.
Gateway has pulled back from the consumer electronics market after completing the purchase of low-cost PC vendor eMachines Inc. earlier this year. Gateway still sells digital televisions, but has backed away from a grand strategy of introducing products in numerous consumer electronics categories and will not appear on the CES floor.
Traditional consumer electronics companies such as Sony, Matsushita Electric Industrial Co. Ltd. (better known as Panasonic) and Samsung Electronics Co. Ltd. are not content to let the PC companies define the next era of the consumer electronics industry. All three companies plan to hold press conferences and take up significant space on the show floor with their LCD (liquid crystal display) televisions, mobile phones, gaming consoles and digital video recorders.
While the PC companies and consumer electronics companies fight over the future direction of their products, a similar type of convergence is taking place in the mobile phone industry. Mobile phones are becoming much more sophisticated computing devices that can send and receive data, play music and video files and support game software. TI President and CEO Gary Templeton will update attendees on the company's plans for new chips for mobile phones, and Motorola Inc. Chairman and CEO Ed Zander will also present his company's view of the market.
As the name suggests, CES is primarily about consumer electronics. However, several IT industry companies that traditionally focus on the enterprise take advantage of the thousands of industry players in attendance to plan meetings with customers during the show. Companies such as Dell Inc., IBM Corp. and Computer Associates International Inc. rented suites in hotels around the convention center to update customers, analysts and the media about their plans for 2005.
CES showcases the business of digital entertainment, but savvy attendees make sure to put business aside, at least for a few hours, to take in the spectacle of the show floor. Weary travelers will still be able to sample reclining chairs with built-in massagers, zap aliens on video game demonstrations and soak up the free food and drink provided at numerous evening parties.
And if all that isn't enough, the pornography industry -- no stranger to PCs or digital televisions -- will hold its annual Adult Entertainment Expo down the street at the Sands Expo Center during the same week.
Posted by Chad Dickerson at 02:10 AM
December 23, 2004
New holiday online shopping trends emerge
By Juan Carlos PerezVendors and researchers have detected various new trends at play in online retail shopping this holiday season, such as shoppers' increased use of search engines and comparison shopping services to make better informed buying decisions. Not all trends are encouraging, however, such as a disconcertingly high percentage of shoppers willing to buy from spammers. What no one seems to dispute is that online retail shopping has grown significantly this holiday season over last year's period, a fact verified by various market researchers. For example, comScore Networks Inc. expects non-travel retail spending to grow by between 23 percent and 26 percent to between US$15.1 billion and $15.5 billion in November and December of this year, compared with last year.
Last week in particular (Dec. 13 through Dec. 17), online retail sales shot up 49 percent compared with the corresponding period last year, said Dan Hess, senior vice president at comScore. He attributed the week's robust growth to two factors: shorter shipping times and improved options to buy online and pick up the merchandise at a bricks-and-mortar store.
The shorter shipping times prompted buyers to shop more last week with the confidence that the products would arrive in time for the holidays, Hess said. "There has been extensive work done behind the scenes by retailers and shippers to shave days off of shipping timelines and effectively communicate them to consumers," he said. "The days of online retailers not meeting their product-delivery commitments are becoming a distant memory."
Meanwhile, many major online retailers have improved their options to buy online and have the buyer pick up the products at a local store, which eliminates shipping costs and shipping wait time, Hess said. "This is not a new option this year, but it has been perfected by more retailers than ever before, including some which were experimenting with it in years past, and consumers have really taken to the option."
In what must sound like music to online retailers' ears, online shoppers for the first time planned to spend more of their holiday shopping budget online (53 percent) than offline, according to an America Online Inc. survey conducted in August and September. The study also found that shoppers planned to spend on average 6.5 percent more online this holiday season than last year, although they cut their overall budget for both offline and online holiday purchases by 3.6 percent, compared with last year.
While spending is undeniably up, so is shoppers' willingness to take advantage of search engines and comparison shopping sites, a trend identified by several organizations.
For example, online measurement company Hitwise Pty. Ltd. found that during the week ending Dec. 11, search engines contributed a significant number of referrals to shopping and classified sites, led by Google Inc. with 4.26 percent of referrals and followed by Yahoo Inc. (2.24 percent) and Microsoft Corp.'s MSN (0.54 percent.)
Moreover, the AOL survey found that 27 percent of online shoppers described themselves as comparison shoppers or researchers, up from 23 percent last year, and that 48 percent are using search tools, up from 42 percent.
And the more time shoppers spend researching buying decisions online, the less fixated they are on price and the more value they place on other factors, such as companies' reputations and brands, according to a year-long study conducted by the Massachusetts Institute of Technology's Sloan School of Management and announced this month.
"A common assumption has been that the more time people spend searching, the more price sensitive they are," said Erik Brynjolfsson, director of the Center for eBusiness at the MIT Sloan School of Management, in a statement. "But there's more to a product than its price. We found that consumers weren't searching just for lower prices, but for other characteristics."
While many online shoppers are getting savvier, others are still too naive or ignorant of online dangers and engaging in risky and questionable buying practices. For example, a surprising 21 percent of respondents to a survey conducted in November by the Business Software Alliance and the Council of Better Business Bureaus admitted to having purchased software from a spammer. The same survey found that 22 percent of respondents bought apparel and jewelry from a spammer.
"Many consumers will find their holiday shopping experience is ruined as a result of buying or trying to buy products through spam," said Bob Kruger, vice president of enforcement at the BSA, an organization that represents the software industry. "There are a lot of cyber grinches out there who are only too happy to take consumers' money and spoil their holiday shopping season."
For example, shoppers may never receive the products, become victims of identity theft, or have their PCs invaded by spyware or infected with viruses, he said. In the case of software specifically, the BSA has found that most software offered via spam is pirated, Kruger said.
That so many people are willing to shop from spammers shocked the BSA, Kruger said. "This demonstrates the need to further educate consumers on the danger of buying in response to spam," he said.
Still, even online shoppers who consider themselves savvy and informed need to be aware that scams, fraud and bad service abound on the Internet, particularly during the holidays, according to Consumer Reports Webwatch, a project of Consumers Union, the publisher of the Consumer Reports magazine.
The group offers tips for avoiding falling prey to scams, fraud schemes and inept service online at its Web site, http://www.consumerwebwatch.org, including how to deal with retailers that don't deliver on time and how to determine whether an online charity is legitimate.
Unfortunately, it seems that a popular online fraud scheme called phishing is keeping many potential holiday shoppers away from online stores. A survey commissioned by e-mail security vendor MailFrontier Inc. and conducted in October found that 29 percent of respondents decided not to shop online this holiday season out of concern over phishing schemes, in which scammers trick individuals into revealing sensitive personal and financial information by tricking them into visiting what look like legitimate Web sites.
In other trends:
- Web surfers have been less inclined to visit Web sites devoted to humanitarian causes and charities this holiday season, according to Hitwise.
- Men are expected to outspend women by as much as 15 percent this holiday season, according to AOL.
- Rural shoppers are more likely than their urban counterparts to visit online shopping sites, according to Hitwise.
Posted by Chad Dickerson at 07:28 PM
New Trojan threatens Symbian smart phones
By John BlauA new Trojan horse aimed at smart phones using Symbian operating system galloped in earlier this week, just in time to spoil the holiday season for uninformed wireless gamers. The malware, MetalGear.a, which masquerades as a Symbian version of the Metal Gear Solid game, disables antivirus programs and also installs a version of the Cabir worm identified earlier this year, according to SimWorks International Ltd., which issued an alert on Tuesday.
The Cabir worm, in turn, attempts to spread a second Trojan program, called SEXXXY, to nearby phones through the Bluetooth short-range wireless protocol.
"This is a new strand of smart phone malware because it actually consists of three pieces: two Trojans and a worm," said Aaron Davidson, chief executive officer of SimWorks, in a telephone interview Thursday from the company's headquarters in Auckland. "It also shows how viruses writers are getting more sophisticated."
To infect their phones, users must open and install the fake Metal Gear game, according to Davidson. "There are plenty of Web sites offering cracked versions of games," he said. "These sites are used not only by people seeking free software but also by virus writers."
Similar to the Skulls Trojan detected last month, the MetalGear Trojan uses the same icon-disabling technique to disable antivirus and other applications.
The Trojan also installs a version of the Cabir worm, which seeks to spread itself by sending a file called SEXXXY.sis to any Bluetooth-enabled phones in the vicinity, SimWork said. If users accept and install this file, it disables the Symbian application button on their phones.
In particular, if users install the MetalGear Trojan program, they will have difficulty repairing their phones because the program effectively disables all tools on the phone necessary to undo the damage, Davidson said.
The MetalGear and SEXXXY Trojan programs are included in a program, called Metal Gear.sis.
Antivirus software from SimWorks has been updated to provide protection from both Trojan programs, Davidson said.
So far, Trojan horses, worms and viruses aimed at smart phones have failed to spread rampantly: Their propagation has been hindered by the need for users to accept and install programs.
Posted by Chad Dickerson at 07:28 PM
December 22, 2004
Trademark owners battle search engines
By Juan Carlos PerezGoogle Inc.'s informal corporate motto is "Don't be evil" but the search engine provider isn't viewed as particularly nice by a growing list of companies that claim Google is misusing their trademarks and, in so doing, hurting their businesses. Search engines such as Google deliver users both a list of Web sites and a list of ads triggered by the users' query terms, also known as keywords. For example, a seller of art supplies may pay Google to run its ad whenever a user enters a query containing keywords such as "easel" or "stencil." The dispute at hand arises when advertisers sell keywords that are trademarks without authorization from the trademark owner.
Rescuecom Corp. is one company challenging Google's practice in court. The Syracuse, New York, computer services franchising business says Google is seriously hurting it by serving up competitors' ads when users search for "Rescuecom" in Google's search engine.
Google and the Rescuecom competitors buying the ads are profiting without authorization from the Rescuecom trademark, which the company spends significant amounts of money promoting and protecting, Rescuecom claims in a lawsuit filed against Google in September in U.S. District Court for the Northern District of New York. The practice can also confuse potential customers and franchisees, leading them to incorrectly assume that Rescuecom is associated with a competitor, which results in lost business for Rescuecom, the lawsuit claims.
"Defendant Google is promoting, encouraging, enabling and profiting from Rescuecom's competitors 'free-riding' on (Rescuecom's) goodwill and the name recognition it enjoys in its marketplace," the lawsuit reads, and adds further down: "Rescuecom would have realized additional sales, franchisees, customers and revenue from such diverted Internet users were it not for Google's intentional and improper sale of (Rescuecom's) protected trademark 'Rescuecom' as a keyword."
Rescuecom, which had 67 franchisees when the lawsuit was filed, asks the court, among other things, to forbid Google from using "Rescuecom" as a keyword for ads in its search engine and to have Google pay damages.
Google has said the lawsuit is without merit.
So who will prevail? With U.S. law unclear on the legality of using trademarks without authorization to trigger online ads, search engines and trademark owners will spend a lot of time and money in coming years battling the issue in court, experts say.
Search engines such as Google and Ask Jeeves Inc. are fighting over the issue with trademark owners in several ongoing cases at the federal district court level. Although Google won a partial victory last week against Government Employees Insurance Co. (Geico) in one of those cases, experts say a solid legal precedent is likely to be years away.
"There have to be more cases and the cases need to get appealed," said Sheldon Klein, an attorney specializing in intellectual property matters and a partner at Arent Fox PLLC in Washington, D.C. "When you have one of the circuit courts of appeals ruling on something, it carries more weight (than at the district court level) and it's a binding precedent within that entire circuit. We may end up having two or three or more circuits ruling different ways and that's how cases get to the Supreme Court."
In May, insurance company Geico sued Google for trademark infringement over its advertising practice. However, last week Leonie M. Brinkema, a district court judge for Virginia's Eastern District, citing lack of evidence, dismissed Geico's allegation that the practice will cause confusion among customers. The judge also ruled that advertisers who use Geico trademarks without authorization in the text of their ads are infringing on Geico's trademarks. The judge still has to rule on whether Google is liable when such an infringement occurs.
Until a legal consensus is reached, search engines are expected to strongly defend this advertising practice because it is an important part of their advertising model.
In the second quarter ended June 30, total U.S. Internet ad spending was about US$2.37 billion, a 42.7 percent increase over the same period in 2003, according to the Interactive Advertising Bureau and PricewaterhouseCoopers LLP. Search-related ads -- triggered both by generic and trademarked terms -- were the largest category with $947 million.
Search engine ads that are triggered using trademarks tend to yield better results for advertisers than those using generic terms, said Kevin Lee, chief executive officer of Did It.com LLC, a search engine marketing company based in New York. "Trademarks are very popular as search terms, so this is a huge issue," he said.
The effect of banning the sale of ads using unauthorized trademarks on search engine advertising revenue would be significant, said Niki Scevak, a Jupiter Research analyst. "A sizable amount of queries monetized by Google have some trademark name within them," he said. "The ability to bid on trademark terms is a fairly significant component of any search engine business."
Moreover, a precedent limiting the use of trademarks as keywords in search engine ads may force search engines to devote time and resources to checking every keyword for trademark violations, Did It.com's Lee said. "That verification process would be very burdensome," he said.
Google has never had to undertake this process. The company's trademark policy on ads puts the onus on trademark owners to complain to Google about potential violations, not on Google to proactively screen its ads for possible infringement. Google's current policy, revised in April 2004, allows trademark keywords, and pledges to investigate complaints only when trademarks are used in the ad text itself.
To succeed in court, trademark owners need to convince the judge that the trademark keywords practice is likely to confuse customers, even if the confusion were to be brief and last only a few seconds, Arent Fox's Sheldon said. In addition to Geico and Rescuecom, other businesses that have filed lawsuits against search engine companies in the U.S. over this practice include Pets Warehouse, American Blind & Wallpaper Factory Inc. and 800-JRCigar Inc. All of these lawsuits are ongoing.
Companies that have been sued in U.S. district courts over the past several years for this advertising practice include, in addition to Google, Yahoo Inc.'s Overture ad network subsidiary and AltaVista search site, Ask Jeeves Inc. and its Excite search site, and America Online Inc. and its Netscape and CompuServe units. The advertising practice has also landed Google in court in several European countries.
Playboy Enterprises Inc. lost an initial lawsuit against Netscape and Excite but won on appeal, and the defendants chose to settle. The Geico lawsuit against Google originally included Overture as a defendant, but Overture settled.
"Geico will continue to aggressively enforce its trademark rights against purchasers of its trademark on search engines and against search engines that continue to sell its trademarks," said Charles Davies, Geico's general counsel, in a statement.
For now, last week's decision is a small victory that Google is happy to have won. "It confirms that our policy complies with the law, particularly the use of trademarks as keywords," said David Drummond, Google's vice president and general counsel, in a statement.
Calling the ruling "a victory for consumers," Drummond also sought to extend its significance beyond the scope of the Geico litigation. "This is a clear signal to other litigants that our keyword policy is lawful," he said.
Google is a defendant in the Pets Warehouse, American Blind & Wallpaper and Rescuecom lawsuits, and the plaintiff in its own lawsuit against American Blind & Wallpaper, in which it seeks a declaratory judgement that its search engine ads based on trademark keywords don't violate the defendant's trademarks.
Although last week's ruling doesn't establish any precedent beyond that case, Google will try to get as much mileage out of the ruling as possible, Arent Fox's Sheldon said.
Posted by Chad Dickerson at 08:11 PM
Google smacks down Santy worm
By Paul RobertsWeb search engine company Google Inc. is blocking efforts by a new Internet worm to use its search engine to find vulnerable computers on the Internet, the company announced late Tuesday. Google is blocking searches launched by Santy.A, a new Internet worm that targets servers running phpBB, a popular electronic bulletin board software package, according to a statement from the company. Without any native ability to scan for vulnerable computers, Google's action halted Santy.A's spread, according to antivirus companies.
Santy.A targets servers running phpBB. Antivirus companies first detected the worm Tuesday, though it may have been spreading silently well before that, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.
The worm used a vulnerability in phpBB, an open source software product that is managed by the phpBB Group, to spread across the Internet, infecting computer servers that host online bulletin boards and defacing those sites with the words "This site is defaced!!! NeverEverNoSanity WebWorm."
A phpBB component called viewtopic.php allows malicious commands to be passed to and executed on servers that run a vulnerable version of the phpBB software. Secunia, a Copenhagen-based security company, first reported the vulnerability on Nov. 19. An updated version of phpBB software that fixes the flaw was released on Nov. 18.
Estimates of the impact of the Santy worm vary widely. Searches on a beta version of Microsoft Corp.'s MSN Search feature for the text used to deface sites returned over 30,000 hits. However, identical searches on other engines, including the official MSN Search engine, Yahoo Inc. and Google search engines returned far fewer hits, ranging from 785 (MSN) to 2,030 (Yahoo).
However, using searches for telltale signs of infection, such as defacement text, is an inexact way to determine the actual number of Santy infections, said Ullrich.
"Santy will only deface sites if it can overwrite files, and it may not always be able to do that based on the configuration of the Web server (running phpBB)," he said.
Also, an analysis of the Santy code revealed that the worm spread quietly for a while, infecting phpBB servers but not overwriting files and defacing the bulletin boards, Ullrich said.
The Santy worm marked some firsts, including the use of a popular search engine as part of a worm's spreading mechanism. However, the lessons to be learned from Santy's spread are already well established: keep on top of software patches and "harden" the configuration of public-facing servers by preventing users from being able to take unnecessary actions, such as overwriting files, he said.
Posted by Chad Dickerson at 08:11 PM
New worm, Santy, using Google to spread
By Paul RobertsAntivirus companies are warning Internet users about a fast-spreading new worm that infects Web servers running a popular package of online bulletin board software, and uses the Google search engine to find vulnerable servers to infect. The worm, dubbed Santy.A, uses a vulnerability in a popular free software package called phpBB to spread across the Internet, infecting computer servers that host online bulletin boards and defacing those sites with the words "This site is defaced!!! NeverEverNoSanity WebWorm."
A Google Inc. spokesman said in an e-mail the company was looking into reports about Santy.A.
The worm does not affect individual computer users, but infects Web servers that are hosting online bulletin boards.
Santy.A was first spotted early Tuesday morning, Eastern Standard Time in the United States, according to Mikko Hyppönen, manager of antivirus research at F-Secure Corp. in Helsinki.
The worm takes advantage of a critical software vulnerability in the phpBB open source software, which is widely used to create and maintain online bulletin boards. While antivirus companies were still analyzing the worm, it appears that the worm may use a vulnerability in the PHP scripting language that was recently patched, according to Alexey Zernov, a spokesman for antivirus company Kaspersky Labs Ltd. in Moscow.
PhpBB, as well as other common software packages are written using PHP.
Once Santy infects servers running the phpBB software, it scans directories on the infected site and overwrites files with the extensions HTM, PHP, ASP, SHTM, JSP and PHTM with the text "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation," according to an alert from Kaspersky Labs.
The worm also launches a search on the Google search engine for URLs (uniform resource locators) that use a special string, viewtopic.php, which is common to bulletin boards written using the phpBB software, Hyppönen said.
The worm's reliance on Google could be its downfall, however. If the search engine company can block the search text used by Santy.A, it would stop the worm from spreading, he said.
Hyppönen was trying to contact Google Tuesday to get the company's help in blocking Santy.A requests, he said.
Antivirus experts do not believe Santy.A deposits Trojan horse programs or other malicious code on the systems it infects. Also, Santy does not affect individual computer users, unless they are hosting a bulletin board from their computer that uses the phpBB software, antivirus experts said.
However, Santy.A could act as a road map for malicious hackers who are looking for vulnerable computers to exploit, Hyppönen said.
Both F-Secure and Kaspersky Labs posted updated antivirus definitions Tuesday that can spot the Santy.A worm and advised customers to update their antivirus software as soon as possible.
Posted by Chad Dickerson at 03:29 PM
Cisco to buy Protego for US$65 million
By Paul RobertsNetworking equipment maker Cisco Systems Inc. added to its growing portfolio of security products on Monday, agreeing to buy Protego Networks Inc. of Sunnyvale, California for US$65 million in cash. Protego makes hardware and software that can spot and respond to threats on computer networks. Cisco plans to use Protego's technology to boost its Self-Defending Networking initiative, a program to use Cisco technology to help administrators spot, isolate and fix network security problems, including viruses and worms, according to a Cisco statement.
Protego makes a rack-mounted security appliances that allow companies to manage information related to network attacks and security policies. The company's PN-MARS family of appliances can collect and correlate logged data and configuration information from a range of security products and network devices, including switches, routers and firewalls. Visualization features allow network administrators to identify security hot spots or vulnerabilities on their networks. Using mitigation features in the products, administrators can respond manually or automatically respond to threats by pushing out configuration changes or commands to specific devices that thwart attacks.
A component called the PN-MARS Global Controller, released in October, allows companies to manage multiple Protego appliances on a network, giving administrators a central control and management point.
Protego's 38 staff members will become a part of Cisco's Security Technology Group. Cisco will use the technology to provide customers with multilayered and integrated security, according to a statement by Richard Palmer, vice president of the Security Technology Group.
Cisco made the Self-Defending Networking initiative a priority, striking deals with systems management vendors like IBM Corp. that will make it easier for customers to use Cisco products, in conjunction with other products, to spot and thwart security threats.
In November, IBM and Cisco unveiled product updates that will tie Cisco's networking gear to IBM's Tivoli software, enabling those products to work together to scan devices that are attempting to connect to a network to ensure compliance with network security policies. The announcement was part of Cisco's Network Admission Control program to link security software and network infrastructure devices in an effort to better protect networks from security threats.
The company has acquired companies in the security and network management areas in recent months.
In October, Cisco announced its intention to buy Perfigo Inc. for $74 million in cash, acquiring that company's technology for securing endpoints such as remote worker desktops, mobile and wireless computers.
In November, Cisco announced plans to acquire Jahi Networks Inc., a startup that makes network management appliances for companies, for $16 million, giving Cisco technology that can link various network devices and manage them as a single system.
The acquisition of Protego is expected to close in the second quarter of Cisco's fiscal year 2005, which ends on Jan. 29, Cisco said.
Posted by Chad Dickerson at 03:29 PM
December 21, 2004
Study: Mobile phones affect DNA in isolated cells
By John BlauRadio frequency radiation from mobile phones can damage DNA in laboratory conditions, European researchers said in a recent study. The study, called REFLEX, which stands for Risk Evaluation of Potential Environmental Hazards from Low Energy Electromagnetic Field Exposure Using Sensitive in vitro Methods, was a four-year, €3 million-plus (US$4 million) research project majority-funded by the European Union. Results of the research project, which ended in May, were published on the Internet earlier this month.
"We have proven that electromagnetic fields -- in high and low frequencies -- damage cells in individual cell systems," said Franz Adlkofer, executive director of the Munich-based Verum Foundation for Behavior and Environment, which coordinated the REFLEX research project. "But these results can't be readily transferred to human beings. Isolated cell systems are something entirely different from complete organisms."
If, however, similar findings are ever achieved in living organisms such as rats or mice, "then we have a big problem," Adlkofer said Tuesday in an interview.
More people own mobile phones today than they do fixed-line phones, with the gap growing larger every year.
After being exposed to electromagnetic fields similar to those produced by mobile phones, the isolated cells showed a significant rise in single and double-strand DNA breaks, according to a summary of the final report. The cells were not always able to repair themselves.
DNA carries genetic information about an organism. It is organized on chromosomes located in the nucleus of a cell.
For their study, researchers used radiation levels between a SAR (Specific Absorption Rate) of 0.3 and 2 W/kg (watts per kilogram), according to the report. Most mobile phones emit radio signals at SAR levels of between 0.5 and 1 W/kg.
SAR is used to measure the rate of radio energy absorbed by body tissue. The SAR limit recommended by the International Commission of Non-Ionizing Radiation Protection is 2 W/kg, according to the group's Web site.
Adlkofer called for further research, in particular into the impact of electromagnetic fields on mice and rats.
Several brain-cancer suits have been filed against U.S. mobile phone companies, but judges have dismissed most of them for lack of scientific evidence.
Posted by Chad Dickerson at 05:27 PM
CEO at eBay India subsidiary is released on bail
By John RibeiroThe Delhi High Court granted bail on Tuesday to Avnish Bajaj, the chief executive officer of Baazee.com India Pvt Ltd., a Mumbai-based subsidiary of eBay Inc. Delhi police arrested Bajaj last Friday in connection with the sale of a pornographic video CD on Baazee.com's online auction portal. He appeared before a magistrate in Delhi on Saturday and was remanded to seven days judicial custody at the request of police investigating the case.
In granting bail to Bajaj, a U.S. citizen of Indian origin, the judge of the Delhi High Court asked him to surrender his passport and provide two collateral payments of 100,000 rupees (US$2,280).
Bajaj's arrest has been criticized by legal experts and industry groups since he was apparently unaware that the video had been put on sale and had been cooperating with police. He was arrested under Section 67 of India's Information Technology Act, which relates to the transmission of obscene material through electronic media.
Baazee.com has argued through its lawyers that it was unaware of the content of the clip and that it removed it as soon as it was found to be pornographic. The MMS (multimedia messaging service) clip of two Delhi schoolchildren engaged in oral sex was allegedly recorded on a mobile phone by one of the participants in the act and forwarded to his friends. A student of the Indian Institute of Technology (IIT) in Kharagpur put it up for auction on Baazee.com.
EBay applauded the Indian court for its quick decision to release Bajaj on bail. The case raises issues that are important for the Internet's growth in India and eBay hopes to work with the Indian government to clarify the responsibilities of online service providers, it said in a statement.
Posted by Chad Dickerson at 05:27 PM
New Flaw Found in Google Desktop Search
By Scarlet PruittResearchers at Rice University have discovered what they say is a flaw in the beta version of Google's Desktop Search product that could allow third parties to access users' search result summaries, providing a sneak peek at part of the content of personal files. A description of the flaw, which was discovered by Rice computer sciences professor Dan Wallach and two graduate students, was posted on the university's Computer Security Lab Web site late Sunday. The researchers labeled the glitch as "serious" and said it could allow attackers to read snippets of files embedded in Google's normal Web searches by the local search engine.
Google was notified of the flaw and has fixed it in an update that is currently being rolled out through an auto-update feature, the company says.
The Rice researchers say users can check if they have the updated version by selecting the "about" icon in their Google Desktop Search task bar. If it says version number 121004, indicating December 10, 2004, or later, they are safe, the researchers say.
To be affected, a user would have to visit a Web site where an attacker has embedded a particular Java applet. The applet makes certain network connections that trick Google Desktop into integrating a user's local search results with results from an online search. When users visit the compromised site, the applet reads their local search result summaries and sends them back to the attacker's server, they says.
Summaries from Google Desktop searches often contain snippets of content from personal files, and it is this content that the attacker is able to read, the researchers say.
Users on wireless networks can be attacked even if they are not visiting a compromised site, if the attacker tampers with the network connections being made by the user's Web browser, the researchers say. By doing this, the attack could be injected into any other Web page, they say.
Google released a beta version of its desktop search product in October, allowing users to search PC files, local e-mail messages, and archived chat sessions. It joined an industry stampede into the local search space, with America Online, Yahoo, and Microsoft all driving their searches onto the desktop.
Other desktop search products are not believed to have the flaw, however, since Google's is the only one which seamlessly integrates local search results with those of online searches, the researchers say.
Posted by Chad Dickerson at 01:48 AM
December 20, 2004
Trend Micro snatches Hotmail account from McAfee
By Paul RobertsBeating out McAfee Inc., Trend Micro Inc. has landed a deal with Microsoft Corp.'s MSN Hotmail service to do antivirus scanning for 187 million e-mail accounts. Under the agreement, announced Monday, Trend's antivirus technology will scan inbound and outbound e-mail attachments for viruses, worms and Trojan horse programs. McAfee had provided antivirus scanning for MSN customers at least since 2000, when the company announced a 2-year agreement with Microsoft to protect Hotmail e-mail accounts.
McAfee was unable to respond to requests for comment in time for this story.
Trend is based in Tokyo and has U.S. headquarters in Cupertino, California. The company makes the PC-cillin desktop antivirus and content security products, including PC-cillin Internet Security, a suite of antivirus, firewall, antispam and content filtering products.
The company could not comment on the criteria MSN used to select its product for Hotmail, or on the size of the deal, citing instructions from Microsoft, according to Michael Sweeny, a Trend spokesman.
The speed of the antivirus product, its ability to scale up and service big deployments like MSN, and the speed with which antivirus updates are issued, are typically factors for large operations like MSN, and were strengths the company stressed to Microsoft, said Punit Minocha, senior director of business development at Trend.
Ease of integration between Trend's systems and back-end servers used by MSN for Hotmail was also an issue.
"Our engineers were out there in early discussions with Microsoft, and helped them resolve the issue. I think that had some bearing on the decision," Minocha said.
Trend's antivirus scanning engine will run on MSN's Hotmail servers, which will be tightly linked to Trend's virus definition update servers, to make sure that new virus definitions are dispatched as quickly as possible to Hotmail e-mail users, he said.
Trend has long been the number-three antivirus software provider, behind Symantec Corp. and McAfee. The company's products accounted for 14.2 percent of the worldwide revenue generated by antivirus software sales in 2003, according to research firm IDC
Sales to corporations have always been Trend's strong suit. The company's products accounted for 16.9 percent of the revenue generated by antivirus software sales to corporations in 2003. Symantec Corp. had 28.5 percent of that market, and McAfee 23.9 percent, in the same year. In comparison, Trend accounted for just 8.1 percent of revenue generated by antivirus software sales to consumers, compared with 12.8 percent for McAfee and a whopping 67.6 percent for Symantec in 2003, according to IDC.
The deal with MSN could boost Trend's share of the consumer antivirus market.
The deal will help expose millions of consumers to Trend's products and technology, according to a statement from Steve Chang, chairman and founder of Trend.
"We'll have our name posted (on MSN). Part of the benefit to us is that we can ... show off our technology in the antivirus space to consumers," Sweeny said.
Trend is already the top consumer antivirus product in Japan, but in the past the company has resisted going head-to-head with Symantec and McAfee in North America, Minocha said.
"Hopefully, (the deal with MSN) is a sign of more things to come in the U.S.," he said.
The announcement is also more bad news for McAfee, which lost ground in both the home and corporate antivirus market in 2003, mostly to Symantec and Trend. McAfee's worldwide antivirus software revenue declined 7.1 percent between 2002 and 2003, according to IDC. During the same period, Symantec's antivirus revenue jumped by 36 percent and Trend's by 22 percent, IDC said.
Posted by Chad Dickerson at 08:32 PM
Experts criticize arrest of Baazee.com CEO
By John RibeiroIndustry organizations and legal experts are criticizing the Friday arrest of the chief executive officer of eBay Inc. subsidiary Baazee.com India Pvt. Ltd. in connection with the sale of a pornographic video CD (VCD) on the Indian portal site. The case could also turn out to be a test of the adequacy of the Indian legal system to allow online electronic commerce to prosper in the country without hindrance, according to legal experts.
Delhi police arrested Avnish Bajaj, chief executive officer of Baazee.com, a Mumbai, India-based online auction portal, for allegedly allowing the sale of VCDs that showed two minor students from Delhi in an oral sexual act. Bajaj appeared before a magistrate in Delhi on Saturday and was remanded to seven days judicial custody at the request of the police investigating the case.
Key Indian industry organizations protested Bajaj's arrest. Bajaj's full cooperation with investigators and the availability of the evidence make his arrest unexpected and uncalled for in a mature democracy, said the National Association of Software and Service Companies (NASSCOM) in Delhi.
"We urge the authorities concerned to immediately release Mr. Bajaj, even as the legal case proceeds," said Kiran Karnik, NASSCOM's president.
Bajaj, a U.S. citizen of Indian origin, was arrested under section 67 of India's Information Technology Act, which relates to transmission of obscene material through electronic media, according to the police.
Baazee.com executives, including Bajaj, closely cooperated with Delhi police to trace the alleged seller, and the information provided by Baazee.com allowed the police to locate and arrest the alleged seller, according to a statement on Saturday from eBay in San Jose, California. The listing of the auction item violated Baazee.com's policies and user agreement and was removed after it was discovered, according to the eBay statement.
Bajaj cannot be held liable on grounds of vicarious liability, as the offense was not committed by an employee of Baazee.com, but by a third party using the auction site, according to Vaibhav Parikh, who heads the technology law practice at Nishith Desai Associates, a law firm in Mumbai.
Usually, the police ask that the person arrested be remanded to judicial custody if there is any apprehension that the evidence will be tampered with, or that the person may abscond, according to Parikh. "This is not the case with Avnish Bajaj, who has cooperated with the police," Parikh said.
The police could have held Bajaj liable if Baazee.com continued to auction the obscene material after police asked for its removal, according to Parikh.
The auction of the VCDs and the subsequent arrest of Bajaj is the latest twist to a scandal that started when an MMS (multimedia messaging service) clip of the sexual act was sent to mobile phones across Delhi last month. It was later copied to VCDs by some recipients of the clip and sold, according to the police.
On Sunday the police arrested the student who allegedly made the video clip using an MMS-enabled mobile phone, and who also participated in the recorded oral sex act.
Earlier in the week police arrested a student from the Indian Institute of Technology in Kharagpur who allegedly put the video clip on Baazee.com.
Paavan Duggal, a Delhi-based cyber law consultant and advocate in India's Supreme Court, refused to comment on Bajaj's arrest, but said that the Information Technology Act is "grossly deficient in tackling a variety of issues in the electronic medium."
The act, for example, does not conform with international jurisprudential trends when determining the liability of network service providers, Duggal said.
Section 79 of the act states that a network service provider is not liable for any third party information or data made available if the offense was committed without the provider's knowledge and despite its due diligence, according to Duggal. However, the network service provider must prove that it lacked knowledge of the violation, and that due diligence could not have prevented the offense, he said.
The international position, in contrast, is that the network service provider's liability begins only if it fails to remove the objectionable material after receiving user notification about the material.
"The closest analogy to this case is that of a telephone service provider being held liable for an obscene telephone call made" on its network, said a legal expert on condition of anonymity.
Duggal believes that requiring service providers to prove that they are not liable is likely to burden Indian outsourcing companies, which handle third-party data and information.
"Any kind of outsourcing is on a network, so they are all network service providers," said Duggal. "If they are going to be liable for all third-party data and information made available by them, it is going to make it difficult for them to do business."
"Section 79 of the Information Technology Act will have to be modified to ensure that the police have proof of the service provider's gross negligence or knowledge of the crime, before they can arrest a network service provider," said Nishith Desai's Parikh.
Posted by Chad Dickerson at 08:31 PM
Judge awards ISP US$1 billion in spam damages
By Grant GrossAntispam activists disagree about whether a US$1.08 billion judgment Friday against three spammers in Iowa will discourage others from sending unsolicited bulk e-mail. Judge Charles Wolle, with the U.S. District Court for the Southern District of Iowa, awarded the money, believed to be the largest spam judgment ever, to Robert Kramer, owner of CIS Internet Services, an ISP (Internet service provider) based in Clinton, Iowa. Kramer accused the three companies of sending his 5,000-customer ISP millions of pieces of spam between August and December 2003.
Wolle, using an Iowa antispam law and a U.S. racketeering law, ordered Cash Link Systems Inc. of Florida to pay Kramer $360 million; AMP Dollar Savings Inc. of Arizona to pay $720 million; and TEI Marketing Group Inc. of Florida to pay $140,000. The Iowa spam law allows damages of $10 per spam sent, plus punitive damages.
Kramer doesn't expect to collect the entire judgment, but he hopes to collect at least enough money to cover the damages caused by the spam, said his lawyer, Kelly Wallace, of Wellborn and Wallace LLC in Atlanta. The damages total "several hundred thousand dollars," and the spammers have "considerable assets," Wallace said.
"This is the best kind of law you can practice on the civil side," said Wallace, whose law firm specializes in suing spammers. "You feel good at the end of the day. We're putting spammers out of business."
But Laura Atkins, president of the antispam group SpamCon Foundation, questioned if the award would actually stop many spammers. The three companies are likely to pay a small fraction of the judgment, she said, and many spammers are based in Florida because the law there allows those filing bankruptcy to keep significant assets.
Another factor may make collection difficult in this case. Defendant Cash Link Systems, which used unsolicited e-mail to advertise a cashless automated teller machine (ATM), had its assets seized in July by the U.S. Securities and Exchange Commission (SEC). The SEC accused Cash Link Systems of conducting a fraudulent investment scheme.
The judgment was the largest against a spammer that Atkins can recall, and it may cause some small-time spammers to think twice after seeing the judgment, but will not affect large-scale spammers, Atkins said. "(The defendants) will file for bankruptcy, they'll reincorporate under a new name, and they'll move on," she added.
Spam prosecutions resulting in jail time, such as a Virginia case in November that included a jail sentence of nine years, would be more effective in discouraging other spammers, Atkins said. "Spammers can avoid the judgment, but jail is different," she said.
But John Levine, a board member of the Coalition Against Unsolicited Commercial Email, said the judgment could help educate spammers and judges about spam law. "This should help get the message across that spamming is illegal, that you can actually get in trouble ... if you do it," said Levine, also chairman of the Internet Research Task Force's antispam group.
The case is also an opportunity to show judges the damage spam does, Levine said. "Spam law is so new," he added. "That's one educated judge, and 10,000 to go."
The lawsuit may also allow Kramer's ISP to seize the computers owned by the spammers, slowing their opportunity to start a new spamming business, Levine said.
Kramer accused Cash Link Systems of sending his ISP 60,000 pieces of spam a day, and AMP Dollar Savings of sending 120,000 pieces of spam a day, between August and December 2003. TEI Marketing Group, marketing software buyers could use to "find out anything about anyone," was accused of sending the ISP 1,400 spam messages.
AMP Dollar Savings was a bulk e-mailer for hire, sending pitches for mortgage refinancing, penis enlargement pills and Cash Link Systems' ATMs, said Wallace Kramer's lawyer. "If you can sell it with spam ... they were doing it," he said.
Phone numbers listed for Cash Link Systems and AMP Dollar Savings were disconnected Monday.
Posted by Chad Dickerson at 08:31 PM
German court upholds Web ban on Nazi content
By John BlauGerman authorities have the right to block Web pages containing extremist content. The cross-border character of the Internet cannot undermine powers vested to the federal states, the administrative court in Arnsberg, Germany, ruled on Friday. The Arnsberg court dismissed a lawsuit filed by an ISP (Internet service provider) against the State Media Authority of the German federal state of North Rhine Westphalia. The unidentified ISP, based in Hamm, Germany, had sought to reverse an order issued by the Düsseldorf district authority to prevent Germany-based service providers from providing access to Web sites of U.S.-based servers hosting neo-Nazi content.
The ISP can still lodge an appeal against the ruling with the Higher Administrative Court in Münster.
Düsseldorf district authority President Jürgen Büssow said Friday in a statement he doesn't expect an appeal because of the "milestone decision" reached by the Arnsberg court.
In 2002 North Rhine Westphalia, Germany's most populous state, issued a ban on Web sites disseminating neo-Nazi information. The ban affected 76 ISPs in the state.
To date, no other German federal state has adopted the controversial blocking order.
A battle against neo-Nazi online services has been heating up ever since Germany's highest civil court ruled in late 2000 that the country's laws banning certain material can also be enforced against foreign-hosted Web sites.
The association of German Internet businesses has criticized the NRW government ban as state censorship.
Posted by Chad Dickerson at 04:19 PM
EBay 'outraged' at porn-related arrest in India
By Paul KallenderEbay Inc. is "outraged" at the arrest of Avnish Bajaj, the chief executive officer of the company's Baazee.com subsidiary in India, the company said in a statement issued on Sunday. Bajaj was arrested on Dec. 17 under section 67 of India's Information Technology Act, which relates to transmission of obscene material through electronic media.
Calling the arrest unexpected, completely unwarranted and the result of misdirected energies by the New Delhi police, Ebay said in the statement that it is working to secure the release of Bajaj, country manager of Baazee.com India Pvt. Ltd., as soon as possible. He was sent on Sunday into judicial custody without bail until Dec. 24, according to the statement.
EBay, of San Jose, California, acquired Mumbai-based Baazee.com in August for about US$50 million.
Bajaj's arrest comes after Bajaj traveled to New Delhi to assist police with an investigation into the offering for sale on Baazee.com of a video that showed two New Delhi minors in a sexual act.
The video originated from a clip that was taken using an MMS (Multimedia Messaging Service)-enabled phone, allegedly by one of the participants in the act. The clip was apparently sent by the creator to friends via cell phone and recipients copied the content to VCDs (Video CDs) and sold the discs, according to the police, who are still investigating the case.
Baazee.com argued last week that it was unaware of the clip's content and that the item had been removed as soon as it was found to be pornographic.
The statement issued Sunday added that the video clip itself was not shown on the site, that the seller offered to e-mail the clip to buyers directly, and that the listing violated Baazee.com's policies and user agreement. Bajaj, the statement added, has been closely cooperating with the New Delhi police in order to trace the seller in question and the information provided had allowed the police to locate and arrest the seller.
Last week a student from the Indian Institute of Technology in Kharagpur in West Bengal state was arrested by the New Delhi police for allegedly selling the sex clip on Baazee.com.
Baazee.com's operations in India have not been affected by the incident, the statement said.
Posted by Chad Dickerson at 04:19 PM
December 17, 2004
Search providers seek video, find challenges
By Juan Carlos PerezInternet search providers are reacting to users' rising interest in finding video content on the Web, while acknowledging that there are steep challenges that need to be overcome. This week, Yahoo Inc. and Blinkx both launched video search services, while earlier this month America Online Inc. (AOL) revamped its Singingfish multimedia search engine to make it more attractive and easier for users.
Video content demand and availability have both grown as a direct result of the rise of broadband Internet connections. "More than half of consumers watching videos online have broadband. Broadband adoption is reaching critical mass in the U.S.," said Joe Wilcox, a Jupiter Research analyst.
As a result, users are turning more and more to search engines to look for video content, and finding that general Web search services just don't deliver good enough results. "It's very difficult to find streaming content through traditional search engines, and more and more consumers are interested in this type of content," Wilcox said.
This dissatisfaction with general Web search engines is probably one big reason why AOL's multimedia search site Singingfish (www.singingfish.com) saw its site's usage explode from several thousand queries per day in 2003 to over 700,000 queries per day currently, even when the site wasn't designed to attract mass market users. Unlike the Yahoo site, which focuses strictly on video, Singingfish also indexes audio files.
The usage spike led AOL to revamp the site's interface and, starting this month, for the first time to actively try to make it attractive to mass market users, Karen Howe, Singingfish's vice president and general manager, told IDG News Service in early December. Previously, the site was intended for search providers interested in licensing Singingfish's multimedia search technology, whose users include Microsoft Corp., RealNetworks Inc. and AOL.
Still, challenges abound for search providers that want to index video content.
First, many video files have little or no metadata, while industry-wide there is a lack of metadata standards for video content. Metadata is information about a file, such as its date of creation, size, owner and content description. In the offline world, library cards are examples of metadata.
Even when video files have proper metadata, it is of little value if a user is looking for a specific quote in a news report and has to view an entire clip in order to find the desired snippet.
Also, because video files tend to be very large, requiring a lot of storage space and processing power, they get deleted very often from Web servers, so a search engine may have indexed video files a week ago that today are no longer available.
Then there is the issue of ownership that keeps much sought-after video content, such as full-length television programs and movies, unavailable for obvious reasons: the owners expect to generate revenue from distributing that content online.
Finally, a big open question is how search providers will make money off of their video search services.
Blinkx, a search startup that is generally considered a maverick because it often steals its bigger competitors' thunder, launched this week Blinkx TV. This search service is focused on television content and works around the metadata problem: Blinkx transcribes all the video clips it indexes, permitting searches that are precise in serving up the content the user is looking for. "Our benefit is we let you search into the video clip what people are saying," said Suranga Chandratillake, Blinkx's founder.
In this way, Blinkx TV is ahead of the test video search engine Yahoo launched this week at http://video.search.yahoo.com. Currently, Yahoo is using metadata and other contextual information around the video clip to index it. But Yahoo plans to move to what it calls "deep indexing" in the future.
"That's on our product road map," said Bradley Horowitz , Yahoo's director of media search. "In this release, we're using metadata and contextual techniques, but in the future we'll (also) use techniques such as speech recognition as applied to the video content."
Speech recognition would allow Yahoo to index what is being said in the video clip.
Horowitz declined to say when Yahoo may provide "deep indexing" but pointed out that as the founder of Virage, which specialized in this type of technology, "I am personally very familiar with that technology and its deployment, so you can extrapolate that it's not going to be very long before we're applying it."
Interestingly, Virage was sold to Autonomy Corp. PLC, which in turn licenses its technology to Blinkx. Horowitz left Autonomy and joined Yahoo about eight months ago.
Singingfish doesn't do this type of speech recognition and transcription on the video files it indexes, an AOL spokeswoman said.
While aiming for "deep indexing," Yahoo isn't giving up on metadata. Along with the test video search service, it launched an initiative called Media RSS, a syndication format based on RSS (Really Simple Syndication) and designed to make it easier for Yahoo to index -- and for providers to contribute -- video content.
Another Blinkx advantage is that Blinkx TV is both a Web site (www.blinkx.tv) and part of the company's PC-based search tool, also called Blinkx. As such, Blinkx TV is integrated with the PC tool's Smart Folders technology, which lets users set up folders that get dynamically populated with both local hard drive and Internet files.
Where Yahoo and AOL clearly have an advantage over Blinkx is in the partnerships sphere for video content, since they have been striking up deals for movie clips and television content for years, while Blinkx is a small startup which launched its first product in July.
Blinkx, whose TV content partners include CNN, National Geographic, The History Channel, HBO and ESPN, wants to grow its partner stable "into the hundreds," Chandratillake said. Yahoo's Horowitz said his company continues committed to expanding continually its already sizable multimedia partner ecosystem.
AOL's Howe and Yahoo's Horowitz acknowledge that video content tends to disappear quickly from Web servers, creating empty links in search engine indexes, but both executives say their respective engineering teams are constantly working on addressing this problem in better ways.
Another issue that Singingfish is prioritizing is in integrating multimedia search results with regular search results in a way that makes contextual sense, so that its users don't have to conduct separate searches and collate results manually, Howe said.
Meanwhile, Yahoo's Horowitz and Blinkx's Chandratillake agree that for their companies these are early days in multimedia search, and that as such, they don't have in place revenue models for this type of search.
Some possibilities would be to serve ads or give users a TV clip for free with the option to view the entire program for a fee, Chandratillake said.
Overall, providers getting into video search shouldn't expect to see any significant revenue from it for the moment, said Niki Scevak, a Jupiter Research analyst. "The attention the search providers are giving to this space is motivated by solving these technical challenges, rather than by revenue opportunities at this initial stage," he said.
Meanwhile, neither Microsoft's MSN Search division nor Google Inc. currently offer specific multimedia search services. Microsoft licenses Singingfish technology to power audio and video searches in its media player software and accompanying Web site (www.windowsmedia.com.).
Yahoo also owns the search engines Altavista (www.altavista.com) and AllTheWeb (www.alltheweb.com), both of which let users search for video content and audio files. The Yahoo video search test site unveiled this week incorporates technology from Altavista and AllTheWeb, as well as from the main Yahoo search engine, along with new technologies being developed, a Yahoo spokeswoman said.
Posted by Chad Dickerson at 10:41 PM
CEO of eBay-owned India auction site arrested
By John RibeiroDelhi police Friday arrested Avnish Bajaj, the chief executive officer of Baazee.com India Pvt. Ltd., an eBay Inc.-owned Indian online auction portal, for allegedly allowing the sale of pornographic video CDs (VCDs) that showed two Delhi minors in a sexual act. Bajaj was arrested under section 67 of India's Information Technology Act, which relates to transmission of obscene material through electronic media, according to the police.
EBay, of San Jose, California, acquired Mumbai-based Baazee.com in August of this year.
Baazee.com countered that the site was unaware of the VCDs' content, and removed the items as soon as it found out that they were pornographic. Auctioning pornographic VCDs violated the site's rules, according to a Baazee.com spokeswoman.
Earlier this week Delhi police arrested a student from the Indian Institute of Technology in Kharagpur in West Bengal state for allegedly selling the sex clip on Baazee.com.
The VCDs' auction is the latest twist to a scandal that started with an MMS (multimedia messaging service) clip of the sexual act being sent to mobile phones across Delhi last month.
The clip was taken using an MMS-enabled phone allegedly by one of the participants in the sexual act. Clip recipients copied the content to VCDs and sold the discs, according to the police, who are still investigating the scandal. The clip traveled around India and overseas via the Internet and the VCDs. The two students, a girl and a boy, were expelled by their school.
Posted by Chad Dickerson at 10:37 PM
Ebay snaps up Rent.com for $415 million
By James NiccolaiEbay Inc. has agreed to acquire property listings site Rent.com Inc. for US$415 million in its latest move to expand beyond online auctions, the company said late Thursday. Ebay will pay about $385 million in stock and $30 million in cash for the Santa Monica, California, company. Rent.com launched nationally in 2001 and is the most visited site for apartment listings in the U.S., eBay said.
Apartment owners list properties for free and pay a fee when the property is rented. The privately-held company expects 2004 revenues to exceed $40 million, eBay said. The deal is expected to close in the first quarter of 2005 pending approval from regulators and Rent.com's stockholders.
In August eBay acquired a 25-percent stake in San Francisco-based Craigslist to beef up its classifieds business. Last month it scooped up Holland's top classifieds site, Marktplaats.nl, for about $290 million.
Posted by Chad Dickerson at 06:19 PM
Siebel to acquire edocs for $115 million
By James NiccolaiSiebel Systems Inc. has agreed to acquire edocs Inc., a maker of e-billing and customer self-service applications, for US$115 million, Siebel said Friday. The move is part of Siebel's strategy to provide a broader range of front office applications with its CRM (customer relationship management) suite, the company said. Edocs products are supposed to help businesses cut costs by reducing the use of paper and letting customers use more self-service channels such as the Web and e-mail.
Combining the two companies' products should help customers reduce call center costs and retain clients, it said. Edocs' customers include British Telecom, Harvard Pilgrim Healthcare, Toyota Financial Services and Verizon Wireless Inc., Siebel said.
Siebel will initially pay $115 million in cash for the smaller company, which is based in Natick, Massachusetts. Further payments may follow if the products reach certain revenue targets, Siebel said. The deal is expected to close early next year pending regulatory approval.
The transaction is likely to reduce Siebel's first-quarter 2005 earnings by about $0.01 per share, the company said.
Posted by Chad Dickerson at 06:19 PM
Boeing casts eyes on live TV over Connexion service
By Martyn WilliamsThe Boeing Co. is planning to add live television to its Connexion by Boeing service during 2005, a company executive said in a recent interview. The television programs will be delivered across the Connexion network, which uses satellites to provide high-speed data connections between aircraft in-flight and ground stations linked to the Internet. The service entered commercial use earlier this year and provides a 5M bps (bits per second) shared downstream and 1M bps shared upstream connection to suitably equipped aircraft.
"That'll begin in the middle of next year, covering our international route segments," said Stan Deal, vice president of commercial airlines at Boeing's Connexion unit. "You'll be able to view up to four channels of live TV over your laptop."
Boeing hasn't announced the names of the channels that will be available but they'll be international news and financial news channels, he said.
"Longer term we'll look at some of the live sporting content, probably in the 2006 time frame," he said.
The TV service will be launched first with Singapore Airlines Ltd. and then rolled out to Connexion's other airline partners, Deal said. Singapore Airlines plans to begin offering Internet access via the service on its Singapore to London route from the first quarter of 2005.
The Connexion by Boeing service went into commercial use in May when Lufthansa AG began offering the service on flights between Europe and the U.S. The German airline currently offers service on flights between Frankfurt and Denver and on those between Munich and Charlotte, North Carolina; Los Angeles; Tehran, Iran; and Tokyo. It was launched by Japan's All Nippon Airways Co. Ltd. on flights between Tokyo and Shanghai in November.
December has seen the service launch on Japan Airlines System Corp. (JAL) flights between Tokyo and London and on Lufthansa flights between Munich and both Miami and San Francisco. SAS AB's Scandinavian Airline Systems has also launched the service and will initially offer it on flights between Copenhagen and Seattle.
The launch of Connexion has increased interest in the service from other airlines, said Deal. A group of airlines have been waiting to see the service launch and passenger reaction before signing for the service.
"Having Lufthansa out and running and then ANA, JAL and SAS, I think that'll allow that next group to feel like risk is being collapsed," Deal said. "You'll see some announcements shortly with regard to additional airlines."
Posted by Chad Dickerson at 06:18 PM
Europe researches wireless car-to-car communications
By John BlauGermany's research ministry has agreed to help fund a three-year research project aimed at developing a car-to-car communications system based on wireless LAN (WLAN) technology. The project, Network on Wheels (NOW), succeeds an earlier government-funded project called FleetNet. It will be a major source of input into the European Car-2-Car Communication Consortium (C2C CC), which is made up of several of the Continent's largest car markers, according to Andreas Kaatz, project manager at the German Aerospace Center, which is coordinating the project on behalf of the research ministry.
The industry consortium, consisting of Germany's BMW AG, DaimlerChrysler AG and Volkswagen AG, France's Renault SA and Italy's Fiat SpA, aims to establish a European standard for wireless car-to-car communications. With the help of this technology, the auto industry plans to increase road traffic safety and efficiency while, at the same time, developing new on-board information services and applications.
But before the consortium members can agree to standards, they need to know what works. That's the focus of NOW, which includes not only the three German car makers in the C2C industry consortium but also Siemens AG, NEC Deutschland GmbH and the Fraunhofer Institute for Open Communications.
Researchers in the NOW project will develop and test various components of car-to-car communications systems in "ad hoc" networks, using the IEEE (Institute of Electrical and Electronics Engineers) 802.11a and b wireless transmission standards and the next-generation IPv6 (Internet Protocol version 6) communications protocol, in addition to other standards and protocols, according to Kaatz. In these networks, cars serve as both senders and receivers as well locators to collect and route information about road conditions, traffic jams and more, he said.
Here's how the system is supposed to work someday: As soon as two or more vehicles are within radio communications range, they connect automatically and establish an ad hoc network. Because the range of a WLAN link is limited to a few hundred meters, every vehicle also serves as a router, allowing messages to be sent via a multihop process to vehicles farther away. The routing algorithm is based on the position of the vehicles and is able to handle the typically fast changes of ad hoc networks.
"For instance, information about a traffic jam in your lane could be forwarded to cars in the opposite lane, to be passed back to cars behind you so drivers are warned quickly of congestion ahead," Kaatz said. "The trick is to develop sophisticated location algorithms."
The car maker consortium hopes to have prototypes by the middle of next year and specifications by the end of 2006, according to the group's Web site (www.car-to-car.org).
Posted by Chad Dickerson at 06:18 PM
NTT DoCoMo's 4G research hits 1G bps
By Paul KallenderNTT DoCoMo Inc., Japan's biggest mobile communications carrier, achieved a 1G bps (gigabit per second) packet transmission speed using fourth-generation (4G) mobile communication equipment on Aug. 20, the company said Friday. A downlink speed of 1G bps was achieved in a laboratory experiment using VSF-Spread OFDM (Variable-Spreading-factor Spread Orthogonal Frequency Division Multiplexing) and MIMO (multiple-input-multiple-output) technology, according to DoCoMo.
VSF-Spread OFDM enables downlink connections of extremely high speeds. MIMO is a technique for boosting wireless bandwidth and range by taking advantage of multiplexing, which involves sending information in multiple paths so that each carries more information.
The transmitted data was carried in a single beam, but the amount of data was too big for a single antenna so scientists used four antennas, each sending 250M-bps (megabits per second) streams of data, for the experiment, said DoCoMo spokesman Takuya Ori.
"It was a lab experiment and it was indoors, so the distance wasn't that far," he said.
DoCoMo has been conducting 4G research since 1998. Earlier this year, the company demonstrated a maximum downstream data rate of 300M bps with an average rate of 135M bps. The data rate was achieved during a field experiment in a car running at a speed of 30 kilometers per hour at distances between 800 meters and 1 kilometer from 4G wireless base stations.
DoCoMo's 3G (third-generation) network offers download speeds of 384K bps and upload speeds of 129K bps. The company plans to introduce a more advanced packet-based data service network technology called HSDPA (High Speed Downlink Packet Access) in 2005 that will have a 14M bps speed for both downlink and uplink, according to DoCoMo spokesman Takumi Suzuki.
NTT DoCoMo's experiments are part of its research into developing a global standard for 4G transmission and networks with the International Telecommunication Union. Research in Japan is conducted in cooperation with Japan's Ministry of Internal Affairs and Communications.
DoCoMo would like to begin commercial services based on 4G in 2010, Suzuki said.
Posted by Chad Dickerson at 06:18 PM
P-to-P backers propose new distribution models
By Grant GrossA complete rewrite of the U.S. copyright system was just one proposal aired Thursday during a contentious series of panel discussions at a U.S. Federal Trade Commission (FTC) workshop on peer-to-peer technology. The U.S. Congress should overhaul copyright law that allows a broken distribution model used by the music and movie industries to freeze out P-to-P services, a lawyer formerly in the music industry said at the conference, held in Washington, D.C.
A new digital transmission right for music, added to copyright law by Congress, would allow artists to get paid and consumers to have access to a wide range of music, said Bennet Lincoff, former director of legal affairs for new media at the American Society of Composers, Authors and Publishers (ASCAP).
The voluntary licensing model, administered through a collective of artists similar to ASCAP and other publishing organizations, would pay artists based on an online census of how much of their music is being traded and would encourage music companies to distribute their music as widely as possible, Lincoff said.
Others at the forum rejected Lincoff's idea, the subject of a paper published in November 2002, as a form of compulsory licensing that would require Congress, not free markets, to determine the value of a downloaded song.
"The problem with compulsory license (plans) as a solution to something like this, is they're all quite clumsy," said Stanley Besen, an economist and vice president of business consulting company Charles River Associates Inc. "They require someone to set the prices."
The two-day FTC forum included dueling studies on the effect of P-to-P file-trading on the music industry as well as opposing ideas about what the U.S. government should do about P-to-P vendors.
David Carson, general counsel of the U.S. Copyright Office, said his office was working on an amended version of the Inducing Infringement of Copyrights Act, a bill that would allow lawsuits against people who "induce" copyright violations, before Congress adjourned for the year. The bill failed to get to the U.S. Senate floor after opponents complained it was too broad, but Carson said the Copyright Office had proposed a version that would focus on the copyright-infringing products and services, not technology used.
Much of Thursday's session repeated old rhetoric that comes from both sides in the P-to-P debate. A representative of the movie industry used words such as "thievery" and "looting" to describe unauthorized file trading using P-to-P software. P-to-P software vendors can filter out pornography and viruses, but say they don't have the technology to filter out copyrighted content, said Dean Garfield vice president and director of legal affairs for worldwide antipiracy efforts at the Motion Picture Association of America (MPAA).
"Transformative technology has been highjacked, not by innovators, but by business people who are motivated by profit and who are so blinded by the chase for money that they fail to see the irony, the illogic and the incongruity of claiming to be technologists while asserting that their hands are tied by technological limitations," Garfield said. "Innovation is being retarded by those who leach on those who choose to create."
One P-to-P executive called on the MPAA and the Recording Industry Association of America (RIAA) to join P-to-P vendors to support an impartial study of whether copyright filters are feasible. Sam Yagan, chief executive officer of MetaMachine, distributor of the popular eDonkey P-to-P software, questioned how the music and movie industries could object to his desire to make money.
Yagan warned that future generations of P-to-P software will be fully encrypted and fully anonymous, distributed by programmers with no profit motive. "If you want to increase legitimate use of these networks, let us sell your products," Yagan said to the MPAA and RIAA.
Yagan also questioned legislative efforts focusing on current uses of P-to-P software because of rapidly changing uses of technology. "When we resort to these regulatory solutions, there's a chance we'll get it wrong," he said.
Other forum participants argued P-to-P software hurts the efforts of pay-per-download music services. Saying that P-to-P technology creates "black market networks," Jonathan Potter, executive director of the Digital Music Association trade group, said P-to-P vendors' business models create no added value for artists or consumers, other than allowing consumers to "get something for free."
Potter called on the entertainment industry to educate consumers about copyright violations, to provide compelling legal alternatives to current P-to-P service, and to continue enforcement efforts against violators. "Enforcement is perhaps not the only way to go," he said.
Potter also questioned why P-to-P vendors are surprised by lawsuits from the entertainment industry. "We should not give credence to people who play chicken with the law," he said. "There's not a lot of pity out there for people who invest (in P-to-P businesses) knowing the uncertainty in the law."
But Lincoff, the former ASCAP lawyer, said current legal download services often restrict how many times a song can be copied to other devices. That's why a digital transmission license is needed, he said.
"If the industry offered what consumers really want, the overwhelming majority would pay for it," he said. "If that's not true, then all surely is lost."
Consumers are now looking elsewhere because pay-per-download services don't give them unfettered control over the music they buy, he added. Meanwhile, the entertainment industry wants Congress to protect its outdated business model, he said.
"The industry has relegated consumer to black market services where adware, spyware, pornography and privacy invasions abound," Lincoff said. "The industry has no right to demand that public policy supports its desire to do business in a particular way."
Posted by Chad Dickerson at 12:51 AM
RIAA files 754 new file-trading lawsuits
By IDG News Service staffThe Recording Industry Association of America (RIAA) has filed 754 new lawsuits against alleged file-traders using peer-to-peer services, the trade group announced Thursday. The 754 new lawsuits, filed in federal district courts across the country, included 20 alleged file-traders using university computer networks. Universities affected include the University of Pennsylvania, Columbia University in New York, Old Dominion University in Virginia and Virginia Commonwealth University.
With the new round of lawsuits, the RIAA has now sued more than 7,700 alleged file-traders since September 2003, including more than 3,000 lawsuits since Oct. 1 of this year.
Residents of Pennsylvania, Virginia, Georgia, Missouri, New York, Connecticut, Illinois and the District of Columbia were among those targeted in the latest round of lawsuits.
RIAA President Cary Sherman, said in a statement that the enforcement efforts help pay-per-download music services flourish. "With legal online retailers still forced to compete against illegal free networks, the playing field remains decidedly unbalanced," Sherman said. "That’s why continued enforcement against individuals stealing and distributing music illegally is essential, as is holding accountable the businesses that intentionally promote and profit from this theft."
Posted by Chad Dickerson at 12:51 AM
December 16, 2004
Yahoo adds traffic information to maps service
By Juan Carlos PerezYahoo Inc. is adding local traffic information to its maps service, including roadwork and accident reports as well as the approximate speed at which traffic is proceeding along specific roads. The service, to be launched officially Thursday as part of Yahoo Maps (http://maps.yahoo.com), will offer accident reports and road construction information for about 70 U.S. metropolitan areas. The service will also provide driving speed information for about 22 of those areas.
The traffic information is layered on top of a map at the user's request. Icons are used to indicate accidents or construction, while color codes are used for the speed information, Yahoo executives said.
A Yahoo partner whose name executives declined to disclose aggregates traffic information from a variety of sources, including road sensors, traffic cameras and local police and transportation departments. Yahoo packages and presents the information to its users.
To enhance and extend the service in the future, Yahoo plans to provide it via wireless devices and to add the capability of launching alerts and updates, and of offering users alternate driving routes, Yahoo executives said. Offering the service abroad is also a future possibility.
The traffic service is integrated with Yahoo's general Web search engine, so that if a user enters the query "Philadelphia traffic," a link to the traffic information on Yahoo Maps is provided at the top of the search results. A similar integration exists with Yahoo Local, the Yahoo search service that lets users find local businesses. Yahoo plans to further integrate the traffic information service with other parts of its online network.
Adding this traffic information to its arsenal of services is a way for Yahoo to give users another reason to visit Yahoo Maps and its other online properties, executives said.
Posted by Chad Dickerson at 05:01 PM
Judge: Maryland's anti-spam law is unconstitutional
By Juan Carlos PerezAn e-mail marketing company that was sued for allegedly violating the U.S. state of Maryland's anti-spam law has prevailed, as the judge dismissed the case on the grounds that the law in question is unconstitutional. The case is the latest of several recent cases in which questions have been raised over the constitutionality of state laws designed to regulate e-mail communications and other Internet communications and activities. Three such laws in Virginia, New York and Vermont respectively have been declared unconstitutional for violating the Commerce Clause, while anti-spam laws in Washington and California have survived court challenges.
The Maryland involves First Choice Internet Inc., based in Carle Place, New York, and its founder and president Joseph Frevola. They were sued in late 2003 for allegedly violating Maryland's Commercial Electronic Mail Act (MCEMA), which was enacted in 2002.
The plaintiffs, MaryCLE LLC and NEIT Solutions LLC, accused First Choice of sending misleading and unsolicited e-mail messages to MaryCLE and routed through its Internet service provider NEIT, according to the judge's decision.
MaryCLE and NEIT asked the court to forbid First Choice from sending MaryCLE "unsolicited, false and misleading commercial e-mail messages" and sought to recover statutory damages. MaryCLE and NEIT are both registered as companies in Maryland.
First Choice filed a motion to dismiss the case, and this motion was granted earlier this month by Judge Durke G. Thompson of the Circuit Court for Montgomery County in Maryland.
First Choice gave three reasons for dismissing the case, and the judge agreed with all of them: first, that the MCEMA violates the Commerce Clause of the U.S. Constitution; second, that the Maryland court lacks jurisdiction over the defendants; and third, that Frevola shouldn't have been included in the lawsuit.
Article 1 of the U.S. Constitution, also known as the Commerce Clause, aims to protect interstate commerce from state and local laws that put an undue burden on it, and Judge Thompson found MCEMA to be one such law. He moreover stated in his decision that even if MCEMA were constitutional, the court doesn't have jurisdiction over the New York-based defendants.
"We're obviously disappointed but we think there are some pretty serious errors in the opinion," said Eric Menhart, a law student at George Washington University who founded MaryCLE in April 2003 with the primary purpose of protecting consumer interests in the online market. The company has brought several lawsuits alleging violation of MCEMA, winning one and settling several others in its favor.
Among other things, Menhart takes issue with the cases Judge Thompson used to support his decision, which Menhart maintains weren't pertinent to the case at hand. MaryCLE plans to file a motion for the judge to reconsider his decision, and if that doesn't yield the expected results, the company plans to appeal the case, Menhart said.
"It was the right decision because it made clear that when a state tries to enforce laws against companies that are doing business outside of that state, (those laws) are running afoul of the Commerce Clause," said Andrew Dansicker, the attorney who represented First Choice.
However, his client's victory could be viewed as an empty one.
At some point after the lawsuit was filed, Frevola, First Choice's president, suspended his e-mail marketing activities and became an employee of another company, said Dansicker, who works at the law firm Schulman, Treem, Kaminkow, Gilden & Ravenell.
First Choice is still in business but inactive, Dansicker said. "He (Frevola) stopped doing this type of business because he was concerned about additional lawsuits," Dansicker said.
Anti-spam laws, which vary from state to state, "have had a chilling effect on people trying to do Internet marketing," Dansicker said. "It's not just my client. There are other businesses that have also closed down or stopped sending out bulk e-mail."
Judge Thompson criticized the Maryland anti-spam law because it makes it illegal to send commercial e-mail that "contains false or misleading information in the (e-mail message's) subject line that has the capacity, tendency or effect of deceiving the recipient." It's not clear who establishes that the subject line is deceptive and what criteria is to be used, according to the judge. "The language is too vague to be enforced," the judge wrote in his decision.
The judge also found the jurisdiction issue problematic, pointing out that the defendants were based in New York, and that MaryCLE, while registered in Maryland, has its office and primary place of business is Washington, D.C. The judge also highlighted that MaryCLE's ISP NEIT, while also registered in Maryland, has its servers in Denver, Colorado. Moreover, the e-mail messages in question were sent by a company First Choice outsourced this task to that is based in Virginia and called Master Mailings LLC.
"The Defendants had no contact with the State of Maryland because their e-mails were sent from New York, routed through Virginia and Colorado and finally were received in Washington, D.C.," the judge wrote, adding that "the Plaintiffs are asking the court to apply Maryland law to a situation which never occurred in Maryland."
Posted by Chad Dickerson at 05:01 PM
Time Warner cuts DOJ deal on AOL case, SEC may follow
By Laura RohdeTime Warner Inc. has reached a settlement deal with the U.S. Department of Justice (DOJ) concerning accounting issues with its America Online Inc. (AOL) Internet division, the parties announced Wednesday. As part of the agreement the DOJ will defer for two years prosecution on charges of aiding and abetting securities fraud in connection with transactions between AOL and PurchasePro.com Inc. The charges were filed on Wednesday in the U.S. District Court for the Eastern District of Virginia. In return, Time Warner has agreed to pay US$150 million into a compensation and settlement fund as well as a criminal penalty of $60 million, the DOJ said.
Furthermore, AOL is accepting responsibility for the conduct of its employees in the PurchasePro transactions and will adopt internal reform measures while cooperating with an ongoing criminal investigation, the DOJ said. Time Warner will also fully cooperate with the investigation as part of a separate agreement with the DOJ.
The charges will be dropped after the two-year time frame should AOL keep to the terms of the agreement, Time Warner said in a separate statement.
Time Warner, based in New York, also said it has proposed a similar settlement to the U.S. Securities and Exchange Commission (SEC) that the agency has agreed to recommend to the SEC commissioners for final approval. The SEC said it does not comment on proposed settlements until they are finalized.
AOL has been the subject of investigations by the DOJ and the SEC into its past accounting practices, including advertising arrangements with smaller Internet company partners and its methods for reporting subscriber numbers.
Time Warner, which merged with AOL in 2001, publicly acknowledged in mid-2002 that AOL was the subject of an SEC inquiry into transactions made by the Internet company after July 1, 1999. The DOJ investigation soon followed.
Four former PurchasePro executives agreed Wednesday to plead guilty to criminal charges, the DOJ said. The four individuals are Robert Geoffrey Layne, 39, of Lexington, Kentucky, a co-founder of PurchasePro and its former executive vice president; Shawn McGhee, 41, of Memphis, the company's former chief operating officer; Dale Boeth, 42, of Roanoke, Texas, a former senior vice president of strategic development and senior vice president of consulting services; and James Sholeff, 37, of Las Vegas, a former sales representative, sales manager, project manager and vice president at PurchasePro.
The DOJ charged AOL with helping PurchasePro’s officers report at least $10 million in false revenue in the fourth quarter of 2000 and announcing at least $20 million in false revenue in the first quarter of 2001. In turn, according to the charges filed by the DOJ, AOL was able to report about $20 million in additional revenue in the fourth quarter of 2000 and about $15 million of additional revenue in the first quarter of 2001.
According to the DOJ, PurchasePro, a Las Vegas-based company selling Internet procurement software and services, agreed in March 2000 to pay $70 million to AOL as part of a strategic partnership and place ads on AOL’s Netscape Netbusiness Web site, Internet advertising and other services. AOL in turn expected PurchasePro to sell its products by referring customers and generating revenue through transactions on AOL’s Netbusiness platform.
But by September 2000, AOL had not helped PurchasePro generate any revenue. When the strategic partnership did not generate the expected revenues, AOL began to help PurchasePro meet its quarterly revenue objectives by directly buying products from PurchasePro that AOL did not want or need. AOL then helped mislead PurchasePro’s auditors about how the revenue was in fact earned, the DOJ said.
As part of the DOJ agreement, an independent monitor will be appointed to review the effectiveness of AOL's internal controls.
Under the proposed SEC agreement, Time Warner would pay a penalty of $300 million and would adjust its accounting for the $400 million [M] in advertising revenue recognized primarily in 2001 and 2002 in transactions with Bertelsmann AG, as well as for transactions with two other AOL customers that resulted in about $30 million of advertising revenue recognized in 2001, Time Warner said.
The company would also restate its financial reporting for its investment in and consolidation of AOL Europe.
Time Warner said last month that it had set aside $500 million to pay for any costs resulting from the investigations, and that it faced the possibility of having to restate its financial results for 2002 due to the manner in which AOL handled accounting for AOL Europe.
Posted by Chad Dickerson at 05:01 PM
Yahoo launches video search site
By Juan Carlos PerezYahoo Inc. is pushing one of the frontiers for search engines and has launched a test site for searching video content on the Web. The site, at http://video.search.yahoo.com/, went up on Wednesday, and pits Yahoo against competitors such as Singingfish, which is owned by America Online Inc.
The Yahoo video search service lets users narrow their query results by file formats, such as AVI, MPEG, Quicktime, Windows Media and Real, by size and by duration. Users can also choose to filter results based on Internet top level domains, so only results from .com Web sites would be listed, for example. The service also lets users narrow the search to a specific Web site. Finally, users can choose to let Yahoo exclude content unsuitable for minors.
A call to Yahoo seeking comment wasn't immediately returned, but an entry about the video search service was posted on the official blog of the Yahoo search team (http://ysearchblog.com) on Wednesday in the name of Jeremy Zawodny, a Yahoo search executive.
"The costs of producing video content have been steadily decreasing in recent years. Between the adoption of broadband Internet connections, and easier to use video editing software, it's no surprise that we're seeing a lot more video content make its way on to the Internet. And what's out there today is just the tip of the iceberg," said the entry.
In the blog entry, Zawodny talks about the existing challenges search engine providers face to find video content, which he says that in many cases are "hidden behind complex JavaScript, Flash-based players, and other non-crawler friendly obstacles." To address these difficulties, Yahoo will in the future enable its video search crawler to support indexing of video enclosures in RSS feeds, according to Zawodny. "At the most basic level, this is just a matter of pointing to a video instead of an MP3 file," he wrote. "The beauty of this is that there's existing infrastructure for handling simple enclosures. Many RSS readers already consume enclosures just fine."
Yahoo also wants to promote the use of metadata in video content, which would make the content easier to find and index by search engines, Zawodny wrote. "To get this started, we're suggesting an optional set of metadata extensions that we've been calling 'Media RSS'. They're aimed at publishers who'd like to provide a rich set of metadata about the media being published. Our video search system will also support these Media RSS extensions in addition to video enclosures," he wrote.
Posted by Chad Dickerson at 05:00 PM
December 15, 2004
FCC to consider allowing cell phones on planes
By Stephen LawsonThe U.S. Federal Communications Commission (FCC) on Wednesday kicked off efforts that could reshape the communications services available to airline passengers, deciding to auction off spectrum now set aside for air-to-ground phone service and proposing to relax its ban on the use of cellular phones in flight. The FCC will auction radio frequencies in the 800MHz band in the hopes of spurring new onboard services that could include voice, data and broadband Internet access, the agency said in a statement. The services could be provided for commercial, military and general aviation. The FCC proposed three possible configurations of the spectrum, all of which are designed to ensure at least two operators in that band, and will let private industry settle on one.
There is 4MHz of spectrum in the 800MHz band set aside for air-to-ground communications, but only one service, Verizon Communications Inc.'s Airfone, is using that spectrum now, according to the FCC. The Airfone seatback phone service is expensive, limited to voice and not often used, Commissioner Michael Copps said in a statement on the decision. The FCC granted Verizon Airfone a new, 5-year, nonrenewable license on Wednesday, but limited that service to 1MHz of the 4MHz band.
Service providers that participate in the auction could choose an arrangement in which two carriers each have 3MHz of spectrum, overlapping in the middle part of the band, or one of two configurations that set aside a 3MHz band exclusively for one carrier and a 1MHz band exclusively for another.
"Our rules for the 800MHz commercial air-ground service has been locked in a narrowly defined technological and regulatory box and have kept passengers from using their wireless devices on planes," FCC Chairman Michael Powell said in a statement on the decision. The agency shouldn't dictate business plans by choosing only one band plan, he said. Commissioners Copps and Jonathan Adelstein voiced concern about auctioning an exclusive 3MHz license, saying the remaining 1MHz license wouldn't give a rival carrier enough bandwidth to effectively compete.
The agency also proposed allowing passengers to use standard wireless handsets and other devices via a "picocell," a small base station on the plane. Phones would also have to operate at their lowest power setting and not allow unwanted radio emissions to interfere with land-based cell networks. FCC rules currently prohibit using cell phones after takeoff, and U.S. Federal Aviation Administration (FAA) regulations restrict the use of any mobile phones and other portable electronic devices to prevent interference to onboard communications and navigation gear.
In its notice of proposed rulemaking (NPRM), the FCC is seeking public comment on whether the plan should apply only to devices operating in the 800MHz cellular band or include other types of phones, such as those in the PCS (Personal Communications Systems) or Advanced Wireless Services bands. It also wants ideas about how the 800MHz air-to-ground spectrum could be used as a "pipe" between an aircraft and a network on the ground. The agency is coordinating with the FAA, which is examining its own rules, according to the FCC statement.
In his statement on Wednesday's decisions, Copps welcomed the idea of exploring the issue but said he was worried about the possible fallout for airline passengers.
"Many airline passengers don't relish the idea of sitting next to someone yelling into their cell phones for an entire six-hour flight. I know I don't!" Copps wrote. He urged consumers to participate in the NPRM. "Meanwhile, we here at the Commission need to determine precisely what jurisdiction the FCC has over the annoying-seatmate issue."
Posted by Chad Dickerson at 09:47 PM
Apple locks out RealNetworks with iPod update
By Joris EversApple Computer Inc. has updated the software for some of its iPod digital media players so that songs bought from RealNetworks Inc. won't play. The change affects Apple's new iPod Photo, which was introduced in late October and lets users store and display their digital image collections on the iPod, in addition to digital music.
Apple's action comes several months after it accused Real of adopting "the tactics and ethics of a hacker to break into the iPod." Real in July announced a technology called Harmony that allows consumers to download songs they can play on a wide variety of portable digital media players, including Apple's iPod devices.
"As we stated in July, we strongly caution Real and their customers that when we update our iPod software from time to time it is highly likely that Real's Harmony technology will cease to work with current and future iPods," an Apple spokeswoman said Wednesday. She declined to comment further.
Real is keen to provide music to iPod Photo users as well, a company spokeswoman said. "We remain fully committed to providing consumers with the freedom to use the music they purchase from us on different portable audio devices, both now and in the future, including the iPod Photo," she said.
Apple's iTunes is the most popular online music store and the iPod is a very popular digital music player. Apple is protecting its turf by not allowing others to sell music that can be transferred to and played on the iPod.
Posted by Chad Dickerson at 09:47 PM
NYSE teams up with IBM to go wireless
By Lucas Mearian, ComputerworldThe New York Stock Exchange Inc. (NYSE) has rolled out a new Java-based trading platform that includes customized wireless handheld devices for traders, putting an end to the shouts for buy and sell orders that have been the trademark of the nation's oldest and largest exchange. IBM Corp. has partnered with the NYSE in creating the new stock-order management system, NYSE TradeWorks, which was unveiled yesterday. IBM designed 3,000 handhelds that allow floor brokers to send trade tickets electronically to their offices.
The NYSE has been under pressure from all-electronic exchanges, such as Nasdaq, that can perform trades faster. And the venerable stock exchange is now making a move to become a "hybrid," which would allow electronic trading and traditional floor trading to take place side by side.
"If you think about it, part of the role of technology at New York Stock Exchange is to handle increasing volume with the same number of people," said Roger Burkhardt, the NYSE's chief technology officer. He said the NYSE put the new system through the most exhaustive tests it has ever used for any technology, spending more than a year on the rollout before going live last month.
NYSE's TradeWorks order-management system is built on J2EE open systems technology. It replaced the in-house Broker Booth Support System, which connected floor traders to the brokerage back offices that executed the trades. While many floor traders already used handhelds, those devices were consumer-grade products and weren't tightly integrated with their firms' back-office systems.
The new systems offer larger screens and 40 times more throughput than the earlier devices did, according to IBM. The NYSE has bought 3,000 devices and has so far gone live with 650 of the handhelds.
The contract with IBM represents the first time the NYSE has gone with a third-party provider for its trading system. Burkhardt said he's "very happy to be out of the business of writing middleware" but added that he doesn't plan any IT layoffs as a result of the IBM deal.
The TradeWorks system runs on custom-built Linux-based Wintel workstations and HP-UX servers running IBM's Java-based WebSphere middleware. A record of trades and customer information is captured in a DB2 database on an IBM zSeries mainframe on the back end, Burkhardt said.
Traders, brokers and clerks will use the workstations to relay real-time market information from the exchange floor to trading desks upstairs, and data backup will be managed by IBM's Tivoli software.
"The interesting part is not simply what this provides to the New York Stock Exchange, but what this means for the larger position in the market for Java," said Dave Cearley, an analyst at Stamford, Conn.-based Meta Group Inc. "This is not simply a statement of the scalability of IBM's proprietary technologies. It's also about showing the scalability and reliability of Java environments."
Burkhardt said more than 100 enhancements were made to IBM's Java J2EE platform in order to meet the exchange's more stringent business needs.
"All those enhancements that were required were plowed back into the standard platforms IBM provides," Cearley said.
Posted by Chad Dickerson at 07:18 PM
Sprint, Nextel herald 'future of communications'
By Paul RobertsExecutives from Sprint Corp. and Nextel Communications Inc. took to a stage at the St. Regis Hotel in New York Wednesday to announce a definitive agreement to merge their two companies and create the third-largest mobile phone company in the U.S. Sprint Chief Executive Officer (CEO) Gary Forsee and Timothy Donahue, the CEO of Nextel, trumpeted the strength and promise of the new company, to be called Sprint Nextel. The merged company will have a combined equity value of approximately US$70 billion, more than 35 million wireless subscribers and a nettwork covering an area of almost 262 million people.
The merger will also result in the spinoff of Sprint's local phone business into a separate company.
Addressing an audience of investment industry insiders and media, Nextel's Donahue called the combined company the "future of communications," and said that joining his company to Sprint will create a new telecommunications powerhouse, with spectrum rights, product portfolios and distribution networks that will allow it to compete with companies such as Verizon Communications Inc. and Cingular Wireless LLC, which recently merged with AT&T Wireless Services Inc.
Forsee will take over as CEO of the combined company, with Donahue acting as executive chairman. Further underscoring the theme of a "merger of equals," the company will also maintain its operational headquarters in Overland Park, Kansas, current home to Nextel, and an executive headquarters in Sprint's home of Reston, Virginia, Donahue said.
With the staffs of the two companies observing the proceedings over a live Webcast, both executives paid homage to the hard work of employees of both companies. However, both Forsee and Donahue made it clear that staff reductions would be unavoidable as the companies combine their operations and networks following regulatory approval of the merger, which is expected in the first six months of 2005.
While he declined to discuss details of where cuts might come, Forsee said that the company will work to eliminate overlaps between the two organizations and that it wouldn't make sense to move "thousands of employees" between Kansas and Reston, or Reston and Kansas.
According to Forsee, 22,000 employees who work with Sprint's local phone business will leave the merged company to work for that newly created entity.
Sprint Nextel also expects to realize huge savings by consolidating information technology as well as sales, marketing and administrative organizations. It will also try to extract better deals from suppliers by leveraging the company's increased size, Forsee said.
Total savings to the company through those "synergies" could total $12 billion, the executives said.
Executives from both companies spoke enthusiastically about the opportunities created by combining the two companies, especially with Nextel's strength in innovative voice services, like the popular "push to talk" feature, and Sprint's strength in Internet and data services.
Following regulatory approval, the combined company will begin to merge the companies' networks, looking for collocation opportunities where they exist, and making sure that Nextel customers can receive service from Sprint's cell network, and vice versa, Forsee said.
A longer-term project will be migrating Nextel customers and the two-way radio "push to talk" feature from the company's network, which uses Motorola Inc.'s iDEN (Integrated Digital Enhanced Network), to Sprint's network, which uses CDMA (Code Division Multiple Access) technology, the executives said.
Sprint Nextel will continue to invest in and grow its iDEN network through 2007, and is looking at opportunities to market it to governments and public safety organizations, which make heavy use of the "push-to-talk" capability, Donahue said.
In the short term, the companies are working with Motorola to offer their customers a dual-mode phone that supports both iDEN push-to-talk and CDMA, Donahue said.
Sprint will work aggressively with federal and state regulators to win approval for the spinoff of its local telecom business and to make sure that the new company has the cash and capital resources to be successful, Forsee said.
The new company will be the largest local phone company in the country, with 7.7 million local access lines in 18 states, he said.
Sprint expects approval for local phone spinoff to take longer than approval for the merger, but hopes to win approval for the plan in nine months to one year, Forsee said.
Jeff Kagan, a telecom industry analyst said, "This is good news for the wireless industry."
"This creates three big wireless competitors carrying about 75 percent of the traffic, which is very helpful," Kagan said. "Three major carriers can help keep prices low for customers, expenses lower for the companies and innovation high. The wireless industry needed this wave of consolidation."
Like the merger of Cingular and AT&T Wireless, the joining of Sprint and Nextel is an example of the need for consolidation in the wireless industry, as companies try to resolve network bottlenecks and gear up to spend billions of dollars on network upgrades, such as Sprint's ongoing effort to upgrade its PCS wireless network with the high-capacity EV-DO technology, Kagan said.
"Since the mergers will happen before they spend the money, they will save significantly," he said. "In some cases they will have more capacity, and in other cases they will only have to spend once, not twice. It should help the merged company save quite a bit of money."
Posted by Chad Dickerson at 07:10 PM
Warner Music inks global cell phone download deal
By Scarlet PruittWarner Music Group has signed a global agreement with mobile software and services provider Melodeo Inc. to offer music fans the ability to download entire tracks from its catalog to their mobile phones. Under a deal announced Wednesday those who have handsets with Melodeo's software will be able to preview, purchase and download Warner Music tracks. Warner hopes to bank on the abundance of worldwide cell phone users, and popularity of ring tone downloads, to sell individual tracks.
Although Warner Music Group has separate content deals with various operators in the U.S. and Europe, this is its first global download deal and is important that it involves full-length tracks, the music company said.
So far, Spanish telecommunications giant Telefónica Móviles SA has signed up to offer Melodeo's software to its wireless subscribers in Spain, under the brand name Mplay. Telefónica is incorporating the software in its handsets, as well as offering the technology over its network for download to midrange and high-end handsets, the operator said.
Melodeo also expects to announce a deal with another European operator shortly, and is working closely with a number of U.S. operators for possible launch next year, according to Don Davidge, the company's senior vice president of marketing and sales.
Melodeo's software includes a music database that resides on the phone and features a search capability for finding songs and artists.
Users search for songs and download them through the air to their handsets.
Melodeo, based in Seattle, said that its software saves bandwidth by downloading, and not streaming, tracks and applying an advanced audio codec that makes music files smaller than a typical MP3 file. Melodeo uses Coding Technologies' aacPlus codec, which produces music files in the 500K bytes to 750K bytes range, compared to the 3M bytes of space needed for a typical MP3, according to Davidge.
Although mobile phone memory varies, Melodeo said that users with 64M bytes of memory can store 75 to 125 tracks. And the next version of Melodeo's software, due out early next year, will offer the option of sending a copy of the track to the user's desktop as well, Davidge said.
Operators set prices for the downloads, but so far European operators are pricing them at €1.50 (US$2.00) per song, according to Davidge.
Posted by Chad Dickerson at 05:04 PM
Adobe patches holes in Reader
By Techworld staffAdobe Systems Inc. has patched two bugs in its ubiquitous Acrobat Reader application that could allow an attacker to take over a user's system via a malicious pdf file attached to an e-mail message. The bugs affect Windows, Mac OS X and Unix. Separately, developers warned of bugs in Ethereal, a popular network protocol analyzer, that could allow an attacker to take over a system.
Security research company iDefense Inc. warned of the bug affecting Windows and Mac in an advisory published on the Bugtraq mailing list late on Tuesday. The problem is a format string vulnerability in version 6.0.2 of Adobe Reader, allowing users to craft a special .etd file that could cause an invalid memory access and allow for the execution of malicious code with the privileges of the user. Reader uses .etd files in handling eBooks.
The bug could be exploited by an e-mail containing either a malicious pdf file or a link to such a file, according to iDefense. The company said earlier versions of Reader 6 could be vulnerable, and said the bug is likely to also affect Adobe Acrobat, the application used to create pdf files.
Adobe released a fix in version 6.0.3 of both Acrobat and Acrobat Reader for Windows and Mac OS X. All the updates are available from Adobe's Web site.
IDefense said users could also work around the problem by deleting the file "C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\eBook.api", which makes Reader and Acrobat unable to handle eBooks.
A similar bug affects Unix. A boundary error in the "mailListIsPdf()" function, which checks to see whether a document in an email is a PDF file, unsafely copies user supplied data into a fixed sized buffer, according to iDefense.
This could allow an attacker to cause a buffer overflow and execute malicious code, the company said. Adobe has fixed the bug in Acrobat Reader version 5.0.9 for Unix, available on its site. iDefense said previous versions of Reader 5 are likely to also be affected. In its advisory, iDefense included a shell script patch users can apply for additional protection.
Several bugs were also reported in Ethereal, which claims to be one of the most popular tools for network software and protocol development, troubleshooting and analysis. The bugs can make the application hang, crash or otherwise disrupt a system, and may also allow for malicious code execution, Ethereal's developers said.
"It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file," the project said in a Wednesday advisory.
The bugs affect versions 0.9.0 up to and including 0.10.7, and are fixed in version 0.10.8. Secunia, which publishes an independent security database, said the problems were "highly critical."
Posted by Chad Dickerson at 04:48 PM
Sprint, Nextel agree to 'merger of equals'
By John BlauSprint Corp. and Nextel Communications Inc. have agreed to a multi-billion dollar merger that would create the third largest mobile phone operator in the U.S., the companies said Wednesday. Under a deal that had been widely rumored this week, the telecommunications providers will create a new company called Sprint Nextel that will have about US$40 billion in combined revenue and more than 35 million mobile phone customers, they said.
The deal, structured as a "merger of equals," values each company at $35 billion.
Posted by Chad Dickerson at 04:37 PM
Ask Jeeves to boost search site with portal features
By Juan Carlos PerezAsk Jeeves Inc. is actively looking at strengthening its flagship search engine Web site with features, services and technologies found elsewhere in its online network. Ask Jeeves is taking inventory to determine which of its online offerings makes sense to replicate in its flagship Web search engine (www.ask.com), according to company executives.
The plan follows Ask Jeeves' purchase of Interactive Search Holdings, announced in March of this year and closed in May, which gave Ask Jeeves several Web properties, including Web portals Excite (www.excite.com), My Way (www.myway.com) and iWon ().
"We own robust portal functionality and are actively exploring integration of those tools and features into the Ask Jeeves brand in ways that make sense," said Jim Lanzone, the company’s senior vice president of search properties.
The process has already started. Ask Jeeves boosted its flagship search engine with a feature from My Way that lets users find show times at local movie theaters, said Daniel Read, vice president of product management.
"There will be a lot more examples of that," Read said. Online communications overall is an interesting area, and within it a likely possibility would be an Ask Jeeves-branded webmail service, Read said. iWon, My Way and Excite all offer webmail services.
While it mulls cross-pollination of services in its online network and explores possible synergies, Ask Jeeves for now remains committed to having a variety of distinct sites with their own identities and user experiences, Read said. This is different from the Web portal approach of rivals Yahoo Inc. and Microsoft Corp., which have a full suite of mass-market online services, including search, under a single Web banner: www.yahoo.com and www.msn.com, respectively.
However, nothing is written in stone over at Ask Jeeves. "We have a multibrand strategy now, but the way people consume Internet services is always changing, so we don't discount any move," Read said.
One thing the company firmly believes in, however, is that stuffing its Ask Jeeves search engine indiscriminately with portal features would be counterproductive, Read said. "A key thing for a search engine is to keep it simple and not clutter it, because (clutter) turns off users," Read said.
Still, with its plan to selectively seed the Ask Jeeves search engine with complementary services and functionality drawn from its portals, the company seems to acknowledge that loyalty among search engine users is generally very thin. A consensus among industry observers is that providers of Web search services must complement them with other services that grab on to users more tightly.
A good example of a search provider that has been busy adding other online services is Google Inc., which is complementing its core search services with others such as its Gmail webmail service, its Picasa photo management and sharing service and its Blogger weblogging service.
Posted by Chad Dickerson at 04:36 PM
A federal judge in Atlanta has ordered a Georgia man to stop selling a guide that tells buyers they can avoid U.S. income tax by "renouncing" their Social Security numbers and claiming to be "sovereign citizens."
Jonathan D. Luman, of Stockbridge, Georgia, was ordered Thursday to stop selling his Tax Buster Guide over the Internet, the U.S. Department of Justice (DOJ) announced Tuesday. Judge Clarence Cooper of the U.S. District Court for the Northern District of Georgia, in a preliminary injunction, held that Luman has falsely claimed that customers can avoid income tax by sending the U.S. Internal Revenue Service documents found in his guide.
The DOJ accused Luman of selling the guide over the Internet to customers in 41 states.
The court's order requires Luman to notify his customers of the injunction, to post the injunction on his Web sites and to give the DOJ a list of his customers' names, mailing and e-mail addresses, phone numbers and Social Security or employer identification numbers.
Luman did not answer his telephone Tuesday afternoon.
Posted by Chad Dickerson at 09:45 PM
Microsoft Corp. is testing a new subscription Hotmail service that includes 2G bytes of e-mail storage and a copy of Outlook 2003 to access the service from the desktop.
The "premium subscription" service is called Microsoft Office Outlook Live and is being tested in the U.S. by a small group of beta users, a Microsoft spokeswoman said on Monday. Other than e-mail, the service also includes the MSN Calendar and MSN Address Book, which are also accessible with the Outlook 2003 client, she said.
Microsoft Office Outlook Live appears to be an extension to Microsoft's current MSN Premium. This US$9.95 a month service includes the Outlook Connector, a tool that lets users access their MSN services from within Outlook version 2002 or newer. However, MSN Premium does not include a copy of Outlook, Microsoft Office Outlook Live does.
Microsoft executives have been discussing an expanded hosted e-mail service separate from MSN Premium for several months. The service would be targeted especially at businesses that don't run their own e-mail server. MSN Corporate Vice President Yusuf Mehdi, at an event for investors in May alluded to the service.
"Advanced e-mail and small business services, these are another big set of things that we're investing in," Mehdi said, according to a transcript of the event. "There's a lot of demand for people who use Outlook as an e-mail client who don't have an Exchange Server."
Microsoft hopes to offer a final version of Microsoft Office Outlook Live with unspecified additional features in the first half of 2005, the spokeswoman said.
Posted by Chad Dickerson at 08:37 PM
Ask Jeeves Inc. will launch a test version of its desktop search tool on Wednesday, following the launch of similar tools by rivals Microsoft Corp. on Monday and Google Inc. in October, and ahead of expected entries from America Online Inc. (AOL) and Yahoo Inc.
Ask Jeeves' application, called Ask Jeeves Desktop Search, is small at 750K bytes and can be downloaded for free at http://download.ask.com/desktop, according to a statement from the Emeryville, California, company.
Designed to let users find files and information stored in their PCs, Ask Jeeves Desktop Search indexes and retrieves a variety of files, such as Microsoft Office documents, Microsoft Outlook e-mail messages, multimedia files and applications.
The tool lets users narrow queries through a variety of parameters, such as searching only Microsoft Office documents or image files, and lets users sort the results in multiple ways. Users can also determine the parts of their hard drive they want indexed.
Ask Jeeves Desktop Search features a two-panel user interface that shows results on one side and previews on the other side.
During this test period, often referred to in the industry as a beta period, Ask Jeeves will gather feedback from users to improve the product.
A final version of the product is slated for next year, and it will feature more support for Outlook, an integration of PC and Web results and support for Adobe Systems Inc.'s PDF files.
The tool runs on computers using either the Windows 2000 or Windows XP operating systems, Microsoft Office 2000 or later versions and Outlook 2003.
In an interview last week, an Ask Jeeves executive told IDG News Service that the Ask Jeeves Desktop Search tool will eventually be tightly integrated with the company's personal search service MyJeeves, which lets users store, categorize and retrieve queries and results.
According to the company executive, Ask Jeeves envisions MyJeeves as a repository for all of a user's personal files, including Web pages, audio files and photos, so that MyJeeves eventually becomes a platform for a user to share information with family members, co-workers and other acquaintances.
Giving users the ability to find information in their often cluttered and disorganized hard drives has become a hot area, attracting large vendors, such as Microsoft, Yahoo, AOL and Google, and smaller vendors, such as Blinkx, Copernic Technologies Inc. and X1 Technologies Inc.
X1, which has a desktop search tool in the market, has been tapped by Yahoo for the latter's product, which is expected to go into beta mode in the coming weeks.
Posted by Chad Dickerson at 08:33 PM
A new version of the Zafi e-mail worm is spreading Christmas wishes along with its malicious code, according to antivirus software companies.
Zafi.D is a mass-mailing worm that arrives in a ZIP file attached to e-mail messages with the subject "Merry Christmas." Instead of a gift, however, the e-mail package delivers worm code that infects Microsoft Corp. Windows systems on which it is opened. Leading antivirus companies, including McAfee Inc., Sophos PLC and Computer Associates International Inc. (CA) issued warnings about the new worm and updated antivirus signatures to stop the new threat.
In addition to the Christmas well wishes in the subject line, Zafi-generated e-mails contain the message "Happy Hollydays" and are signed "Jaime."
CA researchers collected almost 100 samples of Zafi.D since spotting the new worm variant early Tuesday, said Stefana Ribaudo, manager of the company's eTrust Security Management division. At McAfee Inc., around 50 samples of the worm were collected, mostly from Europe, said Vincent Gullotto, vice president of McAfee's Anti-Virus Emergency Response Team.
Both companies rated Zafi.D a "medium" threat, indicating that a number of samples have been spotted, and that the worm has a destructive payload.
Like most other mass-mailing e-mail worms, Zafi.D modifies the configuration of Windows machines, shutting down other security software and harvesting e-mail addresses from files on the infected computer. After it harvests e-mail addresses, Zafi uses a built-in SMTP (Simple Mail Transfer Protocol) to send e-mail to those addresses with copies of the worm code, antivirus companies said.
The worm has had more luck spreading than earlier Zafi variants, possibly because of its well-timed and appealing subject line and message, which are good examples of what antivirus researchers call "social engineering" -- subtle tricks used to gain victims' confidence, Ribaudo said.
However, the increase in reports could be due to an initial spam distribution of the worm. The similarity of Zafi.D to its predecessors -- and to other mass mailing worms -- means that it's likely that few examples of the new worm are actually getting through to e-mail inboxes, Gullotto said.
Antivirus experts advised e-mail users to update their antivirus software to obtain the latest virus definitions for Zafi.D and to use extreme caution when handling unexpected e-mail attachments.
Posted by Chad Dickerson at 08:33 PM
Two new top-level domain names moved closer to approval this week, as the body charged with overseeing the Internet's technical matters moved into negotiations with the companies applying to set up and run the ".mobi" and ".jobs" domains.
The Internet Corporation for Assigned Names and Numbers (ICANN) has begun commercial and technical negotiations with the applicant registries, bringing the number of domains in this second stage of evaluations to four, ICANN said Monday.
In October, the oversight body gave a preliminary go-ahead to the ".post" and ".travel" domains. Negotiations with those applicants are still under way, said ICANN.
The two latest candidates to reach this stage differ from the kind of industry-specific designation sought by .post and .travel, intended for the postal and travel communities, respectively.
Both .mobi and .jobs are intended to serve as auxiliary addresses where Internet users can find information separate from an organization's main Web site.
A site such as companyname.jobs would contain job listings and other employment information, for example, while companyname.mobi could contain stripped-down information and applications that would be easier to access from mobile devices.
.Mobi is sponsored by Microsoft Corp., Nokia Corp., and Vodafone Group Services Ltd., which hope to target the domain specifically at mobile content and service providers as well as mobile device manufacturers, vendors and individual companies.
In a domain proposal submitted to ICANN, the sponsors predicted a boom in mobile devices by 2006, requiring a host of new Internet services and content tailored to their use.
.Jobs is being sponsored by a company called Employ Media LLC, which is targeting the human resource management community.
ICANN did not say this week when it expects to wrap up evaluations of the second-stage applicants, saying only that progress reports would follow. Ten applicants answered the group's call last year for new sponsored top level domains, and no limit was placed on the number that would be accepted.
Posted by Chad Dickerson at 04:26 PM
Microsoft Corp. has joined the desktop search fray with its release Monday of the beta test version of a suite of tools designed to let users find information stored in their PCs.
The new MSN Toolbar Suite is free and available for download now at http://beta.toolbar.msn.com/. In addition to an updated version of the MSN Toolbar for conducting Web searches using the company's Internet Explorer browser, the suite includes various toolbars for searching users' hard drives.
Among the PC files the suite can index and retrieve are calendar items, contacts and e-mail messages from Microsoft Outlook, as well as Microsoft Word and Microsoft PowerPoint files. The suite also indexes Adobe Systems Inc. PDF files.
Available now in English, the suite is expected to be released in other languages next year.
"People expect Microsoft to do a fantastic job on client code and searching within Windows and Office, and what we have delivered here … is what people expected of us: the best way to search your PC," said Yusuf Mehdi, corporate vice president for the MSN Information Services and Merchant Platform division at Microsoft, during a news conference Monday.
Microsoft's rivals in the online search space, Google Inc., Yahoo Inc., America Online Inc. and Ask Jeeves Inc., are all highly interested in ruling the desktop search market. Google delivered a beta version of its desktop search tool in October, while Yahoo announced last week it plans to launch its own tool next year. Ask Jeeves will offer details of its desktop search tool later this week, while AOL will provide desktop searching within a Web browser it is developing.
Microsoft believes it will be able to win over users through the tight integration it says the MSN Toolbar Suite has with the Windows environment and applications, which will let users conduct desktop searches within the applications they are familiar with, as opposed to having to operate within an external application, Mehdi said.
The tool, at this stage at least, does have some limitations. It doesn't index e-mail messages stored in IBM Corp.'s Lotus Notes e-mail and collaboration system, Mehdi acknowledged. The suite indexes some picture files, such as GIFs and Bitmaps, but it wasn't immediately clear to what extent it indexes other types of multimedia files.
Although Mehdi repeatedly claimed that this suite of desktop search tools put Microsoft ahead of its competitors, the perception in the industry is that Microsoft could have locked up this market for itself for years, but left the door open to competitors because the hard drive searching tools within Windows have traditionally been subpar.
Posted by Chad Dickerson at 08:11 PM
3Com Corp. became the latest company to scoop up technology for preventing attacks on computer networks, announcing on Monday that it was acquiring TippingPoint Technologies Inc. of Austin, Texas, for US$430 million in cash.
The deal will add TippingPoint's UnityOne line of network-based IPS (intrusion prevention system) hardware and software to 3Com's stable of enterprise security products, and will give 3Com a leg up in the growing market for technology to serve converged networks of voice and data, 3Com said in a statement.
3Com, of Marlborough, Mass, will pay $47 in cash for each outstanding share of TippingPoint stock, adding TippingPoint as a new division within 3Com. Kip McClanahan, TippingPoint's current chief executive officer (CEO), will be the division president.
Companies use TippingPoint's technology to protect their networks from a variety of threats, including DOS (denial of service) attacks, and infections from worms and viruses. TippingPoint's UnityOne IPS appliances use a custom chip to inspect network traffic at high speeds, spotting attacks aimed at software applications, as well as routers, switches, DNS (Domain Name System) servers and other critical network infrastructure. The UnityOne Security Management System allows companies to centrally manage and control IPS appliances across the network, according to TippingPoint.
The UnityOne technology will strengthen 3Com's enterprise product portfolio, giving the company a foothold in the intrusion detection and prevention hardware and software markets which, together, are expected to be worth $1.24 billion by 2008, according to IDC.
The purchase will also give the company technology for securing VoIP (voice over Internet Protocol) traffic, as well as traditional network traffic, on so-called converged networks, 3Com said in a statement.
3Com has taken steps in the last year to build its profile as a provider of network security technology. In Nov. 2003, the company unveiled a partnership with Crossbeam Systems Inc. to market and sell that company's security services switches to medium-size and large enterprises worldwide.
In January, the company released the 3Com Security Switch 6200, a new switch that uses Crossbeam technology and provides firewall, anti-virus, content-filtering and intrusion detection features on a single device. In September, 3Com added the Security Switch 7245 and 7280 to that line, targeting large enterprises and Internet service providers with features like VPNs (virtual private networks), intrusion detection, virus scanning, antispam and secure remote access via SSL (secure socket layers) VPN.
3Com is just the latest company to buy its way into the IDP (intrusion detection and prevention) market.
In a megadeal announced in February, Juniper Networks Inc. bought security vendor NetScreen Technologies Inc. for stock worth approximately US$4 billion, adding NetScreen's network security products, including IDP appliances, to Juniper's portfolio.
In March, Cisco Systems Inc. bought Riverhead Networks Inc. of Cupertino, California, for US$39 million in cash, picking up technology to protect networks from DDOS (distributed denial of service) attacks.
Security software companies are getting into the IDP business, also. McAfee Inc. laid out US$220 million in April, 2003, for two San Jose, California, companies: IntruVert Networks Inc., a maker of hardware-based firewalls and network intrusion detection systems, and Entercept Security Technologies Inc., which made host IPS technology.
More recently, Symantec Corp. signed a deal on Dec. 3 to purchase Platform Logic, a maker of the AppFire host-based intrusion detection software for an undisclosed sum.
Posted by Chad Dickerson at 08:09 PM
The U.S. Congress this week passed a telecommunications bill in the final hours of the 2004 session, but some groups praised lawmakers for failing to act on legislation that would create new penalties for copyright violations.
The Senate approved legislation that allows funding to continue for the E-Rate program, intended to provide money for schools and libraries to hook up to the Internet. Late Wednesday, the Senate approved a telecommunications bill that included authorization for the E-Rate program to continue funding projects, even though E-Rate has been under fire in Congress this year for fraud and abuse within the program.
Among the bills that didn't pass this year is one that would have allowed entertainment companies and artists to sue others that "induce" copyright violations. Another bill that failed to pass would have established prison sentences for some electronic distribution of copyrighted works.
The Senate failed to act on the Cooperative Research and Technology Enhancement (CREATE) Act, a bill passed by the House of Representatives in March. The bill, a combination of other copyright legislation introduced in the House, included prison sentences of three to 10 years for the electronic distribution of copyrighted works worth more than US$1,000. The prison sentences could be imposed for willful violations or, in some cases, the distribution of more than 1,000 copies of a copyrighted work.
A spokesman for Representative Lamar Smith, author of the CREATE Act, did not immediately return a phone call seeking comment on Smith's plans for copyright legislation in 2005. Smith is a Texas Republican.
Another copyright bill, the Inducing Infringements of Copyright Act, failed to move out of the Senate Judiciary Committee after Chairman Orrin Hatch, a Utah Republican, couldn't reach a compromise with technology and civil liberties groups that opposed the bill. Critics said the bill, intended to target peer-to-peer (P-to-P) software vendors, was worded so broadly that it would allow the music and movie industries to sue many groups, including venture capitalists who invest in new technologies and journalists who review digital recording products.
In August, a group of companies and organizations, including MCI Inc., SBC Communications Inc. and Verizon Communications Inc., offered Hatch a proposal that would have softened the bill. That proposal, advanced by the Home Recording Rights Coalition, would have penalized only those companies that actively distribute computer tools "specifically designed to cause or enable infringement."
But Hatch and critics of the bill weren't able to hammer out an agreement. A spokeswoman for Hatch didn't immediately respond to a request for a comment on the status of similar legislation for 2005.
Public Knowledge, an intellectual property advocacy group, applauded Congress for not acting on the two copyright bills. Congress acted in consumers' interest when it decided not to strengthen copyright penalties, said Gigi Sohn, president of Public Knowledge.
Two sessions of Congress have passed without passage of major copyright legislation, Sohn noted. "It's time for the content industry to move on to a new strategy -- that is, take the technology, build business models, and make a lot of money," she said.
The Recording Industry Association of America (RIAA) said the copyright legislation had "strong bipartisan support."
"At the end of the session, the intellectual property package was caught up in a crossfire about completely unrelated issues," RIAA spokesman Jonathan Lamy wrote in an e-mail. "The substance of it was not the issue."
A change in Federal Communications Commission accounting rules had forced the E-Rate program to stop sending out payments to schools and libraries that had been promised money, according to a spokesman for Senator Conrad Burns, a Montana Republican who pushed the Senate to approve the telecommunications bill that passed Wednesday. The bill, if signed by President George Bush, will restore that funding, said Burns spokesman Grant Toomey.
Burns argued the E-Rate program is important to schools and libraries in rural areas. "There are many areas across the country that are deficient in the available technology," Toomey said. "The nice thing about technology is you can bring those folks up to par. They can have access to the same information as a kid in New York City."
Other groups praised the Senate for passing the telecommunications bill, called the National Telecommunications and Information Administration Organization Act. The bill provides incentives to advance E-911 deployment, and it attempts to improve radio spectrum management as well as to maintain the Universal Service Fund, a pot of money from taxes on carriers that funds E-Rate and other telecommunications services to rural and poor areas.
Posted by Chad Dickerson at 04:46 PM
Sony Computer Entertainment Inc.'s (SCEI) long-awaited PSP (PlayStation Portable) went on sale in Japan Sunday to long lines of people, many of whom had been waiting through the night to buy a unit.
At Yodobashi Camera in Tokyo's Shinjuku district, around 1,000 people were already in line at 5 a.m., forming a 200-meter queue that wound around the store and down a neighboring street. It out-stretched the line for the launch of Nintendo Co. Ltd.'s DS handheld device which went on sale Dec. 2, said Jiro Nishijima, a manager at Yodobashi Camera.
He wouldn't say how many PSPs the store had taken delivery of from Sony but guessed that they wouldn't last long.
"We expect to be sold out sometime during the morning," he said.
First in line was Tsukasa Arai, who said he had been waiting since 11:30 a.m on Saturday.
"I'm interested in the PSP because it can play music," he said. "I have one of the original PlayStations and some of the very old Nintendo consoles and for me gaming is a secondary feature."
In addition to games, the PSP can also play music and video files, and Sony plans later to release audio and movies on the PDP's UMD (Universal Media Disc) disc format. The only software available initially will be gaming titles, but users can play music on the device from a Memory Stick card.
"We are still talking to digital content publishers," said Masa Chatani, corporate executive and chief technology officer of SCEI, in an interview Friday. "That will include the studios in Hollywood and labels in New York. They are all pretty much interested in publishing their content on UMD for the PSP."
The initial software line-up consists of "Minna no Golf Portable" (Sony Computer Entertainment); "Ridge Racers" (Namco); "Armored Core Formula Front" (From Software); "Lumines" (Bandai); "Vampire Chronicle: The Chaos Tower" (Capcom), and "Mahjong Fight Club" (Konami). Another batch of titles is due Dec. 16.
Chatani was watching the line outside Yodobashi Camera on Sunday morning and said he was very pleased with how the launch was going.
At 6 a.m. when sales began, Arai was rewarded for his more than 18-hour wait by being the first person in Japan to officially purchase a PSP. He was served at a counter by Akikazu Fujisawa, president of Yodobashi Camera, and Ken Kutaragi, president and CEO of SCEI.
Kutaragi had also been up early Sunday.
"I set my alarm for 4 a.m. but I opened my eyes about an hour earlier, thinking about the PSP," Kutaragi said. He confirmed Sony's plan to ship 500,000 units in Japan before the end of the year.
At 6:15 a.m., after sales had begun, the line in front of the store had grown by another 100 to 200 people.
Two versions of the PSP are available: a basic pack with the unit, power adapter and battery, and a value pack which also includes a carrying case, Memory Stick card, headphones and wrist strap. The basic pack costs ¥20,790 (US$200) including tax and the value pack costs ¥26,040.
The apparent popularity of the PSP is likely to ensure that devices will fetch a premium on the gray market until supplies increase. SCEI planned to have 200,000 units shipped in time for Sunday's launch, and to ship a further 300,000 to Japanese retailers by the end of the year.
The first hints of gray market activity could be seen almost as soon as the PSP went on sale, and helped to explain the large number of what appeared to be homeless people that had been queuing to buy a unit. Customers were each allowed to buy only one PSP Sunday, and homeless people had been enlisted to stand in line and buy machines for others.
As they left the store, several of them headed to a small group of people standing a few meters from the shop's entrance. They handed over their just-purchased PSPs with the receipt and change, and in return were paid ¥3,000. Soon after 6 a.m. the group had a collection of at least 20 PSPs at their feet. The identity of the group was unknown.
A similar scene played out at the nearby Bic Camera store.
PSPs are being offered online via sites such as Yahoo Auctions in Japan and eBay Inc. in the U.S. In almost all cases it is impossible to verify whether the sellers have PSP units in hand or were offering them in the expectation of being able to buy one Sunday.
At Hong Kong-based shopping site Lik-Sang.com, initial shipments of PSPs are likely to sell for between US$450 and $600, the site said.
The PSP is scheduled to launch in the U.S. and Europe sometime in the first three months of 2005.
Posted by Chad Dickerson at 04:46 PM
Oracle Corp. has signed a definitive agreement to acquire PeopleSoft Inc. for US$26.50 per share, or approximately $10.3 billion, the companies said Monday, ending an acrimonious takeover battle that has lasted for more than 18 months.
The transaction has been approved by both companies' boards of directors and is expected to close in late December or early January. The agreement followed discussions between the companies throughout the weekend, PeopleSoft said in a statement.
PeopleSoft's board decided that Oracle's latest offer provides good value for PeopleSoft's stockholders, the company said. The agreement ends a long, emotional struggle, it said.
The customers Oracle gains from PeopleSoft will allow it to invest more in applications development and support, Oracle said in a separate statement, repeating an argument the company has been making for the past year and a half as it fought to win support from PeopleSoft's shareholders, executives and customers.
The companies had been scheduled to meet later Monday in Delaware Chancery Court to give depositions over PeopleSoft's "poison pill" provision, aimed at blocking a hostile takeover attempt. The poison pill allows PeopleSoft to significantly inflate its number of outstanding shares in case of a takeover bid, making a buyout prohibitively expensive.
The companies now plan to put their litigation on hold and drop the claims entirely when the merger is complete, PeopleSoft said in its statement.
The agreement came about after a representative from PeopleSoft approached Oracle over the weekend, according to Larry Ellison, Oracle's chief executive officer, who discussed the deal during the company's quarterly earnings call Monday.
"We met throughout the weekend and PeopleSoft gave us financial details that allowed us to analyze the transaction even better. We were able to assess the real value of the deal," he said.
The sum Oracle has agreed to pay is $2.50 per share higher than the "final" offer it made for PeopleSoft at the start of November.
"This merger works because it increases our ability to sell into the applications marketplace; it doubles our installed base and increases our sales force," Ellison said.
Oracle plans to develop a suite of business applications that merges features from the products sold by Oracle, PeopleSoft and the former JD Edwards & Co., which PeopleSoft acquired last year for $1.8 billion, Ellison said. That product is still two to three years out, he said. In the meantime, Oracle will enhance PeopleSoft 8 and JD Edwards 5, and also release upgrades to both those suites, he said.
"Customers should think of upgrading before they get the idea of moving to a merged product. It is some ways away," Ellison said.
"PeopleSoft 9 and JD Edwards 6 will come out about 18 months from now. Actually, 12 to 24 months is a safer range," he said, admitting that the company is still at the "guessing stage" about product delivery schedules.
The plans are somewhat at odds with Oracle's earlier statements, but bringing the affair to a conclusion, and creating a more viable competitor to market leader SAP AG, is good for the industry and for both companies' clients, according to Philip Carnelley, a research director with UK analyst company Ovum Ltd.
"PeopleSoft's customers had been suffering from uncertainty over future directions. At least now they'll get some certainty, even if they don't like the outcome -- which now seems rather better than they feared," he wrote in an e-mail commentary.
"A stronger, equivalent competitor to SAP -- even if it'll take some time to emerge properly -- will also be good for the industry and future buyers. It really was having things all its own way," he wrote.
Oracle's offer depends on a majority of PeopleSoft's outstanding shares being tendered in favor of the deal, as well as customary closing conditions. Oracle said last month that it had secured the backing of enough PeopleSoft shares to complete the merger. At the close of business Friday, approximately 120.6 million shares had been tendered in favor of the offer, Oracle said.
PeopleSoft's board recommended on Monday that the company's shareholders tender their shares in Oracle's favor.
The news came on the same day Oracle announced its financial results for the quarter just ended. During the quarter, revenue from Oracle's applications business increased by 57 percent, Oracle said in the statement.
The agreement follows a lengthy and sometimes ugly battle during which Oracle steadily chiselled away at obstacles to the merger, which at times looked unlikely to succeed. The most vigorous opposition came from U.S. antitrust regulators and from PeopleSoft's own management, who had insisted the company was not for sale at any price.
The U.S. Department of Justice tried to block the deal on the grounds that it would reduce competition in the ERP (enterprise resource planning) market to such a degree that customers would end up paying higher prices. But in September a California judge rejected the argument, accepting Oracle's position that sufficient vendors would remain to keep the market competitive. European regulators followed with a similar decision.
Oracle also faced hostility from PeopleSoft's board, and in particular from its former president and CEO, Craig Conway, who said the deal would hurt PeopleSoft's shareholders and customers. Conway was dismissed by the board in October, when it said it had lost confidence in his ability to lead the company. Weeks later, PeopleSoft director Steven Goldby testified in court that he would be open to discussions with Oracle if the price were right.
On Nov. 1 Oracle made what it said would be its final offer for PeopleSoft, increasing its bid from $21 per share to $24 per share. When it learned a week later that PeopleSoft planned to reject the offer, it said it would leave the matter to PeopleSoft's shareholders. "PeopleSoft's shareholders now face a very simple decision. They can accept our all-cash $24-per-share offer ... or it will be withdrawn," Jeff Henley, Oracle's chairman, said at the time.
The following week, a majority of PeopleSoft's shares were voted in Oracle's favor -- but still the wrangling continued. PeopleSoft's board said it was convinced that its biggest stakeholders did not want the merger to go ahead at the price Oracle had offered. Oracle then nominated its own slate of executives for PeopleSoft's board, setting the stage for a proxy battle for control of the company.
The two sides apparently managed to reach an accord over the weekend, with PeopleSoft's board agreeing to drop its poison pill measure, and Oracle agreeing to pay a premium of almost 10 percent over PeopleSoft's closing share price Friday of $23.95.
Posted by Chad Dickerson at 04:46 PM
The U.S. Supreme Court on Friday agreed to hear a case focusing on whether peer-to-peer (P-to-P) software vendors should be penalized for unauthorized file trading when their software is used.
The Supreme Court decision follows rulings by lower courts that P-to-P vendors aren't liable for copyright violations committed by users of their services. In August, the U.S. Court of Appeals for the Ninth Circuit ruled unanimously to uphold a lower court ruling that P-to-P companies Grokster Ltd., StreamCast Networks Inc. and MusicCity.com Inc. were not liable for users' copyright violations.
The Recording Industry Association of America (RIAA) and the Motion Picture Association of America applauded the Supreme Court's decision. The two trade groups, along with the National Music Publisher's Association of America, brought the original lawsuit against P-to-P services, but a district court judge dismissed the case in April 2003.
By allowing P-to-P services to continue operating, the courts disadvantaged so-called legitimate services, Mitch Bainwol, RIAA chairman and chief executive officer, said in a statement. P-to-P vendors should be able to filter copyrighted material on their networks, just as most P-to-P vendors now filter out viruses, he added.
“We appreciate that the Supreme Court has agreed to review this case," he added. "There are seminal issues before the court -- the future of the creative industries and legitimate Internet commerce. These are questions not about a particular technology, but the abuse of that technology by practitioners of a parasitical business model. Bad actors who have hijacked a legitimate technology for illegitimate means must be held accountable."
P-to-P vendors have argued that the music industry refuses to license its products to them and instead has focused on suing P-to-P users. Since September 2003, the RIAA has filed more than 7,000 lawsuits against alleged file traders.
Public Knowledge, an intellectual property advocacy group, called on the Supreme Court to act consistently with its ruling in the 1984 Sony Corp. vs. Universal City Studios Inc. case. In that case, involving VCR technology, the court decided that makers of technologies that have significant noninfringing uses could not be held liable for copyright violations committed by their customers.
"The Sony case is at the heart of the technological growth for the last 20 years," said Gigi B. Sohn, president of Public Knowledge. "Now is not the time to hamper it or crimp it in any way."
It's understandable why the Supreme Court would want to hear the Grokster case because it's interesting, Sohn said. "I do hope the court confirms what the district court said -- that is, technologies are disruptive, and (entertainment) companies always manage to respond to them," she added.
Sohn and Adam Eisgrau, executive director of trade group P2P United, said the Supreme Court's decision to take the case doesn't mean it's likely that the court will overturn the lower courts' decisions. Grokster and StreamCast, distributor of the Morpheus P-to-P software, are both members of P2P United. MusicCity.com was a site operated by StreamCast. Eisgrau expressed optimism based on the Ninth Circuit's legal reasoning and the precedence of the Sony case.
"We are confident the court will find a path that will not stymie innovation in the interest of parochial entertainment groups," Eisgrau said.
Posted by Chad Dickerson at 11:51 PM
Microsoft Corp., Yahoo Inc. and Ask Jeeves Inc. are all set to jump into the desktop search space, two months after Internet search leader Google Inc. offered a test version of a tool that lets users search for information stored on their desktop computers.
Yahoo plans to debut a beta version of a new Yahoo Desktop Search tool in the coming weeks, the company said late Thursday. Meanwhile, Ask Jeeves is set to unveil its test offering Dec. 15, and Microsoft will release its desktop search beta next week as well, according to sources familiar with the company's plans.
Among the key benefits of desktop search tools is that users should be able to search through files on their desktops much faster and more thoroughly than they can with the search feature currently in Windows.
Yahoo's free Yahoo Desktop Search product will initially have a special focus on e-mail and e-mail attachments, as well as specific file types such as photos and music, according to Yahoo. The product will later be expanded so that users can search a broad range of Yahoo's online services, the company said.
Unlike Google, Yahoo has enlisted the services of a third party for its desktop search product. The tool is based on technology from X1 Technologies Inc., which has been selling a tool for business users for several years. In March, X1, of Pasadena, California, launched its 3.0 product, which sells for US$74.95 per user.
"We evaluated all of our options and believe that X1's application would provide our users with the best desktop search solution," a Yahoo spokeswoman said. Terms of the deal between Yahoo and X1 were not disclosed.
The major Internet search players are jumping into the desktop search space to fill a void left by Microsoft, said X1 President Josh Jacobs. "The tools that are provided in the core operating system are not sufficient to find and to manage all the information on our desktops," he said.
Ask Jeeves, in Emeryville, California, plans to launch a beta version of its desktop search tool on Wednesday, said Jim Lanzone, the company’s senior vice president of search properties. The tool will be positioned as a key component of the MyJeeves personal search service, he said
Currently, MyJeeves lets users store Web queries and results, but its scope will grow to include documents stored on users' PCs through the integration of the desktop search tool, Lanzone said.
"In the future, we imagine MyJeeves as a place for all your personal files: Web pages, photos, music files and so on. That way, MyJeeves becomes a platform for sharing that information with people in your work, family or hobby network," he said. "That's where this is all headed."
The beta version of the Ask Jeeves desktop tool will have some initial integration with MyJeeves, but that integration will grow deeper in the future, Lanzone said. Ask Jeeves will provide more details next week, he said.
Ask Jeeves expects to launch a final version of the desktop tool sometime next year, Lanzone said. The company views the race among desktop search providers "as a marathon and not a sprint," he said.
Microsoft first demonstrated its desktop search tool in July and has said publicly that it plans to release a beta version by year's end. The Redmond, Washington-based company acquired Lookout Software LLC, which made a desktop search tool, earlier this year.
Ask Jeeves also acquired desktop search technology this year, when it bought Tukaroo Inc. in June. Lycos Inc. released its HotBot Desktop tool earlier this year.
The interest in desktop search is not surprising, industry analysts have said. Operators of Web search want to get on the desktop because it gives them more real estate on users' computers and thus more opportunity to display ads, Matthew Berk, an independent analyst based in New York, said in August, when IDG News Service first reported Yahoo's desktop search plans.
Posted by Chad Dickerson at 04:13 PM
Vodafone Group PLC will start Internet roaming trials this month with Connexion by Boeing, The Boeing Co.'s in-flight broadband Internet service, the companies said Thursday.
Connexion by Boeing uses a wired or wireless LAN on board commercial airliners to connect users to the Internet via a satellite system on board the aircraft. The connection, shared among passengers, has a downstream bandwidth of 5M bps (bits per second) and an upstream bandwidth of 1M bps.
If Vodafone decides to offer its own services on Connexion, Vodafone customers with a suitable PC or PDA (personal digital assistant) will be able to use their Vodafone service by logging into it through the Connexion by Boeing portal, said Matthew Nicholson, a spokesman for Vodafone K.K., the Japanese unit of Vodafone.
"It's all about billing," he said. "Any Vodafone customer would be able to get our branded services without the inconvenience of getting billed by another party."
The companies didn't say how long the trials would last. If they are successful and Vodafone decides to launch the service it will probably be available first on Lufthansa AG flights in and out of Europe, the companies said. It will likely be targeted at Vodafone's business customers, Nicholson said.
Connexion by Boeing launched in May 2004 on one Lufthansa route, with the German airline expanding availability to other routes over the subsequent months.
Boeing has already signed roaming agreements with a number of communications services companies including iPass Inc., Infonet Services Corp., NTT DoCoMo Inc., NTT Communications Corp., Singapore Telecommunications Ltd. and StarHub Pte. Ltd., it said.
It has signed agreements to provide Connexion by Boeing services to China Airlines Ltd., Singapore Airlines Ltd., All Nippon Airways Co. Ltd. , Japan Airlines System Corp, and SAS AB's Scandinavian Airline Systems. Preliminary agreements have been signed with Korean Air, TOKYO (12/10/2004) - Asiana Airlines Inc. and two other unannounced airlines, according to Boeing.
Posted by Chad Dickerson at 04:13 PM
Amazon.com Inc. dipped its toes in the online DVD rental market this week with the launch of a service in the U.K.
The online retail giant introduced two monthly plans on Thursday for renting DVDs at its Amazon.co.uk site, as it made its anticipated move into the market.
U.K. consumers can sign up to have four DVDs of their choice delivered to their homes for £7.99 (US$15.40) a month, or six DVDs for £9.99 a month. The DVDs are delivered in batches of two or three, depending on the plan, and users aren't charged late fees. Subscribers send the DVDs back in a prepaid envelope to receive their next batch.
The service is similar to Blockbuster Inc.'s U.K. service, although Blockbuster offers unlimited DVD rentals for £13.99 a month. The number of movies subscribers can rent depends on how fast they watch them and send them back to get their next batch.
Blockbuster's service mirrors that of U.S. market leader Netflix Inc., which offers unlimited rentals for $17.99 a month.
Market research indicates that consumers normally rent five or fewer movies per month, Amazon.com said. Its service appears to be designed to complement its online DVD sales shop. It is offering a 10 percent discount on DVD purchases to customers who subscribe to its rental plans.
Jupiter Research analyst Olivier Beauvillain doesn't think that Amazon will be hampered by not offering unlimited rentals at this time.
"The plans can be easily changed in the medium term. That's the nice part about being on the Internet," Beauvillain said.
Beauvillain sees online DVD rentals as a good opportunity for providers until video-on-demand becomes more widely available, in two to three years.
Roughly 60 percent to 80 percent of online households in Europe have DVD players so there is decent market demand, he said. For the services to be successful, they should have extensive movie catalogs, and take into account postal rates in each market, which could cut into providers' margins, Beauvillain said.
"I think part of the reason that Netflix didn't enter the U.K. market is because of the high postal rates," he said.
Beauvillain estimated that postal rates in Europe are about two times higher than those in the U.S. They can be a significant factor in deciding whether providers enter certain markets since offering customers free postage to send and receive DVDs is so central to the business model, he said.
Amazon representatives in the U.K. could not say if the company has plans to offer the rental service in other countries. Chief Executive Officer Jeff Bezos said in a statement that Amazon is determined to be the best place to rent DVDs.
Posted by Chad Dickerson at 04:13 PM
The U.K. government is promising local authorities that they stand to save around £320 million (US$617 million) a year by implementing its local e-government national projects.
On top of sizable savings, local governments in England, also called councils in the U.K., could increase total revenues by £60 million per year, while delivering service improvements worth £1.3 billion, the Office of the Deputy Prime Minister (ODPM) said on Wednesday. Those figures are the average in a range for each category, according to a spokesman from the National Projects Programme.
The ODPM is basing its claims on a study it commissioned from the French IT consulting and services specialist CapGemini SA, which looked at six of the 22 national projects the government is promoting as part of its push to deliver local e-government by 2005. CapGemini has a contract to do work in the U.K.'s e-government initiative.
The six projects studied were: CRM (customer relationship management); workflow; local authority Web sites (called LAWs); mobile working (called NOMAD); online planning and regulatory services; and council tax and business rate valuation (Valuebill).
"These programs were chosen for study because they are a good sample for the program as a whole and because they are the most well developed of all the programs," said a spokesman from the National Projects Programme.
The government has long pushed e-government's benefits, though it has struggled to meet its own deadline of putting all government services online by 2005. Analysts have long warned that the government will be unable to reach its targets.
Last year, IDC published a report stating that the U.K. government was falling behind its European counterparts in providing its citizens with e-government services. Forrester Research Inc. also published its own findings that the government would fail to reach the 2005 self-imposed deadline, partly because it doesn't understand how to work with fast moving, small e-commerce vendors and how to build partnerships.
But the government continues to assert it is on the right track, though privately sources concede the 2005 deadline is now simply more of a guideline.
The ODPM set up the local e-government National Projects Programme to help all English local authorities achieve the 2005 local e-government targets and develop a vision for e-government within their own authorities. The funding comes from the ODPM, but the National Projects are run by local authorities for the benefit of other local authorities.
The National Projects Programme spokesman said the government doesn't know exact numbers in terms of which councils adopted what programs, but said that 80 percent of councils "are already involved in at least one national project." The spokesman said that "involvement" went beyond simply inquiring about a program, but didn't necessarily include commitment to implement.
The 22 national projects also include a DigitalTV program that would enable councils to run an interactive digital TV channel to publish information and conduct polls.
Representatives from CapGemini could not immediately be reached for comment.
Posted by Chad Dickerson at 04:13 PM
Security researchers warned this week of a vulnerability in most Web browsers which could potentially allow scammers to launch phishing attacks from pop-up windows on trusted Web sites.
The vulnerability arises when an Internet user opens browser windows for both a legitimate Web site and a malicious site at the same time. Because of an old functionality that exists in most browsers, the malicious site can potentially display information in a pop-up window from the trusted site, according to Secunia Research.
The vulnerability has yet to be exploited but could present a very effective method for launching online fraud scams, often known as phishing, Secunia Chief Technology Officer Thomas Kristensen said Thursday.
While most users do not intentionally visit malicious Web sites, they often stumble upon them by following links, making it relatively common for Net surfers to have browser windows open for both legitimate and malicious sites at the same time, Kristensen said.
This could be a particularly dangerous situation if exploited to display misleading information on a pop-up window from a legitimate bank Web site, for example, he warned. Even if savvy users check for a the yellow "lock" icon on a Web site, signifying encryption, the pop-up could still display content from the malicious site, he said.
"This could be a surprisingly effective way to seduce or trick people into doing something," Kristensen said.
The vulnerability affects almost all browsers, including Internet Explorer (IE), Mozilla, Firefox, Opera, Konqueror, Safari and Netscape, the researcher said.
Secunia, based in Copenhagen, went public with its warning Wednesday, after saying that it had alerted browser vendors of the vulnerability months ago.
Microsoft said Thursday that it has investigated the report, and customers who use Windows XP SP2 and follow its advice on spoofing attacks are at a reduced risk.
The functionality described in the report allows a Web site to open or re-use a window without displaying the address bar. However, SP2 users will see a status bar in the pop-up window, allowing them to look for the yellow lock icon and confirm that the site is valid, Microsoft said.
Opera has also included measures to mitigate the vulnerability in the latest beta version of its software, Kristensen said.
He acknowledged that by going public with the warning he was also alerting Internet scammers to a new opportunity, but said that he felt the public should be aware of the threat since not all browser vendors had been responsive.
"We thought it would be better to openly talk about this and we are giving advice on how to mitigate it," Kristensen said.
Posted by Chad Dickerson at 04:22 PM
The U.K. government will launch a Parliamentary inquiry next year into the practicalities of electronic voting.
The House of Commons Constitutional Affairs Committee will carry out an inquiry on the first steps towards electronic voting, working with a sub-committee of the Office of the Deputy Prime Minister. They have requested public testimony and evidence by Jan. 14.
The U.K. government has long prized the benefits of e-government, though it has been struggling to meet its own deadline of putting all government services online by 2005. The government sees electronic registrations as the first building blocks for electronic voting.
The inquiry will evaluate the merits of electronic registration systems compared to paper-based systems, and will consider whether to set up a national electoral register. Current electoral registers are compiled and held locally.
There will also be questions about how to secure the electoral register, and on the issue of national identity cards, the Parliamentary committees said.
Last month, the government proposed legislation that would create a system of ID cards that carry biometric identifiers in an embedded chip, linked to a massive national database to be created by 2010.
The committees are requesting that written evidence be submitted in an electronic format, preferably by e-mail, in either Microsoft Word or Rich Text format. The e-mail address for sending information to the inquiry is odpmcom@parliament.uk.
Posted by Chad Dickerson at 04:22 PM
A new set of 3G (third generation) mobile phones should help to turn around the fortunes of Vodafone K.K., the Japanese unit of Vodafone Group PLC, its new president said on Wednesday.
Vodafone is launching seven handsets in Japan, including the Nokia Corp. 702NK (Nokia 6630 outside of Japan) that went on sale on Dec. 8. The phones are only the first step in transforming the fortunes of Vodafone's struggling Japanese unit, he said.
"This is not only about new handsets. My main target is to catch up to become number two," he said.
Shiro Tsuda, who took office a week ago, came to Vodafone after being passed over for the top job at Japan's number one wireless carrier, NTT DoCoMo Inc. He had worked there for 34 years, rising to become senior executive vice president. Since he was chosen as president of Vodafone in August, Tsuda said he has spent the last four months wrestling with how to improve the Japanese unit's poor 3G subscriber growth.
Since Vodafone took over the former J-Phone in October 2001, the carrier has failed to gain market share. Between the launch of its 3G services in December 2002 and the end of this November, Vodafone has gained a total of 296,900 subscribers to the 3G network. In November it attracted 22,500 new users to the service, according to the company.
By comparison, Vodafone's competitor for the number two spot, KDDI Corp. signed up 294,800 new 3G subscribers in November. KDDI has accumulated 16.4 million subscribers since it started 3G services in April 2002, according to figures provided by Japan's Telecommunications Carriers Association.
NTT DoCoMo's 3G subscriber increase for November was 504,800 and its total number of 3G subscribers grew to 7.6 million, according to the association.
When asked about what new handsets Vodafone planned to release next year and by when the company would catch up and overtake KDDI, Tsuda had no clear answers.
"I promise to catch up with our rivals. ... It won't take 10 years, (but) I won't say how many years though. It will happen step by step," he said.
Posted by Chad Dickerson at 04:22 PM
Inter-Tel Technologies Inc. has agreed to plead guilty and to pay fines totaling US$8.71 million on charges of bid rigging and wire fraud in connection with a program intended to connect schools and libraries to the Internet.
The company, a subsidiary of telecommunications vendor Inter-Tel Inc., was accused of submitting rigged bids to schools in Michigan and California as part of the U.S. Federal Communications Commission's (FCC's) E-Rate program, according to the U.S. Department of Justice (DOJ).
The E-Rate program has been under fire in the U.S. Congress this year due to allegations of widespread waste and abuse, and the Inter-Tel guilty plea was the third related to E-Rate announced by the DOJ since late May.
Inter-Tel was charged with one count of allocating contracts and submitting rigged bids for E-Rate projects at the two school districts, in a two-count felony charge unsealed Wednesday in U.S. District Court in San Francisco, according to the DOJ.
Inter-Tel also was charged with one count of wire fraud and aiding and abetting by willfully entering into a scheme to defraud the E-Rate program in San Francisco by inflating bids, agreeing to submit false and fraudulent documents to hide the planned installation of ineligible items, and submitting false and fraudulent documents to defeat inquiry into the legitimacy of the funding request.
Inter-Tel released a statement Wednesday saying it was pleased to reach the settlement. The settlement will cost the company a total of $9.5 million, including uncompensated E-Rate work, accounts receivable forgiveness, and related remaining attorneys' fees and other expenses, according to the company.
Inter-Tel's negotiated resolution in the case, if approved by the court, would require the company to pay $1.71 million in criminal fines and $7 million in restitution and civil settlement. The plea hearing and sentencing for Inter-Tel was scheduled for late Wednesday.
"While the employees directly involved with the matters in question are no longer associated with Inter-Tel in any form, we take full responsibility for their actions," Inter-Tel Chairman and Chief Executive Officer Steven G. Mihaylo said in a statement. "We have begun to implement and will expand to a more rigorous compliance program including review of current and future government contracts. We will not tolerate any conduct that causes anyone to question the integrity of our company."
Fraud and waste in the E-Rate program, with an annual budget of $2.25 billion, has been the subject of several hearings in the U.S. Congress this year. In May, NEC-Business Network Solutions Inc. pleaded guilty to defrauding the E-Rate program and agreed to pay $20.6 million in fines and restitution. Earlier this year, SBC Communications Inc. agreed to return $8.8 million to the FCC after equipment was not installed in Chicago schools.
Posted by Chad Dickerson at 01:45 AM
Wal-Mart Stores Inc.'s walmart.com online store suffered outages Wednesday, two days after online retail giant Amazon.com Inc.'s Web site faced significant performance problems.
AlertSite.com, a company that monitors Web site performance and uptime, was unable to access www.walmart.com from its seven monitoring locations in the U.S. at three different times Wednesday morning Eastern Standard Time, said Ken Godskind, the company's marketing vice president.
Walmart.com spokeswoman Amy Colella acknowledged www.walmart.com experienced availability problems Wednesday morning, but she characterized them as "minor issues" that affected the site briefly and have since been resolved. "We confirmed that customer transactions weren't affected and the site is now up and running," she said.
She declined to be more specific about what caused the problem, which she described as "isolated."
AlertSite, based in Boca Raton, Florida, checks Web sites every 15 minutes from the U.S. locations and www.walmart.com was unavailable from all monitoring locations at 9:37 a.m. , 10:07 a.m. and 10:22 a.m., Godskind said. However, it was available from all seven locations when checked at 9:52 a.m., he said.
AlertSite determines that a Web page is unavailable if it takes more than 30 seconds to download. AlertSite issued a report on the www.walmart.com performance problems Wednesday.
Based on various performance measurements, www.walmart.com was sluggish for the rest of the morning until around 1 p.m. Eastern Standard Time, when the site's performance regained normal levels, he said. For example, between 11 a.m. and 11:50 am, it took an average of almost 11 seconds for www.walmart.com to download, when the normal average is between three and four seconds, according to the AlertSite report.
Checks by two IDG News Service service staffers in two different U.S. locations at around 3:40 p.m. and 3:45 p.m. Eastern Standard Time found www.walmart.com unavailable. Several minutes later the site seemed to be working normally again.
The performance problems at www.walmart.com seem much less serious than the ones that affected Amazon's Web site Monday. Godskind said.
Sluggishness or outages at online storefronts are critical for online retailers, particularly during the holiday season, hurting not only sales volume but also customer satisfaction and confidence.
The AlertSite monitoring locations are in Boca Raton, Florida; Fremont, California; Seattle; Washington, D.C.; Chicago; Dallas; and New York.
Posted by Chad Dickerson at 01:43 AM
Perhaps it isn't quite as surprising as if Ford Motor Co. suddenly decided to sell the Mustang sports car brand to Hyundai Corp. But IBM Corp.'s decision to sell its PC business to China's Lenovo Group Ltd. underscores the challenges that manufacturers face in the modern PC business, even for a company synonymous with the product.
As expected, the companies announced a deal Wednesday morning in China. The agreement calls for Lenovo to pay US$1.25 billion in cash and equity for IBM's PC business, and for IBM to take an 18.9 percent stake in Lenovo.
In terms of PC shipments, for several quarters IBM has ranked a distant third among vendors worldwide, behind Dell Inc. and Hewlett-Packard Co., respectively. However, its ThinkPad notebooks enjoy a strong reputation among corporate customers, who are impressed by the security and reliability features built into the product family. Also, IBM's historical role in the development of the PC also gives them some extra cachet among certain customers.
With all those factors in its favor, why would IBM seek a gradual exit from the PC business? Quite simply, it's just too difficult for most companies to generate steady profits selling PCs, said Roger Kay, vice president of client computing with market research company IDC in Framingham, Massachusetts.
Among top-tier PC vendors, Kay said, only Dell's direct-sales model and vigorous inventory management have allowed it to consistently post profits.
Components such as memory and displays are subject to wild fluctuations in price. PCs are also harder than ever to differentiate, given that most PC vendors employ many of the same contract design and manufacturing firms in China and Taiwan. Dell manufactures some PCs in the U.S., but most other vendors have given up on domestic manufacturing.
Traditional hardware companies have spent much of the last few years looking for opportunities to grow their revenue outside of a rapidly maturing PC market.
Dell and HP have developed consumer electronics divisions, but IBM has spent more time boosting its high-end server and software businesses, as well as dramatically expanding its already huge services arm with the 2002 purchase of PwC Consulting. IBM has cut costs in its PC division by outsourcing production and dumping its hard-drive business, but financial analysts looking for better margins have long called for IBM to sell off its PC operation.
The deal with Lenovo gives IBM almost a decade's worth of cash earnings from the PC business in a single deal, Kay said. At the same time, IBM will still be able to retain its important enterprise customers that have come to rely on ThinkPads as the basic computing device for their workforces, he said. The company's primary argument against dropping PCs has been that it needs notebooks in order to provide a complete IT package to corporate customers.
For Lenovo's part, the IBM deal gives the Chinese PC-shipment leader a foothold into the lucrative U.S. and European markets. Most of the exciting growth in the PC market is taking place in emerging markets in Asia, Eastern Europe, and South America, but corporate customers are attractive because products for that segment command higher margins than consumer PCs, Kay said.
Lenovo would also be acquiring the second-largest notebook PC business in China, putting it in a dominant position in its home market, Kay said.
However, IBM and Lenovo have an uphill battle on their hands trying to convince corporate customers that the ThinkPad of tomorrow will be just like the ThinkPad of today, said Stephen Baker, director of research at NPD Techworld in Reston, Virginia.
Maintaining the ThinkPad brand and customer base will be a challenge for Lenovo, which does not have experience selling products to large U.S. firms, Baker said.
IBM is taking a big risk in allowing Lenovo to keep the ThinkPad brand name, Baker said. ThinkPad customers have already demonstrated that they care more about features and product design than price, and it will be difficult for Lenovo to reassure customers that the ThinkPad's reputation will endure on Lenovo's watch, he said.
If the ThinkPad evolves into just another notebook, or devolves into an inferior product, IBM will have damaged its reputation and brand among corporate customers, Baker said. This could hurt the software and servers businesses that IBM is trying to enhance.
It's early to know exactly how enterprise ThinkPad users will be affected by the new company. But smaller businesses will likely find themselves on the receiving end of a marketing barrage from Dell and HP as those vendors try to capture accounts that IBM will not have time to service, said Sam Bhavnani, an analyst with Current Analysis Inc. in La Jolla, California.
Large corporate customers will require a great deal of attention from both IBM and Lenovo as they try to convince those customers that life will go on for the ThinkPad customer. These enterprises will demand to know whether they will still have IBM support in two years, or whether they can order a new batch of notebooks with their custom software image if they need to expand, Bhavnani said.
One thing all of IBM's corporate notebook customers should expect to see, several analysts agreed, is a classic cycle of FUD: fear, uncertainty, and doubt, much of it spawned by IBM's competitors. Times of upheaval in the IT industry have been exploited by vendors who prey on user uncertainty.
While IBM appears to be kicking off the latest round of consolidation in the PC market, it will probably not be the last hardware vendor to rethink its approach to the market. Gartner Inc. recently put out a report predicting that three of the top 10 PC vendors would exit the market by 2007.
With IBM, the number three PC company, and Lenovo, the number eight PC company, joining forces, the spotlight now switches to HP. Chairman and Chief Executive Officer Carly Fiorina is still having a hard time convincing analysts that the acquisition of Compaq Computer Corp. was worth the time and effort.
At HP's analyst meeting Tuesday in Boston, Fiorina acknowledged that HP's board has consider a breakup in the past. If growth in the PC market stagnates in 2005, as predicted by Gartner and IDC, HP might find itself pondering the same set of options that led to the IBM-Lenovo deal.
Posted by Chad Dickerson at 05:34 PM
After years of only selling directly, Siebel Systems Inc. has decided it needs a channel to help revive its flagging growth.
In a move primarily aimed at small and medium-size companies, the company Tuesday announced it has recruited a dozen consulting and implementation firms in the U.S., Europe and Latin America to seed its new channel sales program.
At a coming-out event here in San Francisco, the company introduced recently appointed SMB (small and medium business) General Manager Bruce Cleveland and unveiled the new channel partnership network he's constructing.
Siebel, which grew into the industry's dominant CRM (customer relationship management) vendor by serving large enterprise accounts, began eying the SMB market last year, when it dove into the expanding hosted software market with Siebel CRM OnDemand. But the company continued its direct-only sales strategy: When it bought hosted-CRM maker UpShot Corp. in Oct. 2003, it scrapped UpShot's partner program.
Now, Cleveland and Siebel Chief Executive Officer (CEO) Mike Lawrie said they expect their new consulting and implementation partners to help them reach smaller organizations that prefer to do business with local services companies.
Siebel intends its channel program to be a small, exclusive network. The company will work closely with its partners and share with them internal information and sales forecasts, as well as training and marketing funds. Consequently, it asks its partners to limit ties with other midmarket CRM vendors, like Microsoft Corp., which has a broad channel network.
"There's a set of hurdles that they need to overcome to be invited into the program," Cleveland said. Partners need to demonstrate expertise with CRM implementations and with Siebel's products, and to meet Siebel's requirements for sales team staffing and training and marketing investments.
Siebel's channel partners will be able to sell both its hosted, subscription CRM OnDemand service and its SMB-aimed, on-premise Professional Edition. The SMB market, as Siebel defines it, consists of companies with up to US$500 million in annual revenue.
Heading downstream is a common strategy for companies seeking growth: Siebel rivals SAP AG, PeopleSoft Inc., and Oracle Corp. have all introduced new SMB strategies and initiatives in the past few years as they look for share in a market analysts say is far less saturated than the high-end enterprise segment. Meanwhile, Microsoft is looking to go upstream, building on its desktop applications sovereignty to enter the low end of the back-end, enterprise applications market.
Siebel jumped into the SMB space last October when, in partnership with IBM Corp., it unveiled CRM OnDemand, which competes with traditional midmarket CRM offerings like SalesLogix and against hosted services such as Salesforce.com. Siebel's then-CEO, founder Tom Siebel, confidently predicted that Siebel would blow past Salesforce.com Inc. to become number one in the hosted CRM market within a year of its entry.
The company has failed to live up to that lofty boast. While Siebel refuses to comment on the size of its OnDemand customer base, an IBM SMB marketing executive at Tuesday's press conference referred to the product's "hundreds" of customers. Salesforce.com ended October with more than 12,000 customers and 195,000 subscribers.
Cleveland, who also serves as Siebel's OnDemand general manager, said he thinks internal obstacles kept OnDemand from taking off.
"What's hurt OnDemand initially was that we needed to get a competitive product," he said in an interview. "We went through five releases in a year. These days, when we get in deals, we win."
Siebel also needed a thorough overhaul of how it positioned its SMB offerings and how it compensated its sales teams to avoid conflicts, Cleveland said. The company's new goal is agnosticism about which delivery model SMB customers choose -- on-premise or hosted -- and about whether they buy directly or through a partner.
Such radical changes wouldn’t have happened at Siebel two years ago, Cleveland acknowledged. Cleveland first joined Siebel in 1996, and went on to create and head its alliance partners program. He then left the company for several years before returning in July, soon after Mike Lawrie's appointment as CEO.
Lawrie's management style is suited to Siebel's needs as it looks to grow into a top-tier, global company like Lawrie's previous employer, IBM Corp., Cleveland said. He pointed to Lawrie's management as a reason he's confident Siebel will succeed this time in its attempt to build an SMB presence.
"The most difficult challenge I've had hasn’t been the technology but the people," Cleveland said. "Now, we're changing the organization, and I've got the right people in place."
Posted by Chad Dickerson at 05:33 PM
A cybersecurity advocacy group on Tuesday called on U.S. President George Bush to focus more resources on computer issues and elevate the top IT security position at the U.S. Department of Homeland Security (DHS) to the assistant secretary level.
The Cyber Security Industry Alliance (CSIA) called on the White House to institute or promote 12 of the group's recommendations, including Senate ratification of the Council of Europe’s Convention on Cybercrime, and the assignment of a federal agency to track the costs of cyber attacks.
"Everyone's saying this is costing us billions of dollars a year," said Paul Kurtz, executive director of CSIA and one of the developers of the President’s National Strategy to Secure Cyberspace. "But do we really have a firm handle on this ... and how do we know if we're doing better?"
Some of CSIA's recommendations were included in the Bush Administration's cybersecurity strategy, released in February 2003. The strategy calls for the U.S. government to encourage other nations to approve the Convention on Cybercrime, but it doesn't call on the U.S. Senate to ratify the convention.
"We kind of overlooked the fact that we needed to have the Senate ratify the convention itself," said Kurtz, former special assistant to the president and senior director for critical infrastructure protection on the White House’s Homeland Security Council.
A White House spokesman didn't immediately return a phone call seeking comment on the CSIA recommendations.
CSIA also called on the U.S. government to increase research and development funding for cybersecurity, to form a task force to develop actions that will secure digital control systems used by utilities, and to establish and test an emergency coordination network that would function in the case of a large cyber attack. Such a network wouldn't have to be a "hundred billion dollar" project, but could start with efforts as simple as tabletop scenario response exercises, Kurtz said.
"Bottom line here is, we do not have established means, protocols, procedures in place if we have large-scale disruption on our Internet," Kurtz said. "What happens if the Internet drops out below us? We haven't really thought those issues through as a country."
Kurtz stopped short of saying the Bush administration is doing a bad job in protecting cybersecurity. After the Sept. 11, 2001, terrorist attacks on the U.S., it's not surprising that cybersecurity has been given a lower priority than some physical security issues, he said.
"I've been trying to keep all the focus forward-looking," he said. "What we're doing now is putting our hand up and saying, 'We rely on these information networks.' It's time that cybersecurity gets bigger play. I'm not trying to paint the White House in a corner. I'm trying to be constructive and point it down the road."
CSIA and other tech groups have pushed for an assistant secretary for cybersecurity position at DHS even before Amit Yoran, former director of cybersecurity at DHS, resigned in September, reportedly because of a lack of focus on cybersecurity at DHS. Yoran attended a CSIA press conference in Washington, D.C., where the organization unveiled its cybersecurity recommendations.
A position paper on CSIA's cybersecurity recommendations is available at https://www.csialliance.org/resources/pdfs/Agenda_for_Next_Admin_FINAL.pdf..
CSIA, formed in February, counts 14 IT vendors as its members. Members include Computer Associates International Inc., Entrust Inc., Juniper Networks Inc., McAfee Inc. and Symantec Corp.
Posted by Chad Dickerson at 04:55 PM
About 40 patents owned by bankrupt software vendor Commerce One Inc. were auctioned for US$15.5 million in a San Francisco bankruptcy court Monday.
The winning bidder, JGR Acquisitions, has kept quiet about its plans for the patents, which cover Web services technology. JGR attorney Mark Mullion of the Dallas law firm Haynes and Boone LLP was not immediately available for comment Tuesday. Several news organizations reported that the attorney avoided reporters' questions at the Monday hearing.
The rest of Commerce One's remaining assets were sold for $4.1 million to Commerce One Acquisitions LLC, a company formed by ComVest Investment Partners II LLC and DCC Ventures LLC, two large Commerce One creditors, said Commerce One lawyer Craig Prim of the law firm Murray & Murray, based in Cupertino, California.
Earlier this month, Lee Van Pelt, an attorney at Van Pelt & Yi LLP in Cupertino, estimated the patents would sell for between $1 million and $10 million.
The Commerce One patents cover methods for companies to communicate with each other and provide certain types of information when carrying out machine-to-machine transactions over the Internet. Patents from the Santa Clara, California, company, which was a pioneer of electronic marketplaces, could cover e-commerce technologies widely used by other companies, according to analysts.
JGR beat out two other companies associated with former Microsoft Corp. chief technology officer Nathan Myhrvold during the auction in U.S. Bankruptcy Court.
Filing a reorganization plan and paying off creditors is the next stage in Commerce One's bankruptcy proceedings, Prim said. "We have virtually nothing left except for a bit of cash," he said of the company's status.
Posted by Chad Dickerson at 01:30 AM
Weeks after the launch of its Firefox 1.0 Web browser, the Mozilla Foundation on Tuesday is set to release version 1.0 of its Thunderbird e-mail client.
Thunderbird 1.0 is aimed at advanced e-mail users and competes with products such as Microsoft Corp.'s Outlook Express and Qualcomm Inc.'s Eudora. The stand-alone open-source e-mail application has been in development since early 2003 and offers features such as a user-trainable junk mail filter and a built-in RSS (Really Simple Syndication) reader, according to the Mozilla Foundation.
The open-source group also promotes Thunderbird's tight security, which includes not allowing scripts to run by default and not automatically downloading images sent in an e-mail. Also, Thunderbird uses the Mozilla rendering engine to display HTML (Hypertext Markup Language) e-mail messages, not Microsoft's IE engine, making it immune to IE-related bugs.
While downloads of early versions of Thunderbird have already surpassed 1 million, the Mozilla Foundation doesn't expect Thunderbird to take off the way Firefox did, a representative for the group said. The Web browser has been downloaded just over 9 million times since Nov. 9, according to the Spread Firefox Web site.
Thunderbird has its roots in the Netscape Messenger 4.x client and the Mozilla mail and Usenet newsgroup client. Thunderbird development was led by two main engineers supported by volunteers, said Scott MacGregor, one of the engineering leads behind Thunderbird.
The Mozilla open-source project was started in early 1998 by Netscape, which was acquired later that year by America Online Inc. (AOL). Last year, the people behind Mozilla created a foundation, largely funded by a $2 million pledge from AOL, to build, support and promote Mozilla products.
Going forward, the Mozilla Foundation will further develop Thunderbird and Firefox. The two stand-alone products essentially succeed the Mozilla Suite, which includes a browser, e-mail client, HTML editor, Internet Relay Chat client and Usenet reader.
Thunderbird 1.0 initially is available only in English. Versions in about a dozen other languages should be available in a week or two, according to MacGregor. Thunderbird is available for Windows, Linux and Apple Computer Inc.'s Macintosh OS X operating system.
Thunderbird 1.0 should be available for free download on Tuesday at: http://www.mozilla.org/.
MORE LINKS:
Posted by Chad Dickerson at 04:46 PM
A group of Internet security and instant messaging (IM) providers have teamed up to detect and thwart the growing threat of IM and peer-to-peer (P-to-P) viruses and worms, they said Tuesday.
The consortium, led by corporate IM software vendor IMlogic Inc., is setting up a threat center to analyze and warn against the vulnerabilities. It is offering free alerts and e-mail notifications of risk assessments and threat management for subscribers.
The group also includes security companies McAfee Inc. and Sybari Software Inc., and leading IM providers Yahoo Inc., America Online Inc. and Microsoft Corp.
IMlogic said they will be working together, along with other industry partners and security experts, to monitor and detect security risks to IM networks, as well as unwanted content such as spam over IM.
The group's formation follows evidence that security threats against IM and P-to-P networks are growing. Internet security firm Symantec Corp. estimated that viruses and worms spread on IM and P-to-P networks grew 400 percent from 2002 to 2003. This year it has seen continued threats, including some targeted against the MSN Messenger and ICQ instant messaging systems.
Furthermore, a list of the top security vulnerabilities recently released by the SANS Institute put both file sharing and IM vulnerabilities in the top 10 for Windows users, as researchers labelled them new categories of risk.
"IM and P-to-P viruses and worms aren't as widespread as those in e-mail but they are definitely a threat to a lot of people," said Carole Theriault, a security consultant at Sophos PLC.
Smaller companies are particularly at risk because they often focus on using antivirus software to protect their e-mail but overlook using firewalls to guard their servers and desktops, Theriault said.
In addition to viruses targeted at IM, malicious code is also often spread through messaging, allowing it to be easily obtained and tweaked by amateur virus writers to produce myriad and hard-to-track variants of threats, according to Theriault.
IMlogic's consortium is hoping to get a better idea of the kinds of security vulnerabilities lurking on IM networks through global monitoring and broad industry feedback.
The effort is being coordinated at the IMlogic Threat Center, which is on the Waltham, Massachusetts, company's Web site at http://www.imlogic.com/im_threat_center/index.asp. Internet users can also sign up for threat alerts at the site.
Three high-risk and three medium-risk virus alerts had already been posted at the threat center on Tuesday.
Posted by Chad Dickerson at 04:46 PM
China's Lenovo Group Ltd. is in talks with a major international IT company regarding an acquisition, it said in an announcement to the Hong Kong Stock Exchange on Tuesday. The other party was not named.
The announcement comes after The New York Times reported on Friday that Lenovo is talking to IBM Corp. regarding an acquisition of IBM's personal computer business. Neither company commented on Friday regarding the report, which said IBM was also talking with at least one other company on a possible deal.
Lenovo said the talks are at an advanced stage but no definitive agreement or letter of intent has yet to be signed. If the talks are successful and an agreement signed, it may constitute a very substantial acquisition, it said. A draft of the announcement regarding the acquisition was also supplied to the Hong Kong exchange and said it hopes to release a formal announcement as soon as possible.
The Tuesday announcement was submitted as part of the process to resume trading in Lenovo shares, which had been suspended since Monday morning. The newspaper report on Friday was published towards the end of the Hong Kong trading day. On Friday the company's shares closed at HK$2.675.
The company requested that trading resume on Tuesday but later in the morning requested it remain suspended "pending further announcement regarding developments with the proposed acquisition."
A deal between the Lenovo and IBM could be announced as early as Tuesday, according to a report in the Tuesday edition of The Wall Street Journal newspaper.
The two companies will create a joint-venture that will own IBM's PC business, said the report, which quoted "people familiar with the negotiations." Lenovo is expected to pay up to US$2 billion to own a majority of the new company and IBM will hold a minority stake, the report said.
MORE LINKS:
Posted by Chad Dickerson at 04:46 PM
Akamai Technologies Inc. has accepted a compensation payment in settlement of a long-running patent infringement lawsuit filed against Digital Island Inc.
The legal battle began in 2000, when Akamai filed a lawsuit against Digital Island accusing it of using Akamai-patented technology in its Footprint content delivery service. Digital Island was subsequently acquired by Cable & Wireless PLC (C&W) and merged with Cable & Wireless Internet Services Inc. (CWIS).
In December 2001, a federal jury in Boston determined that C&W had infringed on the Akamai patent but the legal maneuvering continued. C&W hit back by filing its own lawsuits against Akamai in Boston, San Francisco and London, asserting that Akamai's EdgeSuite services infringe on C&W's content delivery patents.
In November last year, with CWIS' parent company, Cable and Wireless America Inc. (CWA), facing bankruptcy, the companies agreed to drop the handful of patent infringement lawsuits that they had filed against each other. At the time, C&W said that it no longer used any of the Footprint technology, but Akamai said it would continue to seek payment for damages.
A month later, CWA, based in Reston, Virginia, filed for bankruptcy protection after C&W claimed its U.S. division was losing US$1 million per day. CWA was auctioned off to Savvis Communications Corp. in January.
Akamai, based in Cambridge, Massachusetts, said Tuesday that it was pleased with the settlement agreement it reached with CWIS and promised to continue to enforce its intellectual property rights aggressively. Terms of the settlement, including the amount of the cash payment awarded to Akamai, were not disclosed.
The company also said that the Federal District Court in Boston granted a motion brought by Akamai to overturn the jury verdict as it related to aspects of Akamai's content delivery technology. Those claims are not now invalid, Akamai said.
C&W, based in London, said Tuesday it has had no involvement in the matter since CWA was sold under bankruptcy protection, and declined to make any further comment.
Representatives from Savvis could not immediately be reached for comment.
Posted by Chad Dickerson at 04:45 PM
Virgin Group Ltd. is looking to launch mobile operations in China and India within the next 18 months, through joint venture deals, the London-based company said Tuesday.
Virgin is in discussion with several Chinese telecommunications companies about a mobile phone venture that would serve mainland China, and has reserved US$300 million for its half of the proposed joint venture, according to Virgin spokesman Steven Day.
Day declined to name any potential partners.
Richard Branson, the founder, chairman and owner of Virgin Group is keen to enter the mobile market in China, which has over 300 million mobile subscribers and is the fastest-growing mobile market in the world. Branson also indicated he'd be interested in offering services using 3G (third-generation) technology in that market.
Additionally, Virgin is also holding discussions with some of India's biggest mobile operators for a possible partnership.
Branson expects it will be 12 to 18 months before Virgin mobile services in either China or India are launched, Day said.
Virgin Group is the majority owner of Virgin Mobile Holdings (UK) PLC, the U.K.'s fifth-largest mobile phone company. The mobile virtual network operator uses the network of T-Mobile UK Ltd., which is part of the wireless arm of German telephone giant Deutsche Telekom AG.
In the U.S., Virgin has a deal with U.S. operator Sprint Corp., called Virgin USA, which is expected to be floated in an initial public offering next year.
Posted by Chad Dickerson at 04:45 PM
Trend Micro Inc. will become the latest major antivirus software company to provide protection against mobile phone viruses, with new antivirus and antispam software for mobile phones running the Microsoft Corp. Windows Mobile and Symbian Ltd.'s operating systems.
The company plans to introduce Trend Micro Mobile Security Version 1.0 on Monday, and will allow so-called "smart phone" users to download and use the software for free until June 2005. The product contains protections against mobile threats like the recent Skulls Trojan and Cabir worm, as well as filtering for SMS (Short Message Service) spam, according to a statement.
Trend Micro hopes to attract hordes of new customers who will purchase or receive sophisticated new handsets as gifts during the holiday season, allowing them to install the new Mobile Security product and receive antivirus updates at no cost until June 30, 2005 said Todd Thiemann, director of device security marketing at Trend Micro.
The product works like other antivirus software, spotting mobile threats using signatures developed by Trend Micro. The software will protect mobile devices from new threats in "real time," as malicious code attempts to install itself on mobile devices. Users can also scan storage devices inserted into supported phones, or initiate scans of the mobile device manually.
New antivirus and antispam signatures can be uploaded to the mobile device using GPRS (General Packet Radio Service), a wireless communication service for connecting mobile phones to the Internet that is common in third generation wireless (3G) devices. Alternatively, updates can be transferred using Microsoft's Activesync, he said.
Trend Micro's Mobile Security software will support a wide range of devices that run the Windows Mobile 2003 or Symbian OS v.7.0 operating systems. A version of the product for phones running Windows Mobile, including the Motorola Inc. MPx200, O2 XPhone and Orange SA SPV C500, is already available. Trend Micro plans to have a version for phones that use the Symbian operating system by January, 2005, including support for the Sony Ericsson Mobile Communications AB P800, P900 and P910, and Motorola A920, A925 and A1000, Trend Micro said.
Trend Micro will also release a version of the software for mobile phones and PDAs (personal digital assistants) running Windows Mobile 2003 for Pocket PC-Phone Edition in January.
Version 1.0 will expire in June, when the company plans to have a software update available that will add new features including firewall and data encryption features, Thiemann said.
Trend Micro is just the latest antivirus company to offer antivirus software for mobile devices. Symantec Corp. announced the availability of Symantec Client Security software for the Nokia Corp. 9500 Communicator and the 9300 smart phone model, which use the Symbian operating system, in November.
Finnish antivirus company F-Secure Corp. also sells mobile antivirus products for consumers and mobile operators. The company has products for phones using Nokia's Series 60 platform and the Nokia 9200 Communicator, as well as for Pocket PCs.
Despite the attention from antivirus companies, most experts agree that mobile phone viruses and worms are in their infancy. The first mobile phone worm, dubbed "Cabir" only appeared in June. Since then, only a handful of new malicious programs that target mobile devices have appeared, and none have spread widely. The new threats include a recent Trojan horse program dubbed "Skulls" that targets devices running the Symbian operating system.
Thiemann acknowledged that the threat of infection through a mobile device is remote, but said that mobile device worms and viruses are likely to become more of a problem as a newer generation of phones with advanced networking and software functions is adopted by consumers.
While Cabir tried to spread through Bluetooth wireless connections, future worms and viruses could find other ways to frustrate mobile users, such as opening GPRS links and running up charges, or pushing links to virulent Web pages to phones, he said.
"Moving forward, this is going to be a problem that could be as big as the (virus) problem on PCs," he said.
Finally, while SMS spam is not a pressing problem in the U.S., it is a huge problem in Asia and Europe, where text messaging is far more popular, he said.
Trend Micro has not decided on an eventual price for the software or subscription services yet, but the software could eventually be sold through direct downloads, or bundled with services offered by mobile providers, he said.
Posted by Chad Dickerson at 04:14 PM
An appeals court has reversed a March 15, 2004, U.S. District Court decision under which the U.S. Department of the Interior was forced to disconnect a substantial number of its computer systems from the Internet.
In an opinion published Friday, the U.S. Court of Appeals for the District of Columbia reversed the earlier decision, saying that the district court erred in disregarding Interior Department security certifications and in failing to hold a hearing that would have given the department a chance to argue that its computers were secure.
Under the March 15 ruling, all Interior computers were disconnected from the Internet except systems deemed essential for public safety reasons, as well as the systems of the National Park Service, Office of Policy Management and Budget and the U.S. Geological Survey.
The ruling comes as part of a lawsuit over the department's failure to secure data about money owed to Native Americans for grazing, energy and mineral royalties.
Posted by Chad Dickerson at 04:14 PM
Voiceglo, a subsidiary of TheGlobe.com Inc., has released a test version of an application designed to create interoperability among four major consumer instant message (IM) networks.
The application, called GloConnect, lets users exchange text and voice instant messages across four major consumer IM networks: America Online Inc.'s AIM and ICQ, Microsoft Corp.'s MSN Messenger and Yahoo Inc.'s Yahoo Messenger.
The caveat is that GloConnect works through the Web browser interfaces of those four IM networks, so users can't take advantage of the interoperability if they are using the IM networks through the companies' proprietary PC software, which is the primary way most users access the IM networks.
Still, GloConnect has the potential to be very useful, an analyst said. "If they can pull off seamlessly (the interoperability) -- and I don't have any data to suggest one way or the other -- I think it could be a very useful tool, because one of the key problems (in the IM market) is the lack of interoperability between these systems," said Michael Osterman, president of industry analysis company Osterman Research Inc.
Although it seems GloConnect is the only company currently providing this type of IM interoperability, the company is bound to find itself with competitors soon, simply because demand for interoperability among IM networks is growing rapidly, Osterman said. "With the interoperability issue, you're going to see more of these kinds of solutions. As people use instant messaging more, they expect it to be like e-mail, where it doesn't matter which system you're on: You just communicate seamlessly across different systems," he said.
GloConnect, which also lets users place and receive phone calls from their Web-based IM interface, can be downloaded for free at http://www.gloconnect.com. The ability to exchange text and voice instant messages is free, as is the ability to make peer-to-peer VoIP phone calls to other GloConnect users. As for calling regular phones or wireless phones, users get 10 free minutes, after which they must sign up for a paid plan. GloConnect uses Voiceglo's existing GloPhone Web and PC-based telephony platform on the back end.
GloConnect unites the four IM networks through a network overlay technology, said Brian Fowler, chief technology officer of Voiceglo and TheGlobe.com. "We operate agnostic to the (different) IM protocols," he said.
Voiceglo, based in Fort Lauderdale, Florida, is confident GloConnect will not be challenged legally by AOL, Microsoft and Yahoo because GloConnect simply enhances a user's IM application without logging into or connecting to the user's IM network, Fowler said. This is why Voiceglo works through the IM networks' Web-based interfaces, since trying to link the IM networks through their proprietary PC software would bring up a host of legal issues for Voiceglo, Fowler said.
The issue of IM network interoperability is a sensitive one, and AOL, Microsoft and Yahoo have been reticent to collaborate to allow the type of cross-network communication Voiceglo claims GloConnect can provide.
Cerulean Studios, for example, makes an application called Trillian that lets users aggregate IM contacts into the Trillian IM interface, so users don't have to have an IM interface open for each network they are logged into. But Fowler said GloConnect goes beyond simply consolidating IM contacts, by letting, for example, an AIM user communicate with a Yahoo Messenger user across network boundaries. Trillian users have to subscribe and log on to each of the IM networks in which they want to communicate.
Voiceglo expects to make money from GloConnect from the telephony fees and from serving up online ads to GloConnect users.
Voiceglo is working on modules that would make more IM features, such as specific emoticons or file transfers, available to GloConnect users across IM network boundaries, so that an AIM user could extend an AIM-specific feature to someone on MSN Messenger, for example, Fowler said.
Voiceglo is also developing features that it expects will make GloConnect attractive to enterprise users as well, he said.
GloConnect is expected to exit its beta status in early January, Fowler said. Currently, GloConnect works only with Microsoft Corp.'s Internet Explorer browser (version 4.0 and later), but the company is working on supporting the Mozilla Foundation's Firefox and Opera Software ASA's Opera browsers as well.
Posted by Chad Dickerson at 04:14 PM
Apple Computer Inc. may not be the only target of the pending European Commission pricing investigation, instigated by Which? (formerly the Consumer's Association). The territorial business model employed by the music industry itself could be in regulator's crosshairs.
The U.K. Office of Fair Trading last week sent the Which? complaint pertaining to the differing cost of iTunes Music Store downloads forward to the European Commission for investigation.
Speaking to Macworld, Which? principal policy advisor Phil Evans said that one of the reasons behind the complaint concerns "music licensing issues in the single market".
He stressed that his organization's choice to complain about Apple's pricing is not a witch hunt by Which?, instead, it's because Apple is the world's dominant digital music distribution operator.
This means Apple is, "covered by legal rules the smaller players are not" covered by. Evans would like to see European price parity across all member states. "If we can get Apple sorted then the rest of the sector is likely to fall into place," he said.
In theory, Europe offers a single market, and European law requires price parity between member states.
In a statement released to Which? earlier this year, Apple said: "The underlying economic model in each country has an impact on how we price our track downloads. That's not unusual, look at the price of CDs in the U.S. versus the U.K. We believe the real comparison to be made is with the price of other track downloads in the U.K."
Apple's price policy does seem to reflect local financial realities -- while U.K. customers pay approximately 20 percent more per track than European partners, the UK also chooses to use its own currency, rather than the Euro. Apple must evidently set prices with Euro/Sterling currency fluctuations in mind.
However, another factor likely to affect iTunes prices is the territorial licensing system used by the music industry.
While this system enables artists to secure the best available deal on a market-by-market basis, it also enables labels to charge differently in each territory. In other words, a label may charge less for a particular track download license in France than it does in the U.K.
Evans accepts this, telling Macworld: "In our complaint we specifically said to the OFT that we were concerned about all territorial practices -- particularly in licensing -- which the OFT acknowledged in their statement."
In passing forward the complaint, the OFT described the E.U. as in a better position to "determine in what manner and to what degree music licensing conditions in the U.K. different from those in other E.U. member states".
Evans continued, "Apple in a sense is the gateway to a review of the whole way that intellectual property is licensed. As to the claims the collecting societies make -- they will be tested - if we are to have a single market, then let's have a single market -- let's not try and claim we have one then suspend it when a vested interest reckons it can earn more money from a different system."
The Which? representative continued, "as the world moves to an increasingly digital model we need to ensure that regulatory structures are still fit for the purpose.
"Licensing and copyright are increasingly out of touch with the digital environment and the problem is that the labels claim to be representing the artists interests in restricting consumer rights," he explained.
Apple declined to comment.
Posted by Chad Dickerson at 04:14 PM
Napster founder Shawn Fanning has announced a new legal peer-to-peer service with the blessing of Universal Music Group Inc.
His new company Snocap Inc. received US$10 million in investment capital from WaldenVC and Morgenthaler Ventures. The service is described as the first end-to-end solution for online music licensing and copyright management.
The company has been founded by Fanning, Jordan Mendelson and Ron Conway. The service offers legitimate and protected digital music downloads using file-sharing technology.
"Snocap envisions a world where consumers can discover, share and purchase music from a massively deep, almost infinite catalogue -- constantly updated with new and old releases, live, out-of-print tracks, and more," said Fanning.
He explained: "By giving record labels and artists what they need to deliver their music over any digital platform, including peer-to-peer networks, we are finally realizing the full potential of the Internet as a source of music for fans everywhere."
Fanning shared his observations on the current state of the developing digital music download industry, saying, "there is still a great divide and consumers are caught in the middle. There are some good authorized online music services but they have limited content and a comparatively small number of users. There are unauthorized services that have content and users orders of magnitude higher, but the service they provide is inferior and they are at odds with rights holders. Snocap is the means to bridge that divide for the consumer."
The company has already reached an agreement with the Universal Music Group to provide technology and database services to distribute that company's entire catalogue.
Universal Music Group's eLabs president Larry Kenswil voiced his support for Fanning's venture: "Snocap presents one of the first real solutions that will bring peer-to-peer consumers a broad array of choices in authorized services."
To use the service, labels must register their music and copyright information in the company's database. Labels and artists can then manage the online distribution of their content using Snocap's copyright management interface, which lets them to set global business rules for each track. In other words, it lets copyright owners manage rights and distribution across multiple online retail locations in one attempt.
The company then makes these legal tracks available to peer-to-peer services for distribution. These are protected by the company's proprietary Content Identification Service. This uses an audio fingerprinting technology the company has licensed from Philips Royal Labs to register, identify and track music. The service can feasibly also be used to let artists and labels distribute rare and unreleased tracks.
The system is scheduled for full deployment in 2005, the company said.
Posted by Chad Dickerson at 04:13 PM
The U.S. Supreme Court has agreed to review an appeals court ruling that opens up cable networks to competing Internet service providers (ISPs).
The case positions telephone-based ISPs against cable companies. The cable industry and the U.S. Federal Communications Commission (FCC) hope the Supreme Court will side with the FCC and agree that cable broadband Internet service should not be as firmly regulated as phone-based broadband services.
In October last year, the U.S. Court of Appeals for the 9th Circuit in San Francisco ruled that cable operators should allow competing ISPs on their networks. That ruling went against a decision by the FCC, which in March 2002 had decided not to regulate cable broadband Internet services as cable service providers or as common carriers, but rather as providers of an information service, which has less stringent provisions.
With the light FCC regulation, cable companies were not required to share their networks with other ISPs. Brand X Internet Services LLC of Santa Monica, California, challenged the FCC in court, which led to the appeals court decision last October.
The FCC and the National Cable and Telecommunications Association (NCTA) sought and were granted a stay of the court's decision pending a request for the Supreme Court to take the case.
The FCC is pleased that the Supreme Court has now decided to review the case. "The 9th Circuit's decision would have grave consequences for the future and availability of high-speed Internet connections in this country," FCC Chairman Michael Powell said in a statement issued on Friday.
Powell has said in the past that requiring companies to share their networks may discourage network owners from investing in new technologies.
The NCTA is also hopeful that the Supreme Court will affirm the FCC's standpoint that there should be a deregulated environment for high-speed cable Internet service, Robert Sachs, the group's president and chief executive officer, said in a statement.
But ISP Earthlink Inc., which along with several other big name ISPs supported Brand X in its case, believes the Supreme Court will affirm the appeals court ruling. Affirmation will finally give cable modem users a choice in high-speed Internet providers, Dave Baker, vice president of law and public policy at Earthlink said in a statement.
Arguments in the case before the Supreme Court are to be presented in early 2005 with a ruling expected by July next year, a Supreme Court spokeswoman said.
Posted by Chad Dickerson at 04:19 PM
They're coming to mobile phones -- those nasty viruses, worms and Trojan Horses that have, on more than one occasion, crippled PCs. No doubt about that. The question is: Will they be as bad?
Numerous experts believe mobile viruses could be as malicious as their PC predecessors. But some, disturbingly, worry they could be a whole lot worse.
Just consider these two facts: Already today, the planet is populated with substantially more mobile phones than PCs with the gap between the two steadily increasing; and many of these mobile phone customers plan to use their devices as electronic wallets capable of paying for goods and services.
Add to that the fact that mobile phone vendors have opened their once tightly controlled operating platforms to third parties to develop new applications that, in many cases, link to the public Internet.
Now put it all together: millions (and some day billions) of mobile phones with sophisticated banking functions, open interfaces and Internet capability. It's not difficult to understand why hackers, who have honed their skills on PCs over the past decade, are now setting their sights on mobile devices.
"Not fun or fame but money will be the main motive for writing mobile viruses, just as it has become in the PC world," said Andreas Lamm, manager of the German office of Russian antivirus company Kaspersky Labs Ltd.
So far, the attacks on mobile phones have been few, around 10, and relatively harmless. They have targeted primarily, but not exclusively, new smart phones that use open platforms such as Microsoft Corp.'s Windows Mobile or the combination of Nokia Corp.'s Series 60 interface and Symbian Ltd.'s operating system (OS).
Smart phones offer users many functions, such as e-mail with attachments, game downloads or Bluetooth wireless networking, an environment full of potential for viruses, worms and Trojan Horses. These are terms for programs designed to do malicious things to computers, and are sometimes collectively called "malware." The terms, also sometimes used interchangeably, describe the way they are delivered to a computer.
Trojan Horse programs, like the original wooden horse, appear to be useful or gifts but later betray you; worms eat their way from one computer to another, exploiting security flaws to find their way in, while viruses infect other files, and travel from computer to computer in the infected files.
In July, Kaspersky Labs discovered the first-ever worm capable of spreading to mobile phones. Cabir is a proof-of-concept worm that uses the Bluetooth protocol to copy itself onto devices running the Symbian OS up to 30 feet away. It is transmitted as a Symbian installation system (SIS) file and disguised as a security utility called Caribe. When the infected file is launched, the mobile phone's screen displays the word "Caribe" and the worm modifies the Symbian OS so that Cabir is started each time the phone is turned on. An infected phone sends the worm to the first vulnerable phone it finds.
In August, smart phones were attacked by another Trojan horse, Mosquito, which hides in a game by the same name. Once installed, the game causes phones to send text messages via SMS (Short Message Service) to premium rate numbers in several European countries without the user's approval or knowledge.
And in November, mobile phone viruses surfaced once again, with two related Trojan programs. The first, Skulls.A, deactivates all links to Symbian system applications, such as e-mail and calendar, by replacing their menu icons with images of skulls. Users of affected phones can only send or receive calls.
The more recent strain, Skulls.B, includes the Cabir.B worm and, unlike the first version of the Trojan, can spread to other phones within Bluetooth range. Skulls.B is otherwise similar to its predecessor, using Symbian default icons, which look like jigsaw puzzle pieces, instead of skulls to render applications unusable.
Even if these viruses are few in number, what worries the mobile phone industry is that they're happening -- and with increased frequency.
"We aren't panicking; we're still at a stage where there aren't enough platforms out there for viruses to spread easily," said Steve Babbage, security director at Vodafone Group PLC. "But that won't protect us for long."
Vodafone, Europe's largest mobile operator, has reason to be concerned. The operator is one of many now offering 3G (third-generation) high-speed service to users equipped with smart phones. Most European operators, including Vodafone, paid exhorbitant prices for 3G licenses. Understandably, the last thing they want is for a swarm of viruses to undermine that investment.
Enterprise customers are becoming concerned about mobile viruses, too, but they're far from paranoid. "We're only now beginning to see some mobile viruses, and these are quickly being hyped by vendors of antivirus software," said the IT security director of a Blue Chip European consumer goods company with more than 200,000 employees worldwide. "There is still a bit of a wait-and-see attitude at our company, but this could change quickly if we ever get hit by a virus. And then, of course, it's too late."
The door to mobile viruses was opened when phone makers, led by Nokia Corp., the world's largest phone maker, decided a couple of years ago to open their platforms to third-party software developers and encourage them to develop applications for new smart phones. The decision was prompted in large part by the industry's push beyond pure telephony into mobile data services, requiring the expertise of developers trained in PC applications.
"We are very interested in promoting third-party applications to create greater choice for users," said Eero Kukko, marketing manager of technology platforms at Nokia, which is giving developers more architecture guidance and access to design libraries and APIs (application programming interfaces). "At the same time, we're enabling developers to develop security software to protect these applications."
Antivirus companies applaud the move.
"We're glad that mobile phone vendors have opened their platforms," said Matias Impivaara, business manager for mobile security services at F-Secure Corp. "The benefits users have from open platforms are much larger than the problems they face on the security side. Security is just something we have to prepare for."
You would expect to hear that from a company peddling antivirus software, but Impivaara has a point: Does anyone really want to abandon new mobile data services -- for security reasons -- to return to voice only?
Hardly. But as mobile phone makers and operators open the gate to the global Internet, they will need to get tough on security -- much tougher than they have been in the past when they enjoyed the protection of closed proprietary systems.
The good news: Plenty of activity on the security front is under way.
At the client software level, for instance, Nokia responded quickly to attacks on its new smart phones by signing deals with two antivirus software vendors, F-Secure and Symantec Corp., for subscription services.
For the Nokia 6670, F-Secure provides on-device protection, similar to antivirus protection programs for PCs, with automatic over-the-air antivirus updates for a monthly fee.
Symantec has made its Client Security software available for the Nokia 9500 Communicator and 9300 smart phone, which use the Symbian operating system. Already a year ago -- in anticipation of problem -- NTT DoCoMo Inc. signed a contract for antivirus software from Network Associates Technology Inc., the maker of the McAfee antivirus product line.
At the hardware level, for example, Texas Instruments Inc. (TI) is building a security platform from U.K. chip designer Arm Holdings PLC into its next-generation mobile processors, following the introduction of hardware-based security in Intel Corp.'s next-generation XScale handheld chips. Arm's hardware security platform, called TrustZone, could become a standard since Arm's core processor technology powers most mobile phones and newer handheld computers on the market today.
Leading mobile chipmakers plan to introduce a hardware-based security concept similar to the one pioneered by Microsoft in the PC world: the Next Generation Secure Code Base (NGSCB), formerly known as Palladium. Schemes put forward by Intel, TI and Arm call for a protected portion of memory -- totally separated from the rest of the processor -- in which applications can be verified and then run securely.
At the infrastructure level, operators have been installing a wide range of equipment to monitor and filter corrupt downloads and spam. These new messaging and content delivery servers are at the edge of their networks, where gateways open to the Internet. Other new virus detection and repair technology is also being deployed deeper inside the network. All of these new systems come on top of the authentication and control systems already in place in mobile phone networks that require users, form the start, to log on and identify themselves via the SIM (Subscriber Identity Module) card in their mobile phone.
"It's really important to defend the network at the edge and not let spam viruses in the front door," said David Staas, director of the antivirus team at Openwave Systems Inc., which provides mobile phone software and messaging technology. "But some will still trickle through. Here is where a second line of defense is necessary."
Openwave, for instance, has developed a new system that secures a messaging network at the instance of an attack, preventing spammers from exploiting vulnerabilities while they are being eliminated.
Nokia's infrastructure arm also provides a range of security equipment to operators beyond basic firewall systems. Its Message Protection Server, for instance, filters out potentially harmful e-mail, while its Operator Delivery Server inspects all downloaded content. The Finnish manufacturer is also offering additional security through its mobile VPN (virtual private network) client and SSL (Secure Sockets Layer) encryption for Web-based applications.
As for downloads -- a prime source of viruses -- two new application certification programs aim to ensure quality and, above all, trustworthiness. The Java Verified program was launched earlier this year by several vendors, including Motorola Inc., Nokia, Siemens AG, Sony Ericsson Mobile Communications AB and Sun Microsystems Inc. to provide a unified process for testing and certifying Java-based applications for mobile phones. Two of Europe's largest mobile phone operators, Orange SA and T-Mobile International AG, have since adopted the plan.
The Symbian Signed program provides a service for testing and certifying Symbian OS-based applications that meet a set of criteria. The initiative, which includes Nokia, Sendo International Ltd. and Sony Ericsson, aims, among other things, to ensure a thriving market for trusted applications.
In addition to these initiatives several other organizations are developing standards for security systems in mobile devices, including the Trusted Computing Group, the Open Mobile Alliance and the European Telecommunications Standards Institute (ETSI).
How effective these security efforts will be remains to be seen, however. For one, users will need to cooperate and should be given the tools to do so. "They should have the ability to set preferences, like their own block list, for instance," said Staas. "They should also be able to set their sensitivity level for spam, say, for high, medium and low control."
For another, operators shouldn't wait for a virus to bring down their network or, as was the case recently in the U.S., allow abusive spam to potentially scare away lucrative customers.
"The CEO of a big mobile operator with many businesses customers got a call from the chief executive officer of one of his customers," said Staas. "The night before, this business customer received a text message at 2 a.m. His wife thought it was urgent so she got up and read what turned out to be a sexually explicit text. He was furious."
What's encouraging, from a security perspective, is that "the mobile phone executive turned around the very next day and told his team to make security a top priority," Staas said.
Sometimes, a little spam can go a long way.
Posted by Chad Dickerson at 04:18 PM
U.S. President George Bush on Friday signed into law a three-year moratorium on Internet access taxes.
The law extends a ban on Internet taxes that expired on Nov. 1, 2003. The original version of the Internet Tax Nondiscrimination Act, passed by the House of Representatives in September 2003, would have permanently extended a five-year congressional moratorium on taxes unique to the Internet, including taxes access and bandwidth.
But the bill was held up in the Senate over concerns that it would allow telecommunications carriers to avoid taxes on traditional telephone service as they move traffic to voice over Internet Protocol services. A compromise version crafted in the Senate and approved by the House last month allowed states and cities to continue to collect taxes on telephone services, even if the calls are made over the Internet.
The compromise version of the bill also allowed states already collecting taxes on Internet access to continue that for up to four years.
Technology and telecommunications trade groups praised Bush's decision to sign the bill. Roger Cochetti, group director of U.S. public policy for the Computing Technology Industry Association, called the bill signed by Bush an "important, if imperfect win."
"With today's signing of the Internet Tax Moratorium by George Bush, Americans can remain confident that the Internet will flourish as a powerful consumer and business tool," Cochetti said in a statement. "Though temporary, the moratorium's benefits are clear. Internet access will not, for the most part, face taxes. More important, consumer purchases made on the Internet will not be taxed differently just because they were made using the Internet."
With the moratorium, the U.S. economy will benefit from increased investment and innovation in the telecommunications sector, added Walter B. McCormick Jr., president and chief executive officer of the United States Telecom Association.
MORE LINKS:
Posted by Chad Dickerson at 10:35 PM
Amperion Inc., a start-up that makes equipment to deliver broadband service over powerlines, this week announced US$10 million in new funding.
The Chelmsford, Mass., company says the funds will be used for market expansion and developing the next generation of its hardware and software for medium-voltage power networks that pass near residential and business locations. The company boasts that its technology delivers up to 24M bit/sec of throughput on power lines and in backhaul applications, and supports up to 6M bit/sec throughput to end users via 802.11 connectivity.
Investors in this round include Aspen Ventures, Argo Capital, Global Internet Ventures, Pennsylvania Power and Light, Redleaf Group and Telkonet.
Earlier investors included American Electric Power and Cisco. Amperion Chairman and CEO Philip Hunt worked at Cisco Systems Inc. as a senior manager involved with powerline and related technologies before starting Amperion in 2001.
Amperion, which has received about $22.5 million in funding overall, began selling products in the spring of 2003.
The company claims customers such as Progress Energy Inc., Southern Co. and PUC Telecom Inc. It sells to both electric utilities and carriers that exploit powerlines to deliver broadband services.
The company touted an FCC ruling in the fall that gave power utilities the go-ahead to carry data on their electrical wires. Proponents of broadband-over-powerline services say such offerings will enable those not reached by more traditional carriers' broadband offerings to get higher-speed services.
Posted by Chad Dickerson at 07:56 PM
Lycos Europe NV appeared to have pulled a controversial antispam screensaver program from its site on Friday, after coming under fire from both security experts and the spammers themselves.
The Web site previously distributed the "Make Love Not Spam" screensaver, which offers to turn the tables on spammers by overwhelming their Web sites with requests, no longer offers the program and now carries the message "Stay Tuned."
Lycos Europe also removed prominent advertisements for the screensaver from its home page.
Not all Internet users can access the "Stay Tuned" message, however, as some Internet service providers (ISPs) blocked the http://www.makelovenotspam.com site, said Paul Mutton, Internet services developer with Internet hosting services company Netcraft Ltd. Users on parts of the Internet backbone served by these ISPs get an error message when trying to reach the site.
Lycos Europe drew criticism from some members of the security community over the screensaver, saying that the company is engaging in vigilantism and crossing the line by launching what are essentially DDOS (distributed DOS) attacks on spammers' sites.
The Web portal responded that it does not intend to bring the sites down, but simply to cripple them.
But some ISPs blocked access to the Make Love Not Spam site, supposedly because the screensaver generates a lot of unnecessary traffic on their networks, or violates their rules on DDOS attacks, Mutton said.
Some spammers also reportedly took action against Lycos Europe by redirecting traffic from the screensaver back to the site that distributes the program.
Lycos Europe representatives weren't immediately available to comment on Friday.
Posted by Chad Dickerson at 04:04 PM
The sports media company ESPN Inc. will introduce a branded mobile service and cell phones next year in the U.S., becoming the latest in a growing number of companies entering the mobile market on the strength of established audiences.
The ESPN Mobile service will run on Sprint Corp.'s national cellular network, but ESPN will take care of pricing, packaging, billing, customer relations, distribution and other operations, according to a statement by the companies.
Some ESPN content is already available on phones via Sprint and other mobile operators, but the ESPN service will offer unique content, according to the companies. In addition, ESPN will make it easier to access the sports content, which will include streaming audio and video in addition to news, commentary, analysis, statistics, ring tones, graphics, photos and logos. ESPN is majority owned by ABC Inc., a subsidiary of The Walt Disney Co.
What ESPN is doing may point to the future of mobile telephony as handsets and network speeds allow for richer multimedia services, according to industry analysts. "For the first time, we have a company that is content-focused trying to be a carrier, rather than a carrier trying to be a content provider," said Eddie Hold, an analyst at Current Analysis Inc., in Sterling, Virginia. "We're going to get to the point where people are going to buy based on content, not voice."
"Voice will just be thrown in for free at some point" though that day is years away, said IDC analyst Shiv Bakhshi.
The ESPN deal announced Wednesday is just the latest MVNO (mobile virtual network operator) arrangement Sprint has made with a third party. MVNOs pay a mobile operator to use its network but brand and manage the service by themselves.
Such arrangements can work well for Sprint, Bakhshi said, citing the example of Virgin Mobile USA LLC, which sells branded phones and a prepaid service based on Sprint's network. Sprint does not have a prepaid service of its own.
"Traffic is being generated without Sprint having to acquire a customer, educate a customer and everything else," Bakhshi said. For ESPN, it may find that its brand inspires more subscriber loyalty than most mobile operator names, and the desire for a better multimedia experience may drive subscribers to buy new and better handsets, he added.
However, there are dangers, according to Hold. The Virgin deal has worked well, but ESPN appeals to a broader potential audience that might otherwise be direct Sprint subscribers, Hold said. What's more, if ESPN does draw a large and loyal customer base, the company could turn around when the contract is up and demand a bigger chunk of the revenue in exchange for staying with Sprint, he added.
ESPN is well-suited to a branded mobile service because there is always something going on in sports, Hold said. Other brands, such as Disney, might not be able to come up with enough compelling content, he said.
Posted by Chad Dickerson at 04:04 PM
Software vendors need automated tools that look for bugs in their code, but it may be a decade before many of those tools are mature and widely used, said the former director of cybersecurity for the U.S. Department of Homeland Security (DHS).
Creating software assurance tools was one long-term focus of the DHS National Cybersecurity Division during Amit Yoran's tenure there, Yoran said Thursday during the E-Gov Institute Homeland Security and Information Assurance Conferences in Washington, D.C.
About 95 percent of software bugs come from 19 "common, well-understood" programming mistakes, Yoran said, and his division pushed for automation tools that comb software code for those mistakes.
"Today's developers ... often times don't have the academic discipline of software engineering and software development and training around what characteristics would create flaws in the program or lead to bugs," Yoran said.
Government research into some such tools is in its infancy, however, he added. "This cycle will take years if not decades to complete," he said. "We're realistically a decade or longer away from the fruits of these efforts in software assurance."
Yoran, who resigned from his DHS position in September after being on the job for a year, hinted at why he left, but sidestepped a question about the reasons. In the private sector, he had a "real objective" on how to move forward, he said.
"When you move into a strategic and somewhat ill-defined role of 'protect cyberspace,' that's a very difficult mission to get your arms around," he said. "You show up to work on a Monday morning, you're ready to put your fingers to the keyboard, you've got a team of folks working with you, what do you do ... to secure cyberspace from within the Department of Homeland Security?"
Most Internet resources are owned by the private sector, and the U.S. government has been hesitant to pass cybersecurity mandates, noted Yoran, former vice president of worldwide managed security services at Symantec Corp. With no operational or regulatory control over most of the Internet, the goal of securing cyberspace at DHS was difficult, he said.
Asked if that lack of authority was a reason for leaving the post, Yoran said his successor will need to "look at go-forward issues" in cybersecurity that the division can best address.
Yoran, however, defended U.S. President George Bush's National Strategy to Secure Cyberspace, released in February 2003. The strategy, which sets out a series of five major cybersecurity recommendations, did not advocate regulation, and the White House took the right approach in developing those recommendations by consulting with private industry, Yoran said.
"As the Department of Homeland Security ... implementing the national strategy is not our job, it's not our responsibility," he said. "It's the nation's job, it's the international technology community's job and responsibility. We can just help."
The national strategy and efforts at DHS can help move cybersecurity efforts beyond the current "cat and mouse game" of finding vulnerabilities, assessing whether to patch them, and patching them when the problems become painful to companies, Yoran said. He predicted a "radical transformation" in the cybersecurity field within two to four years as more companies and government agencies accept technologies such as Web services, remote Internet access and RFID (radio frequency identification) tags.
"In the next two to three years, you won't be able to define where your network begins and ends," Yoran said. "The paradigms we rely on today for protecting our information -- stronger firewalls, more accurate intrusion detection -- those types of technologies will be required, but they will be solving an increasingly small percentage of the challenges that are going to be facing us."
Posted by Chad Dickerson at 04:03 PM
Internet users are getting more Web browser choices. On the heels of a new Netscape preview release and the launch of Firefox 1.0, a U.K. company on Thursday released a Web browser it claims is more secure than Internet Explorer (IE) or Firefox.
Deepnet Technologies Ltd. on Thursday made available version 1.3 of its Deepnet Explorer. The free Web browser is based on Microsoft Corp.'s IE, but offers additional features, including one designed to protect Internet users against increasingly common online scams known as "phishing," according to the company's Web site.
Deepnet Explorer seeks to protect users against such attacks by blacklisting known phishing sites and analyzing Web addresses and Web sites. Phishing scams typically combine spam e-mail messages and Web pages that look like legitimate e-commerce sites to steal sensitive information such as user names, passwords and credit card numbers.
The makers of Deepnet Explorer claim their browser is "more secure" than IE or Firefox, because of the "phishing alarm" and other security features, such as a "content control" function that allows users to block ActiveX controls and other potential security risks. Also, according to Deepnet most of the security problems with IE affect the application shell, not the rendering engine that is also used by Deepnet Explorer.
One expert disagreed with Deepnet's security assessment. "They claim that most vulnerabilities are found in the IE application instead of in the rendering engine, but that's contrary to the hundreds of vulnerabilities found in the rendering engine," said Thor Larholm, senior security researcher at PivX Solutions Inc., a security services company in Newport Beach, California.
Indeed, while the Deepnet makers claim their browser is more secure than others, the 1.3 update also fixes several security vulnerabilities, according to the browser release notes on the company's Web site. For example, Deepnet Explorer was also vulnerable to the high-profile "iframe" vulnerability in IE, which has been exploited to attack users.
"The only thing Deepnet Explorer has that IE doesn't have is a phishing analyzer that tries to block access to known phishing sites and URL's that look 'phishy'," Larholm said. For improved security, Larholm recommends a complete browser switch, for example to Firefox, or securing existing products using tools such as PiVX's Qwik-Fix Pro.
Other features in Deepnet Explorer are meant to make browsing the Web more pleasant. New in version 1.3 is a "floating killer," which detects and blocks ads that float over Web pages. The browser already included a pop-up ad blocker to stop Web sites from opening other windows with advertisements.
Deepnet Explorer also supports tabbed browsing. Version 1.3 adds a feature that lets users group active tabs. The new version also includes a cookie manager so users can keep track and chose to block the small files a Web site places on a user's computer for tracking purposes and to store preferences.
Deepnet Explorer is one of many browsers built on top of Microsoft's IE browser engine. Others include Maxthon, NetCaptor and Optimal Desktop. The IE-based browsers typically offer features that IE itself does not, like support for RSS (Really Simple Syndication) feeds and tabbed browsing. Firefox also includes these features.
Deepnet Explorer can be downloaded at: http://www.deepnetexplorer.com/
Posted by Chad Dickerson at 04:03 PM
Lycos Europe NV is caught in a tit-for-tat struggle with spammers, just days after releasing a free screen saver software program that uses computer down time to swamp Web sites associated with spam campaigns.
At least one Web site targeted by Lycos's "Makelovenotspam" screen saver program, www.moretgage.info, has changed its Web page, forwarding requests it receives to http://makelovenotspam.com, a Web domain that distributes the screen saver program, according to F-Secure Corp. The escalating war with spammers comes amid mounting criticism of the screen saver from antispam experts and a crackdown by ISPs (Internet service providers) on the program.
Lycos launched the "Make Love, Not Spam" screen saver Wednesday, but was circulating a beta version of the software before that. The screen saver promises to "spam the spammer" by sending a steady stream of requests to a list of Web sites that have been used in spam campaigns, slowing those sites. The list of sites to attack is downloaded by the screen saver program from a control server operated by Lycos.
Charges quickly surfaced that Lycos was crossing the line by launching a DDOS (distributed denial of service) attack, which is illegal in the U.S. and most European countries. The antispam campaign also prompted quick retaliation from unknown parties, including a reported hack of the makelovenotspam.com Web site.
Lycos denied that its Web site was hacked and stated that makelovenotspam does not launch denial of service attacks, because the company is careful to avoid completely shutting down the sites it targets. The company did not respond to requests for comment for this story.
The moretgage.info Web page was changed to contain an HTML (Hypertext Markup Language) Meta Refresh tag that forwards all requests to view the page to http://www.makelovenotspam.com, effectively using the screen saver to launch attacks on Lycos's Web site, F-Secure said. Requests for moretgage.info were still being forwarded to makelovenotspam.com Thursday morning, Eastern Standard Time.
More troubling for Lycos, some ISPs are blocking traffic to the server that controls the makelovenotspam screen savers, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.
ISPs are treating Lycos's network of machines running the makelovenotspam screen saver in the same way they treat "botnets" of compromised systems that are controlled by malicious hackers or organized online criminal groups and often used to distribute spam or launch DOS attacks, he said.
"The (makelovenotspam) application isn't really all that well thought out. In a way, it's doing a DDOS attack, and DDOS attacks are always a bad thing, because there are always innocent bystanders who get hit as well," he said.
"I would have to characterize it as an astonishingly stupid idea," said John Levine of the Internet Research Task Force's Antispam Research Group.
Legal questions aside, the "spam the spammers" approach won't work, because those behind spam campaigns can quickly take down and move Web sites referred to in spam e-mail. The makelovenotspam program also consumes bandwidth and resources from the networks and ISPs that serve machines running the software, not just from spammer networks, he said.
"This program steals bandwidth from a lot of people who had no intention of playing junior DDOS cop," Levine said.
Ullrich and others consider the "Make Love not Spam" campaign a publicity stunt, more than a well-planned antispam campaign, but say that it was poorly thought out.
"This is like a lame idea that a college kid would think of, not something a serious company would do, " Levine said.
Resistance from ISPs may bring a quick end to the "Make Love Not Spam" campaign, he said.
"My guess is that they won't be able to sustain this very long, once legitimate networks have figured out who is controlling (the machines running the screen saver) and start blocking access to that host," he said.
Posted by Chad Dickerson at 07:01 PM
The city of Philadelphia has reached an agreement with Verizon Communications Inc. that will let the municipal government deploy a citywide Wi-Fi network, but a carrier-backed bill that would let incumbent carriers block such projects has been signed into law by Pennsylvania's governor.
Philadelphia announced earlier this year that it plans to deploy a wireless broadband network beginning in June 2005 and charge subscribers to use it. Pennsylvania House Bill 30, a broad telecommunications act signed into law Tuesday by Governor Edward Rendell, gives incumbent local carriers such as Verizon the right to keep local governments from setting up paid services like Philadelphia's after Jan. 1, 2006. On Tuesday, Verizon waived this right of first refusal on the Philadelphia project, according to representatives of Verizon and of the city's mayor, John Street.
At issue is the availability of broadband Internet access to residents of Philadelphia, where city CIO Dianah Neff says about 60 percent of the neighborhoods don't yet have high-speed data service. The city aims to fill in gaps in broadband availability, such as in low-income neighborhoods, at an estimated price of US$15 to $25 per month, according to Neff.
The new law re-enacts and expands a part of Pennsylvania's Public Utility Code that, among other things, mandates broadband access for every resident by 2015.
Earlier versions of the bill banned local governments from offering broadband services for pay. The version signed into law Tuesday allows existing services to continue and gives governments a one-year window to develop them. After that point, it requires governments to offer the incumbent carrier the right to provide the service. Free services are not affected by the law.
Verizon believes the Philadelphia project is protected by the one-year window but the city sought greater assurance that Verizon would not fight it, said company spokeswoman Sharon Shaffer.
Philadelphia's agreement with Verizon will allow the city to roll out the network as planned, according to Barbara Grant, the mayor's director of communications. The city intends to finish the estimated $7 million to $10 million deployment by June 2006.
"We think that what we did today provides a good model for how business and government can work together to assure that a public good is provided," Grant said. The network, which will use a wireless mesh to link Wi-Fi access points, will promote economic development as well as providing high-speed data for schools and low-income residents and others, she said.
However, the chief counsel of a state senator who represents part of Philadelphia takes a dim view of the new law.
"This leaves all the rest of the municipalities in the state pretty much on their own," said Christopher Craig, chief counsel for state Senator Vincent Fumo. If those cities want to roll out their own paid services, the local incumbent will be able to dictate terms. Governments should be able to choose service partners based on cost and quality just as private companies do, he said.
"This is all about Verizon being able to do this where they want, when they want and how they want," Craig said.
Verizon opposes paid services offered by cities and municipalities on the grounds that governments have unfair advantages, such as being able to tap into public funds and not having to pay taxes, Shaffer said.
"With so many competitors entering the marketplace and other companies' businesses, we simply believe the same rules should apply to all the players," Shaffer said. Though Verizon is the largest incumbent carrier in Pennsylvania, there are 37 carriers of all sizes in the state's carrier organization, the Pennsylvania Telephone Association, she said.
Posted by Chad Dickerson at 04:29 PM
The Mozilla Foundation has unveiled the most complete preview version yet of its stand-alone e-mail application. The release comes only weeks after the launch of its Firefox browser version 1.0, and is part of the open source software project's continuing efforts to chip away market share from Microsoft Corp.'s dominate Internet Explorer (IE).
The release candidate of Thunderbird 1.0 e-mail management software, launched Wednesday, is being positioned as similar to Microsoft's free end-user application Outlook Express but without the user hassles of dealing with advertisements and spam.
Before the official release of Thunderbird 1.0, slated for Dec. 7, the group is offering the preview version of the free client for last-minute testing. Based on the Mozilla codebase, Thunderbird 1.0 works with most operating systems including Windows, Linux and Macintosh, the group said.
The Mozilla Foundation has said in the past that it aims to capture between 10 percent and 12 percent of the Web browser market by the end of next year. It has already been able to eke out a 3 percent share through its preview versions of Firefox, though Microsoft's IE continues to hoard as much as 95 percent of the market, according to figures from WebSideStory Inc.
Thunderbird is part of that overall effort, although Outlook Express is far from Mozilla's only competition among e-mail clients, with Yahoo Inc. (Yahoo Mail), Google Inc. (Gmail) and Microsoft (Hotmail) all offering popular and free Web-based e-mail services.
Mozilla believes it can woo users over to Thunderbird with features such as the ability to choose between three message views and to customize toolbar buttons, an integrated Usenet newsgroup reader and security features such as not allowing scripts to run by default.
The Mozilla Foundation, based in Mountain View, California, is a nonprofit organization created in July 2003 to support the Mozilla open source software project. Mozilla was originally created at Netscape Communications Corp. in 1998, which was since acquired by media conglomerate Time Warner Inc.
The new Thunderbird release candidate can be downloaded at http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.0rc/
Posted by Chad Dickerson at 04:20 PM
Microsoft Corp.'s MSN division launched a test version of a free Web logging (blogging) service aimed at consumers on Thursday, Microsoft's first foray as a provider of this increasingly popular Internet activity for the mass consumer market.
Called MSN Spaces, the blogging service lets users create an online journal, post photos and digital music lists. Users can establish different levels of visitor access, customize the blog with a choice of different backgrounds and layout templates and update the blog remotely via e-mail or mobile phone.
"Spaces is like a scrapbooking service to share whatever you want to share with people," said Brooke Richardson, MSN lead product manager for communications services.
MSN Spaces also features integration with the MSN Messenger instant messaging service and with the MSN Hotmail Web mail service. For example, MSN Spaces users can create "contact cards" with snapshots of their blogs that are visible to other users via Hotmail and Messenger. It is also be possible for MSN Messenger users to set up an MSN Spaces blog from the MSN Messenger interface.
Moreover, users are notified via MSN Messenger when a certain MSN Spaces blog is updated. "What we're seeing in the blog space is that many blogs are abandoned after about three months, primarily because there's not a lot of engagement or notification with blogs," Richardson said.
MSN Spaces also supports RSS (Really Simple Syndication), so that readers can access the blogs via RSS readers and aggregators. To sign up for MSN Spaces, users should visit http://spaces.msn.com.
However, at least one analyst was thoroughly unimpressed by the service. MSN Spaces provides a watered-down blogging service with a closed publishing architecture and an ecosystem over which the user lacks total control, two principles that are key to blogging's popularity, said Allen Weiner, a Gartner Inc. analyst.
"Microsoft has taken this growing (blogging) trend which is built on open publishing systems and then tried to put its own corporate imprint on it, so it lools like 'blogging by Microsoft' as opposed to the empowering publishing medium it's supposed to be," Weiner said.
Another problem is Microsoft's decision to position MSN Spaces both as an online scrapbook to complement MSN Messenger and Hotmail, and as a conventional blog, which is bound to confuse and turn off potential users, Weiner said. "It's being positioned as neither fish nor fowl," he said. "If it's a blog call it a blog. If it's a scrapbook for users of MSN Messenger and Hotmail, then call it that."
With these missteps, Microsoft is missing a great opportunity to provide a blogging service that is truly intuitive and user-friendly, something the company could achieve if it leveraged its Office applications, in particular Word, to develop MSN Spaces, Weiner said. "Microsoft could have taken Word and created the most amazing blogging product and owned the (blogging) world," he said.
Weiner does give Microsoft credit for giving MSN Spaces a flexible and easy-to-use photo upload tool, a simple way to use RSS and a good playlist-sharing feature. Microsoft could build on these three solid features and revamp MSN Spaces, he said.
MSN on Thursday also released a public beta version of MSN Messenger 7.0, which features new ways for users to get each other's attention through a pair of new features: "nudge," which shakes the chat session window and emits a sound; and "wink," which launches an animation clip in the chat session window. It is available at http://messenger.msn.com/beta.
MSN Messenger 7.0 also has tighter integration with MSN Search via a search box within the MSN Messenger interface and by letting users highlight text in a chat session and right-clicking on it to launch it as a search query.
Posted by Chad Dickerson at 01:24 AM
Members of the European Parliament are set to give a €45 million (US$60 million) boost to efforts to fight child pornography on the Internet.
The members of Parliament (MEPs), who will meet in Brussels Thursday, are due to approve funding for five years for a program designed to promote safer Internet use. The Parliament is a legislative body within the European Union (E.U.).
The funding, which will extend an existing program that runs out at the end of this year, aims to tackle child pornography and other illegal material on the Internet through a range of measures including a series of national hotlines where users can report the distribution of banned material.
Other elements of the program, called the Safer Internet Action Plan, include efforts to raise awareness about the risks of unsuitable material on the Web, and initiatives to develop a voluntary code of conduct for ISPs (Internet service providers).
Edith Mastenbroek, the Dutch Socialist MEP who drafted a report on the plan that is due to be approved Thursday, said the program will help tackle the "biggest problem of safer Internet use for children: the lack of awareness of risks."
ISPs say they back the plan, for the most part.
By providing continuing funding until 2009, the plan will allow the network of hotlines supported by E.U. money to expand, according to Richard Nash, secretary-general of the European Association of Internet Service Providers, EuroISPA. He praised the plan for closely cooperating with industry, and pointed out that ISPs run many of the hotlines.
Nash said, however, that there is one aspect of the plan on which ISPs disagree with Mastenbroek.
Mastenbroek wants to slightly reduce the money available for developing end-user filters and redirect funding toward assessing the effectiveness of different technologies.
"The E.U. should focus the limited amount of money available to filling the gaps the market doesn't fill," she said. Empowering citizens means providing objective filter information, Mastenbroek added.
She argued that a lot of private investment has already gone into filter technology, so it was not a priority spending area for public funds. Mastenbroek added that filters were not effective in tackling key security issues like spyware and pop-ups that direct users to pornographic or gambling sites. She is calling for money to be taken from filter development and used to raise awareness of these issues.
Citing initiatives like the Internet Content Rating Association, which classifies content and allows users to adjust their browser settings to screen unwanted material, EuroISPA's Nash said his organization believed that filters are a "valuable part of a range of tools" for users to tailor their Internet usage.
Posted by Chad Dickerson at 09:59 PM
Orange SA will offer blind customers a software application designed to make their mobile phones talk to them, as part of a new package of services for the visually impaired that will go on sale in France Thursday.
The Talks software causes the phone to speak out loud the various menu options and text messages. Even small phone screens can present a lot of information simultaneously, through icons, titles, and menus -- and the function of a phone's buttons change depending on what is displayed on the screen. This poses little problem for sighted users, but visually impaired users need the audible cues provided by Talks. "We need to know quickly where we are, and what options are available to us," said Widad Cherchali, a blind user of the software.
France Télécom SA, Orange's parent company, will give the software away through its network of retail stores. Specially trained staff will be available at some of the shops to help visually impaired customers install it on their phones, said François-René Germain, group vice president of France Télécom's elderly and disabled people directorate.
Talks runs on eight of the smart phone models Orange sells, including the Nokia 6600, the Siemens SX and the Samsung SGH-D700. It was developed by German programmer Torsten Brand, himself blind.
The software consists of two layers: one, phone dependent, which creates messages relevant to a phone model's particular functions, and another, language dependent, which translates those messages into speech, according to Gilles Candotti of Ceciaa, the software's French distributor.
Having the program running continuously reduces battery life, perhaps by as much as 20 percent, said Candotti.
France Télécom will also offer a package of services for visually impaired customers, "Dixit," including limited free calls to directory enquiries and text message dictation services, and free large-print or braille bills. It already offers hard-of-hearing users a reduced price on text messaging, through a service called "Mot-a-mot."
The launch of the new services and software is timed to coincide with the U.N.'s annual International Day of Disabled Persons, on Dec. 3, said Germain.
Although the software is available in 17 languages, including English, French, German and Italian, Orange is only offering the deal in France for the moment, he said.
Posted by Chad Dickerson at 07:59 PM
The Apache Software Foundation (ASF) may soon have some full-time, paid staff including an executive director, according to a board director of the Delaware foundation. The ASF currently runs on a volunteer model.
"We are at somewhat of a crossroads now in that we have grown so quickly," said Brian Behlendorf, a co-founder and director of the ASF. "(The ASF) is starting to outstrip the ability for people who are volunteers to be able to keep up with it, and effectively manage it."
Behlendorf, who is in Bangalore, India, this week for a Linux event, is also the chief technology officer of CollabNet Inc., a Brisbane, California, provider of on-demand, distributed software development tools.
The ASF was set up in 1999 as a not-for-profit enterprise to provide support for the Apache community of open-source software projects. The Apache software developer community, consisting of approximately 1,200 developers, works on about 20 projects, including the Apache HTTP (Hypertext Transfer Protocol) Server project, its initial undertaking. A board of nine voluntary members runs the ASF's activities.
"It is starting to get to the point where we are realizing that we might need to hire a full-time executive director to help us stay on top of a lot of issues, help us craft a fund-raising strategy, help us craft an effective legal strategy," Behlendorf said. He added that the ASF's size is making the organization difficult to operate solely on volunteer work.
Although the ASF will not pay developers to write software, it is considering hiring staff for some of the "grunt work" such as systems administration that volunteers are not keen on doing, according to Behlendorf. "Apache has ten different servers to do different things, and right now administration is a voluntary thing, and it is hard to get volunteers to carry, say, a pager and respond when there is a problem," he added. People are also less willing to tolerate downtime on the Apache Web site than they were four years ago, according to Behlendorf.
Paying for the full-time staff requires fund raising, and the executive director must handle the challenge of retaining the ASF's independence while raising funds from individuals and companies, Behlendorf said. Currently donations to the ASF are random, he added.
ASF members are currently discussing the plan to hire staff, according to Behlendorf. The ASF is also considering restricting the number of new projects it adds, and narrowing its focus to a few technology areas.
Paying for legal counsel is another ASF possibility. According to Behlendorf, The SCO Group Inc.'s legal claims against Linux made the open source community realize that it needs to be more specific about contributions' origins and getting contributor agreements and honest and clear when putting the copyright statement on the code.
Posted by Chad Dickerson at 05:26 PM
A screensaver developed by Lycos Europe NV that gives spammers a dose of their own medicine is attracting plenty of attention, but not all of it good.
The company officially launched the "Make Love, Not Spam" screensaver Wednesday but a beta version had already been widely distributed. Offering to "spam the spammers," the screensaver works by repeatedly requesting information from Web sites advertised in spam, thereby reducing the performance of those sites.
Reports began to surface earlier this week that the Web site containing the "Make Love, Not Spam" download had been hacked, with users receiving a message reading "Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request has been logged and will be reported to your ISP for further action."
A Lycos Europe spokeswoman said Wednesday that the site had "absolutely not been hacked," however. The company was victim of a hoax, she said, and someone mocked up a screen shot of the hacked site and forwarded it via e-mail.
Although the site was inaccessible to some users Tuesday and Wednesday, the spokeswoman said that this was due to "overwhelming demand" and that the company was working to rectify the situation. The screensaver has already been downloaded over 90,000 times, the spokeswoman said.
She added that the company is "well aware that it is a controversial service" and measures have been taken to defend it.
Even if the company is not currently under attack, a security expert said that Lycos Europe opened a potential Pandora's Box by deciding to take direct action against the spammers.
"This seems like a very shortsighted idea of theirs, lowering themselves to the same level as the hackers and spammers," said Graham Cluley, senior technology consultant at Sophos PLC.
There is the real danger that Lycos Europe has made itself a target for hackers, and what's more the company could be treading into a gray legal area, Cluley said.
Although the screensaver does not send spam, violating antispam laws, it could potentially violate rules against launching a denial of service attack, he said.
But Lycos Europe claims that it does not intend to actually take down the spammers' sites, just deteriorate their performance. The company is using a central database to manage the sites the screensavers are attacking and regularly takes sites out of the attack cycle to make sure that they are not entirely brought down, it said.
That aside, Cluley advised users not to use the screensaver, which could eat up company bandwidth and possibly incite the ire of hackers.
"My advice is to get a decent spam filter, and for God's sake, stop buying things advertised in spam," he said.
Posted by Chad Dickerson at 04:22 PM
Singingfish Inc. will reach out to consumers for the first time on Wednesday when it launches a revamped multimedia search engine on its Web site with the intention of promoting it aggressively.
Singingfish, which until now has remained backstage and focused on licensing its technology to other companies, will move toward the spotlight to position itself as a player in the multimedia search space.
"We're introducing Singingfish as a destination site for the first time," said Karen Howe, Singingfish's vice president and general manager.
Singingfish wants to attract feedback from users and learn from usage patterns in order to take that insight and base multimedia search innovations on it, she said. "We want to push the envelope over what you can do with audio and video search," she said.
Singingfish has had a simple and unadorned search engine on its Web site (www.singingfish.com) for about four years, mostly for the benefit of potential clients interested in licensing the search technology, Howe said. Until now, the search engine wasn't designed to appeal to and attract consumers, although they could use it, she said.
In fact, the decision to give Singingfish an attractive and user-friendly interface and heavily promote it as a stand-alone multimedia search engine was made after seeing a significant spike in queries at the www.singingfish.com Web site over the past year, Howe said. For example, a year ago, the Web site generated several thousand queries per day, but today it generates about 700,000 queries per day, she said. "The growth has been tremendous over the past year," she said.
This figure doesn't take into account the queries Singingfish technology handles for clients such as Microsoft Corp. and RealNetworks Inc., which if counted would increase the volume to about 7 million queries per day.
Corporate clients include Singingfish's parent company America Online Inc., Microsoft and RealNetworks, each of which has implemented and customized Singingfish's multimedia search technology for its own purpose. AOL uses Singingfish technology to power the audio/video section of AOL Search (www.aolsearch.com), while Microsoft and RealNetworks use Singingfish technology to power audio and video searches in their respective media players and accompanying Web sites.
The search engine Singingfish will unveil Wednesday on its Web site will feature the ability to save searches and share them with others; a filter to exclude inappropriate content for children; and a variety of options for narrowing searches, such as limiting results to certain media formats or to certain categories, including music, movies, news and radio. "We changed the user interface pretty dramatically and added a lot more controls to the search experience," Howe said.
Singingfish has an index of more than 14 million audio and video files.
Posted by Chad Dickerson at 04:22 PM
Cingular Wireless LLC plans to offer 3G (third-generation) mobile data service in a number of major U.S. urban and suburban markets next year and in most major U.S. markets by the end of 2006, the mobile operator announced Tuesday.
The service, using UMTS (Universal Mobile Telecommunications System) technology with HSDPA (High Speed Downlink Packet Access), will deliver average data speeds between 400K bps (bits per second) and 700K bps, according to the company. Its merger with AT&T Wireless Services Inc., concluded in October, gave Cingular the radio spectrum it needed to build the national service, a Cingular statement said.
Cingular will build the network using equipment from Lucent Technologies Inc., Siemens AG and Telefonaktiebolaget LM Ericsson, Cingular said. It did not disclose the financial details of its contracts with the suppliers.
The rollout will be a significant one for UMTS, which is being adopted widely in Europe and Asia by operators that, like Cingular, use GSM (Global System for Mobile Communications) technology. AT&T Wireless already offers commercial UMTS services in Dallas, Detroit, Phoenix, San Diego, San Francisco and Seattle, which Cingular will continue to offer. Verizon Wireless Inc. has used another technology, CDMA2000-1x EV-DO (Code Division Mutiple Access 2000-1x Evolution-Data Only), to offer 3G services in 14 U.S. metropolitan areas. Verizon says that service averages 300K bps to 500K bps. Both can deliver even higher speeds in bursts.
The UMTS service will allow subscribers to use data services and make phone calls at the same time, according to Cingular. The operator envisions 3G applications such as high-speed mobile Internet access, enterprise productivity applications, audio and video streaming, high-resolution image capture and playback and multiplayer online gaming for consumers. Also Tuesday, Cingular announced that its strategic handset providers -- Nokia Corp., Motorola Inc. and LG Electronics Inc. -- have committed to delivering UMTS devices in the fourth quarter of 2005.
Cingular currently offers nationwide data services over an EDGE (Enhanced Data Rates for GSM Evolution) network that delivers speeds as high as 135K bps. UMTS devices will be backward-compatible with EDGE networks in the near future, according to Cingular. Nokia, which has provided infrastructure for the EDGE network, has been awarded a two-year contract extension for GSM and EDGE network equipment, software and services, Cingular announced Tuesday.
Also Tuesday, Cingular announced it has started planning the integration of its network with that of AT&T. Combining the two will improve customers' coverage and service quality, the company said.
Cingular, based in Atlanta, is a joint venture of SBC Communications Inc. and BellSouth Corp. and has 46 million customers nationwide.
Posted by Chad Dickerson at 04:22 PM
America Online Inc. (AOL) on Tuesday released a preview version of a new Netscape Web browser that is based on the open-source Firefox Web browser, but also supports Microsoft Corp.'s Internet Explorer (IE) browser engine.
IE is part of Windows and is used by the great majority of Web users. Many Web sites have been designed specifically to work with the Microsoft browser and may not work correctly in browsers using other engines, including the Gecko engine in Firefox.
While current Firefox users may switch to IE when they have a problem with a Web site, AOL's Netscape unit found a different solution. If a Web site does not display well in the standard Firefox-based configuration in Netscape, it takes two clicks to display the page using the IE engine. The browser stores engine preferences per Web site.
The Netscape browser does not actually include the IE engine, but uses the engine that is part of Windows. As such, the browser only works on Windows computers.
The new Netscape browser offers several other features, including some that give users a lot of control over browser security. For example, users can determine per Web site if pop-ups and cookies should be allowed and if the browser should run ActiveX controls (in IE mode), JavaScript and Java.
AOL also enhanced support for RSS (Really Simple Syndication) feeds, which also exists in Firefox. The Netscape browser can display rotating headlines from RSS feeds in a special task bar. RSS feeds are an increasingly popular way to syndicate headlines and sometimes entire articles from Web sites.
The Netscape preview is only available to a select group of testers. A public beta and final release of the new browser is planned for next year, a person familiar with AOL's plans said. The browser and a new e-mail client will eventually replace the current Netscape offering, an AOL spokesman said earlier this month.
Netscape was the most popular browser in the early years of the Web. However, its market share started crumbling when Microsoft introduced IE in the mid-1990s. The acquisition of Netscape by Microsoft rival AOL and a lengthy antitrust trial could not change the browser's fortune.
Analysts said that the death knell was sounding for the Netscape browser after AOL last year laid off essentially all of its Netscape software developers and ended development work on the Mozilla browser technology.
Development work was taken over by the Mozilla open source project, which was originally started in early 1998 by Netscape and continued when AOL acquired Netscape later that year. Last year, the people behind Mozilla created a foundation, largely funded by a US$2 million pledge from AOL, to build, support and promote Mozilla products.
AOL breathed new air into Netscape with the release of Netscape 7.2 in August. That product is based on Mozilla 1.7, a suite of products that includes a browser, e-mail client, Internet Relay Chat client and Web page editor. AOL confirmed plans for the new Firefox-based browser and Tuesday's preview release earlier this month.
Meanwhile, Microsoft's IE continues to dominate the browser market. It has been losing market share since earlier this year with the advent of Firefox, according to the San Diego Web metrics company WebSideStory Inc. Firefox 1.0 was released on Nov. 9.
As of last Friday, IE held 91.57 percent of the U.S. browser market, down from 92.86 percent a month earlier, according to WebSideStory. Firefox stood at 4.2 percent on Friday, up from 3.0 percent a month earlier, according to WebSideStory.
Posted by Chad Dickerson at 03:45 AM
Enterprises can offer video participation in conferences set up with the latest version of Cisco Systems Inc.'s MeetingPlace software, which already supports simultaneous voice and Web conferences, the company is set to announce Wednesday.
The Cisco MeetingPlace 5.3 offering is the latest in Cisco's aggressive move to leverage IP (Internet Protocol) data networks for multiple forms of communication. It brings together MeetingPlace, which the company acquired last year by buying Latitude Communications Inc., with the Cisco CallManager IP telephony system and Cisco IPVC 3500 Series video MCU (Multipoint Control Unit), a videoconferencing server.
MeetingPlace 5.3, available now, lets enterprises schedule conferences in which participants can choose to appear on video, use Web-based collaboration or just call in, said Mike Fratesi, manager of product marketing in the company's IP (Internet Protocol) Communications group. CallManager and IPVC already support videoconferencing, but only on an ad hoc basis, he said: If two users each have a video end point such as a PC or video terminal connected to their IP phones, they can automatically start up a videoconference.
Through MeetingPlace, users can set up MeetingPlace conferences ahead of time in Microsoft Corp. Outlook or IBM Corp. Lotus Notes calendars or via a Web interface, as well as setting up traditional telephone dial-in codes, Fratesi said. Participants can receive a reminder and get into the conference by clicking on a single link, then decide whether they want to participate via video, Web collaboration, voice or all three. During the conference, participants can view one other user at a time or divide their display up into separate screens to show four users. MeetingPlace also gives the manager of the conference the ability to mute participants, Fratesi said.
MeetingPlace, which consists of software and a server, is priced starting at US$69,995 for support of 30 conferencing ports.
Posted by Chad Dickerson at 03:44 AM
December 14, 2004
Court halts Internet tax-avoidance scheme
By Grant Gross
Microsoft testing new e-mail subscription service
By Joris Evers
Ask Jeeves to unveil desktop search tool
By Juan Carlos Perez
Zafi worm variant hides behind Christmas cheer
By Paul Roberts
ICANN enters negotiations on .mobi, .jobs domains
By Scarlet Pruitt
December 13, 2004
Microsoft launches desktop search
By Juan Carlos Perez
3Com to buy Tippingpoint for $430M
By Paul Roberts
Congress fails to act on copyright bills
By Grant Gross
Sony's PSP hits the streets - and the gray market
By Martyn Williams
Oracle to buy PeopleSoft for $10.3 billion
By James Niccolai and Scarlet Pruitt
December 10, 2004
Supreme Court to hear Grokster case
By Grant Gross
Desktop search avalanche set to hit
By Joris Evers and Juan Carlos Perez
Vodafone to link with Boeing in-flight Internet
By Paul Kallender
Amazon enters DVD rental market in the UK
By Scarlet Pruitt
E-government saves loads of cash, UK claims
By Laura Rohde
December 09, 2004
Vulnerability allows scammers to hijack pop-ups
By Scarlet Pruitt
UK to launch Parliamentary inquiry into future e-voting
By Laura Rohde
Vodafone aims for second place in Japan's mobile market
By Paul Kallender
Arizona vendor to pay US$8.71 million E-Rate fine
By Grant Gross
Walmart.com follows Amazon with outages
By Juan Carlos Perez
December 08, 2004
IBM adjusts to harsh PC market
By Tom Krazit
Siebel begins building channel sales program
By Stacy Cowley
Tech firms urge Bush to focus on cybersecurity
By Grant Gross
Commerce One patents auctioned for $15.5 million
By Grant Gross
December 07, 2004
Mozilla's Thunderbird takes on Outlook Express, Eudora
By Joris Evers
Industry group formed to track and thwart IM threats
By Scarlet Pruitt
IBM appears close to PC deal with Lenovo
By Martyn Williams
Akamai accepts damages payment in CWIS patent suit
By Laura Rohde
Virgin plans mobile joint ventures in China and India
By Laura Rohde
December 06, 2004
Trend Micro gives away mobile antivirus software
By Paul Roberts
Court: Interior Department systems can go back online
By Robert McMillan
TheGlobe.com unit guns for IM interoperability
By Juan Carlos Perez
EU's iTunes pricing probe may change the music industry
By Jonny Evans, Macworld.co.uk
Napster founder launches legal P2P service
By Jonny Evans, Macworld.co.uk
December 04, 2004
U.S. Supreme Court to review cable Internet case
By Joris Evers
Mobile phones: An ear full of worms
By John Blau
December 03, 2004
Bush signs Internet tax moratorium
By Grant Gross
• SmartMoney
• NWFusion
• Bend.com
Broadband-over-powerline start-up gets funding
By Network World staff
Lycos pulls antispam screensaver from site
By Scarlet Pruitt
ESPN to enter US mobile services market
By Stephen Lawson
Former cybersecurity czar: Code-checking tools needed
By Grant Gross
Deepnet browser guards against phishing
By Joris Evers
December 02, 2004
Lycos, spammers trade blows over screensaver
By Paul Roberts
Verizon deal lets Philadelphia move with wireless plan
By Stephen Lawson
Mozilla gives sneak peak of Thunderbird e-mail app
By Laura Rohde
MSN to launch blog publishing tool (Update)
By Juan Carlos Perez
December 01, 2004
EU Parliament to fund Net antiporn program
By Simon Taylor
Orange makes phones talk to the blind
By Peter Sayer
Apache may hire full-time, paid staff
By John Ribeiro
Lycos antispam screensaver draws fire
By Scarlet Pruitt
Singingfish opens multimedia search to consumers
By Juan Carlos Perez
Cingular maps out US 3G rollout in 2005, 2006
By Stephen Lawson
New AOL browser embraces Firefox, IE, RSS feeds
By Joris Evers
Cisco adds videoconferencing to MeetingPlace
By Stephen Lawson