Slashdot Mirror

An anonymous reader writes "British TV host Jeremy Clarkson recently wrote a newspaper editorial ridiculing the uproar that had occurred after the British government admitted to losing two compact discs containing the personal information on 25 million people. To support his claim about the overhyped risks of identity theft, he published his bank account information in the article. Proving that some identity thieves have a sense of humor, a week later, he found out that someone had set up an automatic bank transfer for $1000 to a diabetes charity from his account. This comes less than a year after the CEO of LifeLock, an identity theft protection company which publishes the CEO's social security number on its website, himself was a victim of financial fraud. Back in July of 2007, a man in Texas was able to secure a $500 loan from a payday loan company using the CEO's widely publicized SSN. Will this latest incident finally prove that identity theft is real, and that publishing your own financial info is an invitation for fraud?"

edmicman writes "Leave it to Sony to mess up DRM-free music downloads. What is the point of DRM-free tracks if you still have to go to a retail store to buy them? From the Infoworld article: 'The tracks will be offered in MP3 format, without DRM, from Jan. 15 in the U.S. and from late January in Canada... The move is far from the all-digital service offered by its rivals, though. To obtain the Sony-BMG tracks, would-be listeners will first have to go to a retail store to buy a Platinum MusicPass, a card containing a secret code, for a suggested retail price of $12.99. Once they have scratched off the card's covering to expose the code, they will be able to download one of just 37 albums available through the service, including Britney Spears' "Blackout" and Barry Manilow's "The Greatest Songs of the Seventies."'"

GWBasic writes "A Silicon Valley start-up called Nanosolar has shipped its first solar panels — priced at $1 a watt. That's the price at which solar energy gets cheaper than coal. While other companies have been focusing their efforts on increasing the efficiency of solar panels, Nanosolar took a different approach. It focused on manufacturing. 'The company [has developed] a process to print solar cells made out of CIGS, or copper indium gallium selenide, a combination of elements that many companies are pursuing as an alternative to silicon.'" The outfit also happens to be backed by Google, a fact that's getting some attention at tech media sites.

An anonymous reader writes "In 2005, Microsoft settled Burst's lawsuit for infringements on media player patents for $60 million. Many thought that Apple would be a ripe target next. However, Apple successfully voided 14 out of 36 Burst.com's patent claims in their iPod lawsuit. Apple would have gone after the remaining 22 claims. Today, Market Wire announced that the case was settled out of court: "Apple agreed to pay Burst a one-time payment of $10 million cash in exchange for a non-exclusive license to Burst's patent portfolio, not including one issued U.S. patent and 3 pending U.S. patent applications related to new DVR technology. Burst agreed not to sue Apple for any future infringement of the DVR patent and any patents that might issue from the pending DVR-related applications." The big winner would be the lawyers who reduced the settlement to approximately $4.6 million."

Spritzer writes "Yesterday, the House Judiciary Committee approved an amendment to the Internet Tax Freedom Act of 1998 which would prevent the tax ban from expiring. However, the amendment also eliminates tax protection for VoIP services. 'The amendment, offered by committee Chairman John Conyers Jr., a Michigan Democrat, would extend the ban on Internet access taxes until Nov. 1, 2011. ... The Conyers amendment would allow nine states with Internet access taxes to continue them. It would also narrow the definition of Internet access, excluding services such as VoIP from the tax ban.'"

An anonymous reader sends in word of a privilege escalation security issue identified in the open source Xen hypervisor. Xen has issued a hotfix and urged all users to install it. The problem was disclosed by Secunia last week. A user of a guest domain with root privileges could execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted.

An anonymous reader writes "Nokia has responded instantly to the iPhone update-bricking fiasco by running a series of flyposter ads pointing out its own hardware and software is open. While this is to be applauded, it'd be better if companies like this opened their products because they truly believed in openness, rather than to beat the competition over the head. After all, Apple itself used open source with OS X (kernel, web browser) mainly because they knew it would irritate Microsoft. Since that initial blow, they've been a lot less eager to promote open source."

An anonymous reader writes "A reading of the Justice Department's 2008 budget justification to Congress for the FBI indicates the agency is dedicating about 5.5 percent of its field agents to combating cyber crime, the FBI's stated Number Three priority, The Washington Post reports. Take away the agents dedicated to catching child predators online — a program that accounts for the vast majority of the department's prosecutorial victories — and about 3.6 percent of the FBI's agents are dedicated to cyber crime, the report notes. From the story: 'If the FBI's third most-important priority claims just over 3.5 percent of its active agents, how many agents and FBI resources are dedicated to the remaining Top Ten priorities?'"

Joe Barr writes "Fork the kernel? Are you crazy? A blog entry on InfoWorld.com urged the Linux community to fork the kernel into desktop and server versions because, according to the author, all Linus Torvalds cares about is big iron. Sorry, but that's both wrong and stupid."

The Alliance writes "InfoWorld has announced the 2007 Bossie Awards for the Best of Open-Source Software. Awards were given to 36 winners across 6 categories. Honorees include (among others) SpamAssassin, ClamAV and Nessus in security, Wireshark and Azureus Vuze in networking, and ZFS for storage. Interestingly, they split the operating system winners across two distributions, with CentOS winning for server OS and Ubuntu for desktop."

The Alliance writes "InfoWorld has announced the 2007 Bossie Awards for the Best of Open-Source Software. Awards were given to 36 winners across 6 categories. Honorees include (among others) SpamAssassin, ClamAV and Nessus in security, Wireshark and Azureus Vuze in networking, and ZFS for storage. Interestingly, they split the operating system winners across two distributions, with CentOS winning for server OS and Ubuntu for desktop."

InfoWorldMike passed us a link to a story at his site about a way to perform computer functions on the atomic level. IBM has pioneered the process at their Almaden Research lab in California. Essentially, researchers detect 'magnetic anisotropy, a property of the magnetic field that gives it the ability to maintain a particular direction'. Since the process allows the detection of the 'direction' individual atoms are facing, this is the first step towards the ones and zeroes used in binary. "In a second report, researchers at IBM's lab in Zurich, Switzerland, said they had used an individual molecule as an electric switch that could potentially replace the transistors used in modern chips. The company published both research reports in Friday's edition of the journal Science.The new technologies are at least 10 years from being used for components in commercial products, but the discoveries will allow scientists to take a large step forward in their quest to replace silicon, said IBM spokesman Matthew McMahon."

InfoWorldMike passed us a link to a story at his site about a way to perform computer functions on the atomic level. IBM has pioneered the process at their Almaden Research lab in California. Essentially, researchers detect 'magnetic anisotropy, a property of the magnetic field that gives it the ability to maintain a particular direction'. Since the process allows the detection of the 'direction' individual atoms are facing, this is the first step towards the ones and zeroes used in binary. "In a second report, researchers at IBM's lab in Zurich, Switzerland, said they had used an individual molecule as an electric switch that could potentially replace the transistors used in modern chips. The company published both research reports in Friday's edition of the journal Science.The new technologies are at least 10 years from being used for components in commercial products, but the discoveries will allow scientists to take a large step forward in their quest to replace silicon, said IBM spokesman Matthew McMahon."

Ted Samson writes "In their latest round of energy-efficiency tests between AMD Opteron and Intel Xeon, independent testing firm Neal Nelson and Associates find AMD still holds an edge, but it's certainly not cut-and-dried. Nelson put similarly equipped servers through another gauntlet of tests, swapping in different amounts of memory and varying transaction loads. In the end, he found that the more memory he installed on the servers, the better the Opteron performed compared to the Xeon. Additionally, at maximum throughput, the Intel system fared better, power-efficiency-wise, by 5.0 to 5.5 percent for calculation intensive workloads. For disk I/O intensive workloads, AMD delivered better power efficiency by 18.4 to 18.6 percent. And in idle states — that is, when servers were waiting for their next work load — AMD consistently creamed Intel."

Ted Samson writes "In their latest round of energy-efficiency tests between AMD Opteron and Intel Xeon, independent testing firm Neal Nelson and Associates find AMD still holds an edge, but it's certainly not cut-and-dried. Nelson put similarly equipped servers through another gauntlet of tests, swapping in different amounts of memory and varying transaction loads. In the end, he found that the more memory he installed on the servers, the better the Opteron performed compared to the Xeon. Additionally, at maximum throughput, the Intel system fared better, power-efficiency-wise, by 5.0 to 5.5 percent for calculation intensive workloads. For disk I/O intensive workloads, AMD delivered better power efficiency by 18.4 to 18.6 percent. And in idle states — that is, when servers were waiting for their next work load — AMD consistently creamed Intel."

downix writes "On the way into work today, I heard about Acer buying Gateway. A bold move strategically, I wonder what consequences this will have for Gateway's employees and customers. As the purchase price was at $1.90 per share, those of us that purchased Gateway shares a few years ago are reminded just how far it has fallen."

An anonymous reader sends us to InfoWorld for news that Knowledge Networks, an analyst firm, has settled a copyright complaint, agreeing to pay the Software and Information Industry Association $300,000 for sharing copyrighted news articles internally with employees.

narramissic writes "Mozilla has officially backpedaled from a pledge made at Black Hat by the company's director of ecosystem development, Mike Schaver, to fix any critical security bugs in the browser within 'Ten ****ing Days.' On Friday, Mozilla security chief Window Snyder wrote in a blog posting that the 10-day pledge is not Mozilla's policy, saying 'We do not think security is a game, nor do we issue challenges or ultimatums.' And today, the open source browser maker issued a statement retracting the pledge."

n0g writes "In a recent submission to Bugtraq, Larry Gill of Guidance Software refutes some bug reports for the forensic analysis product EnCase Forensic Edition. The refutation is interesting, but one comment raises an important privacy issue. When talking about users creating loops in NTFS directories to hide data, Gill says, 'The purposeful hiding of data by the subject of an investigation is in itself important evidence and there are many scenarios where intentional data cloaking provides incriminating evidence, even if the perpetrator is successful in cloaking the data itself.' That begs the question: if one cloaks data by encrypting it, exactly what incriminating evidence does that provide? And how important is that evidence compared to the absence of anything else found that was incriminating? Are we no longer allowed to have any secrets, even on our own systems?"

Blahbooboo3 writes "Reported by several news organizations, pirated software worth more than $500 million has been seized by authorities in China as part of a joint operation run by Chinese police and the FBI. Microsoft estimates that the software piracy of an international counterfeiting syndicate, over the past six years, cost the company at least $2 billion in lost software revenue. Microsoft said that key information in the investigation came from its Windows Genuine Advantage program, an anti-piracy system that can check whether an OS is legit. It's generally accepted that Microsoft has done well out of software piracy: it helps products become widely used, and as the market matures, people start to pay for their software. And this has been a major factor in Windows beating Linux in China, as Bill Gates has admitted."

Ted Samson writes "AMD Opteron servers proved up to 15.2 percent more energy-efficient than those running Intel Xeon in a server-power-efficiency test performed by Neal Nelson and Associates, InfoWorld reports. That translates to annual electricity savings between $20.29 per server and $36.04 per server, depending on the workload, the study concluded. The benchmark tests were conducted on similarly configured 3GHz systems running Novell SUSE Linux, Apache2, and MySQL."

An anonymous reader notes that InfoWorld is covering a survey of North American developers that claims that Linux is gaining share as the number of developers targeting Windows fell 11 percent over the last year. Evans Data has been conducting these surveys of client, server, and Web developers since 1998. Evans Data says that the arrival of Windows Vista likely only kept the numbers from being even worse. The big gainer wasn't developing for a Web platform, but rather for Linux and "nontraditional client devices." Windows is still dominant, with 65% of developers writing code for this platform. Linux stands at almost 12%, up from 8% a year earlier. The article says that Evans Data collected information on Mac and Unix development but did not include them in this year's report.

cyrusmack writes "Hot on the heels of the bad news regarding the defeat of all open formats bills, New York has become the latest in an area that has seen a flurry of activity already this year. In the article on InfoWorld, it's pretty clear that this bill is significantly watered down from what other states have attempted to do this year. You can bet Microsoft will be there in force, just as it has been elsewhere."

Bennett Haselton is back with another piece on e-mail privacy. He starts "On April 14, 2007, I signed up for an AmeriTrade account using an e-mail address consisting of 16 random alphanumeric characters, which I never gave to anyone else. On May 15, I started receiving pump-and-dump stock spams sent to that e-mail address. I was hardly the first person to discover that this happens. Almost all of the top hits in a Google search for "ameritrade spam" are from people with the same story: they used a unique address for each service that they sign up with, so they could tell if any company ever leaked their address to a spammer, and the address they gave to AmeriTrade started getting stock spam. (I don't actually do that with most companies where I create accounts. But after hearing all the AmeriTrade stories, I created an account with them in April just for the purpose of entering a unique e-mail address and seeing if it would get leaked.)" Bennett continues on if you're willing to click the link.

What's surprising is that as far as I can tell, AmeriTrade has taken almost no heat in the media for letting this happen. Despite the abundant testimonials from bloggers who had their addresses leaked, the story never crossed over into the "mainstream" Internet press. In a recent Bloomberg News story, the FBI warned that E*Trade and AmeriTrade users were vulnerable to spyware installed by criminals in hotels and cybercafes to capture accounts and run pump-and-dump stock spams; no mention of the fact that all AmeriTrade e-mail addresses were apparently already in the hands of spammers anyway (although no one knows if usernames and passwords were leaked to the spammers as well).

This doesn't bode well for anyone who uses any type of online service and wants that service to keep their personal information secure. If AmeriTrade got skewered in the media for leaking customers' personal information to spammers, other companies would see that and learn the lesson. On the other hand, if AmeriTrade gets away with it with barely a whisper in the mainstream news, other companies are going to take note of that, too. Besides, spam and identity theft hurt everyone, not just the victims, because the costs are passed on to all of us in terms of higher ISP charges, higher payment processing fees, and more mail lost due to stringent spam filters.

AmeriTrade disclosed in April 2005 that a tape containing some customer information might have been stolen in February of that year, and many spam victims who blogged about their AmeriTrade addresses being stolen, referenced that incident as the likely cause. But after Bill Katz's blog post became a clearinghouse of sorts for complaints about stolen AmeriTrade addresses (probably as a result of being the first match on Google for "ameritrade spam"), several users posted that they had received spam at accounts that were only created with AmeriTrade in summer 2006. And then my e-mail address got leaked between April 14 and May 15, 2007. So it's pretty clear that some attacker has access to the AmeriTrade customer database on an ongoing basis, and the February 2005 tape theft probably had nothing to do with it.

AmeriTrade says that California law required them to notify their California customers of a potential security breach after the tapes were stolen, and that they went further and notified all of their customers anyway. Since there is now proof that their database is more or less perpetually open to some outside attacker, will they send out another notification letter to customers?

An accidental security breach can happen to any responsible company, especially if they are compromised from the inside. But the trail of blogosphere and UseNet posts indicates that several times AmeriTrade has concealed the full extent of the problem from customers who asked them about it, or has given out information that they already knew was wrong. In one thread in October 2005, a user reported that they wrote to AmeriTrade asking why their AmeriTrade-only e-mail address was getting spammed, and AmeriTrade replied that the spammer might have guessed the address using a dictionary attack, adding:

We have no reason to believe that any of our systems have been compromised. Ameritrade deploys state of the art firewalls, intrusion detection, anti-virus software as well as employs a full time staff of employee's dedicated strictly to Information Security and protecting Ameritrade's systems from unauthorized access.

But that was long after February 2005, when AmeriTrade said that tapes containing customer data were stolen. (Even if that turned out not to be the cause of the spam after all, by that point AmeriTrade knew that their customers' addresses had been leaked somehow.)

Then when my friend Art Medlar complained to AmeriTrade this year about the same thing happening, he got a response saying that even if he was getting spammed by an address that he only gave to AmeriTrade, that could be the result of hackers "implanting 'bots' that have the ability to extract e-mail addresses from your computer, even when you have protective spy software engaged". But of course this makes no sense -- if this were the source of the problem, it would affect everyone's e-mail addresses equally, and would not explain why a disproportionate number of complaints were coming from people who created addresses that they gave to AmeriTrade specifically.

When I sent AmeriTrade my own inquiry, I got a response that was identical to a forwarded message that someone else posted to news.admin.net-abuse.email in April. (To their credit, in this version of the message, AmeriTrade is acknowledging responsibility for the problem instead of attributing it to dictionary attacks or botnets. But the e-mail contains the curious piece of advice: "Please be sure to delete any spam you might receive, then empty your e-mail's trash so that it's no longer kept there, either." Huh? As one reader replied to the UseNet thread: "Cynical Translation: Please don't retain any independent evidence.") At first I didn't realize this was a boilerplate response, so I sent back some more questions, asking, for example, whether they would notify their California customers of the data security breach as required by that state's laws. The second response I got was a copy of the old boilerplate that they were sending out two years ago, blaming "dictionary attacks".

Now, compared to the 1,000 spams I already get every day (pre-filtering), the AmeriTrade spams were just a drop in the bucket, and many of their customers are probably in the same boat. And unlike most AmeriTrade customers, at least I can stop all AmeriTrade spam just by de-activating those addresses, since they aren't used for anything else. (Right now I'm keeping them open just to see what else comes in.) But AmeriTrade's database also contains much more valuable information such as names, PIN numbers (do you use the same PIN number everywhere that you sign up?), and Social Security Numbers. When I signed up for my account, informed by dire warnings that federal law required accurate information "to help the government fight the funding of terrorism and money laundering activities", I gave AmeriTrade my real SSN, address, and other personal data, figuring that if I gave them false information, I might get in more trouble than the experiment was worth. But now that the attacker has my e-mail, they might have all of my other information as well. In the coming months I'll probably start checking my credit report more often than I used to.

Probably someone inside AmeriTrade is selling customer data to an outside spammer. (It seems less likely that an attacker would keep breaking into AmeriTrade repeatedly to get updated copies of the customer list. Once you've broken in and gotten the customer database from 2006, why bother breaking in a year later, taking the risk all over again of getting caught and going to jail, just to get the updated 2007 database? Surely the 2006 list would be enough to run any pump-and-dump stock scam that you want!) Two suggestions to AmeriTrade to tighten their security: First, the number of people within the company who can access the customer database, is probably a lot larger than the number who actually need to access the customer database. Limit access to the e-mail database to people who actually need it. Second, in any cases where different employees really need to have access to the list, try giving them different versions of it, where each version is "seeded" with spamtrap addresses at Hotmail and Yahoo Mail. If the spamtrap addresses that start receiving spam are all ones that were used to seed one particular employee's copy of the list, then you've found the source of the leak. That won't stop the spam being sent to addresses that have already been stolen, but it could prevent further leaks from happening.

The SEC recently announced that they would suspend trading of companies whose stocks had been the target of spam campaigns to manipulate the price. Perhaps AmeriTrade could do something similar -- once a stock is identified as being promoted in spams sent to AmeriTrade customers, any customer attempting to buy that stock would be presented with a message saying that AmeriTrade was blocking the transaction for security reasons. (If this runs afoul of some SEC regulation that a brokerage has to let you buy any stock you want any time you want, then at least display a big warning when AmeriTrade users try to buy it through their system, saying that the stock has been the subject of a fraudulent promotion scheme and is an extremely high-risk buy.) However, while this would remove the incentive for stock spammers to target AmeriTrade customers, it's also really just covering up a symptom of the problem, rather than addressing the problem itself, which is that a spammer was able to steal the customer information from AmeriTrade's database in the first place.

But whatever they do, AmeriTrade should stop blowing off the people who complain about the spam, with messages about "dictionary attacks" and "botnets". When customers create specialized spamtrap addresses to detect if their e-mails ever get leaked, those are the tech-savvy customers who (a) know what they're doing, and (b) hate spam more than most people, and giving them misleading information is just poking a stick in their eye. Not a smart move when AmeriTrade has been leaking private customer information and is based, as their name indicates, in the most litigious country in the history of the world.

BSDetector writes "Apple has released fixes for 17 OSX vulnerabilities, ranging from system takeover to denial-of-service attacks. It was the fifth security update released this year. It also marked the first time this year that an operating system security update from Apple did not patch a vulnerability disclosed by the January Month of Apple Bugs project. Today's update pushed Apple's year-to-date patch total to over 100. More than one of the affected flaws were called 'critical' or 'dangerous'."

InfoWorldMike writes "On the back of defending the agreement this week, Novell did as promised and published details of its landmark November 2006 Linux partnership agreements with Microsoft. Linux advocates are expected to scour the documents for signs of how the agreement may affect Linux and whether anything in it will put Microsoft or Novell in potential violation of the upcoming version 3 of the GNU General Public license (GPL). The GPL is used in licensing many components of the Linux operating system. Open-source advocate Bruce Perens said he would be looking to see exactly what Novell was given through the deal and whether there is any requirement for the Linux vendor to defend Microsoft's patent claims. 'What I'm actually looking for is, to what extent was there a violation of faith?' he said."

InfoWorldMike writes "On the back of defending the agreement this week, Novell did as promised and published details of its landmark November 2006 Linux partnership agreements with Microsoft. Linux advocates are expected to scour the documents for signs of how the agreement may affect Linux and whether anything in it will put Microsoft or Novell in potential violation of the upcoming version 3 of the GNU General Public license (GPL). The GPL is used in licensing many components of the Linux operating system. Open-source advocate Bruce Perens said he would be looking to see exactly what Novell was given through the deal and whether there is any requirement for the Linux vendor to defend Microsoft's patent claims. 'What I'm actually looking for is, to what extent was there a violation of faith?' he said."

InfoWorldMike writes "On the back of defending the agreement this week, Novell did as promised and published details of its landmark November 2006 Linux partnership agreements with Microsoft. Linux advocates are expected to scour the documents for signs of how the agreement may affect Linux and whether anything in it will put Microsoft or Novell in potential violation of the upcoming version 3 of the GNU General Public license (GPL). The GPL is used in licensing many components of the Linux operating system. Open-source advocate Bruce Perens said he would be looking to see exactly what Novell was given through the deal and whether there is any requirement for the Linux vendor to defend Microsoft's patent claims. 'What I'm actually looking for is, to what extent was there a violation of faith?' he said."

prostoalex writes "An 'online media company' Zango, which gained notoriety for redirecting adult affiliate traffic and the first ever MySpace worm, is now suing the anti-spyware vendor PC Tools, maker of an application called 'Spyware Doctor', for removing Zango applications off the consumers' PCs. 'According to a posting on a blog called Spamnotes.com, Zango is seeking at least $35 million in damages, alleging that Spyware Doctor removes Zango's software without warning users that it will be deleted. The lawsuit was filed Tuesday in King County Superior Court in Seattle, according to Spamnotes.com. Formerly known as 180solutions, Zango is trying to clean up its tarnished reputation. In November it paid $3 million to settle U.S. Federal Trade Commission charges that its software was being installed deceptively on PCs.'"

johnmeister writes to tell us that InfoWorld's Roger Grimes is finding it hard to completely discount a reader's argument to only patch minimum or low security bugs when they are publicly discovered. "The reader wrote to say that his company often sits on security bugs until they are publicly announced or until at least one customer complaint is made. Before you start disagreeing with this policy, hear out the rest of his argument. 'Our company spends significantly to root out security issues,' says the reader. 'We train all our programmers in secure coding, and we follow the basic tenets of secure programming design and management. When bugs are reported, we fix them. Any significant security bug that is likely to be high risk or widely used is also immediately fixed. But if we internally find a low- or medium-risk security bug, we often sit on the bug until it is reported publicly. We still research the bug and come up with tentative solutions, but we don't patch the problem.'"

Freaky_Friday wrote with a link to an InfoWorld article about a teenage kid accessing customer information at AOL. The alleged criminal trespass began late last year, and extended up through early April. According to the article, the guy used some 'off-the-shelf' hacking software he downloaded online to gain access to, and then transmit information from, AOL's systems. "The complaint states that Nieves admitted to investigators that he committed the alleged acts because AOL took away his accounts. 'I accessed their internal accounts and their network and used it to try to get my accounts back,' the defendant is quoted as saying in the complaint. He also admitted to posting photos of his exploits in a photo Web site, according to the complaint ... If the defendant was honest about his motivation in his reported confession, it's safe to assume that he wasn't interested in stealing data for financial gain, [Managing director of technology at FTI Consulting Mark] Rasch said. Still, it'll be interesting to find out what steps AOL is taking if customer data was in fact compromised, he said."

joetheprogrammer writes "Dell has announced that they are going to offer a special configuration option with its Latitude D420 laptop that will allow users to swap clunky old HDs in favor of a 32GB SanDisk Flash hard drive. The only hitch comes with the price tag, which is set at a rather expensive price of $549. This will definitely ensure the laptop is set for a very high-profile consumer. 'The 1.8-inch 32GB SanDisk SSD, which SanDisk announced in January, increases performance by as much as 23 percent and is three and a half times less likely to fail when compared with HDDs currently available for the Latitude line, Dell said. The drive, currently available in North and South America, costs $549 -- on par with the 32GB drive Sony is offering exclusively in Japan for the Type-G Vaio. SanDisk will expand SSD availability to Europe and Asia in the near future.'"

strick1226 writes "Ed Foster over at InfoWorld describes the Spy Act bill (H.R. 964) as having the same relation to the prevention of spyware that the CAN SPAM Act had to the prevention of spam. It allows exceptions for companies to utilize spyware for any number of reasons; if this bill had been law when Sony distributed their rootkit, they would have had perfect cover. Most troubling is that the bill would preempt all state laws, including those more focused on the privacy of people's data, and disallow individuals from bringing suit. It is expected to pass soon with 'strong bipartisan support.'"

randomErr writes "As reported by Info World, Microsoft was issued a cease and desist order on February 7 of this year by Vertical Computer Systems. The order was for patent infringement by the current implementations of the .NET framework. Both the .NET framework and Vertical Computer Systems' SiteFlash use XML to create component-based structures that are used to build and operate web sites. Vertical Computer Systems is requesting a full jury trial. If VCS prevails, .NET technology implementations as we know them may completely change and Microsoft would probably have to pay out a hefty sum."

grantus writes "Today, the U.S. Department of Justice joined three whistleblower lawsuits against Hewlett-Packard, Sun Microsystems and Accenture alleging a massive kickback scheme on government contracts. Among the IT vendors listed in the lawsuit as Accenture partners are Microsoft, Cisco, IBM, Dell and Oracle."

DefectiveByDesign writes "Remember how AMD said they'd make use of ATI's GPU technology to make better technology? Well, not all change is progress. InfoWorld's Tom Yager reports that AMD plans to block access to the framebuffer in hardware to help enforce DRM schemes, such as allowing more restricted playback of Sony Blu-Ray disks. They can pry my Print Screen key from my cold, dead fingers."

InfoWorldMike writes "EU commissioner Neelie Kroes has lashed out at Microsoft in comments to European parliamentarians Thursday, saying it is 'unacceptable' that the company continues to gain market share using tactics that were outlawed in the Commission's 2004 antitrust ruling against the software vendor. 'Three years later Microsoft still hasn't complied with the main demand imposed by the European antitrust ruling: that the company share interoperability information inside Windows at a reasonable price to allow rival makers of workgroup servers to build products that work properly with PCs running Windows.'"

InfoWorldMike writes "EU commissioner Neelie Kroes has lashed out at Microsoft in comments to European parliamentarians Thursday, saying it is 'unacceptable' that the company continues to gain market share using tactics that were outlawed in the Commission's 2004 antitrust ruling against the software vendor. 'Three years later Microsoft still hasn't complied with the main demand imposed by the European antitrust ruling: that the company share interoperability information inside Windows at a reasonable price to allow rival makers of workgroup servers to build products that work properly with PCs running Windows.'"

InfoWorldMike writes "EU commissioner Neelie Kroes has lashed out at Microsoft in comments to European parliamentarians Thursday, saying it is 'unacceptable' that the company continues to gain market share using tactics that were outlawed in the Commission's 2004 antitrust ruling against the software vendor. 'Three years later Microsoft still hasn't complied with the main demand imposed by the European antitrust ruling: that the company share interoperability information inside Windows at a reasonable price to allow rival makers of workgroup servers to build products that work properly with PCs running Windows.'"

An anonymous reader writes "An InfoWorld blog entry makes a business case for open source software, and attempts to explain the business benefits of OSS to management and business owners. The primary benefits the piece uses to argue in favor of OSS include no licensing fees, and no license keys. The article also argues that OSS results in freedom from 'ownership' by software vendors. 'Never again will you fear the BSA (Business Software Alliance) knocking on your door wanting to perform a software audit. The BSA even takes out advertisements on Google search pages for and up to $200,000 reward a disgruntled ex-employee can receive for reporting your company to the BSA! That's quite a powerful motivator...'"

InfoWorldMike writes "In an apparent attempt to boost its disappointing Web search market share, Microsoft will give 'service or training credits' to companies that will share employees' Live Search usage data. The program is being tested with 'a select number of enterprise customers based on the number of Web search queries conducted by their employees via Live Search,' Microsoft said in a statement late on Thursday. The move prompts InfoWord's ed-in-chief to ask: Is Office Live Microsoft's gateway drug?"

InfoWorldMike writes "In an apparent attempt to boost its disappointing Web search market share, Microsoft will give 'service or training credits' to companies that will share employees' Live Search usage data. The program is being tested with 'a select number of enterprise customers based on the number of Web search queries conducted by their employees via Live Search,' Microsoft said in a statement late on Thursday. The move prompts InfoWord's ed-in-chief to ask: Is Office Live Microsoft's gateway drug?"

InfoWorldMike writes "In an apparent attempt to boost its disappointing Web search market share, Microsoft will give 'service or training credits' to companies that will share employees' Live Search usage data. The program is being tested with 'a select number of enterprise customers based on the number of Web search queries conducted by their employees via Live Search,' Microsoft said in a statement late on Thursday. The move prompts InfoWord's ed-in-chief to ask: Is Office Live Microsoft's gateway drug?"

uniquebydegrees writes "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure.

uniquebydegrees writes "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure.

uniquebydegrees writes "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure.

zakkie writes "According to InfoWorld, Google's Desktop indexing engine is vulnerable to an exploit (the second such flaw to be found) that could allow crackers to read files or execute code. By exploiting a cross-site scripting vulnerability on google.com, an attacker can grab all the data off a Google Desktop. Google is said to be investigating. A security researcher is quoted: 'The users really have very little ability to protect themselves against these attacks. It's very bad. Even the experts are afraid to click on each other's links anymore.'"

marty writes "Februrary is not a good month for Mozilla developers. Infoworld reports about the efforts of Polish researcher Michael Zalewski, who apparently kept finding new vulnerabilities in the popular browser on a daily basis through the month, first postponing the 2.0.0.2 update, and then finding a remotely exploitable flaw in it immediately after its release."

InfoWorldMike passed us a link to an entertaining article with a sort of 'top 12' innovative technologies that could change the world. Some of the techs include solid-state drives, holographic and phase-change storage, artificial intelligence, e-books, desktop web apps, and quantum computing/cryptography. For each of these technologies, expert observers weigh in on the potentials and pitfalls of these disciplines. Here are Esther Lim's comments on e-books: "Another issue, besides the prohibitive cost and cumbersome nature of e-documents, concerns the vast portion of the contracts that were signed and agreed upon before e-books came onto the scene ... That raises questions not just in terms of what rights the user has, but what rights the publisher has vis-à-vis the copyright holder." We've discussed almost all of these technologies on the site at one point or another. Which is the most important? Which one do you think we'll never 'get right'?

InfoWorldMike passed us a link to an entertaining article with a sort of 'top 12' innovative technologies that could change the world. Some of the techs include solid-state drives, holographic and phase-change storage, artificial intelligence, e-books, desktop web apps, and quantum computing/cryptography. For each of these technologies, expert observers weigh in on the potentials and pitfalls of these disciplines. Here are Esther Lim's comments on e-books: "Another issue, besides the prohibitive cost and cumbersome nature of e-documents, concerns the vast portion of the contracts that were signed and agreed upon before e-books came onto the scene ... That raises questions not just in terms of what rights the user has, but what rights the publisher has vis-à-vis the copyright holder." We've discussed almost all of these technologies on the site at one point or another. Which is the most important? Which one do you think we'll never 'get right'?