Investors who believed that Google had a magic wand that allowed it to turn web visitors into highly profitable money machines today were dealt a severe blow.

At the Internet Advertising, Information and Educations Conference that was hosted by Merrill Lynch in New York, Google CFO George Reyes explained that  the company's past stellar growth was merely the result of a technical project that allowed the search engine to better serve online advertisements.

But more importantly, the company by now feels that is has done all the tweaking it can do to its advertising system. There is no way to sugar-coat this: future revenue increases for Google will be less stellar.

A full transcription of Reyes' remarks (webcast here - section is around 28:00 into the recording) on this topic:

"We went through a period of 18 months where we had a revenue force initiative, a team of very bright technical engineers that were trying to tweak and optimize the ad system in a very responsible way. That sort of paid off nicely with the fruits of that labour. What's happened since then is: we got so good at that, that really most of what is left is organic growth, which means you have to grow your traffic and you have to grow your monetization. We are, clearly our growth rates are slowing and you see that in each and every quarter and we're going to have to find other ways to monetize the business."

After reality sank in, investors dumped their Google shares, which lost about 7 per cent in the stock market today.

Didn't they learn from the dotcom bubble that no company or new economy can cheat the laws of economics?

Tags: google

Posted by Tom Sanders on February 28, 2006 | Permalink | Comments (0)

In addition to the new Mac Mini, Jobs also unveiled the new iPod Hi-Fi, a boombox for that allows users to plug their player right in the top. Jobs compared the device with end end appliances from Bose and Denon, but touted its $349 price as a major differentiator.

It can be powered either by batteries or through the build in power adapter.

\

Specs for the iPod Hi-Fi

Tags: apple, steve jobs, mac mini

Posted by Tom Sanders on February 28, 2006 | Permalink | Comments (2)

Apple chief executive Steve Jobs has just unveiled his new Mac Mini powered by an Intel processor. A single core model goes for $499 and a dual core for $799. Available as of now.

The computers now also come with Frontrow and the application has been equiped with the option to share content across computers through the "bonjour" networking protocol (formerly called Rendezvous)

Jobs shows off performance of the new Intel Core Duo Mac Mini relative to the G5 processor.

The Mac Mini looks about the same as the previous models. Execpt that there is now an infrared receiver build into the front (the little black dot you see in the upper right corner of the unit).

The Mac Mini still is: bring you own keyboard, mouse and monitor: either from Apple...

...or from some other manufacturer, Jobs joked.

Tags: apple, steve jobs, mac mini

Posted by Tom Sanders on February 28, 2006 | Permalink | Comments (0)

Apple co-founder Steve Wozniak (aka: the Woz) is fighting back against an interview that appeared in Toronoto Globe and Mail. In summary, he is denying his negative remarks about Apple's switch to Intel chips and his alleged call on Apple to split off the chipmaking division in an email that he sent to the themacintoshguy mailing list:

I was in New Zealand and am just now back home. I saw a couple of headlines that were way off base.

As for Microsoft's desire to be more like Apple (creative, not the Dark Empire), I have insights into that aspect. It's opinion but why be constantly negative, like saying that bad things from the past mean MS will always be a bad guy. I myself am not known for taking the enemy approach to anything.

As for "spinning off iPod" I heartily deny saying this. The reporter asked some such question and I laughed it off as ludicrous. Why would Apple spin off something so successful. Then the reporter suggested that it could be like a separate division. Well, organizationally, it must be so already and I acknowledged the question I was asked in that way. Then the reporter asked if it made sense to have the iPod division somewhere else and I gave a mixed response, a logical response. I likened it to HP divisions when I worked at HP. There is a nice environmental effect in separate divisions. But then I mentioned that the HP divisions were making very different product lines, whereas the strength of the iPod came from treating a music device as a 'satellite' to a computer, and the intertwining of iTunes and the iPod made this possible. I did NOT say that the iPod division should be spun off and I feel used in that regard.

As for Intel, I have consistently backed that decision. But virtually every issue ever is not black or white. In this case the only thing I've ever said slightly negative, myself, is that I'd hoped for a new low power silicon technology that would extend for future generations, a'la IBM's copper technology back a ways. I said that I had hoped for more than just a good design to keep as much of the chip inactive as possible. The reporter again pushed me to say I was negative on the transition. That's a laugh, as anyone who is close to me can tell you, but I did acknowledge that some might be against it because of our 'big enemy' stance and so much of our Macintosh history riding on being different than the masses. That statement must have been stretched into being one about my own thinking.

I'm extremely short of time, organizing things after a long trip (mostly email requests for my time) so if any of you can spread my comments around, all the better. The problem with thinking is that if you think out a 30 second explanation, it passes over the 5 second sound-byte crowd.

Tags: steve wozniak, apple

Posted by Tom Sanders on February 28, 2006 | Permalink | Comments (3)

In an email story from hell, the university of California in Berkeley has accidentally send out an email to all 7,000 students that registered for the school's law school. But the school can only accommodate 800 to 850 students a year.

It turns out that the school's director of admissions Edward Tom goofed up when he was training a new staff member, showing how to send an email to a large group of recipients as well as other features of the schools' mass email system. One thing lead to the other, and before he knew it, he had selected the acceptance letter.

“I’ve never had a glitch with that expert in six years of training new staff members,” Tom told Computerworld. “It takes a bumbling fool like me."

Berkeley's law school hides behind trees in shame.

Tags: UC Berkeley, email

Posted by Tom Sanders on February 28, 2006 | Permalink | Comments (0)

Sun Microsystems has finally admitted that its retail Grid is a big failure.

In fact, the service hasn't even been launched, despite a ceremony last year in which Sun president Jonathan Schwartz flipped a symbolical switch to take the grid live.

The path to the grid's failure is paved with lies.

Last year in May the company's grid chief Aisling MacRunnels claimed that: "We had to reprioritise things because some very large banking customers needed capacity. We got way better response than we anticipated."

At least Schwartz himself technically wasn't lying when he told vnunet.com:

"What we have seen is a large number of CIOs who are now benchmarking their data centres and trying to figure out if they are spending more than a buck an hour. I see a huge amount of proofs of concepts where customers are looking at what they are paying for their own grid or what they are paying outsourcers."

At the time he just conveniently left out (if he knew) that those companies came to the conclusion that a grid failed to offer them the required level of security assurances. And that the US State Department raised a red flag, forcing Sun to instate a check to keep out customers from terrorist states.

The grid now again is "imminent", Schwartz claimed last Friday.

But somehow the server maker has lost its credibility in making those promises.

Vapourware image

Tags: sun microsystems, grid, jonathan schwartz

Posted by Tom Sanders on February 28, 2006 | Permalink | Comments (0)

Google Base still is far more then an eBay competitor, but it is getting closer.

The search engine has quietly added a payment option to the Google Base beta.

Google Base at the moment isn't much, but could become a lot. You have to think big to see the potential of Google Base, and you have to be willing to speculate even more.

Now that we have those disclaimers out of the way: think of Google base as an open database holding all kinds of information, from store items to recipes. Add a truckload of meta information and you've got a poster child for the web 2.0 hype.

If Google succeeds to collect enough information, the search engine becomes the proprietor of the world's largest online database, and a platform for all kinds of mesh-up applications similar to the likes of Housingmaps.com.

While it's still all about the data, adding a payment service will allow Google to generate revenues off its Google Base service.

In the process the company gets to create a viable alternative to Ebay and Paypal, both of which in the past years have become complacent and started to display monopolistic behaviour with fee hikes that were to benefit corporate profits instead of reflecting the laws of supply and demand. Either way, the consumer wins.

Tags: ebay, google, google base

Posted by Tom Sanders on February 27, 2006 | Permalink | Comments (0) | TrackBack (1)

Yahoo Music's chief Dave Goldberg (photo below) has called upon the music industry to let go of digital rights management technology.

The proposal will be music to the ears of consumers. Digital rights management technology after all not only prevents illegal copying of music, it also blocks consumers from listening to the  music everywhere and on any device.

iTunes music for instance won't play on your Creative media player, and Yahoo Music content doesn't play on an iPod.

The labels however fear that a lack of DRM will spark a boom in music piracy.

They fail to see however that even in today's DRM world, pirated music is easy to come by. Most consumers will still obediently pay for music because it’s the right thing to do.

I doubt though that any label will have the guts to give this a try.

Tags: digital entertainment, itunes, ipod, yahoo music, Dave Goldberg

Posted by Tom Sanders on February 24, 2006 | Permalink | Comments (0)

Looking for a cheap way to protect laptop's hard drive in case of theft? Mac Geekery has a few simple but clever solutions.

Instruct the computer to periodically check a website for a secret codeword or file. If the file is there (or isn't), the computer will launch a self-destruct mode. It may not get you your computer back, but at least your data should be protected.

While the site's example is build for a Mac, there is nothing that should prevent this from working on a Windows machine.

Just make sure that your friends don't put the code-file on your server as a prank.

Selfdestruction

Photo: Papp-Kuster Ádám

Tags: laptop theft, security

Posted by Tom Sanders on February 24, 2006 | Permalink | Comments (0)

It's no secret that Google will go to great lengths to allow its employees to focus on their work.

Time.com is now offering a photo essay on its website that shows life inside the Googleplex, as the company's campus is often called.

The best photo if you ask me is that of a life guard sitting next to a swim-in-place pool where a Google employee is swimming. The guy couldn't look more bored, and in the extreme demonstrates the gap between Silicon Valley's highly paid knowledge workers and the maintenance crews that allow them to maintain their Californian lifestyles.

Photo courtesey of Google

Tags: google, googleplex

Posted by Tom Sanders on February 24, 2006 | Permalink | Comments (3)

Blackberry maker Research in Motion later today may face what could be considered a final decision in the prolonged patent battle with NTP.

Meanwhile NTP's patents are being invalidated by the US Patent and Trademark Office, but oddly enough, the judge couldn't care less about that. He'll have to go with a 2002 jury trial that found that RIM infringed on NTP's patents. It's like getting fined for speeding when going 65 on a 70 mph highway because the officer claims that the speed limit was 55.

If RIM wants to do society a favour, it takes this case as far as it possibly can, allowing the patents to be invalidated and turn NTP into an empty shell. But business economics will probably force RIM to settle the case to lower its legal bills and allow the company to focus on innovation rather than legislation.

We didn't exactly need additional proof that the patent system is broken and outdated, that patents are awarded without any due process and as a result allow big patent filing companies (read: IBM, Microsoft, HP etc.) to prevent competitors from entering their core markets.

Patents were once created to protect innovators against copy-cats. But they have turned into a way for incumbents to tax innovation.

Update:
The judge today hasn't made a ruling. But he did indicate that he will stick to the jury's findings that patents are being violoated. If RIM wants to sit this one out, they'll have to wait for the USPTO procedure to finish. That can take years.

Tags: Blackberry, RIM, research in motion, NTP, patent

Posted by Tom Sanders on February 24, 2006 | Permalink | Comments (0)

Intel has warned that that plans to build a chip fab in Vietnam aren't a done deal yet.

News reports on Thursday mentioned that Intel has been awarded a license to build a $605m factory in the nation that the US has previously tried to bomb flat. But it now seems that local officials were a bit too eager in claiming victory. Spokespeople at Intel's headquarters in Silicon Valley pretty much said that there is nothing to say at this point.

"We are constantly looking at opportunities around the world, but at this point in time haven't made any announcements about new facilities," an Intel spokesperson told vnunet.com.

Interpret that how you want it. But it certainly isn't a confirmation that Intel is going to invest in Vietnam.

Tags: vietnam, intel, semicondutor fab

Posted by Tom Sanders on February 24, 2006 | Permalink | Comments (0)

Google today launched its new Google Page Creator beta as well as a new personal home page hosting service.

Unfortunately, the company has already run out of test accounts for the beta service. But we begged and whined until Google granted us access.

Below you'll find some screen shots. Click on the image for a larger view. Since we used a personal account, we've blocked out the user name.

Welcome page after the user signed up.

First page you see inside the editor.

Plenty of templates to choose from

File... pardon: page manager

Insert a link

Google Page Editor even lets you leech pictures from other URLs, although the service points out that this is considered bad manners and in some cases constitutes copyright infringement.

When we were done playing around, this is what it looked like in a browser window.

Tags: google, google page creator, frontpage, google beta, google labs

Posted by Tom Sanders on February 23, 2006 | Permalink | Comments (1)

Jason Kottke, number 21 on Technorati's list or most popular blogs, is quitting his venture.

In the past year he has persuaded individuals to donate $39,900 to allow him to blog full time. But the blogger has come to the conclusion that he is lacking the traffic to become a true, full time pro.

Actually his revenues look promising for a one-man venture, especially considering the fact that Kottke didn't offer any advertising (he feared the conflict of interest) and solicited funds for only three weeks.

Surely someone with a better business instinct will pick up where Kottke has left and prove that a regular blog can feed a family. And then I'm talking about a true blog, not the news websites that hide under the blogging banner such as Engadget or Gizmodo.

Tags: blog, kottke

Posted by Tom Sanders on February 23, 2006 | Permalink | Comments (0)

Call them botnet operators or hackers, but don't mistake them for people that you would meet in line at the super market's cash register.

The Washington Post has an extremely long but insightful profile of a hacker in which the 19-year old brags about installing adware on his botnet – and the $10,000 he makes each month by doing so.

One of the hacker's buddies brilliantly phrases their disconnect with human society:

"Dude, the best part is when you walk in, you hand them the coupon or whatever, they give you your [pizza], and you walk out," one of them enthuses. "Then, it's like, yes, I am . . . the coolest man alive."

Tags: botnet, hacker, adware, spyware

Posted by Tom Sanders on February 23, 2006 | Permalink | Comments (0)

Acoustic shock is wreaking havoc among call centre workers, and employers who have nickeled-and-dimed their way through the call centre investments risk having to pay for they cheapness.

In the UK alone, companies have paid over £10m ($17.7m) in out of court settlements. A single claim can run up to £20,000 ($34,500). Surely in the US lawyers will find a reason to add a few zeros to their claims.

Acoustic shock is a common phenomenon in telephone and VoIP lines. Purchase a decent headset and you're fine. But if you try to cut corners and buy some cheapo consumer device, and you risk temporary if not permanent hearing loss.

Lawyers, start your lawsuits!

Tags: acoustic shock

Posted by Tom Sanders on February 22, 2006 | Permalink | Comments (0) | TrackBack (1)

In trying to create a cure, Sophos has in fact created one of the more devastating pests in OS X's history.

The anti-virus firm's virus fighting application for OS X wrongly detects the Inqtana-B virus in files for Microsoft Office 2004 and Adobe Acrobat Reader. Depending on the configuration, it will then isolate or delete those files. Several network administrators as a result have had to spent the last two days trying to restore systems while workers were locked out of the applications.

Sophos' website fails to mention the mistake, but the SANS Internet Storm Center provided the necessary information.

To make matters worse, Sophos messed up while fighting a worm that is designed in such a way that it can never propagate and hence won't infect a single system, because Inqtana-B is a proof of concept worm.

Coincidence has it that Sophos also was one of the first (if not the first) anti-virus firms to warn about the first Apple worm last week. No

wonder that critics are now flaming the firm for creating a security scare for its own (financial) benefit. Apparently security vendors too are struggling to cope with the emergence of the first OS X worms.

Picture borrowed from here

Tags: os x, worm, virus, sophos, apple, anti-virus

Posted by Tom Sanders on February 22, 2006 | Permalink | Comments (3)

Within one week, hackers have demonstrated three methods to compromise OS X's security in ways that were increasingly sophisticated.

The first OS X worm relied mostly on social engineering. To the extent that many argued that is was a Trojan rather than a virus.

The second one used a vulnerability that had been patched more than six months ago. So what's the real risk, Apple supporters countered? Never mind that most Windows worms rely on patched security flaws.

Today we have an unpatched vulnerability that compromises a system's security without any user interaction. Visiting a website or viewing an email will do enough to get infected.

So what will the excuse be this time? The fact that there is no exploit code found in the wild? Or the fact that the proof of concept code fails to demonstrate any self-spreading capabilities?

We merely have to wait for the spam, ID theft and adware guild to develop some decent spyware, adware or botnet software so they can monetize the OS X platform. If there's money to be made, criminals will exploit whatever operating system they can.

Tags: OS X, security, apple, malware, spam, botnet

Posted by Tom Sanders on February 21, 2006 | Permalink | Comments (0)

Lazy gamers make for rich economies Korea is struck by a new kind of identity theft, an it is all because of lazy gamers.

Online criminals are on a hunt for Korean personal identification numbers, similar to a social security numbers. This time they aren't intent on stealing personal credit card information, but merely want to set up accounts in massive multi player online role playing games (MMORPG) such as Lineage.

The accounts are used by Chinese gaming farms, where workers will sit all day performing dull tasks in these games that generate gaming money or items. These will then be auctioned off or sold on auction websites for real world money on websites such as IGE.com.

Short term this is a victimless crime. The Chinese gaming farms need the identification numbers to be able to set up the accounts, but pay for it themselves. Except that you don't want such information to be out in the open.

But I couldn't help but be amazed about the inventiveness of the gaming farm concept. As new online economies emerge, people will come up with way to make money there.

Lineage 2 worker bees fighting

Tags: online gaming, MMORPG, gaming, identity theft

Posted by Tom Sanders on February 21, 2006 | Permalink | Comments (3)

With Presidents Day on Monday, Silicon Valley is en masse travelling to the Lake Tahoe area for a skiing break. The 3.5 hour drive can become a true nightmare when the weather turns bad however.

But that's where internet comes in.

The California Transportation department has put up several internet connected cameras that allow travellers to see what conditions are like. And we're not talking about a stamp-sized webcam that refreshes every 5 minutes, but a 290k live stream. You can actually see the poor souls freezing their behinds of while they are putting on their snow chains.

If you like it a bit more old school, there are also the text based traffic advisories.

The 511.org service that gives estimated driving times for now only works for the Bay Area.

I'm telling, that internet thing is going to be big some day.

Live streaming traffic cam

Tags: lake tahoe, presidents day

Posted by Tom Sanders on February 18, 2006 | Permalink | Comments (0)

Illegal copies of Apple's OS X operating system are pretty easy to obtain and install. The application for one doesn't use any of the software activation and "genuine advantage" gimmicks that Microsoft is using.

Anything that can be protected using software, can be cracked using software. So instead the computer maker is resorting something more powerful: karma.

The OS X 10.4.4 version of the operating system for Intel systems has a poem embedded inside the software that will remain invisible for the average users but that hackers could run into:

"Your karma check for today:
There once was a user that whined
his existing OS was so blind
he'd do better to pirate
an OS that ran great
but found his hardware declined.
Please don't steal Mac OS!
Really, that's way uncool.
(C) Apple Computer, Inc."

Tags: apple, hacker, copyright protection, os x

Posted by Tom Sanders on February 17, 2006 | Permalink | Comments (1)

A second worm has been spotted for Apple's OS X operating system.

Just like yesterday's specimen, the online pest is unlikely to cause much actual harm. In fact, F-Secure describes OSX/Inqtana.A as a proof of concept and notes that it will deactivate on 24 February 2006.

Leap-A may have beaten Inqtana.A in the race to become the first OS X worm, the new virus deserves credit for its increased level of sophistication. This one uses a (patched) vulnerability in the way the OS X handles Bluetooth communications, where yesterday's pest relied solely on social engineering.

The relative harmlessness of these worms seems to indicate that hackers have been engaged in a race to develop the first OS X worms for bragging rights rather than mischief. The theory is further supported by the timed release around the RSA Conference, the world's premier security event that wraps up today in San Jose.

Now also available in OS X's sleek UI

Tags: Apple, OS X, worm, OSX/Leap.A, security, RSA 2006, RSA conference, OSX/Inqtana.A

Posted by Tom Sanders on February 17, 2006 | Permalink | Comments (0)

What happens if you join an iPod mini and a fax's scanner and tape it to a server terminal's monitor? A sticky screen is probably some of the most exciting things that will happen.

But in the new movie Firewall, the story's hero uses this method to steal money from rich bank clients.

The script writers must have had a severe case of writers block when they came up with this trick, as it is ridiculous on so many levels that it would only work in one of those "not another teen movie" comedies.

Jon Skovron on the blog for security vendor WatchGuard rips the movie apart. Oh, and firewalls don't even play any part in the movie.

It could be due to a security overdose after hanging out at RSA Conference most of this week, but he seems to have a point.

Bad guys battling good guys.

Tags: Firewall,  rsa 2006, RSA conference, security

Posted by Tom Sanders on February 17, 2006 | Permalink | Comments (0)

The world's most popular sport has to go another World Cup without laser precision refereeing.

The upcoming football (soccer) tournament in Germany could have seen the debut of a ball equipped with an RFID tag. But the technology isn't ready yet, uber-ball-maker Adidas told IDGNews.

A RFID-equiped ball would make for better umpiring decisions because it could send a signal to the referee when it passes the goal line. Try again in 4 years.

Not up to par

Tags: RFID, soccer, football, world cup

Posted by Tom Sanders on February 16, 2006 | Permalink | Comments (1)

This blog has been dugg (?) before, but today the post about Google hacking got digged and visitor stats are through the roof. Far more people are reading this post than past diggs.

The logical conclusion is that Digg is attracting increasingly more visitors.

But as a precaution, I should also point out that posts on light subjects such as Google hacks (and the Yahoo maps pranks Google post) get more Diggs and attract more visitors.

Pageview stat pasted below. I can't publish the x and y axis for competitive reasons, but take it from me that total number by now is far, far over 10,000. The drop-off at the end is due to the uncompleted hour - the stat always drops to zero at the end.

Tags: digg

Posted by Tom Sanders on February 16, 2006 | Permalink | Comments (1)

Mac users have proven that they are just as easy to fool as Windows users and other mortal human being.

Earlier this week a malware author posted the OSX/Leap.A worm on the MacRumors website, pretending to offer screenshots of the forthcoming OS X 10.5 Leopard operating system. Opening the file only resulted in users getting infected with a worm that would work its way to the iChat instant messaging application and send a file called "latestpics.tgz" to the user's buddies.

Behold: the first OS X worm.

The worm is clever enough to spread itself in a way that ensures a high infection rate. Mass email worms after all are less likely to infect OS X systems since most emails will end up on Windows machines.

The Mac faithful meanwhile are battling the facts with misinformation. It isn't a Worm but a Trojan, some argue. It requires non-adminstrator users to enter a password, others asses.

The first is pure fiction. The difference between a worm and a Trojan is self-propagation. In this case via iChat. Sure enough it is relying heavily on social engineering. But that's the case with most worms these days.

The second could be a valid point. Except that most users on a Mac are the  administrator. There will be exceptions of course, when several people share a computer and have taken the effort of setting up separate user accounts.

While most users willl simply ignore the prompt, a small percentage is bound to fall for this trick - just like a small percentage (15-20 per every million in fact) typically falls for phishing emails.

The worm underscores what security experts have been saying for years, and that the Mac cool-aid addicts have been dismissing as evil propaganda: there is nothing about the OS X software that makes it immune to worm and virus attacks.

Now can we stop the debating and start working on a real solution?

Tags: Apple, OS X, worm, OSX/Leap.A, security, RSA 2006, RSA conference

Posted by Tom Sanders on February 16, 2006 | Permalink | Comments (16)

If there were any fans of doom scenarios at Symantec CEO John Thompson's keynote at the RSA Conference here in San Jose, they had plenty to rejoice about.

The security CEO got to address the crowds at RSA Conference this morning following a rather uneventful speech by Verisign's chief executive who as his "one more thing" (copying Steve Jobs trademark keynote technique) gimmick announced that he will be supporting Microsoft's Infocards that Bill Gates spoke about yesterday. If that's the "one more thing", you know the rest of the presentation was hardly any more interesting.

But back to Thompson. He sent a strong warning to the "business leaders" of the world that consumers are starting to lose their patience with the state of online insecurity.

The continuing barrage of online attacks is eroding the online trust. So in addition to stopping the actual attacks, there is a task to win back that trust, Thompson said.

While he spent most of his time underscoring the ever sliding scale on which online security is measured, he did have a few suggestions.

Search engines for instance should add user ratings, allowing the public to grade websites for their trustworthiness. This way a user can easily distinguish a fraudulent website from a genuine e-commerce store.

Google is already doing this in its Google's price comparison beta Froogle by the way, but it wouldn't hurt to print those ratings in the regular results as well.

John Thompson

Tags: symantec, john thompson, rsa 2006, RSA conference, security

Posted by Tom Sanders on February 16, 2006 | Permalink | Comments (0)

Security will move to the network, pardon me, will be plastered all over the network, according to Cisco CEO John Chambers. He has been saying that for a while now, but this year at his keynote at RSA Conference came up with the perfect analogy: a network should be like the human body: different devices working together to further the stability and well being of the overall network.

It's hardly a misconception anymore that security stops at the perimeter. And as the world's leading router and switch manufacturer, Cisco is certainly in a good position to use its hold on the network to stop badware.

But that very dominance is also cause for concern. You don't want to create a single point of failure – even Cisco routers have occasional security bugs. I'm not saying that we shouldn't trust Cisco, but we also should rely on the router vendor too much.

Tags: Cisco, John chambers, rsa 2006, RSA conference, security

Posted by Tom Sanders on February 16, 2006 | Permalink | Comments (0)

"Hacking Google" isn't exactly new. That is, using the search engine to look for confidential information. But as McAfee's senior vice president for Risk Management George Kurtz demonstrated today at RSA conference, that didn't prevent users and organisations to post those goodies online for anyone to find.

"You almost get bored finding all these password files. It used to be fun in the old days when you found a password file. Now you just go to Google and find thousands of them," Kurtz said.

The ultimate online resource for Google hacking btw is this website. (update: due to high traffic, the site is currently (2/16/2006 11:52AM Pacific Time) down. Make sure you check it out at a later stage)

Here are some samples taken from the RSA conference presentation:

A search for Payrol.xls turned up a nice overview of employees and their hourly wages.

not very advanced, but still rather effective: "not for distribution" and "confidential"

So you removed that file with the password, but did you think about Google cache?

Yes, that's the management interface for a Netgear router that was found using Google. It still had the default login and password settings. What more do you want?

Search for sites with "Remote desktop web connection" in the title, and you'll find... remote desktops that you can take over. If the user sees you taking over, simply say that you're the system administrator working to bolster the user's security. Kurtz did that once during a security audit and it worked well.

Death records with a social security number. search for: ssn 111111111..999999999 death records

and more social security numbers, these were used by a university to identify their students. It's illegal to use social security numbers for that, but this school apparently didn't care.

Technically not a Google hack, but the robots.txt file will tell you which directories the website operator doesn't want you to see. Therefore it should be worth a look. This one is for the site of the whitehouse.gov

George Kurtz

Tags: rsa 2006, RSA conference, security, mcafee

Posted by Tom Sanders on February 15, 2006 | Permalink | Comments (39) | TrackBack (21)

If Bill Gates stuck around after his keynote at RSA conference here today, he should have listened to Sun Microsystems' chief executive Scott McNealy, and learn a thing or two about delivering a keynote that keeps your audience from dozing off.

In addition to offering more content (items to listen to), McNealy also plasters his presentations with witty remarks:

• "If we turned on a Wintel space heater tomorrow, there would be no polar ice cap." Reference to the heath produced by servers powered by Intel processors, as well as an attempt to sell his new T1  processors."

• "It's a little Al Gorish to say we created open source software, but we did." (former presidential candidate once claimed that he invented the internet. He meant to say he helped create legislation that allowed the internet to grow)

• "A really effective virus can knock out every desktop. Small pocks will only kill 40 per cent of us." Plea for genetic diversity on the desktop: breaking Microsoft's desktop domination.

• "The cost of viruses is higher than the revenue generated by the company that sells the Petri dishes." McNealy didn't say which company he referred to, but its rather obvious which enterprise's software he would consider a breeding ground for a monster.

In Bill's defense, he succeeded to insert exactly one joke into his presentation, telling the audience that he was glad that he passed on another invitation that he had for today: going on a hunting trip with Bill Gates.

But McNealy outbid him even there, saying that the Microsoft chairman failed to mention McNealy's invitation to go on a hunting trip with him.

McNealy

McNealy with Java creator James Gossling.

These photos on your website or blog?
These photos are available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com

Tags: Microsoft, bill gates ,rsa 2006, RSA conference, security, sun microsystems, scott McNealy, James Gossling, cheney, dick cheney

Posted by Tom Sanders on February 14, 2006 | Permalink | Comments (0)

The RSA security show is, as the name implies, organised by security vendor RSA. The vendor might not be the biggest player in the security market, but it happens to be one of the first. And today the company is still dominating its segment with the security access tokens.

RSA naturally wants to show off great security. So the wireless network at the show here is bolted down in all kinds of ways, using acronyms that make the average computer geek blush.

It also shows that security and ease of use are at still direct opposites.

Delegates trying to set up the network receive a 6 page manual. And even after entering the settings exactly as instructed, I couldn't get things working.

So one minor suggestion for the security industry: don't create security that is impossible to use. Users will just switch it off entirely and go online unprotected. At least, that's how I got this posting online...

Tags: RSA conference, rsa 2006, silicon valley

Posted by Tom Sanders on February 14, 2006 | Permalink | Comments (0)

Microsoft chairman Bill Gates kicked of the RSA Conference in San Jose this morning. Staying on message following his presentation at CES in January, the chief software architect talked a lot and said very little.

In one snippet of news, the chief software architect did announce that Internet Explorer 7 will be supporting Infocard, a new authentication technology that promises improved ease of use and bolted down security. The company even demonstrated the technology.

But other than that, there was a lot of chest pounding about Microsoft's great security initiatives, and very little about the continuous onslaught of viruses, worms and spyware that is threatening to cripple the only world.

--
Update:
Just spoke with Microsoft security marketing manager Debby Fry Wilson.

"We got strong feedback that people wanted to hear where we would be going in the future," she explained. "This year intentionally it's more about driving for a picture of where the world could be and set aspirations for the industry."

I guess I just missed the part in Gates' keynote where he gave us a compelling vision of the future.

InfoCard screenshot: this one is for a loyalty programme at a car rental agency and only discloses the minimum information.

These photos on your website or blog?
These photos are available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com

Tags: Microsoft, bill gates ,rsa 2006, RSA conference, security

Posted by Tom Sanders on February 14, 2006 | Permalink | Comments (0)

RSA conference is known for its big starts. The event certainly stands out in a year's conference tour, picking a theme around cryptography and sticking to it. This 15th edition has an Indian theme centred around ancient Vedic mathematics, and a mathematical Sage named Aryabhatta.

It just gives the event some added spice, and allows for a decent opening.

The conference this year is back in San Jose after three years in San Francisco. Surely San Jose must be thrilled with the hotel tax revenues, as its outdated conference centre has very much fallen out of grace.

Opening @ RSA

This photo on your website or blog?
This photo is available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com

Tags: RSA conference, rsa 2006, silicon valley

Posted by Tom Sanders on February 14, 2006 | Permalink | Comments (0)

The Open Source Development Labs has picked up the gauntlet that Microsoft has been slapping all over its face. Today the organisation published a research study that presents several "facts" about the cost of Linux relative to Microsoft servers.

The study is a loud and clear response to Microsoft's "Get the facts" campaigns, where the software developer commissions studies comparing Microsoft servers head to head with Linux competitors.

It doesn't take a long stretch of imagination to understand that he who pays for the study by definition is proven right.

And so both Microsoft and OSDL are right. Linux, no Microsoft, no Linux is cheaper to manage. Cheaper to patch. Cheaper to run.

Users still won't know what they're up for. But if you're in one of the two camps, you can claim victory. Because everybody is a winner in the world of commissioned studies.

The same goes for kids' baseball, basketball and football (soccer) matches. Except that there some day you'll have to confront them with reality. In software, the fact twisting can go on forever.

Tags: OSDL, get the facts, Linux, windows, microsoft

Posted by Tom Sanders on February 14, 2006 | Permalink | Comments (1)

The Demo conference is a great idea, I figured that one time that I went to one of the events where start-up companies get to plug their products before an audience of press, analysts and venture capital investors.

But it turned out to be a disappointing experience. Most launches were boring, irrelevant or me-too products. Nothing to write home about, let alone publish.

Start-ups pay a hefty $18,500 for the opportunity to plug their products on stage for a few minutes. If you think of it, that could be cheaper than hiring a PR firm and organizing a media tour. But that's provided you have something interesting to tell in the first place.

This week the start-up fest landed in Arizona again, and Techdirt does a pretty good job at describing why the event isn't as great its reputation would like us to believe.

Good to know that we didn't miss anything. Again.

Demo 2006

Photo: Rob Lee

Tags: demo, start-up

Posted by Tom Sanders on February 11, 2006 | Permalink | Comments (2)

Yahoo is polling some of its mail users to find out if they would use its search technology more often if they are financially rewarded. The poll mentioned discounts on premium services such as Yahoo Music or Yahoo Personals; infinite storage space for Yahoo Mail or 250 frequent flier miles per month.

Amazon's A9 has been doing something similar by offering discounts on store items to A9 users. Market share statistics prove that the programme has been largely unsuccessful.

Loyalty programs work in markets that are commoditized and where the reward is considered sufficient.

Airlines are the obvious example. Service is similar across airlines, making it important for airlines to differentiate. Frequent fliers mostly travel for business, making the cost of their fares of secondary interest. The rewards furthermore are large. Frequent travellers receive free perks that are highly valued, including priority on waiting lists, free travel and upgrades.

Search too is a commodity. Yet none of the Yahoo offered incentives would entice me to start using its search engine more often. I guess that the reward just isn't big enough.

All loyalty comes at a price

Tags: loyalty program, yahoo, google

Posted by Tom Sanders on February 11, 2006 | Permalink | Comments (0)

The Songbird open source media player is a noble attempt at commoditizing an application that is key to the home media revolution. Having an open media player that is adjustable and can be used for any platform or application is an obvious win for consumers. And by supporting digital rights management (DRM), it should even have the RIAA jumping up and down in excitement.

But it's too late for anyone who has bought into the iPod vision.

Their iTunes media purchases don't play in the Songbird player, and they won't for any time soon. Apple refuses to make the underlying Fair Play DRM technology available to any outside developers, as they fear that the code will leak out. At least, that's the official party line.

Practically, the DRM monopoly on the iPod also allows Apple to hold a firm grip on the digital media market. Napster or Yahoo Music content won't play on the iPod. Consumers want the iPod because it's hot, but that also ties them to the iTunes music store for their digital music purchases.

The iPod is all about vendor lock-in, and that strategy has worked brilliantly well for Apple.

But will it work long term?

Apple might have a strong position in the market for digital music downloads. But the video segment is still up for grabs. There Intel Viiv with its Windows Media DRM has a much richer media library. And contrary to Apple, Microsoft will license its DRM to anyone who is willing to pay the (nominal) license fee.

You can say all you want about Microsoft's past and present wrongs, but in the media market Microsoft represents consumer choice. How long will it take before consumers realize that the iPod's hipness comes at a price?

Songbird interface

Tags: itunes, apple, yahoo music, ipod, windows media, drm, songbird

Posted by Tom Sanders on February 10, 2006 | Permalink | Comments (1)

The forms filed for Initial public offerings (IPOs) are overwhelmingly boring, but they usually hide some fun facts.

Yesterday Vonage filed its Form S-1, aiming for an IPO that brings in up to $250m.

Let's start off with some minor details about the CEO's benefits pacakge, but nonetheless details that make you wonder why those terms aren't in your contract:

The newly appointed chief executive officer Michael Snyder is entitled to two times his annual $500,000 base pay salary a prorated annual bonus for the year of termination.  Provided of course that " we terminate Mr. Synder's employment without cause or he resigns with good reason" (bold font added by me).

The chief technology officer meanwhile gets no more than one year base salary and a prorated bonus.

Founder Jeffrey Citron later this month is set to give up the position of CEO to Snyder. He had negotiated a far more plush executive benefit package, entitling him to three years of his $400,000 base salary and three times his bonus ($540,000 over 2005) if he would be fired our quit voluntarily. And he had negotiated that he gets to fly first class whenever he is travelling for business, a provision that is set to continue when he becomes chief strategy officer later this month.

In the first nine months of 2005 the company furthermore spent $200,000 on business travel with New World Aviation, a company that he and his wife own (so far for the concept of the lean and mean start-up company).

There are some additional dark facts in the Form S-1. Citron earlier worked for Datek, a stock broker. In 2002 and 2003 he settled with the SEC, after he and several of his business associates were fined a record $70m for securities fraud and Citron ended up paying $22.5m. Citron as a result is banned from any involvement with stock brokers.

There is also a case where National Association of Securities Dealers fined Citron $20,000 and he received a 20 day suspension from Datek.

"There is a risk that some third parties will not do business with us, that some prospective investors will not purchase our securities or that some customers may be wary of signing up for service with us as a result of allegations against Mr. Citron and his past SEC and NASD settlements," the company notes.

You bet-ya.

Jeffrey Citron

Tags: vonage, white collar criminal, Jeffrey Citron, securities fraud

Posted by Tom Sanders on February 10, 2006 | Permalink | Comments (2)

Judging by Siebel System's corporate head quarters, the company had little to fear from Oracle or any of its other competitors. But as it now turned out, keeping up that image with shiny marble caused a level of overspending that must have contributed to its downfall.

"Siebel had an extremely high cost basis," noted Oracle co-president Safra Catz in a conference call with investors today, where the company also announced 2,000 lay-offs. The big culprit were the Siebel facilities. Siebel was only half the size of Peoplesoft, but spend about three times as much on its facilities, Catz said.

Siebel systems was headquartered in San Mateo, in the hearth of Silicon Valley, two high-way exists north of Oracle's Redwood Shores headquarters. Peoplesoft had its headquarters in Pleasanton further to the east, in an eara where real estate rates are much lower than in the Valley.

Siebel also owned corporate jet planes, Catz said. Oracle doesn't. But then, Oracle chief Larry Ellison owns his own Gulfstream V airplane, a luxury that Siebel's chief executives apparently couldn't afford.

Very shiny, but too expensive

Siebel, oracle, overspending, acquisition

Posted by Tom Sanders on February 10, 2006 | Permalink | Comments (2)

It's no longer a question if there are security vulnerabilities in Apple's OS X, the real question is how nasty it will get once people start exploiting them, a story over on SecurityFocus warns.

As a result of its closely guarded product launches, Apple has a proven track record of releasing products that could and should have received more testing.

Apple furthermore is likely to be hit harder because it hasn't been hit in a long time. At least Microsoft by now has procedures in place to deal with security vulnerabilities.

"The reality is that security work comes from a trial by fire," Dan Kaminsky, an independent consultant for Doxpara Research, told Security Focus. "And Apple really has not had that experience. It had not had the experience from some 20 years that Unix had and that Linux has absorbed. It has not had the experience that Microsoft had with its summer of worms."

It's a scary thought: what will happen when the highly professionalised army of spyware and worm authors shift their attention to Apple?

According to some security researchers, 2006 is the year that we will find out.

PS: If you still want to argue that OS X doesn’t have security holes, you haven't been looking at the security updates that the company has been publishing. Then you're probably also ignoring the fact that OS X last year logged more security vulnerabilities than Windows XP.

Tags: apple, os x, security, microsoft

Posted by Tom Sanders on February 8, 2006 | Permalink | Comments (6) | TrackBack (1)

A new technology officially qualifies as hype when the parodies start popping up.

Fuckedcompany.com did this for the internet hype, and we now have Wankr beta for the Web2.0 hype.

The website reminds of your typical 1999 internet startup, displaying a single page that makes lots of promises but doesn't show anything. Poking fun at the Web2.0 euphoria it states:

"If you're an idiot VC who is willing to throw money at any website that features the words "collaborative", "social", "tagging" or "AJAX", then please get in touch with us at: wankr@flat3.org. Please set the subject to "I have more money than sense".

Sorry this box doesn't have curvy edges. We promise that by the time this thing is finished, it'll have curvy edges everywhere, along with broken navigation, a confusing user interface and tags all over the shop. It's going to be awesome."

History repeats itself

Tags: web2.0, wankr, parody

Posted by Tom Sanders on February 8, 2006 | Permalink | Comments (0)

Muslim hackers have launched a spontaneous online assault against Danish websites, causing a slew of defacements.

The riot revolves around the decision by the Danish newspaper Jyllands Posten to publish twelve cartoons depicting the prophet Mohammed in an attempt to spark a discussion about the role of Islam in a Western society and to underscore the freedom of press. It further snowballed after other European newspapers copied the cartoons.

To Muslims the cartoons were degrading, as their religion prohibits any graphical representations of Mohammed or Allah.

Knowingly violating a religious commandment by depicting the prophet is asking for trouble.

But then, most Westerners have reached a boiling point when it comes to their tolerance towards Muslims. For years they have watched them practice their flag burning skills without ever worrying about how that makes the average American or Brit feel. For years some of them have frequented mosques where their imams would tell them that any non-muslim should be killed. Respect has to come from both sides, they argue, and Muslims have used up their credit.

The outrage furthermore is orchestrated. The cartoons were published back in September, but somehow only now are causing uproar. Muslim clerks were so eager to exploit this situation that they added three highly offensive cartoons to the twelve originally published, and then went on a mission to "inform" Muslim scholars in the Middle East about the situation in the Middle East. The three extras were far more obscene, depicting Mohammed with a pig's snout, labelling him a paedophile, and showing a praying Muslim being raped by a dog.

If this were just about 12 libellous cartoons, Islam could have made a righteous claim at being discriminated. But there are other forces at work here that seek to exploit the situation for political gain. If you join that battle, you allow yourself to be used, regardless of the side that you're on.

Muslim protesters express their respect for their fellow humans.

Tags: mohammed cartoon, denmark, islam, defacement, mohammed, religion

Posted by Tom Sanders on February 8, 2006 | Permalink | Comments (1)

OpenOffice.org is fed up with living in the attic of Sun Microsystem's house.

It was a nice place for a while, allowing the adolescent to grow into an adult while mom could still do his laundry and cook dinner, but the project now wants more.

Because, face it, no girl is going to come over for a date if they know that Sun is sitting in the next room eavesdropping. 

OpenOffice, in short, is hoping for some development help from IBM. But IBM isn't going to contribute to the project as long as Sun Microsystems holds on to the OpenOffice intellectual property.

So the solution is simple: Sun puts its open source money where its mouth is, and lets the project go its own way.

Except that Sun probably prefers to play a political game with the suite, thinking that bullying IBM lets the server vendor make more money than having a fertile OpenOffice ecosystem.

We wanted to ask Sun really badly how they felt about this, but they refused to answer any questions.

Tags: IBM, open source, openoffice, staroffice, sun microsystems

Posted by Tom Sanders on February 8, 2006 | Permalink | Comments (17) | TrackBack (1)

Google has snatched away Amazon's top search expert Udi Manber.

Manber headed up Amazon's A9 search venture, but has now accepted a job as a vice president of engineering with Google, claims a report by the Associated Press.

While the transfer is a nice gain for Google, is must be a severe hit to Amazon. It has never been clear what the retailer wanted to do in the online search space, and now it is starting to look like the company is getting ready to exit this business at last.

Tags: google, amazon, Udi Manber

Posted by Tom Sanders on February 8, 2006 | Permalink | Comments (0)

Yesterday's news that Google has blacklisted BMW.de because the site's deceived its spiders caused some in the pro-privacy and online rights movement to balk about Google arrogance in acting as judge, jury and executioner.

Who is Google, some asked, to decide which site to exclude for some violation of a Google made code of conduct.

To put it in Yahoo blogger Jeremy Zawodny's words: "Oh, cry me a river!"

Google's index is owned by Google. The service makes it very clear that websites should present its spiders with the same data that they server to visitors. This policy will help users get relevant search results, not having it creates an incentive for website owners to include irrelevant keywords.

If you disagree with Google's policies, you can use a competing search engine. Or build one yourself and drive Google out of business because your index holds better search results than Google's.

photo: Hazel Brown

Tags: bmw, google, web spam, search engine optimization

Posted by Tom Sanders on February 7, 2006 | Permalink | Comments (0)

If you're one of those people who know everything ahead of time, you must also by now know when Microsoft will launch its Windows Vista operating system.

Residents of several European countries can show off their insight into Microsoft's thought process by entering the Guess the launch date contest". Simply guess the correct date when Microsoft will wheel out Bill Gates to cut the ribbon on the operating system, and Microsoft will buy you a plane ticket to the event and put you in a nice hotel (no copy of Vista, however).

In case your crystal ball has crashed: the official story is that Microsoft will launch the application in the second half of 2006. As an educated guess, I'd argue that you should expect it to be available on time for PC makers test it and bundle it with computer systems that sell during the holiday shopping season.

Photo: Mario Trejo

Tags: windows vista, Microsoft

Posted by Tom Sanders on February 6, 2006 | Permalink | Comments (0)

Yahoo and AOL have launched a programme that will allow bulk email senders to avoid spam filters by paying a fee of up to $0.01 per email message. In return they receive preferential treatment over other bulk email senders: their messages are less likely to end up in a bulk email folder.

The programme doesn’t stop or prevent spam from reaching users' inboxes, but it does enable providers to narrow down the amount of spam that they need to analyse. And it offers legitimate bulk emailers a guaranteed delivery method.

Before you dismiss the programme, you should realise that it is only part of overall arsenal of spam fighting weapons. Yahoo and AOL are also involved in the DomainKeys programme that allows email senders to add an identifying signature to their messages.

The idea is to raise the cost of sending bulk emails – be it through increased filtering scrutiny, demanding identification from the sender or charging them money. You don't have to pay, you don't have to provide a DomainKeys signature, but your emails then are less likely to reach user inboxes; you'll get a lower response rate and make less money.

Spam senders already are operating on razor thing margins. We just need to make them thinner and drive the bulk of them out of business. Nobody is claiming that they can rid the world of spam, but killing most of them is a good start.

Tags: domainkeys, anti spam, yahoo, aol, spam stamp

Posted by Tom Sanders on February 6, 2006 | Permalink | Comments (0)

Don't expect to find the website for BMW Germany in the search results for Google.de. The search engine has blacklisted the website due to web spam.

BMW apparently felt it didn't get enough visitors and therefore tried fooling Google into listing the site for search queries unrelated to the actual site.

So did BMW think that people looking for a lemon chicken recipe would buy a BMW, just because it showed up in the search results? Traditional spammers selling Viagra certainly have proven that this can be the case for low priced items.

But it's more likely that this is a case of outsourcing gone wrong. Search engine optimization specialists typically get paid for increasing traffic – it's more about quantity then it is about quality. The bad apples will focus on increasing traffic at all costs and foolish marking managers misinterpret those inflated visitor numbers as genuine interest.

So BMW should be grateful to Google for exposing both their web consultants and marketing department as amateurs.

BMW wrecks a thing or two

Tags: bmw, google, web spam, search engine optimization

Posted by Tom Sanders on February 6, 2006 | Permalink | Comments (0)

CME-24 has failed.

It has failed because you probably don't know that it is supposed to be the official name for the Nyxem.e/Karma Sutra/Blackmal/Mywife worm.

The CME project was kicked off last October and is backed several of the leading security vendors. The Common Malware Enumeration (CME) programme aims to reduce confusion with the public caused by disparate naming schemes for internet threats.

But if you go to F-Secure's blog, you'll see chief security officer Mikko Hyppönen referring to the worm as Nymex.e, not CME-24.

Kaspersky Labs on its blog shed a tear over the media's refusal to adopt the CME naming scheme. But the company in every posting on its blog refers to the digital pest as Nyxem.e and most of the time doesn't even mention CME-24.

"The journalists weren't interested in the CME number; instead they jumped on a dramatic name to replace Nyxem.e. They were obviously most interested in 'screaming' names that will catch readers' eyes," the anonymous poster complained.

I'll admit that the traditional virus names allow for better headlines, but in the end media will use whatever moniker allows their readers to identify the worm. If security firms stop using names like Karma Sutra, the media will have to follow. No journalist likes the current situation where he/she has to sum up the five most common names that are used for a virus.

Tags: nyxem, CME, karma sutra, common malware enumeration

Posted by Tom Sanders on February 3, 2006 | Permalink | Comments (0) | TrackBack (1)

If you ask HP chief strategy and technology officer Shane Robison, "programming against the internet" is the next big thing for the printer and computer vendor - and the IT world in general.

Although he admits to being a software guy, he only now sees applications come out that take the internet for granted. Blogs come to mind, but those are still fairly straightforward examples. Things get more complicated when you look at a service like Snapfish, which HP acquired last year.

The service is both a photo sharing and print ordering platform, but HP also expanded it further by partnering with retail stores where consumers can pick up their prints. And by creating special in-store photo printing kiosks.

For HP the IT vendor, this allows them to sell far more than just ink. It also creates at demand for servers and network equipment at the retail locations.

Robison says that he wants HP to become far more aggressive in creating similar new services. And while HP chief executive Mark Hurd might not appear to be talking about it a lot, he is very much on board, Robison emphasised.

We met with Robison this morning for a round table discussion with other media in HP's corporate head quarters in Palo Alto. It's the first time in a long time that the company is taking the effort to talk about its strategy. Things are starting to change. You just have to look for the signs.

Tags: Mark Hurd, Shane Robison, HP

Posted by Tom Sanders on February 3, 2006 | Permalink | Comments (0)

Exploits for the notorious WMF vulnerability in Windows were offered for sale in December for about $4,000. That is more than a month before Microsoft issued a patch and two weeks before virus hunters started noticing the potential flaw.

The evidence points to the existence of a market for zero day exploits. Such a market is nothing new, but it had disappeared for several months after several arrests in the US shut down most English-language sites. The WMF vulnerability however was offered for sales on a Russian site.

In a sense we've actually been lucky. Whoever discovered the flaw probably didn't really understand the exact nature of the vulnerability, security expert Gostev Alexander with Kaspersky Labs told eWeek. So instead of keeping the flaw to themselves, the hackers put it up for sale. If the authors had held on to their knowledge, they could have quietly built numerous small botnets. Now it took the anti-virus community only a few weeks to start notifying the surge in mysteriously acting WMF images.

If you aren't scared yet about your online security, you should be.

Tags: wmf, anti virus, security, kaspersky labs

Posted by Tom Sanders on February 3, 2006 | Permalink | Comments (1)

A Louisiana man is taking Apple to court after he allegedly could have hurt his hearing by using an iPod.

Obviously the US is lacking a frivolous lawsuit law that would make people like John Kiel Patternson and his attorney pay for this legal filing - in the process tying up the legal system and wasting taxpayer money.

Apple isn't putting a gun to Patternson's head, telling him to use his iPod at 115 decibels, and there even is a warning on the device that warns against potential hearing loss.

Honestly, does anyone need any convincing that this should be filed under "sad 2006 lawsuits"?

Tags: ipod, apple, frivolous lawsuit

Posted by Tom Sanders on February 2, 2006 | Permalink | Comments (2) | TrackBack (1)

Microsoft is in a pickle after the company published and then pulled a beta of its "Microsoft Application Analyser 2006", a tool that promised to help organisations to migrate from Lotus Domino to the Microsoft Collaboration platform.

The unexpected removal of the beta is feeding rumours. And in battling those rumours, Microsoft is only making things worse.

Last Monday a Microsoft employee by the name of John Westworth claimed that the beta application was removed "because it’s a BETA and as such it's reached the end of it's BETA life schedule."

Betas typically don't become end of life but rather are launched as final products. Still its a nice try… if only Microsoft program manager Eric Ashby would have shut up before he made things worse: "The tool is currently in a private beta with a number of customers, and we are receiving good feedback on it.  On that day, we realized we had erroneously posted the link of this private beta on our public site.  We’ve removed the link for now."

Applications that go from "end of life beta" to "too early to go into public beta" indicate that something fishy is going on there, or at least the Microsoft is having trouble communicating internally.

IBM's Ed Brill, who works on the Lotus team is having a field day exposing the contractions on his blog.

Microsoft beta manager's desk

Photo: Teak Sato

Tags: IBM, lotus, microsoft, ed brill, Microsoft collaboration platform

Posted by Tom Sanders on February 2, 2006 | Permalink | Comments (0)

When it comes to Silicon Valley real estate, Sun Microsystems has always been a leader – regardless of its financial situation.

The company actually set a record by paying $85m back in 2002 to get out of a lease contract for some prime real estate in San Francisco shortly after internet bubble burst.

The company has several prominent corporate campuses in the area. A former insane asylum in Santa Clara acts as its corporate headquarters – chief executive Scott McNealy used to have his office in the bell tower looking out over his lands like a medieval king, but has since moved to the Menlo Park campus.

That complex is less impressive but sticks out because it is the only development in the area and is the first thing that driver coming over the Dumbarton Bridge will see.

But the server and software vendor is now getting rid of most of its Sunnyvale campus.

The company has shed 6 million square feet in office space between 2002 and 2005, and is set to lose another 0.8m by the end of June, Cnet reports from the firm's annual analyst conference.

Sun campus or nut-house... what changed?

Tags: sun microsystems, silicon valley

Posted by Tom Sanders on February 2, 2006 | Permalink | Comments (0)

"Thanks to gold of Craigslist, ay?" said the person who just purchased my old iBook notebook computer. The transaction might have look a bit like a drug deal, taking place in the parking lot of a Silicon Valley bank, but it illustrates why Craigslist.org is such a huge success once it reaches a minimum volume in terms of visitors.

We were reminded about the site's success once again through a Cnet article that says nothing new but once again underlines the service's value.

Craigslist has killed the market for newspaper classified ads for houses, jobs and several other categories in its main markets. The site even had the power to rid New York of a nasty feature in its rental market where landlords would require tenants to pay a move-in fee.

And why? Because it works. And because there are no corporate fat cats getting rich of it. If there's a Craigslist in your town, check it out and give it a try. One you're hooked, you'll want nothing else.

Tags: craigslist, craig newark

Posted by Tom Sanders on February 2, 2006 | Permalink | Comments (2) | TrackBack (1)

Google investors let reality kick in after the search engine reported only a 86 per cent increase in revenue, and sent the company's stock down by about 12 per cent in after hours trading.

Given that Google was generally considered over-valuated, the correction was only healthy and destined to happen at some point.

Luckily it were mainly Google shareholders and not its management that has been high on dope – well and employees that considered their stock options their way to instant richness.

The search engine can now focus on getting Gmail out of beta, building the Google operating system and censoring its Chinese website rather than having to deal with pushy investors who are only interested in unrealistic growth figures.

pursuing bubbles... when will they ever learn?

Tags: google, stock market, bubble, revenue

Posted by Tom Sanders on February 1, 2006 | Permalink | Comments (0)