Sunday, September 30, 2007

OpenOffice worm Badbunny hops across operating systems

Malicious software targeting OpenOffice.org documents is spreading through multiple operating systems, according to Symantec.

"A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems," according to a Symantec Security Response advisory. "Be cautious when handling OpenOffice files from unknown sources."

Apple's Mac OS is not a virus-free platform, said Jan Hruska, who co-founded rival antivirus firm Sophos and was one of the first ever PC antivirus experts.

"Viruses on the Mac are here and now. They are available, and they are moving around. It is not as though the Mac is in some miraculous way a virus-free environment," Hruska said. "The number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow, Apple Macs are all virus-free."

The worm was first spotted late last month, but at the time, it was not thought to be "in the wild."

Now on News.com

Microsoft extends Windows XP's stay Photos: Engineering wonders in miniature Week in review: Microsoft gets its game on Extra: New rules for machinima licenses

Once opened, the OpenOffice file, called badbunny.odg, launches a macro that behaves in several different ways, depending on the user's operating system.

On Windows systems, it drops a file called drop.bad, which is moved to the system.ini file in the user's mIRC folder. It also executes the JavaScript virus badbunny.js, which replicates to other files in the folder.

On Apple Mac systems, the worm drops one of two Ruby script viruses in files respectively called badbunny.rb and badbunnya.rb.

On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.

Symantec rates the worm as a "medium risk."

iPhone's Bluetooth Bug Under Hackers' Microscope

Almost lost in the hubbub over the latest iPhone firmware update and whether it would "brick" unlocked phones was the fact that Apple patched 10 vulnerabilities.

Almost lost in the hubbub over Thursday's iPhone firmware update and whether it would "brick" unlocked phones was the fact that Apple Inc. patched 10 vulnerabilities -- twice the number of fixes issued since the phone's June debut.

The iPhone 1.1.1 update, which like previous upgrades is delivered through Apple's iTunes software, fixes seven flaws in the built-in Safari browser, two in the smart phone's Mail application and one in its use of Bluetooth, the short-range wireless technology.

The seven Safari vulnerabilities include several cross-site scripting (XSS) flaws, one that can disclose the URL of other viewed pages -- an online banking site, say -- and another that lets attackers execute malicious JavaScript in pages delivered by the SSL-encrypted HTTPS protocol. One of the Safari flaws, and an associated vulnerability in Mail, involve "tel:" links, which can be exploited by hackers to dial a number without the user confirming the call.

But it was the Bluetooth bug that got the attention of security researchers. Symantec's DeepSight threat network team pointed out the vulnerability in an advisory to customers Friday. "Reportedly, the Bluetooth flaw occurs when malicious Service Discovery Protocol (SDP) packets are handled; any attacker that is within Bluetooth range can exploit it remotely," wrote DeepSight analyst Anthony Roe in the alert. "Successful exploits are reported to allow the attacker to execute arbitrary code."

According to Apple's security advisory, the Bluetooth bug was discovered and reported by Kevin Mahaffey and John Hering of Flexillis Inc., a Los Angeles-based company that specializes in mobile security development and consulting. Flexillis may be best known for its reverse engineering of the exploit used to hack into several celebrities' T-Mobile cell phone accounts in 2005, include Paris Hilton and Vin Diesel.

The Bluetooth bug may prove to be dangerous to iPhones, Roe speculated, since the potential range of the technology is much greater than most people think. While Bluetooth's potential range -- and thus the maximum distance between attacker and victim -- is about 400 feet, "Several proof-of-concept Bluetooth antennas have intercepted Bluetooth signals at almost a mile," he said.

Roe also pointed out that HD Moore, the driving force behind the Metasploit penetration framework, had recently demonstrated that shellcode could be run on an iPhone. Moore, said Roe, proved that "exploiting security vulnerabilities affecting the iPhone is by no means out of reach."

In a post to his blog -- and to the Metasploit site -- on Wednesday, Moore said that because every process on the iPhone runs as root, and so has full privileges to the operating system, any exploit of an iPhone application vulnerability, such as Safari or Mail or Bluetooth, would result in a complete hijack of the device. Moore also announced that he would add iPhone support to Metasploit, which would make it much easier for hackers to access a vulnerable phone.

Moore acknowledged that he's looking at the Bluetooth vulnerability. "The Bluetooth SDP vulnerability is the only issue I am focusing on," he said in an e-mail Friday.

He also hinted that locating vulnerable iPhones wouldn't be a problem. "The Bluetooth MAC [media address control] address is always one less than the Wi-Fi interface's MAC address," he said. "Since the iPhone is always probing for or connected to its list of known access points, the presence of the iPhone and its Bluetooth MAC address can be determining by using a standard Wi-Fi sniffer.

"Once the Bluetooth MAC address is obtained, the SDP issue can be exploited by anyone within range of the Bluetooth chip, or within range of the attacker's antenna, which can be up to a mile away in some cases," he said.

If Moore manages to craft an exploit and add it to Metasploit, it's probable that criminal hackers will quickly follow. "Once we see something in Metasploit, we know it's likely we'll see it used in attacks," Alfred Huger, vice president of engineering with Symantec's security response group, said in a July interview.

Jarno Neimela, a senior researcher with F-Secure Corp., a Helsinki-based security vendor, also hit the alarm button, but for a different reason. In a posting to his company's blog Friday, Neimela pointed out that there's no security software available for the iPhone, thanks to Apple's decision to keep the device's inner workings a secret.

"The amount of technical information [available about the iPhone] makes it likely that sooner or later someone will create a worm or some other malware," Neimela said. "This will create an interesting problem for the security field as the iPhone is currently a closed system and it's not feasible to provide anti-virus or other third-party security solutions for it.

"So if someone were able to create a rapidly spreading worm on the iPhone, protecting users against it would be problematic."

Although iPhone owners will be automatically notified in the next week that the new patches are ready to download and install, a large number of those who have modified or unlocked their phones will probably forgo the fixes, since the 1.1.1 update apparently also disables unlocked phones and wipes unauthorized third-party applications that have been added with various hacks.

iPhone's Bluetooth Bug Under Hackers' Microscope

Almost lost in the hubbub over the latest iPhone firmware update and whether it would "brick" unlocked phones was the fact that Apple patched 10 vulnerabilities.

Moore acknowledged that he's looking at the Bluetooth vulnerability. "The Bluetooth SDP vulnerability is the only issue I am focusing on," he said in an e-mail Friday.

"So if someone were able to create a rapidly spreading worm on the iPhone, protecting users against it would be problematic."

Security Bites Podcast: Bad Wi-Fi security linked to TJX breach

The massive data breach at TJX has been linked to badly secured Wi-Fi networks. CNET News.com's Joris Evers and CNET's Robert Vamosi give their take on this week's Security Bites podcast.

Also, Microsoft issued seven "critical" security bulletins this week. The company is again hosting a select group of hackers on its Redmond, Wash., campus, but Microsoft staffers attending the event will only get a limited view of security, Robert and Joris contend.

Cybercrooks are reaching beyond Web browser and operating system flaws to commandeer PCs. Malicious Web sites now also exploit flaws in QuickTime and WinZip, a reminder to everyone to not just patch Microsoft's software.

And finally, this week marks Joris' last Security Bites podcast. He is leaving CNET for the world of public relations at security software firm McAfee.

Court rules against TorrentSpy in hacking case

A lawsuit filed last year by TorrentSpy--a BitTorrent search engine--that accused the movie studios' trade group of intercepting the company's private e-mails, was tossed out of court last week.

But while a U.S. District judge found that the Motion Picture Association of America had not violated the federal Wiretap Act, as TorrentSpy's attorneys had argued, the MPAA acknowledged in court records that it paid $15,000 to obtain private e-mails belonging to TorrentSpy executives.

The MPAA's acknowledgement is significant because it comes at a time when the group is trying to limit illegal file sharing by imploring movie fans to act ethically and resist the temptation to download pirated movies. To critics, the revelation by the MPAA is a possible sign that the organization is itself not above adopting unethical practices in its fight against file sharing.

"Ethically, it's pretty clear that reading other people's e-mail is wrong," said Lorrie Cranor, an associate research professor and Internet privacy expert at Carnegie Mellon University. "Being offered someone else's e-mails by a third party should have been a red flag."

The MPAA, which says that illegal file sharing costs the film industry more than $2 billion annually, did not respond to interview requests.

In court records, the MPAA said that the person who obtained the e-mails did so before approaching the group with an offer to sell the information and that he signed a contract stating he had come by the correspondence through lawful means.

Ira Rothken, TorrentSpy's attorney said: "We believe that the MPAA, when it paid $15,000 for about 30 pages of e-mails, knew or should have known they were involved in purchasing something in a wrongful manner."

Rothken said that TorrentSpy will appeal the court's decision that the pilfering of TorrentSpy's e-mail did not violate the Wiretap Act.

Now on News.com

Microsoft extends Windows XP's stay Photos: Engineering wonders in miniature Week in review: Microsoft gets its game on Extra: New rules for machinima licenses

According to court documents, the MPAA came into possession of the e-mails after first being approached by Robert Anderson. Anderson is a former business associate of Justin Bunnell, TorrentSpy's founder.

Anderson allegedly "hacked" into TorrentSpy's e-mail system and rigged it so that "every incoming and outgoing e-mail message would also be copied and forwarded to his anonymous Google e-mail account," records show.

Anderson contacted Dean Garfield, the MPAA's senior legal counsel, in June 2005. Anderson told Garfield that he had an informant who supplied him with the e-mails.

District Judge Florence-Marie Cooper also agreed with the MPAA that TorrentSpy failed to prove that the information obtained by Anderson qualified as trade secrets.

Monster data theft also hit U.S. job site

About 146,000 people using a U.S. government jobs Web site had their personal information stolen by hackers who broke into computers at Monster Worldwide, a government spokesman said on Thursday.

The theft on the USAjobs.gov site, which has about 2 million users, was part of a hacking operation apparently run out of Ukraine that Monster disclosed last week, said Peter Graves, a spokesman for the U.S. Office of Personnel Management.

Monster runs the site on behalf of the government.

On Wednesday, the government temporarily restricted recruiters from accessing the database until Monster completes efforts to ensure its computer system is secure, Graves said.

"We disabled it yesterday as an extra precaution on our part to best protect our users," he said by telephone late on Thursday.

He said the government expected to restore that access by Friday.

The information stolen from the USAjobs.gov database included names, mailing addresses, phone numbers and e-mail addresses. Social Security numbers, which are encrypted in the database, were not compromised, Graves said.

The government found out the site had been compromised on July 20, when a subscriber submitted what appeared to be a fraudulent e-mail, Graves said.

Officials with the U.S. agency immediately passed the information on to Monster, the government spokesman said.

That appeared to differ from an earlier statement from Monster Worldwide. Chief Executive Sal Iannuzzi said on Wednesday that the company hadn't learned that its systems might have been compromised until August 18, when researchers with security company Symantec notified it of the matter.

Officials with Monster could not be reached for comment on Thursday.

A Symantec response team in Austin, Texas, had found that the hackers had managed to get unsuspecting PC users to download malicious software on to their computers so that the culprits could gain control of their PCs.

Now on News.com

Microsoft extends Windows XP's stay Photos: Engineering wonders in miniature Week in review: Microsoft gets its game on Extra: New rules for machinima licenses

Such software is generally distributed via spam e-mail attachments and by compromised Web sites. When users open those attachments or click on links on those sites, their PCs become infected.

From a command and control center hosted on a server at a Web hosting company in Ukraine, the thieves took control of those PCs and used them to access Monster's site using stolen credentials of job recruiters. The malicious software then sent the information to a second server in Ukraine, which Monster said was shut down on about August 23.

The hackers' ultimate goal was to launch so-called phishing attacks on the job seekers whose data was taken, according to Monster and Symantec. In such schemes, hackers use the stolen data to persuade their targets to provide financial information or download malicious software.

In the case of the Monster theft, these fraudulent e-mails were sent by people purporting to be job recruiters.

What makes phishing schemes particularly damaging, compared with other scams over the centuries, is that, through the Internet, criminals have quick access to millions of targets and an easier time evading justice.

It was not till Wednesday that Monster notified the U.S. jobs agency how much data had been stolen from the USAjobs database, Graves said.

"We didn't know the extent," he said. "We learned the extent yesterday."

The government followed up by posting a notice on the jobs site warning users that they might be victims of phishing attempts, and also contacted users individually via e-mail, Graves said.

Gmail cookie vulnerability exposes user's privacy

Petko Petkov of "ethical hacking" group GNUCitizen has developed a proof-of-concept program to steal contacts and incoming e-mails from Google Gmail users.

"This can be used to forward all your incoming e-mail," Pure Hacking security researcher Chris Gatford said. "It's just a proof of concept at the moment, but what they're demonstrating is the potential to use this vulnerability for malicious purposes."

According to Gatford, attackers could compromise a Gmail account--using a cross-site scripting vulnerability--if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account.

"If someone picks up on this before Google fixes it--or if someone knew of the vulnerability before this guy published it--this could be very damaging to Gmail users," he added.

The problem is potentially compounded by Google's policy of retaining cookies for two years.

"Once you've managed to snarf a cookie, you can access (a user's) Gmail account without the password for the next two years," he said.

While the obvious risk is to the home user, many organizations could be exposed, since they do not filter employee e-mails sent from work to personal accounts, he added.

"People do use private accounts to store work information," IBRS security analyst James Turner said. "I've worked at one organization where this was implicitly expected, because the mail server at the time was so unreliable. But that scenario is certainly less than optimal.

"In an ideal world, an organization would be able to draw a line in the sand and say that corporate data does not pass this point. The current reality is that there are Gen-Y workers who are sharing information with each other on multiple alternative communication channels--Gmail and Facebook included."

One work-around is to use Gmail through Firefox and disable JavaScript. While this limits user access to many components of popular Web sites, it will protect against the potential threat.

Now on News.com

Microsoft extends Windows XP's stay Photos: Engineering wonders in miniature Week in review: Microsoft gets its game on Extra: New rules for machinima licenses

Developers at many large enterprises are not aware of the power of cross-site scripting, said Pure Hacking's Gatford. "In the last year or so, (XSS vulnerabilities) have been used by attackers to grab cookie values and therefore gain access to normally password-protected sites."

"When you have organizations like Google spending countless man-hours reducing security vulnerabilities...you can imagine how bad the actual situation is for other organizations," Gatford said.

Gatford advised organizations to use resources such as the Open Web Application Security Project, or OWASP, which offers free tools to help write secure code and allow testing for XSS vulnerabilities.

Microsoft extends Windows XP's stay

Bowing to pressure from customers and computer makers, Microsoft plans to keep Windows XP around a little longer.

Large PC manufacturers were slated to have to stop selling XP after January 31. However, they have successfully lobbied Microsoft to allow them to continue selling PCs with all flavors of Windows XP preloaded until June 30, a further five months. Microsoft also plans to keep XP on retail shelves longer and will allow computer makers in emerging markets to build machines with Windows XP Starter Edition until June 2010.

The move indicates the continued demand for the older operating system, some nine months after Windows Vista hit store shelves.

In recent weeks, several PC makers launched programs that allow new PC buyers to more easily "downgrade" their Vista Business and Vista Ultimate machines to Windows XP. Fujitsu, which was among those lobbying for the change, has started including an XP restore disc in the box with all of its laptops running Vista Business.

"This allows the installed base of Windows XP users more time to manage the transition to Vista, which is important for some smaller companies with limited resources," Paul Moore, senior director of mobile product marketing for Fujitsu, said in a statement.

Dell also said it support's Microsoft's decision.

"We believe the additional time will help some customers to prepare for the transition from XP to Vista," the company said in a statement.

Now on News.com

Microsoft extends Windows XP's stay Photos: Engineering wonders in miniature Week in review: Microsoft gets its game on Extra: New rules for machinima licenses

Microsoft, for its part, sought to downplay the impact of the move, disagreeing with the notion that there is still strong demand for XP.

"We wouldn't term it strong," said Kevin Kutz, a director in Microsoft's Windows Client unit. "We would describe this as accommodating a certain element who needs more time."

Kutz said Microsoft had seen similar demand patterns with past releases and noted that in the past, old operating systems remained available for around 18 months after the release of a new operating system.

"While Windows Vista sales are still going strong...we recognize there are some customers that need more time," Kutz said.

Novell credits Microsoft for soaring Linux sales

Novell says its Linux business has grown by 243 percent over the last three quarters, and it largely credits its deal with Microsoft.

Novell has reached $100 million in revenue from Linux over the nine-month period, thanks to the close working relationship it has had with Microsoft since the two companies signed their collaborative deal in November.

As part of the deal, Microsoft offers support for Novell's Suse Linux, and the two companies are working on making their respective software interoperable.

"For Novell's first three quarters of our fiscal year, our Linux business was up 243 percent," said Justin Steinman, director of marketing at Novell.

"This (sales increase) is public endorsement that our joint engineering efforts are already paying dividends to customers operating in a mixed environment, which, by the way, is pretty much all Linux users today," said Steve Harris, senior sales director for open source at Novell. "It helps us to maintain momentum and our investments in this collaboration work, which will continue to drive growth in our Linux business worldwide."

It is the interoperability between Linux and Windows that "is really receiving a lot of customer interest right now," Harris said.

As an example of the cooperation between the two companies, earlier this month, Microsoft and Novell announced a joint development lab in Cambridge, Mass., that will focus on cross-platform interoperability. The lab, which measures 2,500 square feet, will host a combined team of eight Microsoft and Novell engineers and two directors, working to make Windows Server and Suse Linux Enterprise work together, according to a statement from the two companies.

Now on News.com

Microsoft extends Windows XP's stay Photos: Engineering wonders in miniature Week in review: Microsoft gets its game on Extra: New rules for machinima licenses

One of the key areas of interoperability work will be in virtualization, which is seen as a crucial area by many IT professionals. The lab will also work on file formats, systems management and directory technology integration.

Novell's main competitor in the Linux market, Red Hat, announced its quarterly results this week. The company said its quarterly revenue of $127 million was up by 28 percent compared with the same quarter last year.

Its subscription revenue of $109 million was up 29 percent, Red Hat said.

Colin Barker of ZDNet UK reported from London.

Google eyes discreet Street View for Canada

Google is considering a Canadian launch of its Street View map feature, which offers street-level close-ups of city centers, but would blur people's faces and vehicle license plates to respect tougher Canadian privacy laws, the Web search firm said on Monday.

Canada's privacy commissioner told Google in August that the feature--which offers a series of panoramic, 360-degree images of nine U.S. cities--could violate Canadian laws if it were introduced without alterations.

Some of the pictures feature people who can clearly be identified, which contravenes Canadian legislation on privacy.

"We are thinking about launching it outside the United States, including Canada, and we're looking at how it would have to be different in Canada compared to its U.S. version," said Peter Fleischer, Google's global privacy counsel.

"We would launch Street View in Canada in keeping with the principles and requirements of Canadian law ... that means we know we'll have to focus on finding ways to make sure that individual's faces are not identifiable in pictures taken in Canada and that license plate numbers are not identifiable in Canada," he told Reuters in an interview.

Google had been approached by a number of Canadian cities seeking to be featured, he said.

Now on News.com

Microsoft extends Windows XP's stay Photos: Engineering wonders in miniature Week in review: Microsoft gets its game on Extra: New rules for machinima licenses

"(They) have said, 'Please come and start taking this imagery of our city. It's good for our tourist industry and we'll even pay you or reimburse your expenses to do so,'" he said.

Canada's privacy commissioner has yet to hear from Google, a spokesman said.

"If that's how they're planning to roll out their service by putting in place technological means ... to block out faces and license plates and other essential personal information, then that's a great first step," said Colin McKay.

The images of U.S. cities were produced in partnership with Canadian firm Immersive Media, which says it has taken similar street level pictures of major Canadian cities.

Fleischer said he did not know if the firm would be involved in any Canadian launch.

Microsoft's new search guru talks strategy

newsmaker When it comes to Web search, Microsoft is the undisputed underdog, a position it doesn't usually find itself in.

The company has anywhere from a 8 percent to 13 percent market share in the United States, depending on who is collecting the traffic data, putting it behind Yahoo (20 percent to 23 percent share) and far behind Google (54 percent to 64 percent share). And Microsoft's share seems to be slipping, nearly 4 percentage points from a year ago, according to Hitwise.

How does Microsoft propose to narrow the gap? Earlier this year, the company launched a program called Microsoft Search and Win that rewards people for using the Live Search site. The program bumped up Microsoft's market share this summer. But while compensating people to use your search engine may provide a temporary market share increase, it isn't a good long-term strategy to build market share.

Microsoft is hoping that it can catch up to rivals in overall search and find a few key areas where it can go into more depth, by offering tailored searches. For now, it is eyeing celebrities and entertainment, product searches, local search and health care as fertile areas worth having specialized results.

CNET News.com talked to Satya Nadella, corporate vice president of search and advertising at Microsoft, about how the company plans to improve its market share and improve search for the long haul shortly before the company launched new features in its Live Search site at a "Searchification" event Wednesday.

Q: How much of your search traffic is coming from search embedded within other Microsoft Internet properties versus people going directly to the main Live.com search page? Nadella: The search bar on MSN is where we get a lot (of traffic), and we do get even a bunch from people who choose to use us as the default provider on their browser, as well as people who install our toolbar. So, those are the top three sources.

Some folks have said it's about 1 percent of your traffic that comes from people typing in the Live.com Web address? Nadella: That's probably true. We've not really marketed Live.com. In fact, we've really focused, even with this release we'll be very, very focused on basically having the Live search experience power MSN, and that's a fairly explicit strategy of ours, if you will, because we feel that that's the place where we can gain a lot by showing a better search experience, and getting the customers and the consumers who are doing searches with us on top of MSN to do more.

The 70 million users we have is a substantial number, and if we can get them to do more searches, we will have gains.

So, you're not going to be trying to narrow the gap with Google and even Yahoo on just general Web search and trying to attract people to Live.com? Nadella: Yahoo is very much like MSN. People type in Yahoo.com, and they go to a portal, and MSN is one such portal, so it has search, and we'll keep innovating on how to highlight that. Whereas when we think about Google as just a destination site, we have that with Live, and we think that with Windows Live and other places we'll start building some organic traffic. But I would say that in the fall you will see us, just because these 70 million users today are our lowest hanging fruit in terms of being able to increase the engagement with them, that we will put a lot of energy in just marketing ourselves through MSN.

Microsoft has turned to paid programs, either direct-to-consumer promotions or promotions with businesses, in the last year to gain share, or really recoup lost share. Is that something you expect to increase, stay level, or decrease in the coming year? Nadella: We believe that we will sustain that. We built a generalized loyalty program/platform called the Live Search Club, which helps us raise awareness to the fact that we are in this search game and helps us get more engagement and then builds loyalty through things like prizes. We'll do more of that, and generally use this as a loyalty program going forward, and experiment with multiple ways to engage users.

What about paying businesses to use you? Nadella: So, we have some pilots that you've seen us talk about. We will definitely move that. But I would say the core focus at least in the fall would be for the consumer push through MSN.

Some of the new features launched this week are already offered by your rivals. Is catching up really much of a game changer at this point? Nadella: That's a good question. You have to be in the game with the core (relevance), and then you have to differentiate in these high-value vertical domains. If we have 70 million people using our search engine today, if we are getting better at core relevance, and delivering some differentiated experiences in verticals, what can our share position be?

In some sense, it's perhaps not the position we'd like to be in, but we are in a position where quite frankly we have nothing to lose. We want to be able to come out, take some risks, do some innovation, get to a place where we have parity on some of the table stakes, and differentiate. The 70 million users we have is a substantial number, and if we can get them to do more searches, we will have gains.

NEXT >>>

Open Source App Challenges Microsoft Project

Projity releases a desktop version of the project management tool originally offered as a service.

A new open source player called Projity is advertising its desktop software as a "complete replacement" for Microsoft Office Project, but analysts say it faces a tough road in its bid to win a large chunk of the project management market.

Projity started as a software-as-a-service vendor two years ago with Project-On-Demand, and launched a public beta last month for OpenProj, an open source version for the desktop. After winning SaaS customers such as NASA and Bechtel, Projity says nearly 100,000 people have downloaded its open source software.

Projity CEO Marc O'Brien sees his company as adding another layer to the Microsoft Office competition coming from Google Apps, OpenOffice.org backed by Sun and IBM, and various hosted software vendors.

"All of them are going after the Microsoft Office suite, but they've all got Word, Excel and PowerPoint replacements. Project is part of the Office family, but none of these suites has an alternative to Project," O'Brien says.

O'Brien says Projity can open Microsoft Project files, and goes "mano a mano" with Microsoft in features, even for "obscure things like earned value costing, scheduling constraints, resource escalation rates."

While Projity will eventually develop a paid support model, at least for now support is free in online forums where customers can ask the vendor questions.

While O'Brien claims to see a market devoid of Microsoft Project competitors, enterprise software analyst Dennis Callaghan of the 451 Group says other open source vendors have popped up to offer similar products. An IDC survey found that 16% of companies have deployed open source project and portfolio management, says Matt Lawton, lead analyst for open source business models.

"They're certainly not the first vendor to come up and say 'we're a low-cost alternative to Project, we're going to blow Project out of the water,'" Callaghan says. "This is a tiny company taking on Microsoft. ... The odds are against them."

Projity could develop a successful business model going after portions of the market, particularly small companies with tight budgets and organizations dedicated to using open source software, Callaghan says.

Projity has done a better job bringing its product to market than competitors such as Project.Net, another open source vendor, he says.

Customers examining Projity's software should realize the Web-based version is more sophisticated than OpenProj, because it enables the type of collaboration that is becoming central to project management, Callaghan says.

Project-On-Demand provides better reporting on project performance, including examinations of multiple projects simultaneously, O'Brien says. "We can extract a lot of information because the information resides on the server side," he explains.

Next month, Projity will release another product called Projity Enterprise, which can be installed onto a customer's servers, allowing better sharing. With OpenProj, employees need to e-mail project files back and forth or send screen captures to share information, O'Brien says.

The overall cost of Projtiy enterprise will be similar to that of Project-On-Demand, which costs US$7.99 per user per month for light users, and $19.99 per month for power users, O'Brien says.

The Microsoft Office Project professional edition retails for $999.

Monday, September 24, 2007

Resellers: AVG Internet Security Software Retail Boxes Now Available

Walling Data Systems announced today that retail boxed versions of Grisoft’s AVG Anti-Virus & Anti-Spyware, and AVG Internet Security, both 2-year versions, are available for the first time in the United States to independent channel partners. “Walling Data Systems is the first and only AVG Authorized Distributor in the United States gearing up to provide AVG retail boxes to the reseller channel,” said Luke Walling, President of Walling Data Systems. “In addition, we are offering extremely competitive pricing on the products in order to give our resellers a fair margin while remaining competitive.” Grisoft’s AVG security software goes beyond the usual testing engine through which files are scanned in most protection applications by using a combination of several advanced detection methods. It is also available at a fraction of the price of other security software applications, even in retail boxed form, with a standard license that is double that of most competitors. These benefits, in addition to significant discounts extended to resellers, makes AVG one of the best choices in security software products for independent resellers. In fact, a recent VARBusiness Alternatives Study revealed that AVG is the most frequently chosen security software product, among resellers. All award-winning editions of AVG, from the standard Anti-Virus software through the all-in-one Internet Security product, provide unlimited definition database and full program updates over a high-speed network of servers located around the world free of charge for the full license duration, come with 24/7 e-mail technical support by expert technicians, a full 50% discount on license renewals and when purchased from Walling Data Systems, the personal support of their US based technicians by toll-free phone, remote support, e-mail, and more at no additional cost. Walling Data Systems is in fact the only source that offers unlimited toll free phone, remote support, and more for their AVG customers in the United States: Which is one reason why thousands of resellers throughout the United States choose Walling as their Distributor of choice for AVG products. “We have been buying from Walling Data Systems for almost three years now and the key to their success is that they go out of their way to make sure that you are well taken care of. If there is ever a situation where we need help, they get back with us to make sure the issue is thoroughly resolved. They are just pleasant to deal with. There are far too many distributors out there that are content with giving the basic response to help requests and then sending you on your way,” says M.J. Shoer, President and Virtual Chief Technology Officer of Jenaly Technology. Shoer continues, “Walling offers a nice revenue opportunity with us as a reseller, and we can still offer a very cost-compelling product to our customers that is also a great technology. And we know this because we use the AVG technology ourselves.” For more info about how to purchase AVG software, contact Walling Data Systems toll free at 866-833-5727 (toll free in the US and Canada), online at http://www.avg-antivirus.net or by emailing to sales@avg-antivirus.net. US-based resellers can apply to become Authorized AVG Resellers online at http://www.avg4resellers.com. # # # About Walling Data Systems www.avg-antivirus.net Founded in 1994, in North Carolina, Walling Data Systems is a value-added software distributor and IT Solution Provider offering innovative high-value solutions to everyday computer security problems for corporate, education, and home technology users. Walling Data was named an Authorized AVG Distributor in 2004.

atsec Hosts Seminar for Delegation from the Korea Information Security Agency (KISA)

(PRLEAP.COM) atsec hosted a seminar on Common Criteria 3.1 for eleven delegates from KISA, the Korea Information Security Agency. The five-day seminar examined Common Criteria 3.1, which succeeds version 2.3 of the standard and which introduces many changes in the security assurance requirements part of the standard, and in the standard methodology supporting evaluation. The Republic of Korea is a Certificate Authorizing Country within the Common Criteria Recognition Arrangement (CCRA). The purpose of the CCRA is to enable participants to pursue shared objectives related to Common Criteria evaluation, including eliminating the burden of duplicate evaluations of IT products and protection profiles. To support this objective, the CCRA seeks to ensure the reliability of the judgments on which certification is based, by requiring that a Certification/Validation Body (CB)-issuing Common Criteria certificates must meet high and consistent standards. atsec’s accredited laboratories operate under the certificate authorizing U.S. and German schemes and have provisional status under the Swedish Scheme. atsec also offers consultancy including training for the Common Criteria 3.1 standards on a global basis. Fiona Pattinson, Director of Business Development for atsec says: "I am very honored that the Korean Information Security Agency made atsec their first choice for professional training in the latest version of the International Standard, Common Criteria." atsec will be present with a booth at this year’s International Common Criteria Conference, ICCC in Rome (25th – 27th of September). Also, five security experts from atsec information security will present six sessions at the conference, making atsec the single largest presenting contributor to the 2007 event. We invite you to visit us at our booth to learn more about the successful, innovative work done by the premier global Common Criteria laboratory, for example, our Linux OS and mainframe computer evaluation projects. # # # About atsec information security atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, the U.K., and China. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf. For more information please visit www.atsec.com.

BLOXX ENSURES GRAYPEN SETS SAIL ONLINE WITH UTMOST SAFETY AND SPEED

(PRLEAP.COM) Bloxx, the European enterprise web filtering specialist, today announced that shipping and tanker agency, Graypen has deployed Bloxx web filtering technology to regulate and protect its staff online. Graypen has selected Bloxx technology to manage staff access to non-work related websites, which might contain inappropriate or potentially dangerous content. The company has also managed to dramatically reduce additional network traffic being generated by staff visiting these sites. Graypen is a UK-based shipping and tanker agency and has 24 offices throughout the UK. Its 135 staff had full access to the Internet, but with the increasing popularity of social networking sites, chat rooms, online shopping and the growing risks related to inappropriate or dangerous web content, the company wanted to have better information about its staff’s online activity. The company had been using an ISA server to provide basic web filtering, but this was not able to provide the level of control or information about Internet usage the company required. After seeing the Bloxx web filtering appliance in action at another company, Graypen’s IT Manager, David Scott felt that this would provide him with much more comprehensive and detailed information about Internet activity After comparing the Bloxx appliance to other web filtering solutions the company bought the Bloxx appliance. Within a few hours of installing the Bloxx appliance in their network, the powerful reporting capability highlighted to Graypen management that there was a significant level of non-work related Internet activity taking place. “Even though the company had an Acceptable Use Policy for Internet usage in place, until we deployed the Bloxx appliance we had no easy way of actually analysing Internet usage or any effective way to ensure compliance,” explains Scott. “Initially I was checking our reports everyday, but the sheer presence of having the appliance on our network and employee awareness of just how powerful the filtering is, means I now only have to check the reports once a week.” Scott has configured the Bloxx appliance with a single company-wide filtering policy, meaning that each and every employee has access to the same categories of web sites. The spyware, anti-phishing and anti-virus software installed as standard in the Bloxx appliance also helps to protect users and the network. Since implementing the solution, Graypen has not only seen an increase in productivity levels from its staff but its normal office desktop applications have significantly speeded up. With the Bloxx solution in place, Graypen’s staff is now concentrating on the job at hand, rather than being distracted by popular sites such as MySpace or Facebook. Bloxx technology gives users such as Graypen, the ability to block or allow sites by category rather than one by one, which makes policing internet use much easier and also frees up substantial amount of network bandwidth. “The Bloxx appliance was simple to install into our network and is so easy to use and manage, that it now basically runs itself, which frees my time to dedicate to other pressing IT issues,” comments Scott. “As with any company, there are users who think they are smarter than the Bloxx solution and they try to access obscure international sites or use anonymous proxies to bypass it. However, most users eventually give up - Bloxx is just too smart for them.” “Organisations such as Graypen require fast and reliable networks so they can provide top level service to their customers,” comments Bloxx Sales and Marketing Director, Paul Irvine. “Companies can’t afford network performance to be affected by workers misusing the Internet facility on their desktop. By managing online activity more efficiently and effectively, Graypen can ensure that it remains in touch with its customers, improve worker productivity and thus remain a leader in the maritime industry.” About Bloxx Tru-View Technology Bloxx Tru-View Technology uses internationally patent pending technology to analyse and block web sites quicker and more accurately than other web filters which use manual classification and keyword scoring. Tru-View Technology uses intelligent identification and analysis providing instant classification of web content as soon as it is accessed even if the content has not been seen by anyone before. Bloxx Tru-View Technology helps organisations proactively manage users’ access to web content which might lower productivity, expose the organisation to risk and liability or pose a network security threat. An estimated 1 million + users already benefit from enhanced security and performance with low administration and no cost per user charges. Additional protection is provided via anti-virus, anti-spyware and anti-phishing functionality, alongside onboard cache About Bloxx Based in the UK, Bloxx offers web filtering appliance-based solutions for medium and large organisations in both the business and public sectors. Leading UK investment groups such as Braveheart Investment Group Plc and Archangel Investments Ltd. have invested in Bloxx. For more information please visit: www.bloxx.com.

AIRRAID2™ wireless hacking tournament to be held in Bangkok Thailand on 21 Dec 2007

(PRLEAP.COM) Singapore, 23 Sep 2007 - ThinkSECURE (http://securitystartshere.org) today announced that it will be running AIRRAID2™ (http://airraid2.securitystartshere.org), its cutting-edge wireless-and-wired hacking tournament, in Bangkok Thailand on 21 December 2007. AIRRAID2™ is the successor to ThinkSECURE’s original AIRRAID™ tournament, Asia’s first-ever true wireless hacking tournament, which was held in Singapore’s Suntec Convention Center in August 2005. By challenging participants with WiFi and Bluetooth wireless hacking against an enterprise infrastructure which is specially designed to mirror a typical corporate wireless and wired network deployment, AIRRAID2™ now brings its unique brand of wireless hacking excitement and flavor to the Land of a Thousand Smiles! AIRRAID2™ is designed with the following objectives in mind: - highlighting typical flaws in modern corporate wireless and wired deployments; - illustrating how attackers take advantage of those flaws in a real-life, real-time setting; - allowing the general public to gauge the current skill level of Asia’s hackers compared with the rest of the world; - showing the the dangers of relying solely upon vendors’ technology as a means of defence; - illustrating the benefits to IT professionals of attending practical technical certifications such as the Organizational Systems Wireless Auditor and Organizational Systems Security Analyst to enhance their wireless and enterprise security skills, and - making organizations realize that partners’ and vendor-support/maintenance networks can also be a weak link in the security posture of an organization. "AIRRAID2 continues our tradition of giving back to the Asian IT-security community by providing them a way of testing their skills against each other and against a realistic enterprise-class wireless-and-wired infrastructure setup. As many security professionals rarely get a chance to do some real unbridled hacking, our purpose-built tournament infrastructure mirrors an extensive wireless/wired network which allows them to fully and legitimately employ all their skills to meet the challenges we’ve put in place," said Mr. Julian Ho, ThinkSECURE’s co-founder. Registration for AIRRAID2™ is free and teams can have up to 4 members. Qualifying teams stand a chance to win various prizes and a bonus cash prize. For more details and to register to participate in the tournament, please visit http://airraid2.securitystartshere.org

About This Release If you have any questions regarding information in these press releases please contact the organization listed in the press release. Issuers of press releases and not PR Leap are solely responsible for the accuracy of the content.

Free Proxy Scripts: A Rundown

Choosing A Proxy Script

When it comes to starting a proxy site, choosing a script is one of your biggest decisions. This choice can determine the resources you will potentially need, such as bandwidth and RAM - Some scripts are heavier on certain resources while light on others. For example, CGI Proxy is heavy on your server’s processor, and therefore uses a lot of RAM, but is light on the bandwidth usage. On the opposite end of the spectrum, PHProxy doesn’t require a whole lot of RAM. So with PHProxy, you’re saving in the RAM department, but PHProxy doesn’t allow users to login to sites like MySpace and GMail… Unless you know a lot about programming and can customize the script. Anyway, let’s take a look at our contestants.

PHProxy

PHProxy (also known as ‘PHP Proxy’ and ‘Poxy’) is a free web-based HTTP proxy. It is arguably the most popular free proxy script out there. It was created in order to bypass firewalls and other proxy restrictions through a web-based interface. If the name didn’t give it away, PHProxy was programmed in PHP. It is a ‘cleaner’ script (so to speak) than CGI Proxy, and therefore it uses less resources. PHProxy doesn’t allow users to log in to some websites. This may affect the functionality of sites such as MySpace and Facebook. Keep in mind that these are some of the main sites that people are using proxy sites in order to access. PHProxy has several options, including disable JavaScript, accept cookies, show images, show referring website, strip meta information tags from pages, and more. As of this writing, the latest release is PHProxy 0.5 beta 2; that can be downloaded here. Depending on your design skills (or lack thereof) there are a decent amount of free proxy templates available for PHProxy on the internet… Meaning you download the template, make a few quick changes (to customize it), upload it to your server, and you’re done. Looking for templates? Check out PHProxy Themes and Free Proxy Templates.

CGI Proxy

CGIProxy is a Perl CGI script. CGI Proxy is neck-to-neck with PHProxy as the most popular free proxy script available. As I said before, it is uses more RAM than PHProxy does, but it also uses less bandwidth. Some people prefer to use CGI Proxy because it allows users to login to sites like MySpace. The latest version of CGIProxy is 2.1beta15, which can be downloaded here.

Surrogafier

Surrogafier is “an easy to install three tier web proxy written in PHP.” Surrogafier is completely free to use and distribute. Current features include the ability to remove cookies, the HTTP referer field, the HTTP user-agent field, scripts on the page, and objects, altering the user-agent string to whatever you please, and tunnelling your proxied traffic through a second proxy. As far as popularity goes, Surrogafier is right up there with Zelune. I haven’t seen it on too many sites yet, but it seems to be growing. The kind folks over at Bypasser.org have setup a demo version of Surrogafier which can be seen here. The latest version, Surrogafier 1.0-rc3, can be downloaded here.

Zelune

Zelune is a proxy script which uses CURL to download pages, which makes it faster than its PHP & CGI competitors. A proxy’s speed is dependant on several variables, including the capabilities of the server on which it is installed, but Zelune may be the fastest free web-based proxy script currently available. Zelune may be the least resource heavy free proxy script currently available. I don’t have any personal experience with this script, but I have seen a few other sites using it. I have yet to see an official homepage for the script, so you can download it here. I don’t have much more information about Zelune at this time, but why not install it and give it a try? To clear up any confusion, Zelune was formerly known as ‘Curl Proxy’.

bblocked

bblocked is a “web-based proxy bypasser” coded in PHP. The bblocked proxy engine “allows you to quickly and easily setup your very own proxy bypass site”. bblocked requires at least PHP 4.3.0, and is fully compatible with PHP 5. This script is unique in that it comes with several themes which are very nice looking. In terms of aesthetics, bblocked is by far the best script available. I haven’t seen it installed on many sites, though, so performance is a whole different issue. The latest version of bblocked is version 5.5 beta, and it can be downloaded here.

Glype Proxy

Glype Proxy is a free proxy script. It was also written in PHP, and it utilizes the cURL library. Glype appears to be the first proxy script to feature caching. Caching reduces the load of the server it is installed on. Glype Proxy also allows webmasters to define elements to remove from sites. If you don’t want the users of your proxy to use up a lot of bandwidth, you can configure Glype to ignore certain file types (such as movies, music, and flash objects) that tend to be bandwidth-intensive. Glype was written with clearly commented code - Webmasters who aren’t familiar with PHP won’t feel completely lost when looking at the code. Glype Proxy is still in beta, but it has all the core features of a proxy script. The latest version of Glype Proxy is 0.1B, which can be downloaded here.

That sums it up for now… But new versions of free proxy scripts, as well as entire new proxy scripts, are constantly being released! Keep checking Free2Surf Proxy Blog for the latest news regarding free web-based proxy scripts, and much more!

Defense Department to Block MySpace and YouTube

I don’t know how many of you have had a friend or loved one over in Iraq, but they definitely rely quit heavily on the internet in order to stay in touch with friends and family. I had a friend over there for a year, and MySpace was pretty much the only way I kept in touch with him. I know for a fact that the majority of soldiers stationed over there use MySpace (or a similiar social networking site) in order to stay in touch with people. So for those that are still stationed over there, this article is definitely bad news.

According to a memo that was sent on Friday by the US Forces Korea commander, the Defense Department will soon begin blocking access to YouTube, MySpace and 11 other popular Web sites on its networks. This is a major step, and will impact soldiers significantly - Possibly more than the Defense Department understands. Fortunately, members of the military can still access the sites on their own computers and networks, but Defense Department computers and networks are the only ones available to many soldiers and sailors in Iraq and Afghanistan. Sites affected by this ban are YouTube, Metacafe, IFilm, StupidVideos, and FileCabi, the social networking sites MySpace, BlackPlanet and Hi5, music sites Pandora, MTV, and 1.fm, and live365, and the photo-sharing site Photobucket. You can read the full article here.

I wonder how much trouble a member of the military would get into if they were caught using, say, a MySpace Unblocker site to access MySpace? Surely some soldiers are aware of proxy sites and how to use them… I hope that this move doesn’t affect our soldiers serving abroad too much, and that they are still able to stay connected to their family and friends.

Sunday, September 23, 2007

IBM joins the free Office race

As expected, Google has finally launched its long-awaited PowerPoint-style presentation app -- Google Presently -- which was discovered by the ever-resourceful Ionut Alex Chitu earlier this year. It's the final piece of Google's online Office-style suite, which it is now pushing to sell to corporations in direct competition with Microsoft's Office.

And now IBM has decided to awaken from its slumber and get into the game as well, with the launch of a Lotus-branded suite built on Sun's Star Office software, called Lotus Symphony. An IDC analyst tells the New York Times: "I.B.M. is jumping in with products that are backed by I.B.M., with the I.B.M. brand and I.B.M. service... this is a major boost for open source on the desktop."

As the NYT story points out, this is also another big gesture of support for the Open Document Format, which Star Office and Open Office use and which Google's document services also support. Microsoft, of course, is championing a competing format. And Mike Masnick at Techdirt notes that Yahoo's purchase of Zimbra means there could soon be another large competitor in the free and online Office game.

Anyone want to buy Zoho.com?

Here she is -- it's Miss Internet 2008

Do John and Scott Ferber know what they're getting into? According to a recent press release that came floating into my inbox, they've decided to start something called the Miss Internet Pageant. Aspiring beauty contest winners (and we know there are probably millions of them out there, alas) can send in a couple of photos and/or video of themselves, and the winner gets chosen by the Internet! Or rather, gets chosen by whoever decides to go and vote for someone at the website, and you can apparently vote for as many contestants as you want, twice a day, and as many times as you like. So, all you aspiring Miss Internet 2008 winners -- all you have to do is convince enough of your friends, or even complete strangers, to come and click on your photo. Or, you could always take a quick course in Java or C++, and write a script that would effectively accomplish the same thing! The choice is up to you. And apparently you don't have to answer any skill-testing questions, like the one that threw Miss Teen South Carolina off so badly awhile ago. You stand to win "up to" $25,000 in cash and prizes. It's no secret that the idea of an Internet-voting contest is fraught with problems. As evidence, I submit the story of Time magazine's Person of the Century contest, which came within a hair of being won by Mustafa Kamal Ataturk, the founder of modern Turkey (thanks to a blockbuster campaign by Turkish supporters) as well as the People magazine contest in 1998 to find the most beautiful people in the world, which was won by one of Howard Stern's sidekicks, a little person who called himself Hank the Angry Drunken Dwarf. It seems likely, however, that John and Scott Ferber know exactly what they're doing: the two brothers were behind the rise of Advertising.com in the 1990s, which was eventually sold to America Online in 2004 for $434-million in cash. The brothers stayed at AOL for a time, but then took what the company described as some "much needed time off" and developed a site called Guess Now, which lets you guess the outcome of future events and then pays you cash if you guess correctly. When you go to the Miss Internet Pageant site, it redirects you to Guess Now's servers, and to become a contestant you have to open a Guess Now account. Coincidence? I think not. Interestingly enough, the Miss Internet Pageant says if you can't upload photos of yourself, you can email them to this address: steve@vandelayindustries.com. Van Delay Industries is the name of the fictitious latex company that George Costanza worked for on Seinfeld.

Ecotality buys Innergy for mobile-solar and battery technology

What the clean-energy industry needs more of is profitable companies and fewer science experiments.

So says Jonathan Read, the CEO of Ecotality, which announced on Thursday that its has signed an agreement to buy Innergy Power. The price was $3 million, Read said.

Solar power in the field.

(Credit: Innergy Power)

San Diego-based Innergy makes solar panels and batteries for mobile applications, such as solar-powered phones, remote surveillance cameras or off-grid lighting. It also manufactures sealed lead acid batteries that can be combined with small solar panels.

The acquisition is part of Ecotality's plan to "roll up" different clean-electricity companies into a diversified and profitable business, Read said. A public company, Ecotality expects to be profitable next year, he said.

The company in June bought Fuel Cell Store, which sells hydrogen fuel cell gear to universities and labs, and it intends to announce another acquisition related to plug-in hybrid vehicles in the near future.

It also has a hydrogen-producing technology with Hydratus through a partnership with the NASA Jet Propulsion Laboratory.

What binds these diversified businesses together is clean electricity, Read said.

"We would like a mesh technology to work for us from clean power to end-user applications," he said.

The strategy is to assemble different product lines and find areas of cross-pollination. For example, by buying Innergy, it gains manufacturing capability in rechargeable batteries that can be used in its hydrogen product lines.

The company also intends to use the money from commercial products and invest in "science projects," or more speculative energy technologies that have not yet reached commercial applications, Read said.

"Something that's missing in the clean-energy space is the move to commercialization and profitability. For every development project (at Ecotality) that's pure science will be two commercial businesses," he said.

The company is also looking at wind and energy efficiency.

After finishing its acquisition of Innergy in the fall, Ecotality intends to expand its storage and solar-panel production.

India's take on the '$100 computer' gets U.S. venture funds

Novatium Solutions, which has come up with a thin-client computer for emerging markets, has landed an investment from New Enterprise Associates (NEA).

The company has mostly installed its computers around Chennai (formerly Madras) in southern India. The systems work on the thin-client model. Most of the actual computing and the Internet connection goes through a central server. Users then tap into the server through desktop units.

With thin clients, updates and security patches are easier to manage, according to Rajesh Jain, one of Novatium's founders. Energy can also be conserved. In a novel twist, Novatium's clients use a digital signal processor rather than a standard processor. NEA did not state how much it has invested in the company.

Jain, who sold his IndiaWorld portal in 2000 for $115 million, is one of India's better known technology execs. After selling IndiaWorld, he turned his attention to expanding the computer base in India. He also writes a popular blog. (Interestingly, another founder is Ray Stata, chairman of DSP maker Analog Devices.)

Novatium's computer will play in the same market as devices such as the Intel Classmate PC and the XO from the One Laptop Per Child organization created by Nicholas Negroponte. Some of these devices will be sold to schools, while others will likely be bought by Internet cafe owners, who will then recover their investment by selling time on their computers. Many phone booths in India are actually owned by individual entrepreneurs.

Even though Negroponte popularized the "$100 computer" name, no one is actually hitting that number. The XO will cost about $188 after a series of price hikes. Taiwan's Asustek is working on a $200 computer based around Intel's designs.

Novatium says that its machine costs about 500 rupees a month, including Internet connectivity, software and hardware. That's about $12.44.

Novatium has also experimented with ways of using old monitors and TVs to cut the price further. In a 2005 interview, Jain said that he could get the total price down to around $120 with a used monitor.

Chennai is something of a center for cheap computing devices. Ashok Jhunjhunwala of the Indian Institute of Technology of Chennai has developed a $1,000 automatic teller machine that can also serve as an Internet kiosk for villages.

Souvenir at green conference: lead tainted coffee cups

The organization running the conference ordered a bunch of paper coffee cups to use at the conference, which took place in San Francisco this week. Unfortunately, the organization ordered the cheapest ones. They came from China with a warning on the bottom: caution contains lead. Sarah Suzanka, the author of "The Not So Big Life" and one of the hosts of the conference, asked people in the audience to come up with ideas for ways to use them.

Recycling after all is a big topic here. Among other products on display are countertops made from broken bits of recycled glass (actually quite attractive) and rubber flooring for kids' rooms made from recycled tires.

IP telephony start-ups attract cash

Despite SunRocket's recent implosion, venture capitalists are hot to invest in voice over IP start-ups.

A company called Jaxtr announced Tuesday that it's raised $10 million. The company, which hopes to emulate the success of eBay's Skype, actually attracted some of the same investors as Skype. Draper Richards, Draper Fisher Jurvetson and Mangrove Capital, all early stage investors in Skype, contributed to Jaxtr's first round of funding.

Jaxtr is one of a growing number of IP telephony start-ups hoping to make it big. These companies are leaning more toward Skype's business model as a complementary voice service rather than billing themselves as a replacement to traditional telephone services. This was the strategy that Vonage and SunRocket took when launched. Now SunRocket is out of business, and Vonage is gasping for air.

But the new crop of start-ups are cleaning up in terms of funding. Rebtel has raised $20 million, Truphone got $23.4 million, Jajah score about $20 million and Ashton Kutcher's Ooma raised $27 million.

Jaxtr allows people to make free international calls from their cell phones by assigning users with a local number. Callers use this number, which routes calls over the Internet. Jaxtr's CEO Konstantin Guericke co-founded LinkedIn, and the service actually incorporates social networking by creating a widget that allows people to embed the number on their blog or social-network profile, such as MySpace and Facebook.

AT&T rings up a $4.99 international calling plan

AT&T rang up a new international calling plan on Thursday, featuring a combined wired and wireless plan for $4.99 a month.

Subscribers of both AT&T's wireless service and its local and long-distance wireline service are eligible for the company's Unity Worldwide Calling plan. The plan offers a flat monthly fee, rather than charging customers for international calls based by the minute.

AT&T's move to reduce the overall costs of making international calls comes as no surprise, given the freebies to be had by using voice over Internet Protocol, or VoIP, services. Companies such as Jaxtr enable users to make free international calls on their cell phones via a local number. And companies such as Jajah are designed to enable users to make VoIP calls with either their existing landline phone or cell phone at reduced or free costs.

NBC comes into "Direct" competition with Apple's iTunes

NBC Universal, a media and entertainment company that recently went head-to-head with Apple Inc. over an iTunes contract, announced on Wednesday that it will make episodes of its popular TV shows available for download on its Web site for one week after their original broadcast.

NBC’s free download service, called NBC Direct, will allow users to download shows such as "Heroes" and "The Office" episodes for free to computers running Microsoft Windows software for up to a week after the show has first aired on television.

NBC Direct will start in beta mode in October and will make episodes available for download from NBC.com (http://NBC.com) on Windows-based PCs. The downloaded file will be encrypted so that it can only be watched for seven days after the show airs on the network. A week after the episode's TV debut, the digital file will expire. TV commercials will come embedded with the shows and cannot be skipped.

"With the creation of this new service, we are acknowledging that now, more than ever, viewers want to be in control of how, when and where they consumer their favorite entertainment," said Vivi Zigler, Executive Vice President of NBC Digital Entertainment.

The shows that will become available at launch include "Heroes," "The Office," "Life," "Bionic Woman," "30 Rock," "Friday Night Lights," "Late Night with Conan O'Brien" and "The Tonight Show with Jay Leno."

However, the new service has some limits, like downloads can only be watched for a week after the show airs on the network and the programs will only work on Windows-based PCs.

NBC is also planning on expanding its service. The Peacock Network says users will soon have a Macintosh version, and they will also be able to transfer the content from their PCs to a portable viewing device in near future.

NBC said its initiative would be expanded in coming months to let users subscribe to an entire season of a show and have content download automatically each week, similar to a TiVo Season Pass.

The service eventually will include DRM-protected episodes compatible with Macs and portable devices and the high-definition shows will ultimately be available through peer-to-peer technology, which will speed the download of larger files, NBC said.

The move from NBC Universal, a unit of General Electric Co., comes days after it declined to renew its contract to sell TV shows on iTunes because of a dispute with Apple over pricing. The media conglomerate has pulled its new shows from iTunes early this month, three months ahead of the current contract that is due to expire in December.

In December, 2005, Apple Inc. and NBC Universal announced a tie up to present iTunes users with NBC shows on demand for a price of $1.99 per episode. But, NBC reportedly has started demanding additional money from Apple, forcing the iPod/Mac maker to charge more for downloads of its TV shows.

Apple, on the other hand, expressed their unwillingness to increase the price of NBC downloads. "We are disappointed to see NBC leave iTunes because we would not agree to their dramatic price increase," said Eddy Cue, Apple's vice president of iTunes, in a statement last month.

Apple, last month, accused NBC of demanding "more than double the wholesale price" for each of its TV episodes, which according to the computer maker would have increased the retail price of each download to $4.99, from the current $1.99 price.

However, NBC Universal, whose programming currently accounts for about 40% of all iTunes video downloads, argued over the way Apple characterized the situation.

"We never asked to double the wholesale price for our TV shows. In fact, our negotiations were centered on our request for flexibility in wholesale pricing, including the ability to package shows together in ways that could make our content even more attractive for consumers," Cory Shields, executive vice president of communications for NBC Universal, contended at the time.

NBC’s refusal to renew its agreement with iTunes to make its catalogue available over the store had come nearly two months after another media giant, the Universal Music Group, declined to renew its annual contract with the computer maker turned Internet jukebox powerhouse to sell music through its online iTunes Music Store.

Pages

Sunday, September 30, 2007

Almost lost in the hubbub over the latest iPhone firmware update and whether it would "brick" unlocked phones was the fact that Apple patched 10 vulnerabilities.

Almost lost in the hubbub over the latest iPhone firmware update and whether it would "brick" unlocked phones was the fact that Apple patched 10 vulnerabilities.

Projity releases a desktop version of the project management tool originally offered as a service.

Monday, September 24, 2007

Choosing A Proxy Script

Sunday, September 23, 2007