« January 2006 | Main | March 2006 »
Reality kicks in for Google's stock price
Investors who believed that Google had a magic wand that allowed it to turn web visitors into highly profitable money machines today were dealt a severe blow.
At the Internet Advertising, Information and Educations Conference that was hosted by Merrill Lynch in New York, Google CFO George Reyes explained that the company's past stellar growth was merely the result of a technical project that allowed the search engine to better serve online advertisements.
But more importantly, the company by now feels that is has done all the tweaking it can do to its advertising system. There is no way to sugar-coat this: future revenue increases for Google will be less stellar.
A full transcription of Reyes' remarks (webcast here - section is around 28:00 into the recording) on this topic:
"We went through a period of 18 months where we had a revenue force initiative, a team of very bright technical engineers that were trying to tweak and optimize the ad system in a very responsible way. That sort of paid off nicely with the fruits of that labour. What's happened since then is: we got so good at that, that really most of what is left is organic growth, which means you have to grow your traffic and you have to grow your monetization. We are, clearly our growth rates are slowing and you see that in each and every quarter and we're going to have to find other ways to monetize the business."
After reality sank in, investors dumped their Google shares, which lost about 7 per cent in the stock market today.
Didn't they learn from the dotcom bubble that no company or new economy can cheat the laws of economics?
Tags: google
February 28, 2006 at 11:01 PM | Permalink | Comments (0) | TrackBack
Live from Apple: iPod Hi-Fi
In addition to the new Mac Mini, Jobs also unveiled the new iPod Hi-Fi, a boombox for that allows users to plug their player right in the top. Jobs compared the device with end end appliances from Bose and Denon, but touted its $349 price as a major differentiator.
It can be powered either by batteries or through the build in power adapter.
\
Specs for the iPod Hi-Fi
Tags: apple, steve jobs, mac mini
February 28, 2006 at 06:43 PM | Permalink | Comments (2) | TrackBack
Live from Apple - the new Intel Mac Mini
Apple chief executive Steve Jobs has just unveiled his new Mac Mini powered by an Intel processor. A single core model goes for $499 and a dual core for $799. Available as of now.
The computers now also come with Frontrow and the application has been equiped with the option to share content across computers through the "bonjour" networking protocol (formerly called Rendezvous)
Jobs shows off performance of the new Intel Core Duo Mac Mini relative to the G5 processor.
The Mac Mini looks about the same as the previous models. Execpt that there is now an infrared receiver build into the front (the little black dot you see in the upper right corner of the unit).
The Mac Mini still is: bring you own keyboard, mouse and monitor: either from Apple...
...or from some other manufacturer, Jobs joked.
Tags: apple, steve jobs, mac mini
February 28, 2006 at 06:28 PM | Permalink | Comments (0) | TrackBack
The Woz disarms his "anti-Intel" claims
Apple co-founder Steve Wozniak (aka: the Woz) is fighting back against an interview that appeared in Toronoto Globe and Mail. In summary, he is denying his negative remarks about Apple's switch to Intel chips and his alleged call on Apple to split off the chipmaking division in an email that he sent to the themacintoshguy mailing list:
I was in New Zealand and am just now back home. I saw a couple of headlines that were way off base.
As for Microsoft's desire to be more like Apple (creative, not the Dark Empire), I have insights into that aspect. It's opinion but why be constantly negative, like saying that bad things from the past mean MS will always be a bad guy. I myself am not known for taking the enemy approach to anything.
As for "spinning off iPod" I heartily deny saying this. The reporter asked some such question and I laughed it off as ludicrous. Why would Apple spin off something so successful. Then the reporter suggested that it could be like a separate division. Well, organizationally, it must be so already and I acknowledged the question I was asked in that way. Then the reporter asked if it made sense to have the iPod division somewhere else and I gave a mixed response, a logical response. I likened it to HP divisions when I worked at HP. There is a nice environmental effect in separate divisions. But then I mentioned that the HP divisions were making very different product lines, whereas the strength of the iPod came from treating a music device as a 'satellite' to a computer, and the intertwining of iTunes and the iPod made this possible. I did NOT say that the iPod division should be spun off and I feel used in that regard.
As for Intel, I have consistently backed that decision. But virtually every issue ever is not black or white. In this case the only thing I've ever said slightly negative, myself, is that I'd hoped for a new low power silicon technology that would extend for future generations, a'la IBM's copper technology back a ways. I said that I had hoped for more than just a good design to keep as much of the chip inactive as possible. The reporter again pushed me to say I was negative on the transition. That's a laugh, as anyone who is close to me can tell you, but I did acknowledge that some might be against it because of our 'big enemy' stance and so much of our Macintosh history riding on being different than the masses. That statement must have been stretched into being one about my own thinking.
I'm extremely short of time, organizing things after a long trip (mostly email requests for my time) so if any of you can spread my comments around, all the better. The problem with thinking is that if you think out a 30 second explanation, it passes over the 5 second sound-byte crowd.
Tags: steve wozniak, apple
February 28, 2006 at 02:45 AM | Permalink | Comments (3) | TrackBack
Berkeley admits 7,000 students to 800 capacity class
In an email story from hell, the university of California in Berkeley has accidentally send out an email to all 7,000 students that registered for the school's law school. But the school can only accommodate 800 to 850 students a year.
It turns out that the school's director of admissions Edward Tom goofed up when he was training a new staff member, showing how to send an email to a large group of recipients as well as other features of the schools' mass email system. One thing lead to the other, and before he knew it, he had selected the acceptance letter.
“I’ve never had a glitch with that expert in six years of training new staff members,” Tom told Computerworld. “It takes a bumbling fool like me."
Berkeley's law school hides behind trees in shame.
Tags: UC Berkeley, email
February 28, 2006 at 12:47 AM | Permalink | Comments (0) | TrackBack
Security put Sun Grid on hold
Sun Microsystems has finally admitted that its retail Grid is a big failure.
In fact, the service hasn't even been launched, despite a ceremony last year in which Sun president Jonathan Schwartz flipped a symbolical switch to take the grid live.
The path to the grid's failure is paved with lies.
Last year in May the company's grid chief Aisling MacRunnels claimed that: "We had to reprioritise things because some very large banking customers needed capacity. We got way better response than we anticipated."
At least Schwartz himself technically wasn't lying when he told vnunet.com:
"What we have seen is a large number of CIOs who are now benchmarking their data centres and trying to figure out if they are spending more than a buck an hour. I see a huge amount of proofs of concepts where customers are looking at what they are paying for their own grid or what they are paying outsourcers."
At the time he just conveniently left out (if he knew) that those companies came to the conclusion that a grid failed to offer them the required level of security assurances. And that the US State Department raised a red flag, forcing Sun to instate a check to keep out customers from terrorist states.
The grid now again is "imminent", Schwartz claimed last Friday.
But somehow the server maker has lost its credibility in making those promises.
Vapourware image
Tags: sun microsystems, grid, jonathan schwartz
February 28, 2006 at 12:24 AM | Permalink | Comments (0) | TrackBack
Google's wallet takes shape
Google Base still is far more then an eBay competitor, but it is getting closer.
The search engine has quietly added a payment option to the Google Base beta.
Google Base at the moment isn't much, but could become a lot. You have to think big to see the potential of Google Base, and you have to be willing to speculate even more.
Now that we have those disclaimers out of the way: think of Google base as an open database holding all kinds of information, from store items to recipes. Add a truckload of meta information and you've got a poster child for the web 2.0 hype.
If Google succeeds to collect enough information, the search engine becomes the proprietor of the world's largest online database, and a platform for all kinds of mesh-up applications similar to the likes of Housingmaps.com.
While it's still all about the data, adding a payment service will allow Google to generate revenues off its Google Base service.
In the process the company gets to create a viable alternative to Ebay and Paypal, both of which in the past years have become complacent and started to display monopolistic behaviour with fee hikes that were to benefit corporate profits instead of reflecting the laws of supply and demand. Either way, the consumer wins.
Tags: ebay, google, google base
February 27, 2006 at 11:33 PM | Permalink | Comments (0) | TrackBack
Yahoo calls for an end to DRM
Yahoo Music's chief Dave Goldberg (photo below) has called upon the music industry to let go of digital rights management technology.
The proposal will be music to the ears of consumers. Digital rights management technology after all not only prevents illegal copying of music, it also blocks consumers from listening to the music everywhere and on any device.
iTunes music for instance won't play on your Creative media player, and Yahoo Music content doesn't play on an iPod.
The labels however fear that a lack of DRM will spark a boom in music piracy.
They fail to see however that even in today's DRM world, pirated music is easy to come by. Most consumers will still obediently pay for music because it’s the right thing to do.
I doubt though that any label will have the guts to give this a try.
Tags: digital entertainment, itunes, ipod, yahoo music, Dave Goldberg
February 24, 2006 at 09:24 PM | Permalink | Comments (0) | TrackBack
Computer security for geeks
Looking for a cheap way to protect laptop's hard drive in case of theft? Mac Geekery has a few simple but clever solutions.
Instruct the computer to periodically check a website for a secret codeword or file. If the file is there (or isn't), the computer will launch a self-destruct mode. It may not get you your computer back, but at least your data should be protected.
While the site's example is build for a Mac, there is nothing that should prevent this from working on a Windows machine.
Just make sure that your friends don't put the code-file on your server as a prank.
Selfdestruction
Photo: Papp-Kuster Ádám
Tags: laptop theft, security
February 24, 2006 at 09:05 PM | Permalink | Comments (0) | TrackBack
Google's employee pampering caught in pictures
It's no secret that Google will go to great lengths to allow its employees to focus on their work.
Time.com is now offering a photo essay on its website that shows life inside the Googleplex, as the company's campus is often called.
The best photo if you ask me is that of a life guard sitting next to a swim-in-place pool where a Google employee is swimming. The guy couldn't look more bored, and in the extreme demonstrates the gap between Silicon Valley's highly paid knowledge workers and the maintenance crews that allow them to maintain their Californian lifestyles.
Photo courtesey of Google
Tags: google, googleplex
February 24, 2006 at 08:46 PM | Permalink | Comments (3) | TrackBack
RIM might be right, but it could still be wrong
Blackberry maker Research in Motion later today may face what could be considered a final decision in the prolonged patent battle with NTP.
Meanwhile NTP's patents are being invalidated by the US Patent and Trademark Office, but oddly enough, the judge couldn't care less about that. He'll have to go with a 2002 jury trial that found that RIM infringed on NTP's patents. It's like getting fined for speeding when going 65 on a 70 mph highway because the officer claims that the speed limit was 55.
If RIM wants to do society a favour, it takes this case as far as it possibly can, allowing the patents to be invalidated and turn NTP into an empty shell. But business economics will probably force RIM to settle the case to lower its legal bills and allow the company to focus on innovation rather than legislation.
We didn't exactly need additional proof that the patent system is broken and outdated, that patents are awarded without any due process and as a result allow big patent filing companies (read: IBM, Microsoft, HP etc.) to prevent competitors from entering their core markets.
Patents were once created to protect innovators against copy-cats. But they have turned into a way for incumbents to tax innovation.
Update:
The judge today hasn't made a ruling. But he did indicate that he will stick to the jury's findings that patents are being violoated. If RIM wants to sit this one out, they'll have to wait for the USPTO procedure to finish. That can take years.
Tags: Blackberry, RIM, research in motion, NTP, patent
February 24, 2006 at 05:41 PM | Permalink | Comments (0) | TrackBack
Intel going to Vietnam? Not so fast, chipmaker says
Intel has warned that that plans to build a chip fab in Vietnam aren't a done deal yet.
News reports on Thursday mentioned that Intel has been awarded a license to build a $605m factory in the nation that the US has previously tried to bomb flat. But it now seems that local officials were a bit too eager in claiming victory. Spokespeople at Intel's headquarters in Silicon Valley pretty much said that there is nothing to say at this point.
"We are constantly looking at opportunities around the world, but at this point in time haven't made any announcements about new facilities," an Intel spokesperson told vnunet.com.
Interpret that how you want it. But it certainly isn't a confirmation that Intel is going to invest in Vietnam.
Tags: vietnam, intel, semicondutor fab
February 24, 2006 at 01:46 AM | Permalink | Comments (0) | TrackBack
Google gives us a personal homepage - screenshots
Google today launched its new Google Page Creator beta as well as a new personal home page hosting service.
Unfortunately, the company has already run out of test accounts for the beta service. But we begged and whined until Google granted us access.
Below you'll find some screen shots. Click on the image for a larger view. Since we used a personal account, we've blocked out the user name.
Welcome page after the user signed up.
First page you see inside the editor.
Plenty of templates to choose from
File... pardon: page manager
Insert a link
Google Page Editor even lets you leech pictures from other URLs, although the service points out that this is considered bad manners and in some cases constitutes copyright infringement.
When we were done playing around, this is what it looked like in a browser window.
Tags: google, google page creator, frontpage, google beta, google labs
February 23, 2006 at 06:54 PM | Permalink | Comments (1) | TrackBack
Kottke ends pro blogging experiment
Jason Kottke, number 21 on Technorati's list or most popular blogs, is quitting his venture.
In the past year he has persuaded individuals to donate $39,900 to allow him to blog full time. But the blogger has come to the conclusion that he is lacking the traffic to become a true, full time pro.
Actually his revenues look promising for a one-man venture, especially considering the fact that Kottke didn't offer any advertising (he feared the conflict of interest) and solicited funds for only three weeks.
Surely someone with a better business instinct will pick up where Kottke has left and prove that a regular blog can feed a family. And then I'm talking about a true blog, not the news websites that hide under the blogging banner such as Engadget or Gizmodo.
February 23, 2006 at 03:04 AM | Permalink | Comments (0) | TrackBack
Inside the life of a botnet operator
Call them botnet operators or hackers, but don't mistake them for people that you would meet in line at the super market's cash register.
The Washington Post has an extremely long but insightful profile of a hacker in which the 19-year old brags about installing adware on his botnet – and the $10,000 he makes each month by doing so.
One of the hacker's buddies brilliantly phrases their disconnect with human society:
"Dude, the best part is when you walk in, you hand them the coupon or whatever, they give you your [pizza], and you walk out," one of them enthuses. "Then, it's like, yes, I am . . . the coolest man alive."
Tags: botnet, hacker, adware, spyware
February 23, 2006 at 02:49 AM | Permalink | Comments (0) | TrackBack
VoIP noise could cripple enterprise call centres
Acoustic shock is wreaking havoc among call centre workers, and employers who have nickeled-and-dimed their way through the call centre investments risk having to pay for they cheapness.
In the UK alone, companies have paid over £10m ($17.7m) in out of court settlements. A single claim can run up to £20,000 ($34,500). Surely in the US lawyers will find a reason to add a few zeros to their claims.
Acoustic shock is a common phenomenon in telephone and VoIP lines. Purchase a decent headset and you're fine. But if you try to cut corners and buy some cheapo consumer device, and you risk temporary if not permanent hearing loss.
Lawyers, start your lawsuits!
Tags: acoustic shock
February 22, 2006 at 06:27 PM | Permalink | Comments (0) | TrackBack
Sophos messes up OS X anti-virus
In trying to create a cure, Sophos has in fact created one of the more devastating pests in OS X's history.
The anti-virus firm's virus fighting application for OS X wrongly detects the Inqtana-B virus in files for Microsoft Office 2004 and Adobe Acrobat Reader. Depending on the configuration, it will then isolate or delete those files. Several network administrators as a result have had to spent the last two days trying to restore systems while workers were locked out of the applications.
Sophos' website fails to mention the mistake, but the SANS Internet Storm Center provided the necessary information.
To make matters worse, Sophos messed up while fighting a worm that is designed in such a way that it can never propagate and hence won't infect a single system, because Inqtana-B is a proof of concept worm.
Coincidence has it that Sophos also was one of the first (if not the first) anti-virus firms to warn about the first Apple worm last week. No
wonder that critics are now flaming the firm for creating a security scare for its own (financial) benefit. Apparently security vendors too are struggling to cope with the emergence of the first OS X worms.
Picture borrowed from here
Tags: os x, worm, virus, sophos, apple, anti-virus
February 22, 2006 at 04:26 AM | Permalink | Comments (3) | TrackBack
Waiting for OS X spyware
Within one week, hackers have demonstrated three methods to compromise OS X's security in ways that were increasingly sophisticated.
The first OS X worm relied mostly on social engineering. To the extent that many argued that is was a Trojan rather than a virus.
The second one used a vulnerability that had been patched more than six months ago. So what's the real risk, Apple supporters countered? Never mind that most Windows worms rely on patched security flaws.
Today we have an unpatched vulnerability that compromises a system's security without any user interaction. Visiting a website or viewing an email will do enough to get infected.
So what will the excuse be this time? The fact that there is no exploit code found in the wild? Or the fact that the proof of concept code fails to demonstrate any self-spreading capabilities?
We merely have to wait for the spam, ID theft and adware guild to develop some decent spyware, adware or botnet software so they can monetize the OS X platform. If there's money to be made, criminals will exploit whatever operating system they can.
Tags: OS X, security, apple, malware, spam, botnet
February 21, 2006 at 11:01 PM | Permalink | Comments (0) | TrackBack
Lazy gamers make for rich economies
Lazy gamers make for rich economies Korea is struck by a new kind of identity theft, an it is all because of lazy gamers.
Online criminals are on a hunt for Korean personal identification numbers, similar to a social security numbers. This time they aren't intent on stealing personal credit card information, but merely want to set up accounts in massive multi player online role playing games (MMORPG) such as Lineage.
The accounts are used by Chinese gaming farms, where workers will sit all day performing dull tasks in these games that generate gaming money or items. These will then be auctioned off or sold on auction websites for real world money on websites such as IGE.com.
Short term this is a victimless crime. The Chinese gaming farms need the identification numbers to be able to set up the accounts, but pay for it themselves. Except that you don't want such information to be out in the open.
But I couldn't help but be amazed about the inventiveness of the gaming farm concept. As new online economies emerge, people will come up with way to make money there.
Lineage 2 worker bees fighting
Tags: online gaming, MMORPG, gaming, identity theft
February 21, 2006 at 07:54 PM | Permalink | Comments (3) | TrackBack
Holiday traffic jams go high tech
With Presidents Day on Monday, Silicon Valley is en masse travelling to the Lake Tahoe area for a skiing break. The 3.5 hour drive can become a true nightmare when the weather turns bad however.
But that's where internet comes in.
The California Transportation department has put up several internet connected cameras that allow travellers to see what conditions are like. And we're not talking about a stamp-sized webcam that refreshes every 5 minutes, but a 290k live stream. You can actually see the poor souls freezing their behinds of while they are putting on their snow chains.
If you like it a bit more old school, there are also the text based traffic advisories.
The 511.org service that gives estimated driving times for now only works for the Bay Area.
I'm telling, that internet thing is going to be big some day.
Live streaming traffic cam
Tags: lake tahoe, presidents day
February 18, 2006 at 12:55 AM | Permalink | Comments (0) | TrackBack
Copyright protection Mac-style
Illegal copies of Apple's OS X operating system are pretty easy to obtain and install. The application for one doesn't use any of the software activation and "genuine advantage" gimmicks that Microsoft is using.
Anything that can be protected using software, can be cracked using software. So instead the computer maker is resorting something more powerful: karma.
The OS X 10.4.4 version of the operating system for Intel systems has a poem embedded inside the software that will remain invisible for the average users but that hackers could run into:
"Your karma check for today:
There once was a user that whined
his existing OS was so blind
he'd do better to pirate
an OS that ran great
but found his hardware declined.
Please don't steal Mac OS!
Really, that's way uncool.
(C) Apple Computer, Inc."
Tags: apple, hacker, copyright protection, os x
February 17, 2006 at 11:32 PM | Permalink | Comments (1) | TrackBack
More OS X worms
A second worm has been spotted for Apple's OS X operating system.
Just like yesterday's specimen, the online pest is unlikely to cause much actual harm. In fact, F-Secure describes OSX/Inqtana.A as a proof of concept and notes that it will deactivate on 24 February 2006.
Leap-A may have beaten Inqtana.A in the race to become the first OS X worm, the new virus deserves credit for its increased level of sophistication. This one uses a (patched) vulnerability in the way the OS X handles Bluetooth communications, where yesterday's pest relied solely on social engineering.
The relative harmlessness of these worms seems to indicate that hackers have been engaged in a race to develop the first OS X worms for bragging rights rather than mischief. The theory is further supported by the timed release around the RSA Conference, the world's premier security event that wraps up today in San Jose.
Now also available in OS X's sleek UI
Tags: Apple, OS X, worm, OSX/Leap.A, security, RSA 2006, RSA conference, OSX/Inqtana.A
February 17, 2006 at 08:11 PM | Permalink | Comments (0) | TrackBack
Firewall the movie: fiction gone wild
What happens if you join an iPod mini and a fax's scanner and tape it to a server terminal's monitor? A sticky screen is probably some of the most exciting things that will happen.
But in the new movie Firewall, the story's hero uses this method to steal money from rich bank clients.
The script writers must have had a severe case of writers block when they came up with this trick, as it is ridiculous on so many levels that it would only work in one of those "not another teen movie" comedies.
Jon Skovron on the blog for security vendor WatchGuard rips the movie apart. Oh, and firewalls don't even play any part in the movie.
It could be due to a security overdose after hanging out at RSA Conference most of this week, but he seems to have a point.
Bad guys battling good guys.
Tags: Firewall, rsa 2006, RSA conference, security
February 17, 2006 at 03:15 AM | Permalink | Comments (0) | TrackBack
Smart soccer ball fails to make the world cup
The world's most popular sport has to go another World Cup without laser precision refereeing.
The upcoming football (soccer) tournament in Germany could have seen the debut of a ball equipped with an RFID tag. But the technology isn't ready yet, uber-ball-maker Adidas told IDGNews.
A RFID-equiped ball would make for better umpiring decisions because it could send a signal to the referee when it passes the goal line. Try again in 4 years.
Not up to par
Tags: RFID, soccer, football, world cup
February 16, 2006 at 11:52 PM | Permalink | Comments (1) | TrackBack
Digg – dugg - dugg
This blog has been dugg (?) before, but today the post about Google hacking got digged and visitor stats are through the roof. Far more people are reading this post than past diggs.
The logical conclusion is that Digg is attracting increasingly more visitors.
But as a precaution, I should also point out that posts on light subjects such as Google hacks (and the Yahoo maps pranks Google post) get more Diggs and attract more visitors.
Pageview stat pasted below. I can't publish the x and y axis for competitive reasons, but take it from me that total number by now is far, far over 10,000. The drop-off at the end is due to the uncompleted hour - the stat always drops to zero at the end.
Tags: digg
February 16, 2006 at 11:23 PM | Permalink | Comments (1) | TrackBack
A OS X myth is shattered to pieces
Mac users have proven that they are just as easy to fool as Windows users and other mortal human being.
Earlier this week a malware author posted the OSX/Leap.A worm on the MacRumors website, pretending to offer screenshots of the forthcoming OS X 10.5 Leopard operating system. Opening the file only resulted in users getting infected with a worm that would work its way to the iChat instant messaging application and send a file called "latestpics.tgz" to the user's buddies.
Behold: the first OS X worm.
The worm is clever enough to spread itself in a way that ensures a high infection rate. Mass email worms after all are less likely to infect OS X systems since most emails will end up on Windows machines.
The Mac faithful meanwhile are battling the facts with misinformation. It isn't a Worm but a Trojan, some argue. It requires non-adminstrator users to enter a password, others asses.
The first is pure fiction. The difference between a worm and a Trojan is self-propagation. In this case via iChat. Sure enough it is relying heavily on social engineering. But that's the case with most worms these days.
The second could be a valid point. Except that most users on a Mac are the administrator. There will be exceptions of course, when several people share a computer and have taken the effort of setting up separate user accounts.
While most users willl simply ignore the prompt, a small percentage is bound to fall for this trick - just like a small percentage (15-20 per every million in fact) typically falls for phishing emails.
The worm underscores what security experts have been saying for years, and that the Mac cool-aid addicts have been dismissing as evil propaganda: there is nothing about the OS X software that makes it immune to worm and virus attacks.
Now can we stop the debating and start working on a real solution?
Tags: Apple, OS X, worm, OSX/Leap.A, security, RSA 2006, RSA conference
February 16, 2006 at 05:31 PM | Permalink | Comments (16) | TrackBack
Symantec's harsh warning
If there were any fans of doom scenarios at Symantec CEO John Thompson's keynote at the RSA Conference here in San Jose, they had plenty to rejoice about.
The security CEO got to address the crowds at RSA Conference this morning following a rather uneventful speech by Verisign's chief executive who as his "one more thing" (copying Steve Jobs trademark keynote technique) gimmick announced that he will be supporting Microsoft's Infocards that Bill Gates spoke about yesterday. If that's the "one more thing", you know the rest of the presentation was hardly any more interesting.
But back to Thompson. He sent a strong warning to the "business leaders" of the world that consumers are starting to lose their patience with the state of online insecurity.
The continuing barrage of online attacks is eroding the online trust. So in addition to stopping the actual attacks, there is a task to win back that trust, Thompson said.
While he spent most of his time underscoring the ever sliding scale on which online security is measured, he did have a few suggestions.
Search engines for instance should add user ratings, allowing the public to grade websites for their trustworthiness. This way a user can easily distinguish a fraudulent website from a genuine e-commerce store.
Google is already doing this in its Google's price comparison beta Froogle by the way, but it wouldn't hurt to print those ratings in the regular results as well.
John Thompson
Tags: symantec, john thompson, rsa 2006, RSA conference, security
February 16, 2006 at 02:55 AM | Permalink | Comments (0) | TrackBack
Cisco's John Chambers beats his security drum
Security will move to the network, pardon me, will be plastered all over the network, according to Cisco CEO John Chambers. He has been saying that for a while now, but this year at his keynote at RSA Conference came up with the perfect analogy: a network should be like the human body: different devices working together to further the stability and well being of the overall network.
It's hardly a misconception anymore that security stops at the perimeter. And as the world's leading router and switch manufacturer, Cisco is certainly in a good position to use its hold on the network to stop badware.
But that very dominance is also cause for concern. You don't want to create a single point of failure – even Cisco routers have occasional security bugs. I'm not saying that we shouldn't trust Cisco, but we also should rely on the router vendor too much.
Tags: Cisco, John chambers, rsa 2006, RSA conference, security
February 16, 2006 at 02:43 AM | Permalink | Comments (0) | TrackBack
Things you don't want Google to find
"Hacking Google" isn't exactly new. That is, using the search engine to look for confidential information. But as McAfee's senior vice president for Risk Management George Kurtz demonstrated today at RSA conference, that didn't prevent users and organisations to post those goodies online for anyone to find.
"You almost get bored finding all these password files. It used to be fun in the old days when you found a password file. Now you just go to Google and find thousands of them," Kurtz said.
The ultimate online resource for Google hacking btw is this website. (update: due to high traffic, the site is currently (2/16/2006 11:52AM Pacific Time) down. Make sure you check it out at a later stage)
Here are some samples taken from the RSA conference presentation:
A search for Payrol.xls turned up a nice overview of employees and their hourly wages.
not very advanced, but still rather effective: "not for distribution" and "confidential"
So you removed that file with the password, but did you think about Google cache?
Yes, that's the management interface for a Netgear router that was found using Google. It still had the default login and password settings. What more do you want?
Search for sites with "Remote desktop web connection" in the title, and you'll find... remote desktops that you can take over. If the user sees you taking over, simply say that you're the system administrator working to bolster the user's security. Kurtz did that once during a security audit and it worked well.
Death records with a social security number. search for: ssn 111111111..999999999 death records
and more social security numbers, these were used by a university to identify their students. It's illegal to use social security numbers for that, but this school apparently didn't care.
Technically not a Google hack, but the robots.txt file will tell you which directories the website operator doesn't want you to see. Therefore it should be worth a look. This one is for the site of the whitehouse.gov
George Kurtz
Tags: rsa 2006, RSA conference, security, mcafee
February 15, 2006 at 02:36 AM | Permalink | Comments (39) | TrackBack
Have some fun with Sun's Scott McNealy at RSA Conference
If Bill Gates stuck around after his keynote at RSA conference here today, he should have listened to Sun Microsystems' chief executive Scott McNealy, and learn a thing or two about delivering a keynote that keeps your audience from dozing off.
In addition to offering more content (items to listen to), McNealy also plasters his presentations with witty remarks:
- "If we turned on a Wintel space heater tomorrow, there would be no polar ice cap." Reference to the heath produced by servers powered by Intel processors, as well as an attempt to sell his new T1 processors."
- "It's a little Al Gorish to say we created open source software, but we did." (former presidential candidate once claimed that he invented the internet. He meant to say he helped create legislation that allowed the internet to grow)
- "A really effective virus can knock out every desktop. Small pocks will only kill 40 per cent of us." Plea for genetic diversity on the desktop: breaking Microsoft's desktop domination.
- "The cost of viruses is higher than the revenue generated by the company that sells the Petri dishes." McNealy didn't say which company he referred to, but its rather obvious which enterprise's software he would consider a breeding ground for a monster.
In Bill's defense, he succeeded to insert exactly one joke into his presentation, telling the audience that he was glad that he passed on another invitation that he had for today: going on a hunting trip with Bill Gates.
But McNealy outbid him even there, saying that the Microsoft chairman failed to mention McNealy's invitation to go on a hunting trip with him.
McNealy
McNealy with Java creator James Gossling.
These photos on your website or blog?
These photos are available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com
Tags: Microsoft, bill gates ,rsa 2006, RSA conference, security, sun microsystems, scott McNealy, James Gossling, cheney, dick cheney
February 14, 2006 at 11:18 PM | Permalink | Comments (0) | TrackBack
Great security and worthless usability
The RSA security show is, as the name implies, organised by security vendor RSA. The vendor might not be the biggest player in the security market, but it happens to be one of the first. And today the company is still dominating its segment with the security access tokens.
RSA naturally wants to show off great security. So the wireless network at the show here is bolted down in all kinds of ways, using acronyms that make the average computer geek blush.
It also shows that security and ease of use are at still direct opposites.
Delegates trying to set up the network receive a 6 page manual. And even after entering the settings exactly as instructed, I couldn't get things working.
So one minor suggestion for the security industry: don't create security that is impossible to use. Users will just switch it off entirely and go online unprotected. At least, that's how I got this posting online...
Tags: RSA conference, rsa 2006, silicon valley
February 14, 2006 at 08:33 PM | Permalink | Comments (0) | TrackBack
Bill Gates does his security dance
Microsoft chairman Bill Gates kicked of the RSA Conference in San Jose this morning. Staying on message following his presentation at CES in January, the chief software architect talked a lot and said very little.
In one snippet of news, the chief software architect did announce that Internet Explorer 7 will be supporting Infocard, a new authentication technology that promises improved ease of use and bolted down security. The company even demonstrated the technology.
But other than that, there was a lot of chest pounding about Microsoft's great security initiatives, and very little about the continuous onslaught of viruses, worms and spyware that is threatening to cripple the only world.
--
Update:
Just spoke with Microsoft security marketing manager Debby Fry Wilson.
"We got strong feedback that people wanted to hear where we would be going in the future," she explained. "This year intentionally it's more about driving for a picture of where the world could be and set aspirations for the industry."
I guess I just missed the part in Gates' keynote where he gave us a compelling vision of the future.
InfoCard screenshot: this one is for a loyalty programme at a car rental agency and only discloses the minimum information.
These photos on your website or blog?
These photos are available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com
Tags: Microsoft, bill gates ,rsa 2006, RSA conference, security
February 14, 2006 at 08:29 PM | Permalink | Comments (0) | TrackBack
RSA conference hits Silicon Valley
RSA conference is known for its big starts. The event certainly stands out in a year's conference tour, picking a theme around cryptography and sticking to it. This 15th edition has an Indian theme centred around ancient Vedic mathematics, and a mathematical Sage named Aryabhatta.
It just gives the event some added spice, and allows for a decent opening.
The conference this year is back in San Jose after three years in San Francisco. Surely San Jose must be thrilled with the hotel tax revenues, as its outdated conference centre has very much fallen out of grace.
Opening @ RSA
This photo on your website or blog?
This photo is available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com
Tags: RSA conference, rsa 2006, silicon valley
February 14, 2006 at 08:27 PM | Permalink | Comments (0) | TrackBack
Open source gives Microsoft some facts of its own
The Open Source Development Labs has picked up the gauntlet that Microsoft has been slapping all over its face. Today the organisation published a research study that presents several "facts" about the cost of Linux relative to Microsoft servers.
The study is a loud and clear response to Microsoft's "Get the facts" campaigns, where the software developer commissions studies comparing Microsoft servers head to head with Linux competitors.
It doesn't take a long stretch of imagination to understand that he who pays for the study by definition is proven right.
And so both Microsoft and OSDL are right. Linux, no Microsoft, no Linux is cheaper to manage. Cheaper to patch. Cheaper to run.
Users still won't know what they're up for. But if you're in one of the two camps, you can claim victory. Because everybody is a winner in the world of commissioned studies.
The same goes for kids' baseball, basketball and football (soccer) matches. Except that there some day you'll have to confront them with reality. In software, the fact twisting can go on forever.
Tags: OSDL, get the facts, Linux, windows, microsoft
February 14, 2006 at 03:20 AM | Permalink | Comments (1) | TrackBack
Demo and the power of not
The Demo conference is a great idea, I figured that one time that I went to one of the events where start-up companies get to plug their products before an audience of press, analysts and venture capital investors.
But it turned out to be a disappointing experience. Most launches were boring, irrelevant or me-too products. Nothing to write home about, let alone publish.
Start-ups pay a hefty $18,500 for the opportunity to plug their products on stage for a few minutes. If you think of it, that could be cheaper than hiring a PR firm and organizing a media tour. But that's provided you have something interesting to tell in the first place.
This week the start-up fest landed in Arizona again, and Techdirt does a pretty good job at describing why the event isn't as great its reputation would like us to believe.
Good to know that we didn't miss anything. Again.
Demo 2006
Photo: Rob Lee
February 11, 2006 at 02:45 AM | Permalink | Comments (2) | TrackBack
Would you read this story if I paid you?
Yahoo is polling some of its mail users to find out if they would use its search technology more often if they are financially rewarded. The poll mentioned discounts on premium services such as Yahoo Music or Yahoo Personals; infinite storage space for Yahoo Mail or 250 frequent flier miles per month.
Amazon's A9 has been doing something similar by offering discounts on store items to A9 users. Market share statistics prove that the programme has been largely unsuccessful.
Loyalty programs work in markets that are commoditized and where the reward is considered sufficient.
Airlines are the obvious example. Service is similar across airlines, making it important for airlines to differentiate. Frequent fliers mostly travel for business, making the cost of their fares of secondary interest. The rewards furthermore are large. Frequent travellers receive free perks that are highly valued, including priority on waiting lists, free travel and upgrades.
Search too is a commodity. Yet none of the Yahoo offered incentives would entice me to start using its search engine more often. I guess that the reward just isn't big enough.
All loyalty comes at a price
Tags: loyalty program, yahoo, google
February 11, 2006 at 02:06 AM | Permalink | Comments (0) | TrackBack
iTunes media squeeze
The Songbird open source media player is a noble attempt at commoditizing an application that is key to the home media revolution. Having an open media player that is adjustable and can be used for any platform or application is an obvious win for consumers. And by supporting digital rights management (DRM), it should even have the RIAA jumping up and down in excitement.
But it's too late for anyone who has bought into the iPod vision.
Their iTunes media purchases don't play in the Songbird player, and they won't for any time soon. Apple refuses to make the underlying Fair Play DRM technology available to any outside developers, as they fear that the code will leak out. At least, that's the official party line.
Practically, the DRM monopoly on the iPod also allows Apple to hold a firm grip on the digital media market. Napster or Yahoo Music content won't play on the iPod. Consumers want the iPod because it's hot, but that also ties them to the iTunes music store for their digital music purchases.
The iPod is all about vendor lock-in, and that strategy has worked brilliantly well for Apple.
But will it work long term?
Apple might have a strong position in the market for digital music downloads. But the video segment is still up for grabs. There Intel Viiv with its Windows Media DRM has a much richer media library. And contrary to Apple, Microsoft will license its DRM to anyone who is willing to pay the (nominal) license fee.
You can say all you want about Microsoft's past and present wrongs, but in the media market Microsoft represents consumer choice. How long will it take before consumers realize that the iPod's hipness comes at a price?
Songbird interface
Tags: itunes, apple, yahoo music, ipod, windows media, drm, songbird
February 10, 2006 at 08:17 PM | Permalink | Comments (1) | TrackBack
Fun facts in Vonage's IPO filing
The forms filed for Initial public offerings (IPOs) are overwhelmingly boring, but they usually hide some fun facts.
Yesterday Vonage filed its Form S-1, aiming for an IPO that brings in up to $250m.
Let's start off with some minor details about the CEO's benefits pacakge, but nonetheless details that make you wonder why those terms aren't in your contract:
The newly appointed chief executive officer Michael Snyder is entitled to two times his annual $500,000 base pay salary a prorated annual bonus for the year of termination. Provided of course that " we terminate Mr. Synder's employment without cause or he resigns with good reason" (bold font added by me).
The chief technology officer meanwhile gets no more than one year base salary and a prorated bonus.
Founder Jeffrey Citron later this month is set to give up the position of CEO to Snyder. He had negotiated a far more plush executive benefit package, entitling him to three years of his $400,000 base salary and three times his bonus ($540,000 over 2005) if he would be fired our quit voluntarily. And he had negotiated that he gets to fly first class whenever he is travelling for business, a provision that is set to continue when he becomes chief strategy officer later this month.
In the first nine months of 2005 the company furthermore spent $200,000 on business travel with New World Aviation, a company that he and his wife own (so far for the concept of the lean and mean start-up company).
There are some additional dark facts in the Form S-1. Citron earlier worked for Datek, a stock broker. In 2002 and 2003 he settled with the SEC, after he and several of his business associates were fined a record $70m for securities fraud and Citron ended up paying $22.5m. Citron as a result is banned from any involvement with stock brokers.
There is also a case where National Association of Securities Dealers fined Citron $20,000 and he received a 20 day suspension from Datek.
"There is a risk that some third parties will not do business with us, that some prospective investors will not purchase our securities or that some customers may be wary of signing up for service with us as a result of allegations against Mr. Citron and his past SEC and NASD settlements," the company notes.
You bet-ya.
Jeffrey Citron
Tags: vonage, white collar criminal, Jeffrey Citron, securities fraud
February 10, 2006 at 02:12 AM | Permalink | Comments (2) | TrackBack
Overspending contributed to Siebel's downfall
Judging by Siebel System's corporate head quarters, the company had little to fear from Oracle or any of its other competitors. But as it now turned out, keeping up that image with shiny marble caused a level of overspending that must have contributed to its downfall.
"Siebel had an extremely high cost basis," noted Oracle co-president Safra Catz in a conference call with investors today, where the company also announced 2,000 lay-offs. The big culprit were the Siebel facilities. Siebel was only half the size of Peoplesoft, but spend about three times as much on its facilities, Catz said.
Siebel systems was headquartered in San Mateo, in the hearth of Silicon Valley, two high-way exists north of Oracle's Redwood Shores headquarters. Peoplesoft had its headquarters in Pleasanton further to the east, in an eara where real estate rates are much lower than in the Valley.
Siebel also owned corporate jet planes, Catz said. Oracle doesn't. But then, Oracle chief Larry Ellison owns his own Gulfstream V airplane, a luxury that Siebel's chief executives apparently couldn't afford.
Very shiny, but too expensive
Siebel, oracle, overspending, acquisition
February 10, 2006 at 01:51 AM | Permalink | Comments (2) | TrackBack
A dark Apple security scenario
It's no longer a question if there are security vulnerabilities in Apple's OS X, the real question is how nasty it will get once people start exploiting them, a <