Peer-To-Peer News - The Week In Review - July 21st, '07 - P2P-Zone

JackSpratts · 18-07-07, 10:15 AM

Since 2002

"If in fact the book is posted online or the ending is revealed prior to midnight on Friday, it will not result in us selling a single less copy of the book." – Steve Riggio

"The trio are not worried about 'spoilers,' who are people who spoil the ending of the book by shouting it to people waiting in line to buy it. Spoilers learn how the book ends by reading snippets on the Internet. Whole copies of the book have been pirated and reprinted on the Web. To avoid spoilers, people wear earplugs or listen to music while waiting in line." – Mark Langlois

"A customer told the [bookstore] owner, Christine Onorati, that the last time she went to a “Harry Potter” party, a 6-year-old flipped to the end of “Harry Potter and the Half-Blood Prince” and screamed, 'Snape xxxxxx Dumbledore!' So Ms. Onorati decided to hold an adults-only party." – Motoko Rich

"We cannot tolerate the situation when only 10 percent of the Kalashnikovs are manufactured legally. We cannot stand for this. We must fight." – Sergey V. Lavrov

"Don’t follow your mentors, follow your mentors’ mentors." – David Leach

July 21st, 2007

High finance

RIAA Settles for 300 Bucks
NewYorkCountryLawyer

In a North Carolina case, Capitol v. Frye, the RIAA has accepted a $300 offer of judgment made by the defendant. This is the first known use, in the RIAA v. Consumer cases, of the formal offer of judgment procedure which provides that if the plaintiff doesn't accept the offer, and doesn't later get a judgment for a larger amount, the plaintiff is responsible for all of the court costs from that point on in the case. The accepted judgment in the Frye case also contains an injunction — much more limited than the RIAA's typical 'settlement' injunction — under which defendant agreed not to infringe plaintiffs' copyrights.
http://yro.slashdot.org/yro/07/07/15/2125234.shtml

The details

RIAA Spends Thousands to Obtain $300 Judgment
Eric Bangeman

What's the cost of file-sharing? For Terri Frye of Hickory, NC, it was $300. That's the amount she'll have to pay the RIAA after agreeing to a judgment in a file-sharing case. Frye is a single mother living in state-supported housing who received one of the RIAA's settlement letters in November 2005. Wanting to defend her innocence, she immediately contacted a lawyer. "She did a good thing, finding a lawyer as soon as she found out [the RIAA] was pursuing her," Joey Long, one of her attorneys, told Ars Technica. "It's what every person should do when they receive a settlement letter."

Despite contacting Frye in late 2005, the RIAA did not actually file suit until March of this year. In the intervening period, Frye repeatedly informed the RIAA that they had the wrong person. Even if she was guilty of infringement, another of Frye's attorneys, Matthew K. Rodgers, told the labels that she couldn't afford to pay damages of up to $750 per song due to her financial situation.

The correspondence between the RIAA's legal counsel and Frye's between the time of the settlement letter and the filing of the lawsuit paints a picture of the RIAA's unwillingness to budge at all from its position that Frye was either directly or indirectly responsible for infringement, despite her protestations to the contrary. It also showed a troubling lack of communication within the RIAA. According to a filing by Frye, the RIAA agreed to give her until May 16 to file an answer to their complaint. Then, on May 4, the plaintiffs informed Long that they were going to file for a default judgment, saying that the agreed-to extension was "not in the file."

As early as December 2005, Frye offered to work with the labels "to avoid any liability and will agree to any reasonable condition that would avoid the payment of any penalties." The following month, she was informed that the RIAA would not "release" her from the claims of infringement, and even if she offered the RIAA an affidavit identifying the person she believed responsible for the infringement, the record labels would not agree to drop their claims against her without having the affidavit in hand.

After months of back-and-forth between the RIAA and Frye, the RIAA filed suit in March of this year. This came despite Frye's assertions that she had told the owner of the PC associated with the account about the RIAA's inquiries and that the owner subsequently deleted all the incriminating evidence.

"The RIAA wanted us to reveal who actually committed the infringement," said Long. But absent any assurances that she would not be held liable for infringement herself, she was unwilling to divulge the information herself.

The end result is that the RIAA likely spent thousands of dollars to obtain a $300 judgment. And although Frye agrees to be enjoined against future copyright infringement, she does not admit to any wrongdoing. We asked Long if Frye was going to work with the record labels to identify the person actually responsible for the infringement now that the case has been closed and a judgment entered. "I can't disclose any of the information about that," Long told Ars. "It's between us and them."

The RIAA's prelitigation settlement letters say that defendants are liable for costs of $750 per song. MediaSentry flagged 706 songs on the computer that became the basis for the lawsuit, and at $750 per song, that works out to a total of $529,500. The RIAA settled for a minuscule fraction of that number, one curiously close to the 70¢-per-track figure a record industry attorney said is close to the labels' share of each track sold. File-sharing defendants have argued that the $750-per-track damages sought by the RIAA are excessive, and here we have them accepting a judgment for about 40¢ per track. The RIAA appears willing to extract even a miniscule settlement from a single mother on federal assistance who was willing to help them discover the true identity of the alleged infringer rather than walk away emptyhanded.
http://arstechnica.com/news.ars/post...-judgment.html

Losing streak

RIAA v. Santangelo Default Judgment Vacated
NewYorkCountryLawyer

It was reported last week that at the July 13th status conference in Elektra v. Santangelo II, the default judgment taken by the RIAA against Patti Santangelo's daughter, Michelle, was vacated by Judge Stephen C. Robinson. This has now been confirmed in papers filed by the RIAA's lawyers in which they indicated that the Judge vacated the default judgment because he prefers cases to be decided on their merits, rather than by default. The papers sought $513 in attorneys fees for (a) procuring the default judgment and (b) preparing judgment enforcement documents.

Patti Santangelo is the first RIAA defendant known to have moved to dismiss the RIAA complaint. After two years of litigation, the RIAA dropped its case against Patti Santangelo, leaving open only the question of whether the RIAA will be ordered to pay her attorneys fees.
http://yro.slashdot.org/yro/07/07/19/189249.shtml

Judge Awards $68,685.23 in Attorneys Fees Against RIAA in Capitol v. Foster
Ray Beckerman

In Capitol v. Foster, in Oklahoma, the Court has order the RIAA to pay the defendant Debbie Foster $68,685.23 in attorneys rees and costs.

This is the first attorneys fee award, of which we are aware, against the RIAA.

Ms. Foster was represented by Marilyn Barringer-Thomson of Oklahoma City, Oklahoma.
http://recordingindustryvspeople.blo...neys-fees.html

Music Industry Countersued

Soldier: Record labels violated his privacy, abused copyright law
Andrew Eder

Music-industry litigation tactics against suspected online music pirates face a challenge in Tennessee, with an Army sergeant arguing that record labels have engaged in a “conspiracy” to defraud courts and violate privacy rights.

The claims come in response to a lawsuit against Nicholas Paternoster of Clarksville, Tenn., 33, soldier at nearby Fort Campbell, who is accused of infringing copyrights by using the peer-to-peer file-sharing program Kazaa to distribute songs online.

The lawsuit was one of seven filed across the state in March by the record labels in a litigation campaign coordinated by the industry’s Washington-based trade group, the Recording Industry Association of America.

The RIAA has targeted hundreds of college students with lawsuits — including dozens at the University of Tennessee — in a well-publicized push to curb illegal downloading, which the industry says has crippled record sales.

At the same time, the RIAA has continued to go after users of commercial Internet service providers, like the seven people sued in Tennessee. Since September 2003, when the litigation campaign was launched, recording industry attorneys have pressed more than 21,000 instances of legal action nationwide, according to the RIAA.

Of the seven Tennessee cases filed in March, court records show that only Paternoster has challenged the recording industry’s charges. His Nashville attorneys filed a response to the record labels’ lawsuit last week.

In the response, Paternoster denies the allegations of copyright infringement and responds with a counterclaim charging that the record labels are abusing copyright law.

The labels, “ostensibly competitors in the recording industry, are a cartel acting together in violation of the antitrust laws and public policy,” allege Paternoster’s attorneys from the Nashville law firm Beam & Rogers.

The countersuit points out that although the recording industry singled out only six songs whose copyrights were infringed, the complaint includes screenshots of more than 4,600 files from Paternoster’s personal computer, including hundreds of apparently pornographic pictures and movies.

According to another document filed in the case, Paternoster was unaware that the Kazaa software was installed on his computer. While on a tour of duty in Germany from 2004 to 2005, the document says, another soldier downloaded the software and set up a Kazaa account under Paternoster’s name.

Last summer Paternoster discovered the software and “thousands of files downloaded on his computer by the soldiers he housed,” and he uninstalled the software and deleted the files, according to the document.

Kazaa and other file-sharing networks often make a computer’s files available for download by other network users, which allows the RIAA’s investigators to document instances of copyright infringement. The file-sharing option can be disabled, but many users never realize they are making their files available.

By including the full list of Paternoster’s files in the public record, the record labels invaded his privacy and are trying to “shame” him into accepting their demands, his attorneys argue.

“Such actions by the Counter-Defendants are a blatant misuse of their right to investigate potential copyright infringement and violate public policy,” the countersuit reads.

The attorneys list a host of other common complaints about recording industry tactics, including targeting dead, disabled and unknowledgeable people with lawsuits; relying on Internet Protocol addresses to identify defendants; making “extortionate threats” and seeking “exorbitant settlement amounts” through the RIAA; and invading defendants’ privacy by pursuing “John Doe” lawsuits and subpoenas without the individual’s knowledge.

Attorneys for the record labels from the Nashville law firm Bowen Riley Warnock & Jacobson would not comment on the case, referring questions to the RIAA.

“We try to be fair and reasonable in resolving these cases,” said RIAA spokeswoman Cara Duckworth. “Our aim is not to be in court, but to seek appropriate retribution for the damage done to the industry.”

Of the other six recent lawsuits in Tennessee, three have been dismissed, one has been settled for more than $9,000, and the record labels are seeking default judgments for $7,500 and $4,500 against two other defendants who did not respond to summonses.

Duckworth said the majority of dismissed cases are the result of settlements, although she would not discuss individual cases.

One defendant whose lawsuit was dismissed, Jerrel Lovett of Columbia, Tenn., said Tuesday that he paid a settlement, although he wouldn’t say how much. Another lawsuit target, Melissa Corbett of Memphis, could not be reached for comment.

The third defendant whose lawsuit was dismissed is Debbie Brackins of Sevierville. Reached Tuesday, Brackins would not say whether she paid a settlement.

“It’s done and it’s over, and I don’t ever want to discuss it again,” she said.
http://www.knoxnews.com/news/2007/ju...y-countersued/

University of Kansas Adopts One-Strike Policy for Copyright Infringement
Eric Bangeman

In response to the RIAA and MPAA's campaign against file-sharing, the University of Kansas has announced a stringent policy for students found sharing copyrighted content on the university network. Students fingered for file-sharing would be kicked off of the residence hall network, although they would still be able to use campus computer labs.

A brief notice on the University of Kansas ResNet site explains the university's new position very succinctly. "If you are caught downloading copyrighted material, you will lose your ResNet privileges forever," reads the notice. "No second notices, no excuses, no refunds. One violation and your ResNet internet access is gone for as long as you reside on campus." Presumably, the University is referring to illegally downloaded copyrighted material, as there is plenty of copyrighted material that can be downloaded legally.

Formerly, KU had a three strikes policy, but the new policy is one of the most stringent we have seen. Other schools have tightened their policies on copyright infringement since Big Content ratcheted up its fight against on-campus file-sharing. For one, Stanford University has made file-sharing a potentially very expensive proposition with its reconnection fees. First-time offenders will have to pay a $100 reconnection fee, with subsequent offenses assessed reconnection fees of $500 and $1,000. Along with the $1,000 fee, students will be referred to Judicial Affairs for disciplinary action after a third offense.

Ohio University has taken a different approach to file-sharing, choosing to ban all P2P traffic from its network. Although it has had the effect of shutting down some of the file-sharing that occurs on its campus network, it has also had the effect of pushing some of the P2P traffic to darknets.

A KU spokesperson told the Lawrence Journal-World that the increased number of takedown notices has led to the new policy. The school received 345 complaints in 2005, up from 141 the year before. "It's serious business. Students need to take notice," KU spokesman Todd Cohen told the Journal-World. Cohen also noted that the school had received 23 prelitigation settlement letters from the RIAA on the same day the new policy was announced.

Another factor in KU's move may be recent rumblings from Congress. In May, Rep. Lamar Smith (R-TX) of the House Judiciary Committee issued an ominous warning to schools, telling them that they need to do something about piracy or Congress would be forced to act. "We want to know exactly what they plan to do to stop illegal downloading on their campuses," said Smith. "Universities have a moral and legal obligation to ensure students do not use campus computers for illegal downloading."

The end result may be an expensive technological arms race between schools and technologically-savvy students. KU's new policy is likely to have the desired effect of discouraging most casual P2P users while driving towards darknets.
http://arstechnica.com/news.ars/post...ringement.html

Top EU Court Official Says ISPs Shouldn't Have to ID Alleged Infringers
Eliot Van Buskirk

Here in the US, the RIAA can issue a John Doe subpoena to any ISP demanding to know which of its subscribers was using a given IP address to share copyrighted music at a certain time. Although the RIAA has tried to circumvent this system, it forms a cornerstone of the organization's legal strategy against those it suspects of infringement.

Labels and their legal representatives could have a harder time employing a similar strategy across the pond. An advocate general for the European Court of Justice has issued an opinion stating that ISPs targeted by civil copyright cases in the European Union should not have to identify allegedly-infringing subscribers when pressured to do so by label representatives.

The Spanish version of the RIAA -- Promusicae -- had sued the Telefonica ISP, demanding that it release the identities of allegedly infringing subscribers, but Telefonica refused, claiming that it could only turn over such information as part of a criminal prosecution.

This could be a big hurdle for the record industry P2P litigation strategy in Europe, but we won't know until later this year. According to MarketWatch,

"The adviser's opinion will be reviewed by the court's panel of judges before a final ruling sometime later this year. The judges follow their advisers' opinions about 80% of the time."
http://blog.wired.com/music/2007/07/...-court-of.html

Copyfraud
Jason Mazzone

Brooklyn Law School

Brooklyn Law School, Legal Studies Paper No. 40
New York University Law Review, Vol. 81, p. 1026, 2006

Abstract:
Copyfraud is everywhere. False copyright notices appear on modern reprints of Shakespeare's plays, Beethoven's piano scores, greeting card versions of Monet's Water Lilies, and even the U.S. Constitution. Archives claim blanket copyright in everything in their collections. Vendors of microfilmed versions of historical newspapers assert copyright ownership. These false copyright claims, which are often accompanied by threatened litigation for reproducing a work without the owner's permission, result in users seeking licenses and paying fees to reproduce works that are free for everyone to use.

Copyright law itself creates strong incentives for copyfraud. The Copyright Act provides for no civil penalty for falsely claiming ownership of public domain materials. There is also no remedy under the Act for individuals who wrongly refrain from legal copying or who make payment for permission to copy something they are in fact entitled to use for free. While falsely claiming copyright is technically a criminal offense under the Act, prosecutions are extremely rare. These circumstances have produced fraud on an untold scale, with millions of works in the public domain deemed copyrighted, and countless dollars paid out every year in licensing fees to make copies that could be made for free. Copyfraud stifles valid forms of reproduction and undermines free speech.

Congress should amend the Copyright Act to allow private parties to bring civil causes of action for false copyright claims. Courts should extend the availability of the copyright misuse defense to prevent copyright owners from enforcing an otherwise valid copyright if they have engaged in past copyfraud. In addition, Congress should further protect the public domain by creating a national registry listing public domain works and a symbol to designate those works. Failing a congressional response, there may exist remedies under state law and through the efforts of private parties to achieve these ends.
http://papers.ssrn.com/sol3/papers.c...#PaperDownload

Copyright vs Community in the Age of Computer Networks

Copyright developed in the age of the printing press, and was designed to fit with the system of centralized copying imposed by the printing press. But the copyright system does not fit well with computer networks, and only draconian punishments can enforce it.

The global corporations that profit from copyright are lobbying for draconian punishments, and to increase their copyright powers, while suppressing public access to technology. But if we seriously hope to serve the only legitimate purpose of copyright -- to promote progress, for the benefit of the public -- then we must make changes in the other direction.

This talk by Richard M. Stallman is broken into two parts: the main talk and the question and answer sessions following the talk. Both are available in only OGG/Theora format in keeping with Stallman's wishes. They are available under the Creative Commons NoDerivs 1.0
http://www.csclub.uwaterloo.ca/media...0Networks.html

“iTorrent”: A BitTorrent Client for your iPhone?
Ben Jones

The possibility of file sharing whilst walking down the street is closer than you might think. Carrying a BitTorrent client in your pocket is getting closer, with the release of new high-powered communication tools, such as the much publicized Apple iPhone.

It would almost seem as if TorrentFreak is the only technologically based news site to have not carried some sort of piece about the iPhone, in one form or another. In order to correct this deficit, we wondered ‘would it be possible to torrent on one? After all, what can be more iconic than using something (potentially) dubbed iTorrent?

The technical specifications of the device certainly make it possible. It has more than enough cpu power for it, assuming a nice, tightly coded client was written. The built in WiFi (802.11b/g) and use of the EDGE 2.75G wireless network data transfer system allows a fairly widespread availability of reception.

According to one of the developers of the ‘iPhone-binutil‘ project, going by the name ‘geohot’, the only obstacle stopping it from making an application like “iTorrent” happening is their current lack of coding ability for the iPhone. The file system is open, and media players already exist, if for nothing else than playing media from iTunes.

On of the downsides it that, for many, the 3.4Gb free on a brand new phone (or 7.4Gb, if you went for the bigger one) may not be enough to hold much data, but it all depends on what you torrent. Bigger problems are that the battery will last only in the region of 6-8 hours at best (according to Apple’s figures) which isn’t the greatest. Additionally, many users have reported the wifi connections being on the slow side as far as data transfers go. Using EDGE is a lot slower, about 30k/sec max.

Of course, the benefits are that you can carry it around with you, and you have the wide range of content available, with the benefits of torrent file’s typical pricing (free). Of course, time will tell. Meanwhile, the lack of MMS on the iPhone has been a small thorn in the side of many owners. However, there is help at hand in the form of a workaround. More details here.
http://torrentfreak.com/itorrent-a-b...r-your-iphone/

ZipTorrent Pollutes and Slows Down Popular Torrents
Ernesto

BitTorrent users are facing a new enemy. A BitTorrent client named ZipTorrent, allegedly created by our friends from the anti-piracy organization Media Defender, leeches bandwith and spreads useless data chunks.

The goal of ZipTorrent is to slow down popular downloads as much as possible. They use hundreds of these clients at the same time and this can potentially bring the average download speed down to zero. Even more so, it is not unlikely that it will record your IP-address in the process so they can send you a copyright infringement notice on top of it.

On the Media Defender website we read:

“Decoying and Spoofing are the most commonly known techniques that we employ. We send blank files and data noise that look exactly like a real response to an initiated search requests for a particular title.”

According to ubisuck over at the mininova forums, Media Defender is doing just this with ZipTorrent. Apparently the fake client is a mod of the popular BitTorrent client Azureus which can be configured to send fake data.

Here’s a full screenshot of the ZipTorrent configuration screen. As you will see, there are some dubious settings like “fake upload ratio mode”, “no upload” and “safe fake download”.

It is not hard to check whether you are connected to these fake clients. In the peers list of your BitTorrent client they will show up as “ZipTorrent” and most of the time you will be connected to a bunch of them all originating from similar IP addresses with either 0% or 100% of the file completed.

However, there are blocklists to stop these malicious clients from connecting to your BitTorrent client. Pasted below is a list of the known IP-ranges ZipTorrent is on. The ranges were identified by The Pirate Bay team and are posted in several forums. You might want to add these to the blocklist of your BitTorrent client or PeerGuardian.

There’s one problem though, Media Defender will probably move to new IPs if they read this, a never ending story.
http://torrentfreak.com/ziptorrent-p...ular-torrents/

eEsel come eEsel go

German eDonkey Servers Shut Down

FILE-SHARING service eDonkey suffered a body blow last Friday as German music industry lawyers won a fight in the battle to to shut down the 'Donkey servers.

The District Court in Hamburg has made a temporary injunction to the operator of an eDonkey server. Heise reports that the computer must be taken offline for "as long as the range of music files offered for download via the server contains illegal files."

While the server itself did not host any illegal files - being a P2P service after all - the server operator was snagged for having "willingly and in a causal fashion assisted in the illegal disturbance."

"We shall in future take legal action against any operator of a P2P network srver who makes tracks available ilegally," warned International Federation of the Phonographic Industry (IFPI) director Peter Zombik. He went on to say that it's "sad to see the inherently beneficial P2P network technology still being used to violate copyright on a massive scale."

Stefan Michalk of the IFPI told Heise that, after the move, it's up to the ISPs to lend a helping hand.
http://www.theinquirer.net/default.aspx?article=41056

Driveway Allows File Sharing up to 500MB Per File
pelf

If you’ve had problems sending very large files via the Internet, you may want to read more about Driveway. Driveway is a FREE online file sharing service and any system that is Internet-accessible and has a browser can be used for this purpose. There is NO NEED to register for an account, and you may start using Driveway right away.

To upload and download files:

1. Select the files you wish to upload or download.
2. Provide your e-mail ID (optional) if you’d like to receive the “Download” and “Delete” links by email. If you do not enter your email ID, you will not be able to download or delete the file.
3. Depending upon your purpose of usage, click on “Send Files for Read” or “Send Files for Edit” option. If you had not entered your email ID, only the file read or file edit link would appear on the confirmation page. You can save these links for downloading the files anytime in future.

The next-best-thing is that you can upload multiple files with a maximum size limit of 500 MB per file! So with Driveway, you don’t have to split that PowerPoint presentation into a few smaller files, which was what I used to do back when the highest thumbdrive capacity was 128MB!

And if you’re done with the file and would like to delete it from the system or whatever, just enter your email ID when you uploaded the files and you will receive an email with links to download or delete the file. Click on the “Delete” link of the particular file and it will be deleted from the Driveway System immediately.

Please note that files are kept in the Driveway System for up to 90 days from the last date of access to the file. So if you don’t want your files to be scattered in the Internet, you might want to remember removing them after you’re done
http://chenpn.com/2007/07/18/drivewa...00mb-per-file/

Net Radio "Compromise" Hinged on DRM Adoption
Ken Fisher

As we reported Friday, the looming royalty crunch on Internet radio that would have begun today (July 15) was narrowly averted last week by a temporary reprieve from SoundExchange. Now it appears that a lasting compromise is indeed possible, but such a compromise will likely mean mandatory DRM (Digital Rights Management) for Internet radio.

The original decision by the Copyright Royalty Board would have tripled royalties over the next three years: an increase which many webcasters said would straight-up put them out of business. Political positioning or not, SoundExchange didn't want July 15 to be a date that lived on in infamy, so they offered a temporary reprieve and laid out the terms for a new compromise. We have to agree with Rep. Jay Inslee (D-WA), who warned that a July 15th cut-off could have made the situation rather unfavorable for SoundExchange. "Whatever congressmen and women have heard to date, you're going to hear five to ten times as much after July 15 [if net radio stations go dark]," Inslee told a hearing of the House of Representatives Subcommittee on Small Business.

That catastrophe has been averted, and SoundExchange looks ready to deal. Yet it appears that the CRB-backed royalty increase and the increased per-station fees may be leveraged to accomplish something else the music industry would really like to see: Internet radio locked down in DRM.

After news of the temporary compromise broke, SoundExchange eventually distributed a press release that characterized its compromise offer. It speaks for itself (emphasis added):

"SoundExchange has offered to cap the $500 per channel minimum fee at $50,000 per year for webcasters who agree to provide more detailed reporting of the music that they play and work to stop users from engaging in 'streamripping'—turning Internet radio performances into a digital music library," reads the statement.

A source at a major MP3-based Internet radio station who did not want to be named told Ars Technica that this is not the first time that SoundExchange has expressed interest in seeing streaming media locked down with DRM, but this is the first time it has been laid down on the table as absolutely necessary to any compromise that would deviate from the royalty agreement already approved by the Copyright Board.

The source also tells me that DRM is the only plausible "tool" at the disposal of webcasters to accomplish SoundExchange's goal of working to stop music "streamripping." It would appear that the more things change, the more they stay the same. The music industry is very worried about users recording Internet radio for the purposes of "disaggregating" music, and the message seems to be that if webcasters will scratch the industry's back, then a better deal is possible. Too bad it's a deal that could kill another potential avenue of fair use (recording radio), and limit users' ability to enjoy radio by limiting playback to clients that support DRM.
http://arstechnica.com/news.ars/post...-adoption.html

Digital Freedom Campaign Responds to Latest RIAA Attempts to Hold Internet Radio Hostage
Press Release

RIAA Admits 'Stream-ripping' Is Not a Problem

The Digital Freedom Campaign today responded to a statement made by Recording Industry Association of America Senior Vice President of Government Relations, Mitch Glazier in a recent edition of Technology Daily, noting that "stream-ripping," an unrelated issue to the current Internet radio royalty rate debates, was not necessarily a problem.

Mr. Glazier, addressing the logic behind a sudden effort by the recording industry to require webcasters to adopt anti-'stream-ripping' technology was asked whether stream-ripping was even a problem, stated, "why wait until it is a big problem to start addressing it? There are available technologies in the marketplace to address this issue." The 'stream-ripping' issue is not relevant to the Internet royalty rate decision by the Copyright Royalty Board in March, and was not mentioned in the CRB ruling.

"The music industry's top lobbyist is calling for the implementation of a burdensome, costly, and completely unnecessary technology by webcasters who play and promote the artists the RIAA claims to represent. He then admits that the issue is "not a big problem," said Jennifer Stoltz, a spokesperson for the Digital Freedom Campaign. "For the RIAA to try to impose unrealistic and wholly unnecessary technical mandates on an innovative and vibrant industry as part of larger, unrelated negotiations process is baffling.

"The specific issue at hand is not commercial piracy, but rather fair use of legally recorded music for personal use, which is perfectly legal," Stoltz continued. "Requiring webcasters to implement mandatory digital rights management technologies to prevent any personal recording of Internet radio streams is an imposition on both webcasters and consumers. It is a costly solution without even a hint of a problem. There is no evidence whatsoever that stream-ripping or commercial piracy from Internet radio is an issue, and the RIAA and SoundExchange should proceed with the ongoing negotiations with webcasters without demanding provisions that would further harm and inconvenience Internet radio listeners."

The Digital Freedom Campaign supports the fair compensation of artists for their work, but also believes the imposition of unsustainable fees on internet broadcasters will hurt innovators, music fans, and independent and non- mainstream musicians. The moratorium on the imposition of new fees on Internet broadcasters while negotiations toward a resolution are underway is positive for the industry as a whole. That said, the DFC is extremely concerned by reports that, as part of the "compromise," SoundExchange has demanded that all internet radio stations implement mandatory digital rights management technologies. No evidence has been produced to justify this extraordinary imposition on consumers, and is unfortunate that as the record industry is moving away from DRM that frustrates digital music buyers, SoundExchange is attempting to foist new DRM mandates on digital radio listeners.

The Digital Freedom Campaign fights for consumer rights in a digital age that enables literally anyone and everyone to be a creator, an innovator or an artist -- to produce music, to create cutting-edge videos and photos, and to share their creative work. Digital technology empowers individuals to enjoy these new works when, where, and how they want, and to participate in the artistic process. These are basic freedoms that must be protected and nurtured. The Digital Freedom campaign is dedicated to defending the rights of students, artists, innovators, and consumers to create and make lawful use of new technologies and lawfully acquired content free of unreasonable government restrictions and without fear of costly and abusive lawsuits.

For more information about the Digital Freedom campaign, please visit us at http://www.digitalfreedom.org/.
http://sev.prnewswire.com/radio/2007...9072007-1.html

FMC Files Complaint Over Clear Channel Practices
FMQB

Last month, the Future of Music Coalition (FMC) accused Clear Channel of forcing musicians to give up their digital copyrights in order to get the airplay that is required under the payola consent decree. Now the FMC has formally filed a complaint with the FCC over the matter.

In the FMC's filing, the organization is asking that the FCC rule that artists who waive their digital rights in exchange for airplay are actually sponsoring broadcasts, and rules relating to sponsorship should apply to those artists. The FMC notes that it has filed the complaint to "resolve any possible uncertainty as to the applicability of the commission's sponsorship-identification rules to certain broadcast programming carried by Clear Channel Communications Inc."

"This is naked and transparent pay-for-play," said FMC policy director Michael Bracy. "The fact that Clear Channel would ask artists to give up a valuable royalty as a condition of even having their song considered for airplay questions their commitment to stamping out payola. The fact that the move comes as part of the payola settlement is unbelievable. Clear Channel has responded to allegations of payola with payola."

Last week, Senator Russ Feingold (D-WI) sent an open letter to the heads of CBS Radio, Citadel, Clear Channel and Entercom, questioning their commitment to ending payola in radio. The letter was prompted by the FMC's accusations against CC.
http://fmqb.com/Article.asp?id=440611

Disney Music Label Offers New CD Format
Yinka Adegoke

Walt Disney Co. music label Hollywood Records is offering a new CD format with extra features to encourage compact-disc purchases in a bid to reverse declining CD sales.

Hollywood Records on Wednesday unveiled its new CDVU+ (CD View Plus) format with digital magazine extras, song lyrics, band photos and other extras to boost fan loyalty.

The new format also replaces the traditional CD booklet and plastic jewel case with recyclable packaging.

Teen punk band Jonas Brothers will be the first act to use the technology when they release their self-titled album on August 7.

Music companies have been seeking new ways to give buyers more value from recorded music sales in hopes of turning around declining sales trends of regular CDs.

U.S. CD sales were down nearly 20 percent in the first half of 2007 as more young buyers digitally download music and piracy runs rampant.

Disney executives hope to hold the interest of fans by offering content similar to the extras on movie DVDs and convince them that pure music products still offer good value.

Recorded music is also competing with video games and other forms of entertainment for a share of consumers' disposable income.

The content on a CDVU+ can be downloaded and accessed online and off. The label said the extra content had been produced for the new format rather than using the band's outtakes or widely available material, such as existing music videos.

"We really believe if you're going to give consumers what they want, we should do it in a way they're used to," said Ken Bunt, Hollywood Records' senior vice president of marketing.

Hollywood Records is a label within Disney Music Group, which last year had the two biggest selling CDs in the U.S., the High School Musical soundtrack and country singer Rascal Flatts' "Me And My Gang."

Other acts include Hilary Duff and Hannah Montana/Miley Cyrus. Bunt said the company is already making plans to release albums from Duff and two other big selling acts -- The Cheetah Girls and Atreyu -- on CDVU+.
http://www.reuters.com/article/techn...21191420070718

Record Labels Try to Bottle up Leaks

Music executives say prerelease album exposure hurts sales, and they're cracking down on a key source of the piracy: the media.
Eric Benderoff

Prince's newest album, "Planet Earth," won't hit stores until July 24, but it's possible to buy it now on eBay -- and that's not unusual.

Prerelease "leaks" of promotional albums now are commonly found at file-sharing Web sites or on eBay months before an official release date, and once out, can gain massive distribution within hours through downloads on peer-to-peer online music networks.

Last year, high-profile releases by such groups as The Strokes, The Flaming Lips and The Red Hot Chili Peppers were available illegally online weeks before their launch.

More recently, Jack White of The White Stripes gave a Chicago radio station a tongue-lashing this summer for playing his new album, "Icky Thump," three weeks before its release date. The album showed up on various file-sharing sites later that day.

Record companies say such leaks damage sales, and they're cracking down on a key source of prerelease piracy: the media.

Labels are beefing up security by using new encryption and digital watermarking technologies on promotional copies, making it possible to track down the source of unauthorized copies. They also are turning to services such as Web Sheriff or MediaDefender, which aggressively surf the Web for leaked digital copies of music, movies and other copyright-protected content.

When content is found, these companies seek to take it down, or in the case of MediaDefender, flood the Web with bogus or "spoof" MP3 files that have the same name as the music but are empty. On the peer-to-peer networks notorious for pirated copies of music, fans who want a given recording may have to sift through countless bogus files before finding the real thing.

"We create a 'needle-in-the-haystack' for people who want the music," said Randy Saaf, MediaDefender's chief executive. "When the stuff gets out there, it's our theory that you can't put the toothpaste back into the tube."

The new tactics are part of the battle to stop sliding music sales. Album sales -- including digital and physical copies -- have fallen 15 percent so far in 2007, according to statistics released earlier this month from Nielsen Soundscan. That is on top of a 13 percent slide in CD shipments in 2006, according to the Recording Industry Association of America, continuing a trend that saw CD shipments fall in five of the last six years.

Ironically, record labels are finding the promotional cycle they've long used to build buzz for a new release can backfire in the Internet age. Thousands of copies are sent to reviewers, record stations and others close to the music business months in advance of the release date to get fans interested in the music and stoke demand. But illegal album copies often are leaked well before official release dates, putting a dent in sales and, at times, forcing labels to push up an album's launch.

For music, "every major release can be found on the Internet typically two to four months before the label intends to release an album," said John Giacobbi, managing director and founder of Web Sheriff Ltd. "It can get out of hand very quickly and cut sales in half."

"For any release that is expected to sell over 8,000 copies, we'll usually find a CD for sale [on eBay] before the release date," said Nan Warshaw, a co-owner of Chicago's Bloodshot Records. "Most likely they are from media reviewers."

Sometimes, the artist speaks up.

On May 30, three weeks before the June 19 release of the White Stripes' "Icky Thump" album, Chicago radio station WKQX-FM 101.1, known as Q101, played the entire album on the air without approvals from the band's label, Warner Bros. Records, or the band.

"That was the original leak of the album," Giacobbi said. "Word got around of this pretty quickly and then everyone started to rip the stream."

Some listeners who heard the broadcast started making copies, one of which made it to the Swedish peer-to-peer Web site The Pirate Bay, where fans could download the "Q101 radio rip" of "Icky Thump."

The quality was poor, but lead singer Jack White was so irate at the radio leak that he called from a tour in Spain "looking specifically for me, to yell at me for leaking the album," wrote Electra, the Q101 disc jockey who played the album during her show, on her blog.

When White called, her show was off the air so she took the call with two other deejays. The conversation happened off the air.

"We tried to explain where we were coming from -- someone gave us a copy of a record that we were really excited to play, and the whole experience was an hourlong lovefest for him and his band -- but he wasn't having it," Electra wrote. "He hung up, very, very angry and I thought I was going to cry."

The leaked copy came from someone associated with the record, said Marv Nyren, the regional vice president and general manager in Chicago for Emmis Communications, which owns the stations. The person with the album told the station that a few songs already were being played in Europe.

"We told the label we had a copy of the album," Nyren said, "and that we would like to play it once." The label said they didn't really want the station to play the album, but we "don't think we'll send you a cease-and-desist order" if you do, Nyren said.
So the station was under the impression that it would be OK if it played the album, just once.

"Radio stations have been doing this for 50 years. We get music in advance and we play it," he said. "Many labels say they'll send it to us because they want us to play the [music]. We never, ever try to hurt an artist. It doesn't do me any good to have Jack White mad at us."

Warner Bros. could not be reached for comment.

Although many people on the Web speculated that the episode was a stunt to promote the album, it was not, and the station apologized to White and the record label.

Bloodshot's Warshaw understands why White was angry.

"It was not supposed to happen," she said. "It was something beyond his control."

That is the main reason why labels want to slow the prerelease piracy, because it takes control out of their hands.

"After the release date, it's about educating fans," she said. "By stealing a CD [getting it from a friend or on a peer-to-peer network], it's taking money out of the band's hands.

"But prerelease, it's about leaking material. You can try to control it," she said.

One way Bloodshot is trying to control the problem is by limiting the number of tracks reviewers receive of certain recordings. Instead of sending the entire album, the label will distribute two MP3s to reviewers. Other reviewers still receive a CD, but if they are found to be selling prerelease discs at sites such as eBay, Bloodshot removes them from its lists.

Giacobbi, with Web Sheriff, says many CDs sent to reviewers can be traced. Some recordings could have a special watermark; others, a certain digital code.

"We terminate dozens of auctions on eBay every day," he said of his 20-person team that constantly monitors the Internet for violations. "And then we try to get information on the seller and go after them."

Web Sheriff works with dozens of labels in the U.S. and the United Kingdom.

For a digital leak, it can track which Internet service provider was used for sending music files to a peer-to-peer network. It sends a note to the ISP, which then can then notify the computer user they are engaging in illegal activity.

Each computer's Web connection has a unique Internet protocol address.

"The ISPs usually always cooperate," Giacobbi said.

But Saaf, whose MediaDefender floods the Web with bogus files, said the take-down approach only goes so far.

"You really can't take it down once it's out there. It can spread quickly," he said. "So we try to put up some speed bumps to slow it down."
http://www.chicagotribune.com/busine...i-business-hed

You Can Play the Record, but Don't Touch
Nell Boyce

At the Library of Congress, in a small, white room with bright red carpet, physicist Carl Haber sits down to play a record from 1930. It's a recording of Gilbert and Sullivan's "Iolanthe." But here's the strange thing: This record is broken.

"It looks like somebody just got hungry and took a bite out of it," says Haber. He has positioned the record on a turntable and fitted the broken piece back into place, like it's a jigsaw puzzle. "If we spun this thing fast, the piece would come flying off, you know, and maybe hit somebody," he says.

But this turntable doesn't spin like a normal record player. And there's no needle hovering over the record. Instead, there's a camera linked to a computer. It snaps detailed images of the groove cut into the disc, and uses the images to reconstruct the sound without ever touching the record.

Haber got the idea for this setup a few years ago, when he was driving to work and listening to NPR. He heard a report on how historic audio recordings can be so fragile that they risk being damaged if someone plays them by dragging a needle over their surfaces. It made Haber wonder if he could get the sound off old recordings without touching their delicate surfaces. He worked with a colleague, Vitaliy Fadeyev, and they managed to reconstruct sound on a 1950 recording of "Goodnight, Irene" performed by the Weavers.

This was just a proof of principle. They have now developed their hands-off technique to the point that it's being tested at the Library of Congress to see whether it's good enough to someday scan the library's vast archive of sound recordings.

One thing they've learned: A broken record is no problem. Haber clicks a mouse and the camera takes pictures of the groove on "Iolanthe."

"And by taking these pictures, it essentially just unwinds the record into a big long stripe," Haber explains.

The picture appears on Haber's computer screen. It looks like a black and white photo of a tire tread.

"Here's the break," he says, pointing to a line. "You can see, there's a little piece of dust, little scratch marks on it." The computer ignores all these flaws as it translates the images into sound.

It used to take Haber hours and hours to re-create short sound clips. Now his improved system, which he calls IRENE, can scan a record quickly enough to make it roughly comparable to a trained technician playing an old record in real-time.

IRENE was installed at the Library of Congress late last year. The library has millions of old audio recordings, and many are in poor condition or use obsolete formats. Peter Alyea, a digital conservation specialist at the library, says that to play old records, you often need trained technicians who can do things like choose the proper needle out of dozens of options. But if IRENE lives up to its potential, Alyea says, anyone could make a digital copy of an old record.

"They don't have to worry about any of the technical aspects," he says. "They simply can stick a disc on it and get some sound out of it."

Alyea says it's like a photocopy machine for sound. "It brings the possibility of automation much closer to reality for these kinds of materials."

And given that he has thousands and thousands of records that he would like to digitize and make widely available, the prospect of automation is hugely attractive. Audio recordings could be scanned in the same way that some libraries are now scanning all of their books into a digital format. But Alyea needs to know: Exactly how good is IRENE at making digital copies?

So he and Haber are putting IRENE through its paces. One test involves a disc etched with simple tones to see how well IRENE can read some old-fashioned discs coated with lacquer. The library has thousands of these one-of-a-kind records. The format is obsolete.

But luckily, Haber says, audio engineer George Horn still makes them at Fantasy Studios in California. Horn cut some discs with well-defined tones. Haber says, IRENE can reproduce the tones amazingly well.

"The machine is not adding its own color. It's not adding anything of its own nature," he says.

Haber says IRENE does take some things away. He plays one record from 1953, a Les Paul and Mary Ford recording of the song "Johnny Is the Boy for Me." This record has a bad skip in it that's very apparent on a regular record player. But IRENE skips over the skip like it's not there.

Haber plays an IRENE reconstruction of another record, a very worn shellac disc with a song called "Hemlock Blues," performed in the 1950s by David Lee Johnson. It's owned by a collector who says it's too damaged to play it with a regular needle. But IRENE scanned it and got some decent sound.

IRENE isn't perfect. It removes pops and clicks, but it sometimes has a hissing noise in the background. Still, the Library of Congress finds all this encouraging enough that it has started testing the system on hundreds of discs, what Alyea describes as a kind of simulation of what a mass digitization project would be like.

When taking flat photographs, it can create a three-dimensional image of the groove on a record, or on an old wax cylinder. Haber been working with the University of California's Phoebe Hearst Museum of Anthropology, to reconstruct sound from field recordings, like one wax cylinder made around 1911 that features a Native American called Ishi.

Haber says it's amazing to hear these voices from the past. "There's this whole human and cultural component to what we're looking at," says Haber, whose main job is studying subatomic particles at Lawrence Berkeley National Laboratory in California. "That makes it wonderful."
http://www.npr.org/templates/story/s...oryId=11851842

Limiting Ads of Junk Food to Children
Brooks Barnes

Trix are no longer for kids — at least not on children’s television shows. But Cocoa Puffs are another matter.

Trying to persuade critics the industry does not need government regulation, 11 big food companies, including McDonald’s, Campbell Soup and PepsiCo, have agreed to stop advertising to children under 12 products that do not meet certain nutritional standards. Some of the companies, like Coca-Cola, have already withdrawn all such commercials or are in the process of doing so. Others, like General Mills, said they would withdraw them over the next year or so, while a handful agreed to expand their self-imposed bans to radio, print and Internet advertising.

Still, the agreements will probably amount to a ripple rather than a sea change in terms of what foods children see pitched on their favorite television shows and Web sites. For example, while General Mills will no longer be advertising Trix to the 12-and-under crowd, it will continue to peddle Cocoa Puffs, which have one less gram of sugar per serving. And it will be able to continue advertising Trix on television shows and other media that are considered to cater to “families” rather than just children.

That qualifier amounts to a major loophole, given the media-watching habits of children. An episode of Nickelodon’s “SpongeBob SquarePants,” for instance, is viewed by an average audience of 876,000 children age 6 to 11, according to Nielsen Media Research, and falls in the category of shows that are off-limits to ads for junk food. But “American Idol” from Fox, which qualifies as a family show, attracts 2.1 million children in the age group.

The companies have also agreed for the first time to open their marketing plans to the Council of Better Business Bureaus and its Children’s Advertising Review Unit, which will review them and report publicly on the findings. This scrutiny and the pledges to self-regulate, which will be announced at a Federal Trade Commission event today, are an attempt to show corporate responsiveness to growing concerns about childhood obesity.

“We are hopeful that people will look at this and say that the community has done a substantial, enormous amount of work,” said Dan Jaffe, executive vice president of the Association of National Advertisers.

Advertisers spend some $900 million annually on television tailored to children under 12, according to industry estimates. Together, the companies involved represent two-thirds of the total children’s advertising market, according to the Better Business Bureau. Cadbury Adams, Coca-Cola, Hershey, Kellogg, Kraft, Mars and Unilever are the other participating companies.

The nutritional parameters vary by company, but are all based on the 2005 United States Dietary Guidelines developed by the Department of Agriculture and the Department of Health and Human Services.

A pat on the back from critics is unlikely. The pledges, which were made under the threat of regulatory intervention and, in some cases, the threat of lawsuits, fall short of the demands from child advocacy groups. Most critics have been pushing for uniform guidelines for marketers to follow and for oversight from a body with the authority to enforce them.

“This is great public relations for the companies, but it doesn’t go nearly far enough,” said Susan Linn, co-founder of the Boston-based group Campaign for a Commercial-Free Childhood. “It is going to be impossible to monitor if the companies are actually doing what they say.”

To some degree, the pledges appeared to be an effort by the food companies to get out in front of a forthcoming government study on childhood obesity. Senators Sam Brownback and Tom Harkin announced July 5 that they would postpone a report from a task force they formed with the Federal Communications Commission in lieu of the companies’ plans to announce concessions today. At the time, Senator Brownback said, “The extension will allow for a more thorough examination of new initiatives.”

The financial impact of the pledges on television networks like Nickelodeon, ABC Family and Cartoon Network will depend on how well the food companies can tweak their products. Many of the companies are not automatically withdrawing their products from the airwaves; rather, they are trying to reformulate the foods to meet nutritional guidelines. If they cannot do so to their satisfaction, they say they will replace ads for so-called junk foods with spots for healthier alternatives.

Cadbury Adams, the maker of Bubblicious chewing gum, says it will either withdraw advertisements of the brand from certain media or will direct half of its current Bubblicious budget to the promotion of healthier eating habits. The company declined to specify how much it spends promoting Bubblicious each year, but said that a healthier habit might be choosing a smaller portion of gum.

MTV Networks, which owns Nickelodeon and other channels popular with younger viewers, expects the agreements to have minimal impact on its bottom line. “Many products sold by these companies haven’t been on our air for years,” said Jim Perry, executive vice president for ad sales at Nickelodeon and MTV Networks Kids and Family Group. Marva Smalls, executive vice president for Nickelodeon public affairs, added, “We have been on the road pressing for this.”

Similarly, some of the participating companies said that their ad budgets would not be altered in any meaningful way; PepsiCo, which makes Pepsi Cola and Frito-Lay snack foods, said that its children’s advertising budget represents only 1 percent of its overall ad budget. Starting Jan. 1, PepsiCo will advertise to children only products that meet the criteria set out in its 2004 “Smart Spot” nutritional program.

Under PepsiCo’s pledge, only two products can be marketed to children under 12, according to Lynn Markley, vice president for health and wellness. They are Baked Cheetos, which have 50 percent less fat than regular Cheetos, and Gatorade. In the case of Gatorade, the company says the brand will sponsor ads that give tips to children on participating in sports. The product itself will not be pictured.

PepsiCo’s commitment will also translate to a diminished role for Cap’n Crunch, the familiar mascot of the cereal made by the company’s Quaker Oats division. Ms. Markley said that the Cap’n will remain on cereal boxes but that as of Jan. 1, 2008, he will not appear in any television, print, Internet or other advertising to children under 12. This will mean an end to his interactive arcade-style game for children at www.capncrunch.com.

Other companies agreed in their pledges to limit their use of licensed characters like SpongeBob or Scooby-Doo.

Deborah Platt Majoras, the chairman of the Federal Trade Commission, called the various pledges “a significant step” and urged more food makers to join the effort. “While changes in food marketing alone will not solve the nation’s childhood obesity problem, these actions will help make a healthy choice the easy choice,” she said in a statement.

Efforts to curtail junk food advertisements started escalating about three years ago, as evidence of the problem of child obesity started mounting. Food companies, concluding that the issue would not go away and fearing the kind of government scrutiny given to tobacco companies, started trying to police themselves.

Kraft was an early leader. In January 2005, the company said it would stop advertising products like Oreos, Chips Ahoy and most Oscar Mayer Lunchables on programs aimed at children ages 6 to 11. Other companies followed, including Kellogg, which said last month that it would stop marketing foods that have more than 12 grams of sugar per serving to children. These include such childhood favorites as Froot Loops, Apple Jacks and Pop-Tarts.

General Mills said it looked to Kellogg to establish its own nutritional standards. “We saw that public interest groups praised that level, and we decided to line up together on that,” said Christina L. Shea, senior vice president for external relations.

Ms. Shea said that some brands, like Cocoa Puffs, already complied with the standard of 12 grams of sugar or less per serving. Trix cereal, however, has 13 grams. Ms. Shea said the company would reformulate the cereal no later than the end of 2008, or not advertise the brand to children after that point.

Elizabeth Olson contributed reporting.
http://www.nytimes.com/2007/07/18/business/18food.html

Clip and Save Just Got Easier

Online coupon company gives shoppers the world without turning over their personal information
Sandra Guy

Coupon clippers have a new high-tech option to get their bargain fix with startup Zimini.

The company offers coupons in a desktop application so shoppers can remain anonymous. Shoppers cite their preferences without giving their name, address, telephone number or e-mail address.

Zimini highlights the locations of participating retailers on a map, and offers a choice of 200 demographic characteristics of customers to send coupons, promotions and other offers. The software launched on June 7.

Zimini charges merchants $49.95 per coupon or promotion. Participation is free to individual and business consumers.

"Consumers don't have to worry about spam solicitations, because they never provide an e-mail address," said Robert Carlton, CEO, president and founder.

Carlton came up with the idea for Zimini and the coupon software three years ago when peer-to-peer technology was the rage. Though peer-to-peer was the inspiration, the software takes the form of a downloadable software application.

"People find it easy and convenient to download music and movies for free," said the 41-year-old Carlton, who spent 18 years working in marketing and communications for Ford Motor Co., GTE, Intel and McDonald's. "I thought, 'How can we use the same peer-to-peer technology to provide a service and keep users' identities safe and private?'"

Shoppers who use Zimini's software build a profile of their coupon preferences. They can also choose a ZIP code for home, work, vacation or business travel from which to receive special offers.

They receive the offers on their desktop, not by e-mail. Zimini automatically zaps outdated offers.

Zimini's technology prevents users from forwarding the coupons and promotions.

For merchants, Zimini manages customer data, includes an automatic legal disclaimer on each promotion, and offers a Print-Once technology that allows only one copy to be printed from a desktop.

The company uses its geographic information system-based technology to recommend the geographic area that will best respond to a promotion.

"People will not drive very far for a pizza or a burger," Carlton said. "But they'll go much farther to see a sports game or their favorite entertainer."

Roberto Scolaro, owner of EspressoTiamo.com, a Waltham, Mass.-based online coffee and tea business, started using Zimini's software to offer customers a 20 percent "summer sale" discount prior to their online checkout. Scolaro has no bricks-and-mortar stores.

Scolaro liked the idea of Zimini pinpointing potential customers, and appreciated the attention he receives from a startup.

"You're not wasting money throwing thousands of e-mails at just anybody," he said.

Zimini was one of 60 startups out of 400 applicants chosen to show off its technology at the DEMO.com conference, an emerging technology conference that features technologies it believes show the most promise.

Lisa Bradner, a Chicago-based senior analyst at Forrester Research, said Zimini has a compelling case for bargain hunters, but needs to strengthen its business case for retailers.

"It's appealing to consumers because their participation won't result in their getting 10,000 e-mails from other companies," she said. "But retailers are not getting data on who is redeeming the coupons or on other coupons the customer is receiving."

Zimini faces competition from giants such as Coupons.com and AOL Shortcuts, which is set to launch its online coupon business this fall, and, to a lesser extent, the former Cool Savings, a Chicago-based money-losing online coupon site that morphed into Q Interactive, a profitable online lead-generation site for the likes of Walt Disney, Wal-Mart and Pepsi.

Retailers are getting more sophisticated about rewarding customers for their loyalty as they enter a store, and that, too, could hurt couponing, Bradner said. Retailers such as Jewel grocery stores and new CVS drugstores let shoppers scan their loyalty cards into a machine, and receive coupons for merchandise they would likely buy based on their shopping history.
http://www.suntimes.com/technology/g...ecol18.article

Virtual Marketers Have Second Thoughts About Second Life

Firms find that avatars created by participants in the online society aren't avid shoppers.
Alana Semuels

SECOND LIFE — a three-dimensional online society where publicity is cheap and the demographic is edgy and certainly computer-savvy — should be a marketer's paradise.

But it turns out that plugging products is as problematic in the virtual world as it is anywhere else.

At http://www.secondlife.com — where the cost is $6 a month for premium citizenship — shopping, at least for real-world products, isn't a main activity. Four years after Second Life debuted, some marketers are second-guessing the money and time they've put into it.

"There's not a compelling reason to stay," said Brian McGuinness, vice president of Aloft, a brand of Starwood Hotels & Resorts Worldwide Inc. that is closing its Second Life shop and donating its virtual land to the nonprofit social-networking group TakingITGlobal.

Linden Lab, the San Francisco firm that created Second Life, sells companies and people pieces of the landscape where they can build stores, conference halls and gardens. Individuals create avatars, or virtual representations of themselves, that travel around this online society, exploring and schmoozing with other avatars. Land developed by users, rather than real-world companies, is among the most popular places in Second Life.

But the sites of many of the companies remaining in Second Life are empty. During a recent in-world visit, Best Buy Co.'s Geek Squad Island was devoid of visitors and the virtual staff that was supposed to be online.

The schedule of events on Sun Microsystems Inc.'s site was blank, and the green landscape of Dell Island was deserted. Signs posted on the window of the empty American Apparel store said it had closed up shop.

McGuinness said Starwood's venture into Second Life did accomplish something. Feedback from denizens gave Aloft ideas for its physical hotels.

The suggestions included putting radios in showers and painting the lobbies in earth tones rather than primary colors. But now that the design initiative is over, he said, it's difficult to attract people to the virtual hotel to help build the real-world brand.

For some advertisers, the problem is that Second Life is a fantasyland, and the representations of the people who play in it don't have human needs. Food and drink aren't necessary, teleporting is the easiest way to get around and clothing is optional. In fact, the human form itself is optional.

Avatars can play games, build beach huts, dress up like furry animals, flirt with strangers — sometimes all at once.

Their interests seem to tend toward the risque. Ian Schafer, chief executive of online marketing firm Deep Focus, which advises clients about entering virtual worlds, said he recently toured Second Life. He started at the Aloft hotel and found it empty. He moved on to casinos, brothels and strip clubs, and they were packed. Schafer said he found in his research that "one of the most frequently purchased items in Second Life is genitalia."

Another problem for some is that Second Life doesn't have enough active residents.

On its website, Second Life says the number of total residents is more than 8 million. But that counts people who signed in once and never returned, as well as multiple avatars for individual residents. Even at peak times, only about 30,000 to 40,000 users are logged on, said Brian Haven, an analyst with Forrester Research.

"You're talking about a much smaller audience than advertisers are used to reaching," Haven said.

Some in the audience don't want to be reached. After marketers began entering Second Life, an avatar named Urizenus Sklar — in the real world, University of Toronto philosophy professor Peter Ludlow — wrote in the public-relations blog Strumpette that the community was "being invaded by an army of old world meat-space corporations."

He and other residents accused companies of lacking creativity by setting up traditional-looking stores that didn't fit in. His column was reproduced in the Second Life Herald.

Nissan Motor Co., a subject of such protests, has since transformed its presence in Second Life from a car vending machine to an "automotive amusement park," where avatars can test gravity-defying vehicles and ride hamster balls. Sun Micro has made its participation more interactive and fanciful, Chief Gaming Officer Chris Melissinos said.

Ludlow isn't impressed. He said most firms were more interested in the publicity they received from their ties with Second Life than in the digital world itself. "It was a way to brand themselves as being leading-edge," he said.

Angry avatars have taken virtual action. Reebok weathered a nuclear bomb attack and customers were shot outside the American Apparel store. Avatars are creating fantasy knockoffs of brand-name products too.

Some buying and selling does go on in Second Life. An avatar can acquire currency — called Linden dollars — by earning it or buying it with U.S. dollars. (The exchange rate is 268 Lindens to $1.) With a stack of Linden dollars, an avatar can spice up his or her look or while away the time in a casino.

Only a few other virtual worlds allow avatars to create and sell content as Second Life does. But users are flocking to the other worlds, in part because some don't require people to download software to take up residence.

Others just want to access a larger community than Second Life offers. Between May and June, the population of active avatars declined 2.5%, and the volume of U.S. money exchanged within the world fell from a high of $7.3 million in March to $6.8 million in June.

Companies are following them. IBM Corp., which has an extensive presence in Second Life, is expanding into the other environments, including There, which features a digital version of the popular TV show "Laguna Beach," and Entropia Universe, which pits users against one another in a sci-fi civilization.

Consulting firms that were set up to bring brands into Second Life are busy helping clients explore other worlds.

One such agency, Millions of Us, recently announced that it had formed a partnership with Gaia Online, a site popular with teenagers, and CEO Reuben Steiger said it would be unveiling more soon. Millions of Us had previously worked only with Second Life.

"It's not about whether Second Life is good or bad," Steiger said. "It's just that there are a lot of alternatives."
http://www.latimes.com/business/la-f...,3135510.story

Virtual Frets, Actual Sweat
Katie Zezima

KEVIN Doyle and Ivan Wine strode to the front of River Gods and picked up the guitars with the confidence of two guys who had played this bar and those instruments many times before.

With their wives watching from a nearby table, Mr. Doyle, 30, a software consultant clad in a Dewar’s Scotch T-shirt, and Mr. Wine, 32, a graphic designer with an unruly goatee and thick black glasses, strapped on the guitars and chose a song from the list on a projection screen.

They planted themselves in position as the first plodding strains of Black Sabbath’s head-banging heavy-metal classic “War Pigs” emanated from the speakers. As the song’s tempo increased, they frantically fingered the multicolor buttons on the necks of the guitars, hitting them with authority in time to the song’s signature “dun-dun-dun” riffs.

But the two men were not showboating. They were actually concentrating, biting their lips and staring almost trancelike at the screen, watching colored balls falling toward them on an electronic fretboard.

When Mr. Doyle and Mr. Wine finished the last riff, the audience whooped and cheered. The newly minted music gods offered high fives as they returned to their seats.

“We rocked the song,” Mr. Wine said.

This is Guitar Hero night, where curious bar patrons, self-styled bad boys and video game addicts, all usually a drink or two deep, play the game Guitar Hero on a big screen, and fulfill their dreams of being a preening, prancing rock ’n’ roll frontman.

Bars from Roanoke, Va., to San Diego are offering Guitar Hero nights, some providing players with big-hair wigs, Viking helmets and other colorful garb to help them complete the momentary illusion of being Eric Clapton or Lenny Kravitz. Others serve as hosts of competitive tournaments where the winners receive real guitars.

Players come because, for most, it’s as close as they’ll get to being an actual rock star.

“The audience cheers and it’s almost like being onstage,” Mr. Wine said. “You don’t get that playing the game in your living room.”

Within the past year, bar owners and managers have introduced the game, usually played in basements and bedrooms, into their locations to spike business on otherwise slow nights. Now they say Guitar Hero night is the new karaoke night — without the embarrassment of atrocious vocals.

“It’s for people like me, who can’t play guitar but want to,” said Jasper Coolidge, the head talent booker at Pianos, a downtown Manhattan bar that features Guitar Hero night every Tuesday.

Mr. Coolidge said business on Tuesdays had tripled at the bar, which typically attracts a post-college crowd, since the event began in April. “We wanted some sort of quirky thing that wasn’t your typical New York dance-club house music night,” he said.

At River Gods, where the crowd is filled with high-tech workers in rock T-shirts, blue jeans and Converse sneakers, bar regulars and bewildered patrons who just stopped by for a drink, some of the players take it much more seriously.

“There are a couple of people who are these cartoon-character version of nerds,” said Jeff MacIsaac, the entertainment producer here. “They’re playing their Game Boys until Guitar Hero starts. They’re actually playing video games before the video games start.”

Guitar Hero requires dexterous players to press buttons on a plastic guitar in time with a song chosen from a library of familiar rock tunes like “Message in a Bottle” and “Sweet Child O’ Mine.” As the player watches colored notes scroll down a television screen, the object is to hit the corresponding colored buttons (along with a second strum button) in time with the notes to score points. The harder the level, the faster the notes fall and the more complicated the chords.

The original version of Guitar Hero was developed by Harmonix, a company that creates musical-theme video games, and released by the software company RedOctane for PlayStation 2 in 2005. But it was not until the release in late 2006 of a sequel, Guitar Hero 2, which featured a larger catalog of songs (“Killing in the Name Of” by Rage Against the Machine, “Heart-Shaped Box” by Nirvana) and a new head-to-head play mode, that the game found its way into bars. About three million copies of Guitar Hero 2 have been sold for PlayStation 2 and Xbox 360, according to Harmonix and RedOctane. No one knows how many copies are being featured in bars.

Greg LoPiccolo, one of the creators of Guitar Hero and a vice president of product development at Harmonix, said the game was created to help people experience the thrill of performing in a club. But he didn’t anticipate that it would actually catch on in bars.

“We never intended for it to happen,” said Mr. LoPiccolo, who usually selects Stevie Ray Vaughn’s “Texas Blood” when he plays the game. “But once we saw it take place, it was kind of perfect, really.”

Prowess at Guitar Hero doesn’t necessarily equal expertise on a real guitar. At River Gods, Ben Azar, a 27-year-old guitar student at the Berklee College of Music in Boston, eyed the game’s guitar controller skeptically when it was handed to him. Just press the buttons to the beat of the song, he was told by one of the event’s organizers.

As Van Halen’s “You Really Got Me” started, Mr. Azar watched the screen as his fingers worked the frets, but he often looked confused, unsure why a note was missed or exactly what rhythm the guitar line was following.

After finishing his song, Mr. Azar said that using the Guitar Hero controller forced him to concentrate more on pressing buttons than preening like a rock god. “It’s very different,” Mr. Azar said. “It’s like making love to a rubber doll.”

Even though the game doesn’t accurately simulate the mechanics of playing a guitar, players said that the lure of Guitar Hero lies mostly in the mythology of the instrument — one that for every rock fan conjures up images of Pete Townshend smashing his guitar on stage or Jimi Hendrix setting his aflame.

“When one thinks of rock ’n’ roll, the first thing to come to mind is usually someone wailing away at a guitar,” Mr. Wine said later in an e-mail message. “The guitar is at the heart of almost every rock band out there that is or has been.”

Others players, like Shandi Sullivan, a former contestant on “America’s Next Top Model” and a regular at Pianos, appreciate Guitar Hero more for the experience of dressing up and performing for a live audience.

After discovering the game in April at a friend’s apartment, Ms. Sullivan started coming to Pianos every Tuesday, and she even bought a PlayStation 2 to practice with in her apartment. At the bar’s weekly Guitar Hero party, she assumes a different rock ’n’ roll alter ego each time. She has been both Pat Benatar and Elvis Presley. Given her choice, though, she still prefers to rock out to Megadeth, and the game has turned her on to contemporary heavy-metal acts like Shadows Fall.

“I can’t wait until the ’80s version comes out,” Ms. Sullivan said. “Eighties music is my life.”

When Guitar Hero Encore: Rocks the 80s, a sequel featuring the music of such nostalgically coiffed artists as Twisted Sister and Flock of Seagulls, is released on July 24, it will be the last collaboration between Harmonix and RedOctane. Last year, MTV purchased Harmonix, and RedOctane was acquired by the video game publisher Activision.

But the Guitar Hero franchise will rock on. Later this year, RedOctane and Neversoft, a video game studio owned by Activision, plan to release Guitar Hero III: Legends of Rock, and Harmonix will start Rock Band, a Guitar Hero-like game that will also allow players to become drummers, bassists and vocalists.

RedOctane is sponsoring a stage at the Family Values Tour this summer, which includes rock and heavy-metal acts, and it will hold Guitar Hero contests between sets. The winner will receive a guitar autographed by Jonathan Davis, the frontman of Korn.

As with real rock stars, there is plenty of rivalry and ego to be found among the players of Guitar Hero. Mr. Coolidge, the Pianos talent booker, and Caroline Enright, the manager of River Gods, have thrown down a challenge: a New York vs. Boston Guitar Hero competition, preferably to be held when the Red Sox are playing the Yankees.

“We’re going to have a tournament here to decide who is going up there,” Mr. Coolidge said from New York.

In Cambridge, Ms. Enright said she is ready and willing. “It’s on,” she said.
http://www.nytimes.com/2007/07/15/fa...ml?ref=fashion

Firefox Now a Serious Threat to IE in Europe: Report
Stan Beer

Mozilla's Firefox (FF) web browser has made dramatic gains on Microsoft's Internet Explorer (IE) throughout Europe in the past year with a marked upturn in FF use compared to IE over the past four months, according to French web monitoring service XiTiMonitor.

A study of nearly 96,000 websites carried out during the week of July 2 to July 8 found that FF had 27.8% market share across Eastern and Western Europe, IE had 66.5%, with other browsers including Safari and Opera making up the remaining 5.7%. The July market share represents a massive 3.7% rise since a similar survey in March.

A particularly worrying sign for Microsoft is that in some key European markets FF is threatening to overtake IE as the market leading browser. In Slovenia (47.9%) and Finland (45.4%) FF usage has reached parity with IE, while in Germany, Poland, Hungary, Czech Republic, Slovakia, Croatia and Ireland, FF has either reached or is nearly at 40% market share.

Countries where FF market share has now reached 30% or more include, Austria, Greece, Romania, Bulgaria, Estonia and Latvia.

Strong gains for FF were also reported in France, Sweden and Switzerland where in all three countries FF is now approaching 25% market share.

Although clear market share gains for FF were reported in every single European territory, countries where IE still has not reached 20% market share include Britain, Netherlands, Italy, Spain, Ukraine, Norway and Denmark.

Australasia, already a strong FF market, has also seen big gains in FF market share over the past four months, with an increase in FF usage from 24.8% in early March to 28.9% in early July.

Another worrying sign for Microsoft is that a separate survey from XiTiMonitor taken over the same period is that there has been a reluctance of IE users to adopt the latest version of the browser IE7, even in markets where IE is strong.

Only about one third of IE users have adopted IE7 compared to 85% of FF users who have adopted the latest version of the browser, FF2. Significantly, FF2 has a greater market share than IE7 in 17 European territories, while IE7 is ahead of FF2 in 16 territories.
http://www.itwire.com.au/content/view/13517/53/

Holes in Firefox Password Manager

The Mozilla developers have fixed a known hole in the password manager of Firefox & Co, but a door remains open for exploitation. If the user gives permission, the inbuilt password manager of the open-source browser saves passwords and enters data into the respective form fields on the user's next visit automatically. This happens not only on the page where the password was saved, but also on all other pages on this server that contain a similar form.

If users are allowed to create their own web pages on a server, as is the case on many community sites, an attacker may emulate the login form to have the access data, which are entered automatically, sent to his own server. In the past, a login form could even be set up to send the data directly to the attacker's server as soon as the submit button was clicked. Firefox entered the data automatically regardless of the target of the specified action. However, the developers have now implemented changes to check the destination to which the data are sent; consequently, the demo run by heise Security no longer worked. But Markus Bucher noticed that it is not necessary to change the destination: rather, it is possible to read out the entered data via JavaScript and then submit them. To do so, the page must simply access the data via the DOM (document.<form>.<field>.value). The updated browsercheck page of heise Security demonstrates how this works.

When asked by heise Security, Mozilla developer Gavin Sharp confirmed that the developers are aware of that problem. Indeed, there were controversial discussions of the issue in the bug database, but further measures were discarded. Automatically entering passwords in other pages increases the user-friendliness on sites with several login pages. And even if this functionality is removed, this does not mean that passwords cannot be stolen. Provided an attacker can place script code on a server, he is able to manipulate the pages as he wishes anyway and has other ways to steal user access data.

The position of the Mozilla developers is quite comprehensible, since the JavaScript security model almost completely relies on the origin of code (same origin policy). If an attacker succeeds in placing malicious code on a server, he may manipulate practically all pages from this server while they are displayed in the browser as he wishes. However, an uneasy feeling remains considering that a password manager enters passwords into faked forms without any user interaction. Somehow, this is reminiscent of a wallet with a hole in it.

From the users' perspective, this means that they should not entrust their passwords to the password manager on web sites that allow other users to create their own pages containing scripts. Otherwise somebody can easily create a page that steals the password as soon as the page is opened (see our password stealing demo for that). This category of sites includes many content management systems including blogs and social networking sites. Specific filtering functions attempting to distinguish good from evil code are not really helpful, since experience shows that they can be bypassed in most cases. Users could also disable JavaScript or use add-ons such as NoScript to set up rules to provide additional protection. In the age of Web 2.0 this would, however, mean that many pages would cease to function. On the other hand it is doubtful that by not using a password manager security levels would be raised, since the resultant need to remember passwords often induces users to choose simplistic passwords and use them on multiple sites.

Update:
Apple's Safari behaves in a similar manner. The browsercheck demo works the same way: on visiting the "evil" page, your password is stolen by JavaScript without any user interaction.
http://www.heise-security.co.uk/news/93018

Macrovision Boosts Pirate Headaches with Security Code Blended into Game Code

Macrovision has developed a way to blend security code into actual game code, a shift that could have implications for all manner of digital media traditionally protected by security ‘wrapped’ around, rather than embedded inside, content.

Revealed on July 16, the Asymmetric Code Blending technique is designed to make it difficult for hackers to separate and duplicate just the game code. Game publishers will be able to apply the technology to games distributed online, through Macrovision’s ActiveMARK product, and via physical media, through its SafeDisc Advanced product.

“The security code changes with every game by embedding it with each game,” says Corey Ferengul, executive vise president, marketing and solutions, for Macrovision.

Publishers distributing via physical media also can allow online activation of the games or parts of the game by employing Asymmetrical Code Blending in the SafeDisc Advanced product. With flexible activation accounts, gamers can make backup copies and run the game on multiple and mobile computers without requiring that the physical CD or DVD be present at all times.

Macrovision believes the additional frustration for hackers created by Asymmetric Code Blending will help make game publishers more comfortable with digital distribution in multiple channels including Web 2.0 trends, such as peer-to-peer networks and viral sharing.

Ferengul argues that Code Blending can transform viral sharing of games among users from a worry to an advantage for publishers. For example, he says, the publisher can program the game so that when it is downloaded from the Internet and then shared from one gamer to another, the game automatically reverts to a try-before-you-buy state. The publisher can set rules, such as “try and die,” to time the game out in a certain time period, or to limit the levels into which the new viral user can enter to play.

“If I like a game and want share it, I can do that, but the publisher is protected,” he says. “If it try it and I don’t’ buy it, it dies. It can be that it dies after a time period, or it may be you can do level one, but never higher. You don’t want to take away sharing, but you can do it in a way that protects the publisher and is still valuable to the end user.”

Publishers taking advantage of these distribution options will not only leverage word of mouth promotion among gamers, he says, but also effectively multiply potential points of sale without compromising security in a viral environment.

So far, Macrovision has applied Asymmetric Code Blending only to game content, but when asked whether Macrovision intends to apply it to video, music or other types of digital media, Ferengul says, “We now have this as a part of our engineering expertise.”

Although physical distribution continues to comprise “the lion’s share” of game distribution, online distribution is growing, and the capabilities of Asymmetric Code Blending appear to be in line with other findings of Macrovision’s recently completed annual survey of the game market, Ferengul says.

More than 50 percent of survey respondents said they will buy games only after being afforded an opportunity to try them, and 81 percent said their purchases were influenced by reading a review of the game, which typically emphasize fellow gamer reviews. “People are passing games around and want to try them in advance,” he says. “There’s a very strong community in the games space. If you’re doing commerce, you have to do things like user recommendations, peer analysis.”

The survey also found significant growth in casual games and a broad willingness to accept advertising as a way to pay for games. The most popular game titles are puzzle games, and a quarter of respondents said they are also watching TV when they play. Only 22 percent of the games audience is 18 to 34 years old, leaving 78 percent who are 35 and older.

“We are seeing premium video, major sporting events or business knowledge or verticals that are paid, but we’re seeing massive amounts of online content moving toward ad-supported models,” Ferengul says. “People are much more accepting of advertising games as a way to pay, with 83 percent willing to watch up to a 30-second ad for a free game. They’re playing one to two hours at a time per session. You really have a captive audience and measurable demographic.”
http://www.screenplaysmag.com/tabid/...1/Default.aspx

FairUse4WM v1.3 Fix 2 Promises Vista, Zune DRM Stripping
Ryan Block

Oh, IT'S ON. After months of eager anticipation, it looks like either Viodentia has finally come out of hiding, or s/he's passed the torch on to another (Doom9 forum user Divine Tao?) -- but either way it looks like MS DRM IBX components up to version 11.0.6000.6324 are good to go with the latest version of FairUse4WM, v1.3 Fix 2 (read: this is the update we know you've all been waiting for). We haven't yet confirmed ourselves, but feel free to tell us whether you got a sweet taste of DRM freedom without having to continue using XP and Windows Media Player 10 with that subscription music service.
http://www.engadget.com/2007/07/15/f...-drm-stripping

Zune DRM Stripper

These days it's hard to keep digital media locked up in any format. Our Zune ears recently heard tell of a program that strips DRM off of tracks purchased from the Zune Marketplace, or traded via Wi-Fi. What makes this more significant is the optional Zune subscription which allows users to download almost all the Zune Marketplace.

We decided to download and test the Zune DRM stripper for ourselves to see if it actually works. In fact, it was so effective that we have decided not to publish any direct links to it.
http://www.zunescene.com/zune-drm-stripper/

Microsoft WM-DRM and IBX 11.0.6000.6324
Divine Tao

This post introduces a new tool for uncovering the individual keys from Microsoft's DRM blackbox components ("IBX"), up to version 11.0.6000.6324. Lacking the source code to the extant programs, I can only offer this output of my own efforts.

To actualize fair use rights with the new IBX, first run 'mirakagi' which will enter the IBX keys into the FairUse4WM blackbox-keys.txt text file.
Next, you should use the attached version of FairUse4WM, 1.3Fix-2. This includes an important fix for a video corruption bug, often seen in scenes affording high compression.

If problems occur, please provide the program text. IBX versions after 11.0.6000.6324 are not currently supported.

This version should be capable of interfacing with both Windows Vista and Zune software versions.

Download links to follow in the next post.

MD5 hash 0d5eaa7f8010e1293221a320943adb7e

http://forum.doom9.org/showthread.php?t=127943

Office, Vista Save Microsoft Profits from Xbox Ravaging
John McBride

Thank goodness for the Windows and Office cash cows. Despite a blistering $1.06 billion charge to repair faulty Xbox 360 consoles, Microsoft's fourth-quarter profits rose 7.3 percent, and annual revenues topped $50 billion for the first time. Fourth-quarter profit was a hefty $3.04 billion, compared to $2.83 billion last year. The Xbox charge sliced 8¢ a share off earnings, leaving 31¢ a share, compared to 28¢ a share last year. Revenue for the fiscal year was $51.12 billion, 15 percent better than last year.

Much of the good news came from the traditional Microsoft profit centers. The Microsoft Business Division rode a 20 percent increase in Office 2007 sales to post profits of $2.9 billion, 19 percent better than the same quarter last year. Servers and Tools profits were up 15 percent to $1.05 billion, and the Client Division saw an 11 percent increase in profits to $2.82 billion as sales of Vista chugged along.

Then there are the laggards. Entertainment and Devices, home of the Xbox, posted a $1.2 billion loss for the fourth quarter—nearly three times the $423 million fourth-quarter loss last year. That was expected. And, apparently, so was the 10 percent fourth-quarter drop in revenue for the division. Xboxes and Zunes sell better around the holidays and, hey, Halo 3 isn't out yet.

Still, the news isn't good. Microsoft has sold 11.6 million Xboxes, falling short of its goal of 12 million (although with the hardware issues maybe that's not such a bad thing) and Peter Moore is gone. The division did manage to make its goal of selling 1 million Zunes by the end of fiscal 2007 though, CFO Chris Liddell said in a conference call.

The Online Services Division continues to muddle along. Advertising sales were up 33 percent and Windows Live Search's market share is up. That boosted fourth-quarter revenue 19 percent over last year. But heavy spending on data centers and employees means losses climbed 28 percent to $239 million.
http://arstechnica.com/news.ars/post...-ravaging.html

Microsoft Sees Stronger XP Sales in FY08

Microsoft said that it expects Windows XP to make up a significantly larger part of sales in the coming year.
Gregg Keizer, Computerworld

Microsoft Corp. Thursday said that it expects Windows XP, the operating system supposedly made moot by Windows Vista, to make up a significantly larger part of sales in the coming year.

During a conference call with analysts following the earnings results release Thursday afternoon, Chief Financial Officer Chris Liddell said the company has changed its fiscal year 2008 forecast from an 85/15 split in sales between Vista and XP to a 78/22 split. Windows XP sales will, in other words, be nearly 50 percent higher in the next 12 months than Microsoft had estimated earlier.

"We fine-tuned the Vista/XP mix for next year" during the company's usual budgeting last month, said Liddell. "We changed it from 85 percent to 78 percent. Now, it's a lower number [for Vista], but it's still a very high number overall from our perspective, so 78 percent Vista mix in terms of sales next year."

According to Liddell, Microsoft will generate the same revenue, more or less, under the new Vista vs. XP numbers, although there might be some slight differences because Vista sales have tended to involve more of the higher-priced versions, dubbed premium by the company, than has XP. The financial forecast didn't spell out that directly, however. The only clue was a US$120 million difference in what Microsoft pegged as the "undelivered elements" it assigned to unearned income for the coming year.

"Undelivered elements" are revenue set-asides to account for as-yet-unknown upgrades and enhancements to software. The set-aside shrunk from $660 million in the last 2008 forecast to $540 in the estimate presented Thursday.

"Because of that change [in the OS split], then the amount of undelivered element that comes from Vista is slightly lower than it would be otherwise," Liddell explained.

His remarks caught the attention of Michael Cherry, analyst at Directions on Microsoft, a Kirkland, Wash.-based research company. "What that seems to say is that XP has stronger legs than you would expect after the release of a new operating system."

Clues that users aren't ready to ditch XP have not been hard to find. In April, for example, Dell Inc. retreated from its earlier Vista-only position and announced it would return XP to the operating system choice list for consumer PCs. Three months before that, Microsoft extended support to Windows XP Home and XP Media Center to match Windows XP Professional's drop-dead date of April 2014.

"Most of the machines I see pitched in catalogs are in the $700 range, certainly under $1,000," said Cherry. "Computers with that amount of hardware are a better fit for XP. With Vista's requirements, people may be thinking about sticking with XP, and putting less money into the hardware."

It's possible, Cherry added, that Microsoft might find itself forced to recognize more reality in the future. "At some point, they might have to consider limiting the availability of XP" to push people to Vista.

The software developer has made at least one move in that direction already. In mid-April, it announced it would terminate sales of Window XP to resellers and retail after Jan. 31, 2008. Users' reactions were almost unanimously negative.
http://www.pcworld.com/article/id,13...1/article.html

A Patent Is Worth Having, Right? Well, Maybe Not
Michael Fitzgerald

PATENTS are supposed to give inventors an incentive to create things that spur economic growth. For some companies, especially in the pharmaceutical business, patents do just that by allowing them to pull in billions in profits from brand-name, blockbuster drugs. But for most public companies, patents don’t pay off, say a couple of researchers who have crunched the numbers.

“Today, over all, patents don’t work; for the information technology industry especially, they don’t work,” said James Bessen, who became a lecturer at Boston University’s law school after a career in business. In 1983, he created the first computer publishing software with Wysiwyg (an acronym for “what you see is what you get”) printing abilities. He also founded a desktop publishing company, Bestinfo, later acquired by Intergraph.

Neither Mr. Bessen nor his company patented anything, in part because his lawyers told him that software couldn’t be patented at the time. He ultimately became interested in whether patents spurred innovation, since the software industry for years innovated steadily without using many patents. He and a colleague, Michael J. Meurer, are readying a book on the topic, “Do Patents Work?,” due in 2008. (A synopsis and sample chapters are at researchoninnovation.org/dopatentswork/.)

The two researchers have analyzed data from 1976 to 1999, the most recent year with complete data. They found that starting in the late 1990s, publicly traded companies saw patent litigation costs outstrip patent profits. Specifically, they estimate that about $8.4 billion in global profits came directly from patents held by publicly traded United States companies in 1997, rising to about $9.3 billion in 1999, with two-thirds of the profits going to chemical and pharmaceutical companies. Domestic litigation costs alone, meanwhile, soared to $16 billion in 1999 from $8 billion in 1997.

Things have probably become worse since then. For instance, patent litigation is up: there were 2,318 patent-related suits in 1999, and 2,830 in fiscal 2006 (though that’s down from the peak year, 2004, when 3,075 were filed). Mr. Bessen said awards in patent cases also seemed to be up, though he was less confident in that data. Worse, he says, companies doing the most research and development are sued the most.

Mr. Bessen’s critique of the patent system does not go so far as that of economists like Michele Boldrin and David K. Levine, who argue that the patent system should be abolished ( http://www.dklevine.com/general/inte...gainstnew.htm). Mr. Bessen said that besides girding the pharmaceutical industry, the system did seem to work reasonably well for small companies and individual inventors. Still, he said that “our finding is that the risk of patent litigation is creating a disincentive for R&D,” especially for information technology companies, and that the system urgently needs change.

Mr. Bessen’s data is controversial. John F. Duffy, a law professor at George Washington University, thinks that Mr. Bessen and Mr. Meurer have undervalued the profits made from patented items, though he acknowledged that a vast majority of patents are worthless.

Mr. Duffy, who thinks that the patent system remains a powerful innovation engine for the economy, also noted that the data covers only the private value of patents — it does not try to measure the social value of patents, that is, the impact an invention has for society at large. How, for example, might one measure the value of the stability of an airplane, which can be traced to an invention patented by the Wright Brothers?

Still, Mr. Duffy does not discount the research. In fact, he has invited Mr. Meurer to present it at a conference later this summer. “The numbers are serious, and they are provocative,” Mr. Duffy said.

The data don’t seem out of line to R. Polk Wagner, a law professor at the University of Pennsylvania. He said that other research has established that patents typically are worth less than $10,000. “It’s not any secret that on a cash basis, it doesn’t make sense to file patents, and yet companies do it,” Mr. Wagner said.

Some companies are still spending billions on research programs despite the increase in litigation costs. “Whether or not the R&D efforts you make invite litigation in no way relates to whether you do them,” said Bernard S. Meyerson, an I.B.M. fellow who is named on more than 40 patents and is currently chief technologist at its systems and technology group. I.B.M. has one of the corporate world’s largest research budgets, spending some $6 billion a year. And it does make money from its patents, at least on a licensing basis.

Of course, I.B.M. also employs 370 corporate patent lawyers who Mr. Meyerson said work “hand in hand” with the company’s inventors, trying to make sure that the company is aware of patent pitfalls that might affect its work.

I.B.M. and many other large high-tech companies have hefty patent portfolios, which Mr. Meyerson said deters the companies from suing one another. He said the industry operates under a large intellectual-property umbrella: “you are licensed under mine, I’m licensed under yours, and by declaring peace as opposed to war, you have freedom of action,” Mr. Meyerson said.

Even so, he said I.B.M. is concerned that innovation could be choked by patent litigation and would like to see the system reformed.

Congress could step in, and there are patent reform bills in the House and the Senate, with many of the provisions aimed at reining in litigation and damage awards. But this marks the third consecutive year that Congress has considered patent reform, and there is enough opposition from large companies to suggest that it will again have to wait until next year.

There are other paths to change: the United States Patent and Trademark Office could open patent applications to public comment, which could help patent examiners find applicable previous inventions. The office in June began a yearlong experiment allowing open comment on 250 patent applications (http://www.uspto.gov/web/offices/com...hes/07-21.htm). The Web is already ahead of the patent office: a site called wikipatents (www.wikipatents.com) has created an open comment process for several years’ worth of patent applications.

ANOTHER might be to increase the number of appeals courts that handle patent cases. Right now, there is only one, the United States Court of Appeals for the Federal Circuit. The Supreme Court, meanwhile, may have helped the system immensely with a ruling in June that should stiffen the standard of “obviousness,” the key criterion in granting a patent. Tougher standards may weed out many bad patents and reduce litigation.

But technological inventions are often not obvious, especially when it comes to the esoteric world of software, where it can be unclear even to the inventor what the patent will be good for.

Mr. Bessen, for one, is not optimistic. “Things are going to get a lot worse before they get better for the technology industry,” he said. If he’s correct, it will become harder to question his economic analysis of the current patent system.
http://www.nytimes.com/2007/07/15/bu...y/15proto.html

Russia’s Trademark Gun, but Others Grab Profits
C. J. Chivers

THE automatic Kalashnikov, the world’s most abundant firearm and a martial symbol with a multiplicity of meanings, turns 60 this year. In some places this is cause to shudder. In Russia it is treated as a milestone to celebrate, and a chance to cry foul.

Once strictly Communist products, the AK-47 and its offspring are killing tools so durable and easy to use that they were heralded as achievements of state socialism and industrial might. Uncoupled from the laws of supply and demand by their origins in planned economies, they flowed from arms plants in the tens of millions, becoming national defense and foreign policy instruments for the Soviet Union and allied states.

But the 60th birthday party has displayed the rifle’s evolving place in both the market and the Kremlin’s mind. These days the Kalashnikov is seen through capitalist lenses, and argued about in ways that could not possibly have been envisioned by its Communist creators.

In cash-hungry Russia, Kalashnikov is now an informal brand. And as purchases of Kalashnikov rifles and their derivatives continue on foreign markets, Russian arms manufacturers and exporters worry not about ideology and world dominance, but over sales opportunities lost.

The back story manages to be both odd and unsurprising. Russia’s anger is at the United States, a potential customer that has become, once again, a premier distributor, handing out the weapons to indigenous police officers and soldiers in Afghanistan and Iraq. The United States was also a bulk purchaser in the 1980s, when it supplied mostly Chinese and Egyptian Kalashnikovs to anti-Soviet insurgents in Afghanistan.

In returning to the Kalashnikov market, the Pentagon has shunned purchases from Russia, opting instead for AK-47 knockoffs available for sale or donation from other countries’ stockpiles. (The true AK-47 was short lived and swiftly modified; its many variants, almost all of which the Soviet Union helped create via foreign aid, are often inaccurately called AK-47s, by now universal shorthand.)

In Afghanistan, the United States has selected the AMD-65, a short-barreled Hungarian Kalashnikov copy with a forward hand grip and futuristic muzzle, as the standard weapon of the Afghan police. It has received most of its projected 55,600 AMD-65s via its foreign military sales programs, according to data provided by Combined Security Transition Command-Afghanistan.

Another 10,000 Kalashnikov knockoffs were transferred in 2006 to Afghanistan from Slovenia. At least some weapons being handed out, based on an examination of the shipping containers and rifles this spring in Afghanistan, are inexpensive Chinese clones.

Similarly, in Iraq (which once had its own Kalashnikov plant, built with Communist help) the United States scrounged or purchased more than 185,000 Kalashnikov-style rifles and light machine guns for Iraqi security forces from 2003 and 2006, according to the special inspector general for Iraq reconstruction.

It did so without buying a single weapon from Russia, which, as creator of the underlying design that all automatic Kalashnikovs share, regards itself as the rightful owner of an informal but global brand.

These transfers have alarmed and irritated Russian officials and arms merchants, and split the AK-47’s 60th birthday celebrations between parties and bitter pleas.

With events that began in early July and will continue into August, the Kremlin and its arms-export agency are feting both a family of weapons and the man credited with their creation, Mikhail T. Kalashnikov, who at 87 has proved to be as durable as the rifles that bear his name.

Even General Kalashnikov himself is venting his dismay over proliferation without Russian profit. “I take them into my hands and, my goodness, the marks are foreign,” he said of the knockoffs the Soviet Union once championed. “Yes, they look alike. But as to reliability and durability — they do not meet the high standards of our military.”

Without these controversies, the celebrations might have had a familiar feel. The AK-47 and its derivatives, first tested in the forests outside of Moscow six decades ago, have been common on battlefields and in Soviet and revolutionary iconography for two generations. General Kalashnikov long ago became a hero of the proletariat.

By the fall of the Soviet Union, their global saturation was complete. Soviet students practiced assembling and disassembling Kalashnikovs in the 10th grade. Soviet statues clutched them with muscular, thick-handed grips. Almost anyone who might fight the West or its partners had been eligible for automatic rifle shipments from the Communist bloc, or even a rifle or ammunition plant.

Every self-respecting Communist revolutionary and even allies of convenience, from Fidel Castro to Yasir Arafat to Idi Amin, eventually had their Kalashnikov stockpiles and Kalashnikov poses, never mind the body counts.

The testimonials this month have celebrated Russia’s version of this history. Depending on your point of view, these rifles have been either a revolutionary’s trusted partner or a lethal instrument of proxy war, terror and crime. The chosen speakers, hand-picked by Russian officials, have chosen the former line.

“On behalf of all my brethren who died in the anti-American war to liberate our country, we thank you for inventing this weapon,” Senior Col. To Xuan Hue, the defense attaché from Vietnam, told Mr. Kalashnikov at one celebration.

Group Capt. Biltim Chingono, the defense attaché from Zimbabwe, also sidestepped the rifle’s checkered reputation, saying that in his country’s civil war it had proved “to be the mightier and decisive freedom pen.”

In Russian circles, little praise is being spared. “The famous Kalashnikov assault rifle has become not only an example of daring innovative thought but also a symbol of the talent and creative genius of our people,” President Vladimir V. Putin said in a decree.

At the same events, Russian officials and arms manufacturers are clamoring over who should be allowed to put Kalashnikov rifles on the market.

Some arguments are based on quality, and Russia claims, without offering evidence, that the copies and clones are not as well made as the genuine article. There is some support for this on black markets in Iraq, where the Russian Kalashnikovs often fetch higher prices than their clones, although whether the rifles are better or simply more coveted is not clear.

Other arguments are rooted in what the Russians claim is law, as the arms industry insists that the factories that the Kremlin once sponsored, and now are in sovereign, post-Soviet countries, have no right to manufacture or sell items of Soviet design.

“More than 30 foreign companies, private and state based, continue the illegal manufacturing and copying of small arms,” said Sergey V. Chemezov, the former K.G.B. officer and confidant of Mr. Putin’s who directs Rosoboronexport, the state arms-marketing agency. “They undermine the reputation of the Kalashnikov.”

So far, few customers have paid notice. The largest customer in the market, the United States, has purchased whatever weapons it sees fit, coloring the AK-47’s 60th birthday, like much of Kalashnikov history, with another angry struggle.

“We cannot tolerate the situation when only 10 percent of the Kalashnikovs are manufactured legally,” said Sergey V. Lavrov, Russia’s foreign minister. “We cannot stand for this. We must fight.”
http://www.nytimes.com/2007/07/15/we...15chivers.html

Punishing Google
Rachel Rosmarin

Much to investors' disappointment, Google cannot clear every hurdle put in front of it. On Thursday, the company reported second-quarter earnings of $925 million, or $3.56 cents per share, which missed expectations by a hair: Analysts were calling for Google to post earnings of $3.59 per share.

Even though earnings in the second quarter topped year-ago figures by 28%, Google (nasdaq: GOOG - news - people ) investors might be sorry to see that Google couldn't match its $1 billion in earnings reported in the first quarter of 2007.

No matter that Google's revenue shot up in the second quarter by nearly 60% vs. the same period last year, to $2.72 billion, beating estimates of $2.68 billion--the company's stock plunged nearly 8% in after-hours trading to $505.

Why the shock? Expectations for Google are unusually high (see "Can Google Defy Gravity Again? Probably"). Since the company went public in August 2004, Google has surpassed expectations in every quarter except for one.

Google Chief Executive Eric Schmidt didn't acknowledge a slip-up. "Our performance once again demonstrates the strength of our core search and ads business," he said in a statement. "The growth in our global traffic combined with our ongoing improvements in monetization resulted in solid revenue growth, even in a seasonally slow quarter."

During a conference call, Schmidt noted that the company increased its head count by more than was expected during the quarter, bringing on 1,548 new hires. "We're pleased with the people we brought in, but we're going to watch this area very closely," he said. Schmidt also reminded analysts that Web traffic during the second and third quarters is traditionally weaker than during the first and fourth quarters. "We will expect that to be true for many years to come," he said.

George Reyes, Google's chief financial officer, pointed out that the company's revenues from the AdSense network may have been lower than expected for the quarter because of the company's decision to begin weeding out publishers' sites that "were not meeting quality thresholds," he said. Some of these sites could be the type that is filled with advertising but not much content. Publishers of these sites benefit from revenue-sharing with Google, but with fewer of them around, there are fewer revenues for Google to take.

When an analyst asked Omid Kordestani, Google senior vice president of global sales and business development, how much revenue products not related to advertising contributed to the company's bottom line, he couldn't come up with much. "No impact this quarter," he said. That means high-profile Google products like YouTube, with its video advertising, and extensive mapping and mobile software aren't registering as compared with Google's massive search-ads business.

But Kordestani said Google's ad sales teams are learning how to sell ads on these new products. “Every group in the U.S. has gone through a lot of training,” he said. "They get supporting expertise to help them sell against things from YouTube, to print, to TV advertising."
http://www.forbes.com/technology/200...19google1.html

The Boat Is About to Rock (Again) in Internet Video
Brad Stone

DMITRY SHAPIRO brings an unlikely gadget into meetings these days: a TV remote control.

As chief executive of Veoh Networks, an Internet video company based in San Diego, Mr. Shapiro uses the remote to navigate the company’s new software program, VeohTV, on his laptop. The software acts like a Web browser but displays only Internet video, presenting full-length television shows and popular clips from the Web’s largest video sites, like NBC.com and YouTube. It lists those videos in a program guide and plays them in a small window or across the entire screen.

The product, now in a private testing phase, will be available to the public later this year. It has the potential to be a popular and practical way to watch online video. But like a long line of other innovative high-tech tools, VeohTV could also threaten and alienate traditional media companies and even cause some of Veoh’s Internet rivals to consider legal remedies.

For the last two years, Veoh Networks has operated a video-hosting Web site, Veoh.com. The site works much the way YouTube does, with a few notable exceptions. The company does not impose any time limits on the length of videos and does not use digital fingerprinting technology to filter out copyrighted material. That has led to some rights holders to complain that Veoh has fallen behind in protecting intellectual property.

Nevertheless, Veoh.com has been growing fast: it draws about 15 million visitors a month, up from 4.5 million in January. Veoh Networks is a private company and does not release financial data. YouTube, by contrast, gets more than 100 million visitors and serves up more than three billion video clips a month, according to several market research firms.

“It’s impossible to compete with YouTube as a video sharing site now,” said Josh Bernoff, a vice president at Forrester Research. “Veoh is a good example of a company that decided to go off in a new direction.”

That direction is VeohTV. To support the new effort, the company raised about $26 million this summer from investors, including Time Warner; Goldman Sachs; Spark Capital, a venture capital firm in Boston; and the former Disney chairman Michael D. Eisner, who joined the Veoh board and counsels Mr. Shapiro, a 38-year-old, Russian-born engineer. The company introduced VeohTV as a beta product last month, making it available for testing to a group of invited users.

I found VeohTV to be easy to use. Once the software is downloaded to a computer, it offers an easy-to-navigate directory of 114 video channels, including listings for CBS, NBC, Fox and YouTube. On the NBC channel, there are dozens of episodes of “Heroes,” “30 Rock” and “Studio 60 on the Sunset Strip.” On the Fox channel, there are several full-length episodes of the dramas “Bones” and “24.”

Those shows are free and available for streaming on the NBC and Fox sites. The VeohTV player, Mr. Shapiro said, is just giving them a new audience.

“There are full-length episodes at Fox.com, but many customers don’t know how to find them,” he said. “The Web browser is fine for short clips. But if you just want to sit back and watch video on the Web, this is what you will want to use.”

Major media companies, however, are more interested in protecting their copyrighted programs. Veoh does not ask for permission to play material from other Web sites, though Mr. Shapiro says he wants to strike advertising-sharing deals with content owners to ensure that shows appear in high-quality video. But Veoh does not think that it needs consent because VeohTV is doing nothing more than playing what is already online, including any commercials shown during the programs.

The networks may disagree. By only offering video, VeohTV omits all the other advertisements on the network sites. For example, people who watched an episode of “Heroes” on NBC.com last week also saw for 40 minutes a banner ad for McDonald’s on the same page. VeohTV users watching the same episode would not see the banner.

Rick Cotton, the executive vice president and general counsel of NBC Universal, said that streaming full-length television episodes drives traffic to other parts of NBC’s site and exposes users to the ads on it. And the right to play those shows is valuable, he said, pointing to the still-unnamed venture between NBC Universal and the News Corporation to create an online repository of their TV shows and movies. Sites like MySpace, AOL and MSN have already entered into commercial agreements to display the venture’s content.

“This material has value,” Mr. Cotton said. “The notion of taking it and generating traffic with it needs to be negotiated and needs to be done with the agreement of content owners.” That’s why NBC and the other major studios are keeping close tabs on VeohTV’s business model.

FOR some video content, VeohTV can act as a digital video recorder, turning a video stream — meant to be viewed on the Web — into a downloaded file on a user’s hard drive. VeohTV users can record a YouTube video, for example, even though YouTube, owned by Google, says its terms of service specify that videos uploaded to the site will only be streamed.

Other software, like the recently released RealPlayer 11, by RealNetworks, can turn streaming video into downloads as well. But according to Ricardo Reyes, a YouTube spokesman, VeohTV steers users away from its ads while violating YouTube’s contract with its users. Mr. Reyes says the company is watching Veoh carefully. In response, Mr. Shapiro says his software provides an easier way to do something that is already technically possible on YouTube.

Mr. Shapiro and his backers are aware their product will disrupt current business models. So have many technological innovations in the past, he argued, and Veoh hopes to build a large audience while courting large media companies. That creates an apparent contradiction that will be hard to resolve. Veoh maintains that it does not need permission to list and play other companies’ videos inside VeohTV. But it also wants to play nice.

“We are going to try to be friendly to content owners,” said Todd Dagres, a partner at Spark Capital who serves on the Veoh board. “We are going to try to be the white-hat company.”
http://www.nytimes.com/2007/07/15/bu...y/15ideas.html

Happy Blogiversary

It's been 10 years since the blog was born. Love them or hate them, they've roiled presidential campaigns and given everyman a global soapbox. Twelve commentators -- including Tom Wolfe, Newt Gingrich, the SEC's Christopher Cox and actress-turned-blogger Mia Farrow -- on what blogs mean to them.
Tunku Varadarajan

Notwithstanding the words of Tom Wolfe, who puts an elegant boot, below, into the corpus of bloggers, there are many more people today who would read blogs than disparage them.

The consumption of blogs is often avid and occasionally obsessive. But more commonly, it is utterly natural, as if turning to them were no stranger than (dare one say this here?) picking one's way through the morning's newspapers. The daily reading of virtually everyone under 40 -- and a fair few folk over that age -- now includes a blog or two, and this reflects as much the quality of today's bloggers as it does a techno-psychological revolution among readers of news and opinion.

We are approaching a decade since the first blogger -- regarded by many to be Jorn Barger -- began his business of hunting and gathering links to items that tickled his fancy, to which he appended some of his own commentary. On Dec. 23, 1997, on his site, Robot Wisdom, Mr. Barger wrote: "I decided to start my own webpage logging the best stuff I find as I surf, on a daily basis," and the Oxford English Dictionary regards this as the primordial root of the word "weblog."

The dating of the 10th anniversary of blogs, and the ascription of primacy to the first blogger, are imperfect exercises. Others, such as David Winer, who blogged with Scripting News, and Cameron Barrett, who started CamWorld, were alongside the polemical Mr. Barger in the advance guard. And before them there were "proto-blogs," embryonic indications of the online profusion that was to follow. But by widespread consensus, 1997 is a reasonable point at which to mark the emergence of the blog as a distinct life-form.

Once a neologism, outlandish to some, weblog has come to be abbreviated to blog, a brusque and jaunty word that no one, now, would think to look up in a dictionary. That said, the spell check on Microsoft Word has yet to awaken to the concept of the blog. Type in "blogging," for instance, and you will promptly earn a disapproving underscore in red, with the suggestion that "bogging," "clogging," "flogging" or "slogging" (unappetizing alternatives all) might, in truth, be the word you seek.

In the decade since their conception, blogs, once a smorgasbord of links, have evolved into vehicles for a fuller, more forceful and opinionated prose. Not all of it has been lovely to behold, or even edifying. Inevitably, there has been bombast, verbosity and exposure to the public eye of thoughts that, ideally, should have remained locked inside fevered heads. (The impact of blogs on public discourse has included, I contend, the emergence of a form of "oral blogging," noticeable at seminars and the like, where people who might once have asked brisk questions are now empowered by the blog form to hold forth at length, with little attempt at self-editing.)

The other change in the blog has, of course, been its mainstreaming. Blogging was once the province of the Nerd Without a Life (NWAL -- which, when pronounced aloud, sounds remarkably and appropriately like know-all). Today, while members of that tribe still abound, there are others who blog not because it is their only window on the world, but because blogging offers the opportunity of direct and immediate communion with those who would respond to their ideas. Call it intellectual "skin contact."

Jack Bogle, the founder of Vanguard, blogs (his is the Bogle eBlog, so called because the second word is an anagram of his surname; and unlike many CEOs, he blogs without the aid of a ghostblogger). Gary Becker, Nobel laureate in economics, blogs. Peter Stothard, editor of the Times Literary Supplement of London, blogs. Mia Farrow, the cinema actress, who also writes below, blogs. As do politicians and activists of every stripe. Some blogs are profitable businesses, and it is no surprise that the traditional media have bought into the action, including this newspaper (see James Taranto's contribution, below).

Featured here, then, are a dozen brief meditations on what the blog has come to mean and on the role blogs play in the usual tussles of any civilized society. The appropriate question about blogs, 10 years into their first appearance, is not whether they are a form of exhibitionism, or journalism, or theater. It is, instead, this, and I pose it with a courteous apology to Tom Wolfe: What would we do without blogs?

Harold Evans
A Spurious Megaphone

Editor at large, the Week
Former editor, the Times of London
Favorite blogs: AndrewSullivan.com (political pundit for the Atlantic Monthly); MichaelTotten.com (Mideast affairs blogger); HeadButler.com (news and culture roundup)

Coming from a print culture where the rule was check, check, source, source, I was chilled, in the early days of the blogosphere, by the easy dissemination of lies.

Did you know that 9/11 was the work of the Mossad? How else can you explain that the 4,000 Jews were tipped off to stay away that morning? Gibberish, of course, but widely believed in the Muslim world.

In Indonesia, Tom Friedman reported, only 5% of the population could get on the Web, but these 5% spread rumor as fact: "They say, 'He got it from the Internet.' They think it's the Bible."

In this case, the revealed "truth" was a blog by one Sy Adeeb, writing from Alexandria, Va., under the logo of Information Times (with an address at the National Press Building in Washington, which had no trace of him). When I tracked him down, he told me he got it from Al Manar, the Hezbollah station in Beirut.

Once upon a time, Adeeb would be sending out smudged mimeographed sheets that would never see the light of day. Now, as bloggers on the Web, Adeeb and others like him have a megaphone to the world, with this spurious authenticity of electronic delivery. (Tony Blair says there are 70 million blogs. Presumably, British Intelligence has been counting.)

What's lamentable is that mainstream media, in a desperate race to be hip, will often now quote an unsourced blog story as a source. So nobody can really calculate the ripple effect of blogging.

That said, there's a lot that's great about the blogosphere.

Some blogs have become the best check on monopoly mainstream journalism, and they provide a surprisingly frequent source of initiative reporting. As an example, the only hope of staying sane in the lockstep stereotyped reporting of the 2000 presidential campaign was to look up Eric Alterman on MSNBC.com and the Daily Howler hilariously documenting the false narrative into which every story about Al Gore was fitted.

Christopher Cox
Bolstering Investors' Toolkit

Chairman, Securities and Exchange Commission

Without a good search engine (Google, of course, along with blogdigger, Feedster and a handful of others), it would be impossible to intelligently sample the vast landscape of the blogosphere. With that basic tool, it's at least possible to get a feel for the range of opinions on a given topic. It's a bit like reading the verbatims from an opinion poll; you get someone's genuine opinion, and it most certainly is not statistically valid.

Blogs can contribute a great deal in the world of finance, which turns on information -- the newer, the better. As investors strive to make sense of the ever-higher mountains of data that we're buried under, the services of bloggers, whom we can imagine sitting at home in their pajamas trolling the Internet for us, free of charge, are likely to be an increasingly consequential addition to the investor's tool kit.

To be sure, the blogosphere is subject to all of the same risks as the Internet itself. Many blogs are loaded with vanity posts, half-truths, rumors, and even intentional distortions. Others have spotty quality. The Securities and Exchange Commission's Office of Internet Enforcement has discovered several fraudsters operating blogs on the Web.

There's no question, however, that among the ranks of legitimate bloggers, the corporate world is well represented, although some executives have undoubtedly hired professionals to blog in their stead. And, of course, you'll have seemingly unlimited choices when it comes to selecting your favorite Web-based market analyst. Not surprisingly, when it comes to the new financial-reporting language of XBRL and interactive data, blogs such as blog.hitachixbrl.com are a far more likely place to find the latest scoop than, say, your local library.

When, in September 2006, I posted on one executive's blog (search for "Jonathan Schwartz" + "Christopher Cox" and you can find it), it immediately became clear how quickly news can spread. The exchange drove home the point that in carrying out the SEC's mission, Web-based disclosure will be of growing importance.

On his blog, Mr. Schwartz, chief executive of Sun Microsystems, challenged the commission to clarify that the use of blogs like his could be consistent with our regulations requiring public companies to share news with the public at the same time they give it to market professionals. As a result of that exchange, the SEC is moving forward on that initiative, aided by thoughtful commentary from outside our own cathedral, some of it found on blogs.

Do bloggers portend more lasting ramifications for the securities world? But of course. Shareholders are on the move, and technology has given them a cheaper and more-effective means to communicate. From improved price discovery to better corporate governance, investors, markets, managements and boards will never be the same.

Favorite blogs: Mr. Cox prefers not to specify any favorite blog because "the way that some SEC followers hang on every agency pronouncement will lead someone to decide that monitoring the blog is both a new compliance burden and a guide to the hidden meanings of agency thinking."

Mia Farrow
The Editor in Chief: Me

Actress
Favorite blogs: BoingBoing.net (Tracks nooks and crannies of the Web); GPSMagazine.com (Everything about global positioning systems)

When my daughter came to me crying because the school newspaper refused to print one of her articles, I said: Why not start your own paper?

Unfiltered publishing was once the exclusive domain of media moguls, but today, who needs Rupert Murdoch? Blogging has become a publishing equalizer that was scarcely dreamed of years ago. It's free, you don't need editors or publishers, you don't even need to be able to write well.

Last year, I followed my own advice. I started www.miafarrow.org. I am my own toughest critic, and I can't say the acceptance rate for my pieces is vastly improved, but the only person I have to convince that an article is worth publishing is the editor in chief: me. (When a piece is posted, the entire staff is elated.)

It is through this experience that I've come to appreciate the purity and power of blogging. I have appeared in more than 40 movies, written a book and given countless interviews on TV, radio and in print. Yet none of this has allowed me to spotlight issues important to me as completely as my blog.

I have blogged from some far-flung locations, such as the ravaged borders between Darfur and eastern Chad. And even in the most isolated regions, I knew that I was not alone. I had brought with me 30,000 readers a day, and they stuck with me every step of the way.

Via satellite phone, I sent messages from the outskirts of the newly attacked town of Paoua in remote northwestern Central African Republic. I found myself in the middle of a humanitarian catastrophe. Hundreds of people had fled into the bush. They were eating leaves and drinking swamp water. No one was there to protect them. "Drums and gunfire are the music of the night," I blogged. Neither the reader nor I could know what would happen next. That immediacy and urgency was transmitted to my family and friends back home, along with thousands of members of the larger human family.

James Taranto
Answering an Unmet Need

Editor, OpinionJournal.com
Favorite blogs: KausFiles.com (Slate's prolific political blogger); InstaPundit.com (Libertarian law professor's take on politics and technology); JustOneMinute.typepad.com (Recent addition to politics blog circuit)

In the world of politics and political journalism, blogs have evolved differently on the right and the left. The seeds of this evolution were sown by two proto-blogs that played key roles in the Clinton impeachment.

On Jan. 18, 1998, the Drudge Report sent an email billed as a BLOCKBUSTER REPORT: "At the last minute, at 6 p.m. on Saturday evening, Newsweek magazine killed a story that was destined to shake official Washington to its foundation: A White House intern carried on a sexual affair with the President of the United States!"

Drudge's borrowed scoop forced the story into the open, and within three days President Clinton issued the first of many denials. His subsequent testimony under oath that he had not had a fling with Monica Lewinsky led to his impeachment for perjury and obstruction of justice. Had Drudge not acted after the mainstream media hesitated, there is no way of knowing if the story would ever have seen the light of day.

That September, after it became clear that Mr. Clinton had lied about his relationship with Ms. Lewinsky, a pair of liberal technology entrepreneurs began a project called "Censure and Move On," an online petition calling on Congress to abandon impeachment, "immediately censure President Clinton and move on to pressing issues facing the country." The Web site, MoveOn.org, later became a hub for liberal political activism, opposing the Iraq war and other Bush administration policies.

Broadly speaking, conservative bloggers have followed the Drudge model, acting as a check on the liberal tendencies of the mainstream media, or "MSM." Conservative bloggers' proudest moments have come when they have debunked false and biased MSM reporting, especially CBS's fraudulent exposé on President Bush's National Guard service in 2004 and Reuters' doctored photos from Lebanon in 2006.

The liberal blogosphere, meanwhile, is a hotbed of edgy activism -- some might say extremism. It pushed forward the Valerie Plame kerfuffle and gave support to candidates such as Ned Lamont, Jon Tester and Jim Webb. Just as conservative talk radio helped along the Republican victory in 1994, liberal blogs had their moment of triumph in the midterm elections 12 years later.

Conservatives see blogs as the answer to Dan Rather, who is liberal but not overtly so. Liberals see them as the answer to Rush Limbaugh, who is open about his opinions and his desire to influence public opinion. In both cases they answer an unmet need in the political/media marketplace.

Jane Hamsher
21st-Century Howard Beales

Founder, firedoglake (political blog)
Favorite blogs: DigbysBlog.blogspot.com (political news and commentary); TBogg.blogspot.com (liberal pundit covers news and culture); CrooksAndLiars.com (left-leaning commentary with lots of video clips)

During the '90s, railing at the TV set was the isometric sport of the silent majority. Progressive political junkies watched in isolation as the Washington Post prominently printed one Whitewater story after another as if they originated on tablets of stone rather than the fax machines of Arkansas political operatives. Many people felt like they were the only ones who scratched their heads in wonder that it all made no sense, recoiling in horror as a slick PR operation rapidly escalated from the realm of lazy, spoon-fed journalism to the constitutional mockery of the Clinton impeachment.

That isolation ended with the advent of the progressive blogosphere, which acts as a virtual water cooler for those who not only want to rail at the TV set, they want the TV set to listen. Probably nothing better contrasts the pre- and postblogospheric worlds than the Whitewater and CIA leak stories. In one, the endless repetition of meaningless gibberish was allowed to take root and become conventional wisdom. In the other, despite the constant reiteration of abject fantasies like "no underlying crime was committed," the public seemed to realize that it's not okay to perjure yourself in front of a grand jury and obstruct justice on behalf of your boss. Special counsel Patrick Fitzgerald was allowed to try his case in court before GOP spinmeisters could try it in the press, and a recent Gallup poll shows that 66% of the country thinks Bush should've left Scooter alone to do his time.

That message wasn't carried by the beltway Brahmins of the MSM, the media elite who transcend party loyalties and embrace Libby as one of their own. They collectively bristled at the thought that Scooter (and no doubt themselves) should be subject to the verdict of some "ignorant jury" (as Ann Coulter likes to call them). No, that message was carried by bloggers and their readers, the thousands of people who collectively pored over the story's coverage, serving as institutional memory and holding media outlets to account when the politics of access journalism threaten to obscure the truth.

At a time when government is in desperate need of oversight and the Fourth Estate has become uncomfortably close with those they are tasked with covering, the progressive blogosphere is a place where erstwhile Howard Beales coalesce to fill the gap. They come together to challenge the virulent Rovian notion that no law is so sacred, no tenet of national security so vital it can't be flouted in the pursuit of political gain. Scooter and other hermetically sealed beltway denizens may think he's a hero, but the rest of the country realizes he's nothing better than a garden variety crook.

It ain't perfect, but it's progress.

Brig. Gen. Kevin Bergner
'Milblogging' the War

Spokesman for Multi-National Force, in Iraq

Military blogs offer readers a front-row seat into the camaraderie, pride and challenges of those in uniform. No one can better represent the experiences of a soldier than soldiers themselves, and "milbloggers" deployed to the frontlines of the war on terror offer first-hand insights into their service and sacrifice.

Why does this matter? Because milbloggers uniquely reveal the human face of our forces, from a young trooper patrolling Baghdad neighborhoods to a doctor saving lives at a Combat Support Hospital. First-hand accounts are an important way to communicate the creativity, commitment, and the lighter moments of those who are placing their lives on the line.

In the past decade, new technologies from satellite phones to Internet technology have changed the relationship between information and warfare. The military's former inclination to control information has been replaced by an appreciation of the risks, but more importantly the opportunities of cyberspace.

One example is when soldiers, of their own initiative, create and maintain personal blogs about their day-to-day experiences. Since blogs have the potential to reach a global audience, we have established clear guidance to ensure that blogging does not violate operational security, individual privacy, military policy or propriety. Our troops are fast learners, so while we have had a few breaches there have been many more positive experiences shared.

By no means do all military blogs paint a positive picture, nor should they. Each posting represents an individual's musings at a particular point in time. We are waging a historic fight against a ruthless enemy. It is also a campaign that historians will be able to learn more broadly about from anecdotes and insights in today's military blogs.

Favorite blogs: "Around here, folks like to read Small Wars Journal (http://smallwarsjournal.com/index.php), Blackfive (http://www.blackfive.net/) and The Mudville Gazette (http://www.mudvillegazette.com/)."

Newt Gingrich
New Political 'Prosumers'

Former House speaker
Favorite blogs: RedState.com (Republican news and notes); Corner.NationalReview.com (conservative magazine's politics blog); PowerlineBlog.com (covers law and right-leaning politics)

Home Depot redefined an industry by catering to customers who preferred to fix their homes themselves rather than rely on professional repairmen. Dell Computer revolutionized the computing industry by allowing customers to design their own computers instead of purchasing the prepackaged, recommended configurations.

It may not seem obvious, but blogging is part of this same social trend. Think of blogging as a DIY movement in our always intertwined media and political culture, blurring the lines between professional producers (news organizations and politicians) and amateur consumers (citizens), creating what Alvin Toffler called "prosumers," characterized by their desire to play an active role in creating the products they consume and by their distrust of professionals who claim to know what's best.

In politics, supporters of a candidate or party are increasingly dissatisfied with simply putting up yard signs or making scripted phone calls; they want those in power to listen and respond to them as well. They also don't trust professional politicians to do what is right without constant supervision.

In many ways, these are the characteristics of any insurgent political movement, but blogging is enabling particularly rapid mobilization and organization.

We've already seen the effects on the Democratic Party. Web sites such as Daily Kos and MoveOn.org -- which I find fascinating as models of online activism -- have made it quite clear that their aim goes beyond stopping President Bush; they're also targeting leaders in their own party viewed as unresponsive to the grassroots. Sen. Joe Lieberman's primary loss is the most visible example. If Republicans remain out of step with their base for too long, expect a similar insurgency on the right.

Similarly in news, it used to be that the only way to respond to an article or editorial was to write a letter to the editor. Now anyone can be a publisher. Bloggers can critique, fact-check or applaud journalists on their own platform, as well as offer their own analysis of world events. The term MSM is a derogatory term in the blogosphere, signifying distrust of the news professional.

To succeed in this new environment, news and political organizations will need to offer products that are both highly responsive and easily customized. Balancing this pressure with the need for news organizations to remain objective and politicians to act in accordance with their leadership responsibilities in a representative democracy will be a significant challenge.

Dick Costolo
Zero-Cost Publishing

Group product manager, Google
Former CEO of FeedBurner (blog services and tools provider)
Favorite blogs: FakeSteve.blogspot.com (musings by a Steve Jobs imposter); Publishing2.com (new media and the future of online publishing); Blog.Photoblogs.org (aggregates the best of the photoblogs)

When I was a kid, there were three broadcast TV channels that everybody was subscribed to, a couple of local papers and a handful of local radio stations with significant range. For all these broadcasters, a community of interest was defined as all the households this broadcast is reaching, so there was no real concept of targeted content or communities of interest. If you happened to be interested in venture capital and were a college student living in Detroit, there was no way for you to participate (an important term) in any community of interest around venture capital unless you moved to Silicon Valley or paid a ridiculous sum of money to subscribe to an obscure newsletter.

On the publishing side, the barriers to entry were replete with all manner of government regulation, massive capital requirements and steep learning curves, creating a natural status difference between publishers and subscribers. The publishers had massive status, the subscribers little or none. The Internet destroyed most of the barriers to publication. The cost of being a publisher dropped to almost zero with two interesting immediate results: anybody can publish, and more importantly, you can publish whatever you want. With the cost of publication at almost zero, the cost of subscribing to almost any community of interest also dropped to zero. Anybody can publish and anybody can subscribe, and publishers and subscribers are now two sides to the same coin. Any subscriber can actively participate in any community of interest by becoming a publisher in that community.

Everything is challenged and no media provider is immune from open public questioning. This is true across the spectrum of publishers. A VC blog written by an expert in Silicon Valley with 20 years' experience is subject to counterpoints from the student in Detroit who's similarly passionate about this community of interest. The challenge, of course, is that in a media democracy, it is incumbent on all of us to determine how we make decisions about authenticity and authority in media, since these traits are no longer an implicit (if sometimes unwarranted) artifact of publication.

Tom Wolfe
A Universe of Rumors

Novelist

One by one, Marshall McLuhan's wackiest-seeming predictions come true. Forty years ago, he said that modern communications technology would turn the young into tribal primitives who pay attention not to objective "news" reports but only to what the drums say, i.e., rumors.

And there you have blogs. The universe of blogs is a universe of rumors, and the tribe likes it that way.

Blogs are an advance guard to the rear. For example, only a primitive would believe a word of Wikipedia (which, though not strictly a blog, shares the characteristics of the genre). The entry under my name says that in 2003 "major news media" broadcast reports of my death and that I telephoned Larry King and said, "I ain't dead yet, give me a little more time and no doubt it will become true."

Oddly, this news supposedly broadcast never reached my ears in any form whatsoever prior to the Wikipedia entry, and I wouldn't have a clue as to how to telephone Larry King. I wouldn't have called him, in any case. I would have called my internist. I don't so much mind Wikipedia's recording of news that nobody ever disseminated in the first place as I do the lame comment attributed to me. I wouldn't say "I ain't" even if I were singing a country music song. In fact, I have posted a $5,000 reward for anyone who can write a song containing the verb forms "am not," "doesn't," or "isn't" that makes the Billboard Top Twenty.

Favorite blogs: Mr. Wolfe, "weary of narcissistic shrieks and baseless 'information,' " says he no longer reads blogs.

Xiao Qiang
Breaking the 'Great Firewall'

Founder and editor of China Digital Times (an independent aggregator of China news); director, China Internet Project at the Graduate School of Journalism at the University of California, Berkeley
Favorite blogs: ZonaEuropa.com (global news with a focus on China); SmartMobs.com (author Howard Rheingold's tech thoughts); Blog.DoNews.com/keso (opinated takes on tech, from iPhone to Google)

Lian Yue started his blog in the spring of 2005. A free-lance columnist, Lian lives in Xiamen, one of China's most wealthy cities on the southeast coast. His liberal-style social commentary and humorous writing quickly won him thousands of readers.

Starting this March, Lian posted a series of articles warning the people in his hometown that a paraxylene (PX) chemical factory being built in his city could have a disastrous environmental impact. He called on residents to speak out against the construction. "Don't be afraid," Lian wrote on his blog on March 29. "Please just talk to your friends, family and colleagues about this event. They might still be in the dark."

Lian is one of 16 million (and growing) active bloggers in China. While most posts are personal, an increasing number of bloggers writing about public affairs have become opinion leaders in their local communities. Despite the government's "Great Firewall" to filter out "undesirable information," and the tens of thousands of personnel hired to police the Internet, the sheer number of bloggers writing about public affairs is having a transformative impact on Chinese politics.

Xiamen authorities have vigorously deleted anti-PX factory messages on any servers within their governing territory. However, word still got out to local residents via email, IM and SMS on mobile phones. One of Lian Yue's articles on this topic was published in a newspaper in a neighboring province and spread "like wildfire" throughout the blogosphere. By the end of May, SMS messages and cellphone photos of protesting slogans such as "Boycott PX, Protect Xiamen" were sent out to millions of Xiamen residents. On June 1 and 2, against the local authorities' warning, several thousand citizens spontaneously showed up "to walk" in front of the city government with anti-PX message boards. Participants reported the protest live with their cellphones, which directly transmitted photos and text to their blogs.

The government was forced to announce a "re-evaluation" of the factory construction.

In China, blogs enable millions of citizens to express their opinions with reduced political risk simply because of the sheer number of like-minded opinions online. Facing these independent voices, the old ideological machine starts to crumble. Within society, bloggers like Lian Yue are seen as more credible voices than propaganda officials. The Chinese blogosphere is a dynamically contested terrain. What will the long-term implications be? I think the writing is already on the Great Firewall.

Jim Buckmaster
Zero-Cost Publishing

CEO, Craigslist
Favorite blogs: Slashdot.org (one of the first tech blogs); Metafilter.com (community blog anyone can edit); Valleywag.com (tech gossip site); TechDirt.com (popular tech news site)

Iraq Occupation? Global Warming? Abuse of Power? Pick up a Blog!

I read blogs every day, for all sorts of reasons, but I turn to blogs especially when I want to hear alternative viewpoints -- for example, information on a particular medical treatment from the viewpoint of patients receiving it, rather than doctors administering it; reports from the battlefield seen through the eyes of soldiers rather than politicians; thoughts on a particular technology from the standpoint of engineers rather than executives.

Consider the Iraq occupation -- or colonization. Corporate media provide saturation coverage, but often manage to leave all the most interesting bits for bloggers, such as what our government is actually trying to accomplish by occupying Iraq (blog.zmag.org/ttt), what Iraqis think about the occupation so far (afamilyinbaghdad.blogspot.com, iraqblogcount.blogspot.com), how our soldiers feel about it (cbftw.blogspot.com), and how taxes being appropriated for it are being doled out (www.huffingtonpost.com). On global warming and reducing our reliance on oil imports, stories in corporate media tend to reinforce the status quo, dwell on political impracticalities of making changes, or focus on pork-barrel nonsolutions like ethanol. Turn instead to quality blogs on the subject (like cleantechblog.com, or Amory Lovins's blog at green.yahoo.com) and you quickly learn that excellent solutions are at hand, but are being mostly ignored because they aren't popular with certain large corporations and their representatives in Washington.

With millions of private citizens now blogging, there is a diverse and not-easily-censorable chorus to sound alarms, something the corporate media often will not do. In fact, I think our "citizen journalists" in the blogosphere protect us against abuse of power to a far greater degree than the much ballyhooed "citizen militia" afforded by gun ownership -- without the daily carnage of accidental and impulse shootings.

Elizabeth Spiers
Effective Niche Targeting

Writer
Founding editor, Gawker (news and gossip site)
Favorite blogs: Reason.com/blog (news and commentary recommended by libertarian magazine's staff) MaudNewton.com (former attorney who writes on literature and culture); DesignObserver.com (posts about design)

"I don't know why anyone reads blogs," the editor in chief of a large magazine once said to me. "It's like listening to the crazy guy on the subway rant." I had generated a substantial part of my income in the previous three years from professional blogging and wasn't inclined to bash blogs categorically, but I conceded that in some cases she was right. There are countless blogs that are filled with inarticulate vituperative screeds that appear to have been published by people whose mental facilities are not fully intact. I'll even confess to having written a few posts that undoubtedly fit that description.

That said, a blog is just a format for content. It's a way of presenting information in a linear fashion, in reverse chronological order. Ultimately, the blog is only as good as the information presented.

Of the various blogs I've written or produced, the ones that worked best -- the ones that had the biggest and most loyal readerships -- always had a few consistent qualities. They were topically focused, often in niche areas. They published regularly and frequently, typically during office hours and several times a day. They published content that was original or difficult to find, from breaking news to proprietary photographs to obscure links that readers are unlikely to find on their own. They were usually well-written, which has its own intrinsic appeal for anyone who prefers to enjoy what they're reading. And lastly, they engaged their readership by soliciting feedback and responding to it, in the form of asking for tips, allowing comments or otherwise demonstrating some level of interest in their audience's preferences.

Most blogs are personal diaries and don't fit those criteria, even in part. But the success of the various blogs that do choose to follow the aforementioned formula indicates that it's possible to create commercially viable media products for niche audiences. Even more important for traditional media, blogs are an inexpensive way to test new editorial concepts with an engaged audience whose behavior and preferences are more directly measurable than in any other medium. This alone should be of interest to any pragmatic editor
http://online.wsj.com/article/SB118436667045766268.html

Tech Boom, Media Bust
Brian Caulfield

It was a slow Friday at Red Herring magazine. The receptionist at the Silicon Valley tech title had stepped away from her desk. So a messenger strolls in from the summer sunshine, finds a 20-something reporter on her first real job and hits her with an eviction notice. Red Herring has three days to pay the rent or get out. Word got around, fast. Then someone looked outside. There, driving up in a rented silver Mazda minivan is a correspondent with gossip blog Valleywag. Aaaaaaand she's got a camera.

Silicon Valley is booming again. But if you work in tech media, there's blood on the floor. Take Red Herring. It hung onto its offices after getting the eviction notice earlier this month. But gossip site Valleywag is breaking story after story not just on its beat--but about its woes. Meanwhile, bigger publications are hurting too: Time Warner's (nyse: TWX - news - people ) Business 2.0 saw ad pages drop 21.8% through March from the same period a year ago; PC Magazine's editor in chief walked out the door after ad pages fell 38.8% over the same period; and one-time online powerhouse CNET is reporting growing losses even as the companies it covers flourish. It may be happening in tech first, but there's no reason the same thing won't happen, eventually, in every media niche.

Things couldn't be much more different than the last boom. While online upstarts such as HotWired struggled to make money--they had to invent the banner ad--print titles flourished. The Industry Standard, founded in 1997, set ad sales records. Business 2.0 came out of nowhere to scoop up gobs of ads against articles detailing how to succeed in the new economy. And one-time venture capital bible Red Herring ballooned to hundreds of pages. Then the tech downturn hit. The Industry Standard closed. The assets of Red Herring and Business 2.0 were sold to new owners.

But while the good times are back--the tech-heavy Nasdaq hit a six-and-a-half-year high last week--tech trade and new-economy publications have not bounced back. The first problem: online keyword advertising. Media insiders say search engines such as Google have snarfed up the product-driven ads. Rather than running product listings in trade publications and newspapers, media insiders say tech companies prefer to buy keyword ads so they can send buyers straight to the gear they want. "Search is what ignited everything," says Geoff Ramsey, Chief Executive of eMarketer, a firm which aggregates and analyzes online marketing statistics.

Meanwhile, Industry Standard founder John Battelle is keeping the bonfire of the print titles burning. His Federated Media Publishing is selling ads on more than 100 blogs, giving ad buyers the ability to spend big money on a collection of highly specialized sites--many of them focused on tech--that suit their needs. "If Cisco has to spend, I don't know, a couple of million dollars on a trade campaign, they are not spending it with Red Herring or Business 2.0. They are spending it with Federated Media, with bloggers who cover the sector," says Rafat Ali, editor and publisher of online media tracker PaidContent.org.

And while blog networks are quickly gaining scale, even their most coveted offerings are cost-competitive. To make a back-of-the-napkin comparison based on rate cards: A start-up looking to get attention will grab a third-of-a-page color ad in a magazine with a rate base of 600,000 and might pay $27,300; or it can pay $21,000 for 600,000 impressions for its ads on TechCrunch--a site covering start-ups represented by Battelle's Federated Media--assuming they take the priciest ad slot on one of tech's hottest sites.

That's no surprise, given that it takes fewer resources for blogs to crank out content than it does print titles. Web sites such as GigaOm, TechCrunch and Valleywag--with a few laptops, a web server and some hustle--are crowding into beats once dominated by trade publications and enthusiast magazines who rely on printing presses and full-time writers and editors. Bottom line: A successful blog can simply grab more readers, per employee, than more traditional media.

Talk to blogger Matt Marshall. He walked away from covering venture capital at one of California's biggest newspapers, the San Jose Mercury News, to run a venture capital Web site from the second bedroom of his Fremont, Calif., home. He has no employees. Federated Media handles the ad sales for a 40% cut. And Marshall says he now makes more than he did as a reporter. Meanwhile, the Mercury News laid off 31 of his former colleagues this month. "Where they can actually succeed is by taking a particular vertical and absolutely nailing it," eMarketer's Ramsey says of bloggers like Marshall.

Of course, blogging is not the express lane to riches its more exuberant backers would have you believe. The anonymous satirist who runs "The Secret Diary of Fake Steve Jobs" started hitting up his readers for money-making ideas just weeks after being named to Business 2.0's list of "50 Who Matter Now," even while, in character as Apple Chief Steve Jobs, he boasted about Apple's huge stock gains. And while Marshall says he's making a living, he's still living lean: he says he works until 3 a.m. many nights. "I can go under any day, and that's what brings the passion to this," Marshall says.

The truth is, the vast majority of bloggers will never garner more than a few dozen readers. Then again, most of today's print-heavy news outlets are scaling back in the face of the relentless online competition. Marshall's father, Tyler Marshall, walked away from journalism after winning a Pulitzer Prize at The Los Angeles Times, bought out in a round of downsizing at the venerable newspaper. When Marshall told his father about his plan to launch his own publication, the older Marshall didn't discourage him. After all, what did he have to lose?
http://www.forbes.com/technology/200...techmedia.html

Create Your Own Live TV Channel With Selfcast
Press Release

RawFlow’s New Online Broadcasting Portal for User Generated Content is Now Released as a Beta Version. Selfcast Allows Anyone to Create Their Own TV Channel for Free and Broadcast Live on the Internet.

RawFlow, a leading provider of live peer-to-peer streaming technologies, has announced the public launch of a beta version of Selfcast – a P2P based live broadcasting portal. For the first time ever, anyone can broadcast live to the world for free using just a webcam, a pc and an internet connection. Budding directors, musicians, talk show hosts and others, can now reach the masses online.

Selfcast enables users to:

• Broadcast live anywhere, any time
• Invite friends, fans and family via integrated invitation tool
• Completely free, easy to use
• Broadcast directly from webcam or microphone
• Get instant feedback from viewers who can submit comments or participate in the Live chat
• Broadcast live or pre-recorded content which can be added to a play list

In order to create broadcasts, a user simply downloads and installs the Selfcast software, which works as broadcast wizard and encoder for the broadcasts. Friends can then be invited to watch via built-in Instant Messenger (IM) tools such as Skype, Yahoo! Messenger, ICQ, and MSN. You can also invite your friends to watch via email.

RawFlow is the company and driving force behind Selfcast – it uses its unique peer-to-peer technology, to enable anyone, anywhere to broadcast themselves live on the internet without any need for expensive hardware, infrastructure or bandwidth.

Selfcast successfully added 500 beta testers on to the site on June 25th this year, and now allows anyone to try the beta version.

Mikkel Dissing, Chief Executive Officer at RawFlow, commented: “Selfcast is unique in the sense that it allows anyone to broadcast for as long as they like for free. The fact that it is live means that you can get instant gratification from fans and friends. We already have had positive feedback from our early beta testers, and now welcome anyone to join our live video community”.

Next up for Selfcast will be developing widgets which allows users to implement their channels into other social networks and websites.
http://home.businesswire.com/portal/...&newsLang =en

Facebook: the Ultimate P2P Darknet Enabler?
vednis

Could Facebook be used as the catalyst for a new generation of Peer-to-Peer darknet applications?

Briefly, a darknet is a private virtual network where users only connect to people they trust. This is very similar to the networks that Facebook builds. Trust is the key. You connect to close friends and relatives, giving them access to personal content not privy to your larger network as a whole.

Facebook could become an enabler for these networks, in that it provides a common point in the network through which you may connect with those trusted people. Not directly, but via Facebook’s new applications interface, or via exisiting network tools that Facebook supports directly, such as MSN, Gmail, etc.

One such darknet application may be Peer-to-Peer shared backups. Imagine making an agreement with your relatives, that you would each devote 2GB of hard-drive space to keeping the family photo pool backed up. Some clever Open Source software could keep the photo pool maintained, distributed among all of your computers. The sharing tool could use a Facebook application for peer discovery.

You could even route new content over existing tools. I wonder, if you could install the iLike application, could you use it to publish new content for your friends, and hook an Open Source content sharing tool into the iLike interface to handle the transfer? iLike publishes what’s new, Facebook publishes your content share points, and the Open Source tool handles the data.

Using Facebook to publish content discovery and sharing points opens the door to federated services, allowing you to get your network out of the hands of commercial parties. If I could publish the address of a personal server on Facebook (a server that I own, running my own services), then I could start building networks and sharing with others outside of Facebook. And I would once again have control of my identity within those networks - I won’t have to rely on the Facebook privacy controls, or anything like that.

Just some ideas.
http://acanvas.wordpress.com/2007/07...rknet-enabler/

Re-Vote Likely After E-Vote Error

A California judge appears set to nullify an election result voting down medical use of marijuana after an e-voting lawsuit.
Stephen Lawson

A California judge is likely to order a Berkeley city initiative back on the ballot because of local officials' mishandling of electronic voting machine data, a public-interest lawyer arguing the case said Friday.

In a preliminary ruling Thursday, Judge Winifred Smith of the Alameda County Superior Court indicated she would nullify the defeat of a medical marijuana proposal in Berkeley in 2004 and order the measure put back on the ballot in a later election. A hearing on Friday morning in advance of a final ruling brought out nothing that indicated Smith would deviate from her preliminary decision, said attorney Gregory Luke, who is representing Americans for Safe Access. The medical-marijuana advocacy group is suing the county, assisted by the technology rights group Electronic Frontier Foundation.

The case points to the dangers of electronic voting systems, which make it harder to ensure fair elections, Luke said. Electronic voting machines have been widely adopted in the U.S. since the disputed presidential election of 2000. Laws in California and some other states now require paper records of all votes, but the California law wasn't in place for the Berkeley election.

Both sides argued their cases before Smith on Friday in a last-ditch hearing on the proposed sanctions, according to Luke. The hearing brought out nothing new that suggested Smith would change direction, he said.

Americans for Free Access sought a recount of the vote on Measure R, which would have established procedures for opening marijuana dispensaries in Berkeley. It lost by fewer than 200 votes. A recount wasn't possible because the city didn't share the necessary voting records, in violation of election laws, Judge Smith ruled in April. In May, the county agreed to share some data.

The county reused voting machines from Diebold Election Systems Inc. without saving sufficient data to carry out a recount or review the election process, Luke said. Officials failed to save key evidence even after the suit was pending, he said. Data from the vote in question has only been found on 20 of the hundreds of machines used in the election, according to Luke.

In addition to ordering another vote on Measure R, Judge Smith's preliminary ruling called for the county to pay the US$22,604 cost of the recount, as well as attorney's fees and the cost of a trip to Diebold offices in Texas.

Ordering a new vote is a rare move for a court, Luke said.

"This is a very severe sanction. ... and it's warranted," he said Friday.

Luke expects a final ruling in the case within two weeks. The county could appeal to a higher court if the ruling goes against it, he said. Attorneys for the county were not immediately available for comment.
http://www.pcworld.com/article/id,13...s/article.html

Forecast for Young, Stevens Clouds Up

CONGRESSMEN: Increasing national scrutiny makes pair take notice of political winds.
Steve Quinn

They are, by their own admissions, feisty and cranky, with tempers that underpin their reputations as old-school -- yet effective -- members of Congress. They have more than 70 years of service on Capitol Hill between them and aren't ready to call it quits.

But Alaska Sen. Ted Stevens, 83, and Rep. Don Young, 74, have also found themselves under increasing national scrutiny while their Republican party -- which staunchly supports them -- tries to mount a comeback to regain majority status in Congress.

The two men are being pushed on legal and ethical grounds for various cozy relationships with influential businessmen.

Yet neither plans to soften the tone or approach that enabled them to direct millions of federal dollars to Alaska.

Both are seeking another term next year, undaunted by the growing scrutiny and with hopes the Republicans will be back in power.

"People don't understand; if you don't establish yourself as the biggest dog in the yard, you're going to be chased out," Young said. "No one has been able to do that to me."

Political analysts say Young -- Alaska's lone representative since a special election in 1973 -- may be the most vulnerable right now, but Stevens could be in for the toughest time yet in his political career heading toward the 2008 election.

Long-Serving Senator

Stevens is facing scrutiny from federal investigators for a home remodeling project, an investigation that dovetailed with a corruption investigation into state officials.

Meanwhile, his son Ben, a former Alaska Senate president, was one of six state lawmakers who had their offices raided by the FBI last year. He has not been charged and has denied any wrongdoing.

Ted Stevens, a former prosecutor, said his attorneys have advised him not to discuss the investigation.

However, Stevens did say that he's not taking the investigation lightly, especially if it gains momentum.

"The worst thing about this investigation is that it does change your life in terms of employment potential," said Stevens, the longest serving Republican in Senate history who was appointed in 1968. "It doesn't matter what anyone says, it does shake you up. If this is still hanging around a year from November, it could cause me some trouble."

But so far, Stevens seems to be thriving on the setbacks. He was recently credited for helping broker a compromise on the Senate's energy bill.

"I think all this has increased my focus on doing my job," he said. "I'm working to get this concept out of my mind that someone is trying to make something illegal out of all this. That's what's really disturbing."

'Earmarks Are Good'

Meanwhile, criticisms launched at Young have come piecemeal over the last several years. He was connected to the scandal surrounding lobbyist Jack Abramoff when one of his former aides pleaded guilty to accepting gifts in exchange for official acts on the lobbyist's behalf.

He has also taken heat for earmarks, money awarded for specific projects. Young most notably gained national attention for securing $200 million for a bridge project linking the southeast Alaska community of Ketchikan to its airport on Gravina, a nearby island, which became known as the "Bridge to Nowhere."

More recently, Young -- the former chairman of the House Transportation Committee -- is taking heat for directing money to a Florida road project study. The money was not sought by the district's Republican congressman but would benefit a major contributor to Young's campaign.

"When you are chairman of a committee, you represent the whole nation; you don't represent one district, which is in my case is one state," Young said. "Earmarks are good for the country and good for the people you represent.

"That is the role of a congressman. If you can't get money for your district, you shouldn't be in Congress," he said.

The Democratic Congressional Campaign Committee put Young on notice that it will provide logistical and financial support to a strong party challenger. So far, his only challenger is Diane Benson, whom Young defeated for re-election in 2006.

"They are welcome to try," Young said. "I know that I'm the one they would like to eliminate. It doesn't bother me as long as I run a good campaign and do what's right for this state."

The first punch has already been thrown. The Democratic committee recently launched a radio ad criticizing Young's commitment to providing benefits to troops in Iraq and Afghanistan.

Committee spokesman Fernando Cuevas says the party nationally believes the old guard needs to step down, especially in Alaska where one current and three former state lawmakers face federal bribery and extortion charges.

"People are tired of seeing politicians in this light, from the state legislature to this," Cuevas said. "People are tired of the spin. That style is done. You are seeing politicians at a different standard."

Democrats Smell Blood

Alaska Republican Party chairman Randy Ruedrich is not worried about the fate of his party's two warhorses. He said enough Alaskans will remember how Stevens and Young have helped the state grow, and not just the major cities, but the rural areas as well.
"Their work is what made good drinking water available to our rural system," Ruedrich said.

"They made life in many villages and small towns 20th century living rather than a honey bucket world," he said of the plastic buckets still used by some Alaskans without running water in their homes.

Ruedrich said he welcomes a challenge from Democrats who couldn't unseat U.S. Sen. Lisa Murkowski, who was appointed by her father to his seat when Frank Murkowski was elected governor in 2004.

But even as Democrats start to smell blood, political analysts say none of the troubles for Stevens or Young is enough to knock them off their perch just yet.

"Those two have been drilling for oil in Washington for a long time and they struck it rich," said David King, political science professor at Harvard University's John F. Kennedy School of Government.

"They are making sure they bring home the bacon to Alaska," he said. "Ideology and style don't matter as much as bringing money back home. That culture in Washington hasn't changed much at all."
http://www.adn.com/front/story/9118343p-9034682c.html

Hackers Steal U.S. Government, Corporate Data from PCs
Jim Finkle

Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said.

The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd.

Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches.

The other parties either declined comment or did not respond to requests for comment.

Prevx said the malware it identified uses a program named NTOS.exe that probes PCs for confidential data, then sends it to a Web site hosted on Yahoo Inc. That site's owner is likely unaware it is being used by hackers, Morris said.

He believes the hackers have set up several "sister" Web sites that are collecting similar data from other squadrons of malware. It was not clear whether the hackers used any information stolen from more than 1,000 PCs.

The hackers only targeted a limited group of computers, which kept traffic down and allowed them to stay under the radar of security police, who tend to identify threats when activity reaches a certain level.

"What is most worrying is that this particular sample of malware wasn't recognized by existing antivirus software. It was able to slip through enterprise defenses," said Yankee Group security analyst Andrew Jaquith, who learned of the breach from Morris.

Security experts say such crimes occur frequently because hackers have access to software that allows them to build undetectable malware that security firms are unable to fight.

In this case, the malware had not been flagged as dangerous, although security firms put out updates identifying it as such on Monday night after Prevx sounded the alarm.

"The sophistication is really far out there. There is no way security companies are going to catch up," said Rick Wesson, chief executive of Support Intelligence, a San Francisco firm that helps companies and government agencies detect and fight attacks on their computer systems.

Wesson said his company is monitoring three other campaigns that are currently ongoing, but declined to discuss them, saying that could hamper counter-intelligence efforts.

Wake-Up Call

Many large organizations -- including government agencies -- do not use all the bells and whistles in their security software, security experts say.

For example, organizations can choose to only let employees run programs on a list of safe software, but most take the opposite approach, banning programs listed as dangerous.

Also, sensitive information on PCs is rarely encrypted. Doing so makes stolen information useless to hackers, but requires extra work by employees who access the data.

A researcher with a large security firm said the attack disclosed by Prevx is "a wake-up call."

"We try to strike a balance between usability and protection. It's a delicate balance. But organizations need to lean more toward the protection side than the usability side," said the researcher who declined to be identified.

What is unusual about the case publicized by Prevx, security experts say, is that the firm named the victims.

Prevx CEO Morris said he did so to bring attention to vulnerabilities in security systems protecting sensitive government data.

Hackers use security tools to help them determine whether their malware will be able to get past corporate and government defenses. For example, a Web site called virustotal.com lets users upload files to see if they are safe. Hackers use it to see if their malware will make it past security systems.

Morris said he had downloaded the data from the Web site used by the hackers and provided it to investigators from the FBI's Law Enforcement Online, or LEO, program.

An FBI spokesman declined comment.

(Additional reporting by Eric Auchard in San Francisco, John Crawley in Washington, Georgina Prodhan in Frankfurt.)
http://www.reuters.com/article/domes...38118020070717

Is Winning on Faulty Slot Machine Crime?

Prosecutors are considering criminal charges against casino gamblers who won big on a slot machine that had been installed with faulty software.

The machine at Caesars Indiana credited gamblers $10 for each dollar they inserted because the software wasn't designed for U.S. currency, state police said. More than two dozen people played the machine before one gambler alerted Caesars employees.

Caesars lost $487,000 on the machine during that time, state police said.

A decision on whether to bring criminal charges could come in a couple of weeks, said John Colin, chief deputy prosecutor for Harrison County. He said "criminal intent" may be involved when people play a machine they know is faulty.

The casino said some of the gamblers returned the money after the casino contacted them.

"This is a bit of an unusual case because you've got to go back and piece together who did what," Colin said. The prosecutor's office declined to say Thursday what criminal charges could be brought.

The incident occurred last July, but he said obtaining casino records took longer than expected.

Kathryn Ford of Louisville, Ky., the gambler who alerted the casino, said going after the other patrons was unfair.

When a slot machine jams and gamblers lose money, they don't get it back, she said.

"It doesn't work in the reverse," Ford said. "They need to forget it and move on."
http://news.yahoo.com/s/ap/20070719/...s_slot_machine

The Top Countries For Cybercrime
Andy Greenberg

Cybercrime, like every digital industry, is outsourcing. Though the U.S. still produces more malware, spam and viruses than any country in the world, illicit IT jobs are increasingly scattered across an anarchic and international Internet, where labor is cheap, legitimate IT jobs are scarce and scammers are insulated from the laws that protect their victims by thousands of miles. As Thomas Friedman might say, the criminal underworld is flat.

According to a Symantec (nasdaq: SYMC - news - people ) report at the end of 2006, Beijing is now home to the world's largest collection of malware-infected computers, nearly 5% of the world's total. Research by the security company Sophos in April showed that China has overtaken the U.S. in hosting Web pages that secretly install malicious programs on computers to steal private information or send spam e-mails. And another report from Sophos earlier that month showed that Europe produces more spam than any other continent; one Polish Internet service provider alone produces fully 5% of the world's spam.

Cybercrime this geographically diverse isn't just hard to stop; it's hard to track. Common tactics like phishing and spam are usually achieved with "botnets," herds of PCs hijacked with malware unbeknownst to their owners. Botnet attacks can usually be traced only to the zombie computers, not to their original source. That means the majority of studies mapping botnet attacks point to every place in the world that has vulnerable PCs, with no real sense of where the attacks begin.

Researchers at Sophos Labs say they have a solution: They can roughly identify the host country of malicious software by tracing the default language of the computer on which it was programmed. According to their analysis of the default language linked with about 19,000 samples at the end of last year, Americans and other non-British English speakers still produce the most malware, more than a third of the world’s total. Close behind is China, producing 30%, followed by Brazil, with 14.2%. Russia places fourth with 4.1% of the world’s malware.

Bill Pennington of White Hat Security attributes these developing countries' bad behavior to an overabundance of technologically trained young people with low-paying jobs. "If you’re in Russia or China and you have a computer science degree," he says, "You can either go work for nothing or you can make money using your skills for nefarious purposes."

Cybercrime isn't merely spreading to certain foreign countries, it's becoming cosmopolitan, says James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies. As crime syndicates in Europe and Asia move into online scams, Lewis says that a single cybercrime operation can now be distributed among many different groups in several countries. One may create a "botnet" while another rents those computers to send credit scam e-mails and a third party transfers funds using the fraudulently obtained banking information. Sometimes each operation is on a different continent.

"The big problem here is political. It’s sovereignty," Lewis says. "The FBI cannot go enforce American law without the consent of the country where cybercrime is being carried out. So even if U.S. laws were perfect, it wouldn’t be enough to protect you." He describes a "Bonnie and Clyde" situation, where police stop at the edge of their jurisdiction rather than pursue criminals to their hideouts.

The growth areas of the malware industry aren't easily predicted. India, for instance, is one of the world’s most technologically booming developing countries, but ranks surprisingly low on Sophos' list. The U.K. and India together contribute only 1.3% of the world's malware--both use British English as a default language, so their samples couldn't be separated--and Sophos researchers say the majority of that criminal activity comes from the U.K. Eugene Kaspersky, Russian security guru and head of Kaspersky Labs, can only explain India’s lack of cybercrime as a "cultural difference."

Nandkumar Saravade, director of cyber security for India's National Association of Software and Service Companies, says that India has so far avoided a cybercrime epidemic thanks to the success of its legitimate IT industry. "Today, it is a fact that any person in India with marketable computer skills has a few job offers in hand," he says.

But Saravade and Kaspersky both warn that security professionals should expect the subcontinent’s malware contribution to grow in coming years. When it does, India likely won't be ready to contain the problem: The country's last major cybercrime law was created in 2000, long before botnets became an issue.

India isn't alone in being unprepared: Kaspersky says that the growing industry of malware professionals around the world hasn't been fully recognized by international legal bodies or the software industry, which continues to build vulnerable programs.

"We in the security industry need to attract the attention of government authorities, educate users and encourage changes in basic operating systems," he says. "Alone, we don’t have a chance."
http://www.forbes.com/home/technolog...ybercrime.html

Attackers Hide in Fast Flux
Kelly Jackson Higgins

Cybercriminals are increasingly using an advanced method of hiding and sustaining their malicious Websites and botnet infrastructures -- dubbed "fast-flux" -- that could make them more difficult to detect, researchers say.

Criminal organizations behind two infamous malware families -- Warezov/Stration and Storm -- in the past few months have separately moved their infrastructures to so-called fast-flux service networks, according to the Honeynet Project & Research Alliance, which has released a new report on the emerging networks and techniques.

Fast-flux is basically load-balancing with a twist. It's a round-robin method where infected bot machines (typically home computers) serve as proxies or hosts for malicious Websites. These are constantly rotated, changing their DNS records to prevent their discovery by researchers, ISPs, or law enforcement.

"The purpose of this technique is to render the IP-based block list -- a popular tool for identifying malicious systems -- useless for preventing attacks," says Adam O'Donnell, director of emerging technologies at security vendor Cloudmark.

Researchers and ISPs have been aware of fast-flux for over a year, but there hasn't been an in-depth look at how it works until now. "All of this research on fast-flux is new. No one had any definitive research on it," says Ralph Logan, vice president of the Honeynet Project and principal of The Logan Group. "We saw a rising trend in illegal, malicious criminal activity here."

Fast-flux helps cybercriminals hide their content servers, including everything from fake online pharmacies, phishing sites, money mules, and adult content sites, Logan says. "This is to keep security professionals and ISPs from discovering and mitigating their illegal content."

The bad guys like fast-flux -- not only because it keeps them up and running, but also because it's more efficient than traditional methods of infecting multiple machines, which were easily discovered.

"The ISP would shut down my 100 machines, and then I'd have to infect 100 more to serve my content and relay my spam," Logan says. Fast-flux, however, lets hackers set up proxy servers that contact the "mother ship," which serves as command and control. It uses an extra layer of obfuscation between the victim (client) and the content machine, he says.

A domain has hundreds or thousands of IP addresses, all of which are rotated frequently -- so the proxy machines get rotated regularly, too -- some as often as every three minutes -- to avoid detection. "It's not a bunch of traffic to one node serving illegal code," Logan says.

"I send you a phishing email, you click on www.homepharmacy.com -- but it's really taking you to Grandma's PC on PacBell, which wakes up and says 'it's my turn now.' You'd have 100 different users coming to Grandma's PC for the next few minutes, and then Auntie Flo's PC gets command-and-controlled" next, Logan explains.

The home PC proxies are infected the usual way, through spam email, viruses, or other common methods, Logan says.

The Honeynet Project & Alliance set out a live honeypot to invite infection by a fast-flux service network. "Our honeypot can capture actual traffic between the mother ship and the end node," Logan says. The alliance is still studying the malicious code and behavior of the fast-flux network it has baited, he says.

What can be done about fast flux? ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; "blackhole" DNS and BGP route-injection; and monitor DNS, the report says.

Cloudmark's O'Donnell says fast flux is just the latest method of survival for the bad guys: There are more to come. "Any technique that allows a malicious actor to keep his network online longer -- and reduce the probability of his messages and attacks being blocked -- will be used," he says. "This is just the latest of those techniques."
http://www.darkreading.com/document....WT.svl=news1_1

Adobe Flash Exploit Could Log Keystrokes
Dawn Kawamoto

Adobe has issued three critical security updates, one of which is designed to stop a problem in the way the Flash player interacts with browsers, which could result in users' keystrokes being transmitted to attackers.

Adobe Flash Player 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms, are affected.

Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 9.0.45.0 and earlier versions, according to a security advisory from Secunia. Attackers, as a result, can gain remote access to a user's system.

In versions 7.0.69.0 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player and certain browsers. That could potentially lead to a leaking of keystrokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected.

Versions 8.0.34.0 and earlier contain a bug due to insufficient validation of the HTTP referrer. As a result, an attacker could execute a cross-site forgery attack. Flash Player 9, however, is not affected.

Adobe recommends that 9.0.45.0 users upgrade to 9.0.47.0 for Windows, Mac and Solaris, or 9.0.48.0 for Linux.

Adobe Flash Player 9 is the recommended solution for the other two versions that contain security flaws.
http://www.zdnetasia.com/news/securi...2028443,00.htm

FBI Remotely Installs Spyware to Trace Bomb Threat
Declan McCullagh

The FBI used a novel type of remotely installed spyware last month to investigate who was e-mailing bomb threats to a high school near Olympia, Wash.

Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect's computer, other information found on the PC and, notably, an ongoing log of the user's outbound connections.

The suspect, former Timberline High School student Josh Glazebrook, was sentenced this week to 90 days in juvenile detention after pleading guilty to making bomb threats and other charges.

While there's been plenty of speculation about how the FBI might deliver spyware electronically, this case appears to be the first to reveal how the technique is used in practice. The FBI did confirm in 2001 that it was working on a virus called Magic Lantern but hasn't said much about it since. The two other cases in which federal investigators were known to have used spyware--the Scarfo and Forrester cases--involved agents actually sneaking into offices to implant key loggers.

An 18-page affidavit filed in federal court by FBI Agent Norm Sanders last month and obtained by CNET News.com claims details about the governmental spyware are confidential. The FBI calls its spyware a Computer and Internet Protocol Address Verifier, or CIPAV.

"The exact nature of these commands, processes, capabilities, and their configuration is classified as a law enforcement sensitive investigative technique, the disclosure of which would likely jeopardize other ongoing investigations and/or future use of the technique," Sanders wrote. A reference to the operating system's registry indicates that CIPAV can target, as you might expect given its market share, Microsoft Windows. Other data sent back to the FBI include the operating system type and serial number, the logged-in user name, and the Web URL that the computer was "previously connected to."

News.com has posted Sanders' affidavit and a summary of the CIPAV results that the FBI submitted to U.S. Magistrate Judge James Donohue.

There have been hints in the past that the FBI has employed this technique. In 2004, an article in the Minneapolis Star Tribune reported that the bureau had used an "Internet Protocol Address Verifier" that was sent to a suspect via e-mail.

But bloggers at the time dismissed it--in hindsight, perhaps erroneously--as the FBI merely using an embedded image in an HTML-formatted e-mail message, also known as a Web bug.

Finding out who's behind a MySpace account

An interesting twist in the current case is that the county sheriff's office learned about the MySpace profile -- timberlinebombinfo -- when the creator tried to persuade other students to link to it and at least one of their parents called the police. The sheriff's office reported that 33 students received a request to post the link to "timberlinebombinfo" on their own MySpace pages.

In addition, the bomb hoaxster was sending a series of taunting messages from Google Gmail accounts (including dougbrigs@gmail.com) the week of June 4. A representative excerpt: "There are 4 bombs planted throughout Timberline High School. One in the math hall, library hall, and one portable. The bombs will go off in 5 minute intervals at 9:15 am."

The FBI replied by obtaining account logs from Google and MySpace. Both pointed to the Internet Protocol address of 80.76.80.103, which turned out to be a compromised computer in Italy.

That's when the FBI decided to roll out the heavy artillery: CIPAV. "I have concluded that using a CIPAV on the target MySpace 'Timberlinebombinfo' account may assist the FBI to determine the identities of the individual(s) using the activating computer," Sanders' affidavit says.

CIPAV was going to be installed "through an electronic messaging program from an account controlled by the FBI," which probably means e-mail. (Either e-mail or instant messaging could be used to deliver an infected file with CIPAV hidden in it, but the wording of that portion of the affidavit makes e-mail more likely.)

After CIPAV is installed, the FBI said, it will immediately report back to the government the computer's Internet Protocol address, Ethernet MAC address, "other variables, and certain registry-type information." And then, for the next 60 days, it will record Internet Protocol addresses visited but not the contents of the communications.

Putting the legal issues aside for the moment, one key question remains a mystery: Assuming the FBI delivered the CIPAV spyware via e-mail, how did the the program bypass antispyware defenses and install itself as malicious software? (There's no mention of antivirus defenses in the court documents, true, but the bomb-hoaxster also performed a denial of service attack against the school district computers -- which, coupled with compromising the server in Italy, points to some modicum of technical knowledge.)

One possibility is that the FBI has persuaded security software makers to overlook CIPAV and not alert their users to its presence.

Another is that the FBI has found (or paid someone to uncover) unknown vulnerabilities in Windows or Windows-based security software that would permit CIPAV to be installed. From the FBI's perspective, this would be the most desirable: for one thing, it would also obviate the need to strong-arm dozens of different security vendors, some with headquarters in other countries, into whitelisting CIPAV.

Earlier this week, News.com surveyed 13 security vendors and all said it was their general policy to detect police spyware. Some, however, indicated they would obey a court order to ignore policeware, and neither McAfee nor Microsoft would say whether they had received such a court order.

The verbatim results of our survey are here.
http://news.com.com/8301-10784_3-9746451-7.html

FBI Ducks Questions About its Remotely Installed Spyware
Declan McCullagh

There are plenty of unanswered questions about the FBI spyware that, as we reported earlier this week, can be delivered over the Internet and implanted in a suspect's computer remotely.

Many of the questions hearken back to the old debate over the FBI's Carnivore wiretapping system, which technical luminaries Steve Bellovin, Matt Blaze, David Farber, Peter Neumann, and Eugene Spafford raised in a December 2000 paper.

Some of the perfectly reasonable points they made: What about security flaws? Is there evidence of a "systematic search for bugs?" How about audit and logging? Why not publish the source code for public review?

And of course there are issues more specific to the FBI's use of the Computer and Internet Protocol Address Verifier, or CIPAV, including whether the bureau believes it can install it on Americans' computers willy-nilly in the wake of a wacky 9th U.S. Circuit Court decision this month.

We were planning to list them for your delectation, only to find that Kevin Poulsen at Wired had already done an excellent job of it. (We should note that, although we were on the trail of the CIPAV story this week, Wired was first to publish it.)

Some of the questions Kevin posed to the FBI, with no answers as of Thursday:

- What kind of investigations has the CIPAV assisted in?

- Does the CIPAV have the capability, if so configured, to record keystrokes? Generally, does the FBI have the ability to electronically and surreptitiously deliver monitoring software to a target's PC that records keystrokes?

- Do other law enforcement agencies have access to the CIPAV technology?

We also contacted the FBI with our own questions--with no better luck in terms of actually getting a response from the bureau, which must be busy defending our nation from serious threats or something.
http://news.com.com/8301-10784_3-9747666-7.html

Will Security Firms Detect Police Spyware?
Declan McCullagh

A recent federal court decision raises the question of whether antivirus companies may intentionally overlook spyware that is secretly placed on computers by police.

In the case decided earlier this month by the 9th U.S. Circuit Court of Appeals, federal agents used spyware with a keystroke logger--call it fedware--to record the typing of a suspected Ecstasy manufacturer who used encryption to thwart the police.

A CNET News.com survey of 13 leading antispyware vendors found that not one company acknowledged cooperating unofficially with government agencies. Some, however, indicated that they would not alert customers to the presence of fedware if they were ordered by a court to remain quiet.

Most of the companies surveyed, which covered the range from tiny firms to Symantec and IBM, said they never had received such a court order. The full list of companies surveyed: AVG/Grisoft, Computer Associates, Check Point, eEye, IBM, Kaspersky Lab, McAfee, Microsoft, Sana Security, Sophos, Symantec, Trend Micro and Websense. Only McAfee and Microsoft flatly declined to answer that question. (Click here for the verbatim responses to the survey.)

Because only two known criminal prosecutions in the United States involve police use of key loggers, important legal rules remain unsettled. But key logger makers say that police and investigative agencies are frequent customers, in part because recording keystrokes can bypass the increasingly common use of encryption to scramble communications and hard drives. Microsoft's Windows Vista and Apple's OS X include built-in encryption.

Some companies that responded to the survey were vehemently pro-privacy. "Our customers are paying us for a service, to protect them from all forms of malicious code," said Marc Maiffret, eEye Digital Security's co-founder and chief technology officer. "It is not up to us to do law enforcement's job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools." eEye sells Blink Personal for $25, which includes antivirus and antispyware features.

Others were more conciliatory. Check Point, which makes the popular ZoneAlarm utility, said it would offer federal police the "same courtesy" that it extends to legitimate third-party vendors that request to be whitelisted. A Check Point representative said, though, that the company had "never been" in that situation.

This isn't exactly a new question. After the last high-profile case in which federal agents turned to a key logger, some security companies allegedly volunteered to ignore fedware. The Associated Press reported in 2001 that "McAfee Corp. contacted the FBI... to ensure its software wouldn't inadvertently detect the bureau's snooping software." McAfee subsequently said the report was inaccurate.

Later that year, the FBI confirmed that it was creating spy software called "Magic Lantern" that would allow agents to inject keystroke loggers remotely through a virus without having physical access to the computer. (In both the recent Ecstasy case and the earlier key logging case involving an alleged mobster, federal agents obtained court orders authorizing them to break into buildings to install key loggers.)

Government agencies and backdoors in technology products have a long and frequently clandestine relationship. One 1995 expose by the Baltimore Sun described how the National Security Agency persuaded a Swiss firm, Crypto, to build backdoors into its encryption devices. In his 1982 book, The Puzzle Palace, author James Bamford described how the NSA's predecessor in 1945 coerced Western Union, RCA and ITT Communications to turn over telegraph traffic to the feds.

More recently, after the BBC reported last year on supposed talks between the British government and Microsoft, the software maker pledged not to build backdoors into Windows Vista's encryption functions.

Even if the FBI, the Drug Enforcement Administration or other federal police haven't tried to compel security companies to whitelist fedware, security experts predict that such a court order is just a matter of time.

What remains unclear, however, is whether police have the legal authority to do so under current law. "The government would be pushing the boundaries of the law if it attempted to obtain such an order," said Kevin Bankston, an attorney with the Electronic Frontier Foundation who has litigated wiretapping cases. "There's simply no precedent for this sort of thing."

One possibility is a section of the Wiretap Act that says courts can "direct that a provider of wire or electronic communication service, landlord, custodian or other person" to help with electronic surveillance.

"There is some breadth in that language that is of concern and that the Justice Department may attempt to exploit," Bankston said.

In theory, government agencies could even seek a court order requiring security companies to deliver spyware to their customers as part of an auto-update feature. Most modern security companies, including operating system makers such as Microsoft and Apple, offer regular patches and bug fixes. Although it would be technically tricky, it would be possible to send an infected update to a customer if the vendor were ordered to do so.

When asked if it had ever received such a court order, Microsoft demurred. "Microsoft frequently has confidential conversations with both customers and government agencies and does not comment on those conversations," a company representative said. Of the 13 companies surveyed, McAfee was the other company that declined to answer. (Two others could not be reached as of Tuesday morning.)

Some security companies refused to reply to the initial version of our survey, which broadly asked about fedware whitelisting. In response, we revised the question to ask if they would alert a customer to the presence of keystroke loggers installed by a police or intelligence agency "in the absence of a lawful court order signed by a judge."

Cris Paden, Symantec's manger of corporate public relations, initially declined to reply. "There are legitimate reasons for not giving blanket guarantees--one of those is a court order," he said at first. "There are extenuating circumstances and gray issues."

But after we altered the question, Paden replied: "Barring a court order to cooperate with law enforcement authorities, Symantec would definitely alert our customers to the presence of any malicious code or programs that we detect on their systems." He added that Symantec had "absolutely not" received any such a court order.

One danger with whitelisting fedware is that it creates a potentially serious vulnerability in security software. If a malicious vendor of spyware were clever enough to mimic the whitelisted government spyware, it would also go undetected.

But if fedware becomes more common, savvy criminals could simply turn to open-source software that's less likely to have backdoors for police. ClamAV and OpenAntiVirus.org both offer open-source security software, and it's also possible to boot off of a CD-ROM and inspect the hard drive for malicious tampering.

At the moment, at least, there aren't any industry standards about detecting fedware. "CSIA does not currently have a position on this issue nor has the issue ever been addressed by its board of directors," said Tim Bennett, president of the Cyber Security Industry Alliance.
http://news.com.com/Will+security+fi...3-6197020.html

FBI Patriot Act Abuse Documents: What Special Project Lives in FBI HQ Room 4944?
Ryan Singel

In March, the Justice Department's Inspector General revealed that FBI agents had sent a flurry of fake emergency letters to phone companies, asking them to turn over phone records immediately by promising that the proper papers had been filed with U.S. attorneys, though in many cases this was a complete lie. More than 60 of these letters were made public today as part of a FBI document dump in response to a government sunshine lawsuit centered on the FBI's abuse of a key Patriot Act power.

The most striking thing about these expedited letters (made public via the Electronic Frontier Foundation) is that they all use the same pathetic, passive bureaucratese: "Due to exigent circumstances, it is requested that records for the attached list of telephone numbers be provided."

So far they seem to all be coming from the same office: the Communications Analysis Unit which looks to be located in Room 4944 in FBI Headquarters. The "exigent letters" also refer almost exclusively to a "Special Project" and the only name on any of the letters is Larry Mefford.

Mefford was no rookie FBI agent. Mefford was the Executive Assistant Director, in charge of the Counterterrorism/Counterintelligence Division. In English, that means he was in charge of preventing another terrorist attack domestically.

What does that mean? Well, Mefford's name is on documents that requested personal information on Americans. Some of those requests included information known to be false to the agents signing them. That's a federal crime, according to one former FBI agent.

What was this "Special Project" in the Communications Analysis Group? What exactly were they doing that would require "expedited" letters that sometimes requested more than 2 pages of phone numbers from phone companies? In the immortal words of the Butch Cassidy, who are those guys?

The documents also show that these "exigent letters" -- essentially end runs around the rules set up to keep the FBI from trampling on citizens rights -- weren't devised by some rogue Jack Bauer-style agent. The form letters originated from inside FBI Headquarters and in some cases, bear the name of a senior level FBI offiicial who should have been aware of the letters' legal grey status and possibility for abuse.

The FBI is fully aware of the power handed to it by Congress's passage of the Patriot Act. Indeed, as early as November 28, 2001, every field office was warned by the Office of the General Counsel that:

NSLs are powerful investigative tools in that they can compel the production of substantial amounts of relevant information. However, they must be used judiciously. [...] In deciding whether or not to re-authorize the broadened authority, Congress certainly will examine the manner in which the FBI exercised it. Executive Order 12333 and the FCIG require that the FBU accomplish its investigations through the "least intrusive " means. Supervisors should keep this in mind when deciding whether or not a particular use of NSL authority is appropriate. The greater availability of NSLs does not mean that they should be used in every case.

From the looks of the audits coming out, that seems to be one memo FBI agents dutifully ignored. And perhaps rightfully so, since Congress didn't bother to challenge Alberto Gonzales's knowingly false statements to Congress about the FBI's use of these powers before they made them permanent.
http://blog.wired.com/27bstroke6/200...triot-act.html

Met Given Real Time C-Charge Data
BBC

Police are to be given live access to London's congestion charge cameras - allowing them to track all vehicles entering and leaving the zone.

Anti-terror officers will be exempted from parts of the Data Protection Act to allow them to see the date, time and location of vehicles in real time.

They previously had to apply for access on a case-by-case basis.

Home Secretary Jacqui Smith blamed the "enduring vehicle-borne terrorist threat to London" for the change.

Police are believed to have used the cameras to trace the routes taken by the two Mercedes cars used in last month's alleged attempted bomb attacks in London.

But the Home Office said discussions were underway on giving police greater access to data before the discovery of the two car bombs.

National security

Under previous rules, police had to apply for access to the cameras on a case-by-case basis because of concerns that routine use of the information would be an invasion of privacy.

Under the new rules, anti-terror officers will be able to view pictures in "real time" from Transport for London's (Tfl) 1,500 cameras, which use Automatic Number Plate Recognition (ANPR) technology to link cars with owners' details.

But they will only be able to use the data for national security purposes and not to fight ordinary crime, the Home Office stressed.

Police and security minister Tony McNulty said: "The Commissioner of the Metropolitan Police believes that it is necessary due to the enduring, vehicle-borne terrorist threat to London.

"The Met requires bulk ANPR data from TfL's camera network in London specifically for terrorism intelligence purposes and to prevent and investigate such offences.

"The infrastructure will allow the real-time flow of data between TfL and the Met."

Watchdog

Mr McNulty said the home secretary had signed a certificate exempting the two organisations from some provisions of the 1998 Data Protection Act.

The Met will produce an annual report for the Information Commissioner, the government's data protection watchdog who oversees how material from CCTV cameras is used.

The scheme will also be reviewed in three months' time after an interim report by Met Commissioner Sir Ian Blair, so the home secretary can be "personally satisfied ... that the privacy of individuals is protected", added Mr McNulty.

Congestion charge cameras form a ring around central London to enforce the £8-a-day toll.

Although charges are only in force at peak times, the system runs 24 hours a day, a TfL spokesman said.
http://news.bbc.co.uk/go/pr/fr/-/2/h...cs/6902543.stm

NY Gov: New York City Traffic Plan "Still Alive"
Joan Gralla

New York City's plan to cut traffic congestion by imposing fees on drivers in a large swath of Manhattan during peak periods was "still alive" on Tuesday, according to Gov. Eliot Spitzer, but no final accord had been reached despite late-night talks.

Yet Mayor Michael Bloomberg was less optimistic, telling reporters, "I don't know that it's dead or alive." He vowed to keep fighting for his plan, which he has trumpeted as key to improving air quality in the city, and blasted Democratic state legislators for lacking the courage to enact unpopular measures.

Under Bloomberg's plan, which is modeled on a similar program in London, drivers south of 86th Street in Manhattan would pay $8 per car on weekdays between 6 a.m. and 6 p.m.; trucks would pay $21.

A string of surveys found that voters disapproved of Bloomberg's proposed fees, which critics said would fall hardest on lower-income drivers and burden already-crowded subways, buses and commuter trains.

But the state mass transit agency said it could handle the influx of new riders, and badly needed the $30 billion the new fees would raise to build new subway and commuter rail lines, and add high-speed buses over the next 30 years.

"Don't tell me about polls, the people of New York elected a mayor and said 'Do what's right,'" said Bloomberg, whose decision to become an independent after winning two terms as a Republican and high-profile stands on gun control and cigarette-smoking have catapulted him to the national stage.

The mayor repeatedly warned that the city would lose $500 million of federal transportation aid if the state did not enact his congestion pricing plan into law by Monday.

But the state's Democratic-led Assembly, a powerful body that had killed the mayor's plan for a Yankee baseball stadium in Manhattan, resisted and on Monday said it instead would study the plan.

"Once-In-Lifetime Opportunity Lost"

Though Speaker Sheldon Silver said he was told the U.S. Department of Transportation would accept a study to keep alive the city's bid for federal aid, Bloomberg on Tuesday said he did not expect it would pass muster because the agency wanted model projects for other cities in contention for the funds.

"I think, sadly, we jeopardized -- at best -- and probably lost a once-in-a-lifetime opportunity and demonstrated once again that Albany just doesn't get it," Bloomberg said, adding state lawmakers lacked the moxie the Democratic City Council showed in enacting tough measures, from tax hikes to a trans fat ban.

Yet a spokeswoman for Spitzer, a Democrat, on Tuesday said in an e-mail that a congestion-pricing accord still might be reached. "There is a sense that things are moving in the right direction after a long night of talks that are continuing this morning, but no deal has been reached. You are fair to say it's still alive," said Christine Anderson.

But Joseph Bruno, the senate majority leader, held out little hope, blaming Democratic lawmakers and the governor.

"The governor's inability to bring people together has doomed this measure and cost the city hundreds of millions of dollars to improve mass transit," Bruno said in a statement.

Bloomberg, who has said that the city's poor air quality has contributed to high rates of asthma among children in low-income areas, said, "I should tell you who should feel let down: the people who breath the air, the people who are trying to do business in the city."

Spokesmen for the speaker and the Department of Transportation were not available.

U.S. transportation officials in August are expected to pick which anti-traffic plans to fund. The other eight cities in contention are: Atlanta, Dallas, Denver, Minneapolis-St. Paul, Miami, San Diego, San Francisco and Seattle.

London officials say traffic has fallen around 10 percent due to its congestion pricing program, which began in 2003. In February, London doubled its fees to 8 pounds ($16.36) per vehicle.

Like London, New York's congestion plan calls for mounting surveillance cameras in key areas in Manhattan to record the license plates of cars driving in the designated areas during peak periods.
http://www.reuters.com/article/bonds...21591020070717

Criminal Investigation Secrets Leak onto Internet by Peer-to-Peer File-Sharing Networks

Student records also released onto the net by malware

The Metropolitan Police Department in Tokyo has confirmed that personal information about 12,000 people related to criminal investigations has been distributed across the net from an officer's infected computer. The police officer, who had installed the Winny file-sharing software on his PC, did not realise that a piece of malicious code was making the confidential data available to other users via the peer-to-peer network.

About 6,600 police documents are said to have been compromised, including interrogation reports, statements from victims of crime, and classified locations of automatic license plate readers. Among the files was a list of the names, addresses and personal information about 400 members of the criminal Yamaguchi-gumi yakuza gang.

Coincidentally, as news of the police data leakage was announced it was also revealed that almost 15,000 pieces of personal information about students was leaked onto the internet from a PC belonging to a high school teacher in Ichinomiya. The 43-year-old teacher, who was running the Share P2P file-sharing program, had also been compiling a list of retired Air Self-Defense Force officers on behalf of his mother who had worked at their base in Kagamihara. This information also leaked onto the internet.

These are not the first occasions that malware has taken advantage of peer-to-peer file-sharing networks to steal information:

• In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months.
• The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.
• Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.
• In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.
• The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004.

"How many more times will we hear stories of police forces in Japan leaking information about criminal investigations because they have not stopped their officers from installing file-sharing software?" said Graham Cluley, senior technology consultant at Sophos. "All organizations can learn from these stories of data loss, and need to ensure that they are taking computer security seriously. If you allow your employees to put sensitive company data onto their own home computers, you are running the risk that they will not be as well defended as the PCs within your business. Organizations need to set and enforce policies as to what software their workers are allowed to run, or risk endangering data security."

A survey conducted last year by Sophos reflects the serious concern that uncontrolled applications are causing system administrators. For example, 86.5 percent of respondents said they want the opportunity to block P2P applications, with 79 percent indicating that blocking is essential.
http://www.infozine.com/news/stories...iew/sid/23987/

Japanese P2P Leak Cop Fired
John Leyden

A Japanese policeman has been fired after he was held responsible for accidentally leaking confidential information via peer-to-peer (P2P) file sharing software installed on his work PC.

The ex-copper, who has not been named, lost his job with the Tokyo Police Department over the leak of personal details of 12,000 people obtained during the course of criminal investigations. The hapless plod apparently installed the Winny file-sharing software onto his PC, blissfully unaware that confidential data was being made available to other users via the P2P network.

About 6,600 police documents are said to have been compromised, including interrogation reports, statements from victims of crime, and classified locations of automatic licence plate readers. Among the files was a list of the names, addresses, and personal information of 400 alleged members of the notorious Yamaguchi-gumi yakuza gang.

The Tokyo Police Department have a policy against running P2P software on PCs. The officer falsely claimed not to be running Winny in an internal audit prior to the leak.

The officer's superiors are being held partially responsible for the incident, with up to 10 facing possible disciplinary proceedings.

"It's no surprise that the Japanese police force has taken a hard line against this officer for disobeying advice about not running P2P file sharing software on his PC - the authorities have been trying to enforce a ban following a number of similar embarrassing incidents in the past," notes Graham Cluley, senior technology consultant for Sophos.

The Winny file sharing network is the most popular P2P network in Japan, boasting an estimated 250,000 users. The technology has become a focus of concern for authorities after investigation records from a Kyoto Prefecture Police officer's computer and military files from Japan's Self-Defence Force as well as police files from the Tokyo Police were made available across the Winny P2P network. In May 2006, a virus was blamed for leaking power plant secrets onto Winny.
http://www.theregister.co.uk/2007/07...eak_cop_fired/

The Stalker in Your Pocket
Mike Elgan

For most of a century, nosey people, both professional and amateur, have used microphones and cameras to listen to and watch unsuspecting targets.

In recent years, the miniaturization of electronics has enabled these devices to be hidden. Extreme drops in price have made spy electronics available to anyone, even creepy stalker types. The only remaining challenge is placement: If anyone wants to capture the juicy tidbits, they've got to have a microphone or camera in the right place at the right time.

Enter the camera phone, a dream come true for not just spies but a new breed of "cell phone stalkers."

Camera phones contain all the necessary ingredients for completely invasive stalking: a microphone, camera, personal data on the user, location information, a chat and call history -- you name it. And victims carry them everywhere they go.

All that's missing is the software that lets stalkers take control. This new software, called snoopware, does just that. Snoopware -- both legal and illegal -- enables stalkers to secretly seize control of a phone's electronics to listen, watch and spy on their victims.

Welcome to the creepy new world of cell phone stalking.

Although cell phone stalking is new, there's already plenty of bad information, urban legends and false beliefs about it in circulation. I'm going to sort all this out for you, tell you about what's possible and how to protect yourself (it's easier than you think). But first, let's look at the first and most celebrated case to date of this new world of cell phone stalking.

Meet the Kuykendalls

I told you in a previous column about a family in Washington state called the Kuykendalls, who say that a hacker was stalking them through three of their cell phones for more than four months.

The stalker seemed to perform unprecedented cell phone superhacks, according to press reports. For example, he watched them through their phones' cameras and listened through the microphones. When they turned off the phones, the hacker turned them back on remotely, seized control of the phones and sent text messages from them. When they got new phones, the hacking continued. Even scarier, they received almost daily threats of violence from an anonymous caller, who seemed to be calling from a family member's own phone, even when that phone was turned off, and provided details about what they were doing and even what they were wearing.

In addition to the Kuykendalls, the family's neighbor and Mrs. Kuykendall's sister were also harassed by the anonymous caller.

Although the mainstream press played up these events as some kind of terrifying superhack, I think something much more ordinary is going on.

The most likely explanation, based on the limited information publicly available, is that some malicious script kiddie, who knows the family personally, pulled off one or two simple hacks, then "socially engineered" the family into thinking he'd done something more impressive.

For example, a combination of spoofing one of the family's cell phone's Caller ID, which is easy to do, and using that trick to retrieve voice mail, plus possibly hacking the carrier's Web site to change ringtones and cause other mischief. These steps, combined with old-fashioned spying on the family in person, could explain nearly all the superhacking claims.

Hacked? Yes. Disturbing? Very. Illegal? Absolutely. But it's a far cry from the picture painted in the press of some unstoppable arch-villain mastermind.

Experts interviewed on TV and in the newspapers answer "yes" to the question, "Is this kind of hack possible?" And, in fact, it is possible, but spectacularly unlikely.

To pull off the Kuykendalls' superhack described in the press, the family would have to repeatedly buy high-end camera phones, such as Windows Mobile, BlackBerry or other devices, leave Java support on, keep Bluetooth on and in "autodiscovery" mode, or give the hacker full physical access to the phones to install several snoopware applications.

What's possible?

Snoopware is on the rise, mostly because of the increasing sophistication of phones. They're like mini-PCs. Most snoopware attacks have taken place in Europe and Asia. But they're coming to America.

Security experts estimate that there are more than 400 types of snoopware (most of them variants of a few major snoopware programs), and that figure may top 1,000 by the end of the year.

Your typical new snoopware program might enable someone to listen to phone calls and read e-mail and text messages, or steal contacts and other data. Some snoopware can use your phone's microphone to listen, even when the phone is supposedly "off." Other programs can capture images from a camera phone's camera.

Snoopware is the kind of software used by the government to eavesdrop on gangsters and terrorists.

But snoopware isn't the only way to stalk via cell phone.

Most carriers offer a "skip passcode" feature that lets you turn off voice mail password-checking when you call from your cell phone. But because carriers use Caller ID to verify the phone, cell phones "spoofing" another phone's number can get in, enabling hackers to access your voice mail and other features without ever knowing the password.

Semilegitimate snoopware programs called Mobile Spy from Retina-X Studios and FlexiSpy from Vervata run invisibly and upload text messages and phone logs to an online server. They can also upload location information. Mobil Spy runs only on Windows Mobile phones, while FlexiSpy offers versions for Series 60 Nokia phones, BlackBerry and Windows Mobile phones. A Pro version of FlexiSpy enables eavesdropping through cell phone microphones when you call a dedicated phone number. A future Pro-X version will let you listen in on calls in progress. The companies target concerned parents, suspicious spouses and distrustful bosses, but obviously a malicious hacker could use them for cell phone stalking.

Sounds bad. But be aware that these programs require physical access to the phone for installation, and they're easy to detect. The security software companies generally consider these applications as malware, and alert users to their presence.

How to beat cell phone stalkers

The best cure is prevention. Don't allow strangers to gain access to your phone. Like any other kind of software, snoopware doesn't install itself. The leading methods for installation are physical access installation, where the user installs by clicking on an attachment or link; or via Bluetooth. By preventing potential stalkers from touching your phone, never clicking on e-mail attachments or links from strangers, and turning off Bluetooth autodiscovery, you'll keep snoopware off your phone.

The fact is, snoopware hacks are dangerous only if you're unaware of them. Once you suspect someone is using your cell phone to spy on you, it's trivially easy to stop them.

Let me count the ways:

1. Buy an anti-malware application from vendors like Symantec, McAfee, Trend Micro, F-Secure, SMobile, MyMobiSafe and others. These products find not just the shadowy, hacker snoopware programs, but the legal ones, too.

2. Turn on passwords for voice mail access. Do you have to enter a password each time you check voice mail? If not, your carrier has enabled the "skip passcode" feature. A stalker spoofing your Caller ID can check your voice mail, too. But by re-enabling a good password, it will be much easier to keep your voice mail private.

3. Downgrade your cell phone. Snoopware works only on the most advanced phones. For nontechnical users like the Kuykendalls, one simple solution is to swap out your high-end phone for a cheaper model that doesn't support Java or Bluetooth and doesn't have a camera. This isn't a good solution for gadget fans, but for families feeling terrorized, this is a cheap, fast and easy way to get control.

4. Switch carriers. There's not much you can do at the handset level to foil a hack of the carrier's Web site. If the company can't shut down the hacker, switch to another carrier.

5. Buy an anonymous prepaid phone. The last-ditch solution (just before going without a cell phone) is to buy a prepaid phone from 7-Eleven or a similar store. This provides not only the benefits of a low-tech cell phone and a new carrier, but greater anonymity.

The cell phone stalker trend is real. But simple, common-sense precautions can protect you and your family from malicious harassment.
http://www.computerworld.com/action/...pageNu mber=1

Local news

Security Watch: Don't Get Burned by Viruses and Hackers

Here's looking at you, gangsta
Robert Vamosi

Well-known criminologist Edmond Locard once said that every contact leaves a trace, and that's also true when talking about online crimes. We leave behind our IP addresses at every site we visit. We have posts to newsgroups that are still accessible via Google. And there's that embarrassing MySpace page that was started but abandoned years ago. So when a person suddenly decides to commit an online crime, as one security researcher suggests, all that prior online history follows them, and, as we shall soon see, that history may help investigators eventually identify the perpetrator. But positive identification of online miscreants might not be enough. It seems real-world law enforcement doesn't yet know what to make of online crimes or their perpetrators. And that might explain why the thieves sometimes get away with their crimes.

The attack
Too often I report on online crime stories and don't follow up. In this case, both the initial attack and its follow up was brought to my attention by Chris Boyd, director of malware research at Facetime Security Labs. You'll note that for the last two weeks I've been writing about Chris' research into shadowy economics behind botnets. In last week's column, Boyd took a simple Trojan horse file and expertly followed its online links back to servers located in the Middle East, to a group ostensibly raising money in support of some extremist views. Not one to back away from a good chase, Chris has recently applied himself to yet another online mystery.

A few weeks ago I wrote about an attack using a YouTube video. The video (no longer available) promotes a mod called Hood Life for the popular game Grand Theft Auto. The attack didn't involve the YouTube video itself; it used a URL displayed at the end to download an associated malicious file. At the time of the story, Chris, an avid gamer, was livid that people would fall for the shoddy graphics in the video and actually download the file. Apparently at least 54 people did download the malicious file.

Starting with YouTube
For someone to post to YouTube, he or she first needs an account. A lot of people fake information in their accounts, but Boyd decided to take the information available on the Hood Life GTA mod as fact: someone named "YoGangsta50" uploaded the file. In his personal blog, Boyd details the steps he used in his research behind who placed the video on YouTube, and who might also be responsible for the malicious code file download.

As an obvious next step, Boyd used Google to find YoGangsta50. From the results, Boyd learned that this person once posted on the Young Buck forum, and in 2005 the person using that name created another GTA virus. Comments to the post mention that the person using the name YoGangsta50 had previously hacked the 50cent accounts, but soon had a falling out with the forum. It's from these posts that Boyd learned a geographic location for YoGangsta50: Hartford, Connecticut.

Other evidence
In reviewing other online postings, Boyd writes that he found on sites attributed to YoGangsta50 an obsession with the comic strip and cartoon The Boondocks. Elsewhere Boyd finds other evidence: "we now have a first name--'John.' It also mentions he's black, which might also be useful for future reference."

Using a different search engine, Boyd next finds a profile page on Bolt.com, then another profile on Xanga.com, the latter containing a reference to yet another page going up on FreeWebs.com MySpace Protect very soon. On all of these pages there are references to The Boondocks, age 19, and Connecticut--all consistent with the details so far learned elsewhere. This looks now to be a positive ID. Boyd concludes: "How many black youths do you think are aged between 16 and 19, are living in Hartford, Conn., with a supposed real name of 'John,' are into The Boondocks (and spend every other moment telling you about it online), and also just happen to be called YoGangsta50?" So why isn't this person now behind bars?

Response from the law community
Boyd says he sent all this research to law enforcement, but hasn't heard back. "I'll be sending them a follow-up mail today, but generally this kind of thing can be vaguely frustrating, in my experience. Each state's law agencies operate in different ways...some will reply, some will get back to you long after the initial contact, and others will ignore you completely. There's just no way to know in advance what reaction you'll get."

It's entirely possible that law enforcement doesn't yet know what to make of Boyd's research. After all, who were the victims? And do their losses exceed the $5,000 minimum required by the FBI and Secret Service before either agency will investigate? I doubt it. So, on the one hand, you have state agencies that are overworked as-is and don't have the means to investigate on their own, and, on the other, federal agencies that can investigate but can't be bothered with such petty crimes. In this case the criminal might go free simply because no one wants to prosecute.

The answers are out there
I do agree with Boyd that "we need to focus more on who is hiding behind the veil of supposed anonymity when pushing infections (and less on the infections themselves) and drag them kicking and screaming into the light." This case was easy since the alleged individual didn't do much to obscure his online identity. But I caution against vigilante justice. It's also possible for online searches to generate false positives, to follow the wrong person and end up with some innocent person who chose an unfortunate online nic.

Last summer I wrote about Neal Krawetz's research. Krawetz has identified those creating computer malware just by looking at a person's use of words, keystrokes, even keyboards in chats, blogs, and e-mail. Just because you're online doesn't mean you are anonymous. There are ways of identifying criminals. Now, if we could get law enforcement interested, we'd be set.

Late update
A few days after this column originally appeared, Boyd posted an update on his blog. It appears John from Hartford is giving up the Internet. In a post, Yogangsta50 writes, "you all can say goodbye to me. mabye the internet was not for me! I Dont want to do this anymore. Somebody help me!" He goes on to explain how to remove the virus he created--go into Safe Mode in Windows, find C:\\Program Files\GTA Hoodlife, then click and delete the Unins000 file.

Yogangsta apparently saw the news about him, and it affected him. "How does it feel to see your name all over the Internet!!!! i could not sleep for 2 days. i have been crying all day. am so sorry that i did those things. i learned my lesson." Let's hope that's true.

Anyone have other examples of how online information has helped smoke out an online criminal? TalkBack to me.
http://reviews.cnet.com/4520-3513_7-6754132-1.html

"Death To Worm Writer!" Glower Apple Fan Boys
kdawson

StonyandCher write(s) to spread news about the strange story of the reported Apple OS X worm, which is growing stranger by the day. The blog of the researcher who claimed to have created the malware reportedly received death threats. The blog was then hijacked, according to the researcher, who calls him/herself InfoSec Sellout. InfoSec blamed David Maynor for hacking the blog. For his part, Maynor apparently unmasked himself as "LMH" and InfoSec as Jon Ramsey. The post to the Fuzzing mailing list has not been independently confirmed. David Maynor wrote in and denies that he is LMH.
http://apple.slashdot.org/apple/07/07/19/1231216.shtml

A Worm for Your Apple

A small controversy is brewing over claims that an independent researcher going by the moniker Information Security Sellout (or InfoSec Sellout) has developed the framework of a worm that targets a currently undisclosed vulnerability affecting the Intel versions of OS X. The worm is expected to extend to PPC versions as soon as the author is able to test against that architecture. With the author dubbing it 'Rape.osx', the evolution of the worm is likely to be keenly watched by Apple watchers, security researchers, and malware developers.

When the first report was published on Sunday, InfoSec Sellout was claiming that the proof-of-concept worm was able to reliably deliver root and was based on a variation of mDNSResponder vulnerabilities that Apple had previously patched. InfoSec Sellout later disclosed that the worm was first completed on July 14, with functional testing on a network of approximately 1,500 OS X systems by the 16th of July.

In its first instance the worm only left a text file as evidence that it had been on a system, but it is reported that the worm can fully be 'weaponised' with the payload of choice (and it can achieve that result at this time). While InfoSec Sellout states that the worm only seeks out other systems on the same network for infection, they point out that it is not going to take much extra work for the worm to attack a much broader network segment.

Following the path of many recent researchers, the author has stated publicly that they are avoiding telling Apple about their work until it is complete (and after they have been compensated from unnamed sources). This has led to the expected arguments about the ethical and professional nature of such behaviour. In their defence, the author claims that it would be irresponsible to report on incomplete research. Plus, they don't want to give the vulnerability to Apple in order for Apple to miss patching the underlying vulnerability - only patching the particular approach vector being used.

With Apple having some of the most passionate defenders in Information Technology (its userbase), the ongoing arguments about the merits of 'Rape.osx' are likely to go long into the future - well after any real or perceived threat from the worm has passed.
http://www.beskerming.com/commentary...for_Your_Apple

iPhones Flooding Wireless LAN at Duke University

18,000 requests per second from iPhones knocking out dozens of access points at Duke University.
John Cox

The Wi-Fi connection on Apple’s recently released iPhone seems to be the source of a big headache for network administrators at Duke University.

The built-in 802.11b/g adapters on several iPhones periodically flood sections of the Durham, N.C. school’s pervasive wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. Campus network staff are talking with Cisco, the main WLAN provider, and have opened a help desk ticket with Apple. But so far, the precise cause of the problem remains unknown.

“Because of the time of year for us, it’s not a severe problem,” says Kevin Miller, assistant director, communications infrastructure, with Duke’s Office of Information Technology. “But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones? It’s a pretty big annoyance, right now, with 20-30 access points signaling they’re down, and then coming back up a few minutes later. But in late August, this would be devastating.”

That’s because the misbehaving iPhones flood the access points with up to 18,000 address requests per second, nearly 10Mbps of bandwidth, and monopolizing the AP’s airtime.

The access points show up as “out of service.” For 10-15 minutes, there’s no way to communicate with them, Miller says. “When the problem occurs, we see dozens of access points in that condition,” Miller says. The network team began capturing wireless traffic for analysis and that’s when they discovered that the offending devices were iPhones. Right now, Miller says, there are about 150 of the Apple devices registered on the campus WLAN.

The requests are for what is, at least for Duke’s network, an invalid router address. Devices use the Address Resolution Protocol (ARP) to request the MAC address of the destination node, for which it already has the IP address. When it doesn’t get an answer, the iPhone just keeps asking.

“I’m not exactly sure where the ‘bad’ router address is coming from,” Miller says. One possibility: each offending iPhone may have been first connected to a home wireless router or gateway, and it may automatically and repeatedly be trying to reconnect to it again when something happens to the iPhone’s initial connection on the Duke WLAN.

They’re still sorting out what that “something” is. On two occasions, one last Friday and one today, Monday 16 July, both users seemed to be behaving completely normally, yet both iPhones started flooding the net with ARP requests. In both cases, the user first successfully connected to the WLAN at one location, and then moved to another building, where the ARP flood began. “It may have something to do with the iPhone losing connectivity and then trying to reconnect in a new location,” Miller says.

Most of the W LAN is comprised of Cisco thin access points and controllers. Some older autonomous Cisco Aironet access points tend to uncover the flooding first, since they try to resolve the ARP request themselves. But Miller’s team has seen the CPU utilization on the WLAN controllers spiking as they try to process the request flood passed on to them in control traffic from the thin access points.

“I don’t believe it’s a Cisco problem in any way, shape, or form,” he says firmly.

So far, the communication with Apple has been “one-way,” Miller says, with the Duke team filing the problem ticket. He says Apple has told him the problem is being “escalated” but as of mid-afternoon Monday, nothing substantive had been heard Apple.
http://www.networkworld.com/news/200...ke-iphone.html

Update on Duke’s Wireless Network and Apple’s iPhones

A note from Tracy Futhey, Duke’s chief information officer, on Duke’s wireless network and Apple’s iPhones:

By now many of you have read news accounts around iPhones and Duke’s wireless network. Some of the reports incorrectly made it sound as if our entire wireless network had collapsed. Others made it sound as if the iPhone could not work correctly on our wireless network. Still others seem to imply that Duke’s network was deficient in some way because the problem had not been encountered more broadly. The reality is that a particular set of conditions made the Duke wireless network experience some minor and temporary disruptions in service. Those conditions involve our deployment of a very large Cisco-based wireless network that supports multiple network protocols.

Cisco worked closely with Duke and Apple to identify the source of this problem, which was caused by a Cisco-based network issue. Cisco has provided a fix that has been applied to Duke's network and there have been no recurrences of the problem since. We are working diligently to fully characterize the issue and will have additional information as soon as possible. Earlier reports that this was a problem with the iPhone in particular have proved to be inaccurate.

In closing, I extend my gratitude to the very strong technical staff within OIT that was able to identify this situation, working shoulder-to-shoulder with technical staff from two of our long-time partners, Cisco and Apple. Meanwhile, our Duke community should feel confident that both the Duke wireless network is fully functional, and the iPhone is fully operable within our environment.
http://www.dukenews.duke.edu/2007/07/cisco_apple.html

iPhone Partially Unlocked, Calls Without AT&T Contract

Apparently, the amazing code wizards at the iPhone Dev Wiki have been able to partially unlock the iPhone using a new application called iASign. It won't fully unlock the iPhone for use with other companies, but the hack will allow you to use any existing Cingular/AT&T Pre-paid/MVNA SIM so you don't have to get a two-year contract with AT&T. We are now testing this, but if confirmed the benefits are great.

That's full call functionality without two years of slavery and:

• People can still enjoy corporate rate, which they don't get on iPhone plans (10% to 20% off in some cases even more)
• People can use a company AT&T SIM card on their personal iPhone.

The iPhone Dev Wiki rebels are now in their final assault to get the iPhone fully free of the Evil AT&T Galatic Empire:

All problems with unlocking lie in the baseband, the radio chipset for the iPhone. The chipset is an S-Gold2, and don't come in the chat and give us links to PapaUtils, we can't use them. Now the iPhone only has one lock, a network personalization lock. This lock means the MCC(US=310) and the MNC(AT&T=410) must match the first six digits of the SIM cards IMSI. This check is done in the baseband firmware itself. I'm not really sure where yet, but that isn't really relevant. The only thing standing in the way of an unlock is the baseband. All the other sim checks are known and can be patched out. We even know the AT command to do the unlock. It's 'AT+CLCK="PN",0,"xxxxxxxx"'. But good luck finding those x's. They are called the NCK, or Network Control Key, and are believed to be unique in everyones phone. Forget brute force(time impractical) and the obvious entries. If you still think bruteforce is a good idea, read this. Further, there is a limit of 3-10 unlock attempts per phone, after which the firmware will "hard-lock" itself to AT&T. So why can't we just patch the firmware? The firmware, located in the ramdisk at /usr/local/standalone/firmware/ICE03.12.06_G.fls, is signed. See here for what is known about the file. The sig is checked in the baseband bootloader. The updater program, bbupdater, only checks a checksum, which can be changed. The update will take, but then the phone won't boot because the sigs don't match.

We worked two solid days on disasseming the radio fw. There are a few backdoors, but none that would lead to an unlock. If you are *good* with disassembling ARM, PM geohot for the idb. We've documented a lot of functions pretty well. Although, this firmware is very difficult to work through. I'm 90% sure the password check happens in the function called pwdcheck, but I haven't found it yet. For all we know there could be a simple algorithm to generate the NCKs that we've missed.
http://gizmodo.com/gadgets/breaking/...act-279606.php

Silent Hands Behind the iPhone
Ken Belson

Etched into the back of every iPhone are the words “Designed by Apple in California. Assembled in China.” Apple might as well have added “Made in Taiwan.”

With little fanfare, Taiwan companies are playing a big role not only in the production of Apple’s latest device but in a wide array of other communications equipment, including the broadband modems in homes across the United States and the next generation of high-speed wireless gear.

Apple does not discuss which vendors it uses, but news reports in Taiwan said that Hon Hai and Quanta received orders to produce millions of iPhone handsets, reports that those companies declined to confirm. Other manufacturers there were almost certainly involved because they provide components used in advanced phones, industry analysts said.

Taiwan companies also have a hand in making iPods and iMacs, they said, as well as game machines for Sony and Microsoft.

Taiwan’s rise as a communications workhorse is part of a decade-long transformation under way on this island. Already the world’s biggest producers of computer components, Taiwan companies like Compal Electronics, in addition to Hon Hai and Quanta, have used their expertise to branch out into new markets that use many of the same products.

By harnessing the ability to cut costs, churn out products quickly and work flexibly with customers, the Taiwan companies have become top makers of cellphones, smartphones, broadband modems, wireless routers, global positioning devices, networking equipment and other gear. They, like companies elsewhere, have also made deep inroads into China, where many of their factories are.

“It’s not a surprise that the iPhone would be made here because the food chains for Apple’s notebooks and iPods are already in Taiwan,” said Dominic Grant, a telecommunications analyst at Macquarie in Taipei. “It’s a natural progression.”

Taiwan’s evolution from computer-making giant to telecommunications Goliath has gone largely unnoticed in the United States because companies here make most of their money as made-to-order manufacturers, not sellers of their own brand products. But Taiwan’s industrial makeover has helped its companies remain competitive in a world increasingly dominated by low-cost Chinese assemblers and by Japanese and South Korean companies with strong footholds in high-end components like flash memory chips.

The strategy of repackaging — finding new uses for computer components — has paid dividends. Companies on the island have captured 87 percent of the global market for wireless modems, 84 percent of the D.S.L. modem market and 70 percent of the market for personal digital assistants.

In the competitive cellphone business, Taiwan companies made 12.4 percent of the world’s handsets last year, up from 9.8 percent in 2005, according to the Institute for Information Industry, a government-affiliated research center. That share is expected to grow as brand-name companies like Sony Ericsson outsource more of their production to companies here.

In all, Taiwan companies produced $31.5 billion in communications equipment and services last year, more than 50 percent above the total the year before, according to the institute, which expects production to reach a value of $46 billion by 2010. Less than a quarter of that was manufactured on Taiwan, with the bulk made on the Chinese mainland.

“It’s been a fairly natural progression because handsets are really a mini-version of the PC, and Taiwanese are adept at adjusting,” said Gary Chia, president of the Yuanta Research Center.

The transformation did not happen by accident. As in much of Asia, the government played an active role in steering businesses into new markets by showering them with tax incentives, cheap property to build factories and research money.

Companies on Taiwan have also been able to shift gears smoothly because the concentration of component producers on the island has made it easier to gather the technology and engineers to design and assemble new products.

And Taiwan companies, like their rivals in Japan, South Korea and elsewhere in Asia, have increasingly shifted production to their factories in China to save money. With their close cultural, financial and linguistic ties to mainland China, Taiwan’s companies have an edge over those from elsewhere.

These advantages helped scores of companies tackle new markets. Take D-Link, one of the world’s largest manufacturers of broadband modems. About two decades ago, it started out by making network interface cards that linked computers. As Internet access for home use expanded, the company started making dial-up modems.

As phone companies in the United States and elsewhere started leasing modems to their customers, D-Link was flexible and designed products to each carrier’s specifications while remaining cheap enough to nudge out rivals.

“Telecommunications companies are difficult to deal with because each one has its own standards, and there is a lot of customization,” said J. C. Liao, D-Link’s president. “But it turned out to be an advantage because Taiwanese are more flexible compared to companies in the U.S. or Japan. We’re quick to lower costs and not stick to our own rules.”

D-Link has evolved with the technology, expanding into wireless modems and pushing into emerging markets like India and Russia, as well as selling under its own brand name at big retailers like Best Buy and Office Depot to become the No. 2 competitor, after Linksys. About 15 percent of the company’s revenue now comes from brand products.

Mitac International, a leading seller of global positioning devices, took a similar route. Through the 1980s and early ’90s, it built personal computers for the likes of Compaq. But as profit margins slipped and mergers reshaped the industry, the company started making personal digital assistants. Then Hewlett-Packard bought Compaq, leaving Mitac short a big customer.

So when the United States government allowed civilians to use G.P.S. technology, the company integrated it into its personal digital assistants after a couple of years of development. Mitac joined another leader in the industry, Garmin, which is based in Kansas but makes almost all its G.P.S. devices in Taiwan.

“We saw these big waves come one by one in the mid-1990s, so we tried to figure out how to survive in this rapidly changing business,” said Billy Ho, the president of Mitac International, which sells G.P.S. devices under the Mio brand. “We realized there was no Microsoft in the digital map business.”

Mitac still earns about 70 percent of its sales by making desktop computers, servers and other technology for other companies, though Mr. Ho hopes that the share will fall to 50 percent by next year.

Since so many of the latest devices are made here, it is perhaps unsurprising that some Taiwan companies are beating brand-name companies to the punch. High Tech Computer, for instance, introduced a touch-based handset just weeks before the iPhone was released. With a less recognizable name, High Tech has more modest ambitions. But it is still pleased that Apple has joined the market.

“We’re happy they share the same vision as we do,” said Fred Liu, the chief operating officer. “We think these phones will change people’s minds and their behavior.”

While D-Link, High Tech and Mitac have developed brand-name products to reduce their reliance on their made-to-order business, there are plenty of other companies that have had trouble branching out on their own.

For instance, in 2005 BenQ, which primarily made cellphones for other companies, bought the handset division of Siemens in hopes of taking on the likes of Sony Ericsson and LG. Yet BenQ, a spinoff of the Taiwan computer giant Acer, alienated one of its biggest customers, Motorola, which was wary of having a new competitor manufacturing its products. BenQ also underestimated the depth of Siemens’s problems and how much it would cost to break into an already crowded and competitive cellphone market.

After losses mounted, BenQ liquidated the venture and will focus its energy on making handsets for other companies, as well as on its existing businesses producing flat-panel monitors, televisions and digital cameras.

“People thought with Acer’s success, BenQ could make it, too, since its chairman came from Acer,” said Kirk Yang, managing director at Citigroup in Hong Kong. “But the acquisition was a black hole. BenQ didn’t have a home base and had no experience running a branded handset business.”

Mr. Yang and other analysts said that Taiwan companies were unlikely to abandon their made-to-order business entirely. Instead, they will focus more on doing more design work on behalf of customers who are trying to outsource more and more of their production.

“The iPhone is a great example of where Taiwan is still strong: reliable sourcing, leading technology and complex integration,” said Allen J. Delattre, chief of the electronics and high-technology practice at the consulting firm Accenture. “Does the average person who buys an iPhone know it’s from Taiwan? Maybe. Do they care? Probably not. But if you look at the companies in Taiwan, they are behind the scenes, and that’s a good place to be because that’s where the value is.”

The key for Taiwan companies, Mr. Delattre and other analysts said, is to invest in next-generation products early. For example, companies here are fast becoming important players in the development of WiMax wireless and fiber optic broadband equipment.

They are again getting a healthy push from the government, which is spending more than $200 million over five years to help create the world’s largest high-speed WiMax network. By next year, with 2,000 base stations spread across the island, companies will be able to start testing new applications, like the sending of video from ambulances on their way to hospitals.

“We are trying to make the infrastructure more complete,” said Tsung-Tsong Wu, deputy minister of the National Science Council, which has a $1 billion annual budget. “If the highways are built, companies can go as fast as they like.”
http://www.nytimes.com/2007/07/18/te.../18taiwan.html

Web Censorship is Failing, Says Chinese Official

A Government minister admits that trying to suppress information on the internet "is like walking into a dead end"
Jane Macartney, Beijing

The internet and mobile phones have undermined attempts by China’s secretive rulers to control the news, a senior Communist party official admitted today.

He accused local governments of being “too naive” by continuing to suppress damaging information about corruption or about disasters, and urged party members to be more open with members of the public.

Wang Guoqing, a vice minister with the cabinet’s information office said: “It has been repeatedly proved that information blocking is like walking into a dead end.”

He said governments used to believe that they could muffle 90 per cent of all bad news. But this was no longer the case. In the internet age, he said, the party had to become adept at managing and controlling information, rather than covering it up.

Mr Wang cited a recent slavery scandal, when local officials attempted to conceal the used of forced labour at brick kilns in north-central Shanxi and Henan provinces.

Unable to obtain information from local officials, parents whose children had gone missing used the internet to post messages and to seek information. Their improvised campaign revealed that hundreds, and perhaps thousands, of people had been forced for years to work as slaves, and had been beaten, starved and guarded by dogs.

Mr Wang said that keeping the information out of the media spotlight until the scandal was exposed by crusading journalists left the Shanxi government in a vulnerable position.

Yet even after they were exposed for allowing the slavery scandal to continue for many months, authorities appear to be reverting to the time-honoured way of dealing with crises by imposing censorship. State-run Chinese Central Television has been ordered to play down the negative aspects of the scandal and to stress the government’s successes in catching offenders and bringing them to justice. Parents of missing children have come under pressure not to speak to the media.

Zhan Jiang, a media expert at the China Youth University for Political Sciences, said: “It is definitely more difficult for the Government to control information flows these days. The North Korean government can do it but in China it is not so easy.”

But the Communist Party remains wary of a free flow of information. For example, no date has yet been announced for the most important political event of the year – the party’s congress that is held once every five years and when a new central Committee and Politburo will be chosen. Based on past such events, most Chinese are guessing it will be in September or October.

Mr Zhan said China still had a long way to go towards full transparency, but international influence was a factor in greater openness.

He said: “There are people who don’t want the public to know anything negative. Progress takes time. But there are struggles between the forces of openness and of conservatism.”

Reporters Without Borders, the media watchdog, describes the Chinese Government as an “enemy of the internet”. In its annual report in February, it said China used armies of cyberpolice and spearheaded an increasingly sophisticated movement to restrict the internet.

In January, President Hu Jintao said China’s rulers intended to keep as tight a rein on the internet as they did on traditional forms of the media such as newspapers and television.
http://technology.timesonline.co.uk/...cle2086419.ece

Web-Based Anonymizer Discontinued
RobertB-DC

With no fanfare, and apparently no outcry from the privacy community, Anonymizer Inc. discontinued its web-based Private Surfing service effective June 20, 2007. No reason was given, either on the Anonymizer web site or on founder Lance Cottrell's privacy blog. Private Surfing customers are now required to download a anonymizing client that handles all TCP traffic, but the program is Windows-only (with Vista support still a work-in-progress). And of course it's closed-source, which means it has few advantages over several other alternatives.
http://yro.slashdot.org/yro/07/07/19/231204.shtml

Search Engine "Ask" to Allow Anonymous Web Search
Elinor Mills

Search site Ask is launching a new tool that will let people search the Web anonymously, the first major search engine to offer that functionality.

By using the new AskEraser tool, users will be able to set their privacy preferences so the search engine doesn't retain their Web search history. Users will be able to see what the privacy setting is on the search results pages.

AskEraser is expected to be deployed on Ask.com in the U.S. and United Kingdom by the end of the year, and globally early next year.

For people who don't want to search anonymously, Ask will maintain the user search data for 18 months and then it will disassociate the search history from the IP address or cookie information. Cookies are small files stored on a computer so that the computer can be recognized when it revisits Web sites, enabling the site to remember the user's preferences for things like e-commerce and sites that require log-in.

"We'll have no way of figuring out how to associate the searches with a (particular) person," said Doug Leeds, head of development at Ask. "There will be no way for us to receive an IP address from a governmental agency and figure out what searches were done by that IP address."

The move by Ask, a wholly owned business of IAC, follows but exceeds steps taken by Google. Earlier this week, Google said it would set cookies on Web searches to expire after two years instead of in 2038. In practice, however, only a miniscule number of people will be affected by the change because if you visit Google even once in the next two years, the cookie will be renewed for another two years.

In March, Google said it would start anonymizing the final eight bits of the IP address and the cookie data after somewhere between 18 months and 24 months, unless legally required to retain the data for longer. Doing so effectively would enable someone to narrow the IP address down to 256 possible computers or users. That would be similar to obscuring the last digit in someone's street address.

The risks associated with Web search data were highlighted last August when AOL inadvertently exposed on the Internet the search history of more than 650,000 of its users.

Microsoft and Yahoo are also expected to improve their Web search privacy practices, according to the Financial Times.
http://news.com.com/8301-10784_3-9747585-7.html

Teen Sues School Officials Over Free Speech Issue
Susan Haigh

A Burlington, Connecticut teenager sued two top school officials Monday, saying they violated her constitutional rights by removing her as class secretary because she used offensive slang to refer to administrators on an Internet blog.

Avery Doninger, a 16-year-old student at Lewis Mills High School, wants to be immediately reinstated as class secretary. She also wants a new election for class officers for the upcoming school year, when she will be a senior, and a chance to give the candidate speech she was forbidden from giving to her classmates.

Doninger's mother, Lauren, filed motions for temporary and permanent injunctions on her daughter's behalf against school Principal Karissa Niehoff and Region 10 Superintendent of Schools Paula Schwartz, according to court documents filed Monday in New Britain Superior Court.

Niehoff removed Doninger as the class of 2008 secretary and banned her from running for re-election after discovering the teen used a pejorative term when she referred to unnamed school administrators in an online journal.

Avery Doninger posted the message to http://www.livejournal.com , which is not associated with the school, from a home computer.

"I don't like what Avery wrote," Lauren Doninger told The Associated Press in a phone interview Monday. "(But) she had the right to do it and it was up to me, not the school, to determine whether or not there had been a consequence."

At the time, Avery Doninger was criticizing the administrators over the cancellation of a school event known as Jamfest. Doninger said she helped organize the music event for months and was frustrated by delays with improvements to the school gym, where Jamfest typically is held.

She acknowleged Monday she regrets using the offensive slang.

"It really was an unsavory term," she said. "I'm definitely going to be really careful from now on."

But the teen said she believes her rights have been violated and that she's been singled out by school administrators.

"This is something that I felt was really necessary to stand up for, because you really have to stand up (for) the little things about democracy, the little things that make democracy really work in the big world," she said.

Several weeks after Avery Doninger posted the message in April, Niehoff demanded she apologize to the superintendent of schools, tell her mother about the blog entry, resign from the student council and withdraw her candidacy for class secretary, the lawsuit alleges.

She was the only candidate running for class secretary.

While Doninger apologized and reported the incident to her mother, she refused to resign. Niehoff then "administratively removed" her from the post, the lawsuit said.

Besides being banned from running for re-election, Doninger was barred from giving a speech to her school class, the lawsuit claims. Doninger and fellow students were also prohibited from wearing printed shirts supporting her free speech rights.

A call seeking comment was left with Burlington school officials.

Niehoff told WVIT-TV in May that school leadership positions are a privilege, not a right.

"When kids are in a position of privilege, there are certain standards of behavior we expect them to uphold," she told the TV station. "Our position stands for respect. We're just hoping kids appreciate the seriousness of any communication over the Internet."

Jon L. Schoenhorn, the Doningers' attorney, said Connecticut school districts have no legal authority to punish students for private online postings that do not use school resources and do not occur on school grounds.

Schoenhorn said last month's U.S. Supreme Court ruling restricting student speech rights does not harm his client's case because it is narrowly tailored.

In a 5-4 decision, the justices said an Alaska high school student could be suspended for holding up a banner that read "Bong Hits 4 Jesus" because it advocated illegal drug use.

The high court also determined that Joseph Frederick unfurled his handiwork at a school-sanctioned event in 2002, triggering his suspension. Students had gathered to watch the Olympic torch make its way through Juneau, en route to the Winter Olympics in Salt Lake City.
http://hosted.ap.org/dynamic/stories...07-16-17-53-53

US Senate Committee Passes FCC Indecency Bill
Adam Thomas

US Senate Commerce Committee today passed a bill that would allow FCC to fine broadcasters for slip of the tongue expletives, negating a ruling by federal appeals court in New York that commission's policy on 'fleeting expletives' is arbitrary and capricious.

The Protecting Children from Indecent Programming Act introduced by Senator John Rockefeller (D-WV) would effectively overturn the court decision on the Fox Television Stations v. FCC in which the court ruled: "We find the FCC's new policy sanctioning 'fleeting expletives' is arbitrary and capricious under the Administrative Procedures Act for failing to articulate a reasoned basis for its change in policy."

A mandate by Congress that a “fleeting expletive” can now be found indecent will create a vast chilling effect on broadcast speech, the advocacy group Center for Democracy and Technology claimed.

CDT points out that prior to this bill and the FCC’s policy change, the FCC exercised discretion in determining which utterances were indecent, and consistently found that one-time uses of curse words were not indecent.

The bill would empower FCC to find fleeting expletives indecent, it is highly likely that broadcasters will censor themselves even more to avoid being targeted by the Commission, the group argued.

But CDT also points out that if Senator Rockefeller’s bill becomes law, it will certainly force the courts to consider the constitutional question: Does the FCC have First Amendment authority to censor the use of a single curse word over the airwaves?

Currenty, FCC’s constitutional authority to regulate broadcast content rests on the 1978 Supreme Court case FCC v. Pacifica Foundatio in which the Court held that the FCC had properly found comedian George Carlin’s “Seven Dirty Words” monologue to be indecent.
http://pressesc.com/01184929170_senate_indecency_bill

Debate on Child Pornography’s Link to Molesting
Julian Sher and Benedict Carey

Experts have often wondered what proportion of men who download explicit sexual images of children also molest them. A new government study of convicted Internet offenders suggests that the number may be startlingly high: 85 percent of the offenders said they had committed acts of sexual abuse against minors, from inappropriate touching to rape.

The study, which has not yet been published, is stirring a vehement debate among psychologists, law enforcement officers and prison officials, who cannot agree on how the findings should be presented or interpreted.

The research, carried out by psychologists at the Federal Bureau of Prisons, is the first in-depth survey of such online offenders’ sexual behavior done by prison therapists who were actively performing treatment. Its findings have circulated privately among experts, who say they could have enormous implications for public safety and law enforcement.

Traffic in online child pornography has exploded in recent years, and the new study, some experts say, should be made public as soon as possible, to identify men who claim to be “just looking at pictures” but could, in fact, be predators.

Yet others say that the results, while significant, risk tarring some men unfairly. The findings, based on offenders serving prison time who volunteered for the study, do not necessarily apply to the large and diverse group of adults who have at some point downloaded child pornography, and whose behavior is far too variable to be captured by a single survey.

Adding to the controversy, the prison bureau in April ordered the paper withdrawn from a peer-reviewed academic journal where it had been accepted for publication, apparently concerned that the results might be misinterpreted. A spokeswoman for the bureau said the agency was reviewing a study of child pornography offenders but declined to comment further.

Ernie Allen, who leads the National Center for Missing and Exploited Children, which is mandated to coordinate the nation’s efforts to combat child pornography, said he was surprised that the full study had not been released. “This is the kind of research the public needs to know about,” Mr. Allen said. Others agreed that the report should be published but were more cautious about the findings. “The results could have tremendous implications for community safety and for individual liberties,” said Dr. Fred Berlin, founder of the Johns Hopkins Sexual Disorders Clinic. “If people we thought were not dangerous are more so, then we need to know that and we should treat them that way. But if we’re wrong, then their liberties aren’t going to be fairly addressed.”
Everyone agrees that researchers need to learn more about online consumers of illegal child images. The volume of material seized from computers appears to be doubling each year — the National Center collected more than eight million images of explicit child pornography in the last five years — and Attorney General Alberto R. Gonzales made child protection a national priority in 2006.

Those who are arrested on charges of possession or distribution of child pornography generally receive lighter sentences and shorter parole periods than sexual abusers. They do not fit any criminal stereotype; recent arrests have included politicians, police officers, teachers and businessmen.

“It’s crucial to understand the sexual history of all these offenders, because sometimes the crime they were arrested for is the tip of the iceberg, and does not reflect their real patterns and interests,” said Jill S. Levenson, an assistant professor of human services at Lynn University in Boca Raton, Fla., and head of the ethics committee of the Association for the Treatment of Sexual Abusers.

Previous studies, based on surveys of criminal records, estimated that 30 percent to 40 percent of those arrested for possessing child pornography also had molested children.

The psychologists who conducted the new study, Andres E. Hernandez and Michael L. Bourke, focused on 155 male inmates who had volunteered to be treated at the Federal Correctional Institution in Butner, N.C., according to a draft of the paper obtained by The New York Times from outside experts who want the study published.

The Butner clinic is the only residential program devoted to the treatment of sexual offenders in the federal prison system. The inmates in the study were all serving sentences for possession or distribution of child pornography.

About every six months as part of an 18-month treatment program, they filled out a record of their sexual history, including a “victims list” tallying their previous victims of abuse. Therapists encouraged the men to be honest as part of their treatment, and the sexual histories were anonymous, according to the paper.

The psychologists compared these confessions with the men’s criminal sexual histories at the time of sentencing. More than 85 percent admitted to abusing at least one child, they found, compared with 26 percent who were known to have committed any “hands on” offenses at sentencing. The researchers also counted many more total victims: 1,777, a more than 20-fold increase from the 75 identified when the men were sentenced.

Dr. Hernandez and Dr. Bourke concluded in the paper that “many Internet child pornography offenders may be undetected child molesters.” But they also cautioned that offenders who volunteer for treatment may differ in their behavior from those who do not seek treatment.

They submitted the paper to The Journal of Family Violence, a widely read peer-reviewed publication in the field, and it was accepted.

But in a letter obtained by The Times, dated April 3, Judi Garrett, an official of the Bureau of Prisons, requested that the editors of the journal withdraw the study, because it did not meet “agency approval.”

Editors at The Journal of Family Violence did not respond to phone or e-mail messages asking about the withdrawal.

Dr. Hernandez mentioned the research briefly during testimony before a Senate committee last year. But the bureau blocked Dr. Hernandez and Dr. Bourke from attending some law enforcement conferences to speak about the findings, said two prosecutors who did not want to be identified because they have a continuing work relationship with the bureau.

“We believe it unwise to generalize from limited observations gained in treatment or in records review to the broader population of persons who engage in such behavior,” a bureau official wrote to the organizers of a recent law enforcement conference, in a letter dated May 2 and given to The Times by an expert who is hoping the study will be published.

Some prosecutors say they could use the study to argue for stiffer sentences. While some outside researchers agreed that the risk of over-generalizing the study’s results was real, almost all the experts interviewed also said that the study should still be made public.

Dr. Peter Collins, who leads the Forensic Psychiatry Unit of the Ontario Provincial Police, called the findings “cutting-edge stuff.”

“We’re really on the cusp of learning more about these individuals and studies should be encouraged, not quashed,” Dr. Collins said.

Understanding the relationship between looking at child pornography and sexually assaulting children is central to developing effective treatment, psychologists say.

It is not at all clear when, or in whom, the viewing spurs action or activates a latent, unconscious desire; or whether such images have little or no effect on the offender’s subsequent behavior. But the relationship probably varies widely.

“My concern is about sensationalism, about the way something like this is handled in the media,” said Michael Miner, an associate professor in the department of family medicine at the University of Minnesota who treats sex offenders. “The public perception is that all of these guys will re-offend, and we know that just isn’t true.”

At least some men convicted of sexual abuse say that child pornography from the Internet fueled their urges. In a recent interview, one convicted pedophile serving a 14-year sentence in a Canadian federal prison said that looking at images online certainly gave him no release from his desires — exactly the opposite.

“Because there is no way I can look at a picture of a child on a video screen and not get turned on by that and want to do something about it,” he said. “I knew that in my mind. I knew that in my heart. I didn’t want it to happen, but it was going to happen.”

How many offenders does he speak for? The study may help answer that question, some say.

“The penalties we seek, the vigor with which we prosecute — the very importance we give to child pornography cases — all of these things are affected by what we know about the offenders,” said Leura G. Canary, the United States attorney for Middle Alabama who also leads the Attorney General’s Working Group on Child Exploitation and Obscenity. “And right now we know very little.”
http://www.nytimes.com/2007/07/19/us/19sex.html

Pupils Browse Porn on Donated Laptops

Nigerian schoolchildren who received laptops from a U.S. aid organization have used them to explore pornographic sites on the Internet, the official News Agency of Nigeria (NAN) reported Thursday.

NAN said its reporter had seen pornographic images stored on several of the children's laptops.

"Efforts to promote learning with laptops in a primary school in Abuja have gone awry as the pupils freely browse adult sites with explicit sexual materials," NAN said.

A representative of the One Laptop Per Child aid group was quoted as saying that the computers, part of a pilot scheme, would now be fitted with filters.
http://news.yahoo.com/s/nm/20070720/...FG8XwBExgZ.3QA

Fish 'n' chips

CEO Accused of Building Secret Drug, Sex Lair
AP

The co-founder of semiconductor maker Broadcom Corp., under scrutiny in a federal stock options probe, was accused seven years ago of building an underground hideaway at his estate to indulge in drugs and sex with prostitutes, according to court documents.

In a draft complaint made against Henry T. Nicholas III, a construction crew claimed the billionaire failed to pay them millions of dollars for work performed between 1998 and 2002, and used "manipulation, lies, intimidation, and even death threats" when anyone threatened to quit.

The illegal network of tunnels and rooms underneath Nicholas' Laguna Hills estate was kept secret from his wife and city officials, the documents said.

The purpose of one secret room was to allow Nicholas to "indulge his appetite for illegal drugs and sex with prostitutes," the crew claimed.
http://news.newstimes.com/news/updat...e=news_updates

18-07-07, 10:15 AM	#1
JackSpratts Join Date: May 2001 Location: New England Posts: 10,017	Peer-To-Peer News - The Week In Review - July 21st, '07 Since 2002 "If in fact the book is posted online or the ending is revealed prior to midnight on Friday, it will not result in us selling a single less copy of the book." – Steve Riggio "The trio are not worried about 'spoilers,' who are people who spoil the ending of the book by shouting it to people waiting in line to buy it. Spoilers learn how the book ends by reading snippets on the Internet. Whole copies of the book have been pirated and reprinted on the Web. To avoid spoilers, people wear earplugs or listen to music while waiting in line." – Mark Langlois "A customer told the [bookstore] owner, Christine Onorati, that the last time she went to a “Harry Potter” party, a 6-year-old flipped to the end of “Harry Potter and the Half-Blood Prince” and screamed, 'Snape xxxxxx Dumbledore!' So Ms. Onorati decided to hold an adults-only party." – Motoko Rich "We cannot tolerate the situation when only 10 percent of the Kalashnikovs are manufactured legally. We cannot stand for this. We must fight." – Sergey V. Lavrov "Don’t follow your mentors, follow your mentors’ mentors." – David Leach July 21st, 2007 High finance RIAA Settles for 300 Bucks NewYorkCountryLawyer In a North Carolina case, Capitol v. Frye, the RIAA has accepted a $300 offer of judgment made by the defendant. This is the first known use, in the RIAA v. Consumer cases, of the formal offer of judgment procedure which provides that if the plaintiff doesn't accept the offer, and doesn't later get a judgment for a larger amount, the plaintiff is responsible for all of the court costs from that point on in the case. The accepted judgment in the Frye case also contains an injunction — much more limited than the RIAA's typical 'settlement' injunction — under which defendant agreed not to infringe plaintiffs' copyrights. http://yro.slashdot.org/yro/07/07/15/2125234.shtml The details RIAA Spends Thousands to Obtain $300 Judgment Eric Bangeman What's the cost of file-sharing? For Terri Frye of Hickory, NC, it was $300. That's the amount she'll have to pay the RIAA after agreeing to a judgment in a file-sharing case. Frye is a single mother living in state-supported housing who received one of the RIAA's settlement letters in November 2005. Wanting to defend her innocence, she immediately contacted a lawyer. "She did a good thing, finding a lawyer as soon as she found out [the RIAA] was pursuing her," Joey Long, one of her attorneys, told Ars Technica. "It's what every person should do when they receive a settlement letter." Despite contacting Frye in late 2005, the RIAA did not actually file suit until March of this year. In the intervening period, Frye repeatedly informed the RIAA that they had the wrong person. Even if she was guilty of infringement, another of Frye's attorneys, Matthew K. Rodgers, told the labels that she couldn't afford to pay damages of up to $750 per song due to her financial situation. The correspondence between the RIAA's legal counsel and Frye's between the time of the settlement letter and the filing of the lawsuit paints a picture of the RIAA's unwillingness to budge at all from its position that Frye was either directly or indirectly responsible for infringement, despite her protestations to the contrary. It also showed a troubling lack of communication within the RIAA. According to a filing by Frye, the RIAA agreed to give her until May 16 to file an answer to their complaint. Then, on May 4, the plaintiffs informed Long that they were going to file for a default judgment, saying that the agreed-to extension was "not in the file." As early as December 2005, Frye offered to work with the labels "to avoid any liability and will agree to any reasonable condition that would avoid the payment of any penalties." The following month, she was informed that the RIAA would not "release" her from the claims of infringement, and even if she offered the RIAA an affidavit identifying the person she believed responsible for the infringement, the record labels would not agree to drop their claims against her without having the affidavit in hand. After months of back-and-forth between the RIAA and Frye, the RIAA filed suit in March of this year. This came despite Frye's assertions that she had told the owner of the PC associated with the account about the RIAA's inquiries and that the owner subsequently deleted all the incriminating evidence. "The RIAA wanted us to reveal who actually committed the infringement," said Long. But absent any assurances that she would not be held liable for infringement herself, she was unwilling to divulge the information herself. The end result is that the RIAA likely spent thousands of dollars to obtain a $300 judgment. And although Frye agrees to be enjoined against future copyright infringement, she does not admit to any wrongdoing. We asked Long if Frye was going to work with the record labels to identify the person actually responsible for the infringement now that the case has been closed and a judgment entered. "I can't disclose any of the information about that," Long told Ars. "It's between us and them." The RIAA's prelitigation settlement letters say that defendants are liable for costs of $750 per song. MediaSentry flagged 706 songs on the computer that became the basis for the lawsuit, and at $750 per song, that works out to a total of $529,500. The RIAA settled for a minuscule fraction of that number, one curiously close to the 70¢-per-track figure a record industry attorney said is close to the labels' share of each track sold. File-sharing defendants have argued that the $750-per-track damages sought by the RIAA are excessive, and here we have them accepting a judgment for about 40¢ per track. The RIAA appears willing to extract even a miniscule settlement from a single mother on federal assistance who was willing to help them discover the true identity of the alleged infringer rather than walk away emptyhanded. http://arstechnica.com/news.ars/post...-judgment.html Losing streak RIAA v. Santangelo Default Judgment Vacated NewYorkCountryLawyer It was reported last week that at the July 13th status conference in Elektra v. Santangelo II, the default judgment taken by the RIAA against Patti Santangelo's daughter, Michelle, was vacated by Judge Stephen C. Robinson. This has now been confirmed in papers filed by the RIAA's lawyers in which they indicated that the Judge vacated the default judgment because he prefers cases to be decided on their merits, rather than by default. The papers sought $513 in attorneys fees for (a) procuring the default judgment and (b) preparing judgment enforcement documents. Patti Santangelo is the first RIAA defendant known to have moved to dismiss the RIAA complaint. After two years of litigation, the RIAA dropped its case against Patti Santangelo, leaving open only the question of whether the RIAA will be ordered to pay her attorneys fees. http://yro.slashdot.org/yro/07/07/19/189249.shtml Judge Awards $68,685.23 in Attorneys Fees Against RIAA in Capitol v. Foster Ray Beckerman In Capitol v. Foster, in Oklahoma, the Court has order the RIAA to pay the defendant Debbie Foster $68,685.23 in attorneys rees and costs. This is the first attorneys fee award, of which we are aware, against the RIAA. Ms. Foster was represented by Marilyn Barringer-Thomson of Oklahoma City, Oklahoma. http://recordingindustryvspeople.blo...neys-fees.html Music Industry Countersued Soldier: Record labels violated his privacy, abused copyright law Andrew Eder Music-industry litigation tactics against suspected online music pirates face a challenge in Tennessee, with an Army sergeant arguing that record labels have engaged in a “conspiracy” to defraud courts and violate privacy rights. The claims come in response to a lawsuit against Nicholas Paternoster of Clarksville, Tenn., 33, soldier at nearby Fort Campbell, who is accused of infringing copyrights by using the peer-to-peer file-sharing program Kazaa to distribute songs online. The lawsuit was one of seven filed across the state in March by the record labels in a litigation campaign coordinated by the industry’s Washington-based trade group, the Recording Industry Association of America. The RIAA has targeted hundreds of college students with lawsuits — including dozens at the University of Tennessee — in a well-publicized push to curb illegal downloading, which the industry says has crippled record sales. At the same time, the RIAA has continued to go after users of commercial Internet service providers, like the seven people sued in Tennessee. Since September 2003, when the litigation campaign was launched, recording industry attorneys have pressed more than 21,000 instances of legal action nationwide, according to the RIAA. Of the seven Tennessee cases filed in March, court records show that only Paternoster has challenged the recording industry’s charges. His Nashville attorneys filed a response to the record labels’ lawsuit last week. In the response, Paternoster denies the allegations of copyright infringement and responds with a counterclaim charging that the record labels are abusing copyright law. The labels, “ostensibly competitors in the recording industry, are a cartel acting together in violation of the antitrust laws and public policy,” allege Paternoster’s attorneys from the Nashville law firm Beam & Rogers. The countersuit points out that although the recording industry singled out only six songs whose copyrights were infringed, the complaint includes screenshots of more than 4,600 files from Paternoster’s personal computer, including hundreds of apparently pornographic pictures and movies. According to another document filed in the case, Paternoster was unaware that the Kazaa software was installed on his computer. While on a tour of duty in Germany from 2004 to 2005, the document says, another soldier downloaded the software and set up a Kazaa account under Paternoster’s name. Last summer Paternoster discovered the software and “thousands of files downloaded on his computer by the soldiers he housed,” and he uninstalled the software and deleted the files, according to the document. Kazaa and other file-sharing networks often make a computer’s files available for download by other network users, which allows the RIAA’s investigators to document instances of copyright infringement. The file-sharing option can be disabled, but many users never realize they are making their files available. By including the full list of Paternoster’s files in the public record, the record labels invaded his privacy and are trying to “shame” him into accepting their demands, his attorneys argue. “Such actions by the Counter-Defendants are a blatant misuse of their right to investigate potential copyright infringement and violate public policy,” the countersuit reads. The attorneys list a host of other common complaints about recording industry tactics, including targeting dead, disabled and unknowledgeable people with lawsuits; relying on Internet Protocol addresses to identify defendants; making “extortionate threats” and seeking “exorbitant settlement amounts” through the RIAA; and invading defendants’ privacy by pursuing “John Doe” lawsuits and subpoenas without the individual’s knowledge. Attorneys for the record labels from the Nashville law firm Bowen Riley Warnock & Jacobson would not comment on the case, referring questions to the RIAA. “We try to be fair and reasonable in resolving these cases,” said RIAA spokeswoman Cara Duckworth. “Our aim is not to be in court, but to seek appropriate retribution for the damage done to the industry.” Of the other six recent lawsuits in Tennessee, three have been dismissed, one has been settled for more than $9,000, and the record labels are seeking default judgments for $7,500 and $4,500 against two other defendants who did not respond to summonses. Duckworth said the majority of dismissed cases are the result of settlements, although she would not discuss individual cases. One defendant whose lawsuit was dismissed, Jerrel Lovett of Columbia, Tenn., said Tuesday that he paid a settlement, although he wouldn’t say how much. Another lawsuit target, Melissa Corbett of Memphis, could not be reached for comment. The third defendant whose lawsuit was dismissed is Debbie Brackins of Sevierville. Reached Tuesday, Brackins would not say whether she paid a settlement. “It’s done and it’s over, and I don’t ever want to discuss it again,” she said. http://www.knoxnews.com/news/2007/ju...y-countersued/ University of Kansas Adopts One-Strike Policy for Copyright Infringement Eric Bangeman In response to the RIAA and MPAA's campaign against file-sharing, the University of Kansas has announced a stringent policy for students found sharing copyrighted content on the university network. Students fingered for file-sharing would be kicked off of the residence hall network, although they would still be able to use campus computer labs. A brief notice on the University of Kansas ResNet site explains the university's new position very succinctly. "If you are caught downloading copyrighted material, you will lose your ResNet privileges forever," reads the notice. "No second notices, no excuses, no refunds. One violation and your ResNet internet access is gone for as long as you reside on campus." Presumably, the University is referring to illegally downloaded copyrighted material, as there is plenty of copyrighted material that can be downloaded legally. Formerly, KU had a three strikes policy, but the new policy is one of the most stringent we have seen. Other schools have tightened their policies on copyright infringement since Big Content ratcheted up its fight against on-campus file-sharing. For one, Stanford University has made file-sharing a potentially very expensive proposition with its reconnection fees. First-time offenders will have to pay a $100 reconnection fee, with subsequent offenses assessed reconnection fees of $500 and $1,000. Along with the $1,000 fee, students will be referred to Judicial Affairs for disciplinary action after a third offense. Ohio University has taken a different approach to file-sharing, choosing to ban all P2P traffic from its network. Although it has had the effect of shutting down some of the file-sharing that occurs on its campus network, it has also had the effect of pushing some of the P2P traffic to darknets. A KU spokesperson told the Lawrence Journal-World that the increased number of takedown notices has led to the new policy. The school received 345 complaints in 2005, up from 141 the year before. "It's serious business. Students need to take notice," KU spokesman Todd Cohen told the Journal-World. Cohen also noted that the school had received 23 prelitigation settlement letters from the RIAA on the same day the new policy was announced. Another factor in KU's move may be recent rumblings from Congress. In May, Rep. Lamar Smith (R-TX) of the House Judiciary Committee issued an ominous warning to schools, telling them that they need to do something about piracy or Congress would be forced to act. "We want to know exactly what they plan to do to stop illegal downloading on their campuses," said Smith. "Universities have a moral and legal obligation to ensure students do not use campus computers for illegal downloading." The end result may be an expensive technological arms race between schools and technologically-savvy students. KU's new policy is likely to have the desired effect of discouraging most casual P2P users while driving towards darknets. http://arstechnica.com/news.ars/post...ringement.html Top EU Court Official Says ISPs Shouldn't Have to ID Alleged Infringers Eliot Van Buskirk Here in the US, the RIAA can issue a John Doe subpoena to any ISP demanding to know which of its subscribers was using a given IP address to share copyrighted music at a certain time. Although the RIAA has tried to circumvent this system, it forms a cornerstone of the organization's legal strategy against those it suspects of infringement. Labels and their legal representatives could have a harder time employing a similar strategy across the pond. An advocate general for the European Court of Justice has issued an opinion stating that ISPs targeted by civil copyright cases in the European Union should not have to identify allegedly-infringing subscribers when pressured to do so by label representatives. The Spanish version of the RIAA -- Promusicae -- had sued the Telefonica ISP, demanding that it release the identities of allegedly infringing subscribers, but Telefonica refused, claiming that it could only turn over such information as part of a criminal prosecution. This could be a big hurdle for the record industry P2P litigation strategy in Europe, but we won't know until later this year. According to MarketWatch, "The adviser's opinion will be reviewed by the court's panel of judges before a final ruling sometime later this year. The judges follow their advisers' opinions about 80% of the time." http://blog.wired.com/music/2007/07/...-court-of.html Copyfraud Jason Mazzone Brooklyn Law School Brooklyn Law School, Legal Studies Paper No. 40 New York University Law Review, Vol. 81, p. 1026, 2006 Abstract: Copyfraud is everywhere. False copyright notices appear on modern reprints of Shakespeare's plays, Beethoven's piano scores, greeting card versions of Monet's Water Lilies, and even the U.S. Constitution. Archives claim blanket copyright in everything in their collections. Vendors of microfilmed versions of historical newspapers assert copyright ownership. These false copyright claims, which are often accompanied by threatened litigation for reproducing a work without the owner's permission, result in users seeking licenses and paying fees to reproduce works that are free for everyone to use. Copyright law itself creates strong incentives for copyfraud. The Copyright Act provides for no civil penalty for falsely claiming ownership of public domain materials. There is also no remedy under the Act for individuals who wrongly refrain from legal copying or who make payment for permission to copy something they are in fact entitled to use for free. While falsely claiming copyright is technically a criminal offense under the Act, prosecutions are extremely rare. These circumstances have produced fraud on an untold scale, with millions of works in the public domain deemed copyrighted, and countless dollars paid out every year in licensing fees to make copies that could be made for free. Copyfraud stifles valid forms of reproduction and undermines free speech. Congress should amend the Copyright Act to allow private parties to bring civil causes of action for false copyright claims. Courts should extend the availability of the copyright misuse defense to prevent copyright owners from enforcing an otherwise valid copyright if they have engaged in past copyfraud. In addition, Congress should further protect the public domain by creating a national registry listing public domain works and a symbol to designate those works. Failing a congressional response, there may exist remedies under state law and through the efforts of private parties to achieve these ends. http://papers.ssrn.com/sol3/papers.c...#PaperDownload Copyright vs Community in the Age of Computer Networks Copyright developed in the age of the printing press, and was designed to fit with the system of centralized copying imposed by the printing press. But the copyright system does not fit well with computer networks, and only draconian punishments can enforce it. The global corporations that profit from copyright are lobbying for draconian punishments, and to increase their copyright powers, while suppressing public access to technology. But if we seriously hope to serve the only legitimate purpose of copyright -- to promote progress, for the benefit of the public -- then we must make changes in the other direction. This talk by Richard M. Stallman is broken into two parts: the main talk and the question and answer sessions following the talk. Both are available in only OGG/Theora format in keeping with Stallman's wishes. They are available under the Creative Commons NoDerivs 1.0 http://www.csclub.uwaterloo.ca/media...0Networks.html “iTorrent”: A BitTorrent Client for your iPhone? Ben Jones The possibility of file sharing whilst walking down the street is closer than you might think. Carrying a BitTorrent client in your pocket is getting closer, with the release of new high-powered communication tools, such as the much publicized Apple iPhone. It would almost seem as if TorrentFreak is the only technologically based news site to have not carried some sort of piece about the iPhone, in one form or another. In order to correct this deficit, we wondered ‘would it be possible to torrent on one? After all, what can be more iconic than using something (potentially) dubbed iTorrent? The technical specifications of the device certainly make it possible. It has more than enough cpu power for it, assuming a nice, tightly coded client was written. The built in WiFi (802.11b/g) and use of the EDGE 2.75G wireless network data transfer system allows a fairly widespread availability of reception. According to one of the developers of the ‘iPhone-binutil‘ project, going by the name ‘geohot’, the only obstacle stopping it from making an application like “iTorrent” happening is their current lack of coding ability for the iPhone. The file system is open, and media players already exist, if for nothing else than playing media from iTunes. On of the downsides it that, for many, the 3.4Gb free on a brand new phone (or 7.4Gb, if you went for the bigger one) may not be enough to hold much data, but it all depends on what you torrent. Bigger problems are that the battery will last only in the region of 6-8 hours at best (according to Apple’s figures) which isn’t the greatest. Additionally, many users have reported the wifi connections being on the slow side as far as data transfers go. Using EDGE is a lot slower, about 30k/sec max. Of course, the benefits are that you can carry it around with you, and you have the wide range of content available, with the benefits of torrent file’s typical pricing (free). Of course, time will tell. Meanwhile, the lack of MMS on the iPhone has been a small thorn in the side of many owners. However, there is help at hand in the form of a workaround. More details here. http://torrentfreak.com/itorrent-a-b...r-your-iphone/ ZipTorrent Pollutes and Slows Down Popular Torrents Ernesto BitTorrent users are facing a new enemy. A BitTorrent client named ZipTorrent, allegedly created by our friends from the anti-piracy organization Media Defender, leeches bandwith and spreads useless data chunks. The goal of ZipTorrent is to slow down popular downloads as much as possible. They use hundreds of these clients at the same time and this can potentially bring the average download speed down to zero. Even more so, it is not unlikely that it will record your IP-address in the process so they can send you a copyright infringement notice on top of it. On the Media Defender website we read: “Decoying and Spoofing are the most commonly known techniques that we employ. We send blank files and data noise that look exactly like a real response to an initiated search requests for a particular title.” According to ubisuck over at the mininova forums, Media Defender is doing just this with ZipTorrent. Apparently the fake client is a mod of the popular BitTorrent client Azureus which can be configured to send fake data. Here’s a full screenshot of the ZipTorrent configuration screen. As you will see, there are some dubious settings like “fake upload ratio mode”, “no upload” and “safe fake download”. It is not hard to check whether you are connected to these fake clients. In the peers list of your BitTorrent client they will show up as “ZipTorrent” and most of the time you will be connected to a bunch of them all originating from similar IP addresses with either 0% or 100% of the file completed. However, there are blocklists to stop these malicious clients from connecting to your BitTorrent client. Pasted below is a list of the known IP-ranges ZipTorrent is on. The ranges were identified by The Pirate Bay team and are posted in several forums. You might want to add these to the blocklist of your BitTorrent client or PeerGuardian. There’s one problem though, Media Defender will probably move to new IPs if they read this, a never ending story. http://torrentfreak.com/ziptorrent-p...ular-torrents/ eEsel come eEsel go German eDonkey Servers Shut Down FILE-SHARING service eDonkey suffered a body blow last Friday as German music industry lawyers won a fight in the battle to to shut down the 'Donkey servers. The District Court in Hamburg has made a temporary injunction to the operator of an eDonkey server. Heise reports that the computer must be taken offline for "as long as the range of music files offered for download via the server contains illegal files." While the server itself did not host any illegal files - being a P2P service after all - the server operator was snagged for having "willingly and in a causal fashion assisted in the illegal disturbance." "We shall in future take legal action against any operator of a P2P network srver who makes tracks available ilegally," warned International Federation of the Phonographic Industry (IFPI) director Peter Zombik. He went on to say that it's "sad to see the inherently beneficial P2P network technology still being used to violate copyright on a massive scale." Stefan Michalk of the IFPI told Heise that, after the move, it's up to the ISPs to lend a helping hand. http://www.theinquirer.net/default.aspx?article=41056 Driveway Allows File Sharing up to 500MB Per File pelf If you’ve had problems sending very large files via the Internet, you may want to read more about Driveway. Driveway is a FREE online file sharing service and any system that is Internet-accessible and has a browser can be used for this purpose. There is NO NEED to register for an account, and you may start using Driveway right away. To upload and download files: 1. Select the files you wish to upload or download. 2. Provide your e-mail ID (optional) if you’d like to receive the “Download” and “Delete” links by email. If you do not enter your email ID, you will not be able to download or delete the file. 3. Depending upon your purpose of usage, click on “Send Files for Read” or “Send Files for Edit” option. If you had not entered your email ID, only the file read or file edit link would appear on the confirmation page. You can save these links for downloading the files anytime in future. The next-best-thing is that you can upload multiple files with a maximum size limit of 500 MB per file! So with Driveway, you don’t have to split that PowerPoint presentation into a few smaller files, which was what I used to do back when the highest thumbdrive capacity was 128MB! And if you’re done with the file and would like to delete it from the system or whatever, just enter your email ID when you uploaded the files and you will receive an email with links to download or delete the file. Click on the “Delete” link of the particular file and it will be deleted from the Driveway System immediately. Please note that files are kept in the Driveway System for up to 90 days from the last date of access to the file. So if you don’t want your files to be scattered in the Internet, you might want to remember removing them after you’re done http://chenpn.com/2007/07/18/drivewa...00mb-per-file/ Net Radio "Compromise" Hinged on DRM Adoption Ken Fisher As we reported Friday, the looming royalty crunch on Internet radio that would have begun today (July 15) was narrowly averted last week by a temporary reprieve from SoundExchange. Now it appears that a lasting compromise is indeed possible, but such a compromise will likely mean mandatory DRM (Digital Rights Management) for Internet radio. The original decision by the Copyright Royalty Board would have tripled royalties over the next three years: an increase which many webcasters said would straight-up put them out of business. Political positioning or not, SoundExchange didn't want July 15 to be a date that lived on in infamy, so they offered a temporary reprieve and laid out the terms for a new compromise. We have to agree with Rep. Jay Inslee (D-WA), who warned that a July 15th cut-off could have made the situation rather unfavorable for SoundExchange. "Whatever congressmen and women have heard to date, you're going to hear five to ten times as much after July 15 [if net radio stations go dark]," Inslee told a hearing of the House of Representatives Subcommittee on Small Business. That catastrophe has been averted, and SoundExchange looks ready to deal. Yet it appears that the CRB-backed royalty increase and the increased per-station fees may be leveraged to accomplish something else the music industry would really like to see: Internet radio locked down in DRM. After news of the temporary compromise broke, SoundExchange eventually distributed a press release that characterized its compromise offer. It speaks for itself (emphasis added): "SoundExchange has offered to cap the $500 per channel minimum fee at $50,000 per year for webcasters who agree to provide more detailed reporting of the music that they play and work to stop users from engaging in 'streamripping'—turning Internet radio performances into a digital music library," reads the statement. A source at a major MP3-based Internet radio station who did not want to be named told Ars Technica that this is not the first time that SoundExchange has expressed interest in seeing streaming media locked down with DRM, but this is the first time it has been laid down on the table as absolutely necessary to any compromise that would deviate from the royalty agreement already approved by the Copyright Board. The source also tells me that DRM is the only plausible "tool" at the disposal of webcasters to accomplish SoundExchange's goal of working to stop music "streamripping." It would appear that the more things change, the more they stay the same. The music industry is very worried about users recording Internet radio for the purposes of "disaggregating" music, and the message seems to be that if webcasters will scratch the industry's back, then a better deal is possible. Too bad it's a deal that could kill another potential avenue of fair use (recording radio), and limit users' ability to enjoy radio by limiting playback to clients that support DRM. http://arstechnica.com/news.ars/post...-adoption.html Digital Freedom Campaign Responds to Latest RIAA Attempts to Hold Internet Radio Hostage Press Release RIAA Admits 'Stream-ripping' Is Not a Problem The Digital Freedom Campaign today responded to a statement made by Recording Industry Association of America Senior Vice President of Government Relations, Mitch Glazier in a recent edition of Technology Daily, noting that "stream-ripping," an unrelated issue to the current Internet radio royalty rate debates, was not necessarily a problem. Mr. Glazier, addressing the logic behind a sudden effort by the recording industry to require webcasters to adopt anti-'stream-ripping' technology was asked whether stream-ripping was even a problem, stated, "why wait until it is a big problem to start addressing it? There are available technologies in the marketplace to address this issue." The 'stream-ripping' issue is not relevant to the Internet royalty rate decision by the Copyright Royalty Board in March, and was not mentioned in the CRB ruling. "The music industry's top lobbyist is calling for the implementation of a burdensome, costly, and completely unnecessary technology by webcasters who play and promote the artists the RIAA claims to represent. He then admits that the issue is "not a big problem," said Jennifer Stoltz, a spokesperson for the Digital Freedom Campaign. "For the RIAA to try to impose unrealistic and wholly unnecessary technical mandates on an innovative and vibrant industry as part of larger, unrelated negotiations process is baffling. "The specific issue at hand is not commercial piracy, but rather fair use of legally recorded music for personal use, which is perfectly legal," Stoltz continued. "Requiring webcasters to implement mandatory digital rights management technologies to prevent any personal recording of Internet radio streams is an imposition on both webcasters and consumers. It is a costly solution without even a hint of a problem. There is no evidence whatsoever that stream-ripping or commercial piracy from Internet radio is an issue, and the RIAA and SoundExchange should proceed with the ongoing negotiations with webcasters without demanding provisions that would further harm and inconvenience Internet radio listeners." The Digital Freedom Campaign supports the fair compensation of artists for their work, but also believes the imposition of unsustainable fees on internet broadcasters will hurt innovators, music fans, and independent and non- mainstream musicians. The moratorium on the imposition of new fees on Internet broadcasters while negotiations toward a resolution are underway is positive for the industry as a whole. That said, the DFC is extremely concerned by reports that, as part of the "compromise," SoundExchange has demanded that all internet radio stations implement mandatory digital rights management technologies. No evidence has been produced to justify this extraordinary imposition on consumers, and is unfortunate that as the record industry is moving away from DRM that frustrates digital music buyers, SoundExchange is attempting to foist new DRM mandates on digital radio listeners. The Digital Freedom Campaign fights for consumer rights in a digital age that enables literally anyone and everyone to be a creator, an innovator or an artist -- to produce music, to create cutting-edge videos and photos, and to share their creative work. Digital technology empowers individuals to enjoy these new works when, where, and how they want, and to participate in the artistic process. These are basic freedoms that must be protected and nurtured. The Digital Freedom campaign is dedicated to defending the rights of students, artists, innovators, and consumers to create and make lawful use of new technologies and lawfully acquired content free of unreasonable government restrictions and without fear of costly and abusive lawsuits. For more information about the Digital Freedom campaign, please visit us at http://www.digitalfreedom.org/. http://sev.prnewswire.com/radio/2007...9072007-1.html FMC Files Complaint Over Clear Channel Practices FMQB Last month, the Future of Music Coalition (FMC) accused Clear Channel of forcing musicians to give up their digital copyrights in order to get the airplay that is required under the payola consent decree. Now the FMC has formally filed a complaint with the FCC over the matter. In the FMC's filing, the organization is asking that the FCC rule that artists who waive their digital rights in exchange for airplay are actually sponsoring broadcasts, and rules relating to sponsorship should apply to those artists. The FMC notes that it has filed the complaint to "resolve any possible uncertainty as to the applicability of the commission's sponsorship-identification rules to certain broadcast programming carried by Clear Channel Communications Inc." "This is naked and transparent pay-for-play," said FMC policy director Michael Bracy. "The fact that Clear Channel would ask artists to give up a valuable royalty as a condition of even having their song considered for airplay questions their commitment to stamping out payola. The fact that the move comes as part of the payola settlement is unbelievable. Clear Channel has responded to allegations of payola with payola." Last week, Senator Russ Feingold (D-WI) sent an open letter to the heads of CBS Radio, Citadel, Clear Channel and Entercom, questioning their commitment to ending payola in radio. The letter was prompted by the FMC's accusations against CC. http://fmqb.com/Article.asp?id=440611 Disney Music Label Offers New CD Format Yinka Adegoke Walt Disney Co. music label Hollywood Records is offering a new CD format with extra features to encourage compact-disc purchases in a bid to reverse declining CD sales. Hollywood Records on Wednesday unveiled its new CDVU+ (CD View Plus) format with digital magazine extras, song lyrics, band photos and other extras to boost fan loyalty. The new format also replaces the traditional CD booklet and plastic jewel case with recyclable packaging. Teen punk band Jonas Brothers will be the first act to use the technology when they release their self-titled album on August 7. Music companies have been seeking new ways to give buyers more value from recorded music sales in hopes of turning around declining sales trends of regular CDs. U.S. CD sales were down nearly 20 percent in the first half of 2007 as more young buyers digitally download music and piracy runs rampant. Disney executives hope to hold the interest of fans by offering content similar to the extras on movie DVDs and convince them that pure music products still offer good value. Recorded music is also competing with video games and other forms of entertainment for a share of consumers' disposable income. The content on a CDVU+ can be downloaded and accessed online and off. The label said the extra content had been produced for the new format rather than using the band's outtakes or widely available material, such as existing music videos. "We really believe if you're going to give consumers what they want, we should do it in a way they're used to," said Ken Bunt, Hollywood Records' senior vice president of marketing. Hollywood Records is a label within Disney Music Group, which last year had the two biggest selling CDs in the U.S., the High School Musical soundtrack and country singer Rascal Flatts' "Me And My Gang." Other acts include Hilary Duff and Hannah Montana/Miley Cyrus. Bunt said the company is already making plans to release albums from Duff and two other big selling acts -- The Cheetah Girls and Atreyu -- on CDVU+. http://www.reuters.com/article/techn...21191420070718 Record Labels Try to Bottle up Leaks Music executives say prerelease album exposure hurts sales, and they're cracking down on a key source of the piracy: the media. Eric Benderoff Prince's newest album, "Planet Earth," won't hit stores until July 24, but it's possible to buy it now on eBay -- and that's not unusual. Prerelease "leaks" of promotional albums now are commonly found at file-sharing Web sites or on eBay months before an official release date, and once out, can gain massive distribution within hours through downloads on peer-to-peer online music networks. Last year, high-profile releases by such groups as The Strokes, The Flaming Lips and The Red Hot Chili Peppers were available illegally online weeks before their launch. More recently, Jack White of The White Stripes gave a Chicago radio station a tongue-lashing this summer for playing his new album, "Icky Thump," three weeks before its release date. The album showed up on various file-sharing sites later that day. Record companies say such leaks damage sales, and they're cracking down on a key source of prerelease piracy: the media. Labels are beefing up security by using new encryption and digital watermarking technologies on promotional copies, making it possible to track down the source of unauthorized copies. They also are turning to services such as Web Sheriff or MediaDefender, which aggressively surf the Web for leaked digital copies of music, movies and other copyright-protected content. When content is found, these companies seek to take it down, or in the case of MediaDefender, flood the Web with bogus or "spoof" MP3 files that have the same name as the music but are empty. On the peer-to-peer networks notorious for pirated copies of music, fans who want a given recording may have to sift through countless bogus files before finding the real thing. "We create a 'needle-in-the-haystack' for people who want the music," said Randy Saaf, MediaDefender's chief executive. "When the stuff gets out there, it's our theory that you can't put the toothpaste back into the tube." The new tactics are part of the battle to stop sliding music sales. Album sales -- including digital and physical copies -- have fallen 15 percent so far in 2007, according to statistics released earlier this month from Nielsen Soundscan. That is on top of a 13 percent slide in CD shipments in 2006, according to the Recording Industry Association of America, continuing a trend that saw CD shipments fall in five of the last six years. Ironically, record labels are finding the promotional cycle they've long used to build buzz for a new release can backfire in the Internet age. Thousands of copies are sent to reviewers, record stations and others close to the music business months in advance of the release date to get fans interested in the music and stoke demand. But illegal album copies often are leaked well before official release dates, putting a dent in sales and, at times, forcing labels to push up an album's launch. For music, "every major release can be found on the Internet typically two to four months before the label intends to release an album," said John Giacobbi, managing director and founder of Web Sheriff Ltd. "It can get out of hand very quickly and cut sales in half." "For any release that is expected to sell over 8,000 copies, we'll usually find a CD for sale [on eBay] before the release date," said Nan Warshaw, a co-owner of Chicago's Bloodshot Records. "Most likely they are from media reviewers." Sometimes, the artist speaks up. On May 30, three weeks before the June 19 release of the White Stripes' "Icky Thump" album, Chicago radio station WKQX-FM 101.1, known as Q101, played the entire album on the air without approvals from the band's label, Warner Bros. Records, or the band. "That was the original leak of the album," Giacobbi said. "Word got around of this pretty quickly and then everyone started to rip the stream." Some listeners who heard the broadcast started making copies, one of which made it to the Swedish peer-to-peer Web site The Pirate Bay, where fans could download the "Q101 radio rip" of "Icky Thump." The quality was poor, but lead singer Jack White was so irate at the radio leak that he called from a tour in Spain "looking specifically for me, to yell at me for leaking the album," wrote Electra, the Q101 disc jockey who played the album during her show, on her blog. When White called, her show was off the air so she took the call with two other deejays. The conversation happened off the air. "We tried to explain where we were coming from -- someone gave us a copy of a record that we were really excited to play, and the whole experience was an hourlong lovefest for him and his band -- but he wasn't having it," Electra wrote. "He hung up, very, very angry and I thought I was going to cry." The leaked copy came from someone associated with the record, said Marv Nyren, the regional vice president and general manager in Chicago for Emmis Communications, which owns the stations. The person with the album told the station that a few songs already were being played in Europe. "We told the label we had a copy of the album," Nyren said, "and that we would like to play it once." The label said they didn't really want the station to play the album, but we "don't think we'll send you a cease-and-desist order" if you do, Nyren said. So the station was under the impression that it would be OK if it played the album, just once. "Radio stations have been doing this for 50 years. We get music in advance and we play it," he said. "Many labels say they'll send it to us because they want us to play the [music]. We never, ever try to hurt an artist. It doesn't do me any good to have Jack White mad at us." Warner Bros. could not be reached for comment. Although many people on the Web speculated that the episode was a stunt to promote the album, it was not, and the station apologized to White and the record label. Bloodshot's Warshaw understands why White was angry. "It was not supposed to happen," she said. "It was something beyond his control." That is the main reason why labels want to slow the prerelease piracy, because it takes control out of their hands. "After the release date, it's about educating fans," she said. "By stealing a CD [getting it from a friend or on a peer-to-peer network], it's taking money out of the band's hands. "But prerelease, it's about leaking material. You can try to control it," she said. One way Bloodshot is trying to control the problem is by limiting the number of tracks reviewers receive of certain recordings. Instead of sending the entire album, the label will distribute two MP3s to reviewers. Other reviewers still receive a CD, but if they are found to be selling prerelease discs at sites such as eBay, Bloodshot removes them from its lists. Giacobbi, with Web Sheriff, says many CDs sent to reviewers can be traced. Some recordings could have a special watermark; others, a certain digital code. "We terminate dozens of auctions on eBay every day," he said of his 20-person team that constantly monitors the Internet for violations. "And then we try to get information on the seller and go after them." Web Sheriff works with dozens of labels in the U.S. and the United Kingdom. For a digital leak, it can track which Internet service provider was used for sending music files to a peer-to-peer network. It sends a note to the ISP, which then can then notify the computer user they are engaging in illegal activity. Each computer's Web connection has a unique Internet protocol address. "The ISPs usually always cooperate," Giacobbi said. But Saaf, whose MediaDefender floods the Web with bogus files, said the take-down approach only goes so far. "You really can't take it down once it's out there. It can spread quickly," he said. "So we try to put up some speed bumps to slow it down." http://www.chicagotribune.com/busine...i-business-hed You Can Play the Record, but Don't Touch Nell Boyce At the Library of Congress, in a small, white room with bright red carpet, physicist Carl Haber sits down to play a record from 1930. It's a recording of Gilbert and Sullivan's "Iolanthe." But here's the strange thing: This record is broken. "It looks like somebody just got hungry and took a bite out of it," says Haber. He has positioned the record on a turntable and fitted the broken piece back into place, like it's a jigsaw puzzle. "If we spun this thing fast, the piece would come flying off, you know, and maybe hit somebody," he says. But this turntable doesn't spin like a normal record player. And there's no needle hovering over the record. Instead, there's a camera linked to a computer. It snaps detailed images of the groove cut into the disc, and uses the images to reconstruct the sound without ever touching the record. Haber got the idea for this setup a few years ago, when he was driving to work and listening to NPR. He heard a report on how historic audio recordings can be so fragile that they risk being damaged if someone plays them by dragging a needle over their surfaces. It made Haber wonder if he could get the sound off old recordings without touching their delicate surfaces. He worked with a colleague, Vitaliy Fadeyev, and they managed to reconstruct sound on a 1950 recording of "Goodnight, Irene" performed by the Weavers. This was just a proof of principle. They have now developed their hands-off technique to the point that it's being tested at the Library of Congress to see whether it's good enough to someday scan the library's vast archive of sound recordings. One thing they've learned: A broken record is no problem. Haber clicks a mouse and the camera takes pictures of the groove on "Iolanthe." "And by taking these pictures, it essentially just unwinds the record into a big long stripe," Haber explains. The picture appears on Haber's computer screen. It looks like a black and white photo of a tire tread. "Here's the break," he says, pointing to a line. "You can see, there's a little piece of dust, little scratch marks on it." The computer ignores all these flaws as it translates the images into sound. It used to take Haber hours and hours to re-create short sound clips. Now his improved system, which he calls IRENE, can scan a record quickly enough to make it roughly comparable to a trained technician playing an old record in real-time. IRENE was installed at the Library of Congress late last year. The library has millions of old audio recordings, and many are in poor condition or use obsolete formats. Peter Alyea, a digital conservation specialist at the library, says that to play old records, you often need trained technicians who can do things like choose the proper needle out of dozens of options. But if IRENE lives up to its potential, Alyea says, anyone could make a digital copy of an old record. "They don't have to worry about any of the technical aspects," he says. "They simply can stick a disc on it and get some sound out of it." Alyea says it's like a photocopy machine for sound. "It brings the possibility of automation much closer to reality for these kinds of materials." And given that he has thousands and thousands of records that he would like to digitize and make widely available, the prospect of automation is hugely attractive. Audio recordings could be scanned in the same way that some libraries are now scanning all of their books into a digital format. But Alyea needs to know: Exactly how good is IRENE at making digital copies? So he and Haber are putting IRENE through its paces. One test involves a disc etched with simple tones to see how well IRENE can read some old-fashioned discs coated with lacquer. The library has thousands of these one-of-a-kind records. The format is obsolete. But luckily, Haber says, audio engineer George Horn still makes them at Fantasy Studios in California. Horn cut some discs with well-defined tones. Haber says, IRENE can reproduce the tones amazingly well. "The machine is not adding its own color. It's not adding anything of its own nature," he says. Haber says IRENE does take some things away. He plays one record from 1953, a Les Paul and Mary Ford recording of the song "Johnny Is the Boy for Me." This record has a bad skip in it that's very apparent on a regular record player. But IRENE skips over the skip like it's not there. Haber plays an IRENE reconstruction of another record, a very worn shellac disc with a song called "Hemlock Blues," performed in the 1950s by David Lee Johnson. It's owned by a collector who says it's too damaged to play it with a regular needle. But IRENE scanned it and got some decent sound. IRENE isn't perfect. It removes pops and clicks, but it sometimes has a hissing noise in the background. Still, the Library of Congress finds all this encouraging enough that it has started testing the system on hundreds of discs, what Alyea describes as a kind of simulation of what a mass digitization project would be like. When taking flat photographs, it can create a three-dimensional image of the groove on a record, or on an old wax cylinder. Haber been working with the University of California's Phoebe Hearst Museum of Anthropology, to reconstruct sound from field recordings, like one wax cylinder made around 1911 that features a Native American called Ishi. Haber says it's amazing to hear these voices from the past. "There's this whole human and cultural component to what we're looking at," says Haber, whose main job is studying subatomic particles at Lawrence Berkeley National Laboratory in California. "That makes it wonderful." http://www.npr.org/templates/story/s...oryId=11851842 Limiting Ads of Junk Food to Children Brooks Barnes Trix are no longer for kids — at least not on children’s television shows. But Cocoa Puffs are another matter. Trying to persuade critics the industry does not need government regulation, 11 big food companies, including McDonald’s, Campbell Soup and PepsiCo, have agreed to stop advertising to children under 12 products that do not meet certain nutritional standards. Some of the companies, like Coca-Cola, have already withdrawn all such commercials or are in the process of doing so. Others, like General Mills, said they would withdraw them over the next year or so, while a handful agreed to expand their self-imposed bans to radio, print and Internet advertising. Still, the agreements will probably amount to a ripple rather than a sea change in terms of what foods children see pitched on their favorite television shows and Web sites. For example, while General Mills will no longer be advertising Trix to the 12-and-under crowd, it will continue to peddle Cocoa Puffs, which have one less gram of sugar per serving. And it will be able to continue advertising Trix on television shows and other media that are considered to cater to “families” rather than just children. That qualifier amounts to a major loophole, given the media-watching habits of children. An episode of Nickelodon’s “SpongeBob SquarePants,” for instance, is viewed by an average audience of 876,000 children age 6 to 11, according to Nielsen Media Research, and falls in the category of shows that are off-limits to ads for junk food. But “American Idol” from Fox, which qualifies as a family show, attracts 2.1 million children in the age group. The companies have also agreed for the first time to open their marketing plans to the Council of Better Business Bureaus and its Children’s Advertising Review Unit, which will review them and report publicly on the findings. This scrutiny and the pledges to self-regulate, which will be announced at a Federal Trade Commission event today, are an attempt to show corporate responsiveness to growing concerns about childhood obesity. “We are hopeful that people will look at this and say that the community has done a substantial, enormous amount of work,” said Dan Jaffe, executive vice president of the Association of National Advertisers. Advertisers spend some $900 million annually on television tailored to children under 12, according to industry estimates. Together, the companies involved represent two-thirds of the total children’s advertising market, according to the Better Business Bureau. Cadbury Adams, Coca-Cola, Hershey, Kellogg, Kraft, Mars and Unilever are the other participating companies. The nutritional parameters vary by company, but are all based on the 2005 United States Dietary Guidelines developed by the Department of Agriculture and the Department of Health and Human Services. A pat on the back from critics is unlikely. The pledges, which were made under the threat of regulatory intervention and, in some cases, the threat of lawsuits, fall short of the demands from child advocacy groups. Most critics have been pushing for uniform guidelines for marketers to follow and for oversight from a body with the authority to enforce them. “This is great public relations for the companies, but it doesn’t go nearly far enough,” said Susan Linn, co-founder of the Boston-based group Campaign for a Commercial-Free Childhood. “It is going to be impossible to monitor if the companies are actually doing what they say.” To some degree, the pledges appeared to be an effort by the food companies to get out in front of a forthcoming government study on childhood obesity. Senators Sam Brownback and Tom Harkin announced July 5 that they would postpone a report from a task force they formed with the Federal Communications Commission in lieu of the companies’ plans to announce concessions today. At the time, Senator Brownback said, “The extension will allow for a more thorough examination of new initiatives.” The financial impact of the pledges on television networks like Nickelodeon, ABC Family and Cartoon Network will depend on how well the food companies can tweak their products. Many of the companies are not automatically withdrawing their products from the airwaves; rather, they are trying to reformulate the foods to meet nutritional guidelines. If they cannot do so to their satisfaction, they say they will replace ads for so-called junk foods with spots for healthier alternatives. Cadbury Adams, the maker of Bubblicious chewing gum, says it will either withdraw advertisements of the brand from certain media or will direct half of its current Bubblicious budget to the promotion of healthier eating habits. The company declined to specify how much it spends promoting Bubblicious each year, but said that a healthier habit might be choosing a smaller portion of gum. MTV Networks, which owns Nickelodeon and other channels popular with younger viewers, expects the agreements to have minimal impact on its bottom line. “Many products sold by these companies haven’t been on our air for years,” said Jim Perry, executive vice president for ad sales at Nickelodeon and MTV Networks Kids and Family Group. Marva Smalls, executive vice president for Nickelodeon public affairs, added, “We have been on the road pressing for this.” Similarly, some of the participating companies said that their ad budgets would not be altered in any meaningful way; PepsiCo, which makes Pepsi Cola and Frito-Lay snack foods, said that its children’s advertising budget represents only 1 percent of its overall ad budget. Starting Jan. 1, PepsiCo will advertise to children only products that meet the criteria set out in its 2004 “Smart Spot” nutritional program. Under PepsiCo’s pledge, only two products can be marketed to children under 12, according to Lynn Markley, vice president for health and wellness. They are Baked Cheetos, which have 50 percent less fat than regular Cheetos, and Gatorade. In the case of Gatorade, the company says the brand will sponsor ads that give tips to children on participating in sports. The product itself will not be pictured. PepsiCo’s commitment will also translate to a diminished role for Cap’n Crunch, the familiar mascot of the cereal made by the company’s Quaker Oats division. Ms. Markley said that the Cap’n will remain on cereal boxes but that as of Jan. 1, 2008, he will not appear in any television, print, Internet or other advertising to children under 12. This will mean an end to his interactive arcade-style game for children at www.capncrunch.com. Other companies agreed in their pledges to limit their use of licensed characters like SpongeBob or Scooby-Doo. Deborah Platt Majoras, the chairman of the Federal Trade Commission, called the various pledges “a significant step” and urged more food makers to join the effort. “While changes in food marketing alone will not solve the nation’s childhood obesity problem, these actions will help make a healthy choice the easy choice,” she said in a statement. Efforts to curtail junk food advertisements started escalating about three years ago, as evidence of the problem of child obesity started mounting. Food companies, concluding that the issue would not go away and fearing the kind of government scrutiny given to tobacco companies, started trying to police themselves. Kraft was an early leader. In January 2005, the company said it would stop advertising products like Oreos, Chips Ahoy and most Oscar Mayer Lunchables on programs aimed at children ages 6 to 11. Other companies followed, including Kellogg, which said last month that it would stop marketing foods that have more than 12 grams of sugar per serving to children. These include such childhood favorites as Froot Loops, Apple Jacks and Pop-Tarts. General Mills said it looked to Kellogg to establish its own nutritional standards. “We saw that public interest groups praised that level, and we decided to line up together on that,” said Christina L. Shea, senior vice president for external relations. Ms. Shea said that some brands, like Cocoa Puffs, already complied with the standard of 12 grams of sugar or less per serving. Trix cereal, however, has 13 grams. Ms. Shea said the company would reformulate the cereal no later than the end of 2008, or not advertise the brand to children after that point. Elizabeth Olson contributed reporting. http://www.nytimes.com/2007/07/18/business/18food.html Clip and Save Just Got Easier Online coupon company gives shoppers the world without turning over their personal information Sandra Guy Coupon clippers have a new high-tech option to get their bargain fix with startup Zimini. The company offers coupons in a desktop application so shoppers can remain anonymous. Shoppers cite their preferences without giving their name, address, telephone number or e-mail address. Zimini highlights the locations of participating retailers on a map, and offers a choice of 200 demographic characteristics of customers to send coupons, promotions and other offers. The software launched on June 7. Zimini charges merchants $49.95 per coupon or promotion. Participation is free to individual and business consumers. "Consumers don't have to worry about spam solicitations, because they never provide an e-mail address," said Robert Carlton, CEO, president and founder. Carlton came up with the idea for Zimini and the coupon software three years ago when peer-to-peer technology was the rage. Though peer-to-peer was the inspiration, the software takes the form of a downloadable software application. "People find it easy and convenient to download music and movies for free," said the 41-year-old Carlton, who spent 18 years working in marketing and communications for Ford Motor Co., GTE, Intel and McDonald's. "I thought, 'How can we use the same peer-to-peer technology to provide a service and keep users' identities safe and private?'" Shoppers who use Zimini's software build a profile of their coupon preferences. They can also choose a ZIP code for home, work, vacation or business travel from which to receive special offers. They receive the offers on their desktop, not by e-mail. Zimini automatically zaps outdated offers. Zimini's technology prevents users from forwarding the coupons and promotions. For merchants, Zimini manages customer data, includes an automatic legal disclaimer on each promotion, and offers a Print-Once technology that allows only one copy to be printed from a desktop. The company uses its geographic information system-based technology to recommend the geographic area that will best respond to a promotion. "People will not drive very far for a pizza or a burger," Carlton said. "But they'll go much farther to see a sports game or their favorite entertainer." Roberto Scolaro, owner of EspressoTiamo.com, a Waltham, Mass.-based online coffee and tea business, started using Zimini's software to offer customers a 20 percent "summer sale" discount prior to their online checkout. Scolaro has no bricks-and-mortar stores. Scolaro liked the idea of Zimini pinpointing potential customers, and appreciated the attention he receives from a startup. "You're not wasting money throwing thousands of e-mails at just anybody," he said. Zimini was one of 60 startups out of 400 applicants chosen to show off its technology at the DEMO.com conference, an emerging technology conference that features technologies it believes show the most promise. Lisa Bradner, a Chicago-based senior analyst at Forrester Research, said Zimini has a compelling case for bargain hunters, but needs to strengthen its business case for retailers. "It's appealing to consumers because their participation won't result in their getting 10,000 e-mails from other companies," she said. "But retailers are not getting data on who is redeeming the coupons or on other coupons the customer is receiving." Zimini faces competition from giants such as Coupons.com and AOL Shortcuts, which is set to launch its online coupon business this fall, and, to a lesser extent, the former Cool Savings, a Chicago-based money-losing online coupon site that morphed into Q Interactive, a profitable online lead-generation site for the likes of Walt Disney, Wal-Mart and Pepsi. Retailers are getting more sophisticated about rewarding customers for their loyalty as they enter a store, and that, too, could hurt couponing, Bradner said. Retailers such as Jewel grocery stores and new CVS drugstores let shoppers scan their loyalty cards into a machine, and receive coupons for merchandise they would likely buy based on their shopping history. http://www.suntimes.com/technology/g...ecol18.article Virtual Marketers Have Second Thoughts About Second Life Firms find that avatars created by participants in the online society aren't avid shoppers. Alana Semuels SECOND LIFE — a three-dimensional online society where publicity is cheap and the demographic is edgy and certainly computer-savvy — should be a marketer's paradise. But it turns out that plugging products is as problematic in the virtual world as it is anywhere else. At http://www.secondlife.com — where the cost is $6 a month for premium citizenship — shopping, at least for real-world products, isn't a main activity. Four years after Second Life debuted, some marketers are second-guessing the money and time they've put into it. "There's not a compelling reason to stay," said Brian McGuinness, vice president of Aloft, a brand of Starwood Hotels & Resorts Worldwide Inc. that is closing its Second Life shop and donating its virtual land to the nonprofit social-networking group TakingITGlobal. Linden Lab, the San Francisco firm that created Second Life, sells companies and people pieces of the landscape where they can build stores, conference halls and gardens. Individuals create avatars, or virtual representations of themselves, that travel around this online society, exploring and schmoozing with other avatars. Land developed by users, rather than real-world companies, is among the most popular places in Second Life. But the sites of many of the companies remaining in Second Life are empty. During a recent in-world visit, Best Buy Co.'s Geek Squad Island was devoid of visitors and the virtual staff that was supposed to be online. The schedule of events on Sun Microsystems Inc.'s site was blank, and the green landscape of Dell Island was deserted. Signs posted on the window of the empty American Apparel store said it had closed up shop. McGuinness said Starwood's venture into Second Life did accomplish something. Feedback from denizens gave Aloft ideas for its physical hotels. The suggestions included putting radios in showers and painting the lobbies in earth tones rather than primary colors. But now that the design initiative is over, he said, it's difficult to attract people to the virtual hotel to help build the real-world brand. For some advertisers, the problem is that Second Life is a fantasyland, and the representations of the people who play in it don't have human needs. Food and drink aren't necessary, teleporting is the easiest way to get around and clothing is optional. In fact, the human form itself is optional. Avatars can play games, build beach huts, dress up like furry animals, flirt with strangers — sometimes all at once. Their interests seem to tend toward the risque. Ian Schafer, chief executive of online marketing firm Deep Focus, which advises clients about entering virtual worlds, said he recently toured Second Life. He started at the Aloft hotel and found it empty. He moved on to casinos, brothels and strip clubs, and they were packed. Schafer said he found in his research that "one of the most frequently purchased items in Second Life is genitalia." Another problem for some is that Second Life doesn't have enough active residents. On its website, Second Life says the number of total residents is more than 8 million. But that counts people who signed in once and never returned, as well as multiple avatars for individual residents. Even at peak times, only about 30,000 to 40,000 users are logged on, said Brian Haven, an analyst with Forrester Research. "You're talking about a much smaller audience than advertisers are used to reaching," Haven said. Some in the audience don't want to be reached. After marketers began entering Second Life, an avatar named Urizenus Sklar — in the real world, University of Toronto philosophy professor Peter Ludlow — wrote in the public-relations blog Strumpette that the community was "being invaded by an army of old world meat-space corporations." He and other residents accused companies of lacking creativity by setting up traditional-looking stores that didn't fit in. His column was reproduced in the Second Life Herald. Nissan Motor Co., a subject of such protests, has since transformed its presence in Second Life from a car vending machine to an "automotive amusement park," where avatars can test gravity-defying vehicles and ride hamster balls. Sun Micro has made its participation more interactive and fanciful, Chief Gaming Officer Chris Melissinos said. Ludlow isn't impressed. He said most firms were more interested in the publicity they received from their ties with Second Life than in the digital world itself. "It was a way to brand themselves as being leading-edge," he said. Angry avatars have taken virtual action. Reebok weathered a nuclear bomb attack and customers were shot outside the American Apparel store. Avatars are creating fantasy knockoffs of brand-name products too. Some buying and selling does go on in Second Life. An avatar can acquire currency — called Linden dollars — by earning it or buying it with U.S. dollars. (The exchange rate is 268 Lindens to $1.) With a stack of Linden dollars, an avatar can spice up his or her look or while away the time in a casino. Only a few other virtual worlds allow avatars to create and sell content as Second Life does. But users are flocking to the other worlds, in part because some don't require people to download software to take up residence. Others just want to access a larger community than Second Life offers. Between May and June, the population of active avatars declined 2.5%, and the volume of U.S. money exchanged within the world fell from a high of $7.3 million in March to $6.8 million in June. Companies are following them. IBM Corp., which has an extensive presence in Second Life, is expanding into the other environments, including There, which features a digital version of the popular TV show "Laguna Beach," and Entropia Universe, which pits users against one another in a sci-fi civilization. Consulting firms that were set up to bring brands into Second Life are busy helping clients explore other worlds. One such agency, Millions of Us, recently announced that it had formed a partnership with Gaia Online, a site popular with teenagers, and CEO Reuben Steiger said it would be unveiling more soon. Millions of Us had previously worked only with Second Life. "It's not about whether Second Life is good or bad," Steiger said. "It's just that there are a lot of alternatives." http://www.latimes.com/business/la-f...,3135510.story Virtual Frets, Actual Sweat Katie Zezima KEVIN Doyle and Ivan Wine strode to the front of River Gods and picked up the guitars with the confidence of two guys who had played this bar and those instruments many times before. With their wives watching from a nearby table, Mr. Doyle, 30, a software consultant clad in a Dewar’s Scotch T-shirt, and Mr. Wine, 32, a graphic designer with an unruly goatee and thick black glasses, strapped on the guitars and chose a song from the list on a projection screen. They planted themselves in position as the first plodding strains of Black Sabbath’s head-banging heavy-metal classic “War Pigs” emanated from the speakers. As the song’s tempo increased, they frantically fingered the multicolor buttons on the necks of the guitars, hitting them with authority in time to the song’s signature “dun-dun-dun” riffs. But the two men were not showboating. They were actually concentrating, biting their lips and staring almost trancelike at the screen, watching colored balls falling toward them on an electronic fretboard. When Mr. Doyle and Mr. Wine finished the last riff, the audience whooped and cheered. The newly minted music gods offered high fives as they returned to their seats. “We rocked the song,” Mr. Wine said. This is Guitar Hero night, where curious bar patrons, self-styled bad boys and video game addicts, all usually a drink or two deep, play the game Guitar Hero on a big screen, and fulfill their dreams of being a preening, prancing rock ’n’ roll frontman. Bars from Roanoke, Va., to San Diego are offering Guitar Hero nights, some providing players with big-hair wigs, Viking helmets and other colorful garb to help them complete the momentary illusion of being Eric Clapton or Lenny Kravitz. Others serve as hosts of competitive tournaments where the winners receive real guitars. Players come because, for most, it’s as close as they’ll get to being an actual rock star. “The audience cheers and it’s almost like being onstage,” Mr. Wine said. “You don’t get that playing the game in your living room.” Within the past year, bar owners and managers have introduced the game, usually played in basements and bedrooms, into their locations to spike business on otherwise slow nights. Now they say Guitar Hero night is the new karaoke night — without the embarrassment of atrocious vocals. “It’s for people like me, who can’t play guitar but want to,” said Jasper Coolidge, the head talent booker at Pianos, a downtown Manhattan bar that features Guitar Hero night every Tuesday. Mr. Coolidge said business on Tuesdays had tripled at the bar, which typically attracts a post-college crowd, since the event began in April. “We wanted some sort of quirky thing that wasn’t your typical New York dance-club house music night,” he said. At River Gods, where the crowd is filled with high-tech workers in rock T-shirts, blue jeans and Converse sneakers, bar regulars and bewildered patrons who just stopped by for a drink, some of the players take it much more seriously. “There are a couple of people who are these cartoon-character version of nerds,” said Jeff MacIsaac, the entertainment producer here. “They’re playing their Game Boys until Guitar Hero starts. They’re actually playing video games before the video games start.” Guitar Hero requires dexterous players to press buttons on a plastic guitar in time with a song chosen from a library of familiar rock tunes like “Message in a Bottle” and “Sweet Child O’ Mine.” As the player watches colored notes scroll down a television screen, the object is to hit the corresponding colored buttons (along with a second strum button) in time with the notes to score points. The harder the level, the faster the notes fall and the more complicated the chords. The original version of Guitar Hero was developed by Harmonix, a company that creates musical-theme video games, and released by the software company RedOctane for PlayStation 2 in 2005. But it was not until the release in late 2006 of a sequel, Guitar Hero 2, which featured a larger catalog of songs (“Killing in the Name Of” by Rage Against the Machine, “Heart-Shaped Box” by Nirvana) and a new head-to-head play mode, that the game found its way into bars. About three million copies of Guitar Hero 2 have been sold for PlayStation 2 and Xbox 360, according to Harmonix and RedOctane. No one knows how many copies are being featured in bars. Greg LoPiccolo, one of the creators of Guitar Hero and a vice president of product development at Harmonix, said the game was created to help people experience the thrill of performing in a club. But he didn’t anticipate that it would actually catch on in bars. “We never intended for it to happen,” said Mr. LoPiccolo, who usually selects Stevie Ray Vaughn’s “Texas Blood” when he plays the game. “But once we saw it take place, it was kind of perfect, really.” Prowess at Guitar Hero doesn’t necessarily equal expertise on a real guitar. At River Gods, Ben Azar, a 27-year-old guitar student at the Berklee College of Music in Boston, eyed the game’s guitar controller skeptically when it was handed to him. Just press the buttons to the beat of the song, he was told by one of the event’s organizers. As Van Halen’s “You Really Got Me” started, Mr. Azar watched the screen as his fingers worked the frets, but he often looked confused, unsure why a note was missed or exactly what rhythm the guitar line was following. After finishing his song, Mr. Azar said that using the Guitar Hero controller forced him to concentrate more on pressing buttons than preening like a rock god. “It’s very different,” Mr. Azar said. “It’s like making love to a rubber doll.” Even though the game doesn’t accurately simulate the mechanics of playing a guitar, players said that the lure of Guitar Hero lies mostly in the mythology of the instrument — one that for every rock fan conjures up images of Pete Townshend smashing his guitar on stage or Jimi Hendrix setting his aflame. “When one thinks of rock ’n’ roll, the first thing to come to mind is usually someone wailing away at a guitar,” Mr. Wine said later in an e-mail message. “The guitar is at the heart of almost every rock band out there that is or has been.” Others players, like Shandi Sullivan, a former contestant on “America’s Next Top Model” and a regular at Pianos, appreciate Guitar Hero more for the experience of dressing up and performing for a live audience. After discovering the game in April at a friend’s apartment, Ms. Sullivan started coming to Pianos every Tuesday, and she even bought a PlayStation 2 to practice with in her apartment. At the bar’s weekly Guitar Hero party, she assumes a different rock ’n’ roll alter ego each time. She has been both Pat Benatar and Elvis Presley. Given her choice, though, she still prefers to rock out to Megadeth, and the game has turned her on to contemporary heavy-metal acts like Shadows Fall. “I can’t wait until the ’80s version comes out,” Ms. Sullivan said. “Eighties music is my life.” When Guitar Hero Encore: Rocks the 80s, a sequel featuring the music of such nostalgically coiffed artists as Twisted Sister and Flock of Seagulls, is released on July 24, it will be the last collaboration between Harmonix and RedOctane. Last year, MTV purchased Harmonix, and RedOctane was acquired by the video game publisher Activision. But the Guitar Hero franchise will rock on. Later this year, RedOctane and Neversoft, a video game studio owned by Activision, plan to release Guitar Hero III: Legends of Rock, and Harmonix will start Rock Band, a Guitar Hero-like game that will also allow players to become drummers, bassists and vocalists. RedOctane is sponsoring a stage at the Family Values Tour this summer, which includes rock and heavy-metal acts, and it will hold Guitar Hero contests between sets. The winner will receive a guitar autographed by Jonathan Davis, the frontman of Korn. As with real rock stars, there is plenty of rivalry and ego to be found among the players of Guitar Hero. Mr. Coolidge, the Pianos talent booker, and Caroline Enright, the manager of River Gods, have thrown down a challenge: a New York vs. Boston Guitar Hero competition, preferably to be held when the Red Sox are playing the Yankees. “We’re going to have a tournament here to decide who is going up there,” Mr. Coolidge said from New York. In Cambridge, Ms. Enright said she is ready and willing. “It’s on,” she said. http://www.nytimes.com/2007/07/15/fa...ml?ref=fashion Firefox Now a Serious Threat to IE in Europe: Report Stan Beer Mozilla's Firefox (FF) web browser has made dramatic gains on Microsoft's Internet Explorer (IE) throughout Europe in the past year with a marked upturn in FF use compared to IE over the past four months, according to French web monitoring service XiTiMonitor. A study of nearly 96,000 websites carried out during the week of July 2 to July 8 found that FF had 27.8% market share across Eastern and Western Europe, IE had 66.5%, with other browsers including Safari and Opera making up the remaining 5.7%. The July market share represents a massive 3.7% rise since a similar survey in March. A particularly worrying sign for Microsoft is that in some key European markets FF is threatening to overtake IE as the market leading browser. In Slovenia (47.9%) and Finland (45.4%) FF usage has reached parity with IE, while in Germany, Poland, Hungary, Czech Republic, Slovakia, Croatia and Ireland, FF has either reached or is nearly at 40% market share. Countries where FF market share has now reached 30% or more include, Austria, Greece, Romania, Bulgaria, Estonia and Latvia. Strong gains for FF were also reported in France, Sweden and Switzerland where in all three countries FF is now approaching 25% market share. Although clear market share gains for FF were reported in every single European territory, countries where IE still has not reached 20% market share include Britain, Netherlands, Italy, Spain, Ukraine, Norway and Denmark. Australasia, already a strong FF market, has also seen big gains in FF market share over the past four months, with an increase in FF usage from 24.8% in early March to 28.9% in early July. Another worrying sign for Microsoft is that a separate survey from XiTiMonitor taken over the same period is that there has been a reluctance of IE users to adopt the latest version of the browser IE7, even in markets where IE is strong. Only about one third of IE users have adopted IE7 compared to 85% of FF users who have adopted the latest version of the browser, FF2. Significantly, FF2 has a greater market share than IE7 in 17 European territories, while IE7 is ahead of FF2 in 16 territories. http://www.itwire.com.au/content/view/13517/53/ Holes in Firefox Password Manager The Mozilla developers have fixed a known hole in the password manager of Firefox & Co, but a door remains open for exploitation. If the user gives permission, the inbuilt password manager of the open-source browser saves passwords and enters data into the respective form fields on the user's next visit automatically. This happens not only on the page where the password was saved, but also on all other pages on this server that contain a similar form. If users are allowed to create their own web pages on a server, as is the case on many community sites, an attacker may emulate the login form to have the access data, which are entered automatically, sent to his own server. In the past, a login form could even be set up to send the data directly to the attacker's server as soon as the submit button was clicked. Firefox entered the data automatically regardless of the target of the specified action. However, the developers have now implemented changes to check the destination to which the data are sent; consequently, the demo run by heise Security no longer worked. But Markus Bucher noticed that it is not necessary to change the destination: rather, it is possible to read out the entered data via JavaScript and then submit them. To do so, the page must simply access the data via the DOM (document.<form>.<field>.value). The updated browsercheck page of heise Security demonstrates how this works. When asked by heise Security, Mozilla developer Gavin Sharp confirmed that the developers are aware of that problem. Indeed, there were controversial discussions of the issue in the bug database, but further measures were discarded. Automatically entering passwords in other pages increases the user-friendliness on sites with several login pages. And even if this functionality is removed, this does not mean that passwords cannot be stolen. Provided an attacker can place script code on a server, he is able to manipulate the pages as he wishes anyway and has other ways to steal user access data. The position of the Mozilla developers is quite comprehensible, since the JavaScript security model almost completely relies on the origin of code (same origin policy). If an attacker succeeds in placing malicious code on a server, he may manipulate practically all pages from this server while they are displayed in the browser as he wishes. However, an uneasy feeling remains considering that a password manager enters passwords into faked forms without any user interaction. Somehow, this is reminiscent of a wallet with a hole in it. From the users' perspective, this means that they should not entrust their passwords to the password manager on web sites that allow other users to create their own pages containing scripts. Otherwise somebody can easily create a page that steals the password as soon as the page is opened (see our password stealing demo for that). This category of sites includes many content management systems including blogs and social networking sites. Specific filtering functions attempting to distinguish good from evil code are not really helpful, since experience shows that they can be bypassed in most cases. Users could also disable JavaScript or use add-ons such as NoScript to set up rules to provide additional protection. In the age of Web 2.0 this would, however, mean that many pages would cease to function. On the other hand it is doubtful that by not using a password manager security levels would be raised, since the resultant need to remember passwords often induces users to choose simplistic passwords and use them on multiple sites. Update: Apple's Safari behaves in a similar manner. The browsercheck demo works the same way: on visiting the "evil" page, your password is stolen by JavaScript without any user interaction. http://www.heise-security.co.uk/news/93018 Macrovision Boosts Pirate Headaches with Security Code Blended into Game Code Macrovision has developed a way to blend security code into actual game code, a shift that could have implications for all manner of digital media traditionally protected by security ‘wrapped’ around, rather than embedded inside, content. Revealed on July 16, the Asymmetric Code Blending technique is designed to make it difficult for hackers to separate and duplicate just the game code. Game publishers will be able to apply the technology to games distributed online, through Macrovision’s ActiveMARK product, and via physical media, through its SafeDisc Advanced product. “The security code changes with every game by embedding it with each game,” says Corey Ferengul, executive vise president, marketing and solutions, for Macrovision. Publishers distributing via physical media also can allow online activation of the games or parts of the game by employing Asymmetrical Code Blending in the SafeDisc Advanced product. With flexible activation accounts, gamers can make backup copies and run the game on multiple and mobile computers without requiring that the physical CD or DVD be present at all times. Macrovision believes the additional frustration for hackers created by Asymmetric Code Blending will help make game publishers more comfortable with digital distribution in multiple channels including Web 2.0 trends, such as peer-to-peer networks and viral sharing. Ferengul argues that Code Blending can transform viral sharing of games among users from a worry to an advantage for publishers. For example, he says, the publisher can program the game so that when it is downloaded from the Internet and then shared from one gamer to another, the game automatically reverts to a try-before-you-buy state. The publisher can set rules, such as “try and die,” to time the game out in a certain time period, or to limit the levels into which the new viral user can enter to play. “If I like a game and want share it, I can do that, but the publisher is protected,” he says. “If it try it and I don’t’ buy it, it dies. It can be that it dies after a time period, or it may be you can do level one, but never higher. You don’t want to take away sharing, but you can do it in a way that protects the publisher and is still valuable to the end user.” Publishers taking advantage of these distribution options will not only leverage word of mouth promotion among gamers, he says, but also effectively multiply potential points of sale without compromising security in a viral environment. So far, Macrovision has applied Asymmetric Code Blending only to game content, but when asked whether Macrovision intends to apply it to video, music or other types of digital media, Ferengul says, “We now have this as a part of our engineering expertise.” Although physical distribution continues to comprise “the lion’s share” of game distribution, online distribution is growing, and the capabilities of Asymmetric Code Blending appear to be in line with other findings of Macrovision’s recently completed annual survey of the game market, Ferengul says. More than 50 percent of survey respondents said they will buy games only after being afforded an opportunity to try them, and 81 percent said their purchases were influenced by reading a review of the game, which typically emphasize fellow gamer reviews. “People are passing games around and want to try them in advance,” he says. “There’s a very strong community in the games space. If you’re doing commerce, you have to do things like user recommendations, peer analysis.” The survey also found significant growth in casual games and a broad willingness to accept advertising as a way to pay for games. The most popular game titles are puzzle games, and a quarter of respondents said they are also watching TV when they play. Only 22 percent of the games audience is 18 to 34 years old, leaving 78 percent who are 35 and older. “We are seeing premium video, major sporting events or business knowledge or verticals that are paid, but we’re seeing massive amounts of online content moving toward ad-supported models,” Ferengul says. “People are much more accepting of advertising games as a way to pay, with 83 percent willing to watch up to a 30-second ad for a free game. They’re playing one to two hours at a time per session. You really have a captive audience and measurable demographic.” http://www.screenplaysmag.com/tabid/...1/Default.aspx FairUse4WM v1.3 Fix 2 Promises Vista, Zune DRM Stripping Ryan Block Oh, IT'S ON. After months of eager anticipation, it looks like either Viodentia has finally come out of hiding, or s/he's passed the torch on to another (Doom9 forum user Divine Tao?) -- but either way it looks like MS DRM IBX components up to version 11.0.6000.6324 are good to go with the latest version of FairUse4WM, v1.3 Fix 2 (read: this is the update we know you've all been waiting for). We haven't yet confirmed ourselves, but feel free to tell us whether you got a sweet taste of DRM freedom without having to continue using XP and Windows Media Player 10 with that subscription music service. http://www.engadget.com/2007/07/15/f...-drm-stripping Zune DRM Stripper These days it's hard to keep digital media locked up in any format. Our Zune ears recently heard tell of a program that strips DRM off of tracks purchased from the Zune Marketplace, or traded via Wi-Fi. What makes this more significant is the optional Zune subscription which allows users to download almost all the Zune Marketplace. We decided to download and test the Zune DRM stripper for ourselves to see if it actually works. In fact, it was so effective that we have decided not to publish any direct links to it. http://www.zunescene.com/zune-drm-stripper/ Microsoft WM-DRM and IBX 11.0.6000.6324 Divine Tao This post introduces a new tool for uncovering the individual keys from Microsoft's DRM blackbox components ("IBX"), up to version 11.0.6000.6324. Lacking the source code to the extant programs, I can only offer this output of my own efforts. To actualize fair use rights with the new IBX, first run 'mirakagi' which will enter the IBX keys into the FairUse4WM blackbox-keys.txt text file. Next, you should use the attached version of FairUse4WM, 1.3Fix-2. This includes an important fix for a video corruption bug, often seen in scenes affording high compression. If problems occur, please provide the program text. IBX versions after 11.0.6000.6324 are not currently supported. This version should be capable of interfacing with both Windows Vista and Zune software versions. Download links to follow in the next post. MD5 hash 0d5eaa7f8010e1293221a320943adb7e http://forum.doom9.org/showthread.php?t=127943 Office, Vista Save Microsoft Profits from Xbox Ravaging John McBride Thank goodness for the Windows and Office cash cows. Despite a blistering $1.06 billion charge to repair faulty Xbox 360 consoles, Microsoft's fourth-quarter profits rose 7.3 percent, and annual revenues topped $50 billion for the first time. Fourth-quarter profit was a hefty $3.04 billion, compared to $2.83 billion last year. The Xbox charge sliced 8¢ a share off earnings, leaving 31¢ a share, compared to 28¢ a share last year. Revenue for the fiscal year was $51.12 billion, 15 percent better than last year. Much of the good news came from the traditional Microsoft profit centers. The Microsoft Business Division rode a 20 percent increase in Office 2007 sales to post profits of $2.9 billion, 19 percent better than the same quarter last year. Servers and Tools profits were up 15 percent to $1.05 billion, and the Client Division saw an 11 percent increase in profits to $2.82 billion as sales of Vista chugged along. Then there are the laggards. Entertainment and Devices, home of the Xbox, posted a $1.2 billion loss for the fourth quarter—nearly three times the $423 million fourth-quarter loss last year. That was expected. And, apparently, so was the 10 percent fourth-quarter drop in revenue for the division. Xboxes and Zunes sell better around the holidays and, hey, Halo 3 isn't out yet. Still, the news isn't good. Microsoft has sold 11.6 million Xboxes, falling short of its goal of 12 million (although with the hardware issues maybe that's not such a bad thing) and Peter Moore is gone. The division did manage to make its goal of selling 1 million Zunes by the end of fiscal 2007 though, CFO Chris Liddell said in a conference call. The Online Services Division continues to muddle along. Advertising sales were up 33 percent and Windows Live Search's market share is up. That boosted fourth-quarter revenue 19 percent over last year. But heavy spending on data centers and employees means losses climbed 28 percent to $239 million. http://arstechnica.com/news.ars/post...-ravaging.html Microsoft Sees Stronger XP Sales in FY08 Microsoft said that it expects Windows XP to make up a significantly larger part of sales in the coming year. Gregg Keizer, Computerworld Microsoft Corp. Thursday said that it expects Windows XP, the operating system supposedly made moot by Windows Vista, to make up a significantly larger part of sales in the coming year. During a conference call with analysts following the earnings results release Thursday afternoon, Chief Financial Officer Chris Liddell said the company has changed its fiscal year 2008 forecast from an 85/15 split in sales between Vista and XP to a 78/22 split. Windows XP sales will, in other words, be nearly 50 percent higher in the next 12 months than Microsoft had estimated earlier. "We fine-tuned the Vista/XP mix for next year" during the company's usual budgeting last month, said Liddell. "We changed it from 85 percent to 78 percent. Now, it's a lower number [for Vista], but it's still a very high number overall from our perspective, so 78 percent Vista mix in terms of sales next year." According to Liddell, Microsoft will generate the same revenue, more or less, under the new Vista vs. XP numbers, although there might be some slight differences because Vista sales have tended to involve more of the higher-priced versions, dubbed premium by the company, than has XP. The financial forecast didn't spell out that directly, however. The only clue was a US$120 million difference in what Microsoft pegged as the "undelivered elements" it assigned to unearned income for the coming year. "Undelivered elements" are revenue set-asides to account for as-yet-unknown upgrades and enhancements to software. The set-aside shrunk from $660 million in the last 2008 forecast to $540 in the estimate presented Thursday. "Because of that change [in the OS split], then the amount of undelivered element that comes from Vista is slightly lower than it would be otherwise," Liddell explained. His remarks caught the attention of Michael Cherry, analyst at Directions on Microsoft, a Kirkland, Wash.-based research company. "What that seems to say is that XP has stronger legs than you would expect after the release of a new operating system." Clues that users aren't ready to ditch XP have not been hard to find. In April, for example, Dell Inc. retreated from its earlier Vista-only position and announced it would return XP to the operating system choice list for consumer PCs. Three months before that, Microsoft extended support to Windows XP Home and XP Media Center to match Windows XP Professional's drop-dead date of April 2014. "Most of the machines I see pitched in catalogs are in the $700 range, certainly under $1,000," said Cherry. "Computers with that amount of hardware are a better fit for XP. With Vista's requirements, people may be thinking about sticking with XP, and putting less money into the hardware." It's possible, Cherry added, that Microsoft might find itself forced to recognize more reality in the future. "At some point, they might have to consider limiting the availability of XP" to push people to Vista. The software developer has made at least one move in that direction already. In mid-April, it announced it would terminate sales of Window XP to resellers and retail after Jan. 31, 2008. Users' reactions were almost unanimously negative. http://www.pcworld.com/article/id,13...1/article.html A Patent Is Worth Having, Right? Well, Maybe Not Michael Fitzgerald PATENTS are supposed to give inventors an incentive to create things that spur economic growth. For some companies, especially in the pharmaceutical business, patents do just that by allowing them to pull in billions in profits from brand-name, blockbuster drugs. But for most public companies, patents don’t pay off, say a couple of researchers who have crunched the numbers. “Today, over all, patents don’t work; for the information technology industry especially, they don’t work,” said James Bessen, who became a lecturer at Boston University’s law school after a career in business. In 1983, he created the first computer publishing software with Wysiwyg (an acronym for “what you see is what you get”) printing abilities. He also founded a desktop publishing company, Bestinfo, later acquired by Intergraph. Neither Mr. Bessen nor his company patented anything, in part because his lawyers told him that software couldn’t be patented at the time. He ultimately became interested in whether patents spurred innovation, since the software industry for years innovated steadily without using many patents. He and a colleague, Michael J. Meurer, are readying a book on the topic, “Do Patents Work?,” due in 2008. (A synopsis and sample chapters are at researchoninnovation.org/dopatentswork/.) The two researchers have analyzed data from 1976 to 1999, the most recent year with complete data. They found that starting in the late 1990s, publicly traded companies saw patent litigation costs outstrip patent profits. Specifically, they estimate that about $8.4 billion in global profits came directly from patents held by publicly traded United States companies in 1997, rising to about $9.3 billion in 1999, with two-thirds of the profits going to chemical and pharmaceutical companies. Domestic litigation costs alone, meanwhile, soared to $16 billion in 1999 from $8 billion in 1997. Things have probably become worse since then. For instance, patent litigation is up: there were 2,318 patent-related suits in 1999, and 2,830 in fiscal 2006 (though that’s down from the peak year, 2004, when 3,075 were filed). Mr. Bessen said awards in patent cases also seemed to be up, though he was less confident in that data. Worse, he says, companies doing the most research and development are sued the most. Mr. Bessen’s critique of the patent system does not go so far as that of economists like Michele Boldrin and David K. Levine, who argue that the patent system should be abolished ( http://www.dklevine.com/general/inte...gainstnew.htm). Mr. Bessen said that besides girding the pharmaceutical industry, the system did seem to work reasonably well for small companies and individual inventors. Still, he said that “our finding is that the risk of patent litigation is creating a disincentive for R&D,” especially for information technology companies, and that the system urgently needs change. Mr. Bessen’s data is controversial. John F. Duffy, a law professor at George Washington University, thinks that Mr. Bessen and Mr. Meurer have undervalued the profits made from patented items, though he acknowledged that a vast majority of patents are worthless. Mr. Duffy, who thinks that the patent system remains a powerful innovation engine for the economy, also noted that the data covers only the private value of patents — it does not try to measure the social value of patents, that is, the impact an invention has for society at large. How, for example, might one measure the value of the stability of an airplane, which can be traced to an invention patented by the Wright Brothers? Still, Mr. Duffy does not discount the research. In fact, he has invited Mr. Meurer to present it at a conference later this summer. “The numbers are serious, and they are provocative,” Mr. Duffy said. The data don’t seem out of line to R. Polk Wagner, a law professor at the University of Pennsylvania. He said that other research has established that patents typically are worth less than $10,000. “It’s not any secret that on a cash basis, it doesn’t make sense to file patents, and yet companies do it,” Mr. Wagner said. Some companies are still spending billions on research programs despite the increase in litigation costs. “Whether or not the R&D efforts you make invite litigation in no way relates to whether you do them,” said Bernard S. Meyerson, an I.B.M. fellow who is named on more than 40 patents and is currently chief technologist at its systems and technology group. I.B.M. has one of the corporate world’s largest research budgets, spending some $6 billion a year. And it does make money from its patents, at least on a licensing basis. Of course, I.B.M. also employs 370 corporate patent lawyers who Mr. Meyerson said work “hand in hand” with the company’s inventors, trying to make sure that the company is aware of patent pitfalls that might affect its work. I.B.M. and many other large high-tech companies have hefty patent portfolios, which Mr. Meyerson said deters the companies from suing one another. He said the industry operates under a large intellectual-property umbrella: “you are licensed under mine, I’m licensed under yours, and by declaring peace as opposed to war, you have freedom of action,” Mr. Meyerson said. Even so, he said I.B.M. is concerned that innovation could be choked by patent litigation and would like to see the system reformed. Congress could step in, and there are patent reform bills in the House and the Senate, with many of the provisions aimed at reining in litigation and damage awards. But this marks the third consecutive year that Congress has considered patent reform, and there is enough opposition from large companies to suggest that it will again have to wait until next year. There are other paths to change: the United States Patent and Trademark Office could open patent applications to public comment, which could help patent examiners find applicable previous inventions. The office in June began a yearlong experiment allowing open comment on 250 patent applications (http://www.uspto.gov/web/offices/com...hes/07-21.htm). The Web is already ahead of the patent office: a site called wikipatents (www.wikipatents.com) has created an open comment process for several years’ worth of patent applications. ANOTHER might be to increase the number of appeals courts that handle patent cases. Right now, there is only one, the United States Court of Appeals for the Federal Circuit. The Supreme Court, meanwhile, may have helped the system immensely with a ruling in June that should stiffen the standard of “obviousness,” the key criterion in granting a patent. Tougher standards may weed out many bad patents and reduce litigation. But technological inventions are often not obvious, especially when it comes to the esoteric world of software, where it can be unclear even to the inventor what the patent will be good for. Mr. Bessen, for one, is not optimistic. “Things are going to get a lot worse before they get better for the technology industry,” he said. If he’s correct, it will become harder to question his economic analysis of the current patent system. http://www.nytimes.com/2007/07/15/bu...y/15proto.html Russia’s Trademark Gun, but Others Grab Profits C. J. Chivers THE automatic Kalashnikov, the world’s most abundant firearm and a martial symbol with a multiplicity of meanings, turns 60 this year. In some places this is cause to shudder. In Russia it is treated as a milestone to celebrate, and a chance to cry foul. Once strictly Communist products, the AK-47 and its offspring are killing tools so durable and easy to use that they were heralded as achievements of state socialism and industrial might. Uncoupled from the laws of supply and demand by their origins in planned economies, they flowed from arms plants in the tens of millions, becoming national defense and foreign policy instruments for the Soviet Union and allied states. But the 60th birthday party has displayed the rifle’s evolving place in both the market and the Kremlin’s mind. These days the Kalashnikov is seen through capitalist lenses, and argued about in ways that could not possibly have been envisioned by its Communist creators. In cash-hungry Russia, Kalashnikov is now an informal brand. And as purchases of Kalashnikov rifles and their derivatives continue on foreign markets, Russian arms manufacturers and exporters worry not about ideology and world dominance, but over sales opportunities lost. The back story manages to be both odd and unsurprising. Russia’s anger is at the United States, a potential customer that has become, once again, a premier distributor, handing out the weapons to indigenous police officers and soldiers in Afghanistan and Iraq. The United States was also a bulk purchaser in the 1980s, when it supplied mostly Chinese and Egyptian Kalashnikovs to anti-Soviet insurgents in Afghanistan. In returning to the Kalashnikov market, the Pentagon has shunned purchases from Russia, opting instead for AK-47 knockoffs available for sale or donation from other countries’ stockpiles. (The true AK-47 was short lived and swiftly modified; its many variants, almost all of which the Soviet Union helped create via foreign aid, are often inaccurately called AK-47s, by now universal shorthand.) In Afghanistan, the United States has selected the AMD-65, a short-barreled Hungarian Kalashnikov copy with a forward hand grip and futuristic muzzle, as the standard weapon of the Afghan police. It has received most of its projected 55,600 AMD-65s via its foreign military sales programs, according to data provided by Combined Security Transition Command-Afghanistan. Another 10,000 Kalashnikov knockoffs were transferred in 2006 to Afghanistan from Slovenia. At least some weapons being handed out, based on an examination of the shipping containers and rifles this spring in Afghanistan, are inexpensive Chinese clones. Similarly, in Iraq (which once had its own Kalashnikov plant, built with Communist help) the United States scrounged or purchased more than 185,000 Kalashnikov-style rifles and light machine guns for Iraqi security forces from 2003 and 2006, according to the special inspector general for Iraq reconstruction. It did so without buying a single weapon from Russia, which, as creator of the underlying design that all automatic Kalashnikovs share, regards itself as the rightful owner of an informal but global brand. These transfers have alarmed and irritated Russian officials and arms merchants, and split the AK-47’s 60th birthday celebrations between parties and bitter pleas. With events that began in early July and will continue into August, the Kremlin and its arms-export agency are feting both a family of weapons and the man credited with their creation, Mikhail T. Kalashnikov, who at 87 has proved to be as durable as the rifles that bear his name. Even General Kalashnikov himself is venting his dismay over proliferation without Russian profit. “I take them into my hands and, my goodness, the marks are foreign,” he said of the knockoffs the Soviet Union once championed. “Yes, they look alike. But as to reliability and durability — they do not meet the high standards of our military.” Without these controversies, the celebrations might have had a familiar feel. The AK-47 and its derivatives, first tested in the forests outside of Moscow six decades ago, have been common on battlefields and in Soviet and revolutionary iconography for two generations. General Kalashnikov long ago became a hero of the proletariat. By the fall of the Soviet Union, their global saturation was complete. Soviet students practiced assembling and disassembling Kalashnikovs in the 10th grade. Soviet statues clutched them with muscular, thick-handed grips. Almost anyone who might fight the West or its partners had been eligible for automatic rifle shipments from the Communist bloc, or even a rifle or ammunition plant. Every self-respecting Communist revolutionary and even allies of convenience, from Fidel Castro to Yasir Arafat to Idi Amin, eventually had their Kalashnikov stockpiles and Kalashnikov poses, never mind the body counts. The testimonials this month have celebrated Russia’s version of this history. Depending on your point of view, these rifles have been either a revolutionary’s trusted partner or a lethal instrument of proxy war, terror and crime. The chosen speakers, hand-picked by Russian officials, have chosen the former line. “On behalf of all my brethren who died in the anti-American war to liberate our country, we thank you for inventing this weapon,” Senior Col. To Xuan Hue, the defense attaché from Vietnam, told Mr. Kalashnikov at one celebration. Group Capt. Biltim Chingono, the defense attaché from Zimbabwe, also sidestepped the rifle’s checkered reputation, saying that in his country’s civil war it had proved “to be the mightier and decisive freedom pen.” In Russian circles, little praise is being spared. “The famous Kalashnikov assault rifle has become not only an example of daring innovative thought but also a symbol of the talent and creative genius of our people,” President Vladimir V. Putin said in a decree. At the same events, Russian officials and arms manufacturers are clamoring over who should be allowed to put Kalashnikov rifles on the market. Some arguments are based on quality, and Russia claims, without offering evidence, that the copies and clones are not as well made as the genuine article. There is some support for this on black markets in Iraq, where the Russian Kalashnikovs often fetch higher prices than their clones, although whether the rifles are better or simply more coveted is not clear. Other arguments are rooted in what the Russians claim is law, as the arms industry insists that the factories that the Kremlin once sponsored, and now are in sovereign, post-Soviet countries, have no right to manufacture or sell items of Soviet design. “More than 30 foreign companies, private and state based, continue the illegal manufacturing and copying of small arms,” said Sergey V. Chemezov, the former K.G.B. officer and confidant of Mr. Putin’s who directs Rosoboronexport, the state arms-marketing agency. “They undermine the reputation of the Kalashnikov.” So far, few customers have paid notice. The largest customer in the market, the United States, has purchased whatever weapons it sees fit, coloring the AK-47’s 60th birthday, like much of Kalashnikov history, with another angry struggle. “We cannot tolerate the situation when only 10 percent of the Kalashnikovs are manufactured legally,” said Sergey V. Lavrov, Russia’s foreign minister. “We cannot stand for this. We must fight.” http://www.nytimes.com/2007/07/15/we...15chivers.html Punishing Google Rachel Rosmarin Much to investors' disappointment, Google cannot clear every hurdle put in front of it. On Thursday, the company reported second-quarter earnings of $925 million, or $3.56 cents per share, which missed expectations by a hair: Analysts were calling for Google to post earnings of $3.59 per share. Even though earnings in the second quarter topped year-ago figures by 28%, Google (nasdaq: GOOG - news - people ) investors might be sorry to see that Google couldn't match its $1 billion in earnings reported in the first quarter of 2007. No matter that Google's revenue shot up in the second quarter by nearly 60% vs. the same period last year, to $2.72 billion, beating estimates of $2.68 billion--the company's stock plunged nearly 8% in after-hours trading to $505. Why the shock? Expectations for Google are unusually high (see "Can Google Defy Gravity Again? Probably"). Since the company went public in August 2004, Google has surpassed expectations in every quarter except for one. Google Chief Executive Eric Schmidt didn't acknowledge a slip-up. "Our performance once again demonstrates the strength of our core search and ads business," he said in a statement. "The growth in our global traffic combined with our ongoing improvements in monetization resulted in solid revenue growth, even in a seasonally slow quarter." During a conference call, Schmidt noted that the company increased its head count by more than was expected during the quarter, bringing on 1,548 new hires. "We're pleased with the people we brought in, but we're going to watch this area very closely," he said. Schmidt also reminded analysts that Web traffic during the second and third quarters is traditionally weaker than during the first and fourth quarters. "We will expect that to be true for many years to come," he said. George Reyes, Google's chief financial officer, pointed out that the company's revenues from the AdSense network may have been lower than expected for the quarter because of the company's decision to begin weeding out publishers' sites that "were not meeting quality thresholds," he said. Some of these sites could be the type that is filled with advertising but not much content. Publishers of these sites benefit from revenue-sharing with Google, but with fewer of them around, there are fewer revenues for Google to take. When an analyst asked Omid Kordestani, Google senior vice president of global sales and business development, how much revenue products not related to advertising contributed to the company's bottom line, he couldn't come up with much. "No impact this quarter," he said. That means high-profile Google products like YouTube, with its video advertising, and extensive mapping and mobile software aren't registering as compared with Google's massive search-ads business. But Kordestani said Google's ad sales teams are learning how to sell ads on these new products. “Every group in the U.S. has gone through a lot of training,” he said. "They get supporting expertise to help them sell against things from YouTube, to print, to TV advertising." http://www.forbes.com/technology/200...19google1.html The Boat Is About to Rock (Again) in Internet Video Brad Stone DMITRY SHAPIRO brings an unlikely gadget into meetings these days: a TV remote control. As chief executive of Veoh Networks, an Internet video company based in San Diego, Mr. Shapiro uses the remote to navigate the company’s new software program, VeohTV, on his laptop. The software acts like a Web browser but displays only Internet video, presenting full-length television shows and popular clips from the Web’s largest video sites, like NBC.com and YouTube. It lists those videos in a program guide and plays them in a small window or across the entire screen. The product, now in a private testing phase, will be available to the public later this year. It has the potential to be a popular and practical way to watch online video. But like a long line of other innovative high-tech tools, VeohTV could also threaten and alienate traditional media companies and even cause some of Veoh’s Internet rivals to consider legal remedies. For the last two years, Veoh Networks has operated a video-hosting Web site, Veoh.com. The site works much the way YouTube does, with a few notable exceptions. The company does not impose any time limits on the length of videos and does not use digital fingerprinting technology to filter out copyrighted material. That has led to some rights holders to complain that Veoh has fallen behind in protecting intellectual property. Nevertheless, Veoh.com has been growing fast: it draws about 15 million visitors a month, up from 4.5 million in January. Veoh Networks is a private company and does not release financial data. YouTube, by contrast, gets more than 100 million visitors and serves up more than three billion video clips a month, according to several market research firms. “It’s impossible to compete with YouTube as a video sharing site now,” said Josh Bernoff, a vice president at Forrester Research. “Veoh is a good example of a company that decided to go off in a new direction.” That direction is VeohTV. To support the new effort, the company raised about $26 million this summer from investors, including Time Warner; Goldman Sachs; Spark Capital, a venture capital firm in Boston; and the former Disney chairman Michael D. Eisner, who joined the Veoh board and counsels Mr. Shapiro, a 38-year-old, Russian-born engineer. The company introduced VeohTV as a beta product last month, making it available for testing to a group of invited users. I found VeohTV to be easy to use. Once the software is downloaded to a computer, it offers an easy-to-navigate directory of 114 video channels, including listings for CBS, NBC, Fox and YouTube. On the NBC channel, there are dozens of episodes of “Heroes,” “30 Rock” and “Studio 60 on the Sunset Strip.” On the Fox channel, there are several full-length episodes of the dramas “Bones” and “24.” Those shows are free and available for streaming on the NBC and Fox sites. The VeohTV player, Mr. Shapiro said, is just giving them a new audience. “There are full-length episodes at Fox.com, but many customers don’t know how to find them,” he said. “The Web browser is fine for short clips. But if you just want to sit back and watch video on the Web, this is what you will want to use.” Major media companies, however, are more interested in protecting their copyrighted programs. Veoh does not ask for permission to play material from other Web sites, though Mr. Shapiro says he wants to strike advertising-sharing deals with content owners to ensure that shows appear in high-quality video. But Veoh does not think that it needs consent because VeohTV is doing nothing more than playing what is already online, including any commercials shown during the programs. The networks may disagree. By only offering video, VeohTV omits all the other advertisements on the network sites. For example, people who watched an episode of “Heroes” on NBC.com last week also saw for 40 minutes a banner ad for McDonald’s on the same page. VeohTV users watching the same episode would not see the banner. Rick Cotton, the executive vice president and general counsel of NBC Universal, said that streaming full-length television episodes drives traffic to other parts of NBC’s site and exposes users to the ads on it. And the right to play those shows is valuable, he said, pointing to the still-unnamed venture between NBC Universal and the News Corporation to create an online repository of their TV shows and movies. Sites like MySpace, AOL and MSN have already entered into commercial agreements to display the venture’s content. “This material has value,” Mr. Cotton said. “The notion of taking it and generating traffic with it needs to be negotiated and needs to be done with the agreement of content owners.” That’s why NBC and the other major studios are keeping close tabs on VeohTV’s business model. FOR some video content, VeohTV can act as a digital video recorder, turning a video stream — meant to be viewed on the Web — into a downloaded file on a user’s hard drive. VeohTV users can record a YouTube video, for example, even though YouTube, owned by Google, says its terms of service specify that videos uploaded to the site will only be streamed. Other software, like the recently released RealPlayer 11, by RealNetworks, can turn streaming video into downloads as well. But according to Ricardo Reyes, a YouTube spokesman, VeohTV steers users away from its ads while violating YouTube’s contract with its users. Mr. Reyes says the company is watching Veoh carefully. In response, Mr. Shapiro says his software provides an easier way to do something that is already technically possible on YouTube. Mr. Shapiro and his backers are aware their product will disrupt current business models. So have many technological innovations in the past, he argued, and Veoh hopes to build a large audience while courting large media companies. That creates an apparent contradiction that will be hard to resolve. Veoh maintains that it does not need permission to list and play other companies’ videos inside VeohTV. But it also wants to play nice. “We are going to try to be friendly to content owners,” said Todd Dagres, a partner at Spark Capital who serves on the Veoh board. “We are going to try to be the white-hat company.” http://www.nytimes.com/2007/07/15/bu...y/15ideas.html Happy Blogiversary It's been 10 years since the blog was born. Love them or hate them, they've roiled presidential campaigns and given everyman a global soapbox. Twelve commentators -- including Tom Wolfe, Newt Gingrich, the SEC's Christopher Cox and actress-turned-blogger Mia Farrow -- on what blogs mean to them. Tunku Varadarajan Notwithstanding the words of Tom Wolfe, who puts an elegant boot, below, into the corpus of bloggers, there are many more people today who would read blogs than disparage them. The consumption of blogs is often avid and occasionally obsessive. But more commonly, it is utterly natural, as if turning to them were no stranger than (dare one say this here?) picking one's way through the morning's newspapers. The daily reading of virtually everyone under 40 -- and a fair few folk over that age -- now includes a blog or two, and this reflects as much the quality of today's bloggers as it does a techno-psychological revolution among readers of news and opinion. We are approaching a decade since the first blogger -- regarded by many to be Jorn Barger -- began his business of hunting and gathering links to items that tickled his fancy, to which he appended some of his own commentary. On Dec. 23, 1997, on his site, Robot Wisdom, Mr. Barger wrote: "I decided to start my own webpage logging the best stuff I find as I surf, on a daily basis," and the Oxford English Dictionary regards this as the primordial root of the word "weblog." The dating of the 10th anniversary of blogs, and the ascription of primacy to the first blogger, are imperfect exercises. Others, such as David Winer, who blogged with Scripting News, and Cameron Barrett, who started CamWorld, were alongside the polemical Mr. Barger in the advance guard. And before them there were "proto-blogs," embryonic indications of the online profusion that was to follow. But by widespread consensus, 1997 is a reasonable point at which to mark the emergence of the blog as a distinct life-form. Once a neologism, outlandish to some, weblog has come to be abbreviated to blog, a brusque and jaunty word that no one, now, would think to look up in a dictionary. That said, the spell check on Microsoft Word has yet to awaken to the concept of the blog. Type in "blogging," for instance, and you will promptly earn a disapproving underscore in red, with the suggestion that "bogging," "clogging," "flogging" or "slogging" (unappetizing alternatives all) might, in truth, be the word you seek. In the decade since their conception, blogs, once a smorgasbord of links, have evolved into vehicles for a fuller, more forceful and opinionated prose. Not all of it has been lovely to behold, or even edifying. Inevitably, there has been bombast, verbosity and exposure to the public eye of thoughts that, ideally, should have remained locked inside fevered heads. (The impact of blogs on public discourse has included, I contend, the emergence of a form of "oral blogging," noticeable at seminars and the like, where people who might once have asked brisk questions are now empowered by the blog form to hold forth at length, with little attempt at self-editing.) The other change in the blog has, of course, been its mainstreaming. Blogging was once the province of the Nerd Without a Life (NWAL -- which, when pronounced aloud, sounds remarkably and appropriately like know-all). Today, while members of that tribe still abound, there are others who blog not because it is their only window on the world, but because blogging offers the opportunity of direct and immediate communion with those who would respond to their ideas. Call it intellectual "skin contact." Jack Bogle, the founder of Vanguard, blogs (his is the Bogle eBlog, so called because the second word is an anagram of his surname; and unlike many CEOs, he blogs without the aid of a ghostblogger). Gary Becker, Nobel laureate in economics, blogs. Peter Stothard, editor of the Times Literary Supplement of London, blogs. Mia Farrow, the cinema actress, who also writes below, blogs. As do politicians and activists of every stripe. Some blogs are profitable businesses, and it is no surprise that the traditional media have bought into the action, including this newspaper (see James Taranto's contribution, below). Featured here, then, are a dozen brief meditations on what the blog has come to mean and on the role blogs play in the usual tussles of any civilized society. The appropriate question about blogs, 10 years into their first appearance, is not whether they are a form of exhibitionism, or journalism, or theater. It is, instead, this, and I pose it with a courteous apology to Tom Wolfe: What would we do without blogs? Harold Evans A Spurious Megaphone Editor at large, the Week Former editor, the Times of London Favorite blogs: AndrewSullivan.com (political pundit for the Atlantic Monthly); MichaelTotten.com (Mideast affairs blogger); HeadButler.com (news and culture roundup) Coming from a print culture where the rule was check, check, source, source, I was chilled, in the early days of the blogosphere, by the easy dissemination of lies. Did you know that 9/11 was the work of the Mossad? How else can you explain that the 4,000 Jews were tipped off to stay away that morning? Gibberish, of course, but widely believed in the Muslim world. In Indonesia, Tom Friedman reported, only 5% of the population could get on the Web, but these 5% spread rumor as fact: "They say, 'He got it from the Internet.' They think it's the Bible." In this case, the revealed "truth" was a blog by one Sy Adeeb, writing from Alexandria, Va., under the logo of Information Times (with an address at the National Press Building in Washington, which had no trace of him). When I tracked him down, he told me he got it from Al Manar, the Hezbollah station in Beirut. Once upon a time, Adeeb would be sending out smudged mimeographed sheets that would never see the light of day. Now, as bloggers on the Web, Adeeb and others like him have a megaphone to the world, with this spurious authenticity of electronic delivery. (Tony Blair says there are 70 million blogs. Presumably, British Intelligence has been counting.) What's lamentable is that mainstream media, in a desperate race to be hip, will often now quote an unsourced blog story as a source. So nobody can really calculate the ripple effect of blogging. That said, there's a lot that's great about the blogosphere. Some blogs have become the best check on monopoly mainstream journalism, and they provide a surprisingly frequent source of initiative reporting. As an example, the only hope of staying sane in the lockstep stereotyped reporting of the 2000 presidential campaign was to look up Eric Alterman on MSNBC.com and the Daily Howler hilariously documenting the false narrative into which every story about Al Gore was fitted. Christopher Cox Bolstering Investors' Toolkit Chairman, Securities and Exchange Commission Without a good search engine (Google, of course, along with blogdigger, Feedster and a handful of others), it would be impossible to intelligently sample the vast landscape of the blogosphere. With that basic tool, it's at least possible to get a feel for the range of opinions on a given topic. It's a bit like reading the verbatims from an opinion poll; you get someone's genuine opinion, and it most certainly is not statistically valid. Blogs can contribute a great deal in the world of finance, which turns on information -- the newer, the better. As investors strive to make sense of the ever-higher mountains of data that we're buried under, the services of bloggers, whom we can imagine sitting at home in their pajamas trolling the Internet for us, free of charge, are likely to be an increasingly consequential addition to the investor's tool kit. To be sure, the blogosphere is subject to all of the same risks as the Internet itself. Many blogs are loaded with vanity posts, half-truths, rumors, and even intentional distortions. Others have spotty quality. The Securities and Exchange Commission's Office of Internet Enforcement has discovered several fraudsters operating blogs on the Web. There's no question, however, that among the ranks of legitimate bloggers, the corporate world is well represented, although some executives have undoubtedly hired professionals to blog in their stead. And, of course, you'll have seemingly unlimited choices when it comes to selecting your favorite Web-based market analyst. Not surprisingly, when it comes to the new financial-reporting language of XBRL and interactive data, blogs such as blog.hitachixbrl.com are a far more likely place to find the latest scoop than, say, your local library. When, in September 2006, I posted on one executive's blog (search for "Jonathan Schwartz" + "Christopher Cox" and you can find it), it immediately became clear how quickly news can spread. The exchange drove home the point that in carrying out the SEC's mission, Web-based disclosure will be of growing importance. On his blog, Mr. Schwartz, chief executive of Sun Microsystems, challenged the commission to clarify that the use of blogs like his could be consistent with our regulations requiring public companies to share news with the public at the same time they give it to market professionals. As a result of that exchange, the SEC is moving forward on that initiative, aided by thoughtful commentary from outside our own cathedral, some of it found on blogs. Do bloggers portend more lasting ramifications for the securities world? But of course. Shareholders are on the move, and technology has given them a cheaper and more-effective means to communicate. From improved price discovery to better corporate governance, investors, markets, managements and boards will never be the same. Favorite blogs: Mr. Cox prefers not to specify any favorite blog because "the way that some SEC followers hang on every agency pronouncement will lead someone to decide that monitoring the blog is both a new compliance burden and a guide to the hidden meanings of agency thinking." Mia Farrow The Editor in Chief: Me Actress Favorite blogs: BoingBoing.net (Tracks nooks and crannies of the Web); GPSMagazine.com (Everything about global positioning systems) When my daughter came to me crying because the school newspaper refused to print one of her articles, I said: Why not start your own paper? Unfiltered publishing was once the exclusive domain of media moguls, but today, who needs Rupert Murdoch? Blogging has become a publishing equalizer that was scarcely dreamed of years ago. It's free, you don't need editors or publishers, you don't even need to be able to write well. Last year, I followed my own advice. I started www.miafarrow.org. I am my own toughest critic, and I can't say the acceptance rate for my pieces is vastly improved, but the only person I have to convince that an article is worth publishing is the editor in chief: me. (When a piece is posted, the entire staff is elated.) It is through this experience that I've come to appreciate the purity and power of blogging. I have appeared in more than 40 movies, written a book and given countless interviews on TV, radio and in print. Yet none of this has allowed me to spotlight issues important to me as completely as my blog. I have blogged from some far-flung locations, such as the ravaged borders between Darfur and eastern Chad. And even in the most isolated regions, I knew that I was not alone. I had brought with me 30,000 readers a day, and they stuck with me every step of the way. Via satellite phone, I sent messages from the outskirts of the newly attacked town of Paoua in remote northwestern Central African Republic. I found myself in the middle of a humanitarian catastrophe. Hundreds of people had fled into the bush. They were eating leaves and drinking swamp water. No one was there to protect them. "Drums and gunfire are the music of the night," I blogged. Neither the reader nor I could know what would happen next. That immediacy and urgency was transmitted to my family and friends back home, along with thousands of members of the larger human family. James Taranto Answering an Unmet Need Editor, OpinionJournal.com Favorite blogs: KausFiles.com (Slate's prolific political blogger); InstaPundit.com (Libertarian law professor's take on politics and technology); JustOneMinute.typepad.com (Recent addition to politics blog circuit) In the world of politics and political journalism, blogs have evolved differently on the right and the left. The seeds of this evolution were sown by two proto-blogs that played key roles in the Clinton impeachment. On Jan. 18, 1998, the Drudge Report sent an email billed as a BLOCKBUSTER REPORT: "At the last minute, at 6 p.m. on Saturday evening, Newsweek magazine killed a story that was destined to shake official Washington to its foundation: A White House intern carried on a sexual affair with the President of the United States!" Drudge's borrowed scoop forced the story into the open, and within three days President Clinton issued the first of many denials. His subsequent testimony under oath that he had not had a fling with Monica Lewinsky led to his impeachment for perjury and obstruction of justice. Had Drudge not acted after the mainstream media hesitated, there is no way of knowing if the story would ever have seen the light of day. That September, after it became clear that Mr. Clinton had lied about his relationship with Ms. Lewinsky, a pair of liberal technology entrepreneurs began a project called "Censure and Move On," an online petition calling on Congress to abandon impeachment, "immediately censure President Clinton and move on to pressing issues facing the country." The Web site, MoveOn.org, later became a hub for liberal political activism, opposing the Iraq war and other Bush administration policies. Broadly speaking, conservative bloggers have followed the Drudge model, acting as a check on the liberal tendencies of the mainstream media, or "MSM." Conservative bloggers' proudest moments have come when they have debunked false and biased MSM reporting, especially CBS's fraudulent exposé on President Bush's National Guard service in 2004 and Reuters' doctored photos from Lebanon in 2006. The liberal blogosphere, meanwhile, is a hotbed of edgy activism -- some might say extremism. It pushed forward the Valerie Plame kerfuffle and gave support to candidates such as Ned Lamont, Jon Tester and Jim Webb. Just as conservative talk radio helped along the Republican victory in 1994, liberal blogs had their moment of triumph in the midterm elections 12 years later. Conservatives see blogs as the answer to Dan Rather, who is liberal but not overtly so. Liberals see them as the answer to Rush Limbaugh, who is open about his opinions and his desire to influence public opinion. In both cases they answer an unmet need in the political/media marketplace. Jane Hamsher 21st-Century Howard Beales Founder, firedoglake (political blog) Favorite blogs: DigbysBlog.blogspot.com (political news and commentary); TBogg.blogspot.com (liberal pundit covers news and culture); CrooksAndLiars.com (left-leaning commentary with lots of video clips) During the '90s, railing at the TV set was the isometric sport of the silent majority. Progressive political junkies watched in isolation as the Washington Post prominently printed one Whitewater story after another as if they originated on tablets of stone rather than the fax machines of Arkansas political operatives. Many people felt like they were the only ones who scratched their heads in wonder that it all made no sense, recoiling in horror as a slick PR operation rapidly escalated from the realm of lazy, spoon-fed journalism to the constitutional mockery of the Clinton impeachment. That isolation ended with the advent of the progressive blogosphere, which acts as a virtual water cooler for those who not only want to rail at the TV set, they want the TV set to listen. Probably nothing better contrasts the pre- and postblogospheric worlds than the Whitewater and CIA leak stories. In one, the endless repetition of meaningless gibberish was allowed to take root and become conventional wisdom. In the other, despite the constant reiteration of abject fantasies like "no underlying crime was committed," the public seemed to realize that it's not okay to perjure yourself in front of a grand jury and obstruct justice on behalf of your boss. Special counsel Patrick Fitzgerald was allowed to try his case in court before GOP spinmeisters could try it in the press, and a recent Gallup poll shows that 66% of the country thinks Bush should've left Scooter alone to do his time. That message wasn't carried by the beltway Brahmins of the MSM, the media elite who transcend party loyalties and embrace Libby as one of their own. They collectively bristled at the thought that Scooter (and no doubt themselves) should be subject to the verdict of some "ignorant jury" (as Ann Coulter likes to call them). No, that message was carried by bloggers and their readers, the thousands of people who collectively pored over the story's coverage, serving as institutional memory and holding media outlets to account when the politics of access journalism threaten to obscure the truth. At a time when government is in desperate need of oversight and the Fourth Estate has become uncomfortably close with those they are tasked with covering, the progressive blogosphere is a place where erstwhile Howard Beales coalesce to fill the gap. They come together to challenge the virulent Rovian notion that no law is so sacred, no tenet of national security so vital it can't be flouted in the pursuit of political gain. Scooter and other hermetically sealed beltway denizens may think he's a hero, but the rest of the country realizes he's nothing better than a garden variety crook. It ain't perfect, but it's progress. Brig. Gen. Kevin Bergner 'Milblogging' the War Spokesman for Multi-National Force, in Iraq Military blogs offer readers a front-row seat into the camaraderie, pride and challenges of those in uniform. No one can better represent the experiences of a soldier than soldiers themselves, and "milbloggers" deployed to the frontlines of the war on terror offer first-hand insights into their service and sacrifice. Why does this matter? Because milbloggers uniquely reveal the human face of our forces, from a young trooper patrolling Baghdad neighborhoods to a doctor saving lives at a Combat Support Hospital. First-hand accounts are an important way to communicate the creativity, commitment, and the lighter moments of those who are placing their lives on the line. In the past decade, new technologies from satellite phones to Internet technology have changed the relationship between information and warfare. The military's former inclination to control information has been replaced by an appreciation of the risks, but more importantly the opportunities of cyberspace. One example is when soldiers, of their own initiative, create and maintain personal blogs about their day-to-day experiences. Since blogs have the potential to reach a global audience, we have established clear guidance to ensure that blogging does not violate operational security, individual privacy, military policy or propriety. Our troops are fast learners, so while we have had a few breaches there have been many more positive experiences shared. By no means do all military blogs paint a positive picture, nor should they. Each posting represents an individual's musings at a particular point in time. We are waging a historic fight against a ruthless enemy. It is also a campaign that historians will be able to learn more broadly about from anecdotes and insights in today's military blogs. Favorite blogs: "Around here, folks like to read Small Wars Journal (http://smallwarsjournal.com/index.php), Blackfive (http://www.blackfive.net/) and The Mudville Gazette (http://www.mudvillegazette.com/)." Newt Gingrich New Political 'Prosumers' Former House speaker Favorite blogs: RedState.com (Republican news and notes); Corner.NationalReview.com (conservative magazine's politics blog); PowerlineBlog.com (covers law and right-leaning politics) Home Depot redefined an industry by catering to customers who preferred to fix their homes themselves rather than rely on professional repairmen. Dell Computer revolutionized the computing industry by allowing customers to design their own computers instead of purchasing the prepackaged, recommended configurations. It may not seem obvious, but blogging is part of this same social trend. Think of blogging as a DIY movement in our always intertwined media and political culture, blurring the lines between professional producers (news organizations and politicians) and amateur consumers (citizens), creating what Alvin Toffler called "prosumers," characterized by their desire to play an active role in creating the products they consume and by their distrust of professionals who claim to know what's best. In politics, supporters of a candidate or party are increasingly dissatisfied with simply putting up yard signs or making scripted phone calls; they want those in power to listen and respond to them as well. They also don't trust professional politicians to do what is right without constant supervision. In many ways, these are the characteristics of any insurgent political movement, but blogging is enabling particularly rapid mobilization and organization. We've already seen the effects on the Democratic Party. Web sites such as Daily Kos and MoveOn.org -- which I find fascinating as models of online activism -- have made it quite clear that their aim goes beyond stopping President Bush; they're also targeting leaders in their own party viewed as unresponsive to the grassroots. Sen. Joe Lieberman's primary loss is the most visible example. If Republicans remain out of step with their base for too long, expect a similar insurgency on the right. Similarly in news, it used to be that the only way to respond to an article or editorial was to write a letter to the editor. Now anyone can be a publisher. Bloggers can critique, fact-check or applaud journalists on their own platform, as well as offer their own analysis of world events. The term MSM is a derogatory term in the blogosphere, signifying distrust of the news professional. To succeed in this new environment, news and political organizations will need to offer products that are both highly responsive and easily customized. Balancing this pressure with the need for news organizations to remain objective and politicians to act in accordance with their leadership responsibilities in a representative democracy will be a significant challenge. Dick Costolo Zero-Cost Publishing Group product manager, Google Former CEO of FeedBurner (blog services and tools provider) Favorite blogs: FakeSteve.blogspot.com (musings by a Steve Jobs imposter); Publishing2.com (new media and the future of online publishing); Blog.Photoblogs.org (aggregates the best of the photoblogs) When I was a kid, there were three broadcast TV channels that everybody was subscribed to, a couple of local papers and a handful of local radio stations with significant range. For all these broadcasters, a community of interest was defined as all the households this broadcast is reaching, so there was no real concept of targeted content or communities of interest. If you happened to be interested in venture capital and were a college student living in Detroit, there was no way for you to participate (an important term) in any community of interest around venture capital unless you moved to Silicon Valley or paid a ridiculous sum of money to subscribe to an obscure newsletter. On the publishing side, the barriers to entry were replete with all manner of government regulation, massive capital requirements and steep learning curves, creating a natural status difference between publishers and subscribers. The publishers had massive status, the subscribers little or none. The Internet destroyed most of the barriers to publication. The cost of being a publisher dropped to almost zero with two interesting immediate results: anybody can publish, and more importantly, you can publish whatever you want. With the cost of publication at almost zero, the cost of subscribing to almost any community of interest also dropped to zero. Anybody can publish and anybody can subscribe, and publishers and subscribers are now two sides to the same coin. Any subscriber can actively participate in any community of interest by becoming a publisher in that community. Everything is challenged and no media provider is immune from open public questioning. This is true across the spectrum of publishers. A VC blog written by an expert in Silicon Valley with 20 years' experience is subject to counterpoints from the student in Detroit who's similarly passionate about this community of interest. The challenge, of course, is that in a media democracy, it is incumbent on all of us to determine how we make decisions about authenticity and authority in media, since these traits are no longer an implicit (if sometimes unwarranted) artifact of publication. Tom Wolfe A Universe of Rumors Novelist One by one, Marshall McLuhan's wackiest-seeming predictions come true. Forty years ago, he said that modern communications technology would turn the young into tribal primitives who pay attention not to objective "news" reports but only to what the drums say, i.e., rumors. And there you have blogs. The universe of blogs is a universe of rumors, and the tribe likes it that way. Blogs are an advance guard to the rear. For example, only a primitive would believe a word of Wikipedia (which, though not strictly a blog, shares the characteristics of the genre). The entry under my name says that in 2003 "major news media" broadcast reports of my death and that I telephoned Larry King and said, "I ain't dead yet, give me a little more time and no doubt it will become true." Oddly, this news supposedly broadcast never reached my ears in any form whatsoever prior to the Wikipedia entry, and I wouldn't have a clue as to how to telephone Larry King. I wouldn't have called him, in any case. I would have called my internist. I don't so much mind Wikipedia's recording of news that nobody ever disseminated in the first place as I do the lame comment attributed to me. I wouldn't say "I ain't" even if I were singing a country music song. In fact, I have posted a $5,000 reward for anyone who can write a song containing the verb forms "am not," "doesn't," or "isn't" that makes the Billboard Top Twenty. Favorite blogs: Mr. Wolfe, "weary of narcissistic shrieks and baseless 'information,' " says he no longer reads blogs. Xiao Qiang Breaking the 'Great Firewall' Founder and editor of China Digital Times (an independent aggregator of China news); director, China Internet Project at the Graduate School of Journalism at the University of California, Berkeley Favorite blogs: ZonaEuropa.com (global news with a focus on China); SmartMobs.com (author Howard Rheingold's tech thoughts); Blog.DoNews.com/keso (opinated takes on tech, from iPhone to Google) Lian Yue started his blog in the spring of 2005. A free-lance columnist, Lian lives in Xiamen, one of China's most wealthy cities on the southeast coast. His liberal-style social commentary and humorous writing quickly won him thousands of readers. Starting this March, Lian posted a series of articles warning the people in his hometown that a paraxylene (PX) chemical factory being built in his city could have a disastrous environmental impact. He called on residents to speak out against the construction. "Don't be afraid," Lian wrote on his blog on March 29. "Please just talk to your friends, family and colleagues about this event. They might still be in the dark." Lian is one of 16 million (and growing) active bloggers in China. While most posts are personal, an increasing number of bloggers writing about public affairs have become opinion leaders in their local communities. Despite the government's "Great Firewall" to filter out "undesirable information," and the tens of thousands of personnel hired to police the Internet, the sheer number of bloggers writing about public affairs is having a transformative impact on Chinese politics. Xiamen authorities have vigorously deleted anti-PX factory messages on any servers within their governing territory. However, word still got out to local residents via email, IM and SMS on mobile phones. One of Lian Yue's articles on this topic was published in a newspaper in a neighboring province and spread "like wildfire" throughout the blogosphere. By the end of May, SMS messages and cellphone photos of protesting slogans such as "Boycott PX, Protect Xiamen" were sent out to millions of Xiamen residents. On June 1 and 2, against the local authorities' warning, several thousand citizens spontaneously showed up "to walk" in front of the city government with anti-PX message boards. Participants reported the protest live with their cellphones, which directly transmitted photos and text to their blogs. The government was forced to announce a "re-evaluation" of the factory construction. In China, blogs enable millions of citizens to express their opinions with reduced political risk simply because of the sheer number of like-minded opinions online. Facing these independent voices, the old ideological machine starts to crumble. Within society, bloggers like Lian Yue are seen as more credible voices than propaganda officials. The Chinese blogosphere is a dynamically contested terrain. What will the long-term implications be? I think the writing is already on the Great Firewall. Jim Buckmaster Zero-Cost Publishing CEO, Craigslist Favorite blogs: Slashdot.org (one of the first tech blogs); Metafilter.com (community blog anyone can edit); Valleywag.com (tech gossip site); TechDirt.com (popular tech news site) Iraq Occupation? Global Warming? Abuse of Power? Pick up a Blog! I read blogs every day, for all sorts of reasons, but I turn to blogs especially when I want to hear alternative viewpoints -- for example, information on a particular medical treatment from the viewpoint of patients receiving it, rather than doctors administering it; reports from the battlefield seen through the eyes of soldiers rather than politicians; thoughts on a particular technology from the standpoint of engineers rather than executives. Consider the Iraq occupation -- or colonization. Corporate media provide saturation coverage, but often manage to leave all the most interesting bits for bloggers, such as what our government is actually trying to accomplish by occupying Iraq (blog.zmag.org/ttt), what Iraqis think about the occupation so far (afamilyinbaghdad.blogspot.com, iraqblogcount.blogspot.com), how our soldiers feel about it (cbftw.blogspot.com), and how taxes being appropriated for it are being doled out (www.huffingtonpost.com). On global warming and reducing our reliance on oil imports, stories in corporate media tend to reinforce the status quo, dwell on political impracticalities of making changes, or focus on pork-barrel nonsolutions like ethanol. Turn instead to quality blogs on the subject (like cleantechblog.com, or Amory Lovins's blog at green.yahoo.com) and you quickly learn that excellent solutions are at hand, but are being mostly ignored because they aren't popular with certain large corporations and their representatives in Washington. With millions of private citizens now blogging, there is a diverse and not-easily-censorable chorus to sound alarms, something the corporate media often will not do. In fact, I think our "citizen journalists" in the blogosphere protect us against abuse of power to a far greater degree than the much ballyhooed "citizen militia" afforded by gun ownership -- without the daily carnage of accidental and impulse shootings. Elizabeth Spiers Effective Niche Targeting Writer Founding editor, Gawker (news and gossip site) Favorite blogs: Reason.com/blog (news and commentary recommended by libertarian magazine's staff) MaudNewton.com (former attorney who writes on literature and culture); DesignObserver.com (posts about design) "I don't know why anyone reads blogs," the editor in chief of a large magazine once said to me. "It's like listening to the crazy guy on the subway rant." I had generated a substantial part of my income in the previous three years from professional blogging and wasn't inclined to bash blogs categorically, but I conceded that in some cases she was right. There are countless blogs that are filled with inarticulate vituperative screeds that appear to have been published by people whose mental facilities are not fully intact. I'll even confess to having written a few posts that undoubtedly fit that description. That said, a blog is just a format for content. It's a way of presenting information in a linear fashion, in reverse chronological order. Ultimately, the blog is only as good as the information presented. Of the various blogs I've written or produced, the ones that worked best -- the ones that had the biggest and most loyal readerships -- always had a few consistent qualities. They were topically focused, often in niche areas. They published regularly and frequently, typically during office hours and several times a day. They published content that was original or difficult to find, from breaking news to proprietary photographs to obscure links that readers are unlikely to find on their own. They were usually well-written, which has its own intrinsic appeal for anyone who prefers to enjoy what they're reading. And lastly, they engaged their readership by soliciting feedback and responding to it, in the form of asking for tips, allowing comments or otherwise demonstrating some level of interest in their audience's preferences. Most blogs are personal diaries and don't fit those criteria, even in part. But the success of the various blogs that do choose to follow the aforementioned formula indicates that it's possible to create commercially viable media products for niche audiences. Even more important for traditional media, blogs are an inexpensive way to test new editorial concepts with an engaged audience whose behavior and preferences are more directly measurable than in any other medium. This alone should be of interest to any pragmatic editor http://online.wsj.com/article/SB118436667045766268.html Tech Boom, Media Bust Brian Caulfield It was a slow Friday at Red Herring magazine. The receptionist at the Silicon Valley tech title had stepped away from her desk. So a messenger strolls in from the summer sunshine, finds a 20-something reporter on her first real job and hits her with an eviction notice. Red Herring has three days to pay the rent or get out. Word got around, fast. Then someone looked outside. There, driving up in a rented silver Mazda minivan is a correspondent with gossip blog Valleywag. Aaaaaaand she's got a camera. Silicon Valley is booming again. But if you work in tech media, there's blood on the floor. Take Red Herring. It hung onto its offices after getting the eviction notice earlier this month. But gossip site Valleywag is breaking story after story not just on its beat--but about its woes. Meanwhile, bigger publications are hurting too: Time Warner's (nyse: TWX - news - people ) Business 2.0 saw ad pages drop 21.8% through March from the same period a year ago; PC Magazine's editor in chief walked out the door after ad pages fell 38.8% over the same period; and one-time online powerhouse CNET is reporting growing losses even as the companies it covers flourish. It may be happening in tech first, but there's no reason the same thing won't happen, eventually, in every media niche. Things couldn't be much more different than the last boom. While online upstarts such as HotWired struggled to make money--they had to invent the banner ad--print titles flourished. The Industry Standard, founded in 1997, set ad sales records. Business 2.0 came out of nowhere to scoop up gobs of ads against articles detailing how to succeed in the new economy. And one-time venture capital bible Red Herring ballooned to hundreds of pages. Then the tech downturn hit. The Industry Standard closed. The assets of Red Herring and Business 2.0 were sold to new owners. But while the good times are back--the tech-heavy Nasdaq hit a six-and-a-half-year high last week--tech trade and new-economy publications have not bounced back. The first problem: online keyword advertising. Media insiders say search engines such as Google have snarfed up the product-driven ads. Rather than running product listings in trade publications and newspapers, media insiders say tech companies prefer to buy keyword ads so they can send buyers straight to the gear they want. "Search is what ignited everything," says Geoff Ramsey, Chief Executive of eMarketer, a firm which aggregates and analyzes online marketing statistics. Meanwhile, Industry Standard founder John Battelle is keeping the bonfire of the print titles burning. His Federated Media Publishing is selling ads on more than 100 blogs, giving ad buyers the ability to spend big money on a collection of highly specialized sites--many of them focused on tech--that suit their needs. "If Cisco has to spend, I don't know, a couple of million dollars on a trade campaign, they are not spending it with Red Herring or Business 2.0. They are spending it with Federated Media, with bloggers who cover the sector," says Rafat Ali, editor and publisher of online media tracker PaidContent.org. And while blog networks are quickly gaining scale, even their most coveted offerings are cost-competitive. To make a back-of-the-napkin comparison based on rate cards: A start-up looking to get attention will grab a third-of-a-page color ad in a magazine with a rate base of 600,000 and might pay $27,300; or it can pay $21,000 for 600,000 impressions for its ads on TechCrunch--a site covering start-ups represented by Battelle's Federated Media--assuming they take the priciest ad slot on one of tech's hottest sites. That's no surprise, given that it takes fewer resources for blogs to crank out content than it does print titles. Web sites such as GigaOm, TechCrunch and Valleywag--with a few laptops, a web server and some hustle--are crowding into beats once dominated by trade publications and enthusiast magazines who rely on printing presses and full-time writers and editors. Bottom line: A successful blog can simply grab more readers, per employee, than more traditional media. Talk to blogger Matt Marshall. He walked away from covering venture capital at one of California's biggest newspapers, the San Jose Mercury News, to run a venture capital Web site from the second bedroom of his Fremont, Calif., home. He has no employees. Federated Media handles the ad sales for a 40% cut. And Marshall says he now makes more than he did as a reporter. Meanwhile, the Mercury News laid off 31 of his former colleagues this month. "Where they can actually succeed is by taking a particular vertical and absolutely nailing it," eMarketer's Ramsey says of bloggers like Marshall. Of course, blogging is not the express lane to riches its more exuberant backers would have you believe. The anonymous satirist who runs "The Secret Diary of Fake Steve Jobs" started hitting up his readers for money-making ideas just weeks after being named to Business 2.0's list of "50 Who Matter Now," even while, in character as Apple Chief Steve Jobs, he boasted about Apple's huge stock gains. And while Marshall says he's making a living, he's still living lean: he says he works until 3 a.m. many nights. "I can go under any day, and that's what brings the passion to this," Marshall says. The truth is, the vast majority of bloggers will never garner more than a few dozen readers. Then again, most of today's print-heavy news outlets are scaling back in the face of the relentless online competition. Marshall's father, Tyler Marshall, walked away from journalism after winning a Pulitzer Prize at The Los Angeles Times, bought out in a round of downsizing at the venerable newspaper. When Marshall told his father about his plan to launch his own publication, the older Marshall didn't discourage him. After all, what did he have to lose? http://www.forbes.com/technology/200...techmedia.html Create Your Own Live TV Channel With Selfcast Press Release RawFlow’s New Online Broadcasting Portal for User Generated Content is Now Released as a Beta Version. Selfcast Allows Anyone to Create Their Own TV Channel for Free and Broadcast Live on the Internet. RawFlow, a leading provider of live peer-to-peer streaming technologies, has announced the public launch of a beta version of Selfcast – a P2P based live broadcasting portal. For the first time ever, anyone can broadcast live to the world for free using just a webcam, a pc and an internet connection. Budding directors, musicians, talk show hosts and others, can now reach the masses online. Selfcast enables users to: • Broadcast live anywhere, any time • Invite friends, fans and family via integrated invitation tool • Completely free, easy to use • Broadcast directly from webcam or microphone • Get instant feedback from viewers who can submit comments or participate in the Live chat • Broadcast live or pre-recorded content which can be added to a play list In order to create broadcasts, a user simply downloads and installs the Selfcast software, which works as broadcast wizard and encoder for the broadcasts. Friends can then be invited to watch via built-in Instant Messenger (IM) tools such as Skype, Yahoo! Messenger, ICQ, and MSN. You can also invite your friends to watch via email. RawFlow is the company and driving force behind Selfcast – it uses its unique peer-to-peer technology, to enable anyone, anywhere to broadcast themselves live on the internet without any need for expensive hardware, infrastructure or bandwidth. Selfcast successfully added 500 beta testers on to the site on June 25th this year, and now allows anyone to try the beta version. Mikkel Dissing, Chief Executive Officer at RawFlow, commented: “Selfcast is unique in the sense that it allows anyone to broadcast for as long as they like for free. The fact that it is live means that you can get instant gratification from fans and friends. We already have had positive feedback from our early beta testers, and now welcome anyone to join our live video community”. Next up for Selfcast will be developing widgets which allows users to implement their channels into other social networks and websites. http://home.businesswire.com/portal/...&newsLang =en Facebook: the Ultimate P2P Darknet Enabler? vednis Could Facebook be used as the catalyst for a new generation of Peer-to-Peer darknet applications? Briefly, a darknet is a private virtual network where users only connect to people they trust. This is very similar to the networks that Facebook builds. Trust is the key. You connect to close friends and relatives, giving them access to personal content not privy to your larger network as a whole. Facebook could become an enabler for these networks, in that it provides a common point in the network through which you may connect with those trusted people. Not directly, but via Facebook’s new applications interface, or via exisiting network tools that Facebook supports directly, such as MSN, Gmail, etc. One such darknet application may be Peer-to-Peer shared backups. Imagine making an agreement with your relatives, that you would each devote 2GB of hard-drive space to keeping the family photo pool backed up. Some clever Open Source software could keep the photo pool maintained, distributed among all of your computers. The sharing tool could use a Facebook application for peer discovery. You could even route new content over existing tools. I wonder, if you could install the iLike application, could you use it to publish new content for your friends, and hook an Open Source content sharing tool into the iLike interface to handle the transfer? iLike publishes what’s new, Facebook publishes your content share points, and the Open Source tool handles the data. Using Facebook to publish content discovery and sharing points opens the door to federated services, allowing you to get your network out of the hands of commercial parties. If I could publish the address of a personal server on Facebook (a server that I own, running my own services), then I could start building networks and sharing with others outside of Facebook. And I would once again have control of my identity within those networks - I won’t have to rely on the Facebook privacy controls, or anything like that. Just some ideas. http://acanvas.wordpress.com/2007/07...rknet-enabler/ Re-Vote Likely After E-Vote Error A California judge appears set to nullify an election result voting down medical use of marijuana after an e-voting lawsuit. Stephen Lawson A California judge is likely to order a Berkeley city initiative back on the ballot because of local officials' mishandling of electronic voting machine data, a public-interest lawyer arguing the case said Friday. In a preliminary ruling Thursday, Judge Winifred Smith of the Alameda County Superior Court indicated she would nullify the defeat of a medical marijuana proposal in Berkeley in 2004 and order the measure put back on the ballot in a later election. A hearing on Friday morning in advance of a final ruling brought out nothing that indicated Smith would deviate from her preliminary decision, said attorney Gregory Luke, who is representing Americans for Safe Access. The medical-marijuana advocacy group is suing the county, assisted by the technology rights group Electronic Frontier Foundation. The case points to the dangers of electronic voting systems, which make it harder to ensure fair elections, Luke said. Electronic voting machines have been widely adopted in the U.S. since the disputed presidential election of 2000. Laws in California and some other states now require paper records of all votes, but the California law wasn't in place for the Berkeley election. Both sides argued their cases before Smith on Friday in a last-ditch hearing on the proposed sanctions, according to Luke. The hearing brought out nothing new that suggested Smith would change direction, he said. Americans for Free Access sought a recount of the vote on Measure R, which would have established procedures for opening marijuana dispensaries in Berkeley. It lost by fewer than 200 votes. A recount wasn't possible because the city didn't share the necessary voting records, in violation of election laws, Judge Smith ruled in April. In May, the county agreed to share some data. The county reused voting machines from Diebold Election Systems Inc. without saving sufficient data to carry out a recount or review the election process, Luke said. Officials failed to save key evidence even after the suit was pending, he said. Data from the vote in question has only been found on 20 of the hundreds of machines used in the election, according to Luke. In addition to ordering another vote on Measure R, Judge Smith's preliminary ruling called for the county to pay the US$22,604 cost of the recount, as well as attorney's fees and the cost of a trip to Diebold offices in Texas. Ordering a new vote is a rare move for a court, Luke said. "This is a very severe sanction. ... and it's warranted," he said Friday. Luke expects a final ruling in the case within two weeks. The county could appeal to a higher court if the ruling goes against it, he said. Attorneys for the county were not immediately available for comment. http://www.pcworld.com/article/id,13...s/article.html Forecast for Young, Stevens Clouds Up CONGRESSMEN: Increasing national scrutiny makes pair take notice of political winds. Steve Quinn They are, by their own admissions, feisty and cranky, with tempers that underpin their reputations as old-school -- yet effective -- members of Congress. They have more than 70 years of service on Capitol Hill between them and aren't ready to call it quits. But Alaska Sen. Ted Stevens, 83, and Rep. Don Young, 74, have also found themselves under increasing national scrutiny while their Republican party -- which staunchly supports them -- tries to mount a comeback to regain majority status in Congress. The two men are being pushed on legal and ethical grounds for various cozy relationships with influential businessmen. Yet neither plans to soften the tone or approach that enabled them to direct millions of federal dollars to Alaska. Both are seeking another term next year, undaunted by the growing scrutiny and with hopes the Republicans will be back in power. "People don't understand; if you don't establish yourself as the biggest dog in the yard, you're going to be chased out," Young said. "No one has been able to do that to me." Political analysts say Young -- Alaska's lone representative since a special election in 1973 -- may be the most vulnerable right now, but Stevens could be in for the toughest time yet in his political career heading toward the 2008 election. Long-Serving Senator Stevens is facing scrutiny from federal investigators for a home remodeling project, an investigation that dovetailed with a corruption investigation into state officials. Meanwhile, his son Ben, a former Alaska Senate president, was one of six state lawmakers who had their offices raided by the FBI last year. He has not been charged and has denied any wrongdoing. Ted Stevens, a former prosecutor, said his attorneys have advised him not to discuss the investigation. However, Stevens did say that he's not taking the investigation lightly, especially if it gains momentum. "The worst thing about this investigation is that it does change your life in terms of employment potential," said Stevens, the longest serving Republican in Senate history who was appointed in 1968. "It doesn't matter what anyone says, it does shake you up. If this is still hanging around a year from November, it could cause me some trouble." But so far, Stevens seems to be thriving on the setbacks. He was recently credited for helping broker a compromise on the Senate's energy bill. "I think all this has increased my focus on doing my job," he said. "I'm working to get this concept out of my mind that someone is trying to make something illegal out of all this. That's what's really disturbing." 'Earmarks Are Good' Meanwhile, criticisms launched at Young have come piecemeal over the last several years. He was connected to the scandal surrounding lobbyist Jack Abramoff when one of his former aides pleaded guilty to accepting gifts in exchange for official acts on the lobbyist's behalf. He has also taken heat for earmarks, money awarded for specific projects. Young most notably gained national attention for securing $200 million for a bridge project linking the southeast Alaska community of Ketchikan to its airport on Gravina, a nearby island, which became known as the "Bridge to Nowhere." More recently, Young -- the former chairman of the House Transportation Committee -- is taking heat for directing money to a Florida road project study. The money was not sought by the district's Republican congressman but would benefit a major contributor to Young's campaign. "When you are chairman of a committee, you represent the whole nation; you don't represent one district, which is in my case is one state," Young said. "Earmarks are good for the country and good for the people you represent. "That is the role of a congressman. If you can't get money for your district, you shouldn't be in Congress," he said. The Democratic Congressional Campaign Committee put Young on notice that it will provide logistical and financial support to a strong party challenger. So far, his only challenger is Diane Benson, whom Young defeated for re-election in 2006. "They are welcome to try," Young said. "I know that I'm the one they would like to eliminate. It doesn't bother me as long as I run a good campaign and do what's right for this state." The first punch has already been thrown. The Democratic committee recently launched a radio ad criticizing Young's commitment to providing benefits to troops in Iraq and Afghanistan. Committee spokesman Fernando Cuevas says the party nationally believes the old guard needs to step down, especially in Alaska where one current and three former state lawmakers face federal bribery and extortion charges. "People are tired of seeing politicians in this light, from the state legislature to this," Cuevas said. "People are tired of the spin. That style is done. You are seeing politicians at a different standard." Democrats Smell Blood Alaska Republican Party chairman Randy Ruedrich is not worried about the fate of his party's two warhorses. He said enough Alaskans will remember how Stevens and Young have helped the state grow, and not just the major cities, but the rural areas as well. "Their work is what made good drinking water available to our rural system," Ruedrich said. "They made life in many villages and small towns 20th century living rather than a honey bucket world," he said of the plastic buckets still used by some Alaskans without running water in their homes. Ruedrich said he welcomes a challenge from Democrats who couldn't unseat U.S. Sen. Lisa Murkowski, who was appointed by her father to his seat when Frank Murkowski was elected governor in 2004. But even as Democrats start to smell blood, political analysts say none of the troubles for Stevens or Young is enough to knock them off their perch just yet. "Those two have been drilling for oil in Washington for a long time and they struck it rich," said David King, political science professor at Harvard University's John F. Kennedy School of Government. "They are making sure they bring home the bacon to Alaska," he said. "Ideology and style don't matter as much as bringing money back home. That culture in Washington hasn't changed much at all." http://www.adn.com/front/story/9118343p-9034682c.html Hackers Steal U.S. Government, Corporate Data from PCs Jim Finkle Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said. The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd. Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches. The other parties either declined comment or did not respond to requests for comment. Prevx said the malware it identified uses a program named NTOS.exe that probes PCs for confidential data, then sends it to a Web site hosted on Yahoo Inc. That site's owner is likely unaware it is being used by hackers, Morris said. He believes the hackers have set up several "sister" Web sites that are collecting similar data from other squadrons of malware. It was not clear whether the hackers used any information stolen from more than 1,000 PCs. The hackers only targeted a limited group of computers, which kept traffic down and allowed them to stay under the radar of security police, who tend to identify threats when activity reaches a certain level. "What is most worrying is that this particular sample of malware wasn't recognized by existing antivirus software. It was able to slip through enterprise defenses," said Yankee Group security analyst Andrew Jaquith, who learned of the breach from Morris. Security experts say such crimes occur frequently because hackers have access to software that allows them to build undetectable malware that security firms are unable to fight. In this case, the malware had not been flagged as dangerous, although security firms put out updates identifying it as such on Monday night after Prevx sounded the alarm. "The sophistication is really far out there. There is no way security companies are going to catch up," said Rick Wesson, chief executive of Support Intelligence, a San Francisco firm that helps companies and government agencies detect and fight attacks on their computer systems. Wesson said his company is monitoring three other campaigns that are currently ongoing, but declined to discuss them, saying that could hamper counter-intelligence efforts. Wake-Up Call Many large organizations -- including government agencies -- do not use all the bells and whistles in their security software, security experts say. For example, organizations can choose to only let employees run programs on a list of safe software, but most take the opposite approach, banning programs listed as dangerous. Also, sensitive information on PCs is rarely encrypted. Doing so makes stolen information useless to hackers, but requires extra work by employees who access the data. A researcher with a large security firm said the attack disclosed by Prevx is "a wake-up call." "We try to strike a balance between usability and protection. It's a delicate balance. But organizations need to lean more toward the protection side than the usability side," said the researcher who declined to be identified. What is unusual about the case publicized by Prevx, security experts say, is that the firm named the victims. Prevx CEO Morris said he did so to bring attention to vulnerabilities in security systems protecting sensitive government data. Hackers use security tools to help them determine whether their malware will be able to get past corporate and government defenses. For example, a Web site called virustotal.com lets users upload files to see if they are safe. Hackers use it to see if their malware will make it past security systems. Morris said he had downloaded the data from the Web site used by the hackers and provided it to investigators from the FBI's Law Enforcement Online, or LEO, program. An FBI spokesman declined comment. (Additional reporting by Eric Auchard in San Francisco, John Crawley in Washington, Georgina Prodhan in Frankfurt.) http://www.reuters.com/article/domes...38118020070717 Is Winning on Faulty Slot Machine Crime? Prosecutors are considering criminal charges against casino gamblers who won big on a slot machine that had been installed with faulty software. The machine at Caesars Indiana credited gamblers $10 for each dollar they inserted because the software wasn't designed for U.S. currency, state police said. More than two dozen people played the machine before one gambler alerted Caesars employees. Caesars lost $487,000 on the machine during that time, state police said. A decision on whether to bring criminal charges could come in a couple of weeks, said John Colin, chief deputy prosecutor for Harrison County. He said "criminal intent" may be involved when people play a machine they know is faulty. The casino said some of the gamblers returned the money after the casino contacted them. "This is a bit of an unusual case because you've got to go back and piece together who did what," Colin said. The prosecutor's office declined to say Thursday what criminal charges could be brought. The incident occurred last July, but he said obtaining casino records took longer than expected. Kathryn Ford of Louisville, Ky., the gambler who alerted the casino, said going after the other patrons was unfair. When a slot machine jams and gamblers lose money, they don't get it back, she said. "It doesn't work in the reverse," Ford said. "They need to forget it and move on." http://news.yahoo.com/s/ap/20070719/...s_slot_machine The Top Countries For Cybercrime Andy Greenberg Cybercrime, like every digital industry, is outsourcing. Though the U.S. still produces more malware, spam and viruses than any country in the world, illicit IT jobs are increasingly scattered across an anarchic and international Internet, where labor is cheap, legitimate IT jobs are scarce and scammers are insulated from the laws that protect their victims by thousands of miles. As Thomas Friedman might say, the criminal underworld is flat. According to a Symantec (nasdaq: SYMC - news - people ) report at the end of 2006, Beijing is now home to the world's largest collection of malware-infected computers, nearly 5% of the world's total. Research by the security company Sophos in April showed that China has overtaken the U.S. in hosting Web pages that secretly install malicious programs on computers to steal private information or send spam e-mails. And another report from Sophos earlier that month showed that Europe produces more spam than any other continent; one Polish Internet service provider alone produces fully 5% of the world's spam. Cybercrime this geographically diverse isn't just hard to stop; it's hard to track. Common tactics like phishing and spam are usually achieved with "botnets," herds of PCs hijacked with malware unbeknownst to their owners. Botnet attacks can usually be traced only to the zombie computers, not to their original source. That means the majority of studies mapping botnet attacks point to every place in the world that has vulnerable PCs, with no real sense of where the attacks begin. Researchers at Sophos Labs say they have a solution: They can roughly identify the host country of malicious software by tracing the default language of the computer on which it was programmed. According to their analysis of the default language linked with about 19,000 samples at the end of last year, Americans and other non-British English speakers still produce the most malware, more than a third of the world’s total. Close behind is China, producing 30%, followed by Brazil, with 14.2%. Russia places fourth with 4.1% of the world’s malware. Bill Pennington of White Hat Security attributes these developing countries' bad behavior to an overabundance of technologically trained young people with low-paying jobs. "If you’re in Russia or China and you have a computer science degree," he says, "You can either go work for nothing or you can make money using your skills for nefarious purposes." Cybercrime isn't merely spreading to certain foreign countries, it's becoming cosmopolitan, says James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies. As crime syndicates in Europe and Asia move into online scams, Lewis says that a single cybercrime operation can now be distributed among many different groups in several countries. One may create a "botnet" while another rents those computers to send credit scam e-mails and a third party transfers funds using the fraudulently obtained banking information. Sometimes each operation is on a different continent. "The big problem here is political. It’s sovereignty," Lewis says. "The FBI cannot go enforce American law without the consent of the country where cybercrime is being carried out. So even if U.S. laws were perfect, it wouldn’t be enough to protect you." He describes a "Bonnie and Clyde" situation, where police stop at the edge of their jurisdiction rather than pursue criminals to their hideouts. The growth areas of the malware industry aren't easily predicted. India, for instance, is one of the world’s most technologically booming developing countries, but ranks surprisingly low on Sophos' list. The U.K. and India together contribute only 1.3% of the world's malware--both use British English as a default language, so their samples couldn't be separated--and Sophos researchers say the majority of that criminal activity comes from the U.K. Eugene Kaspersky, Russian security guru and head of Kaspersky Labs, can only explain India’s lack of cybercrime as a "cultural difference." Nandkumar Saravade, director of cyber security for India's National Association of Software and Service Companies, says that India has so far avoided a cybercrime epidemic thanks to the success of its legitimate IT industry. "Today, it is a fact that any person in India with marketable computer skills has a few job offers in hand," he says. But Saravade and Kaspersky both warn that security professionals should expect the subcontinent’s malware contribution to grow in coming years. When it does, India likely won't be ready to contain the problem: The country's last major cybercrime law was created in 2000, long before botnets became an issue. India isn't alone in being unprepared: Kaspersky says that the growing industry of malware professionals around the world hasn't been fully recognized by international legal bodies or the software industry, which continues to build vulnerable programs. "We in the security industry need to attract the attention of government authorities, educate users and encourage changes in basic operating systems," he says. "Alone, we don’t have a chance." http://www.forbes.com/home/technolog...ybercrime.html Attackers Hide in Fast Flux Kelly Jackson Higgins Cybercriminals are increasingly using an advanced method of hiding and sustaining their malicious Websites and botnet infrastructures -- dubbed "fast-flux" -- that could make them more difficult to detect, researchers say. Criminal organizations behind two infamous malware families -- Warezov/Stration and Storm -- in the past few months have separately moved their infrastructures to so-called fast-flux service networks, according to the Honeynet Project & Research Alliance, which has released a new report on the emerging networks and techniques. Fast-flux is basically load-balancing with a twist. It's a round-robin method where infected bot machines (typically home computers) serve as proxies or hosts for malicious Websites. These are constantly rotated, changing their DNS records to prevent their discovery by researchers, ISPs, or law enforcement. "The purpose of this technique is to render the IP-based block list -- a popular tool for identifying malicious systems -- useless for preventing attacks," says Adam O'Donnell, director of emerging technologies at security vendor Cloudmark. Researchers and ISPs have been aware of fast-flux for over a year, but there hasn't been an in-depth look at how it works until now. "All of this research on fast-flux is new. No one had any definitive research on it," says Ralph Logan, vice president of the Honeynet Project and principal of The Logan Group. "We saw a rising trend in illegal, malicious criminal activity here." Fast-flux helps cybercriminals hide their content servers, including everything from fake online pharmacies, phishing sites, money mules, and adult content sites, Logan says. "This is to keep security professionals and ISPs from discovering and mitigating their illegal content." The bad guys like fast-flux -- not only because it keeps them up and running, but also because it's more efficient than traditional methods of infecting multiple machines, which were easily discovered. "The ISP would shut down my 100 machines, and then I'd have to infect 100 more to serve my content and relay my spam," Logan says. Fast-flux, however, lets hackers set up proxy servers that contact the "mother ship," which serves as command and control. It uses an extra layer of obfuscation between the victim (client) and the content machine, he says. A domain has hundreds or thousands of IP addresses, all of which are rotated frequently -- so the proxy machines get rotated regularly, too -- some as often as every three minutes -- to avoid detection. "It's not a bunch of traffic to one node serving illegal code," Logan says. "I send you a phishing email, you click on www.homepharmacy.com -- but it's really taking you to Grandma's PC on PacBell, which wakes up and says 'it's my turn now.' You'd have 100 different users coming to Grandma's PC for the next few minutes, and then Auntie Flo's PC gets command-and-controlled" next, Logan explains. The home PC proxies are infected the usual way, through spam email, viruses, or other common methods, Logan says. The Honeynet Project & Alliance set out a live honeypot to invite infection by a fast-flux service network. "Our honeypot can capture actual traffic between the mother ship and the end node," Logan says. The alliance is still studying the malicious code and behavior of the fast-flux network it has baited, he says. What can be done about fast flux? ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; "blackhole" DNS and BGP route-injection; and monitor DNS, the report says. Cloudmark's O'Donnell says fast flux is just the latest method of survival for the bad guys: There are more to come. "Any technique that allows a malicious actor to keep his network online longer -- and reduce the probability of his messages and attacks being blocked -- will be used," he says. "This is just the latest of those techniques." http://www.darkreading.com/document....WT.svl=news1_1 Adobe Flash Exploit Could Log Keystrokes Dawn Kawamoto Adobe has issued three critical security updates, one of which is designed to stop a problem in the way the Flash player interacts with browsers, which could result in users' keystrokes being transmitted to attackers. Adobe Flash Player 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms, are affected. Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 9.0.45.0 and earlier versions, according to a security advisory from Secunia. Attackers, as a result, can gain remote access to a user's system. In versions 7.0.69.0 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player and certain browsers. That could potentially lead to a leaking of keystrokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected. Versions 8.0.34.0 and earlier contain a bug due to insufficient validation of the HTTP referrer. As a result, an attacker could execute a cross-site forgery attack. Flash Player 9, however, is not affected. Adobe recommends that 9.0.45.0 users upgrade to 9.0.47.0 for Windows, Mac and Solaris, or 9.0.48.0 for Linux. Adobe Flash Player 9 is the recommended solution for the other two versions that contain security flaws. http://www.zdnetasia.com/news/securi...2028443,00.htm FBI Remotely Installs Spyware to Trace Bomb Threat Declan McCullagh The FBI used a novel type of remotely installed spyware last month to investigate who was e-mailing bomb threats to a high school near Olympia, Wash. Federal agents obtained a court order on June 12 to send spyware called CIPAV to a MySpace account suspected of being used by the bomb threat hoaxster. Once implanted, the software was designed to report back to the FBI with the Internet Protocol address of the suspect's computer, other information found on the PC and, notably, an ongoing log of the user's outbound connections. The suspect, former Timberline High School student Josh Glazebrook, was sentenced this week to 90 days in juvenile detention after pleading guilty to making bomb threats and other charges. While there's been plenty of speculation about how the FBI might deliver spyware electronically, this case appears to be the first to reveal how the technique is used in practice. The FBI did confirm in 2001 that it was working on a virus called Magic Lantern but hasn't said much about it since. The two other cases in which federal investigators were known to have used spyware--the Scarfo and Forrester cases--involved agents actually sneaking into offices to implant key loggers. An 18-page affidavit filed in federal court by FBI Agent Norm Sanders last month and obtained by CNET News.com claims details about the governmental spyware are confidential. The FBI calls its spyware a Computer and Internet Protocol Address Verifier, or CIPAV. "The exact nature of these commands, processes, capabilities, and their configuration is classified as a law enforcement sensitive investigative technique, the disclosure of which would likely jeopardize other ongoing investigations and/or future use of the technique," Sanders wrote. A reference to the operating system's registry indicates that CIPAV can target, as you might expect given its market share, Microsoft Windows. Other data sent back to the FBI include the operating system type and serial number, the logged-in user name, and the Web URL that the computer was "previously connected to." News.com has posted Sanders' affidavit and a summary of the CIPAV results that the FBI submitted to U.S. Magistrate Judge James Donohue. There have been hints in the past that the FBI has employed this technique. In 2004, an article in the Minneapolis Star Tribune reported that the bureau had used an "Internet Protocol Address Verifier" that was sent to a suspect via e-mail. But bloggers at the time dismissed it--in hindsight, perhaps erroneously--as the FBI merely using an embedded image in an HTML-formatted e-mail message, also known as a Web bug. Finding out who's behind a MySpace account An interesting twist in the current case is that the county sheriff's office learned about the MySpace profile -- timberlinebombinfo -- when the creator tried to persuade other students to link to it and at least one of their parents called the police. The sheriff's office reported that 33 students received a request to post the link to "timberlinebombinfo" on their own MySpace pages. In addition, the bomb hoaxster was sending a series of taunting messages from Google Gmail accounts (including dougbrigs@gmail.com) the week of June 4. A representative excerpt: "There are 4 bombs planted throughout Timberline High School. One in the math hall, library hall, and one portable. The bombs will go off in 5 minute intervals at 9:15 am." The FBI replied by obtaining account logs from Google and MySpace. Both pointed to the Internet Protocol address of 80.76.80.103, which turned out to be a compromised computer in Italy. That's when the FBI decided to roll out the heavy artillery: CIPAV. "I have concluded that using a CIPAV on the target MySpace 'Timberlinebombinfo' account may assist the FBI to determine the identities of the individual(s) using the activating computer," Sanders' affidavit says. CIPAV was going to be installed "through an electronic messaging program from an account controlled by the FBI," which probably means e-mail. (Either e-mail or instant messaging could be used to deliver an infected file with CIPAV hidden in it, but the wording of that portion of the affidavit makes e-mail more likely.) After CIPAV is installed, the FBI said, it will immediately report back to the government the computer's Internet Protocol address, Ethernet MAC address, "other variables, and certain registry-type information." And then, for the next 60 days, it will record Internet Protocol addresses visited but not the contents of the communications. Putting the legal issues aside for the moment, one key question remains a mystery: Assuming the FBI delivered the CIPAV spyware via e-mail, how did the the program bypass antispyware defenses and install itself as malicious software? (There's no mention of antivirus defenses in the court documents, true, but the bomb-hoaxster also performed a denial of service attack against the school district computers -- which, coupled with compromising the server in Italy, points to some modicum of technical knowledge.) One possibility is that the FBI has persuaded security software makers to overlook CIPAV and not alert their users to its presence. Another is that the FBI has found (or paid someone to uncover) unknown vulnerabilities in Windows or Windows-based security software that would permit CIPAV to be installed. From the FBI's perspective, this would be the most desirable: for one thing, it would also obviate the need to strong-arm dozens of different security vendors, some with headquarters in other countries, into whitelisting CIPAV. Earlier this week, News.com surveyed 13 security vendors and all said it was their general policy to detect police spyware. Some, however, indicated they would obey a court order to ignore policeware, and neither McAfee nor Microsoft would say whether they had received such a court order. The verbatim results of our survey are here. http://news.com.com/8301-10784_3-9746451-7.html FBI Ducks Questions About its Remotely Installed Spyware Declan McCullagh There are plenty of unanswered questions about the FBI spyware that, as we reported earlier this week, can be delivered over the Internet and implanted in a suspect's computer remotely. Many of the questions hearken back to the old debate over the FBI's Carnivore wiretapping system, which technical luminaries Steve Bellovin, Matt Blaze, David Farber, Peter Neumann, and Eugene Spafford raised in a December 2000 paper. Some of the perfectly reasonable points they made: What about security flaws? Is there evidence of a "systematic search for bugs?" How about audit and logging? Why not publish the source code for public review? And of course there are issues more specific to the FBI's use of the Computer and Internet Protocol Address Verifier, or CIPAV, including whether the bureau believes it can install it on Americans' computers willy-nilly in the wake of a wacky 9th U.S. Circuit Court decision this month. We were planning to list them for your delectation, only to find that Kevin Poulsen at Wired had already done an excellent job of it. (We should note that, although we were on the trail of the CIPAV story this week, Wired was first to publish it.) Some of the questions Kevin posed to the FBI, with no answers as of Thursday: - What kind of investigations has the CIPAV assisted in? - Does the CIPAV have the capability, if so configured, to record keystrokes? Generally, does the FBI have the ability to electronically and surreptitiously deliver monitoring software to a target's PC that records keystrokes? - Do other law enforcement agencies have access to the CIPAV technology? We also contacted the FBI with our own questions--with no better luck in terms of actually getting a response from the bureau, which must be busy defending our nation from serious threats or something. http://news.com.com/8301-10784_3-9747666-7.html Will Security Firms Detect Police Spyware? Declan McCullagh A recent federal court decision raises the question of whether antivirus companies may intentionally overlook spyware that is secretly placed on computers by police. In the case decided earlier this month by the 9th U.S. Circuit Court of Appeals, federal agents used spyware with a keystroke logger--call it fedware--to record the typing of a suspected Ecstasy manufacturer who used encryption to thwart the police. A CNET News.com survey of 13 leading antispyware vendors found that not one company acknowledged cooperating unofficially with government agencies. Some, however, indicated that they would not alert customers to the presence of fedware if they were ordered by a court to remain quiet. Most of the companies surveyed, which covered the range from tiny firms to Symantec and IBM, said they never had received such a court order. The full list of companies surveyed: AVG/Grisoft, Computer Associates, Check Point, eEye, IBM, Kaspersky Lab, McAfee, Microsoft, Sana Security, Sophos, Symantec, Trend Micro and Websense. Only McAfee and Microsoft flatly declined to answer that question. (Click here for the verbatim responses to the survey.) Because only two known criminal prosecutions in the United States involve police use of key loggers, important legal rules remain unsettled. But key logger makers say that police and investigative agencies are frequent customers, in part because recording keystrokes can bypass the increasingly common use of encryption to scramble communications and hard drives. Microsoft's Windows Vista and Apple's OS X include built-in encryption. Some companies that responded to the survey were vehemently pro-privacy. "Our customers are paying us for a service, to protect them from all forms of malicious code," said Marc Maiffret, eEye Digital Security's co-founder and chief technology officer. "It is not up to us to do law enforcement's job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools." eEye sells Blink Personal for $25, which includes antivirus and antispyware features. Others were more conciliatory. Check Point, which makes the popular ZoneAlarm utility, said it would offer federal police the "same courtesy" that it extends to legitimate third-party vendors that request to be whitelisted. A Check Point representative said, though, that the company had "never been" in that situation. This isn't exactly a new question. After the last high-profile case in which federal agents turned to a key logger, some security companies allegedly volunteered to ignore fedware. The Associated Press reported in 2001 that "McAfee Corp. contacted the FBI... to ensure its software wouldn't inadvertently detect the bureau's snooping software." McAfee subsequently said the report was inaccurate. Later that year, the FBI confirmed that it was creating spy software called "Magic Lantern" that would allow agents to inject keystroke loggers remotely through a virus without having physical access to the computer. (In both the recent Ecstasy case and the earlier key logging case involving an alleged mobster, federal agents obtained court orders authorizing them to break into buildings to install key loggers.) Government agencies and backdoors in technology products have a long and frequently clandestine relationship. One 1995 expose by the Baltimore Sun described how the National Security Agency persuaded a Swiss firm, Crypto, to build backdoors into its encryption devices. In his 1982 book, The Puzzle Palace, author James Bamford described how the NSA's predecessor in 1945 coerced Western Union, RCA and ITT Communications to turn over telegraph traffic to the feds. More recently, after the BBC reported last year on supposed talks between the British government and Microsoft, the software maker pledged not to build backdoors into Windows Vista's encryption functions. Even if the FBI, the Drug Enforcement Administration or other federal police haven't tried to compel security companies to whitelist fedware, security experts predict that such a court order is just a matter of time. What remains unclear, however, is whether police have the legal authority to do so under current law. "The government would be pushing the boundaries of the law if it attempted to obtain such an order," said Kevin Bankston, an attorney with the Electronic Frontier Foundation who has litigated wiretapping cases. "There's simply no precedent for this sort of thing." One possibility is a section of the Wiretap Act that says courts can "direct that a provider of wire or electronic communication service, landlord, custodian or other person" to help with electronic surveillance. "There is some breadth in that language that is of concern and that the Justice Department may attempt to exploit," Bankston said. In theory, government agencies could even seek a court order requiring security companies to deliver spyware to their customers as part of an auto-update feature. Most modern security companies, including operating system makers such as Microsoft and Apple, offer regular patches and bug fixes. Although it would be technically tricky, it would be possible to send an infected update to a customer if the vendor were ordered to do so. When asked if it had ever received such a court order, Microsoft demurred. "Microsoft frequently has confidential conversations with both customers and government agencies and does not comment on those conversations," a company representative said. Of the 13 companies surveyed, McAfee was the other company that declined to answer. (Two others could not be reached as of Tuesday morning.) Some security companies refused to reply to the initial version of our survey, which broadly asked about fedware whitelisting. In response, we revised the question to ask if they would alert a customer to the presence of keystroke loggers installed by a police or intelligence agency "in the absence of a lawful court order signed by a judge." Cris Paden, Symantec's manger of corporate public relations, initially declined to reply. "There are legitimate reasons for not giving blanket guarantees--one of those is a court order," he said at first. "There are extenuating circumstances and gray issues." But after we altered the question, Paden replied: "Barring a court order to cooperate with law enforcement authorities, Symantec would definitely alert our customers to the presence of any malicious code or programs that we detect on their systems." He added that Symantec had "absolutely not" received any such a court order. One danger with whitelisting fedware is that it creates a potentially serious vulnerability in security software. If a malicious vendor of spyware were clever enough to mimic the whitelisted government spyware, it would also go undetected. But if fedware becomes more common, savvy criminals could simply turn to open-source software that's less likely to have backdoors for police. ClamAV and OpenAntiVirus.org both offer open-source security software, and it's also possible to boot off of a CD-ROM and inspect the hard drive for malicious tampering. At the moment, at least, there aren't any industry standards about detecting fedware. "CSIA does not currently have a position on this issue nor has the issue ever been addressed by its board of directors," said Tim Bennett, president of the Cyber Security Industry Alliance. http://news.com.com/Will+security+fi...3-6197020.html FBI Patriot Act Abuse Documents: What Special Project Lives in FBI HQ Room 4944? Ryan Singel In March, the Justice Department's Inspector General revealed that FBI agents had sent a flurry of fake emergency letters to phone companies, asking them to turn over phone records immediately by promising that the proper papers had been filed with U.S. attorneys, though in many cases this was a complete lie. More than 60 of these letters were made public today as part of a FBI document dump in response to a government sunshine lawsuit centered on the FBI's abuse of a key Patriot Act power. The most striking thing about these expedited letters (made public via the Electronic Frontier Foundation) is that they all use the same pathetic, passive bureaucratese: "Due to exigent circumstances, it is requested that records for the attached list of telephone numbers be provided." So far they seem to all be coming from the same office: the Communications Analysis Unit which looks to be located in Room 4944 in FBI Headquarters. The "exigent letters" also refer almost exclusively to a "Special Project" and the only name on any of the letters is Larry Mefford. Mefford was no rookie FBI agent. Mefford was the Executive Assistant Director, in charge of the Counterterrorism/Counterintelligence Division. In English, that means he was in charge of preventing another terrorist attack domestically. What does that mean? Well, Mefford's name is on documents that requested personal information on Americans. Some of those requests included information known to be false to the agents signing them. That's a federal crime, according to one former FBI agent. What was this "Special Project" in the Communications Analysis Group? What exactly were they doing that would require "expedited" letters that sometimes requested more than 2 pages of phone numbers from phone companies? In the immortal words of the Butch Cassidy, who are those guys? The documents also show that these "exigent letters" -- essentially end runs around the rules set up to keep the FBI from trampling on citizens rights -- weren't devised by some rogue Jack Bauer-style agent. The form letters originated from inside FBI Headquarters and in some cases, bear the name of a senior level FBI offiicial who should have been aware of the letters' legal grey status and possibility for abuse. The FBI is fully aware of the power handed to it by Congress's passage of the Patriot Act. Indeed, as early as November 28, 2001, every field office was warned by the Office of the General Counsel that: NSLs are powerful investigative tools in that they can compel the production of substantial amounts of relevant information. However, they must be used judiciously. [...] In deciding whether or not to re-authorize the broadened authority, Congress certainly will examine the manner in which the FBI exercised it. Executive Order 12333 and the FCIG require that the FBU accomplish its investigations through the "least intrusive " means. Supervisors should keep this in mind when deciding whether or not a particular use of NSL authority is appropriate. The greater availability of NSLs does not mean that they should be used in every case. From the looks of the audits coming out, that seems to be one memo FBI agents dutifully ignored. And perhaps rightfully so, since Congress didn't bother to challenge Alberto Gonzales's knowingly false statements to Congress about the FBI's use of these powers before they made them permanent. http://blog.wired.com/27bstroke6/200...triot-act.html Met Given Real Time C-Charge Data BBC Police are to be given live access to London's congestion charge cameras - allowing them to track all vehicles entering and leaving the zone. Anti-terror officers will be exempted from parts of the Data Protection Act to allow them to see the date, time and location of vehicles in real time. They previously had to apply for access on a case-by-case basis. Home Secretary Jacqui Smith blamed the "enduring vehicle-borne terrorist threat to London" for the change. Police are believed to have used the cameras to trace the routes taken by the two Mercedes cars used in last month's alleged attempted bomb attacks in London. But the Home Office said discussions were underway on giving police greater access to data before the discovery of the two car bombs. National security Under previous rules, police had to apply for access to the cameras on a case-by-case basis because of concerns that routine use of the information would be an invasion of privacy. Under the new rules, anti-terror officers will be able to view pictures in "real time" from Transport for London's (Tfl) 1,500 cameras, which use Automatic Number Plate Recognition (ANPR) technology to link cars with owners' details. But they will only be able to use the data for national security purposes and not to fight ordinary crime, the Home Office stressed. Police and security minister Tony McNulty said: "The Commissioner of the Metropolitan Police believes that it is necessary due to the enduring, vehicle-borne terrorist threat to London. "The Met requires bulk ANPR data from TfL's camera network in London specifically for terrorism intelligence purposes and to prevent and investigate such offences. "The infrastructure will allow the real-time flow of data between TfL and the Met." Watchdog Mr McNulty said the home secretary had signed a certificate exempting the two organisations from some provisions of the 1998 Data Protection Act. The Met will produce an annual report for the Information Commissioner, the government's data protection watchdog who oversees how material from CCTV cameras is used. The scheme will also be reviewed in three months' time after an interim report by Met Commissioner Sir Ian Blair, so the home secretary can be "personally satisfied ... that the privacy of individuals is protected", added Mr McNulty. Congestion charge cameras form a ring around central London to enforce the £8-a-day toll. Although charges are only in force at peak times, the system runs 24 hours a day, a TfL spokesman said. http://news.bbc.co.uk/go/pr/fr/-/2/h...cs/6902543.stm NY Gov: New York City Traffic Plan "Still Alive" Joan Gralla New York City's plan to cut traffic congestion by imposing fees on drivers in a large swath of Manhattan during peak periods was "still alive" on Tuesday, according to Gov. Eliot Spitzer, but no final accord had been reached despite late-night talks. Yet Mayor Michael Bloomberg was less optimistic, telling reporters, "I don't know that it's dead or alive." He vowed to keep fighting for his plan, which he has trumpeted as key to improving air quality in the city, and blasted Democratic state legislators for lacking the courage to enact unpopular measures. Under Bloomberg's plan, which is modeled on a similar program in London, drivers south of 86th Street in Manhattan would pay $8 per car on weekdays between 6 a.m. and 6 p.m.; trucks would pay $21. A string of surveys found that voters disapproved of Bloomberg's proposed fees, which critics said would fall hardest on lower-income drivers and burden already-crowded subways, buses and commuter trains. But the state mass transit agency said it could handle the influx of new riders, and badly needed the $30 billion the new fees would raise to build new subway and commuter rail lines, and add high-speed buses over the next 30 years. "Don't tell me about polls, the people of New York elected a mayor and said 'Do what's right,'" said Bloomberg, whose decision to become an independent after winning two terms as a Republican and high-profile stands on gun control and cigarette-smoking have catapulted him to the national stage. The mayor repeatedly warned that the city would lose $500 million of federal transportation aid if the state did not enact his congestion pricing plan into law by Monday. But the state's Democratic-led Assembly, a powerful body that had killed the mayor's plan for a Yankee baseball stadium in Manhattan, resisted and on Monday said it instead would study the plan. "Once-In-Lifetime Opportunity Lost" Though Speaker Sheldon Silver said he was told the U.S. Department of Transportation would accept a study to keep alive the city's bid for federal aid, Bloomberg on Tuesday said he did not expect it would pass muster because the agency wanted model projects for other cities in contention for the funds. "I think, sadly, we jeopardized -- at best -- and probably lost a once-in-a-lifetime opportunity and demonstrated once again that Albany just doesn't get it," Bloomberg said, adding state lawmakers lacked the moxie the Democratic City Council showed in enacting tough measures, from tax hikes to a trans fat ban. Yet a spokeswoman for Spitzer, a Democrat, on Tuesday said in an e-mail that a congestion-pricing accord still might be reached. "There is a sense that things are moving in the right direction after a long night of talks that are continuing this morning, but no deal has been reached. You are fair to say it's still alive," said Christine Anderson. But Joseph Bruno, the senate majority leader, held out little hope, blaming Democratic lawmakers and the governor. "The governor's inability to bring people together has doomed this measure and cost the city hundreds of millions of dollars to improve mass transit," Bruno said in a statement. Bloomberg, who has said that the city's poor air quality has contributed to high rates of asthma among children in low-income areas, said, "I should tell you who should feel let down: the people who breath the air, the people who are trying to do business in the city." Spokesmen for the speaker and the Department of Transportation were not available. U.S. transportation officials in August are expected to pick which anti-traffic plans to fund. The other eight cities in contention are: Atlanta, Dallas, Denver, Minneapolis-St. Paul, Miami, San Diego, San Francisco and Seattle. London officials say traffic has fallen around 10 percent due to its congestion pricing program, which began in 2003. In February, London doubled its fees to 8 pounds ($16.36) per vehicle. Like London, New York's congestion plan calls for mounting surveillance cameras in key areas in Manhattan to record the license plates of cars driving in the designated areas during peak periods. http://www.reuters.com/article/bonds...21591020070717 Criminal Investigation Secrets Leak onto Internet by Peer-to-Peer File-Sharing Networks Student records also released onto the net by malware The Metropolitan Police Department in Tokyo has confirmed that personal information about 12,000 people related to criminal investigations has been distributed across the net from an officer's infected computer. The police officer, who had installed the Winny file-sharing software on his PC, did not realise that a piece of malicious code was making the confidential data available to other users via the peer-to-peer network. About 6,600 police documents are said to have been compromised, including interrogation reports, statements from victims of crime, and classified locations of automatic license plate readers. Among the files was a list of the names, addresses and personal information about 400 members of the criminal Yamaguchi-gumi yakuza gang. Coincidentally, as news of the police data leakage was announced it was also revealed that almost 15,000 pieces of personal information about students was leaked onto the internet from a PC belonging to a high school teacher in Ichinomiya. The 43-year-old teacher, who was running the Share P2P file-sharing program, had also been compiling a list of retired Air Self-Defense Force officers on behalf of his mother who had worked at their base in Kagamihara. This information also leaked onto the internet. These are not the first occasions that malware has taken advantage of peer-to-peer file-sharing networks to steal information: • In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months. • The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software. • Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected. • In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering. • The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004. "How many more times will we hear stories of police forces in Japan leaking information about criminal investigations because they have not stopped their officers from installing file-sharing software?" said Graham Cluley, senior technology consultant at Sophos. "All organizations can learn from these stories of data loss, and need to ensure that they are taking computer security seriously. If you allow your employees to put sensitive company data onto their own home computers, you are running the risk that they will not be as well defended as the PCs within your business. Organizations need to set and enforce policies as to what software their workers are allowed to run, or risk endangering data security." A survey conducted last year by Sophos reflects the serious concern that uncontrolled applications are causing system administrators. For example, 86.5 percent of respondents said they want the opportunity to block P2P applications, with 79 percent indicating that blocking is essential. http://www.infozine.com/news/stories...iew/sid/23987/ Japanese P2P Leak Cop Fired John Leyden A Japanese policeman has been fired after he was held responsible for accidentally leaking confidential information via peer-to-peer (P2P) file sharing software installed on his work PC. The ex-copper, who has not been named, lost his job with the Tokyo Police Department over the leak of personal details of 12,000 people obtained during the course of criminal investigations. The hapless plod apparently installed the Winny file-sharing software onto his PC, blissfully unaware that confidential data was being made available to other users via the P2P network. About 6,600 police documents are said to have been compromised, including interrogation reports, statements from victims of crime, and classified locations of automatic licence plate readers. Among the files was a list of the names, addresses, and personal information of 400 alleged members of the notorious Yamaguchi-gumi yakuza gang. The Tokyo Police Department have a policy against running P2P software on PCs. The officer falsely claimed not to be running Winny in an internal audit prior to the leak. The officer's superiors are being held partially responsible for the incident, with up to 10 facing possible disciplinary proceedings. "It's no surprise that the Japanese police force has taken a hard line against this officer for disobeying advice about not running P2P file sharing software on his PC - the authorities have been trying to enforce a ban following a number of similar embarrassing incidents in the past," notes Graham Cluley, senior technology consultant for Sophos. The Winny file sharing network is the most popular P2P network in Japan, boasting an estimated 250,000 users. The technology has become a focus of concern for authorities after investigation records from a Kyoto Prefecture Police officer's computer and military files from Japan's Self-Defence Force as well as police files from the Tokyo Police were made available across the Winny P2P network. In May 2006, a virus was blamed for leaking power plant secrets onto Winny. http://www.theregister.co.uk/2007/07...eak_cop_fired/ The Stalker in Your Pocket Mike Elgan For most of a century, nosey people, both professional and amateur, have used microphones and cameras to listen to and watch unsuspecting targets. In recent years, the miniaturization of electronics has enabled these devices to be hidden. Extreme drops in price have made spy electronics available to anyone, even creepy stalker types. The only remaining challenge is placement: If anyone wants to capture the juicy tidbits, they've got to have a microphone or camera in the right place at the right time. Enter the camera phone, a dream come true for not just spies but a new breed of "cell phone stalkers." Camera phones contain all the necessary ingredients for completely invasive stalking: a microphone, camera, personal data on the user, location information, a chat and call history -- you name it. And victims carry them everywhere they go. All that's missing is the software that lets stalkers take control. This new software, called snoopware, does just that. Snoopware -- both legal and illegal -- enables stalkers to secretly seize control of a phone's electronics to listen, watch and spy on their victims. Welcome to the creepy new world of cell phone stalking. Although cell phone stalking is new, there's already plenty of bad information, urban legends and false beliefs about it in circulation. I'm going to sort all this out for you, tell you about what's possible and how to protect yourself (it's easier than you think). But first, let's look at the first and most celebrated case to date of this new world of cell phone stalking. Meet the Kuykendalls I told you in a previous column about a family in Washington state called the Kuykendalls, who say that a hacker was stalking them through three of their cell phones for more than four months. The stalker seemed to perform unprecedented cell phone superhacks, according to press reports. For example, he watched them through their phones' cameras and listened through the microphones. When they turned off the phones, the hacker turned them back on remotely, seized control of the phones and sent text messages from them. When they got new phones, the hacking continued. Even scarier, they received almost daily threats of violence from an anonymous caller, who seemed to be calling from a family member's own phone, even when that phone was turned off, and provided details about what they were doing and even what they were wearing. In addition to the Kuykendalls, the family's neighbor and Mrs. Kuykendall's sister were also harassed by the anonymous caller. Although the mainstream press played up these events as some kind of terrifying superhack, I think something much more ordinary is going on. The most likely explanation, based on the limited information publicly available, is that some malicious script kiddie, who knows the family personally, pulled off one or two simple hacks, then "socially engineered" the family into thinking he'd done something more impressive. For example, a combination of spoofing one of the family's cell phone's Caller ID, which is easy to do, and using that trick to retrieve voice mail, plus possibly hacking the carrier's Web site to change ringtones and cause other mischief. These steps, combined with old-fashioned spying on the family in person, could explain nearly all the superhacking claims. Hacked? Yes. Disturbing? Very. Illegal? Absolutely. But it's a far cry from the picture painted in the press of some unstoppable arch-villain mastermind. Experts interviewed on TV and in the newspapers answer "yes" to the question, "Is this kind of hack possible?" And, in fact, it is possible, but spectacularly unlikely. To pull off the Kuykendalls' superhack described in the press, the family would have to repeatedly buy high-end camera phones, such as Windows Mobile, BlackBerry or other devices, leave Java support on, keep Bluetooth on and in "autodiscovery" mode, or give the hacker full physical access to the phones to install several snoopware applications. What's possible? Snoopware is on the rise, mostly because of the increasing sophistication of phones. They're like mini-PCs. Most snoopware attacks have taken place in Europe and Asia. But they're coming to America. Security experts estimate that there are more than 400 types of snoopware (most of them variants of a few major snoopware programs), and that figure may top 1,000 by the end of the year. Your typical new snoopware program might enable someone to listen to phone calls and read e-mail and text messages, or steal contacts and other data. Some snoopware can use your phone's microphone to listen, even when the phone is supposedly "off." Other programs can capture images from a camera phone's camera. Snoopware is the kind of software used by the government to eavesdrop on gangsters and terrorists. But snoopware isn't the only way to stalk via cell phone. Most carriers offer a "skip passcode" feature that lets you turn off voice mail password-checking when you call from your cell phone. But because carriers use Caller ID to verify the phone, cell phones "spoofing" another phone's number can get in, enabling hackers to access your voice mail and other features without ever knowing the password. Semilegitimate snoopware programs called Mobile Spy from Retina-X Studios and FlexiSpy from Vervata run invisibly and upload text messages and phone logs to an online server. They can also upload location information. Mobil Spy runs only on Windows Mobile phones, while FlexiSpy offers versions for Series 60 Nokia phones, BlackBerry and Windows Mobile phones. A Pro version of FlexiSpy enables eavesdropping through cell phone microphones when you call a dedicated phone number. A future Pro-X version will let you listen in on calls in progress. The companies target concerned parents, suspicious spouses and distrustful bosses, but obviously a malicious hacker could use them for cell phone stalking. Sounds bad. But be aware that these programs require physical access to the phone for installation, and they're easy to detect. The security software companies generally consider these applications as malware, and alert users to their presence. How to beat cell phone stalkers The best cure is prevention. Don't allow strangers to gain access to your phone. Like any other kind of software, snoopware doesn't install itself. The leading methods for installation are physical access installation, where the user installs by clicking on an attachment or link; or via Bluetooth. By preventing potential stalkers from touching your phone, never clicking on e-mail attachments or links from strangers, and turning off Bluetooth autodiscovery, you'll keep snoopware off your phone. The fact is, snoopware hacks are dangerous only if you're unaware of them. Once you suspect someone is using your cell phone to spy on you, it's trivially easy to stop them. Let me count the ways: 1. Buy an anti-malware application from vendors like Symantec, McAfee, Trend Micro, F-Secure, SMobile, MyMobiSafe and others. These products find not just the shadowy, hacker snoopware programs, but the legal ones, too. 2. Turn on passwords for voice mail access. Do you have to enter a password each time you check voice mail? If not, your carrier has enabled the "skip passcode" feature. A stalker spoofing your Caller ID can check your voice mail, too. But by re-enabling a good password, it will be much easier to keep your voice mail private. 3. Downgrade your cell phone. Snoopware works only on the most advanced phones. For nontechnical users like the Kuykendalls, one simple solution is to swap out your high-end phone for a cheaper model that doesn't support Java or Bluetooth and doesn't have a camera. This isn't a good solution for gadget fans, but for families feeling terrorized, this is a cheap, fast and easy way to get control. 4. Switch carriers. There's not much you can do at the handset level to foil a hack of the carrier's Web site. If the company can't shut down the hacker, switch to another carrier. 5. Buy an anonymous prepaid phone. The last-ditch solution (just before going without a cell phone) is to buy a prepaid phone from 7-Eleven or a similar store. This provides not only the benefits of a low-tech cell phone and a new carrier, but greater anonymity. The cell phone stalker trend is real. But simple, common-sense precautions can protect you and your family from malicious harassment. http://www.computerworld.com/action/...pageNu mber=1 Local news Security Watch: Don't Get Burned by Viruses and Hackers Here's looking at you, gangsta Robert Vamosi Well-known criminologist Edmond Locard once said that every contact leaves a trace, and that's also true when talking about online crimes. We leave behind our IP addresses at every site we visit. We have posts to newsgroups that are still accessible via Google. And there's that embarrassing MySpace page that was started but abandoned years ago. So when a person suddenly decides to commit an online crime, as one security researcher suggests, all that prior online history follows them, and, as we shall soon see, that history may help investigators eventually identify the perpetrator. But positive identification of online miscreants might not be enough. It seems real-world law enforcement doesn't yet know what to make of online crimes or their perpetrators. And that might explain why the thieves sometimes get away with their crimes. The attack Too often I report on online crime stories and don't follow up. In this case, both the initial attack and its follow up was brought to my attention by Chris Boyd, director of malware research at Facetime Security Labs. You'll note that for the last two weeks I've been writing about Chris' research into shadowy economics behind botnets. In last week's column, Boyd took a simple Trojan horse file and expertly followed its online links back to servers located in the Middle East, to a group ostensibly raising money in support of some extremist views. Not one to back away from a good chase, Chris has recently applied himself to yet another online mystery. A few weeks ago I wrote about an attack using a YouTube video. The video (no longer available) promotes a mod called Hood Life for the popular game Grand Theft Auto. The attack didn't involve the YouTube video itself; it used a URL displayed at the end to download an associated malicious file. At the time of the story, Chris, an avid gamer, was livid that people would fall for the shoddy graphics in the video and actually download the file. Apparently at least 54 people did download the malicious file. Starting with YouTube For someone to post to YouTube, he or she first needs an account. A lot of people fake information in their accounts, but Boyd decided to take the information available on the Hood Life GTA mod as fact: someone named "YoGangsta50" uploaded the file. In his personal blog, Boyd details the steps he used in his research behind who placed the video on YouTube, and who might also be responsible for the malicious code file download. As an obvious next step, Boyd used Google to find YoGangsta50. From the results, Boyd learned that this person once posted on the Young Buck forum, and in 2005 the person using that name created another GTA virus. Comments to the post mention that the person using the name YoGangsta50 had previously hacked the 50cent accounts, but soon had a falling out with the forum. It's from these posts that Boyd learned a geographic location for YoGangsta50: Hartford, Connecticut. Other evidence In reviewing other online postings, Boyd writes that he found on sites attributed to YoGangsta50 an obsession with the comic strip and cartoon The Boondocks. Elsewhere Boyd finds other evidence: "we now have a first name--'John.' It also mentions he's black, which might also be useful for future reference." Using a different search engine, Boyd next finds a profile page on Bolt.com, then another profile on Xanga.com, the latter containing a reference to yet another page going up on FreeWebs.com MySpace Protect very soon. On all of these pages there are references to The Boondocks, age 19, and Connecticut--all consistent with the details so far learned elsewhere. This looks now to be a positive ID. Boyd concludes: "How many black youths do you think are aged between 16 and 19, are living in Hartford, Conn., with a supposed real name of 'John,' are into The Boondocks (and spend every other moment telling you about it online), and also just happen to be called YoGangsta50?" So why isn't this person now behind bars? Response from the law community Boyd says he sent all this research to law enforcement, but hasn't heard back. "I'll be sending them a follow-up mail today, but generally this kind of thing can be vaguely frustrating, in my experience. Each state's law agencies operate in different ways...some will reply, some will get back to you long after the initial contact, and others will ignore you completely. There's just no way to know in advance what reaction you'll get." It's entirely possible that law enforcement doesn't yet know what to make of Boyd's research. After all, who were the victims? And do their losses exceed the $5,000 minimum required by the FBI and Secret Service before either agency will investigate? I doubt it. So, on the one hand, you have state agencies that are overworked as-is and don't have the means to investigate on their own, and, on the other, federal agencies that can investigate but can't be bothered with such petty crimes. In this case the criminal might go free simply because no one wants to prosecute. The answers are out there I do agree with Boyd that "we need to focus more on who is hiding behind the veil of supposed anonymity when pushing infections (and less on the infections themselves) and drag them kicking and screaming into the light." This case was easy since the alleged individual didn't do much to obscure his online identity. But I caution against vigilante justice. It's also possible for online searches to generate false positives, to follow the wrong person and end up with some innocent person who chose an unfortunate online nic. Last summer I wrote about Neal Krawetz's research. Krawetz has identified those creating computer malware just by looking at a person's use of words, keystrokes, even keyboards in chats, blogs, and e-mail. Just because you're online doesn't mean you are anonymous. There are ways of identifying criminals. Now, if we could get law enforcement interested, we'd be set. Late update A few days after this column originally appeared, Boyd posted an update on his blog. It appears John from Hartford is giving up the Internet. In a post, Yogangsta50 writes, "you all can say goodbye to me. mabye the internet was not for me! I Dont want to do this anymore. Somebody help me!" He goes on to explain how to remove the virus he created--go into Safe Mode in Windows, find C:\\Program Files\GTA Hoodlife, then click and delete the Unins000 file. Yogangsta apparently saw the news about him, and it affected him. "How does it feel to see your name all over the Internet!!!! i could not sleep for 2 days. i have been crying all day. am so sorry that i did those things. i learned my lesson." Let's hope that's true. Anyone have other examples of how online information has helped smoke out an online criminal? TalkBack to me. http://reviews.cnet.com/4520-3513_7-6754132-1.html "Death To Worm Writer!" Glower Apple Fan Boys kdawson StonyandCher write(s) to spread news about the strange story of the reported Apple OS X worm, which is growing stranger by the day. The blog of the researcher who claimed to have created the malware reportedly received death threats. The blog was then hijacked, according to the researcher, who calls him/herself InfoSec Sellout. InfoSec blamed David Maynor for hacking the blog. For his part, Maynor apparently unmasked himself as "LMH" and InfoSec as Jon Ramsey. The post to the Fuzzing mailing list has not been independently confirmed. David Maynor wrote in and denies that he is LMH. http://apple.slashdot.org/apple/07/07/19/1231216.shtml A Worm for Your Apple A small controversy is brewing over claims that an independent researcher going by the moniker Information Security Sellout (or InfoSec Sellout) has developed the framework of a worm that targets a currently undisclosed vulnerability affecting the Intel versions of OS X. The worm is expected to extend to PPC versions as soon as the author is able to test against that architecture. With the author dubbing it 'Rape.osx', the evolution of the worm is likely to be keenly watched by Apple watchers, security researchers, and malware developers. When the first report was published on Sunday, InfoSec Sellout was claiming that the proof-of-concept worm was able to reliably deliver root and was based on a variation of mDNSResponder vulnerabilities that Apple had previously patched. InfoSec Sellout later disclosed that the worm was first completed on July 14, with functional testing on a network of approximately 1,500 OS X systems by the 16th of July. In its first instance the worm only left a text file as evidence that it had been on a system, but it is reported that the worm can fully be 'weaponised' with the payload of choice (and it can achieve that result at this time). While InfoSec Sellout states that the worm only seeks out other systems on the same network for infection, they point out that it is not going to take much extra work for the worm to attack a much broader network segment. Following the path of many recent researchers, the author has stated publicly that they are avoiding telling Apple about their work until it is complete (and after they have been compensated from unnamed sources). This has led to the expected arguments about the ethical and professional nature of such behaviour. In their defence, the author claims that it would be irresponsible to report on incomplete research. Plus, they don't want to give the vulnerability to Apple in order for Apple to miss patching the underlying vulnerability - only patching the particular approach vector being used. With Apple having some of the most passionate defenders in Information Technology (its userbase), the ongoing arguments about the merits of 'Rape.osx' are likely to go long into the future - well after any real or perceived threat from the worm has passed. http://www.beskerming.com/commentary...for_Your_Apple iPhones Flooding Wireless LAN at Duke University 18,000 requests per second from iPhones knocking out dozens of access points at Duke University. John Cox The Wi-Fi connection on Apple’s recently released iPhone seems to be the source of a big headache for network administrators at Duke University. The built-in 802.11b/g adapters on several iPhones periodically flood sections of the Durham, N.C. school’s pervasive wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. Campus network staff are talking with Cisco, the main WLAN provider, and have opened a help desk ticket with Apple. But so far, the precise cause of the problem remains unknown. “Because of the time of year for us, it’s not a severe problem,” says Kevin Miller, assistant director, communications infrastructure, with Duke’s Office of Information Technology. “But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones? It’s a pretty big annoyance, right now, with 20-30 access points signaling they’re down, and then coming back up a few minutes later. But in late August, this would be devastating.” That’s because the misbehaving iPhones flood the access points with up to 18,000 address requests per second, nearly 10Mbps of bandwidth, and monopolizing the AP’s airtime. The access points show up as “out of service.” For 10-15 minutes, there’s no way to communicate with them, Miller says. “When the problem occurs, we see dozens of access points in that condition,” Miller says. The network team began capturing wireless traffic for analysis and that’s when they discovered that the offending devices were iPhones. Right now, Miller says, there are about 150 of the Apple devices registered on the campus WLAN. The requests are for what is, at least for Duke’s network, an invalid router address. Devices use the Address Resolution Protocol (ARP) to request the MAC address of the destination node, for which it already has the IP address. When it doesn’t get an answer, the iPhone just keeps asking. “I’m not exactly sure where the ‘bad’ router address is coming from,” Miller says. One possibility: each offending iPhone may have been first connected to a home wireless router or gateway, and it may automatically and repeatedly be trying to reconnect to it again when something happens to the iPhone’s initial connection on the Duke WLAN. They’re still sorting out what that “something” is. On two occasions, one last Friday and one today, Monday 16 July, both users seemed to be behaving completely normally, yet both iPhones started flooding the net with ARP requests. In both cases, the user first successfully connected to the WLAN at one location, and then moved to another building, where the ARP flood began. “It may have something to do with the iPhone losing connectivity and then trying to reconnect in a new location,” Miller says. Most of the W LAN is comprised of Cisco thin access points and controllers. Some older autonomous Cisco Aironet access points tend to uncover the flooding first, since they try to resolve the ARP request themselves. But Miller’s team has seen the CPU utilization on the WLAN controllers spiking as they try to process the request flood passed on to them in control traffic from the thin access points. “I don’t believe it’s a Cisco problem in any way, shape, or form,” he says firmly. So far, the communication with Apple has been “one-way,” Miller says, with the Duke team filing the problem ticket. He says Apple has told him the problem is being “escalated” but as of mid-afternoon Monday, nothing substantive had been heard Apple. http://www.networkworld.com/news/200...ke-iphone.html Update on Duke’s Wireless Network and Apple’s iPhones A note from Tracy Futhey, Duke’s chief information officer, on Duke’s wireless network and Apple’s iPhones: By now many of you have read news accounts around iPhones and Duke’s wireless network. Some of the reports incorrectly made it sound as if our entire wireless network had collapsed. Others made it sound as if the iPhone could not work correctly on our wireless network. Still others seem to imply that Duke’s network was deficient in some way because the problem had not been encountered more broadly. The reality is that a particular set of conditions made the Duke wireless network experience some minor and temporary disruptions in service. Those conditions involve our deployment of a very large Cisco-based wireless network that supports multiple network protocols. Cisco worked closely with Duke and Apple to identify the source of this problem, which was caused by a Cisco-based network issue. Cisco has provided a fix that has been applied to Duke's network and there have been no recurrences of the problem since. We are working diligently to fully characterize the issue and will have additional information as soon as possible. Earlier reports that this was a problem with the iPhone in particular have proved to be inaccurate. In closing, I extend my gratitude to the very strong technical staff within OIT that was able to identify this situation, working shoulder-to-shoulder with technical staff from two of our long-time partners, Cisco and Apple. Meanwhile, our Duke community should feel confident that both the Duke wireless network is fully functional, and the iPhone is fully operable within our environment. http://www.dukenews.duke.edu/2007/07/cisco_apple.html iPhone Partially Unlocked, Calls Without AT&T Contract Apparently, the amazing code wizards at the iPhone Dev Wiki have been able to partially unlock the iPhone using a new application called iASign. It won't fully unlock the iPhone for use with other companies, but the hack will allow you to use any existing Cingular/AT&T Pre-paid/MVNA SIM so you don't have to get a two-year contract with AT&T. We are now testing this, but if confirmed the benefits are great. That's full call functionality without two years of slavery and: • People can still enjoy corporate rate, which they don't get on iPhone plans (10% to 20% off in some cases even more) • People can use a company AT&T SIM card on their personal iPhone. The iPhone Dev Wiki rebels are now in their final assault to get the iPhone fully free of the Evil AT&T Galatic Empire: All problems with unlocking lie in the baseband, the radio chipset for the iPhone. The chipset is an S-Gold2, and don't come in the chat and give us links to PapaUtils, we can't use them. Now the iPhone only has one lock, a network personalization lock. This lock means the MCC(US=310) and the MNC(AT&T=410) must match the first six digits of the SIM cards IMSI. This check is done in the baseband firmware itself. I'm not really sure where yet, but that isn't really relevant. The only thing standing in the way of an unlock is the baseband. All the other sim checks are known and can be patched out. We even know the AT command to do the unlock. It's 'AT+CLCK="PN",0,"xxxxxxxx"'. But good luck finding those x's. They are called the NCK, or Network Control Key, and are believed to be unique in everyones phone. Forget brute force(time impractical) and the obvious entries. If you still think bruteforce is a good idea, read this. Further, there is a limit of 3-10 unlock attempts per phone, after which the firmware will "hard-lock" itself to AT&T. So why can't we just patch the firmware? The firmware, located in the ramdisk at /usr/local/standalone/firmware/ICE03.12.06_G.fls, is signed. See here for what is known about the file. The sig is checked in the baseband bootloader. The updater program, bbupdater, only checks a checksum, which can be changed. The update will take, but then the phone won't boot because the sigs don't match. We worked two solid days on disasseming the radio fw. There are a few backdoors, but none that would lead to an unlock. If you are good with disassembling ARM, PM geohot for the idb. We've documented a lot of functions pretty well. Although, this firmware is very difficult to work through. I'm 90% sure the password check happens in the function called pwdcheck, but I haven't found it yet. For all we know there could be a simple algorithm to generate the NCKs that we've missed. http://gizmodo.com/gadgets/breaking/...act-279606.php Silent Hands Behind the iPhone Ken Belson Etched into the back of every iPhone are the words “Designed by Apple in California. Assembled in China.” Apple might as well have added “Made in Taiwan.” With little fanfare, Taiwan companies are playing a big role not only in the production of Apple’s latest device but in a wide array of other communications equipment, including the broadband modems in homes across the United States and the next generation of high-speed wireless gear. Apple does not discuss which vendors it uses, but news reports in Taiwan said that Hon Hai and Quanta received orders to produce millions of iPhone handsets, reports that those companies declined to confirm. Other manufacturers there were almost certainly involved because they provide components used in advanced phones, industry analysts said. Taiwan companies also have a hand in making iPods and iMacs, they said, as well as game machines for Sony and Microsoft. Taiwan’s rise as a communications workhorse is part of a decade-long transformation under way on this island. Already the world’s biggest producers of computer components, Taiwan companies like Compal Electronics, in addition to Hon Hai and Quanta, have used their expertise to branch out into new markets that use many of the same products. By harnessing the ability to cut costs, churn out products quickly and work flexibly with customers, the Taiwan companies have become top makers of cellphones, smartphones, broadband modems, wireless routers, global positioning devices, networking equipment and other gear. They, like companies elsewhere, have also made deep inroads into China, where many of their factories are. “It’s not a surprise that the iPhone would be made here because the food chains for Apple’s notebooks and iPods are already in Taiwan,” said Dominic Grant, a telecommunications analyst at Macquarie in Taipei. “It’s a natural progression.” Taiwan’s evolution from computer-making giant to telecommunications Goliath has gone largely unnoticed in the United States because companies here make most of their money as made-to-order manufacturers, not sellers of their own brand products. But Taiwan’s industrial makeover has helped its companies remain competitive in a world increasingly dominated by low-cost Chinese assemblers and by Japanese and South Korean companies with strong footholds in high-end components like flash memory chips. The strategy of repackaging — finding new uses for computer components — has paid dividends. Companies on the island have captured 87 percent of the global market for wireless modems, 84 percent of the D.S.L. modem market and 70 percent of the market for personal digital assistants. In the competitive cellphone business, Taiwan companies made 12.4 percent of the world’s handsets last year, up from 9.8 percent in 2005, according to the Institute for Information Industry, a government-affiliated research center. That share is expected to grow as brand-name companies like Sony Ericsson outsource more of their production to companies here. In all, Taiwan companies produced $31.5 billion in communications equipment and services last year, more than 50 percent above the total the year before, according to the institute, which expects production to reach a value of $46 billion by 2010. Less than a quarter of that was manufactured on Taiwan, with the bulk made on the Chinese mainland. “It’s been a fairly natural progression because handsets are really a mini-version of the PC, and Taiwanese are adept at adjusting,” said Gary Chia, president of the Yuanta Research Center. The transformation did not happen by accident. As in much of Asia, the government played an active role in steering businesses into new markets by showering them with tax incentives, cheap property to build factories and research money. Companies on Taiwan have also been able to shift gears smoothly because the concentration of component producers on the island has made it easier to gather the technology and engineers to design and assemble new products. And Taiwan companies, like their rivals in Japan, South Korea and elsewhere in Asia, have increasingly shifted production to their factories in China to save money. With their close cultural, financial and linguistic ties to mainland China, Taiwan’s companies have an edge over those from elsewhere. These advantages helped scores of companies tackle new markets. Take D-Link, one of the world’s largest manufacturers of broadband modems. About two decades ago, it started out by making network interface cards that linked computers. As Internet access for home use expanded, the company started making dial-up modems. As phone companies in the United States and elsewhere started leasing modems to their customers, D-Link was flexible and designed products to each carrier’s specifications while remaining cheap enough to nudge out rivals. “Telecommunications companies are difficult to deal with because each one has its own standards, and there is a lot of customization,” said J. C. Liao, D-Link’s president. “But it turned out to be an advantage because Taiwanese are more flexible compared to companies in the U.S. or Japan. We’re quick to lower costs and not stick to our own rules.” D-Link has evolved with the technology, expanding into wireless modems and pushing into emerging markets like India and Russia, as well as selling under its own brand name at big retailers like Best Buy and Office Depot to become the No. 2 competitor, after Linksys. About 15 percent of the company’s revenue now comes from brand products. Mitac International, a leading seller of global positioning devices, took a similar route. Through the 1980s and early ’90s, it built personal computers for the likes of Compaq. But as profit margins slipped and mergers reshaped the industry, the company started making personal digital assistants. Then Hewlett-Packard bought Compaq, leaving Mitac short a big customer. So when the United States government allowed civilians to use G.P.S. technology, the company integrated it into its personal digital assistants after a couple of years of development. Mitac joined another leader in the industry, Garmin, which is based in Kansas but makes almost all its G.P.S. devices in Taiwan. “We saw these big waves come one by one in the mid-1990s, so we tried to figure out how to survive in this rapidly changing business,” said Billy Ho, the president of Mitac International, which sells G.P.S. devices under the Mio brand. “We realized there was no Microsoft in the digital map business.” Mitac still earns about 70 percent of its sales by making desktop computers, servers and other technology for other companies, though Mr. Ho hopes that the share will fall to 50 percent by next year. Since so many of the latest devices are made here, it is perhaps unsurprising that some Taiwan companies are beating brand-name companies to the punch. High Tech Computer, for instance, introduced a touch-based handset just weeks before the iPhone was released. With a less recognizable name, High Tech has more modest ambitions. But it is still pleased that Apple has joined the market. “We’re happy they share the same vision as we do,” said Fred Liu, the chief operating officer. “We think these phones will change people’s minds and their behavior.” While D-Link, High Tech and Mitac have developed brand-name products to reduce their reliance on their made-to-order business, there are plenty of other companies that have had trouble branching out on their own. For instance, in 2005 BenQ, which primarily made cellphones for other companies, bought the handset division of Siemens in hopes of taking on the likes of Sony Ericsson and LG. Yet BenQ, a spinoff of the Taiwan computer giant Acer, alienated one of its biggest customers, Motorola, which was wary of having a new competitor manufacturing its products. BenQ also underestimated the depth of Siemens’s problems and how much it would cost to break into an already crowded and competitive cellphone market. After losses mounted, BenQ liquidated the venture and will focus its energy on making handsets for other companies, as well as on its existing businesses producing flat-panel monitors, televisions and digital cameras. “People thought with Acer’s success, BenQ could make it, too, since its chairman came from Acer,” said Kirk Yang, managing director at Citigroup in Hong Kong. “But the acquisition was a black hole. BenQ didn’t have a home base and had no experience running a branded handset business.” Mr. Yang and other analysts said that Taiwan companies were unlikely to abandon their made-to-order business entirely. Instead, they will focus more on doing more design work on behalf of customers who are trying to outsource more and more of their production. “The iPhone is a great example of where Taiwan is still strong: reliable sourcing, leading technology and complex integration,” said Allen J. Delattre, chief of the electronics and high-technology practice at the consulting firm Accenture. “Does the average person who buys an iPhone know it’s from Taiwan? Maybe. Do they care? Probably not. But if you look at the companies in Taiwan, they are behind the scenes, and that’s a good place to be because that’s where the value is.” The key for Taiwan companies, Mr. Delattre and other analysts said, is to invest in next-generation products early. For example, companies here are fast becoming important players in the development of WiMax wireless and fiber optic broadband equipment. They are again getting a healthy push from the government, which is spending more than $200 million over five years to help create the world’s largest high-speed WiMax network. By next year, with 2,000 base stations spread across the island, companies will be able to start testing new applications, like the sending of video from ambulances on their way to hospitals. “We are trying to make the infrastructure more complete,” said Tsung-Tsong Wu, deputy minister of the National Science Council, which has a $1 billion annual budget. “If the highways are built, companies can go as fast as they like.” http://www.nytimes.com/2007/07/18/te.../18taiwan.html Web Censorship is Failing, Says Chinese Official A Government minister admits that trying to suppress information on the internet "is like walking into a dead end" Jane Macartney, Beijing The internet and mobile phones have undermined attempts by China’s secretive rulers to control the news, a senior Communist party official admitted today. He accused local governments of being “too naive” by continuing to suppress damaging information about corruption or about disasters, and urged party members to be more open with members of the public. Wang Guoqing, a vice minister with the cabinet’s information office said: “It has been repeatedly proved that information blocking is like walking into a dead end.” He said governments used to believe that they could muffle 90 per cent of all bad news. But this was no longer the case. In the internet age, he said, the party had to become adept at managing and controlling information, rather than covering it up. Mr Wang cited a recent slavery scandal, when local officials attempted to conceal the used of forced labour at brick kilns in north-central Shanxi and Henan provinces. Unable to obtain information from local officials, parents whose children had gone missing used the internet to post messages and to seek information. Their improvised campaign revealed that hundreds, and perhaps thousands, of people had been forced for years to work as slaves, and had been beaten, starved and guarded by dogs. Mr Wang said that keeping the information out of the media spotlight until the scandal was exposed by crusading journalists left the Shanxi government in a vulnerable position. Yet even after they were exposed for allowing the slavery scandal to continue for many months, authorities appear to be reverting to the time-honoured way of dealing with crises by imposing censorship. State-run Chinese Central Television has been ordered to play down the negative aspects of the scandal and to stress the government’s successes in catching offenders and bringing them to justice. Parents of missing children have come under pressure not to speak to the media. Zhan Jiang, a media expert at the China Youth University for Political Sciences, said: “It is definitely more difficult for the Government to control information flows these days. The North Korean government can do it but in China it is not so easy.” But the Communist Party remains wary of a free flow of information. For example, no date has yet been announced for the most important political event of the year – the party’s congress that is held once every five years and when a new central Committee and Politburo will be chosen. Based on past such events, most Chinese are guessing it will be in September or October. Mr Zhan said China still had a long way to go towards full transparency, but international influence was a factor in greater openness. He said: “There are people who don’t want the public to know anything negative. Progress takes time. But there are struggles between the forces of openness and of conservatism.” Reporters Without Borders, the media watchdog, describes the Chinese Government as an “enemy of the internet”. In its annual report in February, it said China used armies of cyberpolice and spearheaded an increasingly sophisticated movement to restrict the internet. In January, President Hu Jintao said China’s rulers intended to keep as tight a rein on the internet as they did on traditional forms of the media such as newspapers and television. http://technology.timesonline.co.uk/...cle2086419.ece Web-Based Anonymizer Discontinued RobertB-DC With no fanfare, and apparently no outcry from the privacy community, Anonymizer Inc. discontinued its web-based Private Surfing service effective June 20, 2007. No reason was given, either on the Anonymizer web site or on founder Lance Cottrell's privacy blog. Private Surfing customers are now required to download a anonymizing client that handles all TCP traffic, but the program is Windows-only (with Vista support still a work-in-progress). And of course it's closed-source, which means it has few advantages over several other alternatives. http://yro.slashdot.org/yro/07/07/19/231204.shtml Search Engine "Ask" to Allow Anonymous Web Search Elinor Mills Search site Ask is launching a new tool that will let people search the Web anonymously, the first major search engine to offer that functionality. By using the new AskEraser tool, users will be able to set their privacy preferences so the search engine doesn't retain their Web search history. Users will be able to see what the privacy setting is on the search results pages. AskEraser is expected to be deployed on Ask.com in the U.S. and United Kingdom by the end of the year, and globally early next year. For people who don't want to search anonymously, Ask will maintain the user search data for 18 months and then it will disassociate the search history from the IP address or cookie information. Cookies are small files stored on a computer so that the computer can be recognized when it revisits Web sites, enabling the site to remember the user's preferences for things like e-commerce and sites that require log-in. "We'll have no way of figuring out how to associate the searches with a (particular) person," said Doug Leeds, head of development at Ask. "There will be no way for us to receive an IP address from a governmental agency and figure out what searches were done by that IP address." The move by Ask, a wholly owned business of IAC, follows but exceeds steps taken by Google. Earlier this week, Google said it would set cookies on Web searches to expire after two years instead of in 2038. In practice, however, only a miniscule number of people will be affected by the change because if you visit Google even once in the next two years, the cookie will be renewed for another two years. In March, Google said it would start anonymizing the final eight bits of the IP address and the cookie data after somewhere between 18 months and 24 months, unless legally required to retain the data for longer. Doing so effectively would enable someone to narrow the IP address down to 256 possible computers or users. That would be similar to obscuring the last digit in someone's street address. The risks associated with Web search data were highlighted last August when AOL inadvertently exposed on the Internet the search history of more than 650,000 of its users. Microsoft and Yahoo are also expected to improve their Web search privacy practices, according to the Financial Times. http://news.com.com/8301-10784_3-9747585-7.html Teen Sues School Officials Over Free Speech Issue Susan Haigh A Burlington, Connecticut teenager sued two top school officials Monday, saying they violated her constitutional rights by removing her as class secretary because she used offensive slang to refer to administrators on an Internet blog. Avery Doninger, a 16-year-old student at Lewis Mills High School, wants to be immediately reinstated as class secretary. She also wants a new election for class officers for the upcoming school year, when she will be a senior, and a chance to give the candidate speech she was forbidden from giving to her classmates. Doninger's mother, Lauren, filed motions for temporary and permanent injunctions on her daughter's behalf against school Principal Karissa Niehoff and Region 10 Superintendent of Schools Paula Schwartz, according to court documents filed Monday in New Britain Superior Court. Niehoff removed Doninger as the class of 2008 secretary and banned her from running for re-election after discovering the teen used a pejorative term when she referred to unnamed school administrators in an online journal. Avery Doninger posted the message to http://www.livejournal.com , which is not associated with the school, from a home computer. "I don't like what Avery wrote," Lauren Doninger told The Associated Press in a phone interview Monday. "(But) she had the right to do it and it was up to me, not the school, to determine whether or not there had been a consequence." At the time, Avery Doninger was criticizing the administrators over the cancellation of a school event known as Jamfest. Doninger said she helped organize the music event for months and was frustrated by delays with improvements to the school gym, where Jamfest typically is held. She acknowleged Monday she regrets using the offensive slang. "It really was an unsavory term," she said. "I'm definitely going to be really careful from now on." But the teen said she believes her rights have been violated and that she's been singled out by school administrators. "This is something that I felt was really necessary to stand up for, because you really have to stand up (for) the little things about democracy, the little things that make democracy really work in the big world," she said. Several weeks after Avery Doninger posted the message in April, Niehoff demanded she apologize to the superintendent of schools, tell her mother about the blog entry, resign from the student council and withdraw her candidacy for class secretary, the lawsuit alleges. She was the only candidate running for class secretary. While Doninger apologized and reported the incident to her mother, she refused to resign. Niehoff then "administratively removed" her from the post, the lawsuit said. Besides being banned from running for re-election, Doninger was barred from giving a speech to her school class, the lawsuit claims. Doninger and fellow students were also prohibited from wearing printed shirts supporting her free speech rights. A call seeking comment was left with Burlington school officials. Niehoff told WVIT-TV in May that school leadership positions are a privilege, not a right. "When kids are in a position of privilege, there are certain standards of behavior we expect them to uphold," she told the TV station. "Our position stands for respect. We're just hoping kids appreciate the seriousness of any communication over the Internet." Jon L. Schoenhorn, the Doningers' attorney, said Connecticut school districts have no legal authority to punish students for private online postings that do not use school resources and do not occur on school grounds. Schoenhorn said last month's U.S. Supreme Court ruling restricting student speech rights does not harm his client's case because it is narrowly tailored. In a 5-4 decision, the justices said an Alaska high school student could be suspended for holding up a banner that read "Bong Hits 4 Jesus" because it advocated illegal drug use. The high court also determined that Joseph Frederick unfurled his handiwork at a school-sanctioned event in 2002, triggering his suspension. Students had gathered to watch the Olympic torch make its way through Juneau, en route to the Winter Olympics in Salt Lake City. http://hosted.ap.org/dynamic/stories...07-16-17-53-53 US Senate Committee Passes FCC Indecency Bill Adam Thomas US Senate Commerce Committee today passed a bill that would allow FCC to fine broadcasters for slip of the tongue expletives, negating a ruling by federal appeals court in New York that commission's policy on 'fleeting expletives' is arbitrary and capricious. The Protecting Children from Indecent Programming Act introduced by Senator John Rockefeller (D-WV) would effectively overturn the court decision on the Fox Television Stations v. FCC in which the court ruled: "We find the FCC's new policy sanctioning 'fleeting expletives' is arbitrary and capricious under the Administrative Procedures Act for failing to articulate a reasoned basis for its change in policy." A mandate by Congress that a “fleeting expletive” can now be found indecent will create a vast chilling effect on broadcast speech, the advocacy group Center for Democracy and Technology claimed. CDT points out that prior to this bill and the FCC’s policy change, the FCC exercised discretion in determining which utterances were indecent, and consistently found that one-time uses of curse words were not indecent. The bill would empower FCC to find fleeting expletives indecent, it is highly likely that broadcasters will censor themselves even more to avoid being targeted by the Commission, the group argued. But CDT also points out that if Senator Rockefeller’s bill becomes law, it will certainly force the courts to consider the constitutional question: Does the FCC have First Amendment authority to censor the use of a single curse word over the airwaves? Currenty, FCC’s constitutional authority to regulate broadcast content rests on the 1978 Supreme Court case FCC v. Pacifica Foundatio in which the Court held that the FCC had properly found comedian George Carlin’s “Seven Dirty Words” monologue to be indecent. http://pressesc.com/01184929170_senate_indecency_bill Debate on Child Pornography’s Link to Molesting Julian Sher and Benedict Carey Experts have often wondered what proportion of men who download explicit sexual images of children also molest them. A new government study of convicted Internet offenders suggests that the number may be startlingly high: 85 percent of the offenders said they had committed acts of sexual abuse against minors, from inappropriate touching to rape. The study, which has not yet been published, is stirring a vehement debate among psychologists, law enforcement officers and prison officials, who cannot agree on how the findings should be presented or interpreted. The research, carried out by psychologists at the Federal Bureau of Prisons, is the first in-depth survey of such online offenders’ sexual behavior done by prison therapists who were actively performing treatment. Its findings have circulated privately among experts, who say they could have enormous implications for public safety and law enforcement. Traffic in online child pornography has exploded in recent years, and the new study, some experts say, should be made public as soon as possible, to identify men who claim to be “just looking at pictures” but could, in fact, be predators. Yet others say that the results, while significant, risk tarring some men unfairly. The findings, based on offenders serving prison time who volunteered for the study, do not necessarily apply to the large and diverse group of adults who have at some point downloaded child pornography, and whose behavior is far too variable to be captured by a single survey. Adding to the controversy, the prison bureau in April ordered the paper withdrawn from a peer-reviewed academic journal where it had been accepted for publication, apparently concerned that the results might be misinterpreted. A spokeswoman for the bureau said the agency was reviewing a study of child pornography offenders but declined to comment further. Ernie Allen, who leads the National Center for Missing and Exploited Children, which is mandated to coordinate the nation’s efforts to combat child pornography, said he was surprised that the full study had not been released. “This is the kind of research the public needs to know about,” Mr. Allen said. Others agreed that the report should be published but were more cautious about the findings. “The results could have tremendous implications for community safety and for individual liberties,” said Dr. Fred Berlin, founder of the Johns Hopkins Sexual Disorders Clinic. “If people we thought were not dangerous are more so, then we need to know that and we should treat them that way. But if we’re wrong, then their liberties aren’t going to be fairly addressed.” Everyone agrees that researchers need to learn more about online consumers of illegal child images. The volume of material seized from computers appears to be doubling each year — the National Center collected more than eight million images of explicit child pornography in the last five years — and Attorney General Alberto R. Gonzales made child protection a national priority in 2006. Those who are arrested on charges of possession or distribution of child pornography generally receive lighter sentences and shorter parole periods than sexual abusers. They do not fit any criminal stereotype; recent arrests have included politicians, police officers, teachers and businessmen. “It’s crucial to understand the sexual history of all these offenders, because sometimes the crime they were arrested for is the tip of the iceberg, and does not reflect their real patterns and interests,” said Jill S. Levenson, an assistant professor of human services at Lynn University in Boca Raton, Fla., and head of the ethics committee of the Association for the Treatment of Sexual Abusers. Previous studies, based on surveys of criminal records, estimated that 30 percent to 40 percent of those arrested for possessing child pornography also had molested children. The psychologists who conducted the new study, Andres E. Hernandez and Michael L. Bourke, focused on 155 male inmates who had volunteered to be treated at the Federal Correctional Institution in Butner, N.C., according to a draft of the paper obtained by The New York Times from outside experts who want the study published. The Butner clinic is the only residential program devoted to the treatment of sexual offenders in the federal prison system. The inmates in the study were all serving sentences for possession or distribution of child pornography. About every six months as part of an 18-month treatment program, they filled out a record of their sexual history, including a “victims list” tallying their previous victims of abuse. Therapists encouraged the men to be honest as part of their treatment, and the sexual histories were anonymous, according to the paper. The psychologists compared these confessions with the men’s criminal sexual histories at the time of sentencing. More than 85 percent admitted to abusing at least one child, they found, compared with 26 percent who were known to have committed any “hands on” offenses at sentencing. The researchers also counted many more total victims: 1,777, a more than 20-fold increase from the 75 identified when the men were sentenced. Dr. Hernandez and Dr. Bourke concluded in the paper that “many Internet child pornography offenders may be undetected child molesters.” But they also cautioned that offenders who volunteer for treatment may differ in their behavior from those who do not seek treatment. They submitted the paper to The Journal of Family Violence, a widely read peer-reviewed publication in the field, and it was accepted. But in a letter obtained by The Times, dated April 3, Judi Garrett, an official of the Bureau of Prisons, requested that the editors of the journal withdraw the study, because it did not meet “agency approval.” Editors at The Journal of Family Violence did not respond to phone or e-mail messages asking about the withdrawal. Dr. Hernandez mentioned the research briefly during testimony before a Senate committee last year. But the bureau blocked Dr. Hernandez and Dr. Bourke from attending some law enforcement conferences to speak about the findings, said two prosecutors who did not want to be identified because they have a continuing work relationship with the bureau. “We believe it unwise to generalize from limited observations gained in treatment or in records review to the broader population of persons who engage in such behavior,” a bureau official wrote to the organizers of a recent law enforcement conference, in a letter dated May 2 and given to The Times by an expert who is hoping the study will be published. Some prosecutors say they could use the study to argue for stiffer sentences. While some outside researchers agreed that the risk of over-generalizing the study’s results was real, almost all the experts interviewed also said that the study should still be made public. Dr. Peter Collins, who leads the Forensic Psychiatry Unit of the Ontario Provincial Police, called the findings “cutting-edge stuff.” “We’re really on the cusp of learning more about these individuals and studies should be encouraged, not quashed,” Dr. Collins said. Understanding the relationship between looking at child pornography and sexually assaulting children is central to developing effective treatment, psychologists say. It is not at all clear when, or in whom, the viewing spurs action or activates a latent, unconscious desire; or whether such images have little or no effect on the offender’s subsequent behavior. But the relationship probably varies widely. “My concern is about sensationalism, about the way something like this is handled in the media,” said Michael Miner, an associate professor in the department of family medicine at the University of Minnesota who treats sex offenders. “The public perception is that all of these guys will re-offend, and we know that just isn’t true.” At least some men convicted of sexual abuse say that child pornography from the Internet fueled their urges. In a recent interview, one convicted pedophile serving a 14-year sentence in a Canadian federal prison said that looking at images online certainly gave him no release from his desires — exactly the opposite. “Because there is no way I can look at a picture of a child on a video screen and not get turned on by that and want to do something about it,” he said. “I knew that in my mind. I knew that in my heart. I didn’t want it to happen, but it was going to happen.” How many offenders does he speak for? The study may help answer that question, some say. “The penalties we seek, the vigor with which we prosecute — the very importance we give to child pornography cases — all of these things are affected by what we know about the offenders,” said Leura G. Canary, the United States attorney for Middle Alabama who also leads the Attorney General’s Working Group on Child Exploitation and Obscenity. “And right now we know very little.” http://www.nytimes.com/2007/07/19/us/19sex.html Pupils Browse Porn on Donated Laptops Nigerian schoolchildren who received laptops from a U.S. aid organization have used them to explore pornographic sites on the Internet, the official News Agency of Nigeria (NAN) reported Thursday. NAN said its reporter had seen pornographic images stored on several of the children's laptops. "Efforts to promote learning with laptops in a primary school in Abuja have gone awry as the pupils freely browse adult sites with explicit sexual materials," NAN said. A representative of the One Laptop Per Child aid group was quoted as saying that the computers, part of a pilot scheme, would now be fitted with filters. http://news.yahoo.com/s/nm/20070720/...FG8XwBExgZ.3QA Fish 'n' chips CEO Accused of Building Secret Drug, Sex Lair AP The co-founder of semiconductor maker Broadcom Corp., under scrutiny in a federal stock options probe, was accused seven years ago of building an underground hideaway at his estate to indulge in drugs and sex with prostitutes, according to court documents. In a draft complaint made against Henry T. Nicholas III, a construction crew claimed the billionaire failed to pay them millions of dollars for work performed between 1998 and 2002, and used "manipulation, lies, intimidation, and even death threats" when anyone threatened to quit. The illegal network of tunnels and rooms underneath Nicholas' Laguna Hills estate was kept secret from his wife and city officials, the documents said. The purpose of one secret room was to allow Nicholas to "indulge his appetite for illegal drugs and sex with prostitutes," the crew claimed. http://news.newstimes.com/news/updat...e=news_updates

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Peer-To-Peer News - The Week In Review - May 19th, '07	JackSpratts	Peer to Peer	1	16-05-07 09:58 AM
Peer-To-Peer News - The Week In Review - December 9th, '06	JackSpratts	Peer to Peer	5	09-12-06 03:01 PM
Peer-To-Peer News - The Week In Review - September 16th, '06	JackSpratts	Peer to Peer	2	14-09-06 09:25 PM
Peer-To-Peer News - The Week In Review - July 22nd, '06	JackSpratts	Peer to Peer	1	20-07-06 03:03 PM
Peer-To-Peer News - The Week In Review - June 24th, ’06	JackSpratts	Peer to Peer	1	22-06-06 12:02 PM