Copy Link
Add to Bookmark
Report
Atari Online News, Etc. Volume 09 Issue 31
Volume 9, Issue 31 Atari Online News, Etc. August 3, 2007
Published and Copyright (c) 1999 - 2007
All Rights Reserved
Atari Online News, Etc.
A-ONE Online Magazine
Dana P. Jacobson, Publisher/Managing Editor
Joseph Mirando, Managing Editor
Rob Mahlert, Associate Editor
Atari Online News, Etc. Staff
Dana P. Jacobson -- Editor
Joe Mirando -- "People Are Talking"
Michael Burkley -- "Unabashed Atariophile"
Albert Dayes -- "CC: Classic Chips"
Rob Mahlert -- Web site
Thomas J. Andrews -- "Keeper of the Flame"
With Contributions by:
To subscribe to A-ONE, change e-mail addresses, or unsubscribe,
log on to our website at: www.atarinews.org
and click on "Subscriptions".
OR subscribe to A-ONE by sending a message to: dpj@atarinews.org
and your address will be added to the distribution list.
To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE
Please make sure that you include the same address that you used to
subscribe from.
To download A-ONE, set your browser bookmarks to one of the
following sites:
http://people.delphiforums.com/dpj/a-one.htm
Now available:
http://www.atarinews.org
Visit the Atari Advantage Forum on Delphi!
http://forums.delphiforums.com/atari/
=~=~=~=
A-ONE #0931 08/03/07
~ ".us" Domain Rekindled? ~ People Are Talking! ~ Yahoo Probe Pressed!
~ WOMBAT Looks Promising ~ JPEG To Be Replaced? ~ Ransomware Trojans!
~ Web Networking Booming! ~ eBay Keeps Buy It Now! ~ Creative PDF Spammers
~ Storm Worm Gets Smarter ~ Kittens Solving Spam? ~ GTA IV Postponed!
-* Internet Censorship Spreading *-
-* Are Laser Printers A Health Hazard? *-
-* Zero-Day Attacks Top List of IT Concerns!! *-
=~=~=~=
->From the Editor's Keyboard "Saying it like it is!"
""""""""""""""""""""""""""
I gotta be honest - it's just too darn hot and humid around here to really
expend brain energy and come up with some worthwhile comments this week!
This weather has certainly been something else this past week! Temps at
or approaching 90 degrees all week long. I played golf Thursday - went
out at 6:00 a.m. to try and beat the heat. By the time I finished, I was
exhausted from the heat. I was going to play today until I discovered the
temperature when I woke up. I went back to bed!
So, while I continue to try and stay cool (and consider Joe's recipe
below!), I'll leave you all to your own devices of staying cool. Me, I'm
eying that nice cool swimming pool for a quick cooling dip!
Until next time...
=~=~=~=
PEOPLE ARE TALKING
compiled by Joe Mirando
joe@atarinews.org
Hidi ho friends and neighbors. It's a warm one in southern New England
today. This is our third heat wave so far this summer.
No, don't worry. I'm not going to launch into a tirade about global
warming and saving the unborn gay whales or anything. My point is...
it's hot, that's all.
It's too hot, as a matter of fact, to talk politics or regrets about
what Atari should have or shouldn't have done. It's just too damned
hot.
Y'know what I like on a hot summer's day like today? Cucumber salad.
There's nothing like a nice, chilled cucumber salad with... well, with
just about anything. The only problem I've run into is when people just
hack up some cucumbers and slather 'em with 'regular' salad dressing.
That just ruins it! So, over the past several years, I've come up with
my own dressing, and I think it's pretty good. I've even gotten some
compliments on my recipe, so maybe I'll pass it along to you. How would
that be? Hey, maybe you can make it over the weekend and impress the
heck out of your wife, kids, in-laws or whatever. It's easy, and it
lasts just about forever in the fridge. Try it out and let me know what
you think.
-----------------------------------------------------------------------
Joe's Cucumber Salad
Ingredients:
* 2 or 3 Cucumbers, chilled
* 1 Yellow or Spanish Onion, medium sized
* 1/2 Cup Rice vinegar*
* 1 Tablespoon Vegetable Oil
* 1 tablespoon Sugar
* 1 teaspoon Celery Salt
* 1/2 teaspoon Cayenne (optional, but highly recommended)
* 1/2 teaspoon Dill Weed
* 1/4 teaspoon Black Pepper
Directions:
Peel and thinly slice chilled Cucumbers and place in a medium-sized bowl
(Use a glass bowl. If you use plastic, it'll smell like cucumbers until
the next ice age). Sprinkle with the celery salt and toss. (There's a
reason for this, by the way. The salt leaches liquid from the cucumber
slices so that when you finally add the dressing, they soak it up
easily)
Peel and halve the onion, and slice the halves as thinly as possible.
Separate onion pieces and sprinkle over cucumbers. Toss again.
Place Sugar, Cayenne, Dill Weed and Black Pepper in a 2 cup
measuring cup, mix loosely.
Add Rice Vinegar to dry ingredients and mix until sugar is dissolved.
Add Vegetable Oil and mix with whisk or fork until everything is
combined.
Pour dressing over cucumbers and onions and toss lightly.
Refrigerate at least 3 hours (I recommend overnight).
Toss again before serving.
* If you do not have or do not like Rice Vinegar, you may substitute
White, Cider or Red Wine Vinegars. Simply use 1/4 cup instead of 1/2,
since Rice Vinegar is milder and less acidic than the others. -jm
-----------------------------------------------------------------------
There. Don't that sound easy? It is. And the cool thing is that the
longer you leave it in the fridge, the better it gets, since you're
basically pickling the cucumbers and, therefore, preserving 'em!
Okay, that's enough of that. Go make a nice big bowl of cucumber salad
and, while it's marinading in the fridge, read the news, hints, tips
and info available from the UseNet...
From the comp.sys.atari.st NewsGroup
====================================
Marc-Antón Kehr posts this bit of news about EasyMiNT:
"There´s a new EasyMiNT version available on
http://atari.st-katharina-apotheke.de "
Sam F. hears about the new version and says:
"This is great!!
What I would like to see, is a way by which all we atari owners can
pitch in five or ten dollars a month to an Atari Developer Fund, which
at the end of every month, quarter, or year gets divided amongst all
the active developers. What do you all think?"
Marc-Antón replies:
"I can only talk only for me, but I don´t need this. I write my programs
for fun. So, in my opinion it would be better to write an email to the
authors and say just "Thank you" than organize a "developer fund" where
you probably get 20 Bucks a year to divide.:-) Most people are too lazy
to write an email to the author, why should they busier to spend money?
Most of the programmers that are active for Atari today are people with
jobs and I think they do not need the money, but what they like is a
little bit of honour."
'Rafael' adds:
"You are right!! Simple feedback is much better then 20? or even 50? a
year. I'm sure many projects are stopped because of lack of feedback to
the authors. I'm talking here also about testing..."
Marc-Antón adds another aspect:
"Yes, and writing docs or translation, these are things also
non-programmers can do, but no one want to do it.:-/
So, I had to invest much time in translation and documentation, this
time reduces the coding time."
Last week, someone asked about anyone's preference for an ANSI C
compiler:
"Does anyone have recommendation on the best ANSI C compiler for the ST?
I have some utility apps I wrote that I would like to port to the ST,
but the only C compiler I have is Megamax which is K&R and not ANSI.
I heard that Borland released Turbo C for the ST... Does anyone have a
copy of this? I own the DOS version and an ST version would be great."
'Coda' answers:
"I didn't know Turbo C was released for Atari. What I heard was that
Pure C became Turbo C on the PC. In fact I have used both and they are
very similar animals. I loved Turbo C in DOS (sorry for the bad
language) because it had a great IDE and the online help was
fantastic. As far as I know there is very little English documentation
for Pure C (just a long readme) the proper manuals are in German.
That's probably why these days I use Lattice C 5.6, I bought it
especially to make sure I had all the manuals, and boy I have needed
them...
Or, you can use GNU C. You may know that you can switch it to several
different C standards, and it will also compile other languages like C+
+, Fortran, Pascal (ugh!) etc. This is of course free software, and
there is plenty of documentation on the net. I don't know which Atari
specific libraries exist though, but I know they exist."
Fidel-Sebastian Hunrichse-Lara adds:
"Try this: <http://rg.atari.org/source.htm>
and
http://tinyurl.com/245g47 (URL for TurboC.Zip modified by editor) "
Edward Baiz tells us about his preparations to put his Falcon into a
tower case:
"Well I am getting close to putting my Falcon in my old Hades tower. I
have the cables to extend the ports to the outside for the cartridge,
printer, MIDI, keyboard, joystick, video. I have the SCSI and IDE ports
taken care of. I took out the motherboard and traced it on a piece of
cardboard. I tested the cardboard shape in my tower to see if it would
fit. It looks like the bottom two bays are in the way. My tower has six
bays and I only use 4. I guess I would have get a four-bay apparatus
and use that or just get a new tower.
I am also looking for a new ATX PSU. What wattage is good? Any
suggestions or comments are welcome."
'Coda' tells Edward:
"Wattage is mostly irrelevant. Good quality stable outputs are what you
need.
I run my CT60 falcon on one of these:
http://tinyurl.com/ymfkt9 (URL modified by editor)
My related post on DHS: http://bbs.dhs.nu/ct60/index.php?request=2543
stated 2 years ago that my CT60 falcon only drew 38W. At that time I
was thinking about using an Xbox PSU as it seemed almost good enough
to work but for the price of an M1-ATX and the fact that it plugs and
goes (and fits behind the CT60 in the original case without the CTEX)
there was no competition. Oh, it's silent too :)
If you decide to go this route, don't get tempted to buy the M2. It's
overall power rating is higher, but only because of the huge 12V
supply (designed for P4 mobo's). There is less amperage available on
the 3.3V and 5v lines."
Edward replies:
"What I am looking at is a 230 Watt PSU with a switch on the back. It
has three IDE 4 pin connectors, one floppy connector and AUX connector.
What is this AUX connector?. That should be enough for me I would think
and I only need 4 connectors including the floppy. You can see it at:
<Invalid URL>
Tell me what you think."
When Coda cannot reach the page, Edward fixes it and says:
"Whoops, should be:
http://www.supernotebook.com/micro-atx-power-supply-powmax-230-watt.htm
I am going to order this one. I like the switch. I will just have to
decide whether not or I am going to install it in the same spot the
current PSU is or put it at the top like Lyndon did. It is a little
smaller than the one already in there."
Edward now posts:
"Well it looks like I will be able to use the old Hades tower. I just
have to move all of my external hardware up 2 bays, so that the bottom
two are empty.
Then I have to cut part of the bottom bays out and the Falcon board will
fit.
Now I have another question. I know the Falcon mother board cannot touch
the metal frame of the tower. I was thinking of using nylon parts
(screws, nuts, rings etc) to attach the board. Is this a good idea or
is there something else I could use?"
Coda tells Edward:
"You can use nylon yes, in fact most motherboard standoffs are made of
nylon, and if you can get these from a PC mounting kit, maybe it would
be easier to use them. But, if you are going to mount the motherboard
using the existing holes (please don't make any new ones :-)) then you
can use metal hardware as long as the heads are not bigger than the
metal surround of the hole, because all the holes are tied to the
ground plane. When my falcon was in a rack, I used metal machine screws
to mount it."
Well folks, that's it for this time around. Tune in again next week,
same time, same station, and be ready to listen to what they are saying
when...
PEOPLE ARE TALKING
=~=~=~=
->In This Week's Gaming Section - 'Forza' Outclasses Competition!
""""""""""""""""""""""""""""" "Rock Band" Takes Top Honor!
Grand Theft Auto IV' Delayed!
=~=~=~=
->A-ONE's Game Console Industry News - The Latest Gaming News!
""""""""""""""""""""""""""""""""""
Car Wars: 'Forza' Outclasses Competition
Just a few years ago, it was somewhat of a surprise when a NASCAR driver
said he used video games to get ready for real-life races. Nowadays,
virtual racing is a standard element of the training regimen of
professional drivers, particularly the young guns who probably learned to
drive on a Nintendo long before they got behind the wheel of a stock car.
Elliott Sadler, Dale Earnhardt Jr., Kyle Busch and Carl Edwards are just
a few of the NASCAR drivers who have acknowledged a debt to video games.
As graphics get more realistic, a virtual track can provide good practice
for the pros while letting the rest of us feel what's it's like to do a
few laps at Daytona.
* "NASCAR 08" (EA Sports, for the Xbox 360, PlayStation 3, $59.99;
PlayStation 2, $39.99): The first 360/PS3 version of this franchise
includes vivid recreations of just about every track in America, from the
basic oval at Bristol, Tenn., to the twisting road course at Watkins Glen,
N.Y. Most of the time you're racing against more than 40 other cars, so
you really get a feeling of claustrophobia along with a sense of the
strategy required to make it to the front of the pack.
Unfortunately, to pull off that strategy you need really sharp steering.
The controls in "NASCAR 08" feel so loose that you have to keep
adjusting them even when you're just trying to drive in a straight line.
The "Chase for the Cup" mode is frustrating as well. It starts you off
with small challenges, like learning how to pick up speed by closely
following another car, and works up to full-blown Nextel Cup events. It's
a good way to learn the sport's intricacies, but many gamers won't have
the patience to endure all the tests that are required before entering a
career race. Two stars out of four (but add a star if you're a NASCAR
fan).
* "Forza Motorsport 2" (Microsoft, for the Xbox 360, $59.99): The second
edition of Microsoft's flagship racing franchise offers a lot more
breathing room, mainly because you're usually racing only seven other
cars. It also has a wider variety of courses, ranging from California's
sun-splashed Laguna Seca to a fantasy track in the middle of Times
Square.
"FM2" lets you pick a car (from more than 300 models) and jump into a
race right away. There's no messing around with tutorials and licensing
tests; instead, novices get some on-screen assistance and are pitted
against slower opponents. Eventually, you'll make enough money to buy a
new car or upgrade your old one, and there are so many ways to calibrate
a car's performance that you could spend a couple of days in the garage
alone.
There's a lot to love about "FM2," from its gorgeous graphics to its
incredible attention to detail. But its most impressive feature is its
driving physics; it simply feels more realistic than any other racing
video game. Three-and-a-half stars.
* "Dirt" (Codemasters, for the Xbox 360, $59.99): "Dirt," the latest in
Codemasters' "Colin McRae Rally" series, is in some ways the opposite of
"Forza." Instead of zipping around slick, paved tracks, you're slogging
your way across bumpy, muddy terrain; endurance and brute force are more
important than speed and slick steering. But "Dirt" goes head-to-head
with "Forza" in one respect: It's one of the best-looking racing games on
the 360.
"Dirt" has a decent selection of off-road vehicles, from nimble buggies
to lumbering trucks, and a good variety of events. Sometimes you'll be
racing solo up a hill; other times you'll be swapping paint with your
opponents on courses that abruptly shift from paved to unpaved.
Most of the courses are rocky enough to make your teeth rattle, but the
controls don't always feel spot-on. At times it feels like you're
floating around curves, and the cars almost feel too responsive given all
the abuse they're going through. "Dirt" is fun and pretty, but doesn't
feel realistic. Three stars.
"Rock Band" Takes Top Video Game Honor
A video game that turns players into virtual rock stars won a top
industry award this week, beating a field of action titles featuring lush
graphics and complex stories.
In a move that reflects growing enthusiasm for games with broad appeal,
the Game Critics Awards named "Rock Band" as Best of Show for the
industry's annual E3 convention held last month to showcase upcoming
products.
"The most interesting thing to me, when you look at the winners, is that
new, original franchises really dominated this year," said Geoff
Keighley, co-chairman of the awards.
"A lot of pundits look at the industry and say that it's so
franchise-driven, there are so many sequels. Then you look at the winners
list and it's a bunch of fresh air."
"Rock Band," to be published by MTV and distributed by Electronic Arts
Inc., allows up to four players to strum guitar or bass, pound drums, or
sing in time to any of dozens of modern and classic rock songs.
The game topped creepy underwater shooter "Bioshock," combat game "Call
of Duty 4," science-fiction role-playing game "Mass Effect" and
apocalyptic title "Fallout 3," which all wowed critics with stunning
graphics.
The Game Critics Awards have been around for a decade and are decided by
36 journalists who submit nominees in more than a dozen categories. The
games have to have been playable by journalists at E3 rather than just
shown in videos.
A far cry from the pomp and circumstance the Academy Awards bring to
Hollywood, the low-key Game Critics Awards nonetheless give bragging
rights to developers and publishers.
For example, in its quarterly earnings report on Wednesday, THQ Inc.
boasted that four of its games, including "Stuntman: Ignition" and "de
Blob," were nominated for awards, though none of them won.
In another nod to the popularity of casual games, Sony Corp.'s
"LittleBigPlanet," which lets users create environments for
photorealistic cloth characters to frolic in, won Best Original Game.
Sony's "Killzone 2" pulled in a Special Commendation for Graphics, a
notable achievement in a year with an abundance of outstanding visuals.
Despite the immense popularity of its Wii console that is widely credited
with triggering the casual games boom, Nintendo walked away with only one
award, Best Handheld Game for "The Legend of Zelda: Phantom Hourglass"
for its DS device.
"It was a lack of really new stuff from Nintendo," Keighley said. "I
don't know if it's the canary in the mine shaft that shows Nintendo is
not doing so well ... also, the judging body is geared toward the
hardcore gaming crowd."
Microsoft Corp.'s "Mass Effect" for its Xbox 360 game machine won Best
Console Game while "Halo 3," the next installment of its wildly popular
alien-blasting title, won for Best Online Multiplayer.
Electronic Arts, the world's biggest game publisher, won six awards,
though several of those were linked to titles such as "Rock Band" that it
is not developing itself. EA's "Madden NFL 08" football title won Best
Sports Game.
Keighley said he was open to the idea of making the awards a
higher-profile event, but indicated he was leery of anything that would
detract from casting a serious critical eye on a medium often dismissed
as appealing only to teenaged boys.
"I think we're extremely over-conscious of not trying to commercialize
the awards in any way. The last thing I want is for a TV producer to come
in and say, 'Great, but let's put in an award for hottest virtual babe',"
Keighley said.
'Grand Theft Auto IV' Pulled Over Until 2008
Grand Theft Auto fans are going to have to wait a bit longer for the next
installment.
Take-Two Interactive announced Thursday that Grand Theft Auto IV would not
be released Oct. 18 for Sony's PlayStation 3 and Microsoft's Xbox 360
video game systems, as originally planned. Instead, the game will arrive
in spring of 2008, "due to additional development time required to
complete the title," the company said in a statement .
Rockstar Games founder Sam Houser says in the statement, "the new consoles
are allowing us to create the "Grand Theft Auto" game we always dreamed
about. Every aspect of the game and its design has been completely
transformed. The game is huge and is pushing the hardware platforms to
their absolute limits. The top engineers from Sony and Microsoft are
working closely with the team in Edinburgh right now, helping us to fully
leverage the power of both platforms. As always, our goal is to surpass
even the wildest expectations of the game's fans, and to create the
ultimate high definition video game experience."
Industry analysts had expected GTA IV to battle Halo 3- and perhaps Guitar
Hero 3 and Rock Band- for the top-selling game of the year. The last GTA
game for consoles, 2004's GTA: San Andreas has sold more than 14 million
copies.
On his Level Up blog, Newsweek's N'gai Croal mused: "It will be
interesting to see which publishers move their games out of the November
crunch and into October now that the neutron bomb that is Grand Theft
Auto IV will no longer be dropped in 2007."
His take: Nintendo benefits most because it gives consumers more reason
to buy a Wii. And Microsoft takes a bigger hit than Sony because its
expected one-two punch of Halo 3 and GTA IV might have resulted in more
Xbox 360 converts. "Rockstar has delivered its Grand Theft Auto games
more or less like clockwork, making today's announcement something of a
shock," he wrote.
On FiringSquad, news editor John Callaham trumped that calling the delay
"a major shock" and noted that "this delay, plus the delay in the
release of Rockstar's Manhunt 2, will drastically affect Take Two's
financial results causing the company to lose about $200 million in
revenue for its fiscal 2007 year.
Based on its Gamer Panel surveys of gamers' intent to buy, IGN
GamerMetrics' estimated that Call of Duty 4: Modern Warfare and
Assassin's Creed will be the beneficiaries of the game's delay this
holiday season.
=~=~=~=
A-ONE's Headline News
The Latest in Computer Technology News
Compiled by: Dana P. Jacobson
Internet Censorship Spreading
State restrictions on use of the Internet have spread to more than 20
countries that use catch-all and contradictory rules to help keep people
off line and stifle feared political opposition, a new report says.
In "Governing the Internet," the Organisation for Security and
Cooperation in Europe (OSCE) presented case studies of Web censorship in
Kazakhstan and Georgia and referred to similar findings in nations from
China to Iran, Sudan and Belarus.
"Recent moves against free speech on the Internet in a number of countries
have provided a bitter reminder of the ease with which someregimes,
democracies and dictatorships alike, seek to suppress speech that they
disapprove of, dislike, or simply fear," the report by the 56-nation OSCE
said.
"Speaking out has never been easier than on the Web. Yet at the same time,
we are witnessing the spread of Internet censorship," the 212-page report
said.
In a new case not covered by the report, a senior Malaysian minister vowed
this week to apply law prescribing jail terms for Web writers of comments
said to disparage Islam or the king.
Malaysian police grilled one on-line author over postings the ruling party
described as an attack on the country's state religion and a bid to stir
racial tension.
In Kazakhstan, rules on Internet use are so vague and politicized that
they "allow for any interpretation ..., easily triggering Soviet-style
'spy mania"' where any dissident individual or organisation could be
branded a threat to national well-being and silenced, according to the
OSCE report.
It cited a prominent incident in 2005 when Kazakhstan seized all .kz
Internet domains and closed one deemed offensive and run by British
satirist Sacha Baron Cohen, who had made the acclaimed spoof film "Borat:
Cultural Learnings of America for Make Benefit Glorious Nation of
Kazakhstan."
In a speech to the OSCE parliament on Thursday, Kazakh Information
Minister Yermukhamet Yertysbayev insisted Kazakhstan was determined to
build democracy and create an "e-government" expanding Internet service
and making "our media more free, contemporary and independent."
The OSCE report said Kazakhstan's state monopoly on Internet providers
tended to deter use by making prices for all but very slow and limited
dial-up service far higher than those for West Europeans even though
Kazakh incomes are much lower.
Georgian law contained "contradictory and ill-defined" provisions which
might "give leverage for illegitimate limitation" of free expression on
the Internet, the report said.
Lawmaker Wants Yahoo Probe
Congressional investigators plan to look into whether Yahoo officials
misrepresented the Internet company's role in the arrest of a Chinese
journalist sentenced to a decade in jail.
House Foreign Affairs Chairman Tom Lantos ordered the investigation after
a human rights group released a document that it said raised questions
about what Yahoo knew when it shared information with authorities about
Shi Tao. Beijing officials had sought Shi for sending an e-mail about
Chinese media restrictions.
"For a firm engaged in the information industry, Yahoo sure has a lot of
secrecy to answer for," said Lantos, D-Calif. "We expect to learn the
truth and to hold the company to account."
Yahoo general counsel Michael Callahan told lawmakers at a hearing last
year that his company had no information about the nature of the
investigation when it provided details about Shi to Chinese officials,
Lantos said.
But the Dui Hua Foundation has released a document that it says shows the
Beijing State Security Bureau had written Yahoo saying it wanted e-mail
content about Shi for an investigation into suspected "illegal provision
of state secrets to foreign entities."
Lantos said that "covering up such a despicable practice when Congress
seeks an explanation is a serious offense."
Jim Cullinan, a Yahoo Inc. spokesman, expressed disappointment that
Lantos "is rushing to judgment on this issue, because the facts will
support Yahoo's testimony to Congress."
Regarding the document released by Dui Hua, Cullinan said, "There are many
and various descriptions of what state secrets could be, including
legitimate investigations into things like terrorism."
To do business with China's more than 100 million Internet users, U.S.
tech companies must satisfy a government that fiercely polices Internet
content. Filters block objectionable foreign Web sites; regulations ban
what the Chinese consider subversive and pornographic content and require
service providers to enforce censorship.
The document requesting information from Yahoo was translated by Dui Hua;
it was posted anonymously last week on the Web site of the U.S.-based
Chinese-language Web site Boxun.com, said Joshua Rosenzweig, research
manager at Dui Hua.
Zero-Day Attacks Top List of IT Concerns
Threats posed by zero-day vulnerabilities were ranked by global IT
decision makers as their topmost security concern, according to a recent
survey by security firm PatchLink.
Fifty-three percent of respondents put zero day vulnerabilities as the
No. 1 security concern, followed by hackers, cited by 35 percent, and
malware and spyware with 34 percent. PatchLink surveyed 250 of its
customers worldwide in June 2007, including CIOs, CSOs, IT directors and
managers.
"The prospect of zero-day attacks is extremely troubling for
organizations," said Charles Kolodgy, research director for security
products at IDC in Framingham, Mass. "Today's financially motivated
attackers are creating customized, sophisticated malware designed to
exploit unpublished application vulnerabilities in specific applications
before they can be fixed."
Many IT departments are spread thin and lack the resources to proactively
defend against zero-day threats, and attackers are using this to their
advantage, said Kolodgy.
Hackers are also counting on the human element part of the security
equation to help them accomplish their attacks, Kolodgy added.
"User behavior is difficult to control, and many hackers rely on users'
lapses in judgment to carry out their malicious activity," the IDC
analyst said.
Controlling user behavior was cited by 32 percent of IT executives as the
primary challenge to vulnerability management.
PatchLink also asked IT executives to rank the application that they are
most concerned about protecting, and Internet Explorer landed on top cited
by 83 percent of the respondents.
Various Internet security threat reports earlier indicated an increasing
trend in attacks targeted towards Web browsers and Web applications,
serving as an avenue to gain access to corporate networks.
"Those vulnerabilities are often used in 'gateway' attacks, in which an
initial exploitation takes place not to breach data immediately, but to
establish a foothold from which subsequent, more malicious attacks can be
launched," according to Symantec's latest Internet Security Threat Report.
If successful, vulnerabilities in Web browsers and Web applications can
enable an attacker to install malware and subsequently gain control of a
compromised system.
Although 72 percent of respondents to the PatchLink survey indicated that
they are now more secure than a year ago, IT executives remain wary of
other risks that are in the realm of the unknown, according to Matthew
Mosher, senior vice-president for Americas at PatchLink in Scottsdale,
Ariz.
"(IT managers) are now starting to look at more of these zero-day
vulnerabilities because they don't necessarily think that they have a
handle on that," explained Mosher.
The PatchLink executive added that the financial motivation driving
hackers today has made IT executives more concerned about zero-day
exploits.
Brian Bourne, president of Toronto-based IT security consultancy CMS
Consulting Inc., was surprised that zero-day vulnerabilities would concern
many IT executives, as such exploits are typically used for targeted
attacks.
Such concern may be out of lack of a complete understanding on how to
protect against these threats, he noted.
Bourne recommends a defense-in-depth strategy is still "the right
strategy" for protecting against zero-day exploits.
He urged IT managers to subscribe to a vulnerability advisory list, so
that they can get all updates on most recent zero-day discoveries.
"Get the information right away to find out if it impacts you," said
Bourne, adding that the first step is finding out whether your company
even runs that vulnerable software.
A good asset management system, which gives IT a clear indication of what
software and hardware are running across the enterprise, will enable
administrators to make a determination of whether they are vulnerable to
a zero-day attack, Bourne added.
Once it's determined that there is a risk, IT administrators can then
make an effort to learn everything they can about the vulnerability, he
said.
PDF Spammers Getting Creative
PDF spammers have started varying attachments to fool spam filters,
security vendor MessageLabs has warned.
After appearing only a few months ago, the PDF phenomenon now accounted
for 20 percent of the image spam passing through the managed service
provider's network, the company said. In the last fortnight, however, new
types of modified PDF spam had started appearing.
Spam filters had now adapted, turning PDFs from a document and attachment
type automatically trusted into one that was now being filtered by
antispam engines, causing the spammers to send out new, altered types of
PDF. Techniques included altering the rendering size of PDFs, introducing
pixel changes to make PDF blocking using signatures impossible, and
adding random text within PDFs.
PDFs were also turning up with security features such as encryption
turned on, another feature that made it hard to scan within a document to
single out spam from genuine PDFs. The overall aim was to generate so
many unique PDFs that antispam engines would be overwhelmed.
"This is almost certainly being automated by bots," said Mark Sunner of
MessageLabs. "It will eventually be used in conjunction with social
engineering techniques," he added, referring to targeted PDF attacks where
real people were sent documents from known contacts.
According to Sunner, the advantage of a managed service company such as
MessageLabs was the ability to detect rogue PDFs by analyzing information
such as IP source. A corporate gateway would not be able to do this
because only the ISP itself would be able to see this information with any
degree of reliability. "Where the PDF is coming from can also indicate a
problem," he said.
In recent time, third-party systems for verifying the senders and contents
of PDF documents have started to appear, including one from Geotrust that
takes advantage of Adobe's Livecycle Document Security server.
Kittens Could Solve Spam
An executive at Microsoft Corp. has an unusual idea for beating spammers.
Powerful software tools and supercomputers aren't involved, but kittens
are.
Or rather, photos of kittens. Kevin Larson, a researcher at Microsoft's
advanced reading technologies group, has found that asking a user to
identify the subject of a photo, like a kitten, could help block spam
programs.
Currently, services like Microsoft's free e-mail service Hotmail require
new users to type in a string of distorted letters as proof that it's a
human signing up for the account and not a computer. Called Human
Interactive Proofs (HIPs), Microsoft, Ticketmaster and a host of other
companies have been using the system for around five years, Larson said.
He spoke in Seattle on Friday at TypeCon 2007, an annual conference put on
by the Society of Typographic Aficionados for type enthusiasts and
designers.
When Hotmail first started using HIPs, the number of e-mail accounts
generated on the first day dropped by 20 percent without an increase in
support queries, Larson said. That was a sign that the HIPs were fooling
the computer programs that spammers use to automate signing up for new
Hotmail accounts from which spam is sent. However, spammers learned how
to tweak their programs to better recognize the HIPs, he said.
Now, it's a race for Microsoft to continue to alter its HIP system to
fool the computers, which ultimately seem to catch on. Larson's group at
Microsoft experiments with different ways to distort the text used in
HIPs in a way that is easy for humans to read but difficult for computers.
One twist on the HIP idea that they've worked on is to display 16 or more
photos and ask for identification of the photos. In an example, he
suggested using pictures of cats and dogs. The problem with the concept,
however, is that Microsoft would have to create a massive catalog of
photos, otherwise the programmers could match the correct response with
each photo in the catalog and begin to spoof the system, he said.
Audience members had a variety of ideas for ways to expand on the idea in
order to try to beat the spam programs. One suggested that Microsoft
continually take videos of a kitten jumping around a room, as a way to
generate a nearly endless string of photos for identification.
"It's possible that kittens are the wave of the future," Larson joked.
Microsoft might also be able to use short video clips instead of photos,
one audience member suggested. The cost to support that method might be a
concern but it could probably work, Larson said.
His group is also working on ways to improve the current letter-based
HIPs for human users. "We need to figure out how to make HIPs that are
more pleasant to read," Larson said. Many computer users may be familiar
with the "ugly distorted texts" that HIPs use, he said. "We let the
computer science people generate this text, but this is a design problem.
It seems we ought to bring what we know about legibility to make things
more pleasing to identify yet still stop computers," he said.
His team has thought about using beautiful calligraphy characters set
against ornate backgrounds, but such letters haven't been good at fooling
the computers because a program can identify the form of the letter by
the thickness of the font compared to the lines in the background design
and because a program can notice color differences of the font compared
to the background, he said.
With 90 billion pieces of e-mail spam sent every day, according to
Larson, companies like Yahoo Inc., Google Inc. and Microsoft that offer
free online mail services have an incentive to try to block spam.
Otherwise they pay for the resources that help send the spam.
Project WOMBAT Looks To Manage Online Threats
Researchers are looking for formal European Union sponsorship of a new
project that would keep an eye on malicious software and computer attacks
around the world.
Project WOMBAT (Worldwide Observatory for Malicious Behavior and Attack
Tools) is a threat management system being backed by European technology
companies and research institutions, including France Telecom SA, the
Institut Eurecom, and Hispasec Sistemas, said Stefan Zanero, a researcher
with the Institut Politecnico di Milano, who is involved with the
project.
WOMBAT will serve as an early warning system where security researchers
and professionals can get data on emerging threats, but the team will
also develop new technologies designed to automate the collection and
analysis of malware, Zanero said.
"What we are interested in is creating a way to understand as many things
as possible about the malicious code," Zanero said.
Some of the WOMBAT data will be made available to the public, but only
those who have been previously vetted will get access to the complete
data set.
WOMBAT will be funded, in part, by participating institutions, but it has
also been selected for funding by the European Union's 7th Framework
research program, Zanero said. The formal grant concession and the
creation of the research consortium behind the project, however, have not
been finalized.
eBay Can Continue Using 'Buy It Now'
A federal judge Friday denied a request from a small Virginia company to
stop the online auction powerhouse eBay Inc. from using a feature that
allows shoppers to purchase items at a fixed price.
U.S. District Court Judge Jerome B. Friedman denied a motion by
MercExchange LLC for a permanent injunction against San Jose, Calif.-based
eBay over the "Buy It Now" feature.
Last year, the U.S. Supreme Court ruled that although eBay infringed upon
MercExchange's patent for the service, it was up to the lower court to
decide whether eBay had to stop using it.
In his ruling, Friedman said the company was not irreparably harmed
because it continued to make money from its patents, either by licensing
them outright or by threatening litigation against those it believed
infringed upon them.
A federal jury found in 2003 that eBay had infringed on Great Falls-based
MercExchange's patent and awarded the company $35 million. The amount
later was reduced to $25 million.
MercExchange attorney Greg Stillman called the opinion a "double-edged
sword."
"It was sort of good news, bad news for both sides," Stillman said. "I'm
sure eBay is relieved that they're not going to be enjoined, but on the
other hand (Friedman) made it quite clear that they're going to have to
pay for that right."
Catherine England, a spokeswoman for eBay, said the company is "extremely
pleased" with the decision.
Friedman denied eBay's request to stay proceedings on the "Buy It Now"
patent because the infringement suit already has been tried by a jury and
a final verdict and damage award was affirmed by the federal circuit.
The judge did stay proceedings on a second patent held by MercExchange
until the U.S. Patent and Trademark Office has time to reexamine it.
In the closely watched case, the high court ruled that judges have
flexibility in deciding whether to issue court orders barring continued
use of a technology after juries find a patent violation. The decision
threw out a ruling by a federal appeals court that said injunctions should
be automatic unless exceptional circumstances apply.
The case became a rallying point for critics who argue the U.S. patent
system is riddled with abuse from small businesses that sue established
companies to enforce patents for ideas that have never been developed
into products.
Court Orders Man To Complete eBay Deal
An Australian court ordered a man to hand over a vintage plane worth about
$215,000 after he tried to back out of an eBay auction, a newspaper
reported Friday.
The New South Wales state Supreme Court ordered Vin Thomas to complete the
deal after he changed his mind about selling the 1946 World War II
Wirraway plane he had placed on the Internet auction site last year, the
Sydney Morning Herald reported.
Peter Smythe, a Australian warplane enthusiast, was the only person to
bid on the item, matching the $128,640 reserve price just moments before
the auction ended in August last year.
But Thomas had already agreed to sell the plane to someone else for
$85,800 more than Smythe's offer, and backed out of the sale, the
newspaper said.
Smythe took Thomas to court, hoping a judge would force him to follow
through with the deal.
Judge Nigel Rein agreed, saying the eBay auction formed "a binding
contract between the plaintiff and the defendant and ... should be
specifically enforced."
Companies Seek Control of `.us' Domain
In Britain, ".uk" is the suffix of choice for Internet addresses. In
Germany, it's ".de."
In the United States, however, ".us" is the forgotten stepchild. Web
sites tend to prefer ".com," which was designed as a global moniker for
commercial sites but is heavily populated by Americans.
Two companies prominent in the domain name industry want to challenge
that notion.
Believing they could do a better job marketing the country's own domain
name, ".info" operator Afilias Ltd. and registration company GoDaddy.com
Inc. are now trying to take over the operations of ".us." They'll face a
challenge from its current operator and possibly others. The U.S.
government could rule as early as this month.
NeuStar Inc. won the ".us" contract in 2001. At the time, addresses
ending in ".us" were confusing to register and use. With the government's
approval, NeuStar permitted sites to obtain non-geographic addresses such
as "clothingstore.us," rather than the more cumbersome
"clothingstore.los-angeles.ca.us."
The domain grew in usage to 1.3 million today, up from about 17,000 in
2001.
But that's still a fraction of the 11 million for ".de" and 6 million
each for ".uk" and China's ".cn." Even the Netherland's ".nl" has about
twice as many names.
"Now is the time to change (the `.us') leadership and put it on a growth
track," said Roland LaPlante, chief marketing officer for Dublin,
Ireland-based Afilias, whose U.S. arm is bidding with GoDaddy for the
".us" contract when the current one expires Oct. 25.
NeuStar won't step aside without a fight. It is seeking a contract
renewal and believes quality rather than quantity is what counts. In a
statement, the company said it has demonstrated its ability to operate
".us" with "the highest levels of security, stability, technical
expertise and policy compliance."
It is not known if other companies have submitted bids. The Commerce
Department did not return calls for comment.
Storm Worm Gets Smarter
Newer variants of the widespread Storm worm have introduced a new
technique for evading security experts - detecting when they are running
in a virtual environment and changing their behavior if they are.
The innovation is an indication of how common virtualization is becoming,
and also shows how sophisticated the developers of malware such as Storm
have become, according to Bojan Zdrnja, a handler with the Sans
Institute's Internet Storm Center (ISC).
He said Storm is the most prevalent malware at the moment, using fake
e-card emails that lead to a malicious website.
Zdrnja said the technique appears to be designed to set up roadblocks for
security analysts, who normally use virtual machines to safely execute
malicious code in order to analyze it. "The main reason their doing this
is (presumably) to make analysis more difficult," Zdrnja said in a report
on Thursday.
It means researchers have to either run the malware on a physical
machine, modify the virtual environment to prevent detection or manually
analyze the malware, Zdrnja said.
If Storm detects a virtual machine, it simply restarts the system without
causing an infection.
Virtualization allows several separate instances of an operating system
to be run on a single hardware system. It has become popular in data
centers, largely through the efforts of VMware, and is becoming more
widely used on the desktop, for instance with Parallels' virtualization
system for running Windows on Intel-based Macs.
Storm is designed to detect two virtual environments, VMware and
Microsoft's Virtual PC, Zdrnja said. It detects VMware by looking for a
particular number supported in VMware's I/O port - something that can be
easily changed.
It detects VirtualPC by running illegal instruction opcodes, which
generates errors only if the software is running on a physical system and
not a virtual machine.
The technique is the latest sign of the new programming sophistication of
malware writers, who are nowadays mainly working on a for-profit basis,
according to security researchers. But the trick also means that the worm
opts out of infecting virtual machines, Zdrnja noted.
"It will be interesting to see if malware authors will change this tactic
in the future as the number of virtual machines will grow for sure," he
said.
Ransomware Trojans Work of Single Group
The two most prominent ransomware Trojans of recent times could be the
work of the same or a closely-related Russian group, an analysis has
suggested.
Last week, a new ransomware Trojan appeared on the radar of security
researchers, and was quickly identified as a modified version of the
GpCode nasty that first hit the Internet as long ago as Spring 2005. As
with its predecessors, the new Trojan, also named "Glamour," sets out to
encrypt data files on any PC it infects, demanding a ransom of US$300 in
return for a key to unlock files.
Now an analysis from security research outfit Secure Science
Corporation (SSC) has plotted the large number of similarities between
the new GpCode and a version that appeared in 2006. Of the 168
functions identified in the code of the new variant, 63 were identical
to the older 2006 version.
"The results indicate that these two Trojans, found in the wild nearly
6 months apart, originated from the same source tree. This could mean
that the original authors are actively modifying the code themselves,
or they sold/traded the source code to another group who is now in
charge of the modifications," say the authors.
In other words, a single or allied group is cycling the same basic
ransomware platform through a series of attacks, modifying it each time
to evade detection for long enough to find victims. If true, that
increases the likelihood of future attacks using the same code base.
The planned window of opportunity appears to have been a short one -
the compile date for the malware was July 5th and the deadline date
mentioned it its threat message to victims states a payment deadline of
July 15th.
SSC has also found frightening evidence of GPCode's effectiveness. "In
the 8 months since November, we've recovered stolen data from 51 unique
drop sites [...]. The 14.5 million records found within these files came
from over 152,000 unique victims," says the report.
Fortunately, despite claiming to have encrypted files using RSA
4096-bit, the new version's apparent use of sophisticated encryption is
a bluff. Unlike previous versions of GpCode, the new variant uses a
much simpler but unnamed technique to create the appearance of having
encrypted files, possibly just a long-strong passphrase. A number of
companies have produced tools to reverse the work of the latest GpCode.
Ransomware Trojans have a fearsome reputation, but are still thankfully
one of malware's rarer events. The long periods of silence could,
indeed, be part of their design. Attacks have been recorded from early
2005, and several times in 2006.
Web Networking Boom Blasts Into The Workplace
After years of socializing, Facebook and MySpace mean business.
The sites, which started as a way to help people stay connected with
friends, in the past year have begun catering to professionals, offering
networking and advertising opportunities.
Some companies are embracing the trend, while others are trying to shut
the Internet's virtual doors as firmly as possible.
Barbershop owners Erin Portman and her husband, Michael, of Austin,
Texas, created a page on MySpace.com, the site owned by News Corp and
especially popular with teens.
MySpace "friends" of Bird's Barbershop often post photos and comments
about their haircuts on the music-filled MySpace page, with links back to
their own personalized MySpace pages.
"We started collecting 'friends' before we were even open," Portman said.
"I definitely think it has boosted our business." The shop now has more
than 2,100 MySpace 'friends,' many of them customers.
MySpace rival Facebook.com, started up in 2004 and in 2006 opened
registration to people with corporate e-mail addresses. Thousands of
business networks and communities exist on the site among 32 million
users, with much of the recent growth attributed to professionals.
Facebook says its fastest-growing demographic is people older than 25.
It's chief executive is 23-year-old Mark Zuckerberg, who is also one of
the founders.
While many businesses are using the sites, employees taking advantage of
them during work hours are stirring up controversy.
More than two-thirds of London businesses have banned or limited employee
access to the sites, says a straw poll commissioned by Britain's Evening
Standard newspaper in July. The United States, the United Kingdom and
Canada have the largest number of online networking users, according to
Facebook.
Toronto prohibited its 40,000 municipal workers from using such Web pages
three months ago, saying it distracts them.
"We want to ensure that city workers who are paid by the taxpayers are not
wasting undue time on non work-related activities," said City of Toronto
spokesman Brad Ross.
Many companies block inappropriate Web sites such as pornography from
their computer servers. Some even monitor their employees' online
activity.
Some networking sites allow users to post photos and videos, which may be
deemed "NSFW" - not safe for work - on the Web.
But Jerald Jellison, a professor at the University of Southern California
in Los Angeles, and an expert in change management and social relations,
said companies should embrace networking.
"People who lead businesses are reluctant to acknowledge the extent to
which hard-working professionals do other things besides strictly
working," he said. "We're human beings. We socialize. It's going to go
on whether you allow it or not."
People often meet other employees of their own firms through the sites,
said Jellison, who argued that such connections could be used to share
resources and increase productivity.
"If there is somebody who has experience dealing with clients in a
particular company and I find someone else who has done business with
this company, I could get information from him, which could help in terms
of making a sale," he said.
International Business Machines Corp. has developed networking software
designed for business clients to do just that.
"We tailor it to specifically help people organize their own activities,"
said IBM's Vice President of Emerging Technologies, Rod Smith. "The more
you're isolated and not in the loop, it makes it tremendously hard to
really define your work."
Are Laser Printers Hazardous to Your Health?
Office workers not only must deal with pollution from all manner of
carbon-based fuels rising from the streets around their buildings, but
also have to contend with a new menace. That's right - laser printers
that pollute.
An article published on Wednesday in Environmental Science & Technology
(EST) reports on a study by researchers from Queensland University of
Technology in Australia.
Initially, the researchers were requested by the Queensland Department
of Public Works to examine whether air quality in an office was affected
by a nearby highway. But Professor Lidia Morawska and her colleagues
discovered that levels of particulate matter were 500 percent higher
during a workday in the nonsmoking office building than even at a spot
on the highway.
Suspecting the printers, the researchers tested more than 60 in the
building and found a wide variation of emissions. The worst one was as
bad for nearby breathers as a cigarette smoker would be.
The range of emissions was wide. Looking at several brands and models,
with a range of toner cartridge ages, the researchers tested some in
isolated conditions and others in their office locations. Overall, they
found 37 printers were nonemitters, eight were low or medium emitters,
and 17 were high.
Patterns were not immediately apparent. One HP LaserJet 5 was a high
emitter, for instance, while another was a nonemitter. Eight HP LaserJet
4050 and four Ricoh Aficio series printers had no emissions, but HP's
LaserJet 1320 and 4250 were high emitters.
In general, the researchers found that newer toner cartridges, and
printing toner-heavy documents, released more particles. Morawska
recommended that, regardless of printer model or a toner cartridge's
age, offices should maintain good ventilation.
The researchers are planning more studies, such as testing multiple
printers of the same model. But little research has been conducted on
this subject. A 2006 study in Japan found that laser printers increase
concentrations of styrene, xylenes, and ozone, and that ink-jet printers
emitted pentanol.
Ten years ago, the U.S. Environmental Protection Agency evaluated
printers and photocopiers, but modern-day researchers said the data is
irrelevant because the technology has changed dramatically.
The range of results from the University of Queensland researchers raises
questions about how common high levels of indoor pollution from printers
might be, Charles Weschler of the University of Medicine and Dentistry in
New Jersey told EST. "Emissions may be highest with a brand-new
cartridge, just opened," he said. But he suggested it's also possible
that, for instance, the worse-than-smoking printer could have been "one
bad apple."
EST also quoted Erik Uhde of the Wilhelm Klauditz Institute in Germany,
who pointed out other variables. Even printers in a specific product line
from a specific manufacturer could vary, he said, because the sources for
their parts might differ. And if the cartridge is the key, Uhde said, it
is unclear whether it is the toner or the solvent causing the problem.
Microsoft Submits Photo File Format For Standardization
Microsoft on Tuesday said an international standards body has agreed to
vote on whether to accept the company's new digital-photo file format as
a standard, which Microsoft hopes will one day replace the widely used
JPEG format as the industry standard for electronic photography and
digital imaging.
The Joint Photographic Expert Group has agreed to submit formal
balloting of HD Photo to JPEG's national delegations for approval by the
fall. The tentative name for the spec is JPEG XR.
Expected to help Microsoft's cause is the fact that the company is
making the technology available without charge. "Microsoft's
royalty-free commitment will help the JPEG committee foster widespread
adoption of the specification and help ensure that it can be
implemented by the widest possible audience," JPEG said in a statement.
Microsoft claims the new file format would enable digital photographers
and editors to capture and transmit higher quality images at half the
size of photos created in today's JPEG standard. The company also
claims HD Photo produces fewer unwanted visual artifacts and offers
lossless data compression, which means no visual information is lost
when the file is shrunk and then recreated to its original size.
The current JPEG standard has been around for 20 years and is used by
photographers at major news organizations such as the Associated Press.
It's also found in image editing programs, including those built by
Adobe Systems, and is supported in digital cameras and printers.
Microsoft has already released HD Photo in the market through its own
products. The file format is natively supported by its new Windows
Vista operating system and in .Net Framework 3.0. HD Photo is also
supported by Apple's Mac OS X operating system.
In trying to drive the technology further into the market, Microsoft
has developed a plug-in that adds HD Photo support to Adobe's popular
Photoshop editing program.
=~=~=~=
Atari Online News, Etc. is a weekly publication covering the entire
Atari community. Reprint permission is granted, unless otherwise noted
at the beginning of any article, to Atari user groups and not for
profit publications only under the following terms: articles must
remain unedited and include the issue number and author at the top of
each article reprinted. Other reprints granted upon approval of
request. Send requests to: dpj@atarinews.org
No issue of Atari Online News, Etc. may be included on any commercial
media, nor uploaded or transmitted to any commercial online service or
internet site, in whole or in part, by any agent or means, without
the expressed consent or permission from the Publisher or Editor of
Atari Online News, Etc.
Opinions presented herein are those of the individual authors and do
not necessarily reflect those of the staff, or of the publishers. All
material herein is believed to be accurate at the time of publishing.
