Copy Link
Add to Bookmark
Report
Atari Online News, Etc. Volume 10 Issue 32
Volume 10, Issue 32 Atari Online News, Etc. August 8, 2008
Published and Copyright (c) 1999 - 2008
All Rights Reserved
Atari Online News, Etc.
A-ONE Online Magazine
Dana P. Jacobson, Publisher/Managing Editor
Joseph Mirando, Managing Editor
Rob Mahlert, Associate Editor
Atari Online News, Etc. Staff
Dana P. Jacobson -- Editor
Joe Mirando -- "People Are Talking"
Michael Burkley -- "Unabashed Atariophile"
Albert Dayes -- "CC: Classic Chips"
Rob Mahlert -- Web site
Thomas J. Andrews -- "Keeper of the Flame"
With Contributions by:
Fred Horvat
To subscribe to A-ONE, change e-mail addresses, or unsubscribe,
log on to our website at: www.atarinews.org
and click on "Subscriptions".
OR subscribe to A-ONE by sending a message to: dpj@atarinews.org
and your address will be added to the distribution list.
To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE
Please make sure that you include the same address that you used to
subscribe from.
To download A-ONE, set your browser bookmarks to one of the
following sites:
http://people.delphiforums.com/dpj/a-one.htm
Now available:
http://www.atarinews.org
Visit the Atari Advantage Forum on Delphi!
http://forums.delphiforums.com/atari/
=~=~=~=
A-ONE #1032 08/08/08
~ Olympics Ticket Scam! ~ People Are Talking! ~ Why Attack DNS?
~ We're All Vulnerable! ~ New Mac A/V Is Free! ~ Mozilla's Aurora!
~ Google Soured on AOL! ~ AOL Split Confirmed! ~ ACEC Swap Meet Nears!
~ Wii MotionPlus: Cheap! ~ Sega's 'Beijing 2008'! ~ id: New Doom Coming!
-* Hackers Convene in Las Vegas *-
-* Yahoo Election Shows Protest Vote! *-
-* Beijing Travelers Are Warned of Web Spies! *-
=~=~=~=
->From the Editor's Keyboard "Saying it like it is!"
""""""""""""""""""""""""""
It's the weekend again, so that means more thunder and lightning, and,
of course, more rain! We're about 5 inches above normal for the year,
and climbing. It's a good thing that I listened to the weather report
last night. I went to work, and made sure that I had my rain gear with
me. Nothing worse than getting caught out on the golf course when the
clouds open up! It happened today - it started sprinkling, so I put on
my gear, and watched the golfers. One foursome had a middle-aged woman
among them. The rains came, and her poor husband had to hold an
umbrella over her head during every shot! I heard her telling another
player that she had just got her hair done earlier in the day, and didn't
want to ruin her new hairdo!! What a riot!
Let's get on with this week's issue - it's much better than the weather
that we're experiencing right now!
Until next time...
=~=~=~=
->A-ONE User Group Notes! - Meetings, Shows, and Info!
"""""""""""""""""""""""
ACEC Swap Meet September 13, 2008
ATARI COMPUTER ENTHUSIASTS
OF COLUMBUS, OHIO
VINTAGE COMPUTER AND VIDEO GAME SWAP MEET
September 13, 2008
9:00 a.m. - 3:00 p.m. EDT
Oakland Park Community Center
980 Lenore St.
All vintage and classic computers, video games, systems, accessories,
games, and software invited!
Vendor and Flea Marketeer donation: Free!
Shoppers and onlookers donation: Free!
Further info:
chwbrown@ee.net Charles (614) 447-9789
rarenz@columbus.rr.com
http://www.angelfire.com/oh4/acec/acec.html
=~=~=~=
PEOPLE ARE TALKING
compiled by Joe Mirando
joe@atarinews.org
Hidi ho friends and neighbors. I gotta tell ya, the UseNet is getting
scary out there. It's been a good, solid month since I used UseNet
messages in the column here. To be fair, I've missed a couple of weeks
because of illness (darned stomach flu) but nonetheless, even with a
timespan quadruple the usual, there are less than 40 new messages in
the newsgroup.
That makes me kind of sad... not because it hurts this column, but
because it kind of signals the undeniable end of an era. Heck, Atari
hasn't made a computer in more than a decade, and we're seeing the
effects of that.
Intellectually, I understand the reason for the drop in messages, but
psychologically and emotionally, it's tough. Atari computers have been
a huge part of my life. If not for Atari computers, I wouldn't have met
several people who've become some of my closest friends.
But that's what we're left with, my friends. We're in a situation now
where all but a very very few Atari users have a high expertise level
that you'd normally only see in the top few percent of a group. Most of
us have been using our STs, Megas, Falcons and TTs for years and years,
and we know the ins and outs of the hardware, the OS and the software.
There isn't usually much need for most of us to ask "how to" questions.
The one exception to that is 'modding' the machines... like adding
flashcard storage in lieu of an actual hard drive or something like
that. It's very rare that we see a NEW Atari user.
Of course, there's another possibility too. If you get a chance, read
this article entitled "R.I.P Usenet: 1080-2008" at:
http://www.pcmag.com/article2/0,2817,2326848,00.asp
I think it's a bit pessimistic and overblown, but it's informative
nonetheless.
Well, let's get to the news, hints, tips and info from the dead UseNet.
From the comp.sys.atari.st NewsGroup
====================================
Have you ever noticed that the actual size of a file can be different
than the amount of space that file takes up on your hard drive? There
are reasons for that, and it's something you often have to keep in
mind. But Jo Even Skarstein tells us:
"... I'm not interested in the peculiarities of the filesystem, I
want to know the size of the files. When manipulating/copying/moving
files around, there are two things of interest:
1. The size of the files themselves.
2. The amount of available space on the destination drive/partition. "
'PPera' tells Jo Even:
"But much depends from file count too - a lot of short files will
occupy much more space on target. So, for exact prediction before
starting copy you need to know cluster size of target, and size of
each file to copy.
Then, information about how much space is allocated on drive by files,
directories may be useful too. Not by copying exactly, but in
partition Info certainly. Win XP gives both info: sums and allocated
space."
Jo Even adds:
"You can sum the numbers of full clusters used in one 32 bit integer,
and the remainder in another 32 bit integer. Unless you have an awful
amount of very small (i.e. smaller than the size of a cluster) files
this should work with very large collections of files."
Francois Le Coat asks about interest in a very special kind of
emulator... ummm... virtual machine:
"I just bought an Apple 3G iPhone, and was wondering whether someone
would be interested to port ARAnyM on this small computer hosted with
a sort of Mac OS X, and having the power of a machine from year 2000.
There's an open SDK available for it, and I'm not measuring the effort
at the moment. So if you have some experience with this kind of embedded
developments please give ones opinion, you're welcome.
ARAnyM already runs on my Linux Vaio laptop, on my 1.25GHz G4 MDD and on
my PlayStation 3 (Linux). The point is iPhone has a tactile interface."
'Eric' tells Francois:
"Last I knew Apple will not allow emulators on the iPhone platform so
any port would require a jail-broken iPhone."
Didier Merquignon adds:
"Personally I have some ideas for use another embedded processor
(Freescale MPC5121e):
http://www.mtcera.com/product/img/05.jpg
there are more Mips by Mhz (Debian Linux)."
Francois tells Didier:
"How strange ! It would be the first time a big-endian configuration
embedding a Coldfire processor would be so called a "Personal Computer".
The 3G iPhone is powered with an ARM processor, and the hosted OS is
a Berkeley Software Distribution Unix, am I wrong?
Big-endian Unices are coming back again, for everyday life customers.
That's really interesting, indeed."
Didier explains:
"Hum.. before Feescale...
MCF was Motorola ColdFire.
MPC was Motorola PowerPC.
The fastest coldfire is always the v4e at 266 MHz (PFU & MMU), 3 or 4
years old now.
Here it's not a fastest PPC, it's an e300 core clocked at 400 MHz, but
it's an SOC (System On Chip) to reduce chips on the motherboard. It's a
tri-core because there are also on the chip an ALE (32 bits core for
audio), and a 3D graphics engine. On the chip because it's a
microcontroller there are also (like the coldfire) CAN, ethernet, PSC
(programmable serial controllers), USB, SDRAM DDR controller, DMA, PCI.
But here also on the chip PATA, SATA, S/PDIF, DIU (display interface
unit), etc.. A total of 516 pins on the chip."
Guillaume Tello receives his Eternec card and posts:
"I need some help to setup an Ethernec Card:
http://pagesperso-orange.fr/gtello/ethernec.jpg
Can you, looking at the picture, tell me:
- what is the good orientation to plug it into the rom port? (A or B?)
- what is the correct orientation of the ISA card? (C or D?)
What kind of Ethernet card can be used? I have:
- an Etherlink III (3Com)
- a common ethernet with chip APX EDI 95C02
What cable must be used for a computer to computer link? (no computer to
modem)."
Lyndon Amsdon tells Guillaume:
"D looks right, I can't 100% say as I've not seen this version
before.
Use Realtek RTL8019AS and if it is jumperless, use a PC to set it up
to port 0x300.
Crossover network cable."
'Ggnkua' adds:
"From what I gather, any ISA card which is NE2000 compatible should
work."
Daniel Aqua asks about his TT030:
"I've been reading that Atari manufactures two Atari TT Models. The
early 16Mhz models and the later 32mhz editions. How can one tell the
CPU speed of the TT they are running? Also, did the later TT's have
the 1.44 MB drives or the 720KB?"
Rodolphe Czuba tells Daniel:
"The first MSTE & TT were with 720 KB units because of the TOS 2.01 and
3.01 that was not able to manage 1.44.
With TOS 2.05/2.06 & 3.05/3.06 (for TT), the floppy is ok with 1.44. But
sure you need a 1.44 unit AND to put ON the 6 th dip switch under the
HDD place on the mb.
PS : The first MSTE mb have a hardware bug with a missing trace on the
PCB AND a bug in the UA02 GAL."
Lonny Pursell adds:
"Mine arrived with the 1.44mb drive when I bought it new."
Rodolphe adds:
"Only CPU is 32 MHz on some late machines... the bus is 16 MHz on all
TT. And the ST-RAM & TT-RAM accesses are 16 MHz....on all machines....
I just heart at the moment that the last rev of the mb (rev. H) are 20%
faster....but I never get the info WHY. TT was a bad machine in 1990,
surely a good in 1988."
'Ggnkua' comes up with a concrete way to answer the original question:
"You can use a program like sysinfo to check out the cpu frequency I
guess."
Well folks, that's it for this time around. Kind of depressing that four
weeks' worth of messages boils down to still be a little light, but
hey, I'll take what I can get.
Tune in again next week, same time, same station, and be ready to listen
to what they are saying when...
PEOPLE ARE TALKING
=~=~=~=
->In This Week's Gaming Section - Wii MotionPlus Will Be Cheap!
""""""""""""""""""""""""""""" id Working on New Doom!
Sega's 'Beijing 2008'!
=~=~=~=
->A-ONE's Game Console Industry News - The Latest Gaming News!
""""""""""""""""""""""""""""""""""
Iwata Says Wii MotionPlus Will Be Cheap
Nintendo's biggest announcement at E3 wasn't a game, but an accessory:
the Wii MotionPlus, which will plug into Wiimotes and add more accurate
motion control capabilities.
But this then raises the obvious question: How will Nintendo convince
the millions of current Wii owners to buy this doohickey and avoid
splintering their user-base? Speaking to the Wall Street Journal today
(via Kotaku), Nintendo president Satoru Iwata gave one potential answer:
the MotionPlus will be cheap.
"There will be games that will be enhanced by the Wii MotionPlus as well
as games that can only be played with it," Iwata said. "Users will need
four if they have four controllers, but we're going to try to offer it
for as little as possible. We haven't announced the price yet, but the
cost of making the Wii MotionPlus is not that much, so I think we can
make it very affordable."
Nintendo has also stated that they may build the MotionPlus technology
into new Wiimotes, ensuring that all future Wii sales will bring the
extra MotionPlus features with them. But if you're still weary of
keeping pace with the rate at which Nintendo releases new Wii
accessories, don't worry - Iwata said there are no more add-ons in the
works. "Most of the ideas for accessories that we had initially come up
with are out now. We might think up some more, and we might make them if
we do, but we don't have any plans to release a whole lot more."
In an interesting side note, Iwata was also asked about the Wii's
eventual successor. "The hardware team started work on the next thing as
soon as they were done with their previous project, but what they think
up doesn't necessarily become a product," Iwata answered. "We only turn
something into a product after it's been thoroughly vetted inside the
company. We're not at a point where we can give specifics, but of course
we're working on it."
At the rate that Wiis are still selling, though, we'd be shocked if this
vetting process ended any time soon.
Whatever They Call It, It Spells 'Doom'
Game developer id Software is kicking it up a notch. The Mesquite, Texas,
firm has begun working on the next Doom game, in addition to putting the
finishing touches on its first-person action game Rage (for the Sony
PlayStation 3, Microsoft Xbox 360 and Windows and Mac PCs). CEO Todd
Hollenshead will provide an update this weekend in Dallas at the 13th
annual QuakeCon. "We are calling it the new Doom for now," he says.
Doom 3, released in 2004, sold more than 3.5 million copies. "It may be
Doom 4 or it might not be Doom 4, or it may be Doom with a subtitle or
something descriptive of the setting," says Hollenshead, who would not
reveal any story details.
The company has many projects in the works. A free Quake Live Web-based
game is set to go public soon (quakelive.com). A Wolfenstein RPG
cellphone game is complete, while work on a new mobile Doom RPG 2 game
has begun. A reimagining of the 1991 sci-fi Nazi fighting game
Wolfenstein is in production (id is overseeing its development by Raven
Software) for the PS3, Xbox 360 and Windows PCs.
Sega Capitalizes on Olympics with 'Beijing 2008'
The Beijing Olympics are about to get under way. And thanks to NBC and
its assorted networks and Web sites, you'll be able to spend the next
two weeks pondering the intricacies of sports you never cared about
before.
Table tennis? Water polo? Badminton? I'm far more interested in watching
obscure athletes take their shot at glory than in watching Kobe Bryant
and the Redeem Team try to break the U.S. basketball jinx.
And when video games become an Olympic sport, I'll be ready. My prime
"Quake" deathmatch days will probably be long past, but maybe NBC will
invite me to provide expert commentary. Until then, I can participate in
Olympic competition the same way I've come to enjoy football, baseball
and auto racing: with a joystick in my hands.
* "Beijing 2008" (Sega, for the Xbox 360, PlayStation 3, $49.99): Sega
has the official Olympics license this year, and this is the publisher's
second crack at simulating the summer games. The lighthearted "Mario &
Sonic at the Olympic Games" was a diverting collection of Wii minigames,
but "Beijing" takes a more serious approach that may turn off casual
sports fans.
There are 38 events in this package, including track and field, aquatics
and gymnastics. The racing events all require similar technique,
requiring you to rapidly push two buttons to simulate running or
swimming. (Fans of Konami's '80s-era "Track & Field" games will feel
right at home.) Gymnastic events ask you to duplicate onscreen patterns,
like "Dance Dance Revolution" without a floor mat. And events like
discus or pole vault each have their own control schemes.
All the action is beautifully presented, which almost distracts from the
game's biggest flaw: It's very difficult. "Beijing" starts you off with
ridiculously weak characters (considering they're supposed to be
Olympic-caliber athletes), and it takes a long time to build them up to
a competitive level. That's OK if you're playing with friends and
everyone's sluggish, but the single-player mode is bound to frustrate
all but the most dedicated Olympics followers. One-and-a-half stars out
of four.
* "Big Beach Sports" (THQ, for the Wii, $29.99): You don't have to be a
world-class athlete to participate in "summer games"; when school's out
and the days are long, anything you play in the backyard or at the beach
fits the definition. "Big Beach Sports" brings six outdoor challenges -
volleyball, disc golf, cricket, bocce, soccer and football - to the Wii.
As with every other "Wii Sports" wannabe that's come out over the last
two years, the games here are a mixed bag. Disc golf is pretty good,
requiring you to develop a decent sidearm throw, and volleyball
duplicates the set-and-spike action of the real thing. Even if you're
not familiar with bocce, it makes for a fun head-to-head competition.
However, soccer and football (even two-on-two) aren't well-suited to the
Wii remote, and the inclusion of cricket in an American game is just
weird. And even the sports that work aren't likely to hold your interest
for long. "Big Beach Sports" is a passable party game, but doesn't have
the substance to satisfy a solo player. One star.
* "Summer Sports: Paradise Island" (Destineer, for the Wii, $29.99): The
games featured in this anthology - badminton, volleyball, miniature
golf, horseshoes, lawn darts, basketball and croquet - are the ones
you're more likely to see Americans playing during their summer vacations.
Unfortunately, only a few of them are well-executed enough to make you
want to stay inside and play on a hot day. Paradise Island looks like an
inviting place, but beneath the lush tropical scenery lurks some
dreadful programming. In lawn darts and horseshoes, for example, you're
supposed to mime throwing with the Wii remote, but the game doesn't seem
to register how hard you're throwing. Likewise, there's no connection
between the way you swing the remote and the animations in volleyball
and basketball.
Mini-golf and croquet are more accurate, and almost fun to play. But
when you can play all these games (except for lawn darts) for less money
in real life, why bother with the virtual versions? No stars.
=~=~=~=
A-ONE's Headline News
The Latest in Computer Technology News
Compiled by: Dana P. Jacobson
Beijing Games Hit by Internet Ticket Scam
Sports fans around the world have been swindled by an international
Internet scam which offered thousands of bogus tickets for the Beijing
Games, Olympic officials said on Monday.
The International Olympic Committee (IOC) announced it was taking action
to shut down the fraudsters, but the move came too late to help the
victims find replacement seats at the Games.
Among those left out of pocket were the families of Olympic athletes in
both Australia and New Zealand, with people in the United States, Japan,
Norway, China and Britain also reportedly conned by the sophisticated sting.
"We cannot accept people paying money for tickets and not getting them,"
said Gerhard Heiberg, an IOC executive board member.
Heiberg said the issue was raised last week, with both the IOC and the
United States Olympic Committee filing a lawsuit on Friday in a district
court in California, accusing at least six websites of selling
illegitimate or nonexistent tickets.
However, a U.S. lawyer who said he had lost $12,000 in the fraud,
accused the IOC of complacency.
"They have known about these sites for months and months and did
nothing," said Jim Moriarty, the partner of a Houston-based law firm
which is looking to represent fellow victims in any subsequent legal
actions.
"They have dashed the hopes and dreams of thousands of people who have
been planning for years to go the Games, and have already paid thousands
of dollars for airfare and what they thought were legitimate tickets,"
he told Reuters.
Despite last week's IOC suit, one of the sites accused of fraud -
www.beijingticketing.com - was still operating on Monday, offering
seats for numerous events, including Friday's opening ceremony, with
prices topping $2,150.
The professional-looking site, which carries the official Beijing Games
logo, provides a London phone number, which rang dead on Monday, and a
U.S. address in Phoenix, Arizona.
Australia's Olympic Committee (AOC) offered commiserations but no
solutions to the scores of Australians left out of pocket.
"Our sympathy goes to them ... but we certainly aren't in a position to
step in, compensate or find other tickets," AOC chief John Coates said
on Monday.
"We warned folk to only deal with authorized ticket suppliers," he told
a news conference.
The press reported that some Australian nationals had been swindled out
of almost $45,000. Moriarty said one unnamed individual had lost $57,000.
"The worst thing is that some people don't even know yet that they
bought tickets that won't arrive," he said.
"Some were told they could pick up the tickets at an office in Beijing,
and they won't be there. My guess is they sold thousands of tickets that
don't exist."
Tickets for events in host city Beijing completely sold out last week,
Games organizers said, leaving only seats for competitions in co-host
cities still available.
Many tickets are still being offered on the e-Bay auction website, but
Australia's Coates urged caution.
"There may be tickets on eBay that are delivered ... but I think it is a
great risk. That would be my message," he said.
US Intelligence Alerts Travelers to Cyber Spies
A US intelligence office Friday warned Americans traveling to the
Beijing Olympics or elsewhere to expect cyber spies to surreptitiously
compromise their laptops, cellphones, and other electronic devices.
The unusual advisory issued by the National Counterintelligence
Executive (NCIX) did not single out China by name, but the head of the
office did in a press release and a television interview.
"Somebody with a wireless device in China should expect it to be
compromised while he's there," Joel Brenner, head of the NCIX, told CBS
television.
Brenner said the Chinese public security services can activate a
person's cellphone or Blackberry when he or she thinks it is off, and
use it as a microphone.
His suggestion is to remove the battery. Or better yet leave it at home.
"If you can do without the device, don't take it," his office's advisory
said.
A press release quotes Brenner as saying the security advice "applies to
travel to virtually any overseas destination, from a Mediterranean beach
to this month's Olympic Games."
The advisory said travelers should have no expectation of privacy in
Internet cafes, hotels, offices or public places, adding that phone
networks and hotel business centers are regularly monitored in many
countries.
All information sent electronically - by fax, personal digital
assistant, computer, or telephone - can be intercepted, the advisory said.
"Wireless devices are especially vulnerable," it said.
Security services and criminals can then insert malicious software
wirelessly, it warned.
"When you connect to your home server, the 'malware" can migrate to your
business, agency, or home system, can inventory your system, and send
information back to the security service or potential malicious actor,"
it said.
Malware can also be transferred through USB sticks and computer disks.
"Corporate and government officials are most at risk, but don't assume
you're too insignificant to be targeted," the advisory said.
Security Geeks, Hackers Convene in Vegas
Thousands of network security professionals are in Las Vegas for the
annual Black Hat Briefings computer security conference, which will be
immediately followed by the DEFCON hacker convention. Both events focus
on network and Internet security issues. The Black Hat conference is
held at Caesars Palace Las Vegas Hotel & Casino, while DEFCON is at the
Riviera Hotel & Casino August 8-16.
Black Hat is targeted to more mainstream professionals; for example,
security experts from the Department of Homeland Security are scheduled
to speak. Meanwhile, DEFCON has a looser, more underground reputation:
Its schedule is peppered with hacker challenges and hacking contests.
Paid delegates to the Black Hat conference can attend DEFCON for free.
Conference organizers expect between 5,000-7,000 attendees this year.
At Black Hat, the keynote speaker this year is Ian Angell, a professor
of information systems for the London School of Economics. His topic:
the mix of computer and human activity on the network spawns not only
computer security but also institutional security issues. Also slated to
appear in a keynote event is Rod Beckstrom, director of the National
Cyber Security Center for the Office of Homeland Security.
The most anticipated presentation at the show, however, will be
IOActive's Dan Kaminsky when he unveils details of the flaw he
discovered in Domain Name Service software. The flaw had been kept under
wraps in an attempt to proactively convince major network suppliers and
operators to patch the flaw before information about it was made public.
Unfortunately, the flaw was leaked to the public on a blog site, and the
race was on to patch servers before hackers could exploit the
vulnerability.
Kaminsky is expected to detail the flaw, its discovery, and what
measures have been taken to patch the vulnerability. Weeks after the
public disclosure of the flaw, some systems are reported to be still
unprotected.
Other important presentations include details on past attacks of Cisco
routers, with a live demonstration of infecting switch-operating
software with viruses, and research from HP on how malware may be able
to evade detection software.
Black Hat also offers training events for participants on topics such as
advanced Web-penetration testing and effective intrusion testing of
networks. Some training sessions are extremely intensive, multi-day
events.
Again, DEFCON is a looser event, with wild competitions and events in
store for attendees. The most novel this year is an invitation to hack
conference badges - those ubiquitous name tags everyone is forced to
wear around convention halls. According to information on the DEFCON Web
site, "The DEFCON Badge Hacking Contest awards the top 3 most ingenious,
obscure, mischievous, obscene, or technologically astounding badge
modifications created over the weekend. No longer just a boring piece of
passive material, the badge is now a full-featured, active electronic
product, and it exists for your hacking pleasure." Other "invitations to
hack" include a wireless network, Capture the Flag hack and a hardware
hacking village.
Both DEFCON and Black Hat were founded 15 years ago by Jeff Moss, former
director of the Secure Computing Corporation.
Kaminsky Provides The Why of Attacking DNS
Speaking before a packed audience, researcher Dan Kaminsky explained the
urgency in having everyone patch their systems: virtually everything we do
on the Internet involves a Domain Name System request and therefore is
vulnerable.
Expectations ran running high before Wednesday morning as Kaminsky,
director of penetration testing for IOActive, had revealed little about
his DNS vulnerability up till then. That didn't stop others from trying
to figure it out. But that actually helped Kaminsky in the end; it meant
during his speech, he was able to skip the what and go directly to the why.
Security researchers always thought it was hard to poison DNS records,
but Kaminsky said to think of the process as a race, with a good guy and
bad guy each trying to get a secret number transaction ID. "You can get
there first," he said, "but you can't cross finish line unless you have
the secret number."
The question is why would someone bother? Well, Kaminsky talked about
how deeply embedded DNS is in our lives. Kaminsky said there are three
ages in computer hacking. The first was attacking servers (for example
FTP and Telnet). The second was attacking the browsers (for example
Javascript and ActiveX). We're now about to enter the third age, where
attacking Everything Else is possible.
We know that if we type a name.com into a browser, the DNS resolves it
to its numerical address. But what we don't realize is that same process
occurs when we send e-mail or when we log onto a Web site. These also
require DNS lookup.
Kaminsky then detailed how various security methods on the Web can be
defeated if one owns the DNS. For example, if a site wants to establish
a Trust Authority Certificate with the Certificate Authorities, they use
e-mail to confirm the identity of the requester. He also said that it's
possible to poison Google Analytics and even Google AdSense, which also
rely on DNS lookup.
Prior to the patch, the bad guy had a 1 in 65,000 chance of getting it
because the transaction ID is based, in part, on the port number used.
With the patch, the chances decrease to 1 in 2,147,483,648. Kaminsky
said it's not perfect, but it's a good enough start.
New Yahoo Election Tally Reveals Big Protest Vote
Yahoo Inc on Tuesday released a recount of the vote for its board that
sharply altered the results, revealing a strong protest vote against
five of nine directors including CEO Jerry Yang.
The Internet company said revised vote tallies showed 33.7 percent of
votes withheld for Yang, the company's co-founder, with 66.3 percent in
favor of him remaining on its board.
Yang has been under pressure for months over failed attempts by
Microsoft Corp to buy the company and over questions about his
leadership, but Friday's shareholder vote had suggested the tide was
turning in his favor. The initial tally showed 85 percent of votes going
to Yang.
The stunning new twist in the saga of Yahoo came after one its largest
and most critical shareholders, Capital Research Global Investors,
called on Monday for a probe of last week's shareholder vote after
finding discrepancies in the results.
Yahoo said it had been informed by Corporate Election Services, the
company's inspector of elections, that Broadridge Financial Solutions, a
proxy voting intermediary for major investors, had made significant
errors in reporting votes at its annual shareholder meeting.
Three other directors, including Yahoo Chairman Roy Bostock, also had
strong protest votes, with nearly 40 percent of votes withheld for
Bostock, 38 percent withheld for director Ron Burkle and 32 percent
withheld for Arthur Kern.
The three are members of the company's compensation committee and have
born the brunt of criticism for the company refusing to do more to link
executive pay to performance as corporate governance critics have
demanded.
A fifth board member, Gary Wilson, the former chairman of Northwest
Airlines, had 28 percent of votes on his reelection withheld.
The remaining four board members - Vyomesh Joshi, Eric Hippeau, Robert
Kotick and Mary Wilderotter - all received strong endorsements, with
each winning more than 90 percent of votes in favor of their reelection.
Ahead of the August 1 meeting, Kotick said he planned to resign shortly
after the meeting as part of a settlement deal with proxy challenger
Carl Icahn in which Icahn and two members of a slate proposed by the
billionaire investor would join an expanded board of 11 members instead
of the previous nine.
Gordon Crawford, whose Capital Research Global Investors owned 6.2
percent of Yahoo as of early June, said in May he was "extremely angry"
at Yang over the breakdown of talks with Microsoft.
Critics of corporate voting technology have called for a system
overhaul, said the counting process was complicated and lacking in
transparency.
In a statement, Broadridge acknowledged the error, but said it was an
isolated incident and that it did not change the outcome of the election
of the company's directors.
"Upon review, it was determined that there was a truncation error in the
final printout sent to the tabulator," said Chuck Callan, Broadridge's
senior vice president of regulatory affairs. "This resulted in the
under-reporting of shares withheld for certain directors," he said.
Mozilla's Aurora Shows Concepts for Future Browsers
Like cars, buildings and airplanes, browsers can have concept models.
That's the idea behind Aurora, a new "concept browser" from the Mozilla
Foundation.
Emanating from the Mozilla Labs initiative, where users are encouraged
to offer new browser ideas, the concept is available in video
visualizations. In the videos, Aurora envisions a variety of new
interaction models that push the concepts of collaboration, real-world
interaction, and context.
For instance, weather data can be collected as a user-controllable
object, dropped onto a screen where it displays a graph, and then
dragged to a desktop. The basic thrust of this video is that two people
are finding, exchanging and examining data as they might do with
physical materials.
Another clip demonstrates a futuristic bookmark system. Folders of
bookmarks are represented by small page images in a row at the top of
the page, and all the bookmarks within that folder descend in a column
of small images when you click on the folder. Typing in a word allows
the browser to suggest some related bookmarks. When you bookmark a page,
the browser suggests the appropriate folder.
But the browser also has the intelligence to find a page according to
its work-flow context, so the user can type the day and time, and the
browser will find the page the user was on at that moment.
For mobile browsers, the idea is to more fully utilize zoomable space.
For instance, panning with your finger on a touch screen can go to the
edge of the browser. The entire screen is taken up with content, but by
panning over, the user can see browser controls that might otherwise be
hidden. This maximizes screen space for content.
The plus sign calls up a new tab. When you zoom out, you can see all
browser tabbed windows as separate miniature screens, which can then be
stacked and reorganized as if they were open documents.
The Aurora videos were created by Adaptive Path, a San Francisco-based
user experience consultancy. Mozilla said more videos will be released
that "predict the future" of browsers.
Jesse James Garrett of Adaptive Path said that in considering Aurora,
the team kept coming back to a core set of "essential, high-priority
elements." The elements, he said, were clustered around four major
themes - context awareness, in which the browser "pays attention" to
the many kinds of data that pass through it; natural interaction that
more closely resembles the real world than current interfaces;
continuity that provides the same interaction model regardless of
device; and multiuser applications, which opens up the browser to the
Web's community space.
Al Hilwa, program director at industry research firm IDC, noted that the
"browser had been a sleeper market for some years," with Microsoft's
Internet Explorer as the main player. But now, he noted, there is
renewed interest in the browser as a platform because of the rise of
rich Internet applications that can work on the desktop, the rise of
non-Microsoft-based mobile platforms, and the resurgence of Apple's Mac.
Bewkes Confirms AOL Split
Time Warner will indeed split its AOL access and media units starting
next year, CEO Jeff Bewkes confirmed in a release announcing the
company's second-quarter earnings.
It's the first time the executive has confirmed that the split will take
place soon, though it's been widely talked about for months since the
chief mentioned it speculatively earlier this year. What he hasn't said
yet - and what some are expecting may come soon - is that Time Warner will
get rid of AOL altogether, perhaps selling it to a bigger player in the
online-advertising market.
It was another tepid quarter for the online-service-turned-media-company,
which saw revenues drop 16 percent, to $1.1 billion. Its ad revenues are
up 2 percent ($8 million) - though display ad revenues on AOL-owned sites
are down - but that business still isn't big enough to offset the losses
from AOL's sputtering Internet access service.
Once a national mainstay, the provider lost 604,000 subscribers in the
second quarter alone and is down 2.8 million from the previous year,
leaving it at 8.1 million subscribers. That's a $200 million loss (29
percent drop) for the company, which had raised fees on the dial-up
service in late June.
Operating income at AOL dropped 36 percent, to $230 million.
Reports have suggested that Internet provider EarthLink may be
interested in acquiring the access business from AOL.
Meanwhile, at Time Warner Cable, which Time Warner spun off in May,
revenues are up 7 percent, seeing a decline only in television
pay-per-view revenue. An additional 214,000 people have subscribed to
its "triple play" offering of cable TV, broadband Internet, and
telephone service, CEO Glenn Britt said in a release.
Google Sours on $1 Billion AOL Investment
Google acknowledged late Thursday that it may have made a bad bet on AOL.
The search giant said in a filing with the Securities and Exchange
Commission that its $1 billion investment for a 5 percent stake in Time
Warner's Web unit "may be impaired" and that it may have to take a
charge in the future:
Based on our review, we believe our investment in AOL may be
impaired...We will continue to review this investment for impairment in
the future. There can be no assurance that impairment charges will not
be required in the future, and any such amounts may be material to our
Consolidated Statements of Income.
The December 2005 investment secured a renewal of Google's search
advertising deal with AOL, preventing its largest ad partner from
defecting to Microsoft. The deal gave AOL a valuation of $20 billion at
the time.
Google didn't estimate in its filing what AOL might be worth today, but
observers have suggested a figure closer to $10 billion.
Google's deal allows it to demand that Time Warner spin off AOL in an
initial public offering of stock or buy back its stake, which would
result in a $500 million loss for Google.
Time Warner, perhaps signaling its intention to dispose of AOL to focus
on its media business, announced Wednesday that it will split AOL's
dial-up unit from its advertising business by early 2009.
New Mac A/V Is Free (Whether You Need It or Not)
Does the Macintosh need antivirus protection?
Such a question has been asked for years, especially with the dearth of
substantive Mac-specific worms. With PC Tools' iAntivirus, you won't be
paying anything for it, at least.
iAntiVirus joins ClamXav (the OS X derivative of ClamAV) in the small
camp of free antivirus applications for Mac OS X. (The software is
currently classified as a beta; users can download a full version of the
iAntiVirus software for free, but for phone support and/or commercial
use, users must pay $29.95. PC Tools also has a support forum which
users of the free software have access to.)
The differentiating feature, according to PC Tools' executives, is that
the antivirus signature database leaves out all of the numerous viruses
that are found on the Windows platform, streamlining the program
considerably.
In fact, only 82 signatures are included, blocking up to a total of 300
variants, according to Michael Greene, PC Tools' vice president of
product strategy. Of those malware signatures, 38 percent are
keyloggers, 30 percent hacking tools, and 11 percent are back doors,
Greene said.
The smaller number of signatures means that checking viruses against
those signatures can be processed much more quickly, Greene said. PC
Tools, which also developed the free Threatfire behavioral-based
antivirus program for the PC platform, hasn't committed to releasing a
version of the software for the OS X platform, he said.
To answer the question of whether Macs could or should need antivirus
software, Greene pointed to market share data that found that Apple
ranked third in the United States in PC sales. The more Apple climbs in
the sales rankings, the bigger the target it presents for virus writers
looking to make a name for themselves, Greene said.
Apple has consistently marketed its products as more secure than Windows
machines - which, given the relatively small number of Mac-specific
viruses, they probably are. However, is there still a need for antivirus
software? When asked to comment, an Apple representative highlighted the
OS X security page, which opens with this statement: "Every Mac is
secure - right out of the box - thanks to the proven foundation of Mac
OS X. Apple engineers have designed Leopard with more security to
protect your personal data and make your online life safer."
So if a Mac is secure, do Mac owners really need antivirus software?
Greene said they do. A smaller market share means that an OS is less
prone to attack, Greene said. "If I'm going to spend time writing a
virus, do I go after the opportunity to hit 1 in 10 [users], or 9 in
10?" he said. "I think the Mac will become a victim of its own success."
Greene said that he had never met a Macintosh user who had antivirus
software running.
iAntiVirus will compete with tools from Symantec, whose Norton Antivirus
for the Mac was launched several years ago, as well as Avast! Antivirus
for the Mac, which charges for the Macintosh version. Sophos Antivirus
for the Mac OS X also offers a free trial, then charges for the full
edition.
Even Computer Security Pros Vulnerable to Scams
Computer security professionals tend to be a highly paranoid bunch,
seeing potential threats everywhere. It turns out that some aren't
cautious enough, though.
Two researchers demonstrated Thursday at the Black Hat hacking
conference how they had gotten computer security experts to let their
guard down online the same way they advise the average Internet user not
to, especially on social networking Web sites.
A relatively simple ruse persuaded dozens of prominent security analysts
to connect on their social networking Web pages with people who weren't
friends at all. They were fake profiles, purportedly of other well-known
security pros. The scam was designed to expose the trust that even some
of the most skeptical Internet users display on some of the most
insecure sites on the Web.
Some social networking sites can be dangerous because they allow people
to post programming code - used for good or evil - on other people's
pages. Even networking sites that don't allow that step carry their own
security risks, because it's relatively easy for someone to masquerade
as a "friend" who isn't actually friendly - and recommend malicious Web
sites to click on.
The ruse concocted by Shawn Moyer, chief information security officer
for Agura Digital Security, and Nathan Hamiel, senior consultant for
Idea Information Security, worked like this:
They found prominent security figures who didn't have profiles on
particular social networking Web sites.
They built up fake profiles by using information from press releases and
news articles. Then they built up the profiles' authenticity by sending
them around to people who indiscriminately add friends on those sites.
Finally, once the profiles looked legitimate, they identified groups of
security professionals on those sites and sent their friend requests to
them.
Moyer and Hamiel said they did it three times, each time impersonating a
different person. Each time they lured in more than 50 new friends
within 24 hours. Some of those people were chief security officers for
major corporations and defense industry workers, they said. They
declined to identify any of those people.
"We really were surprised at the level of trust we found - we didn't
think we'd be as successful as we were," Moyer said. "Any one of these
people would have happily clicked on a malware site or viewed our
profile with a (data-stealing) Trojan application."
Moyer and Hamiel said they even landed an interview with a journalist
who responded to one of their friend requests. But they got busted: the
reporter sent an e-mail to the target's real profile page on another
social-networking site and discovered the fraud.
Moyer and Hamiel emphasized that the talk wasn't intended to single out
any particular social networking site. Many of them have the same
security problems, and users need be cautious about verifying the people
they add as friends.
=~=~=~=
Atari Online News, Etc. is a weekly publication covering the entire
Atari community. Reprint permission is granted, unless otherwise noted
at the beginning of any article, to Atari user groups and not for
profit publications only under the following terms: articles must
remain unedited and include the issue number and author at the top of
each article reprinted. Other reprints granted upon approval of
request. Send requests to: dpj@atarinews.org
No issue of Atari Online News, Etc. may be included on any commercial
media, nor uploaded or transmitted to any commercial online service or
internet site, in whole or in part, by any agent or means, without
the expressed consent or permission from the Publisher or Editor of
Atari Online News, Etc.
Opinions presented herein are those of the individual authors and do
not necessarily reflect those of the staff, or of the publishers. All
material herein is believed to be accurate at the time of publishing.
