Saturday, June 21, 2008

AT&T Paying High Price For iPhone 3G: Will Users Take It?


Consumers will soon be able to snag the iPhone 3G at an attractive price -- but what will it cost AT&T?
As a general rule, wireless carriers pay about $200 to subsidize the price of a smartphone. But AT&T may be paying Apple $325 per unit for right of carriage, Oppenheimer financial analyst Yair Reimer wrote in a report.

Additionally, Reimer said AT&T will pay another $100 for subscribers signed up in Apple stores. When you add these figures to the retail price of the handset, AT&T could be paying as much as $624 for the 8-GB iPhone 3G, and $724 for the 16-GB version.

Representatives from Apple and AT&T didn't comment, but other analysts said Apple is receiving a tidy sum from the wireless carrier.

Piper Jaffray analyst Gene Munster estimated in a report Apple will receive an average of $466 per iPhone. Bernstein Research's Toni Sacconaghi said in a report that he expects iPhones to be sold to carriers for anywhere from $350 to $700 each.

For the first iPhone, AT&T and Apple had a monthly revenue-sharing deal, an uncommon practice in the wireless industry. For the iPhone 3G, the mobile operator recently said it would adopt the more traditional practice of reselling handsets to consumers at a subsidy.

AT&T said this move would affect the company's bottom line short term, and it expects to reduce earnings by 10 to 12 cents a share in each of the next two years. But, this strategy is expected to add to profits in 2010 by drawing more heavy-data subscribers.

Dutch Launch Open-source Smart Card Software Project

A Dutch charity is funding an open-source project to design smart card software that offers stronger protection of personal data in light of security vulnerabilities found with cards used today in the U.S., U.K. and Netherlands.
NLnet Foundation will give €150,000 (US$234,000) to Radboud University in Nijmegen, Netherlands, for the project, which will run through 2010, said Valer Mischenko, the foundation's general director.

The research and the code will be published for peer review, an open-source development model that can offer a stronger security model than undocumented, proprietary systems that dominate the smart-card market, Mischenko said. Companies will be able to use the software in future products, as it will be licensed under the GNU General Public License.

The need for more secure systems is clear. Researchers revealed last year security vulnerabilities in the Mifare Classic RFID (radio frequency identification) chip, which is used in up to 2 billion smart cards used for building access and public transportation systems worldwide.

The researchers figured out how the Mifare Classic's encryption algorithm worked, allowing them to obtain the 48-bit encryption keys the cards used. With that information, it's possible to create a clone of the card or, in some cases, add money to the card for public transport systems, said Bart Jacobs, information security professor at Radboud University.

The Mifare card chips "are from the 90s," Jacobs said. "At the time when they were developed, there was little computing power on those chips."

Using more complex encryption algorithms requires more computing power, which potentially means that a person could have to stand at a turnstile longer during a transaction. One of the aims of the new research is to strengthen that encryption but still have the transaction take a second or less, Jacobs said.

"You don't want to stand before a gate 10 seconds before it opens," Jacobs said.

Another aim is increased privacy. London's transport agency, Transport for London (TFL), uses Mifare chips in its contactless payment system known as the Oyster card. Customers have a couple of options when getting the card: they can register it with TFL, which offers benefits such as free replacement if the card lost, or buy an unregistered one.

If the card is registered, some of the person's travel record is stored by TFL databases, Jacobs said. That's a potential privacy risk if the data is misused. Jacobs said the project also aims to create card that can still offer special, personalized benefits for the rider but also not unnecessarily transmit more information than needed to a centralized database.

"Our point is that you can get these benefits without sacrificing privacy," Jacobs said. "We'd like to try this out."

A person's public transport history could also be used for marketing or other commercial purposes which may suit some interests but not necessarily be in the best interest of privacy, Jacobs said.

"In our improved card, the card behaves more like a paper ticket," Jacobs said. "It is electronic, but hides its identity and only says to a gate 'I'm allowed to make that trip'."

The research, headed up by Jacobs and Wouter Teepe, will start in July in the university's Digital Security Group. Jacobs said within about six months the researchers should have a good idea if a stronger algorithm will be technically feasible and practical in use.

All of the research will be open source and licensed under the GNU General Public License, Mischenko said.

Former Spam King Scott Richter To Pay MySpace $6 Million

A Colorado man has been ordered to pay US$6 million in damages and legal fees for spamming thousands of MySpace.com users.
Scott Richter of Westminster, Colorado, must pay MySpace $4.8 million in damages and $1.2 million in legal fees, a court-appointed arbitrator ruled on Thursday.

Richter, who was once accused of pumping out more than 100 million spam messages per day, had been sued by MySpace in January 2007 in connection with an August 2006 campaign in which MySpace members were hit with unsolicited messages promoting a Web site called Consumerpromotionscenter.com. The messages were sent from phished MySpace accounts, according to the findings of Philip Boesch, the court-appointed arbitrator in the case.

The messages were sent to a MySpace community that was ill-equipped to deal with any security problems. At the time, "MySpace only employed two relatively junior staff employees to deal with these issues," Boesch wrote. The company's security staff has now grown to about 40, he added.

MySpace had been seeking a court ruling in the case, but in August 2007, U.S. District Judge George King of the Central District of California granted Richter's request to assign the matter to arbitration. Terms of the award were made public on Monday.

In a statement, Richter said that he and his company, Media Breakaway, were happy to have this matter behind them, noting that the arbitrator's award was 95 percent less than the amount sought by MySpace.

"We respect the decision of the arbitrator and we're not going to appeal it," said Steven Richter, the president and general counsel of Media Breakaway and father of Scott Richter. "We're going to pay the money he awarded."

This is not the first time a Scott Richter company has had to cough up millions of dollars to fight spam charges. In 2005, his previous company, Optinrealbig.com, paid $7 million to settle similar charges brought by Microsoft.

Scott Richter was removed from anti-spam organization Spamhaus' list of known spammers that same year.

Media Breakaway, which has no other spam cases pending, is doing everything it can to build a compliance team and make sure it is acting within the law, Steven Richter said.

MySpace said the Richter award was the latest in a series of steps it has taken to combat abuse on its Web site. In May, the company was awarded a $230 million antispam judgment against Sanford Wallace and Walter Rines.

"This award reflects MySpace's continued momentum and holistic approach to ridding the site of spammers and phishers," MySpace said in a statement. "We will continue to do our part in cleansing the Internet of this invasive onslaught of spam."

Logo Design Studio Pro improves SVG support

Macware on Friday announced the release of Logo Design Studio Pro 1.8, an update to their logo design software for Mac OS X users. It costs $59.99, though updates for registered users are free.

Logo Design Studio Pro helps users looking for a creative logo to add to their stationery or corporate letterhead with more than 500 pre-designed logo templates. It sports Bezier curve-based editing tools, Boolean operations, more than 100 filters, alignment tools and other capabilities suitable for design environments.

New to this release is improved support for Scalable Vector Graphics (SVG), with more than 1,300 pre-designed SVG logo objects; a new browser to preview each SVG object in categories; and some bug fixes and enhancements.

System requirements call for Mac OS X 10.4 or later, 256MB RAM and 550MB hard disk space.

Microsoft Security Fix Clobbers 2 Million Password Stealers

Microsoft's June security updates were bad news for online criminals who make their living stealing password information from online gamers.

The company's Malicious Software Removal Tool-- a program that detects and removes viruses and other bad programs from Windows machines-- removed game password-stealing software from more than 2 million PCs in the first week after it was updated to detect these programs on June 10.

One password stealer, called Taterf, was detected on 700,000 computers in the first day after the update. That's twice as many infections as were spotted during the entire month after Microsoft began detecting the notorious Storm Worm malware last September.

"These are ridiculous numbers of infections my friends, absolutely mind-boggling," wrote Matt McCormack, a spokesman with Microsoft's Malware Response Center, in a Friday blog posting.

Between June 10 and June 17, Microsoft removed Taterf from about 1.3 million machines, he said.

Microsoft's September detections seriously hobbled the Storm Worm botnet, once considered a top Internet threat.

Password stealers such as Taterf are among the most common types of malicious software on the Internet. That's because there's big money to be made selling the virtual currencies used in online games for real-world cash.

Once a criminal learns a gamer's username and password, he can log into the game and sell the victim's virtual possessions for virtual gold coins. Those coins are then handed to another character in the game who sells the gold for real-world dollars at an online exchange such as IGE, said Greg Hoglund, CEO of HBGary and a co-author of the book "Exploiting Online Games."

"There's no way to audit that money transfer, so effectively they're doing money laundering," he said. "There's almost zero risk for the attackers."

The password-stealing programs are often installed via Web-based attack code that exploits flaws in multimedia programs such as Adobe's Flash Player or Apple's QuickTime Player, Hoglund said.

The attacks are often technically sophisticated, exploiting previously undisclosed bugs in Windows software, said Roger Thompson, chief research officer with AVG Technologies. "The 'World of Warcraft' password stealers have provided most of the innovation over the last twelve months," he said via instant message.

Microsoft's McCormack provided some data on where most of the password stealer detections occurred. Not surprisingly, China was the top country, with 529,003 detections.

Security experts say Chinese games are frequently the target of these attacks. Rounding out the top five countries for detections were Taiwan with 279,428, Spain with 235,381, the U.S. with 213,374 and Korea with 184,306.

About 330 million copies of the Malicious Software Removal Tool update were downloaded during this June period.

Gamers can make easy targets for criminals because some of them disable antivirus software to boost gaming performance, while others download free "cracked" versions of games, which can contain malware, McCormack said.

"So how does one avoid being infected?" he asked. "Running an up-to-date anti-virus solution is a good start. Running an up-to-date, patched browser is another necessity," he said. "Enabling Automatic Updates helps a whole bunch, too."

Microsoft Security Fix Clobbers 2 Million Password Stealers

Microsoft's June security updates were bad news for online criminals who make their living stealing password information from online gamers.

The company's Malicious Software Removal Tool-- a program that detects and removes viruses and other bad programs from Windows machines-- removed game password-stealing software from more than 2 million PCs in the first week after it was updated to detect these programs on June 10.

One password stealer, called Taterf, was detected on 700,000 computers in the first day after the update. That's twice as many infections as were spotted during the entire month after Microsoft began detecting the notorious Storm Worm malware last September.

"These are ridiculous numbers of infections my friends, absolutely mind-boggling," wrote Matt McCormack, a spokesman with Microsoft's Malware Response Center, in a Friday blog posting.

Between June 10 and June 17, Microsoft removed Taterf from about 1.3 million machines, he said.

Microsoft's September detections seriously hobbled the Storm Worm botnet, once considered a top Internet threat.

Password stealers such as Taterf are among the most common types of malicious software on the Internet. That's because there's big money to be made selling the virtual currencies used in online games for real-world cash.

Once a criminal learns a gamer's username and password, he can log into the game and sell the victim's virtual possessions for virtual gold coins. Those coins are then handed to another character in the game who sells the gold for real-world dollars at an online exchange such as IGE, said Greg Hoglund, CEO of HBGary and a co-author of the book "Exploiting Online Games."

"There's no way to audit that money transfer, so effectively they're doing money laundering," he said. "There's almost zero risk for the attackers."

The password-stealing programs are often installed via Web-based attack code that exploits flaws in multimedia programs such as Adobe's Flash Player or Apple's QuickTime Player, Hoglund said.

The attacks are often technically sophisticated, exploiting previously undisclosed bugs in Windows software, said Roger Thompson, chief research officer with AVG Technologies. "The 'World of Warcraft' password stealers have provided most of the innovation over the last twelve months," he said via instant message.

Microsoft's McCormack provided some data on where most of the password stealer detections occurred. Not surprisingly, China was the top country, with 529,003 detections.

Security experts say Chinese games are frequently the target of these attacks. Rounding out the top five countries for detections were Taiwan with 279,428, Spain with 235,381, the U.S. with 213,374 and Korea with 184,306.

About 330 million copies of the Malicious Software Removal Tool update were downloaded during this June period.

Gamers can make easy targets for criminals because some of them disable antivirus software to boost gaming performance, while others download free "cracked" versions of games, which can contain malware, McCormack said.

"So how does one avoid being infected?" he asked. "Running an up-to-date anti-virus solution is a good start. Running an up-to-date, patched browser is another necessity," he said. "Enabling Automatic Updates helps a whole bunch, too."

Friday, June 13, 2008

Verizon expands fast DSL to more areas

Verizon Communications Inc. on Thursday expanded the availability of its fastest DSL service to 3.4 million lines in 20 states.
The service, with downloads of 7 megabits per second, was available on 400,000 lines when it launched in January. In other areas, Verizon's fastest DSL service is at 3 mbps.

The 7 mbps plan costs $42.99 per month with an annual contract.

Verizon has not been putting much investment behind DSL, or Digital Subscriber Line technology, focusing instead on drawing fiber-optic lines that can provide even faster Internet access, plus cable-TV service. In the first quarter, it added a net of just 4,000 DSL customers, compared with 262,000 FiOS Internet subscribers.

Several other phone companies, including AT&T, provide top DSL speeds of at least 10 mbps in some areas. Qwest Communications International Inc. introduced 20 mbps service in April.

AT&T looking at charging heavy Internet users extra

AT&T Inc., the country's largest Internet provider, is considering charging extra for customers who download large amounts of data.
"A form of usage-based pricing for those customers who have abnormally high usage patterns is inevitable," spokesman Michael Coe said this week.

The top 5 percent of AT&T's DSL customers use 46 percent of the total bandwidth, Coe said. Overall bandwidth use on the network is surging, doubling every year and a half.

AT&T doesn't have any specific plans or fees to announce yet, Coe said.

Most cable companies have official or secret caps on the amount of data they allow subscribers to download every month. Time Warner Cable started a trial earlier this month in Beaumont, Texas, under which it will charge subscribers who go over their monthly bandwidth cap $1 per gigabyte.

Cable companies are at the forefront of usage-based pricing because neighbors share capacity on the local cable lines, and bandwidth hogs can slow down traffic for others. Phone companies have been less concerned about congestion because the phone lines they use to provide Internet service using DSL, or Digital Subscriber Line technology, aren't shared between neighbors, but AT&T is evidently concerned about congestion higher up in the network.

Those who mainly do Web surfing or e-mail use little data and have scant reason to pay attention to traffic caps. But those who download movies or TV, particularly in high definition, can hit the caps imposed by cable companies.

Download caps could put a crimp in the plans of services like Apple Inc.'s iTunes that use the Internet to deliver video. DVD-by-mail pioneer Netflix Inc. just launched a TV set-top box that receives an unlimited stream of Internet video to a TV set for as little as $8.99 per month.

New and Improved Firefox to be released on Tuesday

A new version of the Firefox Web browser is scheduled for release Tuesday with improvements in security, speed and design.
Many of the enhancements in Firefox 3 involve bookmarks. The new version lets Web surfers add keywords, or tags, to sort bookmarks by topic. A new "Places" feature lets users quickly access sites they recently bookmarked or tagged and pages they visit frequently but haven't bookmarked.

There's also a new star button for easily adding sites to your bookmark list — similar to what's already available on Microsoft Corp.'s Internet Explorer 7 browser.

Other new features include the ability to resume downloads midway if the connection is interrupted and an updated password manager that doesn't disrupt the log-in process.

In a nod to the growing use of Web-based e-mail, the browser can be set to launch Yahoo Inc.'s service when clicking a "mailto" link in a Web page, the ones you might come across clicking on a name or a "contact us" link. Previously such links could only open a standalone, desktop e-mail program.

Yahoo is the only Web service initially supported. To use rivals like Google Inc.'s Gmail and Microsoft Corp.'s Hotmail, developers of those services will have to enable that capability first.

Firefox also will start blocking rather than simply warning about sites known to engage in "phishing" scams that try to trick users into revealing passwords and other sensitive information. The new version adds protection from sites known to distribute viruses and other malicious software.

The list of suspicious sites come from Google Inc. and StopBadware.org, a project headed by legal scholars at Harvard and Oxford universities.

Security researchers who need access to problem sites can manually turn the feature off.

Firefox 3 also offers speed and design improvements — the back button is now larger than the forward button, for instance, because people tend to return to a previous page more often, said Mike Schroepfer, the project's vice president of engineering.

Firefox is the No. 2 Web browser behind Microsoft Corp.'s Internet Explorer. It comes from Mozilla, an open-source community in which thousands of people, mostly volunteers, collectively develop free products.

Mozilla has been developing Firefox 3 for nearly three years and has been publicly testing it since November for Windows, Mac and Linux computers.

Its supporters are organizing launch parties around the world next week, and Mozilla is trying to set a world record for most software downloads in a 24-hour period.

Microsoft is currently testing Internet Explorer 8, while Opera Software ASA released Opera 9.5 on Thursday.

Yahoo seeks Google's aid after Microsoft talks die

But after eluding Microsoft's grasp, Yahoo is now turning to Google to help squelch a rebellion among its shareholders who believe it should have accepted Microsoft's $47.5 billion buyout offer while it was still available last month.

Yahoo announced its decision to let Google handle some of its advertising sales late Thursday, just a few hours after revealing it unsuccessfully tried to persuade Microsoft to renew its previous offer of $33 per share. The snub caused Yahoo to conclude that there is no hope for any kind of deal with Microsoft.

Although Yahoo believes Google could help boost its annual revenue by $800 million, the advertising partnership wasn't enough to ease the disappointment of investors who had been holding out hope for a Microsoft deal.

Yahoo shares plunged $2.63, or 10.1 percent, to finish Thursday at $23.52 and shed another seven cents after the market closed.

Part of the problem for Yahoo is that antitrust concerns might prevent an alliance with Google.

Google already holds about 75 percent of the $11 billion search advertising market in the United States with Yahoo a distant second at 9 percent, according to the research firm eMarketer Inc.

Microsoft and a variety of consumer-interest groups already have signaled they will turn up the political heat in an attempt to prevent Google from working with Yahoo.

The outcry already has drawn the attention of U.S. Sen. Herb Kohl, chairman of the Senate subcommittee on antitrust, competition policy and consumer rights.

"The consequences for advertisers and consumers could be far-reaching and warrant careful review, and we plan to investigate the competitive and privacy implications of this deal further," said Kohl, a Wisconsin Democrat.

Yahoo and Google have voluntarily agreed to wait until late September to begin working together to give the government adequate time to review the arrangement. If it isn't blocked, the partnership could last for the next decade.

The antitrust scrutiny appears to be the least of Yahoo's worries for now.

The Sunnyvale-based company also is trying to fend off a shareholder mutiny led by activist investor Carl Icahn, who has vowed to replace the company's board because of the way the directors handled the Microsoft negotiations during the past 4 1/2 months.

But Icahn has been hoping to engineer a sale to Microsoft, so his campaign could be hurt by the perception that the software maker has lost all interest in buying Yahoo. Shareholders may be reluctant to support Icahn's attempted coup unless he can demonstrate his slate of directors has a better turnaround plan than the current board.

Icahn did not return phone calls seeking comment Thursday.

The fate of Yahoo's board is scheduled to be determined at the company's Aug. 1 annual meeting.

"If you are a Yahoo shareholder, you just have to be scratching your head right now," said Standard and Poor's equity analyst Scott Kessler.

If Wall Street's backlash becomes severe enough, Kessler said he believes Yahoo might have to consider replacing co-founder Jerry Yang as its chief executive — something Icahn has already promised he will do if he wins control of the board.

After Yang took over the reins from Terry Semel a year ago, Yahoo's stock price fell from $28.12 to $19.18 at the time Microsoft launched its unsolicited takeover attempt in January.

Yang "has been slow to move, slow to act and it has cost shareholders as a result," Kessler said.

Many Yahoo shareholders blame Yang for letting his emotional attachment blur his judgment during the Microsoft negotiations.

Yahoo's board sent Yang and fellow co-founder David Filo to a pivotal May 3 meeting in Seattle to discuss Microsoft's oral offer to buy the company for $33 per share, up from its initial bid of $31 per share. After Yang demanded $37 per share, Microsoft CEO Steve Ballmer withdrew the offer.

In recent weeks, Ballmer has been trying to buy Yahoo's search engine instead.

Yahoo concluded that its search engine was too important to sell piecemeal.

Without explaining its logic, Microsoft said it believed a deal involving Yahoo's search engine would have been more valuable to Yahoo than if it had bought the entire company at $33 per share. The Redmond, Wash.-based software maker said it remains open to buying Yahoo's search operations.

Yahoo's deal with Google includes an escape hatch should Microsoft or another suitor buy the company. If Yahoo is sold, Google would receive a termination fee of up to $250 million.

That clause could still raise hope that Icahn might be able to renew the Microsoft talks if he can win control of Yahoo's board.

The deal shapes up as a major victory for Mountain View-based Google, which didn't want Yahoo to fall into Microsoft's clutches.

"I am happy to be helping them to stay independent," Google co-founder Sergey Brin said in a Thursday interview.

With a Yahoo deal off the table, Microsoft could set its sights on a smaller acquisition that still might help its unprofitable Internet operations. Analysts have cited Time Warner Inc.'s AOL, Internet software service provider Salesforce Inc. and leading online social networks, News Corp.'s MySpace and Facebook Inc. as possible targets.

The Google partnership expands upon a two-week trial conducted in April while Yahoo was trying to pressure Microsoft into raising its bid. The tests confirmed Google's technology would generate more revenue for Yahoo than its own system, which cost more than $2 billion to acquire and improve.

Nevertheless, Yahoo still intends to use its own search engine to distribute some ads and process all search requests. Working with Google will give Yahoo "the best of both worlds," Yahoo President Sue Decker said a Thursday conference call.