Thursday, October 06, 2005

Google formally declares war on Microsoft

GOOGLE HAS confirmed that it will launch free spreadsheet and word-processing software online and take on Microsoft in one of its biggest markets.

Under the deal, Google will allow web users to access Sun's OpenOffice from a toolbar.

The other day, when Sun's Scott McNealy and his former employee now Google chief Eric Schmidt met up, Sun was wary about doing that.

When asked point blank, McNealy said it was something to be investigated. However Sun's Australian spokesman Paul O'Connor was a little more forthright about the deal which he said was "huge".

He bubbled that the deal was a wake-up call for Microsoft.

"At the moment most people are used to having to pay for software packages, but at the end of the day, the value is in the content and services – not in the software itself," he said.

source:http://www.theinquirer.net/?article=26734


# posted by dark master : 10/06/2005 09:33:00 AM  0 comments

AOL to buy Weblogs Inc. network for $25 mln-source

SAN FRANCISCO, Oct 5 (Reuters) - America Online Inc. has agreed to buy Weblogs Inc. -- a network of Internet diaries focused on niche topics ranging from food to gadgets -- for around $25 million, a source familiar with the deal said on Wednesday.

AOL, a unit of Time Warner Inc. (TWX.N: Quote, Profile, Research), could announce the acquisition of New York-based Weblogs Inc. (http://www.weblogsinc.com//) as early as Thursday, the source said.

Weblogs includes roughly 80 advertising-supported sites published by a group of more than 100 bloggers.

Examples include Autoblog, BloggingBaby and Engadget, Weblog Inc.'s most trafficked site, which is aimed at "rapid gadget freaks." Engadget ranks as one of the Web's most visited blogs, according to data on traffic measurement site Technorati.

A spokesman for America Online declined to comment. Executives for Weblogs were unavailable to comment. The personal blog of Weblogs founder and Chief Executive Jason Calacanis said he was flying from New York to a San Francisco Web conference on Wednesday evening.

America Online is attracted to Weblogs by the advertising opportunities created by adding the 80 sites to AOL's existing network of Internet properties, the source said.

The company is looking to offset a decline of millions of subscribers for its dial-up Internet service by boosting online advertising revenue.

Calacanis is a dot-com impresario who, in the second half of the 1990s, acted as the unofficial mayor of Silicon Alley, a hub of Internet companies that formed in Manhattan's downtown.

Weblogs is one of the more successful attempts at weaving together a network of individual blogs in order to attract a stable of advertisers and cash in on the blogging phenomenon.

A rival network known as Gawker Media is backed by Nick Denton, another New York-based blog entrepreneur. The Gawker network focuses on a smaller number of high-brow, gossip-oriented sites, including Gawker and Wonkette.

The acquisition was first reported on media industry blog PaidContent.org.

source:http://today.reuters.com/investing/financeArticle.aspx?type=mergersNews&storyID=2005-10-06T034342Z_01_N05108393_RTRIDST_0_TECH-WEBLOGS-AOL.XML


# posted by dark master : 10/06/2005 09:32:00 AM  0 comments

Nematodes: The Making of 'Beneficial' Network Worms

Convinced that businesses will use nonmalicious worms to cut down on network security costs, a high-profile security researcher is pushing ahead with a new framework for creating a "controlled worm" that can be used for beneficial purposes.

Dave Aitel, vulnerability researcher at New York-based Immunity Inc., unveiled a research-level demo of the "Nematode" framework at the Hack In The Box confab in Kuala Lumpur, Malaysia, insisting that good worms will become an important part of an organization's security strategy.

"We're trying to change the way people think," Aitel said in an interview with Ziff Davis Internet News. "We don't want people to think this is impossible. It's entirely possible to create and use beneficial worms and it's something businesses will be deploying in the future."

For years, security experts have debated the concept of using good worms to seek and destroy malicious worms. Some believe that it's time to use the worms' tactics against them and build good worms that fix problems but the chaos and confusion associated with self-propelled replicating programs have left others unconvinced.

Aitel is among those who believe it is "inevitable" that worm technology can significantly reduce the cost of disinfecting and maintaining a corporate network.

Read more here about security experts decrying good worms.

"We already have a proof-of-concept that can take a very simple exploit, go through a few steps and, in a matter of minutes, create a working nematode," Aitel said.

He took the name for the concept from the pointy-ended worm used to control pests in crops. "We can generate a nematode any way we want. You can make one that strictly controls, programmatically, what the worm does," Aitel explains.

Aitel, who did a six-year stint as a computer scientist at the NSA (National Security Agency) before moving on to work as a code-breaker for research outfit @Stake Inc., is adamant that nematodes can provide the answer for lowering security costs.

He sees a world where "strictly controlled" nematodes are used by ISPs, government organizations and large companies to show significant cost savings.

During his Hack In The Box presentation, Aitel outlines the reasons for creating nematodes and displayed strict protocols that can be used to control the beneficial worms.

Read more here about support for the concept of beneficial worms.

He said nematodes can be automatically created from available vulnerability information and even showed off a new programming language to create the worms.

Next Page: Potential Problems

Aitel acknowledged potential problems with the concept, noting that worms are very hard to write and use large amounts of network bandwidth. Because worms are harder to target and control, he noted that IT administrators live in constant fear.

The concept includes the use of "Nematokens," servers that are programmed to only respond to requests from networks cleared for attacks and the NIL (Nematode Intermediate Language) that can be used as a specialized and simplified "assembly for worms."

The NIL can be used to convert exploits into nematodes quickly and easily. In some cases, Aitel believes that exploits can be written to NIL directly to simplify the process even more.

This will be part of your security team's toolkit," Aitel argues, noting that his company's work is "research-level proof of concept" that details the theory and theology of using beneficial worms.

"If you look at the security cost of maintaining a large network, most CIOs agree its way above what they want to pay. With this [nematode] concept, you can take advantage of automating technologies to get protection for pennies on the dollar. That's the drive behind developing a lot of these new forward-looking technologies," Aitel said.

"Nematodes are a step beyond the next step. We're two stages away from using this," he added. "The goal has always been to build the network that protects itself automatically with automated technologies. We're certainly not more than five years away from this sort of technology becoming something that you can buy."

"We already have an engine that takes exploits and turns them into worms and does it in a way that allows you to inject control mechanisms into that. That's something that will appeal to businesses.

source:http://www.eweek.com/print_article2/0,1217,a=161750,00.asp


# posted by dark master : 10/06/2005 09:29:00 AM  0 comments

Text Hackers Could Jam Cellphones, a Paper Says

Malicious hackers could take down cellular networks in large cities by inundating their popular text-messaging services with the equivalent of spam, said computer security researchers, who will announce the findings of their research today.

Such an attack is possible, the researchers say, because cellphone companies provide the text-messaging service to their networks in a way that could allow an attacker who jams the message system to disable the voice network as well.

And because the message services are accessible through the Internet, cellular networks are open to the denial-of-service attacks that occur regularly online, in which computers send so many messages or commands to a target that the rogue data blocks other machines from connecting.

By pushing 165 messages a second into the network, said Patrick D. McDaniel, a professor of computer science and engineering at Pennsylvania State University and the lead researcher on the paper, "you can congest all of Manhattan."

Professor McDaniel and the other faculty author, Thomas F. La Porta, have extensive experience in computer security, including work in the telecommunications industry. The findings are expected to be released today at Penn State, and as a formal research paper at a computer security conference next month.

Cellular companies acknowledge that such attacks are possible, but say that they have developed systems to prevent effective ones.

"If you're not prepared, that could happen," said Brian Scott, senior manager for wireless messaging operations at Sprint. "If you are prepared and you have means in place to identify, detect and mitigate that, it's not as much of a concern."

Other specialists said such systems would face many of the same obstacles as those that try to block denial-of-service attacks, one of the thorniest problems in countering hackers.

"The solutions don't tend to be very elegant" in the Internet world, said Gary McGraw, chief technical officer of Cigital, a security consultant to the computing and telecommunications industries. "And I believe it will be the same thing on cellphones."

In their research, the authors concluded that all major cellular networks were vulnerable, and that a single computer with a cable modem could do the job. The researchers do not appear to believe that anyone has deliberately disrupted cellphone networks in this way, although it appears to have occurred by accident in other nations.

The text-messaging system, called S.M.S. for short messaging service, is an increasingly important part of the cellular network. Aside from its popularity with users, especially teenagers, it has gained prominence as a way to communicate when voice networks fail, as in emergencies like the terrorist attacks on Sept. 11, 2001.

The system works even when cellular calls do not because text messages are small packets of data that are easy to send, and because the companies transmit them on the high-priority channel whose main purpose is to set up cellphone calls.

But therein lies part of the vulnerability, Professor McDaniel said. The control channel cannot handle large amounts of data, he said, so by flooding the channel with messages, it is possible to prevent voice calls from going through.

"This is a traffic-jam problem," he said. "You're sending too many cars down a two-lane road."

Specialists not connected with the study said that weak link, combined with computers' ability to automatically repeat Internet processes at blinding speed, added up to a serious threat.

"Any time a vulnerability in the physical world exists that can be exploited via computer programs running on the Internet, we have a recipe for disaster," said Aviel D. Rubin, technical director of the Information Security Institute at Johns Hopkins. "It is as though those who wish to harm us have a magic switch that can turn off the cellular network."

The Penn State researchers said that once they began exploring the vulnerabilities of the network, they proved their concepts on a small scale by using their own cellphones.

"We were very, very careful," Professor McDaniel said. "We never sent more traffic than was necessary."

Their research proved that blocking networks was possible, a conclusion they later verified in private conversations with telephone company engineers and government regulators, he said.

One challenge for would-be attackers, according to the paper, is pulling together a list of working cellphones in a specific geographical area. But that, too, is made simpler via the Internet; the authors describe a process using Google and some search tricks that allowed them to collect 7,308 cellular numbers in New York City and 6,184 from Washington "with minimal time and effort." Though the vulnerability is serious, Professor McDaniel said, it is still the kind of thing that could only be carried out by skilled attackers, at least for now.

"It seems to me unlikely that a small number of unsophisticated users would be able to mount this attack effectively," he said.

The paper, to be posted online at www.smsanalysis.org, also offers suggestions for heading off the problem. The most direct solution, simply disconnecting the short messaging services from the Internet gateways, is not practical, Professor McDaniel said. But technologies to limit the messages being inserted into the network could provide some protection. Among the other recommendations is separating the voice and data in the next generation of cellphone technology so data jams cannot affect voice calls.

Cellular companies said they were moving forward on this and other security issues.

A spokesman for Cingular, Mark Siegel, said his company "constantly and aggressively monitors potential threats to the integrity and security of its network," but added, "As a rule, we don't comment on the defensive measures we have put in place or may put in place."

Dave Oberholzer, a marketing manager for information at Verizon WirelessVerizon Communications, said the company was well protected against this kind of attack because of software the company had put in place to insulate users from cellphone message spam. "We have fairly robust spam filters on those gateways," he said. "All of that is pretty much automated at this point."

Mr. McGraw, the chief technical officer of Cigital, said the goal of research like the Penn State paper was not to help hackers scale new heights, but to alert companies to problems before someone exploited them.

Getting the word out "has to be done very responsibly and very carefully," he said. "You don't want people to panic, but you do want them to sit up take notice and do something about it."

source:http://www.nytimes.com/2005/10/05/technology/05phone.html?pagewanted=print


# posted by dark master : 10/06/2005 09:26:00 AM  0 comments

This page is powered by Blogger. Isn't yours?