Tuesday, July 31, 2007

Analysis: Don't Buy Into Free Security Suite Hype – Yet

07.31.07


By Neil Rubenking

Crawler LLC released Spyware Terminator 2.0 this past Friday, touting it as "the industry's first, totally free, full Internet security suite". But competitor CyberDefender quickly fired off an email to Crawler (and to PC Magazine) pointing out that their CyberDefenderFREE 2.0, released last November, was the first free Internet security suite, and asking for a retraction.

There's no question that CyberDefender was first, and there's no question that both are free. The catch is, neither product is a security suite, not as the term is generally understood.

When evaluating a security suite, PC Magazine expects to see a number of specific elements. It should have a robust full-featured personal firewall with protection against inbound attack, and against outbound security breaches. It must scan and remove both viruses and spyware, and it should offer real-time virus and spyware protection as well. We expect protection against spam, as well as some degree of additional security in the form of parental control, protection of private data, or both.

Norton Internet Security 2007 fits this profile, as do ZoneAlarm Internet Security 7, McAfee Total Protection, and many others.

CyberDefenderFREE 2.0 offers virus and spyware protection, and, at first glance, seems to include much more. But there's no firewall, just an option to turn an existing firewall on or off. The spam filtering feature is actually aimed at "protection from spyware, viruses, and phishing attacks" and does little to block ordinary spam. It does offer phishing protection and a module that makes sure you have all the latest security updates, but that doesn't make it a security suite.

Spyware Terminator 2.0 will scan and remove spyware and also protect against spyware installation. There's an option to integrate ClamAV, a separate free product. But the rest of the security features are low-rent.

Spyware Terminator 2.0 rates Web sites much the way SiteAdvisor does, but relies on user ratings rather than on SiteAdvisor's massive automated testing. It includes "Host Intrusion Prevention", but this feature is really just a new-program warning. That is, after your first full scan it pops an alert any time it sees a new program. And it offers a toolbar for Internet Explorer and Firefox with numerous features, most of them unrelated to security.

We'll have a full evaluation of Spyware Terminator 2.0 available shortly – but as an antispyware product, not as a security suite.

So the winner of this little spat is – nobody. If you want the full protection of a security suite, neither of these products comes close.

Thursday, July 26, 2007

Test your knowledge of online scams

By ANICK JESDANUN, AP Internet Writer Thu Jul 26, 1:03 AM ET

NEW YORK - Think you're smart at recognizing online scams? Take a quiz to find out.


McAfee Inc.'s SiteAdvisor service has created a 10-question test to see whether you can spot "phishing" attempts to steal passwords and other personal information by mimicking popular Web sites such as eBay Inc.'s PayPal and News Corp.'s MySpace.

In eight questions, you are presented with two Web sites or e-mail messages and are asked to identify the authentic one. The final two questions test your general knowledge about scams.

Afterward, the McAfee site presents telltale signs to look for, such as misspellings and suspicious Web addresses.

You can also download a tool that can help warn of sites known or suspected to be phishing scams. SiteAdvisor researchers also identify sites that produce spyware, viruses, excessive pop-up ads, junk e-mail or other threats.

Visit http://www.siteadvisor.com/quizzes/phishing_0707/ to take the quiz.

Wednesday, July 25, 2007

Your plant just called to say ... I'm thirsty!

31 minutes ago

NEW YORK, July 25 (Reuters Life!) - Imagine answering your cell phone to hear your Scotch Moss plant telling you in a fake Glaswegian accent that it needs a drink.

This scenario is not far from reality with a group of postgraduate students at New York University developing a way for over-watered or dry plants to phone for help.

The "Botanicalls" project uses moisture sensors placed in the soil which can send a signal over a wireless network to a gateway that places a call if the plant's too dry or wet.

Recorded voices are assigned to each plant to match its biological characteristics and to help increase the charm of the phone message and give plants their own personality.

Interactive communications student Rebecca Bray, who developed the concept with three colleagues, said the technology was not new but it's the way of communicating by voice and adding personality to the plants that's different.

"They will call and tell you they are thirsty and need a lot of water. They are also really polite," Bray told Reuters.

"We wanted to make sure that you weren't just getting phone calls that were really needy. So we have them calling you back when you've watered them to say thank you for watering me."

For example, the Scots Moss is given a fake Scottish accent as it was not originally from Scotland despite its name. A prolific spider plant was given a cheerful, friendly voice.

"We wanted to provide a system so that the plants could actually survive by communicating to people," said Bray who developed the system with Rob Faludi, Kati London and Kate Hartman.

She said they were surprised how many people have approached them to acquire this service for homes and businesses but didn't expect the system to become available commercially for at least another six months.

"We hope that the system will help people learn how to take better care of their plants over time and maybe not even need the phone calls after a while," Bray said.

Apple posts record quarterly profit

6 minutes ago

SAN JOSE, Calif. - Apple Inc.'s fiscal third-quarter profit soared more than 73 percent, fueled by demand for its Macintosh computers, the strength of its iPod media players and the sales of 270,000 iPhones in the first two days on the market.

For the quarter ended June 30, Apple's profit rose to $818 million, or 92 cents per share, up from $472 million, or 54 cents a share in the year-ago quarter.

Sales grew to $5.41 billion from $4.37 billion last year.

Analysts polled by Thomson Financial expected Apple to report earnings of 72 cents per share on sales of $5.28 billion while Apple itself had projected earnings of 66 cents per share on quarterly sales of $5.1 billion.

"We're thrilled to report the highest June quarter revenue and profit in Apple's history, along with the highest quarterly Mac sales ever," said Steve Jobs, Apple's CEO. "IPhone is off to a great start — we hope to sell our one-millionth iPhone by the end of its first full quarter of sales — and our new product pipeline is very strong."

The gadget maker's highly anticipated iPhone launched on June 29 and sold out within days. Wall Street analysts and investors have had lofty expectations for the multimedia cell phone, driving up Apple's stock more than 30 percent during the quarter.

Apple's silence on how many iPhones were available at launch added to the frenzy and analysts were hoping to gain some insight on the iPhone's initial sales impact and outlook when the Cupertino-based company was to discuss its quarterly earnings during a conference call late Wednesday.

Shares of Apple tumbled more than 6 percent Tuesday after AT&T Inc. — the iPhone's exclusive U.S. carrier — said it activated 146,000 iPhones on June 29 and 30, a number that disappointed investors following some analyst forecasts that Apple would sell 500,000 or more iPhones in its first weekend.

Officers used GPS coordinates from cell phone to track man's location

10 minutes ago

PENSACOLA, Fla. - A man charged with dialing 911 to chat with dispatchers nearly 300 times in the last month remained in jail Wednesday. Cheveon Alonzo Ford, 21, was arrested Tuesday night and charged with making obscene and harassing telephone calls.

He told authorities he began calling 911 because "I have no minutes on my phone and 911 is a free call," the Escambia County Sheriff's Office said in a news release.

Ford was being held on a $50,000 bond Wednesday afternoon.

Officers used GPS coordinates from Ford's cell phone to track his location to the west Pensacola home where he was arrested, the Pensacola News Journal Reported.

"His phone service had been cut off and 911 was the only number he could dial from the phone," said Bob Boschen, communication chief for Escambia County.

Boschen said many of Ford's 292 calls were sexual in nature.

"When he would call and a male dispatcher would answer, he would hang up," he said. "Our policy says that if a caller is belligerent in nature we have to get enough information to process the call and then we can disconnect," he said.

Ford never asked dispatchers for help or indicated he was in trouble.

McAfee sets Rootkit Detective free

Matt Hines 31 minutes ago

San Francisco (InfoWorld) - On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations.

Following in the footsteps of SiteAdvisor -- the free Web site security program acquired by McAfee in April 2006 that warns users about potentially dangerous sites and search results -- company officials said that the new tool will be offered at no charge from its Web site via download, with benefits for both end-users and its researchers.

The freeware program promises the ability to find and remove so-called rootkits -- self-cloaking malware attacks that install themselves as kernel modules or drivers and are most often used to hide other types of threats such as keyword-logging programs -- and send data about the attacks that are discovered back to McAfee.

As greater numbers of PC users have employed more sophisticated antimalware tools in recent years, hackers have rushed to adopt the rootkit model as a means for circumventing anti-virus systems and keeping their attacks hidden on people's computers.

According to the most recent estimates released by Santa Clara, Calif.-based McAfee, more than 7,325 new rootkit variants have been discovered since the beginning of 2007, a dramatic 100 percent increase over the 3,284 rootkits the company's researchers uncovered during all of 2006.

Rootkit Detective specifically promises to find hidden kernel processes and registry entries, as well as remove them when a user reboots their system. The tool also claims the ability to test the integrity of a PC's kernel memory and track any modifications that might also highlight rootkit activity.

As part of a beta program, Rootkit Detective -- which was developed within McAfee's Avert Labs -- has already been downloaded by more than 110,000 users, including businesses and consumers, company officials said.

"Dealing with rootkits will always be an arms race; the whole process is a game of challenge-and-response between the hackers and security community, and as the authors have advanced the complexity of their attacks, we need to continually update our own technologies to keep up," said Joe Telafici, vice president of operations at McAfee Avert Labs. "We started putting rootkit detectors into our products in 2006, and this is the next stage in advancing our detection technologies."

While most rootkit-fighting programs use what Telafici labeled a "tainted view" approach to finding the attacks -- that is, comparing results of system calls to the kernel to look for potential issues -- Rootkit Detector uses a variety of means to find hidden processes and registry keys that might evade such tactics, he said.

The approach is also particularly effective at helping McAfee find new rootkit variants, based on the detailed manner in which it monitors a machine's kernel and memory, according to the researcher.

Telafici goes as far as to claim that Rootkit Detector can find and remove every known rootkit reported to its researchers thus far.

"The bad guys are spending a lot of time trying to hide their work from simpler tools, but we can still see these programs making their calls, and we've already used the tool to find several new variations that we weren't previously aware of," he said. "We use a variety of means to detect processes, files, and registry keys that might otherwise remain hidden, and to bypass cloaking techniques employed by the rootkit authors."

In passing out Rootkit Detective to consumers and businesses free of charge, McAfee is hoping that, as with SiteAdvisor, people will actively use the application to submit virus samples to Avert Labs.

After analyzing any new attacks, McAfee will create a signature for any rootkits it tracks and channel that information into its other client security products.

"Gathering information this manner is a very effective way for us to get a handle on threats we haven't seen before, and it should get new kits flowing in that we can begin researching to adapt to throughout our product lines," Telafici said. "It's great to be able to offer something valuable for end-users that can really help protect them, while allowing us to find new attacks and develop technologies to address for our customers."

The Rootkit Detector launch underscores recent efforts by anti-virus providers to launch technologies aimed at fighting the most complex, cutting-edge attacks being aimed at users by hackers.

Last week, rival Symantec introduced a beta version of its Norton AntiBot program, which is designed to thwart the growing problem of PC-hijacking botnet attacks. However, unlike McAfee's latest offering, AntiBot is a for-pay product that will retail to consumers for less than $30.

Tuesday, July 24, 2007

Apple shares fall on iPhone numbers

By JORDAN ROBERTSON, AP Technology Writer 7 minutes ago

SAN JOSE, Calif. - AT&T Inc. wiped some of the glow off Apple Inc.'s iPhone on Tuesday, releasing numbers that showed fewer people than expected signed up for service in the first two days of the multimedia cell phone's release.

AT&T — the iPhone's exclusive carrier — said it activated 146,000 iPhones on June 29 and 30, a number that disappointed investors following some analyst forecasts that Apple would sell 500,000 or more iPhones in its first weekend.

The news interrupted a steady rise in Apple's stock price that started with the iPhone's release. The 18 percent surge generated $18 billion in shareholder wealth.

On Tuesday, Apple shares fell $8.81, or more than 6 percent, to $134.89, wiping out more than $7 billion of Apple's market value.

Analysts cautioned against reading too much into AT&T's activation numbers, saying the actual number of iPhones sold may be much higher but was not reflected in the figure because many users had activation problems and couldn't sign up for a few days.

"It's just had such a run on overexpectations, I don't see this as any sort of disappointing metric in terms of the iPhone overall," said Ingrid Ebeling, an analyst with JMP Securities. "I think it's just gotten a little overhyped over the past month."

Also weighing on Apple's stock Tuesday was a report from CIBC World Markets that said demand for the iPhone has experienced a "significant decline" in the past 10 days, a slowdown driven in part by dissatisfaction with the slow data transfer speeds on AT&T's network. CIBC used store visits and a survey of iPhone buyers to reach its conclusions.

CIBC said it expects Apple and AT&T to boost their marketing push for the iPhone and the companies could introduce a new model in November — earlier than expected — that operates on a faster network. The two models now available cost $499 and $599.

Apple spokeswoman Jennifer Bowcock did not immediately return a call for comment Tuesday.

Apple is expected to release more information on the iPhone's sales in its third-quarter earnings report on Wednesday. The company has been tightlipped about its near-term sales forecasts, saying only that it hopes to sell 10 million worldwide by 2008.

Shaw Wu, an analyst with American Technology Research, said the little information Apple is likely to release will be closely watched by investors looking for signs of the iPhone's momentum.

"Even though it's only two days of information, it's definitely going to be looked at carefully," Wu said.

Analysts are expecting Apple to continue its strong profit growth. According to a survey by Thomson Financial, Apple is expected to earn 72 cents a share on $5.29 billion in revenue for the third quarter.

Monday, July 23, 2007

Ultra-flexible fiber optics on the way

By BEN DOBBIN, AP Business Writer 8 minutes ago

ROCHESTER, N.Y. - Corning Inc. is finding its way around very tight corners to help high-speed Internet service reach high-rise apartments and condominiums.


The world's largest maker of optical fiber said Monday it has developed a new fiber that is at least 100 times more bendable than standard fiber, clearing a major hurdle for telecommunications carriers drawing fiber into homes.

"This is a game-changing technology for telecommunications applications," said Corning's president, Peter Volanakis. "We have developed an optical fiber cable that is as rugged as copper cable but with all of the bandwidth benefits of fiber."

Three Corning scientists invented low-loss optical fiber in the early 1970s. The gossamer-thin strands of ultra-pure glass delivering voice, video and data at the speed of light have replaced copper as the backbone of America's telephone and cable television networks and enabled the phenomenal growth of the Internet.

Current optical fiber doesn't carry light well when it is bent around corners and routed through a building, making it difficult and expensive to run fiber all the way to homes and businesses. The ultra-flexible technology allows the fiber to be bent with virtually no signal loss, Corning said.

Corning said the improvements will enable carriers to economically offer high-speed Internet, voice and high-definition TV service to virtually all high-rise buildings.

In standard fiber, the light signal leaks out at bends or turns and "with two 90-degree turns, the signal is lost," Corning spokesman Dan Collins said. "This design relies on nanostructures that serve as a mirror or a guardrail, and as the fiber is turned or bent, the light doesn't leak out. We have wrapped the fiber around a ball point pen and it retains its effectiveness."

Michael Render, a market researcher in Tulsa, Okla., said the new product "would be an important breakthrough" in fiber-to-the-home systems.

More than 1 percent of North American homes are now directly connected to fiber, but many of them are single-family dwellings, Render said.

"There obviously are a large number of people that live in multi-tenant buildings, and improvements in the way to get fiber to those individual living units could be very significant," he said.

Render said the technology would make it easier to bring fiber "all the way to each individual living room, for example, or at least to each floor," instead of taking it only to the basement and then using existing wiring to reach the living unit.

There are more than 25 million high-rise apartment homes in the United States and more than 680 million worldwide. "The high cost of installation and difficulty in delivering fiber to the home made this market unappealing to most providers," Volanakis said in a statement.

Corning formed a working team with New York-based Verizon Communications Inc. in February to tackle the problems of installing fiber in multiple-dwelling buildings. Verizon is the only major U.S. phone or cable company to aggressively draw fiber to existing homes.

"This fiber technology will enable us to bring faster Internet speeds, higher-quality high-definition content and more interactive capabilities than any other platform which exists today," said Paul Lacouture, a Verizon Telecom executive.

Chips: High tech aids or tracking tools?

Demonstrators prepare to march against microchip implants planned for Alzheimer's patients, in front of the Alzheimer's Community Care Headquarters in West Palm Beach, Fla., May 12, 2007. March organizer Katherine Albrecht, left, said a payer before starting the march. (AP Photo/Gary I. Rothstein)



By TODD LEWAN, AP National Writer Sun Jul 22, 6:23 AM ET

CityWatcher.com, a provider of surveillance equipment, attracted little notice itself — until a year ago, when two of its employees had glass-encapsulated microchips with miniature antennas embedded in their forearms.

The "chipping" of two workers with RFIDs — radio frequency identification tags as long as two grains of rice, as thick as a toothpick — was merely a way of restricting access to vaults that held sensitive data and images for police departments, a layer of security beyond key cards and clearance codes, the company said.

"To protect high-end secure data, you use more sophisticated techniques," Sean Darks, chief executive of the Cincinnati-based company, said. He compared chip implants to retina scans or fingerprinting. "There's a reader outside the door; you walk up to the reader, put your arm under it, and it opens the door."

Innocuous? Maybe.

But the news that Americans had, for the first time, been injected with electronic identifiers to perform their jobs fired up a debate over the proliferation of ever-more-precise tracking technologies and their ability to erode privacy in the digital age.

To some, the microchip was a wondrous invention — a high-tech helper that could increase security at nuclear plants and military bases, help authorities identify wandering Alzheimer's patients, allow consumers to buy their groceries, literally, with the wave of a chipped hand.

To others, the notion of tagging people was Orwellian, a departure from centuries of history and tradition in which people had the right to go and do as they pleased, without being tracked, unless they were harming someone else.

Chipping, these critics said, might start with Alzheimer's patients or Army Rangers, but would eventually be suggested for convicts, then parolees, then sex offenders, then illegal aliens — until one day, a majority of Americans, falling into one category or another, would find themselves electronically tagged.

The concept of making all things traceable isn't alien to Americans. Thirty years ago, the first electronic tags were fixed to the ears of cattle, to permit ranchers to track a herd's reproductive and eating habits. In the 1990s, millions of chips were implanted in livestock, fish, dogs, cats, even racehorses.

Microchips are now fixed to car windshields as toll-paying devices, on "contactless" payment cards (Chase's "Blink," or MasterCard's "PayPass"). They're embedded in Michelin tires, library books, passports, work uniforms, luggage, and, unbeknownst to many consumers, on a host of individual items, from Hewlett Packard printers to Sanyo TVs, at Wal-Mart and Best Buy.

But CityWatcher.com employees weren't appliances or pets: They were people made scannable.

"It was scary that a government contractor that specialized in putting surveillance cameras on city streets was the first to incorporate this technology in the workplace," says Liz McIntyre, co-author of "Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID."

Darks, the CityWatcher.com executive, dismissed his critics, noting that he and his employees had volunteered to be chip-injected. Any suggestion that a sinister, Big-Brother-like campaign was afoot, he said, was hogwash.

"You would think that we were going around putting chips in people by force," he told a reporter, "and that's not the case at all."

Yet, within days of the company's announcement, civil libertarians and Christian conservatives joined to excoriate the microchip's implantation in people.

RFID, they warned, would soon enable the government to "frisk" citizens electronically — an invisible, undetectable search performed by readers posted at "hotspots" along roadsides and in pedestrian areas. It might even be used to squeal on employees while they worked; time spent at the water cooler, in the bathroom, in a designated smoking area could one day be broadcast, recorded and compiled in off-limits, company databases.

"Ultimately," says Katherine Albrecht, a privacy advocate who specializes in consumer education and RFID technology, "the fear is that the government or your employer might someday say, 'Take a chip or starve.'"

Some Christian critics saw the implants as the fulfillment of a biblical prophecy that describes an age of evil in which humans are forced to take the "Mark of the Beast" on their bodies, to buy or sell anything.

Gary Wohlscheid, president of These Last Days Ministries, a Roman Catholic group in Lowell, Mich., put together a Web site that linked the implantable microchips to the apocalyptic prophecy in the book of Revelation.

"The Bible tells us that God's wrath will come to those who take the Mark of the Beast," he says. Those who refuse to accept the Satanic chip "will be saved," Wohlscheid offers in a comforting tone.

___

In post-9/11 America, electronic surveillance comes in myriad forms: in a gas station's video camera; in a cell phone tucked inside a teen's back pocket; in a radio tag attached to a supermarket shopping cart; in a Porsche automobile equipped with a LoJack anti-theft device.

"We're really on the verge of creating a surveillance society in America, where every movement, every action — some would even claim, our very thoughts — will be tracked, monitored, recorded and correlated," says Barry Steinhardt, director of the Technology and Liberty Program at the American Civil Liberties Union in Washington, D.C.

RFID, in Steinhardt's opinion, "could play a pivotal role in creating that surveillance society."

In design, the tag is simple: A medical-grade glass capsule holds a silicon computer chip, a copper antenna and a "capacitor" that transmits data stored on the chip when prompted by an electromagnetic reader.

Implantations are quick, relatively simple procedures. After a local anesthetic is administered, a large-gauge hypodermic needle injects the chip under the skin on the back of the arm, midway between the elbow and the shoulder.

"It feels just like getting a vaccine — a bit of pressure, no specific pain," says John Halamka, an emergency physician at Beth Israel Deaconess Medical Center in Boston.

He got chipped two years ago, "so that if I was ever in an accident, and arrived unconscious or incoherent at an emergency ward, doctors could identify me and access my medical history quickly." (A chipped person's medical profile can be continuously updated, since the information is stored on a database accessed via the Internet.)

Halamka thinks of his microchip as another technology with practical value, like his BlackBerry. But it's also clear, he says, that there are consequences to having an implanted identifier.

"My friends have commented to me that I'm 'marked' for life, that I've lost my anonymity. And to be honest, I think they're right."

Indeed, as microchip proponents and detractors readily agree, Americans' mistrust of microchips and technologies like RFID runs deep. Many wonder:

Do the current chips have global positioning transceivers that would allow the government to pinpoint a person's exact location, 24-7? (No; the technology doesn't yet exist.)

But could a tech-savvy stalker rig scanners to video cameras and film somebody each time they entered or left the house? (Quite easily, though not cheaply. Currently, readers cost $300 and up.)

How about thieves? Could they make their own readers, aim them at unsuspecting individuals, and surreptitiously pluck people's IDs out of their arms? (Yes. There's even a name for it — "spoofing.")

What's the average lifespan of a microchip? (About 10-15 years.) What if you get tired of it before then — can it be easily, painlessly removed? (Short answer: No.)

Presently, Steinhardt and other privacy advocates view the tagging of identity documents — passports, drivers licenses and the like — as a more pressing threat to Americans' privacy than the chipping of people. Equipping hospitals, doctors' offices, police stations and government agencies with readers will be costly, training staff will take time, and, he says, "people are going to be too squeamish about having an RFID chip inserted into their arms, or wherever."

But that wasn't the case in March 2004, when the Baja Beach Club in Barcelona, Spain — a nightclub catering to the body-aware, under-25 crowd — began holding "Implant Nights."

In a white lab coat, with hypodermic in latex-gloved hand, a company chipper wandered through the throng of the clubbers and clubbettes, anesthetizing the arms of consenting party goers, then injecting them with microchips.

The payoff?

Injectees would thereafter be able to breeze past bouncers and entrance lines, magically open doors to VIP lounges, and pay for drinks without cash or credit cards. The ID number on the VIP chip was linked to the user's financial accounts and stored in the club's computers.

After being chipped himself, club owner Conrad K. Chase declared that chip implants were hardly a big deal to his patrons, since "almost everybody has piercings, tattoos or silicone."

VIP chipping soon spread to the Baja Beach Club in Rotterdam, Holland, the Bar Soba in Edinburgh, Scotland, and the Amika nightclub in Miami Beach, Fla.

That same year, Mexico's attorney general, Rafael Macedo, made an announcement that thrilled chip proponents and chilled privacy advocates: He and 18 members of his staff had been microchipped as a way to limit access to a sensitive records room, whose door unlocked when a "portal reader" scanned the chips.

But did this make Mexican security airtight?

Hardly, says Jonathan Westhues, an independent security researcher in Cambridge, Mass. He concocted an "emulator," a hand-held device that cloned the implantable microchip electronically. With a team of computer-security experts, he demonstrated — on television — how easy it was to snag data off a chip.

Explains Adam Stubblefield, a Johns Hopkins researcher who joined the team: "You pass within a foot of a chipped person, copy the chip's code, then with a push of the button, replay the same ID number to any reader. You essentially assume the person's identity."

The company that makes implantable microchips for humans, VeriChip Corp., of Delray Beach, Fla., concedes the point — even as it markets its radio tag and its portal scanner as imperatives for high-security buildings, such as nuclear power plants.

"To grab information from radio frequency products with a scanning device is not hard to do," Scott Silverman, the company's chief executive, says. However, "the chip itself only contains a unique, 16-digit identification number. The relevant information is stored on a database."

Even so, he insists, it's harder to clone a VeriChip than it would be to steal someone's key card and use it to enter secure areas.

VeriChip Corp., whose parent company has been selling radio tags for animals for more than a decade, has sold 7,000 microchips worldwide, of which about 2,000 have been implanted in humans. More than one-tenth of those have been in the U.S., generating "nominal revenues," the company acknowledged in a Securities and Exchange Commission filing in February.

Although in five years VeriChip Corp. has yet to turn a profit, it has been investing heavily — up to $2 million a quarter — to create new markets.

The company's present push: tagging of "high-risk" patients — diabetics and people with heart conditions or Alzheimer's disease.

In an emergency, hospital staff could wave a reader over a patient's arm, get an ID number, and then, via the Internet, enter a company database and pull up the person's identity and medical history.

To doctors, a "starter kit" — complete with 10 hypodermic syringes, 10 VeriChips and a reader — costs $1,400. To patients, a microchip implant means a $200, out-of-pocket expense to their physician. Presently, chip implants aren't covered by insurance companies, Medicare or Medicaid.

For almost two years, the company has been offering hospitals free scanners, but acceptance has been limited. According to the company's most recent SEC quarterly filing, 515 hospitals have pledged to take part in the VeriMed network, yet only 100 have actually been equipped and trained to use the system.

Some wonder why they should abandon noninvasive tags such as MedicAlert, a low-tech bracelet that warns paramedics if patients have serious allergies or a chronic medical condition.

"Having these things under your skin instead of in your back pocket — it's just not clear to me why it's worth the inconvenience," says Westhues.

Silverman responds that an implanted chip is "guaranteed to be with you. It's not a medical arm bracelet that you can take off if you don't like the way it looks..."

In fact, microchips can be removed from the body — but it's not like removing a splinter.

The capsules can migrate around the body or bury themselves deep in the arm. When that happens, a sensor X-ray and monitors are needed to locate the chip, and a plastic surgeon must cut away scar tissue that forms around the chip.

The relative permanence is a big reason why Marc Rotenberg, of the Electronic Privacy Information Center, is suspicious about the motives of the company, which charges an annual fee to keep clients' records.

The company charges $20 a year for customers to keep a "one-pager" on its database — a record of blood type, allergies, medications, driver's license data and living-will directives. For $80 a year, it will keep an individual's full medical history.

___

In recent times, there have been rumors on Wall Street, and elsewhere, of the potential uses for RFID in humans: the chipping of U.S. soldiers, of inmates, or of migrant workers, to name a few.

To date, none of this has happened.

But a large-scale chipping plan that was proposed illustrates the stakes, pro and con.

In mid-May, a protest outside the Alzheimer's Community Care Center in West Palm Beach, Fla., drew attention to a two-year study in which 200 Alzheimer's patients, along with their caregivers, were to receive chip implants. Parents, children and elderly people decried the plan, with signs and placards.

"Chipping People Is Wrong" and "People Are Not Pets," the signs read. And: "Stop VeriChip."

Ironically, the media attention sent VeriChip's stock soaring 27 percent in one day.

"VeriChip offers technology that is absolutely bursting with potential," wrote blogger Gary E. Sattler, of the AOL site Bloggingstocks, even as he recognized privacy concerns.

Albrecht, the RFID critic who organized the demonstration, raises similar concerns on her AntiChips.com Web site.

"Is it appropriate to use the most vulnerable members of society for invasive medical research? Should the company be allowed to implant microchips into people whose mental impairments mean they cannot give fully informed consent?"

Mary Barnes, the care center's chief executive, counters that both the patients and their legal guardians must consent to the implants before receiving them. And the chips, she says, could be invaluable in identifying lost patients — for instance, if a hurricane strikes Florida.

That, of course, assumes that the Internet would be accessible in a killer storm. VeriChip Corp. acknowledged in an SEC filing that its "database may not function properly" in such circumstances.

As the polemic heats up, legislators are increasingly being drawn into the fray. Two states, Wisconsin and North Dakota, recently passed laws prohibiting the forced implantation of microchips in humans. Others — Ohio, Oklahoma, Colorado and Florida — are studying similar legislation.

In May, Oklahoma legislators were debating a bill that would have authorized microchip implants in people imprisoned for violent crimes. Many felt it would be a good way to monitor felons once released from prison.

But other lawmakers raised concerns. Rep. John Wright worried, "Apparently, we're going to permanently put the mark on these people."

Rep. Ed Cannaday found the forced microchipping of inmates "invasive ... We are going down that slippery slope."

In the end, lawmakers sent the bill back to committee for more work.

Tuesday, July 17, 2007

New Study Shows Most Internet-Dependent Businesses Losing Costly Battle Against DNS Attacks

Press Release Source: Mazerov Research and Consulting

Tuesday July 17, 9:01 am ET
Despite Deploying Multiple Security Measures, Majority Still Hit by Malware; Many Predict High Likelihood of Losing Productivity, Revenue -- Even Entire Business -- If They Were to Experience Significant Internet Disruption

DENVER--(BUSINESS WIRE)--A recent independent study of 465 IT and business professionals has revealed that companies are having to deploy a costly and often complex melange of security measures to keep their DNS (Domain Name Systems) protected from malicious attackers. Even so, many businesses remain vulnerable, as over half the respondents reported having fallen victim to some form of malware attack. Over one third had been hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack. Findings showed both external and internal DNS servers were equally vulnerable, as both types succumbed to attacks with roughly the same frequency.

Mazerov Research and Consulting -- an international provider of technology and market research -- conducted the study on behalf of Secure64 Software Corporation.

Internet Dependence

The findings underscore a disturbing trend as businesses are forced to find new ways to protect their IT infrastructure from Internet-based intrusions, yet are placing an incredibly high degree of dependency on continuous Internet connectivity. In this survey of businesses decision-makers, over half (54 percent) explained their companies are 'totally or extremely dependent' on uninterrupted Internet connectivity; another 26 percent said their company was very dependent. Only 6 percent said their company was not very dependent on Internet connectivity. Growing business dependence on Internet connectivity is the very vulnerability that allows malware to attack DNS.

Reliability, Immunity, Availability Most Important

Not surprisingly, respondents placed a high premium on being able to count on their DNS to work consistently and to ward off potentially crippling attacks. When asked to name an essential or extremely important attribute of a DNS solution, the top five responses included:

* Reliability (67 percent)
* Immunity to exploits, rootkits and malware (54 percent)
* Availability during denial-of-service attacks (52 percent)
* Simple to manage (48 percent)
* Fast query responses -- low latency/high performance (46 percent)

However, respondents admitted that trying to achieve these "must-have" DNS characteristics was challenging and required a significant investment in time, money and effort. Three-fourths of all respondents devote valuable resources to continuously patch their operating systems. Others reported having to harden operating systems, invest in dedicated firewalls, and add DNS appliances, DoS mitigation services and other network security devices. On average, respondents typically use at least 3.5 overlapping methods simultaneously to shore up their DNS security.

Downtime and Potential Damage, Loss

When asked how long their business could weather being taken offline before significant problems occurred, IT personnel were more sensitive to the issue than those occupying C-suites. According to the study, C-level executives estimated they could withstand losing Internet connectivity for just over two hours (126 minutes), whereas IT managers estimated it would only be 105 minutes before significant problems arose. Other IT personnel -- who may be most directly responsible for maintaining Internet uptime -- estimated an even shorter timeframe at an average of 72 minutes.

Respondents were also asked to assess what the likely impact would be on the health of their business if they were to experience a loss of Internet connectivity for a significant period of time. Maybe most alarming was 12 percent of participants claimed they would be extremely or somewhat likely to go out of business completely. Other responses included:

* Loss of productivity (74 percent)
* Unable to conduct the most basic business functions (54 percent)
* Loss of significant revenue (40 percent)
* Brand damage would suffer (39 percent)

When asked what the most catastrophic problem would be in the event of a major Internet disruption, 37 percent feared losing email whereas 47 percent identified the disruption of other Web-dependent services such as e-commerce, VOIP and customer support. Surprisingly, only 17 percent indicated that a failure of their DNS -- the underlying system that makes email and other Web services possible -- would be their most catastrophic problem.

"IT professionals are clearly facing a Sisyphean task when it comes to keeping their DNS secure," stated Bob Mazerov, founder and principal of Mazerov Research. "What's particularly interesting is that most respondents perceived the loss of email and other Web services as being a bigger problem than the loss of DNS. This suggests an enduring lack of focus, attention and awareness among IT and business professionals regarding the important and primary role DNS plays within the infrastructure of today's Internet-dependent enterprise."

About the Research Study

Mazerov Research & Consulting, LLC of Denver conducted the survey of IT professionals in February/March of 2007. The Internet-based survey was conducted online among 465 respondents nationwide, all with authority in their IT department and authority over DNS; among decision-makers across a breadth of industries from government to manufacturing to media and tourism; and included VARs, Integrators and ISPs. Virtually all economic sectors were included. The survey was also conducted across company size from under $1 million to over $250 million in revenue and from large and small IT staffs. A survey of 465 conducted using this method yields a margin of +/- 4.5 percent.

Complete survey results are available on the Mazerov Research & Consulting Web site at http://www.mazerovresearch.com.

About Secure64

Headquartered in Greenwood Village, Colorado, Secure64 is a software developer providing secure, self-protecting, high performing server applications. Secure64's core technology is SourceT®, a patented Genuinely Secure(TM) micro OS designed from the ground up to make the micro OS and any applications running on it immune from rootkits and malware, and resistant to network attacks. Unlike conventional operating systems with insecure architectures, SourceT does not need to be hardened, patched and protected to minimize exposure to vulnerabilities. By simplifying and consolidating network infrastructures, SourceT-based applications help IT professionals reduce the costs and risks from potential security breaches while achieving unparalleled levels of reliability and performance. For more information, visit www.secure64.com.

About Mazerov Research & Consulting

Headquartered in Denver, Colorado, Mazerov Research and Consulting (MR&C) enables its clients to enter the market more effectively, garner market share more efficiently, and develop winning programs more economically through insightful, thoughtful use of marketing research and strategic consulting. We help our clients -- small, medium and large companies in a broad range of industries -- make better decisions, launch successful products and services, craft and execute more effective marketing and advertising programs, and support more effective sales programs. Since 1993, MR&C has helped clients develop over $5 billion in new products, improved sales performance, and advertising programs.


Contact:

Mazerov Research & Consulting
Robert Mazerov, 303-741-2369
Wireless: 303-808-5144
www.mazerovresearch.com

Source: Mazerov Research and Consulting

Wednesday, July 11, 2007

World's fair to have walls made of water

By BRIAN BERGSTEIN, AP Technology Writer 9 minutes ago

CAMBRIDGE, Mass. - Walking through walls will be possible and even encouraged. When next year's world expo opens in Zaragoza, Spain, fairgoers will encounter a building with walls made of thin sprays of water. Inside, there will be normal building stuff: a cafe, an exhibition space and overhead lighting.
ADVERTISEMENT

The water will come from thousands of little jets that can be switched on and off, rapid-fire, by computer-controlled sensors.

The resulting effect will enable images and text to scroll in the water walls. Or as a person approaches, the sensors could shape the water flow to make a door appear anywhere in the wall, and then close it after the person ambles through.

The 5,400-square-foot building also can vanish in moments, as the roof can be lowered from its 16-foot height all the way to the ground.

Surely these are cool tricks, but so what?

The Massachusetts Institute of Technology architects who developed the idea say it's a boundary-pushing artistic statement, in the tradition of the Crystal Palace and White City of long-ago world's fairs. Current estimated cost is about $3 million.

"One of the dreams of architecture in recent years has been to create reconfigurable, interactive, dynamic buildings, but of course if you do it with bricks it's not so easy," MIT researcher Carlo Ratti said.

Yet this is not purely whimsical. The theme of the Zaragoza fair is water and sustainable development, and Ratti points out that by using all recycled water, which in turn provides evaporative cooling and no need for air conditioning, the building has a low environmental footprint.

And even if other buildings aren't about to be made of water (ice hotels, notwithstanding), Ratti says future structures should adopt the water pavilion's goal of "total control of every single element, so nothing gets wasted."

Hands on with Casio's YouTube digital camera

Martyn Williams 18 minutes ago

San Francisco (IDGNS) - Casio Computer has developed its first digital cameras with a video mode optimized for YouTube. They come with software that can upload clips to the popular video-sharing Web site with a single click.



Called the Exilim EX-S880 and EX-Z77, the cameras are the result of a deal between Casio and Google, which owns YouTube, that gives Casio exclusive rights to the YouTube features until the end of this year.

The cameras will be released worldwide, starting in the U.S. in August, followed by Europe and Asia soon after. We had a chance to try out the higher-end of the two, the EX-S880, which will be priced at $300, in Tokyo on Wednesday. They are both digital still cameras that also shoot video, rather than dedicated video cameras.

Like many other Exilim models, the EX-S880 is thin and fits into a shirt pocket. At 94 millimeters by 60 mm by 17 mm, it's not much larger than a cell phone and weighs about the same, at 128 grams.

Behind the 3X optical zoom lens is an 8.1 megapixel image sensor that delivers pictures at up to 3,264 pixels by 2,448 pixels resolution. There are seven still image modes, including 16:9 and 3:2 aspect ratio settings, and six video modes, which range from a 320 pixel by 240 pixel low-quality mode to an 848 pixel by 480 pixel wide-screen, high quality mode at 30 frames per second. Video is recorded in MPEG4 H.264 as a Quicktime .mov file.

The camera doesn't need to be switched between its still and video modes thanks to two shooting buttons. One, on the top of the camera, takes still images and another, in the upper right corner at the rear, is for video. The lack of a still/video mode confused me initially and I couldn't figure out how to shoot a movie until someone explained the buttons to me. After getting the secret it proved very easy to use.

So how do you get a clip onto YouTube? First, you switch to YouTube-optimized mode in the shooting mode selection screen, which sets the capture to 640 pixels by 480 pixels at 30 frames per second. Then you shoot as many videos as you like.

You then slip the camera into a dock, which comes with the device and plugs into your PC (Windows XP SP2, 2000 SP4 and Vista only). This automatically starts a video management application on the computer and grabs the movie files. The application can be set up with a YouTube account, default title name and other settings, so getting the video online involves simply clicking the upload button. Alternatively, you can enter information specific to the clips and then upload them.

Once the upload was complete it took about 10 minutes for the clips to appear on YouTube. While it's not particularly difficult to upload clips manually to YouTube, the software certainly makes it much easier, especially if you have several clips to put online.

In addition to the YouTube features, the camera is packed with optimized modes for still images such as fireworks, twilight, parties, sports, candlelight portrait, and others.

Casio plans to sell both cameras worldwide. In the U.S. the EX-S880 will be priced at $300 and the EX-Z77 at $230. They'll also be launched in Europe from August and be available at about the same time in Asia.

Tuesday, July 10, 2007

Phishing tool constructs new sites in two seconds

Jeremy Kirk 28 minutes ago

San Francisco (IDGNS) - Software developers like to make installation of their programs simple and quick. So do hackers.
ADVERTISEMENT

Analysts at RSA Security early last month spotted a single piece of PHP code that installs a phishing site on a compromised server in about two seconds, the vendor noted in its monthly online fraud report for June, released on Tuesday.

The code contains all of the HTML (Hypertext Markup Language) and graphics needed for the fraudulent Web site, which spoofed a financial institution that RSA did not name in the report. The ".exe" file automatically installs the code and graphics in the right directories, RSA said.

It means the hacker did not have to repeatedly access the compromised server to upload graphics or other code for the site, potentially reducing the chance of the computer's security software or network software detecting something awry, RSA said.

"By using such kits, fraudsters will be able to further automate the process of hijacking servers and creating new phishing sites," the report said.

It doesn't bode well for combatting the problem of phishing, where hackers try to elicit passwords or financial information via look-alike Web sites.

Despite efforts to quickly shut sites down, phishing sites averaged a 3.8-day life span in May, according to the Anti-Phishing Working Group, which released its latest statistics on Sunday.

Data from market analyst Gartner released last month showed that phishing attacks have doubled over the last two years.

Gartner said 3.5 million adults remembered revealing sensitive personal or financial information to a phisher, while 2.3 million said that they had lost money because of phishing. The average loss is $1,250 per victim, Gartner said.