Should Laptops Come With a Fire Extinguisher?

When pictures of flaming laptops blaze across the Internet, and Dell and Apple recall nearly 6 million lithium ion batteries, it's natural to wonder whether we can trust our portable devices. Billions of these batteries power everything from cell phones to cameras to Segways. And the push is invariably to pack more power into less space, increasing the severity of the damage in a worst-case scenario.

Incidents Are Rare
All 4.1 million Dell lithium ion batteries and 1.8 million Apple batteries in the recall contained cells made by Sony Energy Devices of Japan. A manufacturing defect (see the diagram) led to rare instances where batteries overheated and even caught fire (Dell reported six confirmed cases, and Apple nine).

If you're looking askance at your portable device, relax. Experts say the batteries, which can generate two to three times as much continuous power as other rechargeable battery types, are not unsafe. The battery packs incorporate multiple layers of internal safety monitoring that rely on CPUs and sensors along with control technologies such as vents and chemical fuses. Normally, a problem battery will power down automatically when a short circuit occurs, before any serious overheating or fire can develop.

Of course, if these precautions worked perfectly, Dell wouldn't have undertaken what the Consumer Product and Safety Commission says was the largest consumer electronic device recall in history (Apple's was the second largest). Sony says other batteries, including some in Sony VAIO notebooks, use the defective cells too; but safety measures in those batteries eliminate the risk, it says, and no further recalls are planned. Though any battery carries some inherent dangers, Sony has changed its manufacturing process to fix the defect.

The Odds Against
Will your laptop explode? The odds against are extremely high. Even if 50 times more incidents (or 300 total) happened than were reported to Dell or the CPSC, that would translate into only about 1 in 1000 chances that any Dell laptop battery shipped during the recall period (not just those being recalled) would overheat. Dell calculates that it shipped a total of 24.9 million batteries during the recall period (April 2004 to July 2006). Apple's problem batteries shipped between October 2003 and August 2006.

Given the sheer numbers of lithium ion batteries being cranked out every day, future recalls seem inevitable, despite manufacturers' work on safer designs and technologies. But if you follow basic safety precautions (see "Portable Power Safeguards"), you can probably leave the fire extinguisher at home.

First Benchmarks for Intel's Quad-Core Processor

The first benchmarks of Intel's quad-core Kentsfield processor are here, and the chip is showing some impressive speed in multithreaded applications. As with the Core 2 Duo launch, Intel supervised testing at its preview events this week, so we'll have to reserve our final take on performance until we can get a Kentsfield sample in our lab for testing with PC World's usual slate of benchmarks.

Intel's test setup pitted a 2.66-GHz Core 2 Extreme QX6700 (Kentsfield) chip against a 2.93-GHz Core 2 Extreme X6800 chip--the company's previous high-end desktop processor. Both systems used a preproduction D975XBX2 motherboard, 2GB of Corsair memory running at DDR2 800 speeds, a 320GB Seagate hard drive, and an eVGA GeForce 7950 GX2 graphics board.

Test Results
As our previous tests have shown, the Core 2 Extreme chip is plenty fast. In fact, when running single-threaded applications, or any apps that can't take advantage of lots of CPU cores, it's likely to remain the faster chip. On the general application benchmark PCMark 05 shown in the chart below, for example, the Core 2 Extreme actually beat the preproduction quad-core chip by a little bit, thanks presumably to its slightly higher clock speed. Standard 3D-accelerated gaming, as tested by 3DMark 05, wasn't much faster with the new chip either, though the CPU scores of both PCMark and 3DMark showed significant gains.

Kentsfield really starts to shine, however, once you hand it a complex video-encoding or 3D-rendering task. Both 3D rendering apps, POV-Ray and 3DS Max 8, ran considerably faster with four cores; in particular, POV-Ray rendered 83 percent more pixels per second running on the Kentsfield chip than on the Core 2 Extreme. Video editing and encoding ran about 30 percent faster in Sony's Vegas app and in the DivX converter.

First Benchmarks for Intel's Kentsfield Quad-Core Processor
Test Kentsfield Core 2 Extreme
Divx 6.2.5
with XMPEG 5.03
(seconds) 77 106
Sony Vegas 7.0a
(seconds) 255 384
3DS Max 8 SP2
(seconds) 49 81
POV-Ray Beta 15
(pixels per second) 2592 1417
PCMark 05 Pro
(overall score) 7550 7697
PCMark 05 Pro
(CPU score) 8470 7425
3DMark 05 Pro
(overall score) 8905 8300
3DMark 05 Pro
(CPU score) 3923 2545
CHART NOTE: Lower scores are better in the first three tests; higher scores are better in all other tests.


Analysis
Since Kentsfield is essentially a pair of linked Core 2 Duo dies on one chip, it's not surprising that the product's performance would be nearly identical to that of the dual-core chips in single-threaded applications. Again, our full verdict on Kentsfield will have to wait until we can test a sample in our own lab, but the results for our limited preview testing match up well with Intel's decision to roll out the quad-core processor in November as an enthusiast part first. While gamers may not see immediate gains from going quad-core, anyone working with video or 3D rendering should get some impressive results.

As more games and mainstream programs begin to take advantage of multiple CPU threads, and as video and high-definition video continue to grow in popularity, more and more people will have a need for multiple CPU cores. Next year's Core 2 Quad chips should supply that power, beginning with a 2.4-GHz part running on the 1066-MHz bus. Intel also plans to launch quad-core versions of its workstation and server-focused Xeon line before year's end.

Intel and Symantec Push Security Into Firmware

Intel and Symantec plan to release a firmware-based PC security product in the first half of 2007 to stop hackers from disabling virus shields.

This "virtual security solution" will run beneath the OS of a machine using Intel's vPro business bundle--PCs such as Hewlett-Packard's Compaq dc7700 or Lenovo's ThinkCentre M55p desktops.

The product could help to slow the trend of viruses and malware attacks that succeed only because the target PC has already had its defenses lowered--either because of the actions of a well-meaning but naive user or because of a malicious earlier hack--according to Leo Cohen, vice president of the security technology group at Symantec.

The Goal: Tamper-Resistant Security
"The trend is for the disabling or misconfiguring of security safeguards, so we will move security out of the user and operator environment," Cohen said earlier this week at the Intel Developer Forum in San Francisco.

"This is something Symantec takes seriously: How do you make your security solutions tamper-resistant? We're working with Intel to put security in the hardware, in the firmware," Cohen added.

Security experts increasingly say that a PC's biggest weakness is its own user, not a faulty firewall or defective virus shield. No matter how much security tools and policies improve, they are worthless unless their use is enforced by the IT department, Malcolm Harkins, general manager of Intel's information risk and security division, notes.

Background
The HP spying scandal has shown how easy it is for hackers to use "social engineering" tactics to breach defenses, whether they are obtaining private phone records by pretending to be account holders, or planting tracking software on a reporter's PC by embedding it in an e-mail with a fake news tip.

Likewise, companies have learned from battling viruses like Code Red, Slammer, and Nimda to use networked controls to push patches out to 95 percent of their PCs immediately. But they could spend just as much time and money patching the last 5 percent, and they can't rely on users to apply the updates themselves, Harkins says.

"If you're using real-time antivirus, desktop firewall, data encryption, and weekly hard drive scans, that could slow your system, so some end-users will turn [those tools] off," Harkins adds.

"People say the perimeter is vanishing, with extranets and mobile computing. But it's not vanishing, it's just shifted to the people, and they can forget to update their antivirus or talk too loudly on a cell phone in an airport. If you ignore that component, that's going to be the thing that gets you every time."

Indeed, IT administrators say that 28 percent of malicious attacks work because of compromised security, according to an August survey commissioned by Symantec. Whether the security is misconfigured by employees, by poorly written OS and application patches, or by hackers themselves, the survey concludes that the trend is increasing.

Judge: Morpheus Software Encouraged Piracy

In another blow to peer-to-peer file sharing, a U.S. federal judge ruled on Wednesday that the Morpheus software program encouraged users to infringe upon copyrighted works.

StreamCast Networks, the owner of Morpheus, "cannot seriously argue that it did not know that the popular music and movies traded on its network were copyrighted," wrote district judge Stephen V. Wilson.

The ruling is another win for record and film companies, which sought an injunction against distribution of the file-sharing software in the suit, filed in 2001.

Possible Appeal
StreamCast continued to fight after two other companies named in the suit, Grokster and Sharman Networks, the company behind the Kazaa file-sharing client, reach settlements with the entertainment industry. Streamcast said it could consider appealing, saying the software has legal uses.

"We do not believe that StreamCast encouraged users to infringe on copyrighted works, and the company never intended to do so," the company said in a statement.

File-sharing software companies have been battered by a string of successful legal suits by the entertainment industry. In June 2005, the U.S. Supreme Court found that both Grokster and Streamcast could be held liable for copyright infringements by users.

Industry Faces Lawsuits
Earlier this month, MetaMachine, which distributed the eDonkey client software, settled a copy infringement case with the record industry for $30 million.

Just weeks prior, Sharman Networks agreed to pay $100 million to end outstanding lawsuits with the entertainment industry.

Major record companies and movies studios have used aggressive legal tactics against illegal file sharing, suing both software companies and individual users, in an effort to halt falling revenues attributed to piracy.

Dell Expands Battery Recall

Dell has increased by 100,000 the number of laptop batteries it is recalling due to a potential fire hazard, while Toshiba said it would take part in Sony voluntary battery replacement program kicked off Thursday. Fujitsu indicated that it was also considering a voluntary recall.

Dell said it received new information that caused it to increase its recall to 4.2 million batteries from 4.1 million. It urged customers to visit www.dellbatteryprogram.com and to recheck their batteries to see if they are affected. The site has received almost 200 million hits since the recall was first announced in August, Dell said.

The problems affect battery packs containing Sony-made Lithium Ion cells. Sony has discovered that metallic particles in the cells created during the manufacturing process could cause a short-circuit. That short-circuit could in turn result in a fire, depending on the way the laptop is designed.

Laptop Makers Join Recall
While the affected notebooks from Dell and Apple Computer pose a potential fire hazard, Toshiba said its laptops are not in danger of catching fire. It said it was recalling the laptops voluntarily to ease concerns among customers.

Toshiba offered to replace 830,000 laptops, including some of its popular Satellite and Portege models. Fujitsu indicated that it would also be likely to join the voluntary recall, although details had not been announced late Friday in Japan.

Toshiba, and possibly Fujitsu, are taking advantage of a program announced by Sony on Thursday, which said it would conduct a battery-replacement program in conjunction with laptop makers worldwide.

One day earlier, Lenovo added its name to the list of manufacturers recalling Sony-made battery packs, saying it will recall 526,000 notebooks.

High Cost to Sony
In late August, Sony said it would incur costs of between $170 million to $255 million, but that was only for the recalls announced by Dell and Apple. Sony has not updated investors since then.

Its battery problems began in October last year when Dell approached the company about a possible problem involving Sony Lithium Ion cells used in battery packs in Dell laptops.

Sony changed its manufacturing process to lessen the chance of metallic particles being left in its products, but it wasn't until August this year -- after several well-publicized cases of Dell laptops catching fire -- that Dell began recalling batteries.

Battery Recall in Millions
Apple followed on Aug. 25 with its own recall of 1.8 million batteries, and on Thursday Lenovo joined the list. Together, the recalls that cite a potential fire hazard total about 6.5 million battery packs.

Separately, Toshiba last week offered to exchange 340,000 Sony notebook batteries, but not because of a fire hazard. Instead, the defective batteries could unexpectedly cut power to the notebooks, causing users to lose unsaved work, the company said.

The Future of Cell Phones

What's Next: Speed Is Just the Beginning
Today's mobile phones can already send e-mail, browse the Web, and keep you in touch with friends and colleagues via voice or text message. Tomorrow's handsets will add even more to the menu, morphing (as needed) into always-connected portable game consoles, full-featured TVs, and credit cards. Here's a quick look at what's coming:

Networks: In the next few years, cell phone networks will move data at several megabits per second, and will coexist with WiMax, Wi-Fi, and, for TV, DVB-H or MediaFLO. IMS will let them work together.

Handsets: Look for sleek designs (such as Frog Design's Ubik), better battery life, e-payment support, and graphics muscle for true TV and console-style video gaming.

Cameras: Expect not just high resolutions (8 megapixels and beyond), but also the same image-processing capabilities found in current digital still and video cameras.

The Future of Fun

The revolution in digital entertainment will not be televised. Instead, it will be podcast, streamed, downloaded, shared, mashed up, and available on screens from 2 to 200 inches.

But as we make our way to the digital entertainment future, many of today's familiar electronic companions may be missing. Yes, big screens will still dominate our living rooms, and they will be bigger, flatter, and higher res than ever. High-definition video will be augmented by realistic surround sound capable of simulating a whisper in your ear or the cry of birds overhead.

The hodgepodge of single-function black boxes that make up a home entertainment center today, however, may be subsumed into a media center or set-top box that does it all, while the snarl of wires behind the home theater will be made obsolete by high-speed wireless technologies. Meanwhile, a raft of new portable gizmos will allow you to enjoy home entertainment without staying at home.

The Future of Robots

Need something done? Soon you may be turning to various "service and personal" robots. These machines perform domestic chores or tasks such as milking cows or handling toxic waste, or serving in fields like emergency medical support.

The timeline below summarizes experts' opinions on how soon every home will have a little mechanical helper.

2006 Roomba sales top 2 million. [This already happened in May 2006.]

2007 Sales of pool-cleaning and window-washing robots rise significantly. A new, bipedal Honda Asimo unit that can run
(at 4 miles per hour) debuts in United States.

2009 In just three years, 4.5 million domestic robots have been sold.

2010 Service and personal robotics sales exceed $17 billion.

2025 Sales of service and personal robots near $52 billion.

2040 Most households now own a robot or are considering buying one.

Single-Duty Robots: All Work, No Play
Photograph: Ames F. Tiedeman, Systems Trading CorporationCurrent robots tend to look like regular machines, and most--such as the vacuuming iRobot Roomba--perform only one task. For example, Friendly Robotics' RL1000 Robomower (pictured at left, with docking station) will cut your lawn while you watch TV. The autonomous mower costs $1800.

Ever performed a software patch on a lawnmower? Wireless diagnosis could someday permit automatic patching of software problems, but currently if your Robomower starts doing nonstop doughnuts, you'll need to turn off its motor and plug it into a phone line to download a software patch.

The Next Steps in Robotics
Photograph: Choromet, a project of four Japanese firms, courtesy of AIST.
Today's robot designers will have to solve some fundamental problems before robots can become as versatile, independent and useful as the ones we've seen for years in the movies. Click the accompanying image for more about these challenges.

Microsoft Expects Vista to Soar

In the first year of its release, Windows Vista will be adopted twice as fast as any other version of Windows, with ten times as many Vista business seats deployed at launch than any previous release of the operation system, according to Microsoft's projections.

Despite this optimistic expectation, analysts still don't expect businesses to begin adopting Vista in earnest until late 2007 or even 2008, with many waiting for the first service pack version of Vista before they begin considering an upgrade.

Public Beta Helps
One reason Microsoft is expecting Vista to be so successful is that the company has made a concerted effort to give customers the tools and training they need to adopt Vista across their businesses, said Brad Goldberg, general manager of the Windows Client Business Group at Microsoft. The company also distributed test versions widely.

For the previous Windows migration, to Windows XP, Microsoft didn't release important tools to help businesses upgrade--such as a compatibility toolkit to ensure existing applications will work--until Service Pack 2, which was released nine months after Windows XP shipped, he said. However, with Windows Vista, "we made the beta of the [compatibility] toolkit available with Windows Vista Beta 2," Goldberg said.

Microsoft also has opened up test versions of the OS to a wide audience, making Release Candidate 1 (RC1) available to the public. Microsoft expects that at least 5 million users will have access to Vista RC1, all of whom the company has encouraged to provide feedback about the release so it can be as polished as possible before it goes out to business customers in November.

Another reason Microsoft expects businesses to warm to Vista early is that the company is doing its share to educate customers on how much money they can save by adopting it, Goldberg said. Microsoft has worked with analysts to develop customer case studies to see how much money business customers can save per PC by upgrading to Vista from their current OS.

Key is Cash, Analyst Says
Al Gillen, an analyst with research firm IDC, does not dispute Microsoft's calculations for the return on investment (ROI) companies will make on Windows Vista, though he says that companies "don't get the 'R' unless they put in the 'I' first."

"The ROI story is exciting, but it requires that customers be mature and agile enough to do what they need to do afterwards," Gillen said.

And while Microsoft may meet its ambitious first-year goals for Vista, that momentum will likely peter out, once pent-up demand has been met, Gillen said.

"Eighteen months out, the adoption curve will look like any other Windows product," Gillen said. "It's hard to move corporate customers faster than they are willing to go."

Mixed Expectations
Microsoft's bullish projections don't appear to jibe with most current third-party customer surveys, such as one online survey of 314 IT professionals conducted by Computerworld in August. Just 17 percent of IT professionals say they are considering rolling out Windows Vista in the first year. Forty-one percent of respondents said they had no plans to roll out Vista, while 35 percent said they would begin testing Vista only after it ships.

Of those who said they were considering rolling out Vista in the near or long-term, the largest group (29 percent) said the cost was the biggest determinant of if and when they would upgrade. That was followed by the hardware requirements (16 percent), the amount of employee training (6 percent) and the amount of IT staff retraining (4 percent).

Even if Microsoft doesn't meet its goals for Vista, it's not likely to affect the company's revenue. According to one financial analyst firm, Microsoft stands to lose only about $400 million in revenue in fiscal 2008 if Vista business adoption does not go according to the company's plan, and $2 billion in fiscal 2009. In its most recent fiscal year ended June 30, Microsoft reported more than $44 billion in revenue. While the company is optimistic about adoption in its marketing, it is being far more conservative in its financial estimates, analysts said.

This is obviously good news for Microsoft, but there is a downside. The longer Vista is available, the more it will cost the company if businesses continue to hold off on adopting the OS. And any negative press or analyst feedback on lackluster Vista adoption could drive Microsoft's stock price down, analysts said.

Hackers Crash the Social Networking Party

The malware headache began for Robyn when she saw a MySpace bulletin from a friend inviting her to view new photos. She knew the friend in real life, so she went ahead and clicked the link. The site looked like a photo-sharing site, but one she had never heard of. Then her computer practically froze. A few days later, her MySpace friends received photo-viewing invites that seemed to come from her.

"It definitely wigged me out," says Robyn, who asked that her last name not be used. She hasn't touched that computer since.

Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites. In an August report, Internet security firm ScanSafe states that, on average, one in every 600 pages on the sites hosts some form of malware. The report says Facebook tended to be more secure given its previous member restriction to those with educational e-mail addresses, but the site has since opened its doors to everyone.

And these days, those viruses and worms are after your wallet. "There's a great deal of money in it for people to be able to get your personal data," said Lysa Myers, virus research engineer for McAfee Avert Labs, in an e-mail interview.

Poisoned Banner Ads
One major attack took place in July, when iDefense, a research and security company, discovered a poisoned banner ad that appeared on MySpace, Webshots, and many other sites. The new type of attack ad downloaded adware onto an estimated million computers, according to iDefense. The threat went after low-hanging fruit by exploiting an image file (.wmf) vulnerability. It's a vulnerability that was reported and fixed way back in January. But in the huge numbers game of social networking sites, the attack still found plenty of victims.

And the game is growing ever larger. MySpace ranks as the sixth most-visited site in the world, according to Alexa.com, which analyzes Web traffic and puts Flickr at number 39 and Facebook at number 69. Most social networking sites more than doubled their user base between July 2005 and July 2006, according to comScore Media Matrix.

It's not just eager teens visiting the sites, either. The ScanSafe report found that social networking sites now account for 1 percent of at-work Web browsing. This may not seem like much, but consider just how much Web traffic goes in and out of most every business in the nation.

Good Defense Necessary
Even if the site maintainers are on the ball--MySpace generally gets decent marks for closing new-found holes and threats on its site--the sheer number of people involved can present an irresistible target for crooks. To keep your system safe, make sure you've got a layered defense with good antivirus and antispyware programs, and a firewall. PC World's Spyware and Security Info Center contains the latest security software reviews and rankings, and a link to our Internet Safety Tool Kit.

In addition, Dan Moniz, a security consultant in San Francisco, recommends using a browser other than Internet Explorer. "The way that Internet Explorer is hooked in with the operating system can cause some problems," he says. The July banner ad attack targeted Internet Explorer.

As if downloaded malware weren't enough, future attacks could twist things so that the browser attacks a site. At the BlackHat Internet security conference in Las Vegas this year, Moniz and HD Moore, head of the Metasploit project and a well-known hacker, presented a novel proof-of-concept hack. It showed that a poisoned site could infect a Web browser using Javascript such that the browser becomes an attacker and infects visited blogs or social networking sites. It could spam links to malware downloads or overwhelm blogs with casino advertisement comments, for instance.

Like many proof-of-concepts, this one might never become a real threat. It still has to find an open security hole to infect the browser in the first place, and it might never interest malware writers who have plenty of other profitable methods currently in use. But it's one more example of a party crasher just waiting to spoil the fun.

Mozilla Investigates New Firefox Flaw

The security team at Mozilla is looking into a flaw in its Firefox Web browser that hackers exposed at a conference in San Diego over the weekend.

In a presentation at the ToorCon hacker conference, hackers Mischa Spiegelmock and Andrew Wbeelsoi demonstrated exploit code for a vulnerability in the way Firefox handles JavaScript.

Mozilla today said it was busy investigating the flaw, and did not offer any security researchers for comment because, according to spokesperson Mary Colvig, they were all "heads down" on the problem. The company also said it will patch the flaw if it deems that action necessary.

Memory Filler
The vulnerability could allow someone to execute a memory corruption attack on Firefox if a user browsed to a Web site that contained the exploit code, says Ken Dunham, director of the rapid-response team at security services company iDefense, a VeriSign company.

"If you were to go to a Web site that contained the exploit code, it would fill up the available memory on the computer," he says. This would create an environment in which an attacker could take over the computer to do something harmful, he adds.

Dunham says that iDefense labs tested the exploit code, and found that it was "unreliable" and crashed the Firefox browser. Because of this, he does not consider the exploit to be a critical threat to Firefox. However, "someone could make some changes to the exploit code and make it more reliable," Dunham says.

He adds that there are other, more critical unpatched flaws in both Firefox and Microsoft's Internet Explorer browser that are currently under attack by hackers.

Sun Claims Success With OpenSparc

Sun Microsystems says its new UltraSparc T1 microprocessor, nicknamed Niagara, is creating a big splash.

Sun expects to report today that 60 percent of the trial units of Niagara, an open-source product, have been ordered by new customers. This indicates that the company is gaining market share from rivals such as IBM's Power and Intel's Itanium high-performance microprocessor architectures.

Open Source Endorsement
Sun is offering Niagara to the market through its OpenSparc program, in which specifications of the microprocessor are being shared in an open-source community with hardware and software developers.

Sun has also formed an independent OpenSparc governance board to set the direction and ensure adherence to open-source standards for the UltraSparc T1 platform.

The OpenSparc community introduced in July a new Linux distribution, Gentoo Linux, which supports UltraSparc T1 in the latest release of its open source operating system. Developers of the Ubuntu Linux system announced in May that it would also support Sun Niagara servers.

Sun introduced UltraSparc T1 in December 2005 and released the chip design code, known as the Register Transfer Language (RTL), in March 2006. Since then, Sun representatives said, there have been 3500 downloads of the RTL and 2600 downloads of code for designing an application to run on the T1.

Fadi Azhari, director of marketing and business development for Sun's OpenSparc program, attributes the strong interest to the T1's capabilities.

"It's such a breakthrough in the market in terms of what it delivers," Azhari said. "It has eight-core, 32 threads, which is roughly four to five times more performance than anything else that is out there in the marketplace. That's generated a lot of interest."

Drawing New Interest
Among the members of the OpenSparc governance board is Nathan Brookwood, senior analyst with Silicon Valley research firm Insight 64.

It is significant to note that Sun is apparently drawing interest from non-Sun customers, Brookwood said.

"Sun really had no UltraSparc products that were so compelling that a customer not already in the Sun camp would be motivated to switch," he said. "Niagara (T1) is truly different ... in terms of providing good performance with miserly energy consumption. So if you have a data center that is maxed out on thermal issues but still have more work that needs to be done ... then this is like manna from heaven."

Sun's resurgence is evident in second-quarter revenue figures from research company IDC. Sun's server revenue rose by 15.5 percent to $1.6 billion in the second quarter of 2006, from a year earlier. Revenue fell in the same period by 2.2 percent for industry leader IBM and by 1.7 percent for second-place vendor Hewlett-Packard.

Although Niagara was new to the market in the second quarter, it should add to the momentum Sun is enjoying, Brookwood said.

Mozilla Duped by Hacker's 'Humorous' Presentation

One of the hackers who demonstrated exploit code for a vulnerability in the way the Firefox browser handles JavaScript admitted today that the presentation last week at a hacker conference was meant to be a joke, according to Mozilla's chief of security.

Mozilla security researchers spent most of Sunday and Monday scrambling to determine whether exploit code revealed during a presentation by hackers Mischa Spiegelmock and Andrew Wbeelsoi at Toorcon over the weekend could allow someone to execute malicious code through a memory corruption attack on Firefox.

However, Window Snyder, who leads Mozilla's security team, said Spiegelmock admitted to the company that the presentation was meant to be humorous, and that he and Wbeelsoi had not actually achieved remote execution with the exploit code demonstrated at the show.

"At best, in some cases it will crash only the client," Snyder said Tuesday. "That's all we've been able to verify at this point."

Spiegelmock, who works for blogging-software maker Six Apart, confirmed as much in his LiveJournal blog, in which he includes a link to a statement he made that is posted on Snyder's Mozilla blog.

All a Joke
"The main purpose of our talk was to be humorous," according to the statement. "As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has."

During the presentation, the hackers also had said that they knew of 30 other vulnerabilities in Firefox, but this, too, was a joke, Snyder said.

To hear Six Apart spokesperson Jane Anderson tell it, the Toorcon presentation was a joke invented by two kids barely out of their teens who didn't understand the ramifications of their actions.

"It was all a parody," she said. Anderson added that Spiegelmock was not representing Six Apart at the show, and the company spent most of Sunday on the phone with Mozilla putting out fires and cooperating with the company to get to the bottom of the matter.

Anderson added that Spiegelmock will not be terminated for his actions. "We all make mistakes," she said.

Snyder and the Mozilla team also are being good sports about the ordeal.

"Of course, we always prefer that security researchers report vulnerabilities to us so we can create a patch before customers are put at risk," she said. "But at this point he's been very cooperative, and we're pleased he's chosen to work with us."

Still, Snyder said, "I know people who were working really hard here on Sunday probably have other things they'd rather be doing."

CEATEC: Toshiba, Canon Show 55-Inch SED TV

Toshiba and Canon demonstrated a television with a 55-inch SED screen at the Ceatac exhibition in Chiba, Japan, saying they plan to put the screens into production next year.

At 55 inches, the prototype SED (surface-conduction electron-emitter display) screen on display here is the largest yet demonstrated in public.

The companies will begin initial production of the 55-inch screens in July 2007, said Keiichiro Mori, chief specialist at Toshiba's SED Project Team, confirming that the production of SEDs, which had been delayed several times, is on track to begin next year.

The screens will go on sale first in Japan, Mori said. Pricing, as well as plans for selling SED televisions overseas, have yet to be finalized, he said.

At present, Toshiba and Canon plan to produce only 55-inch SED screens, Mori said.

Background
In development for 20 years, SED promises pictures that are as bright as CRT televisions, while consuming one-third less power than equivalent-size plasma displays, and showing none of the image delays sometimes associated with flat-panel screens.

SED offers other advantages over existing flat-panel technology, Toshiba and Canon said. For example, the screens offer a wider viewing angle than other technologies and have a contrast ratio of 100,000 to 1.

Toshiba and Canon have delayed production of the screens several times, with engineers citing the difficulty of manufacturing the screens in volume. With the first screen to be manufactured next year, these difficulties appear to have been resolved.

The SED prototypes demonstrated at Ceatec were among the most popular products on display for visitors, who lined up to get a look at them. The demonstration, held in a darkened room, consisted of three 55-inch SED televisions used to show a variety of high-definition content, including a sumo wrestling match, footage from a rock concert, and a clip from the movie Apollo 13.

Nokia Phones Get Web 2.0

Web 2.0 is coming to mobile phones, according to Nokia, which has launched a service that allows Java-enabled phone users to choose widgets, or small applications, that can be displayed on their phones.

WidSets, introduced on Tuesday, is a free offering that users can set up on the WidSets Beta site. On the site, customers can choose from many different widgets that will be displayed on their phones.

Widgets usually reside on a desktop and receive information, such as data delivered via RSS (Really Simple Syndication). For example, a Google News widget can appear as a small icon, and when users click on the icon, they can see the latest headlines that appear on the Google News Web site. Widgets are considered Web 2.0 applications because they offer an interactive and customizable service different from more static Web sites.

How It Works
After a new user signs up, the WidSets site sends an application via text message to the user's phone. Users must run the WidSets application and stay connected to the Internet to see the widgets and to allow the widgets to be updated with new content.

The WidSets Web site is designed to support community input so users can browse for useful widgets based on community rankings.

The service is free for phone users, although they'll pay associated costs to their mobile operators for data download.

For now, Nokia doesn't have a way to make money from the offering but in the future the service could support advertising or Nokia could sell premium content, said Tom Henriksson, director of Nokia's emerging business unit.

WidSets isn't the first widget offering for mobile phones. Opera supports widgets on its mobile browsers. Henriksson praised the Opera offering as a great option but said that WidSets is designed to make using widgets on mobile phones easy.

Nokia has increasingly begun offering different types of services like this one that could compete with content services from operators. But Henriksson says that offerings like WidSets benefit everyone in the market. "We think these help data services in general take off. Then everybody wins," he said.