Do-it-Yourself Phishing Kit Found Online

A software kit has been discovered for sale on the Internet that makes it possible for non-experts to set up and carry out sophisticated phishing attacks on large numbers of websites.

EMC's RSA division reports that its Anti-Fraud Detection Center (AFCC) found the 'universal man-in-the-middle phishing kit' being offered in a free demonstration version on a criminal forum monitored by the company.

User Friendly
The kit--said to have a user-friendly interface designed to help the nontechnical criminal--automates the programming needed to pull off a normally tricky man-in the middle attack on websites such as banks or e-commerce sites.

Typically, the attack generated by the kit would start by duping users into clicking on a link embedded within a phishing email. This would direct them to a fraudulent URL able to communicate with the genuine website in real time, retrieving content from that site to make the scam appear as convincing as possible.

Quick and Easy
Apart from the fact such attacks can be carried out quickly and simply on multiple websites, it offers the advantage of giving criminals access to all information exchanged with the attacked site, not just the basic login. According to RSA, the kit qualifies as 'universal' because it can be used on any website, and thus attacks don't need to be tailored for each site

"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Marc Gaffan of RSA.

"While these types of attacks are still considered 'next generation,' we expect them to become more widespread over the course of the next 12-18 months," he said.

Working man-in-the-middle attacks are relatively rare but not unheard of by any means. Last year, the Sinowal Trojan was found circulating in Germany by Kaspersky Lab.

Investigator Charged in HP Scandal Pleads Guilty

SAN FRANCISCO -- Private investigator Bryan Wagner pleaded guilty today to two charges in federal court in San Jose, California, and agreed to cooperate with federal officials investigating the Hewlett-Packard spying scandal.

At a 25-minute hearing in Federal District Court, Wagner pleaded guilty to one count of conspiracy and one count of aggravated identity theft. Federal District Judge Jeremy Fogel accepted the plea agreement and set sentencing for June 20.

"Today, the U.S. Attorney's Office for the Northern District of California has secured the first conviction in the Hewlett-Packard pretexting investigation," Luke Macaulay, a spokesman for the office, told reporters after the hearing. "Mr. Wagner today admitted to using fraud and deceit by misrepresenting himself and collecting the personal telephone records of (individuals) without their knowledge or authorization."

Wagner, who was officially charged January 10, has agreed to cooperate with federal prosecutors who continue to investigate the scandal, Macaulay said. It erupted after HP conducted an investigation in 2005 and 2006 to identify who on the HP board was leaking news of board deliberations to the media.

HP hired a Boston private investigative firm, Security Outsourcing Solutions, which in turn hired Action Research Group, of Melbourne, Florida. Action Research, in turn, hired Wagner, 29, of Littleton, Colorado, to procure the phone calling records of targets of the investigation, including reporters and their family members, and HP board members and employees and their family members.

Background
Wagner was given the Social Security numbers and other personal information about the targets and used it to pose as those people in obtaining their phone records, a practice called "pretexting," said Wagner's attorney, Stephen Nataril.

"He was your classic dupe," Nataril told reporters. "I think the private investigators who asked him to get this information knew that it wasn't legal and thought they'd pass the buck one or two more times down to somebody else and give them the brief assurance that 'Sure it's okay. We had our lawyers look at it, so go ahead and get that information'."

Wagner still faces state felony charges in California. Also facing state charges are former HP board chairman Patricia Dunn, former HP legal counsel Kevin Hunsaker, Ronald R. DeLia, of Security Outsourcing Solutions and Matthew DePante, manager of Action Research Group. Dunn and Hunsaker were forced out of their HP posts because of the scandal.

Macaulay declined to say when further federal charges can be expected and against whom.

Do-it-Yourself Phishing Kit Found Online

A software kit has been discovered for sale on the Internet that makes it possible for non-experts to set up and carry out sophisticated phishing attacks on large numbers of websites.

EMC's RSA division reports that its Anti-Fraud Detection Center (AFCC) found the 'universal man-in-the-middle phishing kit' being offered in a free demonstration version on a criminal forum monitored by the company.

User Friendly
The kit--said to have a user-friendly interface designed to help the nontechnical criminal--automates the programming needed to pull off a normally tricky man-in the middle attack on websites such as banks or e-commerce sites.

Typically, the attack generated by the kit would start by duping users into clicking on a link embedded within a phishing email. This would direct them to a fraudulent URL able to communicate with the genuine website in real time, retrieving content from that site to make the scam appear as convincing as possible.

Quick and Easy
Apart from the fact such attacks can be carried out quickly and simply on multiple websites, it offers the advantage of giving criminals access to all information exchanged with the attacked site, not just the basic login. According to RSA, the kit qualifies as 'universal' because it can be used on any website, and thus attacks don't need to be tailored for each site

"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Marc Gaffan of RSA.

"While these types of attacks are still considered 'next generation,' we expect them to become more widespread over the course of the next 12-18 months," he said.

Working man-in-the-middle attacks are relatively rare but not unheard of by any means. Last year, the Sinowal Trojan was found circulating in Germany by Kaspersky Lab.

Investigator Charged in HP Scandal Pleads Guilty

SAN FRANCISCO -- Private investigator Bryan Wagner pleaded guilty today to two charges in federal court in San Jose, California, and agreed to cooperate with federal officials investigating the Hewlett-Packard spying scandal.

At a 25-minute hearing in Federal District Court, Wagner pleaded guilty to one count of conspiracy and one count of aggravated identity theft. Federal District Judge Jeremy Fogel accepted the plea agreement and set sentencing for June 20.

"Today, the U.S. Attorney's Office for the Northern District of California has secured the first conviction in the Hewlett-Packard pretexting investigation," Luke Macaulay, a spokesman for the office, told reporters after the hearing. "Mr. Wagner today admitted to using fraud and deceit by misrepresenting himself and collecting the personal telephone records of (individuals) without their knowledge or authorization."

Wagner, who was officially charged January 10, has agreed to cooperate with federal prosecutors who continue to investigate the scandal, Macaulay said. It erupted after HP conducted an investigation in 2005 and 2006 to identify who on the HP board was leaking news of board deliberations to the media.

HP hired a Boston private investigative firm, Security Outsourcing Solutions, which in turn hired Action Research Group, of Melbourne, Florida. Action Research, in turn, hired Wagner, 29, of Littleton, Colorado, to procure the phone calling records of targets of the investigation, including reporters and their family members, and HP board members and employees and their family members.

Background
Wagner was given the Social Security numbers and other personal information about the targets and used it to pose as those people in obtaining their phone records, a practice called "pretexting," said Wagner's attorney, Stephen Nataril.

"He was your classic dupe," Nataril told reporters. "I think the private investigators who asked him to get this information knew that it wasn't legal and thought they'd pass the buck one or two more times down to somebody else and give them the brief assurance that 'Sure it's okay. We had our lawyers look at it, so go ahead and get that information'."

Wagner still faces state felony charges in California. Also facing state charges are former HP board chairman Patricia Dunn, former HP legal counsel Kevin Hunsaker, Ronald R. DeLia, of Security Outsourcing Solutions and Matthew DePante, manager of Action Research Group. Dunn and Hunsaker were forced out of their HP posts because of the scandal.

Do-it-Yourself Phishing Kit Found Online

A software kit has been discovered for sale on the Internet that makes it possible for non-experts to set up and carry out sophisticated phishing attacks on large numbers of websites.

EMC's RSA division reports that its Anti-Fraud Detection Center (AFCC) found the 'universal man-in-the-middle phishing kit' being offered in a free demonstration version on a criminal forum monitored by the company.

User Friendly
The kit--said to have a user-friendly interface designed to help the nontechnical criminal--automates the programming needed to pull off a normally tricky man-in the middle attack on websites such as banks or e-commerce sites.

Typically, the attack generated by the kit would start by duping users into clicking on a link embedded within a phishing email. This would direct them to a fraudulent URL able to communicate with the genuine website in real time, retrieving content from that site to make the scam appear as convincing as possible.

Quick and Easy
Apart from the fact such attacks can be carried out quickly and simply on multiple websites, it offers the advantage of giving criminals access to all information exchanged with the attacked site, not just the basic login. According to RSA, the kit qualifies as 'universal' because it can be used on any website, and thus attacks don't need to be tailored for each site

"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Marc Gaffan of RSA.

"While these types of attacks are still considered 'next generation,' we expect them to become more widespread over the course of the next 12-18 months," he said.

Working man-in-the-middle attacks are relatively rare but not unheard of by any means. Last year, the Sinowal Trojan was found circulating in Germany by Kaspersky Lab.

How to Buy a Laptop

The most highly evolved species of computer, the laptop (aka notebook) computer allows you to work without being tethered to an office. Portability and good performance make notebook PCs an essential part of the daily lives of millions, from college students to business travelers. Even the least-expensive of today's laptops are better equipped than they have ever been, and may be all you need for everyday work.

The Big Picture
There are more laptop choices than ever. We'll guide you through the available options--including screen size, weight, battery life, and communications ports. more

The Specs Explained
Do you need a superfast CPU? Or a huge hard drive? We'll guide you through the choices and tell you which features are most critical. more

Notebook Shopping Tips
Looking for a powerful, versatile notebook at a reasonable price? Our advice will help you find the right laptop.

Are you ready to buy a notebook? Here are PC World's recommendations for specifications that will fit the needs of the average user.

A 1.73-GHz Pentium M processor. For everyday work--word processing, spreadsheets, e-mail--you don't need the latest, greatest (read most expensive) Pentium processor, but thankfully, with the Pentium M, you get smooth performance and long battery life. (Check latest prices.)

512MB of memory or more. Anything less will slow your work. (Check latest prices for notebooks with 512MB of memory or more.)

Supplemental battery. They usually last longer on one charge than nickel-metal hydride batteries and don't need to be replaced as often. If you want more time away from an outlet, buy a notebook with a modular bay capable of holding a supplementary power pack. Secondary batteries usually cost between $99 and $200.

A 14.1-inch wide-screen. A screen larger than 12.1 inches eases eyestrain. Unless you're really pinching pennies, bigger is better. (Compare prices for notebooks with 14.1-inch screens.)

A 60GB hard drive. Unless you generate multimegabyte music or database files, or install more than one office suite, 60GB is plenty big.

Touchpad pointing device. Pointing devices are a matter of taste. However, most people find a touchpad easier to use than a pointing stick. For people who can't choose between a touchpad and an eraserhead pointing device, some notebooks include both. If you buy one of these, make sure it provides two sets of mouse buttons--one for the touchpad and the other for the eraserhead--so you don't have to stretch to reach.

Multiple USB ports. Many notebooks now come with two or more USB 2.0 ports, useful for connecting more of the latest peripherals.

All-in-one design. Unless you need a lightweight notebook, opt for one with an internal bay for both the optical drive. This design enables you to swap in other devices, such as an extra hard drive or second battery.

روز گذشته و به دنبال سئوال اکبر اعلمي نماينده تبريز از وزير ارتباطات در مورد فيلترينگ گسترده سايت هاي اينترنتي، محمد سليماني در مجلس حاضر شد. محمد سليماني در برابر اين بحث که "به بهانه سايت هاي غير اخلاقي، سايت هاي سياسي فيلتر مي شوند" پاسخ قانع کننده اي نداشت.

دامنه فيلترنگ در روزهاي اخير به حدي افزايش يافته که با اعتراض نمايندگان مجلس نيزمواجه شده است. به نوشته خبرگزاري ها اکبراعلمي با بيان اينكه آزادي بيان و مبادله آزاد اطلاعات از حقوق مسلم شهروندي است، از محمد سليماني وزير ارتباطات و فناوري اطلاعات پرسيد: "مبناي قانوني فيلترگذاري سايت*هاي مجاز خبري سياسي فني و تخصصي و خدمات*دهي به كاربران اينترنتي چيست؟"

نماينده تبريز همچنين از محمد سليماني خواست توضيح دهد که چرا "مدتي است كه سايت*هاي سياسي علمي و تخصصي و خدمات دهي به كاربران اينترنتي نظير، نت استيت، بلاگرولينگ، و و بيش از ده ميليون سايت که اغلب آنها علمي، تخصصي و تحليلي و خبري هستند، فيلتر شده اند". به نوشته خبرگزاري ها نماينده تبريز در سئوال خود از وزير ارتباطات به طور مشخص تعدادي از سايت هاي خبري و تحليلي را که توسط وزارت ارتباطات فيلتر شده اند هم چون"سايت امروز، سايت رويداد، سايت ملي مذهبي و سايت روز آنلاين" نام برد و از وزير ارتباطات خواست توضيح دهد که به چه استنادي و چرا اين سايت ها را فيلتر کرده اند.

در بخش ديگري از سئوال نماينده تبريز از وزير ارتباطات با اشاره به "استفاده ناصحيح از كلمات كليدي براي فيلتر كردن سايت*هاي اينترنتي" که "سبب مسدود شدن بسياري از سايت*هاي مجازي كه ادامه فعاليت آنها منع قانوني ندارد شده است" آمده: "عدم انعطاف در طبقه*بندي كاربران باعث سوق پيدا كردن مراكز و سازمان*ها به استفاده از ارتباطات اينترنتي در خصوص انعقاد قرارداد با شركت هاي خصوصي داخلي يا خارجي شده است".

فيلترينگ جزيي از مهندسي است!

محمود سليماني، وزير ارتباطات اما در پاسخ به نماينده تبريز فيلترينگ ده ميليون سايت اينترنتي را "نادرست و غير واقعي"اعلام کرد. او هم چنين گفت که: "موضوع فيلترينگ در سال 81 در شورايعالي انقلاب فرهنگي تصويب شده و رييس*‏جمهوري وقت ابلاغ كرده است و از سال 81 كميته تعيين مصاديق براي شناسايي پايگاه*هاي اينترنتي غير مجاز فعاليت خود را آغاز كرده است".

محمد سليماني بدون اشاره به "قانوني" که کميته تعين مصاديق بر اساس آن فعاليت مي کند، گفت اين كميته براساس "ضوابطي مشخص" فعاليت مي*كند.

وزير ارتباطات اين را هم گفت که "فيلترينگ بحثي علمي است" و تاکيد کرد که "فيلتر از درس*هاي اساسي در رشته**هاي مختلف مهندسي است و اين امر پالايشي براي جدا سازي موارد مناسب از موارد نامناسب و مخرب است و اين مسئله اجتناب ناپذير مي*باشد".

محمد سليماني وزارت ارتباطات و فناوري را "مجري مصوبات كميته تعيين مصاديق و تصميمات قضايي" معرفي کرد و گفت: "از ميان مصاديقي كه نماينده سؤال كننده مطرح كرد، فقط يك سايت فيلتر شده و آن هم به دليل مستهجن بودن آن است و بقيه پايگاه*هاي عنوان شده باز است".

اما اکبر اعلمي در پاسخ به اين ادعاي وزير ارتباطات گفت: "از وزير ارتباطات مي*خواهم با استفاده از كارتهاي اينترنتي كه در اختيار مردم است، به اينترنت سري بزند تا به صحت ادعاي من مبني بر فيلتر بودن بسياري از پايگاه*هاي ياد شده پي ببرد". نماينده تبريز هم چنين به وزير توصيه کرد: " براي پي بردن به فيلترينگ گسترده سايت هاي اينترنتي مي توانيد از كاربران اينترنتي هم نظر سنجي كنيد، تا ببيند ادعاي من صحيح است يا نه".

وزير ارتباطات با بيان اينكه "هم اكنون نسبت به شهريور84 ظرفيت پهناي باند اينترنتي كشور چهار برابر شده است" گفت: "هر كسي پهناي باند بخواهد، وزارت ارتباطات و فناوري اطلاعات در زماني بسيار كوتاه مي*تواند پهناي باند در اختيار وي قرار دهد". اين در حالي است که بارها سخنان او در دفاع از ممنوعيت ارائه اينترنت پر سرعت و پهناي باند بيش از 128 براي کاربران در رسانه هاي کشور منعکس شده، و از اواخر تابستان ارائه اينترنت پر سرعت به کاربران معمولي هم ممنوع شده است.

اکبر اعلمي که عضو كميسيون امنيت ملي و سياست خارجي مجلس است، در پايان توضيحات وزير ارتباطات اعلام کرد از سخنان وزيرقانع نشده و سئوال نماينده تبريز از وزير ارتباطات براي بررسي بيشتر به کميسيون مربوط ارجاع شد. اعلمي هم چنين گفت: "ما با فيلترينگ موافق هستيم اما با مصاديق آن مخالف هستيم، چرا كه شما به بهانه مقابله با سايت*هاي غيراخلاقي به جان سايت*هاي سياسي افتاده*ايد".

بازار گرم اطلاعيه هاي ارشادي

وزارت ارشاد روز گذشته با انتشار اطلاعيه اي "کليه سايت*ها و پايگاه*هاي خبري را كه بدون داشتن مجوز خبرگزاري از اين عنوان استفاده مي*كنند ملزم كرد ظرف مدت 72 ساعت نسبت به اصلاح نشان [لوگوي]خود اقدام و در متن اخبار منتشر شده از عنوان خبرگزاري يا عنوان*هاي مشابه مانند نيوز آژانس، استفاده نکنند".

به نوشته خبرگزاري ايسنا در اين اطلاعيه که با عنوان"هيات نظارت بر خبرگزاري*هاي غيردولتي" صادر شده"دبيرخانه هيات نظارت بر خبرگزاري*هاي غيردولتي" هشدار داده که"در صورت تخطي و توجه نكردن سايت*ها و پايگاه*هاي خبري مورد نظر نسبت به اجراي مصوبه* فوق با آن*ها برخورد قانوني صورت خواهد گرفت".
وزارت ارشاد در اين اطلاعيه همچنين شماري از سايت*ها و پايگاه*هاي خبري را كه به گفته مسئولان اين وزارتخانه"به صورت غيرقانوني از عنوان خبرگزاري در نشان يا متن اخبار خود استفاده مي*كنند"، نامبرده است. اين سايت ها و پايگاه هاي خبري شامل"البرز، ايران نيوز، انتخاب، حيات، آفتاب، ميراث، آريا، اكونيوز، كشاورزي ايران، ايونا، آينده روشن، ايسكانيوز، سلام، آنا، فوتبال ايران، پانا، ورزش آذربايجان، كوير، تقريب و عكس سوره"است. نکته حائز اهميت در اين ميان آن است که مديريت بيشتر اين سايت هاي خبري را شخصيت هاي شناخته شده جناح راست بر عهده دارند. خبرگزاري ايران نيوز متعلق به نزديکان محمد باقر قاليباف است، مديريت خبرگزاري آريا با امير محبيان، خبرگزاري آنا متعلق به دانشگاه آزاد اسلامي و آينده روشن ارگان رسانه اي يک نهاد مربوط به مهدويت در قم است. خبرگزاري آفتاب بر اساس اخبار منتشر شده تحت نظر مرکز تحقيقات استراتژيک مجمع تشخيص مصلحت، خبر گزاري حمايت نزديک به قوه قضاييه و خبرگزاري پانان متعلق به سازمان دانش آموزي از تشکل هاي نزديک به جناح راست و خبرگزاري انتخاب تحت نظر مهدي فقيهي سردبير روزنامه انتخاب است.

در اين ميان برخي از اين پايگاه هاي خبري و از جمله سايت خبري ايرانيوز اعلام کرده اند که اطلاعيه وزارت ارشاد"پس از ماهها بلاتكليفي درخواست ها براي كسب پروانه خبرگزاري و عليرغم تامين تمام شرايط لازم قانوني" براي کسب مجوز خبرگزاري صادر شده است.

اطلاعيه اخير وزارت ارشاد به دنبال چند اطلاعيه قبلي اين وزارتخانه منتشر مي شود که به گفته صاحبنظران در ادامه تلاش براي ايجاد محدوديت بيشتر و افزايش کنترل بر سايت هاي اينترنتي صورت گرفته است.

Cisco's iPhone Violates GPL, Expert Says

While Cisco Systems sues Apple for violating its iPhone trademark, an open-source enthusiast accuses Cisco itself of infringing copyright in the same product.

Cisco has not published the source code for some components of the WIP300 iPhone in accordance with its open-source licensing agreement, said Armijn Hemel, a consultant with Loohuis Consulting and half of the two-person team that runs the GPL Violations Project, an organization that identifies and publicizes misuse of GPL (GNU General Public License) licenses and takes some violators to court.

The WIP300 iPhone is based on Linux, and Cisco has agreed to comply with the terms of the open-source GPL license in order to use the software. The GPL license requires the company to publish the code that it developed for the phone.

How Open Source Works
Industry expects say that open-source software users--whether companies or individuals--commonly fail to share their developments. Sometimes that happens because they may misunderstand how open-source software works, but it may also reflect the fact that publishing the code can be a cumbersome and expensive process.

Hemel downloaded the firmware for the WIP300 phone and reverse-engineered it, first checking with a lawyer that such a process is legal, he said. He then discovered that Cisco has neglected to share the code for a couple of programs in the phone, including the Memory Technology Device that the company uses to program the Flash memory, he said.

Hemel found similar omissions in other Cisco products and contacted the company to arrange a meeting. "I just bombarded the Linksys contact in the Netherlands. I think they got fed up and arranged the call," he said. Linksys is a unit of Cisco.

The Cisco representatives he finally talked to in a conference call on October 30, 2006, were very open to his report, he said. The company subsequently fixed omissions involving a few of the products that Hemel identified, including the EFG250 storage device, an Internet camera, and a router, he said.

But Cisco has yet to publish the relevant code from the WIP300 iPhone, Hemel said. He decided to talk about his findings now because "the timing is just perfect," he said. "For someone talking about Apple using Cisco's property, actually they're infringing on copyright themselves. So it's just a double standard."

Cisco filed its lawsuit last week, charging Apple with trademark infringement after Apple introduced a mobile phone called the iPhone.

Cisco representatives did not immediately reply to phone calls and e-mail requests for comment made today.

Violation Consequences
If Cisco is violating the terms of the GPL license in the iPhone, it certainly isn't alone. "It occurs more frequently than we'd like to see," said Shane Coughlan, Freedom Task Force coordinator for the Free Software Foundation Europe. Many organizations don't quite fully understand the concept of free software and often lack appropriate policies for complying with their software licensing agreements, he said.

There are repercussions to failing to comply with an open-source license. The GPL Violations Project has successfully enforced compliance with licensing agreements in 100 instances of violations by software developers.

In addition, an individual who contributed to software that someone else fails to use properly under a license can take the licensee to court and seek financial compensation for copyright violations, said Coughlan.

Botnet Gang Faces Jail

Dutch prosecutors are pursuing jail terms for two men charged in a large-scale computer hacking scheme in which more than 1 million computers may have been infected with adware and other malicious programs.

The case is the biggest cybercrime case prosecuted so far in the Netherlands, said Desiree Leppens, spokesperson for the organized crime branch of the National Public Prosecution Service in Rotterdam.

Evidence Offered
During a one-day trial that ended Tuesday, prosecutors showed how at least 50,000 computers were infected by the two defendants, who are 20 and 28 years old. Police have not released their names.

The pair used a malicious program called "Toxbot," a worm that can be used to gain remote control of a computer and log keystrokes, prosecutors said.

Prosecutors also charge that the defendants threatened an advertising software maker, 180Solutions, now renamed Zango, with a denial-of-service attack after a dispute over payment. Zango settled with the U.S. Federal Trade Commission in November for $3 million after concern that distributors of its software were installing it on peoples' computers without their consent, often by exploiting vulnerabilities in operating systems or Web browsers.

Prosecutors also allege the pair were involved in phishing schemes, where fraudulent Web sites are constructed to harvest personal information such as bank-account or credit-card details. The two used a Trojan horse called "Wayphisher", which on an infected machine can redirect a Web site request from a legitimate bank site to a phishing site.

Fines, Jail Sought
Prosecutors want a three-year sentence for the 20-year-old and two years for the 28-year-old and and each to pay $38,000 to the Dutch government, Leppens said. A judge will return a verdict in the case on January 30.

Four others involved in the ring who are facing lesser charges will go to trial later this year, Leppens said.

The various schemes caused at least $75,000 in losses to victims, through online purchases and other actions, Leppens said.

Digital Music Sales Double

Digital music sales doubled in 2006 thanks to better distribution, but the rise hasn't made up for the decline in CD sales, the International Federation of the Phonographic Industry says.

Sales Hits $2 Billion
Revenue is expected to come in at $2 billion for the year, accounting for about 10 percent of the total music market, the IFPI said in its Digital Music Report 2007 today.

IFPI attributed the growth to a wider range of digital music products and a doubling of the number of tracks available to four million. Digital music sales have consistently increased.

The recording industry trade group blamed music downloads from peer-to-peer networks as a continuing problem, although it said lawsuits against file-sharers and file-sharing networks have acted as a deterrent. The organization said 10,000 legal actions were taken in 18 countries in 2006.

Research shows 14 percent of portable device owners usually get their content from legal sites, but the same percentage use peer-to-peer networks for unauthorized downloads. Overall, however, IFPI said a relatively low level of music stored on devices had been purchased. The music industry has blamed piracy for a drop in CD sales for years.

iTunes Tops List
Apple's iTunes Music Store was the most popular download service, although consumers saw a wider range of options for digital music throughout the year, including subscription services and ad-supported models offering content for free. Five hundred online services are operating in 40 countries, it said.

Single-track downloads brought in the highest revenue, growing 89 percent to $795 million, IFPI said.

Symantec Searches for Bugs

Starting in February, users of Symantec's Norton products will have a new tool to help them avoid unpatched software flaws.

Called the Symantec Online Network for Advanced Response (SONAR), the new security software will look at the behavior of programs running on the computer in order to decide whether they are malicious. This is a departure from Symantec's traditional signature-based antivirus protection techniques, which compare the program's code to a database of known malware.

SONAR will be a free add-on to Symantec's Norton AntiVirus 2007 and Norton Internet Security 2007 products, said Ed Kim, director of product management with Symantec's consumer business unit.

"We're very excited about the release of SONAR," Kim said. "It's zero-day protection that doesn't rely on threat signatures."

Anticipating Zero Day
Zero-day attacks are based on flaws that are unknown, or have not yet been patched by the vendor, and they are particularly effective against signature-based antivirus protection. SONAR uses an algorithm to evaluate hundreds of attributes relating to software that is running on the computer, so it can spot malicious software, whether it's already been identified by Symantec researchers or not.

SONAR makes its determination based on whether the software does things such as add a shortcut on the desktop or insert itself into the Windows Add/Remove programs list, both of which indicate it probably isn't malware, Kim said.

The software is built on technology that Symantec acquired in its 2005 purchase of WholeSecurity.

Symantec already sells a similar behavior-based security product to enterprise users, called Critical System Protection, but with SONAR, Symantec is finally saying that its behavior-based techniques are ready for the consumer desktop market, said Andrew Jaquith, senior analyst with Yankee Group Research.

The software comes not a moment too soon, he added. "Signature-based technologies for viruses and spyware certainly work, but their coverage is increasingly thin. So you need to bolster signature-based approaches with behavior-based approaches."

Symantec Updates Due
Symantec is also readying new versions of its consumer software that will run on Microsoft's upcoming Vista operating system. Today, the company will ship versions of Norton Internet Security and Norton Antivirus that are Vista-ready, with other products to follow in the next months.

The Vista version of Norton Confidential will ship in early February, and Norton Save & Restore will be Vista-ready some time after the operating system's late January consumer launch, Kim said.

Symantec's Norton 360 will support Vista when the next-generation consumer protection service ships. That is expected to happen in late February or early March, Kim said.

Adobe Updates Flash for Linux

Adobe Systems has released Flash Player 9 for Linux, allowing users of the open-source operating system to create or use multimedia applications with the latest version of Flash.

The launch comes six months after the Adobe released versions for Windows and Mac OS X.

Updated Features
Version 9 of the Flash Player runs scripts up to ten times faster than previous versions, and also allows programmers to write portable applications exploiting more of the capabilities of Adobe's Flex 2 development platform, the company said Wednesday.

The player's arrival on the Linux platform will mean Web site developers exploiting the latest Flash features can be sure of reaching the small percentage of Web surfers running Linux on their desktop.

It will also give site developers using Linux access to more of the potential of Adobe's rich Internet application development environment, Flex 2, the company said.

With Flex, Adobe allows developers to build rich graphical applications that obtain data from a server and process it for presentation on the client or that can run in stand-alone mode on the desktop. The Flex platform includes server components for extracting data from business applications such as enterprise resource planning (ERP) systems and, on the client side, integrates with the more recent versions of the Flash player.

Flash Player 9 for Linux can be downloaded for free from Adobe's Web site.

Adobe Likes Linux
Red Hat and Novell plan to bundle the new player with their distributions of Linux later this year, Adobe said.

Adobe recently contributed some of the code for its ActionScript Virtual Machine 2, the engine that interprets the scripts stored in Flash files, to a project hosted by the Mozilla Foundation. That project, Tamarin, aims to develop an open-source, standards-based, multiplatform engine for interpreting JavaScript, Adobe's ActionScript or other languages based on the ECMAscript standard, making it easier for browser developers to include support for rich scripting applications.

State Plea Deals to Dunn, Former HP Execs?

The California attorney general reportedly has offered to drop felony charges against the four remaining defendants charged in the Hewlett-Packard spying case if they plead guilty to one misdemeanor each, according to published reports.

The San Jose Mercury News today quoted anonymous sources familiar with the case, while the Associated Press quoted Stephen Naratil, the attorney for private investigator Bryan Wagner, who pleaded guilty on January 12 in exchange for an agreement to cooperate with federal prosecutors investigating the case. He faces sentencing June 20 on one count of conspiracy and one count of aggravated identity theft. Wagner is the only defendant who has been charged in federal court so far.

Background
Authorities began investigating HP last year after the company revealed that it hired private detective agencies to trace the source of leaks from HP's board to reporters. The private detectives allegedly used a tactic called pretexting to gain unauthorized access to telephone records of targets of the HP investigation.

A spokesperson for the attorney representing former HP chair Patricia Dunn declined to comment on the published reports. Attorneys for former HP attorney Kevin Hunsaker could not be reached for comment, but in the past they have indicated no interest in accepting a plea agreement.

The four remaining defendants are charged with fraudulent wire communications, wrongful use of computer data, identity theft, and conspiracy. Besides Dunn and Hunsaker, Ronald DeLia, of Security Outsourcing Solutions in Boston, and Matthew DePante, manager of Action Research Group in Melbourne, Florida, face state charges.

In federal court last Friday, Assistant U.S. Attorney Mark Krotoski said that DePante hired Wagner, of Littleton, Colorado, and directed him to use pretexting to get phone records.

HP reached an agreement on December 7, 2006, with the office of then-attorney general Bill Lockyer to settle potential civil charges in the case. HP agreed to pay $14.5 million, which will go into a state law enforcement fund to investigate cases of corporate privacy violations. Lockyer was elected state treasurer in the November election and former California governor and Oakland mayor Jerry Brown was elected attorney general.

Consumers Not Satisfied With Google Checkout

Google Checkout ranked well below rival online payment service PayPal in customer satisfaction in a survey of online shoppers conducted by J.P. Morgan Securities.

Among Checkout users, 19 percent rated the service as either very good or good, with the rest calling it average, poor, or fair, a result characterized by J.P. Morgan as "a very low level of satisfaction with the product." By contrast, PayPal, which is owned by eBay, fared better, with 44 percent of its users saying that it is very good or good.

The survey findings surprised Google because they differ significantly from the company's internal records, which show that less than 1 percent of Checkout transactions have a problem, says Benjamin Ling, Checkout product lead. Google remains fully committed to Checkout and to continually enhancing it, Ling says.

Perhaps coincidentally, the Google home page today featured a '$10-to-spend' promotion for users of Google Checkout.

Checkout History
Google introduced Checkout in June of last year, after more than a year of speculation about its plans to enter the lucrative online-payments market for business-to-consumer transactions, PayPal's stomping ground. It was one of the highest-profile product introductions for Google in 2006 and is seen as a clear example of the company's efforts to find new sources of revenue beyond its core business of search engine advertising.

However, complaints about Checkout began to surface soon after its launch, and by August a considerable number of merchants and shoppers were saying that the service often took too long to complete sales and that it sometimes canceled orders unjustifiably and without warning.

Some Good News
J.P. Morgan praised Google for aggressively promoting Checkout and achieving strong adoption--6 percent of respondents--in a relatively short time, but warned that Google must improve its customer satisfaction. "Google may need to shore up its payment operations before building lasting user loyalty," reads the report, released on Wednesday.

Despite a strong start in user adoption, Google will have to continue promoting Checkout heavily, because the usage and brand-awareness gap with PayPal is significant. PayPal, which has been on the market for much longer, was used by 42 percent of respondents, a rate almost seven times higher than Checkout's. In terms of brand recognition, about 80 percent of the respondents were aware of PayPal, compared with only 45 percent for Checkout.

In conclusion, PayPal, at least for the foreseeable future, will see "minimal impact" from Checkout, because only 2.3 percent of respondents indicated an intention to use Checkout instead of PayPal, according to J.P. Morgan, which polled almost 1100 online shoppers who were 18 years of age or older. By contrast, 43.4 percent of respondents said they planned to use PayPal but not Checkout, and 18 percent said they planned to use both.

"[Checkout's] lower brand awareness coupled with its low satisfaction rate leave much room for improvement. As such, we do not believe Google Checkout presents a threat to PayPal at this time," the report reads.