Undercover TV producer booted from DefCon

It's a story of betrayal worthy of an episode of Dateline NBC.

Dateline NBC Producer Michelle Madigan was publicly outed at the DefCon security conference in Las Vegas Friday after show organizers were tipped off that she was trying to film show attendees with a hidden camera.

Madigan ran from the show after organizers publicly threatened to escort her from the event during a 4 p.m. conference session. "She literally kicked the door open," said "Priest," a show official who declined to be identified. "She made the mistake of running. Had she taken it like an adult, she would have been treated with kid gloves, treated with respect."

The Dateline NBC producer than continued out to a nearby parking lot, surrounded by a small crowd of show attendees and media, talking briefly on her mobile phone and not saying anything to the gathering crowd.

Show organizers had been warning attendees all day of Madigan's presence and had repeatedly asked her if she would register as press, Priest said.

Show organizers believe that Madigan had been looking to talk to hackers and federal agents, possibly with the intention of drawing attention to the fact that federal agents participate in a show whose attendees are known to s***t the law. "My guess is that she wanted a splash piece along the lines of, 'We have a whole bunch of people who are criminals. We have federal agents here as well,'" Priest said.

DefCon had been tipped off by Madigan's associates, who Priest declined to name. Dateline NBC could not be reached for comment.

DefCon organizer Dark Tangent (a.k.a Jeff Moss) said that he's concerned that the Dateline producers may have been trying to sensationalize the conference, thus undermining the show's goal of fostering a free exchange of ideas. "We researched them online and we see [the show's producers] do hit and run pieces," he said. "It's not actually research and news. It's just sensationalistic nonsense. And that makes us nervous."

Media and bloggers have gone undercover at DefCon in the past, but nobody of the stature of NBC has ever tried this, Moss said.

"I'm concerned that some impressionable kid... is just going to get cornered and is going to start bragging about stuff," he said. "The next thing you know, he's on nightly news."

DefCon runs through Sunday at the Riviera Hotel and Casino in Las Vegas.

EA Dropping Online Support for 'Older' Games

EA announced on Friday that it will discontinue online service for just about every non-2007 sports game including '06 titles starting September 1. PS2, Xbox 360, PSP, and PC games will all be affected.

The full list of games losing online support are as follows:

September 1, 2007 Online Service Shutdown

Arena Football (PlayStation 2, Xbox)

FIFA Soccer 06 (Xbox 360, PC)

FIFA Soccer 06 (PS2, PSP, PC, Xbox)

Fight Night Round 3 (PSP, Xbox)

Madden NFL 06 (Xbox 360, PC, PS2, PSP, Xbox)

Marvel Nemesis: Rise of the Imperfects (PS2, Xbox)

MVP 07 NCAA Baseball (PS2, Xbox)

NASCAR 06 Total Team Control (PS2, Xbox)

NBA Live 06 (Xbox 360, PC, PS2, PSP, Xbox)

NCAA Football 2005 (Xbox)

NCAA Football 2006 (PS2, Xbox)

NCAA March Madness 06 (PS2, Xbox)

NFL Head Coach (PC, Xbox, PS2)

NHL 06 (PC, PS2, Xbox)

Tiger Woods PGA Tour 06 (Xbox 360, Xbox)

In addition, EA will also drop support for older racing games starting November 1 including Burnout Revenge (Xbox, PlayStation 2), Need for Speed Underground 1 and 2 (PC, PlayStation 2), and Need for Speed Most Wanted (PSP, Xbox).

Hacking Conference Infiltrated by 'Media Mole'

Trust nobody.

That's what organizers of the 15th annual DefCon hacking conference are telling attendees Friday, after being tipped off that the TV news program Dateline NBC has sent a producer with a hidden camera to investigate the show.

Cameras of any kind are a strict no-no at the show, which bills itself as a gathering for hackers, both legitimate, and not-so-legitimate, and takes special steps to ensure the privacy of its attendees. The show keeps no list of attendees, except for press and speakers, and there's only one way to get in the door: paying US$100 cash.

DefCon organizer Dark Tangent (a.k.a Jeff Moss) said that he's concerned that the show's producers may sensationalize what they see and undermine the show's goal of fostering a free exchange of ideas. "We researched them online and we see [the show's producers] do hit and run pieces," he said. "It's not actually research and news. It's just sensationalistic nonsense. And that makes us nervous."

Moss says he's been told that Dateline Field Producer Michelle Madigan is at the show with a hidden camera. NBC did not immediately reply to a request for comment.

Media and bloggers have gone undercover at DefCon in the past, but nobody of the stature of NBC has ever tried this, Moss said.

"I'm concerned that some impressionable kid... is just going to get cornered and is going to start bragging about stuff," he said. "The next thing you know, he's on nightly news."

DefCon runs through Sunday at the Riviera Hotel and Casino in Las Vegas.

Kittens Could Solve Spam

An executive at Microsoft Corp. has an unusual idea for beating spammers. Powerful software tools and supercomputers aren't involved, but kittens are.

Or rather, photos of kittens. Kevin Larson, a researcher at Microsoft's advanced reading technologies group, has found that asking a user to identify the subject of a photo, like a kitten, could help block spam programs.

Currently, services like Microsoft's free e-mail service Hotmail require new users to type in a string of distorted letters as proof that it's a human signing up for the account and not a computer. Called Human Interactive Proofs (HIPs), Microsoft, Ticketmaster and a host of other companies have been using the system for around five years, Larson said. He spoke in Seattle on Friday at TypeCon 2007, an annual conference put on by the Society of Typographic Aficionados for type enthusiasts and designers.

When Hotmail first started using HIPs, the number of e-mail accounts generated on the first day dropped by 20 percent without an increase in support queries, Larson said. That was a sign that the HIPs were fooling the computer programs that spammers use to automate signing up for new Hotmail accounts from which spam is sent. However, spammers learned how to tweak their programs to better recognize the HIPs, he said.

Now, it's a race for Microsoft to continue to alter its HIP system to fool the computers, which ultimately seem to catch on. Larson's group at Microsoft experiments with different ways to distort the text used in HIPs in a way that is easy for humans to read but difficult for computers.

One twist on the HIP idea that they've worked on is to display 16 or more photos and ask for identification of the photos. In an example, he suggested using pictures of cats and dogs. The problem with the concept, however, is that Microsoft would have to create a massive catalog of photos, otherwise the programmers could match the correct response with each photo in the catalog and begin to spoof the system, he said.

Audience members had a variety of ideas for ways to expand on the idea in order to try to beat the spam programs. One suggested that Microsoft continually take videos of a kitten jumping around a room, as a way to generate a nearly endless string of photos for identification.

"It's possible that kittens are the wave of the future," Larson joked.

Microsoft might also be able to use short video clips instead of photos, one audience member suggested. The cost to support that method might be a concern but it could probably work, Larson said.

His group is also working on ways to improve the current letter-based HIPs for human users. "We need to figure out how to make HIPs that are more pleasant to read," Larson said. Many computer users may be familiar with the "ugly distorted texts" that HIPs use, he said. "We let the computer science people generate this text, but this is a design problem. It seems we ought to bring what we know about legibility to make things more pleasing to identify yet still stop computers," he said.

His team has thought about using beautiful calligraphy characters set against ornate backgrounds, but such letters haven't been good at fooling the computers because a program can identify the form of the letter by the thickness of the font compared to the lines in the background design and because a program can notice color differences of the font compared to the background, he said.

With 90 billion pieces of e-mail spam sent every day, according to Larson, companies like Yahoo Inc., Google Inc. and Microsoft that offer free online mail services have an incentive to try to block spam. Otherwise they pay for the resources that help send the spam.

Novell Wins Right to Unix Copyrights

Novell today won a significant ruling in its lengthy battle with The SCO Group.

judge in the U.S. District Court for the District of Utah Central District found that Novell is the owner of the Unix and UnixWare copyrights, dismissing SCO's charges of slander and breach of contract.

The judge also ruled that SCO owes Novell for SCO's licensing revenue from Sun Microsystems and Microsoft. SCO is obligated to pass through to Novell a portion of those licenses, the judge said.

In the ruling, the judge said SCO must pay Novell, but the amount will be determined in a trial, said Pamela Jones, founder and editor of Groklaw, a Web site that follows open-source software legal issues.

In another major blow to SCO, the judge said that because Novell is the owner of the Unix copyrights, it can direct SCO to waive its suits against IBM Corp. and Sequant. "SCO can't sue IBM for copyright infringement on copyrights it doesn't own," Jones said.

Effects of the Decision
The ruling is good news for organizations that use open-source software products, said Jim Zemlin, executive director of the Linux Foundation. "From the perspective of someone who is adopting open-source solutions to run in the enterprise, it proves to them that the industry is going to defend the platform, and that when organizations attack it from a legal perspective, that the industry collectively will defend it," he said.

The decision is "abysmal" news for SCO, according to Zemlin. "Their future is looking bleak," he said. SCO did not reply to requests for comment.

AT&T Wiretapping Case Headed for Hearing

A federal appeals court will hear arguments next Wednesday on whether to stop a class-action privacy suit that is based on allegations that the government and AT&T Inc. have been working together in an illegal wiretapping program.

The Electronic Frontier Foundation (EFF) brought the case in a U.S. District Court in San Francisco last year on behalf of Tash Hepting and other AT&T customers. The suit alleges AT&T cooperated with the National Security Agency to conduct surveillance of millions of customers' communications illegally, violating the customers' privacy. Another case, Al-Haramain Islamic Foundation v. Bush, has been consolidated with the Hepting suit. The Al-Haramain case involves claims the government illegally wiretapped calls between the charity and its lawyers.

The Hepting vs. AT&T case has galvanized critics who claim the U.S. government is overreaching its constitutional bounds in its fight against terrorism. Congress recently expanded the government's powers to conduct wiretapping without a warrant, which EFF said makes its case more critical than ever.

The U.S. Department of Justice (DOJ) filed a motion in the district court last year to stop the Hepting suit, saying a trial would reveal important state secrets. The judge in the U.S. District Court for the Northern District of California, Vaughn Walker, rejected that motion last July. The government immediately asked the U.S. Court of Appeals for the 9th Circuit, also in San Francisco, to halt the case.

It has taken this long for the appeals court to hear that appeal even though it was expedited, said Cindy Cohn, legal director of the EFF. The nonprofit digital rights group believes the wiretapping is continuing and wants it stopped quickly, she said.

US Gov't Plans Changes in Air Passenger Screening

A proposed revamp of the U.S. Department of Homeland Security air passenger screening program offers improved privacy protections, but the agency still has a ways to go, said one privacy advocate.

DHS on Thursday announced initial plans for an overhaul of its Secure Flight program, with the agency no longer no longer assigning risk scores to passengers or using predictive behavior technology, DHS Secretary Michael Chertoff said at a press conference. But the Transportation Security Administration, part of DHS, will have direct control of checking domestic passenger lists against terrorist watch lists, instead of the airlines, Chertoff said.

"Unfortunately, as a lot of travelers know, this process sometimes leads to inconsistencies in how the list is checked and how it's maintained by the airlines, and the result of that is frustration for travelers," Chertoff said.

DHS has "made progress" on privacy issues, said Marc Rotenberg, executive director of privacy advocacy group the Electronic Privacy Information Center (EPIC). DHS is right to focus on matching passenger names to terrorist watch lists instead of trying to predict behavior, he said.

"Instead of open-ended profiling ... the revamped Secure Flight focuses on the problem at hand," he said.

But privacy problems remain, Rotenberg added. Air passengers still cannot see the reasons why they're targeted for extensive searches or kept off flights, and they cannot correct bad information on the terrorist watch lists, he said. "The problems with the watch list are still valid and are not going away," he said.

Skype Outage Continues For Some, Businesses Affected

Almost 36 hours after a software problem caused widespread outages in eBay Inc.'s Skype service, engineers continue to work to fully restore this extremely popular Internet telephony and instant messaging service, while many business users deal with work disruptions.

Although steady progress was made throughout the day Friday, the problem, which has affected millions of Skype users, hasn't been fully fixed,

At midnight GMT Friday, an official provided the latest update on Skype's Heartbeat blog, saying that the sign-on problems have been resolved, but that the instant messaging presence and chat may take a few more hours to be fully operational for all.

"If you are one of the minority who may still be experiencing problems, please be patient. You do not need to adjust or restart your computer. Skype will start working for you very soon," wrote Villu Arak [cq]. "We will issue a further update when we know that Skype is functioning normally, or if there is further material news."

The widespread software problem, which centered on the system's ability to log users into the service, has particularly stung people who use Skype for business. Skype estimates that about 30 percent of its users employ Skype as a work-related communications tool.

"The outage has had quite a profound effect on my working day, and has meant spending time setting up other chat clients and networking with colleagues via alternative means," Michael Pick, a freelance blogger and social media consultant, wrote in an e-mail interview Friday.

Based in Japan, Pick works from home and has clients and colleagues all over the world, many of whom also work from their homes. "I guess that might make us a particularly dependent group on Skype," he wrote.

EBay Says Skype Was not Attacked

Skype has not been attacked, eBay Inc. said Friday, dispelling rumors that Russian hackers took down its popular online telephony service.

For more than a day now, millions of Skype users have been knocked offline by a major service outage that has crippled the service. By Friday morning, things had improved for some users, but many were still unable to connect.

EBay attributes the outage to a problem in a Skype networking algorithm, but code has been posted to a Russian security discussion forum that could supposedly be used to knock the service offline in a DOS (denial-of-service) attack.

The code, which was published anonymously, appears to be capable of forcing Skype's servers to freeze up, said the discussion forum site's editor, Valery Marchuk, in a posting to the Full Disclosure security discussion list. "Reportedly it must have caused Skype massive disconnections," he wrote.

Not necessarily so, say researchers who looked at the code Friday.
The code is designed to repeatedly launch Skype and overwhelm the server with information, said Andrew Storms, director of security operations with nCircle Network Security Inc. "But I couldn't say if it would have this kind of potential DOS effect on all of Skype," he said via instant message.

The code simply would not work as advertised, said Stefano Zanero, chief technology officer with Secure Network SRL. "The attack code is fake, no doubt on that," he said via instant message. "I don't think this is the cause of whatever is happening to Skype."

EBay's Villu Arak addressed the issue directly in a Friday blog post, saying that neither hackers nor a recent technology update were to blame.

"Neither Wednesday's planned maintenance of our Web-based payment services nor any form of attack was related to the current sign-on issues in any way," he wrote.

American Airlines Sues Google over Keyword Ads

American Airlines Inc. Thursday filed a lawsuit against Google Inc., claiming the search company is infringing on the airline's trademarks by using them as keyword triggers for paid advertisements by other companies.

By bringing the lawsuit, filed in U.S. District Court for the Northern District of Texas, Fort Worth Division, American wants to stop competitors from using those trademarks to trigger their own advertising on Google.

Neither Google nor American could be reached for comment.

"Without authorization or approval from American Airlines, Google has sold to third parties the 'right' to use the trademarks and service marks of American Airlines or words, phrases, or terms confusingly similar to those marks as 'keyword' triggers that cause paid advertisements, which Google calls 'Sponsored Links' to appear alongside the 'natural results," the lawsuit said.

When a user performs a search on Google's site for the words "American Airlines" to search for flights on American, the user may be redirected to the Web site of a competing airline, a Web site that sells American Airlines travel services or the services of other airlines, or Web sites that have nothing to do with air travel at all, according to the lawsuit.

This happens because those other companies pay Google to get links to their Web sites placed at the top of the list of sponsored links -- on the right hand side of the search results page -- when a user's search terms match certain keywords, such as American Airlines. The companies buy those keywords from Google.

Stylus C120 Billed as 'World's Fastest Doc Inkjet'

Epson America calls its new Stylus C120 "the world's fastest laser-quality document inkjet printer." The new printer outputs at up to 37 pages per minute in black and white or 20 pages per minute in color draft model. The C120 costs $89.99.

The C120 uses Epson DuraBrite Ultra pigment inks, which the company says produce smudge and water-resistant text and images on plain and photo paper. It's also fade-resistant. Each ink color is contained in a separate cartridge, and the C120 utilizes dual black ink cartridges for longer life.

The printer also sports auto photo correction capabilities and can print border-free photographs in sizes from 3.5 x 5 inches to 8 x 10 and letter sizes. It can support paper up to 8.5 x 44 inches.

The Stylus C120 connects to a host Mac or PC using USB 2.0 and is compatible with Mac OS X v10.2.8, 10.3.9 or 10.4.x or later.

Dell Gives Trialware the Heave-Ho

Not interested in all of the trial software that clutters up new PCs? You're not alone: According to Dell's recent research in both focus groups and broader surveys, small-business users overwhelmingly view trialware as an irritant, not a benefit. That research has led Dell to axe the extras from its new Vostro line of small-business desktop PCs and laptops.

Eliminating demo applications is a major step for Dell, which has caught flack for the quantity of trialware on its consumer PCs. (One frustrated customer went so far as to develop a "Decrapifier" utility. The company says that consumers who buy PCs for personal use do express interest in preloaded trial software, but that small-business users have different needs. By eliminating the trialware from Vostro machines, Dell says it has cut the system setup time in half.

For now, Dell is the only major PC manufacturer to ship small-business systems without preinstalled trialware as a standard practice. (Some competitors, such as HP, allow customers to choose a no-trialware configuration.)

New Wi-Fi Draft Ensures Compatibility

More than a year after the first products based on an initial draft of the superfast 802.11n Wi-Fi standard arrived, a second draft--reinforced by Wi-Fi Alliance certification--appears to have solved the interoperability and stability problems we saw in the initial crop. But our informal tests of the first certified products also suggest that prices and performance vary widely as a result of issues that are unrelated to the standard.

We tested Belkin's $90 N (F5D8233-4), Buffalo's $99 AirStation Nfiniti (WZR2-G300N), D-Link's $180 Xtreme N Gigabit (DIR-655), and Netgear's $130 RangeMax Next (WNR834Bv2) first with their own matching PC Cards and then again with PC Cards made by each of the other three vendors. Connection utilities showed that in our tests at a midrange distance of 20 feet, all of them connected at theoretical single-channel draft-n speeds of up to 130 megabits per second (mbps). The Buffalo and the D-Link proved the fastest (see our chart on the next page), and the Buffalo's sub-$100 price makes it a good deal.

But actual throughput for different router-PC Card combos varied widely, from 6 mbps to 35 mbps. Why? In part, different chip sets are responsible; also, the routers and PC Cards had either two or three transmitting and receiving antennas. Generally the greater the number of antennas, the faster (and pricier) the gear.

Check Model Numbers
Some vendors are offering multiple draft-n products with different antenna arrays and other options, such as the D-Link's gigabit ethernet (which typically adds $50 to the price). Differences aren't always obvious from product names, so shoppers should note model numbers.

Draft-2.0 Wi-Fi certification also ensures compatibility with 802.11b/g and, when specified, 802.11a gear, and with the Alliance's WPA2 (Wi-Fi Protected Access) and WMM (Wi-Fi Multimedia) specs for security and streaming multimedia, respectively. As 802.11n is optimized for WPA2's strong AES encryption, AES improves performance compared with older (and weaker) software-based WEP and WPA security.

Nearby Wi-Fi networks using the 2.4-GHz band (all 802.11b/g networks qualify, as do 2.4-GHz 802.11n networks) can slow things down. Draft 2's "good-neighbor" policy (but not Wi-Fi Alliance certification) requires stepping down to single-band 20-GHz channels (the dual-band 40-GHz mode enables the fastest speeds) when a 2.4-GHz network that might otherwise be crowded out is sensed. This happened often enough that we decided to test in single-channel mode.

The bottom line for shoppers: Don't worry about interoperability, but be aware that performance will vary widely based on your equipment and on factors, such as nearby networks, that are beyond your control. No matter what you buy, coverage and throughput should be better than with older 802.11a/b/g gear, but look beyond the Wi-Fi Alliance's logo to choose the features you need.

Trojan Horse May Turn to Hyping Hurricane Dean

The 8-month old Storm Trojan horse may soon come full circle and take up touting Hurricane Dean, the Category 5 storm that slammed into Mexico Tuesday, security researchers said.

Storm, also known as Peacomm, started life in January as malware attached to messages that shilled fake news accounts of a massive series of wind storms that struck Europe. One of the first Storm-bearing messages dangled the subject head "230 dead as storm batters Europe" to tempt users into launching the file. Recipients who clicked on the attached executable were infected by the Trojan horse, which turned their systems into spam-spewing zombies.

Symantec Corp. researchers are betting that the malware's makers will try the same trick with Dean.

"We expect it to again come on the back of big news items," said Alfred Huger, vice president of engineering at Symantec's security response group.

Huger's prediction is based on analysis done by Hon Lau, a senior security response manager at Symantec. Hon's take, spelled out in a posting to Symantec's blog Tuesday, is that Storm's creators are, if nothing else, very adept at crafting socially engineered messages persuasive enough or tempting enough to get people to launch files or click on links.

"In particular, they have a knack for latching on to the latest newsworthy events and capitalizing on the public interest in them," Hon said. "And if no newsworthy events are happening at the time, then they will just make them up."

Although Storm, which Symantec calls Peacomm, is currently being spread by a different campaign inviting users to join various "clubs," ranging from cell phone ring-tone and photo groups to wine-tasting and cooking clubs, Hon expects to see Dean-related messaging soon. "As Dean lash[es] the areas around the Gulf of Mexico, don't be surprised to get e-mails about damage or death caused in its wake," he said.

"[Storm's makers] tend to try to take advantage of the newest news," agreed Huger, who also explained the likely motive. "I expect that they have a better take-up rate when they use news." But other than their social engineering skills, Storm's creators haven't impressed him much, even though others have fingered the malware as the basis for building large botnets that have unleashed record levels of spam, especially pump-and-dump, stock-scam junk mail. "It's about average," Huger said. "A little more sophisticated maybe, but it doesn't really stand out."

The reason why Storm has attracted as much interest as it has -- it's the most written-about piece of malware so far in 2007 -- is simple, said Huger. Security researchers sometimes fixate on one worm or Trojan horse or virus, perhaps because it's initially interesting. For whatever reason, some of those researchers "dive right to the very bottom" of the code, Huger added, a chore that's impossible to duplicate for every one of the hundreds of new worms and Trojan horses released each month.

Where one researcher treads, others may soon follow. And when lots of them pile on, said Huger, "all that research leads us to believe that this is unique or different, when in fact it's not."

EU Hopes Satellites Will Push Mobile TV

A European Commission plan to simplify the licensing of Europe-wide mobile satellite services could boost the nascent market for broadcast TV services over handheld devices.

With a general agreement on the DVB-H (digital video broadcasting - handheld) standard now in place, mobile operators across Europe are looking for economic ways of launching broadcast mobile TV services that send signals directly to handsets. While some companies plan to invest in building terrestrial systems to carry the signals, others are more interested in establishing mobile satellite services to provide coverage in not one but several markets, according to the Commission.

With its one-stop-shop proposal, the Commission hopes to overcome a current hurdle in Europe for providing satellite service: operators need to apply for a license in each individual country, which often have different regulations and requirements. A new body, organized by the Commission in cooperation with regulators in the member states, would be responsible for assessing applications based on common technical and commercial criteria and for selecting operators, which would then be authorized by national regulators.

The Commission hopes to win support for the new mobile satellite communications authority later this year when the region's telecommunications policy comes up for review.

Several European mobile phone companies, including Vodafone Group PLC, have expressed interest in mobile satellite technology for TV service as well as broadband data.

In addition to reaching consumers in rural areas and in more than one national market, satellite-to-mobile phone communications could also overcome Europe's tight spectrum availability.

Alcatel-Lucent SA, for instance, proposes using the widely available S-Band frequency reserved for satellites to transmit broadcast signals via satellite to mobile phones based on the DVB-H standard, instead of the UHF band. The UHF band is typically used for TV transmissions in Europe but has little or no capacity to spare.

The Alcatel-Lucent proposal calls for equipping base stations with S-Band repeaters and, in addition, using satellites capable of transmitting in the S-Band to deliver content to 3G (third-generation) phones enabled with DVB-H technology in three different ways: base-station streaming, base-station broadcasting and satellite broadcasting.