The Monster.com Mess

The last thing you need when you're unemployed is a bank account that's suddenly emptied. But that's exactly what some unwary users of employment search site Monster.com faced after identity thieves made off with the personal information of more than a million people looking for jobs.

How It Started
This still-developing story has enough nooks and crannies to confuse a gumshoe, but some facts are clear: Monster's resume database was looted, and the personal information taken was used to forge convincing messages that deposited password-stealing Trojans and ransomware on users' PCs.

Calculated and ambitious, the attack is striking for how it blended several elements--stolen credentials of legitimate users, phishing e-mails, Trojan horses, money mules and more--into a slick assault.

What We Know So Far
Was Monster.com hacked? No, as Symantec said immediately. Instead, the attackers accessed the resume database with legitimate usernames and passwords, probably stolen from professional recruiters and human resource personnel who use the "Monster for employers" section of the site to look for job candidates. But it wasn't until Thursday that Monster.com admitted as much. "By gaining unauthorized access to employer accounts, the software was obtaining job seeker contact information," a new alert said.

What was snatched from the database? Names, e-mail addresses, mailing addresses, phone numbers and resume IDs, said Symantec. Yesterday, Monster.com added that only about 5,000 of the people whose data was filched live outside the U.S. That squares with what Symantec's Amado Hidalgo said in an e-mail: The information-stealing Trojan was hard-coded to dig through only the "hiring.monster.com" and "recruiter.monster.com" domains, limiting their theft to the Monster USA site's database. "They only targeted the U.S. Monster site and not any other international Monster [Worldwide] Inc. sites, such as those in the U.K., Spain, etc.," said Hidalgo.

Yahoo to Shutter Yahoo Photos

Yahoo Inc. will shut down Yahoo Photos, one of its two photo-sharing sites, and focus all its efforts on its other photo-sharing site, Flickr.

Yahoo said it will close the site Sept. 20 at 6 p.m. EDT. Until then, users can move their photos to other photo-sharing services, including Flickr, Kodak Gallery, Shutterfly, Snapfish and Photobucket.

Yahoo said it will automatically move users' photos to the photo-sharing sites of their choice. In addition, users can download their original resolution photos to their computers. Users of the New Yahoo Photos can also get an archive CD for US$6.95 plus shipping from Yahoo's partner Englaze.

If users don't tell Yahoo what to do with the photos before the site closes, their photos will be deleted and will no longer be accessible.

"Of course, we hope you'll join us at Flickr, but we also realize that Flickr may not be for everyone," Yahoo said. "In the end, we want you to find the service that's right for you, and we hope you take some time to learn more about your options before making this important decision."

Yahoo Photo features in other Yahoo products such as Yahoo Mail, Yahoo Messenger and Mobile Web will also end, and users' photos will no longer be accessible from those services, the company said.

Site Auctions Software Vulnerabilities to top Bidder

There are many ways vulnerability information can get out to the industry but a controversial new site, auctioning such information to the highest bidder, may be the wave of the future.

The auction service, called WabiSabiLabi, lets potential sellers and buyers connect e-Bay-style, with timed bidding periods and minimum starting prices. Founders of the wslabi.com site say their auction house serves the researchers who discover vulnerabilities and often don't reap monetary rewards for their time and talent.

The business model is based on a practice that e-Bay shut down 16 months ago saying it promoted illegal activity. At the recent Black Hat show, published reports stated that 88 percent of respondents to an online poll said using such sites is dangerous. While it is accepted that researchers deserve to be paid for their work, selling to the highest bidder is frowned upon.

WabiSabiLabi disagrees, saying its e-marketplace, where any qualified buyer can bid, will actually discourage those who discover vulnerabilities from selling them on black markets to criminals who try to turn them into money.

The company says it checks out buyers and sellers before they can trade. "We are very aware about the risks of selling vulnerabilities, and this is why we subject buyers to deeper scrutiny, to minimize the risk of selling the wrong information to the wrong people," WabiSabiLabi says in its ethics statement. "We require non-anonymity from buyers and sellers alike. The stakes are just too high at this point in history."

Even so, the marketplace, which started business six weeks ago, is being eyed cautiously by entities dedicated to eliminating vulnerabilities quickly to avoid criminal exploitation.

"I don't think it's necessarily good for the community," says Jason Greenwood, the general manager of VeriSign's iDefense team, which pays bounties -- sometimes tens of thousands of dollars -- to researchers who discover vulnerabilities. "It will increase the perceived value of vulnerabilities, and the good guys already have trouble competing with the money you can get on the black market."

iPhone Unlocking Video Hits Web

A video showing the founder of a Belfast, Northern Ireland company unlocking the iPhone hit the Web early Wednesday U.K. time as proof that software exists that can unlock Apple's device for use with carriers other than AT&T Inc.

In the six-minute video, posted on the iphoneunlocking.com blog, John McLaughlin, founder of Uniquephones, is seen with a PC and an iPhone unlocking the device using software from his company.

In the video, McLaughlin takes the SIM (Subscriber Identity Module) card out of a Vodafone Blackberry device and puts it into the iPhone. He then makes two phone calls using the device. The video was shot at his house in Northern Ireland, he said.

The video, which was shot at McLaughlin's house in Northern Ireland, is of poor quality, as noted in his blog entry. "Sorry about the focus, it was done late night using a Nokia N95, but you'll see the process," he wrote.

Uniquephones already unlocks phones from many manufacturers, including Nokia and Motorola, and about 60 percent of its customers are in the U.S.

Eager to Unlock
The video is the second time someone has tried to prove a software-only method exists to unlock the iPhone. AT&T has a long-term contract with Apple to be the exclusive U.S. wireless carrier for the phone, a fact that has irked iPhone users who want to have the option of using another carrier's service. The iPhone isn't yet available officially outside the U.S.

The race to unlock the iPhone began as soon as the device hit stores June 29. Beginning last Friday, reports began to surface that a teenager in New Jersey had won. Seventeen-year-old George Hotz, who has since traded his unlocked iPhone for a new car, unlocked the phone via software and hardware modifications, the latter of which required soldering. However, most observers agreed that not many users would want to tinker with such an expensive device this way.

On the same day, a company called iPhoneSimFree.com and McLaughlin both claimed to have the first software-only unlocking method, but iPhoneSimFree.com was the first to show it to a credible third party, an editor of Engadget.com.

Facebook Cracks Down on Developer Spam

Three months after it opened its platform to outside developers, Facebook Inc. is taking steps to prevent some third-party applications from engaging in what the social networking company considers inappropriate actions.

Dave Morin, Facebook's senior platform manager, outlined late Monday in an official blog posting a series of changes in the capabilities it makes available to external developers.

In the blog posting, titled "Change is Coming," Morin states that the changes are designed to create an environment in which the popularity of applications is determined by how useful and entertaining they are.

For example, Facebook wants to stop developers from displaying big boxes in profiles that scream in capital letters messages like "ADD THIS APPLICATION!" to visitors, while hiding them from profile owners.

To that end, the latest release of the Facebook Markup Language -- version 1.1 -- changes how profile boxes display content, removing applications' ability to display profile content to visitors and hide it from profile owners.

"We did this so that the user is always aware of how they are expressing themselves to their friends through your application. This means no more yellow boxes that display 'Add this app!' in the profile box without the user knowing about it," Morin wrote. "We think this will help users make more informed decisions about the profile boxes they choose."

Meanwhile, this week, Facebook will shift how it measures application popularity in its applications directory away from total users and toward user engagement. "This will help inform users as they make decisions on which applications to add," Morin wrote.

The company will also remove e-mail from a notifications capability for developers to contact users who have adopted their applications. The reason is to crack down on what Facebook considers the spamming of deceptive and misleading notifications to its members.

Earlier this month, Morin posted a blog item about this problem, stating that Facebook had noticed developers misleading users "into clicking on links, adding applications and taking actions."

Facebook didn't immediately respond to a request seeking comment.

Logitech Offers New USB Headsets

Logitech on Tuesday announced its ClearChat Pro USB and ClearChat Comfort USB, two new USB-equipped stereo headsets with microphones. They cost $49.99 and $39.99 respectively.

The headsets are designed for users who make and receive calls on their Mac or PC, use their systems for gaming or music, and want to have a way to listen privately with the ability to communicate with others using built-in microphones.

The ClearChat Pro USB features tuned audio drivers and a headset-based equalizer switch that optimizes audio performance based on whether you're listing to music, gaming or using Internet audio applications. The headset's mic is noise-canceling and is on a flexible boom. The boom also emits a soft, red glow when muted.

The ClearChat Comfort features a padded headband and plush earpads. It's also equipped with inline volume and mute controls.

System requirements call for Mac OS X v10.2.8 or later and an available USB port.

Some Users Critical of Revamped Digg.com

Digg.com Monday unveiled an updated home page that allows users to see both news and video on a single page.

The new page aims to address user complaints that videos have been hard to find on the site because they're isolated, noted Daniel Burka, Digg's creative director, in a blog post.

"Bringing [videos] back into the stream on the home page will hopefully bring more life to videos on the site," Burka wrote. "If you prefer just news or only videos, you can easily customize your view by setting either as your default home page."

To give the page a "cleaner look" and make it more functional, Digg also tweaked the page and story summary layouts, streamlined the navigation and provided more customization options, he added. Users now can vote down stories without choosing a reason, Burka said.

Digg also disclosed plans to roll out a dedicated images section in October and to improve the new comments system rolled out in June, to the dismay of some of its users. Digg founder Kevin Rose noted last week that the company is working to speed up the comments system and make it easier and more lightweight.

Reaction from users was mixed, with many criticizing the changes and others continuing the ongoing demands Digg overhaul its new comments system.

Albion, for example, wrote, "Digg this is terrible! Have you ever heard of keeping it simple? What was wrong with the old navigation system? It was so much easier to navigate. What about navigating to different sections - probably the thing most people do most - you now have added more clicks and more thought. Have you not learned from the comment system? Don't fix what ain't broke."

A user posting as Peep wrote that Digg "shouldn't change things for change's sake. Maybe you should bring people in on the function side as opposed to the form side. You have grown beyond your small core who would like nothing better than to do endless beta testing for you. The only ones who you actually have a hope of intentionally clicking on those shiny new Microsoft ads are not going to like change unless it offers something new and more useful then what is already in place."

At TechCrunch Duncan Riley blogged that the "overall look feels a little more feminine. The inclusion of videos on the front page seemingly interrupts the flow of Digg stories as you scroll down the page."

However, Frogman54 noted on Digg that "I don't care how hard you try. You can't please these nerds. They love to complain too much."

Calling Rock Star SysAdmins

So you think you can sing? If so, check out the latest contest from the group that created the SysAdmin of the Year award.

Now in its second year, the award encourages companies to vote for one of their own IT staff members to receive the honor. It was inspired by System Administrator Appreciation Day, an annual day of recognition for all the technical work that typically goes unnoticed. This year's SysAdmin of the Year contest challenges IT pros to display yet another of their talents: their song-writing and singing skills.

The Web site asks visitors: "Is your sysadmin a rock star?" And it seems some people believe they might be. For instance, lyrics posted on the song contest's Web site and credited to Eric "Maverick" Garner put the daily duties of a systems administrator to music. Here is a sample: "I download all the patches and fixes/ and countless system updates/ I push 'em out to all the servers/ so nobody escalates."

The chorus goes even further and sings the praises of the system administrator: "SysAdmin Rockstar, I'm your IT go-to guy/ SysAdmin Rockstar, I'll make it work, do or die."

Sponsored by IT search management vendor Splunk, the contest challenges potential candidates to "record your own vocal track and enhancements to the SysAdmin Rockstar song"; the company will award the creator of the best version a US$500 Amazon.com gift certificate; three runners-up each will get a $100 Amazon.com gift certificate.

Judges include Jeff Bates, co-founder of Slashdot, Nagios creator Ethan Galstad and last year's SysAdmin of the Year Michael Beck, among others. Criteria for judging includes song originality, quality and degree of "sysadminism" -- or sense of humor regarding IT, according to Splunk officials.

The deadline for e-mailed song submissions in MP3 format is October 12.

This year's SysAdmin of the Year contest launched on the most recent annual appreciation day, which has been held on the last Friday in July since 2000. It wraps up with awards doled out at the Large Installation Systems Administrator (LISA) Conference in Dallas this November.

Prizes for SysAdmin of the Year include a Gibson Explorer guitar -- keeping with the rock star theme -- an Apple MacBook Pro, a trip to the LISA Conference and an enterprise license for Splunk IT management search software.

Other sponsors of the SysAdmin of the Year contest are SourceForge.net, Digg, NaSPA, LOPSA and Usenix's SAGE.

Panasonic Reports Steady Demand for Plasma

BERLIN (Reuters) - Panasonic expects demand for large plasma televisions to slide in the next two years but to hold steady after that at about 30 percent of the total market for large, flat-screen TVs, an executive said on Thursday.

"Plasma can keep 30 percent of the market in TVs of 37 inches and above," said Hiro Wada, who is in charge of product planning for visual products and display devices at Panasonic, a brand name of Matsushita.

He said plasma currently had 40 percent of that market.

Matsushita is the world's biggest maker of plasma TVs, which are losing ground to LCD (liquid crystal display) models as LCD technology for larger screens improves. It also makes LCD TVs in sizes up to 37 inches.

Fans say plasma gives better picture reproduction because it is self-illuminating, unlike LCD, which has to be backlit. But plasma's share of the flat-screen market has slid and rivals Sony and Sharp make only LCD TVs.

Matsushita is investing $2.3 billion to help double its plasma capacity in the next two years.

"In the plasma market, we want to stay number one," Wada said in an interview at IFA, Europe's biggest consumer electronics trade fair, which is being held in Berlin.

He said plasma technology's relative youth at only 10 years old compared with about 30 years for LCD meant plasma still had plenty of room to improve.

And he predicted that half of all flat-panel demand would be for TVs with diagonals above 30 inches by 2010.

He said he expected prices for TVs of 37 inches and above to fall by about 30 percent this year while prices for smaller TVs would fall by 10-15 percent.

Wada added that Matsushita aimed to sell about 2 million TVs this year in the United States, where it makes about 30 percent of its sales.

Asked whether he was worried that a U.S. consumer credit crunch could harm Matsushita's Christmas business there, he said: "We are a little bit concerned." He declined to elaborate.

Microsoft Releases Vista SP1 Beta to Limited Group

Microsoft Corp. released the beta of Windows Vista Service Pack 1 to a private group of testers, taking one step closer to the anticipated official launch in the first quarter of next year.

In late August, Microsoft for the first time offered a release schedule for the long-awaited SP1. At the time, the software giant said the beta would become available this month to between 10,000 and 15,000 testers.

One beta tester, Brandon LeBlanc, author of the Windows Experience blog, has already written about his experience with SP1.

In addition to a couple of minor user interface changes, he has noticed improvements to the overall responsiveness of his PC and laptop, which both got the beta software. He particularly noticed that resuming activity after the machines hibernate and copying files from one directory to another work faster.

LeBlanc also reported improved battery life on his laptop.

SP1 also appears to have solved some wireless networking issues he had, which caused his computer to lose connectivity often, especially after the laptop was hibernating. Since he installed SP1, that problem has gone away, he said.

Microsoft had promised that SP1 would include a speedier resume function following hibernation. It also said the update would include improved performance of Internet Explorer 7, particularly for Web sites running AJAX.

Microsoft will distribute SP1 via Windows Update, its automatic update service. Alternatively, corporate administrators can use a standalone version of SP1 in conjunction with other programs they may use to distribute software to computers.

Also on Monday, Microsoft released the initial Release Candidate (RC0) of Windows Server 2008, code-named Longhorn. That means customers can download and try out the latest version of Windows Server 2008, including for the first time a preview of Viridian, Microsoft's virtualization technology. The release of the RC0 means that development and testing are progressing and that the server code is entering the final stages of testing, Microsoft said.

Demo: Info Access Startups Take the Stage

The annual Demo conference, where startups vie for the attention of VCs and established technology firms with fat wallets and a yen to buy something, is once again a reflection of what's hot in the high-tech industry.

Access to and the sharing of information is this year's theme with companies demonstrating tools for team collaboration, tracking online information, information filtering, and a technology that is harder to explain than use: Turning the Web in a participatory medium for bookmarking, clipping, and discussion sharing.

Diigo is both the name of the product and the company that turns a Web site into a "participatory" site, according to Wade Ren, CEO and co-founder. "Diigo doesn't need enterprise adoption to work, but the more people who do adopt it, the better it is," says Ren.

Diigo allows users to highlight portions of a Web site and add comments, using the design concept of a sticky note or a cartoon bubble. The note is persistent, so next time the user opens the site, the note will be there. The tool is a browser plugin that can be downloaded and placed in the IE or Firefox tool bar. While wikis like Wikipedia make sets of pages writable and editable, Diigo makes the entire Web a writable media, according to Ren.

Taking sharing one step further, if Yuugu were a restaurant, it would serve meals family style. Yuugu, Japanese for fusion, allows users to share their screens in real time with an unlimited number of users.

Although Yuugu has been available as a client download, the big news at Demo is that the company will be launching a Web 2.0 version that allows users to share or publish screens to the Internet with the click of a button. Built around the shared screen are an IM client and a Web conferencing tool.

The Yuugu service is free, but according to Anish Kapoor, the CEO, companies who license and offer the technology will be upselling additional business services, such as audit trails for IM and screen sharing or offering personalization and rebranding of the technology. Target markets include U.S. project team managers communicating with offshore developers and cross-platform collaboration between business.

Microsoft Packaging Scratching Halo 3 Discs

Anecdotal evidence suggests that Microsoft special packaging is to blame for scratched Halo 3 discs on arrival.

Two reports, including internal GamePro findings, show that the retention nub of the Halo 3 Collector's Edition fails to keep discs into place. As a result, discs freely roam inside the special packaging and become slightly scratched.

The minor scratches appear to be aesthetic, however. All affected discs reportedly play as intended when inserted into an Xbox 360. Still, it's impossible to tell at present if scratches will become a problem moving forward.

Microsoft CEO Steve Ballmer promised in July that his company would be "world-class when we do hardware" after it was revealed that an abnormal number of Xbox 360 units fail. A month later, Microsoft sent Halo 3 to manufacturing.

While the issue may seem expendable, prospective Halo 3 buyers must pay US$70-$130 before taxes for the added game content. Standard game discs, which are housed in traditional casing, retail for $60.

Microsoft was not immediately available for comment.

IBM's Symphony Hitting Wrong Notes, Reviewers Say

Early user reviews of IBM's new Lotus Symphony office software suite are unlikely to be music to IBM's ears.

While testers praised Symphony's slick interface, they also said the software, which is still in beta, has performance and feature-set problems. Users reported that Symphony starts up and runs slowly, requires much larger amounts of memory and hard drive space than OpenOffice (the software on which it is based), and sports fewer features than the free OpenOffice or its US$70 sibling, StarOffice from Sun Microsystems Inc.

Blogger Udo Schroeter wrote that while he was "somewhat blown away by the [Symphony] user interface," his overall verdict was that "a new UI skin with no real depth is not enough reason to switch [from OpenOffice]."

"Overall, I don't see this as an Office killer," blogged another tester.

That's not surprising, according to an OpenOffice.org official. John McCreesh says Symphony's shortcomings are less a reflection of its OpenOffice foundation and more a result of its reliance on obsolete OpenOffice source code.

Symphony "runs like a dog and has a pretty amateurish appearance," blogged McCreesh, who is OpenOffice.org's marketing project lead, late last week during the organization's annual developer conference in Barcelona. This "does beg the question as to why a company of IBM's stature should take software well past its sell-by date, and try and pass it off as a new product."

The latest version of OpenOffice, Version 2.3, was released last week. OpenOffice.org plans to release Version 3.0 by next spring or summer, according to a speech given at the Barcelona conference by Louis Suarez-Potts, OpenOffice.org's community manager.

Sun's StarOffice is also based on current OpenOffice 2.x code, which was first released two years ago.

Zigging where MS Office zags or just lagging?

In contrast, Symphony is built on code from OpenOffice 1.1.4, which was released in December 2004. That code has been heavily rewritten since then, said Don Harbison, director of the ODF Initiative for IBM, in an e-mail.

"Symphony is beta and is a work in progress... we are not finished," he acknowledged. But he also said that testers should not simply compare Symphony feature by feature against other office suites.

"IBM has little interest in chasing MS-Office's 'tail-lights'," Harbison wrote. "Lotus Symphony is powerful, simple, and focused. It provides all the tools and functions most businesses require without confusing features not required. ... In other words, no more, no less, than what is needed, as opposed to the alternative, which is wasteful, and unnecessary."

But early reviews for Symphony, gleaned by searching blogs via the Technorati Web site, indicate that IBM may have an uphill struggle trying to convince users.

One common complaint concerns Symphony's system load. Symphony requires 1GB of RAM and 900MB of hard drive space. In contrast, the Windows version of the latest OpenOffice, Version 2.3, requires just 128MB of RAM and half the disk space. The standard version of Microsoft Office 2007 requires 256MB of RAM and 1.5GB of hard disk space.

DVD Format Battles Continue

Sales of next-generation DVD players are not seen as likely to take off for another 18 months as consumers are still waiting for prices to fall and for the battle over two competing technologies to be resolved.

Referring to the high-definition DVD format war between HD DVD and Blu-ray, Forrester Research said in a report last week that while the two camps have "been fighting what seems to be a war of attrition for consumers' hearts and minds," few consumers are warming to either type of device.

Sony Corp backs the Blu-ray standard against Toshiba Corp's HD DVD.

Hollywood and electronics manufacturers hope new high-definition DVDs, with better picture quality and more capacity, will revive the slowing $24 billion home DVD market.

But the format war has curbed adoption in a way reminiscent of the Betamax-VHS videotape format battle of the early 1980s, experts say.

Forrester analyst J.P. Gownder stood behind his company's view that Blu-ray would eventually win out over HD DVD, but he said the Blu-ray camp needs to cut prices.

A stand alone Blu-ray player sells for about $500, while HD DVD players cost about $400, and prices are expected to drop further as the holiday shopping season nears.

Gownder said Blu-ray's content advantages are somewhat diminished since the recent decision by Viacom Inc's Paramount studio to commit exclusively to HD DVD. HD DVD hardware prices have also dropped into consumers' preferred price range, he said.

"Weakened by these developments, Blu-ray needs to offer a viable hardware model at the $250 price point by Christmas 2007," he said in the report. "The Blu-ray camp must also stave off further studio defections, and employ more aggressive promotional tactics to counter HD DVD's recent momentum."

Forrester said typical owners of high-definition televisions are not willing to pay more than $200 on average for a new HD DVD or Blu-ray player.

"Failure to alter strategy would open up Blu-ray to a possible upset defeat at the hands of HD DVD," Gownder said.