By Melissa Perenson
January 12, 2009

SAN FRANCISCO - Let’s get the bad news about the Fujitsu FLEPia out of the way: Right now, it’s only available in Japan. The good news is that Fujitsu is looking into bringing it to the U.S. Hopefully, the company will do so soon, as this flexible e-paper reader looks very promising.
The FLEPia unit on display here was customized for showing off in the U.S., but its interface was clean and colorful (underneath was Windows CE). It has a 1.2 second refresh rate, and the lightning fast scrolling compared with the Kindle and Nook.

This slim (12.5mm thick), 350-gram model was especially attractive given its color display–a 8-inch passive matrix touch screen which supports 64, 260K, and 4096K colors. There’s no backlight, yet images could look bright and brilliant since the display is designed to reflect back red, green, and blue ambient light. Also, it only uses power while redrawing the screen, so Fujitsu claims that the FLEPia can last for 40 hours per charge.

The FLEPia’s connectivity options are also fairly impressive; a USB 2.0 port, SD card slot, and Internet access via Bluetooth and Wi-Fi. In Japan, the FLEPia works with different mobile carriers, so we’ll probably see a similar arrangement for a US release. Does all of that sound good? Be prepared to set aside around $1000, which is roughly what it cost during the April 2009 launch in Japan.

January 2, 2009

When asked about what will happen in 2009, a rise in global epidemics was at the top of Kaspersky Lab’s prediction list.  Kaspersky Lab,  a leading developer of Internet threat management solutions that protect against all forms of malicious software, has seen that prediction to be true —  2009 was dominated by sophisticated malicious programs with rootkit functionality, Conficker, Web attacks and botnets, SMS fraud and attacks on social networks.

With the start of 2010, researchers and analysts from Kaspersky Lab have come up with a list of six predictions for what will be the New Year’s greatest threats and newest attack vectors.

1.       A rise in attacks originating from file sharing networks.
This year, we will see a shift in the types of attacks on users, from attacks via Web sites and applications toward attacks originating from file sharing networks.

2.       An increase in mass malware epidemics via P2P networks.
In 2009 a series of mass malware epidemics has been “supported” by malicious files that are spread via file sharing networks. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.

3.       Continuous competition for traffic from cybercriminals.
The modern cybercriminal world is making more and more of an effort to legalize itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. In the future, we foresee the emergence of more “grey” schemes in the botnet services market. These so-called “partner programs” enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.

4.       A decline in fake anti-virus programs.
The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake anti-virus programs in 2010. Conficker installed a rogue anti-virus program on infected computers. The fake anti-virus market has now been saturated and the profits for cybercriminals have fallen. Additionally, this kind of activity is now being closely monitored by both IT security companies and law enforcement agencies, making it increasingly difficult to distribute fake anti-virus programs.

5.       An interest in attacking Google Wave.
When it comes to attacks on Web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.

6.       An increase in attacks on iPhone and Android mobile platforms.
The year 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.

“Malware will continue to further its sophistication in 2010 with specific malware families requiring significant resources from anti-malware companies to adequately fight them,” said Roel Schouwenberg, senior malware researcher at Kaspersky Lab. “Third party program vulnerabilities will continue to be the target of choice by cybercriminals with Adobe continuing to be the main target. And finally I believe that with the introduction of real-time search, black hat SEO and social networks will become an even bigger focus of cybercriminals.”

By Gregg Keizer
Computerworld
December 23, 2009

Mozilla yesterday said that its planned overhaul of Firefox’s interface will be pushed back to Firefox 4.0, the major release now slated to ship before the end of 2010.

Previously, Mozilla said it would revamp the look and feel of its open-source browser in a two-step process , with part of the redesign debuting in Firefox 3.7 — a minor refresh scheduled for late in the first quarter of next year — with the rest following in version 4.0.

Mozilla’s interface plans, particularly those intended for Firefox for Windows, have attracted attention because the company last September said it would “ribbonize” the browser by borrowing graphics concepts from Microsoft ’s Windows 7 and Office 2007. Users blasted the idea.

Later, Mozilla clarified its intentions , saying that although it was going to eliminate the traditional top-of-the-frame menus in Firefox, it was not going to turn its browser into a graphical doppelganger of Office 2007.

Mozilla’s newest plans for Firefox 4.0 center around a so-called “App Button” that will take the place of the menus long-seen in Windows applications, said Stephen Horlander, a designer and longtime contributor to Firefox’s interface.

In a blog post outlining the single-button approach, Horlander said the App Button would replace the idea of a dual-button concept — one marked “Pages,” the other “Tools” — that Mozilla had previously considered. He acknowledged that the App Button, like the talk of “ribbonizing” Firefox, was borrowed from Microsoft. “[The] App button … is similar to the single menu approach taken by Windows 7 native applications [such as] Paint and WordPad, and by Microsoft Office,” Horlander said.

The App Button, which would appear at the top left of the Firefox window, would take up less space, consolidate all menu commands under one roof, and reduce clutter, he said.

Firefox 4.0 would also give users the option of moving the browser’s tabs to the top of the application’s display, a so-called “tab-on-top” look that other browsers, notably Google’s Chrome, have adopted.

Mozilla’s browser will not, however, combine the search bar with the address bar — the latter is where the URL is entered or appears — as does Chrome. “With the LocationBar containing an increasing amount of functionality it may be best to retain a clear distinction between the two fields,” said Horlander, referring to Mozilla’s name for the address bar.

Horlander posted numerous screen shots of the Firefox 4.0 interface design ideas on his blog, including a head-to-head comparison between the revamp and the current look and feel in Firefox 3.5.

User reaction, as judged by the nearly 100 comments left on Horlander’s blog since yesterday, were generally positive. Most of the criticism came from users who were disturbed by what they saw as the “Chromifying” of Firefox, that Mozilla’s browser was too anxious to copy the look of Google’s Chrome.

“Firefox should be careful not to just chase Google too much, though,” said a user identified only as “Woody” in a comment added yesterday to Horlander’s post. “Chrome is Chrome, Firefox shouldn’t try to play catch-up … they should stay innovative.”

“Trying to copy ideas from Microsoft Office and Google Chrome must lead to a big fail,” warned another user.

People uncomfortable with the change will be able to restore the more familiar menu bar, Horlander promised.

According to a recently published timetable , Mozilla will ship a public review of Firefox 4.0 in June 2010, and final code in the fourth quarter.

By JR Raphael
December 22, 2009

Facebook is getting into the year-end spirit by releasing its list of the top words found in U.S. Facebook status updates during 2009. The social network calls its list “Memology: the study of how ‘memes,’ or new ideas and trends, are spreading on Facebook.” To determine the list, Facebook grabbed the most popular one-to-four word phrases found in status updates this year, and then compared each phrase to 2008 trends to determine the most popular phrases of 2009.

The result of all this data mining is the following list of 15 topics:

1. Facebook Applications (Farmville, Farm Town, Social Living)

2. FML (F*&$# My Life)

3. Swine Flu

4. Celebrity Deaths (Michael Jackson, Patrick Swayze, Billy Mays)

5. Family

6. Movies (New Moon, Transformers, Star Trek, The Hangover, Paranormal Activity and Harry Potter)

7. Sports (Steelers, Yankees)

8. Health Care

9. FB (aka Facebook)

10. Twitter

11. Years

12. Lady Gaga

13. Yard

14. Religion

15. I

The past year was the year of farms and aquariums on Facebook, but one thing the social network neglected to mention were the series of reports by TechCrunch alleging that popular applications like Farmville and others were scamming users. References to Michael Jackson and other celebrity deaths also proved popular fodder for Facebook chatters, as did the more popular movies of the year.

The term “I” might seem to be an odd one to make the list, but, as Facebook’s blog notes: “Until March of 2009, people updated their status in a box that appeared next to their name on the home page and, consequently, many updates started with the word ‘is.’ Once that box no longer was shown next to people’s name, the usage of “is” dropped off dramatically and usage of “I” doubled almost overnight.”

While the social network made its own memology list under the moniker FB, one notable exclusion from Facebook’s list is any mention of the privacy concerns that dogged the company during 2009.

First there was the flap over Facebook’s changes to its privacy policy earlier this year, which almost resulted in a formal complaint to the Federal Trade Commission by the Electronic Privacy Information Center. Then, earlier this month, Facebook finally shuttered its oft-maligned Beacon program, and shelled out $9.5 million to fund a new privacy advisory board. Finally, there were the latest changes to Facebook’s new privacy settings from just a few weeks ago.

While some of these privacy issues may have gone unnoticed by Facebook status updates, the latest changes to Facebook’s privacy settings did spark updates like this, “If you don’t know, as of today, Facebook will automatically index all your info on Google, which allows everyone to view it…Facebook kept this one quiet. Copy and paste onto your status for all your friends ASAP.” That information turned out to be wrong, but so many Facebook users promoted this misinformation using their status updates, the social network felt compelled to issue this pop-up notice to its users:

But in a nod to the problems it faced this year, Facebook did say in its memology blog post that all personally identifiable information was removed from status updates during the year-end data mining exercise. The company also said no one at Facebook ready actual status updates in compiling this list.

By Gregg Keizer
Computerworld
December 19, 2009

Hackers redirected Twitter.com’s traffic to a rogue Web site for more than an hour Friday by accessing its DNS records using an account assigned to Twitter, the company that manages Twitter’s DNS (Domain Name System) servers said.

Twitter initially blamed the early-Friday hour-long blackout of its site on changes made to the company’s DNS records, which act like a telephone directory to match the twitter.com domain name with the IP addresses used by its servers.

“Twitter’s DNS records were temporarily compromised, but have now been fixed,” the company said on its service status page at 2:30 a.m. ET. “We are looking into the underlying cause and will update with more information soon.” The status page has not been revised with more information since then.

Twitter uses a New Hampshire firm, Dyn Inc., to manage its DNS records, which match Twitter’s domain name (twitter.com, and numerous others) with the IP addresses of its servers.

Today, Dyn denied that its infrastructure had been hacked. Early Friday, Tom Daly, Dyn’s chief technology officer, told the Washington Post it appeared someone changed Twitter’s DNS records to point visitors to a different IP address using the proper account credentials assigned to Twitter.

“Someone logged in who purported to be a legitimate user of their [DNS] platform account and started making changes,” Daly told the Post ’s Brian Krebs . “It was not a failing on our systems whatsoever.”

Kyle York, Dyn’s vice president of marketing, echoed that in an interview with Computerworld. “No unauthenticated e-mail address associated with the account accessed the [Twitter] account,” York maintained. “This was not an unauthorized breach of our system.”

When asked whether the Twitter account had been used by someone authorized to do so, or if those account credentials had been pilfered by hackers, York declined to answer directly. “You’ll have to read between the lines,” he said. However, he did point to a tweet on Dyn’s own Twitter feed as having the right explanation.

That tweet referenced a story on The Tech Herald , in which reporter Steve Ragan used the clues available, including Dyn’s public statements, to theorize that someone compromised a Twitter staffer’s e-mail account, presumably via malware that snuck onto the Twitter employee’s computer, or through a standard phishing-style identity theft attack.

Once in control of the e-mail account, the hackers then used it to request a password reset for Twitter’s account with Dyn, Ragan speculated. “The password reset process is completed, and at this point the person(s) posing as a Twitter staffer gets the reset password via e-mail,” Ragan wrote.

That approach makes the most sense, agreed Ray Dickenson, chief technology officer at security vendor Authentium. “That’s the most logical explanation,” said Dickenson. “If someone obtained administrator credentials for Twitter’s account with Dyn, or even if it was inside job, everything worked except the human element.”

Dickenson said Dyn’s claim that its servers had not been officially hacked is also likely true. “It’s very difficult to directly hack a top-tier DNS provider,” he said, noting that security at such firms is extremely tight. “You’ve got to believe that Twitter looked at the options, and made the right choice when it went with Dyn. Twitter’s a huge site, and a huge brand.”

Also in Dyn’s favor, said Dickenson, is the company’s contention that only Twitter’s DNS records were altered, a fact that York stressed. “The fact that virtually all of Twitter’s records were pointing to this defaced site, and that no other [Dyn] customers’ records had been altered, corroborates what Dyn’s saying.”

According to York, Twitter will post a more detailed explanation of the cause of the outage later Friday. “It will fully exonerate us, that’s one thing I can say,” York said.

Twitter has been on shaky security ground for some time. Last August, determined distributed denial-of-service attacks knocked it offline for several hours. Two months before that, a hack of a URL-shortening service redirected millions of Twitter users to an unintended destination.

By Sumner Lemon
IDG News Service
December 18, 2009

Microblogging site Twitter went offline for a while Friday after hackers calling themselves the Iranian Cyber Army apparently managed to change DNS records, redirecting traffic to another Web page.

Instead of the usual Twitter Web site design, visitors to the site instead saw a black screen with an image of a green flag and Arabic writing. The defaced site also included a message that said, “This site has been hacked by Iranian Cyber Army,” and an e-mail address.

Whether or not Iranian hackers are responsible for the attack wasn’t immediately clear. However, Twitter and other Internet sites have been used by Iranian opposition groups and protestors to share details of anti-government protests in that country.

Twitter blamed the outage on changes made to the company’s DNS (Domain Name System) records, which match the company’s domain name with the IP addresses of its servers.

“Twitter’s DNS records were temporarily compromised but have now been fixed. We are looking into the underlying cause and will update with more information soon,” Twitter said on its Twitter Status page.

Based on Twitter’s account of the attack, it’s possible that the company’s servers were never compromised. The actual attack may have instead targeted Dyn, the DNS service provider that manages Twitter’s DNS records, according to whois records.

While the outage left Twitter users cut off from the service for about an hour, the type of attack wasn’t serious, according to Dhillon Andrew Kannabhiran , founder and CEO of Hack In The Box, a Malaysian company that runs security conferences in Europe, the Middle East and Asia.

“Yawn, is my comment. It was a simple defacement. So what?” Kannabhiran said.

By JR Raphael
December 18, 2009

Susan Boyle may not have won the top spot in “Britain’s Got Talent,” but the big-voiced Brit has just achieved a far more impressive feat: Her video has taken the title of most watched clip on YouTube in 2009.

YouTube released a list of its most popular videos of the year, taking into account aggregated views from all over the globe. And while Boyle’s inaugural television appearance was the most harmonious of the bunch, the other hot commodities were no less theatrical.

Here’s the full list of YouTube’s most watched videos of 2009.

5. Evian Roller Babies With more than 27 million views under its belt, this creative commercial for Evian water certainly grabbed the world’s attention. No word yet how many diaper changes were involved.

4. New Moon Movie Trailer Surprise, surprise: A lot of people watched the trailer for the Twilight saga’s New Moon movie. Thirty-one million, to be exact. Granted, even more people probably gazed at the assets in Christian Serratos’s revealing PETA ad — but that’s another story altogether.

3. JK Wedding Entrance Dance YouTube helped a small wedding make a big splash this year. Jill and Kevin, a couple from Minnesota, busted a move as they walked down the aisle — in fact, the entire wedding party got pretty jiggy, nuptially speaking. The wacky dancers went viral, attracting thirty-three million eyeballs over the course of ‘09.

2. David After Dentist A drugged-up little dude soared high on the YouTube charts, pulling in 37 million views worldwide. David, a seven-year-old boy, spouted off all sorts of nonsense following a trip to the dentist. Do his amusing antics warrant the massive merchandise and public speaking business that’s sprung up since the video’s success? God no. But at least they kept that Fred guy from being in this year’s top five.

1. Susan Boyle - Britain’s Got Talent As promised, the saucy Miss Boyle belted her way into YouTube’s most-watched spot for 2009. The clip of Boyle’s first appearance on “Britain’s Got Talent” garnered a whopping 120 million views across the world. Who’s the master of the house now?

By Dan Nystedt
IDG News Service
December 16, 2009

Microsoft may still face a lawsuit after apologizing for the theft of software code used in MSN China’s microblog service, Juku, from rival Plurk, a popular provider from Canada.

“We are definitely looking at all possibilities on how to move forward in response to Microsoft’s recent statement,” Plurk cofounder Alvin Woon said Wednesday. A “lawsuit is definitely one of the many options we have considered and will continue to look closely to,” he added.

Plurk fired off a blog posting early this week alleging as much as 80% of Juku’s code base was stolen from Plurk.

Microsoft apologized Tuesday, saying an outside company hired to develop Juku copied a portion of the code from Plurk. The statement from the world’s largest software vendor is at odds with one from MSN China early this month defending Juku as “a local innovation developed by MSN China … based on Windows Live Messenger networks.” The MSN China statement was a response to Chinese bloggers who early on called Juku a pirated version of Plurk.

The matter puts Microsoft in an unfamiliar position. The company has complained for years about the piracy of its software in China. In spite of its long experience with the issue, the software giant now finds itself apologizing for its failure to adequately safeguard the intellectual property of a rival code developer.

Microsoft could not immediately be reached for comment.

Dave Thompson, a spokesman for Plurk, said the company went ahead with its blog post accusing Microsoft of code theft only after determining willful intent was involved. “The client code and backend code on Plurk is still all proprietary and not easily accessible for anyone to just lift. Speaking technically, what makes our claim a little stronger is that Plurk’s client side code was obfuscated to begin with, so someone went in there and had to spend some real effort to unpack/reengineer the JS code and prettify it on their end,” he said.

(Owen Fletcher in Beijing and Nancy Gohring in Seattle contributed to this report.)

By Owen Fletcher
IDG News Service
December 15, 2009

Microsoft suspended a microblog-style site for Chinese users on Tuesday after the service was accused of copying programming code from Plurk, a Twitter rival popular in Asia.

Plurk this week alleged that MSN Juku, a service where users could share 140-character messages with friends on a scrolling timeline, appeared to have stolen up to 80 percent of its codebase from Plurk. In a blog post, Plurk showed screenshots and samples of similar JavaScript and CSS code pulled from both services.

Microsoft is looking into the allegations against MSN Juku, which a Microsoft joint venture in China hired a third-party vendor to develop, the company said in a statement. The service, still in beta and launched last month, could not be accessed on Tuesday. Microsoft promised to release further information as it learned more.

Plurk did not reply to e-mails or phone calls on Tuesday.

Online social networking is increasingly popular in China and Microsoft was just one of several big companies looking to tap the market, though Twitter and some of its local-language rivals have been blocked for months in the country on political grounds.

(Dan Nystedt in Taipei contributed to this report.)

By Nancy Gohring
IDG News Service
December 15, 2009

Microsoft’s Juku service in China did indeed steal code from Plurk, a popular Twitter rival in Asia, the software giant admitted on Tuesday.

Plurk alleged this week that about 80% of Juku’s code base was stolen from Plurk. Shortly after the accusations appeared on Plurk’s blog, Microsoft suspended the Juku service and said it was investigating the matter.

Now it says that a vendor working with Microsoft’s MSN China joint venture acknowledged that a portion of the code that it provided was indeed copied.

Microsoft was apologetic in its note. “When we hire an outside company to do development work, our practice is to include strong language in our contract that clearly states the company must provide work that does not infringe the intellectual property rights of others. We are a company that respects intellectual property and it was never our intent to have a site that was not respectful of the work that others in the industry have done,” Microsoft said in the statement.

The company has worked hard over the years to try to prevent the piracy of its own software. China, where the Juku service was developed, is one of the biggest consumers of pirated Microsoft software.

Microsoft said it is suspending the Juku service indefinitely and that it assumes responsibility for the situation. It apologized to Plurk and said it would reach out to the company directly to explain what happened.

Microsoft also said it will be working with MSN China to examine development practices and applications provided by vendors.

Plurk has not responded on its blog to Microsoft’s latest statement.