Volume 7, Issue 48 Atari Online News, Etc. November 25, 2005 Published and Copyright (c) 1999 - 2005 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: Kevin Savetz Fred Horvat To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm http://www.icwhen.com/aone/ http://a1mag.atari.org Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #0748 11/25/05 ~ Spyware Foes Push Law! ~ People Are Talking! ~ CCAG 2005 Update! ~ Browser Makers Agree! ~ Band Against Phishing! ~ Sony BMG Sued! ~ Sony Losing Gaming War? ~ 360 Reselling on eBay! ~ FBI Scam Alert! ~ Nigerian Scam Busted! ~ Hackers Hitting Apps! ~ No More Dots?! -* Desktop Configurator Released *- -* Kazaa Given Deadline, and Extension *- -* New Web Mail Is More Polished and Powerful *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" Ahhhhhhh!! I normally try to put my comments together on Thursday nights, but last night I was pleasantly recovering from our Thanksgiving feast! Our turkey this year came out really well - definitely in the top 5 best birds of my Thanksgiving "career"! It was just my wife and I this year, accompanied by the two 4-legged kids. None of the family felt up for travelling, so it was just us. Not to many complaints here because there are now more leftovers for us! But, I did miss the opportunity to spend some holiday celebration with family. After all, that is the holiday tradition. So, while I regale in more turkey and fixins' leftovers, let's get right to this week's issue. And while we do, I'll loosen up a notch or two! Until next time... =~=~=~= Desktop Configurator Released Simon Sunnyboy / Paradize has announced: The Desktop Configurator has been released. A small utility which allows you to select one of up to 10 individual DESKTOP.INF (or NEWDESK.INF) files from the AUTO folder of your hard disc so you can boot into a custom tailored desktop, e.q. one for games, one for coding, one for tools,etc.. Check http://paradize.atari.org/ This tool only manages selection of the DESKTOP.INF and nothing more. Most AUTO folder and DESKTOP.INF management tools offered too many unneeded features for me so I wrote this one. If it is of any use, feel free. =~=~=~= ->A-ONE User Group Notes! - Meetings, Shows, and Info! """"""""""""""""""""""" CCAG Show: December 4, 2005 CCAG Show Rescheduled to December 4, 2005 As some of you may be aware, we are allowed the use of the National Guard Armory in Lorain, Ohio because one of our committee members is a member of the National Guard. This allows us to hold this event very inexpensively and free to vendors and attendees. In order for us to hold CCAG at the National Guard Armory in Lorain, he must attend the event. Unfortunately, Hurricane Rita activated the National Guard unit that he is in which meant he was unavailable for the now previously scheduled event date of October 22, 2005. We have rescheduled the show to December 4, 2005, and have announced it via our email mailing lists and on this website. Link: http://www.ccagshow.com/ =~=~=~= PEOPLE ARE TALKING compiled by Joe Mirando joe@atarinews.org Hidi ho friends and neighbors. I sit here, Thanksgiving evening, stuffed after a delicious dinner of turkey with all the fixin's. I'll forgo my usual holiday speech about how much I love turkey... but I do. Anyway, as I sit here trying to justify the level of gluttony that I tend to achieve each holiday, I think back to the year that's past since the last Thanksgiving. It's been many things, but 'uneventful' wasn't one of 'em. There have, of course, been highs and lows throughout the past year, and we've muddled through the lows and soared through the highs. My father-in-law passed away earlier this year, and we're still smarting from that, but all in all, we're doing okay. And, even if we were doing as poorly as we possibly could, we'd still be in a lot better shape than a majority of people all over the world. That's a sobering revelation. It makes it all the more important that we stop and give thanks for all that we have. When I stop and add it all up, it's hard to come to any conclusion other than that I'm one of the luckiest EssOhBe's in the world. Okay, enough of that. Let's get to the news, hints, tips and info available on the UseNet. From the comp.sys.atari.st NewsGroup ==================================== 'Phantom' asks about system disks for different Atari computers: "Is there a Atari CD that contains all or most, System Disks for each Atari ST Computer? Or maybe a Online Site that has most all Atari Computer System Disk software? I am mostly looking for the System Disks for an Atari Stacey. Could also use the manual." Peter Schneider tells Phantom: "I don't think anybody needs a system disk for an Atari Computer. The system is to be found in the ROM chips. As far as I remember, the ancient system disks just provided BASIC or LOGO, but no interesting soft. And because Atari (yes, the brand still exists) or its buyer still holds the TOS' copyright, I'm afraid that there will be no such disk. Please correct me if I'm wrong. 'TJ' tells Phantom and Peter: "I don't think there is a problem with downloading Atari ST System disks as there is nothing more than BASIC, LOGO or HDx on it and they all came with every ST computer anyhow, so there should be no problem as long as the user has a ST computer. TOS ROM code on the other hand, is copyrighted as that is the actual OS which is burned in ROM. The only computer that loaded TOS from disk was the very early 520ST computer, and that TOS is very buggy and pre 1.0 anyhow." Phantom tells TJ: "I have been looking for that old TOS Disk that I have. As I said before, one can use it on a TOS 1.62 STE to run some very early games and programs that will not work on TOS 1.62. Crash Garrett is one game I remember that would not work on my STE unless I booted up the old Tos disk first. And I am fairly sure that the version of that TOS wasn't pre .99. It was 1.something. Don't recall the version, but am looking for the disk to make sure. It wasn't a System Disk. It was Grey and had TOS in big letters written across the label. If I do find it, not sure that I will upload it, if there's a conflict about ownership and etc. Even though ever Atari ST program out there has been copied and put into files for use on PC ST emulators. Even several versions of TOS on chips were made into images. I personally don't like the idea of using TOS chip Image Copies on PCs. Why not just get a ST or STE and use it instead. But that's my opinion." Phantom now asks about using a flat screen (LCD) monitor with his Falcon: "I am looking to update a few of my Monitors to Flat screens and was wondering if any are made that will support the the lower RGB ST Resolutions and still work fine with the Falcons VGA Resolutions and enhanced Resolutions. Anyone know of a Brand and Model that will do this?" Ronald Hall tells Phantom: "This is something that I've been looking at long and hard as well. What I've found so far, is that some of the newer LCD TVs that can double as computer monitors (with resolutions 1024x768 and higher) *should* fit the bill. Unfortunately, they are rather expensive! From Google searches I've seen models that actually list a horizontal freq of 15khz (which is what is required for RGB stuff). Try entering "15khz LCD TV" at Google, and you should get some of the same results I did. I checked through several brands and models. The cheapest I could find was 15" models for around $500-600 or so..." Daniel Mandic tells Ronald: "Hey man.... for this Money I could buy two of the 70CM (28") TV-Set, I use now (249 bucks "Welltech" at "LIDL" Foundation). With Black-Matrix CRT and Philips Tuner integrated. The Tuner is surprisingly working very well, obviously bez of Philips. Well, the Technology seems to be from the late eighties (Circuitry, Schematics etc.), but the TV is new, of course. The Picture is nearly as good, as my old (still working) Philips TV (also a Valvo-Tube integrated - already). The Philips is so old, I connected every HC I know (had/have) of. I got it 1983 :-) , at this time such tech costs about 1000 bucks. Today you can get it for the half-price. The best Tech till now, for watching TV, IMHO. Plasma does not endure the quarter of the time my Phillips does, and still do so :-) . LCD is nothing to speak of. Beamers are nice but make also clunky LCD pictures and need every 1000h a new lamp, nothing for people letting the TV-Set running for many hours a day. Well, LCD is at least economic (lower power consumption) for longtime-watcher, but you have to sit like an Elk in front of the screen to see something. Or a Remote controlled LCD Swivel-Arm ;-) Paying 500 bucks for a Micky Mouse-Screen and such a low-tech (256 color information) is below my understanding. Why pushed the Industry the PC to make colors beyond 24bit, when they make afterwards such a low-quality monitoring of that :-) ???? Well, It's sharper O.K. But did the PC industry not try to make smooth edges (pixel), going with computers? And now all this pixxy, clunky stuff comes back!? Investing GHz of CPU Power to anti-aliase it afterwards. I do that with my CRT and the Aperture Grill. Mechanical Anti-aliasing is the real Stuff. This all is for me a fundraising campaign. ;-).... Not with me. P.S.: The TV mentioned is fully digitally outfitted (where digital should be, hehe), with all controls needed. PIP!, Teletext. Receives smooth, afterglowed and fast analog Television, from the best analog TV-Stations of the World. PAL+, NTSC, PAL, 3 Scart, 1 Video IN, 1 S-video In, etc etc etc.... dark, black picture...depth of field, of course due to Analog TV." Ronald tells Daniel: "Daniel, thank you for that information. Unfortunately, from all that, I wasn't able to ascertain one thing - does it work with both (s)VGA and RGB modes on the Falcon? Also, I would find it rather difficult to put a 28" model on top of my Falcon Rack case. :-( I mean, without changing monitors, can you boot up to an SVGA screen, then run an RGB demo (say Hydroxyd or somesuch) without having to day anything else? That was really what I was talking about. Also, from the tech-specs on the models I was looking at, they achieve far greater colors than just 8bit/256..." Daniel tells Ronald: "Yes, I understood. Well, what about a Multisync 15-38KHz, 50-100HZ (85-90 nominal) or so. I saw Industry Monitors, ranging from 7-28 inches. B/W, color... everything. The Case is ugly, but the CRT are best. Black Matrix etc... Multisync!! The 28" one makes 15-40KHz... I could connect many different computer. Also PC-Games, as I play mostly 640x480 or 800x600. No VGA to RGB Converter needed anymore :-) Just connect a VGA-Plug and don't go over 38 (40) KHz." Stephen Moss asks about how to get a "modern" operating system to recognize 720K floppies: "I seem recall that someone posted some instructions for getting XP to recognize 720K floppies without having to set up a second OS. I know I printed to instructions out but seem to have lost them so if anyone out there know the answer could you please either post it again or E-Mail the instructions to me." 'Chris' tells Stephen: "I think the article was for formatting 720K not reading them in XP. As long as its formatted 720K on the PC then there shouldn't be any problems. XP itself does not seem to want to support 720K formats which is a little sad really." Greg Goodwin adds: "I wonder if there are freely distributable utilities for WinXP that can format in 720K. WinXP does appear to read the format well enough... Except that I am told by a tech acquaintance that some of the newer drives don't bother checking format and assume that all disks are 1.44k. I do hope he's wrong." Steve Sweet tells Greg and Chris: "One of them utilities is the Command-line format command Format /T:Tracks /N:Sectors " Chris adds this tidbit: "http://www.cps-electronics.co.uk/temp/a-720k.zip quick zip with a batch file, 1 liner, very easy " Ronald Hall now asks about swapping out hard drives: "I just bought a Mega STe, with a small internal HD. I've got a 4 gig SCSI drive that I would like to swap out. The original drive has Atari's AHDI driver on it, the 4 gig has HDDriver v8.15 or so. Is there any reason why I just can't swap (physically) hard drives out? The 4 gig HD has been formatted and run under TOS 1.04 while, of course, the Mega STe has TOS v2.06. PS The Mega STe is nice! Built like a tank." Dr. Uwe Seimet, author of HD Driver, tells Ronald: "In order to access more than the first GByte of this drive you need an ICD compatible host adapter. With the original MegaSTE adapter you cannot access more than the first GByte of a SCSI drive." Ronald asks Uwe: "Hmm, so does one have to disable the internal Mega STe adaptor? If so, how do you do that? Could you simply unplug the internal hard drive, and plug up an ICD adapter/hard drive to the Mega STe's ASCI port and go?" Uwe explains: "Yes, I think this is the way to go. If you have an external ICD compatible adapter you should be able to simply connect your drive to this adapter instead of the internal adapter." 'Phantom' tells Ronald: "Depending on how you want to use the Drives, you could use the small internal drive as a boot drive and still connect the Larger Drive to the DMA port using a ICD Link II/Link 97. That's what I did with mine. And it is probably possible to Boot off the external Drive while having a internal one installed. I think ICDs software allows this, Not sure if HD Driver does. You may have to use a Setup Disk in the internal disk drive to do that. I had something setup like this before when using the Spectre GCR cartridge. I had a hard drive just for it and booted up that drive only when I wanted to use the GCR cart. on the MSTE. Can this be done with HD Driver Uwe?" Uwe replies: "Any driver most likely supports this, even AHDI. TOS scans any hard disk drive for an executable root sector and it executes the first executable root sector it finds. Usually the code on this sector then initiates the bootstrapping of the actual hard disk driver." Well folks, that's it for this week. It's time for me to sit back and wonder why I always over-do it when having a turkey dinner. I sincerely hope that you who observe the holiday had a happy, healthy and safe day. 'Till next time, keep your ears open so that you'll hear what they're saying when... PEOPLE ARE TALKING =~=~=~= ->In This Week's Gaming Section - Sony Losing Grip In Console War? """"""""""""""""""""""""""""" XBox Owners Reselling on eBay! =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" Sony May Lose Grip in Next Game Consoles War Sony Corp., the maker of Playstation game consoles, may lose its iron grip on the market for game machines as rival Microsoft Corp. launches a new model just in time for the holiday season. Microsoft's new Xbox 360 will debut in the United States on Tuesday and in Europe and Japan in December, while Sony is not expected to launch its upgraded Playstation, PS3, until next spring. Analysts and game fans say PS3 is the sexier game machine with twice the processing speed of Xbox 360, next-generation DVD technology Blu-ray, and seven control pads that can connect wirelessly to the console. But Xbox 360 will have the advantage of being in time for the holidays with an initial line-up of 18 games including surefire hits like "Need for Speed Most Wanted," "Ridge Racer 6" and "Madden NFL 06." Sony, the world's second-largest consumer electronics maker that dominates the console market with its Playstation 2 (PS2), may lose more than 20 percentage points of its 70 percent market share with much of that going to Microsoft. "The risks are surprisingly higher than people think because unless they can replicate its 70 percent dominant market position, things are going to be very difficult for them going forward," said Hiroshi Kamide, a Tokyo-based game analyst for KBC Securities. Sony has a market share of roughly 70 percent and Microsoft and Nintendo Co. Ltd., which plans to launch its upgraded version some time next year, each hold 15 percent each. The risks to the company's healthiest business would come at a time when the overall group is struggling to turn itself around after its mainstay consumer electronics business stumbled. Wedbush Morgan Securities said in an industry report in July that it expected worldwide PS3 and Xbox 360 sales to be tied at 23 million units each in 2007. Sony said it was not concerned. "We will launch according to our own agenda and strategy," said a spokeswoman for Sony Computer Entertainment, adding that it planned to compete this year with a diverse line-up of PS2 and Playstation portable games. Sony has not disclosed the price of its PS3, but analysts expect it to be the most expensive console ever, costing as much as $500 versus PS1 and PS2's $300 price tag when they debuted in the United States in 1995 and 2000. Microsoft, which aims to get its consoles into living rooms around the world this holiday season and build momentum by Christmas 2006, is offering a $300 and $400 package for Xbox 360. A year from now, Microsoft is likely to be hitting its stride with even more games that take fuller advantage of the new machine's fast speed while Sony is still working on gaining momentum, analysts say. "PS3 will do very well, but it's said that development costs will be high and it'll take longer to make games, so it's likely that it won't have a full line-up of games until the end of 2006 or the beginning of 2007," said Hirokazu Hamamura, president of Enterbrain, the publisher of leading game magazine Famitsu. The quality of the game line-up can make or break a console's popularity. The Playstation series have remained at the top of the market because of the high quality of games whereas the first Xbox is said to have failed in Japan when it launched in February 2002 because of the lack of appealing games. Despite the possibility of losing market share, analysts say not all is bad for Sony which plans to introduce its advanced "cell chip" in the console. The cell chip is significantly more powerful than Intel Corp.'s Pentium 4, the most common chips for PCs and game machines. Sony plans to use the chip in other electronics such as home servers and flat televisions. The company could also sell its chip to other manufacturers. Sony's game unit reported a 79 percent rise in revenues to 214.2 billion yen in the July to September quarter, outpacing the financial unit, whose revenues rose by 40 percent. Sony's game business accounts for about 12.6 percent of the group's total revenues, and it has sold 102.5 million Playstations and 96 million PS2 machines to date. "Sony has to launch a new game machine every four, five or six years to maintain the game division's strength," said Koichi Hariya, senior analyst at Mizuho Securities, adding that PS3 is likely to be less profitable than the earlier versions because it is pricier to make and the price will make it less affordable for some consumers. "One of Sony's strengths is that it has an operation like the game business where, at the peak, it can sell 20 million units per year," said Hariya. Xbox 360 Buyers Resell Product on eBay Forget day trading - the best way to make a buck this holiday season may be to flip your Xbox 360. Some people fortunate enough to get their hands on Microsoft Corp.'s new videogame console when it was released Tuesday immediately resold them on eBay, occasionally fetching thousands of dollars for packages that sometimes also included games and other add-ins. The online auction site said about 1,800 Xbox 360s were sold there between midnight and noon Pacific time Tuesday. Retailers across the country had opened their doors at midnight so gaming enthusiasts - and, apparently, entrepreneurial eBay users - could get their hands on the console immediately after it came out. Internet retailer Amazon.com Inc. and the Web sites for Circuit City Stores Inc., Best Buy Co. and Wal-Mart Stores Inc. all listed the consoles as being sold out Tuesday. Best Buy spokesman Jay Musolf said the company also sold out of the consoles at most of its brick-and-mortar stores Tuesday. EBay said the average price for consoles, including those sold with games and other add-ons, was $660. However, the company said some console packages were selling for as much as $2,500, with bidding and sales prices varying widely. The North American retail price for the consoles is $399.99, while a slimmed-down version without a detachable hard drive and wireless controller sells in stores for $299.99. Some retailers were offering packages including games and other add-ons for hundreds of dollars more, however. Hani Durzy, a spokesman for San Jose, Calif.-based eBay Inc., said the company couldn't compare the amount of Xbox 360s being sold, and the premium users were willing to pay, to previous videogame console releases. That's because the company only recently began using technology to track sales in such a detailed way. But in general, he said he wasn't surprised by the frenzy, calling it "par for the course" whenever a hot new electronics item is released in limited numbers. "What you see on eBay is a classic reflection of supply and demand," he said. Microsoft has said it plans to sell 3 million of the new Xbox 360 consoles worldwide within 90 days of its launch. The Redmond company has said it is producing Xboxes as fast as it can, and that there aren't any production problems. Some retailers have said they expect to be able to restock their shelves weekly between now and the holidays, although most won't divulge how many consoles they will get each week for competitive reasons. Still, Microsoft has conceded that an ambitious plan to launch the console worldwide within a few weeks - rather than staggering releases over months and months, as is typical - will mean fewer consoles initially in North America. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson FBI Warns of E-Mail About Surveillance The Federal Bureau of Investigation issued an alert Monday about a scam involving unsolicited e-mails, purportedly sent by the FBI, that tell computer users that their Internet surfing is being monitored by the agency. The users are told they have visited illegal Web sites and are instructed to open an attachment to answer questions. The FBI did not send these e-mails and does not send any other unsolicited e-mails to the public, an agency statement said. As many harmful computer viruses are located in e-mail attachments, the FBI said it strongly encourages computer users not to open attachments from unknown recipients. The FBI is investigating the scam. Recipients of these e-mails are asked to report them by visiting the Internet Crime Complaint Center at http://www.ic3.gov. Spyware Foes Push New Law A Senate committee has approved a bill that would outlaw the practice of remotely installing software that collects a computer users' personal information without consent. In addition to prohibiting spyware, the Software Principles Yielding Better Levels of Consumer Knowledge (SPYBLOCK) Act would also outlaw the installation of adware programs without a computer user's permission. The Senate Commerce, Science and Transportation Committee approved the bill Thursday. SPYBLOCK, sponsored by Senator Conrad Burns, a Montana Republican, would prohibit hackers from remotely taking over a computer and prohibit programs that hijack Web browsers. The bill would protect antispyware software vendors from being sued by companies whose software they block. "I am pleased that a majority of the committee agrees with me that Congress must act to protect the right of consumers to know when potentially dangerous Spyware is being downloaded onto their computers," Burns said in a statement. "As the SPYBLOCK Act moves forward to the Senate floor, I hope we can continue making it a stronger bill by making sure the private sector has all the right tools it needs to successfully slow the spread of malicious spyware." The SPYBLOCK Act now moves to the full Senate for consideration. The House of Representatives passed two antispyware bills in Fall 2004 and again in May, but the Senate has so far failed to act on spyware legislation. The Spyblock Act would allow the Federal Trade Commission and state attorneys general to seek civil penalties against spyware and adware distributors. Nigerian Email Scammers Jailed A court has sentenced two men to a total of 37 years in prison for their part in defrauding a Brazilian bank of $242 million, the biggest scam in Nigerian history, newspapers reported on Saturday. The sentencing of Emmanuel Nwude to 25 years and Nzeribe Okoli to 12 years follows negotiations in which they agreed to plead guilty to 16 of the 91 original charges, and to forfeit assets worth at least $121.5 million to the victims of the scam. A third fraudster, Amaka Anajemba, was sentenced to two and a half years in prison in July after agreeing to return $48.5 million to the Sao Paolo-based Banco Noroeste S.A., which collapsed after the theft. "The activities of the accused persons not only led to the collapse of a bank in a foreign country, but also brought miseries to many innocent people," Justice Joseph Oyewole was reported as saying. The fraudsters obtained the money by promising a member of the bank staff a commission for funding a non-existent contract to build an airport in Nigeria's capital Abuja. Scams have become so successful in Nigeria that anti-sleaze campaigners say swindling is one of the country's main foreign exchange earners after oil, natural gas and cocoa. These are the first major convictions achieved by the Economic and Financial Crimes Commission (EFCC), which was established in 2003 to crack down on Nigeria's thriving networks of email fraudsters. Typically fraudsters send out junk e-mails around the world promising recipients a share in a fortune in return for an advance fee. Those who pay never receive the promised windfall. Ranked the world's sixth most corrupt country, according to an index by Transparency International, Nigeria has given new powers to the EFCC which is prosecuting about 200 fraud and corruption cases. The anti-fraud agency has arrested more than 200 junk mail scam suspects since 2003. It says it has also confiscated property worth $200 million and secured 10 other convictions. Hackers Hitting Popular Apps Cyber criminals are stepping up their efforts to hack popular software applications and network devices, where efforts to close operating system vulnerabilities have had little impact. At a London press conference on Tuesday, the SANS Institute and government representatives from the U.S. and the U.K. plan to release a report on the 20 most critical Internet security vulnerabilities for 2005. The computer security research organization's report reveals that cyber criminals have shifted targets. Over the past five years, most hackers went after operating systems and Internet services like Web servers and E-mail servers. In 2005, they took aim at software applications. The applications under fire span a variety of operating systems. They include enterprise backup software, anti-virus software, PHP applications, database software, peer-to-peer file sharing software, DNS software, media player software, IM software, and Internet browsers. The second major finding of the report is that vulnerabilities in network operating systems such Cisco s Internetwork Operating System (IOS), which powers most of the routers and switches on the Internet, represent a significant threat. "The bottom line is that security has been set back nearly six years in the past 18 months," Alan Paller, director of research for the SANS Institute, wrote in an E-mail. "Six years ago, attackers targeted operating systems and the operating system vendors didn't do automated patching. In the intervening years, automated patching protected everyone from government to grandma. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching." Security experts credit Microsoft's efforts to improve its software with forcing hackers to look for lower hanging fruit. "Part of the reason we're seeing a more of the attacks go against things other than the Windows operating system is that the Windows operating system has gotten better," says John Pescatore, VP and research fellow for information security at market research firm Gartner, Inc. Gerhard Eschelbeck, CTO and VP of engineering of vulnerability management company Qualys, Inc. says some credit goes to Microsoft and some goes to overall improvements in patching behavior. Patching as soon as possible is critical: As Eschelbeck notes in "The Laws of Vulnerabilities," a study released by Qualys in November, 80% of exploits are available within the first 19 days after the disclosure of a critical vulnerability. Patching has its limits, however. Ira Winkler, author of "Spies Among Us" and global security strategist with CSC Consulting, says attacks against vulnerabilities that can be repaired by patching represent less than a third of hacking attacks. "When the Department of Defense did studies on the matter, they found that actually these attacks account for only 30% of hacking," he says. "Attacks against configurations, essentially poor system hardening, account for 70% of successful attacks. And that means that automated patching probably won't help." The vulnerability of backup systems, in particular, puts businesses at great risk because backup software provides one-stop shopping for critical corporate data. As the SANS report points out, "An attacker can leverage these flaws for an enterprise-wide compromise and obtain access to the sensitive backed-up data." And criminals are doing just that: Exploits for many of these vulnerabilities have been publicly posted and are in use today. What's significant about the SANS report, says Pescatore, "is that the most dangerous attacks are the targeted attacks that are going after specific vulnerabilities at specific companies." Mark Richmond, network systems engineer for U.S. District Court, Eastern District of California, says it is widely recognized that cyber crime has been become increasingly professional. "The coordination of attacks over the last few years seems to be increasing," he says. "There are cooperative arrangements between various groups, formal or information, that seem to be facilitating the use of networks and computers for criminal activities." Nonetheless, Richmond feels he has the situation in hand. "As part of the federal government and the judiciary, security is and always has been a very, very important concern, both physical security and data security," he says. "We limit access to our systems beyond the point of inconvenience. We use a private network. We're gated to the Internet in very narrow gates that are very tightly controlled, partly because of security concerns and partly to protect the performance that we need to get out work done." Despite such attention to security, targeted attacks can test even the most security-conscious organizations. In mid-July, the Department of Energy Computer Incident Advisory Capability issued a warning about a rise in targeted attacks. "We are seeing more targeted attacks both within and outside of the DOE," the bulletin says Recent revelations about Titan Rain demonstrate that sometimes targeted attacks are successful. "Titan Rain is the code term that the U.S. government has assigned a series of coordinated attacks against a variety of government and commercial systems that contain, at the very least, sensitive data," explains Winkler. He notes that these attacks - conducted though Chinese Web sites and believed by some U.S. officials to be directed by the Chinese government - have been going on for years, and have been escalating recently. According to Winkler, data on satellite systems, space exploration, and other export controlled technologies have been taken in these attacks. But it's not just companies with advanced technology being targeted. Pretty much any organization with sensitive personal or financial data represents a potential target. Pescatore points to recent reports of credit card identity theft, some of which have involved the installation of a rootkit - the hacking tool that recently got Sony sued - on a specific server in order to harvest databases and send them to criminals. "There's just so much more financially motivated attacking going on," he says. "People are stealing these credit card databases not just to have fun and say, 'Look what I did.' They're stealing them because they can sell the credit card numbers." The success of hacking attacks is having a dramatic impact on consumers. Two recent studies, one by the Pew Internet & American Life Project and the other by Consumer Reports WebWatch, find that over 90% Internet users say they have adjusted their online behavior out of fear of cyber crime. The Consumer Reports WebWatch study indicates that fully a quarter of U.S.-based Internet users have stopped buying things online. Pescatore and others note that fear of online victimization has curtailed the growth of electronic bill presentment and payment, which offer companies significant savings over paper payment processing. Because targeted attacks don't typically get reported - unless required by a law like California Security Breach Information Act - there's a chance tight-lipped companies may staunch the hemorrhage of online shoppers with silence, under the theory that what they don't know won't deter them. But silence also makes it harder for security professionals to make the case for increased investment in security. "[Targeted attacks] don't generate press, so they don t encourage other companies to prepare for them," Pescatore explains. In an e-mail, Howard Schmidt, a noted cyber-security expert and former CSO for both Microsoft and eBay, said the SANS report highlights the utility of hardening the presentation and application layers as a means to reduce cyber security events. "The first stop on the way to fix this is through secure coding and better QA of development processes, penetration testing on compiled code as well as vulnerability testing of integrated deployed applications via Web front ends," he wrote. Pescatore says that companies in general are better prepared to deal with security issues than they were a few years ago. But criminal hackers are better prepared too. "The good news is the termites are no longer eating the bottom floor of your house," he says. "The bad news is they're eating top floor." Sony BMG Sued Under Anti-Spyware Laws Sony BMG Music Entertainment's troubles over anti-piracy technology on music CDs deepened Monday as Texas' attorney general and a California-based digital rights group said they were suing the music company under new state anti-spyware laws. The Texas lawsuit said the so-called XCP technology that Sony BMG had quietly included on more than 50 CD titles leaves computers vulnerable to hackers. Sony BMG had added the technology to restrict to three the number of times a single disc could be copied, but agreed to recall the discs last week after a storm of criticism. The Electronic Frontier Foundation said Sony BMG needs to further publicize the recall and compensate consumers for costs associated with removing the software, an onerous process. It was filing a lawsuit in California Superior Court in Los Angeles. When XCP-enabled discs are loaded into a computer - a necessary step for transferring music to Apple Computer Inc.'s iPods and other portable music players - the CD installs a program that restricts copying and makes it extremely inconvenient to transfer songs into the format used by iPods. Critics say consumers aren't adequately told what the program actually does. Security researchers say XCP is spyware because it secretly transmits details about what music the PC is playing. Manual attempts to remove the software, which works only on Windows PCs, can disable the PC's optical drive. Texas Attorney General Greg Abbott accused Sony BMG of surreptitiously installing spyware because XCP masks files that it installs. This "cloaking" component can leave computers vulnerable to viruses and other security problems, Abbott said, echoing the findings of computer security researchers. "People buy these CDs to listen to music," Abbott said. "What they don't bargain for is the computer invasion that is unleashed by Sony BMG." Sony executives have rejected the description of their technology as spyware. Officials for the New York-based label would not comment Monday, saying the company does not discuss pending litigation. The Texas spyware law allows the state to recover damages of up to $100,000 in damages for each violation. Abbott said there were thousands of violations, and that any money would go to the state. The California law under which the EFF was filing its lawsuit bans collecting personally identifiable information through deceptive means and lets consumers can sue for damages. The EFF also invoked state laws on consumer protection and unfair business practices. Cindy Cohn, the EFF's legal director, said Sony BMG should announce the recall using the same marketing tactics they had used to sell CDs, including advertising and radio promotions. "Just putting a little something up on their Web site I don't think is sufficient," she said. The EFF complaint also covered another anti-piracy technology that Sony BMG has used, MediaMax from SunnComm Technologies Inc., which was introduced first in markets outside the United States. SunnComm was not named in the lawsuit. The EFF said it also would seek better disclosure about both technologies used by Sony BMG and an end to what it considered "outrageous, anti-consumer" licensing terms over which CD buyers have little choice. Sony BMG's Web site offers information on the XCP technology, the CDs that use it and ways consumers can mail them back, postage-free, for a replacement. Sony BMG initially rejected the uproar over XCP as technobabble. But after security experts discovered that XCP opened gaping security holes in users' computers - as did the method Sony BMG offered for removing XCP - Sony BMG agreed last week to recall the discs. Some 4.7 million had been made and 2.1 million sold. CDs that had XCP included releases by Van Zant, The Bad Plus, Neil Diamond and Celine Dion. Browser Makers Agree to Standards Developers of four of the most widely used Internet browsers have agreed to make a number of changes to their products to make Web browsing a more secure and trustworthy experience. Among the changes, which were informally agreed to during a recent meeting, are plans to create a new way of informing Web surfers that they are visiting a trusted Web site and major changes to the look of pop-up Windows. Developers representing the Internet Explorer, Firefox, Opera, and the Konqueror browsers had been discussing ways to combat phishing and improve security in their products for about eight months, but they agreed to the new ideas during a meeting in Toronto on November 17, according to George Staikos, president of Staikos Computing Services, and a Konqueror developer. The most noticeable change will be in the way that certain high-profile Web sites are displayed. Developers would like to make the browser's address bar turn green when browsers are visiting popular Web sites like eBay.com or Paypal.com, much in the same way that the Firefox address bar goes yellow and displays a padlock when visiting a secure Web site. The green address bar will contrast with the red address bar that Internet Explorer 7's Phishing Filter will display on known and suspected phishing sites. To make this happen, developers would introduce a new, and as yet undetermined, more rigorous way of creating digital certificates. Digital certificates are a kind of electronic identification card used by Web sites to prove that they are, in fact, who they claim to be. They are issued by "certification authority" companies, including Verisign and EnTrust. Developers at the Toronto meeting agreed to create a way of making a new type of "high assurance" certificates, said Staikos. "We want to create a stronger identity mechanism for sites that require a stronger identity," he said. "We need to be able to tell the users, 'Yes, you're actually at your bank,' as opposed to, 'You're at a site that looks like it might be your bank and you're using encryption.'" Current digital certificates are supposed to reassure users, but that trust is undermined by the fact that these certificates can be fraudulently obtained, Staikos said. "There have been organizations in the past that have abused the system," he said. "It's not widespread yet, but we know it's not hard to abuse." Developers from the Mozilla Foundation, which develops Firefox, and from Microsoft also endorsed the concept. "This is pretty much a theoretical idea at this point, but something that would be interesting from a browser point of view," wrote Mozilla developer Frank Hecker, in an e-mail interview. "We want to take the experience in the address bar a step further and help create a positive experience for rigorously identified HTTPS (HyperText Transport Protocol Secure) sites," wrote Microsoft developer Rob Franco in a post to Microsoft's Internet Explorer blog. Franco has also posted examples of how these Web sites might appear in the upcoming IE7 browser. In addition to the green background, IE would show the name of the company being visited along with the name of the certificate authority that vouched for the Web site, Franco wrote. Developers in Toronto also agreed to improve browser security by no longer allowing pop-up windows to be displayed without an address bar or a status bar. This will make it harder to mistake them for other types of Windows messages, Staikos said. "You'll always know that a window belongs to a Web browser," he said. Internet Explorer will adopt this practice in IE7 and, like Firefox, it will show a lock icon in the address bar when it is viewing secure Web sites, Franco wrote. There is much work to be done before the new types of certificates will be broadly adopted, but with the idea approved, at least in concept, by the browser makers, Staikos was confident that it would also be picked up as a profitable new product for certificate authorities. "If we provide a facility for this, I think it would be downright silly for companies not to jump in and start issuing these things," he said. But it's still going to be awhile before IE or Firefox users are seeing green, he said. "I would not be surprised if it takes at least a year and a half." Microsoft Seeks to Standardize Office Format Microsoft Corp. is seeking to standardize the document format used for its popular Office products, partly in response to concerns that documents stored using its proprietary technology may be difficult to access in years to come. The company's proposal to Ecma International, a Geneva-based industry group that develops and publishes technical standards, would make Microsoft Office Open XML an international standard. Alan Yates, general manager of information worker strategy at Microsoft, said the company would then provide a simple, free license to anyone who wants it, making it easy for others - including possibly rival companies - to build products and other ways to access the information. The move comes as companies and governments are growing more concerned that electronic information will be hard to access if intellectual property concerns, compatibility problems or other issues come up years from now. A document stored today, for instance, might not be readable at all 10 or 15 years from now if Microsoft decides to change its formats and computers no longer exist to run today's versions of Microsoft products. Publishing the standards leaves open the possibility that someone else would develop programs then to run today's formats. "It gives them the confidence that there is a foundation for documents that is not controlled by just one company but is a real consensus within the industry," Yates said. It's a similar strategy taken by Adobe Systems Inc. and its widely used PDF format. Adobe publishes details about its format so anyone else can create compatible programs. In Massachusetts, Gov. Mitt Romney's administration has directed state executive offices to begin storing new records by Jan. 1, 2007, in an open, proprietary-free format called OpenDocument, in response to such concerns. That's been widely seen as a blow to Microsoft, whose Office line of word processing, spreadsheet and other business applications dominates the market. Yates said the company is hoping to hear from the standards body in nine to 18 months. The proposal is backed by companies including Apple Computer Inc., Intel Corp. and Barclays Capital, the investment banking division of Barclays Bank PLC. Kazaa Given Deadline An Australian court has given file-sharing network Kazaa until December 5 to either filter copyrighted music from its system or shut down, music industry officials said on Thursday. The imposition of the deadline follows a ruling in September by the judge in Sydney that Kazaa users were breaching copyright and that the network's owners had to modify the software. Other global peer-to-peer (P2P) services, which distribute data between users instead of relying on a central server, also have come under fire from courts in recent months. Kazaa's operators, Sharman Networks, had appealed the judgment. But according to music industry trade group IFPI, the Australian court said that to avoid complete shutdown Kazaa must, as a first step, put in place a keyword filter system within 10 days. Sharman Networks had said it could not control the actions of an estimated 100 million users. "It's time for services like Kazaa to move on - to filter, go legal or make way for others who are trying to build a digital music business the correct and legal way," IFPI Chairman John Kennedy said in a statement. A growing number of legal online music services such as Apple Computer Inc.'s iTunes, Napster and RealNetworks Inc.'s Rhapsody have grown in popularity over the past year as a new generation of P2P services like Mashboxx hope to offer the advantages of file-sharing without infringing on copyright. Kazaa Injunction Stayed Sharman Networks, the operator of file-sharing network Kazaa, on Friday said an Austrailian court has extended until late February a stay of an injunction barring it from distributing copyrighted recordings. Sharman said the extended stay is conditional on the company's modifying its software to filter out copyrighted music from the peer-to-peer file-sharing network. Peer-to-peer networks let users share files rather than relying on a centralized server. In recent years, such networks have been a hotbed of pirated entertainment and software. Browser Makers Band Together Against Phishers Representatives from the most prominent browser makers - including Microsoft and Mozilla - recently gathered to discuss ways to make it clearer to users which Web sites are safe and which are fake. Developers speaking for Internet Explorer, Firefox, Opera, and Konqueror met in Toronto last week to hash over ideas on how their browsers could better identify trusted and suspicious Web sites. Additionally, they talked about changes to browser pop-ups that would make it more difficult for scammers to spoof sites or trick users into divulging personal information such as bank or credit card account numbers and passwords. "This should go a long way toward addressing phishing attack issues," said George Staikos, a developer for the open-source Linux/Unix KDE graphical environment, and the host of the browser meeting in his Toronto office. Rob Franco, lead program manager for IE's security group, represented Microsoft, and explained his team's take in a blog entry on the official IE site. "If the browsers and the Certification Authority industry can generate better guidelines to identify sites, we want to take the experience in the address bar a step further to help create a positive experience for rigorously-identified HTTPS sites," Franco wrote. The basic plan would be for all browsers to tint the address bar green when users visit major-brand sites with a "highly-assured" digital certificate. Suspicious sites that might be sources of phishing scams would be indicated by a red address bar. A padlock icon would be also be set in the address bar, where it's more visible, when users are at an SSL-secured page. "We want to show the users a special display to indicate they're in fact at a reputable site, as opposed to one which is only masquerading as one, said Staikos. The move couldn't come too soon, as phishers have already used self-signed certificates to fool users into trusting fraudulent sites. Additionally, the plan would put an address bar in every browser window, even those popped up or under as forms, to defeat fraudsters' camouflaging tricks. Such tactics are common; the old-but-still-effective bogus security alert is perhaps the best-known example. These pop-ups resemble dialog boxes - as if the operating system had cranked them out - but are in fact browser windows stripped of an address bar. "A missing address bar creates a chance for a fraudster to forge an address of their own," noted Franco. "This will prevent sites from mimicking a local application window or make it look like a security dialog box," added Staikos. "By forcing the address and status bar to appear on every window, it will be very clear that this is still in a browser window, and so connected to the network." Some browsers already include elements of the plan. Firefox and the open-source Konqueror, for example, put the padlock icon in the address bar, while the under-development Internet Explorer 7 uses the green/red combination in its integrated anti-phishing filter. The browser builders and certificate issuing companies have yet to come up with a new way of creating more rigorously-checked certificates, but Staikos was confident it will happen. "All parties recognize that there are issues with current certificates, and over the past eight months, we've had numerous discussions. The major signing authorities know this is an open issue, and they'll come to some sort of agreement." No promises were made at the meeting that all four browser makers will adopt the ideas, in part because representatives of the open-source Firefox and Konqueror can only pass on recommendations to their developers. "That's one of the problems with open source, we don't have someone who pulls all the strings," Staikos said. "All we can do is bring recommendations. "But I think it's extremely likely, say 99.9 percent, that Konqueror goes this way," he added. "And I think Firefox will, too." Frank Hecker, one of the two Firefox developers who attended the meeting, backed up Staikos. "I haven't made any commitments on behalf of the Mozilla project, nor do I have the power to do so," Hecker wrote on his blog. "I can only make suggestions. Final decisions on the user interface for Firefox, Thunderbird, etc., are up to the development teams for those products." New Web Mail: More Polished, Powerful Drag-and-drop functionality makes it easy to quickly organize messages in the Yahoo Mail beta and other Ajax-based e-mail apps.Microsoft and Yahoo are poised to make Web-based e-mail more powerful than ever with updates that bring a desktop-style interface to their respective Web mail offerings. We tested betas (currently invitation-only) of Windows Live Mail and Yahoo Mail, and also looked at an open-source newcomer called Zimbra. All three apps use an increasingly popular programming technique called Ajax (Asynchronous JavaScript and XML) to improve on standard Web mail and even Google's Gmail. As Ajax applications, the mail clients we tested can preload information and update their displays on the fly. So when you open up an e-mail message, you'll see it immediately, rather than having to wait for it to download. And when you delete a message, the application can update instantly, even though the delete request is still being processed in the background. Yahoo Mail offers desktop-like features such as a full complement of familiar hot-keys and the ability to use the and keys to select multiple messages. Although it's only a beta, the application is graceful, powerful, and nuanced. Its three-pane layout mirrors that of desktop apps such as Microsoft's Outlook Express and Mozilla's Thunderbird. Yahoo Mail also mimics the handy tab feature included in many Web browsers, allowing you to open multiple messages in a single window and switch between them without loading a new page. Thanks to some intricate coding, you can quickly delve deep into your inbox, using the familiar scroll bar or the key. Yahoo Mail's search shines, reaching into attachments as well as e-mail messages, and showing the document snippet where the search term was found. Yahoo Mail also interacts logically with your browser's back button - often a trouble spot for Ajax apps that continually update one "page" in the browser. In contrast, Gmail disables the back button, while Zimbra warns you that using it will log you out. Microsoft's Windows Live Mail works just like Outlook in your browser, right down to the keyboard shortcuts and right-click menus.If you're not familiar with desktop mail apps, Microsoft's Windows Live Mail, which feels more like a tweak to Hotmail than a total rethinking of Web mail, may be a better fit. Like Yahoo Mail, Live Mail lets you drag and drop messages, and right-click to print, forward, and answer messages without opening them first. Live Mail puts its weight on tools that let users add emoticons and formatting to e-mail, and it also integrates powerful calendar, antispam, and antiphishing functions. The Live Mail service we tested, which Microsoft emphasizes is still a very early beta, uses a three-column layout similar to Microsoft Outlook's. A scrollable inbox, on-the-fly spelling checking, and enhanced right-click menus are on tap for the next beta. The beta of Zimbra's open-source offering was rougher around the edges, marred by small, cryptic interface icons and some bugs in the version we tested. But its search and virus protection are good, and Zimbra sports some nifty calendar integration - users can mouse over dates in e-mail to see what activities they have scheduled that day. But Zimbra's real strength is as a full-fledged communication server, allowing a company to integrate its databases so users can, say, jump from a message with an order number to the order database itself. Zimbra doesn't offer individual accounts, but broadband providers such as Speakeasy are looking at using it to replace their current Web mail offerings. Zimbra is available to enterprises right now, and Yahoo and Microsoft each hope to introduce their new interface to their millions of users in the first half of 2006. Firm Wants to Rid Net of Suffixes A Dutch technology company has breathed life into a project to rid the Internet of suffixes such as .com, and instead offer single names which can be countries, company names or fantasy words. Such a system, which enables countries, individuals and firms to have a Web address which consists of a single name, offers flexibility and is language and character independent. "The plan is to offer names in any character set," said Erik Seeboldt, managing director of Amsterdam-based UnifiedRoot. UnifiedRoot offers practically unlimited numbers of suffixes, unlike the short list of suffixes currently in use. Its offer is different from other "alternative root" providers such as New.net which offers to register names in front of a small range of new suffixes, such as .club and .law. "We've already had thousands of registrations in a single day," said Seeboldt after the official opening of his 100-strong company which has installed 13 Internet domain name system (DNS) root servers on four continents. Dutch airport Schiphol is one of the early customers. Registering a name costs $1,000 plus an annual fee of $240. Companies can then invent additional Web site addresses in front of their top-level domain (TLD) name, such as flights.schiphol or parking.schiphol. Critics argue alternative root companies such as UnifiedRoot introduce ambiguity because they bring a new set of traffic rules to the Web which are, certainly in the beginning, only recognized by a limited number of computers around the world. "Those who claim to be able to add new 'suffixes' or 'TLDs' are generally pirates or con-men with something to sell," said Paul Vixie, who sits in several committees of the California-based Internet Corporation for Assigned Names and Numbers (ICANN) with day-to-day control of the Web, on his CircleID blog. Others are more welcoming. "The existence of alternate roots, and the possibility of new ones, provides a useful competitive check on ICANN," said Jon Weinberg, a member of ICANNwatch which keeps a critical eye on ICANN. ICANN is overseen by the U.S. Department of Commerce and operates the root servers of the Internet which guide all Web traffic. The organization also determines which top-level domains are recognized by those root servers. At the United Nations World Summit on the Information Society earlier this month, many countries said they wanted to take part in the governance of ICANN. But the United States would not give up control. UnifiedRoot plans to take advantage of unhappiness about ICANN by offering geographic locations for free to countries, regions and cities. If alternative root companies want their TLDs recognized by computers around the world, they need to circumvent ICANN by pointing every single Internet computer around the world to their own root servers - which contain a copy of ICANN's root server plus the addition of own-made TLDs. A quicker way to change the settings in individual computers is by closing deals with Internet Service Providers (ISPs) which can change the settings for all their subscribers. UnifiedRoot has already clinched deals with most ISPs in Turkey. ISP Tiscali is also a UnifiedRoot client. To avoid conflicts between TLDs from UnifiedRoot and ICANN, the Dutch company will not register existing ICANN TLDs. UnifiedRoot took over from a Dutch company called UNIDT which launched the initial plan for TLDs last year, but which relied on a network of root servers controlled by individuals. This made the network vulnerable to manipulation or even criminal attack directing Internet surfers to fake Web sites. "The network has not been abused, but this was a mistake," said Marty van Veluw, the founder and manager of UNIDT who sold his client base and some other assets to UnifiedRoot. "UnifiedRoot has understood that the network needs to be 100 percent reliable, and they put a new one in place," he said. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.