Volume 9, Issue 24 Atari Online News, Etc. June 15, 2007 Published and Copyright (c) 1999 - 2007 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: Stephen Moss To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #0924 06/15/07 ~ Web Security Research! ~ People Are Talking! ~ Safari for Windows! ~ Fight Over Buy It Now! ~ Fantasy League Is Sued ~ AOL Spammer Pleas! ~ JagFest UK New Dates! ~ "Image Spam" Slips In! ~ InkJet Printer Ink! ~ eBay Wants Stores Back ~ NATO Calls for Urgency ~ Sony Apologizes! -* Watchdog Says Google Snoops! *- -* DDOS Knocks Antispam Sites Offline *- -* FBI Pulls Plug On Several Botnet Hackers! *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" Wow, what a dreary week this was! Cold and damp, with a few thunderstorms mixed in for good measure! Definitely not ideal weather for working out on a golf course! Joe stole my thunder (no pun intended, see above) this week. I've been at a loss for words for awhile now. I'd love to discuss or write about some Atari topics, but just about everything that I'm conversant about has been talked about to death. Any ideas from you, the readers? You do realize that Joe and I are the primary contributors to A-ONE each week, don't you? Heck, most weeks we're the only contributors! We've been at this business for over 9 years with A-ONE, and many prior to that with other Atari print media. There's only so much our aging minds can come up with week after week. We've got a lot of experiences to share, and have shared quite a bit over the years. So, let's hear from you. Topics you'd like us to consider, an article or so about some of your more memorable Atari experiences. Some favorite software, some mods, your favorite machine, online experiences, Atari show or dealer - whatever! You don't have to write a book, and I/we'll edit it for you! Drop either Joe or I a line with your ideas - I guarantee you that we'll read it, and likely publish it. Otherwise, I just know that Joe will develop a Paris Hilton fetish and report on it weekly! Until next time... =~=~=~= PEOPLE ARE TALKING compiled by Joe Mirando joe@atarinews.org Hidi ho friends and neighbors. Mark today down on the calender, because I'm out of ideas about what to say in this part of the column. How often have you known THAT to happen? Yeah, that's what I thought. [Grin] Well, Paris Sheraton and Lizzy Lowman and all those other pseudo-celebs who've been in the news seem to have taken a bit of a break this week. Besides the in-and-out decisions on Paris's confinement, there really hasn't been much news about these gadflys. It kind of ticks me off that, even while there's a major problem on board the International Space Station, the news shows insist on plying us with all kinds of info on Paris and Lindsay and Brittany and their latest antics. Are we that far gone? Now, I admire the female form as much as any man alive, and even I no longer care about seeing Brittany doing a 'bottoms-up' while getting into her vehicle. By now, I'm positive that she's got a butt, that it's been seen by more than a few, and possibly even that it's in the top few percentile of all butts in the country (depending on how you grade these things)... but I no longer care. That problem I mentioned earlier aboard the ISS is a rather interesting situation. It seems that two majorly important computers have decided to fritz out at the same time. Even more strangely, the problems occurred almost immediately after the new solar arrays began supplying power to the station. Now, I'm no rocket scientist, but d'you think the two things might be related? These two computers control the attitude and altitude of the space station, so they're really rather important. The station must be almost continually repositioned so that the solar panels are able to get the most sunlight possible, and its altitude must occasionally be adjusted due to the drag produced by various factors. Right now, the shuttle Atlantis is doing the bull-work. But if they don't figure out what the problem is, the whole shootin'-match could be in trouble. Maybe they should just send up a couple of 1040 STs to do the job, huh? Well, let's get to the news, hints, tips and info from the UseNet. From the comp.sys.atari.st NewsGroup ==================================== Dan at Brava Sierra Computers asks for help finding Ultimate Virus Killer: "I need to find the latest version of UVK2000! Please don't refer me to a search engine. I need contact info to find the author and get the latest version. I may even register it. I'd like his E-Mail, Web Address, Mailing Address & even phone number." 'ggnkua' tells Ben: "Sooooooo, you never saw http://www.uvk2000.com/ ?" A while back, Rob Mahlert of Atari-Users.Net posted this: "I added a new section to Atari-Users.Net today. It's a google map for Atari-Users, aka a frapper map. The map interface requires a modern browser (I think it's Javascript based) Log on and add your self to our Atari Map! While logged in, zoom in on your location then select the "add" button on the right side. The direct link is: http://www.atari-users.net/index.php?module=Atari-Users%20Map Or visit www.atari-users.net and select the "Atari-Users Map" in the Menu." Now, a month or so later, Rob posts: "Only 12 so far?? I know we have more than 12 Atari users in the world." Bernd Mueller tells Rob: "I think, they have the same prob like i have. After creating a new account I get this message: >>> You are not authorized to carry out this operation <<< and that's it!" Ronald Hall adds his experience: "Ditto here." Rob replies: "This is the first I'm an hearing about this. Can you guys give me more details? Is it after you log on with the new account?" Bernd tells Rob: "Direct after editing the username, the e-mail address and pressing the 'new user' button." Rob says: "From working with Bernd, This is when signing up for an account. The error means an account already exist with the e-mail or username. Why postnuke doesn't just tell you this.. I don't know. If anyone else has issues, please let me know." 'Fried Man' posts this link: "Check out this link, comparing a Mac plus to a modern computer. Did the Mac Plus use the same CPU as the Atari? http://tinyurl.com/2hxfjd (URL compressed by author) Rick Cortese replies: "Yes at a slightly slower clock speed. Downside of the Atari was the OS was written in C which slowed down execution a bit. If you really want to get disappointed in modern MS OS, you can probably check out some Dr. Dobb's Journal from the late 80s. One column that was interesting was ~Inside Windows where they pointed out many flaws and unscrupulous behavior by MS. The rumor was the programmers at MS had the saying "Windows isn't done until 123 won't run" in order to make excel the best selling spreadsheet. Likewise they were in a battle to dominate word processing software. The net result was collusion between the OS and application programmers at MS that eventually got them in trouble with the FTC. The OS programmers would provide the application programmers with illegal jump/locations in the OS so the applications would win benchmark tests. If someone else used the illegal vectors, MS made sure the next version of the OS would break their application. You ended up with a bloated OS that had to carry forward illegal vectors for their application compatibility and code to insure other applications didn't run. That's a lot to ask an OS so you can't really expect it to be fast or efficient too." Everyone's favorite techie, Alyson, adds: "I'm running Windows 98SE on an AMD XP2600+ and it puts XP/Vista to shame. "Load of rubbish, run Vista" they all say. Comparatively speaking, today's computers are not hugely faster at all. Almost all of the advancements are soaked up by a must-cater-for-all bloatware O/S. In my mind; Windows98SE was the last one they got right. None of this matters anyway as I code in RISC assembler for microcontrollers with a whopping 128-bytes of RAM. They run off of a watch battery too. The Atari ST today is still perfectly usable. If anything it's a lot more stable. Like, how often does your ST crash randomly?" Well folks, that's it for this time around. Tune in again next week, same time, same station, and be ready to listen to what they are saying when... PEOPLE ARE TALKING =~=~=~= ->In This Week's Gaming Section - Church of England: Sony Game Sick! """"""""""""""""""""""""""""" Online Fantasy League Sued! JagFest UK - New Dates! And more! =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" Church of England Calls Sony Game 'Sick' The Church of England accused Sony Corp. on Saturday of using an English cathedral as the backdrop to a violent computer game and said it should be withdrawn from shop shelves. The church said Sony did not ask for permission to use Manchester cathedral and demanded an apology. The popular new PlayStation 3 game, "Resistance: Fall of Man," shows a virtual shootout between rival gunmen with hundreds of people killed inside the cathedral. Church officials described Sony's alleged use of the building as "sick" and sacrilegious. A spokesman for the Church of England said a letter will be sent to Sony on Monday. If the church's request for an apology and withdrawal of the game is not met, the church will consider legal action, the spokesman said. Sony spokeswoman Amy Lake told The Associated Press on Saturday that the company's PlayStation division was looking into the matter and would release a statement later. But David Wilson, a Sony spokesman, told The London Times: "It is game-created footage, it is not video or photography. It is entertainment, like Doctor Who or any other science fiction. It is not based on reality at all. Throughout the whole process we have sought permission where necessary." The Very Rev. Rogers Govender, the dean of Manchester Cathedral, said: "This is an important issue. For many young people these games offer a different sort of reality and seeing guns in Manchester cathedral is not the sort of connection we want to make. "Every year we invite hundreds of teenagers to come and see the cathedral and it is a shame to have Sony undermining our work." The bishop of Manchester, the Rt. Rev. Nigel McCulloch, said: "It is well known that Manchester has a gun crime problem. For a global manufacturer to recreate one of our great cathedrals with photorealistic quality and then encourage people to have gun battles in the building is beyond belief and highly irresponsible." During the game, players are asked to assume the role of an army sergeant and win a battle in the interior of a cathedral. MLB Takes Fantasy League To Court Attorneys representing Major League Baseball argued Thursday that online fantasy baseball companies cannot operate without paying license fees to MLB to compensate players for the use of their names. A panel of three judges at the 8th U.S. Circuit Court of Appeals seemed skeptical that MLB could take financial control of a game that uses publicly available statistics and widely known names of players. "MLB is like a public religion. Everyone knows (the players') names and what they look like," said U.S. Judge Morris Arnold. "This is just part of being an American, isn't it?" MLB's lawyer Virginia Seitz said online fantasy games exploit players by effectively turning them into game pieces and using their names to draw more customers. "There's no way of escaping the fact that players' names are on the product," Seitz said. Major League Baseball is appealing a lower court judgment last year that ruled St. Louis-based CBC Distribution and Marketing Inc. does not have to pay licensing fees for MLB players' names and statistics as fodder for online fantasy league games. The fantasy league industry generates more than $1.5 billion annually from millions of players. Big media companies like Yahoo, ESPN and CBS pay MLB millions in annual fees to operate online fantasy leagues. Players make fake teams comprised of real MLB players. Over the course of a season, fantasy league players crunch statistics to judge how well the players of their fake team are performing. If MLB wins its suit against CBC, it would effectively give the league monopoly rights over publicly available statistics and other information that is used as fodder for fantasy leagues across the country, said CBC's attorney Rudy Telscher. "If we lose this case, hundreds of companies go out of business," Telscher said. A key issue in Thursday's arguments was the publicity rights of MLB players. Seitz argued that fantasy leagues are similar to a company that steals a player's image to sell coffee cups or posters. Without using the players' names, fantasy leagues would be an unprofitable game of statistics crunching, she said. "There is much less interest in predicting the crime rates of major American cities," she said. Telscher said fantasy leagues were not unlike newspapers, which use sports players' names in their pages to draw readers. He said customers paid to use CBC's Web site because it automatically process statistics for them, so the company essentially conveys public information. "There's not any affidavit from players who say they feel like they have been damaged" by fantasy leagues, Telscher said. The judges adjourned by saying they would consider the arguments before ruling. Sony: Sorry for Cathedral Shootout Game Sony Corp. apologized Friday to the Church of England for a violent computer game that features a bloody shootout inside an Anglican cathedral. The church had demanded withdrawal of the game "Resistance: Fall of Man," which includes a gun battle between an American soldier and aliens inside a building that resembles Manchester Cathedral in northwest England. The cathedral's dean, the Very Rev. Rogers Govender, said he had received a letter from Sony. "It was not our intention to cause offense by using a representation of Manchester Cathedral in chapter eight of the work," the letter said. "If we have done so, we sincerely apologize." A Sony spokesman confirmed the letter was genuine and said it included the offer of a meeting between Sony representatives and church officials. Govender said the cathedral would accept the offer. He thanked Sony for the apology, but underlined the church's opposition to violence, "and especially the gun violence seen in this portrayal of the cathedral." He said the church wanted to discuss its outstanding demands, which include withdrawal of the game and a donation to the church's education department, which works to fight gun violence in Manchester. Earlier this week, the church called for Japanese citizens to join in a campaign against the game, which was manufactured for Sony's new PlayStation 3 console. "For a global manufacturer to recreate the interior of any religious building such as a mosque, synagogue, or in this case, a cathedral, with photo realistic quality and then encourage people to have gun battles in the building is beyond belief and in our view highly irresponsible," Govender said Wednesday. Prime Minister Tony Blair told lawmakers that companies like Sony should focus on their wider social responsibilities and not just profit. The church was particularly concerned because Manchester has a history of gang-related gun violence. In its letter, Sony said it did not accept "that there is any connection between contemporary issues in 21st century Manchester and the work of science fiction in which a fictitious 1950s Britain is under attack by aliens." "We believe a comprehensive viewing of the work will make its content and context clear," Sony said, adding that "Resistance: Fall of Man" has sold more than 2 million units around the world. =~=~=~= ->A-ONE Gaming Online - Online Users Growl & Purr! """"""""""""""""""" JagFest UK - New Dates For those who are interested the revised dates for JagFest UK 2007 ( http://www.jagfest.org/uk/JFK2007/index.shtml ) is the 6th and 7th of October. Stephen Moss =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson Google Snoops, Watchdog Says When it comes to protecting the privacy of its users, Google ranks worse than any other Internet company, according to an interim report by Privacy International. The international watchdog group also accused Google of engaging in a smear campaign in response to its findings, and demanded an apology. Privacy International's findings, based on six months of research, placed Google at the bottom of 23 Internet companies examined by the group. Google was the only company to earn the bottom ranking, for "comprehensive consumer surveillance and entrenched hostility to privacy." Other companies, including Microsoft and Yahoo, rated slightly better than Google. Microsoft was given a rating of four out of six, for "serious lapses in privacy practices." Yahoo was given a ranking of five of six, one better than Google, for "substantial and comprehensive privacy threats." "We are aware that the decision to place Google at the bottom of the ranking is likely to be controversial, but throughout our research we have found numerous deficiencies and hostilities in Google's approach to privacy that go well beyond those of other organizations," Privacy International said. In particular, the group cited the large amount of data that Google collects about its users and lack of privacy controls. "Google's increasing ability to deep-drill into the minutiae of a user's life and lifestyle choices must in our view be coupled with well defined and mature user controls and an equally mature privacy outlook," Privacy International said. "Neither of these elements has been demonstrated." Privacy International plans to issue a final report in September. Google executives were not immediately available to comment on the report's findings. But an open letter to Google CEO Eric Schmidt from Privacy International Director Simon Davies accused the company of engaging in a smear campaign in response to the group's findings. "Two European journalists have independently told us that Google representatives have contacted them with the claim that 'Privacy International has a conflict of interest regarding Microsoft.' I presume this was motivated because Microsoft scored an overall better result than Google in the rankings," Davies wrote. Google allegedly claimed a conflict of interest exist because one of 70 people on Privacy International's board of advisors is a current Microsoft employee. Davies rejected the charge and listed five critical actions the group has taken against Microsoft, including support for the European Commission's investigation into Microsoft. "Can I be so bold as to suggest that your company's actions stem from sour grapes that you achieved the lowest ranking amongst the Internet giants?" Davies wrote, demanding an apology from Schmidt. This isn't the first time that Privacy International has raised privacy concerns about Google. In 2004, the group filed a privacy complaint over Google's Gmail service with regulators in France, Germany, the Netherlands, Greece, Italy, Spain, the Czech Republic, Belgium, Denmark, Sweden, Ireland, Portugal, Poland, Austria, Australia and Canada, as well as with the European Commission To date, Google has rejected concerns over the information it gathers and stores about users. Speaking recently in South Korea, Schmidt dismissed privacy concerns over the data collected by the company, saying users worried about privacy can always choose not to use the company's services. He also said Google deletes information about users after a certain period of time, but did not say how long that period is. Privacy concerns about Google have also been raised over the company's acquisition of DoubleClick, sparking an investigation by the U.S. Fair Trade Commission. That investigation is ongoing. While Google has taken flack from critics for its privacy policies, the company has acted to protect users in at least one case: in January 2006, Google was the only company to resist a U.S. Department of Justice subpoena for a random sampling of 1 million Web addresses that users searched for. AOL, Microsoft, and Yahoo did not fight the DOJ's request, which did not seek information that would have identified the users who made the search requests contained in the sample. Ultimately, Google shared a smaller amount of data with the DOJ. DDOS Knocks Antispam Sites Offline Several antispam organizations have been targeted by an attempt to knock them offline, according to the SANS Institute. SANS' Internet Storm Center (ISC) said a "pretty big" distributed denial of service (DDOS) offensive had targeted several high-profile organizations, including Spamhaus, SURBL (Spam URI Realtime Blocklists) and URIBL (Realtime URI Blacklist). Rules Emporium, a site hosting rules for the open source SpamAssassin antispam program, was also offline, and may have been targeted as well, according to ISC handler Bojan Zdrnja. As of Monday, Rules Emporium and URIBL were still not reachable, while Spamhaus and SURBL appeared to have recovered. "It looks like some antispam groups managed to get the attack(s) under control, let's hope the things will stay that way," Zdrnja wrote. Denial of service attacks are a routine risk for antispam groups, but the current attack is similar to those carried out against Blue Security just over a year ago using botnets controlled by the Storm malware, according to SANS. The attacks caused Blue Security to exit the antispam business. The ISC's Zdrnja suggested that such attacks may be a good sign for the effectiveness of antispam tools. "Spammers seem to be desperate when they launch DDOS attacks, otherwise they would just keep sending spam, instead of using their resources this way," he wrote. AOL Spammer Pleads Guilty Adam Vitale pled guilty Monday to sending unsolicited e-mail to 1.2 million AOL LLC subscribers, U.S. Attorney for the Southern District of New York Michael J. Garcia said. Vitale and co-defendant Todd Moeller, were in contact with a government confidential informant via instant messaging, and agreed to send spam advertisements for a product in exchange for half of the profits, Garcia said in a statement. The pair then sent about 1.2 million unsolicited e-mails to AOL users between August 17 and August 23, 2005. They changed the headers on the e-mails and used various computers to conceal the source of the spam. Vitale, 26, resides in Brooklyn. Sentencing is scheduled for September 13 before U.S. District Judge Denny Chin, who presided over the criminal case, in Manhattan. He faces a maximum sentence of 11 years in prison and a fine of US$250,000 or double the maximum gain or loss resulting from the offense. Moeller, a New Jersey resident, will stand trial for the same charges. FBI Pulls Plug On Several Botnet Hackers More than 1 million computers - possibly yours, too - are used by hackers as remote-controlled robots to crash online systems, accept spam and steal users' personal information, the FBI said Wednesday. The government has no way to track down all the computers, both in the U.S. and elsewhere, that hackers have massed into centrally controlled collections known as botnets. But the FBI has pulled the plug on several botnet hackers, or zombies. One man was charged this week in a scheme that froze computer systems at Chicago-area hospitals in 2006 and delayed medical services. What was viewed seven years ago as a kind of prank to boot people off-line has evolved into schemes to defraud people by stealing credit card and Social Security data, by crashing retail Web sites and through "pump-and-dump" online stock deals. In those stock cases, hackers break into online trading accounts to buy and sell stocks, pumping up the price of those they can liquidate and then dumping them. FBI Deputy Assistant Director Shawn Henry said in an interview Wednesday, "There will likely be spam sent on the heels of this case," people portraying themselves to be from the FBI or saying, 'We're investigating the big botnet case that you heard about and we need to check your computer. Provide us this information.' "Bad guys will continue to use whatever tools are available on the vulnerable, on people who are unaware or unsuspecting," Henry said. Hackers create botnets by scanning the Internet for vulnerable computers, which are then infected and instructed to join the botnet. Because the hacker has complete control of each "bot" computer, the botnet can be used to launch denial-of-service attacks, send spam e-mail, steal account login information or run any program. Recent busts of botnet hackers, as part of the FBI's "Operation Bot Roast" sting, include: * James C. Brewer, of Arlington, Texas. He was indicted Tuesday on charges of infecting more than 10,000 computers globally, including two Chicago-area hospitals operated by the Bureau of Health Services in Cook County, Ill. The computers at the two hospitals were linked to the health care bureau's mainframe system. They repeatedly froze or rebooted from October to December last year, resulting in delayed medical services, according to the indictment. Brewer was released on a $4,500 bond, court records show. * Robert Alan Soloway of Seattle. When he was arrested last month, he was described as one of the world's top spammers for allegedly using botnets to send out millions upon millions of junk e-mails since 2003. Soloway continued his activities even after Microsoft won a $7 million civil judgment against him in 2005 and after Robert Brauer, the operator of a small Internet service provider in western Oklahoma, won a $10 million judgment. Soloway has pleaded not guilty to all charges in a 35-count indictment. * Jason Michael Downey, of Covington, Ky. He was accused in Detroit last month of flooding his botnet-linked computers with spam for an 11-week period in 2004 and causing up to $20,000 in unspecified losses, according to court records. The FBI's Henry said agents are investigating thousands of cyberfraud and computer intrusion cases, although it is not clear how many might be linked to botnets. He said people should have their computers checked regularly for evidence of botnet infection, including using antivirus software or security firewalls. "People have their cars inspected once a year to make sure they're safe," Henry said. "You've got to do the same types of things with your computers." 'Image Spam' Slips into Inbox Spammers have begun using come-ons such as stock-pushing images as e-mail stationery backgrounds to evade antispam technology and shovel their unwanted messages into your inbox. One antispam vendor has spotted the technique in its early stages, but expects we'll see more of it. In a sample e-mail, the subject read 'GED' and the simple message was "I truly believe you guys would outsell the world if only guys could get their hands on your product." But that pointless text was essentially illegible against a tiled background that contained the real message: a typical pump-and-dump stock scam image, according to representatives of Secure Computing. "Many spam filters look in the [e-mail] body, but don't look into the headers," says Paul Henry, Secure Computing's vice president of technology evangelism. The background image is specified in the message's HTML header, along with other layout and style information. For this sample, the picture was pulled from fcslur.com, which is registered to the ironically-named "Privacyprotect.org" in Wellington, New Zealand. Henry says Microsoft Office displays the background image if it's configured to display HTML e-mail, and the sample e-mail delivered its payload in Lotus Notes e-mail as well. Setting either program to display only text would block the stationery-using junk e-mail, according to Henry - but would also block anted images. Thunderbird did not display the background. Henry says his company is seeing only a small amount of this type of image spam, but believes it's destined to increase. Adam O'Donnell, director of emerging technologies at Cloudmark, which also offers antispam products, agrees. "People continually try to vary up how they're going to try to enclose their image in spam," O'Donnell says. It's a "technique used to evade [antispam] systems." The varying techniques used by spammers to try to evade antispam filters mimics the ongoing cat-and-mouse game between malware authors and antivirus companies - and for exactly the same reasons. Spammers and virus-writers alike will attempt to change their spam or virus just enough to evade some automated filters or signature scanners. Also, this new scam approach comes at a time when the overall amount of image spam is decreasing, according to recent statistics released by antivirus vendor McAfee. The picture-pushing junk mail made up 60 percent of all spam in the first quarter of the year, but in May the amount fell to just 12 percent. Image spam may decrease, or new evasion techniques such as this use of stationery background may see it increase once more. But one thing is for certain: spam isn't going away any time soon. "These guys are in business, and they're going to do the amount of work necessary to stay in business," O'Donnell says. Law Puts Damper on Web Security Research Web security research is being seriously hampered by laws that punish researchers for even attempting to locate flaws in web software, much less disclosing those flaws, according to a new study. The report is the first by the Computer Security Institute (CSI), a research and training organization under the aegis of CMP Technology. It draws on discussions by a broad working group, including security researchers and representatives of U.S. law enforcement agencies. The upshot is that current legal frameworks designed to allow prosecution of web attackers also make it next to impossible to legally spot security flaws in the "web 2.0" applications quickly becoming ubiquitous on the Internet. Those researchers who do feel safe probing web software for flaws are probably not aware of their real legal position, the report said. Unlike researchers who address offline software and operating systems, web software researchers face significant legal restrictions designed to trap attackers, according to Jeremiah Grossman, chief technology officer of White Hat Security and a member of the working group. "Under some laws, a researcher could find himself prosecuted for simply looking for website vulnerability, much less disclosing it publicly," he said in a statement. The report is to be released on Monday at CSI's NetSec '07 conference in Scottsdale, Arizona. It suggests that changes may be needed if the emerging ecosystem of web applications is to be kept secure. That could include changes in the law, including to the assignment of liability, how "damage" is quantified and how disclosure and criminal intent figure into the picture, the report said. Short of changes to the law, the report suggested websites could encourage vulnerability disclosures through anonymous tip lines or the use of "dummy" sites specifically for the use of researchers. The working group included organizations such as Fortify Software, SPI Labs, the U.S. Department of Justice, Cenzic and the Electronic Frontier Foundation. NATO Says Urgent Need To Tackle Cyber Attack NATO defense ministers agreed on Thursday that fast action was needed to tackle the threat of "cyber attacks" on key Internet sites after Estonia suffered a wave of assaults on its computer networks last month. "There was sentiment round the table that urgent work is needed to enhance the ability to protect information systems of critical importance," NATO spokesman James Appathurai told a news conference at a two-day meeting in Brussels. "They (the attacks on Estonia) were sustained, coordinated and focused. They had clear national security and economic implications," he said. "That will be the subject of work here." Estonia suffered an onslaught of cyber attacks on private and government Internet sites, peaking in May after a decision to move a Soviet-era statue from a square in Tallinn prompted outrage from Russian nationals in Estonia and a diplomatic row with Moscow. The attacks appeared to have stemmed initially from Russia although the Kremlin denied it was behind the assaults. Network specialists said the attacks consisted of a barrage of clicks on a given Web site, leading to overload. Some sites faced up to 1,000 clicks a second, compared with a normal level of 1,000 to 1,500 clicks a day. Estonia said they affected thousands of sites and were akin to a terrorist attack in their potential to cripple key infrastructure. It urged NATO to recognize such incidents as an emerging threat. "We got more support than we expected, particularly with this acknowledgement of an urgent need to react," Estonian Defense Minister Jaak Aaviksoo told Reuters during a break in the meeting. NATO officials said the 26-member alliance, which sent a technology expert to Estonia at the height of the onslaught, would study how it could step up existing work within NATO and national capitals on tackling the cyber threat. Apple To Take On Microsoft With Web Browser Apple Inc. will create a version of its Safari Internet browser for Windows, Chief Executive Steve Jobs said on Monday, challenging Microsoft Corp. in its key stronghold of Web access software. The move by Apple, which has expanded beyond its Macintosh computer core with iPod music players that work with Windows and the upcoming iPhone, could let the company control how the vast majority of people use the Web at a time when services and programs are increasingly becoming Internet-based. Jobs also said Apple would let outside developers create applications to run on its upcoming iPhone by tapping Safari, softening the company's previous position that the device would not support other software due to security concerns. But investors were disappointed that Jobs - known for his surprise announcements - did not have bigger news to announce, and Apple shares sank 3.4 percent, their biggest one-day fall in about four months. "Apple always hits a home run, and when they hit a triple, it's a disappointment," said Gene Munster, an analyst at Piper Jaffray & Co. who has an "outperform" rating on Apple stock. "People always expect them to do something out of the blue, and they didn't do anything out of the blue." Consumers and investors are hungry for any iPhone news ahead of the product's June 29 launch. Speaking at Apple's annual developers' conference in San Francisco, Jobs put Microsoft's dominant Internet Explorer browser squarely in his sights, saying that test versions of Apple's Safari software were twice as fast. "We would love for Safari's market share to grow substantially," Jobs said during a presentation in which he focused on new features in Apple's upcoming operating system update, called Leopard. Jobs said Safari had 5 percent of the browser market, with Internet Explorer taking up 78 percent and Firefox, a browser from the nonprofit Mozilla Foundation, taking 15 percent. The announcement sets the stage for a new browser war nearly a decade after Microsoft knocked out pioneering rival Netscape by including Internet Explorer for free in Windows. Analysts said Apple clearly hopes to replicate its success in making a Windows version of its iTunes media management software, a move that not only helped drive sales of its iPod media players but ultimately helped sell more Mac computers. "We assume Safari for Windows should increase market share and encourage Web site developers to allow for greater compatibility with Safari," Soleil Equity Research analyst Shannon Cross said. "It should also help increase Apple's exposure to the Windows community and potentially attract a larger audience of switchers," Cross wrote in a research note. Addressing concerns that the iPhone would not support programs not created by Apple, Jobs said independent developers could write application software for Safari, which is included in the multimedia device. "It's an innovative new way to create apps for mobile devices ... and it gives us tremendous capability, more than has ever been in a mobile device," Jobs said. ThinkEquity analyst Jonathan Hoopes said developers writing applications to run on Safari would be able to have their software run on either a Macintosh or Windows-based computer. "That same app should be able to run on the iPhone," he said. The bulk of Jobs' speech was dedicated to showing off new features in the updated operating system, such as improved ways to find and view files, visual effects in its iChat video chat program, and the inclusion of a program to let Mac users run Windows on Apple computers. "It is a hot area, this idea that you have a Mac but may need to switch to Windows to run some applications. It helps with market share and helps with customers that are on the fence trying to move to the Mac," Phil Schiller, Apple's head of product marketing, said in an interview. EBay Attempts to Welcome Back Store Owners EBay Inc. is wooing store owners after a series of decisions by the online retail giant frustrated some merchants. If a speech from Bill Cobb, president of eBay North America, hints at future relationships between the company and its sellers, the message is keep your doors open. During a Thursday keynote at eBay's annual sellers convention, Cobb pledged not to increase merchant selling fees this July and said that the stores category will return to the eBay page header within 30 days. In addition to offering its main auction listings, eBay allows merchants to set up shops and sell wares at fixed prices. Last July relations between store owners and eBay grew contentious when eBay announced an effort "rebalance the overall eBay marketplace," which had seen store listings eclipse auctions listings. The rebalancing meant higher store fees as of last August and in April the stores tab was removed from eBay page headers. "For eBay Stores, the last 10 months have been a transition. We are committed to the long-term success of eBay Store owners," Cobb said. While store owners didn't welcome last August's fees, Cobb said he is pleased with the realignment's progress. Additional efforts to court store owners include 24-hour phone support for Featured eBay Store owners and a reduction in Anchor Store monthly fees. Among a raft of other initiatives for sellers, Cobb announced a temporary reduction in the Final Value Fee, a charge tacked on to an item's final selling price. Visual navigation, in which photographs play a prominent role in navigation, will be introduced to more categories. PayPal President Rajiv Dutta addressed merchant security during his portion of the keynote. "We heard the message on fraud. We know it's a top challenge. I am personally committed to keeping fraudsters off the site," Dutta said. In an effort to combat phishing, PayPal, eBay's payment division, will make the PayPal Security Key available to all eBay and PayPal users on Friday. The security key device, previously in beta testing, generates unique security codes in 30 second intervals. Users then enter the code when logging on to their PayPal or eBay account. In August PayPal will launch a payment review system that flags "transactions that pose a risk." The questionable transaction is highlighted and the seller is told to wait on shipping the item until PayPal confirms that the buyer's account contains adequate purchasing funds. Meg Whitman, eBay president and CEO, opened the keynote and emphasized that the company is suited to reach its goal of connecting people through three of its divisions. Finding, buying, communicating, entertaining and paying are main Internet activities, she said. EBay fulfills the buying aspect, PayPal handles payment functions and VOIP (voice over Internet Protocol) provider Skype, which the company purchased in 2005, provides communication services. "The lines between finding and buying are blurring. At the core the company is about connecting people," Whitman said. As eBay executives discussed staying linked and protected, some sellers said they felt a disconnect from the company. "I'm happy to hear that stores are going back in the header," said Maria Ginter, who sells furniture and home decor on eBay. Ginter was less impressed that eBay is no longer advertising on Google Inc. after a spat this week over a Google event to promote its own online payment system, Google Checkout. "That's how people find my furniture," she said. Deb Martin, who sells collectible figurines on her store wanted to hear of security efforts to crack down on dishonest buyers who create new user identifications to solely commit more fraud. "Buyers have no incentive to keep their name. They just restart their IDs and log back in." She also questioned the merits behind the temporary fee reduction and saw it as an effort to boost quarterly revenue and benefit shareholders. Although eBay is emphasizing its auctions, one merchant thinks that form of e-commerce has faded. "A lot of people are over bidding. They're just buying now," said Judy Pykhoff, who operates the Red Cougar Trading Post store on eBay. eBay In Patent Fight Over 'Buy It Now' A small Virginia company in a patent fight with eBay Inc. asked a federal judge Tuesday to stop the online auction powerhouse from using its "Buy It Now" feature allowing shoppers to buy items at a fixed price. A federal jury found in 2003 that eBay had infringed Great Falls-based MercExchange LLC's patent. But last year, the U.S. Supreme Court handed a victory to patent-reform advocates when it ruled that MercExchange was not automatically entitled to a court order blocking the offending service. Now, U.S. District Court Judge Jerome B. Friedman must decide whether MercExchange is entitled to a permanent injunction. The judge did not say when he would rule. Friedman also did not immediately rule on eBay's request to stay the proceedings until the federal patent office has completed a re-examination of the patent - a process that MercExchange's lawyers said could take 10 years. Lawyers for San Jose-based eBay told the judge that the company has designed a workaround so that it no longer infringes on the patent and thus an injunction is unnecessary. Attorney Jeff Randall also said MercExchange has not suffered irreparable harm and that the company is better off now than it was before the trial, citing an investment by a hedge fund. MercExchange's attorneys, however, argued that the potential for future infringement is at stake and that MercExchange will not be able to sell exclusive licenses for use of its patent without an injunction. "Without an injunction in the face of an infringing monopolist that now has 95 percent of the market, MercExchange cannot make productive use of its patent in any way," lawyer Seth Waxman said. Randall said an injunction would give MercExchange "illegitimate leverage," hurting eBay's reputation in the marketplace by making people think eBay is still infringing the patent. "That's what they want," Randall said of MercExchange. Randall also said MercExchange is not interested in building its business. "They sit back and try to collect from businesses for their patents, and that is it," he said. In arguing for a stay, Randall said waiting for the outcome of the patent re-examination would save a lot of litigation in the meantime. "I get the impression that, in a nice legal way, the court is being threatened," the judge said. MercExchange attorney Greg Stillman said it was wrong to wait for patent authorities to sort everything out and that eBay could have avoided a lot of litigation by asking for the re-examination much earlier. The patent battle focuses on eBay's button for buying products at a fixed price, bypassing the bidding process, and MercExchange's claim that the technology infringes on its intellectual property. The federal jury that sided with MercExchange awarded the company $35 million. The amount later was reduced to $25 million. Stillman said outside court that MercExchange intends to ask the judge to increase the damages to take into account infringement since the 2003 trial. The Supreme Court's ruling does not affect the judgment against eBay. In the closely watched case, the high court ruled that judges have flexibility in deciding whether to issue court orders barring continued use of a technology after juries find a patent violation. The decision threw out a ruling by a federal appeals court that said injunctions should be automatic unless exceptional circumstances apply. The case became a rallying point for critics who argue the U.S. patent system is riddled with abuse from small businesses that sue established companies to enforce patents for ideas that have never been developed into products. Over Half of Inkjet Printer Ink is Thrown Away As much as 60 percent of the ink contained in a typical inkjet cartridge is wasted, when printers ask users to throw away half-full cartridges, according to research commissioned by Epson. The printer company commissioned research laboratory TUV Rheinland to measure how much ink is used up and how much remains in an inkjet cartridge when the printer claims it's out of ink. The study revealed vast amounts of wastage: no matter which printer you choose, around half the ink you pay for goes unused. On average, inkjet printers provide an ink efficiency of just 58 percent when used for photo printing purposes and 47 percent when used for printing business documents such as presentations. Research company TUV Rheinland performed comparative tests on eight different printers from well-known brands such as HP, Canon, Brother, Lexmark, Epson and Kodak. The Kodak EasyShare model that was included in the test proved to have an ink efficiency level of just 40 percent. By contrast, models made by Epson and one HP inkjet, were shown to have efficiency levels of around 80 percent. The printers that scored particularly poorly were multi-ink cartridge models. This category included printers in which colors are supplied in a single unit of cyan, magenta and yellow as well as six-color printers that have a five-color ink cartridge. The printers each printed as many sample pages as possible until one of the colors was exhausted. The residual amount of ink that was unused was then recorded. TUV Rheinland's Hartmut Mueller-Gerbes explained that tests were carried out separately for photo printing and for business printing. The sample photo prints used were chosen at random by a focus group while a typical PowerPoint presentation was used as the sample document for the business-focused efficiency test. Here, explained Mueller-Gerbes, one color tends to dominate as a presentation will have a particular color theme "such as the light magenta used in our example or the light cyan used in my presentation." Because of this, business printing tends to drain one color faster than any other and the printer alerts the user that replenishment ink is needed. Epson commissioned the tests to measure the environmental impact of ink waste and to back up its assertion that it's less wasteful - as well as cheaper - to use a printer that has individual color tanks. Epson sells inkjet printers only that have separate ink cartridges for each color. This means that when one color runs out, the consumer can replace a single cartridge, rather than having to replace all the colors when only one has been used up, as is the case with multi-ink cartridges. The weight of the inkjet cartridges was taken before and after the tests to ascertain how much ink was in it. They also compared with the weight of an empty cartridge to arrive at a figure for the ink on its own. The cartridges were chemically cleaned to ensure the weight of the cartridge alone was factored in. However, as conference attendees were quick to point out, the tests Epson commissioned did not measure the cost to the consumer, the number of pages each printer was able to produce before running out of color and did not factor in the amount of ink used up by the cleaning cycle that printers routinely perform. This last factor is something industry experts believe accounts for a significant amount of ink waste. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.