Volume 9, Issue 31 Atari Online News, Etc. August 3, 2007 Published and Copyright (c) 1999 - 2007 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #0931 08/03/07 ~ ".us" Domain Rekindled? ~ People Are Talking! ~ Yahoo Probe Pressed! ~ WOMBAT Looks Promising ~ JPEG To Be Replaced? ~ Ransomware Trojans! ~ Web Networking Booming! ~ eBay Keeps Buy It Now! ~ Creative PDF Spammers ~ Storm Worm Gets Smarter ~ Kittens Solving Spam? ~ GTA IV Postponed! -* Internet Censorship Spreading *- -* Are Laser Printers A Health Hazard? *- -* Zero-Day Attacks Top List of IT Concerns!! *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" I gotta be honest - it's just too darn hot and humid around here to really expend brain energy and come up with some worthwhile comments this week! This weather has certainly been something else this past week! Temps at or approaching 90 degrees all week long. I played golf Thursday - went out at 6:00 a.m. to try and beat the heat. By the time I finished, I was exhausted from the heat. I was going to play today until I discovered the temperature when I woke up. I went back to bed! So, while I continue to try and stay cool (and consider Joe's recipe below!), I'll leave you all to your own devices of staying cool. Me, I'm eying that nice cool swimming pool for a quick cooling dip! Until next time... =~=~=~= PEOPLE ARE TALKING compiled by Joe Mirando joe@atarinews.org Hidi ho friends and neighbors. It's a warm one in southern New England today. This is our third heat wave so far this summer. No, don't worry. I'm not going to launch into a tirade about global warming and saving the unborn gay whales or anything. My point is... it's hot, that's all. It's too hot, as a matter of fact, to talk politics or regrets about what Atari should have or shouldn't have done. It's just too damned hot. Y'know what I like on a hot summer's day like today? Cucumber salad. There's nothing like a nice, chilled cucumber salad with... well, with just about anything. The only problem I've run into is when people just hack up some cucumbers and slather 'em with 'regular' salad dressing. That just ruins it! So, over the past several years, I've come up with my own dressing, and I think it's pretty good. I've even gotten some compliments on my recipe, so maybe I'll pass it along to you. How would that be? Hey, maybe you can make it over the weekend and impress the heck out of your wife, kids, in-laws or whatever. It's easy, and it lasts just about forever in the fridge. Try it out and let me know what you think. ----------------------------------------------------------------------- Joe's Cucumber Salad Ingredients: * 2 or 3 Cucumbers, chilled * 1 Yellow or Spanish Onion, medium sized * 1/2 Cup Rice vinegar* * 1 Tablespoon Vegetable Oil * 1 tablespoon Sugar * 1 teaspoon Celery Salt * 1/2 teaspoon Cayenne (optional, but highly recommended) * 1/2 teaspoon Dill Weed * 1/4 teaspoon Black Pepper Directions: Peel and thinly slice chilled Cucumbers and place in a medium-sized bowl (Use a glass bowl. If you use plastic, it'll smell like cucumbers until the next ice age). Sprinkle with the celery salt and toss. (There's a reason for this, by the way. The salt leaches liquid from the cucumber slices so that when you finally add the dressing, they soak it up easily) Peel and halve the onion, and slice the halves as thinly as possible. Separate onion pieces and sprinkle over cucumbers. Toss again. Place Sugar, Cayenne, Dill Weed and Black Pepper in a 2 cup measuring cup, mix loosely. Add Rice Vinegar to dry ingredients and mix until sugar is dissolved. Add Vegetable Oil and mix with whisk or fork until everything is combined. Pour dressing over cucumbers and onions and toss lightly. Refrigerate at least 3 hours (I recommend overnight). Toss again before serving. * If you do not have or do not like Rice Vinegar, you may substitute White, Cider or Red Wine Vinegars. Simply use 1/4 cup instead of 1/2, since Rice Vinegar is milder and less acidic than the others. -jm ----------------------------------------------------------------------- There. Don't that sound easy? It is. And the cool thing is that the longer you leave it in the fridge, the better it gets, since you're basically pickling the cucumbers and, therefore, preserving 'em! Okay, that's enough of that. Go make a nice big bowl of cucumber salad and, while it's marinading in the fridge, read the news, hints, tips and info available from the UseNet... From the comp.sys.atari.st NewsGroup ==================================== Marc-Antón Kehr posts this bit of news about EasyMiNT: "There´s a new EasyMiNT version available on http://atari.st-katharina-apotheke.de " Sam F. hears about the new version and says: "This is great!! What I would like to see, is a way by which all we atari owners can pitch in five or ten dollars a month to an Atari Developer Fund, which at the end of every month, quarter, or year gets divided amongst all the active developers. What do you all think?" Marc-Antón replies: "I can only talk only for me, but I don´t need this. I write my programs for fun. So, in my opinion it would be better to write an email to the authors and say just "Thank you" than organize a "developer fund" where you probably get 20 Bucks a year to divide.:-) Most people are too lazy to write an email to the author, why should they busier to spend money? Most of the programmers that are active for Atari today are people with jobs and I think they do not need the money, but what they like is a little bit of honour." 'Rafael' adds: "You are right!! Simple feedback is much better then 20? or even 50? a year. I'm sure many projects are stopped because of lack of feedback to the authors. I'm talking here also about testing..." Marc-Antón adds another aspect: "Yes, and writing docs or translation, these are things also non-programmers can do, but no one want to do it.:-/ So, I had to invest much time in translation and documentation, this time reduces the coding time." Last week, someone asked about anyone's preference for an ANSI C compiler: "Does anyone have recommendation on the best ANSI C compiler for the ST? I have some utility apps I wrote that I would like to port to the ST, but the only C compiler I have is Megamax which is K&R and not ANSI. I heard that Borland released Turbo C for the ST... Does anyone have a copy of this? I own the DOS version and an ST version would be great." 'Coda' answers: "I didn't know Turbo C was released for Atari. What I heard was that Pure C became Turbo C on the PC. In fact I have used both and they are very similar animals. I loved Turbo C in DOS (sorry for the bad language) because it had a great IDE and the online help was fantastic. As far as I know there is very little English documentation for Pure C (just a long readme) the proper manuals are in German. That's probably why these days I use Lattice C 5.6, I bought it especially to make sure I had all the manuals, and boy I have needed them... Or, you can use GNU C. You may know that you can switch it to several different C standards, and it will also compile other languages like C+ +, Fortran, Pascal (ugh!) etc. This is of course free software, and there is plenty of documentation on the net. I don't know which Atari specific libraries exist though, but I know they exist." Fidel-Sebastian Hunrichse-Lara adds: "Try this: and http://tinyurl.com/245g47 (URL for TurboC.Zip modified by editor) " Edward Baiz tells us about his preparations to put his Falcon into a tower case: "Well I am getting close to putting my Falcon in my old Hades tower. I have the cables to extend the ports to the outside for the cartridge, printer, MIDI, keyboard, joystick, video. I have the SCSI and IDE ports taken care of. I took out the motherboard and traced it on a piece of cardboard. I tested the cardboard shape in my tower to see if it would fit. It looks like the bottom two bays are in the way. My tower has six bays and I only use 4. I guess I would have get a four-bay apparatus and use that or just get a new tower. I am also looking for a new ATX PSU. What wattage is good? Any suggestions or comments are welcome." 'Coda' tells Edward: "Wattage is mostly irrelevant. Good quality stable outputs are what you need. I run my CT60 falcon on one of these: http://tinyurl.com/ymfkt9 (URL modified by editor) My related post on DHS: http://bbs.dhs.nu/ct60/index.php?request=2543 stated 2 years ago that my CT60 falcon only drew 38W. At that time I was thinking about using an Xbox PSU as it seemed almost good enough to work but for the price of an M1-ATX and the fact that it plugs and goes (and fits behind the CT60 in the original case without the CTEX) there was no competition. Oh, it's silent too :) If you decide to go this route, don't get tempted to buy the M2. It's overall power rating is higher, but only because of the huge 12V supply (designed for P4 mobo's). There is less amperage available on the 3.3V and 5v lines." Edward replies: "What I am looking at is a 230 Watt PSU with a switch on the back. It has three IDE 4 pin connectors, one floppy connector and AUX connector. What is this AUX connector?. That should be enough for me I would think and I only need 4 connectors including the floppy. You can see it at: Tell me what you think." When Coda cannot reach the page, Edward fixes it and says: "Whoops, should be: http://www.supernotebook.com/micro-atx-power-supply-powmax-230-watt.htm I am going to order this one. I like the switch. I will just have to decide whether not or I am going to install it in the same spot the current PSU is or put it at the top like Lyndon did. It is a little smaller than the one already in there." Edward now posts: "Well it looks like I will be able to use the old Hades tower. I just have to move all of my external hardware up 2 bays, so that the bottom two are empty. Then I have to cut part of the bottom bays out and the Falcon board will fit. Now I have another question. I know the Falcon mother board cannot touch the metal frame of the tower. I was thinking of using nylon parts (screws, nuts, rings etc) to attach the board. Is this a good idea or is there something else I could use?" Coda tells Edward: "You can use nylon yes, in fact most motherboard standoffs are made of nylon, and if you can get these from a PC mounting kit, maybe it would be easier to use them. But, if you are going to mount the motherboard using the existing holes (please don't make any new ones :-)) then you can use metal hardware as long as the heads are not bigger than the metal surround of the hole, because all the holes are tied to the ground plane. When my falcon was in a rack, I used metal machine screws to mount it." Well folks, that's it for this time around. Tune in again next week, same time, same station, and be ready to listen to what they are saying when... PEOPLE ARE TALKING =~=~=~= ->In This Week's Gaming Section - 'Forza' Outclasses Competition! """"""""""""""""""""""""""""" "Rock Band" Takes Top Honor! Grand Theft Auto IV' Delayed! =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" Car Wars: 'Forza' Outclasses Competition Just a few years ago, it was somewhat of a surprise when a NASCAR driver said he used video games to get ready for real-life races. Nowadays, virtual racing is a standard element of the training regimen of professional drivers, particularly the young guns who probably learned to drive on a Nintendo long before they got behind the wheel of a stock car. Elliott Sadler, Dale Earnhardt Jr., Kyle Busch and Carl Edwards are just a few of the NASCAR drivers who have acknowledged a debt to video games. As graphics get more realistic, a virtual track can provide good practice for the pros while letting the rest of us feel what's it's like to do a few laps at Daytona. * "NASCAR 08" (EA Sports, for the Xbox 360, PlayStation 3, $59.99; PlayStation 2, $39.99): The first 360/PS3 version of this franchise includes vivid recreations of just about every track in America, from the basic oval at Bristol, Tenn., to the twisting road course at Watkins Glen, N.Y. Most of the time you're racing against more than 40 other cars, so you really get a feeling of claustrophobia along with a sense of the strategy required to make it to the front of the pack. Unfortunately, to pull off that strategy you need really sharp steering. The controls in "NASCAR 08" feel so loose that you have to keep adjusting them even when you're just trying to drive in a straight line. The "Chase for the Cup" mode is frustrating as well. It starts you off with small challenges, like learning how to pick up speed by closely following another car, and works up to full-blown Nextel Cup events. It's a good way to learn the sport's intricacies, but many gamers won't have the patience to endure all the tests that are required before entering a career race. Two stars out of four (but add a star if you're a NASCAR fan). * "Forza Motorsport 2" (Microsoft, for the Xbox 360, $59.99): The second edition of Microsoft's flagship racing franchise offers a lot more breathing room, mainly because you're usually racing only seven other cars. It also has a wider variety of courses, ranging from California's sun-splashed Laguna Seca to a fantasy track in the middle of Times Square. "FM2" lets you pick a car (from more than 300 models) and jump into a race right away. There's no messing around with tutorials and licensing tests; instead, novices get some on-screen assistance and are pitted against slower opponents. Eventually, you'll make enough money to buy a new car or upgrade your old one, and there are so many ways to calibrate a car's performance that you could spend a couple of days in the garage alone. There's a lot to love about "FM2," from its gorgeous graphics to its incredible attention to detail. But its most impressive feature is its driving physics; it simply feels more realistic than any other racing video game. Three-and-a-half stars. * "Dirt" (Codemasters, for the Xbox 360, $59.99): "Dirt," the latest in Codemasters' "Colin McRae Rally" series, is in some ways the opposite of "Forza." Instead of zipping around slick, paved tracks, you're slogging your way across bumpy, muddy terrain; endurance and brute force are more important than speed and slick steering. But "Dirt" goes head-to-head with "Forza" in one respect: It's one of the best-looking racing games on the 360. "Dirt" has a decent selection of off-road vehicles, from nimble buggies to lumbering trucks, and a good variety of events. Sometimes you'll be racing solo up a hill; other times you'll be swapping paint with your opponents on courses that abruptly shift from paved to unpaved. Most of the courses are rocky enough to make your teeth rattle, but the controls don't always feel spot-on. At times it feels like you're floating around curves, and the cars almost feel too responsive given all the abuse they're going through. "Dirt" is fun and pretty, but doesn't feel realistic. Three stars. "Rock Band" Takes Top Video Game Honor A video game that turns players into virtual rock stars won a top industry award this week, beating a field of action titles featuring lush graphics and complex stories. In a move that reflects growing enthusiasm for games with broad appeal, the Game Critics Awards named "Rock Band" as Best of Show for the industry's annual E3 convention held last month to showcase upcoming products. "The most interesting thing to me, when you look at the winners, is that new, original franchises really dominated this year," said Geoff Keighley, co-chairman of the awards. "A lot of pundits look at the industry and say that it's so franchise-driven, there are so many sequels. Then you look at the winners list and it's a bunch of fresh air." "Rock Band," to be published by MTV and distributed by Electronic Arts Inc., allows up to four players to strum guitar or bass, pound drums, or sing in time to any of dozens of modern and classic rock songs. The game topped creepy underwater shooter "Bioshock," combat game "Call of Duty 4," science-fiction role-playing game "Mass Effect" and apocalyptic title "Fallout 3," which all wowed critics with stunning graphics. The Game Critics Awards have been around for a decade and are decided by 36 journalists who submit nominees in more than a dozen categories. The games have to have been playable by journalists at E3 rather than just shown in videos. A far cry from the pomp and circumstance the Academy Awards bring to Hollywood, the low-key Game Critics Awards nonetheless give bragging rights to developers and publishers. For example, in its quarterly earnings report on Wednesday, THQ Inc. boasted that four of its games, including "Stuntman: Ignition" and "de Blob," were nominated for awards, though none of them won. In another nod to the popularity of casual games, Sony Corp.'s "LittleBigPlanet," which lets users create environments for photorealistic cloth characters to frolic in, won Best Original Game. Sony's "Killzone 2" pulled in a Special Commendation for Graphics, a notable achievement in a year with an abundance of outstanding visuals. Despite the immense popularity of its Wii console that is widely credited with triggering the casual games boom, Nintendo walked away with only one award, Best Handheld Game for "The Legend of Zelda: Phantom Hourglass" for its DS device. "It was a lack of really new stuff from Nintendo," Keighley said. "I don't know if it's the canary in the mine shaft that shows Nintendo is not doing so well ... also, the judging body is geared toward the hardcore gaming crowd." Microsoft Corp.'s "Mass Effect" for its Xbox 360 game machine won Best Console Game while "Halo 3," the next installment of its wildly popular alien-blasting title, won for Best Online Multiplayer. Electronic Arts, the world's biggest game publisher, won six awards, though several of those were linked to titles such as "Rock Band" that it is not developing itself. EA's "Madden NFL 08" football title won Best Sports Game. Keighley said he was open to the idea of making the awards a higher-profile event, but indicated he was leery of anything that would detract from casting a serious critical eye on a medium often dismissed as appealing only to teenaged boys. "I think we're extremely over-conscious of not trying to commercialize the awards in any way. The last thing I want is for a TV producer to come in and say, 'Great, but let's put in an award for hottest virtual babe'," Keighley said. 'Grand Theft Auto IV' Pulled Over Until 2008 Grand Theft Auto fans are going to have to wait a bit longer for the next installment. Take-Two Interactive announced Thursday that Grand Theft Auto IV would not be released Oct. 18 for Sony's PlayStation 3 and Microsoft's Xbox 360 video game systems, as originally planned. Instead, the game will arrive in spring of 2008, "due to additional development time required to complete the title," the company said in a statement . Rockstar Games founder Sam Houser says in the statement, "the new consoles are allowing us to create the "Grand Theft Auto" game we always dreamed about. Every aspect of the game and its design has been completely transformed. The game is huge and is pushing the hardware platforms to their absolute limits. The top engineers from Sony and Microsoft are working closely with the team in Edinburgh right now, helping us to fully leverage the power of both platforms. As always, our goal is to surpass even the wildest expectations of the game's fans, and to create the ultimate high definition video game experience." Industry analysts had expected GTA IV to battle Halo 3- and perhaps Guitar Hero 3 and Rock Band- for the top-selling game of the year. The last GTA game for consoles, 2004's GTA: San Andreas has sold more than 14 million copies. On his Level Up blog, Newsweek's N'gai Croal mused: "It will be interesting to see which publishers move their games out of the November crunch and into October now that the neutron bomb that is Grand Theft Auto IV will no longer be dropped in 2007." His take: Nintendo benefits most because it gives consumers more reason to buy a Wii. And Microsoft takes a bigger hit than Sony because its expected one-two punch of Halo 3 and GTA IV might have resulted in more Xbox 360 converts. "Rockstar has delivered its Grand Theft Auto games more or less like clockwork, making today's announcement something of a shock," he wrote. On FiringSquad, news editor John Callaham trumped that calling the delay "a major shock" and noted that "this delay, plus the delay in the release of Rockstar's Manhunt 2, will drastically affect Take Two's financial results causing the company to lose about $200 million in revenue for its fiscal 2007 year. Based on its Gamer Panel surveys of gamers' intent to buy, IGN GamerMetrics' estimated that Call of Duty 4: Modern Warfare and Assassin's Creed will be the beneficiaries of the game's delay this holiday season. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson Internet Censorship Spreading State restrictions on use of the Internet have spread to more than 20 countries that use catch-all and contradictory rules to help keep people off line and stifle feared political opposition, a new report says. In "Governing the Internet," the Organisation for Security and Cooperation in Europe (OSCE) presented case studies of Web censorship in Kazakhstan and Georgia and referred to similar findings in nations from China to Iran, Sudan and Belarus. "Recent moves against free speech on the Internet in a number of countries have provided a bitter reminder of the ease with which someregimes, democracies and dictatorships alike, seek to suppress speech that they disapprove of, dislike, or simply fear," the report by the 56-nation OSCE said. "Speaking out has never been easier than on the Web. Yet at the same time, we are witnessing the spread of Internet censorship," the 212-page report said. In a new case not covered by the report, a senior Malaysian minister vowed this week to apply law prescribing jail terms for Web writers of comments said to disparage Islam or the king. Malaysian police grilled one on-line author over postings the ruling party described as an attack on the country's state religion and a bid to stir racial tension. In Kazakhstan, rules on Internet use are so vague and politicized that they "allow for any interpretation ..., easily triggering Soviet-style 'spy mania"' where any dissident individual or organisation could be branded a threat to national well-being and silenced, according to the OSCE report. It cited a prominent incident in 2005 when Kazakhstan seized all .kz Internet domains and closed one deemed offensive and run by British satirist Sacha Baron Cohen, who had made the acclaimed spoof film "Borat: Cultural Learnings of America for Make Benefit Glorious Nation of Kazakhstan." In a speech to the OSCE parliament on Thursday, Kazakh Information Minister Yermukhamet Yertysbayev insisted Kazakhstan was determined to build democracy and create an "e-government" expanding Internet service and making "our media more free, contemporary and independent." The OSCE report said Kazakhstan's state monopoly on Internet providers tended to deter use by making prices for all but very slow and limited dial-up service far higher than those for West Europeans even though Kazakh incomes are much lower. Georgian law contained "contradictory and ill-defined" provisions which might "give leverage for illegitimate limitation" of free expression on the Internet, the report said. Lawmaker Wants Yahoo Probe Congressional investigators plan to look into whether Yahoo officials misrepresented the Internet company's role in the arrest of a Chinese journalist sentenced to a decade in jail. House Foreign Affairs Chairman Tom Lantos ordered the investigation after a human rights group released a document that it said raised questions about what Yahoo knew when it shared information with authorities about Shi Tao. Beijing officials had sought Shi for sending an e-mail about Chinese media restrictions. "For a firm engaged in the information industry, Yahoo sure has a lot of secrecy to answer for," said Lantos, D-Calif. "We expect to learn the truth and to hold the company to account." Yahoo general counsel Michael Callahan told lawmakers at a hearing last year that his company had no information about the nature of the investigation when it provided details about Shi to Chinese officials, Lantos said. But the Dui Hua Foundation has released a document that it says shows the Beijing State Security Bureau had written Yahoo saying it wanted e-mail content about Shi for an investigation into suspected "illegal provision of state secrets to foreign entities." Lantos said that "covering up such a despicable practice when Congress seeks an explanation is a serious offense." Jim Cullinan, a Yahoo Inc. spokesman, expressed disappointment that Lantos "is rushing to judgment on this issue, because the facts will support Yahoo's testimony to Congress." Regarding the document released by Dui Hua, Cullinan said, "There are many and various descriptions of what state secrets could be, including legitimate investigations into things like terrorism." To do business with China's more than 100 million Internet users, U.S. tech companies must satisfy a government that fiercely polices Internet content. Filters block objectionable foreign Web sites; regulations ban what the Chinese consider subversive and pornographic content and require service providers to enforce censorship. The document requesting information from Yahoo was translated by Dui Hua; it was posted anonymously last week on the Web site of the U.S.-based Chinese-language Web site Boxun.com, said Joshua Rosenzweig, research manager at Dui Hua. Zero-Day Attacks Top List of IT Concerns Threats posed by zero-day vulnerabilities were ranked by global IT decision makers as their topmost security concern, according to a recent survey by security firm PatchLink. Fifty-three percent of respondents put zero day vulnerabilities as the No. 1 security concern, followed by hackers, cited by 35 percent, and malware and spyware with 34 percent. PatchLink surveyed 250 of its customers worldwide in June 2007, including CIOs, CSOs, IT directors and managers. "The prospect of zero-day attacks is extremely troubling for organizations," said Charles Kolodgy, research director for security products at IDC in Framingham, Mass. "Today's financially motivated attackers are creating customized, sophisticated malware designed to exploit unpublished application vulnerabilities in specific applications before they can be fixed." Many IT departments are spread thin and lack the resources to proactively defend against zero-day threats, and attackers are using this to their advantage, said Kolodgy. Hackers are also counting on the human element part of the security equation to help them accomplish their attacks, Kolodgy added. "User behavior is difficult to control, and many hackers rely on users' lapses in judgment to carry out their malicious activity," the IDC analyst said. Controlling user behavior was cited by 32 percent of IT executives as the primary challenge to vulnerability management. PatchLink also asked IT executives to rank the application that they are most concerned about protecting, and Internet Explorer landed on top cited by 83 percent of the respondents. Various Internet security threat reports earlier indicated an increasing trend in attacks targeted towards Web browsers and Web applications, serving as an avenue to gain access to corporate networks. "Those vulnerabilities are often used in 'gateway' attacks, in which an initial exploitation takes place not to breach data immediately, but to establish a foothold from which subsequent, more malicious attacks can be launched," according to Symantec's latest Internet Security Threat Report. If successful, vulnerabilities in Web browsers and Web applications can enable an attacker to install malware and subsequently gain control of a compromised system. Although 72 percent of respondents to the PatchLink survey indicated that they are now more secure than a year ago, IT executives remain wary of other risks that are in the realm of the unknown, according to Matthew Mosher, senior vice-president for Americas at PatchLink in Scottsdale, Ariz. "(IT managers) are now starting to look at more of these zero-day vulnerabilities because they don't necessarily think that they have a handle on that," explained Mosher. The PatchLink executive added that the financial motivation driving hackers today has made IT executives more concerned about zero-day exploits. Brian Bourne, president of Toronto-based IT security consultancy CMS Consulting Inc., was surprised that zero-day vulnerabilities would concern many IT executives, as such exploits are typically used for targeted attacks. Such concern may be out of lack of a complete understanding on how to protect against these threats, he noted. Bourne recommends a defense-in-depth strategy is still "the right strategy" for protecting against zero-day exploits. He urged IT managers to subscribe to a vulnerability advisory list, so that they can get all updates on most recent zero-day discoveries. "Get the information right away to find out if it impacts you," said Bourne, adding that the first step is finding out whether your company even runs that vulnerable software. A good asset management system, which gives IT a clear indication of what software and hardware are running across the enterprise, will enable administrators to make a determination of whether they are vulnerable to a zero-day attack, Bourne added. Once it's determined that there is a risk, IT administrators can then make an effort to learn everything they can about the vulnerability, he said. PDF Spammers Getting Creative PDF spammers have started varying attachments to fool spam filters, security vendor MessageLabs has warned. After appearing only a few months ago, the PDF phenomenon now accounted for 20 percent of the image spam passing through the managed service provider's network, the company said. In the last fortnight, however, new types of modified PDF spam had started appearing. Spam filters had now adapted, turning PDFs from a document and attachment type automatically trusted into one that was now being filtered by antispam engines, causing the spammers to send out new, altered types of PDF. Techniques included altering the rendering size of PDFs, introducing pixel changes to make PDF blocking using signatures impossible, and adding random text within PDFs. PDFs were also turning up with security features such as encryption turned on, another feature that made it hard to scan within a document to single out spam from genuine PDFs. The overall aim was to generate so many unique PDFs that antispam engines would be overwhelmed. "This is almost certainly being automated by bots," said Mark Sunner of MessageLabs. "It will eventually be used in conjunction with social engineering techniques," he added, referring to targeted PDF attacks where real people were sent documents from known contacts. According to Sunner, the advantage of a managed service company such as MessageLabs was the ability to detect rogue PDFs by analyzing information such as IP source. A corporate gateway would not be able to do this because only the ISP itself would be able to see this information with any degree of reliability. "Where the PDF is coming from can also indicate a problem," he said. In recent time, third-party systems for verifying the senders and contents of PDF documents have started to appear, including one from Geotrust that takes advantage of Adobe's Livecycle Document Security server. Kittens Could Solve Spam An executive at Microsoft Corp. has an unusual idea for beating spammers. Powerful software tools and supercomputers aren't involved, but kittens are. Or rather, photos of kittens. Kevin Larson, a researcher at Microsoft's advanced reading technologies group, has found that asking a user to identify the subject of a photo, like a kitten, could help block spam programs. Currently, services like Microsoft's free e-mail service Hotmail require new users to type in a string of distorted letters as proof that it's a human signing up for the account and not a computer. Called Human Interactive Proofs (HIPs), Microsoft, Ticketmaster and a host of other companies have been using the system for around five years, Larson said. He spoke in Seattle on Friday at TypeCon 2007, an annual conference put on by the Society of Typographic Aficionados for type enthusiasts and designers. When Hotmail first started using HIPs, the number of e-mail accounts generated on the first day dropped by 20 percent without an increase in support queries, Larson said. That was a sign that the HIPs were fooling the computer programs that spammers use to automate signing up for new Hotmail accounts from which spam is sent. However, spammers learned how to tweak their programs to better recognize the HIPs, he said. Now, it's a race for Microsoft to continue to alter its HIP system to fool the computers, which ultimately seem to catch on. Larson's group at Microsoft experiments with different ways to distort the text used in HIPs in a way that is easy for humans to read but difficult for computers. One twist on the HIP idea that they've worked on is to display 16 or more photos and ask for identification of the photos. In an example, he suggested using pictures of cats and dogs. The problem with the concept, however, is that Microsoft would have to create a massive catalog of photos, otherwise the programmers could match the correct response with each photo in the catalog and begin to spoof the system, he said. Audience members had a variety of ideas for ways to expand on the idea in order to try to beat the spam programs. One suggested that Microsoft continually take videos of a kitten jumping around a room, as a way to generate a nearly endless string of photos for identification. "It's possible that kittens are the wave of the future," Larson joked. Microsoft might also be able to use short video clips instead of photos, one audience member suggested. The cost to support that method might be a concern but it could probably work, Larson said. His group is also working on ways to improve the current letter-based HIPs for human users. "We need to figure out how to make HIPs that are more pleasant to read," Larson said. Many computer users may be familiar with the "ugly distorted texts" that HIPs use, he said. "We let the computer science people generate this text, but this is a design problem. It seems we ought to bring what we know about legibility to make things more pleasing to identify yet still stop computers," he said. His team has thought about using beautiful calligraphy characters set against ornate backgrounds, but such letters haven't been good at fooling the computers because a program can identify the form of the letter by the thickness of the font compared to the lines in the background design and because a program can notice color differences of the font compared to the background, he said. With 90 billion pieces of e-mail spam sent every day, according to Larson, companies like Yahoo Inc., Google Inc. and Microsoft that offer free online mail services have an incentive to try to block spam. Otherwise they pay for the resources that help send the spam. Project WOMBAT Looks To Manage Online Threats Researchers are looking for formal European Union sponsorship of a new project that would keep an eye on malicious software and computer attacks around the world. Project WOMBAT (Worldwide Observatory for Malicious Behavior and Attack Tools) is a threat management system being backed by European technology companies and research institutions, including France Telecom SA, the Institut Eurecom, and Hispasec Sistemas, said Stefan Zanero, a researcher with the Institut Politecnico di Milano, who is involved with the project. WOMBAT will serve as an early warning system where security researchers and professionals can get data on emerging threats, but the team will also develop new technologies designed to automate the collection and analysis of malware, Zanero said. "What we are interested in is creating a way to understand as many things as possible about the malicious code," Zanero said. Some of the WOMBAT data will be made available to the public, but only those who have been previously vetted will get access to the complete data set. WOMBAT will be funded, in part, by participating institutions, but it has also been selected for funding by the European Union's 7th Framework research program, Zanero said. The formal grant concession and the creation of the research consortium behind the project, however, have not been finalized. eBay Can Continue Using 'Buy It Now' A federal judge Friday denied a request from a small Virginia company to stop the online auction powerhouse eBay Inc. from using a feature that allows shoppers to purchase items at a fixed price. U.S. District Court Judge Jerome B. Friedman denied a motion by MercExchange LLC for a permanent injunction against San Jose, Calif.-based eBay over the "Buy It Now" feature. Last year, the U.S. Supreme Court ruled that although eBay infringed upon MercExchange's patent for the service, it was up to the lower court to decide whether eBay had to stop using it. In his ruling, Friedman said the company was not irreparably harmed because it continued to make money from its patents, either by licensing them outright or by threatening litigation against those it believed infringed upon them. A federal jury found in 2003 that eBay had infringed on Great Falls-based MercExchange's patent and awarded the company $35 million. The amount later was reduced to $25 million. MercExchange attorney Greg Stillman called the opinion a "double-edged sword." "It was sort of good news, bad news for both sides," Stillman said. "I'm sure eBay is relieved that they're not going to be enjoined, but on the other hand (Friedman) made it quite clear that they're going to have to pay for that right." Catherine England, a spokeswoman for eBay, said the company is "extremely pleased" with the decision. Friedman denied eBay's request to stay proceedings on the "Buy It Now" patent because the infringement suit already has been tried by a jury and a final verdict and damage award was affirmed by the federal circuit. The judge did stay proceedings on a second patent held by MercExchange until the U.S. Patent and Trademark Office has time to reexamine it. In the closely watched case, the high court ruled that judges have flexibility in deciding whether to issue court orders barring continued use of a technology after juries find a patent violation. The decision threw out a ruling by a federal appeals court that said injunctions should be automatic unless exceptional circumstances apply. The case became a rallying point for critics who argue the U.S. patent system is riddled with abuse from small businesses that sue established companies to enforce patents for ideas that have never been developed into products. Court Orders Man To Complete eBay Deal An Australian court ordered a man to hand over a vintage plane worth about $215,000 after he tried to back out of an eBay auction, a newspaper reported Friday. The New South Wales state Supreme Court ordered Vin Thomas to complete the deal after he changed his mind about selling the 1946 World War II Wirraway plane he had placed on the Internet auction site last year, the Sydney Morning Herald reported. Peter Smythe, a Australian warplane enthusiast, was the only person to bid on the item, matching the $128,640 reserve price just moments before the auction ended in August last year. But Thomas had already agreed to sell the plane to someone else for $85,800 more than Smythe's offer, and backed out of the sale, the newspaper said. Smythe took Thomas to court, hoping a judge would force him to follow through with the deal. Judge Nigel Rein agreed, saying the eBay auction formed "a binding contract between the plaintiff and the defendant and ... should be specifically enforced." Companies Seek Control of `.us' Domain In Britain, ".uk" is the suffix of choice for Internet addresses. In Germany, it's ".de." In the United States, however, ".us" is the forgotten stepchild. Web sites tend to prefer ".com," which was designed as a global moniker for commercial sites but is heavily populated by Americans. Two companies prominent in the domain name industry want to challenge that notion. Believing they could do a better job marketing the country's own domain name, ".info" operator Afilias Ltd. and registration company GoDaddy.com Inc. are now trying to take over the operations of ".us." They'll face a challenge from its current operator and possibly others. The U.S. government could rule as early as this month. NeuStar Inc. won the ".us" contract in 2001. At the time, addresses ending in ".us" were confusing to register and use. With the government's approval, NeuStar permitted sites to obtain non-geographic addresses such as "clothingstore.us," rather than the more cumbersome "clothingstore.los-angeles.ca.us." The domain grew in usage to 1.3 million today, up from about 17,000 in 2001. But that's still a fraction of the 11 million for ".de" and 6 million each for ".uk" and China's ".cn." Even the Netherland's ".nl" has about twice as many names. "Now is the time to change (the `.us') leadership and put it on a growth track," said Roland LaPlante, chief marketing officer for Dublin, Ireland-based Afilias, whose U.S. arm is bidding with GoDaddy for the ".us" contract when the current one expires Oct. 25. NeuStar won't step aside without a fight. It is seeking a contract renewal and believes quality rather than quantity is what counts. In a statement, the company said it has demonstrated its ability to operate ".us" with "the highest levels of security, stability, technical expertise and policy compliance." It is not known if other companies have submitted bids. The Commerce Department did not return calls for comment. Storm Worm Gets Smarter Newer variants of the widespread Storm worm have introduced a new technique for evading security experts - detecting when they are running in a virtual environment and changing their behavior if they are. The innovation is an indication of how common virtualization is becoming, and also shows how sophisticated the developers of malware such as Storm have become, according to Bojan Zdrnja, a handler with the Sans Institute's Internet Storm Center (ISC). He said Storm is the most prevalent malware at the moment, using fake e-card emails that lead to a malicious website. Zdrnja said the technique appears to be designed to set up roadblocks for security analysts, who normally use virtual machines to safely execute malicious code in order to analyze it. "The main reason their doing this is (presumably) to make analysis more difficult," Zdrnja said in a report on Thursday. It means researchers have to either run the malware on a physical machine, modify the virtual environment to prevent detection or manually analyze the malware, Zdrnja said. If Storm detects a virtual machine, it simply restarts the system without causing an infection. Virtualization allows several separate instances of an operating system to be run on a single hardware system. It has become popular in data centers, largely through the efforts of VMware, and is becoming more widely used on the desktop, for instance with Parallels' virtualization system for running Windows on Intel-based Macs. Storm is designed to detect two virtual environments, VMware and Microsoft's Virtual PC, Zdrnja said. It detects VMware by looking for a particular number supported in VMware's I/O port - something that can be easily changed. It detects VirtualPC by running illegal instruction opcodes, which generates errors only if the software is running on a physical system and not a virtual machine. The technique is the latest sign of the new programming sophistication of malware writers, who are nowadays mainly working on a for-profit basis, according to security researchers. But the trick also means that the worm opts out of infecting virtual machines, Zdrnja noted. "It will be interesting to see if malware authors will change this tactic in the future as the number of virtual machines will grow for sure," he said. Ransomware Trojans Work of Single Group The two most prominent ransomware Trojans of recent times could be the work of the same or a closely-related Russian group, an analysis has suggested. Last week, a new ransomware Trojan appeared on the radar of security researchers, and was quickly identified as a modified version of the GpCode nasty that first hit the Internet as long ago as Spring 2005. As with its predecessors, the new Trojan, also named "Glamour," sets out to encrypt data files on any PC it infects, demanding a ransom of US$300 in return for a key to unlock files. Now an analysis from security research outfit Secure Science Corporation (SSC) has plotted the large number of similarities between the new GpCode and a version that appeared in 2006. Of the 168 functions identified in the code of the new variant, 63 were identical to the older 2006 version. "The results indicate that these two Trojans, found in the wild nearly 6 months apart, originated from the same source tree. This could mean that the original authors are actively modifying the code themselves, or they sold/traded the source code to another group who is now in charge of the modifications," say the authors. In other words, a single or allied group is cycling the same basic ransomware platform through a series of attacks, modifying it each time to evade detection for long enough to find victims. If true, that increases the likelihood of future attacks using the same code base. The planned window of opportunity appears to have been a short one - the compile date for the malware was July 5th and the deadline date mentioned it its threat message to victims states a payment deadline of July 15th. SSC has also found frightening evidence of GPCode's effectiveness. "In the 8 months since November, we've recovered stolen data from 51 unique drop sites [...]. The 14.5 million records found within these files came from over 152,000 unique victims," says the report. Fortunately, despite claiming to have encrypted files using RSA 4096-bit, the new version's apparent use of sophisticated encryption is a bluff. Unlike previous versions of GpCode, the new variant uses a much simpler but unnamed technique to create the appearance of having encrypted files, possibly just a long-strong passphrase. A number of companies have produced tools to reverse the work of the latest GpCode. Ransomware Trojans have a fearsome reputation, but are still thankfully one of malware's rarer events. The long periods of silence could, indeed, be part of their design. Attacks have been recorded from early 2005, and several times in 2006. Web Networking Boom Blasts Into The Workplace After years of socializing, Facebook and MySpace mean business. The sites, which started as a way to help people stay connected with friends, in the past year have begun catering to professionals, offering networking and advertising opportunities. Some companies are embracing the trend, while others are trying to shut the Internet's virtual doors as firmly as possible. Barbershop owners Erin Portman and her husband, Michael, of Austin, Texas, created a page on MySpace.com, the site owned by News Corp and especially popular with teens. MySpace "friends" of Bird's Barbershop often post photos and comments about their haircuts on the music-filled MySpace page, with links back to their own personalized MySpace pages. "We started collecting 'friends' before we were even open," Portman said. "I definitely think it has boosted our business." The shop now has more than 2,100 MySpace 'friends,' many of them customers. MySpace rival Facebook.com, started up in 2004 and in 2006 opened registration to people with corporate e-mail addresses. Thousands of business networks and communities exist on the site among 32 million users, with much of the recent growth attributed to professionals. Facebook says its fastest-growing demographic is people older than 25. It's chief executive is 23-year-old Mark Zuckerberg, who is also one of the founders. While many businesses are using the sites, employees taking advantage of them during work hours are stirring up controversy. More than two-thirds of London businesses have banned or limited employee access to the sites, says a straw poll commissioned by Britain's Evening Standard newspaper in July. The United States, the United Kingdom and Canada have the largest number of online networking users, according to Facebook. Toronto prohibited its 40,000 municipal workers from using such Web pages three months ago, saying it distracts them. "We want to ensure that city workers who are paid by the taxpayers are not wasting undue time on non work-related activities," said City of Toronto spokesman Brad Ross. Many companies block inappropriate Web sites such as pornography from their computer servers. Some even monitor their employees' online activity. Some networking sites allow users to post photos and videos, which may be deemed "NSFW" - not safe for work - on the Web. But Jerald Jellison, a professor at the University of Southern California in Los Angeles, and an expert in change management and social relations, said companies should embrace networking. "People who lead businesses are reluctant to acknowledge the extent to which hard-working professionals do other things besides strictly working," he said. "We're human beings. We socialize. It's going to go on whether you allow it or not." People often meet other employees of their own firms through the sites, said Jellison, who argued that such connections could be used to share resources and increase productivity. "If there is somebody who has experience dealing with clients in a particular company and I find someone else who has done business with this company, I could get information from him, which could help in terms of making a sale," he said. International Business Machines Corp. has developed networking software designed for business clients to do just that. "We tailor it to specifically help people organize their own activities," said IBM's Vice President of Emerging Technologies, Rod Smith. "The more you're isolated and not in the loop, it makes it tremendously hard to really define your work." Are Laser Printers Hazardous to Your Health? Office workers not only must deal with pollution from all manner of carbon-based fuels rising from the streets around their buildings, but also have to contend with a new menace. That's right - laser printers that pollute. An article published on Wednesday in Environmental Science & Technology (EST) reports on a study by researchers from Queensland University of Technology in Australia. Initially, the researchers were requested by the Queensland Department of Public Works to examine whether air quality in an office was affected by a nearby highway. But Professor Lidia Morawska and her colleagues discovered that levels of particulate matter were 500 percent higher during a workday in the nonsmoking office building than even at a spot on the highway. Suspecting the printers, the researchers tested more than 60 in the building and found a wide variation of emissions. The worst one was as bad for nearby breathers as a cigarette smoker would be. The range of emissions was wide. Looking at several brands and models, with a range of toner cartridge ages, the researchers tested some in isolated conditions and others in their office locations. Overall, they found 37 printers were nonemitters, eight were low or medium emitters, and 17 were high. Patterns were not immediately apparent. One HP LaserJet 5 was a high emitter, for instance, while another was a nonemitter. Eight HP LaserJet 4050 and four Ricoh Aficio series printers had no emissions, but HP's LaserJet 1320 and 4250 were high emitters. In general, the researchers found that newer toner cartridges, and printing toner-heavy documents, released more particles. Morawska recommended that, regardless of printer model or a toner cartridge's age, offices should maintain good ventilation. The researchers are planning more studies, such as testing multiple printers of the same model. But little research has been conducted on this subject. A 2006 study in Japan found that laser printers increase concentrations of styrene, xylenes, and ozone, and that ink-jet printers emitted pentanol. Ten years ago, the U.S. Environmental Protection Agency evaluated printers and photocopiers, but modern-day researchers said the data is irrelevant because the technology has changed dramatically. The range of results from the University of Queensland researchers raises questions about how common high levels of indoor pollution from printers might be, Charles Weschler of the University of Medicine and Dentistry in New Jersey told EST. "Emissions may be highest with a brand-new cartridge, just opened," he said. But he suggested it's also possible that, for instance, the worse-than-smoking printer could have been "one bad apple." EST also quoted Erik Uhde of the Wilhelm Klauditz Institute in Germany, who pointed out other variables. Even printers in a specific product line from a specific manufacturer could vary, he said, because the sources for their parts might differ. And if the cartridge is the key, Uhde said, it is unclear whether it is the toner or the solvent causing the problem. Microsoft Submits Photo File Format For Standardization Microsoft on Tuesday said an international standards body has agreed to vote on whether to accept the company's new digital-photo file format as a standard, which Microsoft hopes will one day replace the widely used JPEG format as the industry standard for electronic photography and digital imaging. The Joint Photographic Expert Group has agreed to submit formal balloting of HD Photo to JPEG's national delegations for approval by the fall. The tentative name for the spec is JPEG XR. Expected to help Microsoft's cause is the fact that the company is making the technology available without charge. "Microsoft's royalty-free commitment will help the JPEG committee foster widespread adoption of the specification and help ensure that it can be implemented by the widest possible audience," JPEG said in a statement. Microsoft claims the new file format would enable digital photographers and editors to capture and transmit higher quality images at half the size of photos created in today's JPEG standard. The company also claims HD Photo produces fewer unwanted visual artifacts and offers lossless data compression, which means no visual information is lost when the file is shrunk and then recreated to its original size. The current JPEG standard has been around for 20 years and is used by photographers at major news organizations such as the Associated Press. It's also found in image editing programs, including those built by Adobe Systems, and is supported in digital cameras and printers. Microsoft has already released HD Photo in the market through its own products. The file format is natively supported by its new Windows Vista operating system and in .Net Framework 3.0. HD Photo is also supported by Apple's Mac OS X operating system. In trying to drive the technology further into the market, Microsoft has developed a plug-in that adds HD Photo support to Adobe's popular Photoshop editing program. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.