Volume 10, Issue 11 Atari Online News, Etc. March 14, 2008 Published and Copyright (c) 1999 - 2008 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: Djordje Vukovic To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #1011 03/14/07 ~ Scribbles to Digital! ~ People Are Talking! ~ Firefox 3 Nears! ~ HP's New Technologies! ~ Microsoft, Yahoo Meet? ~ Political Blogs, No ~ Cyber Attack Exercises ~ New TeraDesk Released! ~ Gmail Spam Doubled! ~ Put Vinyl On Computer! ~ Health Privacy Push! ~ Nigerians Convicted -* FTP Bug Leaves IE Vulnerable *- -* Atom-based Notebooks Will Be Cheap! *- -* Password-Stealing Hackers Infect Web Pages *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" Shure and begorra, it's almost time for the wearin' o' the green again! Happy [early] St. Patrick's Day for all of you Atari leprechauns who tend to celebrate shamrocks and drinking green beer! I remember a lot of some of those celebrations when I was younger; and there were some I don't remember at all! With Daylight Savings Time upon us, it's really great to see the sun out longer each day, when it's shining, that is. It's still been cold, and the threat of snow is still there, but spring is almost here. Heck, I even received an e-mail earlier in the week informing me that one of the Boston-area golf courses was now open! Still some snow on the ground here in my area, but it shouldn't last too long. I also got a call from the golf course that I "interned" at last year to see if I might be coming back for another season. It won't be too much longer until I start to get the golf equipment ready for a new season. I can't wait! I can't speak for Joe, but I'm sure he'd be one of the first to mention his disappointment with the lack of message activity in the Atari newsgroups. While there hasn't been a plethora of messages from week to week in years, there usually were enough to choose from to generate a good weekly column. Now, he's lucky to find enough messages to put together a "sparse" column from week to week. If you're reading this magazine week after week, or even sporadically, you're an avid Atari user, or at least a fan. Drop by the Atari newsgroups every once in awhile; it's not a difficult thing to do every once in awhile during your web-hopping. Leave a message, ask a question, reminisce - whatever. Let us know that you're still out there, and interested. And remember, if there aren't enough messages, Joe will resort to lengthy editorials! So why not be able to enjoy both?! Until next time... =~=~=~= TeraDesk 3.95 Released Hi; Version 3.95 of TeraDesk open-source desktop for the 16-bit and 32-bit lines of Atari computers is available at: http://solair.eunet.yu/~vdjole/teradesk.htm This release fixes several bugs related to handling of times and dates. It also brings an improvement in behaviour related to 'special' applications. Powering-off of CT60 at shutdown now works correctly, even in single-TOS. Beside the changes made to the program itself, a new page was added to the introductory section of the hypertext manual, highlighting some nice features specific to TeraDesk which otherwise may pass unnoticed by users. Have fun. Djordje =~=~=~= PEOPLE ARE TALKING compiled by Joe Mirando joe@atarinews.org [Editor's note: Due to fairly inactive newsgroups messages, there will not be a People Are Talking column this week.] =~=~=~= ->In This Week's Gaming Section - Classic Pinball to The Consoles! """"""""""""""""""""""""""""" Xbox 360 Price Cut in Europe! Super Smash Bros. Brawl! =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" No Quarters Necessary: Crave Brings Classic Pinball Tables to Videogame Consoles Crave Entertainment, a leading publisher of console videogames, Monday announced that Pinball Hall of Fame: The Williams Collection, the follow-up to the popular Pinball Hall of Fame: The Gottlieb Collection, is now available for PlayStation 2 computer entertainment system, PSP (PlayStation Portable) system and Wii. Pinball Hall of Fame: The Williams Collection simulates some of the most memorable tables from the golden age of pinball in stunning, photorealistic 3D. Working closely with Williams to ensure authenticity of each of the games, the collection is highlighted by some of the most popular and innovative Williams pinball tables, including Gorgar, the first-ever talking pinball machine, Black Knight, which introduced "Magna-Save" and Bonus Ball, and Space Shuttle, which took the pinball industry by storm in 1984. Every table has been meticulously recreated to bring players the visuals, sound effects and gameplay that made these games legendary successes. Pinball Hall of Fame: The Williams Collection harkens back to the arcades of the 1980s. In Pinball Hall of Fame: The Williams Collection, players can spend as little as two minutes on a quick pinball challenge, or delve deeper into the game, gaining rewards in a token-based system as they unlock rewards like new balls and mirror play. Single-player Arcade and Challenge modes provide hours of solo entertainment, and a Multiplayer mode lets players face each other head-on. Pinball Hall of Fame: The Williams Collection is available for PSP system, PlayStation2 system and Wii. Crave Entertainment is a publisher on this product for FarSight Studios, a licensee of Williams Electronic Games, Inc. Nintendo Eyes Smash Hit with "Smash Bros" Do you have childhood memories of having G.I. Joe fight Luke Skywalker, or throwing Superman into battle against the Bionic Man? Nintendo is giving its fans a similar feeling this week with "Super Smash Bros. Brawl," a fighting game for its Wii console that pits dozens of its cherished characters against each other in frenetic free-for-alls. Fans have waited more than six years for "Brawl," the third in the "Smash Bros." series that began in 1999 and has been the only place where Mario can hurt Pikachu. "This game is the only time Nintendo worlds are allowed to collide," said Nate Bihldorff, a localization producer for the U.S. version of the game. "They actually came up with a really elegant solution to how those universes intersect. Imagine a kid playing with all his toys, and visualize the different action figures crashing together," Bihldorff said. The game has vaulted to the top of the charts, garnering a score of 96 on Metacritic, which collates reviews from dozens of Web sites and publications. At its core, "Brawl" is a fast-paced action game that rewards quick reflexes but does not demand memorizing complicated attack sequences as found in more sophisticated fighters like "Virtua Fighter." "They brought together all these classic iconic characters that so many gamers hold so dear. They mix that with a really fun, easy-playing game that's easy for anyone to get into," said Greg Ford, managing editor of gaming magazine EGM. "It's one of those games where you'll play a lot at first, and when you have friends over and put it in, you'll probably get sucked in for hours. It's a really good value. "Brawl" is also Nintendo's opening salvo in a three-game barrage the Japanese company is counting on to sustain sales momentum of the wildly popular Wii. "We'll have a good supply of Wii systems to support the 'Smash' launch. We're expecting system sales to continue to be brisk, especially with 'Smash' in the market," Nintendo of America spokesman Marc Franklin said in an e-mail. Next month sees the debut of racing title "Mario Kart Wii" and May will mark the release of "Wii Fit," a physical exercise program that uses a pressure-sensing board as a controller. Those games are partly aimed at drawing in new customers who normally wouldn't bother playing games, but "Brawl" is squarely targeted at those who plainly know the difference between Pokemon and Pikmin. "'Smash' will thrill core gamers," Nintendo of America President Reggie Fils-Aime told Reuters in December, adding that the last game in the series, 2001's "Super Smash Bros. Melee" for the GameCube, sold 5.5 million copies. "That core group plus more will be focused on 'Brawl'. It's an encyclopedia of gaming with all the characters and elements we've included," Fils-Aime said. Indeed, "Brawl" acts as an interactive museum of Nintendo's rich, pixelated history. Everything from background images to power-ups and trophies are insider references to past games. A single-player "adventure" mode lets players explore this nostalgic overview of Nintendo heritage. "It's a really nice way of easing players into the legacy of Nintendo," Bihldorff said. "It's celebrating this rich history we have with all these different properties. I can't even tell you how much it takes it to the extreme." "Super Smash Bros. Brawl" costs $50 and is rated T, for players aged 13 and up. Microsoft Cuts Xbox 360 Prices in Europe Microsoft Corp cut the prices of its Xbox 360 video game console in Europe by up to 28 percent on Monday to try to spur sales in a key battleground in the fast-growing industry. The 80-euro decrease results in cuts of 18 percent to 28 percent across the three Xbox 360 models, bringing the cheapest Arcade version to 200 euros ($307) and the high-end Elite to 370 euros ($568). Prices reductions in Britain range from 20 pounds to 50 pounds. "Xbox 360 is now mass market in Europe," Chris Lewis, vice president of Microsoft's interactive entertainment business in Europe, said in a statement. The reductions come as Sony Corp's PlayStation 3 appears set to capitalize on the company's recent victory in the high-definition DVD battle and on a slew of highly anticipated new games hitting the market this year. "The PS3 has gained some momentum recently," Kaufman Bros analyst Todd Mitchell said, "and I think as you go into this summer before the fall, Microsoft has got to do what they can to shore up sales." This was the second price cut for the Xbox in Europe in less than a year. Last August, Microsoft shaved 7 percent off the euro price of its low-end model and 13 percent off the main Premium model. "The tide is kind of turning against the Xbox 360, so Microsoft has to be as aggressive as possible," Mitchell said. The PlayStation brand has long dominated the European console market, although the PS3 has struggled to win fans due to its high price and lack of must-have games. Last October, in an effort to kick-start sales, Sony introduced a cheaper PS3 model in Europe for 400 euros and cut prices on a high-end version to 500 euros. Meanwhile, Nintendo Co Ltd is winning customers with its Wii machine that sports unique motion-sensing controls and games that are easier to learn. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson Atom-based Notebooks To Cost Between $250 and $300 More than 25 low-cost notebooks based on Intel's upcoming Atom processor are in the works, including models from multinational PC vendors, according to the chip maker's top executive in Asia. These Atom-based notebooks will be available in the middle of this year for about $250 to $300, said Navin Shenoy, general manager of Intel's Asia-Pacific operations, in an interview. "We'll see some slightly richer configurations that get up to $350," he said. The Atom processor, formerly called Diamondville, is a small, low-power chip designed for inexpensive notebooks, a class of device that Intel and others refer to as netbooks. These machines are intended for first-time computer buyers in emerging markets as well as users in mature markets willing to trade performance for a low-cost notebook that complements their existing computers - a market that until now has been largely dominated by Asustek's Eee PC. Atom will offer lower performance than Intel's Core 2 Duo processors for mainstream notebooks, but the Atom's performance will be good enough for browsing the Internet and sending e-mails, Shenoy said. Intel Chief Technology Officer Justin Rattner was more specific about the processor's capabilities last month, telling reporters that a related chip, called Silverthorne, offers performance similar to Banias, the first version of Intel's Pentium M processor released in 2003. Silverthorne is designed for small, handheld computers that Intel calls Mobile Internet Devices, and will be available as part of the Centrino Atom chip package set for release during the second quarter. The introduction of the Atom and the rush of vendors to build the chip into low-cost notebooks could mark the emergence of a new type of device, expanding on the early success of Asustek's Eee PC. But not everyone is convinced there is much demand for low-cost notebooks, either as a secondary computing device or a substitute for a more capable, and more expensive, notebook PC. Bryan Ma, the director of personal systems research at IDC Asia-Pacific, is a self-described skeptic and doubts that low-cost notebooks will have more than a limited impact on the market for portable computing devices so long as performance and features are traded for lower prices. "I was never convinced that price was the best way to sell these products," he said. But the marketing clout of Intel and top-tier PC vendors could alter this equation by creating additional demand among customers in both emerging markets and developing countries. "Intel, pushing this, gives it more legs," Ma said. "There's going to be some experimentation," Shenoy said. Most Atom-based notebooks will have screens ranging in size from 7 inches up to 10 inches, Shenoy said, adding that some models will be equipped with screens that can swivel and lay flat against the keyboard, turning the device into a tablet computer. Devices will ship with either hard disks or solid-state drives that use flash memory and offer battery life ranging from three to five hours, he said. "Some will be really sleek and thin, some will be a bit more ruggedized," Shenoy said, adding that Wi-Fi will likely be a common feature. On the software side, Atom-based notebooks will ship with either Windows XP or some version of Linux. "I don't think you'll see a lot of Vista in this space for cost reasons," he said. The availability of Windows XP on low-cost notebooks set to arrive during the middle of the year is noteworthy because Microsoft has stated previously that Windows XP licenses will not be sold after June 30. Microsoft officials in Singapore reaffirmed the June 30 deadline in a statement released through the company's public-relations agency. But that doesn't necessarily mean that Windows XP will completely disappear after June 30. "There are probably going to be certain exceptions here and there," IDC's Ma said. HP Shows Off New Printing Technologies Hewlett-Packard Monday offered a peek into future printing technologies, introducing a new inkjet printer that prints thousands of pages per minute and ink that retains its shine even when exposed to extreme elements. HP's water-based Latex Ink is specially formulated to embed in a surface and become part of a media print, said Stephen Nigro, senior vice president of HP's graphics and imaging business. HP's Latex Ink can withstand snow and rain and is useful for large-format media used on billboards and outdoor signs. The company also launched the Inkjet Web Press printer, which can print up to 2,600 A4-sized color pages a minute at a cost of under US$0.01 per color page, Nigro said. The products were introduced at an event in Tel Aviv. The Latex Ink includes a specially created formula, called latex polymer, that provides the print surface its durability and color, according to HP. Water-based ink ejected carries the latex polymer and pigment particles to the surface. The inks are 70 percent water and 30 percent of additives and other inks, HP said. The ink was developed by HP and HP Labs. Unlaminated outdoor displays using the ink can last up to three years, while unlaminated in-window displays can last up to five years. The printer cartridge uses recyclable material and the company has developed new recyclable substrates for the ink to make printing environmentally friendly, HP said. Other printing technology for large-format media include UV (ultraviolet) curable ink, which interacts with an ultraviolet light source to create a print. Avoiding speculation, Nigro said Latex Ink may or may not reach consumers in the future. For now, the ink is targeted at enterprises including companies creating billboards, Nigro said. HP is expected to announce products using the ink technology later this year. HP on Monday also showed the Inkjet Web Press, a printer that prints up to 2,600 A4-sized color pages a minute. The printer will be able to print on pages up to 30 inches (76.2 centimeters) wide, Nigro said. It is targeted at replacing the printed pages coming from traditional offset presses. A printing job with a traditional offset press takes hours and it's not possible to print on demand. With a traditional offset press, a machine first creates a physical plate with the image etched on it, which is then sent to print. With the Inkjet Web Press platform, hitting the print button sends the image directly to a printer, making high-volume printing more productive by eliminating analog elements like a plate, Nigro said. The printer is capable of printing broadsheet newspapers and other documents, he said. The Inkjet Web Press is a breakthrough product as it is 20 percent faster than any other inkjet printer on the market, said Gilles Biscos, president of Interquest Ltd., an analysis firm. The speed and width makes it flexible for many different marketplaces including direct mail and books, he said. HP has been in the inkjet business and its research is trickling into many consumer and enterprise spaces. The printer is built around the Scalable Printing Technology (SPT) platform, which improves the quality of prints by spraying more ink on pages using thousands of nozzles on a single printhead. SPT is already in use on printers like HP's Photosmart, Nigro said. HP introduced the Photosmart Minilab ml1000 inkjet printer earlier this year, which can print 4-by-6-inch photos as fast as 1,500 prints per hour. Both announcements are part of HP's attempt to create a revenue stream by offering more printer supplies, management tools and services. As printer prices decline, customers will continue to pay for supplies like cartridges and services like digital photo prints, which will ultimately generate larger revenues than printer units shipped, HP executives have said. HP has about a 1.8 percent share in the pages printed segment, and doubling that will double HP's printing revenue, Vyomesh Joshi, executive vice president of HP's Imaging and Printing Group, said in an speech last week. In 2009, 53 trillion documents will be printed, of which 9 percent will be digital, Nigro said. Creating digital pages like image files creates new printing opportunities, like ordering bound specialty photobooks online. That is not possible with an analog press as set-up costs could be high, he said. New Mobile Pen Converts Scribbles to Digital Form Reporters spend a lot of time scribbling into notebooks and then typing those notes into a computer program. Now they and medical professionals, students and other serious scribblers can skip a step with a new electronic pen from IOGEAR that digitally converts notes, memos and drawings. The pen looks, well, like a pen rather than a high-tech piece of electronics, and it is equipped with that lifeblood of pens known as ink. Simply jot down your thoughts (as many as 50 pages, or up to 8MB) on any piece of paper and the pen will send a signal that feeds your handwriting to a pocket-sized reader. Back at your desk, plug in the reader to a PC with a USB cable and your notes are exported as a JPEG file that can be shared with classmates or editors via e-mail. A CD included with the unit comes with optical character recognition software that works in a dozen languages. The Mobile Digital Scribe is a cordless version of IOGEAR's Digital Scribe. Keith Renty, strategic business and product development manager, said the Mobile version does everything the previous version did, and then some. "It has greater flexibility because you don't have to be tethered to a computer," he told us. The Mobile version also added two more languages to its OCR software (which includes English, many Western European languages, Japanese, Korean, Chinese and Russian). In the competition against other digital pens, Renty said the Digital Scribes are more flexible. "The advantage we have is both units use standard paper, and both use what appears to be a normal-looking pen," he said. Renty said the Mobile can also take advantage of Vista's Tablet PC features; it will work as a mouse or selection device as well as a pen. In response to a reporter's question, Renty said he didn't see any reason why the pen couldn't be used on cocktail napkins in a dark bar. "It's just regular paper," he said. The Mobile Digital Scribe comes with the pen, receiver, USB cable, ink, batteries and CDs containing installation files and the OCR software. Ink refills can be found at an office-supply store, since they're standard pen sizes. The Mobile works on any Windows system from 2000 on up and requires Office to be installed. IOGEAR's price is $129.95 for the Mobile unit, about $30 more than the corded version, and is available now on IOGEAR's Web site. It should be more widely available shortly, Renty said. Firefox 3 Nears Release with New Features Mozilla has posted the fourth beta download of its next-generation Web browser for developers to review. According to head interface designer Mike Beltzner, Firefox 3, Beta 4 contains more than 900 enhancements from last month's release of beta 3, including drastic improvements in performance and memory use, stability fixes, and user-interface improvements. "This is the twelfth developer milestone focused on testing the core functionality provided by many new features and changes to the platform," Beltzner wrote in a blog. "Testers can download Firefox 3, Beta 4 builds for Windows, Mac OS X and Linux in over 35 different languages." Improved security is a major goal. To check Web-site authenticity, users will click on the site's favicon (image) in the location bar to see the identity of the site's owner. A Web-site indicator turns green when users access sites that employ Extended Validation SSL certificates, which add a trust component to online secure transactions by mandating that the site operators undergo vetting by an established certificate authority. Web surfers also will be able to determine whether their Internet connections are protected from eavesdropping. Built-in malware protection warns users whenever they visit pages known to install viruses, spyware, trojans or other infections. In addition, the contents of Web pages suspected to be phishing forgeries are no longer displayed. Firefox 3's revised download manager lets users see, and even search on, the Web site from which they have downloaded one or more files. Users also will be able to resume downloads after restarting the browser or resetting their network connections. A new full-page zoom feature lets users scale a Web page, or they can simply change the text size. In addition, an auto-complete feature allows typing in all or part of the title, tag or address of a page to view a list of matches from the user's history and bookmarks. Changes to Firefox 3's JavaScript engine, as well as the introduction of profile-guided optimization, provide significant performance gains, Beltzner said. "Web applications like Google Mail and Zoho office run much faster, and continued improvements to memory usage drastically reduce the amount of memory consumed over long Web-browsing sessions," he added. Other enhancements are in the works to optimize Firefox to a user's specific requirements. For example, the beta displays icons, toolbars and other user-interface elements specific to the operating system in use, whether Vista, Linux or Mac. Firefox 3 is closer to release than the beta Internet Explorer 8 recently previewed by Microsoft. According to the nonprofit Mozilla, a public release of Firefox 3 is planned "in early 2008." But before that happens, Mozilla expects one more beta version will need to undergo developer scrutiny. "The development team decided that a fifth beta milestone would be required, based on the number of blockers remaining," Beltzner said. Sony Unveils Turntable To Put Vinyl on Computer Sony Corp. said Wednesday it will soon sell a record deck that plugs into a computer to let vinyl collectors convert their analogue recordings into digital form. The turntable hooks up with a USB cable to a computer, where special software would turn the sound into MP3 or ATRAC format. The files can then be played on portable players such as iPods or put onto compact discs. Converting vinyl to data files was already possible, but the process was so complicated that few save for committed technophiles know how to do it. "With this product, we want to offer a simple way for everyone to convert their full record collection, which are often associated with so many memories," a Sony statement said. But the turntable will not get rid of those scratches found on many old records. If the record skips or crackels, the imperfection will be reflected in the MP3 or ATRAC files. And unlike CDs, which can be copied nearly instantly onto a computer, turning vinyl into computer files takes the full time of the recording. The Sony machine, called PS-LX300USB, will go on sale in Japan in April at a price of around 29,000 yen (280 dollars). Microsoft and Yahoo Met To Discuss Merger Senior executives from Microsoft Corp and Yahoo Inc met on Monday to discuss Microsoft's takeover bid for the company, according to two people familiar with the matter. The meeting was said to be the first since Microsoft made its unsolicited offer for Yahoo, worth nearly $42 billion, on January 31. Yahoo rejected the offer as inadequate last month. The meeting was not a negotiation and no bankers were present, said one of the sources, who was not authorized to speak about the matter and thus wanted to remain anonymous. The meeting with Microsoft is part of the company's strategy to keep all its options open, the people familiar with the matter said. Yahoo has held talks with News Corp and Time Warner Inc's AOL, other sources told Reuters earlier. The session was intended to allow Microsoft to present its vision of a combined company, and Yahoo executives mostly listened, said the Wall Street Journal, which first reported the news, citing a person familiar with the matter. Financial terms were not discussed and it was unclear which executives took part, the Journal said. Microsoft and Yahoo spokesmen declined to comment. The meeting represents a "solid move, heading into the inevitable," said The 451 Group analyst Brenon Daly, referring to a consensus that a deal between the two companies will happen. "My read on it is that it's a good-faith effort on both sides to begin the process of sorting through really thorny personal questions" such as how to divide talent and how to work with counterparts in case of a merger, he said. Since Yahoo rejected Microsoft's offer last month, no other bids have been made public nor has Microsoft sweetened its bid, leaving the two companies in a stalemate. Yahoo recently extended the deadline for nominations to its board of directors in an effort seen by analysts and investors as forestalling a potential hostile effort by Microsoft. Microsoft had originally proposed to pay nearly $45 billion for Yahoo, but the value of its offer has since declined to less than $42 billion as its shares have fallen 12 percent. News Corp Chief Executive Rupert Murdoch has said he would not fight Microsoft for a Yahoo deal. AOL on Thursday said it was buying the social networking site Bebo, in a move that some say signals that its parent, Time Warner, has plans that do not involve Yahoo. Spam from Gmail Doubled Last Month Spam originating from Google's Gmail domain doubled last month, indicating that spammers are still defeating the CAPTCHA , the distorted text used as a security test to thwart mass registration of e-mail accounts and other Web site abuse. Gmail spam went from 1.3 percent of all spam e-mail to 2.6 percent in February, according to data released by e-mail security vendor MessageLabs on Monday. The new statistics are another nail in the coffin for CAPTCHA, which stands for "completely automated public Turing test to tell computers and humans apart. Google is the latest free Web mail provider to be victimized by spammers' efforts to create software to solve the codes, or at times, also employ people to solve the codes en masse. "It's only a matter of time before [CAPTCHAs] are comprehensively defeated," said Paul Wood, senior analyst at MessageLabs. Last month, security vendor Websense ascertained that spammers were using two hosts to crack Gmail's CAPTCHAs. The method appeared to be successful only 20 percent of the time. But if the procedure is repeated thousands of times, many new accounts can be generated and used to send spam. Most of the messages use links and images to advertise adult entertainment sites, Wood said. While other spammy domains can simply be blocked by antispam software, businesses are reluctant to cut off the domains of free Web mail providers because of their legitimate use, he said. Spam from Web mail providers comprises 4.2 percent of all spam. Google's CAPTCHA system is considered hard to crack, but so was Yahoo's, which is also regularly beaten. MessageLabs said 88.7 percent of the spam from free Web mail providers comes from Yahoo's domains. Microsoft's CAPTCHA, used for registering accounts on its Windows Live Mail service, has also been cracked. Websense believes the same group of spammers are responsible for breaking both Google and Microsoft's system. Wood said MessageLabs provides Google as well as other companies with data that helps fight spam. Google could not be reached for comment. MessageLabs sells a security service to companies, filtering e-mail before passing it to their 17,000 customers. Per day, the company snags 2.5 billion spam messages from a total of more than 3 billion messages. FTP Bug Leaves IE Users Vulnerable A flaw in the way Microsoft's Internet Explorer browser processes FTP commands could let attackers steal or erase data from a victim's FTP site. The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives an attacker a way of hijacking the victim's FTP sessions. But a successful attack would be very hard to pull off and would only work in very precise, targeted attacks, security experts said. The attacker would need to know the victim's username on the FTP server and the victim would have to already be logged into the server, using IE. Under those conditions, the victim could be sent a malicious FTP link that would then execute commands on the victim's FTP server. This link could be sent to the browser via an invisible iFrame component, hidden on a malicious Web site, so the victim might not even know the attack was taking place. "It's something that people could use to steal data, but you'd have to know your target," said Derek Abdine, the principal software engineer with security vendor Rapid7, who disclosed the issue Monday in a security advisory. "The attack seems viable, but the stars have to be aligned just right for the attack to work," said Craig Schmugar, a researcher with McAfee's Avert Labs, in an e-mail. "An administrator would need to be authenticated already or the server would need to be configured with weak credentials." Rapid7 notified Microsoft of the issue on Jan. 22 and decided to publish proof-of-concept code that illustrated the flaw after Microsoft had not patched the issue a month later. The flaw is "almost exactly the same" as another IE FTP flaw that Microsoft patched in August 2006, Abdine said. Microsoft fixed that bug with its MS06-042 patch, issued in August 2006. The MS06-042 update fixed many IE vulnerabilities, but it ended up embarrassing Microsoft. That's because the security patch had a flaw of its own, a critical security vulnerability that sent Microsoft's security team scrambling to re-issue the update. The FTP problem does not affect IE 7, Microsoft said Tuesday. The software vendor has not heard of any attacks that take advantage of this vulnerability and has determined that any successful attack would only lead to the unauthorized disclosure of data, the company said in a statement. Password-Stealing Hackers Infect Thousands of Web Pages Hackers looking to steal passwords used in popular online games have infected more than 10,000 Web pages in recent days. The Web attack, which appears to be a coordinated effort run out of servers in China, was first noticed by McAfee researchers on Wednesday morning. Within hours, the security company had tracked more than 10,000 Web pages infected on hundreds of Web sites. McAfee isn't sure how so many sites have been hacked, but "given how quickly some of these attacks have come on, it does seem like some automation has gone on," said Craig Schmugar, a researcher with McAfee's Avert Labs. In the past, attackers have used search engines to scour the Internet for vulnerable Web sites and then written automated tools to flood them with attacks, which ultimately let criminals use legitimate sites to serve up their malicious code. The infected Web sites look no different than before, but the attackers have added a small bit of JavaScript code that redirects visitors' browsers to an invisible attack launched from the China-based servers. This same technique was used a year ago, when attackers infected the Web sites of the Miami Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl XLI football game. The attack code takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch. If the code is successful, it then installs a password-stealing program on the victim's computer that looks for passwords for a number of online games, including the Lord of the Rings Online. These online game passwords are a popular hacker target, in part because many online gaming resources can be stolen and then sold for cash. Widespread Web attacks such as this are becoming more common too. In January, security vendor Finjan reported a widespread hacking effort that infected 10,000 Web sites with malicious code that attacked visitors and then installed data-collecting software on their machines. This type of attack is attractive to criminals, in part because it can be hard to thwart. "It's more subtle than spamming a malicious executable file to billions of e-mail addresses," Schmugar said. "You allow the people to go to the sites that they normally go to and pull off a low-scale attack that flies under the radar." US Holds Largest Ever Simulated Cyber-Attack Exercise US officials said Thursday that "real and growing" threats to US computer and telecommunications networks were behind the holding of the largest-ever cyber-security exercises this week. Computer security experts from five countries, more than 40 private sector companies, and numerous government and state agencies are spending a week fielding simulated "real-world," on-line attacks on the computer systems of government bodies, corporations, transportation and other key industries. Robert Jamison, the Department of Homeland Security (DHS) Under Secretary for the National Protection and Programs Directorate, said the Cyber Storm II exercise sought to foster personal links between key officials in business and government. Those people, he said, are not always willing to share information about security issues involving the networks they run. "We're concerned that the threats are real and growing" as the Internet expands, Jamison said. Cyber Storm II tested the warning systems in place for attacks and sought to identify gaps in the way information was shared and reactions coordinated across various sectors. Several dozen experts crowded into a computer-filled room inside the US Secret Service Headquarters in Washington in sections marked off as chemicals, transportation, telecommunications, state and local governments, and other sectors, for the five-day exercise. Thousands more were tied into the exercise elsewhere in the US, in Britain, Australia, Canada and New Zealand, and in major companies like Dow Chemical, Wachovia bank, ABB and Cisco. They fielded some 1,800 "injects," various types of challenges, from hacker break-ins and extortion demands to DNS amplification attacks - dangerous intensified versions of denial of service attacks that seek to overwhelm and shut down networks. The exercise involved at least one massive, politically-motivated, coordinated cyber-attack knocking out enough computer and telecommunications networks to require an internationally coordinated response. "We're trying to simulate sophisticated adversaries," Jamison said. Some of the exercise involved testing the "Einstein program" - the US government's top-secret automated process for monitoring security and detecting intrusions on all the government's network gateways. Greg Garcia, DHS Assistant Secretary for Cyber Security and Communications, said Cyber Storm II aimed at overcoming complacency and piecing together a "digital jigsaw puzzle" of linkages in critical public and private sector systems and networks. "People are starting to get it," he said about cooperating on security threats. DHS officials declined to say what kinds of threats they found were most dangerous or what specific weaknesses were identified, citing security needs, but said a report on the exercise would be released later this year. CDT Launches Health Privacy Initiative Privacy needs to be a higher priority as the U.S. government and other groups push for adoption of health IT as a way to improve the country's health-care system, said the Center for Democracy and Technology, which has launched a health privacy initiative. CDT, a Washington, D.C., digital rights and privacy group, announced Tuesday it has taken over the Health Privacy Project (HPP), an 11-year-old advocacy group started by Janlori Goldman, who was also a CDT co-founder. The merged organization will expand its focus and work on several lingering patient privacy issues, such as the role of patient consent for information use, enforcement for privacy lapses and the rights of patients to access their data, said Deven McGraw, the new director of HPP. Recent years have seen an increase in adoption of health IT, but "minimal progress in resolving the privacy issues" associated with electronic health records, added Leslie Harris, CDT's president and CEO. "We believe we're at a seminal moment," she said. "We believe privacy can be an enabler of 21st century health care. The next few years are critical in getting this right." CDT has a long history of working on privacy issues and bringing together groups to work on problems involving privacy and tech issues, she said. "We're going to apply all of this expertise to resolve some of the key policy questions that are really vexing us," said McGraw, former chief operating officer for the National Partnership for Women and Families. Among the major issues in health privacy is the role of patient consent, McGraw said. Some groups have advocated that patient consent be the major way health information is controlled, but HPP and CDT have concerns that some approaches could ignore the obligations of health-care providers and other holders of patient data, she said. "In my opinion, [consent] puts way too much burden on the individual, as opposed to putting the right privacy and security structures in place to ensure patient privacy," McGraw said. Asked about legislation now before Congress, particularly the Trust in Health Information Act introduced by three Democrats last month, McGraw said the bill may be trying to do "too much, too soon" and may have trouble getting approved. The bill would require holders of patient information to create safeguards, to notify patients of breaches and to maintain records of disclosure. The bill would also set several rules for when holders of patient information can and cannot share the information. Another group, Patient Privacy Rights, has endorsed the bill. Patient privacy groups are "making real progress - and legislators are listening," said Dr. Deborah Peel, founder and chairwoman of the group. "This bill puts patients back in control of their health information and requires many of the privacy principles our coalition demands. It's refreshing to share good news about Congress." HPP's Goldman, who's been splitting her time between the group and as a research scholar at Columbia University, will step aside as the project's director, but remain as a senior adviser. By working together, HPP and CDT will create a "powerhouse" organization focused on health privacy, she said. California Internet Sales Tax Bill Faces Long Odds A California bill that could lead to a tax on Internet music downloads faces slim odds of success, but the Democrat who wrote it says a debate over taxing such online retail transactions is overdue. Assemblyman Charles Calderon told Reuters late on Thursday that California should consider imposing a tax on entertainment downloaded from online merchants such as Apple Inc's iTunes that is similar to the state's levy on music compact discs sold in stores. Sales taxes should apply equally to online and in-store purchases and California is missing out on revenues from the rise of Internet retailers, Calderon said. "If you walk into Wal-Mart and buy a CD you walk out paying a tax," Calderon said. "I don't think we're talking about a new tax here. We're talking about whether our laws should keep up with the economy." Calderon's bill would require California's Board of Equalization to report to lawmakers on the potential for imposing a sales tax on electronic transmissions of information. For Republican lawmakers that is too close to a new tax. They will kill the bill along with other legislation Democrats advance to raise existing taxes or introduce new ones, Mike Villines, the state Assembly's Republican leader told Reuters. "We just disagree with it on the merits," he said. Calderon's bill comes as California faces a $7.5 billion state budget shortfall. Republican Gov. Arnold Schwarzenegger has ruled out raising taxes to fill it and has instead proposed deep spending cuts. Democratic lawmakers say the proposed cuts are drastic and some are urging tax plans to help close the shortfall, which is taking on added urgency in the state capital of Sacramento as school districts across the state prepare for reduced state financial aid. Many are beginning to issue layoff notices to bolster their finances and education groups are increasing pressure on lawmakers, especially Democrats, to defend education from spending cuts. Democrats failed earlier this week to pass a bill through the state Assembly that would have imposed a tax on oil companies - a 6 percent levy on oil production and a 2 percent on profits exceeding $10 million a year - and used proceeds for school spending. The bill fell short of a required two-thirds support as all Assembly Republicans voted it down. Most Americans Don't Read Political Blogs A majority of Americans do not read political blogs, the online commentaries that have proliferated in the race for the U.S. presidency, according to a poll released on Monday. Only 22 percent of people responding to the poll said they read blogs regularly, meaning several times a month or more, according to the survey conducted by Harris Interactive. Political blogs, in which writers, pundits and other participants voice opinions in online forums, burst into the spotlight in the 2004 and 2008 presidential campaigns. Some of the most high-profile blogs are influential on campaign strategies, media coverage and public perception of the candidates and issues. Unlike traditional, mainstream media, blogs often adopt a specific point of view. Critics complain they can contain unchecked facts, are poorly edited and use unreliable sources. Despite the attention blogs can get, the poll said 56 percent of Americans say they never read blogs that discuss politics. Another 23 percent read them several times a year, the survey showed. While blogs are largely considered the realm of young people who are most Internet-savvy, only 19 percent of people ages 18 to 31, and 17 percent of those ages 32 to 43, regularly read a political blog, the poll said. The generation most likely to read such blogs are those age 63 or older, 26 percent of whom said they do so. Also, 23 percent of those ages 44 to 62 read them, the poll said. Roughly an even number - 22 percent of Republicans and 20 percent of Democrats - regularly read blogs, while 26 percent of independents do the same, the poll showed. The poll was conducted online from January 15 to January 22 among 2,302 adults. Harris said it does not calculate or provide a margin of error because it finds such figures can be misleading. Dutch Court Convicts Nigerian Internet Fraudsters A Dutch court on Monday sentenced three members of a Nigerian gang to up to four years in prison for extorting tens of thousands of euros from victims who answered emails promising a stake in unclaimed inheritances. A spokeswoman for the Haarlem court said judges sentenced one man to four years on charges of fraud, money-laundering and membership of a criminal organization, while two others were sentenced to 18 months and 13 months respectively. Further sentences were pending, the spokeswoman added. During investigations police found fake dollar bills, tens of thousands of euros and the documents and financial details of victims from several countries in an Amsterdam flat, according to Dutch news agency ANP. Fraud victims had paid sums to the gang believing this would allow them to claim larger sums from inheritances. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.