Volume 11, Issue 41 Atari Online News, Etc. October 9, 2009 Published and Copyright (c) 1999 - 2008 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #1141 10/09/09 ~ FBI Busts Phishing Ring ~ People Are Talking! ~ New Sony Laptop! ~ Hackers Expose Hotmail ~ Comcast Tries Alerts! ~ Win 8, 128-bit? ~ WW III in Cyberspace? ~ No Facebook at Work! ~ Password Primer! ~ ~ EA's Dante's Inferno! ~ -* Phishing Attacks Are Growing *- -* EU To Finally Settle with Microsoft? *- -* Net Neutrality Bill Faces GOP Opposition! *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" Well, it's a bachelor's weekend around here; or, I should say, a long 10-day holiday weekend of sorts! It will just be me and the canine kids while my wife is off on a cruise with her mother up the northeast Canadian coast. So, we'll see how this goes! Interesting articles in this week's issue. Too bad we'll be missing Joe's column this week, because I'd be interested in reading what Joe thinks of President Obama's winning of the Nobel Peace Prize. I have to say that my first reaction when I heard the news was: "For what??" I still have to say my feeling hasn't changed. Anyway, Joe's words of wisdom will have to wait a week while he recuperates from some testing and subsequent medical treatment. Another news tidbit that I saw, and included in this week's issue, is a story about many companies not allowing employees to use social network sites like Facebook while at work. D'uh! Like that's a decision that is ground-breaking policy! Hmmm, you're at work, doing your job - should you be on the internet, playing around on Facebook? Or any other social networking site? Or, on the internet for non-work surfing? Hello??!! Okay, let's get right to this week's issue, and I'll get ready for the long holiday weekend, and some extra days of "bachelorhood"! Until next time... =~=~=~= ->In This Week's Gaming Section - Dante's Inferno Taking Players to Hell! """"""""""""""""""""""""""""" =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" Dante's Inferno Videogame Taking Players to Hell US videogame titan Electronic Arts (EA) said Friday that an acclaimed Hollywood screenwriter has tackled the story line for a videogame taking players into Dante's Inferno. Visceral Games, the EA studio behind the "Dead Space" franchise, is having Will Rokos craft a videogame story from the first part of Dante Alighieri's epic poem The Divine Comedy. "Taking such a naturally rich and deep universe and adapting for the video game has been one of the most interesting and challenging projects I've worked on," said Rokos, who co-wrote the 2001 film 'Monster's Ball.' "I really got into re-imagining Dante as a flawed hero with a dark past, and his determination to save the love of his life from a terrible fate. It was a truly unique experience to re-create one man's hell, one circle at a time." The three-part poem written by the Italian author in the early 1300s tells of a journey through hell, purgatory, and heaven. Inferno is the first part. "The task of adapting a revered and classic piece of literature for the gaming medium was a tremendous challenge," said Jonathan Knight, executive producer of 'Dante's Inferno' videogame. "Dante Alighieri's masterpiece forms the foundation of the game's plot, but Will's take on the Dante/Beatrice story brought the necessary conflict and action that made the material really work dramatically." Players will assume the role of Dante as he fights through Alighieri's nine circles of hell - limbo, lust, gluttony, greed, anger, heresy, violence, fraud and treachery. "Inferno" will be released in Europe and North America in February of next year, according to EA. Game software will be tailored for play on Microsoft Xbox 360 and Sony PlayStation 3 consoles along with PlayStation PSP handheld devices. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson EU Prepares To Settle Microsoft Browser Case Microsoft Corp., which has already shelled out $2.5 billion in antitrust fines in Europe, is on the brink of closing a chapter in its long-running battle with regulators there, just in time for another to begin. European regulators said Wednesday they were preparing to settle their investigation into the way Microsoft includes its market-leading Internet Explorer Web browser with the Windows operating system. Competing software makers had complained PC users didn't have a clear way to choose a browser that challenges Internet Explorer, and the European Commission concluded in January that Microsoft was violating antitrust laws. Now, the regulators in Brussels say they will move forward with a proposal made by Microsoft in July that aims to give Windows users in Europe a better tool for choosing different Web browsers. At a news conference at Microsoft's headquarters Wednesday, the company's general counsel, Brad Smith, said the EU announcement was a big step toward ending the company's antitrust conflicts in Europe. It also will free Microsoft's legal team to push the software maker's search deal with Yahoo Inc. over regulatory hurdles. In July, Yahoo agreed to let Microsoft handle its Web searches as part of a 10-year deal. Regulators in the U.S. and Europe will be looking into whether the deal will inhibit competition in the market for online advertising. The EU-Microsoft agreement came about after meetings between Smith, who led the negotiations, his team of lawyers, and top European Commission regulators. Microsoft and the regulators also held about 20 videoconferences between Redmond and Brussels in the last few months, Smith said. Microsoft first tried to satisfy regulators' concerns about the browser by offering to sell the forthcoming Windows 7 with no browser at all, but the EU rejected the plan, saying it offered less choice for PC users, not more. Microsoft came back with a second proposal: to show EU users a prominent screen from which they could choose from a list of several browsers. The proposal was modified during talks between the software maker and regulators, and now includes a screen explaining what Web browsers are. PC users can click a "tell me more" button for details. Users of Windows XP, Vista and Windows 7, which is due to launch Oct. 22, can then pick several browsers - listed in alphabetical order - to install along with or instead of Internet Explorer. They can come back to that screen later to change their browser choice. Most people get their browsers pre-installed by a computer maker such as Dell Inc. or Hewlett-Packard Co., which under the proposal would be free to pick non-Microsoft browsers and disable IE. Even if a computer comes with Internet Explorer on it, however, users are free to download rivals such as Firefox, Apple's Safari or Google Chrome off the Internet. Web browsers are free, so they don't directly make money for Microsoft or any other software maker. But Web browsers are important for branding, and for giving companies a way to better control their users' experience on the Internet. For example, Google released the Chrome browser so it could ensure a smoother performance of online software applications it offers. Regulators said the proposal must clear several more steps before PC users will see the browser-selection option in action, but that won't hold up the release of Windows 7 in Europe. The European Commission said it will now formally request feedback from computer manufacturers, software companies and consumers. They have a month to respond. If all goes well, Microsoft said the browser-choice screens would be pushed out to PC users across the EU. The new software in most cases will be installed through the automatic tool that distributes security fixes and other updates. "Microsoft's commitments would indeed address our competition concerns," Kroes said Friday. The proposal "would empower all current and future users of Windows in Europe to choose which browser they wished to use." Microsoft also committed to share more information with software developers for the next 10 years to help them make products compatible with Windows and key pieces of software used in businesses: Windows Server, Office, Exchange and SharePoint. Microsoft agreed to make sure its technology is built using industry standards, after years of complaints from rivals about its proprietary choices for Web browsers and document formats. Thomas Vinje, legal counsel for a group of companies that complained about Microsoft's business methods, said the settlement does not seem to deal with the flawed way that Microsoft applies standards, its unfair pricing practices or other concerns about patent abuse or standards manipulation. Net Neutrality Rules Face Mounting GOP Opposition Republican opposition is mounting as federal regulators prepare to vote this month on so-called "network neutrality" rules, which would prohibit broadband providers from favoring or discriminating against certain types of Internet traffic flowing over their lines. Twenty House Republicans - including most of the Republicans on the House Energy and Commerce Committee - sent a letter to Federal Communications Commission Chairman Julius Genachowski on Monday urging him to delay the Oct. 22 vote on his net neutrality plan. Genachowski, one of three Democrats on the five-member commission, wants to impose rules to ensure that broadband providers don't abuse their power over Internet access to favor their own services or harm competitors. Democrats say the rules will keep phone companies from discriminating against Internet calling services and stop cable TV providers from hindering online video applications. But in a letter to Genachowski on Monday, Rep. Cliff Stearns of Florida, the top Republican on the Subcommittee on Communications, Technology and the Internet, and his colleagues warned that new net neutrality regulations could discourage broadband providers from investing in their networks. The letter said that if Internet service providers can't manage traffic on their networks to ensure efficient service, consumers could suffer. The Republicans are calling on Genachowski to conduct a "thorough market analysis" to determine whether new regulations are necessary. Their points echoed those made in a letter that House Minority Leader John Boehner of Ohio and House Republican Whip Eric Cantor of Virginia sent to President Barack Obama on Friday. Genachowski's office had no comment on the letters. Meanwhile in the Senate, the top Republican on the Commerce Committee, Kay Bailey Hutchinson of Texas, is considering legislation that would prohibit the FCC from developing net neutrality rules. Genachowski's proposal calls for the FCC to formally adopt four existing principles that have guided the agency's enforcement of communications laws since 2005. Those principles state that network operators must allow subscribers to access all legal online content, applications, services and devices. Genachowski is also calling for the FCC to adopt two additional principles that would prevent broadband providers from discriminating against particular content or applications and would require them to be open about their network management practices. And he is calling for the agency to apply these rules across different types of broadband networks, including wireless networks. Hackers Expose Slew of Hotmail Acount Passwords Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online. Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant. "We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website," Microsoft said in response to an AFP inquiry. "We have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts." Microsoft said it learned of the problem during the weekend after Hotmail account information of "several thousand" users, many of them reportedly in Europe, was posted at a website. Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers. Phishing tactics include sending people tainted email attachments that promise enticing content such as sexy photos of celebrities and luring people to bogus log-in pages that are convincing replicas of legitimate websites. "This was not a breach of internal Microsoft data," the Redmond, Washington-based technology firm said. "Phishing is an industry-wide problem ... exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and install and regularly update anti-virus software." Microsoft is also advising Hotmail users to change their account passwords every 90 days. Massive E-Mail Phishing Could Presage Bigger Attacks In a situation that may still be developing, phishing exploits have hit Webmail services, including Gmail, Hotmail, Yahoo, AOL Mail, and others. As usual with mass phishing attacks - which aim to trick people into surrendering personal details about their online identities - it's unclear what group or groups are behind the initiatives. The one thing that is certain is the attacks are big. "This is on a scale that is incredibly rare," said Mike Halsey, who runs The Long Climb, a PC support site in the U.K. "I don't think it's ever happened to this extent before, at least that I'm aware of." The situation is unfolding rapidly. Halsey said a couple of days ago the site www.neowin.net reported that another site, www.pastebin.com, had posted personal details of about 20,000 users of Microsoft's Hotmail, MSN and Windows Live services. Then on Tuesday, details about an additional 20,000 subscribers to Gmail, Yahoo, AOL Mail, Verizon and others were posted at the same site. The posts are now off-line. It's possible the criminals have details on many more users that they haven't disclosed. Details are sketchy, and there is no certainty that the problems are over. Sean-Paul Correll, a threat researcher with Panda Security, said he didn't see any of the data from the attacks. But he noted that phishing attacks are often precursors to other initiatives. "It is fairly common that this would be the first stage of a larger attack. They use these e-mail addresses for something else," he said. Correll added that identifying what group or groups are responsible depends upon seeing more of the infrastructure - such as the scripts they are using - than just e-mail addresses. He wasn't sure what information might be available to researchers. The next move is up to the criminals. Halsey pointed out that browser security is vital and the size of the apparently ongoing phishing attacks should serve as a warning to browser vendors, including Microsoft, Opera, Apple and Mozilla. Luckily, these companies are focusing on improving the security of their products. While Halsey isn't too worried about this week's activities, he is concerned about the long-term impact. "I would say this is probably isolated," he said of the phishing attacks. "The danger is that people pay a lot of attention when something like this is publicized but forget too quickly and do not learn. ... They shouldn't panic, or stop banking on the Internet or shopping on the Internet, as long as they are careful." He added that good advice is available from a number of sources, including the British government, the FBI, and his site. The key, according to Halsey, is to address the problem. "It is worrying from my point of view," he says. "It says people are not aware enough of what the threats are and that Internet service providers and major technology companies are not doing enough to warn people what the dangers are and how to avoid them, which is disappointing." FBI Smashes US-Egypt Cyber 'Phishing' Ring Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam described as the biggest cyber-crime investigation in US history, officials said Wednesday. The Federal Bureau of Investigation said 33 people were arrested across the United States early Wednesday while authorities in Egypt charged 47 more people linked to the scam. A total of 53 suspects were named in connection with the scam in a federal grand jury indictment, the FBI said. Authorities said the sophisticated identity theft network had gathered information from thousands of victims which was used to defraud American banks. Wednesday's arrests were the culmination of a two-year probe involving US and Egyptian officials dubbed "Operation Phish Phry." The investigation was described in statement as the largest cybercrime investigation to date in the United States. A series of raids early Wednesday resulted in arrests in California, Nevada and North Carolina. A 51-count US indictment accuses all defendants with conspiracy to commit wire fraud and bank fraud while various defendants are charged with aggravated identity theft and conspiracy to commit computer fraud. "The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed," FBI Los Angeles acting assistant director Keith Bolcar said. "Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans." According to an unsealed indictment, Egyptian-based hackers obtained bank account numbers and personal information from bank customers through phishing, and then hacked into accounts at two unidentified banks. Once compromised accounts had been accessed, hackers in Egypt contacted conspirators based in the United States via text messages, phone calls and Internet chatrooms to arrange transfer of cash to fraudulent accounts. "This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers," acting US Attorney George Cardona said in a statement. The investigation comes hard on the heels of a security breach targeting thousands of Microsoft Hotmail accounts. Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant. Threat of Next World War May Be in Cyberspace The next world war could take place in cyberspace, the UN telecommunications agency chief warned Tuesday as experts called for action to stamp out cyber attacks. "The next world war could happen in cyberspace and that would be a catastrophe. We have to make sure that all countries understand that in that war, there is no such thing as a superpower," Hamadoun Toure said. "Loss of vital networks would quickly cripple any nation, and none is immune to cyberattack," added the secretary-general of the International Telecommunications Union during the ITU's Telecom World 2009 fair in Geneva. Toure said countries have become "critically dependent" on technology for commerce, finance, health care, emergency services and food distribution. "The best way to win a war is to avoid it in the first place," he stressed. As the Internet becomes more linked with daily lives, cyberattacks and crimes have also increased in frequency, experts said. Such attacks include the use of "phishing" tools to get hold of passwords to commit fraud, or attempts by hackers to bring down secure networks. Individual countries have started to respond by bolstering their defences. US Secretary for Homeland Security Janet Napolitano said Thursday that she has received the green light to hire up to 1,000 cybersecurity experts to ramp up the United States' defenses against cyber threats. South Korea has also announced plans to train 3,000 "cyber sheriffs" by next year to protect businesses after a spate of attacks on state and private websites. Warning of the magnitude of cybercrimes and attacks, Carlos Solari, Alcatel-Lucent's vice-president on central quality, security and reliability, told a forum here that breaches in e-commerce are now already running to "hundreds of billions." But one of the most prominent victims in recent years has been the small Baltic state of Estonia, which has staked some of its post Cold War development on new technology. In 2007 a spate of cyber attacks forced the closure of government websites and disrupted leading businesses. Estonian Minister for Economic Affairs and Communications Juhan Parts said in Geneva that "adequate international cooperation" was essential. "Because if something happens on cyberspace... it's a border crossing issue. We have to have horizontal cooperation globally," he added. To this end, several countries have joined forces in the International Multilateral Partnership against Cyber Threats (IMPACT), set up this year to "proactively track and defend against cyberthreats." Some 37 ITU member states have signed up, while another 15 nations are holding advanced discussions, said the ITU. Experts say that a major problem is that the current software and web infrastructure has the same weaknesses as those produced two decades ago. "The real problem is that we're putting on the market software that is as vulnerable as it was 20 years ago," said Cristine Hoepers, general manager at Brazilian National Computer Emergency Response Team. "If you see the vulnerabilities that are being exploited today, they are still the same," she underlined. She suggested that professionals needed to be trained to "design something more resilient." "Universities are not teaching students to think about that. We need to change the workforce, we need to go to the universities..., we need to start educating our professionals," she said. Pointing out the infrastructure weakness, Carlos Moreira, who founded and runs the Swiss information security firm Wisekey, said legislation is needed to bring cybersecurity up to international standards. Sony Claims New X Series Is the Lightest Laptop There's light, and then there's light. Sony today rolled out its latest series of laptops VAIO X Series, which the company is touting as the world's lightest. A separate line, the VAIO CW Series, is more suited for the average consumer. The VAIO X Series is an ultraportable laptop that weighs in at 1.6 pounds and measures 7.29 inches by 10.95 inches by 0.55 inches with the standard battery. (A high-capacity battery option, when combined with the standard battery, will offer up to 15 hours of battery life, according to Sony.) The chassis is made of light-weight carbon fiber, with grooved edging along the sides, while the palmrest and the area around the keyboard is covered with an aluminum frame. Color options for the chassis include black and gold. The touchpad offers multitouch functionality, allowing you to use finger gestures to zoom, rotate items, and scroll. The LED-backlit screen measures 11.1 inches (diagonal) and has a resolution of 1,366 by 768. The keyboard has a 17-mm key pitch. The X Series features a 2-GHz Intel processor, 2 GB of DDR2 memory, an inte-grated Intel graphics chipset, and a 128-GB solid state drive. The system features a multimedia card reader, two USB 2.0 ports, and an Ethernet port, as well as a built-in webcam with face-tracking technology. Wireless capability includes 802.11b/g/n Wi-Fi and Bluetooth. The X Series lines also comes with 3G mobile broadband built in, though you'll have to get a separate Verizon Wireless subscrip-tion to use it. Interestingly enough, the X Series also comes with real-time GPS functionality. On the more affordable side (at least for Sony) is the CW Series of laptops. The CW Series is aimed at the multimedia user on the go. The laptop measures 9.18 inches by 13.44 inches by between 1.09 to 1.52 inches, and weighs 5.3 pounds with the standard battery. It comes in five colors - red, pink, white, black, and indigo purple - and a glossy finish on the exterior. The widescreen display measures 14.4 inches (diagonal), with a 16:9 aspect ratio. It also comes with a Blu-ray drive, as well as an HDMI port for hooking up to a big-screen HDTV. It has 3 USB ports, as well as outputs for VGA, FireWire (i.Link), and Ethernet. There is a multimedia card reader and a built-in Webcam, also with face-tracking technology. The CW Series features a 2.2-GHz Intel Core 2 Duo T6600 processor, 4 GB of DDR3 memory (with a maximum of 8 GB available), a 500-GB, 5,400-RPM hard drive, and an Nvidia GeForce G210M discrete graphics card. The standard battery is estimated to last up to 4 hours, and the optional large-capacity battery is esti-mated to last up to 6 hours. The CW Series comes with both 802.11b/g/n and Bluetooth capability. Both the X Series and CW Series will come equipped with Microsoft Windows 7 Home Premium (a 32-bit version for the X Series and the 64-bit option for the CW Series) and both are certified for EPEAT Gold and Energy Star 5.0. They are also RoHS-compliant. The X Series will be available starting at $1,300 and can be pre-ordered on the Sony Style Web site. It will be available at Sony Style stores and select retailers in November. The CW Series starts at $780 and will be available in Sony Style stores and online, as well as at other retailers by the end of the month. Microsoft Planning 128-Bit Version Of Windows 8? Windows 7 is not even out the door yet and rumors are already circulating about the next version of Microsoft's OS, Windows 8. According to Microsoft employee Robert Morgan, future iterations of Windows, including Windows 8, could support a 128-bit architecture. Two weeks ago his now defunct LinkedIn profile disclosed that he had been working on "research and development projects including 128-bit architecture compatibility with the Windows 8 kernel and Windows 9 project plan". Further to this, Morgan's profile also let slip that Microsoft are hoping to form a number of future relationships with major players such as IBM, Intel, AMD and others in the run up to 128-bit support. (Keep in mind that 64-bit computing is just now going mainstream.) An interview with Robert Morgan, who has been with the company since 2002, is expected to appear on Windows 8 News within the coming days, hopefully shedding more light on what to expect from the next version of Windows, codenamed Chirdori. Comcast Tries Pop-up Alerts To Warn of Infections Comcast Corp. wants to enlist its customers in a fight against a huge problem for Internet providers - the armies of infected personal computers, known as "botnets," that suck up bandwidth by sending spam and facilitating cybercrime. The country's largest provider of high-speed Internet to homes started testing a service this week in Denver in which Comcast sends customers a pop-up message in their Web browsers if their computers seem to have been co-opted by a botnet. One botnet can have tens of thousands or even millions of PCs. The message points to a Comcast site with tips for cleaning infected computers. It reads: "Comcast has detected that there may be a virus on your computer(s). For information on how to clean your computer(s), please visit the Comcast Anti-Virus Center." Comcast said users can close the warning banners if they wish, but they cannot opt out of receiving them. A reminder will return every seven days while a computer appears to be infected. The program, which Comcast hopes to roll out nationally, is one of the most aggressive moves yet by a major Internet provider to curb what's become a scourge on the Internet. Botnets are a part of most serious cybercrime. They're used to steal credit card numbers, carry out so-called "denial-of-service" attacks that bring down Web sites and send spam by hijacking e-mail accounts and Internet connections. A computer can fall into the sway of a botnet when it is infected with malicious software that puts the machine under the control of criminals, who use the anonymity provided by having so many zombie machines at their disposal to cover their tracks. Comcast's service is meant to block that step, by alerting customers to PC infections they likely didn't know about because anti-virus software updates can't keep up fast enough. Comcast will try to detect a PC's role in a botnet by studying how much data the machine is downloading and receiving. "These cyber criminals have become so fast, a bot can be instructed to send out millions of spams in a matter of minutes," said Jay Opperman, Comcast's senior director of security and privacy. "The faster that we can detect these things are operating on our network, the better." He said Comcast can tell the difference between a customer legitimately downloading a lot of video or other data and the malicious deeds of a bot-induced PC. One way is that the company checks the source of downloads, Opperman said, to compare them to a list of suspect sites that are known for spamming and other attacks. Opperman said Comcast will not look inside the content of the traffic, a controversial process called deep packet inspection. Even so, the move could be risky, especially if Comcast's program gets people to trust and respond to pop-up ads - which are often a vehicle for delivering the viruses that land an infected computer in a botnet. These phony ads often claim that a computer is infected and should be cleaned up with a click. Comcast says its program contains an important secondary confirmation that the message is from the company and not a scammer: Comcast will send an e-mail to the customer's primary e-mail account. However, Phil Lin, marketing director at network security firm FireEye Inc., said hackers could mimic Comcast's pop-up banner or the confirmation ads. And unsuspecting customers wouldn't know they should expect to see a confirmation from Comcast in the first place. No Facebook at Work in Most US Companies More than half of US companies do not allow employees to visit social networks such as Facebook, MySpace or Twitter while at work, according to a new survey. Fifty-four percent of the chief information officers (CIOs) for 1,400 companies surveyed across the United States said workers were "prohibited completely" from visiting social networks while on the job. Nineteen percent said employees were allowed to visit social networks "for business purposes only" while 16 percent said they allowed "limited personal use." Ten percent of those surveyed said there were no restrictions on visiting social networks at work. The survey of 1,400 companies with at least 100 employees was released this week and was conducted by an independent research firm for Robert Half Technology, a California-based provider of information technology professionals. It has a margin of error of plus or minus 2.6 percent. Dave Willmer, executive director of Robert Half Technology, said "using social networking sites may divert employees' attention away from more pressing priorities, so it's understandable that some companies limit access. "For some professions, however, these sites can be leveraged as effective business tools, which may be why about one in five companies allows their use for work-related purposes," he said. Reminder: Create Strong Passwords! Here's How The recent password compromises of Hotmail, GMail and (from other reports I've read) Yahoo! Mail make this a good time to revisit the issue of passwords. The webmail services in these cases are saying that phishing is the likely cause of the breach. Security firm ScanSafe thinks that there are other possibilities, but I think it's reasonable to believe phishing is the culprit here, and certainly phishing is a major problem, as evidenced by yesterday's arrests in the US and Egypt. Passwords are collected by the bad guys in many ways, such as by malware that scans the system and monitors Internet usage for usernames and passwords. Dictionary attacks are also used to guess passwords from a list of common ones. But in this case only webmail credentials were found. Webmail systems are tough to attack with dictionary attacks because they won't let you attempt login after login trying different credentials. If your password is collected by phishing or through malware finding it on your computer or snooping it as you type it on a form, a strong password does you no good. Whether the password is strong or weak you have to make an effort to protect it on your system and not to give it away to the wrong people. Apart from some security savvy for recognizing threats, for most people the best defense is to use a good security suite and to keep it updated. These will make it much harder for malware to get on your system or to run unimpeded if it does. Most of them also detect and block phishing attempts. But you still want to have strong passwords. There are places where weak passwords can be compromised, such as the login for your PC. Now very few people, including the experts, do all the things experts tell them to do in this regard. After all, it's inconvenient. Acunetix analyzed the leaked list of Hotmail passwords and found that lots of the users use weak passwords. The most popular password in the list (64 of them) was '123456' which, after 'password', is the all-time classic weak password. Interestingly there were 11 instances of 'alejandra' and lots of Spanish words and names, perhaps saying something about the phishing campaign used to obtain the accounts. How do you choose a strong password? Here are some guidelines: * The longer the better: At least 8 characters. * Mix upper and lower case, punctuation and numerals. * One good way to implement both of the first two rules is with a /passphrase/, i.e. a sentence instead of a word: "I hate passw0rds, they suck" or "My father was born in 1929." I use these in a few places but, alas, not all sites allow you that long a password or to embed spaces. * Avoid passwords that are words in a dictionary, especially common words. * Avoid reusing passwords, especially those for critical resources like your e-mail, on other sites. Doing this exposes you to a wider compromise than necessary. Most of us don't have the memory bandwidth to deal with a large number of obscure passwords, so a good next step is to use a password management program, such as Roboform or the open source Password Safe. Some suites, like Norton Internet Security 2010, include password management in them. These programs let you auto-generate strong passwords and it remembers them for you; you just remember a master password. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.