Volume 13, Issue 05 Atari Online News, Etc. February 4, 2010 Published and Copyright (c) 1999 - 2011 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: Fred Horvat To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #1305 02/04/10 ~ Egypt Goes Dark on Web ~ People Are Talking! ~ Firefox 4 Delayed! ~ New Canada Web Billing ~ Google: Bing A Copycat ~ Microsoft Is Riled! ~ Firefox Do Not Track! ~ Web Addresses Depleted ~ Aliases on Hotmail! ~ Chrome Is Uncrackable? ~ UK: Cyberspace Rulings ~ IE Patch and More! -* Egypt Internet Back, Hacked! *- -* The Internet Kill Switch That Isn't *- -* China Gives Parents Control Over Gaming! *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" The weather in the Northeast - and probably in many places throughout the country - is no longer bordering on the absurd. It's reached a point that is well beyond that now. Two more feet of snow this week, and more forecast for Saturday. Wow, maybe only 3-4 inches of snow and rain - a "flurry" compared to what we've been seeing week after week since since just after Christmas. Sure, it's brutal for those of us who have to clear driveways and walkways, dig out mailboxes and various other areas around our homes. And yes, it's been difficult driving, or schools being closed for the kids. But now, because of so much snow, a "new" problem has become a very dangerous issue: roof collapses. According to tonight's early news, there have been reports of at least 92 roof collapses in Massachusetts in the past week alone. Too much snow, and a little melting, is causing ice jams and too much weight on may roofs throughout the area. Personally, the roof on my house has ice jams all the way around; and I've been trying to clear away some of the snow off of the various roof areas on my house. I even got a ladder out and climbed up onto the roof of my front porch to clear away the snow and break up some of the ice jams along my gutter. My wife got concerned for my safety (and stupidity?) and made me come down! My concern is with no place for the water to go, and the weight of all of this snow, something bad could possibly occur - including the possibility of a collapse somewhere! With rain and snow forecast for tomorrow, that means additional weight. I don't know how much more the roof can manage, but I may try to clear away some more snow and break up some more ice - at least where I can without having to actually get up on a roof to do so. Unfortunately, however, there aren't a lot of places where I can safely set up a ladder to be able to reach some spots; there's just too much snow everywhere! I guess if I can reduce some of the weight on the roof and perhaps provide someplace for some water to run, I'll be better off than having done nothing to try and alleviate some of the problem. Do I even need to say that I'm sick of winter and snow?! Good luck to all of you, wherever you are and the weather issues that you're facing this winter! Super Bowl prediction: Green Bay will lose a turnover, giving Pittsburgh the opportunity to score a field goal. That field goal will turn out to be the deciding factor for a Steelers victory, by three points! Until next time... =~=~=~= ->In This Week's Gaming Section - China Gives Parents Control! """"""""""""""""""""""""""""" =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" China Gives Parents Control of Kids' Online Gaming Chinese authorities have ordered online video game operators to allow parents to monitor their children's playing sessions as part of a nationwide crackdown on the growing problem of Internet addiction. The Ministry of Public Security was one of eight government departments that issued a joint notice on Monday ordering online gaming companies to comply with the new guidelines by March 1. Upon proving their identity, parents will be able to put daily or weekly restrictions on their child's game playing time, the notice said. They would also have the option of putting in place a total ban. Some parents and experts however expressed doubts that the order would be effective. "It's unnecessary and it will prompt more rebelliousness from the children," Xie Guangji, the father of a 14-year-old boy in Cangzhou in northern Hebei province, was quoted as telling the China Daily newspaper. Gu Jun, a sociologist at Shanghai University, said the order seemed unfeasible and a recipe for family conflicts. "It's a governmental gesture rather than an efficient solution," Gu told the newspaper. The notice also spelled out that online game companies had a responsibility to help parents restrict "inappropriate" video game playing. It urged game operators to employ special staff to assist with the project and to set up web pages and hotlines. The document suggested children should spend less than two hours a week playing online games and should spend no more than 10 yuan ($1.50) on online games a month. The number of teenage Internet addicts in China has risen to 33 million, the China Daily reported, citing the Chinese Academy of Social Sciences, a government think-tank. Concerns over Internet addiction have spurred a new industry, with unlicensed Internet treatment centres springing up around China. Last year, two web "boot camp" instructors were sentenced to up to 10 years in prison after a 15-year-old was beaten to death at a treatment facility in the southern region of Guangxi. At another rehabilitation centre in east China's Jiangsu province, 14 youths staged a mutiny in June, tying up their instructor and fleeing the facility over its tough military-like techniques, state media reported. =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson Last Internet Provider in Egypt Goes Dark The last of Egypt's main Internet service providers, the Noor Group, has gone dark. The Noor Group had remained online even after Egypt's four main Internet providers - Link Egypt, Vodafone/Raya, Telecom Egypt, Etisalat Misr - abruptly stopped shuttling Internet traffic into and out of the country Friday morning. At about 11 p.m. local time Monday, the Noor Group became unreachable, said James Cowie, chief technology officer of Renesys, a security firm based in Manchester, N.H. Renesys monitors massive directories of "routes," or set paths that define how Web traffic moves from one place to another. The Noor Group's routes have disappeared, he said. Cowie said engineers at the Noor Group and other service providers could quickly shut down the Internet by logging on to certain computers and changing a configuration file. The original Internet blackout on Friday took just 20 minutes to fully go into effect, he said. Cell phone service was restored in Egypt starting Saturday but text messaging services have been disrupted as protests continue. Google Inc., meanwhile, said that over the weekend it had developed a new service that will allow people in Egypt to post Twitter messages without an Internet connection. The so-called speak-to-tweet service was developed by engineers from Google, Twitter and SayNow, a company Google acquired last week. With the service, which is already live, people in Egypt can post tweets by dialing an international telephone number and leaving a voicemail message. The message is then sent out as a tweet with the hashtag (hash)egypt. "We hope that this will go some way to helping people in Egypt stay connected at this very difficult time," Google said in a blog posting Monday. Hackers Attack Egyptian Government Sites; Internet Back Hacker activists started attacking Egyptian government websites on Wednesday, apparently taking them offline soon after the country restored Internet service. An Internet forum run by a loose international group that calls itself "Anonymous" directed participants to attack the websites of the Egyptian Ministry of Information and the ruling National Democratic Party. Neither was accessible from New York on Wednesday afternoon. In a Twitter post, the group claimed credit for taking down the ministry's website and said the group was motivated by a desire to support Egyptian protesters. The same group rallied to support WikiLeaks in November and December, attacking websites of companies it saw as hampering the document-distribution site. The Egyptian government cut off all Internet service in the country on Friday, then restored it early Wednesday. One member of Anonymous, speaking on condition of anonymity because of the possibly illegal nature of its activities, said the number of participants in the attacks was much lower than it was in December. Thousands of young people then joined in attacks on such sites as MasterCard.com and Visa.com - in those cases because the payment processors declined to transfer money to WikiLeaks. But because the Egyptian government websites are much easier to take down, the lower number of participants is still adequate, the member said. The member said the weapon of choice for the hackers is the same as in December: a small program called Low Orbit Ion Cannon. It sends out a flood of fake traffic to a selected website, swamping it if it doesn't have enough capacity. The Internet Kill Switch That Isn't A cybersecurity proposal in the U.S. Congress, called an "Internet kill switch" plan by some critics, isn't exactly what that sounds like. Plans by members of the U.S. Senate Homeland Security and Government Affairs Committee to reintroduce 2010's Protecting Cyberspace as a National Asset Act have led some critics to compare provisions in the bill to the Egyptian government's order to shut down all Internet access across the country during recent protests. But the Egypt comparison - and the term "Internet kill switch" - is a stretch. Still, some tech and civil liberties groups have questioned the powers the proposal would give the president. The proposal, not yet introduced as a formal bill this year, would give the U.S. president the power to take emergency measures, including possibly quarantining or shutting down parts of the Internet, only when there's an "ongoing or imminent" cyberattack on the nation's critical infrastructure. The bill would require the president to take the "least disruptive" measures necessary, and the emergency powers would expire after 120 days without congressional approval. The proposal would prohibit the president from shutting down the Internet to silence free speech, said Leslie Phillips, communications director for Senator Joseph Lieberman, a Connecticut Independent and chairman of the Senate Homeland Security Committee. "There is no relation at all between Senator Lieberman's bill to strengthen our nation's cyberdefenses and events taking place in Egypt," Phillips said. "The emergency Internet measures in the senator's bill are designed to ensure that our most critical infrastructure, our economy and our way of life - all of which rely on the Internet - are protected from destruction." But critics say the proposal would give the president broad new authority over the Internet. The emergency powers language in the bill is ambiguous, said Gregory Nojeim, senior counsel at the Center for Democracy and Technology. Backers of the proposal say it would limit the authority granted the president in section 706 of the Communications Act of 1934 to take over or shut down wire and radio communications in a time of war. Whether that section of the 1934 act would apply to the Internet is "open to debate," Nojeim said. Beyond that, the 2010 bill would not have abolished that old presidential authority, he added. "There are restrictions on the new [cybersecurity] authority, and they are important, but there should be no doubt that the bill does not limit the authority the president has, and instead expands it," he said. "If the intent was to limit the president's authority, the bill fails to do so." It's unfair to suggest the bill would give the president the power to shut down the Internet to squelch dissent, but the additional authority is "not sufficiently defined," Nojeim added. The comparisons to the Internet shutdown in Egypt grew loud enough that the three sponsors of the 2010 bill, Senators Joseph Lieberman, Maine Republican Susan Collins and Delaware Democrat Tom Carper issued a statement this week condemning the actions there. "We would never sign on to legislation that authorized the president, or anyone else, to shut down the Internet," they said in the statement. "Emergency or no, the exercise of such broad authority would be an affront to our Constitution." The three senators called the actions by the Egyptian President Hosni Mubarak "totally wrong." "His actions were clearly designed to limit internal criticisms of his government," they said. "Our cybersecurity legislation is intended to protect the U.S. from external cyber attacks. Yet, some have suggested that our legislation would empower the president to deny U.S. citizens access to the Internet. Nothing could be further from the truth." The senators' statement didn't comfort Free Press, a media reform and digital rights group. "It's good to see the senators have heard the outcry from Americans troubled by this bill, but their promises that the bill won't give the president 'kill-switch' powers aren't very reassuring," Timothy Karr, campaign director for Free Press, said in a statement. "The devil is always in the details, and here the details suggest that this is a dangerous bill that threatens our free speech rights." The proposal would give the president the authority to take emergency actions without congressional approval, Free Press said. The result is a concentration of power with the president, the group said. "We understand that protecting Internet communications is a vital government interest, but we're troubled by the idea that the president could declare an emergency and shut down digital communications," Karr added. "In its current form, the legislation offers no clear means to check that power." While the senators say the bill does not allow emergency actions in response to dissent, national security problems and political crises can become intertwined, added Heather Greenfield, a spokeswoman for the Computer and Communications Industry Association, a tech trade group. "What governments do today in response to legitimate concerns can open the door to future abuses," she said. Democracies should be models for Internet openness and freedom, she added. "CCIA doesn't want any government, or international body like the U.N., to expand their control over Internet operations," Greenfield said. Firefox 'Do Not Track' Ready for Download Now Adventuresome Firefox users who can't wait to try out the "do not track" feature can do so now by grabbing a "nightly build" of the browser. Nightly builds are for testing purposes only, Mozilla warns, and aren't as stable as beta releases. Last week, Mozilla released details about a feature it intended to add to the upcoming version of its Firefox web browser, release 4.0, that would create a universal "opt-out" for net surfers who don't want to be tracked by Internet marketers. Today, Sid Stamm announced on his "extreme geekboy" blog that the first iteration of the feature has been incorporated into the latest nightly builds of the browser. To enable the feature, open the preference pane in the software, select the advanced tab and click the box labeled "Tell sites I do not want to be tracked." After setting up "do not track," every time the browser makes a connection to download content, it will send a "don't track me" signal to the site. The syntax of that command has been changed slightly in this version of the feature compared to previous ones. It's now "DNT: 1". Previously, it was "X-Do-Not-Track." Just because a browser has a "do not track" feature, though, doesn't mean a website will recognize it. "We do not anticipate that sites are looking for the signal yet, so you probably won't notice a difference as you browse the web," Stamm acknowledged. That cooperation from both browser makers and website operators is required for "do not track" to work is seen by some as a major flaw in the system. As my colleague Tony Bradley pointed out last week: "The problem with expecting cooperation from websites that are tracking Internet usage and gathering information on users' web habits is that most of those organizations are already aware that it is ethically questionable, and that the FTC is working to combat the practice, yet they choose to continue collecting the data anyway." Outcry Mounts Over Canadian Internet Billing Ruling Backed by a public outcry, Canadian opposition parties lined up on Tuesday to voice concerns about a regulatory decision that chokes off the ability of small independent Internet providers to offer unlimited downloading to their customers. The regulator, the Canadian Radio-television and Telecommunications Commission (CRTC), gave major telecom carrier BCE Inc approval last week to charge wholesalers that use its network on the same usage-based billing (UBB) basis it uses to charge its customers, minus a 15 percent discount. Major providers such as Bell, Shaw Communications and Rogers Communications charge customers extra if they download more than the monthly limits the big providers set, typically between 20 and 60 gigabytes. Small providers often offer plans with 200 gigabyte ceilings, or even unlimited use. At least one market participant and an individual citizen have appealed the regulator's decision. One of the small providers, TekSavvy, will cut its usage ceiling to 25 gigabytes effective March 1, the date the CRTC ruling comes into force. On Tuesday, its website was festooned with links to groups opposing the pricing framework. Citizen group Openmedia.ca said on Tuesday its "Stop The Meter" petition opposing usage-based billing had garnered more than 200,000 signatures, up from around 40,000 before the CRTC handed down its decision. The opposition Liberal and New Democratic parties said the regulator's decision limits competition and punishes consumers. "We do not agree with the CRTC's decision on usage-based billing, and we will bring the fight for an open and innovative Internet environment to Parliament," Liberal critic Marc Garneau said in a statement. "Usage-based billing is squashing competition and hitting Canadian consumers in the pocketbook," said Charlie Angus of the New Democrats. Another opponent of the pricing scheme is Netflix, whose launch of an online-only movie service in Canada in September spooked the incumbent providers. Conservative Industry Minister Tony Clement said he was aware an appeal had been lodged and that the government would study the CRTC's decision "to ensure that competition, innovation and consumers were all fairly considered". Openmedia.ca's national coordinator, Steve Anderson said Clement would have to do more than ask the CRTC to tinker with pricing. "He must either overturn all the CRTC rulings that force pricing schemes on big telecom's independent competitors, or at minimum have the CRTC revisit the entire premise of forced UBB pricing," he said. BCE, the parent of telecom Bell Canada, and other telecom operators have spent heavily on infrastructure and are mandated to lease their networks to small providers to encourage competition. Copycat? Google Says Bing Copies Search Results Is Bing copying Google's search results? Google says yes and Microsoft says no - and it's stirring up plenty of drama in the search world this week. Google offers sophisticated experiment results that it says proves Bing is using its search results. Google said it first noticed Bing's alleged copycat behavior last summer and took a closer look over the following months. According to Google, URLs from Google search results would later appear in Bing with increasing frequency for all kinds of queries - even results Google considered mistakes from its algorithms. "We created about 100 'synthetic queries' - queries that you would never expect a user to type, such as [hiybbprqag]," said Google Fellow Amit Singhal. "As a one-time experiment, for each synthetic query we inserted as Google's top result a unique (real) web page which had nothing to do with the query." Google then gave 20 of its engineers laptops with a fresh installation of Microsoft Windows running Internet Explorer 8 with Bing Toolbar installed. As part of the install process, Singhal said Google opted in to the Suggested Sites feature of IE8 and accepted the default options for the Bing Toolbar. "We asked these engineers to enter the synthetic queries into the search box on the Google home page and click on the results - i.e., the results we inserted," Singhal said. "We were surprised that within a couple weeks of starting this experiment, our inserted results started appearing in Bing." Singhal said the experiment confirmed Google's suspicions that Bing is using some combination of Internet Explorer 8, which can send data to Microsoft via its Suggested Sites feature, and the Bing Toolbar, which can send data via Microsoft's Customer Experience Improvement Program, or possibly some other means to send data to Bing on what people search for on Google and the Google search results they get. Microsoft quickly responded to Google's allegations. Harry Shum, corporate vice president for Bing, called the issue a spy-novelesque stunt to generate extreme outliers in tail query ranking. "It was a creative tactic by a competitor, and we'll take it as a backhanded compliment," Shum said. "But it doesn't accurately portray how we use opt-in customer data as one of many inputs to help improve our user experience." Shum went on to say that many companies across the Internet use collective intelligence to make their products better every day and defended Bing's "distinct approach to search." So who's right? Is Bing all-out copying Google's search results? Or is Bing simply improving its search engine based on collective intelligence? As Greg Sterling sees it, the verbal brawl marks a bitter public-relations turn in the intensifying competition between the two companies. "Arguably Google did catch Bing doing something improper and copying selected Google results. But people also defend what Bing was doing as capturing 'public' user behavior and clicks and factoring that into its algorithm," Sterling said. "As it stands now, this isn't going to have much of an impact on consumers in the end, but among tech insiders it would appear to tarnish Bing's brand." Microsoft Riled by Charge Bing Is A Copy Cat A spat between Internet titans heated up with Microsoft angrily denying that Bing copies Google's search results and the world's top online search engine adamant it has proof. Microsoft senior vice president Yusuf Mehdi went on the offensive in a blog post that accused Google of tricking Bing with a "honeypot attack" too sweet to resist. "In simple terms, Google's 'experiment' was rigged to manipulate Bing search results through a type of attack also known as 'click fraud,'" Mehdi said. "That's right, the same type of attack employed by spammers on the Web to trick consumers and produce bogus search results." Google held firm that it conducted a simple, honest experiment that showed Bing copied its search results and that rather than gripe about getting caught it should simply stop doing it. "Some Bing results increasingly look like an incomplete, stale version of Google results - a cheap imitation," said Amit Singhal, one of the company's search engineers, on Google's official blog. Google had noted that in the summer of 2010 Bing did not return any results for a misspelled search for the surgical eye procedure "tarsorrhaphy." "Later in the summer, Bing started returning our first result to their users without offering the spell correction," Singhal said. "This was very strange." The experiment was repeated with nonsensical searches, including "hiybbprqag," "delhipublicschool40 chdjob," and "juegosdeben1ogrande," which Google had designed to link to a single unrelated result. Google engineers used their company's search engine and Microsoft's Internet Explorer web browsing software to search on the fabricated terms that generated orchestrated results. Within weeks, Bing offered the same results for searches on the made-up terms, according to Singhal. Google equated the experiment to releasing intentionally false information and following its trail. "We do not copy results from any of our competitors," Mehdi said. "Period. "We have some of the best minds in the world at work on search quality and relevance, and for a competitor to accuse any one of these people of such activity is just insulting," he continued. Microsoft argued that search feedback from users of Internet Explorer is "one of more than 1,000 signals" taken into account by its formula to match online queries with results. Bing gets information from users who agree to share anonymous data "as they navigate the web in order to help us improve the experience for all users." Google found it suspicious that a fictional search term and fabricated results popped into Bing if they were just one signal in a sea of more than 1,000 signals considered by Microsoft's ranking software. "However you define copying, the bottom line is, these Bing results came directly from Google," Singhal said in a blog post detailing the sting operation. "To those who have asked what we want out of all this, the answer is simple: we'd like for this practice to stop." Bing corporate vice president Harry Shum dismissed Google's experiment as "a spy-novelesque stunt." "It doesn't accurately portray how we use opt-in customer data as one of many inputs to help improve our user experience," Shum said. "We all learn from our collective customers, and we all should," Shum said. Firefox 4 Delayed Again, 12th Beta Planned A week after releasing its tenth beta of Firefox 4, the open-source browser project's release manager, Christian Legnitto this week announced a new beta plan, which will include a 12th beta. Previously Legnitto had written that there were no plans for a beta 12 for Mozilla's the next major desktop Web browser. Beta 11 is finished, and the Firefox planning page on the Mozilla wiki states that the team is "still working on an ETA for releasing it to our beta audience, likely early next week." That page also mentions Beta 12 as having "a small enough list of bugs that it's plausible it will be the last beta, though we're not locking that up, since some of the plugin work needs to crystallize before we can assess timing risk." Many of the holdbacks seem to be related to Flash and Hotmail. Beta versions of Firefox come with a reporting plug-in that lets testers send comments to the developers. The comments are viewable at the Firefox Input Dashboard page, and nearly 3,700 of these have to do with Hotmail constantly refreshing. Over 1,800 mention Flash, but many involved problems with basic browser functions, such as the new Panorama tab-previewing feature, copy and paste, and password saving. The ability for anyone to view these comments, along with Legnitto's post gives an inside view into the open-source development process. "If anything is even slightly risky," says the release manager to his developers, "please hold off a day until we branch for beta 11 before landing on mozilla-central. We will not close mozilla-central and instead trust developers to act responsibly with risk." Firefox 4 will be a major upgrade to the browser alternative to products from billion-dollar corporations, such as Internet Explorer, Google Chrome, and Apple Safari. It will feature a revamped plug-in architecture called JetPack, a redesigned minimalist interface, faster JavaScript performance, and greater support for HTML5, including Google's WebM HTML5 video format. A schedule on Mozilla's wiki for Firefox 4 Beta releases listed Beta 11 as "Asap in the week of January 31" while the launch of the Firefox 4 Release Candidate (RC) was still vaguely listed as "Early 2011." Microsoft 'Love' Means Massive Reboots for IE Patch Microsoft announced 12 bulletins for February's Patch Tuesday. Three of the bulletins are critical and include updates to address recently disclosed flaws in Internet Explorer and Windows. Beyond the three critical bulletins, nine are rated important, addressing issues in Microsoft Windows, Internet Explorer, Microsoft Office, Visual Studio, and IIS. February's Patch Tuesday release comes after only two security bulletins addressing three vulnerabilities were issued in January. But January's light Patch Tuesday skipped some known vulnerabilities, including the recursive style-sheet load bug in IE. "These vulnerabilities have seen limited exploits in the wild, so applying the update is highly recommended," said Wolfgang Kandek, CTO at Qualys. "In addition, the lower-rated flaw in the FTP service is addressed with an update to the IIS server." The remaining updates address flaws in Windows, Office and the development platform Visual Studio. Kandek said all versions of Windows, starting with Windows XP SP3 up to the latest versions of Windows 7 and Windows Server 2008 R2, are affected. The Office bulletin, however is limited to a relatively small footprint: The Visio versions 2002, 2003 and 2007. "The recent MHTML issue in Windows and Internet Explorer will not be addressed in this update," Kandek said. "The work-around suggested by Microsoft in Advisory 2501696 continues to be the recommended way of mitigating this attack vector." The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. Microsoft said it's possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a web request run in the context of Internet Explorer. Technical details aside, Paul Henry, forensic and security analyst at Lumension, said it looks like IT admins might be finally getting a patch for Internet Explorer this month. That means 900 million people will be sharing the love for Microsoft this Patch Tuesday. "Last month, we were waiting for the IE patch that never came, and this month we get to celebrate the national day of love by all of us simultaneously rebooting our PCs," Henry said. "Not only do we expect to see a lot of noise around the IE patch, this Patch Tuesday we will see another massive round of patches. In the 12 bulletins released today, six are remote-code executable." Will history repeat itself with this massive reboot? Experience tells Henry that reboots of this magnitude have been known to upset services and applications, so it's possible IT admins will see similar problems to what was encountered in 2007 when a large Microsoft patch that required a reboot crippled applications -- Skype in particular. "Although Microsoft appears to be doing a bit of spring cleaning this Patch Tuesday with a lot of regular 'run of the mill' stuff, it can't be emphasized enough that this will be a massive simultaneous reboot and historically, we've seen services greatly impacted when such a huge number of machines require reboots," Henry said. Microsoft Hides Your Email Address via Hotmail Aliases Microsoft said Thursday that it has enabled aliases on Hotmail accounts, allowing people to create temporary email addresses. Users who create an alias can route emails to that alias to a separate folder, which can then be managed separately. For example, email sent to "markthereporter@hotmail.com" will be sent to a private folder that will be accessible from my main Hotmail account. Beginning today, users can add up to five email aliases per year to each account, up to a maximum of fifteen. So far, the alias feature is exclusive to Microsoft; Google hasn't added it to its Gmail mail system. Microsoft positioned the alias feature as the email equivalent of a one-time credit card number that can be used on a dodgy shopping site. "Let's say you're in the market for a new car," Dharmesh Mehta wrote in a blog post. "There are a bunch of websites that will email you price quotes, sales alerts, etc. During your car search, these messages are helpful, but once you're done, they become clutter that can be difficult to stop. By using an alias on these websites instead of your main email address, you can avoid this. And when you're done, just turn the alias off, ensuring future unwanted messages that are sent to that alias don't land in your inbox." Gmail does allow users to add a "+" to their email addresses to create a sort of alias; addressing emails to "johnqpublic101+home@gmail.com" will route the email to the johnqpublic101 inbox, add indicative stars to them, or route them to the trash. But Mehta also argued that such methods are detectable, including by humans. Hotmail also allows a user to access email stored in a non-Microsoft account, pulling the information via POP, rather than IMAP. In December, Hotmail added sandboxing to its email accounts, which can protect the system from malicious scripts. The "Active Views" technology isolates JavaScript. Microsoft also added additional security verification technology, using cell phones and a trusted PC. All are followons to a revamped Hotmail client that Microsoft began rolling out last summer. Internet Addresses Depletion Reflects Wired World Thirty years after the first Internet addresses were created, the supply of addresses officially ran dry on Thursday. But don't panic. The transition to a new version of addresses is already well under way and, for most people, should occur without even being noticed. At a special ceremony in Miami on Thursday, the organization that oversees the global allocation of Internet addresses distributed the last batch of so-called IPv4 addresses, underscoring the extent to which the Web has become an integral and pervasive part of modern life. Every computer, smartphone and back-end Web server requires an IP address - a unique string of numbers identifying a particular device - in order to be connected to the Internet. The explosion of Web-connected gadgets, and the popularity of websites from Google Inc to Facebook, means that the world has now bumped up against the limit of roughly 4 billion IP addresses that are possible with the IPv4 standard introduced in 1981. The solution is IPv6, a new standard for Internet addresses that should provide a lot more room for growth: There are 340 undecillion IPv6 addresses available. That's 340 trillion, trillion, trillion addresses. "If all the space of IPv4 were to be sized and compared to a golf ball, a similar-sized comparison for IPv6 would be the size of the sun," said John Curran, the chief executive officer of the American Registry for Internet Numbers, one of five nonprofit organizations that manage Internet addresses for particular regions of the world. Just in case you're worried, Curran added that "we don't ever intend to see another transition." For companies with websites, the transition to IPv6 means configuring their computer equipment to support the new standard rather than upgrading hardware, Curran said. Those that don't could see the performance of their sites slowed down, and potentially cut off to some users in the future. Laptops, smartphones and other Web-connected gadgets, as well as Web browsers, already support IPv6, though Curran notes that according to some estimates less than 1 percent of Internet users may not have their equipment configured properly and will need to adjust their settings in the months ahead, as websites increasingly adopt the new standard. Google Gambles $20K that Chrome Can't be Cracked Google is so confident that its Chrome Web browser can't be hacked that it is willing to put $20,000 cash and a Chrome CR-48 notebook on the line to prove it. At the 2011 Pwn2Own contest, held in conjunction with the CanSecWest security conference in Vancouver next month, Google will put its money where its proverbial mouth is. Google's use of Chrome as the name of both its browser and its OS is creating some confusion. There are some false reports that Google is offering the bounty for successfully cracking its Chrome OS-based CR-48 notebook. The Google CR-48 notebook will be awarded along with the $20,000 for a successful attack against the Chrome Web browser, but the Pwn2Own info clearly states that the notebook is merely a prize. There will be no attacks mounted against the Chrome OS, and the target Chrome Web browser will actually be running on the latest 64-bit release of either Windows 7 or Mac OS X. The Chrome Web browser is the only participating browser with built-in sandbox protection. The sandbox segregates untrusted or potentially malicious scripts so they are unable to impact the core browser, or the underlying PC. Because of the sandbox, it will take some extra effort for an attack against the Chrome Web browser to be considered a success. According to posted details about the Pwn2Own contest, a successful attack against Chrome will be measured over a few days. "On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope." Google's $20k award is the largest ever offered at the annual Pwn2Own contest, and also the first time that a Web browser vendor has stepped up to contribute to the Pwn2Own cash pool. Perhaps the bravado is inspired by the fact that this will be the third year that Chrome will be targeted, yet it has remained un-cracked in years past. Compare that to Apple's Safari Web browser, which is perennially cracked in minutes - if not seconds. But, even Firefox and Internet Explorer have fallen prey to Pwn2Own attacks. Only Chrome remains unscathed...so far. We'll see if $20,000 is enough incentive for an enterprising hacker to find a crack in its armor. Britain Wants International Rules on Cyberspace Britain, worried about a growing threat from cyber espionage and cyber crime, offered Friday to host an international conference to tackle such issues. Foreign Secretary William Hague, speaking at a security conference in Germany, revealed details of recent attacks on British government and defense industry computers to underline the threat from cyber spying. He also cited how the Egyptian government had tried to shut down the Internet, mobile phone networks and broadcasters during mass protests against the rule of President Hosni Mubarak. He said cyber security was on the agenda of some 30 international organizations, but the debate lacked focus. "We believe there is a need for a more comprehensive, structured dialogue to begin to build consensus among like-minded countries and to lay the basis for agreement on a set of standards on how countries should act in cyberspace," he said. "The UK is prepared to host an international conference later this year to discuss norms of acceptable behavior in cyberspace," he added in the speech, the text of which was released in London. Cyberspace had opened up new channels for hostile governments to try to steal secrets and created new means of repression, "enabling undemocratic governments to violate the human rights of their citizens," Hague said. "It has promoted fears of future 'cyber war'," he said. International rules on the use of cyberspace should be based on principles including respect for individual privacy, protection of intellectual property and a collective effort to tackle the threat from criminals acting online, he added. Hague described several recent attacks on British government or defense contractors' computer systems. Last year, a malicious file posing as a report on a nuclear Trident missile was sent to a defense contractor by someone masquerading as an employee of another defense firm, Hague said. "The email was detected and blocked, but its purpose was undoubtedly to steal information relating to sensitive defense projects," he said. Britain's eight-month-old coalition government has produced a new national security strategy which ranks cyber attack and cyber crime as a high priority risk. It is spending 650 million pounds ($1.05 billion) on a national cyber security program. =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.