Tech Boom: Intel’s Earnings Up an Astounding 875%

We thought Zillow’s 2011 IPO was a good sign for the tech and Internet market. Intel has not only just confirmed that notion, but blown everybody’s expectations right out of the water.

The world’s largest chipmaker just wowed Wall Street and the tech world with its latest earnings report. The publicly-traded company reported a net income of $2.3 billion in the fourth quarter of 2009, up an amazing 875% from its $234 million earnings in the fourth quarter of 2008. This more than beat Wall Street expectations.

While we won’t go into detail over the financial numbers (you can do that here PDF ), we do want to highlight some of the key stats:

– Revenues in Q4 2009 rose to $10.6 billion, a climb of 28% from $8.3 billion last year.

– However, if you look at the big picture, Intel had a better 2008 than 2009. 2009 revenues were $35.1 billion, while 2008 revenues reached $37.6 billion. That’s a 7% difference.

– Intel predicts revenues of approximately $9.7 billion in Q1 2010, above Wall Street estimates.

– Around a year ago, at the heart of the economic collapse, Intel decided to invest $7 billion into new chip plants. It looks to be paying off.

Intel’s Q4 report is one of the first to come out this year, but it won’t be the last. If Intel’s numbers are any indication though, we’re nearing the light at the end of the tunnel.


USB 3.0 Finally Arrives

When you’re in front of your PC, waiting for something to transfer to removable media, that’s when seconds feel like minutes, and minutes feel like hours. And data storage scenarios such as that one is where the new SuperSpeed USB 3.0’s greatest impact will be felt first. As of CES, 17 SuperSpeed USB 3.0-certified products were introduced, including host controllers, adapter cards, motherboards, and hard drives (but no other consumer electronics devices). Still more uncertified USB 3.0 products are on the way, and they can’t get here fast enough.

Glance Backward

The beauty of USB 3.0 is its backward compatibility with USB 2.0; you need a new cable and new host adapter (or, one of the Asus or Gigabyte motherboards that supports USB 3.0) to achieve USB 3.0, but you can still use the device on a USB 2.0 port and achieve typical USB 2.0 performance. In reducing some overhead requirements of USB (now, the interface only transmits data to the link and device that need it, so devices can go into low power state when not needed), the new incarnation now uses one-third the power of USB 2.0.

The theoretical throughput improvement offered by USB 3.0 is dramatic — a theoretical 10X jump over existing USB 2.0 hardware. USB 2.0 maxed out at a theoretical 480Mbps, while USB 3.0 can theoretically handle up to 5Gbps. Mind you, applications like storage will still be limited by the type of drive inside; so, for example, you can expect better performance from RAIDed hard drives or fast solid-state drives (SSDs) than from, say, a standalone single drive connected to the computer via USB 3.0.

The real-world examples are fairly convincing — and underscore USB 3.0’s advantage for high-def video, music, and digital imaging applications. Our early test results are encouraging as well: We tested Western Digital’s My Book 3.0, the first USB 3.0-certified external hard drive. The performance was on a par with that of eSATA-but the benefit here is that USB 3.0 is a powered port, so you don’t need to have another external power supply running to the drive (as you do with eSATA; unless the eSATA drive you’re using is designed to steal power from a USB port while transferring data over the eSATA interface).

New Entries

While the WD drive was the first to announce, a slew of other hard drive makers either announced products at the show, or discussed plans to release products in the coming months. Among them: Seagate (which is doing a portable drive), LaCie, Rocstor, and Iomega. Even non-traditional hard drive vendors like Dane-Elec and A-Data showed products they billed as USB 3.0 (the latter two even had USB 3.0-connected SSDs, the first external drives to use solid-state storage inside.

One of the things to look for in the coming months is the certified SuperSpeed USB 3.0 logo. Products are currently filling the queues at the official certification testing labs, but presence of that certification logo will give you some peace of mind that the product you’re buying truly does live up to the USB 3.0 spec.

Given that the certification labs are jammed up, though, you can expect companies to release USB 3.0 products without official certification. (Buffalo Technologies’ drive, released late 2009, is not certified; LaCie’s drives are in the process of certification, but will initially carry LaCie’s own logo for USB 3.0, and will gain a sticker on the box once certification is completed.) And in those cases, it will be hard to know whether the device truly lives up to its performance potential.

Compatibility Guarantee

And this time around, the way the USB spec is written, says Jeff Ravencraft, consumers should have an easier time finding products that are truly USB 3.0. Before, in the transition from USB 1.1 to USB 2.0, the USB 2.0 spec was written in a way where it “encompassed low, full and high-speed USB,” explains Ravencraft, president and chairman of the USB Implementers Forum. “Since those are all encapsulated in the USB 2.0 spec, [vendors] could have a certified product that’s low-speed, but still call it USB 2.0.

“We don’t have that issue with USB 3.0 To claim you’re USB 3.0, you have to deliver 5Gbps. There’s no other way to get the certification.”

Ravencraft adds that the group is prepared to protect the USB 3.0 logo, to make sure that only manufacturers who go through certification use it. “We’ll take legal action if anyone infringes on our marks.”

By end of year, Ravencraft says the loggerjam of products awaiting certification should be past, and the organization’s network of worldwide test labs will be handling USB 3.0 certification.

According to In-Stat Research, by 2013, more than one-quarter of USB 3.0 products will support SuperSpeed USB 3.0.

Ravencraft says this is the fastest ramp up of USB products he’s seen in the past ten years, across the previous versions of USB.

I say the change can’t come fast enough. The trick, though, will be getting the interface into our notebooks (without requiring a kludgy ExpressCard adapter). So far, though, only HP and Fujitsu have announced limited USB 3.0 support on notebooks. And Taiwanese notebook and desktop maker MSI indicated that it wouldn’t have USB 3.0 until, at the earliest, the third-quarter of this year; product managers for both notebooks and desktops cited manufacturing concerns like chipset availability in large quantities, and the need to test USB 3.0 chipsets.

And in the meantime, the only announced peripherals remain storage devices. At next year’s CES, it’s likely we’ll hear more about specific consumer electronics devices such as digital cameras and camcorders and video cameras moving to USB 3.0. Hopefully by then we’ll start getting a critical mass of PC hardware with USB 3.0 integrated, too.


Google Plans Ultrafast Internet Broadband

The search giant say it’ll build experimental 1-gigabit-per-second broadband networks in a small number of test locations.

Google on Wednesday said that it plans to build a series of experimental high-speed networks that will provide broadband connectivity at speeds 100 times beyond typical U.S. broadband connections.

Under The American Recovery and Reinvestment Act of 2009, signed into law in February 2009, the Federal Communications Commission (FCC) was directed to create a National Broadband Plan to promote better online communication and scientific, economic, and cultural development.

Google has been advising the FCC on the plan’s development. With 35 days until the FCC unveils its plan, Google has decided to build high-speed broadband networks in a small number of test locations. The company is promising Internet speeds of up to 1 gigabit per second, through fiber-to-the-home connections.

Google said it will offer network access to between 50,000 and 500,000 people at a competitive prices.

“We doing this because we want to experiment with new ways to make the Web better and faster for everyone, allowing applications that would be impossible today,” said Google product manager James Kelly in a video.

Examples of such applications include 3D medical imaging over the Web, downloading high-definition feature films in less than five minutes, and collaborating with geographically dispersed classmates while watching a live, 3D lecture.

Google expects that the availability of high-speed Internet access will allow developers to create new applications that haven’t yet been imagined.

The company says that its experimental networks will be operated under “open access” principals, so that users have a choice of service provider, and that its networks will be managed in an open, transparent, and non-discriminatory way.

Google is soliciting involvement from community partners through a Request For Information (RFI). Government officials and members of the public can nominate their communities to be test participants at Google’s Web site before March 26.

Source: InformationWeek

If Your Password Is 123456, Just Make It HackMe

Back at the dawn of the Web, the most popular account password was “12345.”

Today, it’s one digit longer but hardly safer: “123456.”

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”

Mr. Shulman and his company examined a list of 32 million passwords that an unknown hacker stole last month from RockYou, a company that makes software for users of social networking sites like Facebook and MySpace. The list was briefly posted on the Web, and hackers and security researchers downloaded it. (RockYou, which had already been widely criticized for lax privacy practices, has advised its customers to change their passwords, as the hacker gained information about their e-mail accounts as well.)

The trove provided an unusually detailed window into computer users’ password habits. Typically, only government agencies like the F.B.I. or the National Security Agency have had access to such a large password list.

“This was the mother lode,” said Matt Weir, a doctoral candidate in the e-crimes and investigation technology lab at Florida State University, where researchers are also examining the data.

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations,” Mr. Shulman said. “The reality is that you can be very effective by choosing a small number of common passwords.”

Some Web sites try to thwart the attackers by freezing an account for a certain period of time if too many incorrect passwords are typed. But experts say that the hackers simply learn to trick the system, by making guesses at an acceptable rate, for instance.

To improve security, some Web sites are forcing users to mix letters, numbers and even symbols in their passwords. Others, like Twitter, prevent people from picking common passwords.

Still, researchers say, social networking and entertainment Web sites often try to make life simpler for their users and are reluctant to put too many controls in place.

Even commercial sites like eBay must weigh the consequences of freezing accounts, since a hacker could, say, try to win an auction by freezing the accounts of other bidders.

Overusing simple passwords is not a new phenomenon. A similar survey examined computer passwords used in the mid-1990s and found that the most popular ones at that time were “12345,” “abc123” and “password.”

Why do so many people continue to choose easy-to-guess passwords, despite so many warnings about the risks?

Security experts suggest that we are simply overwhelmed by the sheer number of things we have to remember in this digital age.

“Nowadays, we have to keep probably 10 times as many passwords in our head as we did 10 years ago,” said Jeff Moss, who founded a popular hacking conference and is now on the Homeland Security Advisory Council. “Voice mail passwords, A.T.M. PINs and Internet passwords — it’s so hard to keep track of.”

In the idealized world championed by security specialists, people would have different passwords for every Web site they visit and store them in their head or, if absolutely necessary, on a piece of paper.

But bowing to the reality of our overcrowded brains, the experts suggest that everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

Mr. Moss relies on passwords at least 12 characters long, figuring that those make him a more difficult target than the millions of people who choose five- and six-character passwords.

“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”


Antivirus makers applaud, mock Microsoft Security Essentials

Four antivirus makers have weighed in on the release of Microsoft Security Essentials, and their opinions are all over the place. We asked various security companies for their opinion on MSE, which launched yesterday, and Symantec, ESET, Avast, and AVG responded with their thoughts.

Microsoft claims it is targeting consumers who currently don’t have any protection on their Windows PC, but of course MSE will end up on many computers that already have third-party security software installed. Since MSE is free, the software security market is going to get a serious shake-up, and here’s what Microsoft’s new competitors think about what’s about to happen.

Symantec, maker of the Norton line of products, says MSE doesn’t stand a chance in today’s market: “While we applaud any vendor that heightens consumer awareness of the need for computer security, it’s clear that the threat landscape has moved on from the product Microsoft is launching,” a Symantec spokesperson told Ars. “Microsoft Security Essentials (MSE) is a stripped down version of their old OneCare product which was poorly rated by industry experts and users alike. From a security perspective, this Microsoft tool offers reduced defenses at a critical point in the battle against cybercrime. Unique malware and social engineering tricks fly under the radar of traditional signature-based technology alone—which is what is employed by free security tools such as Microsoft’s”

ESET, maker of the NOD32 line of products, is unfazed by the product’s launch: “Certainly basic, but free, protection is better than no protection,” Christopher Dale, Public Relations Manager of ESET, told Ars. “For those whose primary concern is price, we would imagine MSE will hold great appeal while making the freeware market more competitive. The product doesn’t directly impact ESET as we offer a full-featured security solution w/ more configuration choices and free phone support.”

Avast is perfectly fine with Microsoft entering the market: “We are glad to see Microsoft joining us in offering free anti-virus/security protection to users,” Vince Steckler, CEO of Avast, told Ars. “We have long believed that top notch security protection should be freely available—that is why nearly 100 million users around the world protect their computers and data with our free avast! antivirus. Around the world there are about 500 million home computer users that need [to be] protected while using the Internet. We believe only around 20 percent of these users are using a traditional paid security product while 250 million are using avast! or one of the other high-quality free products. Users have already decided that security should be free—there are more users of free avast! than users of all paid products combined. But, free users should not be subjected to inferior or ‘basic’ protection.”

AVG, on the other hand, thinks Microsoft will push its product via as many anticompetitive ways as possible: “Microsoft will likely push MSE out via every automated channel available to them—which in and of itself poses all sorts of interesting anti-trust questions,” Siobhan MacDermott, VP Head of Public Policy, Corporate Communications, and Investor Relations for AVG Technologies, told Ars. “They will focus on gaining consumers through the simplicity of installing the product via routine channels of connection. On paper it makes sense, but in reality, we believe this will force consumers to unwittingly enter into a situation that makes them more vulnerable. Experts agree that the biggest nemesis to Windows was not the vulnerability of its code but rather the popularity of the operating system. It is a law of numbers; large communities create large pools of opportunities for thieves. If Microsoft leverages the power of its OS market to rapidly create a large community of MSE users, we believe those customers will be doubly vulnerable.”

There you have it; two antivirus makers are fine with Microsoft Security Essentials and the other two aren’t. We’re more surprised with the ones that are fine with it, since MSE can potentially steal customers away from them (in fact, many of our readers and users on other forums have already declared they are switching). In our first look at MSE yesterday, we were impressed with what Microsoft was offering as a free download for Windows XP, Windows Vista, and Windows 7. For those who have had a chance to install it, how do your thoughts compare to the above statements?


MagicJack’s next act: disappearing cell phone fees


The company behind the magicJack, the cheap Internet phone gadget that’s been heavily promoted on TV, has made a new version of the device that allows free calls from cell phones in the home, in a fashion that’s sure to draw protest from cellular carriers.

The new magicJack uses, without permission, radio frequencies for which cellular carriers have paid billions of dollars for exclusive licenses.

YMax Corp., which is based in Palm Beach, Fla., said this week at the International Consumers Electronics Show that it plans to start selling the device in about four months for $40, the same price as the original magicJack. As before, it will provide free calls to the U.S. and Canada for one year.

The device is, in essence, a very small cellular tower for the home.

The size of a deck of cards, it plugs into a PC, which needs a broadband Internet connection. The device then detects when a compatible cell phone comes within 8 feet, and places a call to it. The user enters a short code on the phone. The phone is then linked to the magicJack, and as long as it’s within range (YMax said it will cover a 3,000-square-foot home) magicJack routes the call itself, over the Internet, rather than going through the carrier’s cellular tower. No minutes are subtracted from the user’s account with the carrier. Any extra fees for international calls are subtracted from the user’s account with magicJack, not the carrier.

According to YMax CEO Dan Borislow, the device will connect to any phone that uses the GSM standard, which in the U.S. includes phones from AT&T Inc. and T-Mobile USA. At a demonstration at CES, a visitor’s phone with a T-Mobile account successfully placed and received calls through the magicJack. Most phones from Verizon Wireless and Sprint Nextel Corp. won’t connect to the device.

Borislow said the device is legal because wireless spectrum licenses don’t extend into the home.

AT&T, T-Mobile and the Federal Communications Commission had no immediate comment on whether they believe the device is legal, but said they were looking into the issue. CTIA — The Wireless Association, a trade group, said it was declining comment for now. None of them had heard of YMax’s plans.

Borislow said YMax has sold 5 million magicJacks for landline phones in the last two years, and that roughly 3 million are in active use. That would give YMax a bigger customer base than Internet phone pioneer Vonage Holdings Corp., which has been selling service for $25 per month for the better part of a decade. Privately held YMax had revenue of $110 million last year, it says.

U.S. carriers have been selling and experimenting with devices that act similarly to the wireless magicJack. They’re called “femtocells.” Like the magicJack, they use the carrier’s licensed spectrum to connect to a phone, then route the calls over a home broadband connection. They improve coverage inside the home and offload capacity from the carrier’s towers.

But femtocells are complex products, because they’re designed to mesh with the carrier’s external network. They cost the carriers more than $200, though some sell them cheaper, recouping the cost through added service fees. YMax’s magicJack is a much smaller, simpler design.


Google hopes to change wireless retail game with Nexus One

It wasn’t much of a secret, really, but the sleek, Android-powered Nexus One is finally here, and yes: you can buy it directly from Google, over the Web. As expected, the unlocked, no-contract Nexus One will cost you a pretty penny, but subsidized versions will also be available from T-Mobile and … what’s this, Verizon Wireless? You betcha.
Announced this afternoon during a press conference at Google’s Mountain View headquarters, the Nexus One (designed by phone maker HTC under Google’s strict supervision) is available for purchase right now on Google’s new Web store rather than through a carrier—a twist that some observers see as a paradigm shift in the wireless market, where the balance of power is usually tipped in the carrier’s favor.

Then again, Google is sticking with the practice of charging an arm and a leg for an unlocked, no-contract handset. If you want it unlocked for use with any SIM card and without a contract, the phone will set you back a cool $530. Here in the U.S., you’ll be able to use the Nexus One with either an AT&T or T-Mobile SIM card; that said, AT&T users will only be able to tap into the carrier’s EDGE data network, while T-Mobile customers can use both EDGE and 3G.

Another option is to opt for a traditional two-year contract with T-Mobile, which brings the price of the Nexus One down to $180. That detail has already been well leaked; one of the surprises Tuesday, however, was the news that Verizon Wireless in the U.S. (which currently has the Android-powered Motorola Droid) and Vodafone in Europe are also on board with the Nexus One, with versions of the handset for those networks due in the spring. Interesting. (I should note, though, that the current unlocked Nexus One will only work on GSM-based networks, not CDMA carriers like Verizon or Sprint; I’m assuming that the eventual Nexus One for Verizon will be a CDMA phone.)

If you’ve been following all the rumors over the past few weeks about the Nexus One, few of the hardware details revealed by Google on Tuesday will come as a surprise. Yep, the Nexus One is slim and trim, alright, measuring about 0.45 inches thick and weighing in at a relatively light 4.6 ounces, and as predicted, it’ll come with a speedy 1GHz “Snapdragon” processor under the hood, a five-megapixel camera with an LED flash, Wi-Fi, stereo Bluetooth, a slot for microSD memory expansion, and a standard 3.5mm jack for headsets. Missing in action: a slide-out keypad and “multitouch” for the Web browser (for “pinching” or “zooming” Web pages).

Also on board the Nexus One: the latest version of Android (version 2.1, to be precise), which adds a series of interface enhancements, more home screens (five, up from three), live news and weather widgets, “live” wallpaper (which, as demonstrated during Google’s press conference, might feature a forest scene with falling leaves and water that ripples when at your touch), and even built-in voice recognition for any text field on the phone (meaning you can simply speak rather than type out a text message).

Now, I haven’t personally seen the Nexus One yet, but the bloggers at Engadget have, and their praise is, well … somewhat guarded. No question, they say, the Nexus One is a sleek, sexy, and speedy handset, but the bloggers conclude that the much-vaunted 2.1 version of Android doesn’t look all that different from the Droid’s version of Android. Also, while the Nexus One is “fast,” says Engadget, it’s “not so much of a leap up from the Droid.”

So yes … it sounds like the big news with the Nexus One is the way in which it’s being sold, not so much the handset itself (although the hardware certainly does sound impressive). But while I’m pleased that Google is selling the Nexus One unlocked out of the gate, the unsubsidized $530 price tag is awfully steep.

In any case, that’s the scoop; if you’re interested in more details about the Nexus One, you can check out Google’s site right here. Nexus One

So, show of hands: Who’s interested in snapping up the unlocked Nexus One?


The top 10 tech ‘fails’ of 2009

It was a big year for technology: Twitter and Facebook’s popularity exploded, while new smartphones, e-readers and a host of other gadgets cropped up to compete for our plugged-in affection.

But into each electronic life a little digital rain must fall.

We polled a handful of the most tech-savvy folks we know for their thoughts on the worst moments in technology from 2009 — the most epic “fails” of the year.

Your mileage may vary. If you think something doesn’t deserve to be here, or think we missed a noteworthy clunker, let us know in the comments section. And now, in no particular order, our 2009 Tech Fails …

Y2-what? Zune gets off to a bad start

Technically it was a New Year’s Eve surprise. But many owners of Microsoft’s Zune media player started 2009 with little more than a paperweight with LED lights.

At midnight on December 31, all Zune’s 30-GB MP3 players froze up. Microsoft explained the problem as a problem with the way the device’s internal clock recognized (or didn’t recognize) leap years.

The glitch only lasted a day, but didn’t help a device that was already failing to gain ground on Apple’s iPod.

TwitterPeek fails to pique interest

The reaction of many in the tech community to the release of the TwitterPeek device was a collective, “Huh?”

Sure, there are some people who don’t have smartphones and don’t want to pay for expensive mobile plans. But is there really a market for a $199 device that does nothing but let you manage yourTwitter feed?

“I already have a $200 device to update Twitter,” said one techie we spoke to. “It’s called my iPhone.”

The folks at Peek, makers of TwitterPeek, had already made the Pronto — a device that handled only texts and e-mails. Maybe a combination of the two gadgets is in the works. But even then, would enough people be interested? Probably not.

Facebook backtracks on owning your stuff

OK … so every time Facebook makes even the most minute changes, it sparks an outcry among its 350 million members, not to mention (irony alert) dozens of new Facebook groups geared at making the site change back.

But a terms-of-service change in February went further, implying that Facebook owned the rights to anything users uploaded to the site. Another change suggested that Facebook held those rights forever, even if people quit the site or took the material down.

Facebook responded that it simply needed those rights to be able to post information to other users. But when the backlash continued, the site eventually switched the terms back to their former wording.

Sidekick punts user info

In what one observer called “an almost incomprehensible data disaster,” T-Mobile told users in October that a server error at a Microsoft subsidiary had lost users’ personal data it had stored for the devices.

All of it.

Phone numbers, contact lists, calendars and other information was gone — and even new data would disappear if users turned off or recharged the phone.

Users were offered free service and rebates in the wake of the mess, as T-Mobile scrambled to recover what little of the data it could. But that didn’t stop the lawsuits, Internet griping and ill will generated by the snafu.

Hacking Twitter

It started as a story about someone hacking the accounts of several Twitter employees. Then, after Twitter said the attack was limited to personal information, not sensitive, company-related stuff, the hacker behind the attack struck again — in a different way.

He sent 310 documents to leading technology blog TechCrunch. The blog published a small portion of them and sent the documents to Twitter, which is when the company learned that they included financial projections and notes from high-level executive meetings.

Twitter responded by reportedly closing the security holes that allowed the attack.

Enough with the updates, already!

This was the year that online social media exploded. That’s good news for the future of Facebook, Twitter and the like.

But sometimes it just got to be a bit too much.

Members of Congress abandoned any pretense of paying attention to President Obama’s State of the Union speech by updating their Twitter feeds as he was speaking.

There was the groom who updated his Facebook relationship status at the altar. And the women who tweeted during childbirth. [In fairness, the most high-profile tweeting new mom was Sara Williams, wife of Twitter CEO Evan Williams].

And that’s not even mentioning all those friend requests you got from your grade-school teachers and members of your mom’s knitting circle.

Hyped-up Conficker fails

This is a failure we’re glad to report.

The Conficker worm was, by all accounts, a serious bit of malware that infected as many as 10 million computers worldwide. Instead of attacking those computers, it was designed to control them, paving the way for later attacks.

When researchers spotted the date April 1 in the worm’s coding, speculation began mounting that a major April Fools’ Day attack was on its way. Instead, it was mostly quiet — a false alarm of Y2K proportions.

“I think the joke’s on us a little bit, which you would have expected, having an April 1 date,” Holly Stewart, threat response manager for IBM’s X-Force, a computer security service, said at the time.

Attacks cripple Twitter, Facebook

On August 6, the concept of computer addiction didn’t seem so silly.

A massive denial-of-service attack hit Twitter, Facebook and the LiveJournal blogging site. Twitter was by far the hardest hit, completely blacking out for several hours.

The attacks were believed to have targeted a blogger in the country of Georgia who had been critical of Russia. The attacks, the blogger said, coincided with the one-year anniversary of renewed violence between the two countries.

What was telling was how freaked out people became. Users described feeling naked, jittery and upset without the ability to post on Twitter. When the site came back up, the top topic of conversation was the hashtag for “When Twitter Was Down.”

Gmail crashes

We heard some different views on this year’s string of outages or slowdowns of Google’s popular e-mail system.

Some thought coverage was overblown.

But as more computing power moves “into the cloud,” people and businesses are relying on programs like Gmail not just for e-mails, but to archive documents, chat with friends or co-workers and store contact information.

Gmail went through several high-profile crashes in 2009, including one in February and two in September. While e-mail crashes are nothing new to any provider, 2009’s were the first since Google begain offering offline support.

Response to the crashes simultaneously showed how many people depend on Gmail and how easy it is to make fun of those people. Social-networking blog Mashable responded with a list of five things to do while Gmail is down (No. 1: “Immediately flood Twitter with tweets alternately proclaiming, ‘Gmail is down!’ and inquiring, ‘Is Gmail down?’ “)

I got Google Wave — now what?

OK, so it’s a little early in the game to call this one a total fail. But after the breathless anticipation that greeted Google Wave and the hot rush to get an invitation for its beta testing, lots of users found themselves asking, “OK … now what?”

Google, for its part, released an 80-minute tutorial video — leading some observers to argue that if you need an hour and 20 minutes to explain what your product does, you might be in trouble.

It’s designed as a platform to allow users to communicate and collaborate in real time — a tool some predict will be used effectively by developers in the future.

But for now, it’s inspired the creation of a Web site — Easier to Understand Than Wave — on which users compare the online tool to other sometimes obtuse subjects (Both Ozzy Osbourne and the geopolitical climate of Southeast Asia are easier to understand than Wave, users voted, while Sarah Palin and Scientology are both more difficult).


Windows 7 leaving Redmond’s help desk less busy

There are many ways to measure how Windows 7 is doing. There are reports on new PC sales, tallies of boxed copy sales, and surveys of planned enterprise adoption, to name a few.

But one of the most encouraging signs for Microsoft is the lack of phone calls it is getting from people with problems. Overall, Microsoft said the volume of calls to its support lines is half of what it expected.

“Overall we are finding our call center volume is down significantly more than we expected,” said Barbara Gordon, vice president of customer support for Microsoft.

The drop in calls isn’t just due to the fact that Windows 7 appears less problem-plagued than its predecessor, though. In the weeks leading up to and following the operating system’s release, Microsoft also added two new ways to get help–through an online forum called Microsoft Answers and via the Microsoft Helps feed on Twitter.

“What we have found is we are seeing far more take-up of self-service…forums and Twitter to get responses,” Gordon said in an interview this week.

With the Microsoft Answers forums, which launched late last year, users submit questions and experienced community members offer answers that Microsoft workers later validate to make sure they are correct.

So far, Microsoft has validated some 60,000 solutions. The company says that 83 percent of English-language queries are answered within seven days. Those in other languages have a slightly lower rate, but even of those 78 percent are taken care of within a week.

Meanwhile, Microsoft went live with its Twitter help site in October. Users can post a tweet with “@microsofthelps” in the message and Microsoft will respond. A team of seven employees dedicated full time to the project work with the broader support organization to respond to the many tweets. The goal is to either answer simple questions or to point people to a place where they can get a more detailed answer.

“It’s hard to answer (most questions) in 140 characters,” Gordon said.

But, she said, social networks like Twitter, Gordon said, allow the company to realize a problem that could be affecting thousands of people via a single short message.

“It’s really like a customer megaphone,” Gordon said.

Gordon hopes the new online options will not only cut down on call center expenses, but ultimately improve overall customer satisfaction with Windows. Customer satisfaction an area where the Mac has traditionally outpaced the various PC brands.

But Gordon says she hopes to see Windows gain ground. “We are really working on this,” she said.

Although Apple touts its personal touch with its stores, Gordon suggests Microsoft’s high-tech approach might ultimately win it more fans. “If I can help myself without having to go to the mall and sit at a geek bar I will be happier,” she said.

Nonetheless, one of the main features of Microsoft’s two retail stores is an answer desk very similar to the “Genius Bar” found in Apple stores.

As for the questions people ask on Twitter, they range from the expected range of bugs and problems to inquiries about future versions of products. This week, for example, one user asked when to expect Windows 8. Although vague, the answer was at least as direct as anything a reporter would get by asking Redmond.

“It will be a few years until the next official version comes out,” Microsoft replied on the Twitter feed. “Keep an eye out on for future updates.”

In addition to building goodwill and cutting costs, the online forums also allow Microsoft to quickly see when a problem is affecting a significant number of users. Such mechanisms helped Microsoft to recognize and then solve a video driver problem that was causing some users to have their systems hang when they reached 62 percent completion on an upgrade to Windows 7.

Within a week, Microsoft had a solution on its Website and shortly thereafter it posted an automated “Fix It,” essentially a script that a user can click on to have the proper steps done automatically. The Windows 7 upgrade fix has already been used more than 35,000 times, Microsoft said.

“We’re getting people able to meet their needs themselves,” Gordon said.


Good Guys Bring Down the Mega-D Botnet

For two years as a researcher with security company FireEye, Atif Mushtaq worked to keep Mega-D bot malware from infecting clients’ networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from de­­fense to offense. And Mega-D–a powerful, resilient botnet that had forced 250,000 PCs to do its bidding–went down.

Targeting Controllers

Mushtaq and two FireEye colleagues went after Mega-D’s command infrastructure. A botnet’s first wave of attack uses e-mail attachments, Web-based offensives, and other distribution methods to infect huge numbers of PCs with malicious bot programs.

The bots receive marching orders from online command and control (C&C) servers, but those servers are the botnet’s Achilles’ heel: Isolate them, and the undirected bots will sit idle. Mega-D’s controllers used a far-flung array of C&C servers, however, and every bot in its army had been assigned a list of additional destinations to try if it couldn’t reach its primary command server. So taking down Mega-D would require a carefully coordinated attack.

Synchronized Assault

Mushtaq’s team first contacted Internet service providers that unwittingly hosted Mega-D control servers; his research showed that most of the servers were based in the United States, with one in Turkey and another in Israel.

The FireEye group received positive responses except from the overseas ISPs. The domestic C&C servers went down.

Next, Mushtaq and company contacted domain-name registrars holding records for the domain names that Mega-D used for its control servers. The registrars collaborated with FireEye to point Mega-D’s existing domain names to no­­where. By cutting off the botnet’s pool of domain names, the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down.

Finally, FireEye and the registrars worked to claim spare domain names that Mega-D’s controllers listed in the bots’ programming. The controllers intended to register and use one or more of the spare do­­mains if the existing domains went down–so FireEye picked them up and pointed them to “sinkholes” (servers it had set up to sit quietly and log efforts by Mega-D bots to check in for orders). Using those logs, FireEye estimated that the botnet consisted of about 250,000 Mega-D-infected computers.
Down Goes Mega-D

MessageLabs, a Symantec e-mail security subsidiary, reports that Mega-D had “consistently been in the top 10 spam bots” for the previous year ( The botnet’s output fluctuated from day to day, but on November 1 Mega-D accounted for 11.8 percent of all spam that MessageLabs saw.
Three days later, FireEye’s action had reduced Mega-D’s market share of Internet spam to less than 0.1 percent, MessageLabs says.

FireEye plans to hand off the anti-Mega-D effort to, a volunteer group that will track the IP addresses of infected machines and contact affected ISPs and businesses. Business network or ISP administrators can register for the free notification service.
Continuing the Battle

Mushtaq recognizes that FireEye’s successful offensive against Mega-D was just one battle in the war on malware. The criminals behind Mega-D may try to revive their botnet, he says, or they may abandon it and create a new one. But other botnets continue to thrive.

“FireEye did have a major victory,” says Joe Stewart, director of malware research with SecureWorks. “The question is, will it have a long-term impact?”

Like FireEye, Stewart’s security company protects client networks from botnets and other threats; and like Mushtaq, Stewart has spent years combating criminal enterprises. In 2009, Stewart outlined a proposal to create volunteer groups dedicated to making botnets unprofitable to run. But few security professionals could commit to such a time-consuming volunteer activity.

“It takes time and resources and money to do this day after day,” Stewart says. Other, under-the-radar strikes at various botnets and criminal organizations have occurred, he says, but these laudable efforts are “not going to stop the business model of the spammer.”

Mushtaq, Stewart, and other security pros agree that federal law enforcement needs to step in with full-time coordination efforts. According to Stewart, regulators haven’t begun drawing up serious plans to make that happen, but Mushtaq says that FireEye is sharing its method with domestic and international law enforcement, and he’s hopeful.

Until that happens, “we’re definitely looking to do this again,” Mushtaq says. “We want to show the bad guys that we’re not sleeping.”