German government warns against using MS Explorer
The German government has warned web users to find an alternative browser to Internet Explorer to protect security.
The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google’s systems.
Microsoft rejected the warning, saying that the risk to users was low and that the browsers’ increased security setting would prevent any serious risk.
However, German authorities say that even this would not make IE fully safe.
Thomas Baumgaertner, a spokesman for Microsoft in Germany, said that while they were aware of the warning, they did not agree with it, saying that the attacks on Google were by “highly motivated people with a very specific agenda”.
“These were not attacks against general users or consumers,” said Mr Baumgaertner.
“There is no threat to the general user, consequently we do not support this warning,” he added.
Microsoft says the security hole can be shut by setting the browser’s security zone to “high”, although this limits functionality and blocks many websites.
However, Graham Cluley of anti-virus firm Sophos, told BBC News that not only did the warning apply to 6, 7 and 8 of the browser, but the instructions on how to exploit the flaw had been posted on the internet.
“This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week,” he said.
Computer expert Alan Stevens: “It’s like having a window left open in your house”
“The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go.”
Microsoft traditionally release a security update once a month – the next scheduled patch is the 9th of February. However, a spokesman for Microsoft told BBC News that developers for the firm were trying to fix the problem.
“We are working on an update on this issue and this may well involve an out of cycle security update,” he said.
Fix development
However, this is no easy task. Not only have the firm got to fix the loophole, but they have to ensure it does not create another one and – equally importantly – works on all computers. This is a challenge compounded by the fact they have to fix three different versions of its browser.
Microsoft said that while all versions of Internet Explorer were affected, the risk was lower with more recent releases of its browser.
The other problem facing developers is that the possible risk might not be prevented by anti-virus software, even when recently updated.
“We’ve been working to analyse the malware that the Chinese are using. But new versions can always be created,” said Mr Cluley.
“We’ve been working with Microsoft to see if the damage can be mitigated and we are hoping that they will release an emergency patch.
“One thing that should be stressed is that every browser has its security issues, so switching may remove this current risk but could expose you to another.”
Kodak sues Apple and RIM over iPhone and Blackberry
Kodak has filed a complaint with the US International Trade Commission (ITC).
It alleges the iPhone and Blackberry use technology for previewing pictures that infringe Kodak patents.
It has also filed two separate suits against Apple that claim infringements of patents relating to digital cameras and certain computer processes.
Kodak has asked the ITC to bar both firms from shipping the phones and has asked for undisclosed monetary damages.
RIM and Apple declined to comment.
Legal scrutiny
“We’ve had discussions for years with both companies in an attempt to resolve this issue amicably, and we have not been able to reach a satisfactory agreement,” said Laura Quatela, chief intellectual property officer at Kodak.
“In light of that, we are taking this action to ensure that we protect the interests of our shareholders and the existing licensees of our technology.”
The patent for Kodak’s picture previewing technology has already been the subject of one dispute.
On 17 December 2009, an ITC judge ruled that camera-enabled phones made by Samsung infringed upon the Kodak patent.
The separate filing against Apple has also been scrutinised in court in a case against Sun Microsystems.
In that case, a federal jury determined that Sun’s Java programming technology had infringed Kodak’s patents. Sun later agreed to pay Kodak in return for a license for the patents at issue.
Apple is currently in the middle of a legal dispute with phone giant Nokia.
In October, Nokia alleged that the iPhone infringed 10 of its “fundamental” patents relating to wireless technologies.
Apple countered with its own lawsuit in December, accusing Nokia of copying its technology.
Since then Nokia has complained to the ITC and launched a further legal action that alleges “virtually all” of Apple’s products infringe on its patents.
Skype and Haiti
Many people are in Haiti are without landline or cell phone coverage since the earthquake hit on Tuesday, and so tools like Skype have become vital.
Skype-to-Skype voice and video calls are completely free, and many of you have been using them over the last couple of days to stay in touch with family and friends, or to contact co-workers or support agencies during this difficult time.
To help people further, we’re emailing vouchers for $2 US of Skype Credit to of all of our users in Haiti. They’ll start appearing in inboxes in about 24 hours’ time.
The credit will let you make at least an hour’s worth of calls to landlines in the US or other countries covered by our global rate, or at least 15 minutes of calls to the Dominican Republic. You can see all of our rates here.
You can also donate to relief efforts via UNICEF or the International Committee of the Red Cross.
Our hearts go out to all of you in Haiti.
Barclays Analyst Predicts YouTube Profitability
In a financial sense, Google’s acquisition of YouTube has never made a lot of sense; the site, which sold for $1.65 billion, hasn’t even turned a profit on a quarter-to-quarter basis yet. But according to a prominent analyst, that’s about to change.
Doug Anmuth, who works for Barclays Capital, said today in a note, “[I]n 2010 we believe YouTube will start contributing positively to EPS. . . . [W]ith YouTube monetizing more than 1 billion video views every week, and with strong sell-out rates on its home-page from larger advertisers – we note 90% of the top 50 Ad Age have advertised on YouTube – we believe the site can profitably take share of the branded display & video market.”
Anmuth then shared a couple of concrete numbers, continuing, “We project YouTube to generate $700 million in revenue in 2010, up 55% Y/Y.”
While $700 million might be good or bad, depending on what scale it’s measured on (remember, Google’s market cap is in the neighborhood of $190 billion), the 55 percent figure is great. Entities that have been around for more than a few years don’t often pull off that sort of dramatic improvement, and it would be even more impressive given the current economic climate.
Google’s about turn in China
Google has responded to what it terms “a highly sophisticated and targeted attack on our corporate infrastructure” aimed at getting access to the Gmail accounts of Chinese human rights activists by announcing its desire to stop censoring search results on its Google.cn website.
Writing on the official Google blog the company’s chief legal officer David Drummon says that “over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law”.
But there is clearly little expectation that this will be possible and Google has apparently decided that it will, if necessary, stop operating in China.
At the same time it has announced that all access to Gmail will now be over the more secure encrypted https protocol by default instead of the usual http standard that sends data as clear text.
It’s a move that is clearly being made in response to the hacking and makes a lot of sense.
The censorship goes back to January 2006 when Google launched its Chinese search engine to widespread criticism.
Building a service around the restrictions insisted upon by the Chinese government meant that searches for topics like Tiananmen brought up very different results when carried out in China, with no images of the student protests or their violent suppression coming up.
Rising pressure
The company defended its approach at the time, arguing that it was following local laws and that the benefits of bringing information – even censored information – to the people of China outweighed the need to hold to the corporate motto “don’t be evil”, because sometimes a little bit of evil was unavoidable.
It also made good business sense, of course.
Other Western search companies were already operating in China and local search engines were acquiring users in one of the fastest-growing internet markets in the world, a market that no western company could afford to ignore.
Google may believe its services are a force for good, but they are also, and must be, a force for profit too, even if they are free at the point of use.
 |
  Threatening to pull out of China is like threatening to spit on a whale  Bill Thompson
 |
But now things have changed, and the attacks on Gmail accounts of human rights activitists seem to have tipped the scale back to the side of being good
Google now apparently recognises that its presence in China has not encouraged openness or built pressure on the authorities to reduce the degree of control and censorship and that its support for the current system may in fact have given it credibility.
Yet the attack on Gmail cannot have come as a surprise, and even though Google is careful not to accuse the authorities of direct involvement the implication is clear.
Groups such as Students for a Free Tibet are being hacked all the time, and the US government has acknowledged that China is a main origin of attempts to infiltrate and disrupt US government websites.
Of course liberal democracies do the same, passing laws like the US Patriot Act or our own Regulation of Investigatory Powers Act that legalise interception and provide a framework for spying and snooping.
Chinese attempts to break into the Gmail accounts of human rights activists are as legal as attempts by the UK secret service to infiltrate the e-mail accounts of religious extremists who are considered potential terrorists.
Google’s search results are filtered and censored here in the UK to take account of legal constraints such as laws against images of child abuse.
Google and other webmail providers also routinely provide access to customer data when the authorities require it under the law, both in the UK and elsewhere, and European ISPs are obliged to retain and turn over details of our online interactions if needed to investigate crime.
‘Wrong way’
Here in the UK, Peter Barron, former editor of BBC Newsnight and now Google UK’s head of communications, has been all over the media giving their side of the story.
I haven’t seen any response from Chinese government spokespeople, and doubt one will be forthcoming.
Google may be big news in the west, but the decision of one search engine provider to renege on its agreement to follow local laws and ask for an exemption is unlikely to merit a formal response.
Threatening to pull out of China is like threatening to spit on a whale. It may make Google feel better, but organisations working to open up China and change its policies know that threats are simply not going to work.
Perhaps the senior management team at Google are simply guilty of believing all the stories in the media that paint them as all-powerful and supremely important, or perhaps they just don’t know as much about real politics as they do about building better search or targeting adverts.
When Google went into China I wrote that it was making the right choice and that a policy of constructive engagement was the only effective way forward.
Even though it has clearly failed in this instance I still believe that we will only make progress if we talk to those with whom we disagree, and if we try at least to understand the complexities that face us as different cultures try to find ways to use the technologies that underpin the global internet.
Google’s approach is not the way to effect change.
Bill Thompson is an independent journalist and regular commentator on the BBC World Service programme Digital Planet. He is currently working with the BBC on its archive project.
HP Hosts Live Webcast with Economist and Best-selling Author James Surowiecki
HP today announced it is hosting a webcast discussion with James Surowiecki, economist and best-selling author of “The Wisdom of Crowds,” as part of the company’s “Input/Output” web interview series.
The interactive discussion, which allows listeners to actively engage in the conversation through Twitter, will explore “Powering Crowdsourcing” and the role technology plays in the new way of working.
In this webcast, scheduled for Wednesday, Jan. 13, Surowiecki will delve into defining crowdsourcing and its increased impact on the world as facilitated by the Internet and mobile access. Surowiecki will explain how companies of the future harness this new information technology to mine the collective wisdom of the crowd – tapping into new levels of ideation and innovation, intelligent prediction and solution-finding schemas.
Join the discussion:
— What: Live webcast discussion
— Where: HP Input/Output webcast (http://inputcreatesoutput.com)
— Who: James Surowiecki, economist and best-selling author
— When: Jan. 13 at 1 p.m. ET
Questions can be submitted prior to the webcast via the @io_mod Twitter handle with the #hpio hashtag.
This webcast is the fourth in the Input/Output series. The third Input/Output webcast featured Richard Florida, economist and best-selling author of “The Rise of the Creative Class,” and is currently available via archive on the HP Input/Output website.
With more than 9,000 video streams and 5 million Twitter impressions to date, HP’s Input/Output sessions bring together the foremost thinkers in economics, management, technology, culture and more to discuss the impact of the “new normal” on business. Input/Output houses major discussions – generating a conversation and flow of ideas that will lead to even bigger ideas.
Google Launches Relief Site To Help Haiti
Survivors of the earthquake in Haiti are going to receive help from Google in a big way. On a new Support Disaster Relief site, Google’s released satellite imagery of the destruction to spread awareness, created a list of relevant charities to encourage donations, and promised to contribute $1 million of its own money, as well.
Let’s discuss the awareness efforts first. The fresh satellite imagery was obtained with the help of GeoEye, and the pre- and post-earthquake shots are rather startling to see. Google also noted that more information is available from local media sites and the U.S. State Department, plus it’s published the contact numbers of seven different Haitian hospitals.
As for the fundraising side of things, the search giant had plenty more to say. Google named UNICEF, Direct Relief, Yele Haiti, Partners in Health, the Red Cross, the World Food Program, Mercy Corps, Save the Children, the Lambi Fund, Doctors Without Borders, the International Rescue Committee, and Care as organizations that are accepting donations, and pointed out that it’s possible to give money with text messages.
Google even created two buttons to allow people to donate to UNICEF and Care directly from its Support Disaster Relief in Haiti site.
Yahoo, Adobe Identified As Victims Of China Hack
When Google made its big announcement about an attack originating from China, the company also mentioned that “at least twenty other large companies” had been affected. Now, it’s become almost certain that one of them was Adobe, and there are signs that Yahoo was another target.
Adobe’s status as a victim became more or less official when a post appeared on a corporate blog. The post stated, “Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”
There was no mention of Google or China, but it’s not hard to connect the dots.
As for Yahoo’s involvement, an anonymous source told Brian Womack and Ari Levy that it had been hit. Or in so many words: “Yahoo! Inc., owner of the No. 2 search engine in the U.S., was targeted by a Chinese attack similar to the one that affected Google Inc., according to a person familiar with the matter.”
There were reports that Facebook, Google, and Twitter teamed up to hunt some hackers following a series of attacks in August of last year. Perhaps, as different companies are connected to the more recent strikes, we’ll see another coalition form.
“Serious concern” over new ICANN policy group proposals
Brand owners drafting a response to the recommended “mandatory” adoption of trademark protection proposals for the new generic top level domains (gTLDs) have broadly welcomed the latest development but “serious concerns” remain.
The report of the Special Trademarks Issues (STI) team, a working group created by ICANN’s Generic Names Supporting Organization (GNSO), details the consensus reached among its members that “creation of a Uniform Rapid Suspension (URS) procedure would be a beneficial rights protection mechanism for inclusion in the new gTLD programme”.
Data losses to incur fines of up to £500,000
The Information Commissioner’s Office will be able to issue fines of up to £500,000 for serious data security breaches.
The new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice.
The size of the fine will be determined after an investigation to assess the gravity of the breach.
Other factors will include the size and finances of the organisation at fault.
Individual cases will also be assessed on whether the breach was accidental or deliberate, and how much distress the leak of information caused.
There have been several high profile data losses in recent years from large organisations including the Ministry of Defence and the DVLA (Driver and Vehicle Licensing Agency).
In an official press statement, Information Commissioner, Christopher Graham said he hoped the penalty would encourage companies to comply more closely with the Data Protection Act.
“These penalties are designed to act as a deterrent,” he said in a press statement.
“I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”
The original Act came into force in 1984 but today enormous amounts of personal data are stored and processed online.
“When things go wrong, a security breach can cause real harm and great distress to thousands of people,” added Mr Graham.
Under the most recent Act of 1998, data can only be used for the purposes for which it is collected and cannot be given to others without the consent of the individual.
Everybody has the right to see information that is held about them, with the exception of crime-related data.