This is our second warning in first wave of attacks against an unpatched flaw in Microsoft's Internet Explorer browser has already begun, and security experts warn that the threat will grow significantly over the weekend.

Less than 24 hours after Microsoft issued details for IE users, malware hunters have started detecting drive-by downloads on more than 20 maliciously rigged Web sites.

It is already reported that a list of more than 20 unique domains and 100 unique URLs hosting the exploits, which are dropping a variant of SDbot, a dangerous family of backdoors that give hackers complete ownership of infected computers.

SDbot allow attackers to control victims' computers remotely by sending specific commands via IRC (Inter Relay Chat) channels. The backdoors have also been used as a keylogger to steal sensitive user information and spread to local network and to computers vulnerable to exploits.

Some of these attackers are the same people that were exploiting the WMF vulnerability. This will continue to get worse over the weekend, especially if they can figure out how to get the exploits to work efficiently.

One of the interesting things we're seeing is that the shell code doesn't work on a lot of these sites. That suggests they're testing the exploits and getting ready to do some major damage.

In addition to SDbot variants, the sites are dumping spyware and keystroke loggers on machines without requiring any user action. Simply surfing to these sites will hose your machine.

Priced as low as $139.00 each. With 2 in SLI total cost for Video $278.00 Hits The Low cost sweet spot.

Ultrasilent Cooling (Passive Thermal Solution) Yes Memory Clock 800 MHz Clock rate 400 MHz Chipset 7600 GS Memory 256 MB Bus Type PCI-E Memory Type DDR2 Memory Bus 128bit Highlighted Features SLI ready , Dual DVI Out , DVI Out , HDTV ready Performance: NVIDIA GeForce 7600 GS 400 MHz GPU 12 Pixel Pipelines 400 MHz RAMDAC Memory: 256 MB, 128 bit DDR2 800 MHz (effective) 12.8 GB/s Memory Bandwidth Interface: PCI-E 16X DVI-I, VGA, HDTV SLI Capable Resolution & Refresh: 240 Hz Max Refresh Rate 2048 x 1536 x 32bit x 85 Hz Max Analog 560 x 1600 / 1600 x 1200 @ 60Hz Max Digital

With the acquisition of Alienware, Dell will sell computers with chips from Advanced Micro Devices. The deal closes in about 30 to 45 days.

Alienware will operate as a wholly owned subsidiary, and Alienware CEO Nelson Gonzalez said that the deal will not affect its relationship with AMD. Granted, circumstances can change, but that's the plan now.

The number of AMD PCs Alienware offers rises and falls, but AMD chips are typically always part of the company's active line of computers. Right now, Alienware sells AMD-based desktops, workstations, media centers and a notebook.

The subsidiary nature of Alienware's status means that consumers won't see AMD chips in computers that are primarily branded under the Dell name (instead of being Alienware machines) as a result of this deal. But still, since Dell owns Alienware, they are technically Dell computers.

That leaves Apple as the only major computer maker selling Intel-based, but not AMD-based, computers.

Dell has resisted selling AMD-based computers for years for a number of reasons. The popularity of AMD's Opteron chip for servers, however, has prompted some to speculate that Dell may adopt Opteron.

Dell rarely makes acquisitions. The Alienware buy is only the third or fourth in the company's history.

The unthinkable has happened: Microsoft has delayed Windows Vista yet again.

Jim Allchin, co-president of Microsoft's Platforms & Services Division, announced on March 21 during a conference call that Microsoft is now planning to roll out Windows Vista in two stages. The business, volume-licensed versions of Vista will now ship in November 2006, as many expected. But the consumer, retail versions of Vista won't be ready until January 2007.

Until March 21, Microsoft officials had said Vista would be ready to ship in time for the holiday 2006 selling season. The delay will likely impact PC makers who had been counting on preloading Vista on new PCs this fall.

Allchin attributed the decision to delay the retail versions of Vista to quality concerns. "Product quality is the first priority. We won't compromise on that," Allchin said, reiterating his oft-repeated statement that product quality trumps all else when it comes to Windows.

When asked for further details, Allchin cited performance, drivers, testing and security as areas where Microsoft and some of its partners had concerns.

Microsoft is still planning to release the next test build of Vista, its "consumer Community Technology Preview" build, to an estimated 2 million testers sometime in the next quarter, Allchin said. Microsoft had been telling testers to expect that CTP build in April. Lately, however, some partners said they heard Microsoft might not make that April date.

Microsoft is still on track to release the Vista code to manufacturing in 2006, however, Allchin said. "We expect some to say that this [the next CTP build] was fine and why didn't they just ship this," Allchin said.

Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers.

The advisory, which will be posted here, acknowledges a code execution hole that was discovered and publicly reported by Secunia Research of Copenhagen, Denmark.  Secunia said in an alert that the vulnerability is due to an error in the processing of the "createTextRange()" method call applied on a radio button control.

"This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap," Secunia said in the alert, warning that successful exploitation allows execution of arbitrary code whenever the target visits the rigged Web site.

The vulnerability was confirmed on a fully patched system with IE 6.0 and Microsoft Windows XP SP2. It has also been confirmed in IE 7 Beta 2 Preview, Secunia said. The MSRC (Microsoft Security Response Center) said in a blog entry that users of the new refresh of the IE7 Beta 2 Preview announced at Mix '06 are not affected. Lennart Wistrand, a program manager in the MSRC, recommended that IE users turn off Active Scripting to prevent a possible attack.

"Customers who use supported versions of Outlook or Outlook Express aren't at risk from the e-mail vector since script doesn't render in mail [being read in the restricted sites zone]," Wistrand added. The latest warning comes just 24 hours after the discovery, and public release, of a denial-of-service bug in the dominant Web browser.

MAC Spoofer 2006 MAC Addresses Changer Our Rating: (Good) MAC Spoofer 2006 enables you to change (spoof) the MAC address of your network card, regardless of whether the manufactures allow this option or not. The program comes as standalone executable, no install needed. Just run it, change your MAC address and restore it to the original when you're done with testing. Freeware

As the April 15th tax filing deadline approaches, cyber fraudsters are planning their attack on online tax filers to steal confidential information. Websense, Inc. (NASDAQ:WBSN) , a global leader in web security and web filtering productivity software, today announced that Websense(R) Security Labs(TM) has seen a rise in phishing attacks via fraudulent emails and websites that spoof the Internal Revenue Service (IRS). Since December 2005, Websense Security Labs has been working together with the IRS and other organizations to investigate the rise of tax scams and better protect consumers and employee computing environments from increasingly sophisticated and dangerous internet security threats.
   
   Websense Security Labs has discovered tax attacks targeting the U.S. in several countries outside of the U.S. hosted on compromised web servers. For example, one of the largest IRS phishing campaigns claims that the taxpayer is eligible for a refund and needs to log on to a website to verify their information. Users receive one of a variety of email messages with a link to a fraudulent website. Upon accessing the spoofed tax website, the user is then forwarded to a fraudulent site that requests credit card information and other personal identifiers. The intent of these attacks is to dupe users into revealing confidential information which can be used for withdrawing funds.
   
   Phishing can present a serious security risk for consumers and organizations. Phishers are becoming more sophisticated in their deception techniques to lure employees to spoofed websites, as most employees cannot determine which is a genuine site and which is a fake. However, employees don't have to "fall for the phish" and actually enter confidential information on a phishing website to be compromised. For example, recent trends indicate that by just visiting a website, many types of phishing URLs can install spyware, such as a malicious keylogger, which has the ability to capture data including network passwords or social security numbers without their knowledge. It only takes one employee to click on a phishing site and accidentally give out confidential corporate data, customer records, network passwords, or trade secrets, to jeopardize an entire organizations' intellectual property.  Full Article

Industry’s First Ultra High-End 1GB Workstation Graphics Accelerator
Introducing the ATI FireGL V7350 with Avivo™ Technology – the ultimate graphics accelerator designed for the most complicated 3D models, the largest data sets, and highest definition textures. The FireGL V7350 delivers industry leading features and performance for the most demanding workstation users running OpenGL and DirectX based applications. ATI Technologies said Monday that it had begun shipping a workstation graphics card with a gigabyte of onboard memory.

Two versions of the card, the FireGL V7xxx series, are now shipping. In addition to the more prosaic V7300, which includes 512 Mbytes of on-board RAM for a suggested price of $1,599, is the FireGL V7350, which includes the full gigabyte for a suggested price of $1,999.

As the prices indicate, the cards are designed for high-end graphics workstations, where the additional frame-buffer memory will be used to facilitate graphics rendering for CAD and other applications.

For those with extra pocket change, however, the cards will offer the ability to drive multiple HD displays, creating images over 5,000 pixels wide, ATI said, using multiple monitors that can accept up to 16 bits of information per RGB component.

"The high clock rates of these new graphics cards, combined with full 128-bit precision and extremely high levels of parallel processing, result in floating point processing power that exceeds a 3GHz Pentium processor by a staggering seven times," ATI said.

Wavesat, developer of WiMAX chipset and software, and Sanmina-SCI, a leading global electronics manufacturing services company, announced an agreement for production and cost optimization of the WiMAX Mini-PCI. The low-cost, small-form factor WiMAX 3.5 GHz Mini-PCI modules are now available for volume delivery anywhere in the world.

The WiMAX Mini-PCI modules are based on Wavesat's recently launched WiMAX 3.5 GHz Mini-PCI reference design, and incorporates Wavesat's Evolutive DM256 chipset and MAC coprocessor. Plus, the WiMAX Mini-PCI modules are fully compliant with the IEEE 802.16-2004 standard, offer easy upgradeability to 802.16e-2005 for basic mobility applications, and support TDD and HFDD, 3.5 and 7.0 MHz bandwidths and modulation up to 64-QAM.

"We are excited to be working with a WiMAX pacesetter such as Wavesat," said David Dutkowsky, EVP for Sanmina-SCI's Communications Infrastructure Division. "Wavesat's unique WiMAX expertise and strategic positioning, in conjunction with our manufacturing capability and international presence, will result in tangible benefits for the WiMAX industry worldwide."

Recently announced in Red Herring.com, Clearwire - a so called 'start-up' - is looking to invest about $1 billion in funds to build its own WiMAX network, and plans to offer wireless broadband service over wide areas. Specifically, Clearwire is anxious to acquire spectrum and build new markets, Chief Strategy Officer Ben Wolff told RedHerring.com.

Clearwire is definitely a new firm, but with a solid history. Clearwire was founded in October 2003 by Craig McCaw, the cellular phone pioneer who sold McCaw Cellular Communications to AT&T in 1994 for more than $11 billion.

With the new capital available, Clearwire may start to compete with incumbents like Comcast and AT&T in the growing high-speed broadband Internet market. More specifically, the company could partner with satellite-TV companies who want to offer a bundle of video, voice, and data in their quest to compete with the cable and telephone companies.

Speculation on the potential pairing grew earlier this year after News Corp. Chairman Rupert Murdoch said his DirecTV company was looking for a way to enter the wireless broadband market. Clearwire was considered a leading candidate to help.

“What we like about our business plan and technology is there are a number of parties we could partner with,” said Mr. Wolff, declining to say whether the company is negotiating with DirecTV. Clearwire could even partner with wired and wireless phone companies as well, he mused.

"Building up a network like ours is very similar to building up a cellular network,” said Mr. Wolff, who is also co-president. Clearwire currently offers service in more than 200 cities and towns in the United States, Ireland, Belgium, Denmark, and Mexico. In the U.S. the company operates under the licensed 2.5 GHz band in places like Jacksonville, Florida; Modesto; California; and Bellingham, Washington.

Clearwire deploys an early, nonstandard version of WiMAX. The equipment for its network comes from its wholly owned subsidiary NextNet Wireless.

The service is considered fixed because phones or other mobile devices that work with the technology are not yet available. Nevertheless, Clearwire’s service can transmit voice and data at speeds comparable to DSL and cable. And because it is wireless, there is no need for fiber-optic cables or copper wires.

Currently the speed of the connection is up to 1.5 Mbit/second. The company charges $30 to $37 a month for the service and $5 for the modem, to a rather small number of customers.

Affordable and packed with productivity for wherever business takes you.

Wherever your life is going, this is the perfect handheld to take along for the ride. The sleek, stylishly designed Tungsten™ E2 handheld from palmOne brings your entire world to life. Your calendar, contacts, documents, presentations, photos and videos look sharper and more colorful. But just as important, its new flash memory keeps all that information safe—even if you don’t have time to recharge.

Of course, it wouldn’t be a palmOne handheld if we didn’t push the boundaries of what a handheld can do. That’s why we included Bluetooth® wireless technology for wireless connectivity. Now working and communicating will be that much easier. Taking work to go? View and even edit spreadsheets and word processing documents right on your handheld. Plus you can sync your calendar and contacts from Outlook1. And don’t forget to grab your MP3 tunes. You’re going places.

Features:

• Brighter, richer color display
  See your information clearly indoors and out. Brighter display, better color saturation brings photos and videos to life.
• Non-volatile, flash memory
  There’s more than enough room to hold your calendar, contacts, applications, photos, and even your spreadsheets or presentations. And because it’s flash memory, the information on your handheld is protected—even if you’re on the go and don’t have time to recharge.
• Built-In Bluetooth®
  Stay connected. With built-in Bluetooth® wireless technology, you can synchronize with your desktop without wires getting in the way. Use your Tungsten™ E2 handheld with a compatible phone to send email and text messages, or to check news headlines on the Web.
• Documents To Go®
  Productivity in your pocket. The Tungsten™ E2 comes with Documents To Go, which lets you carry Word, Excel, and PowerPoint files-so you can be more productive wherever you are. And with a simple conversion step, you can even view Acrobat PDFs.

Hollywood, Interrupted reports that sources inside Paramount and South Park studios say  the scheduled repeat of one of my fave South Park episodes, "Trapped in the Closet" - the one that satirizes Scientology and has R. Kelly singing to  Tom Cruise to "come out of the closet" - was pulled due to Cruise threatening parent company Viacom. Cruise reportedly threatened to pull advertising for his upcoming film, Mission: Impossible: 3  if the South Park episode was aired. 

In their long history with Comedy Central, Trey Parker and Matt Stone have never been censored, not even for their infamous "Bloody Mary episode", but Cruise throws his weight around and suddenly the boys have their mouths duct-taped? Following the news that Scientologist Isaac Hayes, who voiced The Chef on the show, quit because he was offended by the Scientology spoof, this story, if it proves to be true, doesn't really serve to make Hollywood Scientologists look like good sports, eh?

South Park has poked fun at every single religon on the planet in their bits. Did Hayes and Cruise get their panties in a twist over any of those episodes? Nope. But when Parker and Stone turn their lens to an examination of the foundations of Scientology and put Tom Cruise and John Travolta in a closet together, Cruise suddenly brings on the threats? The irony is that you can view the funnier parts of the episode on Comedy Central's website anyhow or in flash here. Parker and Stone are rumored to have been muzzled by the big dogs on the truth around the episode being pulled, but knowing those two, I wouldn't expect them to just take this sitting down. I smell a South Park episode with Cruise as a Scientology terrorist coming around the bend...

The article is a post from Schneier on Security.  Bruce Schneier, said "This" is great work by Yossi Oren and Adi Shamir:

Abstract (Summary)

We show the first power analysis attack on passive RFID tags. Compared to standard power analysis attacks, this attack is unique in that it requires no physical contact with the device under attack. While the specific attack described here requires the attacker to actually transmit data to the tag under attack, the power analysis part itself requires only a receive antenna. This means that a variant of this attack can be devised such that the attacker is completely passive while it is acquiring the data, making the attack very hard to detect. As a proof of concept, we describe a password extraction attack on Class 1 Generation 1 EPC tags operating in the UHF frequency range. The attack presented below lets an adversary discover the kill password of such a tag and, then, disable it. The attack can be readily adapted to finding the access and kill passwords of Gen 2 tags. The main significance of our attack is in its implications ­ any cryptographic functionality built into tags needs to be designed to be resistant to power analysis, and achieving this resistance is an undertaking which has an effect both on the price and on the read range of tags.

My guess of the industry's response: downplay the results and pretend it's not a problem.

GPG is an open-source version of the PGP e-mail encryption protocol. Recently, a very serious vulnerability< was discovered in the software: given a signed e-mail message, you can modify the message -- specifically, you can prepend or append arbitrary data -- without disturbing the signature verification.

It appears this bug has existed for years without anybody finding it.

Moral: Open source does not necessarily mean "fewer bugs." Bruce Schneier wrote aboutthis back in 1999.

UPDATED TO ADD (3/13): This bug is fixed in Version 1.4.2.2. Users should upgrade immediately.

Schneier on Security

Think that deleting that incriminating e-mail in your G-Mail account will save you from the feds? Think again. In a case that shows Google’s true colours, the leading search company has accepted an order from US Magistrate Judge Elizabeth Laporte to divuldge all deleted e-mails to court from Peter Baker. Every e-mail from this shareholder of Dolphin Development will now be poured over and analyzed by the Federal Trade Commision’s lawyers who are attempting to track down some money that may or may not be in Peter Baker’s possession. These records also include deleted e-mails, stored off-site by Google.

Read more:
C|Net
Elizabeth Laporte

Faster wireless telecoms may be offered to UK firms this summer, as more mobile operators have announced plans to roll out High-speed Download Packet Access (HSDPA) services, sometimes referred to as Super 3G.

Most mobile operators have now revealed their launch plans. The latest to do so is 3, which said its trials based on Nokia and NEC infrastructure are now delivering speeds up to 1.4Mbit/s – over three times faster than current 3G services based on UMTS technology. The company said it currently offers 3G coverage to 88 percent of the UK population.

The growth of HSDPA is likely to limit demand for other wireless broadband technologies such as WiMax, argued Vodafone chief executive Arun Sarin, speaking at this year's 3GSM congress in Barcelona. "I think WiMax will be less interesting after HSDPA launches," he said.

Some pundits believe that WiMax technology will be restricted to a niche role.
A report published by the Organisation for Economic Cooperation and Development (OECD) has concluded that WiMax's main use might be in areas that have poor 3G and Wi-Fi connectivity.

However, even here WiMax systems might require significant subsidies from the government before the technology could be widely used as an access mechanism, it said.

The OECD said its main reason for predicting WiMax will have only a limited role is that in some places governments have been slow to allocate spectrum, and licensees have been slow to develop services.

The report says, "The success of WiMax partially will depend on the availability of spectrum in OECD markets. Initial equipment will work in one of three main frequency ranges, 2.5GHz, 3.5GHz and 5GHz. Existing allocations of spectrum should be examined to see where space could be available for new broadband wireless technologies. Spectrum allocations should be technologically neutral."

In the UK the most likely band for WiMax is at 3.5GHz. Currently only PCCW-owned telecoms provider UK Broadband has rolled out a limited service using this band, in the Thames Valley.

Nearly four out of five online banking customers now ignore emails that purport to be from their bank, according to data commissioned by RSA.

The annual study, conducted by market researchers Infosurv, found that lack of trust in such emails had risen from 70 per cent ion 2004 to 79 per cent. Nearly two thirds of those questioned hadn't seen any drop oin the number of phishing emails they received.

The research also found that people want to have their online banking monitored, with nearly nine out of ten people saying they would be happy to be monitored while online and 59 per cent of respondents feeling that the bank should contact them if it suspects suspicious activity on their accounts.

Consumers seem to feel comfortable with the notion of their financial institution monitoring their online activity and contacting them when something suspicious is detected, just as they have become accustomed to for years in the credit card space.

Although the banking community has been making noises about introducing stronger identity management systems early progress has been slow and the survey shows little support for some products.

Less than half of those questioned felt comfortable using a hardware token to access their accounts, although nearly three quarters want some form of stronger security.

Consumers will soon be able to make their choice in the battle for the high-definition DVD format as players for the two main competing formats finally get release dates.

Toshiba has announced a March launch for its HD DVD format player, making it first to market in the new format. However, this date may be put back to April coincide with the first films to appear on HD DVD.

Warner Home Video said it will release three HD DVD films on April 18th: Million Dollar Baby, The Last Samurai and The Phantom of the Opera. Warner will follow those up with 17 other titles, including Batman Begins, Constantine, Training Day and The Matrix.

The rival Blu-ray format is set to have its first working DVD player in the shops in April. Samsung will launch its player that month, although Sony won't have its first model available until July. Sony said its BDP-S1 Blu-ray player will cost around $1,000 (£570).

However, the launch of the Blu-ray players may also be delayed until content for that platform is available. The earliest Blu-ray titles won't be released until May 23rd. In a move that will please consumers not wanting to back a doomed format, LG is creating a player that handles discs from both systems. The company has told its dealers to expect delivery of the dual-format player in autumn.

LG joins fellow original Blu-ray backer Hewlett-Packard in deciding to support both Blu-Ray and HD DVD.

The Wireless-G VPN Broadband Router is the advanced, complete networking solution for your small business, incorporating four essential networking functions in one high-powered box. First, there's the Wireless Access Point, which lets you connect Wireless-G (802.11g) or Wireless-B (802.11b) devices to the network. There's also a built-in 4-port full-duplex 10/100 Switch to connect your wired-Ethernet devices. Connect four PCs directly, or daisy-chain out to more hubs and switches to create as big a network as you need.

Third, the Router function ties it all together and lets your whole network share a high-speed cable or DSL Internet connection. And finally, the Virtual Private Network (VPN) function creates encrypted ""tunnels"" through the Internet so up to 50 remote or traveling users can securely connect to your office network from off-site, or users in your branch office can connect to a corporate network.

To protect your data and privacy, the Wireless-G VPN Broadband Router can encrypt all wireless transmissions with 128-bit WEP encryption, and also supports the industrial-strength wireless security of 802.1x authentication and authorization. The Router can serve as a DHCP Server, and has a powerful SPI firewall to protect your PCs against intruders and most known Internet attacks. It can be configured to filter internal users' access to the Internet, and has MAC or IP address filtering so you can specify exactly who has access to your network. Configuration is a snap with the web browser-based configuration utility.

As the center point of your office network, the Linksys Wireless-G VPN Broadband Router gives you the flexibility, speed, and security you need!

Features:

An Internet connection-sharing Router, Switch, and Access Point with built-in VPN endpoint capability and advanced security features

Jump start your small business network by connecting both Wireless-G (802.11g) PCs, and local wired PCs

Securely connect up to 50 remote or traveling users to your office network via VPN

Advanced Security: Wireless data encryption (WEP), 802.1X authentication and authorization support, SPI Firewall and Internet Access filtering

Technical Information:

Standards: IEEE 802.11b, 802.11g, 802.3

Ports: Internet, Ethernet (1, 2, 3, 4), Power Buttons Power, Reset

Cabling Type: UTP CAT 5

LEDs: Power, Internet, LAN (1, 2, 3, 4), Wireless-G, DMZ

Transmit Power: 19 dBm

UPnP able/cert: Able

Security Features: WEP, 802.1x Authentication

WEP Key Bits: 64, 128

Warranty: Three Year Limited

Dimensions: 7.32" x 6.89" x 1.89"

W x H x D: (186 mm x 175 mm x 48 mm)

Unit Weight: 20.11 oz. (0.57 kg)

Power: 5V, 2.5A

Certifications: FCC, IC-03

Operating Temp: 32ºF to 104ºF (0ºC to 40ºC)

Storage Temp: -4ºF to 158ºF (-20ºC to 70ºC)

Operating Humidity: 10% to 85%, Non-Condensing

Storage Humidity: 5% to 90%, Non-Condensing

The number of victims in the world's largest identity theft case could surpass one million, authorities in South Korea have reported.

Police announced this week that the number of victims of ID theft connected to the online game Lineage is between 980,000 and 1.22 million, according to the Korea Herald. 

The game's developer, NCsoft, said that, as of Sunday, it has received confirmation from over 175,000 people in South Korea that their national identity numbers have been used without their knowledge to register accounts in its Lineage series of multiplayer online role-playing games. 

As reported on vnunet., the bogus accounts were apparently used by China-based groups to generate virtual items in the game world which were then sold to gamers in exchange for real world cash.

Police now report that they have traced email addresses to China. Approximately 1,500 different IP addresses were used to connect to the illegal accounts.

New account registrations which provided a free trial period of several days could previously be obtained simply by entering an ID number into an online form. NCsoft said that it has since tightened up its registration procedures.

Previous reports estimated the number of active, legitimate Lineage accounts at between three and four million.

Despite the surprising addition of about one million new accounts in only four months, the company was slow to take action, according to local press reports. News of the unprecedented ID theft did not become public until February.

Police have suggested that the huge number of stolen Korean ID numbers could have been handed over during a legitimate business deal between Korean online shopping websites and their Chinese subcontractors.

Earlier reports blamed hackers for stealing the ID numbers from Korean websites' databases.

In a case in which damage claims could theoretically exceed $1bn, Korean lawyers are planning to sue NCsoft for $1,000 per ID theft victim in a class action lawsuit. Reports late last month said that 3,500 potential plaintiffs had joined the action so far.

The furore generated by the case has reportedly led the Korean government to strengthen ID theft penalties with a new three-year jail sentence for offenders.

The US Department of Justice and the Toronto Police have busted a major child pornography network, leading to the arrest of 27 individuals in England, the US, Canada and Australia.

US Attorney General Alberto Gonzales said at a press conference that undercover investigators had infiltrated an internet chat room being used to trade images of child pornography.

The content included live streaming video of adults sexually molesting children and infants.

"The behavior in these chat rooms, and the images many of these defendants sent around the world through P2P file sharing programs and private IM services, are the worst imaginable forms of child pornography," said Gonzales.

"This investigation is an example of how American law enforcement can and will work side-by-side with our international law enforcement partners to shut down these rings and protect young, vulnerable victims from the horrors of sexual abuse."

Gonzales added that those arrested had not yet been convicted, but that the department intended to prosecute them and others engaged in similar practices " to the fullest extent of the law".

Seven of the abused children have been identified and rescued, one as young as 18 months old. One chat room member who called himself 'Acidburn' had streamed live abuse over the internet.

The US hosts 40 per cent of the world's child pornography, according to figures released last week by the Internet Watch Foundation (IWF). Russia was the second most used country, hosting over a quarter of such images. 

Peter Robbins, chief executive of the IWF, praised US internet providers for reacting promptly when notified and taking down sites and message boards hosting such content.

He added that so much content is posted in the US because of the country's freedom of information laws.

"It is difficult to see abusing children as freedom of speech," he said. " Most US ISPs will take content down, but there's a huge amount of work to do in Russia."

Adobe is urging users of its document and graphics server equipment to harden their systems after the discovery of a critical flaw.

Danish vulnerability testing firm Secunia first reported the flaw, which it describes as 'moderately critical', in July 2005 but it has taken until now for Adobe to fix the problem. Adobe has issued an advisory on its website. 

The problem is caused when the 'saveContent' and 'saveOptimized' Adobe Document Server commands are used. This may save files anywhere on the system, including those areas with full access privileges.

"This can be exploited by sending a specially crafted Soap request to the web service to write a graphics file containing malicious JavaScript as metadata to e.g. the server's 'All Users' start-up folder," warned Secunia.

"The request can be constructed to save this graphics file with an HTA extension causing the file to be executed the next time any user logs in.

"A request containing 'loadContent' can also be sent to retrieve arbitrary graphics or PDF files from the server, potentially exposing sensitive information."

Adobe recommends adapting local access controls to mitigate against the problem, and officially thanked Secunia for bringing the issue to its attention.

The Anti-Phishing Working Group (APWG) has reported a sharp rise in the number of phishing attacks, combined with an increased sophistication among attackers.

In its monthly report (PDF) for November 2005 the APWG said that reported attacks grew to 16,882 from 15,820, the third month of growth after a slowdown over the summer.

The UK and Europe were particularly hard hit as phishers looked for new targets outside the US.

The bulk of targets are still financial companies at nearly 95 per cent of attacks in November, up from 86 per cent in October.

There is also evidence that phishers are refining their targets lists, since the number of brands attacked has fallen despite the overall increase in activity.

Almost a third of all phishing sites are hosted in the US. South Korea is the second most popular host at 11.34 per cent, reflecting the country's high levels of broadband penetration.

There is also worrying evidence that attacks are getting smarter. The APWG noted an increased in legitimate sites being cracked and used to spread malware.

"A good example of this scheme was exhibited by an attack on the ShangHai Huizhong Automotive Manufacturing Company, one of the largest car manufacturers in China," the report said.

"Crackers programmed the site to deliver key-loggers to the PCs of consumers visiting the ShangHai Huizhong site, installing a system that attempted to load and run malicious code on the visitors' PCs." 

The APWG also found a much higher percentage of domain name server redirections using Trojan software.

One example occurred when a 'security tool' was emailed out claiming to be from PayPal which, once ex ecuted, automatically redirected any attempt to access PayPal to a phishing site hosted in India.

There is also little sign that website hosting companies are getting any better at shutting down phishing sites once they are discovered. The average time such a site stayed up was 5.5 days, unchanged from October.

Web monitoring firm Netcraft has warned that a web server belonging to a state-operated Chinese bank is hosting phishing sites targeting US banks and financial institutions. 

"This is the first instance we've seen of one bank's infrastructure being used to attack another institution," said Netcraft.

The company revealed that the phishing emails sent over the weekend targeted customers of Chase Bank in the US and eBay, and were directed to sites hosted on IP addresses assigned to the Shanghai branch of the China Construction Bank. 

"The phishing pages are located in hidden directories with the server's main page displaying a configuration error," said Netcraft.

Recipients of the emails were offered the chance to earn $20 by filling out a user survey which presented a series of questions.

This was followed by a request for user ID and password so that the $20 'reward' could be deposited into the proper account.

The form also requested the victim's bankcard number, Pin, card verification number, mother's maiden name and Social Security number. Any data submitted was then sent to a free form processing service on a server in India.

One giveaway was that the URL in the phishing email used an IP address rather than a domain, typically a strong indicator of a phishing site.

Netcraft warned that the same IP address at the China Construction Bank in Shanghai was used over the weekend to host a page spoofing the eBay log-in screen.

Virus hunters have discovered a new Trojan that encrypts files on an infected computer and then demands $300 in ransom for a decryption password.

The Trojan, identified as Cryzip, uses a commercial zip library to store the victim's documents inside a password-protected zip file and leaves step-by-step instructions on how to pay the ransom to retrieve the files.

It is not yet clear how the Trojan is being distributed, but security researchers say it was part of a small e-mail spam run that successfully evaded anti-virus scanners by staying below the radar.

While this type of attack, known as "ransomware," is not entirely new, it points to an increasing level of sophistication among online thieves who use social engineering tactics to trick victims into installing malware, said Shane Coursen, senior technical consultant at Moscow-based anti-virus vendor Kaspersky Lab.

The LURHQ Threat Intelligence Group, based in Chicago, was able to crack the encryption code used in the Cryzip Trojan and determine how the files are encrypted and the payment mechanism that has been set up to collect the $300 ransom.

According to a LURHQ advisory, Cryzip searches an infected hard drive for a wide range of widely used file types, including Word, Excel, PDF and JPG images. Once commandeered, the files are zipped and overwritten the text: "Erased by Zippo! GO OUT!!!"

The Trojan then deletes all the files, leaving only the encrypted file with the original file name, followed by the "_CRYPT.ZIP" extension.

A new directory named "AUTO_ZIP_REPORT.TXT" is created with specific instructions on how to use the E-Gold online currency and payment system to send ransom payments.

The instructions, which are marked by misspellings and poor grammar, contain the following text: Your computer catched our software while browsing illigal porn pages, all your documents, text files, databases was archived with long enought password. You can not guess the password for your archived files - password lenght is more then 10 symbols that makes all password recovery programs fail to bruteforce it (guess password by trying all possible combinations).

The owner of the infected machine is warned not to search for the program that encrypted the data, claiming that it simply doesn't exist on the hard drive. If you really care about documents and information in encrypted files you can pay using electonic currency $300," the note says. Reporting to police about a case will not help you, they do not know password. Reporting somewhere about our E-Gold account will not help you to restore files. This is your only way to get yours files back.

The Trojan author uses scores of E-Gold accounts simultaneously to get around potential shutdowns, according to LURHQ, which published the complete list of E-Gold accounts in the advisory.

Officials from E-Gold, which operates out of the Caribbean island of Nevis, were not available for comment.

"Infection reports are not widespread, so it is not believed this is a mass threat by any means," LURHQ said. However, the company said social engineering malware is typically more successful when it is delivered in low volume to get around anti-virus detections.  "[M]ore attention means the likely closing of the accounts used for the anonymous money transfer," LURHQ said.

If you are anything like me, nothing will put a frown on your face like an automated phone system. This site has the solution for many of these stupid ill thoughtout phone systems that do little but make their customers angry.

Our goal is to improve the quality of customer service and phone support in the US. This free website is run by volunteers and is powered by over one million consumers who demand high quality phone support from the companies that they use.

We will soon publish a list of the best and worst mass-market consumer companies in the US based on how long it takes to get to a human on the phone and on the quality of support received.

Please help us grow our customer support ratings database by taking a moment to rate the quality of support you receive when calling a consumer company you use: "GET A HUMAN"

A8N32-SLI Deluxe motherboard has all the horsepower of other motherboards based on NVIDIA´s original single-chip nForce4 SLI implementation. However, the real sweet spot, as we expected, appears when running the board in high-end gaming applications in multi-GPU SLI configurations, and more specifically SLI-AA modes. A sensible improved heatpipe-cooler, a fully equipped BIOS and a great board-layout, endowed with all connectors which leaves nothing to be desired, turn the ASUS A8N32-SLI Deluxe into a front model.

A8N32-SLI_deluxe FlashPaper (160.88 KB)

  

Overclocking has always been ABIT's forte, and the AW8-MAX is no exception: "In the arena of overclocking, the ABIT AW8-MAX shined as well. With our Corsair 5400C4 Pro DDR2 memory, we were able to bring it up to over 800MHz on the memory bus. With Corsair 8000UL RAM, we were able to run the memory bus stable at 904MHz. Front side bus speeds of 325MHz were easily reached as well. For the Intel overclocker, the AW8-MAX is certainly a board to keep on your short list."

Abit AW8-MAX FlashPaper (179.24 KB)

Carnegie Mellon University plans to incorporate characters and animation from the popular video game "The Sims" in its free educational software that strives to make computer programming more appealing to students.

The university will use the animation to enliven the next version of Alice, a teaching program developed over the past decade and used at more than 60 colleges and universities and about 100 high schools, said Randy Pausch, a computer science professor and director of the Alice Project.

"This is not some little crumb that got tossed. This is the most valuable intellectual property owned by the largest video game maker in the world," Pausch said Friday. "For the intended demographic we're trying to teach, 'The Sims' are more valuable than the Disney library."

The Alice programming language is designed to make abstract concepts concrete for first-time programmers, using three-dimensional images of things such as people or animals that can be controlled by clicking and dragging words with a computer mouse. Those words form a program.

While Alice has proven effective, its characters and animation remain rudimentary, Pausch said. The animation is expected to transform Alice from a crude three-dimensional programming tool into a more compelling programming environment.

The effort to revamp Alice is intended to boost interest in computer programming among students, who have historically found the skill frustrating to learn.

A 2005 University of California, Los Angeles study found there had been a 50 percent drop in computer science majors over the previous four years. The proportion of women who were considering majoring in computer science fell to levels not seen since the early 1970s, according to the study.

Electronic Arts Inc., which publishes "The Sims," wants "more women in computer science, they want more minorities in computer science ... any underrepresented group. "The Sims" is a wildly popular game that lets players control virtual humans from birth until death.

One of the most commonly exploited vulnerabilities is the buffer overflow. Buffer overflows occur when too much information can be written to a predefined memory buffer, causing a program to fail.

There are many tools that let hackers exploit this vulnerability, and knowing them will help you learn how to prevent their successful use on your systems.

One such tool is Digital Monkey's Buffer Syringe, a relatively simple, minimally documented tool that lets hackers exploit buffer overflows. In fact, Buffer Syringe includes several usage examples that make implementation of the tool a snap.

Understanding how Buffer Syringe and tools like it work should give IT managers much more confidence when evaluating, for example, a Windows vulnerability assessment tool or patch management system because it will reveal the ins and outs of how the buffer overflow is constructed.

With this information, IT managers can then exact much more specific and telling information from vendors of commercial vulnerability assessment tools as to how their tools detect such weaknesses. Thus armed, it will be much easier to evaluate, select, implement and use such tools over time.

Early in the methodical stalking of an IT resource, hackers will enumerate and identify systems in a network, looking for something of interest. After identifying an interesting target, smart hackers will gently test to see if any part of a system was left in a default configuration. Such a configuration provides easy back-door entry into what might look from the front like an impregnable fortress.

For Windows systems, start with sysinternals.com, where you'll find a host of useful no-cost and commercial diagnostic tools. -http://sysinternals.com/

Go to nessus.org to become familiar with one of the most widely used vulnerability assessment tools available. Nessus can probe a wide range of server and desktop operating systems and is frequently updated. - http://nessus.org/