Google attack highlights 'zero-day' black market

SAN FRANCISCO – The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.

Because no fix was available, the linchpin in the attack was one of the worst kinds of security holes. Criminals treasure these types of "zero day" security vulnerabilities because they are the closest to a sure thing and virtually guarantee the success of a shrewdly crafted attack.

The attackers waltzed into victims' computers, like burglars with a key to the back door, by exploiting such a zero-day vulnerability in Microsoft Corp.'s Internet Explorer browser. Microsoft rushed out a fix after learning of the attack.

How did the perpetrators learn about the flaw? Likely, they merely had to tap a thriving underground market, where a hole "wide enough to drive a truck through" can command hundreds of thousands of dollars, said Ken Silva, chief technology officer of VeriSign Inc. Such flaws can take months of full-time hacking to find.

"Zero days are the safest for attackers to use, but they're also the hardest to find," Silva said. "If it's not a zero day, it's not valuable at all."

The Internet Explorer flaw used in the attack on Google Inc. required tricking people into visiting a malicious Web site that installed harmful software on victims' computers.

The attack, along with a discovery that computer hackers had tricked human-rights activists into exposing their Google e-mail accounts to outsiders, infuriated Google and provoked a larger fight over China's censorship of the Internet content. Google has threatened to shut down its censored, Chinese-language search engine and possibly close its offices in China.

Pedram Amini, manager of the Zero Day Initiative at the security firm TippingPoint, estimated that the IE flaw could have fetched as much as $40,000. He said even more valuable zero-day flaws are ones that can infect computers without any action on the users' part.

Zero days refer to security vulnerabilities caused by programming errors that haven't been "patched," or fixed, by the products' developers. Often those companies don't know the weaknesses exist and have had zero days to work on closing the holes.

In this case, Microsoft actually knew about the flaw since September but hadn't planned to fix it until February, as companies sometimes prioritize fixing other problems and wait on the ones they haven't seen it used in attacks.

Microsoft often fixes multiple vulnerabilities at once because testing patches individually is time-consuming and costly, said Chris Wysopal, co-founder of security company Veracode Inc.

But criminals know how the patch cycle works, and Wysopal said the Google attackers may have realized their zero-day flaw was getting old — and thus struck in December just before they thought Microsoft was going to fix it.

"They likely thought the bug would be fixed in January or February," he said. "They were right."

Microsoft certainly could have fixed the bug earlier and prevented it from being used on Google, but security experts caution that an adversary that is well-funded or determined could have easily found another bug to use.

"Zero days aren't difficult to find," said Steve Santorelli, a former Microsoft security research who now works with Team Cymru, a nonprofit research group. "You don't have to have a Ph.D. in computer science to find a zero-day exploit. It really is a factor of the amount of energy and effort you're willing to put in."

In fact, such exploits are widely available for the right price. VeriSign's iDefense Labs and 3Com Corp.'s TippingPoint division run programs that buy zero-day vulnerabilities from researchers in the so-called "white market." They alert the affected companies without publicly disclosing the flaw and use the information to get a jump on rivals on building protections into their security products.

There's also another, highly secretive market for zero days: U.S. and other government agencies, which vie with criminals to offer the most money for the best vulnerabilities to improve their military and intelligence capabilities and shore up their defenses.

TippingPoint's Amini said he has heard of governments offering as high as $1 million for a single vulnerability — a price tag that private industry currently doesn't match.

Little is publicly known about such efforts, and the U.S. government typically makes deals through contractors, Amini said. Several U.S. government agencies contacted by The Associated Press did not respond to requests for comment.

One researcher who has been open about his experience is Charlie Miller, a former National Security Agency analyst who now works in the private sector with Independent Security Evaluators. Miller netted $50,000 from an unspecified U.S. government contractor for a bug he found in a version of the Linux operating system.

Whether to pay — and seek payment — is hotly debated among researchers.

"I basically had to make a choice between doing something that would protect everybody and remodeling my kitchen — as terrible as that is, I made that choice, and it's hard," Miller said. "It's a lot of money for someone to turn down."

Companies whose products are vulnerable generally won't pay outside researchers for bugs they've found. Microsoft said offering payment "does not foster a community-based approach to protecting customers from cybercrime." The company declined further comment on its practices and the timing of the fix for the flaw used in the Google attack.

On Thursday, Google announced that it will start paying at least $500 to researchers who find certain types of bugs in its Chrome browser, calling the program an "experimental new incentive." That mirrors a reward that Mozilla has been offering for critical bugs found in its Firefox browser.

Computer vulnerabilities are so dangerous that one day private companies such as Microsoft might be pressured into buying from the black market to prove they're doing all they can to keep customers secure — especially the most critical ones such as the military and power companies.

"I think it's only a matter of time," said Jeremiah Grossman, founder of WhiteHat Security Inc. "Something really bad has to happen first, and it hasn't yet. When a virus runs through a children's hospital and causes loss of life, it's going to matter a lot."

Power plants, other infrastructure face hackers

SAN FRANCISCO – More than half of the operators of power plants and other "critical infrastructure" say in a new study that their computer networks have been infiltrated by sophisticated adversaries. In many cases, foreign governments are suspected.

The findings come in a survey being released Thursday that offers a rare public look at the damage computer criminals can do to vital institutions such as power grids, water and sewage systems and oil and gas companies. Manipulating the computer systems can cause power outages, floods, sewage spills and oil leaks.

The report was based on an survey completed by 600 executives and technology managers from infrastructure operators in 14 countries. The report was prepared by McAfee Inc., which makes security software, and the Center for Strategic and International Studies in Washington, which analyzed the data and conducted additional interviews. The respondents aren't named and specifics aren't given about what happened in the attacks.

The report comes as concerns are growing about state-sponsored hacking and threats to critical infrastructure.

In November, CBS's "60 Minutes" reported that several Brazilian power outages were caused by hackers — a report that Brazilian officials have played down. Last April, U.S. government officials said that spies hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems.

In the new report, 54 percent of respondents acknowledged that they had been hit by "stealthy infiltration" of their networks. In such break-ins, criminals can plant malicious software to steal files, spy on e-mails and do even scarier things like remotely controlling equipment inside a utility.

Utilities are increasingly using mainstream software and connecting parts of their operations to the Internet so technicians can service problems remotely. Both factors heighten the danger of a hacker break-in.

The same percentage of respondents also said they have experienced large-scale "denial-of-service" attacks, in which a computer network is knocked out of service because of it is flooded with bogus Internet traffic. The infrastructure operators frequently said they believed representatives of foreign governments were involved.

Perhaps even more alarming: Many intruders have apparently done something harmful with the access they've stolen. Operators who had experienced denial of service attacks often said the incidents had at least some effect, from minor service interruptions to sustained damage and critical breakdowns.

Extortion is a common motivation, with hackers demanding money to end or agree not to carry out an attack. The power and oil and gas sectors were the most frequently targeted.

Identifying the culprits in such attacks can be next to impossible, because computer attacks are typically routed through multiple layers of infected computers to disguise the source. However, researchers can often learn clues about the attackers' country of origin by studying the language and other signs in the malicious software's programming.

Cyber spies and thugs attacking power-water plants

SAN FRANCISCO (AFP) – Power plants, oil refineries and water supplies increasingly dependent on the Internet are under relentless attack by cyber spies and thugs, according to a McAfee

report.

The "Critical Infrastructure in the Age of Cyber-War" analysis by the US-based Center for Strategic and International Studies said the price of "downtime" from major attacks exceeds six million dollars a day.

"If cyberspace is the Wild West, the sheriff needs to get to Dodge City," concluded the study commissioned by McAfee, which sells computer security software.

In most developed countries, operating systems of critical infrastructure including power grids and oil refineries are linked to the Internet where they can be targeted for attacks.

"There are absolutely foreign entities that would definitely conduct (cyber) reconnaissance of our power infrastructure," said Michael Assante, chief security officer of the North American Electric Reliability Corporation.

"They would be looking to learn, get a foothold and try to maintain sustained access to computer networks."

Researchers surveyed 600 IT and security executives from critical infrastructure enterprises in 14 countries in September of 2009.

Operators of enterprises reported that their networks and control systems are under repeated cyberattack, according to the study.

And while defenses were deemed acceptable, harsh economic conditions have tightened spending on computer security while attackers have grown more sophisticated, survey results indicated. Related article: Cyber arms race

"There is no identifiable protection model that will keep pace with the evolution and sophistication of cyber threats," said Assante.

"In addition, innovative technologies, from cloud computing to Smart Grid meters and SCADA connectivity, continue to create new vulnerabilities."

While the most common target of attacks was financial information, operators of energy, oil, and gas facilities saw assaults on operational controls, according to the survey.

A third of the respondents saw the threat as growing, while two fifths said they expect a major Internet security incident in their sector within a year.

The United States said Thursday that Google's problems in China with cyberattacks could deter US companies from investing in the Asian economic powerhouse.

Google has threatened to abandon its Chinese search engine, and perhaps end all operations in the country over the recent cyberattacks. It has also said it is no longer willing to bow to Chinese government censors.

China has said the hacking charges were without foundation.

Critical systems operators feared the potential of cyber-war.

"Although attribution is always a challenge in cyberattacks, most owners and operators believe that foreign governments are already engaged in attacks on critical infrastructure in their country," the study said.

"Other cyberattackers range from individual hackers and e-vandals to organized crime enterprises. Financially motivated attacks like extortion and theft-of-service are widespread."

Oil and natural gas operations reported the highest rates of "stealth infiltration" with 71 percent claiming to have been targeted.

One-in-five critical infrastructure entities reported being the victim of extortion through cyberattack or threatened cyberattack within the past two years.

Extortion was described as demanding payment to appease attackers that say "hey, I can make the lights go out."

The study showed cyber-extortion to be most common in India, Saudi Arabia/Middle East, China and France.

China registered highest in infrastructure cyber-security while Italy, Spain and India were at the low end of the spectrum, according to the study.

"As long as major governments desire unimpeded operational freedom in cyberspace, it will continue to be the Wild West," researchers said.

"In the meantime, the owners and operators of the critical infrastructure which makes up this new battleground will continue to get caught in the cross-fire and may indeed need what amounts to their own ballistic missile defense."

Google row threatens China web development: analysts

BEIJING (AFP) – The row between Google and China is damaging for the development of the Internet in the country and it would be a major blow to the world's biggest online market if the US firm were to leave, experts say.

Both sides have much to lose if the dispute over cyberattacks which Google said were launched from China and state censorship is not resolved, they say, while warning that finding the acceptable middle ground will not be easy.

"If Google does decide to withdraw from China, it will have a considerable negative impact on China's search engine market," currently dominated by home-grown provider Baidu, said Li Zhi, an analyst at Analysys International.

"Competition is the main driver for any market's healthy development," Li said.

Baidu's share of the search engine market stood at 58.4 percent in the fourth quarter of 2009, ahead of Google at 35.6 percent, according to figures from Analysys.

Ted Dean, managing director of telecom and technology consultancy firm BDA, agreed, saying "in any market, competition is a good thing."

"If you end up with one dominant player in the industry, the victim will be the Chinese consumer and innovation," he told AFP.

Google has threatened to abandon its Chinese-language search engine google.cn, and perhaps end all operations in the country, following the hack attacks it says targeted the email accounts of Chinese human rights activists. Related article: The cyber arms race

It has also said it is no longer willing to bow to Beijing's army of Internet censors -- and will stop filtering search results soon, a move China says would violate its laws.

US and Chinese officials have discussed the issue at length, with US Secretary of State Hillary Clinton qualifying her latest talks with Chinese Foreign Minister Yang Jiechi as "open and candid." Related article: Clinton candid on Google talks

"They have to come to some sort of compromise," said Francis Cheung, an analyst with Credit Lyonnais Securities Asia in Hong Kong.

"I think the potential for China's Internet is huge and Google can do well as they have a leading-edge technology, are pretty popular and are gaining market share."

But Cheung admitted winning concessions from Beijing would be difficult, especially on the censorship issue.

"I don't think Google wants to leave China but they want to stay on their own terms," he said.

"I don't think any government will negotiate laws, especially with an individual company."

Lu Bowang, managing partner with China IntelliConsulting Corp, agreed, saying one possible outcome is for Google to abandon google.cn but maintain a research institute and its business in Android-powered mobile phones.

"The Chinese government would save face because people would think Google is withdrawing from China for commercial reasons -- that would be a convenient understanding," Lu said.

Whether it stays or goes, Google will find it tough to operate in China, said Shaun Rein, managing director of China Market Research in Shanghai.

If they axe google.cn, "they could still have research and development in China but the government won't make it easy for them and why would the top engineers want to work for them?" Rein said.

"If they stay in China with the search engine, a lot of companies won't want to do digital marketing with them because you can't launch a campaign and expect to get a certain number of hits when Google might threaten to go out again."

Despite the hurdles facing both sides, analysts said it was too early to write off Google in China.

"I think there are enough moving pieces that the end result that there isn't a Chinese-language Google search in China is not pre-ordained," said Dean.

"We are still watching the cards being played."

A spokeswoman for Google declined to comment on its plans for China.

Amazon 4Q profit climbs 71 pct on strong holidays

SAN FRANCISCO – Amazon.com Inc.'s fourth-quarter earnings skyrocketed 71 percent, as shoppers spent more than ever during a holiday season that improved over the previous year for retailers on and off the Web.

Despite the sluggish economy, Amazon did well throughout the year, drawing shoppers with its Kindle e-reader and deals on an immense selection of goods ranging from alarm clocks to stuffed zebras.

Amazon reported Thursday that this behavior carried through the holiday season, which is typically the busiest time of the year for retailers. And Amazon doesn't expect growth to slow: The company predicted first-quarter revenue that exceeds analyst expectations.

Amazon said it earned $384 million, or 85 cents per share, in the October-December period. That compares with $225 million, or 52 cents per share, in the year-ago quarter, which included a holiday season that Amazon had described then as its "best ever," only to be surpassed by the 2009 holidays.

Revenue rose 42 percent to $9.52 billion. That includes a $200 million contribution from online shoe and apparel store Zappos, which Amazon bought late last year.

The results blasted past estimates of analysts polled by Thomson Reuters, who expected earnings of 72 cents per share on $9.04 billion in revenue.

Amazon forecast revenue of $6.45 billion to $7 billion in the current quarter, an increase of 32 percent to 43 percent; analysts had been looking for $6.36 billion, on average.

Revenue from books, CDs, DVDs and other media climbed 29 percent to $4.68 billion. Electronics and other "general merchandise" revenue rose nearly 60 percent to $4.61 billion. Revenue increased 37 percent in North America and nearly 49 percent elsewhere.

Speaking to analysts during a conference call, Chief Operating Officer Tom Szkutak said there are still plenty of product categories and geographic markets that Amazon could enter.

Dan Geiman, an analyst with McAdams Wright Ragen, said the quarter was "extremely strong" and Amazon's results suggest it took some share of the online retail market from competitors.

"It's just huge growth, given that consumers are still under quite a bit of pressure," he said. "The economy still isn't that great."

As in the past, Amazon did not say how many Kindles it has sold so far, though Amazon CEO Jeff Bezos said in a statement that "millions" of people now own the electronic-book reader.

He also said that it is selling six Kindle books for every 10 physical copies for the titles available in both formats.

Amazon had previously said it reached a Kindle milestone on Christmas Day, when it sold more copies of e-books than physical copies for the first time.

The Seattle-based company is encountering more competition from a growing number of e-reader competitors, though, including Apple Inc., which announced its tablet-style multimedia player, the iPad, on Wednesday.

In hopes of staying ahead of the pack, Amazon cut the Kindle's price yet again during the quarter, slicing $40 to $259.

Barnes & Noble has come out with its $259 Nook, and Sony Corp. has stayed in the game with its Readers, with an entry-level model at $200. Apple's iPad will start at $499 when it comes out in two months.

For the full year, Amazon earned $902 million, or $2.04 per share, on $24.5 billion in revenue.

Amazon also said its board authorized it to buy back up to $2 billion in common stock under a plan that doesn't have a set expiration date.

Shares in Amazon rose $3.08, or 2.5 percent, in after-hours trading. The stock finished regular trading earlier at $126.03, up $3.28, or 2.7 percent.

Shiny gadget, icky name: iPad jokes fly on Web

SAN JOSE, Calif. – You have to wonder whether there were any women in the room when the marketing geniuses at Apple

decided to call the company's new gadget the "iPad." Because the jokes about feminine hygiene products are flying.

"Will women send their husbands to the Apple store to buy iPads?" went one joke on Twitter. And a "MadTV" comedy sketch from several years ago about an electronic sanitary napkin called the iPad went viral on YouTube.

So how did the company come up with the product name? And how could Apple have set itself up for such obvious punch lines?

Apple, a company notoriously secret about its product development process, declined to comment about the name or how many women were involved in the launch. Three Apple execs — all men — introduced the iPad at its unveiling in San Francisco.

But brand experts said the name's not so bad.

"It fits with what Apple's been doing consistently. They take literal words that exist and stick an 'i' in front of it. And it works for them. It's not offensive despite the silly jokes," said Tye Heckler, a vice president at Seattle-based Hecker Associates, which is responsible for the store names Cinnabon, Panera and Starbucks.

Ira Kalb, associate director of the Center for Global Innovation at the University of Southern California's business school, said: "Unless you've been under a rock, you know this is an Apple product just by the 'i' in front, and you know what it does by what `pad' connotes."

Kalb said the jokes are probably good for Apple — more buzz — and will eventually pass.

He said other names floated for the product — iTab, iSlate or iTablet — would have been far worse. ITablet has too many syllables. ISlate is too ancient. ITab is too confusing.

"Apple is all about innovation and ease of use. Those names just don't go with that," he said.

According to the Patent and Trademark Office database, more than 20 people or companies have tried to trademark "ipad," "ipads" or "ipads.com" over the years, for such things as vaccines, stationery, makeup remover, bra padding and a host of electronics.

If the iPad sells, it won't be the first time a company has been mocked for its name, only to have the product fly off the shelves.

Nintendo was swamped with potty-training jokes after it announced its new game console: Wii.

Microsoft fiscal 2Q earns up 60 pct on PC rebound

SEATTLE – Microsoft Corp. said Thursday its earnings in the most recent quarter jumped 60 percent, as a rebound in the personal computer industry drove sales of the company's latest Windows operating system.

But results in Microsoft's other divisions show that while consumers have resumed spending on new PCs, big corporations have not.

Microsoft said the division that makes Office software and other business programs, the company's other cash cow, saw revenue slip 3 percent. Revenue from its typically fast-growing server software group edged up just 2 percent. In both cases, Microsoft blamed the ongoing lull in corporate spending on technology.

The software maker's results match PC analyst reports attributing growth over the holidays to consumer interest in inexpensive laptops and their smaller, less powerful cousin, the netbook. Intel Corp., the top maker of microprocessors for computers, also reported strong sales in consumer segments but ongoing weakness in business PCs.

Microsoft said it expects corporations to start spending on technology this year, but that the increase from the current lows would be gradual.

For the fiscal second quarter, which ended Dec. 31, Microsoft said its net income rose to $6.7 billion, or 74 cents per share, from $4.17 billion, or 47 cents per share, in the same period last year.

That exceeded the 59 cents per share Wall Street was expecting, according to a Thomson Reuters poll.

Revenue increased 14 percent to $19 billion in the year-ago quarter, ahead of analysts' average forecast of $17.8 billion.

In the Windows division, revenue leapt 70 percent and net income nearly doubled to $5.4 billion. The latest version of Windows, called Windows 7, was released in October, but in the months before the launch, Microsoft gave new PC buyers the right to upgrade to Windows 7 later. The second-quarter results included $1.7 billion in deferred revenue for Windows sales made during earlier quarters but not recorded until the launch.

Beyond the boost from deferred revenue, the Windows division did far better than analysts had predicted. One big reason is that more people than expected went out to stores to buy boxed copies of the new operating system to install on older computers.

"I would say it was a great quarter," said Sid Parakh, an analyst for McAdams Wright Ragen.

Microsoft is expected to release a new version of Office this year, which helps explain the lack of growth in the company's business software division. The company also faces increasing competition from Google Inc.'s Web-based word processing, spreadsheet and other software.

Microsoft continues to pour money into its Web search and advertising operations as it attempts to close the gap with market leader Google. The software maker said that division widened its loss in the quarter, hurt by declines in display advertising revenue.

The software maker didn't give revenue or earnings guidance for the current quarter or the full fiscal year.

Even though Redmond-based Microsoft beat Wall Street's forecast, shares edged up just 4 cents to $29.20 in extended trading Thursday after the release of results. Earlier, the stock closed down 51 cents, or 1.7 percent, at $29.16.

Man admits largest credit card hack in history

A Florida man has admitted hacking into corporate computer networks as part of the largest credit card theft in US history.

Albert Gonzalez of Miami pleaded guilty in US District Court in Boston to two counts of conspiracy to gain unauthorised access to payment card networks.

According to AFP, Gonzalez and two unidentified Russian co-conspirators stole over 130 million credit and debit card numbers from more than 250 financial institutions.

Gonzalez also allegedly leased servers to other cyber-criminals who used the systems to store malware and launch attacks against their victims. He has already admitted to charges in two other hacking cases.

Reportedly facing between 17 and 25 years' in prison for his role in the crimes.

New internet piracy law comes into effect in France

The first effects of France's new law against internet piracy will begin to be felt as the new year begins.

The law was passed after a long struggle in parliament, and in the teeth of bitter opposition from groups opposed to internet restrictions.

Illegal downloaders will be sent a warning e-mail, then a letter if they continue, and finally must appear before a judge if they offend again.

The judge can impose a fine, or suspend their access to the internet.

The Creation and Internet Bill set up a new state agency - the Higher Authority for the Distribution of Works and the Protection of Copyright on the Internet (Hadopi).

Google Removes Aboriginal Flag from Doodle After Copyright Claim

Google sure loves its doodles, the graphics it uses to replace the logo on the homepage on special occasions. It ran 12 different doodles since the start of the year, mostly on local versions of the search engine, and you'd think that there couldn't possibly be anything controversial with the cutesy drawings. That is, unless copyright gets in the way as it did in the most recent doodle Google ran in Australia. The doodle was the winner of the Doodle 4 Google competition, but the version that ended up on the site was different than the one that actually won. What was missing was the Aboriginal flag.

The original doodle, submitted by Jessie, an 11-year old student at Rydalmere East Public School, featured some of Australia's unique wildlife, like the kangaroo, koala and emu, but also the rather modern Aboriginal flag. The problem is, the flag's creator Harold Thomas owns the copyright to it and was more than happy to let Google use it on the Australian homepage, for a price.

Think about this for a second, we're talking about a flag here, created, as the author claims, as "a symbol of unity and national identity for Aboriginal people." As Techdirt rightfully asks "who copyrights a flag?" and "do we need more incentives to create new flags?" After all, that's the intended purpose of any copyright law, or at least part of it, to foster innovation, competition and fair trade.

In any case, when Google contacted the author to get his permission to use the flag in the doodle, he says he was offended by the lack of respect the company showed, as it assumed that it would be able to use it for free. This was definitely not the case as, even though he allows health, education, legal and other organizations that help Aboriginal people use the flag for free, he charges for any commercial use.

With the negotiations off to bad start, Google figured it would be better off removing the flag from the doodle which it did. Obviously, this was a great benefit to the Aboriginal people and its culture as it spared it the disrespect of having its flag displayed on the largest search engine in the world and in Australia, a country otherwise known for its progressive attitude towards internet freedoms. Another great victory for copyright holders everywhere. [via Sydney Morning Herald]

Google quickly gaining on Microsoft in lobbying spending

Please see this disclosure related to me and Google.

While Microsoft has needed all the help it could hire in Washington, D.C., after its antitrust debacle many years ago, Google is quickly catching up to it as a tech power to be reckoned with in the nation's capital.

According to the most recent public reports filed by Google with the Senate on its lobbying spending there, the search giant has significantly increased its outlay in 2009 from the previous two years.

In 2007--as you can see from the table below--Google spent a total of $1.52 million, which rose to $2.84 million in 2008.

And the 2009 total? Just over $4 million, according to the Lobbying Disclosure Act Database.

That's probably no surprise given the ever-growing range of issues of concern to U.S. regulators due to Google's increasing number of deals and because of many new and often controversial initiatives the company is forging forward with.

From pushing for approval of its DoubleClick acquisition in 2007 to its failed attempt to strike a search and online partnership with Yahoo in 2008 to last year's wrangling with book publishers to 2010's expected tussle over its $750 million purchase of mobile advertising start-up AdMob, Google's presence in D.C. is only going to rise as its ambitions expand.

In the fourth quarter of 2009--according to its report, which you can read in its entirety below--Google spent $1.12 million lobbying the House and Senate, as well as the Federal Trade Commission and other government agencies, on topics such as "privacy and competition issues" related to online advertising, copyright laws and its book search settlement.

And this does not take into account Google's spending in states across the country, as well as globally.

Interestingly, Microsoft's reported lobbying spending in D.C.--which the software giant has been doing for much longer, with an even more complicated presence (can you say: consent decree?)--has declined in that same period, although it remains larger than Google's.

In 2007, Microsoft spent $9 million, which fell slightly in 2008 to $8.9 million, before dropping to $6.72 million in 2009.

In the fourth quarter of 2009--according to its report, which you can also read in its entirety below--Microsoft spent $1.69 million buttonholing an alphabet soup of federal agencies and pols in the House and Senate on an even wider variety of issues than Google, including open government, visas, tax reform, free trade and, of course, "competition in the online advertising and software markets."

Translation: Google-bashing in D.C.!

But now, it seems that Google's ever-deeper lobbying wallet means turnabout is fair play.

As the stakes rise, check out Google's and Microsoft's most recent quarterly filings below:

Google

goog lobbying _ -

Microsoft
msft lobbying _ -

Wireless PS3 Portable, a Mod to Remember

When you hear the word “mod,” you instinctively start imagining something something original and creative that will make your jaw drop or maybe not impress you at all because the theme chosen by the modder is simply not one of your favorites. Now, this mod right here is not at all one of those mentioned above, even though it is very creative and original. Actually, it is a practical mod. The PS3 gamer's dream, for short.

that will also show images on its own LCD screen. Hmm... can you imagine having multiple mods like this one? Let's face it, the SSD version of the PS3 is not actually that portable and it does require its own TV screen. All those problems don't exist with the Wireless PS3 Portable.

Modder BronckartN has made his very own portable PS3. Very well built, games do not lag on this man-made machine and it syncs immediately with the PS3. Whether Sony feels the slap or not, or as BronckartN thinks, Microsoft will inspire itself to do this kind of gaming gadget for the Xbox 360, I do not know. What I do see is a very simple, much needed and portable device that can be manufactured at home. With the right skills, of course.

No documentation whatsoever, about the building process, is present on the modder's blog. But I am sure that the big producers could easily produce it. He only says that it uses the same technology that a regular PS3 wireless controller uses. This kind of gadgets should not be kept away form gamer's hands. Instead of making the PS3 Slim, perhaps it would have been easier to manufacture something like this.

Report: Companies unprepared for cybercrime

Many organizations are focused on stopping random hackers and blocking pornography when they should be concerned with bigger threats from professional cybercriminals, according to a new cybersecurity report.

A new Deloitte report offers insight into organizations' perceptions on cyber incidents.

(Credit: Deloitte)

In a survey conducted last year of 523 IT and security managers, top-level executives, and law enforcement personnel, hackers were rated the biggest threat, followed by insiders and foreign entities--probably because hackers are the "noisiest and easiest to detect," the 2010 CyberSecurity Watch Survey concluded.

However, attackers from nation-states and organized crime syndicates use more sophisticated techniques that can do more economic damage and go undiscovered, said the report, sponsored by Deloitte and conducted in collaboration with CSO Magazine, the U.S. Secret Service, and the CERT Coordination Center at Carnegie Mellon.

The report, which was released Friday, did not discuss who the hackers are exactly or whether they may be working for organized criminals or foreign governments.

"Our view is that the growth of the threat of cyber crime has outpaced that of other cyber security threats...cyber crime constitutes a significantly more common and larger threat than respondents recognize," the report said. "Indeed, driven by the prospect of significant profits, cyber crime innovation and techniques have outpaced traditional security models and many current signature-based detection technologies."

Throwing money at the problem isn't always the best idea, the report concluded. Nearly half of the respondents said they spent a significant amount on IT security last year, $100,000 or more, but many organizations at the same time "neglect simple, inexpensive measures such as patch management, log analysis, privilege restrictions, password expiration, and termination of former employees' access through a robust de-provisioning process," the report said.

The study also found a "likely nexus" between cybercrime and threats like terrorism, industrial espionage, and foreign intelligence services.

FCC asks Google, carriers about termination fees

The Federal Communications Commission is asking all four major U.S. cell phone operators and Google to explain their early termination fee policies and how they communicate these to customers.

FCC Consumer and Governmental Affairs Bureau Chief Joel Gurin and Wireless Telecommunications Bureau Chief Ruth Milkman sent letters (PDF) on Tuesday to AT&T, Verizon Wireless, Sprint Nextel, T-Mobile USA, and Google asking them to detail how they inform customers of their fees in statements on corporate Web sites, in brochures and sales scripts, and in monthly bills.

In their letter to Google, they said the FCC welcomes new devices, such as the Nexus One, because it offers consumers more choice. But they expressed concern over Google's $350 fee charged to customers who cancel their service for the phone in the first 120 days if they purchase it with a two-year service contract from T-Mobile. This fee from Google is on top of any early termination fee, or ETF, charged by T-Mobile.

The phone costs $179 with a two-year contract from T-Mobile. And it's $529 without a contract.

"The combination of ETFs from Google and T-Mobile for the Nexus One is also unique among the four major national carriers," the FCC representatives said in their letter to Google. "Consumers have been surprised by this policy and by its financial impact."

Carriers say that ETFs are necessary to cover the cost of subsidizing phones. Critics say they simply stifles competition and are used to generate revenue. Several class action lawsuits have been filed over the issue. And Congress and the FCC have looked into the issue. Operators have responded to the pressure. And today every major wireless carrier in the U.S. prorates its ETF so that the fees decrease over the life of the contract. Operators are also now offering cell phone subscribers the option to buy phones without a subsidy and no ETF.

Wireless operators have already settled several of the class action lawsuits. In a separate notice Tuesday, AT&T via e-mail informed its customers that it had settled a class action case in the U.S. District Court for the District of New Jersey. A settlement has been reached for a class of customers who were charged a flat-rate ETF from January 1, 1998 through November 4, 2009, or to customers whose contract included a flat-rate ETF provision at any time after January 1, 1998.

In November, Verizon Wireless announced it was increasing its $175 early termination fee to a whopping $350 for "advanced devices," such as smartphones. And in early December, the FCC sent a letter to Verizon asking the company to explain why the new fee is necessary and how it will be implemented. Verizon has provided some preliminary answers. The FCC hasn't made any official comments on Verizon's answers, but early indications suggest the FCC isn't satisfied with Verizon's initial answers.

"Verizon's response to the FCC [on early termination fees] has raised more questions than it has answered," FCC chairman Julius Genachowski said last week during a press briefing at the 2010 CES trade show in Las Vegas. "What strikes me is that there is a very real level of consumer confusion around these fees."

AT&T said in a statement that it "welcomes the opportunity to explain to the FCC all the choices available to consumers." And CTIA, the trade association that represents the wireless industry, said it "agrees with the FCC that transparency and disclosure is very critical and that consumers must understand the terms of their contract."

But the group defended early termination fees as "part of the rate and rate structure that allows wireless carriers to, among other things, subsidize phone purchases."

The wireless companies and Google have until February 23 to respond to the inquiry. Google representatives were not immediately available for comment.

Is there an eco-angle to an Apple tablet?

Regardless of whether we see a gorgeous tablet from Apple on Wednesday, there is a clear trend toward using electronic devices to read what has traditionally been printed media. From an environmental point of view, that shift is a mixed bag, depending as much on user behavior as on technology.

The endlessly speculated about tablet from Apple could finally arrive on Wednesday.

According to reports, Apple will show off a tablet PC that can be used with a docking station or an electronic reader.

Displacing printing media with an electronic device like the Amazon Kindle can reduce the amount of energy associated with cutting down trees and making physical periodicals and books, according to some studies.

But without electronics recycling, the environmental footprint is not good. After all, tossing an old newspaper into the recycling bin is a lot easier and common than recycling electronics, for which the U.S. rate is estimated at about 10 percent.

As with many environmental questions, the more you ask, the more complicated it becomes. But here are some considerations:

Who makes the box?
Apple has caught heat from watchdog groups in the past, but its current products are state of the art, when it comes to energy efficiency and materials. In its latest products, Apple has phased out the use of PVC plastic and hazardous brominated flame retardants, so it would be surprising if it didn't continue this policy with new hardware.

The cryptic Apple event invitation.

Presumably, people will be running their Apple tablets off the batteries more than a laptop or desktop PC. Batteries will, of course, degrade and need to be replaced after a few years. Apple says its laptop batteries last longer than others, and it offers a take-back program to replace batteries, so it gets high marks from environmental groups on that score.

On the other hand, after a few years, many people are likely to buy something new, rather than send in a device to upgrade the batteries, which ultimately creates more e-waste.

Pixels versus paper.
Intuitively, it seems that reducing paper by using an electronic device will consume less energy than harvesting trees, processing pulp, printing newspaper, and delivering it to your doorstep. But making a blanket conclusion about energy use through electronic communication is not easy.

The Center for Sustainable Communications in Stockholm, Sweden, conducted a study concluding that reading a newspaper on a PC for 30 minutes results in about the same carbon dioxide emissions as a printed newspaper. (Click for PDF of study.) And as a device that's smaller than a PC, the rumored Apple tablet should consume less energy.

Paper company International Paper goes even further to point out that the paper-and-pulp industry uses resources (trees) that can be managed sustainably, and recycling rates are far higher in the paper industry than electronics.

Energy intensity
The efficiency of any tablet or e-reader is certainly worth a comparison with laptops and similarly sized devices. Amazon's Kindle, for example, uses E Ink technology, which is significantly more power-efficient than an LCD screen, for example.

But looking at how much energy a device consumes when in the hands of the end user isn't the full story, notes Casey Harrell, a coordinator for Greenpeace's global electronics campaign. About half of the energy "embedded" in an electronics product comes from the supply chain of companies that supply Apple or other manufacturers, he said.

What's more, as more and more smartphones and tablets are released, the energy consumption shifts toward data centers to which those gadgets connect. "A tablet can certainly mark a decrease in the environmental footprint versus traditional printing, but the big question is, what energy is powering these data centers in the cloud?" Harrell said.

How the gadget is used.
Apple may make an item worth keeping for five years--a long time in the frenzied pace of consumer electronics. But if the buyer replaces it within a year, then that also adds to the e-waste stream. The same is true if customers don't take advantage of recycling services.

Overall, an Apple tablet, or the host of electronic readers expected this year, can bring many benefits of digitized content and even change how we read, day to day. Whether it brings a net environmental benefit, though, has more to do with the owner than the device.

Sharp idea: Olympic stadium from recycled knives

The suspense of the 2012 Olympics in London will have spectators sitting on pins and needles--and knives. Well, in a manner of speaking. Turns out the main Olympic stadium in East London's Stratford will contain guns and knives confiscated by the Metropolitan Police Service.

A designer rendering of the main 2012 Olympic stadium in London. Forget turning swords into plowshares. Designers are turning guns into a giant sports venue.

(Credit: Populous)

The service said it collected more than 52 tons of scrap metal from guns, knives, and old keys in the last fiscal year. Some was melted down and used in bridges, buildings, cars, and trains, and some will be recycled and used to construct the Olympic structure.

The repurposed weapons add to the eco-friendly focus being pursued by designer Populous (formerly HOK Sport). It says it will utilize a range of sustainable materials for the project, possibly including hemp.

We're really liking the Olympics' emphasis on recycling. Medalists at the Vancouver 2010 Olympic and Paralympic Winter Games will get gold, silver, and bronze medals containing metal from recycled TVs, computers, and keyboards that might have otherwise ended up as e-waste.

CNET's Ina Fried will be in Vancouver covering the technology behind the games and more, so stay tuned for lots from up north in coming weeks.

U.S. wind power capacity up in 2009

WASHINGTON--U.S. wind power capacity soared 39 percent last year but job growth stalled as uncertainty about renewable-energy policies and the recession slowed manufacturing, an industry group said.

The combined power-generating capacity of new U.S. wind turbines installed last year hit more than 9,900 megawatts, up from a gain of over 8,400 MW in the previous year. Total capacity hit more than 35,000 MW, or about enough to power 9.7 million homes, the American Wind Energy Association said.

Total U.S. jobs associated with wind energy, stalled at 85,000, about flat from the previous year as the recession took a toll on manufacturing. In 2008, job growth surged as the sector added 35,000 positions.

Denise Bode, chief executive of AWEA, said jobs stalled because of tight financing and uncertainty about wind power incentives, including long-term tax credits and a national mandate for renewable energy.

She said President Barack Obama's recovery act that set aside billions of dollars for renewable energy helped prevent job losses. Some 1,500 to 2,000 jobs were lost in wind power manufacturing, but those jobs were made up for with gains in construction and maintenance at wind power farms, she said.

AWEA wants Congress to pass national mandates for generating renewable power, which are expected to be included in a compromise climate bill to be considered by the Senate this year.

"We are trying to convince European wind manufacturers to invest in the United States but first they want to know what policies will be in place," said Bode.

The United States overtook Germany in 2008 as the world's top wind power generator. But China, which unlike the United States, has set national clean-energy targets, may take the top spot for 2009 when the results are finalized.

"We are in a foot race with the Chinese who are providing more and more incentives and mandates for the industry," said Bode.

Texas led the country in added wind capacity last year with nearly 2,300 MW, followed by Indiana with 905 MW and Iowa with 879 MW. The gains came despite billionaire oil tycoon T. Boone Pickens' announcement last summer that he would postpone construction of a huge wind farm in Texas.

Wind accounted for about 6 percent of the electricity produced last year in Texas, according to the state.

Wind power generated only about 1 percent of power supply for the entire country last year.

Bode said if the country adopted national renewable-electricity mandates investors would put more money into building transmission lines to carry more wind from the gusty center of the country to cities with high power demand.

HTC expecting sales turnaround with new lineup

After struggling throughout 2009, mobile phone maker HTC is eyeing an upturn in sales this year, though profit margins are still likely to be down.

Earlier this month, HTC announced a 31 percent drop in fourth quarter 2009 earnings to 5.6 billion Taiwan dollars ($175 million) from 8 billion ($250 million) in 2008's final quarter. Sales fell 13.2 percent to 41 billion Taiwan dollars ($1.28 billion) from 47.3 billion ($1.48 billion) the same quarter in 2008. Results were reportedly hurt by heavy spending on marketing as HTC aggressively tried to promote itself and its smartphones in both the U.S. and Europe.

Google's Nexus One

(Credit: HTC)

In a conference call with analysts on Tuesday, HTC took a more optimistic tone for 2010. For the first quarter of 2010, HTC is looking for sales to rise around 7 percent from last year's first quarter, reaching between 32 billion and 34 billion Taiwan dollars ($997 million to $1 billion). Revenues will likely be volatile and bottom out in February as older products transition to new ones. But as the new smartphones take off, sales should gain momentum in March.

Though sales may bounce back this year, HTC acknowledged that its profit margins would be lower than in 2009 as it launches an array of new phones and tries to beat the competition on price.

The company touted its partnership with Google in co-designing the new Nexus One, anticipating that the new smartphone will create buzz and drive growth for HTC and the Android platform. But at the same time, HTC remains firmly in the Microsoft camp by aggressively supporting and promoting Windows Mobile. The company is hoping both platforms together will strengthen its presence and sales in the sluggish European market.

HTC's HD2

(Credit: HTC)

To boost overall revenue this year, HTC is hoping for robust sales from a variety of new smartphones. High on the list of expectations is HTC's new HD2 smartphone, scheduled to be released for the U.S. market by T-Mobile this spring. Running Windows Mobile, the HD2 will be HTC's first Windows Mobile phone to offer the Sense user interface, a touch screen that can be customized according to user preferences. The interface has already surfaced on HTC's Android-based Hero phone.

FeedDemon update takes cues from Google

When FeedDemon updated to version 3, it stepped in a snarling nest of controversy because the popular RSS and Atom feed catcher was abandoning its online synchronization Web site in favor of Google Reader. The new FeedDemon 3.1 is a good effort to move beyond that, introducing new multiple new features that mostly bring it into parity with Google Reader.

FeedDemon 3.1's new content filter for automatically marking items as read.

(Credit: FeedDemon)

The two biggest new features include on-the-fly item translation via a translate button on the individual item toolbar. If the item is in a feed that you synchronize with Google Reader, the translation will occur in-line. If the feed isn't synced, then FeedDemon will open up a Reader page. There's also a new content filter that lets users create filters to automatically certain kinds of incoming items as read. For people who subscribe to tens or hundreds of feeds, this can potentially be a major time-saver.

There's a new "Shared by people I follow" option under Shared Items, which syncs shared Google Reader items. FeedDemon goes a step further and adds in a social component to find people to share with. You could type in "politicians in San Francisco" and, theoretically, get Mayor Gavin Newsom. Users can also now customize by feed the icons that appear on the item toolbar, and this includes adding a Google Reader-style "like" icon. It's not enabled by default.

The list of short URL previews that are supported has been expanded to include goo.gl, youtu.be, fb.me, flic.kr, ow.ly and clicky.me, and the Send To option now includes Twitter.

The official release notes indicate performance enhancements, but my experience with version 3.1 was that there was still plenty of room for improvement. Even 3GB of RAM didn't prevent occasional program hang-ups. However, FeedDemon creator Nick Bradbury pointed out that the database can be massaged into being quicker by regular compacting. This can be accessed under File, then Manage Cache, then Compact, but it's a cumbersome thing to have to do semi-regularly and without a scheduler.