We are expanding our beta testing, so you may be seeing the new site when you come to any of the CNET sites (News, Reviews, Downloads, CNET TV).
It’s a work in progress–if you land on the new pages, give us some feedback (fill out the brief feedback form linked at the top of the pages).
As I wrote in a post in June, we are updating our look and feel after nearly 13 years of variations on neon yellow and green.
Federal regulators have said it would be too expensive for them to create a list themselves, arguing that “the government must engage in an extensive legal analysis to determine whether the gambling Web site is used, at least in part, to place, receive or otherwise knowingly transmit unlawful bets or wagers” and that due process safeguards “would result in considerable added costs.”
At the very least, Williams said, the U.S. government should provide a list of names of Internet gambling businesses that can be identified and blocked–something that regulators are unwilling to do. (One model that’s been suggested is the Treasury Department’s list of “specially designated” people and organizations subject to economic sanctions.)
Given that financial institutions process nearly 100 billion payments a year, according to Federal Reserve data, and given that other governments won’t necessarily be cooperating, identifying which payments are gambling-related is no trivial task.
Rep. Barney Frank, the Democratic chairman of the full House Financial Services Committee, used the chance to talk up his bill that would effectively legalize–but closely regulate, including with criminal background checks and financial disclosure–the online gambling industry. (Here’s our audio interview with him last year.”)
“Consumers will be placed at risk of having lawful transactions blocked,” said Rep. Luis Gutierrez, D-Ill., chairman of the House monetary policy and technology subcommittee. “It is easy to see how these regulations, if implemented in their current form, could wreak havoc on electronic commerce in the U.S.”
Adding to the complexity is that horse racing was explicitly exempted from monitoring in the 2006 bill, although it’s unclear whether betting itself is legal. The Justice Department thinks it can be prosecuted under the the Wire Communications Act, but the Fifth Circuit has indicated that the statute doesn’t apply to a game of chance.
Frank was one of the few people to raise that point on Wednesday, telling the financial representatives on the panel that there was “a conflict between the obligation imposed on you by the act…and the privacy expectations of your customers.”
Online betting is perfectly legal and government-regulated in many areas of the world: PokerStars is licensed by the U.K.’s Island of Man; Bodog Entertainment is a betting company headquartered in Antigua; so is the World Sports Exchange. Other European Union nations also license Net-gambling firms.
The criticism came at a congressional hearing on Wednesday devoted to the Unlawful Internet Gambling Enforcement Act, enacted in 2006 by a Republican Congress after pressure from social conservatives. The Federal Reserve and the Treasury Department published draft regulations last fall–which financial institutions say will disrupt perfectly legal transactions unless dramatic changes are made before the rules take effect.
Rep. Ron Paul, the libertarian-minded Republican presidential candidate, criticizes Net-gambling restrictions on Wednesday, saying ‘people should make their own decisions.’
Rep. Ron Paul, the libertarian-minded Republican candidate for president, said that could lead to more Internet regulation: “Though I do not endorse gambling per se, people should make their own decisions. It’s a personal choice. I’ve always been concerned about this type of regulation and legislation–it’s likely to open the door (to control and regulation) of the Internet itself.”
Another unusual aspect is that the draft regulations from the Federal Reserve and the Treasury Department require “monitoring of Web sites” related to gambling–based on the premise that credit card companies and banks can identify if their payment systems are being used.
In the Treasury Department and Federal Reserve’s 52-page draft regulations, the word “identify” appears 61 times and “monitor” appears 18 times. “Privacy” appears not once.
“There is a risk that financial institutions would misclassify a payment as illegal and thus be exposed to liability,” said Williams, from the Financial Services Roundtable. “We also believe that ‘monitoring of websites’…is inappropriate to include in a financial institution’s monitoring activity.”
(Credit:
U.S. House of Representatives)
No consensus
The difficulty with the law’s approach is that, while banks cooperate internationally to identify terrorist-related funds and drug-related money laundering, there’s zero consensus on Internet gambling transactions.
The 2006 law forces banks and other financial intermediaries to police money flows that could be related to Internet gambling. It never received a formal up or down vote in the entire Congress; instead, Republican congressional leaders simply glued it on to an unrelated port security bill that was approved nearly unanimously.
Banks, credit card companies, and some Democratic members of Congress are predicting that forthcoming restrictions on Internet gambling will ensnare innocent customers and threaten the viability of e-commerce.
The U.S. government’s “decision not to fully define unlawful Internet gambling places our members in a very difficult position,” said Leigh Williams on behalf of the Financial Services Roundtable, which counts Visa, Mastercard, Bank of America, Wells Fargo, and other banks as members. “They cannot know if a transaction is restricted unless they have in hand specifics of the transaction that in almost all instances they will not have.”
Xen’s open-source standard for virtualization is gaining traction as cloud computing takes off, but despite claims by some companies that their Xen hypervisors outperform others, Simon Crosby, chief technology officer of Citrix, which acquired XenSource, had this advice during his keynote speech at LinuxWorld on Thursday: don’t believe it.
“Xen is everywhere in the clouds that I visit,” said Crosby.
Despite competition from other forms of virtualization software, Crosby finds the use of Xen is growing. The Yankee Group, for example, estimates that 17 percent of the enterprise server market uses Xen, but Crosby estimates it may be more.
And even within Xen, some competition exists, given its base bits change, resulting in different features depending upon when a snapshot was taken and built into a product. And another differentiator comes from the management tools that take advantage of the virtualization, such as tools that create new virtual machines to ones that monitor the machines if they become overburdened.
Xen has yet to reach Zen.
Noted Crosby: “hypervisors are free…the next challenge is getting them ubiquitous.”
“To say my Xen is better than your Xen is utter nonsense,” Crosby quipped.
Crosby’s Xen evangelism comes as the industry faces growing competition from the likes of Red Hat and others that have begun touting KVM over Xen as their virtualization software.
Nonetheless, challenges remain for Xen, such as virtual machines still tend to be tied to a specific hypervisor vendor and version, in addition, the technology is not verifiably secure.
Xen, for example, is finding its way into laptops, as it addresses legacy workload issues, Crosby noted.
But while Xen, like its other virtualization offerings from VMware and Microsoft, are designed to allow a computers to operate multiple operating systems simultaneously to shift work demands among servers in an adaptable data center, the technology, while important, remains in flux.
Xen has a development community to rally behind the virtualization technology and drive improvements and its integration into a range of products, other than just servers.
Congress should step up its oversight of the cyberinitiative, Kurtz said, and form a joint cybersecurity committee. He also suggested the House Intelligence Committee request briefings from the intelligence agencies about how they communicate with the private sector.
In the case of a cybersecurity breach on a critical network, intelligence agencies can be useful in dissecting and analyzing the code found to determine the threat level of the breach as well as the source. Once the enormity and source of a cyberattack is determined, the intelligence community can help the rest of the federal government weigh its response options.
A new White House program on cybersecurity, the commission says, should have clear authority over all the agencies and departments that help keep the country’s networks secure. At a hearing on Thursday, members of the commission specifically warned the House Select Committee on Intelligence against letting too much authority fall into the hands of intelligence agencies.
The federal government also needs to encourage other countries to ratify the Convention on Cybercrime, said Martha Stansell-Gamm, former chief of the Justice Department’s Computer Crime and Intellectual Property Section. The convention, she said, gives countries “the permission and capabilities to put their (cybercrime) laws to the service other countries.”
The White House has already been inexplicably secretive about its DHS-led National Cyber Security Initiative, Kurtz said. The Defense Department, FBI, Office of the Director of National Intelligence, and other departments have discussed the initiative with the CSIS commission “despite White House wishes,” he said.
It might be easy for politicians to hand over power to agencies like the CIA or NSA since they already can claim to have critical expertise needed to maintain cybersecurity. “The intelligence community has a vital supporting role,” said Paul Kurtz, a partner and COO for Good Harbor Consulting,
“It doesn’t necessarily have to be a response in cyberspace,” Kurtz said, adding that the White House could consider military action in response to a cyberattack.
Even though Homeland Security claims that cybersecurity is one of its top priorities, the department is not equipped to handle cyberthreats, says the Center for Strategic and International Studies’ Commission on Cybersecurity for the 44th Presidency, a private effort that includes representatives of the so called “intelligence community.”
“The intelligence community operates in an environment of secrecy,” she said, and “secrecy has significant costs,” such as weakening the trust the government has with the private sector and the international community.
The CSIS commission is still considering how much authority should be left to the DHS, Kurtz said, such as oversight over certain cybersecurity domains like the U.S. Computer Emergency Readiness Team.
However, cybersecurity “will fall prey to over-classification” if too much authority is given to the intelligence community, said Suzanne Spaulding, an attorney with Bingham McCutchen.
Political pressure is mounting to eliminate the U.S. Department of Homeland Security’s lead role over cybersecurity, a move that that would effectively admit the agency’s failure to adequately perform its assigned duties.
CNET’s Declan McCullagh contributed to this report
Committee Chairman Silvestre Reyes, D-Texas., said he found it interesting the White House had put the DHS in charge of the initiative in the first place. He called it “the equivalent of somebody drowning and tossing him an anchor.”
All week, members of a cybersecurity commission forming recommendations for the next administration have been telling Congress that cybersecurity requires senior level policy and program coordination from the White House.
But that invites the obvious question: Who should take over? One option would be, as we heard earlier this week, the White House itself. Another choice would be the more shadowy world of intelligence agencies such as the CIA or National Security Agency, which already is responsible for protecting government computers through its “information assurance” arm.
He suggested that Congress should implement a common authentication system for critical infrastructure networks, rather than continuing to let states maintain their own.
Tellingly, later Brami said: “For us, it was like a joke.”
Some joke! Snooping on other journalists’ passwords in the press room. Maybe they were confused about the purpose of the Wall of Sheep, which is designed to keep security professionals attending the show on their toes. But journalists aren’t, and shouldn’t be, held to that standard. The press room is seen as a safe haven for reporters and it is hosted by the show organizers who want reporters to cover the event. It’s not a “hostile” network like the event’s Wi-Fi network, where consent is implied, as Kurt Opsahl of the Electronic Frontier Foundation says.
A big mistake, a joke, or what?
Later, I called Brami to get comment for our original article on the incident and he claimed not to have known about the hacking until after it was done and that he and his colleague, Dominique Jouniot, had nothing to do with it. Brami blamed Mauro Israel, whose handle is “le netwizz” and who had accompanied he and Jouniot to the conference and was using a Global Security press badge.
Discussing the situation over dinner, I learned that while it may not exactly be a badge of honor to get hacked, the odds of it happening are higher the longer you hang out with hackers.
I grabbed the press liaison for Black Hat to explain what was going on and she told me what she had heard and that they were investigating. Vamosi and I headed down to the press room to strategize, but when I poked my head into one of the press rooms, I saw a couple of the men. I notified the Black Hat press liaison and she pulled them aside privately to talk and eventually kicked them out of the conference, convinced of their malfeasance.
Here’s what happened. I was in one of the press rooms at the Black Hat security conference trying to upload some video to the Web. It was a slow process using my Sprint wireless air card, so I decided to plug into the local area network that the conference was providing for journalists’ use.
We still aren’t certain whether CNET News traffic was compromised, or even if other reporters’ passwords were sniffed. The sniffing could have merely grabbed data from someone downloading a CNET News page. We may never know.
LAS VEGAS–I should have known it was only a matter of time.
I left for a meeting and when I came back and logged on, I saw e-mails from editors at CNET News asking if me and my two colleagues were being hacked because they had received a tip from someone that we were. Then I got sent this link to an article that shows a screen shot of what looks like usernames and password of computers used by reporters at CNET News and eWeek. Apparently, as I learned later, the editor-in-chief of TG Daily had contacted CNET News to alert us to the situation, for which we are very grateful.
I’ve been covering security conferences on and off for about 14 years and considered myself lucky not to have been hacked, that I knew of. Until Thursday.
Rendezvous at the Wall of Sheep
Vamosi and I went to talk to the guys who run the Wall of Sheep and they told us that three men had come in with a laptop, saying they had sniffed the usernames and passwords from the press room network and asked that they be posted to the Wall of Sheep. When I heard that they had French accents, I realized it was the three men sharing my table in the press room earlier.
“If you’ve been in the industry long enough, you’ve been owned at some point,” said George Kurtz, a senior vice president and general manager of McAfee’s risk and compliance business unit.
That sped things up and while I waited I checked some e-mail and read some Web sites. While this was going on I noticed three men sit down at my table and open a laptop. Speaking French, they acted excited and furtive, like they were doing something they weren’t supposed to be doing–like boys sneaking a peak at dad’s Playboy magazines.
I asked Brami why they were trying to embarrass journalists, and he denied that that was the purpose and said Israel “didn’t know the rules,” and that it was a “big mistake.” I asked him if he had been huddled around a laptop with the other two or not shortly before the news got out, and he said, yes, he had been using the press room to file stories. Then I asked him if he had not been with the others when they showed their laptop with the password evidence to the Wall of Sheep organizers. Brami said, yes, he had been there too, but he said he didn’t know what Israel was telling the Wall of Sheep organizers. “I didn’t hear what he said,” he explained. “(Israel) said it was a joke and that he didn’t think it was important.”
According to the Wall of Sheep organizers, the men justified their actions by saying that journalists should be more careful about network security, particularly covering the Olympic games in China, and they scoffed at the lax security of the supposed CNET News password. At least one of the men, Marc Brami, a director of Global Security Magazine, left a business card.
Click here for full coverage of Black Hat 2008.
And I was using a VPN every time I logged on, with a strong password, even when I was using the local area network instead of my wireless card.
I initially thought they were regular attendees just being bad by using the press room network when they weren’t supposed to. Then I noticed their press badges, but I didn’t think much more about it.
The TG Daily article says a network-sniffing tool called Cain had been used to expose the information in “journalist-on-journalist hacking” and that the organizers of the Wall of Sheep, who monitor the event’s Wi-Fi network and display exposed passwords, had declined to publicize the breach.
eWeek reporter Brian Prince then confirmed that the exposed username and password attributed to his publication had been used by him. He has since written a sweet and self-deprecating account of what happened to him.
That made me feel better, but I can’t shake the feeling of violation I have. It’s like a wind has blown my skirt up and exposed my underwear to a bunch of strangers. I guess I’ll have to get used to the risk if I stay in the business, but from now on I’m wearing overalls.
My face flushed and I’m sure I had terror in my eyes as I looked at my colleague Robert Vamosi and realized what was happening.
Meanwhile, my colleagues and I were in the other press room trying to figure out how this happened and what exactly happened. My two colleagues both use secure VPNs and are much more tech savvy than I am, so obviously I had to be the weak link. But I had thought I was being safe. As advised, I had taken my laptop to the network experts at the event before I even turned on my laptop. I told them I planned to use my wireless card. They checked that my Wi-Fi was turned off and said everything was kosher.
Updated Friday with details about TG Daily notifying CNET News about the breach.
Then looking at the screenshot of the allegedly breached usernames and passwords, we noticed that the one purportedly associated with CNET News was not anything remotely similar to a username or password that I or my colleagues use. Maybe the breach was fake, we wondered.
This is not Microsoft’s opening salvo in a war against open source. That “war” has been ongoing for years, has taken many forms, and seems to want to change open source’s $0.00 price tag to something higher. Something, in other words, with which Microsoft can compete.
But part of that reality will absolutely be infringement of Microsoft’s patents, and Microsoft’s own violation of Linux-related patents (held by IBM, Hewlett-Packard, and others). That’s the patent minefield in which the software industry operates.
Even so, I think that Microsoft has resigned itself to coexistence with open source, even if it’s not always a peaceful coexistence. On the same day that Microsoft announced the TomTom lawsuit, Microsoft Windows chief Bob Muglia also acknowledged that eventually, “almost all our product(s) will have open source in (them).” Microsoft has taken a reality check, and open source is part of reality.
commentary
It may turn out to be specious, but it’s very welcome to see it made without the sound and fury of past Microsoft public pronouncements about open source.
It’s also important to remember, as TechFlash reminds us, that Microsoft has never been a litigious company. While I despise the FUD that Microsoft has promulgated around open source and Linux, specifically, over the past few years, the reality is that Microsoft has sued only three times in its company history over patent claims.
Last week, Microsoft promoted Horacio Gutierrez, formerly vice president of intellectual property, to corporate vice president. This week, Gutierrez polished his new business cards and sent them TomTom’s way, with a patent infringement lawsuit.
As Gutierrez told CNET News, Microsoft’s lawsuit is very specific to how TomTom uses the Linux kernel: “(It’s the) TomTom implementation of the Linux kernel that infringes these claims. There are many flavors of Linux (and) many implementations of the Linux kernel. Cases such as these are very fact-specific.”
As CNET News’ Ina Fried reports, Microsoft on Wednesday launched a patent infringement lawsuit against TomTom, maker of GPS systems. TomTom, for its part, summarily rejects the claims and says it will “vigorously defend” itself. Lawsuits are filed all the time, but this one is of particular interest to the open-source community because it includes three claims of patent infringement related to Linux file management technologies.
Glyn Moody wonders whether Microsoft has taken the first step in an all-out patent offensive against Linux. After talking with Gutierrez earlier this week, I highly doubt that.
Follow me on Twitter at mjasay.
For Microsoft to do that credibly, it would have to go where Linux is strongest and has the highest earning potential: servers. There, Microsoft will encounter IBM and others with bigger patent portfolios than its own. Microsoft has shown little appetite for that fight.
This TomTom suit, in other words, may well be the opening shot in a broader battle, but for now, it’s the action of a sniper, not a broad fusillade.
It’s not a system I like, but let’s not get carried away. The GPS community doesn’t seem to be wringing its hands over the fact that most of the claims in Microsoft’s case relate to TomTom’s alleged infringement of Microsoft’s GPS technologies.
This speaks ill of the patent minefield that awaits any technology company, a problem called out recently by Red Hat associate general counsel Rob Tiller. But it doesn’t necessarily mean that Microsoft has declared war on Linux.
For all the bluster in the open-source press right now, it’s important to keep in mind that TomTom has been battling patent lawsuits for years, some of which may relate to its use of Linux. In 2005, its CEO said at the ICT2008 conference that TomTom spent more that year on patent litigation than on anything else combined. Microsoft’s eight-part lawsuit is par for the TomTom course, it would seem.
This hardly sounds like a sneaky launch of the spiffy new patent product line at Microsoft. It sounds more like what Gutierrez claims it is: “This is just a normal course-of-business dispute between two companies. (Linux) is not the focal point of the action.” Ironically, it could have been obviated had Microsoft bought TomTom back in 2006, as it was then rumored to be interesting in doing.
In some ways, we should be grateful for how Microsoft has carried itself in this TomTom infringement claim. There are no broad pronouncements of Linux violations, as in the past. There are no white papers being circulated, decrying open source as anti-American and cancerous. There is just a reasoned, FUD-free patent infringement claim.
Maybe we, in the open-source world, need to settle down a little. We have an allergic reaction to patent infringement suits–and for good reason–but one company-specific lawsuit does not a war campaign make.
Based on a previous survey from March of 2007 which showed XP with 78 percent of the market and other Windows version with about 14 percent, it looks like Vista hasn’t so much replaced XP as it has the legacy Windows versions in Japan.
XP still dominates Japan
Nearly two years later, Vista has 24 percent of the market. Since we don’t know what the expectations were, it’s hard to know if this is good or bad. I suspect it’s not great based on the survey data that shows 90 percent of those surveyed said they came to use Vista because it was bundled with a new PC.
(Credit: What Japan Thinks)
Vista launched in Japan just over 19 months ago. Coincidentally, I was in Tokyo at the time and wrote about the launch on my old blog where I noted a serious advertising blitz (along with every electronic store breaking the release date by a full week.)
(Credit:
Seagate)
Analysts are bullish that, with time, SSDs will catch on. “SSDs offer much better MTBFs (mean time between failures) than HDDs, although the endurance is an issue that has to be addressed,” said Gregory Wong, an industry analyst at Forward Insights.
“SSDs have 100 times better random IOPS than HDDs,” Wong said, referring to the dramatic speed advantage SSDs have over HDDs in handling input-output operations per second. Samsung has said in the past that companies such as Citibank and American Express peg server performance on IOPS.
The largest hard-disk drive maker is going solid-state. Slowly.
“While for some companies, it’s a new market and a new product, for us, it’s an existing market, new product,” Vignes said.
The presence of large players such as Seagate will allay fears, he believes. “As companies like Seagate start to demonstrate field-proven reliability and endurance in enterprise applications, we’ll overcome those (solid-state drive) endurance fears.”
Fears aside, the lure of SSDs is speed–and this is what is driving Seagate into the market. “For SSDs, the play is performance, performance, performance. Did I mention performance?” Vignes said.
Seagate says it can tap into the decades of expertise it has in error correction. “Some of the skills we’ve picked up along the way, to deal with imperfect media, has applicability to dealing with imperfect media on NAND.” All solid-state drives use NAND flash memory as the storage medium.
Seagate, which will enter the SSD market in 2009, says there are challenges to make SSDs palatable to large corporate customers.
Seagate will get the raw material for SSDs–NAND flash memory–from others. “We’re not going to make NAND. We are in discussion with all the premier NAND suppliers,” Vignes said.
“IT managers tend to be conservative, so the qualification time will be quite long–nine months to a year, and early adopters will be Web 2.0 companies such as Google, Facebook,” Wong said.
“There isn’t really a clear way of describing endurance or life expectancy of a solid-state drive. So, we’re working on that as an industry standard,” through JEDEC, a large standard body, Vignes said.
“Our history is based on rotating magnetic media. But as solid-state comes online, we’re embracing this new media type,” said Rich Vignes, senior manager of market development at the Scotts Valley, Calif.-based company.
Seagate will enter the market for solid-state drives in 2009, as it slowly embraces a technology that will, in some cases, replace its bread and butter: hard disks.
Of course, it won’t be a cakewalk for Seagate. There is plenty of competition already. Intel has started shipping SSDs for both enterprise and consumer markets. And Samsung is a leading player in the consumer market–its drives are used by Dell and Apple–and it is now stepping up efforts to snag corporate customers. On Thursday, Samsung announced that its SSDs have been selected, after extensive testing, for use in the Hewlett-Packard ProLiant blade servers.
(Original CNET report here.)
Seagate’s first target market will be large enterprise customers. Consumer SSDs from Seagate will come later. The challenge is to convince large enterprise customers that SSDs are safe. Although hard-disk drives have endurance problems of their own, corporate customers must be convinced that a technology as new as solid-state storage is reliable.
“Somebody with a wireless device in China should expect it to be compromised,” Brenner said. For more of the interview, see the video here from the CBS Evening News. (And watch for us to be bringing you more such video on CNET News, which is now published by CBS Interactive.)
At the Beijing Olympics, which officially got under way Friday, athletes from around the world will be striving to run faster, jump higher, and score more goals than their opponents. At the same time, warns the U.S. government, cybercriminals will be on the prowl for credit card information to steal, and security forces could well direct snooping efforts at unsuspecting travelers.
U.S. officials are offering a blunt reminder that any electronic transmission–from PDA, fax, computer, or phone–can be intercepted. Their travel tips include the following: change your passwords frequently; update antivirus and spyware programs; and avoid wireless networks whenever possible.
Click here for more stories on tech and the Beijing Olympics.
Just ahead of the games, Joel Brenner, the U.S. national counterintelligence executive, talked with Bob Orr of CBS News about the threats that travelers to China could be facing and offered advice on how travelers can protect themselves. The worrisome backdrop, according to Brenner, is a pattern of “relentless and ongoing” identity theft.
Remember Brightkite, the social network meets microblogging tool we wrote about last week? The creators have been nice enough to grace us with 100 invites to give away to Webware readers. Just fill in the Wufoo form after the break and we’ll get one your way as soon as we can. Invites will be sent out once all 100 spots have been taken.
Update: All gone. Sending them out to folks now–check your spam boxes.