Technology latest news

Windows Vista customers can now receive the first service pack for the operating system via the Microsoft Automatic Update service, Microsoft said Wednesday.

Windows Vista Service Pack 1 will download automatically to PCs that have the automatic update feature of the OS turned on, the company said. Previously, Vista was available to customers via Windows Update, but people had to specifically download it.

Not all customers will receive SP1 immediately via Automatic Update, however. The company is distributing it in phases to “ensure a seamless download experience,” Microsoft said. A timeline for when all customers would receive Vista SP1 via Automatic Update was not immediately available.

SP1 is a rollout of software updates that fix bugs and glitches in Vista and is seen as a milestone that will inspire many customers– especially those in the business market– to adopt the OS. In fact, in a recent report, “Building the Business Case for Windows Vista,” Forrester Research said more business customers plan to upgrade to Vista now that SP1 is available. This comes as no surprise, considering companies often wait for the first service pack after a major Windows release to update corporate desktops.

However, even SP1 will not guarantee that enterprises and business customers currently running XP or an earlier version of Windows will upgrade, as some have said they would skip the OS altogether. The same Forrester report said as much, although the research firm is recommending that companies don't skip Vista because they would not be well-positioned for future versions of Windows if they do.

Microsoft has acknowledged problems with application compatibility and lack of driver support, among others, that customers have had with Vista. It says SP1 and other updates that the company continues to make should remedy these problems. What the company hasn't said is why there were so many problems with the OS when the company had more than five years between the releases of Windows XP and Vista to ensure a smooth transition.

In fact, Microsoft seems to be looking past Vista to the future rather than addressing continued concerns about the product. In a meeting with reporters on Microsoft's Redmond, Washington, campus on Tuesday, a presentation on Windows Vista turned out to be anything but that.

Instead, Shannen Boettcher, general manager of Windows product management at Microsoft, discussed future plans for tools to virtualize corporate desktops and applications. He implied this would be an important aspect of the Windows client OS going forward, but was vague about timing.

Apart from that, Boettcher's main discussion specifically about Vista was a mention of its green-computing merits. He asserted that upgrading 10 corporate desktops to Vista is comparable to taking one automobile off the road in terms of reducing carbon footprint.

When asked about criticism of Vista in the marketplace and why there were so many problems after five years of development, Boettcher had little to say other than to acknowledge that Microsoft did not do “a very good job in preparing people for when we shipped” Vista.

He added, however, that the upgrade cycle for an OS doesn't begin to pick up until 12 months to 18 months after the OS is released, and since Vista was released to business customers in November 2007, it's right on schedule.

SAN JOSE, Calif. - When Internet providers hire third-party companies to serve up advertisements on unused Web pages, that creative attempt to make money can open major security vulnerabilities they can’t control, a researcher has found.

One such vulnerability — described last weekend at a security conference by Dan Kaminsky, director of penetration testing for Seattle-based computer security consultant IOActive Inc. — works like this:

Say you mistype the name of a Web site into your browser. Instead of getting an error message, you get a wall of advertisements whose profits flow back to your Internet provider.

A hacker who breaks into the computer system of the company hired to display those ads can cause all kinds of mayhem, injecting code onto the pages you see or altering the pages to trick you into coughing up sensitive personal information.

“The security of the Web for these ISPs is limited to the security of these random ad servers,” Kaminsky said in an interview.

Kaminsky’s presentation centered around a “dead trivial vulnerability” he discovered on the servers used by U.K.-based Barefruit to serve ads for EarthLink Inc.’s Internet service.

The so-called “cross-site scripting” vulnerability allowed him to place his own code and content on pages Barefruit was serving.

Barefruit Chief Executive Dave Roberts said the company fixed the vulnerability — which he said could be exploited only in “incredibly unlikely circumstances” — within 30 minutes after Kaminsky told the company about it.

Kevin Brand, senior vice president for access products for Earthlink, said no users were harmed by the vulnerability, and he said Earthlink lets customers opt out of seeing ads on unused Web pages. But it requires them to alter the settings on their computers to do that.

“We’re not trying to hold any of our customers hostage by any means,” he said. “We’re just trying to improve their experience.”

Other security experts said Kaminsky’s presentation shows that companies that serve ads on unused Web pages must take care in securing their servers.

“We knew that using DNS as an advertising magnet was a bad idea, but we didn’t have a smoking gun that everybody in the world could understand — until now,” said Paul Vixie, president of the Internet Systems Consortium.

“Dan’s findings show that anyone showing an ad for a nearby domain to one the Web browser thought it was talking to, has liability for anything their Web ad server does,” Vixie said.

Kaminsky said it’s not just obvious typos that can cause problems.

In fact, many obvious typos are no problem because popular Web sites snap up similar names that people might type in error. For example, “http://www.gogle.com,” redirects users to the real Google Inc. search site.

The bigger problems arise, he said, from mistyped subdomains, such as an address with a missing “w” — or too many “w’s” — in the “http://www” before a Web site’s address. That would allow a hacker to pass off as authentic a compromised site that shares the same domain.

Kaminsky used the example of “server2.http://www.myspace.com,” which isn’t controlled by MySpace but could seem like it is to a casual Web surfer — and, often, to a Web browser. Kaminsky used examples from a wide swath of Web sites, including Amazon.com, eBay, Google and MySpace.

The sites themselves didn’t have vulnerabilities. But because of way the Domain Name System works and Web browsers translate information about sites within the same domains, compromised pages served up by Barefruit’s servers were “trusted” by the real sites, and they were able to communicate freely with each other.

As a result, Kaminsky could steal the “cookies” that store login information for the real sites and create “phishing” pages that could trick people into handing over personal information.

Most large ISPs are looking into hiring third parties to serve ads on unused pages, which could amplify the potential for widespread infections, Kaminsky said.

SAN JOSE, Calif. - A simple flaw in the coding of Sen. Barack Obama’s Web site led to a hacking switcheroo of presidential proportions just days before the important Pennsylvania primary.

Some supporters who tried to visit the community blogs section of Obama’s site started noticing late last week they were being redirected to Sen. Hillary Rodham Clinton’s official campaign site.

Security researchers said a hacker exploited a so-called “cross-site scripting” vulnerability in Obama’s Web site to engineer the ruse.

Netcraft Ltd. said the hacker injected code into certain pages in the section — code that was then executed when subsequent visitors tried to view the community blogs section. The vulnerability has since been fixed.

While the hack appears to have been a prank, researchers said the breach underscored that candidates risk exposing their supporters to computer viruses and identity theft if they don’t secure their Web sites. For instance, a similar mechanism could be employed to redirect campaign site users to a site that steals personal information from visitors.

“With people closely watching the heated contest to determine the next U.S. president, you can bet that this won’t be the last time such attacks happen,” Symantec Corp. researcher Zulfikar Ramzan wrote on the company’s official blog.

Neither campaign responded to e-mail messages seeking comment.

The community blogs feature is working normally again this week. The link that took visitors to Clinton’s site now directs visitors to the appropriate page, which is populated with blog postings from Obama supporters around the country.

___

On the Net:

http://www.barackobama.com

http://www.hillaryclinton.com

SAN FRANCISCO (Reuters) - Google Inc said on Wednesday it has introduced brand-image ads for mobile phones, in a bid to extend beyond the computer-based Web market into the emerging market for advertising on phones.

In a statement on the Silicon Valley company's Web site, the company said it had designed mobile images to look like standard graphical display ads for desktop computer Web pages, but made them smaller to fit on mobile phone screens.

The company said all mobile image ads are targeted according to the keywords users type into phones to search for information. The ads are priced on a cost-per-click basis, and must link to Web pages optimized to work on mobile phones.

Only one image ad is displayed on each mobile page, a move to that appears designed to limit clutter on small screens.

“For advertisers, mobile image ads serve as a branding tool and have shown to have good click-through rates,” Alexandra Kenin, a product marketing manager, for Google Mobile Ads said in a blog post on the company's site.

Mobile image ads are available in 13 national markets: Australia, China, France, Germany, India, Ireland, Italy, Japan, Netherlands, Russia, Spain, the UK, and the United States, Google said.

(Reporting by Eric Auchard; Editing by Carol Bishopric)

Israel has sentenced a soldier to 19 days in jail for uploading a photograph taken on his military base to the social networking website, Facebook.

The Israeli military declined to comment on the nature of the image, but said the soldier was serving with an elite intelligence unit.

Local media say it is the first such conviction for an Israeli soldier.

The case follows widespread reports about the potential security risk of soldiers posting photos on the web.

The Israel Air Force has recently instructed all servicemen under their command who are serving in sensitive units to remove any photos they may have uploaded to Facebook, the Haaretz newspaper reports.

These rules do not apply to member of the Israeli Defense Forces (IDF).

A spokesman told Haaretz the IDF would take measures to educate soldiers about the dangers inherent in the “careless civilian use of the internet”.

Monitoring

The defence ministry launched an inquiry earlier this year to check the potential security risk in the dozens of social networking groups dedicated to life in the Israeli military.

The review has found that some troops had posted detailed pictures of air bases, operations rooms and submarines.

The BBC’s Martin Asser says militants in Lebanon and the Palestinian territories are believed to monitor Israeli web forums and communities, including Facebook and the photo sharing site Flickr, to get information.

He says some personnel are authorised to post pictures, but only after vetting by military censors.

The defence ministry told the BBC military tribunals have investigated and disciplined about 100 soldiers who broke the rules and unwittingly helped the enemy this year.

Our correspondent says the worst offenders were punished with a month in jail, while others were warned they would face similar punishment if they re-offended.

SAN JOSE, Calif. - Apple Inc.’s fiscal second-quarter profit jumped 36 percent on blistering sales of Macintosh computers, but the company forecast lower-than-expected earnings and its stock price tumbled as much as 5 percent.

The Mac and iPod maker is believed to be especially vulnerable to slowing consumer spending in the United States because of its strong presence here versus overseas.

Apple shares fell $2.31, or about 1 percent, to $160.58, in after-hours trading. The stock had fallen nearly 5 percent earlier. It had closed up $2.69, or 1.7 percent, at $162.89 before its earnings were reported.

But the latest results showed that it was firing on all cylinders during the first three months of the year.

The Cupertino-based company earned $1.05 billion, or $1.16 per share, in its second quarter, which ended March 29. That’s 9 cents per share better than what analysts surveyed by Thomson Financial were expecting.

During the same period last year, Apple earned $770 million, or 87 cents per share.

Revenue jumped 43 percent in the period to $7.51 billion — also beating Wall Street’s expectations. Analysts were predicting Apple would rake in $6.96 billion in revenue.

Apple said it was the strongest sales and earnings performance during the March quarter in Apple’s history.

Apple’s chief financial officer, Peter Oppenheimer, declined in an interview to discuss how the company might be affected by slowing domestic consumer spending. Management is aware of the economic pressures but is focused on running the company, which performed “exceptionally well” and turned in an “awesome” quarter, he said.

The company forecast profits for the fiscal third quarter of $1 per share, short of the $1.10 per share in the average analyst estimate and at the low end of what all analysts polled were expecting.

Sales are expected to be about $7.2 billion, slightly above the $7.16 billion Wall Street was expecting.

OTTAWA (AFP) - Blackberry maker Research in Motion (RIM) announced Wednesday it will soon open its first research facility outside of Canada in Bochum, in the North Rhine-Westphalia region of Germany.

The facility is scheduled to open on the campus of Ruhr-Universitat Bochum in the coming months with 140 new employees and with plans to expand to as many as 500 people, the company said in a statement.

It will focus on hardware and software development for its hugely popular BlackBerry mobile devices that combine telephone, email and Internet capabilities, with some 45 million dollars to be invested in its first year of operation.

Coincidentally, cellphone maker Nokia recently announced it is closing a facility in Bochum on June 30, and cutting 2,300 jobs to reduce costs.

Until now, all of RIM's research and development has been done in Canada, a RIM spokeswoman told AFP.

“This new R&D facility will play a pivotal role in extending RIM's leadership in the smartphone market as we continue to focus on delivering best-in-class solutions to our customers,” said Mike Lazaridis, RIM founder and president.

Some 14 million people around the world use RIM's Blackberry and the company has said it aims to sign up another 2.2 million by the end of the next quarter.

Reliance on BlackBerries is so fierce that they have been jokingly dubbed “CrackBerries,” in a reference to a tendency for their owners to compulsively check and send email as if it were an addiction.

NEW YORK (Reuters) - Comcast Corp, the leading U.S. cable operator, is pulling out of a wireless phone joint venture with number-three U.S. wireless company Sprint Nextel Corp, a Comcast spokesman said on Wednesday.

Branded as Pivot last year, the two-and-half-year-old, $200 million joint venture between Comcast, Time Warner Cable Inc, Cox Communications, Advanced/Newhouse Communications and Sprint failed to spark much interest from customers.

The cable companies and Sprint had hoped customers would be interested in a single integrated service that combines cable television, Internet access, fixed-line phone and wireless on one bill. It also planned to offer integrated services such as TV clips and e-mails on cell phones or a single voicemail.

A Comcast spokesman said Pivot did not satisfy the cable company's wireless ambitions.

“We decided to discontinue the service because the product required a lot of operational complexities so we decided it wasn't the approach we wanted for the long term,” he said.

Comcast would not confirm how many subscribers took the Pivot service but the spokesman said Pivot mobile customers would be switched to a similar Sprint package.

Other joint venture partners were not immediately available to comment on whether they would also pull out and Sprint spokeswoman Melinda Tiemeyer referred Reuters to each company for confirmation of their plans.

“We will maintain our relationship with all our cable partners and will continue to talk with them about other wireless ventures going forward,” Tiemeyer said.

Last month it was reported that Comcast and Time Warner Cable were in talks with Sprint and Clearwire Corp to form a joint venture for WiMax wireless service. A source close to one of the companies said the WiMax joint venture talks were not affected by anything that happens with Pivot.

(Reporting by Yinka Adegoke; Editing by Braden Reddall)

NEW YORK - “I can haz dream Job? My rezumez! let me showz u thm”

That’s the subject line of a cover letter sent by a job applicant to I Can Has Cheezburger, one of the premier sites for so-called Lolcat pictures.

Don’t think the letter will be rejected out of hand — bad spelling is no obstacle to a job in Lolcat world. It may even be an asset.

Lolcats became an Internet craze last year. A typical example shows a picture of a fat and hopeful cat accompanied by a caption in a baby-talk-like dialect known as Lolspeak: “I CAN HAS CHEEZBURGER?”

Apparently, looking at Lolcats all day is an appealing job. Ben Huh, founder of the site and chief executive of Seattle-based Pet Holdings Inc., has received 250 applications since the job was posted on Monday under the headline “Kittehs Want Moar Workerhumans.”

“I got a stack of resumes that I can’t even go through,” Huh said. “You know how they say, ‘Spell everything correctly because the people reading your resume will toss it out otherwise?’ Well, we can’t even do that. We won’t knock you out for spelling…. The traditional resume screening methods don’t apply here.”

The winning applicant will join three other people who moderate ICHC and a few related Pet Holdings sites (think dogs with funny captions). A big part of the job will be selecting from the 7,000 submissions the company receives every day of captioned photos, plus 2,000 uncaptioned ones.

Cat ownership is not required, just “a great sense of humor, a deep understanding and love of the Internets and a strong work ethic.”

___

On the Net:

http://www.icanhascheezburger.com

The worldwide market for CRM (customer relationship management) software will grow 14.2 percent to US$8.9 billion in 2008, according to a Gartner estimate.

The prediction is based on preliminary sales figures for 2007, which total $7.8 billion. That compares to roughly $6.5 billion in 2006, according to a Gartner spokeswoman. CRM revenues will continue to rise over the next several years, reaching an estimated $13.3 billion in 2012, according to Gartner.

The weak dollar contributed to the higher totals for 2007, and while growth will remain strong overall, ongoing economic conditions will cause a short-term dip and slightly impact the long-term picture, Gartner said.

“Although demand continues across all subsegments, Gartner expects a softening during 2008 to reflect current economic fluctuations and as businesses consume prior purchases.” The analyst firm now estimates an 11.1 percent compound annual growth rate for 2007-2012, down from the 11.9 percent prediction it made in July 2007.

Growth is being driven by SAAS (software-as-a-service) product sales, which took an estimated 14 percent of the market in 2007, representing more than $1 billion in sales, according to Gartner.

However, open-source CRM is not yet making significant inroads. Market share for such offerings will remain below 1 percent through 2008, Gartner said.

Geographically, the most significant portion of 2007 sales came in North America, which drew $4.3 billion in revenue during 2007 compared to Europe's $2.6 billion.

Emerging markets will become more significant in coming years, according to Gartner.

The Asia-Pacific region will have the strongest growth curve, with spending forecast to rise from $410 million in 2007 to $840 million by 2012, according to the report.

Latin America will see a 16.6 percent rise over the same period, from $131 million to $282 million; and the Middle East/Africa region is set for a 12.9 percent rise from $95 million to $174 million.

In addition, more consolidation will occur in the CRM space, according to Gartner.

While a small handful of vendors control more than half the market share, there are hundreds of small players making up the remainder, the report notes: “These specialized vendors are often attractive acquisition targets for larger software providers that seek to enhance their software portfolios, establish a presence in other countries, add specific verticals or broaden their installed base.”