Will Yahoo CEO's misstep kill company momentum?

Computerworld - All the momentum and vision that Yahoo CEO Scott Thompson has been building for the struggling company may have been thrown off course.

Yahoo said late Thursday that its board of directors is looking into a discrepancy in the new CEO's resume that likely means big trouble not just for Thompson but for the company that he's been steering since January.

"Resume-padding is the most bush-league of the many dissimulations available to ambitious executives," said Hadley Reynolds, an analyst with IDC. "His enemies must be amazed at their luck in unearthing a public misrepresentation issue that calls Scott Thompson's ethical judgment, professional competence, and basic intelligence into question all at once."

The issue, added Reynolds, may be enough to make Thompson's reign at Yahoo a short one and put an end to his plans for reviving the financially struggling company, that was once an Internet pioneer.

"He can't survive this assault, and the Yahoo board will be left to its own devices once again," he said. "I expect this episode to hasten Yahoo's transition to its alternative future, just not the one Scott and the board probably had in mind."

Thompson's resume and the company's regulatory filings with the U.S. Securities and Exchange Commission overstated his technology background to include a degree in computer science. The company called it "an inadvertent error."

Thompson received a bachelor of science degree in business administration with a major in accounting from Stonehill College in Easton, Mass. However, Thompson's resume claimed that he also held a degree in computer science.

The claim also made it onto Thompson's biography page on Yahoo's site, as well as on Paypal, where Thompson had served as president. His college credentials are no longer on his Yahoo bio.

In statements to the news media, Yahoo called the misrepresentation "inadvertent," but Reynolds is doubtful about that.

"There's no credible way that 10 years or so of public misrepresentation could be inadvertent," he said. "Also, I ... assume that Scott is personally responsible for the accuracy and veracity of Yahoo's SEC filings under Section 302 of Sarbanes-Oxley. If that's the case, he's at least culpable under those regulations for misrepresenting material info pertinent to investors, inadvertent slips in the curriculum vitae or no."

Rob Enderle, an analyst with the Enderle Group, said the issue should result in Thompson's dismissal from the company.

It's common for large companies to have policies that call for the termination of an executive who misrepresents his background, Enderle said. This kind of discrepancy also speaks to the person's ethics, which would call into question his action as leader of a major company, he said.

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

View the original article here

Jury nears verdict in Oracle-Google trial over Android

IDG News Service - The jury has reached a partial verdict in the copyright phase of Oracle's intellectual property dispute with Google, and the judge has given them one more day to try to resolve the remaining issue.

The jury foreman told the court on Friday that the 12-member panel had reached unanimous agreement on all but one of the questions on the verdict form, but that they're at an "impasse" over that final issue.

The verdict form has four questions, each broken into multiple parts. The judge had indicated previously he would accept a partial verdict from the jury, so there was tension in the courtroom Friday when it appeared the jury was about to reveal their decisions.

But after a few minutes of discussion, Judge William Alsup decided there was hope that the jury might be able to agree on the final question after a break for the weekend. They will reconvene on Monday at 8 a.m. to try to complete their deliberations.

The jury didn't disclose which question it couldn't agree on, so the attorneys will have to wait until Monday to find out.

"OK, I'll let you go home and speculate," Alsup told the two legal teams after the jury had been dismissed, getting a chuckle from the courtroom.

Oracle accuses Google of infringing its Java patents and copyrights in Google's Android OS. Google denies any wrongdoing, saying it developed a clean-room version of Java and built Android without using Oracle's protected code.

The trial is being heard in three phases. Lawyers made their closing arguments in the copyright portion of the trial Monday morning, and the jury has been in deliberations ever since. The next phase, expected to start next week, will address Oracle's patent claims, and the final phase will determine any damages it should be awarded.

The jury indicated Thursday evening that they might have reached a deadlock in their copyright deliberations, but the judge told them to keep trying. Just before 1 p.m. Pacific Time Friday, they sent a note to the judge saying they were ready to deliver a partial verdict.

Before the jury entered the courtroom, the judge asked the lawyers how they wanted to proceed.

"They've worked hard, they've asked good questions, and if they have a partial verdict, we should take that," Michael Jacobs, an attorney for Oracle, told the judge. Google's Robert Van Nest agreed.

But after the jury entered, the foreman told Alsup that a minority of the jury had not wanted to send the note saying they had reached a partial decision. Those jurors believed there was hope of resolving all the issues after the weekend.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Adobe patches new Flash zero-day bug with emergency update

Computerworld - Adobe today warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.

"There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message," the Friday advisory said.

Although all editions of Flash Player contain the vulnerability and should be patched, the active exploit is targeting only users of Microsoft's Internet Explorer (IE).

Flash Player for IE is an ActiveX plug-in, the Microsoft-only standard; other browsers, including Firefox and Chrome, use a different plug-in structure.

The update was pegged with Adobe's priority rating of "1," used to label patches for actively-exploited vulnerabilities or bugs that will likely be exploited. For such updates, Adobe recommends that customers install the new version within 72 hours.

Adobe disclosed relatively few details about the vulnerability -- its usual practice -- other than to label it an "object confusion vulnerability," note the Common Vulnerabilities & Exposures ID of CVE-2012-0779, and acknowledge that triggering the bug "could cause the application to crash and potentially allow an attacker to take control of the affected system."

It's unclear how extensive the active attacks are, although Adobe's calling them "targeted" hints at a low volume of attempts aimed at specific individuals or companies.

Today's Flash Player update was the fourth this year -- the latest before Friday was on March 28 -- putting the frequently-patched program on about the same pace as last year, when Adobe issued a total of nine Flash security updates.

In March, Adobe addressed the frequent updating pain point -- at least for Windows users -- by shipping Flash Player 11.2, which uses a silent, background update mechanism. The silent update is supposed to kick in in some situations to automatically patch the plug-in in IE, Firefox, Safari and Opera on Windows without notifying or bothering users.

At the time, Adobe said it would switch on silent updates " on a case-by-case basis," but hinted that the service would primarily be used to distribute patches for zero-day vulnerabilities, such as today's.

Friday, Adobe confirmed that it has, in fact, enabled Flash silent updates for Windows in this instance.

A Computerworld Windows 7 system, however, was not silently updated to 11.2.202.235, the patched version within an hour of booting the PC, the interval the tool uses to check for new updates. Adobe's explanation: It did not begin serving Flash Player via silent update until about 10:30 a.m. PT, after the Windows 7 machine had pinged Adobe's servers. If the silent updater receives no response from Adobe, it waits 24 hours before trying again.

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

View the original article here

Oracle wants ex-Sun CEO Schwartz's testimony barred in Google suit

IDG News Service - Oracle has asked a judge to bar Google from using testimony given by former Sun Microsystems CEO Jonathan Schwartz in the companies' intellectual-property suit over the Android mobile OS, saying it has "no legal and factual predicate."

Schwartz provided some of the strongest testimony for Google in the case so far. Appearing on the stand last week, Schwartz was asked by a Google attorney whether, as CEO of Sun, he had made a decision not to sue Google over its use of Java in Android.

"Yes," Schwartz replied. "We didn't feel we had any grounds."

Oracle acquired Sun early in 2010, gaining control of the Java programming language. It sued Google later that year, claiming Android violated patents and copyrights it holds on Java. Google has denied wrongdoing, saying Android is a "clean room" Java implementation that doesn't violate Oracle's rights. The trial's first phase, which covers copyright liability, began in April and went to the jury this week.

Oracle asked the court to bar Google from referencing Schwartz's testimony during the trial's second and third phases, which will cover Oracle's patent claims and damages, respectively.

"Google's question called for a yes or no answer, but Mr. Schwartz in response volunteered an opinion as to what 'we' 'felt' about the grounds for pursuing litigation against Google over Android," its motion states.

"The question appeared to ask only whether Mr. Schwartz had made a decision not to pursue litigation," Oracle added. "But Mr. Schwartz's answer -- and Google's subsequent use of that answer -- implicates Sun's (now Oracle's) privileged discussions by suggesting that there was an unidentified group of people ("we"), who had made some final decision as to whether to pursue litigation and the strength of those claims."

"What legal grounds Sun's management felt they had or what decisions they were considering is clearly privileged," Oracle said. "Moreover, Mr. Schwartz had no right nor any basis to make such a statement which subjects Oracle to privilege waivers that Mr. Schwartz has no authority to invoke."

Also, "the suggestion that Oracle had decided not [to] sue is clearly against the weight of the evidence presented in this case," Oracle said.

Evidence presented in the trial showed that Sun and Google had discussions following the announcement of Android in 2007, that those talks went on after Oracle bought Sun, and that Google officials considered buying "all the rights to Java" from Sun in order to ward off lawsuits, according to the filing.

If Oracle had decided to rebut Schwartz's testimony at the time he made it, that would have placed the company "in the quandary of having to decide whether to waive privilege on the spot," Oracle added. "If Google is allowed to rely on this testimony, and the jury is allowed to believe that it matters, the trial will divert into an irrelevant sideshow over Mr. Schwartz's subjective state of mind, instead of Sun's affirmative acts.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Less than half of Facebook, Google users understand sites' privacy policies

IDG News Service - Most users of Facebook and Google had fundamental gaps in understanding, even after reading privacy policies, about how the websites handled their information and how other Web users could discover it, according to a study released by the digital branding firm Siegel+Gale.

Users understood the privacy policies less well than they did government documents or bank card agreements, the study said. They earned comprehension scores between 35 and 40 out of 100 for both policies. The survey asked just over 400 people to read the companies' policies and then answer questions about them online.

"We forced users to pay attention to this, but even through forcing them to pay attention, they still couldn't understand what was in these privacy policies and were failing to grasp the basic information that was supposed to be communicated," said Brian Rafferty, global director of insight at Siegel+Gale.

The study is hardly the first to find that users are uneasy with how much of their information becomes public through their use of websites and mobile applications. It is among a growing body of research demonstrating the ineffectiveness of privacy policy statements as a way to keep users informed about how their data is used.

After reading the policies, just 23 percent understood that their Google+ profile is visible to anyone online. Just 30 percent knew that even with the strictest privacy settings activated, their Facebook user names remain public.

The study also pointed to problems with Google's efforts earlier this year to notify users that it was consolidating the privacy policies for its diverse services. Less than half of users understood that the company's privacy policy related to their use of YouTube and Google Maps.

A Google spokesman called the company's user education campaign "the most extensive notification effort in Google's history."

The study suggests that informing users within the app or website how their information is being shared is a better way to safeguard privacy.

Justin Brookman, director of the Project on Consumer Privacy at the Center for Democracy and Technology, agreed.

"Privacy policies are not a great way to inform users," he said.

"When I'm trying to figure out a privacy question on Facebook, I go to the help center or FAQs or whatever it is," Brookman said. "I don't ever go to the privacy policy. Same thing with Google."

Brookman pointed out that both Google and Facebook have begun including more intuitive notification methods.

A Google spokesman pointed to those features, and said its "privacy center, published FAQs, Help Center articles, Good to Know website andA in-product notifications help explain what data we collect, how we use it and how people can manage their information."

Facebook has also moved toward including more information about how users' information can be accessed. The company did not respond to a request for comment.

Cameron Scott covers search, web services and privacy for The IDG News Service. Follow Cameron on Twitter at CScott_IDG.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Office Live Small Business customers grapple with migration

IDG News Service - The deadline to migrate email domains and websites hosted on the Microsoft Office Live Small Business (OLSB) online service suite passed on Monday, but customers continue to post a steady stream of complaints and problem reports, indicating that the number of businesses that haven't made the transition is considerable.

Frustrated small business owners are struggling with a variety of technical issues, including lengthy delays in the process of verifying ownership of the Internet domains they're transferring from OLSB to Office 365 and other third-party hosts, according to posts made on the official OLSB Community site, the official Office 365 Facebook page, discussion forums, social media sites and blogs.

Microsoft started dismantling OLSB and turning off customer websites after midnight U.S. Pacific Time on Tuesday, though the company pledged to maintain Windows Live Hotmail custom email addresses hosted by the service for six months.

Microsoft is also providing an online form that OLSB customers can fill out to recover lost website data.

Microsoft on Friday declined to comment when asked how many OLSB customers missed the deadline to migrate.

Microsoft first announced its intention to close OLSB about 18 months ago and launched the suite's replacement, Office 365, in June of last year. Customers also have the option to migrate to non-Microsoft email and website hosting providers such as GoDaddy.

The decision to close OLSB was unpopular from the beginning, leading many customers to question why the service had to be shut down at all.

Complaints have also centered on the perception that Microsoft did very little to help OLSB customers migrate from the service. The customer base is made up largely of small businesses, which typically have limited technology knowledge and resources.

Specifically, Microsoft never developed a tool to automate the migration process. At a late stage, around March, several Microsoft partners began offering fee-based migration software tools and IT services.

In addition to the domain-verification delays, many customers have also had serious difficulties transferring their OLSB-hosted websites over to Office 365. Not only is the process a manual one involving copying and pasting of pages and their content, but in addition, the platforms are different, so many custom features and design elements have to be manually recreated.

For that reason, many users are reporting formatting problems in the transition, especially if the websites have custom design features.

A Microsoft spokeswoman earlier this week said via email: "We're communicating directly with OLSB users via email, the OLSB community, the OLSB website and through notifications in the service to help them transition to Office 365 or another provider."

Microsoft has an online transition center for OLSB where it published, among other things, a transition guide for customers willing to do the migration manually.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

Mashduo quickly compares iTunes libraries

Macworld - Mine was originally a mixed marriage: I'm a Mac, my wife was a PC. Years ago, though, after yet another virus had rendered my beloved's Windows machine unusable, I insisted she switch. (She did so begrudgingly, but she's since become a contented Mac user.) I smoothed the transition by copying all of her old files from her Windows PC to her Mac, but some tracks from her iTunes library, for whatever reason, didn't made the leap.

At the time, we didn't bother to figure out which tracks were missing, but for my wife's birthday this year, I decided I'd finally find those tracks and bring them over to her Mac. I'd assumed it would be a painstaking process: I'd need to look for a couple hundred songs--out of thousands--that existed on the old PC but not her Mac. And, of course, her library has grown substantially since the switch, so comparing the two libraries would be far from simple.

Luckily, I discovered Mashduo, a free Mac app that makes quick work of the process. You just feed it a pair of iTunes-library XML files, and it shows you which songs exist in one library but not the other.

In my case, I went to iTunes on the Windows PC and chose File -> Library -> Export Library; I copied the resulting library file from the PC to my Mac. Then I used the same library-export command on my wife's MacBook. I now had two XML files, each containing complete information about the contents of that computer's iTunes library. Of course, Mashduo would also work with two library files from Windows PCs or two from Macs.

To use Mashduo, you launch it and drag one library file (in my case, the MacBook's XML file) into the space on the left of Mashduo's window, and the other (in my case, the Windows PC's XML file) to the space on the right. Those spaces are labelled Your Name and Friend's Name, because Mashduo is pitched as a way to compare your library with a friend's. I'm sure it's a fine tool for that, but that wasn't my goal.

Tapping the Compare button displays a Venn diagram listing the number of tracks unique to each library, along with the number of tracks the two libraries have in common. For my test, the utility took less than a minute to compare nearly 7000 tracks. When the process completed, I could see that my wife's PC had 322 tracks that weren't on her Mac.

Tapping the See Results button displays the actual list of songs: The two-paned window shows tracks unique to the first library on the left, with tracks unique to the second library on the right. As you scroll through the lists, Mashduo lets you jump directly to a track's entry on the iTunes Store to purchase it--for example, if you really were comparing your library to a friend's, and you found something in your friend's library you wanted to buy. (Mashduo doesn't let you preview tracks within the utility, or go to the actual track in your iTunes library; I'm guessing this is because you can perform your comparison on any computer--it doesn't have to be either of the computers hosting the two libraries--so the tracks may not exist on that computer.) You can also export either set of unique songs to a text file, or email the results.

Reprinted with permission from Macworld.com. Story copyright 2012 Mac Publishing, LLC. All rights reserved.

View the original article here

Dispatch from the technology culture wars

Computerworld - It's an election year, so you're going to hear a lot about the "culture wars." You know: The endless battle between conservative and progressive values.

I want to discuss the culture wars too -- but not the political culture wars. I'm talking about the technology culture wars, the endless conflict between, for lack of a better term, "geeks" -- technical people who like to tinker with tech -- and "noobs" -- nontechnical people who want gadgets to "just work."

(These might be vaguely offensive terms to some. But I think they're equally offensive to both groups. Gimme a break, there are no better labels than geeks and noobs.)

Anyway, I believe that if you scratch the surface of many recurring online debates and differences of opinion -- the PC vs. Mac, Android vs. iPhone and Google+ vs. Facebook conflicts, as well as arguments over issues like privacy -- you'll find that it's often really a culture-war argument between geeks and noobs.

The conflict between geeks and noobs has intensified in recent years because of the inexorable rise of the noobs.

Computer technology used to be the exclusive province of geeks. You couldn't get anywhere near a computer before 1977 unless you were a certifiable, card-carrying geek.

Things started to change in 1977 with the introduction of the Commodore PET, the first relatively mass-marketed personal computer. Later came the graphical user interface, the Mac, Windows and the Internet. With each new generation of technology, computers became more "user friendly" and in rushed the noobs.

After the turn of the millennium, the noobification of the technology scene accelerated. The rise of "Web 2.0" and the mobile revolution were all about simplification. Creating a website was replaced by blogging. Blogging was replaced by microblogging. The cloud eliminated the need to install and manage desktop applications. The post-PC revolution, as exemplified by the Apple iPad, embodies the noobification of technology to an unprecedented extreme.

With each advance, there's an increase in the percentage of noobs who use technology.

Today, geeks are a beleaguered minority, almost strangers in their own house.

Although geeks have made a transition in the past three decades from overwhelming majority in the world of technology to tiny minority, they're crying about it all the way to the bank.

The rise of consumer technology, and the IT-ification of business has served as a full-employment plan for geeks. Throughout the recession, for example, technical people generally had it a little better than the average person. The technology sector is, of course, geek-heavy.

A perfect example of this phenomenon is Facebook's pending initial public offering. When Facebook goes public, super-geek Mark Zuckerberg will probably make a billion dollars in cash and his net worth will rise to more than $17 billion. The IPO will also probably make millionaires out of hundreds of geek investors overnight.

More to the point, the reason the Facebook IPO will enrich so many geeks is because Zuckerberg's social network has attracted so many noobs. And noobs are where the money is.

More relevant for geeks is a newfound social status, which is ironic because geekdom has always been associated with a lack of social status. The old cliche is that the jocks and cheerleaders are the popular people in high school, whereas the science and computer nerds are at the top of the dean's list but at the bottom of the social hierarchy. That's changing.

Geek culture has gone mainstream, with TV shows like The Big Bang Theory and movies featuring comic book superheroes, vampires and sci-fi themes. Geeks have a lot more cred than they once did.

The reason it's important to understand the geek-noob conflict is that it informs a huge number of topics and issues covered in publications like the one you're reading now. Few appreciate that fact, even though it's absolutely necessary in order to truly understand these issues.

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

View the original article here

Researchers use diamonds to boost computer memory

Computerworld - Johns Hopkins University engineers are using diamonds to change the properties of an alloy used in phase-change memory, a change that could lead to the development higher capacity storage systems that retain data more quickly and last longer than current media.

The process, explained this month in the online edition of Proceedings of the National Academy of Sciences (PNAS), focused on changes to the inexpensive GST phase-change memory alloy that's composed of germanium, antimony and tellurium.

"This phase-change memory is more stable than the material used in current flash drives. It works 100 times faster and is rewritable millions of times," said the study's lead author, Ming Xu, a doctoral student at the Whiting School of Engineering at Johns Hopkins University.

"Within about five years, it could also be used to replace hard drives in computers and give them more memory," he suggested.

GST has been in use for two decades and today is widely used in rewritable optical media, including CD-RW and DVD-RW discs.

IBM and others are already developing solid-state chip technology using phase-change memory, which IBM says can sustain up to 5 million write cycles. High-end NAND flash memory systems used today can sustain only about 100,000 write cycles.

By using diamond-tipped tools to apply pressure to the GST, the researchers found they could change the properties of the alloy from an amorphous to a crystalline state and thus reduce the electrical resistivity by about four orders of magnitude. By slowing down the change from an amorphous state to a crystalline state, the scientists were also able to produce many varying states allowing more data to be stored on the alloy.

GST is called a phase-change material because, when exposed to heat, an area of the alloy can change from an amorphous state, in which the atoms lack an ordered arrangement, to a crystalline state, in which the atoms are neatly lined up in a long-range order.

An illustration of how the diamond-tipped tools were used to compress GST

The two states are then used to represent the computer digital language of ones and zeros.

In its amorphous state, GST is more resistant to electric current. In its crystalline state, it is less resistant

The two phases of GST, amorphous and crystalline, also reflect light differently, allowing the surface of a DVD to be read by tiny laser.

While GST has been used for some time, the precise mechanics of its ability to switch from one state to another have remained something of a mystery because it happens in nanoseconds once the material is heated.

To solve this mystery, Xu and his research team used the pressure from diamond tools to cause the change to occur more slowly.

The team used a method known as X-ray diffraction, along with a computer simulation, to document what was happening to the material at the atomic level. By recording the changes in "slow motion," the researchers found that they could actually tune the electrical resistivity of the material during the time between its change from amorphous to crystalline form.

"Instead of going from black to white, it's like finding shades or a shade of gray in between," said En Ma, a professor of materials science and engineering, and a co-author of the PNAS paper. "By having a wide range of resistance, you can have a lot more control. If you have multiple states, you can store a lot more data."

Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian, or subscribe to Lucas's RSS feed . His e-mail address is lmearian@computerworld.com.

Read more about Emerging Technologies in Computerworld's Emerging Technologies Topic Center.

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

View the original article here

Android malware used to mask online fraud, says expert

Computerworld - Android malware being automatically distributed from hacked websites looks like it's being used to mask online purchases, and could be part of a fraud gang's new push into mobile, researchers said today.

"The malware essentially turns your Android phone into a tunnel that can bounce network traffic off your phone," said Kevin Mahaffrey, co-founder and CTO of Lookout Security, a San Francisco-based firm that focuses on Android.

Lookout first published information about the new malware, dubbed "NotCompatible," on Wednesday. Further analysis, however, has revealed the most likely reason why cyber criminals are spreading the malware.

"There are a couple of ways they can profit from this," said Mahaffrey in an interview. "One is general online fraud, the other is targeted attacks against enterprises. We haven't seen any evidence [of the latter], and have confirmed that it is engaged in online purchasing activity."

Once installed, NotCompatible turns an infected Android device into a proxy, through which hackers can then direct data packets, in essence disguising the real source of that traffic by using the compromised devices as middlemen.

Lookout has monitored traffic through NotCompatible-infected Android devices to purchase tickets via TicketMaster, for example, as well as other goods and services.

It's almost certain that the controllers of NotCompatible are using stolen credit cards to purchase products, said Mahaffrey: There's little reason to divert traffic through a proxy if the purchases are legitimate.

NotCompatible uses a never-seen-on-Android attack vector, Mahaffrey and other security experts said this week. "This is the first time that [attackers] have used legitimate websites to serve Android malware," said Mahaffrey. "That's what caught our eye.... We see Android malware all the time, but it's usually served using social engineering."

Mahaffrey was referring to the tactic of enticing users to download and install Trojan horses posing as legitimate apps.

When Android phones or tablets browse to one of the compromised websites, the devices are shunted to hacker-controlled servers, which then automatically download NotCompatible. The malware poses as a security update and asks the user to approve the installation.

While some media reports have characterized NotCompatible as a "drive-by" attack, that's not entirely accurate, said both Mahaffrey and Liam O Murchu, manager of operations with Symantec's security response team. At least not according to the usual definition of the term.

"Drive-by" typically describes attacks that are automatically triggered as soon as a user browses to an infected website, and rely on unpatched vulnerabilities to install malware.

That's not the case with NotCompatible, which although it's downloaded to an Android phone or tablet automatically, still requires some help from the user to be installed. NotCompatible does not exploit an Android vulnerability.

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

View the original article here

Lost In The Supermarket? A New Sensor Will Navigate For You Indoors

Biggs is the East Cost Editor of TechCrunch. Biggs has written for the New York Times, InSync, USA Weekend, Popular Mechanics, Popular Science, Money and a number of other outlets on technology and wristwatches. He is the former editor-in-chief of Gizmodo.com and lives in Bay Ridge, Brooklyn. You can Tweet him here and G+ him here. Email him directly at... ? Learn More

Sure, GPS helps us get from Point A to Point B, but what if you’re just trying to find the Cinnabon? A new system from Fraunhofer allows for in-store (or in-mall) navigation and uses very simple sensors to asses where you are in the building at any time.

Skullcandy Supreme Sound Hesh Headphone Review: Like Vs. Love

Jordan Crook studied English Literature at New York University before entering the tech space. Prior to joining TechCrunch, Crook dabbled in mobile marketing and mobile apps as well as doing device reviews for MobileMarketer and MobileBurn. Crook is fascinated with alternative energy production and greentech. She is now a writer for CrunchGear. ? Learn More

There’s a huge difference between like and love. I like cheese, but I love Gruyere. I like beef, but I love filet mignon. I like phones, but I love my iPhone. You get the gist.
Long story short, I really like Skullcandy’s latest pair of over-ear mid-range headphones, the Hesh.
But do I love them?

Some Guys Have All The Luck: HTC One X Hitting Doorsteps Ahead Of Schedule

Chris Velazco is a mobile enthusiast and writer who studied English and Marketing at Rutgers University. Once upon a time, he was the news intern for MobileCrunch, and in between posts, he worked in wireless sales at Best Buy. After graduating, he returned to the new TechCrunch to as a full-time mobile writer. He counts advertising, running, musical theater,... ? Learn More

Sure, AT&T’s One X will officially hit store shelves this Sunday, but you may be in for an early weekend treat if you’ve taken it upon yourself to pre-order the thing.

According to a handful of reports from AndroidCentral’s and Phandroid’s forums, some lucky HTC fans have already received their new Android handsets well in advance of the device’s official launch.

It’s a common story, really — just about every time a hotly-awaited phone nears launch, it seems like some lucky son-of-a-gun manages to score one thanks to an overeager delivery person. Take another glance at your device’s order status (most likely though UPS if you ordered from AT&T) if you haven’t yet to see if your One X is set to land on your doorstep today.

Those first few moments with the One X could be a little rough, if these early reports are any indication — some unlucky AT&T customers are reporting longer-than-usual activation times. C’est la vie.

Of course, I get the feeling some of you may be rueing your decision to pre-order — if you’re always on the lookout for new and shiny hardware (and since you’re reading TechCrunch, there’s a good chance you fall into that category), Samsung’s newly-revealed Galaxy S III may be more up your alley. It may not have been the monumental leap forward some were hoping for — the expectations game is a real pain to manage — but it’s certainly going to be a real contender going forward.

Samsung Mobile head JK Shin remarked at the device’s launch event in London yesterday that the LTE version of the device would land in U.S. over the summer, and The Verge managed to lock that launch date down to sometime this June. Like HTC’s flagship, Samsung’s new smartphone is expected to land on multiple carriers’ sales channels in one form or another, so it’s a great time for customers to prowl for potential upgrades.

View the original article here

Investors are pouring funds into big data

Venture and growth capital firms make big bets on big data; this week's $26M investment in Birst is latest of many by venture capital firms

Surging enterprise demand for tools that can manipulate and analyze massive volumes of structured and unstructured data has caught investor attention in a big way.

Top venture and growth capital firms in recent months have poured hundreds of millions of dollars into companies selling the so-called "big data" technologies. Venture capital firm Accel Partners has even established a $100 million fund to finance the early stages and growth of big data companies.

The latest beneficiary of the trend is big data software maker Birst, which on Wednesday announced that it has received $26 million in funding from Sequoia Capital, Hummer Winblad and DAG Ventures.

Birst has raised $46 million from investors since its founding in 2005.

Facebook Messenger Apps Get More Life-Like, Now Show If Someone’s Read Your Message

Facebook thinks mobile messaging should feel like you’re having a face-to-face conversation, so today it updates its Messenger for iOS and Android apps with the ability to see if someone’s read your message, and easier ways to tell if someone’s typing and where they’re messaging from. Facebook Messenger “read receipts” are even easier to understand than those long-found on BlackBerry Messenger, and they work for group messaging too. The apps now display “Seen by Peter, Josh, Justin” right under a sent message.

Director of Product Peter Deng tells “SMS has been around for 20 years, built it was for these T9 phones. We’re focused on leveraging all the capabilities of today’s devices to create a new messaging experience.” He also says these are just the start of app updates designed to make mobile conversations feel more real, as if you had body language cues and more to go by. The read receipts definitely accomplish this, as you won’t have to send any “did you get that?” messages or wonder if someone missed you message, or read it but just didn’t respond.

Spotify Crop Circle Appears Near Stonehenge

Aliens are streaming our music! A crop circle bearing a striking resemblance to the Spotify logo has appeared in Wiltshire, England near Stonehenge. The Swedish startup denies having anything to do with the formation pressed into a canola seed field.

Microsoft boots Chinese firm for leaking Windows exploit

Microsoft on Thursday identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.

The company, Hangzhou DPTech Technologies, was tossed out of the Microsoft Active Protection Program (MAPP) for leaking the proof-of-concept exploit.

"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member ... Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," Yunsun Wee, director of Microsoft's Trustworthy Computing group, wrote in a post to a company blog. "Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."

Cooking The Books: Yahoo CEO Scott Thompson’s CS Degree “Error” Should Cost Him The Job

“You guys might want to cover this before he resigns tomorrow,” one hardcore reader emailed in this evening. And yes indeed, newish Yahoo CEO Scott Thompson’s “inadvertent error” about which degree he got in college is looking like it could cost him his new job. It should.

After a day of TechCrunch covering companies who are busy pushing the world forward — like Facebook and its big IPO plans — here’s our obligatory late-night story about the guy who is, uh, suing the massive social network over some old patents that are supposedly infringing on the aging web portal.

For more than half a decade, at least, Thompson has told the world that he’d gotten a computer science degree from Stonehill College, located outside of Boston. Today, that falsehood got exposed by activist Yahoo investor Daniel Loeb, whose firm discovered that he had in fact gotten an accounting degree.

Facebook S-1 Confirms IPO Share Price Of $28-$35, Raising $5B To $6.3B, Hardware Patent Lawsuit Threats

Facebook just posted a fith amendment to its IPO filing, confirming the price range for its stock at IPO, how much it will raise, and noting the future threat of patent lawsuits from Yahoo over hardware in Facebook’s Open Compute Project. The company is selling 180,000,000 shares of Class A common stock and is pricing them at $28-$35. That means they’re raising between $5  billion and $6.3 billion. On top of that, existing shareholders are selling 157,415,352 shares.

Here’s the excerpt:

Facebook, Inc. is offering 180,000,000 shares of its Class A common stock and the selling stockholders are offering 157,415,352 shares of Class A common stock. We will not receive any proceeds from the sale of shares by the selling stockholders. This is our initial public offering and no public market currently exists for our shares of Class A common stock. We anticipate that the initial public offering price will be between $28.00 and $35.00 per share.