Phishers going after small fry

Phishers are widening their net to take in credit unions, according to a new report.
While most of the fraud schemes still focus on big businesses such as major banks, smaller financial companies are increasingly being hit said the report, published Friday by the Anti-Phishing Working Group.

"Hackers are modifying their attack methods by shifting away from attacking popular or large institutions," the monthly report said.

Phishing is a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.

The report covers trends in April, but a bigger jump in the number of credit unions targeted in phishing schemes was actually seen in May, said Dan Hubbard, a senior director at security company Websense, which helped write the report. (Click here for PDF.)

The number of credit unions in phishing e-mails has been growing over the past months, Hubbard said. The total rose from three in February to 21 in May.

Phishers are likely targeting the smaller financial businesses because of countermeasures put in place by larger banks, Hubbard said. Also, the attackers may simply be expanding their hit list, he said.

In April, the number of phishing attempts reported to the Anti-Phishing Working Group rose to 14,411, continuing a trend of slight monthly growth this year. However, a small drop in unique phishing e-mails was reported, down to 3,930, from 4,100 in March.

Other trends noted by the APWG include another increase in the number of phishing Web sites hosted in China, which was home to 22 percent of the 2,854 active phishing sites reported in April. The country came a close second to the United States, where 26.3 percent of sites were hosted, according to the report.

China is gaining in popularity among phishers as more PCs in the country get connected to high-speed lines, Hubbard said. In addition, it is harder for victimized companies to get service providers to shut down sites there, he noted. "Anytime you go across borders, it becomes more difficult to perform takedowns," he said.

Google tests tool to aid Web indexing

Google has launched an experiment designed to speed the flow of Web site information to the search giant's index.
The program, called Sitemaps, is free to site administrators and owners, whether they manage single-page or corporate sites.

"This collaborative crawling system will allow our crawlers to optimize the usefulness of Google's index for users by improving its coverage and freshness," the company said on the Sitemaps site.

Google's latest feature comes as competitors in the search industry continue to look for ways to gain greater traction among surfers.

Sitemaps, which is currently in beta, calls for Web administrators to place a Sitemaps-formatted file on their Web servers. This allows the Google crawlers to see which pages are present on a site and which have been changed.

In order to use the tool, known as the Sitemap Generator, a Web administrator must create an XML file, know how to transfer files to a Web server and know how to run scripts. Sitemap Generator requires Python 2.2 or higher, according to Google.

The company notes, however, that using Sitemaps will not influence a site's ranking on Google's search listings

Microsoft pushes into BlackBerry market

A new software module in Microsoft's Windows Mobile 5.0 platform will see the software giant making a play for the direct push messaging market, a space currently dominated by the popular BlackBerry wireless e-mail device
The Messaging and Security Feature Pack (MSFP) will be released with Windows Mobile 5.0, the latest version of Microsoft's mobile operating system which was launched last month. The software module will also be released together with the launch of Microsoft Exchange Server 2003 Service Pack 2 (SP2), due out later this year.

The new MSFP will enable enterprises to push out e-mail messages to an employee's Windows Mobile-enabled device as soon as they arrive in the company's mail server, said Jason Lim, Microsoft's regional director for Asia-Pacific and Greater China region, in an interview with CNETAsia.

No additional middleware is required, as long as the company runs Exchange 2003 SP2, he added. This means that users no longer have to rely on SMS (short messaging service) to notify them of new e-mail messages. However, the "pull" option is also available to users who still prefer to retrieve messages in their own time.

This new offering moves Microsoft more squarely into the turf of Research In Motion (RIM), one of the strongest players in the direct push market. Last month, RIM announced it had a subscriber base of 3 million for its BlackBerry wireless devices worldwide.

When asked about the impending competition from Microsoft, RIM's Asia-Pacific spokesperson Katie Lee, said in an e-mail reply: "BlackBerry supports Microsoft Exchange, as well as IBM Lotus Note and Novell GroupWise. These are three major messaging platforms in the enterprise world.

"There are a lot of areas that we cooperate with Microsoft. O2 in the United Kingdom has enabled BlackBerry e-mail on their XDA II (PDA phone), which is a Window Mobile device," she added.

Lim acknowledged that Microsoft's new software module will offer customers more choice in the direct push messaging space, but stressed that the software giant's primary goal for the MSFP is to encourage existing Exchange customers to upgrade.

There are over 120 million Exchange users worldwide today, only 20 million of which are on Exchange 2003, he noted. "We're hoping that this (MSFP release) will drive these (20 million) customers to upgrade to Exchange 2003."

Lim added that the MSFP will include a range of capabilities such as enhanced security features and more user-friendly functionalities. For example, the server can be configured to remove all data residing in a mobile device that is lost or stolen, after a pre-determined number of unsuccessful password login attempts.

Windows Mobile 5.0 with the MSFP is expected to be available on various mobile devices in the third quarter of 2005.

Lenovo launches lightweight IBM tablet PC, price still

Lenovo Group, the Chinese company that recently bought IBM's PC business, has high hopes for the floundering tablet PC market. The company will announce today the IBM-developed, Lenovo-branded ThinkPad X41 Tablet, which it touts as being the lightest and having the longest battery life on the market.
The machine marks Lenovo's debut into the market and IBM's first tablet since 2001, when it launched TransNote that ran basic Windows 2000.

"There have been rumors that IBM has been interested in the market," said Brian O'Rourke, analyst at researcher In-Stat. "I would say [the Lenovo tablet] is somewhat a vote of confidence in the tablet PC form factor."

Despite its impressive specs the Lenovo tablet is costly next to ultra-lightweight notebook PCs. And its price tag likely will dampen demand. At $1,899, the ThinkPad X41 is priced on par with its tablet counterparts but is roughly $150 to $200 more expensive than comparable portable notebooks, O'Rourke said.

Price is largely why the tablet PC market has not taken off, along with a dearth of tablet software, O'Rourke said. Tablets represented just 1% of all notebook PC shipments globally in 2004.

Tablet computers in various, mostly unsuccessful, flavors have been around for years. But the tablet PC market really was born in the fall of 2002 when Microsoft Corp gave its blessing by releasing Windows Tablet PC operating system, O'Rourke said.

Until today, IBM had been a holdout in this market, O'Rourke said: The ThinkPad X41 is its first machine that runs the Microsoft Tablet PC platform.

Jeff Samitt, Lenovo segment manager for ThinkPad X, said IBM passed on the Microsoft Tablet OS back in 2002 because various software applications were not mature enough to drive the market. Microsoft has since upgraded its tablet OS a couple of times.

"We think the market is finally ready for the tablet device," Samitt said.

The ThinkPad X41 is 1.14-inches thick and weighs 3.5 pounds -- or 20% lighter than its 12-inch rivals such as Hewlett-Packard's TC4200, Toshiba's M200 and various Fujitsu tablets, Samitt said.

The Lenovo tablet has the longest standard battery life of comparable tablets, Samitt said. Equipped with a 4-cell battery, the machine can run for 2.6 hours. A higher-capacity 8-cell battery gives 6.3 hours of computing life, but brings the machine's weight up to 4 pounds, he said.

By comparison, Samitt said HP's TC4200 tablet weighs 4.6 pounds and lasts 5 hours on batteries. "Battery life is key in this market place," Samitt said.

However, whether the Lenovo brand will resonate in certain markets is not yet known. Indeed, the decision not brand it IBM may negatively affect sales in some regions. "IBM is a more familiar name in parts of North America and Europe," O'Rourke said. "There is a possibility that [the Lenovo brand] may not appeal to a tech-buying manager."

Lenovo's machine, which will be available June 14, can be used in two ways: as a writable slate with a digital pen or as a traditional notebook PC with a keyboard.

It also boasts a fingerprint swipe function, which takes electrical readings below the first couple of layers of skin. This is a more robust security feature than traditional fingerprint security pads, which use optical sensors to take an electrical image of a fingerprint. "I don't know of a way to spoof this particular design," Samitt said of the fingerprint swipe method.

Pharmaceutical, sales, insurance and real estate are target markets for tablet PCs.

New Authentication Code Urged for Digital Data

The National Institute of Standards and Technology (NIST) is recommending a new algorithm for authenticating digital data for federal agencies. Called CMAC (cipher-based message authentication code), the algorithm can authenticate the source of digital data, such as messages sent over the Internet, and thus provide assurance that the data have not been modified either intentionally or accidentally.

The main component of CMAC is a block cipher. Within encryption algorithms, block ciphers are used to scramble the data after they are broken down into blocks. In CMAC, the block cipher creates a digital tag that authorized parties can use to verify that the received message has not been altered.

Other authentication mechanisms, such as the hash function message authentication code (HMAC) and digital signatures, have long been available. CMAC is a new option, intended especially for devices in which a block cipher is more readily available than the components of these other mechanisms.

CMAC was submitted to NIST as part of an ongoing public effort to develop and update block cipher-based algorithms, called modes of operation. A team of Japanese scientists, Tetsu Iwata and Kaoru Kurosawa of Ibaraki University, developed CMAC based on an earlier proposal by a team of American scientists, John Black of the University of Nevada, Reno, and Philip Rogaway of the University of California at Davis.

Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication (NIST Special Publication 800-38B) is available at http://csrc.nist.gov/publications/nistpubs/index.html#sp800-38B. It is the third of a series of publications recommending modes of operation to provide confidentiality or authentication for digital data. For more information, see http://csrc.nist.gov/CryptoToolkit/modes/.

NIST Smoothness Web Site Adds 3-D Analysis Tools

A tiny irregularity in a product’s expected smooth surface can mean a multimillion dollar loss for manufacturers of everything from high-performance wind tunnels to precision optical devices. New features in a National Institute of Standards and Technology (NIST) Web site, however, should make quality assurance in such industries a bit less fretful.

The addition of three-dimensional surface analysis capacity to the feature menu of the free, interactive NIST Web site should be especially useful to the mechanical parts, semiconductor and optical industries where 3-D surface smoothness is key to high-efficiency performance. The NIST Web site enables manufacturers to check the accuracy of measurement software used to verify the smoothness of product surfaces. Until this month, the Web site, called “Surface Metrology Algorithm Testing System (SMATS),” was limited to two-dimensional surface analysis.

A new circular fit measurement feature on the 2-D page of the website also allows manufacturers of bearings and other cylindrical or spherical products to check for errors in software packages of the instruments they use.

The NIST virtual surface calibration Web site is available at http://ats.nist.gov/VSC/jsp.

Software Addresses Terrorist Building Threats

The National Institute of Standards and Technology (NIST) is recommending a new algorithm for authenticating digital data for federal agencies. Called CMAC (cipher-based message authentication code), the algorithm can authenticate the source of digital data, such as messages sent over the Internet, and thus provide assurance that the data have not been modified either intentionally or accidentally.

The main component of CMAC is a block cipher. Within encryption algorithms, block ciphers are used to scramble the data after they are broken down into blocks. In CMAC, the block cipher creates a digital tag that authorized parties can use to verify that the received message has not been altered.

Other authentication mechanisms, such as the hash function message authentication code (HMAC) and digital signatures, have long been available. CMAC is a new option, intended especially for devices in which a block cipher is more readily available than the components of these other mechanisms.

CMAC was submitted to NIST as part of an ongoing public effort to develop and update block cipher-based algorithms, called modes of operation. A team of Japanese scientists, Tetsu Iwata and Kaoru Kurosawa of Ibaraki University, developed CMAC based on an earlier proposal by a team of American scientists, John Black of the University of Nevada, Reno, and Philip Rogaway of the University of California at Davis.

Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication (NIST Special Publication 800-38B) is available at http://csrc.nist.gov/publications/nistpubs/index.html#sp800-38B. It is the third of a series of publications recommending modes of operation to provide confidentiality or authentication for digital data. For more information, see http://csrc.nist.gov/CryptoToolkit/modes/.

Site Offers Web's Most Comprehensive Information About Anti-Jet-Lag Diet

With the summer travel season beginning, travelers who need to beat jet lag can learn how by visiting http:/​/​www.antijetlagdiet.com online. This Web site offers the most comprehensive free information anywhere on the Internet about how to use the famous Anti-Jet-Lag Diet, developed by biologists at the U.S. Department of Energy's Argonne National Laboratory.
The Anti-Jet-Lag Diet has helped hundreds of thousands of travelers avoid jet lag over the last 20 years.

For a small fee, travelers can also use Argonne-developed software to compute an individualized Anti-Jet-Lag Diet tailored to their specific itinerary. Argonne has licensed the software exclusively to AntiJetLagDiet.com LLC.

Research shows that travelers who use the Anti-Jet-Lag Diet are seven times less likely to experience jet lag when traveling west and 16 times less likely when traveling east.

The free online information expands on older, publicly available versions of the Anti-Jet-Lag Diet by providing a full, frequently-asked-questions page that includes detailed information about food choices, caffeine use and the Anti-Jet-Lag Diet's origin and history.

The online software will calculate a detailed, easy-to-follow Anti-Jet-Lag-Diet plan tailored to an individual traveler's itinerary, for a small fee. The tailored Anti-Jet-Lag-Diet plan calculates time differences between departure and destination cities and specifies key meal times to help travelers experience more enjoyable vacations and productive business trips, free from the debilitating fatigue and sleepiness associated with jet lag.

A study published in the medical journal Military Medicine proved the effectiveness of the Anti-Jet-Lag Diet: In a test involving 186 National Guard troops flying across nine time zones, soldiers who used the Anti-Jet-Lag Diet flying west were 7.5 times less likely to experience jet lag. On the return trip east, soldiers who used the Anti-Jet-Lag Diet were 16.2 times less likely to have jet-lag. The study can be read online at www.AntiJetLagDiet.com/docs/mmarticle.pdf (1.6 MB PDF file).

Anyone traveling across three or more time zones can use the Anti-Jet-Lag Diet plan to eliminate or reduce jet lag -- feelings of irritability, insomnia, indigestion and general disorientation that occur when the body's inner clock is out of synchronization with time cues it receives from the environment. Time cues include meal times, sunrise and sunset, and daily cycles of rest and activity.

The Anti-Jet-Lag Diet uses nature's time cues to help the body adjust quickly to a new time zone.

Hundreds of thousands of travelers have requested copies of the Anti-Jet-Lag Diet from Argonne over the years. Examples include President Ronald Reagan, the U.S. Army and Navy, the U.S. Secret Service, the Central Intelligence Agency, the Mormon Tabernacle Choir, the Chicago Symphony Orchestra, the World Bank, the Federal Reserve System, the Canadian National Swim Team, and dozens of corporations, scout groups, church groups and other travelers.

AntiJetLagDiet.com LLC is a limited liability company based in Downers Grove , Ill.

The nation's first national laboratory, Argonne National Laboratory conducts basic and applied scientific research across a wide spectrum of disciplines, ranging from high-energy physics to climatology and biotechnology. Since 1990, Argonne has worked with more than 600 companies and numerous federal agencies and other organizations to help advance America's scientific leadership and prepare the nation for the future. Argonne is operated by the University of Chicago for the U.S. Department of Energy's Office of Science.

NASA Telescope Catches Surprise Ultraviolet Light Show

It was a day like any other for a nearby star named GJ 3685A - until it suddenly exploded with light. At 2 p.m. Pacific time on April 24, 2004, the detectors on NASA's Galaxy Evolution Explorer ultraviolet space telescope nearly overloaded when the star abruptly brightened by a factor of at least 10,000. After the excitement was over, astronomers realized that they had just recorded a giant star eruption, or flare, about one million times more energetic than those from our Sun.
Findings on this intriguing event were presented today at the 206th meeting of the American Astronomical Society in Minneapolis, Minn. Movies based on images of the flare are available online at http://www.nasa.gov/centers/jpl/missions/galex.html and http://www.galex.caltech.edu/.
This dramatic flare is just one of many serendipitous discoveries made by the Galaxy Evolution Explorer since its 2003 launch.
Though the telescope was originally designed to spot galaxies, it has repeatedly witnessed a sky flickering with ultraviolet flares, bursts and fast-moving streaks. While the flares and bursts are from different types of stars, the streaks are asteroids, satellites or possibly space debris floating across the telescope's field of view.

The findings have led astronomers to conclude that the ultraviolet sky, once thought to be a quiet backdrop for viewing galaxies, is, in fact, a rather festive place.

"We had no idea that the ultraviolet sky would be filled with so many things that go bump in the night," said Dr. Barry Welsh, University of California, Berkeley, co-discoverer of some of the flares. "All of these objects are a bonus to astronomers, since the observations come free when the telescope is aimed at distant galaxies."

"I was surprised by how often we have observed stellar flares and by the amazing size of some of them," said Dr. Chris Martin, principal investigator of the Galaxy Evolution Explorer, California Institute of Technology, Pasadena. "Nature rarely disappoints us."

So far, the Galaxy Evolution Explorer has recorded 84 bonus astrophysical events occurring on flaring stars, binary stars called dwarf novae, and pulsating stars, as well as countless pieces of space debris. These data are already being collected into public databases for other astronomers to study. For example, astronomers are using the new set of flare stars to test their flare theories.

The Galaxy Evolution Explorer is surveying the entire sky at ultraviolet wavelengths for clues to how the earliest galaxies evolved into mature galaxies like our own Milky Way. To detect these early, faint galaxies, the telescope was outfitted with specialized cameras that allow the arrival of each photon of ultraviolet light to be timed with a precision of about a microsecond.

"The telescope's detectors have provided an unprecedented time resolution of these astrophysical events," said Welsh. "Now, we can say what happens during each one-hundredth of a second of a flare event. That's better information than most video cameras have when they take slow motion shots of athletes."

A preliminary analysis of the enormous flare witnessed by the Galaxy Evolution Explorer around GJ 3685A - the largest ever recorded in ultraviolet light - shows that the mechanisms underlying these stellar eruptions may be more complex than previously believed. Evidence for the two most popular flare theories was found.

Flares are huge explosions of energy stemming from a single location on a star's surface. They happen regularly on many types of stars, though old, small "red dwarf" stars like GJ 3685A tend to experience them most frequently and dramatically. These stars, called flare stars, can erupt as often as every few hours, and with an intensity far greater than flares from our Sun. One of the reasons astronomers study flare stars is to gain a better picture and history of flare events taking place on the Sun.

Caltech leads the Galaxy Evolution Explorer mission and is responsible for science operations and data analysis. NASA's Jet Propulsion Laboratory, Pasadena, Calif., manages the mission and built the science instrument. The mission was developed under NASA's Explorers Program managed by the Goddard Space Flight Center, Greenbelt, Md. South Korea and France are the international partners in the mission.

For more information about the Galaxy Evolution Explorer, visit http://www.galex.caltech.edu/.

How does "Google Sitemaps" work?

The purpose of the Google Sitemaps project is enabling webmasters to inform and direct the Google spiders through their website. Sitemaps provide crawlers with information about the website’s structure as well as data about its pages, which leads to, according to Google, an improved indexing process.
Another benefit brought by sitemaps is that webmasters can quicken the indexing of some pages by publishing them in the sitemap, without waiting for the usual „visit” of the crawlers. This technique is called „content pushing”.
However, by using sitemaps you will NOT achieve better placement in Google SERPS search engine result pages).
Sitemaps are text files in the XML format that contain information about the website, a list of webpages and some corresponding parameters. At most 50,000 entries can be placed into a sitemap, provided the sitemap’s filesize is not more than 10MB uncompressed (sitemap access and transfer can be greatly improved by using gzip compression which yields smaller files due to its excellent handling of text data). Should you exceed these limits you will have to use multiple sitemaps and group them into a „sitemap-index”.

Each webpage inserted into a sitemap is defined by the following characteristics:
- Changefreq: how often the webpage’s content is modified
- Lastmod: the date of the last modification
- Loc: the webpage URL
- Priority: the priority of the webpage with respect to the other webpages in the site

To ease the creation of sitemaps, Google has made available Sitemap Generator (sitemap_gen.py), an utility written in the Python language. It can create sitemaps through three metods, based on some parameters:
- by reading a text file that contains all URLs to include in the sitemap
- by reading directories on the server’s filesystem
- by parsing webserver log files

Advanced users can take advantage from the XML format of sitemaps and choose to „automagically” generate them (for example, a developer can integrate sitemap support into his/her content management system’s (CMS))

Sitemaps can also be based on the „Open Archives Initiative (OAI) protocol for metadata harvesting”, a popular and standard protocol, so anyone that already has OAI-PMH 2.0 sitemaps can submit them unaltered to Google/

For those that think XML/OAI sitemaps are too complex, there’s a simpler solution: submitting a file that contains just an URL list.

For more information about the Google Sitemaps protocol you may visit these pages:

http://www.google.com/webmasters/sitemaps/docs/en/protocol.html
http://www.google.com/webmasters/sitemaps/docs/en/faq.html

One thing that should not be passed-by easily is that Google Sitemaps is still a Beta project, therefore Google does not guarantee it will crawl all URLs included in sitemaps. However, the benefits seem important enough to encourage all webmasters to use sitemaps.

Intel Snags Apple Chip Biz from IBM

Apple Computer has said it will end a 14-year relationship and discontinue using microprocessor chips made by IBM in favor of chips produced by Silicon Valley-based Intel, according to CNET Networks Inc.'s News.com and The Wall Street Journal.
Officials from Apple, Intel Corp. and International Business Machines Corp. could not be reached yesterday to confirm the report, they said.
The decision is seen as a major risk for Apple Computer as switching over to Intel's x86 chips would force the company's Apple's programmers to rewrite its software to adapt to the new chips.
Sources say Apple intends to shift to Intel chips for some products beginning in 2006 and across the company's complete product line the following year.
"I don't know that Apple's market share can survive another architecture shift,'' Insight 64 analyst Nathan Brookwood told News.com. "Every time they do this, they lose more customers.''
News.com reported that Apple would begin the transition to Intel with its lower-end computers, such as the Mac Mini, in mid-2006 and higher-end models a year later.
Apple's break with IBM stemmed from Jobs' wish that IBM make a larger variety of the PowerPC processors used in Macintosh systems.
IBM balked because of concerns over the profitability of a low-volume business, News.com reported.
By wrestling away Apple's business from IBM, Intel tightens its stranglehold on the PC processor business. The company holds more than an 80% share of the market.
Although IBM will undoubtedly suffer a setback with the loss of Apple, the company is expected to reap a financial windfall after signing up Microsoft, Nintendo and Sony Corp. to use PowerPC technology in future video-game machines, industry analysts say.

United Airlines Approved for In-Flight Internet Service

United Airlines plans to announce that it is the first domestic airline to receive approval to install wireless Internet networks on its planes.

For Addresses That End in .xxx, More $$$

Icann, the nonprofit company responsible for Internet addresses, announced Wednesday that it had moved closer to creating a .xxx domain for adult Web sites.
The .xxx ending would join domains like .jobs, .travel, .aero and .museum, which cater to specific communities. Most were created after 2000, and most are administered by private sponsors selected by Icann.
The limited-market domains tend to be more expensive than widely used domains like .com and .net. Stuart Lawley, the president of ICM Registry, which is based in Florida and sponsors the .xxx domain, said he planned to charge $60 apiece for .xxx addresses to registrars who will probably resell them at a profit.

Ordinary .com addresses cost as little as $6 or $7 "because they sell 33 million of them every year," said Mr. Lawley, who said his was one of the cheapest of the newer domains. "That reflects the likely reality that .xxx will sell more."