Week in review: A snapshot of the new virus
Hackers waste little time in exploiting a flaw in the way Microsoft software handles graphics files.
Internet watchers say they've spotted infected images that could implant a back door into a Windows computer if they are viewed. One Usenet provider said it has identified two JPEG images that take advantage of a previously identified flaw. Windows users could have their computers infected merely by opening one of those Trojan horse images.
The report of the widely expected exploit came less than a week after sample code appeared that demonstrated how to take advantage of Microsoft's programming error. Some security researchers worry that the ubiquity of JPEG images provides an unprecedented opportunity to spread malicious code through file-trading networks, the Web or spam.
Although the code threatens only visitors to the newsgroups where the malicious programs--hidden in images--are posted, antivirus experts continue to warn that it's a short step from such code to an effective computer virus.
"We are getting closer and closer to an exploit that could be turned into a worm," said Oliver Friedrichs, senior manager of the incident response group at security software maker Symantec.
However, the latest code actually requires the victim to download the false image and view it in Windows Explorer in order for his or her system to be infected, Friedrichs said. That should severely limit the number of computers that are compromised by the program.
A virus that exploits the flaw was also discovered spreading over America Online's instant-messaging program. According to the Internet Storm Center, two victims received AOL Instant Messenger messages that directed them to Web sites that hosted the dangerous JPEG images.
The instant messages read: "Check out my profile, click GET INFO!" When visited, the Web site automatically sends malicious code embedded in the JPEG image to the computer. Once infected with the code, the computer sends the same message to other contacts in the instant-messenger list.
Antivirus software could be ill-prepared to protect corporate networks from the flaw. According to Mikko Hypponen, director of antivirus research at F-Secure, antivirus software will strain to find JPEG malware, because by default, it only searches for .exe files.
There are about 11 file name extensions to which JPEGs can be changed, including .icon or .jpg2. Hypponen said this would make finding malicious JPEGs even more difficult; searching could take up a significant amount of valuable processor power.
Internet Explorer processes JPEGs before it caches them. That could also mean that desktops may become infected before antivirus software has a chance to work.
Conway out--Oracle in?
After more than a year of leading PeopleSoft's fight against a hostile takeover by Oracle, Craig Conway was abruptly fired Friday as president and chief executive of the software maker. He'll be replaced by PeopleSoft founder Dave Duffield.
PeopleSoft's board of directors said it made the move because of a "loss of confidence in Mr. Conway's ability to continue to lead the company."
PeopleSoft, which just last month hosted its annual customer convention, has been trying to hang on to its customers despite the merger effort. Some licensees have expressed reluctance to continue buying and upgrading their products until the fight is over.
Analysts were quick to suggest that Conway's ouster and the return of Duffield is likely a prelude to PeopleSoft accepting Oracle's offer.
"I think this removes a hurdle in getting the deal done," said Art Hogan, an equities analyst with Jeffries & Co. "That certainly seems to be the opinion of Wall Street, and the Street is usually right in situations like this."
Others weren't so certain, saying PeopleSoft's board may have turned to Duffield to help it fend off Oracle. "Anyone who thinks Dave Duffield is coming back to sell the company will be sadly mistaken," said John Torrey, an analyst at Adams Harkness.
But circumstances may be conspiring against PeopleSoft. Later Friday, the U.S. Department of Justice announced that it will not appeal a court ruling in the Oracle antitrust case, reducing the number of obstacles Oracle must clear in its bid for PeopleSoft.
"While we disagree with the district court's disappointing decision, we respect the role of the courts in the United States' merger review process," said Hewitt Pate, assistant attorney general of the Justice Department.
Space--the final stop on the tour?
Will your next road trip involve a stop in outer space? A venture backed by Microsoft co-founder Paul Allen got a jump on rivals eyeing a $10 million prize for the first privately funded junkets into space and back.
With the flight's completion, SpaceShipOne takes one step toward winning the Ansari X Prize, a competition that will award $10 million for the first team that completes its requirements for space orbit. To win, a privately funded team must build a craft that can reach at least 100 kilometers--or a little more than 60 miles--in altitude with a payload of three humans and then successfully land. The team must repeat the effort within two weeks to seal the win.
Earlier this week, Sir Richard Branson, the British entrepreneur, announced plans to use the SpaceShipOne design for his own space tourism company, Virgin Galactic. The high-flying entrepreneur entered into a technology licensing agreement with Mojave Aerospace Ventures to become the first business venture to carry commercial passengers on space flights.
The company is expected to open early next year, with the first flights operating in 2007. Space tourists, who are expected to receive at least three days of preflight training, will pay approximately $190,000 each to travel toward the stars in a two-hour trip aboard the "VSS Enterprise."
Phone fray
A price war is brewing in the world of Internet telephone services, as providers try to win over consumers who now have a host of options when it comes to making calls. Both AT&T and Vonage said they would slash prices on voice over Internet Protocol (VoIP) plans. AT&T said its CallVantage service will cost $29.99 per month, down from $34.99 per month. The rate will apply to all existing customers and includes unlimited local and long-distance calling in the United States and Canada.
Vonage said it is reducing the price of its Premium Unlimited plan--which includes unlimited calls anywhere in the United States and Canada--by $5 to $24.99 per month. The company also said it is upgrading customers who were on its $24.99-per-month Unlimited Local plan to Premium Unlimited.
Other wars are simmering, as Internet phone service SIPphone has charged Vonage Holdings and retailer Fry's Electronics with false advertising for failing to adequately disclose limitations on hardware that allows phone calls to be placed over a broadband connection.
At stake are routers and adapters manufactured by Cisco Systems subsidiary Linksys that allow standard phones to be used to make calls over the Internet. In a California state lawsuit filed Monday in San Diego, SIPphone charges that product packaging and advertisements do not make it clear that the Linksys products work only in conjunction with Internet phone services provided by Vonage.
The company is seeking to
Keeping track of tracking
Radio frequency identification (RFID) may be a hot topic among tech types these days, but proponents of the technology gathered in Baltimore this week are keeping their exuberance in check. RFID is expected to help retailers and their merchandise suppliers save big bucks by reducing theft, shaving inventory and labor costs, and keeping store shelves stocked.
But a number of unresolved issues are keeping discussions more sober than giddy at the nascent industry's annual convention, EPCglobal U.S. Conference 2004. The chief question is whether businesses are ready to spend big on new technology again, after reining in budgets in recent years and watching flaky dot-coms go under, according to Sarah Friar, vice president of Goldman Sachs.
"RFID has to live within the confines of that environment," Friar said during a panel discussion. "It's technology, and people have been burned by that, so I expect them to take it slow."
Consumer advocates are also worried that the technology could pose an alarming threat to privacy.
The placement of tracking tags on items consumers actually take home was projected to be at least 10 years away, last year's argument went. Some said it may never happen if costs remained prohibitive. But widespread "item-level" tagging may actually happen much sooner--more a question of when, not if--discussions at the conference indicate.
Pharmaceutical companies are gearing up to slap tags on individual packages of certain prescription drugs within the next three years, under a mandate from the Food and Drug Administration, according to executives in that industry.
Though relatively rare today, RFID tags are marching toward stores and shopping baskets across the country--raising questions about the implications for consumers.
Also of note
PCs running Linux are growing in popularity, in part because they can be loaded with a pirated copy of Windows, according to a study from analyst Gartner...IBM claimed first place in a supercomputer speed competition with an expanded version of its Blue Gene/L, which beat out a Japanese machine from NEC...There's a push in Congress to change guest visa programs, including a proposal to create an exemption to the annual cap of 65,000 new H-1B visas...Toshiba announced that it's increasing the song capacity of its Gigabeat line of hard drive-based digital audio players.