Week in review: Trouble finds Google

The Web search giant is preparing to raise as much as $3.3 billion in an offering that could happen as soon as next week, according to bankers familiar with the situation. But as the launch closes in, the search company is being inundated with negative publicity.

Google recently set a range for the IPO sale price of between $108 and $135 a share. Even at the low end, that would put it among the highest-priced public offerings in recent memory. Some investors have complained the price is too high--something that is largely scaring off retail investors.

Other concerns arose when Google said it may have run afoul of securities laws when it doled out millions of shares to employees and consultants over the past three years. As a result, the company is offering to rescind more than 28 million shares because it failed to register them under federal and state securities laws.

Securities attorneys and investment bankers said it's not uncommon for a company to forgo registering its shares before filing its initial IPO documents, otherwise known as an S-1 filing. But the number of unregistered shares involved sets Google apart from the others.

The company also suffered a black eye this week when it was revealed that simple queries using the Google search engine can turn up a handful of sites that have posted credit card information to the Web. The lists of financial information include hundreds of card holders' names, addresses and phone numbers as well as their credit card data.

Much of the credit card data that appears in the lists found by Google may no longer be valid, but CNET News.com called several people listed and verified that the credit card numbers were authentic. The query, the latest example of "Google hacking," highlights increasing concern that knowledgeable Web surfers can turn up sensitive information by mining the world's best-known search engine.

The revelation came just days after a presentation made at the Black Hat Security Briefings in Las Vegas, where security researchers and hackers were surprised to learn the extent to which Google can pinpoint weakly secured servers and databases.

Penguin power
The LinuxWorld Conference and Expo kicked off with the announcement that Novell had begun selling version 9 of its flagship Linux product, adding Java server capabilities the same day that rival Red Hat made a similar move. Novell's SuSE Linux Enterprise Server 9 includes JBoss' application server, a software package that enables a computer to run Java programs.

On the same day, Red Hat unveiled an application server of its own, based on the Jonas Web server from the ObjectWeb Consortium.

The moves highlight efforts by Linux software companies to expand their product lines beyond just an operating system. It also means Novell and Red Hat will compete more with established application server sellers such as BEA Systems, IBM, Oracle and Sun Microsystems.

On the hardware side, Hewlett-Packard unveiled a new laptop that comes preloaded with SuSE Linux, making HP the first major laptop manufacturer to put forth such an offer. The HP Compaq Business Notebook nx5000, which costs $1,199, has an Intel Pentium M processor and wireless technology. It can be ordered preloaded with SuSE Linux and OpenOffice, and it is already available with Windows.

The recent acrimony dogging the open-source community seemed to be fading as IBM promised not to use its formidable collection of technology patents against Linux and challenged other companies to do the same, working to dispel one cloud that hangs over the open-source programming movement.

The tech giant's announcement could relieve some who fear the legal threat of the computing industry's largest patent arsenal. But it doesn't address the more tangible danger that Microsoft, an avowed Linux enemy, could attack.

IBM's announcement came on the heels of a review that found Linux potentially infringes 283 patents, including 27 held by Microsoft but none that has been validated by court judgments. Of the 283 patents, 98 are owned by Linux allies, including 60 from IBM, 20 from Hewlett-Packard and 11 from Intel. The months-long review examined versions 2.4 and 2.6 of the kernel, or heart, of Linux.

FCC makes the call
Broadband providers and Internet phone services must comply with wiretapping requirements designed for the traditional phone network, the Federal Communications Commission said in a preliminary decision. The decision is a major step toward regulations designed to help police and spy agencies eavesdrop on all forms of high-speed Internet access, including cable modems, wireless, satellite and broadband over power lines.

The vote comes five months after the FBI, the Drug Enforcement Administration and the Justice Department formally asked for guaranteed wiretapping access to broadband networks. If the FCC had done nothing, wiretaps would be possible but could be more difficult and time-consuming for police to carry out.

The FCC also voted to outlaw spam sent to mobile devices, but warned that unsolicited text messages would not be covered by the ban. By a 5-0 vote, the FCC said sending commercial e-mail messages to cell phones or handheld computers would not be permitted unless the recipient had asked to receive the correspondence.

But the FCC's decision not to include unsolicited text messages sent through mechanisms like SMS--short message service--has the potential to create a regulatory loophole. Wireless providers often charge a few pennies per text message received.

The FCC will also allow TiVo users to share copies of digital TV shows through the Internet with a small number of friends and family members. The company had applied for government authorization so its customers could receive digital broadcasts and share them with up to 10 other TiVo units that share the same customer account. TiVo's forthcoming "Digital Output Protection Technology" is designed to prevent the files from being distributed more widely.

The Motion Picture Association of America and the National Football League had lobbied the FCC to say the planned security system did not follow the so-called broadcast flag requirements the government adopted last November. TiVo's copy-protection technology was "promising" but does not provide copyright holders with sufficient ability to control how their works are shared, the MPAA told regulators.

Bugs and bounties
Six vulnerabilities in an open-source image format could allow intruders to compromise computers running Linux and may allow attacks against Windows PCs as well as Macs running OS X. The security issues appear in a library supporting the portable network graphics (PNG) format. The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute a malicious program when the application loads the image.

Among the programs that use libPNG and are likely to be affected by the flaws are the Mail application on Apple Computer's Mac OS X, the Opera and Internet Explorer browsers on Windows, and the Mozilla and Netscape browsers on Solaris.

A string of high-profile flaws in browser software prompted the Mozilla Foundation to offer $500 for every serious bug found by security researchers. The announcement comes a week after the Mozilla Foundation, which directs development of the Mozilla and Firefox browsers and the Thunderbird e-mail client, confirmed that the group's browsers had two serious issues in dealing with digital certificates, the identity cards of the Internet.

Also of note
321 Studios, a maker of DVD-copying software, closed its doors, driven out of business by a succession of court decisions that said its most popular product was illegal to distribute...The latest versions of popular game titles such as "Doom" and "Half-Life" will have PC owners tracking down hardware upgrades to keep up with the demanding requirements of these power-hungry programs...Apple CEO Steve Jobs underwent surgery to remove a cancerous tumor in his pancreas; he told employees in an e-mail that the surgery was successful and that he expects to be back on the job next month.