Week in review: We'll always have Paris

Hilton, the hotel heiress who shot to prominence after starring in a home video that became an Internet phenomenon, found herself again exposed on the Net when the contents of her cell phone were published on the Web. The content included the phone numbers of the socialite's friends, such as rapper Eminem, actor Vin Diesel, actress Lindsay Lohan, singers Christina Aguilera and Ashlee Simpson, and tennis players Andy Roddick and Anna Kournikova.

A representative for T-Mobile confirmed that information from Hilton's T-Mobile Sidekick has been posted online, but it's unknown whether the information was accessed via hacking or use of the password. The Sidekick allows owners to make phone calls, surf the Web, take pictures, and send e-mail and instant messages. It uses an online server to store at least some information, including phone numbers.

A mass-mailing e-mail worm promising explicit pictures from Hilton's video took to the Web soon afterward, quickly becoming the third most commonly encountered virus. The new Sober variant sends itself in German and English, using a variety of subject lines, including "Paris Hilton, pure!" and "Paris Hilton SexVideos."

While the FBI investigates the suspected Hilton hacking, it is also warning about malicious e-mails designed to appear as if they were generated by the law enforcement agency.

The mail is disguised as correspondence warning people that their Internet use has been monitored by the FBI's Internet Fraud Complaint Center and that they have "accessed illegal Web sites." The e-mails then direct recipients to open the virus-laden attachment to answer a series of questions.

Exposed on the Web
Hilton was not alone in Web woes. Personal data for more than 20,000 people was exposed by two security holes on PayMaxx's automated W-2 site. The security issues could allow anyone to view the W-2 forms generated for employees of PayMaxx's clients for the last five years, according to a former PayMaxx customer who discovered the flaws.

The alleged problems came to light after he received notification from the company that his W-2 tax form was available online for download and printing. The link to access the W-2 included an ID number, and he wondered whether the company had protected against an obvious security problem: adding one to the ID number to get the next form.

Meanwhile, a convenient voice mail feature has likely opened up many T-Mobile subscribers' voice mail boxes to unauthorized attackers armed with a simple hack. The attack could be used to download a person's voice mail or take control of the victim's voice mail functions, provided the attacker knew the subscriber's phone number.

T-Mobile acknowledged the problem, but said that the solution is simple: Users should set their voice mail to require passwords.

Serious security flaws in self-publishing tools used by millions of people on the Web are being exposed by hackers using blogs to infect computers with spyware. Security experts said malicious programmers can use JavaScript and ActiveX to automatically deliver spyware from a blog to people who visit the site with a vulnerable Web browser.

Spyware tools also have been hidden inside JavaScript programs that are offered freely on the Web for bloggers to enhance their sites with features such as music. As a result, bloggers who use infected tools could unwittingly turn their sites into a delivery platform for spyware.

The problem affects only Web surfers using Microsoft's Internet Explorer who fail to choose the browser's highest security settings.

iPod shuffle
Apple Computer shuffled in new iPod Mini and iPod Photo players and dropped prices on some models. But one aspect of the release has some iPod fans furious.

The company introduced a higher-capacity, 6GB Mini, along with new 30GB and 60GB iPod Photo models, which can use an adapter to connect directly to digital cameras and display photos.

The new models expand the range of Apple's popular hard drive-based music players and increase the product line's capabilities in digital photography. A $29 camera adapter for the iPod Photo answers the call for connecting the player directly to cameras without the need for a computer as a go-between.

The 30GB iPod Photo costs $349, while the 60GB device costs $449. Previously, Apple offered a 40GB model for $499 and a 60GB version for $599.

However, with the latest crop of iPods, Apple is no longer including a FireWire cable in the box. The music players will still work with FireWire, if a cord is purchased separately, but only a USB 2.0 cable comes with the device. The move is part of a gradual shift on Apple's part to standardize the iPod on USB, which is far more common in the Windows world.

The other issue is cost. With the latest round of products, Apple cut its prices. By omitting the FireWire cord, the company can gain back some of the lost profit margins.

Nonetheless, some Mac owners were rankled by the move, saying that as recently as a year or two ago many Macs didn't include a USB 2.0 port. More than 1,300 people have signed an online petition calling on Apple to again include a FireWire cable with iPods.

Others are no doubt glad simply to be able to connect their portable music player with a digital camera, without using a computer as a go-between.

The big question is how quickly the masses will want such features--and whether they'll pay more for a music player that has a photo side to it. The fact that people can connect an iPod to a digital camera and then connect the iPod to a printer doesn't necessarily mean that they'll want to.

A look under the hood of the flash-based iPod Shuffle shows that Apple is making music with two chips.

IDC analyst IdaRose Sylvester recently dissected a 512MB iPod Shuffle, purchased at retail, in order to determine what the tiny music player is made of. Her report, published earlier this month, reveals that Apple used two main chips spread over two separate circuit boards to foster the compact design of the music player, which was introduced in January. But despite the Shuffle's tiny size, Apple still left room for a relatively high profit margin.

Specialized search in four categories--retail, financial services, media and entertainment, and travel--accounted for 79 percent of the paid search market in 2004, Jupiter said. Jupiter predicted that the online travel market will grow from $54 billion in 2004 to $91 billion in 2009, for instance, and online shopping will grow from $66 billion in 2004 to $130 billion in 2009.

But fearing a slowdown in online advertising, an analyst downgraded the stocks of search giants Google and Yahoo.

"We had hoped that momentum in paid search from the fourth quarter would carry through to first-quarter results," Jordan Rohan, an analyst with RBC Capital Markets, said in his research note on Yahoo. "But now we believe otherwise."

In the case of Google, Rohan projected the company would increase its first-quarter revenue 5 percent from the previous quarter, rather than the 13 percent jump he previously forecast. Wall Street expects the company to generate a 13 percent increase.

While uncertainty rules the Web search market, IBM's mission to spice up corporate search and become a "Google for the enterprise" continues in earnest. By the end of the year, Big Blue intends to release an update to its corporate information-management tools, which are designed to bring order to potentially thousands of data sources in a company's network.

Code-named Serrano, the product will use technologies including artificial intelligence and data mining to derive more meaning from corporate documents. It will also have a revamped search engine and front-end tool designed to make hunting for company information as straightforward as searching the Web, according to IBM.

Also of note
A California law firm slapped Dell with a class-action lawsuit charging the computer giant with "systematically deceiving" its customers...A Russian digital-music site offering high-quality song downloads for just pennies apiece is the target of a criminal copyright investigation by the local police...Online retailers racked up an estimated $18.4 billion in sales in the fourth quarter, 22 percent more than they did during the same period a year earlier...A U.S teenager has become the first person to be arrested on suspicion of sending spim, or unsolicited instant messages...The Mozilla Foundation released an update to the Firefox Web browser to fix domain spoofing vulnerabilities.