Week in review: Got Real ID?

Bush administration says states will have until 2013 to issue the ID cards, wants to create the equivalent of a national database.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
6 min read
Hundreds of millions of Americans have been given a five-year extension to obtain digital ID cards.

The U.S. Department of Homeland Security announced that states will have until 2013 to issue the ID cards and proposed creating the equivalent of a national database that would include details on all 240 million licensed drivers.

Included in the draft regulations, which were mandated by Congress in the 2005 Real ID Act, was the requirement that the Real ID cards include all drivers' home addresses and other personal information printed on the front and in a two-dimensional barcode on the back. Also, states must submit a plan as to how they'll comply with the Real ID Act by October 7, 2007. If they don't, their residents will not be able to use IDs to board planes or enter federal buildings starting on May 11, 2008.

Proponents of the Real ID Act say it's designed to implement proposals suggested by the 9/11 Commission, which noted that some of the hijackers on September 11, 2001, had fraudulently obtained state drivers licenses.

The draft rules, which are not final and will be subject to a public comment period, also include a more detailed estimate of how much it will cost to comply. The National Conference of State Legislatures and other state groups estimated last year that states will have to spend more than $11 billion. But Homeland Security says the total cost--including the cost to individuals--will be $23.1 billion over a 10-year period.

The draft regulations arrive amid a groundswell of opposition to the Real ID Act from privacy groups, libertarians and state officials. Dozens of state legislatures are debating whether to stand up to the federal government and oppose federalized IDs, a step that Maine's legislature took in a vote last month.

"In states across the country, legislators are moving to reform the Real ID Act," said Jim Harper, director of information policy studies at the Cato Institute and a member of a Homeland Security advisory panel.

U.S. Rep. Ron Paul, a Texas Republican who has created a presidential exploratory committee, took aim at what he described as his colleagues' lack of respect for privacy rights and civil liberties. "This is what has happened in Washington," he said. "There is no rule of law. There is no respect for the Constitution."

The Real ID Act announcements were met with scorn on CNET News.com's TalkBack forum, with readers lamenting the loss of personal freedoms, privacy and safety.

"They knew the people would never let this pass but we are too damn busy or lazy to do anything about it," wrote one reader to the forum. "We are frogs boiling slowly."

Working in Windows
Until recently, Microsoft's antipiracy technology was pretty decisive: either your copy of Windows was genuine or it wasn't. With a software update this week, however, Microsoft has added a new "Yellow state" for times when it just can't tell whether a copy is legitimate.

The message is part of a controversial add-on to Windows XP, known as Windows Genuine Advantage Notification, which tells users whether Microsoft believes their copy of Windows to be legitimate. Validation is required for most Windows XP downloads, though users can still get automatic security updates. With Windows Vista, some features won't work at all unless a machine is validated as genuine.

Meanwhile, a software company that specializes in enabling Mac users to run other operating systems without rebooting has released an update to its trademark Parallels Desktop software. Parallels' biggest update to the new version is Coherence, a feature that enables Mac users running Parallels to run and access Windows applications from their Mac desktops via virtualization rather than switching between operating systems.

The feature is activated when a user turns on "Coherence mode," which hides the Windows desktop and integrates Windows applications into the Mac OS X desktop and application dock. Parallels called the Coherence feature "completely customizable," stipulating that when Coherence is enabled, users will be able to choose how to load and run Windows applications, as well as select display options for Windows features like the task bar and Start menu.

On the heels of Vista's release, some may be left wondering if Windows is getting cheaper or more expensive. Well, both.

There are all sorts of factors that go into one's sense of whether the leading operating system "feels" more pricey or less expensive--the cost of other PC components and what gets bundled into the operating system are just a couple of them.

Roughly speaking, the Microsoft product sells for the same price it has had for years. While Microsoft has kept prices roughly flat, inflation means that in absolute dollars the price of Windows has declined somewhat. An upgrade to Windows 98, for example, cost $109 in 1998. But in 2007 dollars, that's $137, according to a Federal Reserve Web site. Today, a copy of Vista Home Basic upgrade costs $99.

On the other hand, because the prices of other computer parts have dropped substantially over time, Windows has become a relatively more expensive part of the average PC. In 1998, for example, the typical desktop cost around $1,100, compared with $650 today, according to figures from NPD Group.

Fixing a hole
Multiple flaws in commonly used technical support tools can open Windows PCs to cyberattack, security experts have warned. The vulnerable tools are often used by Internet service providers, PC makers and others to provide support functions such as remote assistance. The tools, provided by SupportSoft, contain multiple vulnerabilities, according to the warning.

US-CERT lists nearly 40 companies and other organizations that have shipped the affected software. Some have addressed the problem, while others are still listed as vulnerable or unknown. Those that have yet to fix the SupportSoft issue include IBM and Internet access providers BellSouth, Comcast and Time Warner, it said.

On its end, Microsoft is investigating two recently disclosed security vulnerabilities that affect Internet Explorer 7 and Windows Vista. The vulnerabilities aren't considered high-risk, yet they affect the latest releases of Microsoft's Web browser and operating system software.

The IE vulnerability, which also affects IE 6, could be exploited in phishing attacks, scams that try to trick people into giving up sensitive information such as credit card data and Social Security numbers. The Windows issue is due to a problem with a component that does not properly validate user permissions.

Meanwhile, a new attack technique increases the risk of commonly found bugs in Oracle's database software, a security researcher has warned. It was previously thought that an attacker needed high-level privileges on the database to exploit so-called PL SQL injection vulnerabilities. With a new attack technique, that's no longer true, said David Litchfield, a database security expert with NGS Software.

Litchfield, who has had Oracle in his crosshairs for some time, detailed his technique, dubbed "cursor injection," in a paper that was originally published last weekend and discussed at the Black Hat DC event. Examples of attack code that takes advantage of the tricks have already appeared, Litchfield said.

Also of note
Hoping to get a jump on Google and other competitors, Adobe Systems plans to release a hosted version of its popular Photoshop image-editing application within six months...Oracle has agreed to buy Hyperion Solutions for $3.3 billion, in a move to expand in the area of performance management systems...Hewlett-Packard's top ethics and privacy executives say a now-infamous investigation into boardroom media leaks was a "wake-up call" that prompted a shake-up in the company's operations.