ischiaconference-ipr.org

“You actually have ‘the developer’ who does something who shows up to hear from ‘the attacker’ who is breaking it. And that’s pretty cool,” Dan Kaminsky of security firm IOActive said in a phone interview.

Xue talked about how to exploit the vulnerabilities through Web pages, peer-to-peer and IM. He also demonstrated some vulnerabilities in antivirus programs that he discovered using “fuzzing,” a technique in which you try to make the program fail or crash, he said through an interpreter in a phone interview with CNET News.com. He declined to name the vendor of antivirus software because the company was still working on a patch for the vulnerability.

For example, Xue explained how sending an infected file to someone then returns a reply that specifies which antivirus product scanned it, which enables a hacker to then use an exploit tailored for that particular product, Kaminsky said.

Microsoft, which has struggled to protect Vista users against viruses, considers the threat serious and is likely gleaning knowledge for its own Windows Live OneCare antivirus efforts.

For some attendees, the event doesn’t end with the sessions. IOActive has organized a limousine race photo scavenger hunt for Friday night that has become somewhat of a tradition. This unofficial event brings some levity after two days of talks.

Xue said he has also used reverse engineering and source-code auditing to find vulnerabilities in most of the top 20 antivirus products. His company is working to disclose the vulnerability information to the companies. AV companies need to be aware that just scanning the potentially malicious files, as it does to try to learn if they contain viruses, puts the AV software at risk because the file could be written to attack the AV software, he said.

The ease with which holes in antivirus software can be discovered and the insidiousness of invisible scripts that can track your Web surfing were two of the notable talks at the BlueHat hacker sessions Microsoft held Friday on its Redmond, Wash., campus, according to a veteran attendee.

“We all kind of know antivirus is broken,” said Kaminsky. Xue has been showing “how he can do some pretty simple stuff to AV code and the stuff just falls over. The interesting thing is how easy it is to reach.”

“It’s hard to take yourself too seriously if you’re in a big costume rolling around in a limo, getting out and having a photo taken of you hugging a tree,” Kaminsky said.

Meanwhile, two technologies in Vista–Address Space Layout Randomization and Data Execution Prevention–can help minimize the damage from an attack on a
vulnerability in antivirus software, say by crashing the program to prevent a server
compromise, Xue said.

The invitation-only event, held every six months for the past three years, brings top security researchers to the home of the biggest software company in the world where they discuss the latest and greatest exploits and issues in the world of computer security.

Others have found other holes in antivirus software and prompted vendors to fix the vulnerabilities. Recently, a mail server in Denmark was compromised and data was stolen as a result of a Zero Day exploit written to take advantage of an unpatched vulnerability in antivirus software, according to Xue.

The highlights, according to Kaminsky, were: a talk on design weaknesses in Windows by Cesar Cerrudo, founder and chief executive of Argeniss, that Kaminsky described as a “technical tour de force” that was “scaring lots of people over here”; a session by independent security researcher Manuel Caballero on how an invisible script can follow a Web surfer around on the Internet, enabling the “browser to be monitored by the bad guy;” a session on Web browser failings by Alex “kuza55″ K., another independent security researcher; as well as a talk on holes in antivirus software by Feng Xue, also known as “Sowhat,” who is technical lead at the research lab of Nevis Networks.

Add another log on the
iPhone rumor pile: it may be smaller.

Apple has long cited battery life issues as the reason it didn’t jump on the 3G train last year, so it would be somewhat surprising if the company actually improved battery life–rather than just keeping it constant–in iPhone 2.0. Wired’s source is supposedly a software programmer at a “major software publisher,” who is no doubt gearing up for the release of the iPhone’s software development kit at some point in June.

The next iPhone might be smaller and thinner despite its new features, one report says.

(Credit:
CNET Networks)

The iPhone silly season is in full swing for the second consecutive year, as we get ready for Apple’s Worldwide Developer Conference one week from today. A next-generation iPhone is expected to be the centerpiece of CEO Steve Jobs’ keynote address, and a new report from Wired is claiming that the revamped iPhone will be 22 percent smaller thinner than the original.

The report also says the iPhone will connect to 3G networks–which isn’t exactly a shocker–and will come with a GPS chip. Two tidbits that haven’t been as widely discussed also made the grade, such as the new version arriving in 16GB and 32GB varieties, and featuring better battery life than its predecessor.

When the site relaunches as MobileMe, users will find a few changes, according to MacRumors.com:

A one-year subscription to MobileMe will cost $99, which is similar to the .Mac price, but purchasers of an iPhone 3G will be able to score a subscription for $69 on Friday, the report notes.

The www.mac.com site will go down on Wednesday from 6 p.m. to 12 a.m. PDT, leaving .Mac subscribers unable to access the site or use .Mac services, except for .MacMail via their desktop applications, iPhone or
iPod Touch. In fact, existing .Mac users may have already noticed the ability to receive and send e-mail at an @me.com address if they so request. Other
mac.com subscribers will be grandfathered in, allowing them to continue receiving e-mail at their mac.com address, while also receiving a new me.com address.

(Credit:
Apple)

The revamped .Mac service will offer Web-based e-mail, calendar, address book, photo gallery, and storage capabilities as well as “Push” sync services.

Update at 10:08 a.m. PDT, with clarification on how users’ e-mail will be handled.

Apple’s MobileMe service is primed to be relaunched this week, ahead of the Friday launch of the
iPhone 3G. That means subscribers to .Mac will find the service taken offline for a six-hour stretch as Apple makes the transition, according to a post in MacRumors.com.

And last week, things apparently between the two companies seemed to get worse when Time Warner Chief Financial Officer John Martin said 28 minutes and 13 seconds into the company’s fourth-quarter Webcast conference call:

The 2005 arrangement, not only included collaboration on advertising, instant messaging and video, but also gave Google “certain customary minority shareholder rights,” such as those related to any future sale or public offering of AOL.

At the end of last week, Google sent us a request to exercise their demand registration rights that it has for its 5 percent ownership stake in AOL.

Google is calling in its chips in its $1 billion investment in Time Warner’s AOL.

Last summer, Google announced it was considering writing down some of the value it had previously placed on its AOL investment. And when Google reported its fourth-quarter results late last month, the write-down figure came in at $726 million.

With the markets in the doldrums and AOL’s business continuing to take a beating, as evidenced in Time Warner’s fourth-quarter earnings report Wednesday, Google is looking for payback time.

In other words, stay tuned for more to come…

We’re reviewing what we received and we’re evaluating our options. Those options include: preceding with the request, delaying the decision for sometime, or we can move ahead to potentially buy back Google’s stake at an appraised value, which would obviously be well below the value that was placed on at the time of the original investment.

The search giant, which struck the hefty deal back in 2005, gave it a 5 percent stake in AOL.

This approach differs from Google, Yahoo, and Microsoft, which all brand their mobile search platforms as their own.

AllianceBernstein led this round of funding. It also included funding from previous investors, including General Catalyst Partners, Summerhill Venture Partners, Redpoint Ventures, and Valhalla Partners.

Johar argues that JumpTap’s white label approach allows operators to retain control of their customer information while still being able to use advanced search and advertising technology to tap into targeted advertising.

But Johar believes that JumpTap is well-positioned to take on these big companies because it’s not perceived as a threat by the mobile operators. The company has made significant inroads with operators around the world. It provides the technology and the operators are able to use the technology and integrate it as a “white label” solution into their own mobile platforms.

“Google may have a larger share of the overall search market,” he said. “But the game is just beginning in mobile, and we’re just starting to unlock the data to provide better and more targeted search and advertising. So I feel very good about our position in the market.”

But Johar believes that operators should be wary about working closely with Google. Mobile operators have a wealth of information about their subscribers that can be used to refine search queries and tailor advertising to individuals, making the search and advertising content more relevant to users. This is great for search companies and terrific for operators who will likely get a cut of the advertising revenue. But giving up that information to a Google, for example, could end up being an operator’s biggest mistake.

Mobile search and advertising start-up JumpTap has received an additional $26 million in funding and has expanded its relationship with U.S. operator AT&T, the company said Tuesday.

“No matter how big a check someone like Google can write, they are a Trojan horse,” Johar said. “If an operator shares all its customer information, it will allow someone like Google to come in and commoditize the most precious assets it has, which is all that customer data.”

The cash infusion will help the company continue to develop its technology and expand its sales force to take on the bigger players.

JumpTap, based in Cambridge, Mass., provides search technology and advertising services for mobile operators such as AT&T and U.S. Cellular. The company also provides advertising for carriers and content owners such as NBC Universal and Fox Mobile.

It’s still early days in the mobile search and advertising market. In fact, in 2007 the mobile advertising market was only worth $2.7 billion, according to eMarketer. That number is expected to jump to $4.8 billion in 2008 and could grow to more than $19 billion by 2012.

JumpTap, which works with 17 mobile operators around the world, competes against search and advertising heavyweights such as Google, Yahoo, and Microsoft. The new funding, which completes the company’s fourth round of financing, brings its total cash raised to around $72 million.

AT&T, Verizon Wireless’ largest rival in the mobile market, is already working with JumpTap. AT&T is also working with Yahoo, which sells a portion of the carrier’s ad inventory. But now JumpTap is deepening its relationship with AT&T, Johar says. Previously, JumpTap only powered the carrier’s on-deck search, but now it will be accessing AT&T customer information to help sell targeted advertising.

“It’s really a David and Goliath story,” said Paran Johar, chief marketing officer for the company. “And we aren’t Goliath. It takes a lot of investment to compete against Google, Yahoo, and Microsoft.”

At this early stage in the game, operators are still trying to figure out which technology partners to work with. Last week, the Wall Street Journal reported that Verizon Wireless is in talks with Google. Exactly what the scope of the agreement will be is still uncertain. But it’s believed that Verizon will likely embed Google’s search tools in some of its phones. And it will likely strike some kind of advertising/revenue sharing agreement with the search giant.

Here’s a look at the applications and database revenue breakdown with the key figures highlighted (click to enlarge):

Meanwhile, Oracle declared a dividend of 5 cents a share payable each quarter. The move to declare a dividend is an interesting one. For starters, Oracle’s dividend may provide a downside buffer on its stock since it may attract investors that focus on quarterly payouts (even though Oracle’s dividend isn’t that large).

My notes on the quarter (click to enlarge):

“We have a much broader portfolio than SAP. We’re also more modern. I think we’re going to be able to take market share from them for years to come,” said Ellison adding that “all of our applications are on-demand or cloud ready.”

• Research and development spending in the third quarter was $677 million, down 1 percent from a year ago.

Oracle’s fiscal third quarter earnings were better than expected and the company declared its first-ever dividend as a way to spin off its excess cash directly to shareholders.

By the numbers:

• The company ended the quarter with 86,588 employees, down slightly from the prior quarter.

Oracle execs said that the third-quarter results were solid considering the currency fluctuations and economy.

• Database revenue is saving the day for Oracle. In the third quarter, new software licenses for database and middleware revenue was $1.12 billion, or down 4 percent from a year ago. Support and license update revenue was up 16 percent to $1.91 billion.

(Credit:
Larry Dignan/ZDNet)

Total revenue for the fourth quarter is expected to be in a range from down 3 percent to up 2 percent. New software licenses are expected to be down 17 percent to 27 percent.

“We’re pleased with the quarter and delivered the highest third quarter operating margins in our history,” said Safra Katz, Oracle’s co-president, on a conference call with analysts. She said Oracle is clearly gaining share, but continued to cite currency headwinds as a problem–the dollar has strengthened vs. foreign currencies in recent months and that effectively lowers the company’s growth. Katz added that currency fluctuations will cut about 7 cents a share from Oracle’s fourth-quarter earnings.

Looking forward, CEO Larry Ellison said the company is looking to grow via innovation and acquisition. He said Oracle’s Fusion middleware business is a combination of the two and the company’s fastest growing unit. Ellison also focused on the Exadata database machine business, announced at Oracle OpenWorld, and touted it against Teradata’s offerings.

• Applications revenue for the third quarter took a hit as new software licenses were $396 million, down from $451 million a year ago.

The guidance was a little lighter than expected. Oracle expects non-GAAP earnings in the fourth quarter to be 42 cents a share to 46 cents a share assuming current rates for the U.S. dollar. In constant currency fourth-quarter earnings will translate to 49 cents a share to 53 cents a share. Based on GAAP, Oracle’s earnings will be 34 cents a share to 38 cents a share. Wall Street was expecting earnings of 46 cents a share.

The Exadata pipeline is “the largest build I’ve ever seen,” President Charles Phillips said. “This is internally developed technology and why we spend $3 billion a year on research and development.”

Software revenue in the third quarter was up 5 percent to $4.4 billion, but new software license sales were down 6 percent to $1.5 billion. Analysts were expecting a sharper decline of about 12 percent. Software license updates and support revenue was up 11 percent to $2.9 billion.

• Oracle ended the quarter with $8.2 billion in cash and $3 billion in marketable securities.

The applications and database giant reported net income of $1.33 billion, or 26 cents a share, on revenue of $5.45 billion, up slightly from the $5.35 billion a year ago (statement). The company said it was hit with currency fluctuations that shaved 5 cents a share off of its third-quarter earnings. Oracle added that non-GAAP earnings were 35 cents a share compared to Wall Street estimates of 32 cents a share.

As far as topics go, executives focused on middleware (BEA contributed $140 million in third quarter sales) and the Exadata database machine venture with HP.

• General and administrative expenses were $192 million, down from $206 million a year ago.

Ellison also took his usual shot at SAP. When asked why Oracle’s applications business held up better than SAP’s, executives said SAP is more reliant on big mega deals.

(Credit:
Larry Dignan/ZDNet)

• Operating margins were 36 percent in the quarter, up a percentage point.

Sergey Brin

• When you’re a Jew, you have a background of hardship, suffering, difficulties–and to turn that into success is part of the Jewish experience.

Brin was in Israel to visit the local Google office, as well as to take part in a conference organized by Israel’s president, Shimon Peres. The following are excerpts from the interview:

Brin was born in Moscow in 1973. His father, Mikhail, was prevented from realizing his ambition to become an astronomer because the Communist Party, which then was in power, prevented Jews from entering the physics department. Brin’s father subsequently worked as an economic planner after receiving his Ph.D. Brin’s mother, Evgenya, was employed as a researcher by the Soviet gas and oil institute.

• Without a doubt the great suffering put on my parents in Russia because of anti-Semitism was the primary reason that they left Russia. And that has had a major influence on my life.

Google co-founder Sergey Brin says that anti-Semitism forced his family to emigrate to the United States in 1979 when he was a child.

In an interview with the Israeli financial publication, TheMarker.com, Brin described the job discrimination which both his parents encountered in the Soviet academic field. (Here’s the full interview in Hebrew, and part of it in English.)

(Credit:
Google)

• You know, we learned to make do without anything. To live on nothing. And this certainly influenced me.

• My family had many challenges in Russia. My father wasn’t able to work in his chosen field. Everything we had in Russia, we had to leave behind and start from scratch. This gave me a different perspective on life.

Meanwhile, Collins Stewart analyst Sandeep Aggarwal’s dismal note on Yahoo easily could apply to any number of advertising-dependent Internet companies:

Marc Andreessen

(Credit:
Seth Rosenblatt/CNET Networks)

Earlier Friday, analysts lowered estimates on Amazon.com and Yahoo, setting off renewed worries about the earnings outlook for Internet companies. The Nasdaq finished Friday in the red, even as the Dow Jones climbed back from an early morning sell-off with a triple-digit gain, ostensibly, on hopes that Congress would come up with a financial bailout plan.

What to make of all this? Up until lately, most of the people involved in Internet companies (and particularly, Web 2.0 types) shrugged off the gyrations in the financial markets as Wall Street’s problem. The standard refrain was that the Internet economy “is a lot different.”

The evidence is piling up every day. During the just-concluded Advertising Week conference in New York, Wenda Millard, the co-CEO of Martha Stewart Living Omnimedia, said during a panel that the financial crisis is going to reverberate through the economy with “pretty severe implications for medium-sized and smaller businesses and consumers.”

Well, not really. Go back a few years and you’ll find that was pretty much the same line of jive peddled by the folks pumping Internet stocks. That lesson got learned the hard way. Fact is that the economy is intertwined and the ripples–both for good and ill–touch every sector. So it was that more than a few of today’s current class of born-again pumpers snorted derisively when Marc Andreessen last year quipped that Ning’s decision to raise $60 million in private equity would prove handy during the coming nuclear winter. They’re going to eat their words before long.

Translation: It’s only a matter of time before the stuff hits the fan in a big, big way.

The venture capitalists who’ve invested in sundry Internet start-ups (most with unpronounceable names) are spinning this as a passing event. Once Congress and the president agree on the $700 billion bailout (or rescue, if you prefer), we’ll return to normalcy. Suuure.

Was there any good news out there? Well, sort of. “We continue to believe that e-commerce growth should outpace brick-and-mortar retail as consumers seek better values online and are now more accustomed to shopping online for the holidays,” he wrote.

I can’t put it any better than did AllThingsD’s Kara Swisher’s recent post, where she wrote that “the economic crisis is likely to become a whirlpool that will be hard for any ad business to avoid, even the often recession-proof digital sector.”

And so it starts.

Talking about his August channel checks at Amazon, Lazard Capital analyst Colin Sebastian reports that online spending trends “remain challenging” and may have deteriorated since then. Citing a customer survey by Billme, an Internet payment services provider, Sebastian notes that almost half of the consumers polled said economic uncertainty had convinced them to delay purchases, with 42 percent saying they intend to cut back on credit cards. What’s more, Sebastian expects competitive holiday promotions to hit even earlier than usual.

We believe that the fundamentals at YHOO are deteriorating. On the one hand economic headwinds and turmoil in the financial markets are causing weaker display ad revenues. On the other hand changes with the minimum bid with search and a possible GOOG/YHOO deal are causing an outcry among many advertisers. To further complicate the situation is an ongoing loss of talent which might accelerate with the renewed restructuring efforts. We don’t see any near-term upside in the shares of YHOO on fundamental basis. However, we would not rule out a possible MSFT/YHOO deal in the future.

For the past two years, my roommate and I have split a Netflix user account, mostly so that I don’t have to deal with his trashy action-movie picks mucking up my queue of navel-gazing Wes Anderson knockoffs, and so that we can ensure a clean split in our four-at-a-time subscription. He’d totally hog it otherwise.

Lousy move, Netflix.

“Way to go, Netflix, I’ll just be canceling the service at this point,” one user wrote. “I specifically upgraded to the four-at-a-time service to split out the queues for my wife and myself. I’m not going to pay for another separate account.”

And if you’ve been using separate Netflix profiles as a way to cloak your porn habit (or chick-flick habit) from your spouse, get ready. You’ll have some explaining to do come September.

The reason, the post explained, is that it’s a little-used feature that some people found complicated: only a percent of Netflix members use it. “We will do our best to find better ways for families to share accounts than the existing profiles feature,” it read, “and will continue to invest in improving the Web site experience in many different ways.”

A thread on feedback forum Get Satisfaction revealed that other people aren’t too happy either. Some raised concerns that they could no longer operate separate queues with parental controls for their children, and others expressed plights similar to mine–they share accounts with roommates or housemates who have vastly different cinematic tastes.

But starting on September 1, we’re going to have to suck it up. The rental-by-mail service announced on its blog on Thursday that it would be doing away with separate user profiles on the same account.

So maybe a new kind of split-household account is on the way, but for now, my roommate and I are going to have to either share a password (which could raise security concerns for some people) or pay for two separate accounts (which will cost more for both of us). Customized recommendations will be directed to both of us rather than our individual accounts, which means–eek!–that I’m going to see Meet the Spartans recommended to me instead of Flight of the Conchords.

“Our reasons for shifting ‘Half-Blood Prince’ to summer are twofold: we know the summer season is an ideal window for a family tent pole release, as proven by the success of our last Harry Potter film, which is the second-highest grossing film in the franchise, behind only the first installment,” Warner Bros. President Alan Horn said in a statement. “Additionally, like every other studio, we are still feeling the repercussions of the writers’ strike, which impacted the readiness of scripts for other films–changing the competitive landscape for 2009.”

Hogwarts fans looking for something to do this holiday season will have to settle for the December release of J.K. Rowling’s Tales of Beedle the Bard.

Warner Bros. pictures group president said the release change, to July 17, 2009, will not affect the production for any future Potter films. The studio plans to do the final book, Harry Potter and the Deathly Hallows as a two-part movie.

On the bright side, scientists are apparently closer to developing a real invisibility cloak.

Warner Bros. announced Thursday that it is delaying the release date for Harry Potter and the Half-Blood Prince until next summer. The film had been expected to be released later this year.