Film Festival Information (4 Indies)

Jan 2007

Independent Filmmaking

4 Filmmakers : http://www.4Filmmakers.com
On-line film development database.

Caipirinha Productions : http://www.caipirinha.com
Independent film company and electronic music record label.

Cashiersducinemart : http://www.cashiersducinemart.com
A provoking look into the world of underground film.

Digital Idiots : http://Digitalidiots.com
A guide to digital film making.

DV dojo :http://www.dvdojo.com
Specialize in teaching people to shoot, script, edit, and sell digitial
video.

Film Forum : http://www.filmforum.com/
New York movie house for independent premieres

Film Threat : http://www.filmthreat.com/
Hollywood's Indie Voice

Film Underground : http://www.filmunderground.com
Filmmaking resource for professional independent filmmakers

Hedtec Moving Pictures, LTD : http://www.hedtec.com/pictures/index.html
On line network of independent filmmakers.

Indic : http://www.indic.co.il
By independent filmmakers for independent filmmakers

IndieDVD : www.indiedvd.com
An independent DVD label

IndieFilmWeb.com : http://www.indiefilmweb.com/
Online content portal for the independent film and music industries

Indie Network : http://indienetwork.com/indexmain.html

IndieWire : http://www.indiewire.com/index.html
Film news, discussions, classifieds

Indigenous Pictures : http://www.indigipix.com
Production company specializing in Native American films.

International Independent Film Online : http://indiekino.com/
Indie filmmaking on the international market.

NetPix : http://www.nextpix.com
How to become a gurrilla filmmaker.

Oscar Nominated : http://www.oscarshorts.com
The Oscar Nominated Short films.

Reelmind : http://www.reelmind.com
An online community for filmmakers, animators and musicians

Right Angle Studios : http://www.rightanglestudios.com
production, distribution and consulting services for indies.

Stefano Boscutti : http://boscutti.com
Independent films > comparative film reviews > showtimes.

Super 8 Sound : http://www.Super8Sound.com/
From film to cameras, processing ...

UnFilmde.com : http://www.unFilmde.com (in French)
Short film focus.

Vivek Agnihotri Creates : http://www.vivekagnihotri.com
Resources for cutting-edge productions in Indian TV, film, and advertising.

Women Make Movies : http://www.wmm.com/
Women Make Movies is the largest distributor of women's films and videos in the world.

Security Threat Report 2007

January 2007

U.S. is worst for malware hosting and spam_relaying

Sophos has published its Security Threat Report 2007, examining the threat landscape over the previous twelve months, and predicting malware and spam developments during 2007. The report reveals that the U.S. hosts more than one third of the Websites containing malicious code identified during 2006, as well as relaying more spam than any other nation. The Sophos Security Threat Report 2007 examines in detail the top ten malware threats of the last year, and also confirms that malware authors are continuing to turn their backs on large_scale attacks in favor of more focused strikes against computer users. Microsoft Windows continues to be the primary target for hackers, with Internet criminals increasingly manufacturing downloading Trojan horses rather than mass_mailing worms to do their dirty work for them.
Source: http://www.sophos.com/pressoffice/news/articles/2007/01/secr ep2007.html

Magic Bullet, BBgun and Feature Look

Jan 2007

Understanding Magic Bullet, BBgun and Feature Look

For decades, filmmakers have attempted to lens projects using video instead of film. Video is far cheaper, and the results are instant - plus you have much more flexible options in post production. The trouble is that video looks like, well, video! It has that "soap opera" look. It's associated with cheesy, low budget trash. Ultimately, it just is not right for most narrative projects. Film has a depth and feel that allows the audience to "get lost" in the world you as a filmmaker are trying to create.

Now, digital technology can take the conveince of video and give it the rich, narrative, story-telling quality of film.

Introducing Magic Bullet and our companion technologies, BBgun and FeatureLook.


Thus, "BBGun" as a quick way to convert from PAL to NTSC, and you'll end up looking very much like film. Magic Bullet takes any video and makes it 24P, and Feature look uses Magic Bullet and other processes to really finalize your project, and prepare it for printing to 35mm Film.
Source: http://www.videolikefilm.com




Panasonic AG-HVX200 (May 2006)
Canon XL H1 (April 2006)
JVC GY-HD100 (April 2006)
Canon XL2 (March 2005)
Panasonic AG-LA2700A anamorphic lens (August 2004)
Panasonic AG-DVX100A (June 2004)
Panasonic AG-DVX100 (December 2002)

The Panasonic AG-DVX100A is a DV camcorder offering 60i, 30p, and 24p image capture (a 625/50 version, the DVX100E, offers 50i and 25p).

It's under US$4000. Aside from the $5000 Canon XL2, the next lowest cost 24p video camera is about US$19,500: the Panasonic AJ-SPX800.

With its introduction the DXV100, and its successor the DVX100A, instantly became the hot cameras for indie digital filmmakers. The 24p-capable Canon XL2 only adds to the excitement. As a result there's a lot of hype, hysteria, and FUD (fear, uncertainty, doubt) about them and about 24p production in general.

I'll try to navigate through the hype, hysteria, and FUD to provide factual material and rational analysis. I have the original DVX100 and I can put it through its paces alongside a Sony DSR-PD150 (the de facto standard in $4000 DV cameras) as well as the DSR-500, a higher-end favorite among digital filmmakers. I'll also try to use various post-production tools and see what works, and how.

Note: I focus here on the Panasonic DVX100-series cameras, but much of what I talk about applies to the Canon XL2 and to the bigger 24p Panasonics as well.

Cutting to the chase: the DVX100 is a very good camera for its price, even ignoring its 24p capability. Perfect? Heck, no. It has all sorts of flaws and omissions, just like any other $4000 camera. But for what you pay, you get a lot; if you understand both the strengths and the weaknesses of this camera, it can be a very powerful production tool.

And the second-generation camera, the AG-DVX100A, is even better. I've scattered comments on the 100A throughout.

The page is a stream-of-consciousness ramble through various issues as I collect information and generate tests. Don't expect a lot of organization or comprehensive coverage (and don't bookmark anything here except the page itself; anchors come and go).
Thanks A.Wilt
Source: http://www.adamwilt.com

Cyberthreat!!!! Ok...

January 2007

Cyberthreat experts to meet at secretive conference.
Internet security experts are gathering at a secretive conference later this week to
strategize in their fight against cybercriminals. The meeting on Thursday and Friday, January 25_26,
at Microsoft's Redmond, WA, headquarters is slated to bring together representatives from security
companies and government and law enforcement officials, as well as others involved in network security.

The agenda focuses on botnets and related topics, seen by experts as a prime threat to the Internet.
"These events have been a great way to build trust in the security community, which can lead to
collaboration and data sharing. This helps in the overall efforts to combat the cybercriminals," s
aid Dave Jevans, chairman of the Anti_Phishing Working Group, who is slated to speak at the event
later this week.
Source: http://news.com.com/
Cyberthreat+experts+to+meet+at+secretive+conference/2100_7348_3_6151860.html

The future of the Web?

January 2007

Mashups: The future of the Web?

Alan Taylor is living in the Wild West of Web development, and he has the scars to prove it. In his spare time, Taylor builds mashups __ Web applications that combine content from more than one source and have caught on as Web providers from Amazon.com to Microsoft make their data programmatically available to outsiders. But while he is breaking new ground on the Internet, he is also pushing legal and business boundaries. His Amazon Light application __ a stripped_down site for buying and renting goods through Amazon __ attracted two cease_and_desist orders a couple of years back, one from Amazon and another from Google. Taylor, who holds a day job as a senior Web developer at Boston.com, survived the legal threats without much trouble, but his experience points to the relative immaturity of mashups, which advocates believe represent the Web's cutting edge. Large software vendors catering to corporate software developers or independent software vendors have spent years establishing a suite of Web services standards and infrastructure software while advocating a modular design, called a service_oriented architecture. Mashups, by contrast, tend to focus on speed and simplicity, wiring together different Websites using quick and lightweight methods.
Source: http://news.com.com/At+Mashup+Camp%2C+geeks+plot+future+of+Web/2100_1012_3_6151162.html?

NSA & Microsoft, Wake Up!!!

January 2007

NSA helped Microsoft make Vista secure.

The U.S. agency best known for eavesdropping on telephone calls had a hand in the development of Microsoft's Vista operating system, Microsoft confirmed Tuesday, January 9. The National Security Agency (NSA) stepped in to help Microsoft develop a configuration of its next_generation operating system that would meet Department of Defense requirements, said NSA spokesperson Ken White. This is not the first time the secretive agency has been brought in to consult with private industry on operating system security, White said, but it is the first time the NSA has worked with a vendor prior to the release of an operating system. By getting involved early in the process, the NSA helped Microsoft ensure that it was delivering a product that was both secure and compatible with existing government software, he said. Still, the NSA's involvement in Vista raises red flags for some. Part of this concern may stem from the NSA's reported historical interest in gaining "back_door" access to encrypted data produced by products from U.S. computer companies like Microsoft.
Source: http://www.infoworld.com/article/07/01/10/HNnsamadevistasecu re_1.html

FYI: In 2001, 500 publicly traded companies, such as Microsoft and McDonalds, dealt with the Federal Prison Industries.
In 2005 12% of African American men in their late 20's were in jail, 3.7% of Hispanics and 1.3 of Caucasians...

Most Americans would instinctively recoil from the notion that our citizens should compete with prison labor from China. What few people seem to know is that the U.S. government also uses prison labor to compete with private industry, a practice that has cost the jobs of thousands of law-abiding American workers.

On the list of anachronistic procurement preferences that should be dispensed with, none looms larger than the preference provided Federal Prison Industries. FPI is a $600 million-per-year corporation that uses prison labor in providing goods and services to the federal government. FPI is one of the government's 50 largest suppliers.

FPI is sustained by a mandatory preference system that lets it claim a share of the federal marketplace for goods and services. Once FPI has decided to take its share of a market and its board of directors has approved such action, no federal agency can buy those goods commercially without first getting a waiver from FPI.

If FPI wants to make the sale to the agency, it simply refuses to grant the waiver and takes that sale. Most of FPI's goods and services are sold to the Defense Department. But representatives of DOD purchasing organizations have testified recently that FPI's prices, quality and delivery schedules are inferior to those available on the open market.

I have a stake in this situation because I am representing an association of manufacturers in a suit challenging FPI's privileged status. However, I believe there is a broader issue that the public should take note of: the unfunded mandate that transfers money to the federal prison bureaucracy from other agencies.

FPI's expansion in its long-standing markets, such as furniture and military clothing, has been so extensive that FPI is circling the federal computer and services market looking for openings. Recently, for example, FPI's board approved the taking of 26 percent of the federal market for recycled toner cartridges.

FPI's involvement can grotesquely distort a marketplace. FPI workers are paid 23 cents an hour to start, with rates capping out at $1.16 per hour. Try competing with those labor rates. Given that advantage, FPI should not need any preference system to get sales.

In the early 1990s, in a single sector of the furniture industry, prison output jumped from about $10 million to $24 million, a 138 percent increase, over two years. In that case, FPI never bothered to obtain from its own board the required authorization for growth.

Asked to explain why FPI had not complied with its statute or its regulations, FPI and its parent agency, the Justice Department, have stonewalled. But the bottom line cannot be changed: From fiscal 1988 through fiscal 1995, FPI made almost no effort to implement procedures to collect, process and report the data needed to comply with federal law and its own self-serving regulations.

It has thumbed its nose at Congress's direction that its board must authorize such expansions. Indeed, FPI has made it clear it is prepared to manipulate its own rules to keep Congress from knowing what is going on. For example, FPI delayed its most recent significant expansion hearing, apparently in hopes Congress would be out of town during the hearing.

Federal prison populations are expanding rapidly. The policies that have led to this expansion should be examined carefully.

There is a legitimate need to rehabilitate and keep prisoners busy. FPI claims its workers are much less likely to become recidivists when released.

This may be true. But what FPI doesn't disclose is that they pick the best of the prisoners for jobs. (FPI often chooses lifers or prisoners with long sentences, which cuts down on turnover.)

Vice President Gore's National Performance Review has recommended elimination of FPI's mandatory preference. Recently, more than 180 members of the House voted to end the mandatory preference. They lost the vote on procedural and jurisdictional grounds when the Judiciary Committee said it needed time to consider the issue.

Congress should act promptly on legislation to take away FPI's big club, the mandatory preference that the company has used to deprive the private sector and its workers of their livelihoods. FPI will never have to compete on the price of labor. Let it compete on the basis of price and quality.

This is an issue the resurgent AFL-CIO, Pat Buchanan, the small-business community and other unlikely allies can agree upon. When you can form that type of coalition, it tells you something is wrong with the government's position.
Thanks S. Ryan
Source: http://www.gcn.com

Federal Prison Industries, Inc. (FPI) is a wholly-owned government corporation established in 1934, under an Act of Congress and an Executive Order which is now incorporated in Chapter 307, Section 4121-4128, Title 18, United States Code. FPI was set up to provide paid employment to inmates, primarily in the manufacture of products for use by the federal government. In 1978, FPI adopted the trade name UNICOR, under which it does most of its business. The products made at these institutions are produced in strict conformance with Federal or other applicable specifications.

Federal Prison Industries Reform

Background

In 1934, President Roosevelt established Federal Prison Industries (FPI) as a government-owned corporation. FPI was given special "mandatory source" status in the government procurement process, forcing government agencies in need of a product to purchase that product from FPI. No consideration could be given to a private sector competitor unless that agency asked for an exception from FPI's monopoly.

In efforts to expand its monopoly, FPI is looking to sell services in the commercial marketplace, despite questionable legal authority to do so. Private sector companies and their employees would have to compete with the federal government to obtain contracts with another private sector company. Facilities—paid for by tax dollars that use prison workers who are paid far below minimum wage—would be competing with Main Street businesses, which are required to pay prevailing wages and provide benefits for their employees. The federal government must undertake more reforms to mandate a "level playing field" for all interested firms.

The Chamber was instrumental in securing reform language in the National Defense Authorization Act that disbanded FPI's monopoly by allowing the private sector to compete for Defense Department contracts if they offer a comparable product. Though progress has been made, a comprehensive reform measure is needed, which is why we support H.R. 2965 the Federal Prison Industries Competition in Contracting Act. It promotes competition, while providing work, training, and rehabilitation opportunities for prisoners in a manner that does not penalize small businesses.

U.S. Chamber Position

The U.S. Chamber supports passage of the Federal Prison Industries Competition in Contracting Act. We work to protect businesses from unfair government competition and advocate for fair competition in the procurement process. Congress should ensure that no government entity, such as FPI, has a special status that forces government agencies to buy from that entity.

$8Gs to Hack??? Its not about the $$$

January 2007

VeriSign offers hackers $8,000 bounty on Vista, IE 7 flaws.

VeriSign's iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer (IE) 7. The Reston, VA, security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay_for_flaw Vulnerability Contributor Program. The launch of the latest hacking challenge comes less than a month after researchers at Trend Micro discovered Vista flaws being hawked on underground sites at $50,000 a pop and illustrates the growth of the market for information on software vulnerabilities. iDefense isn't the only brand_name player in the market. 3Com's TippingPoint runs a similar program, called Zero Day Initiative, that pays researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code. The companies act as intermediaries in the disclosure process __ handling the process of coordinating with the affected vendor __ and use the vulnerability information to beef up protection mechanisms in their own security software, which is sold to
third parties.
Source: http://www.eweek.com/article2/0,1895,2082014,00.asp

Grow VoIP Grow!!!

January 2007

Hosted VoIP services grow, report shows.

In_Stat, a technology research firm, released its latest research study Wednesday, January 10, that showed that hosted Voice over IP (VoIP) telephony usage has increased among small businesses. The study, "Hosted VoIP: Steady Growth, But Will the Boom Come?" found that small businesses have the most hosted VoIP deployments in the 20_to_50_seat range and that hosted VoIP will continue to grow over the next few years with revenues expected to exceed $2 billion by 2010. "Most business customers adopt hosted VoIP with the expectation of cost savings, but soon come to value the feature functionality and integration with data networks the application provides," said David Lemelin, senior analyst at In_Stat. "As a result, hosted VoIP solutions are becoming more valuable." The study from In_Stat found the following: 1) U.S._hosted VoIP seats in service are expected to continue to increase consistently to more than 3 million in 2010; 2) For hosted VoIP services, cost savings is the main appeal; 3) Businesses that have several office locations as well as the mobile worker are most attracted to hosted VoIP solutions.
Source: http://www.eweek.com/article2/0,1895,2081954,00.asp

Bugs in Apple (MoAB)

January 2007

Bug found in Apple security patch software.

The group behind the Month of Apple Bugs (MoAB) project has found a flaw in software designed to fix security issues on Apple Macs. The vulnerability affects the Application Enhancer (Ape) software, which was designed by a rival group trying to combat the flaws highlighted by MoAB. The bug could allow malicious users on a local system to replace Ape's binary code and take control of the root privileges on a computer. "Like the previous local exploits, this could be combined with a remote exploit to gain root privileges from an administrator account without user interaction," said Landon Fuller, author of the Ape software, on his blog. "There are also a number of alternative exploit conditions that could occur due to the admin_writability of other directories in /Library."
Source: http://www.vnunet.com/vnunet/news/2172335/apple_flaw_found_s ecurity_patch

More Google flagging..."nwo07"

January 2007

Google irks Website owners over malware alerts.

Some Website operators are complaining that Google is flagging their sites as containing malicious software when they believe their sites are harmless. At issue is an "interstitial" page that appears after a user has clicked on a link within Google's search engine results. If Google believes a site contains malware, the page will appear, saying "Warning _ visiting this Website may harm your computer!" Google does not block access to the site, but a user would have to manually type in the Website address to continue. Organizations are complaining their sites do not contain malicious software, and the warning is embarrassing. Google's warning page contains a link to Stopbadware.org, a project designed to study legal and technical issues concerning spyware, adware, and other malicious software. Organizations should work with their Web hosting provider to check for security problems, Stopbadware.org said.
Source: http://www.infoworld.com/article/07/01/11/HNgooglemalwareale rtsirk_1.html

Microsoft Technical Cyber Security

January 2007

Technical Cyber Security Alert TA07_009A: Microsoft Updates
for Multiple Vulnerabilities.

Microsoft has released updates to address vulnerabilities that
affect Microsoft Windows, Internet Explorer, Outlook, and Excel as part of the Microsoft Security Bulletin Summary for January 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Microsoft has provided updates for these vulnerabilities in the January 2007 Security Bulletins. The Security Bulletins describe any known issues related to the updates.
Note any known issues described in the Bulletins and test for any potentially adverse affects in your environment.
Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms07_jan.mspx
Source: http://www.uscert.gov/cas/techalerts/TA07_009A.html

China not embracing 3G

January 2007

U.S. commerce secretary says China is thwarting global
technology innovation by not embracing 3G standards.

Secretary of the U.S. Department of Commerce Carlos M. Gutierrez Tuesday, January 9, criticized China for delaying the creation of a 3G (third generation) wireless network in that country, saying it is thwarting global technology innovation by not embracing standards. Speaking in a session at the International Consumer Electronics Show (CES) in Las Vegas, NV, Gutierrez said companies around the world must support common standards to promote a worldwide environment for technology innovation, not have their own "pockets of standards." He used China, where the government continues to hold out on granting licenses to build 3G networks, as an example of that misstep.

China has delayed plans to build a 3G network for several years, he said. Many believe it is because the government wants to promote its own homegrown 3G standard, called TD_SCDMA (Time Division Synchronous Code Division Multiple Access), instead of embracing a version of CDMA (Code Division Multiple Access), on which other countries have built or are building 3G networks. To do its part to encourage competition in the technology industry, the U.S. has to revise current legislation that governs the technology industry and remain as hands_off as possible, he said.
Source: http://www.infoworld.com/article/07/01/10/HNusslapschinafor3 G_1.html

Hackers Break DVD Protection

1.17.2007

Last weekend, a loose-knit coalition of hackers around the world defeated the antipiracy software protecting several high-resolution movies in the HD DVD format. They then began distributing copies of the films — starting with Universal Pictures’ “Serenity” — using BitTorrent, a popular file-sharing tool.

The new intrusions came less than a month after a programmer calling himself Muslix64 announced in a Web forum that he had unraveled at least part of the HD DVD protection system. Muslix64 released free software that allows users to insert HD DVDs into their computers and make copies of those films without the original encryption. However, to make it work, users still needed a special title key, generated by the A.A.C.S. software, for each movie they were trying to copy.

The new DVDs would inevitably be vulnerable to hacking. “Data is inherently copyable, just as water is inherently wet,” he said. “All the technology companies are doing is putting in tricks to make it harder to copy. But all they are is tricks.”
Tks B. Stone

Source: http://www.nytimes.com/2007/01/17/technology/17movie.html?

Waiting to Hack the iPhone

January2007
Hackers looking forward to iPhone.
Within hours of Apple's iPhone unveiling on Tuesday, January 9, the iPhone was a hot topic on the Dailydave discussion list, a widely read forum on security research. Much of the discussion centered on the processor that Apple may have chosen to power its new device and what kind of assembly language "shellcode" might work on this chip. In an e−mail interview, one of the hackers behind the "Month of Apple Bugs" project, which is disclosing new Apple security vulnerabilities every day for the month of January, said he "would love to mess with" the iPhone. "If it's really going to run OS X, [the iPhone] will bring certain security implications, such as potential misuses of wireless connectivity facilities [and] deployment of malware in a larger scale," the hacker known as LMH wrote in an e−mail. Because the device could include a range of advanced computing features, such as Apple's Bonjour service−discovery protocol, it could provide many avenues of attack, according to LMH. "The possibilities of a worm for smartphones are something to worry about," he wrote. "Imagine Bonjour, and all the mess of features that OS X has, concentrated in a highly portable device which relies on wireless connectivity."
Source: http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=900803

PC Exploits in 2007

January 2007
Exploit released for critical PC hijack flaw.
A fully working exploit for a high−risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts. The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity's partners program, which offers up−to−the minute information on new vulnerabilities and exploits to intrusion detection companies and larger penetrating testing firms. The company's exploit takes aim at a "critical" bug in the way Vector Markup Language is implemented in Windows. It has been successfully tested on Windows XP SP2 and Windows 2000, with default installations of Internet Explorer 6.0. "This is a fully working exploit, [it] will give you full access to do anything on the target machine," says Immunity researcher Kostya Kortchinsky. The exploit was created and confirmed in less than three hours after Microsoft's Patch Tuesday release on January 9, a fact that clearly illustrates just how much the gap has narrowed between patch release and full deployment on enterprise networks.
Source: http://www.eweek.com/article2/0,1895,2082416,00.asp

Cyber−crooks in 2007

January 2007
Cyber−crooks switch to code obfuscation.
Security firm Finjan has reported that dynamic code obfuscation was increasingly used as a method to bypass traditional signature−based security systems and propagate malware during the fourth quarter of 2006. The technique works by providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions and parameter name changes. A conventional signature−based security solution would theoretically need millions of signatures to detect and block this particular piece of malicious code. "Hackers have begun to take advantage of new Web technologies to create complex and blended attacks," said Yuval Ben−Itzhak, chief technology officer at Finjan. "With the creation of dynamic obfuscation utilities, which enable virtually anyone to obfuscate code in an automated manner, they have dramatically escalated the threat to Web security."
Report (registration required): http://www.finjan.com/content.aspx?id=827
Source: http://www.vnunet.com/vnunet/news/2172438/cyber−crooks−switch−cod

MacAddict to MacLife

Welcome to the first issue of Mac|Life (formerly MacAddict), the Mac magazine that changes all the rules. In each and every issue of Mac|Life, our experts will show you how to squeeze every last drop of power, productivity, and pleasure out of your Mac. Plus, you can read our unbiased, incisive reviews on the latest software, hardware, and iPod accessories, and learn how creative people (such as yourself) are using their Macs to create, share, and enjoy.

The iPhone...OK...&....So...

iPhone combines three products — a revolutionary mobile phone, a widescreen iPod with touch controls, and a breakthrough Internet communications device with desktop-class email, web browsing, maps, and searching — into one small and lightweight handheld device. iPhone also introduces an entirely new user interface based on a large multi-touch display and pioneering new software, letting you control everything with just your fingers. So it ushers in an era of software power and sophistication never before seen in a mobile device, completely redefining what you can do on a mobile phone.
Ready for the Price: $499 for 4 GB, 8 GB $599
Go buy a playstation 3...
Source: http://images.apple.com/iphone/images/indexhero20070109.jpg

The iPhone...OK...&....So...

iPhone combines three products — a revolutionary mobile phone, a widescreen iPod with touch controls, and a breakthrough Internet communications device with desktop-class email, web browsing, maps, and searching — into one small and lightweight handheld device. iPhone also introduces an entirely new user interface based on a large multi-touch display and pioneering new software, letting you control everything with just your fingers. So it ushers in an era of software power and sophistication never before seen in a mobile device, completely redefining what you can do on a mobile phone.
Ready for the Price: $499 for 4 GB, 8 GB $599
Go buy a playstation 3...
Source: http://images.apple.com/iphone/images/indexhero20070109.jpg

WiFi in Rentals

January 2007
Rolling Wi_Fi hotspot to be offered in rental cars.
Try connecting to a high_speed wireless network from a car, and you are pretty much limited to one method: rigging your laptop computer with a special modem and subscribing to a costly, and sometimes temperamental, wireless service. But a start_up wireless technology company based in San Francisco is expected to announce this week that it has reached an agreement with a rental car company to provide a rolling Wi_Fi hotspot to customers by March. For $10.95 a day, the rental car company will issue motorists a notebook_size portable device that plugs into a car’s power supply and delivers a high_speed Internet connection. A mobile Wi_Fi hotspot that lets laptops and personal digital assistants link to the Internet without the benefit of wires represents an important step toward what technology experts call the “connected car.” Users of these new Wi_Fi hotspots still must contend with technological limitations, like bandwidth restrictions and, for vehicles with too few auxiliary power outlets for all passengers who want to be online at the same time, battery consumption.
Source: http://www.nytimes.com/2007/01/02/technology/02avis.html

DHS = GATTACA You decide...

January 2007
DHS plans IT employee records database.
The Department of Homeland Security (DHS) is setting up a new records system to keep track of the names, passwords, citizenship information and other data on thousands of IT workers with access to the department’s systems. In a notice posted December 29, DHS announced it is creating a new sensitive, but unclassified, database as part of its General Information Technology Access Account Records System. The new database will collect personal information from IT employees, contractors, grantees and others, including people who serve on DHS advisory committees or are listed as points of contact for facilities.
Sources: http://www.washingtontechnology.com/news/1_1/daily_news/29923_1.html?topic=homeland

http://en.wikipedia.org/wiki/Office_of_Total_Information_Awareness

http://www.darpa.mil/

http://en.wikipedia.org/wiki/ECHELON

http://www.conspiracyarchive.com/NWO/Paranoid.htm

http://home.iprimus.com.au/mightyarmy/BTM2.htm

http://www.guardian.co.uk/print/0,,4358017-103680,00.html

http://web.archive.org/web/20020802020226/http://www.darpa.mil/iao/TIASystems.htm

http://www.aclu.org/privacy/spying/15701res20050308.html

http://www.aclu.org/privacy/spying/15722prs20031030.html

No New Gmail Scripting...

January 2007
Google closes Gmail cross_site scripting vulnerability.
Google Inc. has fixed a flaw that would have allowed Websites to harvest information from Gmail contact lists, a problem that could have let spammers collect reams of new e_mail addresses. For an attack to work, a user would have to log into a Gmail account and then visit a Website that incorporatesjava_script code designed to take contact information from Gmail. Proof_of_concept code was publicly posted.
Source: http://www.infoworld.com/article/07/01/02/HNgmailscripting_1 .html

Apple Fixes Bugs in Quicktime & VLC

January 2007
Month of Apple Bugs, meet Month of Patches.
It's officially a cat_and_mouse race to exploit __ and fix __ security vulnerabilities affecting Apple Computer's Mac operating system. Less than 24 hours after the release of working exploits for two critical media player flaws __ QuickTime and VLC __ a former engineer in Apple's BSD Technology Group has launched an effort to provide run_time fixes for each flaw released during the Month of Apple Bugs (MoAB) project. Landon Fuller, one of the primary architects of the Darwin ports system, has announced plans to react to each MoAB bug with a daily, unofficial patch.
Source: http://www.eweek.com/article2/0,1895,2078433,00.asp

Seagate, Back it up, Back it up!!!

January 2007
Seagate buys backup services company.
Hard drive maker Seagate Technology LLC will buy EVault Inc. for $185 million in an acquisition designed to bolster Seagate's managed services business, the company said on Thursday, December 21. EVault, based in Emeryville, CA, provides online network backup, recovery and data protection products for small_to_medium size businesses.
Source:http://www.infoworld.com/article/06/12/21/Hnseagatebuysevaul t_1.html

VoIP in 2007

VoIP will take on new roles in 2007.
In the networking space in 2007, Voice over Internet Protocol (VoIP) will be less about reducing communications cost on a converged IP network and more about improving productivity and creating new business applications that incorporate voice to generate new streams or enhance customer service. The steady vendor drumbeat in 2006 around unified communications helped lay the groundwork for new Web 2.0_style applications that use voice as one of several components.

"The year 2007 will be the year of VoIP apps," said Zeus Kerravala, an analyst with The Yankee Group. "Every major vendor in [the space] now has some sort of [development] community around them, like Avaya's DevConnect. Cisco has one, 3Com is starting one and Microsoft pushes that further along as well." Microsoft's joint partnership this year with Nortel Networks, which will allow the software giant to develop IP PBX functions that can run on any Windows server, will in 2007 hasten the demise of the hardware_based IP PBX, said Dave Passmore, an analyst at the Burton Group. At the same time, Kerravala said service providers will begin offering voice as a hosted service, creating a "business version of Vonage."
Source: http://www.eweek.com/article2/0,1895,2066839,00.asp

New Moves for Spammers in '07

Prediction: Spammers must find new attack techniques in 2007.
One of the most unlikely predictions for 2007 comes from SecureWorks malware researcher Joe Stewart: spammers will have to evolve and find new attack techniques if they intend to maintain their level of profitability. Roughly translated, Stewart believes the massive surge in spam e_mail will taper off in 2007, unless spammers find new tricks to bypass a hardened
Windows Vista and improvements to existing anti_spam technology and techniques. In an entry on the SecureWorks blog, Stewart argued that Vista will force spammers to deliver payloads through social engineering attacks and even that might become more difficult in the future, with Microsoft venturing into the anti_virus and trusted computing arenas. "Another
factor which will have a huge impact is the release of the SpamHaus PBL blocklist, scheduled for release in December 2006," Stewart added. Stewart explained that spammers depend on these dial_up and DHCP_based broadband connections and, with the extensive reach of SpamHaus' blocklists, widespread adoption of the PBL, or Policy Block List, "will be very detrimental to spammers, as entire IP blocks where their zombie spam bots live will be unable to send mail to a large part of the Internet."
SecureWorks blog: http://www.secureworks.com/researchcenter/weblog.html
Source: http://www.eweek.com/article2/0,1895,2069209,00.asp

FCC & AT&T and TV

FCC eases way for telephone companies to offer TV.
The Federal Communications Commission (FCC) approved a plan on Wednesday, December 20, to shorten the time it takes for companies like AT&T and Verizon Communications to get into the subscription television business. The FCC approved by a 3_2 vote a plan limiting local authorities to 90 days to act on applications by new television providers which already have
access to city land to run connections, and 180 days for new entrants to cities and towns. AT&T and Verizon have complained that the process to get licenses from local authorities is too cumbersome and time_consuming. They tried to get similar relief from Congress but lawmakers failed to pass legislation this year. The telephone carriers see offering television as a
necessary component to their bundle of communications services to better compete against cable operators, which now offer their own telephone and high_speed Internet services.
Source: http://www.eweek.com/article2/0,1895,2075131,00.asp

Mozilla's multiple vulnerabilities

Mozilla addresses multiple vulnerabilities.
Mozilla has released new versions of Firefox, Thunderbird, and SeaMonkey
to address several vulnerabilities. While the impacts of the individual vulnerabilities vary, the most severe could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial_of_service.

Systems affected: MozillaFirefox;
Mozilla Thunderbird; Mozilla SeaMonkey; Netscape Browser.
Other products based on Mozilla components may also be affected.

Solution: These vulnerabilities are addressed in Mozilla Firefox 1.5.0.9, Mozilla Firefox 2.0.0.1, Mozilla Thunderbird 1.5.0.9, and SeaMonkey 1.0.7. Mozilla Firefox, Thunderbird, and SeaMonkey automatically check for updates by default. Support for Firefox 1.5 is scheduled to end in April 2007. All users are strongly encouraged to upgrade to Firefox 2.

Firefox 1.5.0.9: http://www.mozilla.com/en_US/firefox/releases/1.5.0.9.html
Firefox 2.0.0.1: http://www.mozilla.com/en_US/firefox/
Thunderbird 1.5.0.9:http://www.mozilla.com/en_US/thunderbird/releases/1.5.0.9.ht ml
SeaMonkey 1.0.7: http://www.mozilla.org/projects/seamonkey/
Disable java_script and Java: These vulnerabilities can be mitigated by disablingjava_script and Java.
For more information about configuring Firefox, please see the
"Securing Your Web Browser" document: http://www.us_cert.gov/reading_room/securing_browser/#Mozilla_Firefox
Netscape users should see the "Site Controls" document for details:
http://browser.netscape.com/ns8/help/options_site.jsp
Thunderbird disablesjava_script and Java by default.
Source: http://www.uscert.gov/cas/techalerts/TA06_354A.html

Apple fixes Quicktime

Apple fixes QuickTime spyware flaw.
The latest security patch for Mac OS X fixes a QuickTime vulnerability that could let attackers capture images from a user's
screen and upload them to a remote site. Apple said that the vulnerability does not affect Windows users or versions of Mac OS prior to 10.4. The vulnerability is not related to the QuickTime flaw that spread through social networking site MySpace last week. The new flaw involves QuickTime for Java, a component that lets Java applets display QuickTime movies, and Quartz Composer, a software tool used to render images in Mac OS. According to Apple, an attacker could placejava_script code on a Website that would use the QuickTime for Java component to obtain screen images and send them to a remote location, possibly allowing the attacker to obtain sensitive information displayed on the screen.
Source:http://www.vnunet.com/vnunet/news/2171378/mac_users_delivere d_quicktime

Bugs inside Apples...

Two hackers plan to disclose bugs in Apple's products.
Apple Computer will soon be a member of the "month of bugs" club. On January 1, twosecurity researchers will begin publishing details of a flood of security vulnerabilities in Apple's products. Their plan is to disclose one bug per day for the entire month, they said Tuesday, December 19. The project is being launched by an independent security researcher, Kevin Finisterre, and a hacker known as LMH, who declined to reveal his identity.
Source:http://www.infoworld.com/article/06/12/19/HNapplebugs_1.html

Worms Worms Worms...

New worm attacks through Symantec antivirus application.
The software vulnerability through which the Big Yellow worm is able to penetrate Windows PCs was patched by Symantec in May 2006. But according to eEye Digital Security, many IT departments have not yet rolled out the fix, leaving these computers vulnerable to attack. A new worm is making the rounds, attacking some business computers through a known __ and
already patched __ flaw in a popular antivirus software suite from security firm Symantec. The worm, called "Big Yellow" and discovered initially by eEye Digital Security, zaps vulnerable computers with malicious code and turns them into remote_controlled zombie machines. Big Yellow exploits a vulnerability in the remote_management interface for Symantec AntiVirus and Symantec Client Security software packages. Marc Maiffret, eEye's founder and CTO, said that the threat appears to be widespread.
Source:http://www.newsfactor.com/story.xhtml?story_id=102003ILKSHI

Hackers exploit Word!!!

Third exploit for Word released.
Hackers have released attack code that exploits a critical vulnerability in Microsoft's Word software __ the third such
bug to be disclosed in the past week. The proof of concept code was posted Tuesday, December 12, on the Milw0rm.com Website, making it widely available to the hacking community. It exploits a previously unreported bug in Word. Like the other recent Word bugs disclosed this past week, it could be used by attackers to run unauthorized software on a victim's computer, said David Marcus, security research and communications manager with McAfee Inc.'s Avert Labs
Source:http://www.infoworld.com/article/06/12/13/HNthirdword1.html

Quicktime Flaws on Myspace

QuickTime flaw could go beyond MySpace.
The QuickTime security hole that enabled a phishing worm to attack users of social networking site MySpace is leaving more users and Websites vulnerable than was first thought. Security firm F_Secure said that the vulnerability has been confirmed to exist in Mac versions of QuickTime, as well as the QuickTime Alternative codec package. Apple, which makes and distributes QuickTime, distributed the fix to MySpace which then offered the patch to users who accessed the site with Internet Explorer and a detectible version of QuickTime. But this move leaves millions of users unprotected, according to F_Secure. Other browsers, including Firefox and Safari, remain exposed, and all sites that allow users to upload QuickTime movies will be vulnerable to the same sort of worm that plagued MySpace. The worm spreads itself through the profile pages of MySpace users, altering the profiles of anyone who views the infected page and redirecting them to a MySpace phishing site. This malicious site then uses stolen passwords to propagate spam messages with links to adware_installing sites.
Source:http://www.vnunet.com/vnunet/news/2170725/quicktime_bug_beyo nd_myspace