Liars
I went to check out the Bill Gates keynote today at 9:11est and as you can see, I didn't get to view it because of LIARS.

Palm's Treo 700w runs on Microsoft software -- and spiffs it up, too, with options you just won't find on other Pocket PCs
source: http://www.businessweek.com/print/technology/content/jan2006/tc20060105_864306.htm

Palm users who pick up the new Treo 700w are in for a jolt. Just below the screen is a Windows key that makes it clear this is different from any product in Palm's 10-year history. Folks who use Microsoft's (MSFT ) Windows Mobile software on a Pocket PC or smart phone will get a few surprises as well. The new Treo is different from any other Windows device.

When Palm licensed the Windows Mobile 5.0 software last year, it won unprecedented permission to make substantial changes in Microsoft's basic software. It has made the most of this freedom, drawing on its experience with keyboards to eliminate many of the annoying usability problems that have plagued Windows Mobile devices, particularly phone-equipped Pocket PCs.

SUPERFLUOUS STYLUS. One result is that the Treo 700w ($400 from Verizon Wireless with a two-year contract) is the first Pocket PC whose stylus will rarely leave its storage slot. The basic layout of the keyboard is similar to the Treo 650. The main difference is the addition of the Windows key, which brings up the Start menu, and an O.K. key, used to complete most actions. These replace the Calendar and Mail keys on other Treos. Two cell-phone-style soft keys, whose functions vary with the operation at hand, replace Palm's Menu and Home buttons.

Palm has drastically changed the Pocket PC home screen for the better. Instead of a jumbled list of choices, the Treo home screen features speed-dial buttons and two boxes where you can enter text. The one at the top picks names from your contacts as you type. The lower one is for Google (GOOG ) searches. The battery gauge at the top remains visible on all pages, overcoming one of Windows Mobile's silliest shortcomings.

The stylus should be superfluous as an input and navigation tool on any device equipped with a keyboard. You hardly need to use one with Windows Mobile 5.0 software, which is showing up on various devices in addition to the Treo. But on most systems, there will be one critical task that requires tapping the screen -- such as changing some of the settings on the Tab key. On Pocket PCs, you can't do that from the keyboard, but on the new Treo, you can.

NEW INNOVATIONS. There are still occasional annoyances. As you type text, the Pocket PC software suggests word completions. The only way to accept one, if you really feel the need, is to tap the screen. But you can also ignore the suggestions and just go on typing.

Other Palm innovations go beyond fixing Microsoft shortcomings. One simple but valuable one is the ability to program speed dials with the codes and passwords needed for access to voice mail. You can also program such buttons as forward, back, and delete with the appropriate digits. Unfortunately, these codes can only be single digits, which won't work with many corporate voice-mail systems.

Another innovation adds a new option called "Ignore with SMS" to the handling of incoming calls. This is a real boon at business meetings. Instead of just shunting a call to voice mail, you can send the caller a text message -- handy in a setting where tapping out some text is acceptable, but answering the phone is not.

THE BEST POCKET PC. The Treo runs on Verizon's (VZ ) fast BroadbandAccess network, making it ideal for data. Palm designed the Windows Treo primarily in response to demand from corporate customers, and once the appropriate software is finished, it will be able to receive corporate e-mail and other data automatically from BlackBerry, GoodLink, and Microsoft Exchange Server 2003 services (see BW Online, 1/9/06, "If BlackBerry Gets Smushed...").

I have been using Palms of one sort or another for a decade, and at first the Treo 700w seemed a little weird. Many Palm aficionados will prefer to stick with the familiar Treo 650. For one thing, it offers a better display, since Palm actually had to reduce resolution to meet Windows standards. But Pocket PC users and many newcomers to high-end smartphones will find the Treo 700w a delight. It's by far the best Pocket PC I have used, and the first one that I have ever really wanted to carry.

Sony Unveils Blu-ray Disc Products
source: http://www.techtree.com/techtree/jsp/article.jsp?article_id=70375&cat_id=581

Sony Electronics has unveiled a variety of Blu-ray Disc-based products. US product introductions will begin this spring, and gather momentum over the summer with the introduction of a home player.

BD technology will also be included in VAIO computers, after-market computer drives, and recordable BD-R (write-once) and BD-RE (rewritable) media.

Sony expects the Blu-ray Disc format to emerge as the standard in HD video performance and flexibility, packaged in a five-inch optical disc. The format features a robust 25 GB single layer and 50 GB dual layer capacity, with the multimedia possibilities of Java-enabled interactivity.

"Blu-ray Disc technology is the final piece needed to complete our vision of the high-definition world," said Hideki "Dick" Komiyama, president and chief operating officer, Sony Electronics. Sony's first Blu-ray Disc home player, model BDP-S1, will be available in early summer and features 1080p full HD video output and DVD upscaling to 1080p. Sony maintains that this initial BD player features a sophisticated design, and exceptional build quality with rigid beam construction as well as finely-tuned audio and video parts and circuits.

The company's RC series VAIO desktop computer will combine Blu-ray Disc recording technology with high-octane performance, allowing aspiring HD movie makers and other videographers to shoot their creation with a high-definition camcorder. Using Sony's Vegas software, users can edit high-definition footage, then archive and share it on Sony high-capacity BD-R and BD- RE Blu-ray Discs or on traditional DVD-R/RW, DVD+R/+RW discs, capitalizing on flexibility in storage, playback and recording. RC series desktops will be available with the drive in early summer.

As VAIO expands its line of digital home products, Blu-ray Disc drives will be progressively integrated. Sony also announced that a Blu-ray Disc after-market drive for personal computers is also expected to be available this year, and will support 25GB/50GB BD-R/RE discs, as well as DVD+R/+RW, and CD-R/RW recordable media.

This drive will be bundled with consumer-level BD recording software and accessories for creation of High-Definition home video and data Blu-ray Discs.

Beginning in spring, Sony will begin selling a 25 GB single layer BD-R and the BD-RE recording media. Dual layer 50 GB capacity recordable media will follow in the subsequent months. Helping to support the BD players entering the market, Sony Pictures Home Entertainment division will be launching 20 titles on BD-Rom discs, spanning from recent hits to classic favorites. Sony Computer Entertainment's PlayStation 3 computer entertainment system scheduled for launch this year, will also adopt BD-ROM disc as its medium.

Unauthorized Patch For Microsoft WMF Bug Sparks Controversy

Sober worm may hit tomorrow, but businesses are more concerned about the WFM vulnerability and Microsoft's inability to produce a patch this week. Some are choosing an alternative that could lead to other problems.

Concerns over the lack of a Microsoft-issued patch have pushed the Windows Metafile/Zero-Day bug to top of mind, surpassing even tomorrow's much-anticipated Sober worm attack.

The lag time between the Dec. 27 discovery of the WMF vulnerability and Microsoft's planned Jan. 10 patch availability has forced IT security departments to find alternative means for protecting their systems and prompted a non-Microsoft developer to create a patch that others could use.

All of this serves to damage Microsoft's reputation as a company that can secure its own products—a reputation that only recently was beginning to improve after years of being dragged through the mud. Experts are divided over whether it's wise to use Ilfak Guilfanov's Hexblog patch to fix the WMF vulnerability, which could allow attackers to use WMF images to execute malicious code on their victims' computers. Some say it's a necessary measure to protect systems until the official Microsoft patch arrives; others say it's not worth the extra work to patch twice or to take the risk of using a third-party fix.

"We're advising against this third-party patch," says Gartner VP and research fellow John Pescatore. Even if the patch works perfectly, users will have to modify their Windows environments when they deploy the patch, and then uninstall the patch by next Tuesday, leaving two opportunities for something to go wrong. Gartner advises that companies should employ workarounds that ensure that their URL-blocking capabilities are up to date, that all WMF files are blocked, and that they expedite testing and deployment of Microsoft's patch when it becomes available.

But the SANS Institute's Internet Storm Center recommended Tuesday that users not wait for Microsoft's fix, but unregister a vulnerable Dynamic Link Library, or DLL, executable program modules in Windows and apply Guilfanov's patch.

Either way, the WMF vulnerability has been widely acknowledged as a major security threat. The vulnerability is already being exploited, and Symantec has raised its ThreatCon to a Level 3, out of four. The company, which last placed a ThreatCon Level 3 in July 2004 because of MyDoom.M, has expressed concern over the window of time Microsoft has allowed between discovery of the vulnerability and the planned issuance of a patch. Symantec recommends that companies instruct their users to avoid opening unknown or unexpected E-mail attachments or following Web links from unknown or unverified sources, and turn off preview features on E-mail programs to prevent infection from HTML E-mails. The WMF vulnerability affects a number of different versions of Windows XP, Server 2003, ME, 98, and 2000, as well as some versions of Lotus Notes.

Microsoft claims, via its Security Response Center blog, that the company is continuing to work on finalizing a security update for the vulnerability in WMF. In the blog, Security Response Center operations manager Mike Reavey acknowledges that in Microsoft's effort to "put this security fix on a fast track, a pre-release version of the update was briefly and inadvertently posted on a security community site." Microsoft is recommending its customers disregard the posting and wait until a fully tested patch is issued next week.

Microsoft's response to the vulnerability has been particularly poor, says the assistant VP of IT security for a global financial-services firm. While Microsoft has chosen to patch the WMF vulnerability during its normal Patch Tuesday download, this comes well after it should have. "They have historically released patches on special occasions, and this is clearly one of those occasions," she says, preferring to speak anonymously on the topic of an unpatched vulnerability. She added that her company has "wasted countless man-hours" to mitigate the chance of being hit by an exploit, but that no amount of workarounds can fully replace a patch from the vendor.

Third-party patches are not a new concept, but the one issued for the WMF vulnerability is particularly troubling because it raises the question of why Microsoft couldn't issue its own patch in a timely fashion. In fact, the availability of Guilfanov's Hexblog patch makes Microsoft look even worse, the financial-services assistant VP of IT security says. "If a third party can put out a stable patch, Microsoft should have been able to," she adds. "It shames Microsoft."

While the popular Hexblog patch—Guilfanov's Web site was down on Wednesday morning, possibly because of bandwidth issues—is by all appearances a solid piece of coding, the financial-services firm won't download the patch because of the risk of implementing a patch that's not been properly tested, "which it isn't because it's not coming from Microsoft," the assistant VP adds.

As long as Windows systems remain unpatched, companies are at risk for WMF exploits whenever their employees browse the Internet. "There's no way for you to know whether a site is dangerous for a WMF exploit," says Ken Dunham, director of VeriSign iDefense's rapid response team. Even if companies set their defenses to strip out all executable files from incoming E-mails and instant messages, attackers can disguise their executables to look like a JPG or GIF file.

As of Jan. 2, VeriSign iDefense had found at least 67 hostile sites containing exploits against the WMF vulnerability, and the company is investigating another 100 sites. When users visit these malicious sites, their computers can be infected with Trojans, adware, spyware, or files that use them as a base for sending out spam to other computers.

Unlike the Sober worm, which spreads spam with politically charged messages but tends not to damage systems, WMF vulnerability-inspired spam is much more malicious. VeriSign iDefense captured a WMF culprit on Dec. 28 that used the output.gif file to spam messages over the Internet from a company called Smallcap-Investors, which promote a Chinese pharmaceutical company called Habin Pingchuan Pharmaceutical. The spam message was sent out as a GIF file in an apparent attempt to evade spam filters. Using spam as the underpinning of a stock "pump and dump" scheme, Smallcap encouraged users to buy cheap stocks. As is typical in such a ruse, once the fraudster has raised the value of the stock, he or she sells off the stock, making it worthless to the victims who've been duped into investing.

Another WMF exploit came in the form of the HappyNY.a worm, which looks to a user like a JPG file but is actually a malicious WMF file. The HappyNY.a worm contains Nascene.C code, which attempts to exploit the WMF vulnerability and fully compromise a user's computer.

If users come to depend too much on third-party patches to avoid such scams, it could set a dangerous precedent for security. "You'll see phishing E-mails that say they offer volunteer patches," Pescatore says. "If people starting using these sites that are not from a vendor, this could be a whole new problem."

Concerns over the proliferation of Microsoft-based phishing scams come as an Iowa man recently pleaded guilty to computer fraud charges arising from a phishing scheme conducted from January 2003 through June 2004 on Microsoft's MSN Internet service. The scam involved sending E-mail falsely claiming that MSN customers would receive a 50% credit toward their next bill.

Meanwhile, the buzz around the WMF vulnerability has helped eclipse concerns over the upcoming Sober worm threat. "All of the antivirus guys have put out their signature updates" for the latest incarnation of Sober, and "the payload has been analyzed, so you know what DNS servers it's going to call," Pescatore says. The most important things for IT security professionals to realize is that there is a patch for Sober and that, while the attacks will start by Jan. 5, there will likely be new variants of Sober each subsequent week.

On Jan. 5, the code contained in the Sober worm will start updating and sending itself out to thousands, if not millions, of computers, adds Dunham. So far, the Sober attacks have been more motivated at spreading political and social messages rather than delivering malicious payloads. "Sober has the ability to download code, but the attackers haven't done this," he adds. "Instead, they use it to send spam and clog E-mail servers and promote their agenda."

Signature-based antivirus programs won't have any problems detecting known variants of Sober. New variants will prove a bit trickier, and companies should make sure executable and JPG attachments are stripped out of E-mails traversing their networks, says Shane Coursen, a senior technical consultant for antivirus software maker Kaspersky Lab. For this latest generation of Sober, companies will rely less on signature-based antivirus defenses and more on those that employ heuristic routines that flag strange behavior on the network.

Windows flaw spawns flurry of attacks

"We estimate 99 per cent of computers worldwide are vulnerable"

A flaw in Microsoft's Windows Meta File (WMF) has spawned dozens of attacks since its discovery last week, security experts warned on Tuesday.

The attacks so far have been wide-ranging, the experts said, citing everything from an MSN Messenger worm to spam that attempts to lure people to click on malicious websites.

The vulnerability can be easily exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said. Older versions of the operating system, including Windows 2000 and Windows ME, are also at risk, though in those cases the flaw is more difficult to exploit, said Mikko Hypponen, chief research officer at F-Secure.

Hypponen said: "Right now, the situation is bad but it could be much worse. The potential for problems is bigger than we have ever seen. We estimate 99 per cent of computers worldwide are vulnerable to this attack."

The WMF flaw uses images to execute arbitrary code, according to a security advisory issued by the Internet Storm Center. It can be exploited just by the user viewing a malicious image.
Microsoft plans to release a fix for the WMF vulnerability as part of its monthly security update cycle on 10 January, according to the company's security advisory.

Hypponen added: "We have seen dozens of different attacks using this vulnerability since Dec 27. One exploits image files and tries to get users to click on them; another is an MSN Messenger worm that will send the worm to people on your buddy list, and we have seen several spam attacks."

He added that some of the spam attacks have been targeted to select groups, such as one that purports to come from the US Department of State. The malicious email tries to lure the user to open a map attachment and will then download a Trojan horse. The exploit will open a backdoor on the user's system and allow sensitive files to be viewed.

The WMF flaw has already resulted in attacks such as the Exploit-WMF Trojan, which made the rounds last week.

Although Microsoft has not yet released a patch, security vendors such as F-Secure and the Internet Storm Center are noting that Ilfak Guilfanov, a Russian security engineer, has released an unofficial fix that has been found to work.

In its daily security blog F-Secure noted: "Ilfak Guilfanov has published a temporary fix which does not remove any functionality from the system. All pictures and thumbnails continue to work normally."

Security companies also are advising computer users to unregister the related "shimgvw.dll" portion of the Windows platform. Unregistering the dll, however, may also disable certain Windows functions and has not been thoroughly tested, according to a security advisory issued by Secunia.

Despite the potential for a large number of computer users to be affected by exploits related to this vulnerability, Hypponen said the chances of a widespread outbreak from a virus, as people return to work from the long holiday, are unlikely.

He said: "We are still far away from a massive virus. Most people get attacked by this if they [search for something on the internet] and get a million results. They may click on a link that goes to a malicious website or one that has been hacked, and then get infected."

Police Officer Hit By Car At Sobriety Checkpoint In Queens
January 01, 2006
A police officer is hospitalized after he was hit by an alleged drunk driver at a sobriety checkpoint in Queens early Sunday. Police say the incident happened around 1:30 a.m. on the Grand Central Parkway near an entrance to the Long Island Expressway. The officer, whose name has not been released, was taken to Bellevue Hospital with a leg injury. Hospital officials would only say the officer is in stable condition. According to investigators, the female driver was also hurt. The driver was arrested, but there is no word yet on what she'll be charged with.

Happy New Year NYPD!