Hotmail accounts ‘posted online’

Reports suggest Windows Live Hotmail accounts have been hacked

Thousands of Hotmail passwords have been hacked and posted online, Expressyoureself  has learnt.

Microsoft, which owns the popular web-based e-mail system, said that it was aware of the claims and that it was “investigating the situation”.

Expressyoureself  has seen a list of more than 10,000 accounts, which technology blog Neowin.net said had been posted online.

The blog suggested the accounts had been hacked or had been collected as part of a phishing scheme.

Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and passwords.

‘Rapid response’

Neowin claims the details were posted on 1 October to pastebin.com, a website commonly used by developers to share code.

Although the details have since been removed, BBC News and Neowin has seen a list of 10,027 names beginning with the letters A and B.

“[We] can confirm the accounts are genuine and most appear to be based in Europe,” Tom Warren, a neowin blogger, wrote on the site.

The list included details of Microsoft’s Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.

Microsoft said it had “been made aware of the claims that Windows Live IDs and passwords have been made available on the web”.

“We’re actively investigating the situation and will take appropriate steps as rapidly as possible,” a spokesperson said.

Neowin said that it recommended Windows Live Hotmail users to change their “password and security question immediately”.

Hotmail is currently the largest web-based email service.

---

Do you have a Hotmail email account? Have you been affected by the issues in this story? Send us your experiences

EU scrutinises Yahoo-Google deal

The deal will see Google’s adverts alongside Yahoo’s search results

The European Union has announced that it has been investigating the terms of Google’s proposed deal to partner with Yahoo for advertising.

The deal would see Google’s advertising programs built into Yahoo’s search engine in the US and Canada.

However, the EU Competition Commission argues that there are anti-trust implications because the two companies do business in Europe.

The EU’s present inquiry could escalate to a formal investigation.

The announcement follows on the heels of news of a similar anti-trust investigation by the US Department of Justice.

If it goes ahead, the partnership would control more than 80% of the online advertising market.

EU antitrust regulations have traditionally proven more strict than American ones, so the investigation could prove to be a significant stumbling block for the deal.

The World Association of Newspapers, which represents some 18,000 titles worldwide, joined the fray in opposing the deal on Monday.

“The reality is that a large portion of the traffic to most online newspapers’ websites today comes through paid search or natural results on search engines,” the group said in a statement.

“For this reason, competition among search engines is absolutely vital for newspapers – to ensure that no search engine can set monopoly prices for paid search ads, and to prevent any search engine from influencing users’ surfing habits by manipulating unpaid search results.”

Each advert will generate revenue for Google. However, there is considerable speculation that another motivation is to provide Yahoo with an alternative to Microsoft’s bid for a hostile takeover.

Both Yahoo and Google say that they are cooperating with investigators on both sides of the Atlantic, but argue that they will go ahead with the deal in October.

Web browser to get ‘privacy mode’

Trial, or beta, versions of Internet Explorer 8 are already available

Microsoft is planning a “privacy mode” for the next release of its Internet Explorer (IE) web browser.

By clicking a button, users of IE8 will be able to limit how much information is recorded about where they go online and what they do.

Microsoft watchers have spotted two patent applications covering ways to manage the amount of information a browser logs.

When introduced the privacy mode will match features found on other browsers.

Medical test

Australian blogger Long Zheng has found two patent applications made by Microsoft on 30 July for ideas it calls “Cleartracks” and “Inprivate”.

The applications deal with methods of erasing data that browsing programs log, turning off features that record sites visited or notifying users of what sites are doing to log a visit.

While many browsers already have menu options that let people alter security settings and clear history files it typically has to be done on a use-by-use basis.

Users may wish to turn on the privacy mode if they are planning a surprise party, buying presents or researching a medical condition and do not want others users of the same computer to find out.

Internet Explorer 8 is due to go on general release late in 2008 though early trial versions are already available.

By comparison Apple’s Safari browser already has a privacy mode and developers working for Mozilla, creators of Firefox, are reportedly working on a similar feature for future versions.

Other browsers, such as Xerobank, take a more thorough approach to privacy and try to anonymise all web use.

Net address bug worse than feared

Courtesy BBC

Attackers could use the loophole to redirect web users to fake sites

A recently found flaw in the internet’s addressing system is worse than first feared, says the man who found it.

Dan Kaminsky made his comments when speaking publicly for the first time about his discovery at the Black Hat conference in Las Vegas.

He said fixes for the flaw in the net’s Domain Name System (DNS) had focused on web browsers but it could be abused by hackers in many other ways.

“Every network is at risk,” he said. “That’s what this flaw has shown.”

The DNS acts as the internet’s address books and helps computers translate the website names people prefer (such as bbc.co.uk) into the numbers computers use (212.58.224.131).

Mr Kaminsky discovered a way for malicious hackers to hijack DNS and re-direct people to fake pages even if they typed in the correct address for a website.

In his talk Mr Kaminsky detailed 15 other ways for the flaw to be exploited.

Via the flaw hi-tech criminals or pranksters could target FTP services, mail servers, spam filters, Telnet and the Secure Socket Layer (SSL) that helps to make web-based transactions more secure.

“There are a ton of different paths that lead to doom,” he said.

‘Hype’

But the DNS threat was played down by net giant VeriSign which issues many of the security certificates used in SSL. It told BBC News its system was “not vulnerable”.

The Silicon Valley company looks after two of the net’s 13 DNS root servers. It also controls the computers that contain the master list of domain name suffixes such as .com and .net

“If there is a silver lining in all of this, it’s that users will become more aware and more consious of who they do business with.”

Ken Silva, chief technology officer at Verisign, said: “We have anticipated these flaws in DNS for many years and we have basically engineered around them.”

He believed there had been “some hype” around how the DNS flaw will affect consumers. He added that while it was an interesting way to exploit DNS on weak servers, there were other ways to misdirect people that remained.

Mr Silva said he was concerned that people would read too much into the doom and gloom headlines that have surrounded the discovery of the DNS flaw.

“It’s been overplayed in a sense. I think it has served to confuse the consumer into believing there is somehow now a way to misdirect them to a wrong site.

“The fact of the matter is that there have been many ways like phishing attacks to misdirect them for a long time and this is just yet another of those ways that will be surgically exploited.”

Security gap

Mr Kaminsky kept news of the flaw out of the public domain for months after its discovery to give companies time to patch servers.

Mr Kaminsky said that 75% of Fortune 500 companies have fixed the problem while around 15% have done nothing.

Major vendors like Microsoft, Cisco, Sun Microsystems and others have issued patches to close the security hole.

“The industry has rallied like we’ve never seen the industry rally before,” said Mr Kaminsky.

Computer users need to be educated to surf the superhighway more safely

DNS attacks are not new but Mr Kaminsky is credited with discovering a way to link some widely known weaknesses in the system so that the attack now takes seconds instead of days or hours.

“Quite frankly, all the pieces of this have been staring us in the face for decades,” said Paul Vixie, president of the Internet Systems Consortium, a non-profit that makes the software run by many of the world’s DNS servers.

Mr Silva at VeriSign said even though patches have been put in place, this doesn’t mean users can sit back and relax.

“The biggest gap in security rests between the keyboard and the back of the chair,” he said.

“The look and feel of a website is not what a consumer should trust. They should trust the security behind that website and do simple things like use more secure passwords and change their password regularly.”

Mr Silva said education is fundamental in making the net a safer place.

“We have been trained since we were young to lock the door to our house, our car. We take these sensible security measures in the environment we are functioning in.

“Yet when it comes to computer safety we forget to look both ways before crossing the internet highway.”

Yahoo board wins investor vote

Yahoo shareholders have voted to re-elect the firm’s board after it defended its handling of negotiations with Microsoft over a possible deal.

Chief executive Jerry Yang won the backing of 85% of investors at Yahoo’s annual meeting in California.

Some investors had criticised the firm’s failure to agree a deal with Microsoft, which had offered to buy the internet firm for $47.5bn (£24.1bn).

During the meeting, one called on chairman Roy Bostock to resign.

Shareholder Eric Jackson of Ironfire Capital – one of 150 investors at the meeting – said Mr Bostock “should do the honourable thing and step down from the board”.

He accused the Yahoo boss of overplaying his hand with Microsoft.

Study revives six degrees theory

A US study of instant messaging suggests the theory that it takes only six steps to link everyone may be right – though seven seems more accurate.

Microsoft researchers studied the addresses of 30bn instant messages sent during a single month in 2006.

Any two people on average are linked by seven or fewer acquaintances, they say.

The theory of six degrees of separation has long captured people’s imagination – notably inspiring a popular 1993 film – but had recently seemed discredited.

One of the researchers on the Microsoft Messenger project, Eric Horvitz, said he had been shocked by the results.

“What we’re seeing suggests there may be a social connectivity constant for humanity,” he was quoted as saying by the Washington Post newspaper.

“People have had this suspicion that we are really close. But we are showing on a very large scale that this idea goes beyond folklore.”

Urban myth?

The database used by Mr Horvitz and his colleague Jure Leskovec covered all of the Microsoft Messenger instant-messaging network, or roughly half of the world’s instant-messaging traffic, in June 2006.

For the purposes of the study, two people were considered to be acquaintances if they had sent one another an instant message.

Examining the minimum chain lengths it would take to connect all the users in the database, they found the average length was 6.6 steps and that 78% of the pairs could be connected in seven links or fewer.

The idea of six degrees of separation was conceived by US academic Stanley Milgram, after experiments in which he asked people to pass a letter only to others they knew by name.

The aim was to get it, eventually, to a named person they did not know living in another city.

The average number of times it was passed on, he said, was six – hence, the six degrees of separation.

However, in July 2006, Judith Kleinfeld, professor of psychology at Alaska Fairbanks University, went back to Milgram’s original research notes and discovered that 95% of the letters sent out had failed to reach their target.

She suggested that the six degrees theory might be the academic equivalent of an urban myth.

The Microsoft researchers said that, to their knowledge, their study had for the first time validated Milgram’s theory on a planetary scale.

Microsoft sees end of Windows era

Microsoft has kicked off a research project to create software that will take over when it retires Windows.

Called Midori, the cut-down operating system is radically different to Microsoft’s older programs.

It is centred on the internet and does away with the dependencies that tie Windows to a single PC.

It is seen as Microsoft’s answer to rivals’ use of “virtualisation” as a way to solve many of the problems of modern-day computing.

Tie breaking

Although Midori has been heard about before now, more details have now been published by Software Development Times after viewing internal Microsoft documents describing the technology.

Midori is believed to be under development because Windows is unlikely to be able to cope with the pace of change in future technology and the way people use it.

Windows worked well in an age when most people used one machine to do all their work. The operating system acted as the holder for the common elements Windows programs needed to call on.

“If you think about how an operating system is loaded,” said Dave Austin, European director of products at Citrix, “it’s loaded onto a hard disk physically located on that machine.

“The operating system is tied very tightly to that hardware,” he said.

That, he said, created all kinds of dependencies that arose out of the collection of hardware in a particular machine.

This means, he said, that Windows can struggle with more modern ways of working in which people are very mobile and very promiscuous in the devices they use to get at their data – be that pictures, spreadsheets or e-mail.

Equally, he said, when people worked or played now, they did it using a combination of data and processes held locally or in any of a number of other places online.

When asked about Midori by BBC News, Microsoft issued a statement that said: “Midori is one of many incubation projects underway at Microsoft. It’s simply a matter of being too early in the incubation to talk about it.”

Virtual machines

Midori is widely seen as an ambitious attempt by Microsoft to catch up on the work on virtualisation being undertaken in the wider computer industry.

Darren Brown, data centre lead at consulting firm Avanade, said virtualisation had first established itself in data centres among companies with huge numbers of servers to manage.

Putting applications, such as an e-mail engine or a database, on one machine brought up all kinds of problems when those machines had to undergo maintenance, needed updating or required a security patch to be applied.

By putting virtual servers on one physical box, companies had been able to shrink the numbers of machines they managed and get more out of them, he said.

“The real savings are around physical management of the devices and associated licensing,” he said. “Physically, there is less tin to manage.”

Equally, said Mr Brown, if one physical server failed the virtualised application could easily be moved to a separate machine.

“The same benefits apply to the PC,” he said. “Within the Microsoft environment, we have struggled for years with applications that are written so poorly that they will not work with others.

“Virtualising this gives you a couple of new ways to tackle those traditional problems,” he said.

Many companies were still using very old applications that existing operating systems would not run, he said. By putting a virtual machine on a PC, those older programs can be kept going.

A virtual machine, like its name implies, is a software copy of a computer complete with operating system and associated programs.

Closing Windows

“On the desktop we are seeing people place great value in being able to abstract the desktop from actual physical hardware,” said Dan Chu, vice president of emerging products and markets at virtualisation specialist VMWare.

Some virtual machines, he said, acted like Windows PCs to all intents and purposes. But many virtual machines were now emerging that were tuned for a particular industry, sector or job.

“People take their application, the operating system they want to run it against, package it up along with policy and security they want and use that as a virtual client,” he said.

In such virtual machines, the core of the operating system can be very small and easy to transfer to different devices. This, many believe, is the idea behind Midori – to create a lightweight portable operating system that can easily be mated to many different applications.

Microsoft’s licensing terms for Windows currently prohibited it acting as a virtual machine or client in this way, said Mr Chu.

Michael Silver, research vice president at Gartner, said the development of Midori was a sensible step for Microsoft.

“The value of Microsoft Windows, of what that product is today, will diminish as more applications move to the web and Microsoft needs to edge out in front of that,” he said.

“I would be surprised if there was definitive evidence that nothing like this was not kicking around,” he said.

The big problem that Microsoft faced in doing away with Windows, he said, was how to re-make its business to cope.

“Eighty percent of Windows sales are made when a new PC is sold,” he said. “That’s a huge amount of money for them that they do not have to go out and get.

“If Windows ends up being less important over time as applications become more OS agnostic where will Microsoft make its money?” he asked.

Surveys: Many people are now watching TV online

Surveys: Many people are now watching TV online

As much as 20 percent of all TV viewing in the US now happens online, says a survey released this week by Integrated Media Measurement Inc. (IMMI), supporting other recent research which also indicates that the Internet is fast turning into the top choice for many.

For the first time this year, a significant part of the online audience for primetime TV episodes is not watching some portion of the show on TV, according to IMMI’s new survey results. Recent launches of sites like Hulu, offering full episodes of programs, is surely bolstering the trend.

For some shows, online viewing is higher than DVR playback. Yet the IMMI researchers also contend that only about one-third of American households own DVRs, whereas about 82 percent of them have Internet access.

About 29 percent of “traditional live TV viewers” use a DVR frequently, in contrast to just 22 percent of online TV viewers.

Around 50 percent of all online viewing was characterized by IMMI’s respondents as “TV replacement,” whereas 31 percent of the time, it was described as “catch-up viewing,” and 18 percent of the time as “fill-in viewing.”

Online TV as a “TV replacement” is certainly nothing new. As previously reported in BetaNews, in a study conducted by Burst during the recent Hollywood writer’s strike, almost half of those surveyed were spending more time than usual online, in order to avoid repeat programming on TV.

Although that particular study didn’t ask the TV defectors how they spent their time online, it’s probably a good bet that a lot of them were viewing videos.

Europe seems to be much further ahead of the US in watching TV online, according to a survey by Motorola. Even back in mid-2007, when that survey was published, 45 percent of respondents across the UK, France, Spain, Germany, and Italy claimed to be watching at least some TV online, with France taking the lead at 59 percent.

Given the choice, why do some people prefer watching TV online? Another recent survey — this one conducted by Simmons, a unit of Esperian — showed that viewers are 25 percent “more engaged” when watching TV online.

Released last December, the Simmons study defined “engagement” according to six characteristics that respondents identify with media: “personal time-out,” “social interaction,” “inspirational,” “trustworthy,” “life-enhancing,” and ad receptivity.

Although that could be, maybe people just find it interesting to get up off the couch, ditch the remote, and flip around between various Web sites – some showing TV programs, and others offering music, downloadable software, social networking, news, gaming, e-mail, search engines, and an endless array of other stuff.

Microsoft posts videos of users who liked Vista after thinking it was new OS

Microsoft posts videos of users who liked Vista after thinking it was new OS

Microsoft has posted actual videos from its “Mojave Experiment,” an effort to dispel negative stereotypes about Vista by making Windows users think they were running a newer operating system that was actually Vista.

While not referring to Mojave by name, Microsoft first talked about the project publicly during a meeting with financial analysts last week, when Bill Veghte, a senior VP, mentioned an experiment done by Microsoft among PC users who “have a negative perception relative to” Vista.

“They’re not using it, but they are predisposed to think about it in a negative way,” according to Veghte, who heads up Microsoft’s Online Services & Windows Business Group.

Veghte said the subjects in the experiment consisted of a focus group chosen through a phone survey based on random dialing. He then rolled video showing how users who’d voiced anti-Vista leanings in the survey — but were then duped into thinking they were looking at a new OS codenamed Mojave — liked what they saw, even though they were actually viewing Vista.

In practically the same breath, Veghte mentioned another survey done by Microsoft, this one conducted among existing Vista users. “We have 89 percent satisfied or very satisfied, and 83 percent of those customers would recommend it to friends, family, et cetera. That is a very good result when you compare and contrast the satisfaction levels on other products,” he contended at the meeting.

When early reports about Mojave emerged online late last week, BetaNews contacted Microsoft to find out more about the two surveys discussed at the analyst meeting, and whether their relationship — if any — to one another.

As it turns out, Mojave and Microsoft’s “Vista satisfaction” survey are not related — not directly, anyway.

“The source of the [Vista satisfaction] survey was Penn Schoen and Berland Associates, which is a different company than Microsoft is working with on Mojave,” a Microsoft spokesperson told BetaNews today.

Mojave, on the other hand, was aimed at getting a better understanding of “the reactions of customers to Windows Vista, when they were not aware that they were using Windows Vista,” she said.

“The people we tested were were a collection of Mac, Linux, and Windows users who have not made the switch yet to Windows Vista,” BetaNews was told. “We look forward to showing them on July 29.”

BetaNews asked Microsoft whether the Mojave videos will be released in Microsoft ads. “We intend to use these videos as part of some upcoming Windows Vista marketing treatments. You can expect to continue to see ongoing product marketing efforts around Windows that communicates its value to our customers,” the spokesperson maintained.

Early Monday evening, prior to the posting of the anticipated Mojave videos, a teaser site established over the past few days spilled a few other details about Mojave.

The Mojave Experiment took place over “three days in San Francisco, July, 2008,” according to postings on the site.

“Subjects get a live 10-minute demo of “‘the next Microsoft operating system – codenamed Mojave – but it’s actually Windows Vista,” the teaser site proclaimed.

More than 120 computer users viewed the “Mojave” demo, presented on an HP Pavilion DV 2000 with 2GB of RAM.