OLPC spinoff in talks with four laptop makers

Nautilus Sci/Tech News
May 24, 2008

The broad influence of the One Laptop Per Child initiative continues to expand its sphere.

Not long ago it was unclear whether the PC--originally conceived as a $100 laptop for children in developing countries--would ever become a reality after a long series of delays. Now the XO laptop seems on the verge of becoming a hot item, and all the research that went into it is leading down divergent paths.

Case in point: Walter Bender, who just left the OLPC initiative to start up its open-source software spinoff, is reportedly in "informal discussions" to get its Linux operating system on low-cost laptops made by four manufacturers. The nonprofit spinoff, Sugar Laboratories, is having discussions with Pixel Qi and is interesting in pursuing a relationship with Intel, Bender told BetaNews. No other companies were named, though he mentioned Asus on Sugar Labs' Web site last week.

It's only the latest permutation in a long-running saga that has seen infighting, resignations, and other controversy since the project's inception. Last month OLPC founder Nicholas Negroponte said the XO might switch from Linux to Windows XP, but that change remains to be seen. Stay tuned.

LifeLock Identity Fraud Service Finds Skeptics

Nautilus Sci/Tech News
May 24, 2008
It is, without a doubt, one of the great marketing stunts in recent memory.

Two years ago, Todd Davis decided to put his Social Security number in the television commercials and print advertisements for LifeLock, the company he helped found. For a fee of about $10 a month, LifeLock offers what it calls a “proven solution” that prevents its customers from becoming victims of identity theft and fraud.

By putting those nine digits on public display, Mr. Davis was trying to show the world how confident he was in LifeLock’s service. And it worked. Today, he has just over one million customers. In January, Goldman Sachs led a $25 million round of financing for the company. Last week, Google’s chief financial officer joined its board.

But Mr. Davis’s stunt also amounted to a dare, and one man in Texas has already succeeded in getting a payday loan in his name.

Regulators and lawyers have the company in their sights, too. The state of Oklahoma accused LifeLock of selling insurance without proper certification. New York City has announced its intention to sue the company. Class-action lawyers have filed federal and state lawsuits, charging deceptive business practices and fraudulent advertising, among other things.

All this raises a couple of basic questions: What are the chances that an identity thief can do you real harm? And if you feel vulnerable, do you need to spend $100 or more a year to protect yourself?

First, let’s check the odds. The latest Federal Trade Commission statistical survey about identity theft found that 8.3 million American adults, or 3.7 percent of the adult population, were victims in 2005.

But the majority of those people ran into problems as minor as having a thief use their credit card numbers. This type of fraud is annoying, but it rarely costs any money as long you notice it and let the card company know.

The scarier situation is something called new account fraud. Thieves steal your personal information and open credit card and other accounts in your name. When they don’t pay the bills, it is your credit history that is wrecked.

Thankfully, new account fraud is much less common. The Federal Trade Commission survey showed only 1.8 million people, or 0.8 percent of the adult population, had fallen victim to that kind of fraud or to other crimes such as criminals giving an innocent person’s name to an arresting officer or using it to rent an apartment.

As for the trend, the overall number of identity theft crimes appears to be falling. An annual survey by Javelin Strategy and Research shows the number of incidents falling 20.6 percent in the last four years. The research company does expect the incidence of new account fraud to rise in the next five years, but it predicts that the annual dollar amounts will fall.

With the risk fairly low but the pain of falling victim quite high, it is best to think of identity theft and fraud as an illness that you do not want to contract. Early detection is good, but prevention is much better.

That is where LifeLock wants to play. One significant service it offers places a 90-day fraud alert on your credit files with Equifax, Experian and TransUnion, the three biggest companies that track credit histories. You can do this yourself at no charge, though LifeLock renews the alert every 90 days, which is convenient.

If your credit file contains this type of fraud alert, any credit card company, bank or other entity so alerted is supposed to hit the pause button when reviewing most types of credit applications in your name. Then, the company is required to use “reasonable” procedures to make sure the applicant is really you.

And therein lies the hitch. A fraud alert is not a lock for your life at all. “It’s not a red flag, it’s a yellow flag,” says Steve Ely, president of personal information solutions for Equifax. “Fraud alerts do not prevent new account fraud, and it’s a shame that lots of competitors are suggesting that to the public and getting away with it.”

Instead, a fraud alert is more like a burglar alarm. And if the alert repeatedly fires off false alarms, forcing creditors to constantly double-check the identities of LifeLock customers who have never been victims of fraud, it is possible that those credit issuers will pay less attention to them. Experian is so worried about this, along with other issues, that it has filed suit against LifeLock.

Mr. Davis of LifeLock says he does not believe his company is contributing to the degradation of fraud alerts. The deterrent effect of so many alerts, he said, will cause thieves to find some other way to make a living. Sure, he said, fraud alerts make the application process more time-consuming and expensive for creditors. But it would make no sense for them to start ignoring the warning flags. “Go figure that costly expense versus the write-off for laptops and plasmas” that thieves would buy if the alerts did not stop them, he said.

LifeLock also offers a $1 million service guarantee. This sounds like insurance, but it is really just a warranty. LifeLock promises that if there is a defect in its own performance — say, it fails to initiate or reset a fraud alert — it will pay up to $1 million to restore your good name. In practice, Mr. Davis said, the company helps customers who run into trouble even when LifeLock is not at fault. There is no guarantee it will continue to do that, though Mr. Davis says the company’s good name depends on it.

But it is unlikely that LifeLock will ever pay anything near $1 million. It won’t, for instance, cover the difference between the interest rate you will pay if a thief’s activities destroy your credit score and the lower rate you should be getting. It will not pay for lost wages or reimburse you for the time you may need to deal with the issue, though it may hire people to help you. The guarantee, as the company states in its own terms and conditions, is “limited.”

Though LifeLock offers a few other services, they are not enough to make me a buyer, not at this price. I do count myself among the paranoid and prevention-minded, which is why I have a freeze on my credit files. This is one (big) step beyond fraud alerts, since credit freezes lock your files so that no new creditor can get to them. It’s the closest thing to a silver bullet against new account fraud that exists at the moment — unless you live off the grid.

It is also a mild pain. You usually have to pay a small fee to each credit bureau for the freeze and pay for temporary thaws whenever somebody needs to look at your files. And you have to call the agencies with passwords in advance when you do want to grant access. You may need to do this a few times each year.

If you don’t want to spend anything, there is plenty you can do to drop your risk far below the 0.8 percent that the government figures suggest.

Lock your mailbox. Switch from paper bills. Shred confidential mail and credit card pitches. Secure your paper files. Do not carry paper checks or a Social Security card every day, lest you lose them. Be especially meticulous if a relative or others close to you are having financial or substance abuse problems.

Windows XP SP3 Is Not Bug-Free

Nautilus Sci/Tech
May 11, 2008

With just a few days from its official release, the Windows XP Service Pack 3 is already receiving a large numer of post-instalation complaints.

Apparently, the up-date causes a series of problems, from random blue-screens to continuous reboots.

Jesper Johanson, a former program manager for security policy at Microsoft, who now runs a Windows blog, explained the situation in one of his recent blog posts:
"At this point, I want to clarify that the endless rebooting is not at all related to SP3 per se. The problem is that with some configurations, SP3 causes the computer to crash during boot, and Windows XP, by default, is set up to automatically reboot when it crashes. That is why you end up in the endless rebooting scenario."

According to Mr. Johanson, the easiest solution is to disable the "automatic restart on system failure" option, while operating in safe mode.

Errors and system failure are quite common with Microsoft’s service packs and usually, answers and solutions become available on a very short term.

Microsoft also announced that the installation of the XP SP3 will not allow users to downgrade from Internet Explorer 7 to IE 6.

The company stated that a series of tests and investigations are being conducted and as soon as results will show, the customers will be immediately informed. Also, through one of it’s officials, Microsoft asked its buyers to contact the Microsoft Customer Support Service on any issues concerning the Windows XP SP3 installation.

Google Gains on Microsoft With Hosted Security Offering

Nautilus Sci/Tech
May 11, 2008

With every Google enterprise announcement Microsoft must hear the war drums beating.

Sure, Google owns the search market. And, as a result, the company is the online advertising leader. But Microsoft has all those Windows desktops out there, and owns the corporate market, right?

Well, maybe not for long.

Sure, software as a service and cloud computing don't sound as sexy as free e-mail and pay-per-click, but they are the wave of the future, experts say.

On Thursday, Google unveiled a re-branded Web Security for Enterprise based on the Postini technology it acquired last year. The Web-hosted service protects corporate Web and e-mail users from viruses, spyware, and malicious Web sites, and extends protection directly to remote workers if needed.

This is all part of Google's hosted apps business, but targeted at corporate customers instead of consumers who expect--and get--hosted services for free, at least for now.

By putting traditional desktop applications, e-mail, word processing, and calendars into the cloud, Google relieves corporations of the administrative burden of having to buy hardware, install software, and hire people to maintain it.

This greatly reduces the costs for corporations and allows them to focus on their core businesses. And by beefing up the security of its hosted offerings, Google has removed a large impediment to widespread corporate adoption of its hosted services.

"Securing the current enterprise environment is futile," Philippe Courtot, chief executive of Qualys, which offers security as a service to corporations, said in an interview on Friday. "This is a problem Microsoft should have fixed a long time ago."

With an arsenal of search, Web-hosted apps and the advertising-supported "money-making machine...Google is going to kill Microsoft," he predicted.

Google's offering is compelling for corporations because of the ease with which they can be up and running without any IT headaches, says Nitesh Dhanjani, senior manager and leader of application security services at Ernst & Young.

"Microsoft says 'here's the software.' Google says 'it's already there; we just create the accounts and you can start today,'" Dhanjani says. "We're seeing, from an IT perspective, that in the next couple of years services will move into the cloud, even security services, so Google is really thinking ahead."

Microsoft certainly recognizes this trend. The company turned its FrontBridge acquisition into Microsoft Exchange Hosted Services, which includes security. But the software giant doesn't have a pure, software-as-a-service-based messaging security platform like Google or MessageLabs, says Paul Roberts, senior analyst for enterprise security at The 451 Group.

"Microsoft clearly sees the light that the Web and the Internet are the OS (operating system) of the future and that selling shrink-wrapped software isn't going to be feasible," Roberts says.

Peter Firstbrook, a program director at Gartner, summed it up this way: "I wouldn't ring the bells yet, but it is another feather in Google's cap; another service they can offer so that they become more strategic to their customers."

Stolen Laptop, Knowledge & Software Helps Turn Tables on Suspects

White Plains Police Department,
Edmon Shahikian, top, and Ian Frias were arrested.

Nautilus Sci/Tech
May 10, 2008

WHITE PLAINS — The thieves were voracious, filching flat-screen televisions and computer games, purloining iPods and DVDs, even making off with a box of liquor and a set of car rims in a burglary two weeks ago at an apartment three young people shared here. Luckily, they also took two laptop computers.


One of the laptops was a Macintosh belonging to Kait Duplaga, who works at the Apple store in the Westchester mall and thus knows how to use all its bells and whistles. While the police were coming up dry, Ms. Duplaga exploited the latest software applications installed on her laptop to track down the culprits and even get their photographs.

On Wednesday, the police arrested Edmon Shahikian, 23, of Katonah, and Ian Frias, 20, who lives in the Bronx. Virtually all of the property stolen from the apartment was recovered at the two men’s homes. They face charges of burglary and possession of stolen property; Mr. Shahikian was released on $3,500 bail, while Mr. Frias was at the Westchester County Jail, held in $7,500 bail.

“It doesn’t get much better than their bringing us a picture of the guy actually using the stolen property,” Daniel Jackson, the deputy commissioner of public safety in White Plains, said in a telephone interview on Friday. “It certainly made our job easier. The fact that they knew who these guys were certainly added solvability.”

The high-tech solving of the White Plains burglary, which was reported Friday in The Journal News, is one of several recent cases in which the police and crime victims have turned the keyboards on their adversaries, so to speak, taking advantage of computer software and other high-tech tools.

In March in Modesto, Calif., for example, the police recovered a stolen computer containing vital personal information, including Social Security numbers, belonging to the public school system’s 3,500 employees. Detectives used tracking software on the computer to apprehend a suspect, who had a long criminal record. The police said he had stolen the computer from a data processing firm, perhaps with the intention of committing identity theft.

Here in White Plains, a break in the case came on Tuesday when a friend of Ms. Duplaga’s sent her a congratulatory text message on the return of her stolen computer. “She said, ‘I don’t know what you’re talking about,’ and her friend said, ‘Well, you popped up as being online,’ ” Mr. Jackson said.

He said that Ms. Duplaga immediately signed on to another Macintosh computer and, using a feature called “Back to My Mac,” was able to gain access to her missing laptop remotely. She could see that that the person who had her computer was shopping for beds, Mr. Jackson said. Then it occurred to her that she could activate a camera on her laptop and watch the thief live.

At first, the photo application revealed only a smoky room and an empty chair, Mr. Jackson said, but then a man sat down. Ms. Duplaga, again using remote technology, typed in the command to snap a photo. “When you take a picture with that computer, it shows a countdown, and when it does, this guy figures out what’s going on,” Mr. Jackson said. “It all clicks for him, and he puts his hand up to cover the lens, but it was too late. She had already taken the picture.”

Had the suspect been a complete stranger, the photographic evidence would have been a “great lead,” but not the decisive clue, Mr. Jackson said. He said that when Ms. Duplaga described the tattooed subject of the picture to one of her roommates, the roommate replied: “Oh, I know exactly who that is — it’s Ian,” referring to Mr. Frias.

Mr. Frias and Mr. Shahikian, it turns out, had been among the guests at a party at the apartment weeks before, and were friends of friends of the victims, as Mr. Jackson put it. Ms. Duplaga was able to retrieve a photograph of Mr. Shahikian from the laptop as well, but Mr. Jackson was not aware of the circumstances. Mr. Jackson said that Mr. Frias and Mr. Shahikian were arrested last year on a felony marijuana possession charge, but are not career criminals. The disposition of their cases was not known.

Mr. Jackson said that Ms. Duplaga did not wish to be interviewed. On Friday, no one answered the door at the beige colonial-style house on Ridgeview Avenue where she rents an apartment diagonally opposite a church. The neighborhood is on the edge of the city’s downtown; in recent years, many of the prewar homes have been renovated.

An Apple spokesman declined to comment on the case or on the phenomenon of tracking criminals through computer software.

“Back to My Mac” is part of an online service that costs $99 per year and allows users to gain access to their personal computer from any connected Macintosh computer with the operating system Leopard. The software that Ms. Duplaga used to take a picture of the thief, called PhotoBooth, is standard on all newer Apple laptop models, perhaps an unintended new frontier in crime-fighting.

“It’s certainly a great use of what was probably meant as a business product,” Mr. Jackson said. “But if she had taken the picture and didn’t know who he was, we wouldn’t be in the same place as far as the investigation goes.”