TOP 10 - Hacks, more hacks, Ballmer on Yahoo, OLPC woes

Those nasty JavaScript attacks that besieged thousands of Web sites from January until March started back up again this week, with the hackers setting up shop at a Chinese IP address. Meanwhile, security officials in China expressed worries that computer systems there will be hacked during the Olympics in August, even as hackers went after the CNN site and defaced a sports page with a message that Tibet is part of China, now and forever. Elsewhere, Steve Ballmer said Microsoft is prepared to carry on even if it does not succeed in buying Yahoo, OLPC head Nicholas Negroponte vexed open-source developers with his push to make the XO laptop interface Windows-compatible and a federal court said it's OK for customs agents to spark up our laptops and look over the contents, just because they can.

1. Hackers jack thousands of sites, including U.N. domains: The massive JavaScript attacks that were first detected in January and seemed to disappear since last month have started up again, with U.K. government and United Nations sites infected with malware after being hacked. It's unclear how many sites have been nailed this go-around, but in March the attacks affected (and infected) more than 100,000 URLs. "The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack," according to a Websense alert. "We have no doubt that the two attacks are related." The domain in question is at a Chinese IP (Internet Protocol) address. So was the one in March.

2. Ballmer: Microsoft could walk away from Yahoo deal: We're not sure what to make of this one, but after all the brouhaha and back and forth and digging in of heels, Steve Ballmer hinted at a conference in Milan that the company is "prepared to move forward without merging with Yahoo." But Microsoft's CEO also continued to insist that Microsoft needs Yahoo (even if Yahoo doesn't think it needs Microsoft) to succeed in online advertising and to compete with Google. "Today Google has the lead, there's no doubt about it, and I wanna make sure that they have plenty of competition," he said. "We think the best way to move that forward quickly is to come together with Yahoo. I hope that it works, but if it doesn't, we go forward alone." That sounds sort of lonely and sad, doesn't it? Ah, well. More will be known soon enough, as Microsoft's deadline for Yahoo's decision on the US$40 billion-plus bid is Saturday.

3. China worries hackers will strike during Beijing Olympics and CNN site hit by China attack: Last week a Chinese hacker group called for a cyberattack on CNN's Web site to protest the protests of the upcoming Beijing Olympics by pro-Tibetan and human rights activists. Then the group called off the attack, pulled the plug on its Web site and disappeared into cyberspace. Another group called HackCNN emerged and took over, attacking the site and causing slowdowns, and putting the message "Tibet was, is and always will be a part of China!" in place of scores on a CNN sports site. Then this week rolls around and Chinese security officials express concerns that hackers will go after Chinese computer systems during the Olympics in August. Meanwhile, the government is working to tighten network security, but good luck with that. "China's IT space is really one of the most malware-ridden in the world," said security consultant Jim Fitzsimmons, who is based in Shanghai. "In terms of platforms that people could attack in China, or subvert to attack something else, there's quite a bit out there." Pirated software usage and inattention to security management, including patching software, are factors, he said.

4. OLPC switch to Windows on OX is 'muddled,' developers say: Some open-source developers took umbrage at written comments from One Laptop Per Child Chairman Nicholas Negroponte that they should stop bickering, get along and work to develop a Windows user interface for the OLPC's XO laptops. He wants Sugar, the XO interface that works with Linux, to be separated from the OS core and made platform agnostic. "To do that, we need to hire more developers, work more together and spend less time arguing." His comments, posted in a public note to the OLPC developer community, prompted argument. "You have only succeeded in alienating the developers you need to make Sugar-on-Linux work, without actually achieving any progress on Sugar-on-Windows," replied C. Scott Ananian.

5. Vista SP1 available for phased automatic update: Windows Vista Service Pack 1 is part of the Microsoft Automatic Update service now. Vista SP1 will automatically download to PCs with the update feature turned on. SP1 fixes bugs and glitches in Vista, and its release is widely viewed as key to getting more users, particularly corporate IT shops, to move to the operating system. Although many corporate and business customers hold off on OS "upgrades" until the first service pack is available, there are some still expressing resistance to Vista, insisting they're going to take a pass and wait for the next Windows update.

6. No suspicion needed to search laptops at U.S. borders, says Ninth Circuit: U.S. customs officers don't need a reasonable suspicion to search laptops of people coming into the country, the U.S. Court of Appeals for the 9th Circuit ruled this week, reversing a decision from the U.S. District Court for the Central District of California. The lower court had granted a motion to suppress evidence in an alleged child porn case that was found in a laptop search at Los Angeles International Airport, ruling that customs officers needed reasonable or particular suspicion to check the computer's contents.

7. Earth Day frenzy raises hardware recycling questions: IT vendors joined the Earth Day parade this year, trumpeting their "green" initiatives, but the Basel Action Network (BAN) offered the reality check that it doesn't really count as environmentally friendly recycling to ship discarded electronics to developing countries. BAN took particular aim at 1-800-GOT-JUNK because the collection company offers no guarantee that its free electronic recycling program doesn't export used goods to developing countries. Some areas of developing nations have become toxic-waste dumps as a consequence of used electronics being shipped to them. 1-800-GOT-JUNK, which works with recycling brokers, told partners to avoid sending electronics gear overseas, and some of them complied with that and didn't use recyclers that BAN has identified as shipping discarded goods to developing countries.

8. So what is an enterprise mashup, anyway?: Some attendees at the Web 2.0 Expo are trying to figure out exactly what an enterprise mashup is and whether their IT departments ought to join the mashup frenzy. So, Web 2.0 was a good place for them to be to learn that enterprise mashups are lightweight applications often developed to solve a specific problem, using various standards and often merging internal and external data sources. See, aren't you glad we cleared that up? (The story linked to does a better job of it!)

9. Competitive pay, training reduce IT employee wanderlust: Most of the chief information officers in a recent survey plan to increase compensation, provide training programs and permit flexible work schedules so that skilled IT workers are content to stick around. Better compensation was identified as the top way to boost IT staff retention, according to the survey of 1,400 CIOs by staffing consultancy Robert Half Technology. Retention is top of mind for CIOs because of the ongoing shortage of skilled workers. "Creating an attractive corporate culture, which includes everything from training to work/life balance programs, is crucial for keeping valued employees, especially when the hiring environment for highly skilled professionals is competitive," said Katherine Spencer Lee, executive director of Robert Half Technology. And even though we bet all of you CIOs out there already knew that, it never hurts to hear it again.

10. Apple aims to patent IM features on iPhone: An instant-message client on the iPhone appears to be in the works -- an Apple patent filing titled "Portable Electronic Device for Instant Messaging" includes methods for sending, receiving and viewing such chats. The iPhone doesn't yet have IM support, although AOL recently demonstrated an AOL IM client at the launch of the iPhone SDK.

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022