Ryan Clothier

Security firm Tiversa Inc. has provided the House Oversight and Government Reform Committee with more reasons to ban peer-to-peer networks in government - some 200 sensitive military documents it recently accessed via such technology. One document contained personal data on dozens of soldiers from the Third Special Forces Group based out of Fort Bragg N.C. and included the names and ages of their spouses and children. The documents include personal data on U.S. troops based overseas, details on sensitive military projects and defense contracts and documents that violate International Traffic in Arms Regulations (ITAR) rules, according to a Tiversa executive.

The House Committee had asked Tiversa to try to access such data for use in its debate on a proposed bill that would ban the use of P2P technology on government networks. That followed Tiversa's disclosure that it had unearthed details about the Obama's Marine One helicopter on a server located in Iran. The request stemmed from a House hearing in July during which Tiversa had disclosed that it found details on safe house locations for the family of President Barack Obama, presidential motorcade routes and other sensitive data on a government P2P network. Those details were apparently inadvertently leaked to the Iranian system from a P2P network. "In an effort to understand the magnitude of P2P risks, and draft appropriate legislation, the Committee asked us to provide additional examples following the hearing in July," said Scott Harrer, brand director of the Cranberry Township, Pa.-based Tiversa. Most of the documents found by Tiversa were marked "secret" and appear to include information from all branches of the military, Harrer said.

Over the past month, the company submitted more than 200 more examples of P2P network data that it has accessed, Harrer said. The company has reported on its findings to the Naval Criminal Investigative Service, Army Criminal Investigation Command and the Air Force Office of Special Investigations, he added. "We have recently seen these files being downloaded in foreign countries, including China and Pakistan," Harrer said. "We have also seen user-issued searches for this type of sensitive data emanating from outside the U.S., so people are in fact actively looking for it." Tiversa's latest disclosures will likely add to growing concerns about the security of P2P networks. In January, Eric Johnson, a professor of operations management at the Dartmouth College Tuck School of Business disclosed how he had found numerous health-care documents on P2P networks. Numerous others have highlighted similar data leaks as well. For example, Johnson said he found a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients at a medical testing laboratory. In many cases, the software is not installed properly and ends up exposing not just the files that the user wants to share, but also every other file on their computers.

Such leaks typically occur when a user installs a P2P client such as Kazaa, LimeWire, BearShare, Morpheus or FastTrack on a computer for the purposes of sharing music and other files with others on the network. A bill that would make it illegal for P2P developers to make software that causes files to be inadvertently shared over a P2P network without a user's knowledge was passed by the House Energy and Commerce Committee last week. The so-called Informed P2P User Act would also require developers to clearly inform users about files that are being made available for searching and sharing, and would mandate that a user agree to the file-sharing first.

Here's a look back at a busy week in Google news stories:   IBM aims at Google, Microsoft with new Webmail  IBM introduced LotusLive iNotes, an on-demand e-mail, calendaring and contact management system meant to compete with the likes of Gmail and Microsoft Exchange. Similar to a bulletin board system, Google Wave, the brainchild of a pair of twins, lets users create shared, ongoing, real-time conversations called Waves. Pricing starts at $3 per user per month, undercutting Google Apps Premier Edition, which costs $50 per user per year.   Google Wave invite-only preview sets off Google Wave mania Google on Wednesday sent out more than 100,000 invitations to developers to preview Google Wave, a new communications and collaboration tool that Google plans to release next year. The application makes it easy for users to share videos, photos and maps.

Google removed the site's home page from its search results in response to a complaint it received under the U.S. Digital Millennium Copyright Act. And big applications vendors like SAP and Salesforce.com are already rallying around it.   Google removes The Pirate Bay home page from search results File-sharing site The Pirate Bay was once again in the crosshairs of copyright owners. A search for "The Pirate Bay" Friday turned up a message at the bottom of the first search-results page that said: "In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 7 result(s) from this page. Textscape alleges Google is violating a patent that covers a method for managing a body of text on a computer that was granted to the company in 1998. Textscape says Google's Chrome's browser improperly uses the innovation.   Google celebrates 11th birthday PC World writes: "Google has come a long way in its eleven-year history, from its humble beginning as a Stanford University research project in 1998, to the global, multi-billion dollar online presence Google enjoys today."   Google eyeing Firefox with Chrome Frame plug-in? If you wish, you may read the DMCA complaint that caused the removal(s) at ChillingEffects.org."   Google, Adobe sued by Textscape over patents  Google and Adobe Systems have been sued by a New Jersey company for allegedly violating patents used for processing text, according to recent court filings. Computerworld reports that Mozilla's chief engineer says Google might build a Chrome Frame plug-in for the Firefox browser.

Features include an equations editor and a language translator. Separately, Computerworld reported that Mozilla officials said Chrome Frame for Microsoft IE could result in "browser soup."    Google Apps takes aim at students Google hired interns to help it figure out how to make Google Apps more appealing to young people, according to PC World. Google expands search control with new options Google is adding new functionality to a side panel that could provide quicker access to relevant search results. The side panel can be activated by clicking the "show options" button on the search results page. The company is adding options to filter search results by blog and news items to the side panel accompanying search results.

These options will provide users quick access to more relevant sources, said Nundu Janakiram, product manager for search at Google. IDG News Service, PC World and Computerworld contributed to this roundup For more on Google, visit Network World's Google Subnet, an independent Google community.

Driven by increased crackdowns on BitTorrent sites such as The Pirate Bay, software pirates are fast-moving their warez to file-hosting Web sites. Hyperlinks to the software can then be distributed by pirates via Web sites, instant messages, or social media sites such as Twitter, said Vic DeMarines, CEO of anti-piracy software vendor V.I. Labs. "It's incredibly easy to use. Sites such as RapidShare, Megaupload, and Hotfile let anonymous users upload large files such as cracked software for free. And what you get is essentially your own private FTP server," DeMarines said.

These memberships, such as the 30-day premium access for $6.99 Euros at Rapidshare, let users download files immediately and without any caps on bandwidth. While sites such as RapidShare allow free downloads, they make their money by charging heavy downloaders for premium memberships. Trade in pirated digital goods , whether it is movies, music or e-books or software, is what drives the popularity and business model of firms like RapidShare. A spokeswoman for Cham, Switzerland-based Rapidshare declined to comment on the V.I. Labs report, saying she would need more information. The site told The New York Times earlier this year that it hosted 10 petabytes of data and up to 3 million downloaders at a time . The Association of American Publishers estimates that half of the pirated books found by its members were linked to Rapidshare. "There's a lot of money being made," said DeMarines. "Without hosting pirated goods, I'm not sure what their revenue model would be." According to a recent investigation by V.I. Labs into the availability of pirated software from a sample of 43 vendors, 100% were on RapidShare.

The site is already among the top twenty most popular in the world, according to Alexa. Though Rapidshare has faced lawsuits related to piracy, DeMarines says it and other file-hosting sites are tricky to prosecute legally becuase uploaders are not required to register or identify themselves. Uploads and downloads to Rapidshare account for 5% of all Internet traffic globally, says German networking vendor Ipoque. Also, Rapidshare tries to distance itself from any knowledge of the pirated goods by not filtering or monitoring the content on its servers. "For us, everything is just a file, no matter what," a spokeswoman told The Times in March. The company even grants certain organizations direct access into their service, so that they can go ahead and delete the hyperlinks and pirated files themselves, DeMarines said.

DeMarines said Rapidshare does comply with the Safe Harbor Provisions of the U.S.' Digital Millennium Copyright Act (DMCA) by quickly taking down pirated files when notified by the copyright holders. Peer-to-peer networking (P2P) does still remain the largest channel for distributing pirated software, movies and other digital content. The most popular network remains BitTorrent , which is used by six out of 10 P22 users, V.I. Labs said. Ipoque said it enables between 43% to 70% of piracy, depending on the region of the world. eDonkey is a distant second, with 20% share, despite hosting almost 900,000 users and 77 million files at any given time.

But file-hosting is growing much faster, Ipoque said, already enabling between 15% to 35% of digital piracy, depending on the region of the world. Once-popular Gnutella is ranked third, with a market-share in the single digits. DeMarines said he expects file-hosting sites to eventually supplant P2P. "P2P is on its way down. Other long-running methods for distributing warez are either stagnant or shrinking. They're too visible, and so the copyright organizations are going to take these BitTorrent tracker sites out," he said. Usenet newsgroups, for instance, have lost popularity due to the large amount of pornography and malware mingled in with the warez, DeMarines said.

Internet Relay Chat (IRC) is "not favored" as a way to transmit files, though announcements and links on IRC to warez hosted on file-hosting sites is growing, DeMarines said.

It's been a long time coming, but after promises, previews, and unexpected leaks, BlackBerry officially released the desktop Mac client for its popular smartphone platform on Friday. BlackBerry Desktop Manager for Mac allows users to sync their contacts, calendar, notes, and to-do data between their Macs and BlackBerrys as well as installing and managing applications for the phone. Prior to this application, Mac BlackBerry owners had to rely on third-party software such as Mark/Space's The Missing Sync for BlackBerry, or PocketMac for BlackBerry, which RIM had included along with its handsets. On the Mac side, data can sync with iCal, Address Book, Mail, or any other applications that use Mac OS X's SyncServices, such as Microsoft Entourage.

And if you live in a household that has as many BlackBerrys as I have iPods, then no worries: BlackBerry Desktop Manager for Mac allows you to sync multiple devices with the same Mac. In addition, BlackBerry owners can also make encrypted backups of their devices and update the BlackBerry system software when new versions are available. Among the most interesting features of BlackBerry Desktop Manager for Mac is that it lets you sync your music and playlists from iTunes. How did RIM succeed where Palm failed? Your mind might immediately conjure images of Palm and its cat-and-mouse games with Apple.

The key here seems to be that RIM doesn't try to inject support for the BlackBerry into iTunes or have its devices pretend to be something they're not. In fact, RIM released BlackBerry Media Sync, allowing Mac and PC users to sync with iTunes and other media software, in December of last year. Rather, BlackBerry Desktop Manager for Mac just references the iTunes library stored on your hard disk and shows you your list of playlists in its own application-something Palm could no doubt have done as well, had it been willing to spend the time. BlackBerry Desktop Manager for Mac is a free download and requires Mac OS X 10.5.5 or later, a BlackBerry running version 4.2 software or higher, and at least iTunes 7.2.

The company behind the new Dell Latitude Z laptop's wireless power charger predicts that its technology will go mainstream next year, with cell phones, MP3 players and Bluetooth headsets featuring the technology at the coming Consumer Electronics Show (CES). Inductive charging, which creates a small-area electro-magnetic field around devices to recharge their batteries, will be slower to emerge on other computers besides Dell Inc.'s new ultra-thin, ultra-premium business notebook, said Bret Lewis, director of Fulton Innovation LLC in Ada, Mich. The long-term vision is for wireless charging pads to become as ubiquitous as electrical plugs are today, enabling users to place their cell phone or laptop down on any pad for quick "snack charges," Lewis said. "You could just charge your device on a pad built into a conference room table, or on a pad you carry [and plug into the wall]," Lewis said. He confirmed that the company is talking to a number of other PC manufacturers.

On the cutting edge of the emerging wireless power industry, Fulton is a subsidiary of Alticor Inc., the parent company of direct-selling company Amway Corp. Fulton is working closely with electronics maker Texas Instruments, which plans to build the charging coils for devices as well as the charging pads. Fulton, which employs about 25 scientists at its central Michigan headquarters, created its "eCoupled" technology several years ago as an outgrowth of research into UV (ultraviolet) -based water treatment systems, Lewis said. The coils could be integrated into devices, which Lewis said shouldn't be much more expensive than conventional power chargers once volumes rise. Fulton's technology is not used in the Palm Pre smartphone, apparently the first cell phone to offer the option of an inductive charger. Or they could embedded into the protective nylon or plastic sleeves for cellphones or MP3 players.

Dell said yesterday that the $199 laptop charging stand add-on kit for its Latitude Z was 70% efficient, making it better than other inductive charging systems. Moreover, plug-in chargers continue to seep between 10% and 20% of a device's normal power draw even when the devices are fully charged or turned off, Lewis said. Fulton's Lewis added to that, saying its technology also compares well with conventional plug-based systems, which he said also run somewhat inefficiently as the electricity travels through its circuits. This well-known "vampire effect" doesn't happen with Fulton's inductive chargers, he said. Fulton's chargers can use other "pinging" technology to turn charging systems off.

The Dell laptop's wireless charger turns off completely when an infrared-based controller signals that the battery is full or the laptop is off, Lewis said. Taking all of that into account, Lewis said that Fulton's charging systems today (download white paper) are "already equal or slightly more efficient" than plug-charging systems. Not only is the energy too weak to harm people, he said, it also eliminates the risk of electrical shocks present from cable-based power. "This is the same technology as your wireless toothbrush. Inductive charging systems also do not hurt electrical components in devices or laptops, Lewis said. We don't think there are any stray fields that will harm you or your devices," he said.

Lewis acknowledged there is no standards group for medium-power devices such as laptops, or high-power devices such as kitchen appliances or electric cars. The company, which also partners with Energizer Battery Inc., is a leading member of the Wireless Power Consortium, which is trying to draw up standards for charging low-power devices (8 to 10 watts) such as cellphones. The electric cars could eventually be recharged by simply parking them over a special pad-equipped parking space while the driver is at work or a meeting, he said. He added, however, that the lack of standards bodies could slow the realization of universal, interchangeable wireless power charging stands that are as omnipresent as wall plugs. "When we still can't figure out whether to put the gas cap on the right or left side of the car, there's a reason to be skeptical" about universal power standards quickly emerging, he said.

Cybercriminals worldwide are amassing domain names to keep their botnet and phishing operations a step ahead of authorities America's 10 most-wanted botnets To obscure their tracks, the criminals register the domain names using phony information, pay with stolen credit cards and hack into legitimate domain-name accounts. The target is usually "a consumer in America." Accredited by ICANN for the .info generic top-level domain (gTLD), Afilias helped organize the Registry Internet Safety Group to find ways to improve security. Adding to the problem of domain-name abuse, some rogue registrars often look the other way as the money rolls in. (See related story, "Domain-name abuse proliferates; rogue registrars turn a blind eye")  Today's cosmopolitan criminals might use "a registrar in China and a Web-hosting company in Russia and a registry in Ireland," says Ram Mohan, CTO at Dublin-based registry services provider Afilias.

Mohan says Afilias has seen about 250,000 domain names taken down in the past 2.5 years because they were deemed to be maliciously used. In the past, standard contracts between ICANN and registrars didn't address domain-name abuse head-on. (Mohan estimates there about 2,000 registrars and retail channels for domain names globally today.) But Afilias successfully lobbied to have the standard contracts amended so that stringent actions against domain-name abuse could be taken, he says. At first the registrars Afilias works with were not too happy to see domain names suspended, but many have come around to see the wisdom in taking action to stop perceived criminal activity, he says. Registry services provider Neustar (accredited by ICANN for the .biz gTLD) is also a big believer in tackling domain-name abuse, which after all, hurts the bottom line. Under its contracts with registrars and ICANN, Neustar can proactively say to a registrar, with a full report, "you have 12 hours to take down that domain name or we will do it," he says. Three years ago, Neustar hired a legal team to handle domain abuse questions and set up an internal, isolated networking lab to make determinations to a "near certainty" about a domain name being used for objectionable purposes, says Jeff Neuman, vice president of law and policy at Neustar.

ICANN has a more informal process for trying to curb domain-name abuse, but that may eventually change, Neuman believes. For instance, .cn, the country-code domain for the People's Republic of China, has emerged as a popular choice for domain-name abuse. Many security researchers today are inclined to blame a lot of domain-name abuse on "rogue registrars" around the world that are said to look the other way when dealing with criminals. For country-code top-level domains, each country through a designated organization directly accredits registrars for the ccTLD, though those registrars may also be accredited by ICANN for gTLDs like .com and .info. ICANN says complaints it received related to inaccurate or missing Whois database information and Beijing Innovative - which initially failed to respond to ICANN inquiries in a timely manner - led ICANN to issue the Chinese registrar a "notice of breach" decision last September, and a remediation plan.

Two ICANN-accredited registrars, Beijing-based Xin Net Technology Corp. and Beijing Innovative Linkage, among other registrars based in China, have gained reputations in some circles as rogue registrars because of the large amount of malicious domains being traced to them over the past year. Mohan says it's important do the analysis to understand the source of domain-name abuse, but critics should also consider evidence that Chinese registrars are being targeted because there's a lot of growth in China and "criminals are hiding in that growth." Mohan was in Beijing just a month ago discussing cybercrime for three hours with Mao Wei, the director of China Internet Network Information Center, the state-run registry for .cn, which is under the control of the Ministry of Information Industry. Just this week, McAfee touched on the China question in a report about e-mail spam that found high-volume, Chinese URL-based "Canadian Pharmacy" spam has started getting blocked amazingly fast, something McAfee never saw happen before. Mohan also spent time with Chinese registrars. "The Chinese government is very strongly aware of this problem," Mohan says. This newsletter-looking spam has used about 1,235 domains on .cn each day in fast-flux mode, but it's "getting black-holed as soon as they come in," says Adam Wosotowsky, principal engineer in messaging tactical response at McAfee. Nonetheless, some say it's hard to escape the impression that around the world, there are places where registrars and others providing domain names look the other way.

This countermeasure makes the spam dead-on-arrival with no Web URL to use. "We're guessing it's Chinese government influence," Wosotowsky says, adding he thinks the pharmacy spam is being used to sell pharmaceutical knock-offs out of Hong Kong. Even governments may be ignoring it, as money changes hands in the lucrative domain-name business. "The moment the bad guys find out something is going on, they move from Estonia to Ukraine,'" says Mohan by way of example. "The kingpins aren't identified. There must be advance notice going to these criminals, or compromised law enforcement." It's big money, big business.