Ryan Clothier

In its search for water on the moon, NASA slammed not one, but two, spacecraft into a deep, dark crater on the lunar south pole this morning. NASA successfully nailed a target about 230,000 miles from Earth - twice. It was a precision operation. The Lunar Crater Observation and Sensing Satellite, known as LCROSS, separated into two sections last night.

Four minutes later, the rest of the space probe shot through the miles-high plume of debris kicked up by the first impact, grabbed analysis of the matter, and then it too crashed into the lunar surface. Its empty rocket hull, weighing in at more than 2 tons, was the first of the two pieces to slam into the lunar surface at 7:31 a.m. EDT today. Effectively, it was a one-two punch designed to kick up what scientists believe is water ice hiding in the bottom of a permanently dark crater. NASA said it will issue a report on its initial analysis of the probe at10 a.m. EDT today. With NASA still hopeful to one day create a viable human outpost on the moon , it would be helpful for anyone there to find water rather than haul it up from Earth.

NASA had been promising live images of the impact and resulting debris plume but the live images on NASA TV disappeared moments before impact. The orbiter is expected to send its own analysis of the debris plume back to earth later this morning. The LCROSS spacecraft, which blasted off from Cape Canaveral Air Force Station in Florida on June 18, went aloft with its companion satellite, the Lunar Reconnaissance Orbiter . As the Atlas V rocket carrying lifted off, a NASA spokesman called it "NASA's first step in a lasting return to the moon." NASA's Lunar Reconnaissance Orbiter , which has been in orbit around the moon since late June, was 50 kilometers above the moon's surface during this morning's impact. The LCROSS spacecraft heavily loaded with scientific gear. The instruments were selected to provide mission scientists with multiple views of the debris created by the hull's initial impact.

According to NASA, its payload consisted of two near-infrared spectrometers, a visible light spectrometer, two mid-infrared cameras, two near-infrared cameras, a visible camera and a visible radiometer. Before it crashed into the moon, LCROSS was transmitting data back to NASA mission control at 1.5 Mbps, NASA noted this morning.

Start-up Avere Systems has unveiled a tiered network-attached storage product that automatically moves data among four different types of storage to improve performance and minimize wasted disk space. You don't have to set policies. Avere's FXT Series NAS products combine SAS, RAM, SSD and SATA drives into one centrally managed system. "We do tiering on the fly," says Avere co-founder and CEO Ron Bianchini. "It's 100% automatic. We look at the blocks as they're moving between the application and storage server and we determine where they go based on access frequency and data characteristics." Nine data storage companies to watch  One challenge facing customers is that disk drive capacity has been growing faster than performance, forcing them to buy more storage than they need to get the required performance, Bianchini says.

The FXT Series uses RAM for small reads and writes; SSD and SAS for large random reads and writes; and SAS drives for large sequential reads and writes. Utilization rates can be improved by intelligently moving data across different tiers based on changing needs, he says. Archival needs are handled by SATA drives. The customer's normal backup and mirroring processes stay the same, Bianchini says. The FXT system itself includes the RAM, SSD and SAS. Customers buy SATA drives separately, and it all gets managed by the Avere software. Avere was founded in January 2008 and is led by Bianchini, a former senior vice president at NetApp and co-founder of Spinnaker Networks, a storage grid company acquired by NetApp.

List pricing for FXT starts at $52,500. The appliances are available in a 2U form factor and each one features 64GB of DRAM and 1GB of solid-state disk. Avere is backed by $15 million in venture funding from Menlo Ventures and Norwest Venture Partners. One of the appliances includes 1.2TB of SAS disks and the other includes 3.6TB of SAS.

Hackers have apparently found a way to automate the creation of new Facebook profiles by breaking the challenge-response mechanism used by the site to ensure that only humans sign up for the service. The pages are being used to spam links pointing to malicious sites. Security researcher Roger Thompson, of AVG Technologies, today said his company in recent days discovered numerous Facebook pages that were clearly created in an automated fashion using malware programs. Users who click on the link are prompted to install rogue anti-spyware tools on their systems, he said.

All of the pages contain the same profile picture but with different user names. So far, AVG has noticed a "couple of hundred" Facebook pages that appear to have been created by an automated malware program. From a security threat standpoint, the Facebook break-in doesn't appear to be particularly serious, Thompson said in his blog. Simon Axten, a Facebook spokesman, said the company is investigating the report and is working on identifying the fake accounts "so we can disable them en masse." In an e-mail message, Axten said that the URL contained in the profiles has already been blacklisted by major Web browsers and have been blocked from being shared on Facebook. And Facebook is sure to deactivate all the new accounts "as quickly as they find them." Even so, the fact that hackers got past Facebook's Captchas highlights a continuing trend by attackers to try and exploit social networks, he said. The company is using a third-party Captcha company called reCAPTCHA, which was recently acquired by Google and "is about as well-regarded a Captcha provider as there is," he said.

Another possibility is that those responsible for the attack farmed out the Captchas to be solved by humans for a price. "On the education front, we encourage users not to click on strange links and to take appropriate steps if they feel their computer or Facebook account has been compromised," he said. Facebook is trying to understand how the new accounts were created, though it is possible that the sign-up process was manual. In a note posted today , the Internet Crime Complaint Center (IC3), which is a partnership between the FBI and the National White Collar Crime Center, warned about the trend. According to the IC3, fraudsters are using spam to promote phishing sites or to entice users to download an application or view a video. Fraudsters are continuing to hijack attacks on social networking sites and are using them to spread malicious software, the IC3 warned.

Users visiting such sites or clicking on the videos and photos then get infected by various pieces of malware. Adjusting Web site privacy settings, being selective about friends and what they are allowed to view and disabling options such as texting and photo sharing when they are not being used are all ways users can protect themselves on social networking sites, it said. Often the spam is disguised to appear as if it were sent from a user's 'friend.' Some attackers also plant malicious ads containing malware downloads on social network sites, the IC3 note warned Users of social networking sites need to be aware of such threats and take measures to address them, the IC3 said.

Tens of thousands of customers of Heartland Payment Systems are finding themselves caught in the middle of an escalating war between the payment processing vendor and point-of-sale terminal vendor VeriFone Inc. The dispute is threatening to push back industry efforts to implement new encryption technology for protecting credit and debit card data. Both companies are angrily accusing each other of a litany of misdeeds and have filed a total of four lawsuits in three courts over the past two months.

It has also left thousands of merchants in serious doubt about the quality of support they will receive for their point-of-sale (PoS) systems over the next few months. The technology is designed to enable merchants to encrypt card data from the moment a card is swiped at a payment terminal to the point where it comes to rest at the card issuing bank. At the center of the dispute is an end-to-end encryption technology called E3 that is being developed by Heartland to protect credit and debit card data flowing over transaction-processing networks. Besides offering E3 to other PoS vendors, Heartland is planning on manufacturing its own terminals featuring E3 technology. It's the first major end-to-end encryption effort in the industry.

Heartland launched the encryption effort in the wake of the disastrous systems intrusion last year that exposed data on more than 100 million credit and debit cards. The Princeton, N.J.-based Heartland is one of the largest payment card processors in the country with more than 250,000 merchants using its transaction processing services. Heartland claims that less than 50% of its customers user VeriFone terminals. Of those, about 175,000 merchants use VeriFone's payment terminals. VeriFone sued Heartland in September, claiming infringement of VeriFone's technology in building E3. VeriFone claimed that Heartland was gearing up to be a competitor by manufacturing its own PoS terminals featuring the E3 technology.

In the weeks since filing the lawsuit, VeriFone has mounted a vigorous communication campaign warning Heartland customers about the potential disruptions they could face if they fail to register with VeriFone by Dec. 31. In statements posted on its Web site, press releases and court filings, VeriFone has questioned Heartland's ability to continue supporting VeriFone terminals after Dec. 31. Verifone has also filed a second lawsuit seeking damages for patent infringement. "If Heartland were to be cut from any support, its customers would be forced to reach out directly to VeriFone," a VeriFone spokesman said today in an e-mail. VeriFone said it will discontinue support of all its terminals used by Heartland's customers after Dec. 31 unless each merchant registers separately for free service with the company by then. After Dec. 31, Heartland merchants who do not make other arrangements have no assurance of software updates, troubleshooting or other intervention by VeriFone, the spokesman said. "Heartland certainly cannot by itself update and maintain VeriFone code and to claim otherwise is ludicrous," he said. In a lengthy open letter posted on the company's Web site a few weeks ago Heartland CEO Robert Carr claimed that VeriFone didn't want Heartland to work with other manufacturers to produce E3 terminals and instead wanted to be the sole E3 terminal provider. In a countersuit, Heartland said VeriFone brought the lawsuit only because Heartland wanted to work with other manufacturers - and not just Verifone - to produce E3 terminals. Carr has also accused VeriFone of wanting to "line its own pockets" by seeking to charge merchants an unnecessary fee for implementing E3 technology on VeriFone's payment systems.

In a second lawsuit filed this month, Heartland accused VeriFone of "false claims" and "unethical attempts" to scare customers over service and support issues. Heartland insists that it can support all of its customers who are using VeriFone payment terminals. Carr has also maintained that VeriFone's real reason in getting merchants to sign up for the free support is so that it can compile a customer list which it then plans on giving to Heartland's rivals in return for their business. Carr insisted that the company has the parts, the inventory and alternative sources of supply to continuing support merchants using VeriFone terminals. Speaking with Computerworld today, Carr bluntly accused VeriFone of "lying." VeriFone's claim that Heartland would be unable to support merchants using VeriFone's terminals, is a deliberate distortion of the facts, he said. We don t need their software, we don t need VeriFone at all, Carr said.

Considering how the effort was touted as the "next big thing in the industry, it is a little disheartening to see that there can't be more cooperation," between Heartland and VeriFone, Bokor said. The dispute is likely to having a chilling effect on end-to-end encryption attempts in the payment industry, said Andy Bokor, chief operating officer of Trustwave, a Chicago-based company that conducts security and compliance testing for some of the largest merchants in the country. "Many of us in the payment industry were curious to see how Heartland's end-to-end encryption would work," Bokor said. The dispute highlights the need for payment processors and vendors of PoS systems to work together to implement any kind of end-to-end encryption, he said. Many merchants are hesitant to implement the technology because it offers them no immediate benefit from a compliance standpoint, Litan said. Avivah Litan, an analyst with market research firm Gartner Inc., said the lawsuits will only serve to further confuse merchants about end-to-end encryption efforts. The dispute will only serve to further "stifle efforts and movement in this area" she said. "For now, the main parties that are interested in this technology are the payment processors and terminal manufacturers that are trying to sell it to their clients in order to increase their revenues. "

The U.K. government said Monday it plans to push for a law requiring service providers such as ISPs to retain data about instant messages, e-mail and other electronic communications. Showing the deep concerns about privacy among the British public, some 90 respondents out of 221 did not answer the questions on the basis that they were opposed to any kind of surveillance imposed by the government. The government argues that knowing the participants, timing and method of a communication - but not its contents - is vital in protecting the public from serious crime and terrorism. "It is a highly technical area and one which demands a fine balance between privacy and maintaining the capabilities of the police and security services," according to a statement attributed to David Hanson, minister of state for security, counter-terrorism, crime and policing. "We will now work with communications service providers and others to develop these proposals and aim to introduce necessary legislation as soon as possible." The government formulated its position after it asked public authorities, private companies and the public for their views on how communications data should be collected, under what authority and how it should be stored. Under the plan, the government would require service providers to retain all communications data, even that related to third-party services which are accessed using their networks.

Under that directive, data must be retained for 12 months. "This is a 'third-party' relationship, and the company providing the broadband access has no responsibility under the DRD to retain third-party data," according to the government's response to the consultation. The government says that existing European Union legislation - the E.U. Data Retention Directive - does not go far enough and only covers the services provided by the network provider. The data collected would be stored by the service providers and not in a central database. Government authorities would be able to request data under the Regulation of Investigatory Powers Act of 2000, which mandates rules for accessing communications data. It hasn't been determined how long service providers would be required to hold the data.

It is expected service providers would have to spend as much as £2 billion (US$3.34 billion) to implement technology to comply with a new law requiring data to be retained. "The government will work with communications service providers to develop solutions which minimize the potential disruption to their business," the government statement said. There isn't a fixed date for the next general election but it must take place before June 3, 2010, according to the Electoral Commission. The Labour government's data retention plan, however, could potentially be disrupted by an election. The Conservative Party is expected to pose a strong challenge to Labour, which has been in power for 13 years.

Barracuda Networks has acquired start-up Purewire in an effort to expand its footprint in the market for Web security services. Barracuda Networks, which offers content-security appliances to guard against threats involving e-mail, Web and instant messaging, says the acquisition of Purewire will allow it to expand into the Web security software-as-a-service (SaaS) market. Hottest tech M&A deals of 2009 Launched last year, Purewire offers a managed security service to detect and block malware. Purewire's co-founders will assume management positions at Barracuda.

CTO Paul Judge will become vice president of cloud services and chief research officer. Mike Van Bruinisse, Purewire's CEO, will join Barracuda as vice president of enterprise sales. Judge will be in charge of combining the Purewire and Barracuda Labs research teams to identify and track threats, says Dean Drako, president and CEO of Barracuda, based in Campbell, Calif. Today about 85,000 organizations make use of Barracuda's security products. Current plans call for Purewire to remain in Atlanta. "We have need for more senior management," Drako says, adding that Purewire's co-founders have done a great job developing a new platform at the start-up and have considerable industry experience. "Under their leadership, Purewire has helped to shape the Web security SaaS market in a very short period of time," Drako says.

Some customers deploy the appliances on their own, and others opt to use them in conjunction with cloud-based services, including backup services. Drako also notes that the Purewire service should benefit from Barracuda's extensive sales and marketing group. The addition of Purewire promises to expand Barracuda's services portfolio. The companies did not disclose the value of the deal.