dimeperclick.com

All the activity going on with AT&T, Comcast, and Cox is likely the first stage in what promises to be a long and drawn out process of using ISPs to help protect copyright material.

Updated Wednesday at 9:00 a.m. PDT to include quotes from AT&T and information about Comcast and Cox.

Sources told CNET on Wednesday that a Comcast executive confirmed that the nation’s second largest ISP is working with the RIAA. At the same Nashville conference where Cicconi spoke, the Comcast exec said the ISP has sent 2 million warning notices to customers accused of infringement by entertainment companies. The sources have also confirmed that Cox is a member. (You can read more about that here: “Comcast, Cox join RIAA antipiracy campaign.”)

Updated Wednesday at 10:37 a.m. PDT to include a statement from an AT&T spokeswoman who wished to correct what she had previously said. She says now that the company asserts in the letters that it has the right to terminate a policy. She said, however, the company has no intention of doing so.

The RIAA had said that under its “graduated response” plan, repeat offenders faced the possibility of their ISP suspending or terminating service–at least temporarily. There are also other forms of escalating responses, such as the sending of multiple letters. Some of the notices could take a stronger tone or perhaps the ISP might follow-up with a phone call. Managers at the organization have also said they support due process to protect people from being falsely accused. What the due process includes has yet to be determined.

AT&T, one of the nation’s largest Internet service providers, confirmed on Tuesday the company is working with the recording industry to combat illegal file sharing.

Representatives of the RIAA could not be reached for comment.

AT&T goes on to tell the accused customer that the problem may be caused by a teenager in the house who may be illegally downloading or that the customer might have an insecure Internet connection and that someone could be using it to steal content.

Early Wednesday morning, an AT&T spokeswoman confirmed that Cicconi made the statements.

At a digital music conference in Nashville, Tenn., Jim Cicconi, a senior executive for AT&T, told the audience that the ISP has begun issuing warning notices to people accused of pirating music by the Recording Industry Association of America, according to one music industry insider who was present.

Cicconi told attendees of the Leadership Music Digital Summit that the notices, which are sent via e-mail, are part of a “trial.” AT&T wants to test customer reaction, he said. It was unclear Tuesday evening if AT&T had included any threats to suspend or shut off service.

ISPs have traditionally tried to stay out of the fray between the big entertainment companies and those who download music illegally. They remain squeamish about the possibility of alienating customers, according to music industry sources. The ISPs also don’t like plans that call for them to cut off access and chase away a source of income.

Updated Wednesday at 3:40 p.m. PDT: AT&T says that it won’t ever terminate service of customers without a court order. To read more updated information about this, go here.

In December, the RIAA, the lobbying group of the four largest recording companies, announced the group would no longer pursue an antipiracy strategy that focused on suing individuals, but rather would seek the help of broadband providers to stem the flow of pirated content. The RIAA said an undisclosed number of ISPs had agreed to cooperate but declined to name them. In January, CNET News reported that AT&T and Comcast were among the group.

Note to readers: Have you received a warning letter from AT&T or another ISP? If so, e-mail me by clicking on the link in my bio below. Please include your contact information. I won’t reveal your name in any story if that’s what you prefer.

The ISP also informs the customer that downloading unauthorized copies is illegal and should be prevented. As for chronic offenders, Jones was less specific but said: “We can’t assume that people are stealing. All we know is that they are using a lot of bandwidth. We can’t be the police or the copyright enforcer…that’s up to the content owner.”

Reached Wednesday morning, Claudia Jones, an AT&T spokeswoman, said the company’s letters do include a mention that company retains the right to terminate service. She wanted to make it clear that AT&T has no intention of doing so, however. Jones also said the ISP never shares customers’ names or any other personal information. What the company does do is send a “cover letter” to the accused customer along with the letter the ISP received from the RIAA stating that the person’s IP address was flagged.

Mark Zuckerberg and Sheryl Sandberg at the D6 conference in May.

Sheryl Sandberg, Facebook’s chief operating officer, said essentially the same thing over the summer–the social network’s focus is on growth.

Maybe it’s advice he heard from a career counselor at Harvard and took to heart: Do what you love, and the money will follow. For now, what Mark Zuckerberg wants most for Facebook is to see it grow and grow and grow some more, without too much fretting over the bottom line.

But what every great Internet company has done is to figure out a way to make money that has to match to what they are doing on the site. I don’t think social networks can be monetized in the same way that search did. But on both sites people find information valuable. I’m pretty sure that we will find an analogous business model. But we are experimenting already. One group is very focused on targeting; another part is focused on social recommendation from your friends. In three years from now we have to figure out what the optimum model is.

For the full interview, including Zuckerberg’s take on Facebook’s Windows Live Search deal, its international growth, and the possibility of an IPO, see ” Facebook CEO Mark Zuckerberg: Our focus is growth, not revenue.”

On Friday, Zuckerberg will be taking part in a “fireside chat” at the Future of Web Apps conference in London.

Of course, it could be less a philosophical matter than a practical one for a site that’s still sketching out its plans for making money to match its popularity. And bless his heart, even in a tanking global economy, Zuckerberg suggests there’s plenty of time for that. He elaborates:

She is an excellent manager. She is very good in building our international organization. I’m focused on the direction of the company, especially of the product development, and the overall strategy. I spend a lot of time working with engineers and product developers. We work together hand in hand.

(Credit:
Dan Farber/CNET News)

In an interview with a blogger for the German newspaper Frankfurter Allgemeine Zeitung, Facebook’s co-founder and CEO minced no words on the matter: “Growth is primary, revenue is secondary.”

How do the two executives divvy up their responsibilities? Zuckerberg said of Sandberg, who joined Facebook about six months ago:

He also made it clear who’s boss: “Me!”

If this is true, that would mean the specification took about seven years to become finalized from the day it was conceived.

The logo you should look for when buying wireless networking products.

For networking vendors, this is also good news. Because all Wi-Fi-certified draft 2.0 products meet the core requirements of–and interoperate with–the updated program, they will be eligible to use the approved 802.11n logo without retesting.

This means if you have bought yourself a Wi-Fi-certified wireless product–and you should only buy a wireless networking product that has been Wi-Fi-certified– it will be working just fine once the spec has become final. Any new features of the final standard will likely be made available to that product via firmware.

Though not yet finalized, 802.11n draft 2.0 products have been widely accepted across consumer and enterprise markets. According to ABI Research forecasts, among wireless networking standards, including 802.11b and 802.11g, shipments of Wireless-N (802.11n) products will reach 45 percent this year and grow to nearly 60 percent in 2012.

The group announced Thursday that it will not change the baseline requirements of its 802.11n certification program, and plans to make only small optional additions to address the finalization of the 802.11n standard. The updated test program will preserve interoperability with more than 600 Wi-Fi-certified 802.11n draft 2.0 products released since June 2007, while adding testing for some optional features now included in the final standard.

So what does it mean for consumers? Apparently not much, according to the Wi-Fi Alliance, the group that tests and certifies wireless networking products to ensure their interoperability.

The optional features to be tested in the final standard include:

Packet aggregation (A-MPDU), to make data transfers more efficient Space-time Block Coding (STBC), a multiple-antenna transmission technique to improve performance in some environments Channel coexistence measures for “good neighbor” behavior when using 40 MHz operation Testing for devices supporting three spatial streams

Matthew Gast, a voting member of the Institute of Electrical and Electronics Engineers (IEEE), suggested in his recent blog that the current Wireless-N (or 802.11n Draft) specification is going to be finalized in September.

Certainly, GM will continue to sell SUVs, trucks, and large sedans–highly profitable product categories that flourished when gasoline was cheaper than now. But GM’s designers have sharpened their focus on smaller fuel-efficient cars and crossovers, betting that rising gasoline prices are inevitable.

(Credit:
General Motors)

The smaller cars–none would qualify as a tiny, two-seater–will help the company meet fleet mileage mandates and help GM better compete on fuel efficiency, company executives and analysts said.

On Tuesday, Welburn took the wraps off an entry-level Cadillac. Even designers at its GMC brand, known for its giant SUVs and trucks, have created a model of a compact, which roughly resembles a Nissan Cube.

GM has been able to get substantially better fuel efficiency on its large vehicles, too, noted Dennis Virag, the president of Automotive Consulting Group in Ann Arbor, Mich. The Chevy Equinox, for example, gets about 32 miles per gallon while most SUVs get about 20 or 22, he said.

“The whole trend in the industry is towards smaller and fuel-efficient vehicles but the consumer still wants the amenities,” Virag said.

Henderson said that GM is seeking to meet or exceed the industry benchmark on fuel efficiency not only to meet government mandates but to appeal to consumers who expect gasoline prices to continue going up.

“Our fundamental premise of planning for higher gas prices is the right premise,” he said.

But GM’s vice president of global design, Ed Welburn, made clear that the goal isn’t just to turn out “econoboxes” that post good mileage ratings.

The auto giant opened up its design studios and testing grounds to the media on Tuesday to showcase its product pipeline of 25 new models over the coming two years. Having dramatically cut costs, its turnaround now rides on its ability to sell new cars.

Higher gasoline prices

During a tour of GM’s design studios on Tuesday, company executives showed the compact cars and smaller crossovers in its pipeline. Later this year, GM will release the Chevrolet Cruze, a four-door compact, and introduce a two-door compact, the Chevy Spark, in 2012.

The Chevy Spark, one of GM's upcoming 'small and cool' cars.

Although the Chevrolet entry-level brand will tend to have most of its compacts, even its higher-end brands–Buick, GMC, and Cadillac–will introduce or are exploring smaller models.

“Cool and small is the next big thing,” said Welburn said. “Small cars have been done before but it was always like, ‘I can’t afford big so I have this.’ I believe small cars can be cool.”

WARREN, Mich.–For all the attention on the electric Chevy Volt, General Motors has big expectations for another key car segment: small cars.

Meanwhile, its Buick lineup will feature a smaller crossover, a new compact sedan, and a plug-in hybrid crossover, which will all be available over the next two years.

“The days when we did a great Silverado (pickup truck) and did an adequate small
car–over. We can’t do that as a company,” CEO Fritz Henderson said during a press conference on Tuesday. “If we do (small cars) well, I think we’ll reopen ourselves to a market that frankly we haven’t done as well as we should.”

Corrected at 9:17 a.m. PDT:
The name of the maker of the Cube was incorrect. It is Nissan.

The vulnerability undermines the system of trust that the Web relies on for e-commerce and other activities, according to Kaminsky. By uncovering it, a crisis may have been averted, he said.

“This is our best technology for doing authentication and it failed,” he said. “We’ll fix it, but it’s another sign that we need to revisit how we do the basics; how we do authentication on the Internet.”

Meanwhile, a Mozilla representative said: “We strongly disagree with the suggestion that users turn off security updates. Regular security updates are one of the best protections users have against newly discovered vulnerabilities in any piece of software. They are the path by which problems like the ones Moxie identified get quickly remedied before they can be exploited.”

“The diabolical thing is this is a vulnerability, but the update mechanisms themselves cannot be trusted,” Marlinspike added.

The attacker can ensure continued interception of a victim’s data, as well, by intercepting the
Firefox auto update requests, which depend on SSL, he said in an interview. Marlinspike wrote a software tool to enable this, working with a modified version of Firefox “so that anytime you submit something to a site it sends me a copy,” he said.

Marlinspike said he will release his tool as soon as a Firefox patch is out, possibly in the next week or so.

Updated on July 30 at 2:27 p.m. PDT:
Marlinspike said the issue he presented has been fixed in Firefox 3.5 and that Mozilla is working on packporting the patch into the 3.0.x series now.

“They all need to change their implementation of SSL,” he said, adding that he has been working with Mozilla.

Kaminsky was able to do this by exploiting a vulnerability in X.509, the protocol for generating SSL connections.

Moxie Marlinspike

(Credit:
Elinor Mills/CNET News)

Kaminsky said extended certificate validation–to prove the identity of the organization behind a Web site–should be used for any site at which phishing is a threat. He also suggested that much of the problem could be solved with the use of DNSSEC, extensions to DNS that provide additional information to servers about the data communication and its origin.

Meanwhile, Kaminsky, director of penetration testing for IOActive, said he was able to trick a Certificate Authority into providing a certificate verifying authenticity for a domain that belongs to someone else. He tested his attack using a fake Defcon.org domain and was able to use a naming trick to convince the Certification Authority running SSL to not contact the domain owner to verify the validity of the request.

(Credit:
Elinor Mills/CNET News)

Marlinspike, an independent researcher, said a flaw in the way browsers and mail clients implement Secure Sockets Layer (SSL) allows for so-called man-in-the-middle attacks in which an attacker could trick browsers into presenting the site as legitimate.

LAS VEGAS–Two researchers have separately uncovered flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

Dan Kaminsky

VeriSign no longer uses the MD2 standard, having transitioned to the SHA-1 algorithm on May 17, said Tim Callan, a vice president of product marketing at the domain registrar.

Chrome and Internet Explorer are also vulnerable to such an attack, but it would be harder on IE since that browser employs an additional step of using code signing certificates, he said. Marlinspike said he had not analyzed Chrome enough to see how serious of an issue it would be.

He said he was able to use several different types of attacks to exploit the X.509 vulnerability that has been resolved and one involving the MD2 hash algorithm standard to sign certificates that is being phased out.

“We’re completely behind any efforts to improve X.509″ and DNSSEC, he said.

Dan Kaminsky, who discovered a serious flaw in the Domain Name System (DNS) last year, and Moxie Marlinspike gave presentations at the Black Hat security conference on Wednesday about how someone could acquire certificates for domains they don’t own and thus trick people into visiting those illegitimate sites or inadvertently sharing information.

“If a Certificate Authority and a browser disagree about a name being validated, an attacker could impersonate any domain name,” he said in an interview following a press conference after his talk.

And until Mozilla changes the way its auto update system handles SSL he suggested users turn off the auto update function on Firefox.

It’s likely Levinson will be forced to pick one of the companies.

Reuters reports that Schmidt’s resignation would usually close an FTC investigation of interlocking boards. However, former Genentech CEO Arthur Levinson is on the boards of Apple and Google.

Google CEO Eric Schmidt has resigned from Apple’s board but that won’t be enough to curtail a probe by the Federal Trade Commission.

In a terse statement, FTC bureau of competition director Richard Feinstein said:

This was originally published at ZDNet’s Between the Lines.

We have been investigating the Google/Apple interlocking directorates issue for some time and commend them for recognizing that sharing directors raises competitive issues, as Google and Apple increasingly compete with each other. We will continue to investigate remaining interlocking directorates between the companies.

Like Microsoft, Google was quick to point out to the BBC that the phishing scheme was a “scam to get users to give away their personal information to hackers” and not an internal security issue. It didn’t say how users fell victim to the scheme.

“We recently became aware of an industrywide phishing scheme through which hackers gained user credentials for Web-based mail accounts including Gmail accounts,” a Google representative told me in an e-mail.

In an e-mail to CNET, a Google representative said that the company had to reset the passwords on fewer than 500 Gmail accounts so far. However, that figure could change.

Hotmail users aren’t the only ones who’ve been hit by a phishing scheme over the past week. Google told BBC News on Tuesday that Gmail users have also been affected by the hackers who posted passwords online.

Updated at 9:10 a.m. PDT
to include Google’s comments.

Despite Google’s and Microsoft’s awareness of the problem, it doesn’t seem that users are out of the woods just yet. Google’s representative told CNET that it will continue to force password resets on any newly affected user accounts.

The problem is far more widespread than was disclosed on Monday, possibly affecting Yahoo and AOL e-mail accounts as well, according to BBC News.

The representative said that Google immediately “forced passwords resets on the affected accounts.”

Google’s admission that Gmail users were affected by the phishing scheme comes on the heels of Microsoft acknowledging that over 10,000 Live Hotmail accounts were compromised by the scam. The passwords apparently first hit the Internet on October 1.

Google described the issue as an “industrywide phishing scheme.” BBC News said it has seen two lists posted online with “more than 30,000 names and passwords” from Gmail, Yahoo, AOL, Microsoft’s Windows Live Hotmail, and other service providers.

Google announced Tuesday that its video site is opening the YouTube Partnership Program to the masses–provided they’re packing a hot video.

Once a user says yes, YouTube goes to work selling advertising against the user’s video.

(Credit:
Greg Sandoval/CNET News)

“To determine whether a particular video is eligible for monetization, we look at factors like the number of views, the video’s virality, and compliance with the YouTube terms of service,” YouTube said in the blog. “If your video is eligible for monetization, you will receive an e-mail and see an ‘Enable Revenue Sharing’ message next to your video on the watch page, as well as in other places in your account.”

The program gives YouTube the ability to choose only the choice material.

Now anyone has the potential to share in ad revenue, not just megahits like "Fred", the YouTube character created by teen Lucas Cruikshank, seen here.

“It’s taken us some time,” YouTube wrote, “to build out the YouTube Partnership Program, our content-management tools and other infrastructure to handle expanding the (program) to so many individual users and videos.”

YouTube said in a note posted to Google’s blog that it will enable users who start accumulating lots of hits to generate revenue from their clips–provided they meet YouTube’s terms.

You don’t have to be some high-paid auteur or even create a wildly popular character like “Fred” to cash in on YouTube.

Critics have always knocked YouTube’s alleged inability to monetize the amateur-made videos on the site. Advertisers were afraid to get anywhere near this kind of content because it was too unpredictable. But that was when people thought YouTube would only serve ads against all of the content on its site.

I’ll be paying special attention to Hand Eye Technologies when the company gives its pitch at DemoFall 09 at about 10:40 a.m. PDT Tuesday. This company, as I said in “What to Watch,” is trying to close the loop between television and the Internet, by using smartphones as secondary, interactive screens for people when they’re watching typical broadcast shows.

One way to do this is to have the smartphone actually watch the TV with you. When you see something you like–something you want to buy, learn more about, share with friends, etc.–you press a button on the phone that communicates with the set-top, which causes the screen on your TV to overlay, briefly, some colored squares on the display that your phone’s camera picks up. It can then tell what you were pointing your phone at and take you to the next step in your interaction with the content.

What’s interesting about this is that Hand Eye Interactive Technology (HIT) takes the interaction off the main TV display and pulls it onto the personal, mobile, and much smarter display on users’ phones. The TV isn’t forced to become an interactive terminal, and the interaction a user has with content on his or her personal phone won’t disrupt a viewing experience for anyone else watching the main show on the big screen.

Hand Eye Technologies requires an app on the smartphone as well as on a box connected to the TV.

(Credit:
Hand Eye Technologies)

As CEO Jonathan Kessler explained to me Monday night, the first step to making this work is to enable your smartphone to know what you’re watching. First, you need special technology in your TV or set-top box. It knows what the screen is displaying and whether it’s live or playing off a DVR or DVD. Then your phone needs to know what you’re interested in that’s showing on your TV.

The business also requires that set-top boxes (and network DVRs) get the core HIT technology embedded in them. Technically, this is simple. From a business perspective, I can only wish Kessler the best of luck. He will probably need it.

Jonathan Kessler, CEO of Hand Eye Interactive

(Credit:
Rafe Needleman/CNET)

Kessler said the technology could be generalized to work with any content on TV, but that the business model is to sell the platform to TV studios so they can embed it in individual smartphone apps they build for shows or networks. A shopping channel app is the most obvious example (Kessler is in talks with one of the networks) since it would enable commerce, but apps for other networks or even individual shows could work. For example, a Discovery Channel app could use HIT technology to kick off games or educational content (or DVD sales) on the smartphone.

For HIT to succeed several different elements have to line up. But that high level of difficulty is also a barrier to entry, something that many Web-only businesses don’t have.

Windows 7: RTM in pictures

The official release of Microsoft Windows 7 has earned an Outstanding rating from CNET, and in this gallery you’ll see why. Whether this is your first time looking at Windows 7 or you’ve been testing the operating system since the beta release in January, this slideshow is a comprehensive look at what Windows 7 offers.