Google pulls ads linked to data-swiping sites

Google Inc. has cancelled paid advertisements that cybercriminals were using to redirect users to sites containing malicious software that would steal banking data and other personal information.

The ads, linked to 20 search terms, appeared on Google as legitimate organizations such as the Better Business Bureau and cars.com.

But the links instead took unsuspecting users to a site that would attempt to install software aimed at taking advantage of a security gap in older versions of the Microsoft Windows XP operating system.

Exploit Prevention Labs chief technology officer Robert Thompson first posted information about the problem Tuesday on the security company's blog.

Google said in a statement it cancelled the accounts on Tuesday upon learning of their existence.

"We are also evaluating our systems to ensure that the appropriate measures are in place to block future attempts," the company said Thursday.

"Google is committed to ensuring the safety and security of our users and our advertisers. We actively work to detect and remove sites that serve malware in both our ad network and in our search results."

The discovery of the bogus ads could shake people's confidence in ads powered by search engines, said Nick Ianelli, an internet security analyst with the Computer Emergency Response Team Co-ordination Center at Carnegie Mellon University.

"This is serious — there's confidence in the links that are at the top, whether they're sponsored or not," said Ianelli. "It's going to affect the whole industry, not just one provider."

Google's AdWords service brings together advertisers and websites willing to display their ads. Advertisers pay Google a fee based on the number of click-throughs, and site operators receive a commission for each time that a visitor clicks on an ad. The selling of advertising links is a large part of the Mountain View-based company's $3.08 billion in profit in 2006.

The attack in this case targeted the top "sponsored" links tied to Google search results. Sponsored links allow customers to buy ads connected to a particular search term. When users type in the search term, Google will display the advertisers who bid the highest amounts at the top of its sponsored links.

Exploit Prevention Labs first discovered the attack on April 10 when a search under the phrase "how to start a business" turned up a legitimate business as the top entry. However, when the user clicked on the link, it instead sent them to a site that attempted to install a password-stealing keystroke logger on the user's PC.

Thompson, chief technology officer for Exploit Prevention Labs, said Thursday that no further attacks of this type had been discovered, "but the exploit site is still live and serving, so if someone finds a way to hook to it, it'll fire."

Security experts agreed the incident should raise awareness among computer users to keep their computer software updated.

Google echoed the sentiment on their Inside AdWords blog, saying, "We strongly encourage all of our users and advertisers to keep up-to-date antivirus protection on their computers and regularly run system scans."

"As a general rule of thumb, individuals should also take care to create complex passwords, change them frequently, and only use them on known or trusted (non-public) computers," the company said.

With files from the Associated Press

Chinese government bans new Internet cafes

The Chinese government will not approve licenses for new Internet cafes this year as part of a move intended to strengthen government control over the popular Internet access points.

"The number of Internet bars across the country will not increase during 2007," said the , directive (in chinese), entitled "Notice regarding stricter management of Internet cafes and online games."

The construction of Internet cafes that have already received approval from the government must be completed by June 30, it said.

The directive was approved by 14 government agencies, including the Ministry of Information Industry, Ministry of Public Security and the Ministry of Finance. Besides seeking to restrict the number of Internet cafes, the directive reiterated the government's intention to shut down unlicensed Internet cafe operators.

Internet cafes are popular among Chinese Internet users, including young people who may spend hours at the cafes downloading music, watching movies or playing online games.

Is it time to scrap the internet?

Although it has already taken nearly four decades to get this far in building the internet, some university researchers with the federal government's blessing want to scrap all that and start over.

The idea may seem unthinkable, even absurd, but many believe a "clean slate" approach is the only way truly to address security, mobility and other challenges that have cropped up since UCLA professor Leonard Kleinrock helped supervise the first exchange of meaningless test data between two machines on September 2 1969.

The internet "works well in many situations, but was designed for completely different assumptions", said Dipankar Raychaudhuri, a Rutgers University professor overseeing three clean-slate projects. "It's sort of a miracle that it continues to work well today."

No longer constrained by slow connections and computer processors and high costs for storage, researchers say the time has come to rethink the internet's underlying architecture, a move that could mean replacing networking equipment and rewriting software on computers better to channel future traffic over the existing pipes.

Even Vinton Cerf, one of the internet's founding fathers as co-developer of the key communications techniques, said the exercise is "generally healthy" because the current technology "does not satisfy all needs".

Balancing interests
One challenge in any reconstruction, though, will be balancing the interests of various constituencies. The first time around, researchers were able to toil away in their labs quietly. Industry is playing a bigger role this time, and law enforcement is bound to make its needs for wiretapping known.

There's no evidence they are meddling yet, but once any research looks promising, "a number of people [will] want to be in the drawing room", said Jonathan Zittrain, a law professor affiliated with Oxford and Harvard universities. "They'll be wearing coats and ties and spilling out of the venue."

The National Science Foundation (NSF) wants to build an experimental research network known as the Global Environment for Network Innovations (Geni), and is funding several projects at universities and elsewhere through Future Internet Network Design (Find).

Rutgers, Stanford, Princeton, Carnegie Mellon and the Massachusetts Institute of Technology are among the universities pursuing individual projects. Other government agencies, including the Defence Department, have also been exploring the concept.

The European Union has also backed research on such initiatives, through a programme known as Future Internet Research and Experimentation (Fire). Government officials and researchers met last month in Zurich to discuss early findings and goals.

A new network could run parallel with the current internet and eventually replace it, or perhaps aspects of the research could go into a major overhaul of the existing architecture.

These clean-slate efforts are still in their early stages, though, and are not expected to bear fruit for another 10 or 15 years -- assuming the United States Congress comes through with funding.

Guru Parulkar, who will become executive director of Stanford's initiative after heading the NSF's clean-slate programmes, estimated that Geni alone could cost $350-million, while government, university and industry spending on the individual projects could collectively reach $300-million.

Spending so far has been in the tens of millions of dollars. And it could take billions of dollars to replace all the software and hardware deep in the legacy systems.

Mission critical
Clean-slate advocates say the cozy world of researchers in the 1970s and 1980s doesn't necessarily mesh with the realities and needs of the commercial internet. "The network is now mission critical for too many people, when in the [early days] it was just experimental," Zittrain said.

The internet's early architects built the system on the principle of trust. Researchers largely knew one another, so they kept the shared network open and flexible -- qualities that proved key to its rapid growth.

But spammers and hackers arrived as the network expanded and could roam freely because the internet doesn't have built-in mechanisms for knowing with certainty who sent what.

The network's designers also assumed that computers were in fixed locations and always connected. That is no longer the case with the proliferation of laptops, personal digital assistants and other mobile devices, all hopping from one wireless access point to another, losing their signals here and there.

Engineers tacked on improvements to support mobility and improved security, but researchers say all that adds complexity, reduces performance and, in the case of security, amounts at most to bandages in a high-stakes game of cat and mouse.

Workarounds for mobile devices "can work quite well if a small fraction of the traffic is of that type", but could overwhelm computer processors and create security holes when 90% or more of the traffic is mobile, said Nick McKeown, co-director of Stanford's clean-slate programme.

The internet will continue to face new challenges as applications require guaranteed transmissions -- not the "best effort" approach that works better for email and other tasks with less time sensitivity.

Transitioning to a next-generation internet could be akin to changing the engines on a moving airplane. Routers and other networking devices will likely need replacing; personal computers could be in store for software upgrades.

Headaches could arise given the fact that it will not be possible simply to shut down the entire network for maintenance, with companies, groups and individuals depending on it every day. And just think of the costs - potentially billions of dollars.

Difficult transition
Advocates of a clean-slate internet -- a restructuring of the underlying architecture better to handle security, mobility and other emerging needs -- agree that any transition will be difficult.

Consider that the groundwork for the IPv6 system for expanding the pool of internet addresses was largely completed nearly a decade ago, yet the vast majority of software and hardware today still use the older, more crowded IPv4 technology. The clean-slate initiatives are far more ambitious than that.

But researchers are not deterred. "The premise of the clean-slate design is, let's start by saying, 'How should it be done?' independent of 'Can we retrofit it?" said Andrea Goldsmith, an electrical engineering professor at Stanford. "Once we know what the right thing to do is, then we can say, 'Is there an evolutional path?'"

One transition scenario is to run a parallel network for applications that truly need the improved functions. People would migrate to the new system over time, the way some are now abandoning the traditional telephone system for internet-based phones, even as the two networks run side by side.

"There's no such thing as a flag day," said Larry Peterson, chairperson of computer science at Princeton. "What happens is that certain services start to take off and attract users, and industry players start to take notice and adapt."

That is not unlike the approach Nasa has in mind for extending the internet into outer space. Nasa has started to deploy the interplanetary internet so its spacecraft will have a common way of communicating with one another and with mission control.

But because of issues unique to outer space -- such as a planet temporarily blocking a spacecraft signal, or the 15 to 45 minutes it takes a message to reach Mars and back -- Nasa can't simply slap on the communications protocols designed for the Earthbound internet. So project researchers have come up with an alternate communications protocol for space, and the two networks hook up through a gateway.

To reduce costs, businesses might buy networking devices that work with both networks -- and they would do so only when they would have upgraded their systems anyhow.

Some believe the current internet will never go away, and the fruits of the research could go into improving -- rather than scrapping -- the existing architecture.

"You can't overhaul an international network very easily and expect everyone to jump on it," said Leonard Kleinrock, a UCLA professor who was one of the driving forces in creating the original internet. "The legacy systems are there. You're not going to get away from it." -- Sapa-AP

Stop surfing, make friends, Indian students told

One of India's top engineering schools has restricted Internet access in its hostels, saying addiction to surfing, gaming and blogging was affecting students' performance, making them reclusive and even suicidal.Authorities at the elite Indian Institute of Technology (IIT) in Mumbai said students had stopped socializing and many were late for morning classes or slept through them."Now, a student doesn't even know who lives two doors away from him because he is so busy on the Internet," said Prakash Gopalan, dean of student affairs."The old hostel culture of camaraderie and socializing among students is gone. This is not healthy in our opinion."IIT-Mumbai, with about 5,000 students, is one of seven IITs across India which are considered to be among the finest engineering schools in the world. They are also a talent pool for global technology giants.But their exacting curriculum, tough competition and reclusive campus lifestyle have taken a toll on students.Depression and dysfunctional lifestyles are known to be common among IIT students, and at least nine have committed suicide in the past five years. IIT-Mumbai has seen two suicides in two years and several attempts.Students have unlimited free Internet access in their hostel rooms to help them in their studies, but many also use it to surf, chat, download movies and music, blog and for gaming.Starting Monday, Internet access will be barred between 11 p.m. and 12.30 p.m. at IIT-Mumbai's 13 hostels to encourage students to sleep early and to try and force them out of their "shells", Gopalan said."There has been a decline in academic performance and also participation in sporting, cultural and social activities has gone down," he said.But the move has not gone down well with students who say they hate their lives being regulated."Now they will say we need to listen to a lullaby to go to sleep," said Rajiv, an electronics student who gave only one name.Student anger has also spilled on to several blogs run by IIT alumni where bloggers say "the birth of the virtual world had led to the death of the real selves", but add that they resent regulation of students' activities.Gopalan said authorities at the other IITs were considering a similar curb in their hostels.

Techs, Telcos Team Up to Set Internet TV Standard

Companies which provide television over Internet technology (IPTV) joined forces on Monday to set a single global standard, so that all systems would work together.

The Open IPTV Forum is backed by companies including Ericsson, Matsushita's Panasonic, Philips, Samsung Electronics, Siemens AG Sony Corp, AT&T, Telecom Italia and France Telecom.

Not on the starting list are Alcatel-Lucent and Microsoft Corp., the market leaders and alliance partners in IPTV networks and software.

Film makers and TV production companies were not on the list either, but the forum said everyone could join.

"The forum will be open for participation to any companies which share the goals of the forum and are willing to actively contribute to specification development," the Open IPTV Forum said in a statement.

The nine founding companies said they want results fast and will hammer out technology requirements by September and a first set of technology specifications by year-end.

If all IPTV systems work together flawlessly it should be easier and cheaper for consumers to buy and use IPTV systems and services, such set-top boxes and TV and video programs.

For technology companies and operators it will be cheaper to build systems, because they can be made for a global market.

The forum will embrace existing standards that address part of the interoperability challenge.

It said it supported the work of IP Multimedia Subsystem (IMS) for unified Internet service delivery and the Digital Living Network Alliance (DLNA) which aims to make it easy for consumers to use their digital music, films and other content across their home or private network.

Most of the nine companies are already active in one or more of these other standards-setting bodies.

Detroit man convicted in Internet child pornography case featured in Congressional hearing

A man accused at a congressional hearing of molesting a teenage boy has been convicted of charges including enticing a child to engage in sexually abusive activity.

Ken Gourlay was convicted Friday following a weeklong trial and more than three hours of jury deliberations. He faces up to 20 years in state prison when sentenced May 2 by Circuit Court Judge Archie Brown.

Gourlay, 29, was accused of sexually assaulting Justin Berry and using him to produce and distribute child pornography over the Internet.

Berry said he began performing sexual acts on the Internet in 1999, when he was 13. Prosecutors say Berry, who now is an adult, was lured to Ann Arbor from California in 2002 to attend a computer camp and was molested by Gourlay.

Berry's claims drew wide attention when he testified before Congress in April about online child pornography.

Gourlay was one of several men arrested on charges involving child pornography after Berry began working with the Justice Department. One of them, Gregory Mitchel, pleaded guilty last year and was sentenced to 150 years in prison.

Gourlay was convicted of a total of nine felony charges and one misdemeanor, the state attorney general's office said. Other charges included using a computer to engage in child sexually abusive activity, distributing child pornography over the Internet and third-degree criminal sexual conduct.

Defense lawyer James Howarth asserted that many of the prosecution witnesses lied.

Berry's testimony before Congress came after his case was highlighted by The New York Times. The Times acknowledged Tuesday that the reporter who wrote the acclaimed 2005 article about Berry and Web sex sites run by teenagers had helped gain the boy's trust by sending him a $2,000 check.

Gourlay also is charged in a separate case with 20 counts of third-degree criminal sexual conduct involving a 14-year-old boy from the Detroit area.

BitTorrent goes legit with movie and TV downloads

BitTorrent has officially jumped into the growing pool of video download services with the announcement that it will start selling legitimate TV and movie rentals via the company's web site. The downloads will come via BitTorrent's already popular P2P client and function in the same way that torrents currently function�a torrent file will be downloaded to the client computer and then downloaded from a number of other peers who are seeding the file. BitTorrent is offering movie rentals from Warner Bros., Paramount Pictures, 20th Century Fox, Metro-Goldwyn-Mayer, and Lionsgate as well as a number of television shows from Comedy Central, Fox, MTV, Nickelodeon, Spike, and VH1, among others.

BitTorrent cofounder Ashwin Navin told the Associated Press that he believes up to a third of current BitTorrent users would be willing to pay for legit content if it were available and affordable. "Now we have to program for that audience and create a better experience for that content so the audience converts to the service that makes the studios money," he said.

Pricing will be roughly equivalent to similar services, with TV episodes coming in at $1.99 apiece and movie rentals ranging from $2.99 to $3.99. Rented movies must be watched within 24 hours after the user has first clicked the play button. "We're really hammering the studios to say, 'Go easy on this audience.' We need to give them a price that feels like a good value relative to what they were getting for free," said Navin to the AP. The service will not, however, offer download-to-own movies�just TV shows. The reason behind this decision was apparently due to high pricing demands from the movie studios that the BitTorrent team didn't think would appeal to its audience.

The files will, of course, come with DRM restrictions. The movie and TV files are protected with Windows Media DRM, which (like most other services) will block Mac and Linux users from watching legitimately torrented content. The site still allows Mac users to purchase and download the files, however, but warns that they can only watch the videos under Windows. The files are also currently limited to play on a single PC.

How likely is BitTorrent's legit service to succeed? One immediate problem that comes to mind is ISPs that are struggling with whether or not to throttle torrent traffic. My own ISP doesn't throttle, but recently blocked BitTorrent's default port�an easy workaround, but still an indication that they'd prefer that their users didn't torrent files. Another limitation is the inability to download direct-to-TV�something that savvier users with HTPC boxes can do, but average users probably won't.

That leaves BitTorrent to compete with the handful of not-quite-so-successful movie services, such as CinemaNow and MovieLink, which are also limited to play on PCs only. Even some members of BitTorrent's target demographic (males between 15 and 35) have pointed out that they use BitTorrent in order to get TV episodes before they're released to legit services, and that they'd only be interested in buying if they could download at the same time that a show is airing�there are already plenty of other legit services available if they were looking to buy after an airing. BitTorrent's new service has a lot of challenges to overcome in the coming months if it wants to succeed in the increasingly competitive marketplace.