SanDisk takes on Nano with new Sansa View

Just two weeks ago SanDisk announced its "Clip" MP3 player, which was SanDisk's shot at the iPod Nano purchasing audience, so it comes as no surprise that just five days after Apple announced its latest lineup of players, SanDisk is ready to compete. Today it announced its latest player, the Sansa View. HangZhou Night Net

The Sansa View looks similar to Apple's previous generation of the iPod Nano—tall and skinny, and with navigation controls just below the screen. The View is available in two models: 8GB and 16GB, and is priced dead-on with the latest Nano: $150 or $200 for the 8GB or 16GB models, respectively. The View also one-ups the 3rd generation Nano with its microSD/microSDHC slot, which provides up to 24GB of extra storage.

SanDisk's offering supports H.264, WMV, and MPEG4 video playback at up to 30 frames per second, as well as DivX—if you use Sansa's Media Converter software. Audio formats supported include MP3, WMA, WAV, not to mention the FM radio. In comparison, the Nano supports H.264, mp4, m4v, and MPEG-4 DRM-protected and homemade video.

Where the Nano has a 2" 320×240 screen, the View has a slightly larger 2.4" 320×240 screen. However, the View's screen is advertised as being a "wide-screen." In order for its screen to be "wide," it looks like users would have to hold the View length-wise instead of in its natural vertical state. I hope this is the case, since I can't imagine how bad the video would look scrunched up on a screen that is taller than it is wide.

Finally, the View has a battery life of 35 hours for audio and 7 hours for video. Advertised battery life for the Nano is 24 hours audio and 5 hours for video. The View is only available in black, while the Nano comes in five colors.

Judge deals blow to RIAA’s boilerplate copyright infringement complaints

In the over 20,000 file-sharing cases filed so far, the RIAA has relied on a simple procedure: scour P2P networks for shared music, file a John Doe lawsuit to learn the identity of the account-holder responsible for the IP address flagged by the RIAA's investigative arm, and, if the account-holder doesn't agree to the RIAA's settlement terms, file a lawsuit using a boilerplate complaint. A federal judge in California has now refused to grant the RIAA a judgment based on just such a complaint, forcing the RIAA to draw up a new complaint containing specifics. HangZhou Night Net

Yolanda Rodriguez was sued by the record labels for copyright infringement in November of last year. Apparently, Rodriguez is of the "ignore the problem and hope it will go away" mindset, as she never filed an answer to the complaint, and a search of the case history shows no action on her part to fight the lawsuit.

Given Rodriguez's inaction, the clerk entered a notice of default this past April. In July, the record labels asked the court for a default judgment in the amount of $3,750 (five songs at $750 each) plus $420 in court costs. Judge Rudi M. Brewster declined to give the RIAA what it was asking for, ruling that the plaintiffs' boilerplate complaint "fails to sufficiently state a claim upon which relief may be granted."

Drawing on the recent Bell Atlantic v. Twombly case decided by the Supreme Court, Judge Brewster held that the RIAA's complaint wasn't sufficient to merit a default judgment. "[O]ther than the bare conclusory statement that on 'information and belief, Defendant has downloaded, distributed and/or made available for distribution to the public copyrighted works, Plaintiffs have presented no facts that would indicate that this allegation is anything more than speculation," wrote the judge. "The complaint is simply a boilerplate listing of the elements of copyright infringement without any facts pertaining specifically to the instant Defendant."

Bell Atlantic v. Twombly involved allegations that the Baby Bells engaged in an anticompetitive conspiracy to hinder local phone and broadband competition. The Supreme Court ruled that the mere fact that a conspiracy was conceivable and that the companies engaged in conduct that supported the conspiracy allegations wasn't enough for a lawsuit to proceed.

Judge Brewster vacated the entry of default but gave the RIAA 30 days to refile the complaint and serve Rodriguez with it. It took the RIAA little less than a week to file an amended complaint. In contrast to the original complaint, which was extremely short on specifics, the RIAA's latest filing offers more in the way of details. Those details include the date the RIAA spotted the PC it believes was used by Rodriguez on Gnutella, the IP address, and a list of recordings in the user's shared folder.

There's still a great deal of "information and belief," however. The RIAA is "informed and believe[s]" that Rodriguez "had continuously used and continued to use a P2P network to download and/or distribute to the public" the files contained in the shared folder as well as "additional sound recordings owned by or exclusively licensed to" the labels.

In fact, the only significant difference between the original and amended complaint are the dates, IP address, the name of the network, and screenshots showing each and every file seen in the shared folder allegedly residing on Rodriguez's PC. Of course, if Rodriguez once again fails to show up in court, that may be enough to grant a default judgment.

Judge Brewster's decision may have ramifications for two contested lawsuits, Elektra v. Barker and Warner v. Cassin. The judges in both cases have indicated their intention to rule on a central facet of the RIAA's complaints, that making a song available over a P2P network constitutes copyright infringement. Copyright attorney Ray Beckerman, who is defending both Barker and Cassin, points out that the judge's ruling in Interscope v. Rodriguez supports the arguments made in the other two cases.

SCO to face judge, not jury, in Novell trial

The remaining claims in the legal battle between SCO and Novell will not be heard by a jury, Judge Dale A. Kimball said in a decision granting Novell's motion to strike SCO's demand for a jury trial. HangZhou Night Net

Kimball effectively ended SCO's "slander of title" lawsuit against Novell last month when he issued a ruling declaring that Novell—and not SCO—is the owner of the original UNIX copyrights. At the time, Judge Kimball also determined that SCO had breached its fiduciary duty to Novell by failing to turn UNIX licensing royalties over to Novell.

Under the terms of SCO's original agreement with Novell, SCO was permitted to sell UNIX licenses to third parties but had to turn all but 5 percent of the royalties over to Novell. Although Judge Kimball has already determined that SCO owes 95 percent of its UNIX royalties to Novell, the question that remains is what portion of royalties collected by SCO from UNIX-related licensing agreements was for UNIX specifically and how much was for assorted UnixWare intellectual property that SCO developed independently.

SCO collected over $25 million from Microsoft and Sun through UNIX licensing agreements. Although SCO claims now that those agreements were primarily for UnixWare intellectual property, there is very little evidence to support that assertion. In fact, SCO's description of those agreements in a July 2003 SEC filing seem to indicate that the agreements related directly to UNIX source code, note UnixWare:

"[One of the licenses] was to Microsoft Corporation ("Microsoft") and covers Microsoft's UNIX compatibility products, subject to certain specified limitations. These license agreements are typical of those we expect to enter into with developers, manufacturers, and distributors of operating systems in that they are non-exclusive, perpetual, royalty-free, paid up licenses to utilize the UNIX source code, including the right to sublicense that code."

To determine whether the question should be brought before a jury, Judge Kimball had to first evaluate the nature of the claims and determine if the remedies sought fall under common law or equity. Traditionally, the right to a jury trial does not exist in breach-of-contract cases where the remedy sought by the plaintiff is simply enforced fulfillment of a contractual obligation rather than monetary damages. In the absence of the right to a jury trial, the trial is brought before a judge instead. "In this case, the court has found that Novell has an equitable interest in the SVRX Royalties and met the requirements for imposition of a constructive trust for the amount of SVRX Royalties improperly in SCO's possession," Judge Kimball wrote in his decision. "Therefore, the court concludes that Novell's breach of contract, breach of fiduciary duty, constructive trust/restitution/unjust enrichment, and conversion claims are equitable in nature given the nature of the relief sought under these claims and the limited issues remaining for trial. Accordingly, none of these claims provide a right to a jury trial."

SCO's current assets add up to just under $20 million, and the company continues to report losses every quarter. It seems likely that the company's days are numbered.

Seagate’s new drives: 250GB notebook, hardware encrypted desktop

Seagate has announced two new drives today: one for the desktop and another for portables. The new desktop drive, the 1TB 7200 rpm Barracuda FDE, is the first drive of its size to contain an embedded encryption processor that encrypts all the data on the drive as it's written. In other words, it does something similar to Microsoft's BitLocker and Apple's FileVault but in hardware at a level beneath the operating system. HangZhou Night Net

The Barracuda FDE's DriveTrust encryption requires the user to enter a password prior to the boot-up stage so that the drive can decrypt the user's data, which has been encrypted by AES. This boot password can be paired with other pre-boot, hardware-based security measures, like biometrics and smartcards. Because the drive is unlocked prior to boot and remains accessible in the clear while the machine is powered on, this technology isn't quite yet suited for portables. The aforementioned BitLocker and FileVault solutions are aimed at portable users who worry about having their laptops stolen, and don't want hackers to have access to their data on waking the machine from sleep.

Seagate says that there's a DriveTrust SDK that software vendors can use "to build DriveTrust Technology-enabled applications such as access controls needed to manage encryption keys, passwords and other forms of authentication for large deployments," but this still doesn't suggest to me that the drive's encryption functionality could be readily integrated with a post-boot, login-based solution like FileVault. It's not a stretch to imagine that another revision of DriveTrust aimed at portables is on its way, however, and that it will feature such functionality.

For my part, I can already envision this drive as the basis for a new generation of consumer NAS devices that have a side-panel keypad for unlocking the device's drives on boot. Infrant, are you listening? Because I worry enough about thieves breaking into my home and walking out with my handily portable ReadyNAS NV+ that I jumped through hoops with OS X and various third-party apps to make sure that my nightly backups over my LAN are secure.

250GB of notebook storage ought to be enough for anybody

At 2.5" and 5400RPM the Momentus 5400.4 packs 250GB of storage into a very small space, but that particular combination of density and storage capacity is by no means a first. All the usual suspects (Wester Digital, Hitachi, Fujitsu, Samsung) have already introduced 2.5" drives this size or larger. But Seagate claims this new drive is the first notebook drive to use perpendicular recording, which cuts down on platter surface area to improve power efficiency and failure rates.

Note that Hitachi actually has a 250GB notebook drive with a similar encryption option as the Seagate 1TB desktop drive described above: the Hitachi Travelstar 7K200. Does anyone know if this thing's encryption functionality works in a MacBook Pro? If it does then I want one. I had problems with FileVault and had to disable it.

The Momentus will ship in the fourth quarter of this year, and the Barracuda FDE will ship in early 2008. There's no word on pricing at this time.

Early iPhone adopters receive $100 credit from Apple

Those who purchased iPhones before yesterday's "The Beat Goes On" event will be able to get a $100 credit to the Apple Store as compensation for their early-adopting ways, said Apple CEO Steve Jobs today. HangZhou Night Net

In a letter addressed to "all iPhone customers" on Apple's web site, Steve Jobs defended the decision to drop the 8GB iPhone's price from $599 to $399 less than two months after the device went on sale. The announcement, while met with some excitement, was also greeted with much gnashing of teeth by those who consider themselves the most loyal to the company. "iPhone is a breakthrough product, and we have the chance to 'go for it' this holiday season," Jobs wrote. "iPhone is so far ahead of the competition, and now it will be affordable by even more customers."

Jobs also reiterated his comments from this morning's USA Today in which he said that people upset about the price drop need to get used to the fact that technology moves quickly. "If you always wait for the next price cut or to buy the new improved model, you'll never buy any technology product because there is always something better and less expensive on the horizon," Jobs said in the letter.

At the time of the interview with the newspaper, he indicated that no refunds would be awarded to early adopters, although reports spread quickly throughout the web that some customers were having success pressuring Apple or AT&T's customer service into issuing them.

Uncle Steve doesn't "speak" to the world unless he has something interesting to say, however. Despite the fact that Apple feels it made the correct decision at the correct time, the company acknowledges that it has heard the complaints of the early-adopting crowd. Jobs said that a $100 store credit toward the purchase of any product in Apple retail stores or the online store would be awarded to anyone who bought an iPhone through Apple or AT&T (provided they paid full price, that is). Details of the offer are not yet available but will be posted to Apple's web site within the next week, he said.

Is a $100 rebate enough to satisfy the angry mobs? For some, it will only serve as a painful reminder that it costs money to be on the bleeding edge of technology, and Apple products are no exception. But for most, it's a decent compromise. Losing $100 stings only half as much as losing $200, even though customers will eventually have to spend that $100 on Apple products.

We will keep you updated when more details on the program become available.

DoJ argues against net neutrality in FCC filing, says “trust us”

The Department of Justice's Antitrust Division has two words for all the network neutrality backers who believe that a bit of government regulation could go a long way towards keeping the Internet open: trust us. In comments just filed with the Federal Communications Commission, the top lawyers from the Antitrust Division called preemptive network neutrality regulations a bad idea, instead arguing for a free market system in which the DoJ would step in to correct any antitrust violations after they occur. HangZhou Night Net

The filing is the DoJ's response to the FCC's continuing inquiry into "broadband industry practices." The FCC is trying to determine if some kind of network neutrality regulations might be necessary, and if so, what form they should take. The DoJ has no doubts, saying, "The FCC should be highly skeptical of calls to substitute special economic regulation of the Internet for free and open competition enforced by the antitrust laws."

The arguments in the paper are surprisingly lacking in depth, though one assumes that the Antitrust Division has a least some expertise in this area after examining several major telecom mergers over the last few years. Much of the filing is taken up with pointing out the incredible awesomeness of the free market, which makes possible "the kinds and quality of goods and services that consumers desire.” (How's that working out, xMac true believers?)

The basic arguments that relate directly to net neutrality are twofold. One, the DoJ points out that there have so far been few real violations of the neutrality principle in the US. When egregious examples have come to light (rural telco Madison River was smacked down by the FCC when it began blocking VoIP calls), they have been handled quickly. Rather than lay down a "prophylactic" system of regulations, the DoJ believes it would be better to leave the market unregulated and deal with problems as they come up.

The second major argument is that network operators need to massively expand their capacity and consumers will be stuck paying the bill if network neutrality is enacted. "Several studies have noted," says the DoJ, "that prohibiting broadband providers from charging content providers directly would lead consumers shouldering a disproportionate share of the costs necessary to upgrade network infrastructure."

Left unexplained is exactly how a network infrastructure has been paid for over the last 15 years as Internet traffic as exploded. Here's a hint: it hasn't been done by forcing every website to pay every major network operator if said website wants to reach customers a little faster. It also hasn't been done by sticking consumers with the bill in its entirety, as the DoJ filing appears to indicate. Content providers do pay for access to the network; they pay vast sums of cash for bandwidth, in fact, and that money filters out to the ISPs that carry their traffic through peering and carriage arrangements.

The US Post Office example also rears its ugly head. "No one challenges the benefits to society of these differentiated products; nor does anyone seriously propose that the United States Postal Service be banned from charging different fees for next-day delivery van for bulk mailers," says the DoJ. It's not quite clear how this is supposed to apply to the network neutrality debate. No one is seriously proposing that ISPs not be able to sell different speed and bandwidth tiers, either (ISPs already do this, of course, without complaint from anyone).

The report does makes a solid point about the “ambiguity of what conduct needs to be prohibited." With many different definitions of network neutrality, debaters sometimes sound like they're talking right past one another.

The filing has already attracted scrutiny from groups like Public Knowledge, which attacked the DoJ in a statement today. "The filing is filled with mischaracterizations of what Net Neutrality will preserve for consumers," said Gigi Sohn, president of the group. "Most blatantly, the DoJ failed to recognize that Net Neutrality is a protection for consumers and for Internet companies against discrimination by telephone and cable companies. Net Neutrality would not restrict the types of services that telephone and cable companies could offer; such a policy would make certain that those companies had to do so in a nondiscriminatory fashion as the law originally intended."

Companies and consumers both currently pay to access the Internet; the money comes from both ends of the connection. And both groups are paying for complete access to the "cloud." If network operators attempt to go after extra revenues from web operators, it would create a huge group of people "inside the cloud" that want to be paid. Instead of setting up a hot new web site, paying for plenty of bandwidth, and launching your business to the public, web site operators would need to pay not only their hosting provider but also Comcast, AT&T, Verizon, and a gazillion other networks that sit between them and their potential customers. Getting on the information superhighway thus becomes only the first stop on a very long toll road.

And, of course, let’s not forget that the most US consumers have only two choices (if they're lucky): cable and DSL. "Voting with your dollar" can be tricky or even impossible in many areas. Regulation may not be called for, but the DoJ report seems rather light on solid arguments to support that claim.

Gamers talk about words and concepts gaming taught them growing up

People say many negative things about games. They make you more violent, they make you less intelligent, and they're a waste of time. The thing is, many of us played games during our formative years, and as a thread over at SomethingAwful proves, we may have picked up more than we thought from our experiences. While the language over there may not be safe for work, I thought I'd pick out some highlights of what people learned gaming. HangZhou Night Net

The word "preemptive" "Thank you Final Fantasy VII and your random
encounters. I feel like games are a good way to teach words because
their meanings are so readily understood from context.""Friends and family compliment me on my vocabulary and spelling all the
time, and I am 100% sure it can be attributed to my early addiction to
video games. How else would a 6 year old know what a morning star or
halberd is?"Getting the word "voracious" right on an English test "Luckily I had logged hundreds of hours on Everquest killing voracious brutes outside KC"The word "Pilfer" "I learned this word from Breath of Fire 3… my favorite RPG. Ever since, I've preferred this word to any of
its synonyms.""The entire Legacy of Kain series turned me into a logophile. Example: 'To what depths had our dynasty plummeted, if these ghouls were the
descendants of my high-born brother? Were they so debased as to recruit
fledglings from the desiccated corpses here interred?'""From Sim City I learned the difference between residential, commercial, and industrial"

Some of these things may seem basic now, but when you're a child, you can pick up some nice words and concepts from gaming. I thought the thread was a great read, and it made me think of all the little facts and tidbits I've picked up from playing games. I would say my early-life infatuation with RPGs definitely helped my vocabulary. Let me leave you with the fact that one forum goer had this to say: "I'd have to say that old-school, text-based RPGs really improved my overall vocabulary and reading a lot. I've never had lower than an A+ in English."

One more: "I learned so much history and background to all the civilizations featured in Age of Empires II and it's expansion by reading the facts they give you before you play. That game made history fun."

Amen, brother.

Sony bans talk of custom firmware and emulators on official forums

Sony has never been comfortable with talk about cracking PlayStation Portables or homebrew hacks, but now the company is taking things an extra step and banned talk about such things on its official forums. This may be a tactical error, since one of the best aspects of the PSP is how crackable it is; no matter how many times Sony changes or updates the firmware, the scene will crack it in no time. A cracked PSP allows you to run games directly from the memory stick to save your battery, to run some classic console games via emulators, and to run homebrew games and applications. It also allows you to pirate games. You can guess which one annoys Sony the most. HangZhou Night Net

What aren't you allowed to talk about any more?

custom firmware themes, applications, custom bootup animations/sounds, and other materials made available only with use of homebrewprograms that may be used to aid or facilitate copyright violations
(such as Eboots, ripping software, decryption software) debugging software programs designed to emulate firmware TIFF applicationsprograms designed to provide for modification of the PSP® code or
firmware, or that would allow for any exploitation of the PSP® system
firmware flashing software applications designed to bypass PSP® system and game security features emulators, ROMs, CSO, ISOs, or any other unauthorized copies of copyrighted material software or hardware designed to aid or facilitate in cheating

"Any posting found to be in violation of this policy is subject to an immediate deletion," Sony explained further on the boards. "Members who continue to violate this policy may be subject to an immediate ban from this community, or other disciplinary actions as determined by the community Administrators." Unfortunately this is going to have the opposite effect, as we're all now talking about things like custom firmware, and emulators.

Sony, the more you make this an issue, the more it will be an issue. The better move may be to turn the other cheek, enjoy the added hardware sales all these features get you, and not give custom firmware any free press.

A Brief History of Ugly: Apple in the last 10 years

In horror honor of yesterday's announcement of the newly-designed third-generation iPod nano, we here at Infinite Loop have taken some time to look back at the last 10 years of Apple product design in order to get some perspective on just how hideous the new Apple audio player is (to some of us). This list isn't to say that some of these Apple monstrosities don't have a special place in our heart, though.HangZhou Night Net

1997 Apple eMate 300
It's hard to know exactly what Apple was thinking on this one. We would find out later that translucent can be done right, but in this instance, it was just done wrong. Add to that the shade of green that Apple designers decided to use and the overall shape of the "ultra portable," and we have ourselves the first ugly Apple product of the last 10 years.

1998 Power Macintosh G3 AIO
This is clearly a case of function over form. The Power Macintosh G3 AIO had it all: floppy drive, CD-ROM, Zip drive, 3 PCI slots… except for looks. Perhaps Apple believed that the .edu sector, of which this machine was only offered to, didn't need a good-looking machine. This gigantic beige monstrosity's "bubble top" only sealed its inclusion on this list.

1999 Power Macintosh G3 (Blue and White)
This was a tough one for us. Most of us love the industrial design of this machine and the ability to easily work on its innards, and some of us even liked the color. However, most of us are men, and men with bad color taste (it should be noted, however, that Jacqui proudly sported a blue and white G3 throughout college). We have been informed that the color, well, may not be so good on a computer. Who knew? Add to it the Mickey Mouse G3 logo and this beauty makes our list.

1999 iBook
While some thought the original iBook looked like a clam, the less gracious among us compared its looks to a less-flattering toilet seat. Add the blueberry color to the unfortunate shape (also offered in tangerine, lime green, and "graphite") and you can't go wrong with the iBook.

2001 Flower Power iMac
Nothing really needs to be said here. I've never seen one in the wild (other than in a store) and I only saw one of them sell during my tenure at an Apple Authorized dealer. ::shakes his head::

2002 eMac
Originally only intended for the education market, this machine resembled an iMac on HGH. Despite its decent specs at the time, its "ginormosity" just made it a little on the ugly side. Its front headlights didn't help the situation and the oversized CD-ROM door just made the front look like a big, ugly car.

2004 iMac G5
If anything on this list is almost "not ugly," it is the iMac G5 design. Just a bit too thick and a chin just a bit too big, it really is hard for us to include this one on the list—some of us have owned them (and er, some of us still do). Some would argue that the G4 iMac is the uglier of the two, but that Pixar lamp was just so cute!

2005 iPod Shuffle (Rev. 1)
Regardless of whether or not you liked the screen-less audio player while it was out, it is hard to argue in retrospect that it looks like some sort of home pregnancy test. The long and skinny look isn't exactly "in" when it comes to MP3 players. The Rev. 2 iPod shuffles were a welcome and much needed change to the industrial design of the shuffle line.

2007iPod nano (Rev. 3)
It may grow on us, but we doubt it. As the inspiration for this list, the iPod nano looks as though it was put inside a trash compactor, perhaps where it should have stayed. In the 24 hours since its announcement, I haven't heard many positive comments. While it may not look as ugly in profile, that's no excuse. Don't even get us started on seafoam green and sky blue!

So there it is, some of the low points in design from the boys and girls out in Cupertino. There were some that were close—the iLamp, the 14" chicklet iBook, that translucent, huge Apple Cinema Display—but in the end they didn't make the cut.

Botnet attack targeting eBay and its users, compromising accounts

Trojans and the zombie computer botnets that often spawn from them have been a problem for many years, but recently some of the attacks have been getting downright nasty. Attackers are using more and more sophisticated methods, including social engineering, to get past users' defenses. HangZhou Night Net

The latest attack is targeting eBay members and stealing their online identities using multi-stage attacks in order to perpetuate fraud. It was first identified by researcher Ofer Elzam, who works for the firm Aladdin Knowledge Systems, Ltd. Ars had a chance to talk to Mr. Elzam recently, and he explained how the fraudsters, which he believes may have started as early as mid-August, did their dastardly work.

The attack began with hackers compromising third-party web sites using a technique called SQL injection. Extra code was dynamically added to the main page of these web sites using a hidden IFRAME tag which loaded a malicious web page. This page contained a VBScript file that used AJAX to download and save a file called MISuvstm.exe into the Windows system folder. Once this file was downloaded, it attached itself to the Windows Explorer process and went hunting for a further trojan, called SRTops32.exe, which was the basis for a Distributed Denial-of-Service (DDoS) attack on eBay itself. The attack uses eBay's own Application Programming Interfaces to guess eBay users' passwords by brute force, although Alladin also says that more traditional phishing techniques are also being used.

Already there have been reports of people affected by this scam. According to this blog post, the attackers changed one user's eBay identity and sent out at least 25 e-mails to individuals in the United Kingdom who are attempting to sell Sony laptop computers. The compromised account, which retained the original user's high eBay rating, offered the sellers more money than they asked for in exchange for the laptops being shipped "as soon as possible."

Ofer Elzam says that the sophistication and complexity of the attack shows that many other variations of this scam are possible. "The approach to security should not be restricted to a narrow technology such as 'how many sites are in one solution's blacklist' or 'how many signatures are in an antivirus," he told Ars. "The 'blacklisted' sites can change at any moment; many could be infected PCs or hacked sites which are otherwise legitimate and cannot be put in a blacklist." The reason the attack vector was so convoluted was so that if certain sites hosting the malware were blocked, the trojans can react and create new and unique trojan "stubs"—the initial downloaders are between four to six kilobytes—that antivirus programs won't be aware of.

Responding to threats like this requires cooperation and knowledge at all levels, from the user to the third-party web site owner to eBay itself, and such cooperation is difficult to achieve even at the best of times. Elzam says that his company has contacted eBay repeatedly about the issue but as yet has received no reply. One solution (which Aladdin happens to currently market) for sites like eBay is two-factor authentication (indeed, eBay subsidiary PayPal has trialed the method). This is a solution where two different methods of identification are used, such as a user name and password combined with a physical item, like a mobile phone, credit card, or hardware dongle device, in the hands of the owner. These solutions, while not invulnerable, would prevent brute-force attacks such as one directed at eBay. They have already been suggested by other security researchers but their adoption has been slow so far.

In the end, as the enemy adapts, so too will users and service providers. There are software scanning products that ISPs can run that will detect and block attempted IFRAME redirections—this is how Aladdin first found out about the eBay attacks—and users can make sure that they use secure passwords and keep their operating systems and web browsers fully up to date and patched. Finally, high-profile sites such as eBay may wish to consider adopting extra security measures, like two-factor authentication.

Ars attempted to contact eBay for a response to Elzam's comments, but did not receive a reply prior to publication.

Apple, music labels to meet with European Commission over antitrust charges

The European Commission plans to hold antitrust hearings with Apple and several major music labels later this month, the EC said today. The hearings will take place from September 19 through 20 and will address the EC's concerns over unfair pricing and sales practices of the iTunes Store in Europe. The hearings are the next step in the EC's investigation, and the EC has stressed that the hearings themselves will not lead directly to a judgment. Indeed, the EC has yet to set a date by which it will render a decision. HangZhou Night Net

Music labels EMI, Universal Music Group, and Sony BMG will all be joining Apple in the hearings. They, in addition to Warner Music Group, were accused by the EC earlier this year of pressuring Apple into going along with the country-specific pricing scheme. Apple submitted a response in late June, but the EC has kept it under wraps.

Under current iTunes Store rules, users may only purchase songs within their countries of residence, which Apple enforces by requiring the use of locally-issued credit cards. This, in itself, is not necessarily a problem until pricing differences between European countries are taken into account. Songs and albums can be priced very differently depending on which country they are being sold in, which the EC says is in violation of European antitrust laws.

The hearings will be closed to the public and each record label will be meeting with Apple and the EC separately due to the confidential nature of each company's agreement with the online music giant. The hearing officer will then compile a summary of the hearings and send them to Commissioner Neelie Kroes for review.

The PlayStation 3 gets Stranglehold, NBA Live demos

It seems like the US PlayStation Store doesn't update until later in the day. While Nintendo gives you fresh Virtual Console content by the time you wake up, Sony makes sure you have something to look forward to when you get off of work. So what did we get this Thursday? HangZhou Night Net

New demos:

Stranglehold NBA Live 08

A whole mess of MotorStorm add-ons and one Ninja Gaiden content pack:

MotorStorm Revenge Weekend Add-on Pack (New track, vehicles, races and race mode) — $5.99
MotorStorm Add-on Vehicle 1 (Wakazashi Razor bike) — $0.99
MotorStorm Add-on Vehicle 2 (Wombat Mudslide ATV) — $0.99
MotorStorm Add-on Vehicle 3 (Atlas Varjack mudplugger) — $0.99
MotorStorm Add-on Vehicle 4 (Atlas Arizona big rig) — $0.99
Ninja Gaiden Sigma Weapons Master Add-on (5 survival modes) — $2.99

A bevy of trailers:

Turok "Quiet Kills" Trailer
PixelJunk Racers Trailer
Heavenly Sword "Making Of" No. 5
Heavenly Sword Anime No. 5
Lair "World in Chaos" Video
MotorStorm "Coyote Revenge" Video
Drillbit Tailer Trailer
Resident Evil: Extinction Trailer
Heavenly Sword Anime No. 5 Wallpaper

Past Thursday updates have been somewhat anemic, but it looks like Sony is starting to get some momentum; this is the second consecutive week with a beefy set of demos and trailers. If you haven't given Stranglehold a try yet, do so. It's a great demo. Also take a look at PixelJunk Racers; I was able to play this at E3 and enjoyed it. It may look simple, but it's a good time.

Cell phones can trigger medical equipment failure, problem could get worse

As people become increasingly comfortable with the use of cellphones, they're beginning to chafe at the remaining restrictions on their use (as anyone who has boarded an airplane recently can attest). The tension over wireless limitations is even more complex in the medical world, where not only do patients and their families want to stay in touch, but wireless connectivity can enable better patient care. A Open Access study that was released today points out yet another complication: wireless technology is a moving target, and what's safe today may not remain so. HangZhou Night Net

The work follows up on an earlier study that suggested that not all cellular technology might be equal when it comes to interference with medical equipment. GSM networks can handle data from two generations of transmission technology: UMTS, and the higher-powered GPRS. The original study suggested that, although UMTS devices were generally safe to have around medical equipment, GPRS-based phones had the potential to interfere with their function.

The new study focuses on what could be considered "worst case" interference. Instead of using typical operating power, the authors reasoned that a hospital environment, which is often deep within a building and subject to a variety of sources of interference, is likely to force phones to operate at their maximal power limits (in the case of GPRS devices, 2 watts). So, they set up both GPRS and UMTS antennae 500cm away from medical devices, and gradually moved them closer while checking the device's function. Problems were classified as light when they simply interfered with monitoring the device, significant when they required intervention, and hazardous when they created a health risk for the patient. Devices included various pumps, monitoring equipment, defibrillators, and pacemakers.

All told, the authors witnessed 48 events, affecting 26 of the 61 medical devices tested. The good news is that cellular devices typically had to be on top of equipment before causing a problem; the mean distance at which signs of trouble appeared was only 3cm. Still, at least one hazardous event occurred out at 300cm (nearly 10 feet), and five happened at 25cm. The key result, however, is the clear relationship between signal power and problems. The UMTS signal, which operates at 10 percent of the power of GPRS devices, caused only 17 percent of the trouble. A low-frequency GPRS signal produced 31 percent of the incidents, while a high frequency version caused about half of the problems. The severity of the problems broke down along similar lines.

The authors note that the existing safety standards of the Netherlands, where the studfy took place, limits cell phones to a distance of over a meter from medical devices, and they suggest this standard is reasonable. But the more notable message is one the authors didn't mention: those standards are clearly going to need to be reevaluated as wireless devices evolve in the future.

Critical Care, 2007. DOI: 10.1186/cc6115