In some ways RealNetwork's Rhapsody service competes with Apple's iTunes, but Apple has approved the music streaming app for use on the iPhone and iPod Touch.
The app is free, but users will pay $14.99 a month for the service after a free seven day trial.
Real Vice President Bill Hankes described the service and said that, even though it competes with Apple to some extent, the two companies were able to reach what he considers to be a mutually beneficial agreement.
Listen now: Download today's podcast
A software product sold to protect children from predators, cyberbullying, and visiting inappropriate Web sites is also collecting information about what the kids are saying, and its publisher is selling that data--in aggregate form--to other companies for marketing purposes.
In an interview, Echometrix CEO Jeffrey Greene said that the company doesn't collect or report the names or any identifying information about the children. "We never, ever, ever can identify who the kid is who is saying it. In fact, we don't have any information about the individual child," he said.
Box shot of Sentry Parental Controls from company Web site
(Credit: Echometrix)The company's Sentry Parental Control Software, according to Greene, is designed to warn parents if a child is engaged in inappropriate online behavior by analyzing a database of 29,000 words including what he calls "Weblish," slang terms like POS (parent over shoulder) that kids use as short cuts in instant messaging and chat rooms. To do this, said Greene, it's necessary for the company to capture this information so "we can monitor these kids and the conversations they are having and the things they are seeing and all the words that are coming to them and all the words they're sending out, so we can make decisions and identify questionable activities and let mom and dad know about it right now--in real time."
In addition to notifying parents if their kids are doing something questionable, the company also sells summary data based on this information--in the aggregate--to other companies. A press release on its Web site describes a product called Pulse "that reads digital content from multiple sources across the Web, including: instant messages, blogs, social environment communities, forums, and chat rooms." The company says that it delivers the unsolicited raw conversations in real time. It gives marketers immediate, unique information about what teens are saying in their own words."
Greene says that the service can let companies "in real time, find out what the kids are saying about your product and all your competitors' products...I can't tell you who said it, I can only just tell you that a lot of kids said it."
Greene said that the company does provide a disclosure to parents as well as a way for parents to opt out, but the information in its end-user license agreement is written in the typical legalese and is a bit contradictory. In one section, it says "SearchHelp (recently renamed Echometrix) does not read or disclose private communications except to comply with a valid legal process such as a search warrant, to protect the company's rights and property," but in another it says "We have a parent's permission to share the information if the user is a child under age 13. Parents have the option of allowing SearchHelp to collect and use their child's information without consenting to SearchHelp sharing of this information with people and companies who may use this information for their own purposes."
At my request, the company provided a link to a Web page where parents can opt out of the collection process.
Spyware?
David Perry of TrendMicro, which includes parental control tools in some of its security products, said he isn't aware of any other parental control products that capture this type of information. "This is a severe case of what we used to call spyware," he said. Perry worries that even though the software may not collect the names of the children, "those names could be included in some of the chat messages."
Taking Greene at his word, and assuming that the company carefully avoids sending out identifiable information, I still can't shake the creepy feeling that I get about any product that collects any information from children, especially in the name of child protection.
Listen to my interview with Echometrix CEO Jeffrey Greene
Listen now: Download today's podcast
Along with keyloggers that track what you type, now we have to worry about malicious software that listens in on our voice over Internet Protocol conversations.
Gerry Egan
(Credit: Joris Evers/CNET)A Symantec security blog on Thursday disclosed a new Trojan horse, Tojan.Peskyspy "that records VoIP communications, specifically targeting Skype." The posting, based on analysis from Symantec's Karthik Selvaraj, pointed out that "its existence isn't due to any problems with Skype itself" but that Skype may have been targeted "simply because it has such a large install base."
Gerry Egan, Symantec's director of security response, says the Trojan is capable of "hooking...through some Windows APIs into some audio streams" that "can be intercepted, turned into MP3 files, and then sent over a remote channel to a remote electronic eavesdropper."
A PC can be infected through the usual channels for malware, including an executable file in an e-mail you click on and a "drive by download" that's automatically triggered when you visit an infected Web site. The most recent trend, Egan said, "is a shift toward socially engineered attacks like a fake video site."
The code has been published on the Web by a Swiss researcher, Egan said, adding that "we've not seen any indications of it being used maliciously, but the published code opens up endless possibilities in the mind of a hacker."
The code would affect Skype or any other VoIP software on a Windows PC that uses an audio stream, Egan said.
Unlike most malware, Symantec does not anticipate the code being used to launch widespread attacks.
"To do this en masse really isn't practical," Egan said. Even if a "piece of malware gets on the machine of someone who is using (VoIP), and they are talking about interesting things, finding those interesting things among the many hundreds of thousands of hours of phone calls would be like trying to find a needle in a haystack." He said it might be more valuable in a targeted attack against a specific individual.
Eavesdropping is a risk, when it comes to industrial espionage, prying spouses or significant others, and political campaigns, as well as political dissidents. U.S. law requires a court order before a phone or a computer can be legally tapped by government or law enforcement officials.
The best way to avoid being infected with this or any other malware is to use good up-to-date security software and to be sure that your operating system and browser are updated. It's also a good idea to avoid clicking on e-mail attachments and consider using security software that warns you when you're about to visit a potentially malicious Web site.
You can listen to my interview with Gerry Egan here:
Listen now: Download today's podcast
Symantec is out with its "Dirtiest Web Sites of Summer 2009," which it's calling "the worst of the worst" when it comes to malware threats.
The security vendor says that "48 percent of the Dirtiest Web Sites are, well, dirty--sites that feature adult content." That means that more than half the sites cover a wide range of other categories including legal services, catering, figure skating, and electronics shopping, according to the report.
On average, sites on the dirtiest list have 18,000 threats per site, but 40 of the sites have in excess of 20,000 threats. One site that appears to offer restaurant catering services has 23,414 computer threats
"The number of web attacks is off the charts because it's the easiest path into a consumer's machine" said Gerry Egan, Symantec's director of security response.
The Web, said Egan "has become the primary delivery vehicle for malware." One method for infection is "drive by downloads," which can exploit a vulnerability in your browser or operating system by "leveraging little security holes" and injecting code into your machine simply by virtue of your visiting the site. Another route to infections is social engineering where someone tricks a user into installing a malicious application that can masquerade as a plug-in to play media or even a fake security program that claims to help you find and remove malware. Instead it installs malware on your machine.
There are a number of dastardly payloads associated with the type of malware delivered through these sites including turning your machine into a "spambot" that sends junk e-mail to other people. Such programs can also hijack your computer to be part of a "botnet" to carry out attacks on other systems such as the recent denial-of-service attack that brought down Twitter earlier this month.
Symantec has identified these dirty sites as part of the ongoing analysis it does for its Norton Safe Web product. Safe Web includes a free Web site that anyone can use to see if a site is known to have malware. In addition, Symantec's security products now come with a plug-ins that works with a browser to look over your shoulder while you're surfing or searching to warn you before visiting a site known to contain malware.
TrendMicro Internet Security has a feature that warns you if you are about to visit a site that "may put your security at risk" and McAfee offers a service called McAfee Site Advisor that includes a free plug-in for Firefox and Internet Explorer that warns you about potentially dangerous sites that show up in search results.
Podcast: Larry speaks with Symantec's director of security response, Gerry Egan (8:43)
Listen now: Download today's podcast
Elinor Mills
(Credit: CNET)CNET security and privacy reporter Elinor Mills, who has been reporting on the Twitter, Facebook, and Google denial of service attacks since early Thursday morning, interviewed a Facebook executive who told her that the attacks appeared not to be aimed at Twitter or Facebook but toward an individual person who blogs about independence of a breakaway region of Georgia. But even though it was aimed at one person, the sheer size of the attack was enough to bring down Twitter and impact Facebook.
The podcast runs 4 minutes and 53 seconds.
Listen now: Download today's podcast
Barring any unlikely interference from regulators, the Microsoft-Yahoo relationship is a done deal. It's a "comprehensive search deal" said Yahoo Executive Vice President Hilary Schneider in a recorded interview (listen below) that "provides an improved search experience for consumers," taking the rich technology of both companies and "bringing them together in an integrated search platform."
For Microsoft, according to the company's Senior VP Yusuf Mehdi, the deal "created a lot of value in terms of cost savings and increased revenue opportunities. This creates a lot of new value for each of us," he said in the joint interview.
Listen to Larry Magid's conversation with Microsoft's Yusuf Medhi and Yahoo's Hilary Schneider.
Listen now: Download today's podcast
There are lots of Internet filtering products on the market that enable parents to block certain types of websites such as pornography, hate sites, or sites that promote alcohol or drug use. Most of these products run on PCs or Macs by sitting between the operating system and the browser and checking any requested sites to make sure they're not blocked. The products generally do a good job blocking requests from protected PCs, but most don't work with game consoles, Wi-Fi-equipped iPhones or iPod Touches, or any other device that isn't running the software.
Netgear is about to ship routers designed to simplify the process by allowing parents to block content on any device using the home's wired or wireless network.
Netgear routers to offer in-cloud filtering
(Credit: Netgear)The new routers, which will be available in early September, will be equipped with firmware that configures them to use OpenDNS' domain name server to look up the actual IP address of any site someone tries to visit. If that site isn't on the blocked list, it will be displayed. But if a parent has blocked that site, the user will instead be sent to a page that informs them that the site they tried to access is blocked.
Some existing Netgear routers can be upgraded with the new OpenDNS-compatible firmware starting August 10th.
Because the filtering takes place at the router level, it works with any device in the household that uses that router including Web-enabled game consoles and Wi-Fi mobile devices. It won't, however, work with devices that don't use the home network such as an iPhone set up to use the 3G cellular network.
Like other filtering products, parents have control over the type of content blocked and have the ability to turn it off so that it doesn't prevent mom or dad from visiting any sites. There is also a "white list" feature that allows parents to exclude any site from the blocked list. Because the blocking lists are "in the cloud," parents can configure the filter from anywhere.
Before employing any parental control system, I urge parents to think about how they will or won't fit in with your family. Consider the age of the child, the child's Web surfing habits, the types of risk your child takes, and what you plan to say to your children about the filtering product. Parents should tell their kids that they're using filters and explain why they think they're necessary. Also, parents should never rely on filters as the only way to protect children--parental involvement is still important. If you decide to use a filter, consider weaning kids from them as they enter their teenage years. Eventually, your kids will be on their own and part of a parent's job is to help a child make their own good decisions. You can't rely on filters forever.
For details about the service, I spoke with OpenDNS founder & CTO David Ulevitch.
Listen now: Download today's podcast
I wondered at the time how long it would take Apple's lawyers or engineers to put an end to that practice. Turns out the engineers won. The latest upgrade to Apple's iTunes software no longer recognizes the Pre as if it were an iPod.
Pre users can still synchronize their device to a computer, but not with the newest version of iTunes.
Listen now: Download today's podcast
Symantec's Kevin Haley says the malicious software responsible for attacking government and other sites in the U.S. and South Korea contains code that could turn against host PCs, erasing data and making the machines unbootable.
The attacks, which have been going on since July 4, have affected Web sites operated by several U.S. and South Korean government agencies including the U.S. Treasury Department and White House and the South Korean Ministry of Defense. Some company sites, including The Washington Post, have also been affected.
Like other distributed denial of service attacks, the actual PCs that are doing the attack are part of a "botnet." They have been infected with malicious software designed to carry out the attack. And, as CNET's Elinor Mills reported earlier, that same software could wipe out data on infected PCs.
Listen to Symantec's Kevin Haley discuss the risk:
Listen now: Download today's podcast
Some officials in South Korea have blamed North Korea, but Roger Thompson, chief research officer for Internet security firm AVG, says that it's more likely the work of run-of-the-mill hackers. In this eight-minute podcast, Thompson says he's far more worried about Chinese hackers.
Listen now: Download today's podcast
