Apple pushes unnecessary software to Windows PCs

Apple again used its software update tool to push a program that was previously not installed on a PC, according to Computerworld tests early Monday. Apple's Software Update for Windows - a utility most often installed on PCs when users download iTunes - was offering something called "iPhone Configuration Utility" to Windows users, even to machines that have never connected to an iPhone. Later in the day, however, Apple removed the software from the update list.

Popular Windows blogger Ed Bott first reported on ZDNet that the tool was included in new updates. The tool, chimed in Simon Bisson of itexpertmag.com , is actually an enterprise-grade tool for network administrators, who use it to create and deploy device profiles so users can securely connect to a company's Exchange mail servers. Computerworld confirmed that the 22MB download was offered to PCs, including those running Windows XP Service Pack 3 (SP3) and Vista SP2, that had never been used to synchronize an iPhone. According to Bisson , the iPhone Configuration Utility also adds the open-source Apache Web server software to the PC. "The thing with that iPhone config utility is that it's an enterprise tool for building device profiles. Apple has been criticized in the past for using its software updating service to push unwanted software. It's not for consumers!" Bisson said on Twitter.

Last year, for example, the company came under fire for offering Safari for Windows to users who had not installed the application, going so far as to pre-check the program so that users who simply accepted the default downloads received the browser. Later, Apple quietly changed Software Update so that Safari was unchecked, requiring users to explicitly request the browser. John Lilly, the CEO of Mozilla, the open-source developer responsible for Firefox, said Apple's tactic "undermines the Internet" because updates are traditionally used to patch or fix existing software, not install new programs. By 3:30 p.m. ET, Apple Software Update had dropped the iPhone Configuration Utility as a potential update to the same PCs that earlier had indicated the tool should be downloaded. Apple did not immediately respond to questions about why the iPhone utility had been offered, and whether the company had erred in listing it as an update for Windows users.

U.S. house decommissions its last mainframe, saves $730,000

The U.S. House of Representatives has taken its last mainframe offline, signaling the end of a computing era in Washington, D.C. The last mainframe supposedly enjoyed "quasi-celebrity status" within the House data center, having spent 12 years keeping the House's inventory control records and financial management data, among other tasks. How to really bury a mainframe The cost and energy savings contribute to the Green the Capitol program designed to improve efficiency in the halls of Congress. But it was time for a change, with the House spending $30,000 a year to power the mainframe and another $700,000 each year for maintenance and support.

Applications running on the last mainframe have been moved to x86 and Unix servers, many of which are using virtualization technology that first appeared on the mainframe decades ago.  "It's a symbolic transition into the latest and greatest in terms of green technology, virtualization, consolidation and all those things," says Jack Nichols, director of enterprise operations at the House of Representatives. "The mainframe plug was pulled, but it was pulled in favor of something that was started in the mainframe world."  The House had been using mainframes since at least the early 1970s, and at one time had a 13,000-square-foot data center dedicated to mainframe and mainframe operations. The last mainframe was an IBM model in place since 1997, and was situated in the http://en.wikipedia.org/wiki/Ford_House_Office_Building ">Ford House Office Building. "It wasn't the fastest box in the world," says Rich Zanatta, director of facilities for the House. "Some of our blades and some of our standard servers have more capability than that entire 8-cubic-foot box has. As mainframes grew stronger, the House moved down to just one machine, in addition to other types of servers. Technology-wise, it's obviously been surpassed." New mainframes are far more powerful and efficient than those built in the 90s, of course. It will be turned over to the U.S. General Services Administration, and could resurface in the used mainframe market.

But the House decided not to buy another mainframe in part because its IT staff has more expertise running x86 and Unix boxes. "We really don't' have those [mainframe] skill sets in house anymore," Zanatta says. "We try not to maintain architecture that we can't support ourselves." The staff for House Chief Administrator Officer Daniel Beard held a ceremony to take the mainframe offline Friday. The House also had a second mainframe in a backup site, the location of which is secret, which was also shut off.  Decommissioning the mainframe involved getting rid of lots of large, bulky cables, not to mention migrating applications to newer systems. But the House staff has been working to move those applications to new servers for the past five years, a process that just ended. The mainframe had been running a half-dozen applications including staff payroll, inventory management, committee calendars and other legislative tasks. Turning off the mainframe is a big step in reducing the House's server footprint. The mainframe was consuming 10,000 to 15,000 watts an hour, and maintenance and support costs were increasing because it was so out-of-date. "As it increases in age, so does the maintenance cost," Zanatta says. "We were starting to hit that threshold of pain."

Already, the House consolidated about 150 test servers down to 20 through virtualization, and consolidated about 120 production servers onto 15 or 20. "Those are dramatic savings for us in the way of power and cooling," Zanatta says.

World of Warcraft players targeted by 'free mounts' phishing scheme

The popular online game World of Warcraft (WoW) is being hit with a new phishing scheme that lets attackers steal players' accumulated "gold" and other treasure by luring players with offers of free "mounts" used in the online game, say security researchers at F-Secure. The link takes the player to a site that looks exactly like World of Warcraft and offers them free "mounts," the fantasy horses that humans would ride or trusted wolf mounts that the Orcs prefer, which have powers like helping move the player more quickly through the game or defend them against monsters. It's an attack that exploits the WoW-based in-game chat to lure a player into clicking on a link.

If the victim falls for the "free mounts" phishing fraud and enters his online credentials, the attacker can take over his account and steal all the "gold" or other treasures the player accumulated in the game's progress. "This is like physical property, it can be traded," said Sean Sullivan, security researcher at F-Secure about the value of the online game's items like "gold" and "mounts," which can bring money in auctions in sites in China, for example. Sullivan added that over two years ago, eBay declared a ban on auctioning WoW items like fantasy "gold," apparently because of the fraud level. The latest phishing scam to hit WoW, which F-Secure describes here, is a new twist on some of the older attacks that made use of malicious banner ads on WoW to try and install trojans on victim's desktops. The current "mounts" phishing scam allows the successful attacker to steal whatever treasures the victim has associated with the WoW account, and then to go after other victims. F-Secure's Internet Security 2010 product recognizes this type of phishing scam and blocks against it, the vendor says.

Sun, Oracle chiefs vow: Sun technologies will live on

Sun Microsystems Chairman Scott McNealy and Oracle CEO Larry Ellison both took the stage at the Oracle OpenWorld 2009 conference Sunday evening to offer reassurances that Sun technologies will not go away should Oracle complete its planned acquisition of Sun. As a matter of fact, combining Sun's research and development budget with Sun's presents  "one of the great R&D opportunities of all time," McNealy said. [ Find out why some user are nervous about Oracle owning MySQL. | Relive Sun's storied history in InfoWorld's slideshow "The rise and fall of Sun Microsystems." ] Oracle, for example, intends to spend more money developing Sparc than Sun does now, he said. "That's a good sign for Sparc innovation," McNealy said. "You look at the core technologies that we're developing: They're going to find a nice home in this next chapter," he said, referring to merger. From Java to the Solaris OS to the Sparc CPU platform and Sun storage technologies, Oracle will be good for all of them, the executives stressed at the San Francisco event. Ellison, for his part, took exception with IBM for suggesting Oracle was not committed to Sun's wares, particularly Sun hardware. "We're looking forward to competing with IBM in the systems [business] and we think the combination of Sun and Oracle [is] well-equipped to compete successfully against the giant," Ellison said.

The challenge would be part of a new ad campaign. Ellison said he would give $10 million to anyone - any major company or enterprise - whose existing database application would not run at least twice as fast on Sun gear. But he acknowledged Oracle recently was fined $10,000 for running a recent ad comparing Sun and Oracle to IBM, in which the benchmark evidence had not yet been documented.  His explanation cited overzealousness on Oracle's part. "If IBM wants to compete, we're happy to compete and we made a series of commitments," Ellison said. And with a little more investment, it could be even better," said Ellison. Solaris, meanwhile, is the leading enterprise OS and the leading OS for running the Oracle database, he said. "We said we're not selling the hardware business and we think Sparc is a fantastic technology.

Oracle also plans to increase its investment in the open source MySQL database, Ellison said. MySQL currently is owned by Sun. He added that Oracle already has continued to invest in the Innobase technology it acquired that serves as the transaction engine in MySQL. There had been speculation that Oracle bought Innobase "to kill it," but that has not happened at all, Ellison stressed. IBM had been a rumored suitor for Sun prior to Oracle forging a deal to buy the company nearly six months ago. McNealy said efforts to close the sale were proceeding with authorities. The sale remains held up by the European Union, which is concerned over commercial database giant Oracle owning MySQL.  Recently, Ellison said Sun has been losing $100 million a month waiting for the sale to close.

To argue on behalf of Oracle's commitment to Java, McNealy brought Sun Vice President James Gosling, considered the father of Java, onstage. The JSR process is used to submit modifications to the platform to the community at large. Oracle's product mix features Java and the company has  participated in numerous Java Specification Requests (JSR), Gosling said. Oracle, though, has been a bit unprepared for the volume of activity in the Java world, Gosling, said. "We do 15 million downloads of the JRE (Java Runtime Edition) a week on average," he said. He lauded recent Sun-Oracle performance benchmarks and noted the recently introduced Sun-Oracle Exadata Database Machine Version 2, which combines Sun hardware with Oracle's database and storage management software.  Fowler also announced the Sun Storage F5100 Flash Array, which integrates 1.6TB of Flash storage into a device that looks like a server.

Also appearing onstage at OpenWorld was John Fowler, Sun vice president of system. "My team is excited about working closely with Oracle because we have been working with Oracle now [for] what's measured in decades," Fowler said. McNealy cited a long list of Sun accomplishments, including the Network File System, the various editions of Java, Sparc's being the first 64-bit volume RISC architecture, and the company's contributions to open source, including its use of Berkeley Unix. "We were the Red Hat of Berkeley Unix," he said. In a Top 10 list entitled "Top 10 Signs Engineers Have Gone Wild," McNealy  took potshots at Apple for not supporting Java on its iPhone. "Friends don't let friends type on an iPhone especially since it doesn't run Java. In a brief interview after the evening presentation, Tim Bray, Sun's director of Web technologies, would not comment on whether the Sun name would go away as part of the merger with Oracle or whether Sun would become a division of Oracle. Are you listening, Steve," McNealy said, referring to Apple CEO Steve Jobs.  "[The iPhone is] the only device on the planet that doesn't run Java." He also ridiculed President Barack Obama's winning of the Nobel Peace prize last week, without mentioning the President by name. Follow the latest trends for developers, open source, and database management at InfoWorld.com.  

One of the engineering signs on McNealy's list pertained to a Nobel prize for a gas mask bra, leading McNealy to follow the reference with a comment that such an award was "no more ridiculous than some other Nobel prizes that I've heard of." This story, "Sun, Oracle chiefs vow: Sun technologies will live on," was originally published at InfoWorld.com.

FBI says trio of terrorism e-mails are scams

The FBI today warned that three separate e-mails making the rounds that promise access to FBI terrorism reports are nothing more than malicious software looking to steal your personal information. Fraudulent e-mails containing the subject line "New DHS Report" have been circulating since August 15, 2009. The e-mails claim to be from the Department of Homeland Security (DHS) and the FBI Counterterrorism Division. Network World Extra: 12 changes that would give US cybersecurity a much needed kick in the pants The three scam-mails are: • Fraudulent e-mail claiming to be from Department of Homeland Security and the FBI Counterterrorism Division. The e-mail text contains information about "New Usama Bin Ladin Speech Directed to the People of Europe," and has an attachment titled "audio.exe." The attachment is purportedly an audio speech from Bin Ladin; however, it actually contains malicious software intended to steal information from the recipient's system. • Fraudulent e-mail message claiming to contain a confidential FBI report titled "New Patterns in Al-Qaeda Financing" has been circulating since August 15, 2009. The e-mail has the subject line "Intelligence Bulletin No. 267," and contains an attachment titled "bulletin.exe." This message, or similar messages, may contain files that are harmful to the recipient's system and may try to steal user credentials. • A fraudulent e-mail, initially appearing around June 16, 2009, claims to contain a confidential FBI report from the FBI "Weapons of Mass Destruction Directorate." The subject line of the email is "RE: Weapons of Mass Destruction Directorate," and contains an attachment "reports.exe". This message and similar messages may contain a file related to the "W32.Waledac" trojan software, which is designed to steal user authentication credentials or send spam messages.

Such bulletins shall not be released, either in written or oral form, to the media, the general public, or other personnel who do not have a valid need-to-know without prior approval from an authorized FBI official, as such release could jeopardize national security. Below is an example of the fraudulent e-mail message: CLASSIFIEDFEDERAL BUREAU OF INVESTIGATIONINTELLIGENCE BULLETINWeapons of Mass Destruction DirectorateHANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins contain sensitive terrorism and counterterrorism information meant for use primarily within the law enforcement and homeland security communities. Link to malicious software (report.exe) The malware warning comes on the heels of an FBI report that fraudsters are targeting social networking sites with increased frequency and users need to take precautions. One involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. The FBI said scammers continue to hijack accounts on social networking sites and spread malicious software by using various techniques. Other spam entices users to download an application or view a video.

Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected, the FBI stated. Some spam appears to be sent from users' "friends", giving the perception of being legitimate. Another fraudster favorite involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software, the FBI stated.

China's Alibaba expects India joint venture this year

Top Chinese e-commerce site Alibaba.com aims to announce an Indian joint venture this year as the company expands its global footprint, it said Friday. A deal in India, where Alibaba.com recently surpassed 1 million registered members, would be the latest in the site's efforts to grow abroad. "I've got a lot of confidence in India," said Jack Ma, CEO of Alibaba Group, the parent company of Alibaba.com. Alibaba.com is in talks with an Indian reseller about forming a joint venture, CEO David Wei told reporters at a briefing. Alibaba.com is a platform for small and medium businesses to trade everything from lumber and clothes to iPods and PC components.

Alibaba.com already works with Indian publishing company Infomedia 18, its likely joint venture partner, to promote its platform in the country. Its main member base is in China, but the site also has 9.5 million registered users in other countries and facilitates many cross-border trades. The site also has a joint venture in Japan and recently launched a major U.S. advertising campaign to attract more users there. Ma said Alibaba knows it needs to "do something" in Latin America as well. Ma and other top Alibaba executives visited the U.S. early this year for meetings with potential partners including Amazon.com, eBay and Google. When asked if the company would also seek to expand in Eastern Europe, Ma said, "I will be there." Alibaba will not hold a majority stake in joint ventures it forms, instead taking a share similar to the 35 percent it has in its Japan operation. "Our global strategy means partner with local people," Ma said. "We want partners and we want partners to control their business." Users place total orders of more than US$200 million each day on the Alibaba.com international platform, Wei said.

About 50 percent of those orders go to Chinese exporters, he said.