Hijacked Web sites attack visitors

Here's the scenario: Attackers compromise a major brand's Web site. The issue goes unnoticed until it's exposed publicly. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. Such attacks are a common occurrence, but most fly under the radar because the users never know that a trusted Web site infected them, says Brian Dye, senior director of product management at Symantec Corp.

But word can get out, leaving the Web site's customers feeling betrayed, and seriously damaging a brand's reputation. When his company tracks down the source of such infections, it often quietly notifies the Web site owner. Attackers, often organized crime rings, gain entry using techniques such as cross-site scripting, SQL injection and remote file-inclusion attacks, then install malicious code on the Web server that lets them get access to the end users doing business with the site. "They're co-opting machines that can be part of botnets that send phishing e-mail, that are landing sites for traffic diversion and that host malware," says Frederick Felman, chief marketing officer at MarkMonitor. That possibility is one of Lynn Goodendorf's biggest worries as global head of data privacy at InterContinental Hotels Group. "I worry about attacks that use a combination of malware and botnets," she says, adding that she has watched this type of activity increase steadily over the past two years. "That's very scary," says Goodendorf. But because the business's Web site isn't directly affected, the administrators of most infected Web sites don't even know it's happening.

Most victims haven't associated such attacks with the Web sites that inadvertently infected them. The latest versions of Microsoft's Internet Explorer browser and Google's search engine detect sites infected with malware, issue a warning and block access to the site. "To me, this is serious online brand damage," says Garter analyst John Pescatore, and it can be disastrous for small and midsize businesses that totally depend on search engine traffic. But that may be changing. The next frontier, says Dye, may be attackers who use these types of exploits against the Web sites of high-profile brands and then publicize - or threaten to publicize - what happened. But Pescatore sees a more fundamental problem: rushing through Web site updates and ignoring development best practices designed promote security.

Preventing attacks like SQL injections requires using enterprise-class security tools, such as intrusion-prevention and -detection systems, with a focus on behavioral analysis to spot attacks, Dye says. Most organizations follow formal processes for major upgrades, but not for the constant "tinkering" that takes place. The result: Vulnerabilities creep into the code. "Security groups often are forced to put Web application firewalls in front of Web servers to shield [these] vulnerabilities from attack," says Pescatore.

Using the Internet makes people smarter, study finds

Could it be that the Internet actually - gasp! - makes you smarter? The researchers said they found that surfing the Web seemed to stimulate neural activity and possibly enhance cognitive functioning in the mature group of Internet users . Just a week online increased brain activity twofold in the oldest Internet users studied, noted the scientists. "The results suggest that searching online may be a simple form of brain exercise that might be employed to enhance cognition in older adults," said Teena D. Moody, a UCLA senior research associate, in a statement. That's the word from a team of scientists at the University of California, Los Angeles , who reported this week that new Internet users between age 55 and 78 improved their scores on decision-making and complex reasoning tests after just seven days online. The researchers reported that using the Internet triggers key centers in the brain that usually atrophy with age and lack of use.

The UCLA team studied 24 adults - half of whom used the Internet daily, and half with very little online experience. However, when people begin using the Internet, it positively affects cognitive functions and alters the way the brain encodes new information. "We found that for older people with minimal experience, performing Internet searches for even a relatively short period of time can change brain activity patterns and enhance function," said Gary Small, a professor of psychiatry at UCLA and the study's author, in a statement. At the start of the program, the volunteers did online searches for information while undergoing MRI scans that recorded brain circuitry changes. After the two week period, the participants underwent a second brain scan. The they each went home and conducted Internet searches for an hour a day for seven days over a two-week period.

According to the researcher, the volunteers that had little Internet experience showed a marked improvement in areas of the brain that control memory and decision making. The UCLA team now plans to investigate the affects of online search on younger adults.

UMC posts best Q3 in years on stronger chip sales

United Microelectronics (UMC), the world's second-largest contract chip maker, reported its best quarterly net profit in two years on Wednesday due to strong chip sales. It is optimistic about the fourth quarter, as it expects average selling prices to rise due to an improved product mix. The company's positive momentum in the second quarter carried over into the third quarter, it said.

The global chip industry has continued to rebound after bottoming in the first quarter of this year as the global recession gripped financial markets. The last time UMC posted a better net profit was in the third quarter of 2007, when it reported net profit NT$9.23 billion. Stronger chip shipments sent UMC's sales for the third quarter up 11 percent year on year to NT$27.41 billion (US$843.9 million) as it turned to a net profit of NT$6.1 billion from a loss of NT$1.4 billion in the same quarter last year. The chip maker warned that the appreciation of the Taiwan dollar and some seasonal factors may hurt its shipments in the fourth quarter. UMC expects its chip shipments to remain flat or drop as much as 3 percent in the fourth quarter compared to the third, but average selling prices could rise as much as 3 percent. Chip sales normally peak in the third quarter because gadget makers need to install them inside devices ahead of the gift buying season for end-of-the-year holidays.

Demand for chips in consumer electronics is expected to grow, while the computer segment might show some weakness, UMC said. UMC also on Wednesday announced it plans to buy all stock in UMC Japan Challenges in Japan's chip industry could cause a surge in outsourcing to contract chip makers such as UMC, the company said, but UMC Japan is losing money and could continue to lose money and be unable to capture new business without help from the parent company in Taiwan. The company will spend US$500 million on new factory equipment this year, and plans to substantially increase capital spending on cutting edge chip production gear next year. UMC will offer nearly NT$2.44 billion for outstanding shares of UMC Japan.

SAP, Salesforce.com make apps with Google Wave

Google's Wave communication and collaboration platform is getting early interest from enterprise application vendors like Salesforce.com and SAP. Both companies have built prototype applications using Wave, which was released in preview mode for about 100,000 users on Wednesday after being available only to developers. SAP Research and the vendor's NetWeaver development team created an application called Gravity using Wave. Wave combines a range of technologies such as document sharing and instant messaging into a system for real-time collaboration.

In a demonstration video, Gravity is used to develop process models for a hypothetical merger between an insurance company and a bank. Meanwhile, Salesforce.com created an extension that employs Wave for customer service. Once completed, the process models are exported into SAP's BPM (business process modeling) software for further refinement. A demonstration video shows how a customer in need of support can use Wave to start a dialogue with an automated support robot. If the robot can't answer the user's questions, the user can request a live representative, who joins the conversation.

The system also creates a case record in Salesforce.com. Google is mulling the prospect of a "monetizable wave extension store," according to an official blog post, through which these applications and others could conceivably be sold. But while Wave is an intriguing technology, at this point it doesn't quite meet the needs of enterprises, according to Redmonk analyst Stephen O'Grady. "For both ISVs and enterprises, the usability will have to be improved," he said. "It's still an intimidatingly new technology for less technical users, so Google would do well to work with potential partners to abstract needless complexity and exposing only the business functionality required." Google acknowledged that Wave remains a work in progress in an official blog post this week, saying it "isn't quite ready for prime time" and noting that key features, such as a draft mode, remain to be implemented.

Apple lays out carbon footprint data

Apple has been pretty forthcoming about its environmental policies in recent years, but given the company's high profile, groups such as Greenpeace have continually pushed for even more transparency. Apple has taken flak in this department for trailing behind the likes of Dell and HP, both of which publish their annual carbon emissions, to the tune of 471,000 tons and 8.4 million tons respectively. This week, Apple overhauled the environmental section of its website with more data about its efforts, most prominently featuring an extensive breakdown of the company's annual corporate carbon emissions.

Apple, on the other hand, calculates it generates 10.2 million metric tons of greenhouse gas emissions in a year. For example, those companies' figures don't take into account the impact their products have on the environment during their lifetime. Although Dell and HP's numbers might sound significantly more environmentally friendly, it turns out that they're limited in what they actually measure. Apple, on the other hand, has explicitly broken down exactly where those 10.2 million tons come from: 38 percent from manufacturing, 5 percent during transportation, 53 percent from product use, 1 percent from recycling, and 3 percent from its own facilities. It would seem the ball is now in the court of competitors like Dell and HP, who will may quickly come under pressure to provide results as extensive as Apple's own. More to the point, the information Apple is now providing about its carbon footprint aims to reframe the debate over what it means to be an environmentally-friendly company.

Some environmental experts have lauded Apple's efforts and are hopeful that the move will spur those competitors to follow Apple's lead. But even the harshest of Apple's critics have acknowledged that Apple seems to be making genuine strides in the direction of environment friendliness. [via BusinessWeek] As always, there are also naysayers who think that Apple is only disclosing selective information that paints it in a positive light.

Nook e-reader pushes Barnes & Noble into crowded market

Barnes & Noble's new e-reader, reportedly dubbed the Nook, propels the bookseller into an increasingly crowded market for similar devices. The Nook reportedly runs on the Android OS . An official announcement from Barnes & Noble about the device was expected today, but had not been made as of 1 p.m. ET. The Gizmodo Web site has already posted leaked photos of the Nook, and said it has a dual screen. Priced at $259, the Nook will compete directly with the latest Kindle device from Amazon.com, according to the New York Times and other reports.

That's similar to an Android e-reader called Alex, from Spring Design Inc. The Nook has a smaller secondary screen than Alex, however. Alex, which features dual screens - one for monochrome text displays and the other, in color, for Web browsing and to provide additional media to supplement the text - was unveiled yesterday. An important distinction for the Nook is that it will allow users to lend their digitized books to friends, according to the Times . It also downloads wirelessly, as the Kindle does via Sprint Nextel's network, and as the Reader Daily Edition from Sony will do when it goes on sale in December. Plastic Logic Ltd. is also planning an e-reader, and yesterday said it will unveil the QUE (pronounced Q), an e-reader for business professionals, at the Consumer Electronics Show on Jan. 7. It will be less than a third of an inch thick and measure 8.5 inches by 11 inches, but few details have been released. The e-reader market is further crowded by the iRex DR800SG from Irex Technologies, which is due out this month and uses the Verizon Wireless network.

Analyst firm iSuppli Corp. expects five million e-readers to be sold in 2009, although Codex Group expects that number to be less than four million. Barnes & Noble created an e-bookstore at BN.com in July, selling digital editions that can be read on BlackBerry, the iPhone, laptops and desktops. And iSuppli expects the number sold will exceed 13 million in 2010, given growing interest in the devices. At International CTIA two weeks ago, the Motorola Cliq was shown with the ability to access BN.com to read digitized books, and representatives from the bookseller said then that they were seeking a broad variety of smartphones for users to access e-books. The Nook will reportedly be sold at Barnes & Noble stores and nook.com.

But the Nook shows Barnes & Noble sees value in a specialized e-reader as well. The site was not live as of early afternoon.