The News - Computer

on Monday announced an initiative to advance large-scale distributed computing by providing hardware, software, and services to universities.

The two companies aim to reduce the cost of distributed computing research, thereby enabling academic institutions and their students to more easily contribute to this emerging computing paradigm.

"Google is excited to partner with IBM to provide resources which will better equip students and researchers to address today's developing computational challenges," said Eric Schmidt, CEO of Google, in a statement. "In order to most effectively serve the long-term interests of our users, it is imperative that students are adequately equipped to harness the potential of modern computing systems and for researchers to be able to innovate ways to address emerging problems."

The first university to join the initiative is the University of Washington, located not far from Microsoft(MSFT)'s corporate headquarters in Redmond, Wash. Carnegie-Mellon University, MIT, Stanford University, the University of California at Berkeley, and the University of Maryland are also participating in the program.

"The reason that we're partnering with universities is that Google is an engineering firm," said Christophe Bisciglia, a senior engineer at Google and a former University of Washington student. "We're working with our academic partners to teach [large-scale distributed computing] to students."

The fundamental architecture of computing is changing, Bisciglia said. Moore's Law still applies, he said, but now more performance gains come from processor density than transistor density. "You need to design your software to that it scales horizontally," he said, referring to the challenges of programming for many multicore processors working in parallel.

"In this age of 'Internet-scale' computing, the new, evolving problems faced by computer science students and researchers require a new, evolving set of skills," Bisciglia explained in a post to Google's corporate blog on Monday. "It's no longer enough to program one machine well; to tackle tomorrow's challenges, students need to be able to program thousands of machines to manage massive amounts of data in the blink of an eye."

"This is really going to benefit every entity that goes on to take these students," said Bisciglia. "They're all going to benefit from this change. They're all going to need it sooner or later."

Large-scale distributed computing, also known as cloud computing, has been touted as the future for years now. In a July 2003 paper, Microsoft researcher Jim Gray -- who was reported missing at sea earlier this year -- noted that IBM and Microsoft were pushing Internet-scale distributed computing as a new model.

Sun Microsystems(SUNW) has also long been an advocate of what it calls grid computing.

In a statement, Samuel J. Palmisano, chairman, president, and CEO of IBM, characterized the effort "to train tomorrow's programmers to write software that can support a tidal wave of global Web growth and trillions of secure transactions every day."

Whether IBM and Sun will develop an ad-based revenue stream to support large-scale distributed computing remains to be seen. Unlike Microsoft, neither company has hedged its business model by investing in Internet advertising technology.

As part of the initiative, Google and IBM are providing a cluster of several hundred computers -- Google's custom servers and IBM BladeCenter and System x servers. Over time, the companies expect the cluster to surpass 1,600 processors. The Linux-based servers will run open source software including Xen's virtualization system and Hadoop, an open source implementation of Google's distributed file system that's managed by the Apache Software Foundation.

Although Hadoop was developed by Yahoo(YHOO)'s Doug Cutting and can be seen as enabling Google's competitors, Google says it supports the effort. "We're made very small contributions to Hadoop for this project and we obviously very strongly support the project," said Bisciglia.

IBM's Tivoli software will handle cluster management, monitoring, and resource provisioning.

Students working with the cluster will have access to a Creative Commons-licensed curriculum for massively parallel computing developed by Google and the University of Washington.

Congressional aide admits trying to hire hackers - to boost his college GPA

The communications director for Montana's lone congressman solicited the services of two men he falsely believed to be criminally minded hackers-for-hire - with the expressed goal of jacking up his college GPA - during an exchange that spanned 22 e-mails over two weeks this past summer.

Todd Shriber, 28-year-old press aide to U.S. Rep. Denny Rehberg, R-Mont., e-mailed the security Web site attrition.org on Aug. 9, writing: "I need to urgently make contact with a hacker that would be interested in doing a one-time job for me. The pay would be good. I'm not sure what exactly the job would entail with respect to computer jargon, but I can go into rough detail upon making contact with a candidate."

After initially denying knowledge of the exchange, Shriber told me this afternoon in the final of our three phone conversations: "I did something that's greatly out of character for me and it's a mistake that I regret."

Two members of attrition.org, "Lyger" and "Jericho" (a.k.a. "security curmudgeon") corresponded with Shriber and fooled him into believing that they would carry out his wishes, with Jericho warning him at one point: "You are soliciting me to break the law and hack into a computer across state lines. That is a federal offense and multiple felonies."

Shriber wanted Lyger and Jericho to break into the computer system at Texas Christian University, from which he graduated in 2000.

In the final e-mail on Sunday, Aug. 27, Lyger tells Shriber that his hacking attempts had been detected and "we are SO busted." He urges him to "duck and run if you can" in an exaggerated, obscenity-filled - and completely fictional - missive that put an end to their working relationship.

While the name Todd Shriber and a Yahoo address appear on the e-mail string that has been posted at attrition.org since September - the site posts many of the oddball requests it gets, including some seeking illegal services - it was only today and after a bit of search-engine work here that the person involved was identified as a congressional aide. (Shriber did send Lyger a note in September asking that the e-mails be removed from the site.)

Asked why he launched the scheme, Shriber told me, "I would rather not get into that at all. I just got a little too far ahead of myself thinking about things down the road." His college grades "weren't that great," he acknowledged.

Shriber contends now that he "got cold feet" toward the culmination of the hack that never happened and wanted out, although there is no indication of second thoughts in any of the e-mail.

"A solicitation was made but no action was performed," he told me. "These are people misrepresenting themselves for a laugh."

Lyger expresses little sympathy for a man who, after all, was willing to pay others to commit a crime.

"You'll notice that we even intentionally redacted his Social Security number and date of birth in one of the e-mails (on the site)," Lyger told me in an e-mail this afternoon. "Pretty ironic that he even sent them since we maintain a data-loss database, Web page, and mailing list.

Military 'hacker' freed on bail

A British man arrested for allegedly carrying out the "biggest military computer hack of all time" has been released on bail by magistrates.

Gary McKinnon, accused of hacking into 53 US military and Nasa computers in 2001 and 2002, appeared before Bow Street magistrates in London.

The 39-year-old, of Wood Green, north London, will be back in court for an extradition hearing on 27 July.

She told reporters: "Of particular concern to him is the treatment of other British nationals under the American judicial system which inspires little confidence.

"We believe that as a British national, he should be tried here in our courts by a British jury and not in the US."

Mr McKinnon, an unemployed computer systems administrator, is known on the internet as "Solo".

He is accused of hacking into computer networks operated by Nasa, the US Army, US Navy, Department of Defence and the US Air Force.

The US estimates the costs of tracking and correcting the problems he allegedly caused were around $1m (£570,000).

If he is extradited and found guilty, Mr McKinnon faces a long sentence in the US.

The Briton was indicted in 2002 by a federal grand jury on eight counts of computer-related crimes in 14 different states.

It claimed that he hacked into an army computer at Fort Myer, Virginia, obtained administrator privileges and transmitted codes, information and commands.

The indictment alleged Mr McKinnon also deleted "critical system files" on the computer, copied a file containing usernames and encrypted passwords for the computer and installed tools to gain unauthorised access to other computers.

At the time of the indictment Paul McNulty, the US Attorney for the Eastern District of Virginia, said: "Mr McKinnon is charged with the biggest military computer hack of all time."

Mr McKinnon's solicitor, Karen Todner, estimates he could face a maximum 70-year jail sentence if convicted in the US.

She says he does not deny infiltrating US systems but says his motivation was to try to prove the existence of UFOs and to expose security failures.

World's biggest hacker held

A London man described as the "world's biggest computer hacker" has been arrested.

Gary McKinnon, 39, was seized by the Met's extradition unit at his Wood Green home.

The unemployed former computer engineer is accused of causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa. He is likely to be extradited to America to face eight counts of computer crime in 14 states and could be jailed for 70 years.

The former Highgate Wood comprehensive-pupil was granted bail today at Bow Street Magistrates' Court.

Most of the alleged hacking took place in 2001 and 2002. At one stage the US thought it was the work of the al Qaeda terror network.

Friends said that he broke into the networks from his home computer to try to prove his theory that the US was covering up the existence of UFOs.

He is accused of a series of hacking offences including deleting "critical" files from military computers. The US authorities said the cost of tracking him down and correcting the alleged problems was more than £570,000. The offences could also see him fined up to £950,000 if found guilty on all charges.

He was arrested yesterday evening but the US first issued an indictment against him in November 2002.

Prosecutor Paul McNulty alleged that McKinnon, known online as "Solo," had perpetrated "the biggest hack of military computers ever". He was named as the chief suspect after a series of electronic break-ins occurred over 12 months at 92 separate US military and Nasa networks.

McKinnon was also accused of hacking into the networks of six private companies and organisations.

It is alleged that he used software available on the internet to scan tens of thousands of computers on US military networks from his home PC, looking for machines that might be exposed due to flaws in the Windows operating system.

Many of the computers he broke into were protected by easy-to-guess passwords, investigators said. In some cases, McKinnon allegedly shut down the computer systems he invaded.

The charge sheet alleges that he hacked into an army computer at Fort Myer, Virginia, where he obtained codes, information and commands before deleting about 1,300 user accounts.

Other systems he hacked into included the Pentagon's network and US army, navy and air force computers.

Reports when he was first indicted said that McKinnon found his career as a computer engineer tedious.

One message updating old schoolfriends on a website read simply: "Computers (Yawn)".

Friends said he was desperate to prove that the Americans had mounted a huge cover-up to deny his belief that aliens had visited earth.

Andrew Edwards, who has known McKinnon since their days together at Highgate Wood comprehensive, said in 2002: "Gary told me all he was doing was looking for proof of a cover-up over UFOs.

"He's been interested in UFOs for some time and believes the Americans are holding back information - although he didn't find any proof."

Outside court, his solicitor Karen Todner said he was disappointed it had taken the authorities this long to bring him to court.

She said: "This decision for extradition is driven by the American government. Mr McKinnon intends to contest this case most vigorously.

"Of particular concern to him is the treatment of other British nationals under the American judicial system which inspires little confidence.

"We believe that as a British national, he should be tried here in our courts by a British jury and not in the US."

New Tools Help Hack Into iPhone

iPhone hackers have some new tools now, thanks to HD Moore, one of the developers of the Metasploit hacking software.

On Tuesday, Moore announced that he was supporting the iPhone within his Metasploit framework and released software that would allow hackers to run "shellcode" command prompts on Apple's mobile device.

By integrating the iPhone into Metasploit, it will now be a little easier for hackers to gain access to someone else's iPhone, but they will also need a few other tools to succeed. First, they will need to create working exploit code, which takes advantage of bugs in Apple's software, to trick the device into running the shellcode. They will also need to create more sophisticated "payload" applications that can do things like remotely connect with the hacker. "It's a first step," Moore said of his hack.

With iPhone prices dropping and noticeable improvements in the quality of iPhone hacking tools, Apple's phone has become a more interesting target of late, Moore said.

And the iPhone has obviously hit a nerve in the security community. Moore said that about a quarter of the attendees at the recent Black Hat conference in Las Vegas had the devices. "It's trendy," he said. "It kind of creeped me out when I saw how many people had iPhones when I went to Vegas."

In fact, hackers have already developed a number of exploits that they claim could be used on the iPhone's Safari browser.

And security researchers have even demonstrated how the iPhone can be compromised. In July, a Baltimore, Maryland, company called Independent Security Evaluators showed how it could run unauthorized software on an iPhone by taking advantage of a Safari bug.

Moore believes that the iPhone's browser and mail client will be the best sources of bugs and he said that because of the components and information stored on the phone, it may end up being a more attractive target than the PC.

For example, the phone could be used to track someone's location based on information from cell phone towers. Throw in the iPhone's microphone, camera and an Internet connection, and you suddenly have a device that could be used to secretly keep tabs on people, Moore said. "If you look at what you get by exploiting someone's iPhone, you actually get a lot more than you do from someone's PC a lot of the time," he said.

Justice IT pilots cover photo sharing, GIS

By Wilson P. Dizard III

The Justice Department has targeted $1.8 million in grant funds to pilot projects in the fields of driver’s license photo sharing and the use of geospatial information systems (GIS) in law enforcement work, according to the nonprofit grantee recipient.

The department issued the grants through the National Institute of Justice, which supports research, development and evaluation of criminal justice technology. Nlets, also known as the International Justice and Public Safety Network, announced that it would devote more than $1 million of the funds, which comprise two of the three grants included in the package, to expand its program for driver’s license photo sharing.

Nlets, formerly known as the National Law Enforcement Telecommunications System, is a nonprofit organization owned by state governments. It was originally founded to operate a communications backbone for law enforcement agencies nationwide and in selected countries overseas. Nlets still operates the telecommunications system and has upgraded it in recent years.

Nlets launched its Interstate Sharing of Photos (NISP) pilot in January to allow law enforcement agencies to share driver’s license photos over the Nlets network, the organization said. Before NISP began, interstate driver’s license photo sharing was available only to motor vehicle departments (DMVs) and not to law enforcement agencies, the organization said.

Nlets launched the first phase of the NISP pilot in March at the International Association of Chiefs of Police’s State and Provincial Police Division annual meeting.

So far, the NISP pilot includes North and South Carolina, Oregon, Tennessee and Virginia. The second and third phases of the NISP pilot will expand the driver’s license sharing technology to more states. The future phases also will extend the system to include photos from jails and prisons as well as other law enforcement sources, Nlets said in a statement.

The third grant will support Nlets’ Live Operational Geospatial Information Capability (LOGIC). The $700,000 devoted to the LOGIC activities is aimed at improving crime detection and incident mapping, alerting systems, resource allocation methods and situational-awareness technology, Nlets said. LOGIC is intended to demonstrate the benefits of geospatial technology for law enforcement and public safety missions that cross state lines and other jurisdictional boundaries, Nlets said.

“In addition, LOGIC will evaluate the viability of delivering these location-based services over the Nlets network,” the organization said.

NGA taps Lockheed for geospatial intel

By Patrick Marshall

The National Geospatial-Intelligence Agency has awarded a contract estimated to be worth approximately $20 million over five years to Lockheed Martin Integrated Systems and Global Services, which will develop a pilot program for demand-based geospatial intelligence.

The goal of DBGI is to provide federal agencies access to the most recent geospatial intelligence data immediately upon demand and in a format appropriate for the user’s needs. Currently, NGA produces hard-copy maps using large-format, five-color offset lithographic presses. This process has been necessary to meet military requirements that charts and maps be printed in specific spot colors to ensure readability in poor lighting conditions.

Under the contract’s statement of work, Lockheed Martin is tasked to “give customers the capability of content staging, supply chain management and digital, wide-format, high-volume hardcopy output.”

The DBGI project is an early stage of NGA’s Transforming the Dissemination Environment program, which will eventually allow clients to access geospatial intelligence via a storefront portal.

Tested: New Hybrid Hard Drives From Samsung and Seagate

These drives promise the best of both the magnetic-hard-disk and flash-disk worlds. Do they live up to that promise? We test two to find out.

Melissa J. Perenson, PC World

When they were introduced a couple of years ago, hybrid hard drives seemed enticing. Pairing a standard hard drive with a flash component sounded like a good way to deliver on the theoretical performance boosts that flash can offer while still providing the long-standing price, capacity, and performance benefits of hard disks. We've now tested the first two hybrid hard drives to reach market, and we've discovered some clear benefits--but other results were inconclusive.

Seagate Momentus 5400 PSD

We looked at Seagate's Momentus 5400 PSD drive, announced today, and Samsung's SpinPoint MH80 drive, released this summer. Both models are 2.5-inch, 160GB notebook drives with 256MB of nonvolatile flash memory cache on board. The hard-drive industry concentrated on introducing the new technology in laptop drives because notebooks would be more likely to reap the benefits that hybrid tech promises, including faster boot time and power savings.

In the Test Center

The PC World Test Center examined the $190 Seagate Momentus 5400 PSD and the $299 Samsung SpinPoint MH80 alongside a $250 non-hybrid Hitachi Travelstar 7K200 (HTS722020k9SA00). We tested all three drives on a Dell Inspiron 1520, running a Core 2 Duo T7300 2-GHz CPU and 2GB of memory. Click the icon below to see a chart of our test results.

To test the hybrid drives, we did a fresh installation of the 32-bit version of Microsoft Windows Vista Ultimate and updated the drivers and BIOS. Surprisingly, we had to wait about 20 minutes for the operating system to recognize each hybrid drive. Once each drive was recognized, however, an NVCACHE tab appeared in the driver properties, and the drive was ready to work with Vista's ReadyDrive technology, which uses the drive's flash cache. You must run Windows Vista to use a hybrid hard drive.

To prepare the system to take advantage of any power savings the hybrid drive would provide, we entered the Power Options control panel and, under the Balanced power profile, changed the settings to enable the Windows Hybrid Hard Disk Power Savings Mode. Our experience was, in fact, much like that of someone who was upgrading their existing notebook with Vista and a hybrid hard drive.

The minimum requirements for using a hybrid drive are tied in with Vista's minimum requirements: Beyond having a system that runs Windows Vista and uses a Serial ATA interface, Seagate suggests that your PC have 2GB of memory, a dual-core or quad-core CPU, the latest BIOS revision (less than one year old), and the newest drivers. Seagate notes that hardware drivers can have an impact on a hybrid's benefits, though the company doesn't go into detail on this point in its reviewer's guide; when asked, the company stated that slow drivers can affect a PC's boot performance.

Power Savings Confirmed

The Hitachi drive is a performance model that spins at 7200 rpm, in contrast to the 5400-rpm speed of the Samsung and Seagate drives. However, the Hitachi model is representative of the direction notebook computing is going, as increasingly we're seeing mainstream and power notebooks with a 7200-rpm drive inside.

As such, it was no surprise that the Hitachi drive was the fastest at our timed hard-drive write tests. The Hitachi model required 154 seconds to copy 3.06GB of files and folders, versus the Seagate's 208 seconds and the Samsung's 217 seconds.

On our read tests, the difference was much smaller. The Hitachi required 25 seconds to search through its files, while the Seagate needed 29 seconds and the Samsung took 30 seconds. On our Panda virus-scan test of 6.12GB of files, the Hitachi and Seagate tied at 34 seconds, and the Samsung was just a shade behind at 36 seconds. Whether we can attribute those tight results to the hybrid models' use of 256MB of nonvolatile cache is uncertain, but the flash memory could be a factor.

Hacker breaks into Mac at security conference

VANCOUVER—A hacker managed to break into a Mac and win a $10,000 prize as part of a contest started at the CanSecWest security conference here.

According to the security blog Matasano Chargen, Shane Macaulay and Dino Dai Zovi won the contest by gaining shell access to a Mac by pointing the Mac’s Safari browser at a specially-constructed Web page.

“Currently, every copy of OS X out there now is vulnerable to this,” said Sean Comeau, one of the organizers of CanSecWest.

The conference organizers decided to offer the contest in part to draw attention to possible security shortcomings in Macs. “You see a lot of people running OS X saying it’s so secure and frankly Microsoft is putting more work into security than Apple has,” said Dragos Ruiu, the principal organizer of security conferences including CanSecWest.

Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail.

Dai Zovi, who lives in New York, developed the exploit that exposed the hole on Thursday night. Since the contest was only open to conference attendees, he sent it to his friend Macaulay in Vancouver, who claimed the prize.

The URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said. An attacker could use the vulnerability in a number of ways, but Dai Zovi used it to open a back door that gave him access to anything on the computer, Comeau said.

The vulnerability won’t be published. 3Com Corp.’s TippingPoint division, which put up the cash prize, will handle disclosing it to Apple.

The prize for the contest was originally one of the Macs. But on Thursday evening, TippingPoint put up the cash award, which may have spurred a wider interest in the contest. According to Matasano Chargen, Macaulay will keep the MacBook while Dai Zovi will pocket the cash prize.

One reason Macs haven’t been much of a target for hackers is that there are fewer to attack, said Terri Forslof, manager of security response for TippingPoint. “It’s an incentive issue. The Mac is not as widely deployed of a platform as say Windows,” she said. In this case, the cash may have provided motivation.

Google And IBM Partner To Push Cloud Computing