Stimulus bill keeps H-1B hiring limits on bailout recipients

Stimulus bill keeps H-1B hiring limits on bailout recipients
February 13, 2009 at 5:54 pm
________________________________

A provision intended to require banks receiving federal bailout funds to give hiring priority to U.S. workers over foreigners with H-1B visas was left in the economic stimulus package when U.S. House and Senate negotiators agreed on a compromise bill this week.

The $789 billion stimulus bill was subsequently approved by the House of Representatives Friday, and a vote in the Senate is expected Friday night.


The provision designed to curb the use of H-1B visas was proposed last week by Sens. Bernie Sanders (I-Vt.) and Chuck Grassley (R-Iowa) as an amendment to the Senate's stimulus legislation. The proposal initially sought to bar H-1B hiring by financial services firms receiving bailout money, but it was later modified to restrict such hiring.

The stimulus bill, once it is approved by the Senate and signed by President Barack Obama, will require firms that take bailout funding to make a good-faith effort to hire U.S. citizens before people who are in the country on H-1B visas.

Opponents of the measure says it is so restrictive that affected financial services firms likely will stop hiring H-1B workers altogether. However, the provision doesn't prevent them from using offshore outsourcing contractors, which typically are heavy users of H-1B visas.

As a result of the conference agreement, Sanders said in a statement Friday that he expects the H-1B provisions to be adopted along with the rest of the stimulus bill. He added that what may have prompted the negotiators to keep the H-1B restrictions in the bill were all of the ongoing layoffs and other job losses. "With thousands of financial services workers unemployed, it is absurd for banks to claim they can't find qualified American workers," Sanders said.

The proposed restrictions require firms that receive money under the federal Troubled Assets Relief Program (TARP) to comply with hiring rules set for "H-1B dependent" firms -- those with more than 15 percent of their workers on visas. Those rules set a number of strict requirements for hiring H-1B holders, including a need for companies to attest that they actively recruited American workers and are not displacing or replacing U.S. citizens with foreign workers.

However, the impact of the new legislation on offshoring of IT work may be limited. Ron Hira, an assistant professor of public policy at Rochester Institute of Technology and co-author of the book Outsourcing America, claimed that many TARP-recipient banks "have huge shadow workforces -- people who work for the bank indirectly through outsourcing contract firms."

The TARP-related hiring provision "will rectify some of the indefensible practices of quasi-nationalized banks," Hira said. "But unfortunately, it doesn't close the loopholes where most of the abuse occurs."

Hira said the amount of outsourcing by Wall Street firms has actually increased since the bailout program began last fall, citing deals such as offshore outsourcer Tata Consultancy Services Ltd.'s October agreement to acquire a unit of Citigroup that does business process outsourcing and IT services work. Similarly, Wipro Ltd. agreed in December to buy Citigroup's IT subsidiary in India.

In addition, Hira contended that "many, if not all, of these banks have human resource practices where they force their American workers to train foreign replacements, and subsequently lay off the American workers." That practice "sometimes results in tragedy," he added, citing the 2003 suicide of a former Bank of America programmer who reportedly was laid off after training his replacement.

On the other hand, Charles Kuck, president of the American Immigration Lawyers Association, expressed disappointed at the inclusion of the hiring restrictions in the compromise stimulus bill.

"These banks will not able to hire qualified foreign talent to pull them out of this mess -- if that was necessary," Kuck said. "Maybe we've got all the homegrown talent we need to pull us out of this mess, because now we have to hope we do."

While the restrictions don't prevent employers from hiring H-1B holders, Kuck predicted that the affected firms will be unlikely to do so because of the added cost and work that will now be involved. The key advantage of the H-1B program, he said, is the ability it gives companies to quickly hire people to fill available jobs.

"There are very few employers that are going to wait that period of time to be able to do that [under the restrictions] when they have to bring somebody on board right away," Kuck said. "You are effectively saying, 'You can't use the program.'"

The big question, according to Kuck, is whether companies receiving TARP funds will be able to bring in "the best person available to do the job." That's a separate issue, he said, from the low-level work that typically is going to outsourcing firms.

Computerworld is an InfoWorld affiliate

________________________________
WiMax and LTE supporters prepare for battle at MWC
February 13, 2009 at 3:36 pm
________________________________

Supporters of rival technologies WiMax and LTE (Long Term Evolution) will do their best to show momentum behind their respective technologies at Mobile World Congress.

The last week has seen a number of products announcements from the LTE camp, which will do its best to show that the development of the technology is moving forward at a rapid rate. Ericsson and Nokia Siemens, which last week unveiled a new base station, have announced new core network products ahead of the show.

The message from the vendors will be that they have equipment, especially radio base stations, ready for immediate trials and then deployment, according to Joao da Silva, senior research analyst at IDC.

Several of the operators that have voiced support for LTE will also be at the show in Barcelona, including Verizon Communications, China Mobile, and T-Mobile.

Operators from Asia and the U.S. can be expected to be more up front with their plans, compared to their counterparts in Western Europe, who have to be more cautions because most of them still don't have the frequencies needed for rolling out LTE, according to da Silva.

Visitors at the show can also expect a plethora of demos in the exhibition halls for prototype LTE chips and devices, according to Mark Newman, chief research officer at Informa Telecoms and Media.

While LTE is stewing, its proponents are also pushing faster versions of HSPA (High-Speed Packet Access) as an alternative to WiMax. On Wednesday, Ericsson, for example, announced support for HSPA at 42M bps in its network equipment.

But the mobile WiMax camp is also out on a mission to demonstrate that a lot of operators are choosing WiMax. Mobile World Congress is a good opportunity to show how the ecosystem is developing, and show on the ground what it has going today, according to Ashish Sharma, corporate vice president of market development at Alvarion.

'"We are bringing in customers to the Intel pavilion to give a talk; Digicel is going to be there from the Caribbean; WiMax Telecom from Austria is coming, and I heard that Comstar is coming from Russia," Sharma said.

It's currently the best and worst of times for WiMax, according to Mike Roberts, principal analyst at Informa Telecoms & Media.

It's the best of times because the technology has progressed quite a lot in the last year. "They've got equipment and devices certified to help with interoperability. There are also more devices to choose between, and we've got some major operators launch, such as Clearwire," said Roberts.

But when you look at the overall market picture; the worst of times is that the competition has made even more progress. HSPA has just boomed, and gone mass market, according to Roberts.

"In markets such as Western Europe it has effectively closed the door for WiMax," he said.

The WiMax camp will try to turn the tide at Mobile World Congress, but will struggle to do that, according to Roberts.

But there is still a future for the technology. "I think its going to be a sizeable niche. The bulk of the market is going to migrate to LTE, and WiMax will take a slice of the wireless broadband market," said Roberts.

________________________________
Update: Google opens Android store to paid apps
February 13, 2009 at 2:26 pm
________________________________

Developers of Android applications finally will be able to charge consumers for them, ending a few months of free Android downloads and potentially making Google's mobile platform more attractive to developers.

U.S. and U.K. developers can now go to the Android publisher Web site and upload their applications along with consumer pricing. Paid applications will go on sale in the U.S. starting in the middle of next week and in additional countries in the coming months, Google's Eric Chu wrote in a blog post Friday.

[ Related: Read all about Google Android in InfoWorld's special report ]

The Android Market launched in October  when the first phone based on the platform went on sale. But until now, it hasn't had any checkout or payment system, so application publishers have only been able to offer free software. Google had said it would start allowing sales early this year.

The post did not indicate how much the applications might cost, saying only that developers would be able to "upload their application(s) along with end-user pricing." Unlike on the App Store for Apple's iPhone, developers don't need to get their products approved by Google or by service providers. All they have to do is register for $25 and upload their apps.

The payment and billing tool for Android Market will be Google Checkout. That platform, launched in 2006, allows payment through major credit cards and lets users save their payment information on the site.

Later this quarter, developers in Germany, Austria, Netherlands, France, and Spain will be able to offer paid applications, and by the end of the quarter, additional countries will be announced, Chu wrote.

Also on Friday, Chu wrote that Android Market for free applications will become available to phone users in Australia beginning Sunday, Pacific time. Singapore users will get access in the coming weeks. The Android-based HTC Dream handset is set to launch on Monday in Australia and later in Singapore.

Developers are likely to take a wait-and-see attitude to selling Android applications, said analyst Greg Sterling of Sterling Market Intelligence. With the low price of a typical mobile application, developers may be drawn to the platform slowly as they watch the audience grow, he said.

"The sweet spot is really $1.99 or less. I think that's been pretty well-established by Apple," Sterling said.

Writing applications for the iPhone offers much more potential for volume today. There are more than 15,000 applications available from the App Store, and consumers have downloaded more than 500 million, according to Apple. There were 13.7 million iPhones sold in 70 countries last year. By contrast, the only Android phone available now is the T-Mobile G1, which is on sale in the U.S., the U.K., Germany, Austria, Poland, the Netherlands and the Czech Republic. There are more than 1,000 applications on the Android Market, and thousands of developers are writing for it, according to Google.

For Google Checkout, the Android Market could be a big opportunity, Sterling said. Originally seen as a potential rival to eBay's PayPal, Checkout hasn't grabbed much market share, he said.

"It never really materialized as a threat to PayPal," Sterling said.

As a Web-based service, Checkout is fairly straightforward, but it will be critical for Google to make it easy for Android phone users to start using it, he said. Apple signs up iPhone users for its iTunes store as part of the activation process for the handset.

"If (Google) blows this part of it, then developers will be upset, and (Android) will be a less successful platform overall," Sterling said.

This story was updated on February 13, 2009

________________________________
Woman sues Microsoft over XP downgrade charge
February 13, 2009 at 2:11 pm
________________________________

A woman has filed a class-action lawsuit against Microsoft over a $59.25 charge for downgrading her Windows Vista PC to XP.

In a suit filed in the U.S. District Court for the Western District of Washington in Seattle, Los Angeles resident Emma Alvarado is asking that Microsoft return the fee she paid for downgrading a Lenovo PC with the Windows Vista Business OS preinstalled to Windows XP Professional. Alvarado purchased the PC on June 20, 2008, according to the suit.

Alvarado also is inviting others who have paid fees to downgrade to XP to join the suit (PDF) and is requesting refunds for them as well.

Many customers who purchased PCs with Vista installed opted to downgrade to XP because they weren't happy with Vista's "numerous problems," according to Alvarado's suit.

"As a result, many consumers would prefer to purchase a new computer preinstalled with the Windows XP operating system or at least not preinstalled with the Vista operating system," according to the filing.

The suit goes on to accuse Microsoft of using its "market power to take advantage of consumer demand for the Windows XP operating system" by requiring people to buy Vista PCs and then charging them to downgrade to the OS they really want.

This action violates Washington state's Unfair Business Practices Act and the Consumer Protection Act, according to the suit.

Microsoft spokesman David Bowermaster said the company has not been served with the lawsuit, so it would be premature to comment about it.

When Microsoft released Vista to consumers on Jan. 30, 2007, it gave people the option to downgrade to XP if they weren't satisfied with the new OS.

As a result of overall dissatisfaction with Vista, Microsoft had to extend the amount of time it allowed original equipment manufacturers and custom system builders to sell PCs with XP preinstalled. The company also is facing a class-action suit in the same court over the "Windows Vista Capable" sticker program that let customers know a PC could run Windows Vista. Customers said they found the program misleading.

While the damages that could be awarded in the suit would likely not be a large sum for a multibillion-dollar company, the suit brings up a larger question of whether Microsoft will allow Windows 7 users to downgrade to XP.

Microsoft so far has not said publicly whether it will, and no one from the company was available for immediate comment Friday. Vista, being the OS released before Windows 7, would be the logical choice for a downgrade from Windows 7. However, given customers' dissatisfaction with Vista, Microsoft could offer an XP downgrade as well.

Al Gillen, an analyst with research firm IDC, said it would be a "very risky thing" for Microsoft to do to eliminate downgrade rights with Windows 7. He said it would alienate Microsoft's customer base to not continue giving customers an option if they're not happy with a new version of the Windows client.

________________________________
Bespin Web-based code editor effort launched
February 13, 2009 at 1:44 pm
________________________________

Mozilla Labs this week launched a preview of Bespin, a Web-based code editor intended to boost developer productivity, enable compelling user experiences and promote "open" standards.

Launched as a project within Mozilla's Developer Tools Lab, Bespin features an extensible framework for "Open Web" development, a concept in which applications are compatible with browsers based on open standards and do not require single-vendor plug-ins, according to Mozilla Labs developers Ben Galbraith and Dion Almaer.

[ Read an interview with Mozilla's Brendan Eich, creator of JavaScript. ]

Goals of Bespin include ease of use; real-time collaboration, including sharing live coding sessions; an integrated command line; extensibility in the interface; speed; and accessibility.

Based on JavaScript, Bespin is a code editing client based in a browser. It is intended to "to create an experience on the Web that is as rich as a desktop editor," said Galbraith, co-director of developer tools at Mozilla Labs, on Friday.

"The idea for Bespin is to sort of use later, newer Web technologies to try create a much better experience for code editing on the Web than we've seen before," Galbraith said. A lot of efforts to create Web-based code editors have resulted in editors with poor performance or poor user experiences, he said.

"We haven't seen anything yet on the Web that anyone would consider using for their day job," he said.

The focus of the preview release is speed along with support for large files. "To do this, we?ve used new HTML 5 technologies, specifically the Canvas tag," said Galbraith.

Bespin developers have envisioned cloud-based scenarios for the Bespin editor in which it would be easy to go to a Web site, type the name of an open source project, and then quickly be in that project. Developers could make changes and submit changes to the Web site.

"We don't enable the above scenario today, but it's an example of what is possible once we have a foundation of a great, high-quality Web-based code editor. So that is one of the things we're hoping to facilitate with the Bespin project," Galbraith said.

Although currently a preview, Bespin could turn into something more, he said. "Right now, we're just experimenting," Galbraith said. Mozilla is looking for developer feedback on Bespin.

An early prototype features such basic editing capabilities as syntax highlighting, large file sizes, undo/redo, previewing of files in the browser, and importing and exporting of projects.

Source code for Bespin is being released as open source under the Mozilla Public License.

________________________________
Indictments tell how H-1B visas were used to undercut wages
February 13, 2009 at 11:31 am
________________________________

Federal agents on Thursday said they arrested 11 people in several states in a crackdown on H-1B visa fraud and unsealed documents that detail how the visa process was used to undercut the salaries of U.S. workers.

Federal authorities allege that in some cases H-1B workers were paid the prevailing wages of low-cost regions and not necessarily the higher salaries paid in the location where they worked. By doing this, the companies were " displacing qualified American workers and violating prevailing wage laws," said federal authorities in a statement announcing the indictments.

[ InfoWorld's Bill Snyder argues  the H-1B visa has got to go, but doesn't support the proposal by Sen. Charles Grassley to lay off foreigners first. Meanwhile, the Senate approved strict rules on the hiring of H-1B workers. ]

Employers are required to pay H-1B workers prevailing wages, but those wage rates can vary significantly, by tens of thousands of dollars, depending on the region. How many U.S. workers may have been displaced was not detailed by federal authorities.

The arrests were carried out by federal, state and local agents working in Iowa, California, Massachusetts, Texas, Pennsylvania, Kentucky and New Jersey. The government's action "is the result of an extensive, ongoing investigation into suspected H-1B visa fraud, mail fraud and conspiracy," said Matthew Whitaker, the U.S. attorney for the Southern District of Iowa, in a statement. The investigation was dubbed Operation Pacific Vision.

The H-1B workers were also victims, according to the federal indictments. Some were hired for jobs that didn't exist . One worker from Pakistan, for instance, who arrived in the U.S. for a programming job, ended up with a job pumping gas.

The Iowa-focus and connections raised in the indictments are notable in one regard. It's the home state of the U.S. Senate 's leading critic of the H-1B program, Republican Chuck Grassley , who released in October a study on visa fraud by the U.S. Immigration and Citizenship Service (USCIS) that found that one-in-five H-1B applications were either fraudulent or had violated a law or regulation in some other way.

The company that seemed to get the most attention from federal authorities is Vision Systems Group, which authorities said had its principal places of business in Somerset and South Plainfield, N.J., and an office in Coon Rapids, Iowa. The company was cited in a 10-count indictment. Calls to the company seeking comment were not returned by press time.

The indictment, in part, alleges that Vision submitted a Labor Condition Application, where employers detail prevailing wage data, for a location in Iowa "rather than the prevailing wage where the worker would actually be employed."

The indictment does not say where the H-1B employee would be employed, but from a prevailing wage perspective, location is important.

For instance, using data from the Foreign Labor Certification Data Center Online Wage Library , the prevailing wage of a computer programmer in Des Moines, for instance, ranges from $42,800 a year for a beginner to more than $71,000 a year. But in the Newark, N.J., area, a computer programmer's pay would range from $55,000 to $108,100, according to the wage calculator.

Michael Aytes, acting director of the U.S. Citizenship and Immigration Services (USCIS), said the action "is a prime example of how the Department of Homeland Security identifies fraud."

"Our adjudication officers can spot inconsistencies during the application process that ultimately lead to the successful outcome we're seeing today," said Aytes, in a statement. "Visa fraud undermines the integrity of the immigration system and I'm proud that our officers have helped to ensure that the American people and our customers can continue to depend on a reliable system."

The government arrested on conspiracy and mail fraud, Shiva Neeli in Boston, Ramakrishna Maguluri in Atlanta, Villiappan Subbaiah in Dallas, Suresh Pola, in Pennsylvania, Karambir Yadav in Louisville, Ky., Amit Justa and Venkata Guduru, both in New Jersey, and Vijay Myneni in San Jose.

Charged with conspiracy, mail fraud and wire fraud, was Vishnu Reddy, in Los Angeles, and Chockalingam Palaniappan in San Jose, who operated a company named Pacific West Corporation in Santa Clara, Calif.

Praveen Andapally in New Jersey, was charged with conspiracy, mail and wire fraud, and making a false statement in an immigration matter.

The government can charge mail and wire fraud if it believes the mail was used to send a false statement in support of a visa application.

Computerworld is an InfoWorld affiliate.

________________________________
Reports: Windows 7 out before Christmas
February 13, 2009 at 10:42 am
________________________________

With Windows 7 Beta getting positive reviews, more rumors are emerging that Microsoft's new operating system will be available before Christmas. But Microsoft is still refusing to admit that Windows 7 will be ready by the end of this year and insists on the January 2010 release date.

Windows 7 will be available at retail by Christmas this year -- say both The Inquirer and CNet News, according to different sources. The Inquirer quotes Microsoft techie Mark Russinovich, who said in a webcast that Windows 7 "will be sent for manufacture three years after Vista did the same, which was in October 2006."


On the other hand, CNet's Ina Fried quotes "PC industry sources in Asia and the U.S" saying that "they have heard things are on track to launch by this year's holiday shopping season." CNet also says that Microsoft is prepping a program to offer Vista users an inexpensive alternative to updating to Windows 7.

My colleague over at ComputerWorld, Preston Gralla, also uncovered evidence in early January that Windows 7 will ship this year. Based on a leaked internal Microsoft memo regarding the Windows 7 upgrade program, Preston is "assuming that within two or three months of the July 1 date (upgrade program launch), Windows 7 will ship."

According to the leaked Microsoft memo, the Windows 7 Upgrade Program lets PC makers give free upgrades to Windows 7 for customers that purchase Vista computers starting July 1. The free or cheap update would be basically the

equivalent version of Vista to Windows 7. As previously reported, the versions in which Windows 7 will come are highly similar to Vista's.

Microsoft reiterated several times that Windows 7 might not be ready in time for this year's holiday season, sticking to their originally planned launch date in early 2010. However, if indeed Microsoft will give users who buy a new computer with Windows Vista a free/cheap copy of Windows 7 when the new OS becomes available, the launch date of W7 shouldn't be too far away.

PC World is an InfoWorld affiliate.

________________________________
Will Microsoft let Windows 7 users downgrade to XP?
February 13, 2009 at 8:09 am
________________________________

Downgrade rights for Windows 7 will be "hugely important," an analyst said Thursday, but he's not optimistic that Microsoft will let users continue to install Windows XP on new machines.

Microsoft has yet to reveal its plans for "downgrades" from Windows 7, the in-development successor to Vista , noted Michael Silver , an analyst with Gartner. But the issue is just as important for Windows 7 as it has been for Vista.

[ Randall Kennedy recently called Microsoft's Windows 7 upgrade strategy disrespectful to IT | Peter Bruzzese, meanwhile, says Microsoft's strategy is the correct one | Test Center: Windows 7 benchmarks unmasked | Special report: Early looks at Windows 7. ]

"Downgrade rights are hugely important for Windows 7," said Silver. "Will Microsoft offer downgrades [from Windows 7] to XP? They've not answered that question yet. But it's really important."

Microsoft confirmed that it's not ready to spell out downgrades for the new OS. "Final decisions are still being made on details like end-user downgrade rights outlined in the applicable product license terms," a company spokeswoman said in an e-mail.

In Microsoft parlance, "downgrade" describes the Windows licensing rights that let users of newer versions replace it with an older edition without having to pay for another license. In effect, the license for the newer Windows is transferred to the older edition.

When Microsoft launched Vista in early 2007, it spelled out limited downgrade rights to the older Windows XP. Only buyers of PCs with pre-installed editions of Vista Business and Vista Ultimate could downgrade, and then only to Windows XP Professional. That path, however, became extremely popular as users balked at migrating to Vista, and instead bought new computers, then downgraded to XP Professional themselves or ordered systems that had been downgraded to XP at the factory.

Microsoft has recognized the continued popularity of XP in the Vista years. In the last three months of 2008, for example, it extended the availability of XP to both small and large computer makers, pushing out cut-off dates to the end of May and July 2009, respectively.

However, Silver is not optimistic that Microsoft will continue the practice and allow customers with Windows 7 licenses to transfer them to XP. "We're extremely confident that Microsoft will offer free downgrade rights [from Windows 7] to Vista," said Silver. "But will Microsoft do the right thing for customers and give them downgrade rights to XP, or will it try to get some additional revenue out of the situation? At this point, it's hard to tell."

Saying he's somewhat "on the fence" about whether Microsoft would, in fact, offer downgrades from Windows 7 to XP, he quickly added, "I think that there's a slightly better chance that they won't."

The problem facing businesses still running Windows XP, said Silver, is that without downgrade rights they would be forced to make a very tough choice when Windows 7 debuts, and presumably sweeps Vista from new PCs.

"For companies running XP that don't have Software Assurance, no downgrade rights means they will have to get machines pre-installed with Vista," he said, describing the first 12 to 18 months after Windows 7's launch. That's when business typically swear off a new operating system as they test it and their applications, or simply wait out the inevitable bugs that pop up early in an OS's life.

"For the first year or so of Windows 7, organizations using XP will either have to buy Software Assurance or pay for a [Windows 7] upgrade later for those Vista machines," said Silver.

Microsoft's Software Assurance, a type of "buyer protection" program that gives companies rights to all upgrades for a specified period in exchange for annual payments, also allows corporate administrators to freely downgrade any edition of Windows.

Silver's doubt about Microsoft's plans for Windows 7 downgrade rights stems in part from hints by the company about sticking to a Vista-only policy. "If it offers only downgrades to Vista, Microsoft will try to say that it's policy [to limit downgrades] only to the last version," he said. "But that's not true. With XP, they gave downgrades to [Windows] 2000 and [Windows] NT 4.0 and [Windows] 98. In other words, there is precedent for downgrades to more than just one version."

Although Microsoft has revealed some details about Windows 7, including the multiple versions it expects to distribute, it continues to keep other information secret, including the prices it will charge for the new OS and the eventual ship date.

As of earlier today, Microsoft has halted all downloads of Windows 7 beta, the only preview it's offered to the general public. Steven Sinofsky, the senior vice president in charge of the Windows engineering group, however, has said that the company will move directly to a release candidate , and skip the usual multiple betas.

Computerworld is an InfoWorld affiliate.

________________________________
Report: China Unicom to hold iPhone talks with Apple
February 13, 2009 at 7:31 am
________________________________

China United Telecommunications (China Unicom) is reportedly sending top executives to meet with Apple in the U.S. next month as rumors that the operator plans to bring the iPhone to China gain steam.

China Unicom executives are going to the U.S. to negotiate with Apple over the introduction of the iPhone , and are likely to set a release date, according to a report (in Chinese) carried by Sina.com, citing "knowledgeable sources."


China Unicom plans to launch WCDMA (Wideband Code Divison Multiple Access) 3G services in May.

In recent months, Apple had been rumored to be holding talks with China Mobile, the country's largest mobile operator, about selling the iPhone in China. But those talks were always a long shot due to technological and business reasons, and lately rumors have been circulating that China Unicom is talking to Apple about selling the iPhone.

The 3G iPhone supports WCDMA, which is widely used in Asia, North America and Europe. However, China Mobile was granted a license to offer 3G services using TD-SCDMA (Time Division Synchronous CDMA), a different 3G technology that was developed in China and is significantly less mature from a development standpoint.

Even before Chinese regulators made the news official last month, China Mobile was long been expected to receive a license for TD-SCDMA, not WCDMA. For China Mobile to offer the 3G iPhone, Apple would be required to redesign the handset using new components that would need to be sourced from different suppliers. These changes would greatly increase the cost to Apple and likely result in higher prices for end users.

One of the main sticking points between Apple and China Mobile was the Apple Store, which the company uses to sell and distribute third-party applications, Sina reported. This was a sales channel that China Mobile, which has its own plans for an application store. did not want to yield to Apple's control.

For this reason, a deal to bring the iPhone to China will likely involve significant concessions from China Unicom to meet Apple's requirements, the report said.

________________________________
With global effort, a new type of worm is slowed
February 13, 2009 at 7:17 am
________________________________

There have been big computer worm outbreaks before, but nothing quite like Conficker .

First spotted in November, the worm had soon infected more computers than any worm in recent years. By some estimates it is now installed on more than 10 million PCs. But ever since its first appearance, it has been strangely quiet. Conficker infects PCs and spreads around networks, but it doesn't do anything else. It could be used to launch a massive cyberattack, crippling virtually any server on the Internet, or it could be leased out to spammers in order to pump out billions upon billions of spam messages. Instead, it sits there, a massive engine of destruction waiting for someone to turn the key.

[ Related: "Microsoft puts $250,000 bounty on Conficker worm" | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Until recently, many security researchers simply didn't know what the Conficker network was waiting for. On Thursday, however, an international coalition revealed that they had taken unprecedented steps to keep the worm separate from the command-and-control servers that could control it. The group is comprised of security researchers, technology companies, domain name registrars who have joined forces with the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the Internet's Domain Name System.

Researchers had taken apart Conficker's code and discovered that it uses a tricky new technique to phone home for new instructions. Each day, the worm generates a fresh list of about 250 random domain names such as aklkanpbq.info. It then checks those domains for new instructions, verifying their cryptographic signature to ensure that they were created by Conficker's author.

When Conficker's code was first cracked, security experts snatched up some of these randomly generated domains, creating what are known as sinkhole servers to receive data from hacked machines and observe how the worm worked. But as the infection became more widespread, they began registering all of the domains -- close to 2,000 per week -- taking them out of circulation before criminals had a chance to tell their infected computers what to do. If ever the bad guys tried to register one of these command-and-control domains, they would have found that they'd already been taken, by a fictional group calling itself the "Conficker Cabal." Its address? 1 Microsoft Way, Redmond Washington.

This is a new kind of cat-and-mouse game for researchers, but it has been tested a few times over the past few months. In November, for example, another group used the technique to take control of domains used by one of the world's largest botnet networks, known as Srizbi , cutting it off from its command-and-control servers.

With thousands of domains, however, this tactic can become time-consuming and expensive. So with Conficker, the group has identified and locked up names using a new technique, called domain pre-registration and lock.

By dividing up the work of identifying and locking out Conficker's domains, the group has only kept the worm in check, not dealt it a fatal blow, said Andre DiMino, co-founder of The Shadowserver Foundation, a cybercrime watchdog group. "This is really the first key effort at this level that has the potential to make a substantial difference," he said. "We'd like to think we've had some effect in crippling it."

This is uncharted territory for ICANN, the group responsible for managing the Internet's address system. In the past, ICANN has been criticized for being slow to use its power to revoke accreditation from domain name registrars who have been widely used by criminals. But this time it's getting praise for relaxing rules that made it hard to lock down domains and for bringing together the group's participants.

"In this specific case they greased the wheels so that things would move quickly," said David Ulevitch, founder of OpenDNS. "I think they should be commended for that. ... It's one of the first times that ICANN has really done something positive."

The fact that such a diverse group of organizations are all working together is remarkable, said Rick Wesson, CEO of network security consultancy Support Intelligence. "That China and America cooperated to defeat a malicious activity on a global scale... that's serious. That's never happened," he said.

ICANN did not return calls seeking comment for this story and many of the participants in the Conficker effort, including Microsoft, Verisign, and the China Internet Network Information Center (CNNIC) declined to be interviewed for this article.

Privately, some participants say that they do not want to draw attention to their individual efforts to combat what may well be an organized cybercrime group. Other say that because the effort is so new, it is still premature to discuss tactics.

Whatever the full story, the stakes are clearly high. Conficker has already been spotted on government and military networks and has been particularly virulent within corporate networks. One slip-up, and Conficker's creators could reprogram their network, giving the computers a new algorithm that would have to be cracked and giving them an opportunity to use these computers for nefarious purposes. "We have to be 100 percent accurate," Wesson said. "And the battle is a daily battle."

(Sumner Lemon in Singapore contributed to this report.)



________________________________
Apple issues massive security update for Mac OS X
February 13, 2009 at 6:53 am
________________________________

Apple today issued multiple updates for Mac OS X and Java that patched 55 bugs, including one for its Safari Web browser that prompted a security researcher to blast the company for a half-hearted approach to security.

The updates were the largest released by Apple in nearly a year.

[ Discover the key Mac and Apple tech trends for business users. Read InfoWorld's Enterprise Mac blog and newsletter. ]

The year's first bug updates from Apple patched 48 security vulnerabilities in the company's operating system and its components, four in Apple's implementation of Sun Microsystems' Java, two non-security flaws it admitted it had introduced with faulty code in Mac OS X 10.5.6, and one fix it said was a "proactive security measure." The majority of the bugs -- 32 altogether -- were in open-source components or software not originally crafted by Apple, as in the case of the quartet of Java flaws.

But the Safari vulnerability may be the one most people remember.

According to Brian Masterbrook, one of the three researchers Apple credited with reporting the Safari bug, Apple had information about the flaw more than seven months ago. "After six months passed without a fix, I decided to post a warning on January 11, 2009, due to my judgment that this issue could be exploited at any time as long as it remained unfixed," Masterbrook said in an entry to his blog Thursday , after Apple had delivered its updates. Masterbrook had posted some information about the bug, as well as a workaround to temporarily disable the RSS feed feature in the browser, in a Jan. 11 warning .

The RSS vulnerability -- present in both the Mac and Windows versions of the browser -- could be used to introduce attack code from a malicious Web site. All criminals had to do, said Masterbrook, was dupe users into visiting such a site. Attacks based on tempting users to a rogue site are commonplace on the Internet, although the vast majority of them are aimed at Windows users.

"This vulnerability...does not require intricate knowledge of the processor or operating system to exploit," Masterbrook said today. "I discovered it accidentally, which indicates that this issue could also be discovered by others. These two factors should have indicated to Apple that this vulnerability carried a high risk."

He took Apple to task for the way it handles reports of security vulnerabilities, and patches its software. "It took seven months for Apple to patch this latest vulnerability in Safari, despite numerous opportunities for it to be addressed in updates that were already scheduled," he said. "OS X users are at this point in the unenviable situation of hoping that Apple starts taking these issues more seriously before phishing exploits, drive-by malware, and viruses become widespread on the platform."

Apple addressed the Safari flaw in both the Security Update 2009-001 for Mac OS X , and in a separate update for Windows users that bumped up the browser to Version 3.2.2. While recent data puts Safari's overall browser usage share at 8.3 percent, the Windows edition accounted for a scant 0.3 percent last month, about a quarter the share of Google's Chrome .

The company last patched Safari in November 2008, when it updated the browser twice in less than two weeks to plug more than a dozen holes.

Other parts of Mac OS X that Apple patched today ranged from the Pixlet codec -- which contained a bug that could be triggered by a malformed movie file -- and the Folder Manager to the printing module and Remote Apple Events, which could be exploited to steal information.

The separate Java updates -- one aimed at Mac OS X 10.4, a.k.a. Tiger, the other targeting Mac OS X 10.5, or Leopard -- fixed four vulnerabilities for each version of Apple's operating system, and brought the software up to par with patches Sun released two months ago .

Apple last patched its operating system in mid-December 2008, when it fixed 21 flaws . Today's patch tally was more than double that, and considerably higher than other large security updates the company issued last year, including a 40-bug release in October . In fact, today's update was the largest by Apple since a 90-fix update in March 2008.

Security Update 2009-001 and the Java updates can be downloaded manually from the Apple site or installed using Mac OS X's built-in patch service. Safari 3.2.2 for Windows can be downloaded from the Apple site.

Computerworld is an InfoWorld affiliate.

________________________________
You don't know tech: The InfoWorld news quiz
February 13, 2009 at 6:00 am
________________________________

The week of Friday the 13th proved an unlucky one for small Web startups and a Michigan congressman who's just a bit too enamored of Twitter. On the other hand, Amazon trotted out a new Kindle, Google unveiled yet more free services, Yahoo came up with a plan for making money, and 26 lucky people won awards just for tweeting. Maybe you'll have good luck too on our quiz. Each correct answer is worth 10 points. Now cross your fingers, toss some salt over your left shoulder, spin around three times in a clockwise direction, and begin.

1. Michigan Congressman Peter Hoekstra's Twittering got him in a bit of hot water last week. What did he tweet that should have stayed untweeted?

a. Notes from a closed-door session with President Obama
b. Details of a foreign intelligence briefing
c. A hush-hush fact-finding mission to Iraq
d. 25 random things nobody else wanted to know about him

Take the InfoWorld news quiz