The Conficker worm (also known as Downadup.AD) appeared last October targeting (surprise! surprise!) Microsoft Windows vulnerabilities common to 2000, XP, Vista, et al.

It has contaminated more than 9 million PCs worldwide, hitting 1.1 million on a single day last January. Conficker has shut down the operations of the French Air Force, 24 RAF air bases, and 75% of the Royal Navy, and infected hundreds of computers serving Germany’s Bundeswehr and Defense Ministry.

New York Times:

The program grabbed global attention when it began spreading late last year and quickly infected millions of computers with software code that is intended to lash together the infected machines it controls into a powerful computer known as a botnet.

Since then, the program’s author has repeatedly updated its software in a cat-and-mouse game being fought with an informal international alliance of computer security firms and a network governance group known as the Internet Corporation for Assigned Names and Numbers. Members refer to the alliance as the Conficker Cabal. …

An examination of the program reveals that the zombie computers are programmed to try to contact a control system for instructions on April 1. There has been a range of speculation about the nature of the threat posed by the botnet, from a wake-up call to a devastating attack.

Researchers who have been painstakingly disassembling the Conficker code have not been able to determine where the author, or authors, is located, or whether the program is being maintained by one person or a group of hackers. The growing suspicion is that Conficker will ultimately be a computing-for-hire scheme. Researchers expect it will imitate the hottest fad in the computer industry, called cloud computing, in which companies like Amazon, Microsoft and Sun Microsystems sell computing as a service over the Internet. …

Several people who have analyzed various versions of the program said Conficker’s authors were obviously monitoring the efforts to restrict the malicious program and had repeatedly demonstrated that their skills were at the leading edge of computer technology.

For example, the Conficker worm already had been through several versions when the alliance of computer security experts seized control of 250 Internet domain names the system was planning to use to forward instructions to millions of infected computers.

Shortly thereafter, in the first week of March, the fourth known version of the program, Conficker C, expanded the number of the sites it could use to 50,000. That step made it virtually impossible to stop the Conficker authors from communicating with their botnet. …

A report scheduled to be released Thursday by SRI International, a nonprofit research institute in Menlo Park, Calif., says that Conficker C constitutes a major rewrite of the software. Not only does it make it far more difficult to block communication with the program, but it gives the program added powers to disable many commercial antivirus programs as well as Microsoft’s security update features.

“Perhaps the most obvious frightening aspect of Conficker C is its clear potential to do harm,” said Phillip Porras, a research director at SRI International and one of the authors of the report. “Perhaps in the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft.”

“In the worst case,” Mr. Porras said, “Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt not just countries, but the Internet itself.”

The researchers, noting that the Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an M.I.T. computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Dr. Rivest’s group to correct a flaw, the Conficker authors revised their program to add the correction.

Although there have been clues that the Conficker authors may be located in Eastern Europe, evidence has not been conclusive.

Information Week links this removal tool.

Alarmingly, TrendMicro’s virus encyclopedia entry is “temporarily unavailable.”

Cracked serves up recipes and videos explaining how to construct your own Tesla Coil, Laser, RailGun, ExoSuit, and/or Jet Pack at home.

Why, with any one of which an enterprizing fellow could… dare I say it? Rule the world. (Maniacal laugh)

Hat tip to Conservative Grapevine.

Freddie advises that buying a Mac doesn’t really prove you’re cool. (Steve Jobs must really hate this one.)

[A]ll of these greater philosophical underpinnings that people attach to PC vs. Mac are just self-aggrandizing nonsense. Buying the computer from company A doesn’t, as a matter of fact, say anything about you, just like buying a computer from company B doesn’t say anything about your counterparts. As I have said many, many times, there are good things about Apples and good things about PCs. If it makes sense to you to buy an Apple, go with god. And many Apple owners do just that, buy a product, use it and enjoy it. I’ve considered getting an Apple laptop in the past and may in the future. But it amazes me, absolutely amazes me, the number of Apple owners who lack the clarity or self-awareness to realize that purchasing a commodity from a enormous, soulless corporation that is also owned by several million other people doesn’t make you a unique and beautiful snowflake. Apple has a better PR campaign, better advertising and a more gullible, credulous customer base. That’s it. It’s got nothing to do with individuality or noncomformity. I know many people are probably saying that this is a completely banal thing to say but I am consistently astounded by otherwise smart people who will tell you different.

Hat tip to Andrew Sullivan.

Armand de Borchgrave, in the Washington Times, shares some impressive figures from a recent Cyber Security conference.

Cyberwarfare is waged on a massive scale the world over. Ostensibly friendly nations zap each other’s electronic nerve cells frequently, and with reckless abandon. On a single day in 2008, the Pentagon was hit by would-be intruders 6 million times in 24-hour period. Before Sept. 11, 2001, the highest annual figure for cyber attacks against the Pentagon was 250,000.

Speaking not for attribution at a think tank meeting, a Pentagon “cyber warrior,” said it felt “like a perpetual hailstorm pelting an imaginary glass envelope around the Defense Department, but there is still no way of telling whether these were attempted intrusions by teenagers testing their hacking skills or the electronic warfare departments of China and Russia, that we know are constantly flexing their electronic muscles.”…

he Pentagon cybernaut did not disclose how many, if any, of the 6 million attempted intrusions were successful. Another Pentagon insider, speaking privately, said “an important internal e-mail system was taken down for two days.”

Speaking at the same think tank meeting, the chief security officer of a major New York-based financial house said they had been attacked 1 million times in a 24-hour period.

If you wanted to buy a pre-1921 edition of the Royal Geographic Society’s Hints to Travellers Scientific and General, I’m afraid you’d be completely out of luck today. Only a single copy of the 1921 10th edition is on offer at the present time at all. though you can buy it at three different prices, depending on the book search venue chosen: $57.66 (Bibliophile) or $63.70 (Choose) or $72.94 (Amazon UK).

Or you can read it on your PC, right here, for free.

The Archive.org stream isn’t as fast over satellite modem as one would like, but it is surprisingly readable and the user interface is simple and intuitive.

———————————–

Hat tip to John Murrell via Karen L. Myers.

When the multi-talented Charles Johnson and Roger Simon announced the successful first round of financing for an advertising coalition of bloggers, originally known as “Open Source Media” back in November of 2005, there was a veritable explosion of negative emotion on the Blogosphere.

Several notorious contrarians deplored what they perceived as “fencing in the open range.” The institutionalization and amalgamation of blogging under a commercial entity, they argued, would stifle creativity and surrender the freedom of individual self expression to crass commercialism.

Others, like Dennis the Peasant (who claimed he had collaborated with Roger Simon in coming up with the big idea, and been later jilted) were pea green with envy, as visions of bloggers a few years down the road cashing in PJM stock worth untold millions and tooling down the highways in shiny new Ferraris danced through everyone’s head.

One particularly hostile blogger set up a PJM Death Pool, gleefully predicting the imminent breakup and demise of the new project, and inviting critics to place their bets and pick a date. The Death Pool’s last posting occurred in May of 2006, and the betting pool raised a whopping $18.

After all of 2005-2006’s storm and fury, it was a bit disappointing to learn last night that Roger Simon had announced the dissolution of the PJM advertising network and the termination of payments to member bloggers as of April 1, 2009. Simon stated that the proprietors intend to re-direct the PJM project toward television programming production.

Pity. The recession obviously was the final nail in PJM’s coffin, but it seems clear in retrospect that blog readership didn’t really continue growing rapidly to the sky, blogging didn’t actually replace print and electronic journalism, and nobody has succeeded in developing a terribly lucrative advertising model for blog sites.

All PJM seems to have achieved, in retrospect was to divert the talents and energies of Charles Johnson, and some of his very talented editors, away from blogging to the pursuit of a chimera. But, who knows? perhaps the lessons learned in this first experiment in a blogging business model will, in the end, make possible the development of the ship which actually sails.

The editor of Never Yet Melted extends his condolences on the unhappy result of so much effort, and best wishes for future prosperity and success (new red ferraris for all!), to the management, editors, and individual PJM bloggers.

Business Week’s Steve Hamm says the problem is greedy investors’ short term thinking and aversion to risk, and those stingy VCs should start funding “bold new directions” while waiting for Uncle Obama to open up the federal tap.

Hamm’s article lit the fuse of Michael S. Malone at Live from Silicon Valley.

Since Steve Hamm and Business Week aren’t willing to give you anything but their own big government/big business solutions to the perceived crisis, let me give you the real story – and real solutions – from somebody who has been on the ground here in Silicon Valley for 45 years:

Yes, Silicon Valley – and by extension, the U.S. high technology industry, is in something of a crisis right now. Part of it is the fact that, as the largest manufacturing sector in the US economy, electronics is not immune to the larger financial crisis currently impacting the world.

But there a lot of other problems as well. For one thing, the venture capital industry is in real trouble – not because of a lack of courage, but because government interference – most notably, Sarbanes-Oxley – has proven almost fatal to the new company creation process. With almost no potential for a big pay-out on the back end (because companies don’t ‘go public’ any more), VC’s are having to be much tighter on the front end. That’s good business, not gutlessness.

As for the entrepreneurs themselves, to charge them with a lack of courage or character is truly insulting. Instead of hob-nobbing with senior executives, Steve should have called me. I would have taken him to the little Peet’s Coffee shop in nearby Cupertino where I get my lattes twice per day. There, I would have shown him that on any given day you can see at least two entrepreneurial teams – a half-dozen guys huddled over a single laptop editing spreadsheets – almost always different, and all dreaming of starting the Next Big Company. There are hundreds of these start-up teams all over the Valley right now – indeed, I think there is more entrepreneurial fervor going on right now than just about any other time in Valley history.

Are these folks thinking small? Are they short on courage? No, what they are is pragmatic. That’s the essence of being an entrepreneur. They know what the business landscape is out there, and they are adjusting their plans to succeed in that new reality.

No, the problem is not that entrepreneurs and investors in Silicon Valley and the rest of high tech aren’t thinking big, it’s that they aren’t being allowed to. If Business Week would just take off its ideological blinders, it would realize that if Washington really wanted to help a sick Silicon Valley, it would get out of the way, and strip away all of those worthless regulations that are inhibiting the imagination and the creativity of this town.

Lifehacker reports that underestimated volume turned the Windows 7 Beta trial into another Mac advertisement.

You’d think that getting soundly beaten by Google and Yahoo over and over in the online space would mean that Microsoft would take the web a little more seriously. You’d be wrong.

Case in point: Today’s epic failure around the distribution of the Windows 7 public beta download. This morning Microsoft’s web servers fell to their knees under the pressure of constant web page refreshes by enthusiasts who want to volunteer their time to test Windows 7 after Steve Ballmer’s announcement the download would be available at noon today. (Since noon today, the download was there, then pulled, and back up again only if you know the direct links, and the promised product keys still aren’t available. There’s “no ETA” when they will be.)

Is it fantastic that Microsoft is offering this freebie preview? Yes. Is it shameful that they’d be so woefully unprepared for the demand it would draw? That also would be a YES.

The Onion reports Apple’s latest revolutionary user interface design breakthrough: the no keyboard laptop.

2:37 video

Israeli Intelligence mouthpiece DEBKAfile succeeded in restoring service today after a period of outage.

DEBKAfile’s two sites in English and Hebrew came under a massive cyber attack on our servers at the moment Israeli ground forces crossed into the Gaza Strip Saturday night, Jan. 3. The attackers tried and failed to block and replace our content. We did our utmost to restore service as quickly as possible and return to full operation.

DEBKAfile wasn’t the first site hit.

Computerworld reports earlier activity aimed at Israeli business and web domains:

The conflict raging in Gaza between Israel and Palestine has spilled over to the Internet.

Since Saturday (12/27), thousands of Web pages have been defaced by hacking groups operating out of Morocco, Lebanon, Turkey and Iran, said Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.

The defacements have primarily affected small businesses and vanity Web pages hosted on Israel’s .il Internet domain space. One such site was that of Israel’s Galoz Electronics Ltd. On Wednesday, the hacked Web site read “RitualistaS GrouP Hacked your System! ! ! The world isn’t insurance! ! ! For a better world.”

Other attackers have placed more incendiary messages condemning the U.S. and Israel and adding graphic photographs of the violence. Warner said he has seen no evidence that any Israeli government site has been hit by these attacks, although they have been targeted.

Bloomberg reports that, while other businesses find sales plummeting, cybersecurity is booming.

Lockheed Martin Corp. and Boeing Co., the world’s biggest defense companies, are deploying forces and resources to a new battlefield: cyberspace.

The military contractors, eager to capture a share of a market that may reach $11 billion in 2013, have formed new business units to tap increased spending to protect U.S. government computers from attack.

Chicago-based Boeing set up its Cyber Solutions division in August “because of a realization by the company that it’s a very serious threat,” Barbara Fast, vice president of the unit, said in an interview. “It’s not a question of if we’ll be attacked but when and so how will we be prepared.” Lockheed launched its cyber-defense operation in October.

President George W. Bush announced a national cybersecurity plan in January to be supervised by the Department of Homeland Security, after an increasing number of attacks on U.S. government and private sector networks by groups linked to foreign governments, organized crime gangs and hackers. In a Dec. 8 report, a panel of experts said President-elect Barack Obama should create a White House office to oversee the effort.

“The whole area of cyber is probably one of the faster-growing areas” of the U.S. budget, Linda Gooden, executive vice president of Lockheed’s Information Systems & Global Services unit, said in an interview. “It’s something that we’re very focused on. I expect there will be a significant focus” under Obama.

The number of security breaches of U.S. and private-computer networks reported to the Computer Emergency Readiness Team of the Homeland Security Department almost doubled to 72,000 in the fiscal year ended in October from about 37,000 the previous year, agency spokeswoman Amy Kudwa said in an interview.

U.S. government spending to secure military, intelligence and other agency computer networks is forecast to rise 44 percent to $10.7 billion in 2013 from $7.4 billion this year, according to a report by market forecaster Input.

Security-system spending will grow 7 percent to 8 percent annually, “significantly faster” than information-technology, which has increased about 4 percent a year in the past five years, said John Slye, an analyst at the Reston, Virginia, company.

Michael S. Malone explains in the Wall Street Journal why the 1990s boom in the creation of new technology corporations never came back. The news is not all bad, of course. The Accounting business has been booming like never before.

From the beginning of this decade, the process of new company creation has been under assault by legislators and regulators. They treat it as if it is a natural phenomenon that can be manipulated and exploited, rather than the fragile creation of several generations of hard work, risk-taking and inventiveness. In the name of “fairness,” preventing future Enrons, and increased oversight, Congress, the SEC and the Financial Accounting Standards Board (FASB) have piled burdens onto the economy that put entrepreneurship at risk.

The new laws and regulations have neither prevented frauds nor instituted fairness. But they have managed to kill the creation of new public companies in the U.S., cripple the venture capital business, and damage entrepreneurship. According to the National Venture Capital Association, in all of 2008 there have been just six companies that have gone public. Compare that with 269 IPOs in 1999, 272 in 1996, and 365 in 1986.

Faced with crushing reporting costs if they go public, new companies are instead selling themselves to big, existing corporations. For the last four years it has seemed that every new business plan in Silicon Valley has ended with the statement “And then we sell to Google.” The venture capital industry is now underwater, paying out less than it is taking in. Small potential shareholders are denied access to future gains. Power is being ever more centralized in big, established companies.

For all of this, we can first thank Sarbanes-Oxley. Cooked up in the wake of accounting scandals earlier this decade, it has essentially killed the creation of new public companies in America, hamstrung the NYSE and Nasdaq (while making the London Stock Exchange rich), and cost U.S. industry more than $200 billion by some estimates.

Meanwhile, FASB has fiddled with the accounting rules so much that, as one of America’s most dynamic business executives, T.J. Rodgers of Cypress Semiconductor, recently blogged: “My financial statements are a mystery, even to me.” FASB’s “mark-to-market” accounting rules helped drive AIG and Bear Stearns into bankruptcy, even though they were cash-positive.

But FASB’s biggest crime against the economy and the American people came when it decided to measure the impossible: options expensing. Given that most stock options in new start-up companies are never worth anything, this would seem a fool’s errand. But FASB went ahead — thereby drying up options as an incentive for people to take the risk of joining a young company and guaranteeing that the legendary millionaire secretaries would never be seen again.

Not to be outdone, the SEC has, through the minefield of “full disclosure” requirements and other regulations, made sure that corporate directors would never again have financial privacy and would be personally culpable for malfeasance anywhere in the company. This has led to a mass exodus of talented people from boards of directors in places like Silicon Valley. Full disclosure was supposed to make boards more responsible. Instead, it has made them less competent.

Read the whole thing.