3G means more porn, China laments amid cleanup

China called for a cleanup of mobile porn Web sites on Wednesday, blaming their rise on high-speed mobile data services, deployment of which has otherwise been a point of pride for the country. This year the country has also closed thousands of Web sites and arrested dozens in a campaign against online pornography that is increasingly shifting focus to mobile Web sites. "Lawless people have begun using the full commercial deployment of 3G and its faster download speeds for pictures and videos... to spread obscene and pornographic content," Su Jinsheng, an engineer in China's IT ministry, said in a speech, according to a transcript on the ministry Web site. China issued 3G (third generation) mobile network licenses to its three mobile carriers early this year, and the number of 3G users in China has slowly climbed since then.

A cleanup is needed to "protect the healthy growth of the next generation and purify the social environment," he said. But owners of mobile porn Web sites have been able to evade authorities through technical tactics such as frequently switching domain names and IP (Internet Protocol) addresses, Su said. China sees its long-delayed rollout of 3G services as a step toward its goal of becoming a global technology power. Counter-tactics being used by authorities include a blacklist to prevent pornographic Web sites from reappearing online and the design of content-filtering technology to help network operators themselves block obscene content, he said, giving a rare official glimpse into how Chinese regulators control information on the Internet. Earlier this year Google had a row with Chinese authorities over pornographic search results that ultimately led to Google.com and other Google services being briefly blocked in the country.

Pornography is illegal in China and authorities have long seen it as a scourge on the country's culture.

World of Warcraft players targeted by 'free mounts' phishing scheme

The popular online game World of Warcraft (WoW) is being hit with a new phishing scheme that lets attackers steal players' accumulated "gold" and other treasure by luring players with offers of free "mounts" used in the online game, say security researchers at F-Secure. The link takes the player to a site that looks exactly like World of Warcraft and offers them free "mounts," the fantasy horses that humans would ride or trusted wolf mounts that the Orcs prefer, which have powers like helping move the player more quickly through the game or defend them against monsters. It's an attack that exploits the WoW-based in-game chat to lure a player into clicking on a link. If the victim falls for the "free mounts" phishing fraud and enters his online credentials, the attacker can take over his account and steal all the "gold" or other treasures the player accumulated in the game's progress. "This is like physical property, it can be traded," said Sean Sullivan, security researcher at F-Secure about the value of the online game's items like "gold" and "mounts," which can bring money in auctions in sites in China, for example.

Sullivan added that over two years ago, eBay declared a ban on auctioning WoW items like fantasy "gold," apparently because of the fraud level. The latest phishing scam to hit WoW, which F-Secure describes here, is a new twist on some of the older attacks that made use of malicious banner ads on WoW to try and install trojans on victim's desktops. The current "mounts" phishing scam allows the successful attacker to steal whatever treasures the victim has associated with the WoW account, and then to go after other victims. F-Secure's Internet Security 2010 product recognizes this type of phishing scam and blocks against it, the vendor says.

Microsoft: No TCP/IP patches for you, XP

Microsoft late last week said it won't patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008. The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4. "We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible," said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast , referring to Windows 2000 and XP. "An update for Windows XP will not be made available," Stone and fellow program manager Jerry Bryant said during the Q&A portion of the Webcast ( transcript here ). Last Tuesday, Microsoft said that it wasn't patching Windows 2000 because creating a fix was "infeasible." The bugs in question are in Windows' implementation of TCP/IP, the Web's default suite of connection protocols. In the revised advisory, Microsoft explained why it won't patch Windows XP, the world's most popular operating system . "By default, Windows XP SP2, Windows XP SP3 and Windows XP Professional x64 Edition SP2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability," the company said. "Windows XP SP2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network." Although the two bugs can be exploited on Windows 2000 and XP, Microsoft downplayed their impact. "A system would become unresponsive due to memory consumption ... [but] a successful attack requires a sustained flood of specially crafted TCP packets, and the system will recover once the flood ceases." Microsoft rated the vulnerabilities on Windows 2000 and XP as "important" on Windows 2000, and as "low" on XP. The company uses a four-step scoring system, where "low" is the least-dangerous threat, followed in ascending order by "moderate," "important" and "critical." The same two bugs were ranked "moderate" for Vista and Server 2008, while a third - which doesn't affect the older operating systems - was rated "critical." During the Q&A, however, Windows users repeatedly asked Microsoft's security team to explain why it wasn't patching XP, or if, in certain scenarios, their machines might be at risk. "We still use Windows XP and we do not use Windows Firewall," read one of the user questions. "We use a third-party vendor firewall product. All three of the vulnerabilities highlighted in the MS09-048 update were patched in Vista and Server 2008. Only two of the trio affect Windows Server 2000 and Windows XP, Microsoft said in the accompanying advisory, which was refreshed on Thursday.

Even assuming that we use the Windows Firewall, if there are services listening, such as remote desktop, wouldn't then Windows XP be vulnerable to this?" "Servers are a more likely target for this attack, and your firewall should provide additional protections against external exploits," replied Stone and Bryant. Windows Server 2000 SP4, for example, is to receive security updates until July 2010; Windows XP's support doesn't expire until April 2014. Stone's and Bryant's answer: "We will continue to provide updates for Windows 2000 while it is in support unless it is not technically feasible to do so." Skipping patches is very unusual for Microsoft. Another user asked them to spell out the conditions under which Microsoft won't offer up patches for still-supported operating systems. According to a Stone and Bryant, the last time it declined to patch a vulnerability in a support edition of Windows was in March 2003 , when it said it wouldn't fix a bug in Windows NT 4.0. Then, it explained the omission with language very similar to what it used when it said it wouldn't update Windows 2000. "Due to these fundamental differences between Windows NT 4.0 and Windows 2000 and its successors, it is infeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability," Microsoft said at the time.

IBM offers cheaper Linux mainframe bundles

IBM is introducing new Linux-focused mainframe bundles that it says will provide discounts of up to 80% over previous offerings. But Linux has been a bright spot, with 70% of IBM's top 100 mainframe customers running Linux, according to Gartner. How to really bury a mainframe IBM's mainframe business has struggled in 2009, with year-over-year revenue declines of 26% in the third quarter and 39% in the second quarter. In an attempt to boost falling sales, IBM has taken several steps to lure new customers and capitalize on interest in consolidating Linux workloads on mainframes using IBM's virtualization technology.

IBM also cut prices nearly in half for some specialty Linux processors known as Integrated Facility for Linux (IFL). In IBM's latest move, announced Tuesday, the company is releasing a new mainframe bundle called the Enterprise Linux Server, which starts at a little more than $200,000. The least expensive version includes two IFL processors, plus memory, I/O connectivity, licenses for the z/VM mainframe virtualization software, and three years worth of maintenance. In August IBM released seven hardware, software and services packages which are known as the "Solution Edition Series" and are aimed at specific application workloads like data warehousing and SAP software. The business class version can scale up to 10 IFLs, while the enterprise class machine can scale up to 64. Savings per processor improve the more a customer buys, and can cost as much as 80% less than previous mainframe offerings, according to IBM. The basic $200,000 machine with two IFL processors can run about 50 Linux-based virtual machines, says Reed Mullen, IBM's System z virtualization strategy manager. IBM hopes to lure customers away from competing platforms such as Itanium and Sun's Solaris, he says. IBM partners Novell and Red Hat are offering discounted Linux licenses when purchased with the Enterprise Linux Server.

IBM has been successful in selling more capacity to existing Linux-on-mainframe customers, but has had trouble convincing new organizations of the economic benefits of putting Linux on System z, Mullen says. "We want to target not just existing mainframe clients with this solution, we also want to target non-mainframe clients who are waking up to some of the realities of large-scale server consolidation," he says. "We believe those who have yet to embrace Linux on the mainframe are ready to do so more aggressively." In addition to the Enterprise Linux Server, IBM is releasing two new Solution Edition bundles, one for Linux and one for Chordiant CRM software. Because IBM mainframe's division is struggling, now is a good time for customers to negotiate with Big Blue, Gartner analyst Mike Chuba recently said. While the Enterprise Linux Server is a stand-alone mainframe for new deployments, the Solution Edition bundles add capacity to existing machines, according to Mullen. The Solution Edition bundles represent some of the best deals IBM has offered to date. "If you're going to go into a negotiation with IBM right now and want to get the best price, the first two words out of your mouth should be 'solution edition,'" Chuba said. Follow Jon Brodkin on Twitter.

Data Robotics ships Drobo iSCSI SAN

Data Robotics today released its first iSCSI SAN storage array that, like its other low-end arrays, manages itself and allows any capacity or brand of disk drive to be mixed, matched and exchanged without any downtime. The new system extends the number of Smart Volumes - Data Robotics' thin provisioning that pools capacity from all eight drives - so users can now create as many as 255 virtual storage volumes, up from 16 volumes in the current Drobo model. Data Robotics' DroboElite offers automated capacity expansion and one-click single- or dual-drive (RAID 5 or 6) redundancy for Windows, Mac and Linux machines.

The latest addition to the Drobo family of arrays is aimed at the small to mid-size business market and resellers selling into the virtual server space, according to Jim Sherhart, senior director of marketing for Data Robotics. "Virtual servers tend to use a lot of small LUNs (logical unit numbers)," said Jim Sherhart, senior director of marketing for Data Robotics. For example, if a user were to initially set up DroboElite for dual drive failure, he could switch to single-drive failure with one mouse click. The DroboElite is also able to drop from higher to lower levels of RAID with no manual intervention. Users can also change out drives, adding higher-capacity models, in 10 seconds - with no formatting required, according to Sherhart. Tarun Chachra, chief technology officer at marketing company KSL Media , has owned two Drobo USB arrays for about a year and a half.

DroboElite can support VMware environments and advanced functionality including VMotion, Storage VMotion, snapshots, and high availability. He purchased four DroboPro arrays in June for use in two offices for Microsoft Exchange replication and backups for about 16 servers. Chachra said he was impressed that he could simply go out and buy a 1TB, 7,200 RPM SATA drive for $69 and stick it in the DroboElite, saving him money on total cost of ownership on pricier SAS drives. He's also beta testing the DroboElite, which he plans to purchase for backing up his VMware servers because of its higher throughput with dual Gigabit Ethernet ports and greater number of creatable volumes. Chachra has been comparing his existing DroboPros, which can be configured with up to eight 2TB drives, to what he'd previously been using for backups: a Hewlett-Packard AiO400R array with four 500GB drives. The HP array runs the same iSCSI stack as the DroboPro, but it uses Windows 2003 Storage Server as a backup and replication application.

Chachra said the DroboPro cost about $3,500 compared with the AiO400, which cost $5,219. The HP array was set up for RAID 5 right out of the box and couldn't be changed; the DroboPro offers both RAID 5 and 6 interchangeably. The HP has forced Chachra to reboot his backup server every three days or so because it would hang up and couldn't handle bandwidth, he said. "We don't have huge IT teams looking at servers, so it's better for us to have something that can tolerate a higher driver failure rates," he said. "We also don't stock a lot of hard drives. The DroboElite also offers a non-automated thin provisioning feature called Smart Volumes that allows users to create new volumes in seconds and manage them over time by pulling storage from a common pool rather than a specific physical drive allocation. The main thing, though, is redundancy and having Exchange available all the time." "I don't know that an enterprise is going to run out and deploy this for 2,000 or 3,000 [users], but for small or mid-size shops, this is cost effective and it works as well as it should," Chachra added. Smart Volumes are also file system aware, which allows deleted data blocks to be immediately returned to the pool for future use.

Geoff Barrall, CEO and founder of Data Robotics, said the DroboElite can deliver cost savings of up to 90% compared to other iSCSI SANs "by combining cost-effective hardware with robust iSCSI features." The DroboElite is currently available starting at a price of $3,499, with multiple configurations selling for up to $5,899 for a 16TB configuration (using eight 2TB drives).

Cloud Engines updates Pogoplug media sharing device

On Friday, Cloud Engines introduced the second generation of its Pogoplug multimedia sharing device. The new version adds several new features. The Pogoplug is designed to plug into your home or small office network and let you access and share content of USB hard drives over the Internet using a standard Web browser.

First off, it now has four USB 2.0 ports instead of one so you can connect multiple USB hard drives or flash drives without the need for a USB hub. It works with H.264 video, as well as common photo types, but doesn't support DRM media. Along with that, there's now support for global search across multiple drives. (It still connects to your router using gigabit Ethernet.) Also new are improved transcoding and wider support for streaming movies on the Web or to an iPhone app; the ability to automatically sync photos, music, videos, and other content from apps such as iTunes and iPhoto; tighter integration with Facebook, Twitter, and MySpace; automatic organization of your music, photos, and videos; and an address book that remembers the e-mail addresses with which you've shared content for future sharing. (Many of the enhancements will be available to current Pogoplug owners as well.) Pogoplug supports OS X 10.4 and higher as well as Windows XP and Vista, and Linux; Safari, Firefox 3, IE 7, IE 8, and Chrome Web browsers; and hard drives formatted as NTFS, FAT32, Max OS Extended Journaled and non-Journaled (HFS+), and EXT-2/EXT-3. Although there are no specific bandwidth requirements listed, the company says that a typical DSL connection (with 512 Kbps upload speed) works fine. Cloud Engines expects to ship the new Pogoplug before the end of the year for $129, and is currently taking pre-orders.

Ciena to buy Nortel unit for $521 million

Ciena has agreed to acquire Nortel's Metro Ethernet Networks business for approximately $521 million in cash and stock. The two companies earlier this week confirmed they were in an advanced stage of negotiations for the sale.  Ciena will pay $390 million in cash and 10 million shares of Ciena stock for Nortel's MEN business. Hottest tech M&A deals of 2009 The MEN business includes Nortel's optical networking and Carrier Ethernet assets.

Ciena's stock closed yesterday at $13.05. The product and technology assets to be acquired include Nortel's long-haul optical transport portfolio, including the 40G/100Gbps systems; metro optical Ethernet switching and transport solutions; Ethernet transport, aggregation and switching technology; multiservice SONET/SDH product families; and network management software products. The assets to be acquired generated approximately $1.36 billion in revenue for Nortel in 2008 and $556 million in the first six months of 2009. Nortel says it has deployed 430,000 optical nodes to more than 1,000 customers in 65 countries, making Nortel – along with Ciena – one of the leading optical transport and switching vendors worldwide. "We believe this transaction will position us for faster growth by giving us greater geographic reach, broader customer relationships and a deeper portfolio of solutions," said Gary Smith, Ciena's CEO and president, in a statement. "We believe we are best positioned to leverage these assets, thereby creating a significant challenger to traditional network vendors." Ciena says it expects to offer employment to at least 2,000 Nortel employees, which represents more than 85% of Nortel's optical networking and Carrier Ethernet workforce. The agreement also includes all patents and intellectual property that are predominantly used in the businesses, and provides for the transition of substantially all of Nortel's Optical Networking and Carrier Ethernet customer contracts. As of July 31, Ciena employed 2,110. Nortel's bankruptcy: A long time coming "Today's announcement is a positive step forward for the future of Nortel's Optical Networking and Carrier Ethernet customers and employees," said Philippe Morin, Nortel MEN president, in a statement. "The sale of these businesses to a strong and stable buyer enables the innovation of one of the foremost leaders in the optical industry to continue to thrive." The transaction is subject to a "stalking horse" competitive bidding process and requires the approval of the United States Bankruptcy Court for the District of Delaware and the Ontario Superior Court of Justice Ciena expects hearings before those courts to approve bidding procedures, break-up fee and expense reimbursement will be held within the next several weeks, followed by a bid period and a potential auction, with final sale hearings to be held thereafter. Nortel is liquidating assets after having failed to restructure the company under Chapter 11 bankruptcy as a viable telecom competitor.

The transaction is also subject to customary closing conditions, including receipt of necessary regulatory approvals. To date, Nortel has sold its CDMA and LTE wireless assets to Ericsson for just more than $1 billion and its Enterprise Solutions business to Avaya for just less than $1 billion. It's also looking to sell its GSM wireless business.