American Airlines Officially Rolls Out In-flight WiFi

American Airlines today became the first airline to offer onboard WiFi service for its fliers. As expected from previous reports, the Aircell Gogo service will be available for passengers willing to pay the $12.95 surcharge for flights that are more than three hours in length.

Nonstop flights on Boeing 767-200 aircraft flying between New York and Los Angeles, New York and San Francisco, and New York and Miami will have the new WiFi service. American Airlines planned on launching the WiFi service on the 15 Boeing aircraft last month, but it was delayed because the system had to be modified.

Each Boeing plane is connected to the WiFi network via ground-based systems through an air-to-ground network. The planes receive signals from cell towers already in use, which makes the service cheaper for the fliers. Passengers must wait until the plane reaches 10,000 feet in elevation before signing up for the service.

Talking on cell phones is still prohibited and VoIP has been disabled for all flights, Aircell previously stated. Aircell will charge $9.95 for all flights three hours or less, and its pricing outline is for all airlines that use its service.

The service will be available on more flights after an initial testing phase of three to six months.Delta Air Lines confirmed it will begin testing a WiFi service in the fall, with Alaska Airlines, Jet Blue, Southwest Airlines and Virgin America also have in-air WiFi tests in the works.

Delta will use Gogo for its first class and economy passengers starting sometime in 2009, on at least 330 Delta aircraft. Several airline companies in Europe and Asia have been testing WiFi and cellular phone use while in flight, with varying results thus far.

Experts discover major Internet flaw

LOS ANGELES, (UPI) --

U.S. security experts have discovered a major flaw in the design of the Internet's address system that affects virtually every corporate computer network.

The flaw in the Domain Name System could allow hackers to steer most people using corporate networks to malicious Web sites, The Los Angeles Times reported Wednesday.

So far, hackers haven't taken advantage of the flaw, and the security experts say every major software company affected is in the process of issuing patches to fix the problem.

The man who discovered the flaw, Dan Kaminsky of the Seattle-based security firm IOActive Inc., says he hopes the patches will be broad enough that hackers won't be able to reverse-engineer them.

"We got lucky in this particular bug, because it's a design flaw," says Kaminsky. "It shows up in everyone's network, but the fix is a design fix that doesn't point directly at what we're improving."

Kaminsky says it took only a couple of hours to find the flaw but fixing it will take several months.

Microsoft Unveils New Internet Explorer Security Features

Coming to IE8 is a set of cross-site scripting defenses to defeat hackers looking to steal cookies and browser history, logging keystrokes, stealing credentials, or just evading phishing filters.

By J. Nicholas Hoover InformationWeek

Internet Explorer's getting a little bit safer. Microsoft Wednesday unveiled significant new security features that will be in the next version of the company's Web browser, Internet Explorer 8, currently in public beta testing.

From Microsoft's standpoint, any improvement in security is a plus, and the company seems to be taking that to heart with Internet Explorer 8, which includes a slew of new or upgraded security features. In the past, Microsoft has been heavily criticized for its browser security, while its chief competitor, Mozilla Firefox, has been largely lauded.

One of the most important new features in IE8 is a set of cross-site scripting defenses to protect the browser against the most common type of these attacks, known as "reflection" attacks, wherein transmitted data is sent back to the attacker. During these attacks, hackers could be stealing cookies and browser history, logging keystrokes, stealing credentials, or just evading phishing filters.

Internet Explorer 8 will also have what Microsoft's calling the SmartScreen Filter, which has been previously announced, but is more than Microsoft originally let on. It's an upgraded version of the phishing filter found in Internet Explorer 7 with a twist. It now includes malware protection, a feature also found in the latest versions of Mozilla Firefox and Opera.

When users visit a site that's been reported by any one of a number of third-party data providers as a phishing or malware-laden site, they'll be greeted with a big red background and a warning. That's an upgrade over the anti-phishing user interface in Internet Explorer 7, which Microsoft tests found looked too much like a potentially less harmful page that just has security certificate errors.

The warning has options either to go to the user's home page or to "disregard and continue," though the first option is in much bigger text. Businesses will be able to set policy so that "disregard and continue" doesn't show up as an option. The anti-malware protection will also block suspicious downloads.

Several third-party data feeds will provide Internet Explorer with the information needed to block phishing and malware-laden Web sites. Microsoft gets data on reported phishing sites from seven providers, though it's not yet clear where it will get data on sites reported to contain malware.

Microsoft's already announced a number of security features for Internet Explorer 8. For example, the browser has a number of anti social engineering features. It will highlight domain names in the URL bar to help prevent URL spoofing, like when an e-mail tells the recipient to click on a site that's represented as a PayPal site, but is really a malicious one. There's also an additional anti-phishing feature, where a dialogue that catches certain site characteristics sets off a red flag even when the site isn't in IE's anti-phishing data feeds.

There are several new browser-based security features, including improvements to ActiveX dialogues and control. There are now several levels of security for ActiveX controls. With per user control, users can download and install a control and it will run whenever it wants. An opt in level allows users to decide whether the control should run each time it wants to. ActiveX kill bits can stop a control from loading at all, and per site control means a control can only be invoked by one particular Web site.

Data Execution Prevention helps mitigate many memory-related attacks, including buffer overruns, by blocking code execution from running in protected memory. Several other features, including cross domain request and cross domain messaging, are aimed at preventing attacks from taking place in mash-ups or any time two Web sites have to exchange information.

Cisco Ogles Russian Startups

More than a year after announcing its intention to invest in some Russian startups, Cisco Systems Inc. has revealed a few details about its plans and partners.

The IP giant has contributed the "anchor investment" for a $60 million venture capital fund that will be managed by Almaz Capital Partners.

We thought that meant Cisco was supplying some nautical equipment, but that's its way of saying it's not revealing exact amounts: "Cisco is a significant contributor to that $60 million," says a spokesman for the San Jose, Calif., behemoth.

Cisco's not the only "significant" investor, though: Its contribution is being matched by Moscow-based UFG Asset Management.

The fund is focused on "high-growth small and medium-sized companies in the technology, media, and telecommunications sectors" in Russia and the Commonwealth of Independent States (CIS).

But that's not the limit of Cisco's ambitions in the region. "Cisco will pursue investment opportunities in technology-related start-ups in the region, both directly as well as indirectly through this regional venture fund."

And it's already made a direct investment, having taken a stake in Russian online retailer Ozon .
The move comes as operators in Russia and the CIS invest more and more of their capex budgets in state-of-the-art broadband fixed and mobile networks, a trend that's attracting other vendors too.

Wireless Internet Coming to Inside of Chrysler Vehicles

And you thought surfing the web on a plane was already pretty cool. Soon, you may be able to watch the newest YouTube videos, read up on some terrific fighting games, and check up on the latest Mobile Magazine articles while cruising over to your family's summer cottage.

Starting with 2009 model year cars, Chrysler will begin to offer in-car wireless Internet access. According to the LA Times, the wireless access will be powered by a 3G data connection that can then be translated to a moving Wi-Fi signal. The service is called UConnectWeb and it will officially be unveiled tomorrow. Watching YouTube is probably more fun than crappy DVDs any day.

Naturally, UConnectWeb is not being targeted at the driver. He should be keeping his eyes on the road. The wireless web should only be used by the increasingly bored passengers.

Firefox 3.0 Doesn't Focus On Business IT

However, a lack of enterprise support won't stop employees from downloading and using the browser on their own, with or without the backing of IT.

By J. Nicholas Hoover

Mozilla released Firefox 3.0 this week, but don't expect the new version to come entirely business-ready. The company's approach is to keep the end user first in mind, not the IT manager.

"Give people the things they want and then they'll take it into the enterprise," Mike Schroepfer, Mozilla's VP of engineering, said in an interview. "Our approach for a long time now has been pull rather than push." Mozilla has no enterprise sales or support staff to speak of, and the company relies on third-party add-ons such as FrontMotion Firefox MSI, CCK Wizard, or FirefoxADM for business features like centralized deployment and management. >more

38 in US, Romania Charged in Phishing Schemes

Grant Gross, IDG News Service

Thirty-eight people in the U.S. and Romania have been charged in two indictments alleging they used complicated Internet phishing schemes to steal thousands of credit and debit card numbers, U.S. and Romanian authorities announced Monday.

The indictments, in U.S. District Court for the Central District of California and the District of Connecticut, focus on two related phishing schemes with ties to organized crime, the U.S.

Department of Justice said. Phishing involves sending e-mail messages that look like official correspondents from banks or credit card vendors in an attempt to get recipients to go to a fake Web site and enter their account numbers.

A grand jury in Los Angeles charged 33 people for their alleged participation in a scheme that targeted thousands of individual victims and hundreds of financial institutions. The 65-count indictment was unsealed Monday. Seven people were charged in a Connecticut indictment for their roles in an Internet phishing scheme, including two who were charged in the Los Angeles case.

U.S. authorities were acting on nine arrest warrants in the Los Angeles area and Romanian authorities acting on search warrants there Monday in connection with the racketeering indictments.

Among the charges in the Los Angeles indictments are conspiracy to violate the Racketeer Influenced and Corrupt Organizations (RICO) Act; conspiracy in connection with access devices; unauthorized access to a protected computer; bank fraud; and aggravated identity theft.

The RICO conspiracy charge carries a maximum prison sentence of 20 years, bank fraud has a maximum sentence of 30 years, and device fraud conspiracy has a maximum sentence of seven and a half years. The unauthorized access count carries a maximum prison sentence of five years, and aggravated identify theft carries a mandatory two-year prison sentence.

The Romanian members of the organization obtained thousands of credit and debit card accounts and other personal information through phishing, according to the indictment. The group sent more than 1.3 million spam e-mail messages in one phishing attack, the DOJ said.
The Romanians collected the victims' information and sent the data to cashiers in the U.S.

through Internet chat messages, the DOJ said. The U.S. cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards. Cashiers then directed other criminals called runners to test the fraudulent cards by checking balances or withdrawing small amounts of money at ATMs.

The cards that were successfully tested were used to withdraw money from ATMs or point-of-sale terminals with the highest withdrawal limits, the DOJ said. Part of the money was then wire transferred to the supplier in Romania.

Seuong Wook Lee, a cashier in the scheme, pleaded guilty on May 15 in U.S. District Court in Los Angeles to racketeering conspiracy, bank fraud, access device fraud and unauthorized access of a protected computer, the DOJ said.

In the related Connecticut case, seven Romanian resident were charged in an indictment returned by a grand jury in New Haven on Jan. 18 and unsealed Friday. The indictment alleges the defendants used a phishing scheme to commit fraud in connection with access devices, conspiracy to commit bank fraud and aggravated identity theft.

The Connecticut investigation came from a state resident's complaint about a fraudulent e-mail message made to appear as if it originated from Connecticut-based People's Bank. The e-mail message directed victims to a computer in Minnesota that had been compromised and used to host a counterfeit People's Bank Internet site.

Investigators found that the defendants had targeted several banks and other companies, including Citibank, Capital One and PayPal.

On April 23, U.S. Attorney General Michael Mukasey announced a strategy to combat international organized crime.

"Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either," Deputy Attorney General Mark Filip said in a statement. "Through cooperation with our international partners, we can disrupt and dismantle these enterprises, just as we have done today with these indictments and arrests."