Laptop Fire At Airport Probably Result Of Bad Battery

A Lenovo laptop computer that burst into flames at Los Angeles International Airport (LAX) last Saturday was most likely the result of a defective Sony battery, according to a Lenovo spokesman.

“We can confirm that laptop was a Thinkpad T43 with a Sony battery — the same Sony battery that was subject to the recent recalls [by Dell and Apple Computer],” Gorman said. The defect in those batteries is caused by a short circuit that occurs when microscopic metal particles break through the lithium ion cell wall and make contact with a battery anode, Sony said.

“Our first priority is public safety, so we’re taking this incident very seriously,” he said. “We’re investigating it thoroughly.”

Within 12 hours of the incident, Lenovo had a team at the airport, Gorman said. They took the notebook and flew it to the Lenovo lab in Japan.

“They’re looking at it further right now,” he said.

An unidentified witness who said he was a passenger on another flight, posted an account at the Something Awful Web site.

“We should know more about this in the next couple of days,” Gorman said. “But the investigation will take another 24 to 48 hours and then we will do whatever is in the best interests of our customers.”

Explorer Security Hole About To Go Global

The unpatched Internet Explorer exploit discovered in the wild this week could quickly spread to thousands of malicious websites as soon as this weekend, warn security researchers.

The exploit, which takes advantage of a bug in the way Explorer 6 and earlier versions handle VML, has been turned into a module in a Russian exploit toolkit called WebAttacker, researchers have confirmed. WebAttacker is designed to make it a simple matter to build a malicious website, even assessing the visitor’s operating system and browser version and choosing the most effective exploit to use.

The VML flaw has been built into the latest version of WebAttacker, according to Sunbelt Security, Symantec and others.

While only about 20 sites are currently hosting the exploit, as many as 10,000 sites either host or point to various versions of WebAttacker, said Dan Hubbard, head of research at security company Websense, according to a report. That means the number of sites hosting the VML bug could quickly rise if WebAttacker users decide to upgrade.

The process seems to have begun already, with Internet Security Systems’ X-Force research lab reporting on Wednesday that the number of sites hosting the exploit had trebled in a day.

Researchers also noted that a second generation of the exploit appeared a few hours after Sunbelt first noticed the original exploit. The upgrade delivers more malware once systems have been penetrated.

The exploit is continuing to evolve rapidly, researchers said. Proof of concept code has appeared for a version that would do away with the use of scripting, which would mean users couldn’t protect themselves by disabling scripting in Explorer, and would make it easier for the exploit to be delivered via an HTML email.

Microsoft said in an advisory that it is aware of the attacks and is putting the finishing touches on a patch, but doesn’t expect to deliver the patch before the usual monthly patch date – 10 October. The company said it may deliver the patch earlier if needed.

The last time Microsoft delivered an out of cycle patch was early this year, for the WMF flaw. The company doesn’t deliver out of cycle patches unless the threat is massive and ongoing.

In its advisory, Microsoft recommended users protect themselves by disabling scripting in Explorer, something that could be ineffective against future versions of the exploit. Also in the advisory, Microsoft explained how to disable the vulnerable Vgx.dll from the command line.

Another way of getting around the problem is to use another browser, say security experts.

Usb Flash Drives Are Failing

USB flash memory drives are experiencing an increase in product failures as a result of quality-control problems, and the wildly popular replacements for floppy disks could be facing other problems related to fragmentation, according to industry experts.

Recent Gartner numbers indicate that 88.2 million USB flash drives were shipped in 2005, and 115.7 million will be shipped in 2006. While these portable nonvolatile storage units don’t last forever, single-level cell NAND flash drives are commonly acknowledged to last for an average of 100,000 read-write cycles, which is an infinite amount for most users.

However, according to Alan Niebel, a semiconductor analyst at Web-Feet Research, fragmentation is becoming more of a threat, especially as USB flash memory sizes grow. “Flash disks will soon encounter fragmentation problems and a need to arrange the data in order to prevent problems,” Niebel said.

“Like mechanical disks, flash disks have their own technical limitations, so it will be wise to measure the fragmentation level on flash disks in order to avoid unnecessary writes on the media,” he added.

Koby Biller, founder of the Israeli software firm, Disklace, also believes USB flash drives need to be measured for fragmentation and then defragged before the damage to memory reaches a point of no return. A former systems engineer with IBM, Biller has 27 years experience working on a variety of IT systems.

“It’s like cholesterol, people don’t measure it until their life spans start to be shortened,” Biller said.

According to IDC, fragmentation occurs when documents are created and then saved or erased.

When a file is first created and saved onto a hard drive or disk, it is stored in contiguous clusters. When the file is later recalled, the head, which reads the information, moves from one cluster to another on a single track. As files are added, they are also set in contiguous clusters. When files are erased, the cluster space they occupied becomes available and is filled as new files are created.

When the new files are larger than the available contiguous space, the information in those files gets broken up and is randomly placed on the disk, and files start to become fragmented. Eventually, the situation deteriorates to the point where performance is severely impacted and files take disproportionate long times to open.

Biller said that problems related to fragmentation are not communicated to consumers, so consumers aren’t defragging their flash drives. While Disklace may have a stake in defragmentation because it sells software that can measure the amount of fragmentation in flash drives, Biller is not the only one issuing warnings.

Fragmentation not the issue
Some industry analysts, such as Gartner’s Joe Unsworth and IDC’s Celeste Crystal, aren’t as concerned about USB flash drive fragmentation. Asked if he believes if defragging flash memory is a good idea, Unsworth said simply, “I’ve not heard of it.”

“It’s not something that has become a very big issue with the USB flash drive market,” Crystal added.

But a problem that is becoming bigger for this technology is manufacturing quality control, according to a recent report by the Australian firm Payam Data Recovery (PDR). Cases of faulty USB flash drives are on the rise the point where there has been a 300 percent year-over-year increase in cases of USB drives that have “suddenly stopped working” as a result of “faults, misuse and an increasing number of poorly manufactured devices on the market,” according to PDR’s study.

“I would expect that you would see an increase in problems with USB flash drives because they’re much more pervasive and there are a lot of companies that are [manufacturing] them these days,” Unsworth said. Many of the companies producing flash memory are based in Taiwan, Singapore and China, and Unsworth said that Asia-Pacific distributors are trying to differentiate themselves on price, which is forcing many market players to follow suit. As a result of this price pressure, some companies are selling products based on inferior flash memory, he said.

Steffen Hellmold, president of The USB Flash Drive Alliance, said he doesn’t believe that fragmentation presents a problem with flash memory, but he does agree that quality control has been an ongoing issue. “There are issues around endurance and longevity,” he said.

“There is a trade-off, obviously, between data endurance, longevity, as well as cost, and you need to know the differences to make the right choice of what it is you want,” Hellmold added.

Lexar recalls JumpDrives
Hellmold, who is also general manager of the OEM products business at flash drive manufacturer Lexar Media, said there have been “some substandard nonvolatile memory being used by some manufacturers that caused data losses in specific geographical regions.”

“For the most part as I understand it, it has been the Asian region as far as people actually experiencing some data loss.” Hellmold said.

Lexar has encountered quality control problems of its own of late (see “Lexar recalls dangerous flash drives “). As of Sept. 8, it was running a public notice of a limited recall of its JumpDrive Firefly and JumpDrive 1GB Secure II flash memory drives, saying it had identified a “potential issue” in the JumpDrive products sold between April 1 and May 31, 2006, in the U.S.

According to Lexar, “Certain configurations of these products have a potential to overheat, creating potential risk of injury and property damage. The potential for the products to overheat was identified by Lexar during testing, and no reports of overheating during use have been reported flash drive owners. All affected products shipped to retailers have been returned to Lexar and most retail stores have already received replacement products and are actively selling them, Lexar said.

Asked how consumers can ensure they are buying the highest quality flash memory drives, Hellmold said it is wise to look for logo certifications and independent product test reports. Unsworth answers the same question by urging consumers to look for brands with widespread recognition such as SanDisk and Kingston Technology Company. He also advises consumers not to go for the lowest price unless it’s from a reputable source. “If you see a product that is too good to be true in terms of price,” he said, “maybe it is.”

Mcafee Apologizes For Bugs In Falcon Roll Out

McAfee has apologized to users for bugs in the company’s new line of client protection software, released last month. In an e-mail sent to some users last week, McAfee Executive Vice President Bill Kerrigan acknowledged that there had been glitches in the roll out. “We would like to extend our sincere apologies to anyone who may have had problems with their computers due to the upgrade,” he wrote. Not all McAfee customers have been given the new software, which is going through a phased roll out, according to a McAfee spokeswoman. However, users who receive software updates from McAfee directly, or who purchased the software in the past month may have had problems, she said. Both McAfee and rival Symantec have been contending with Microsoft’s recent entry into the antivirus market, hoping to stay one step ahead of their new competitor. With this new line of products, code-named “Falcon,” McAfee introduced a new user interface as well as its SiteAdvisor Web site-rating software. McAfee estimates that fewer than 1 percent of customers who downloaded the new software have had difficulties, but the problems they experienced could be annoying. The new software didn’t work well with some ISP (Internet service provider) software, causing browsing slow-downs for some users, the company said. And customers who had disabled firewall protection would be presented with notification messages that could not be ignored, an annoyance for some. Some customers were simply confused by the new user interface, McAfee added. “While we believe no one’s computer protection was compromised, we have worked quickly and hard to resolve the issues,” Kerrigan said. “In fact, we have already sent out an update that automatically fixed the glitches caused by the upgrade.” Customers who have complained about the bugs are being offered a free 3-month extension to their subscription, a McAfee spokeswoman said. The bugs made Web surfing a drag, said Matt Saefkow, a software programmer. “One out of every 10 images would not load unless I refreshed the page a number of times, ” he said. “I was frustrated to the point where I no longer had any interest in trying to fix a program that should have helped my computer stay alive.” Even before this latest update, Saefkow had experienced problems running FTP (File Transfer Protocol) and P-to-P (peer-to-peer) software on his PC, but the Web browsing bug was the last straw, he said. He has chronicled his difficulties with the software on his blog.
He now plans to remove the McAfee software and download a free product, which he hopes will be less of a drain on his PC. “When McAfee itself is causing a computer to feel like it’s affected [by malicious software] that’s counterproductive,” Saefkow said. “I’m not going to be spending money on antivirus.”

Dell Spurns Intel On Desktops, Embraces Amd

Dell has stepped away from long-time supplier Intel, launching one desktop that spurns the chipmaker’s vPro business bundle and two others that use processors from chipmaking competitor Advanced Micro Devices (AMD). Dell will still build its new Dimension E520 (AUD$1,398) desktop PC with a choice of Intel’s Pentium D or Core 2 Duo processors, the company said Tuesday. But for the first time, Dell will offer a choice of AMD’s Athlon and Sempron chips in the new Dimension E521 (AUD$1,348) and C521 (AUD$798) models. For its new OptiPlex 745 business desktop (not available in Australia), Dell said it developed its own bundle of business-friendly technologies instead of using Intel’s vPro platform. Intel has seen strong sales in recent years for bundles of software and hardware such as its Centrino package for wireless notebook PCs. The company launched vPro in September as an effort to extend that strategy to business desktops. The company did not rule out the chance that it might add Intel’s bundle to future desktops, but said vPro had to mature first. “We’ll continue to work with Intel to help them refine the technology,” said Dell’s chief technology officer, Kevin Kettler. He spoke during the company’s annual Technology Day meeting in New York. “There’s still work to be done to drive that technology as a fundamental, strong value for our end customers.” He compared the current vPro bundle to early iterations of hardware-based security in Trusted Platform Module (TPM) chips. “Dell was a slow adopter of TPM, and that’s not because we didn’t know about them or forgot to ask about them. There are some cases where we’ve ultimately used a technology but waited for it to mature a little bit before adopting it,” Kettler said. Dell competitor Hewlett-Packard launched vPro-enabled desktops last week, prompting some analysts to ask why Dell was lagging despite its close relationship to Intel. The answer is that Dell was assembling its own business bundle. The company’s OptiPlex 745 boosts security and eases IT management while reducing power draw. Those are the same selling points as vPro, and the Dell system even uses similar components, like Intel’s new Core 2 Duo processor and a TPM security chip. The difference is that Dell chooses and integrates the remaining pieces, retaining more control over the final product. In October, Dell will add its own Client Manager module to the system, allowing IT managers to remotely boot and troubleshoot thousands of client systems from a single site. Intel does that trick with its Active Management Technology (AMT). Likewise, Dell chose its own partner for security and password protection, using Wave Systems’s Embassy Trust Suite. The PCs are available now.

Yahoo!7 Mail Beta Goes Live

Yahoo!7 has launched the beta version of its revamped mail application, Yahoo7! Mail. The beta boasts a bevy of new features such as a sleek interface that accommodates message previews, an online calendar, email search function and an integrated RSS reader. Instead of being force-fed default news provided by Seven on the Yahoo!7 Mail welcome page, the RSS reader allows users to add and view news feeds from different online sources and blogs. The new interface opens up messages in tabbed windows and has the same drop and drag functionality as seen in many client based email programs. “Email has evolved into a life managing tool, that’s why we’ve incorporated all the daily things people need, such as calendars and news feeds,” Yahoo!7 communications product manager, Mark Helvadjian said. The mail application was rebuilt from the ground up using AJAX (Asynchronous JavaScript + XML), a programming technique that makes Web sites more responsive by enabling new content to be added to a Web page without requiring the entire page to be reloaded. “The AJAX rebuild allows Yahoo!7 mail to provide users with a client-like experience, much as you’d expect from Outlook or Eudora, on the internet,” Helvadjian said. “It not only means quicker load times, but a much more streamlined experience for users.” Helvadjian added it would be possible for users to sync their Outlook and Eudora email clients with the Yahoo!7 Mail calendar and contacts list. Existing and new Yahoo!7 users will be able to shift between the classic Yahoo!7 Mail domain and the new beta interface at the push of a button, but Yahoo!7 would not confirm how long this feature would remain. At this stage, Yahoo!7 Mail beta is compatible with Mozilla and Internet Explorer browsers. However, it is only available on Mozilla for Mac users.

Us Man Pleads Guilty To Copyright Theft

An Erie, Pennsylvania, man involved in a BitTorrent peer-to-peer network has pleaded guilty to copyright infringement and faces up to five years in prison and a US$250,000 fine, the U.S. Department of Justice (DOJ) said. Scott R. McCausland, 24, pleaded guilty to one count of conspiracy to commit copyright infringement and one count of criminal copyright infringement in violation of the Family Entertainment Copyright Act, the DOJ announced Tuesday. He’s scheduled to be sentenced Dec. 12 in U.S. District Court for the Western District of Pennsylvania. McCausland was involved in a BitTorrent peer-to-peer (P-to-P) network previously known as Elite Torrents, the DOJ said. This guilty plea is part of the first U.S. criminal case focusing on a P-to-P network using the BitTorrent technology, the DOJ said. McCausland’s conviction is the third in a series of convictions arising from Operation D-Elite, a federal crackdown against the first providers of pirated works to the Elite Torrents network. At its prime, the Elite Torrents network attracted more than 133,000 members and allowed the illegal distribution of more than 2 million copies of movies, software, music and games, the DOJ said. U.S. federal agents shut down the Elite Torrents network on May 25, 2005, seizing its main server and replacing its log-in Web page with the notice: “This site has been permanently shut down by the FBI and U.S. Immigration and Customs Enforcement.” Within the first week, the message was viewed more than a half a million times. The Elite Torrents P-to-P network offered a virtually unlimited content selection, including illegal copies of copyright works before their availability in retail stores or movie theaters, the DOJ said. For example, the network made available the final entry in the Star Wars series, “Episode III: Revenge of the Sith,” more than six hours before it was first shown in theaters. In the next 24 hours, it was downloaded from the Elite Torrents network more than 10,000 times, the DOJ said.

Vista’s Not So Revolutionary After All Options

I just finished previewing Vista Release Candidate 1 for the Test Center, and I suddenly realized I’m more underwhelmed than I anticipated. A few months ago, in this very column, I used the adjective revolutionary instead of evolutionary. I’m changing my mind. Aero is slick, no doubt about it. But I have to say that the non-Aero interface, which I used on my anemic Gateway M-255E notebook, is slick enough. If Microsoft was going to deploy loads of programming talent to figure out a specific technical issue, I wish it had done it for WinFS or the full version of the Next Generation Secure Computing Base. Instead, I now have a much slicker-looking version of Windows XP … along with significantly increased hardware requirements. I don’t mind the 1GB of RAM baseline so much. But the need for a 3D-accelerator in any PC that wants to run Aero sticks in my craw. Executives will start out seeing reason, but soon enough they’ll want Aero running everywhere. That means fancy-shmancy video cards. And fancy-shmancy video cards mean added complexity, and that means more trouble for the desktop admin set — all for something that really amounts to glitz and little else. Don’t get me wrong: I’m not saying that Vista doesn’t have worthwhile features. The new windows firewall and the UAC (User Account Control) log-in are great. After you figure out where the new menus are going, the new network and system interfaces are cool, too. Windows Defender is a step in the right direction. The snipping tool will be exceptionally useful for tablet users and folks who share information on collaborative Web sites such as those setup via SharePoint. The Sync Center is basically a rehash of the XP SyncToy add-on, but as I like that one, I’m happy that it’s going to be a permanent addition. But all of that really just adds up to a sexier XP experience. The Sidebar gadget-fest, for example, so far amounts to a power user’s toy store. And it’s nothing I can’t get on XP if I’m willing to install something from a third-party, such as Yahoo’s Konfabulator .And Sidebar also urges users to download extras from Microsoft — something that seems to be a theme throughout RC1. Next to Sidebar gadgets, Vista also gives users direct links to downloading Windows Live Mail, Live Messenger, the Live Toolbar for IE7, a link to signing up for Live OneCare, and more. Admittedly, this might be because the RC1 build we got was for the Windows Vista Ultimate SKU, but users of the Professional SKU should still do a careful check to see where their users can download new software before releasing it into production. I feel as though I go through this with every Microsoft OS release: a certain amount of anticipatory excitement when loads of new features are announced, and then a “Where’s the beef?” moment when I actually see it running. I suppose that’s enhanced here somewhat because much of the beef I was hoping for wound up in the butcher’s freezer. As it stands, Vista is a worthy upgrade to Windows XP, but if RC1 is any indication, there’s no need to rush.

Vista’s Not So Revolutionary After All

I just finished previewing Vista Release Candidate 1 for the Test Center, and I suddenly realized I’m more underwhelmed than I anticipated. A few months ago, in this very column, I used the adjective revolutionary instead of evolutionary. I’m changing my mind. Aero is slick, no doubt about it. But I have to say that the non-Aero interface, which I used on my anemic Gateway M-255E notebook, is slick enough. If Microsoft was going to deploy loads of programming talent to figure out a specific technical issue, I wish it had done it for WinFS or the full version of the Next Generation Secure Computing Base. Instead, I now have a much slicker-looking version of Windows XP … along with significantly increased hardware requirements. I don’t mind the 1GB of RAM baseline so much. But the need for a 3D-accelerator in any PC that wants to run Aero sticks in my craw. Executives will start out seeing reason, but soon enough they’ll want Aero running everywhere. That means fancy-shmancy video cards. And fancy-shmancy video cards mean added complexity, and that means more trouble for the desktop admin set — all for something that really amounts to glitz and little else. Don’t get me wrong: I’m not saying that Vista doesn’t have worthwhile features. The new windows firewall and the UAC (User Account Control) log-in are great. After you figure out where the new menus are going, the new network and system interfaces are cool, too. Windows Defender is a step in the right direction. The snipping tool will be exceptionally useful for tablet users and folks who share information on collaborative Web sites such as those setup via SharePoint. The Sync Center is basically a rehash of the XP SyncToy add-on, but as I like that one, I’m happy that it’s going to be a permanent addition. But all of that really just adds up to a sexier XP experience. The Sidebar gadget-fest, for example, so far amounts to a power user’s toy store. And it’s nothing I can’t get on XP if I’m willing to install something from a third-party, such as Yahoo’s Konfabulator .And Sidebar also urges users to download extras from Microsoft — something that seems to be a theme throughout RC1. Next to Sidebar gadgets, Vista also gives users direct links to downloading Windows Live Mail, Live Messenger, the Live Toolbar for IE7, a link to signing up for Live OneCare, and more. Admittedly, this might be because the RC1 build we got was for the Windows Vista Ultimate SKU, but users of the Professional SKU should still do a careful check to see where their users can download new software before releasing it into production. I feel as though I go through this with every Microsoft OS release: a certain amount of anticipatory excitement when loads of new features are announced, and then a “Where’s the beef?” moment when I actually see it running. I suppose that’s enhanced here somewhat because much of the beef I was hoping for wound up in the butcher’s freezer. As it stands, Vista is a worthy upgrade to Windows XP, but if RC1 is any indication, there’s no need to rush.