Apple Inc.’s CEO Steve Jobs took center stage at the Macworld Conference and Expo today to introduce what he called “the world’s thinnest notebook,” dubbed the MacBook Air.

The new laptop, which is priced starting at $1,799 and will ship in two weeks, was the final, and flashiest, of the new products and upgrades that Jobs touted in a 90-minute keynote at Macworld, which opened yesterday in San Francisco. He also talked up a new wireless backup device called the Time Capsule, spelled out changes to the iPhone that will be delivered later today via a firmware update, and announced the relaunching of Apple TV, which now features a lower price and movie downloads via iTunes.

“There were no surprises today,” said Ezra Gottheil, an analyst with Technology Business Research Inc. “But it was execution, execution, execution. Apple’s listening to its customers and then executing.”

None of the announcements could have come as a shock to Apple fans who had followed the rumor and gossip mill during the past few weeks, and as several analysts noted last Friday, the MacBook Air was the biggest of the bunch.

The new laptop, small enough for Jobs to pull from a manila envelope, takes the tape at just 0.16-in. at its thinnest on the keyboard-side edge, and no more than 0.76-in. at the hinge. It weighs about three pounds

Even Jobs recognized the big-ticket price of the flash drive. “They’re pricy, but they’re fast,” he told the Macworld crowd.

The subnotebook sports several features new to Apple’s portable line, including a multi-touch trackpad that relies on the same gestures as the iPhone, and one feature notable for its absence. “What you’re not going to find is an optical drive,” Jobs said. “You can buy this accessory, it’s USB powered, it costs just $99, it’s very compact. But you know what? We don’t think most users will miss the optical drive, or will need the optical drive.”

Instead, MacBook Air users will be able to “borrow” the optical drive of a nearby PC or Mac via a wired or wireless network to install software from a CD or DVD, or rip tunes from an audio CD. The feature, dubbed Remote Disc, is software that comes on the MacBook Air and also installs on the secondary PC or Mac.

Security researchers have released code showing how a pair of widely used technologies could be misused to take control of a victim’s Web browsing experience.

The code, published over the weekend by researchers Adrian Pastor and Petko Petkov, exploits features in two technologies: The Universal Plug and Play (UPnP) protocol, which is used by many operating systems to make it easier for them to work with devices on a network; and Adobe Systems’ Flash multimedia software.

By tricking a victim into viewing a malicious Flash file, an attacker could use UPnP to change the primary DNS (Domain Name System) server used by the router to find other computers on the Internet. This would give the attacker a virtually undetectable way to redirect the victim to fake Web sites. For example, a victim with a compromised router could be taken to the attacker’s Web server, even if he typed Citibank.com directly into the Web browser navigation bar.

“The most malicious of all malicious things is to change the primary DNS server,” the researchers wrote. “That will effectively turn the router and the network it controls into a zombie which the attacker can take advantage of whenever they feel like it.”

Because so many routers support UPnP, the researchers believe that “99% of home routers are vulnerable to this attack.”

In fact, many other types of UPnP devices, such as printers, digital entertainment systems and cameras are also potentially at risk, they added in a FAQ Web page explaining their research.

The attack is particularly worrisome because it is cross-platform — any operating system that supports Flash is susceptible — and because it is based on features of UPnP and Flash, not bugs that could be easily fixed by Adobe or the router vendors.

Users could avoid this attack by turning UPnP off on their routers, where it is normally enabled by default, but this would cause a variety of popular applications, such as IM (instant-message) software, games and Skype, to break and require manual configuration on the router.

Adobe could make changes to Flash to mitigate the problem, but attackers could most likely also launch this attack using another technique, known as DNS pinning, said Aviv Raff, a researcher who has also blogged about the attack.

“This is a critical issue,” he said in an IM interview. “People should turn off UPnP in their devices, and vendors should put UPnP disabled by default in the devices they deliver.”

Although this could make life difficult for nontechnical users, Raff believes it would be worth the effort. “It’s better than having your traffic owned by malicious people,” he said.

However, another security expert said that turning off UPnP would be overkill, considering that online criminals have not even begun using this attack. “Look…, if you get hit by a meteor, it’s devastating,” said Roger Thompson, chief research officer with Grisoft, via IM. “But no one goes around building meteor shelters.”

Intel has developed a white-box blade server based on standardized components, instead of specialized parts usually used to produce such systems.

Called Clear Bay, the server is based on the Server System Infrastructure Forum’s Modular Server Specification announced last July.

The Modular Server Specification lays out standards for blade servers and, where possible, aims to use off-the-shelf components for connectors, power supplies and heat sinks. The aim is to bring down the cost of blade servers — which are denser and generally easier to manage than rack-mount systems — and make them available to a wider range of users, including small businesses.

Clear Bay is based on a 6U-high blade chassis that can support up to six two-way server nodes running dual- or quad-core Xeon processors, 14 hard disk drives, two storage control modules, a management module and two Ethernet switch modules. The platform includes Intel’s Multi-Flex Technology, a set of management and storage technologies. It also includes virtual storage mapping, an integrated storage-area network, diagnostics and single sign-on, among other technologies.

Officially known as Intel Modular Server Products, the Clear Bay platform is intended to be assembled and sold by local manufacturers instead of top server vendors like IBM or Hewlett-Packard Co.

Pricing for servers based on the Clear Bay platform wasn’t immediately available. But Intel expects pricing for Clear Bay servers to be similar to rack-mount servers, based on the same processor and configuration.

A small-town mayor is in jail in Newton County on four counts of soliciting sex over the Internet from a police detective posing as a 13-year-old girl.

Police said 62-year-old Allen Kauffman was arrested Friday and remains in jail on $50,000 bond.

Kauffman is the mayor of Collins, a town of about 200 people in St. Clair County about 50 miles northwest of Springfield.

Police said Kauffman was arrested after an investigation by police in Diamond in Newton County.

Court records show Kauffman did not have an attorney as of Monday morning. A phone message left at his home was not immediately returned.

Diamond police said Kauffman is married and serves as a pastor of the Temple Lot Church in Collins.

Big dinosaurs, like humans, reached sexual maturity during the messy growth spurts of adolescence, according to a new study. The reproductive strategy of dinosaurs was unlike that of their reptilian ancestors or their bird descendants, the study concludes.

“They are growing really fast and yet maturing early,” said Sarah Werning, a graduate student in paleontology and integrative biology at the University of California, Berkeley.

“Among living animals, the only things that do that are medium- to large-size mammals, including us.”

Though reptiles like crocodiles reach sexual maturity before they are fully grown, they grow slowly. Birds grow to their full adult size within a year but delay sex for a year or longer, Werning noted.

She and colleague Andrew Lee, now at Ohio University in Athens, report the finding in tomorrow’s issue of the journal Proceedings of the National Academy of Sciences.

Growth Rings

Like tree trunks, dinosaur bones have annual growth rings, Werning said.

The researchers were studying these rings in the bones of the meat-eater Allosaurus and the plant eater Tenontosaurus to determine how fast they grew at different points in their lives.

In a specimen of each type of dinosaur, the team happened upon a type of calcium-rich tissue called medullary bone. Modern-day birds also produce this type of bone prior to laying eggs.

The finding indicates that both the Allosaurus and the Tenontosaurus died shortly before laying eggs—and therefore that they were able to reproduce at the times of their deaths.

“They wouldn’t be ovulating if they weren’t of reproductive age,” Werning noted.

The researchers added this onset of sexual maturity to their growth graphs and found that the dinosaurs were reaching sexual maturity in the midst of a teenage growth spurt. “They are definitely not juveniles, but they are not fully grown yet, and they are also going through a time of really rapid growth … it’s very similar to what we call adolescence,” Werning said.

The team also confirmed that a Tyrannosaurus rex bone that North Carolina State University paleontologist Mary Schweitzer found in 2005 contained medullary tissue when it died at 18.

(Related: He Rex or She Rex? Experts Find Way to Tell Dino Gender [June 2, 2005].)

All three types of dinosaurs had life spans of about 25 to 30 years. But they didn’t reach full adult size until age 20 to 25. Waiting until they were fully grown to reproduce would have been risky, according to Werning.

“It makes a lot of sense that [dinosaurs] wouldn’t have the same strategy as birds,” she said.

Birds Are Unique

The finding complements research published last year that showed that birdlike dinosaurs—discovered sitting on their eggs just like birds do—also had sex as teenagers.

“What Sarah and Andrew have done in their paper is find exactly the same thing but in a different group of dinosaurs and by using a different marker of reproductive maturity,” said Kristi Curry Rogers, a paleontologist at Macalester College in St. Paul, Minnesota.

Curry Rogers is a co-author of the 2007 birdlike-dino study with Gregory Erickson, a paleontologist at Florida State University.

She said both studies highlight the uniqueness of sexual maturity in birds.

“[Bird] evolution is a very fascinating mosaic of characteristics that deserves a lot more study,” she said. “We’re still at the beginning of teasing apart all the fine details.”

Respected source: www.nationalgeographic.com

In a quick turn-about, Microsoft Corp. made the newest tweak to Windows Vista Service Pack 1 (SP1) available to the public on Friday.

Just two days earlier, the new version, dubbed Windows Vista SP1 RC Refresh, had been handed out to a group of about 15,000 testers who had been working with the service pack for several months. At the time, Microsoft said the refresh was “not available for public download.”

Friday, it changed its mind, and posted instructions on its Web site for downloading and installing the new code using the Windows Update service.

According to the “Windows Vista Service Pack 1 RC Refresh Public Availability Program,” users must uninstall Vista SP1 Release Candidate — the earlier version offered to the general public a month ago — before attempting to download and install the refresh.

The refresh requires the same time-consuming, multiple-reboot process used by Vista SP1 RC in December. Also, users who have uninstalled that version must wait an hour before beginning the laborious update. “The installer service needs to clean up and complete the uninstall prior to installing the RC,” said instructions posted no the Web. “Failing to do this can result in installation errors when installing the RC version.”

Three prerequisite updates are also required before SP1 can be installed; Windows Updates feeds them to the PC prior to downloading SP1, with a reboot after each. One of the prerequisites is a patch Microsoft mistakenly sent to all Vista users’ PCs last week when it meant to send it only to machines running Vista Enterprise or Vista Ultimate.

The company, which has slated Vista SP1 for final delivery this quarter, said as recently as Thursday that the update remains on track.

Google responded on Friday to a lawsuit filed against it by Northeastern University, denying claims that its search service infringes on patented technology.

Google denied all charges in the suit, which was filed jointly by Northeastern, of Boston, and a search technology company called Jarg, of Waltham, Massachusetts. Google also filed a counterclaim asking the court to dismiss the patent as invalid.

The suit was filed in November in the U.S. District Court for the Eastern District of Texas. It seeks an injunction preventing Google from further infringement, as well as royalty payments and damages.

The patent in question describes a distributed database system that breaks queries into fragments and distributes them to multiple computers in a network to get faster search results.

The plaintiffs say that Google uses this system to run its search engine, and that the system was invented by Kenneth Baclawski, an associate professor at Northeastern and one of Jarg’s founders. Northeastern was awarded a patent for the system, which it has licensed exclusively to Jarg.

In its response Friday, Google argued that the patent is invalid and should not have been awarded in the first place. It cites various sections of U.S. patent law, including those that deal with the novelty of an invention and prior art. It also cites the doctrine of “laches,” which essentially requires plaintiffs to file lawsuits in a timely manner.

Its counterclaim, asks the court to declare the patent invalid and unenforceable.

Both parties have requested a jury trial and legal experts have said the case could be resolved in 18 months to two years.

The U.S. patent, number 5,694,593, is dated Dec. 2, 1997, and can be viewed by searching the Web site of the U.S. Patent & Trademark Office. U.S. patent law is also described on the USPTO Web site in this PDF file. Google’s reply cites sections 101, 102, 103 and 112.

Microsoft has fixed a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack.

The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel. Microsoft also released a second update for a less-serious Windows flaw that would allow attackers to steal passwords or run Windows software with elevated privileges.

The critical bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft says that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system.

Security experts say that there is no known code that exploits this flaw, but now that the patch has been posted, hackers can reverse-engineer the fix and develop their own attack code.

Because IGMP is enabled in Windows XP and Vista by default, this bug could be used to create a self-copying worm attack, Microsoft said Tuesday.

“Theoretically this is wormable and that’s why this is rated critical,” said Tim Rains, security response communications lead with Microsoft. However, Microsoft does not believe that hackers will have an easy time developing attack code that will work reliably. “We’ve done a thorough analysis of the vulnerability and we’ve come to the conclusion that there are several technical mitigating factors that make it unlikely to get reliable remote code execution,” Rains said.
What Windows Uses Protocol For

Windows uses the IGMP protocol for many popular consumer applications such as streaming video, multiplayer games and universal plug-and-play, but the protocol is usually blocked at the router. A derivative of IGMP, MLD is the multicast protocol used by IPv6 systems and is enabled on Vista by default

“If it became a worm it could take over an internal network pretty quickly, or at least all the machines where multicast is enabled,” said Eric Schultze, chief technology officer with Shavlik Technologies. “But this one is going to be mitigated because a lot of people have blocked multicast.”

While not a huge risk, the first Trojan for the iPhone has been discovered. The first reports came from iPhone enthusiast site Modmyifone.com and were later confirmed by security research company F-Secure.

The Trojan specifically targets users that have modded their iPhone so they can install third-party applications. The application masks itself as an update to Erica’s Utilities and is labeled as “113 prep.”

According to Modmyifone.com all the app does is say “shoes.” However, when uninstalled, the application removes files from the /bin directory on the iPhone, breaking valid apps like Sendfile and Erica’s Utilities.

The Web site hosting the application was taken offline soon after it was discovered, reports F-Secure.

“Hopefully this serves as a warning for those who have opened their iPhones using a security hole in the system and then installing unverified software without a second thought to what they are doing,” said F-Secure on its Web site.

F-Secure reported that it was an 11-year-old kid playing with XML files who created the Trojan. “Next time it might be someone else with more skills and with specific target,” they said.

Hardware enthusiast site [H]ard|OCP (no, I’m not trying to sound trendy, that’s how it’s spelled) has exclusive pics of Nvidia’s sequel to the company’s SLI-on-a-card 7950 GX2. Think die shrink to 65nm, think launching “in late February or early March,” think “at least 30% faster than an 8800 Ultra,” and think “Quad SLI” support.You can have a look at [H]’s exclusive pics for yourself, but they don’t reveal much beyond the fact that it looks big and omni-grilled and totally shrouded in black-metal mystery.

A mix of speculation and overseas sourcing on [H]’s part, here’s what they’re listing as a few of the likely specs.

- 1GB Frame Buffer

- Two PCBs

- Two 65nm GPUs

- 256 Stream Processors

So fast, and power-hungry, and despite the die shrink, ostensibly case-space chewing as well as probably still pretty toasty, in other words.

Note that it’s not called a 9800 GTX, which if we’re placing bets on naming conventions driving product lines, suggests to me that we’re not looking at the official successor to the 8800 GTX. Then again, [H]’s source says it’s a “9800″ GX2 and not an “8950″ GX2, which if all of the above is more or less true could simply mean “sea change.”

Bear in mind most or all of this information could turn out to be wrong, but in the meantime, enjoy the rumor du jour