BLOCKBUSTER Total Access click to activate coupon for $10 off your first month. Free Information on EVault 1-866-928-0735 Cell Phone Boarding Pass Classmates.com Gets Sued Veins Replace Fingerprint ID SDR News is a Daily (M-F) Technology Podcast with Tech News Highlights from Slashdot, Digg and Reddit Click Here to Sign Up for the SDR Newsletter Prefer a Direct Download ? (mp3) Download today’s show. SDR News Links If a news item has disappeared from the Del.icio.us list above, try the full list here. Thumbnail Views: Via Thumblicio.us SEARCH ANY STORY YOU HEAR ON THE PODCAST Apple’s New Opportunity by Andrew McCaskey Apple’s Second Chance Apple has a chance to make another big contribution to the world of podcasting. And, it’s not for any altruistic reason - it is another revenue point just waiting to be tapped. The iTunes Music store happened at the right time to build the base of podcasting - a podcatcher or receiver that interfaced directly with an extremely popular portable player, within a trusted user interface. Apple immediately benefited from a wealth of user generated content, available for free that would draw people to the iTunes music store. The music discovery process on some podcasts undoubtably drove business to the Apple iTunes Music Store. And, as time passed, the independent podcasts were generally replaced (at least in the Top 100) by corporate produced content. Here’s a chance for Apple to make some more money The rumored podcast download capability on the next iPhone software upgrade could be an opportunity for Apple to cash in on a large part of that user generated media. Very simply, use the App store ecommerce engine (already tied to the phone number and credit card) to process monthly subscription payments for podcasts. Say $2 or $3 a month. Then, the podcaster could present two feeds- one feed including advertising content, the other paid subscription being ad free. A listener could make the choice, the podcaster (just like the iPhone app programmer) could receive payment for those listeners who chose to upgrade, Apple could rake 30% off the top, and the listener could elect to listen to the regular program, including ads, just as before. End of the month, the timer points back to the version with ads - or the podcaster could set up annual subscription plans. How About It ? Contact Us CES 2008 Coverage for Tech Podcast Network IR Vein Viewer at NEXTfest Watch Today’s Video Episode Click to view videos submitted or recommended by other SDR podcast listeners. . . If you find a YouTube video that pertains to one of our news items, or have produced an item that would be of interest to SDR listeners, please send us the link slashdotreview{at}gmail.com Save $10 on any order of $50 or more at GoDaddy.com! Be sure to sign up for our upcoming roundtable. We will be using GoToMeeting. Also, be sure to check out GoToMeeting. Why? Because you can hold meetings right over the Net — from anywhere. Plus, you can hold all the meetings you want for one flat rate. To get your free 30-day trial , visit www.gotomeeting.com/techroundtable. Take 10% off any order at GoDaddy.com! Code SLASH Take $5 off any $30 order at GoDaddy.com! Code SLASH2 .com Domains $6.95 at GoDaddy.com! Code SLASH3 More blogs about SlashdotReview… Slashdot Review by Email - Sign up here: Enter your Email Powered by FeedBlitz Less

Hosts: Steve Gibson with Leo Laporte Why you shouldn't worry about the WPA crack. Audible pick of the week: Ender in Exile, Unabridged, By Orson Scott Card, Narrated by Stefan Rudnicki. To sign up for a free audio book, visit AudiblePodcast.com/securitynow. For 16kpbs versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Security Now is brought to you by Astaro Internet Security. Bandwidth for Security Now! is provided by AOL Radio. Running time: 1:43:29 Less

Hosts: Steve Gibson with Leo Laporte Why you shouldn't worry about the TKIP crack. Audible pick of the week: Ender in Exile, Unabridged, By Orson Scott Card, Narrated by Stefan Rudnicki. To sign up for a free audio book, visit AudiblePodcast.com/securitynow. For 16kpbs versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Security Now is brought to you by Astaro Internet Security. Bandwidth for Security Now! is provided by AOL Radio. Running time: 1:43:29 Less

crime, Software, Security Wade Roush wrote: Woe to the hoodie-wearing miscreant who steals a Mac laptop equipped with MacTrak. He’s likely to find his photo plastered all over the Internet—and the police at his door. MacTrak is a beta application for Macs introduced today by Portland, OR-based GadgetTrak. It’s similar in conception to Absolute Software’s LoJack for Laptops and to Adeona, a free open-source tracking system released this summer by computer-science researchers at the University of Washington and the University of California, San Diego. But it has a couple of interesting twists that may increase your chances of getting back your stolen laptop—or that, at the very least, will cause greater embarrassment for the thief. First, once you activate the $59.95 program by logging into your GadgetTrak account, the software uses the laptop’s built-in iSight camera to snap a photo of whoever is using the machine every 30 minutes. If the laptop is connected to the Internet, the software will automatically e-mail these photos to you and post them to your account at the Flickr photo-sharing website (see image below). You can set these images to be private or public—depending on how much help you want catching the thief. Second, MacTrak uses Wi-Fi-based location-finding technology provided by Boston-based Skyhook Wireless to determine the laptop’s latitude and longitude, usually to within about 20 meters. This information is uploaded to Flickr along with the iSight photos. You can then get help recovering your device by forwarding the information to GadgetTrak or directly to law-enforcement authorities. Unlike the LoJack for Laptops system, GadgetTrak’s software doesn’t rely on a monitoring center, doesn’t send location information to the company, and doesn’t have backdoor access to the laptop’s operating system—measures the company, on its website, calls “an invasion of privacy.” The Adeona system is also designed to preserve laptop owners’ privacy, and has the added attraction of being free. But the GadgetTrak’s positioning systems gives it a leg up: Adeona can only tell you which Internet routers communicated with your stolen laptop, whereas MacTrak can tell you the device’s actual location. The integration of Skyhook’s Wi-Fi Positioning System (WPS) into GadgetTrak’s product is the latest in a long line of software deals engineered by the Boston company; the most recent before this, was an arrangement to put WPS into the Symbian operating system used by millions of cell phones worldwide. “GadgetTrak is an excellent example of location-awareness enhancing the security of our valuable mobile devices,” Kate Imbach, Skyhook’s director of marketing, said in a statement. For Windows laptops, GadgetTrak makes an application that, like Adeona, tracks stolen laptops to the nearest Internet router. The company also makes “search and destroy” software that can remotely erase sensitive data stored on missing laptops or smartphones. Comments (2) | Permalink | Share |  E-mail Less

Roundup, deals, VC Gregory T. Huang wrote: It was a pretty slow week for tech deals in the Northwest—chalk it up to the election and the Veteran’s Day holiday. Nevertheless, there was a trickle of activity in software, digital media, and energy. —Seattle-based Voyager Capital has led an investment in Keystream, a Mountain View, CA-based online video advertising startup. The deal closed earlier this year, and the financial terms were not announced. Keystream’s software allows Web publishers to insert ads into blank spaces in their video content. —Entrance Controls, a Tukwila, WA-based security company, acquired Portland, OR-based 1Pointe, a startup that delivers secure networking, storage, and wireless technologies to businesses. The terms of the deal were not disclosed. —Puget Sound Energy, the Bellevue, WA-based utility company, purchased 22 wind turbine generators from Vestas, a leading turbine manufacturer with U.S. headquarters in Portland, OR. The turbines will be used to expand the Wild Horse Wind and Solar Facility in eastern Kittitas County, WA, and they make up most of the project’s $100 million budget. —Apptio, a Bellevue, WA-based startup that helps companies manage and optimize their IT costs, signed up a new batch of customers, including Alaska Airlines, SkyTap, and SumTotal. A year ago, the company raised $7 million from Madrona Venture Group, Greylock Partners, Ignition Partners, and other investors. —Not a deal, but a list of dealbreakers: Seattle angel investor Geoff Entress, formerly a venture partner at Madrona Venture Group, gave his Top 10 list of why startups fail. (The list goes to 11, like a Spinal Tap amp.) —Also not a deal per se, but Luke reported on how Portland, OR-based Wellpartner, a mail-order pharmacy, is helping clinics that serve the poor gain access to drugs at half the average wholesale price that private insurers get charged. Wellpartner does it by cutting through the red tape of a federal program known as 340B. Comments | Permalink | Share |  E-mail Less

deals, acquisitions, Security Gregory T. Huang wrote: Tukwila, WA-based Entrance Controls, a technology firm that manages electronic security for businesses, announced today it has acquired Portland, OR-based 1Pointe. The financial terms of the deal were not disclosed. Founded in 2005, 1Pointe delivers secure networking, wireless, and storage technologies to businesses in the Northwest. Comments | Permalink | Share |  E-mail Less

[Martin Beck] and [Erik Tews] have just released a paper covering an improved attack against WEP and a brand new attack against WPA(PDF). For the WEP half, they offer a nice overview of attacks up to this point and the optimizations they made to reduce the number of packets needed to approximately 25K. The only serious threat to WPA so far has been the coWPAtty dictionary attack. This new attack lets you decrypt the last 12 bytes of a WPA packet’s plaintext and then generate arbitrary packets to send to the client. While it doesn’t recover the WPA key, the attacker is still able to send packets directly to the machine they’re attacking and could potentially read back the response via an outbound connection to the internet. [photo: niallkennedy] [via SANS]        Less

If you’re a regular Make Use Of reader, you’ll know we were hacked the other day.  Someone stole our domain name.   If you want to read what happened during the time we were offline, head on over to the temporary website we set up. I talk a little about being hacked and about Simon’s article on betting websites. This podcast is available through iTunes so don’t forget to subscribe to the podcast if you have an iPod, or in another podcatcher if you have a different MP3 player. .muo_af_style { background-color: #B4D0E1; border: 2px solid #4275B8; } (By) Jason Mayoff is a dad, a tech geek and a Canadian radio broadcaster (CJAD 800). You can also find Jason at his brand new website, Tech Screencasts. Enjoyed the article? Please leave a comment and tell us what you think about it New subscriber? Get your freebies at MakeUseOf Downloads. Enjoy! Tags:betting, Domains, gambling, hacking, Podcast, security Related posts Make Use Of Podcast #4: Making Vista Faster & Better Commenting (9) Your Computer, Your World - How to Keep Out the Mindless (38) Welcome to the MakeUseOf.com Podcast #1 (19) Using Keepass to Secure Your Online Accounts (10) Use LocatePC to Secure and Find Stolen PC for Free (14) Less

BLOCKBUSTER Total Access click to activate coupon for $10 off your first month. Free Information on EVault 1-866-928-0735 Google Pulls of of Yahoo Deal WPA Cracked CNN Holograms Bogus SDR News is a Daily (M-F) Technology Podcast with Tech News Highlights from Slashdot, Digg and Reddit Click Here to Sign Up for the SDR Newsletter Prefer a Direct Download ? (mp3) Download today’s show. SDR News Links If a news item has disappeared from the Del.icio.us list above, try the full list here. Thumbnail Views: Via Thumblicio.us SEARCH ANY STORY YOU HEAR ON THE PODCAST The Magic Is Slipping Away by Andrew McCaskey The Magic Is Slipping Away As if the barriers to blogging could not be reduced further, there is today’s Twitterstream find - Posterous.com Posterous removes the need to create an account. Your first blog entry or photo or mp3 file is created simply by sending an email to the site post {at} posterous.com , and it is published. The return email to your site permits you to add a password and customize the appearance to a certain extent. Then, to post, you only need to send an email with attachment (or without) - to update your blog. It converts PDF email enclosures to iPaper and posts them as well, and serves up an RSS feed to boot. And posts to your accounts at Twitter, Flickr, Wordpress,Moveable Type and others. Add this to the powerful wikidot.com - and you can quickly create and administer a full fledged wiki, again as a free service. You can add a secure browser option, invite your group of friends or workgroup. And you can create up to 20 wiki instances with their subdomain within the free account structure. Once again, just when you thought you had a skillset in demand setting these things up for business customers, the magic is slipping away. Contact Us CES 2008 Coverage for Tech Podcast Network Lessig Explains Whitespace Watch Today’s Video Episode Click to view videos submitted or recommended by other SDR podcast listeners. . . If you find a YouTube video that pertains to one of our news items, or have produced an item that would be of interest to SDR listeners, please send us the link slashdotreview{at}gmail.com Save $10 on any order of $50 or more at GoDaddy.com! Be sure to sign up for our upcoming roundtable. We will be using GoToMeeting. Also, be sure to check out GoToMeeting. Why? Because you can hold meetings right over the Net — from anywhere. Plus, you can hold all the meetings you want for one flat rate. To get your free 30-day trial , visit www.gotomeeting.com/techroundtable. Take 10% off any order at GoDaddy.com! Code SLASH Take $5 off any $30 order at GoDaddy.com! Code SLASH2 .com Domains $6.95 at GoDaddy.com! Code SLASH3 More blogs about SlashdotReview… Slashdot Review by Email - Sign up here: Enter your Email Powered by FeedBlitz Less

Hosts: Steve Gibson with Leo Laporte Our regular mailbag episode with questions and comments from our listeners. To sign up for a free audio book, visit AudiblePodcast.com/securitynow. For 16kpbs versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Security Now is brought to you by Astaro Internet Security. Bandwidth for Security Now! is provided by AOL Radio. Running time: 1:32:54 Less

Security, Software, IT Wade Roush wrote: Boston’s Core Security, a provider of automated penetration software and computer security consulting services, published details today of a flaw in some versions of the widely used program Adobe Reader that could leave users’ computers vulnerable to takeover by hackers. Shortly after the company published details of the vulnerability, Adobe announced a software update designed to fix the bug. The vulnerability, which affects Adobe Reader and Adobe Acrobat version 8.1.2 (but does not affect the more recent Adobe Reader 9 or Adobe Acrobat 9, released this summer), can trigger a common type of software problem called a buffer overflow. Analysts at Core Security discovered back in May that if an Adobe Reader user opens a specially crafted PDF file containing malicious input for a particular JavaScript function in the program, it could allow hackers to overwrite the program’s memory and execute arbitrary code. The flaw is similar to one that another security company, Secunia Research, discovered last spring in a PDF viewer called Foxit Reader, from Fremont, CA-based Foxit Software. Adobe’s software was initially thought to be immune to the problem, but Damian Frizza, a member of Core’s “exploit writers team,” discovered a second, previously unknown flaw in Adobe Reader and Adobe Acrobat that made the programs vulnerable to the same kind of attack. The company says it alerted Adobe to the problem on May 27. After several delays over the summer, Adobe finalized a fix for the vulnerability in October, and released it today, in concert with Core Security’s alert about the flaw. “Generally, what we do when we find vulnerabilities that we consider to be significant and novel is that we notify the vendor first, to give them the chance to produce and publish the fixes,” says Ivan Arce, Core Security’s CTO. “Then we coordinate with the vendor and make a plan to publish the information about the vulnerability and the patches simultaneously.” While “we would have liked the fix to come out earlier” in the Adobe Reader case, communications between Core Security and Adobe were good throughout the process, which reassured Core’s analysts that a fix was proceeding apace, Arce says. This isn’t always the rule when security vendors discover flaws in widely distributed commercial software. In an episode we chronicled back in March, Core Security disclosed information about a serious security hole in several programs made by VMware (NYSE: VMW), a subsidiary of Hopkinton, MA-based EMC (NYSE: EMC), before a patch was ready. Core said its disclosure in that case followed months of delays and unfulfilled promises from VMware engineers that a patch was forthcoming. “We had good visibility into what was going on at Adobe, so we had some certainty that the fix was actually coming out” this time, says Arce. “We also didn’t perceive any public exploitation of the problem, even though the previous exploit was in the public domain. We have to balance that risk constantly. In this case we managed to publish the information in a coordinated fashion, without any exploitation happening before the patch was issued.” Comments | Permalink | Share |  E-mail UNDERWRITERS AND PARTNERS Less

Internet, Security, Layoffs Gregory T. Huang wrote: Portland, OR-based Vidoop, a maker of Internet security and authentication technology, has laid off 9 of 37 employees, according to the Portland Business Journal. Vidoop’s company blog was less specific, saying it told “several members of the Vidoop family goodbye.” The company moved to Portland from Oklahoma in September. Comments | Permalink | Share |  E-mail Less

Roundup, deals, VC Gregory T. Huang wrote: Heading into Election Day (have you voted yet?), the deal flow has really picked up in the Northwest. Cleantech and energy were the big winners this week, followed by Web software and biomedical hardware. —Xconomy broke the news of Seattle-based EnerG2, a startup out of the University of Washington, raising an $8.5 million Series A round led by Kirkland, WA-based OVP Venture Partners and Palo Alto, CA-based Firelake Capital Management. EnerG2 is an advanced materials company focused on energy storage technologies. We plan to bring you the full story when the parties agree to talk. —Mercer Island, WA-based Napera Networks closed a $6 million round led by OVP Venture Partners, which had provided seed financing for the company as well. The terms of the deal had not been announced previously. Napera develops network-security technologies for businesses. —Ascentium, a Bellevue, WA-based Web design and marketing firm, raised additional funds from WestRiver Capital, based in nearby Kirkland. The amount of the funding was not disclosed, but Ascentium said it’s continuing to invest in talented workers and business expansion worldwide. —Kashless, the Seattle-based startup from ex-Imperium Renewables CEO Martin Tobias, raised a $5 million Series A round from RRE Ventures. Tobias hasn’t said much about what Kashless is doing, but it seems to involve recycling, reuse, and sharing online. He emphasized RRE’s forward thinking in cleantech-meets-software, and said we’re heading into a “nuclear winter” for funding. —Not technically a Seattle deal, but Kissmetrics, a Web analytics startup founded by Neil Patel, raised $800,000 from Silicon Valley-based True Ventures and other investors. Patel, who’s based in Orange County, CA, is an investor in several Seattle-area companies and is on the board of BuddyTV, ICanHasCheezburger, CultureMob, LiquidPlanner, and Optify. —Sonosite (NASDAQ: SONO), a Bothell, WA-based maker of portable ultrasound machines, bought back $60.3 million worth of convertible notes it owes investors, as Luke reported. The notes give investors the option of getting their returns through debt payments from the company, or by converting the notes into stock. —NxtGen Emission Controls, a Burnaby, BC-based “syngas” company focused on reducing emissions and optimizing the burning of fuels, closed a $15.4 million Series B round led by the Altira Group. Other investors included Itochu, an unnamed Japanese auto maker, and returning investors Yaletown Venture Partners, GrowthWorks Capital, BC Advantage Funds, and Polygon Financial Investments. —Seattle-based Second Avenue Partners participated in a $33 million Series B funding of Ice Energy, a Colorado-based cleantech company that helps manage air-conditioning electricity usage. Second Avenue was an original investor in the firm. The Series B round was led by Energy Capital Partners, based in Short Hills, NJ, and San Diego, CA. —InEnTec, a waste-to-fuels company based in Bend, OR, received a $150 million equity commitment from Lakeside Energy and American Securities to build a waste gasification plant in Michigan, as Luke reported. InEnTec’s technology originally comes from MIT and the Pacific Northwest National Laboratory. —Luke also reported that Vancouver, BC-based Yaletown Venture Partners raised $65 million in the initial close of its second fund (which it says will grow to $100 million in the next 12 months). The money will be used for cleantech and info-tech investments in Canada and the U.S. Pacific Northwest. —Glassdoor, the Sausalito, CA-based online job site co-founded by Zillow CEO Rich Barton, raised $6.5 million in Series B funding from Sutter Hill Ventures and Benchmark Capital. Comments | Permalink | Share |  E-mail UNDERWRITERS AND PARTNERS Less

VC, deals, Security Gregory T. Huang wrote: Mercer Island, WA-based Napera Networks, a maker of network security systems for businesses, closed a $6 million round of funding led by OVP Venture Partners, as reported by TechFlash, which cites a state regulatory filing. It wasn’t immediately clear when the deal had closed, but an OVP spokesperson said it wasn’t new. Margaret Dawson, Napera’s vice president of marketing, wrote in an e-mail, “OVP has been our strategic investment partner since our founding and provided seed financing for our company and for Series A.” Comments | Permalink | Share |  E-mail UNDERWRITERS AND PARTNERS Less

In today's podcast: Microsoft, Google and Yahoo plan to protect freedom of speech; Microsoft and Yahoo plan to protect bogus lottery winners from themselves; and antivirus companies make testing tougher. read more ... Tags: yahoo, microsoft, google, security, antivirus Less

In today's podcast: Code to hack RFID access cards published as open source project; Yahoo adds social networking features; and share prices crash in Japan. read more ... Tags: yahoo, rfid, security, japan Less

In today's podcast: West Virginia voters say machines changed votes; Google's Android phone off to quiet sales start; and university student sentenced over botnet. read more ... Tags: android, google, botnet, security, e voting Less

In today's podcast: Sun warns of a big loss for Q1; LG plans new solar cell lines; UK children are disturbed by online images; researchers develop encryption for 100Gbps networks; and thieves hack in to the French president's bank account. read more ... Tags: sun, security, lg, france Less

In today's podcast: OpenOffice patches security flaw; Sun loss tops a billion; and Symantec prepares lay-offs. read more ... Tags: openoffice, sun, security, symantec Less