Apple has issued a Mac OS X patch because the Domain Name System flaw that security researchers agree is one of the most dangerous vulnerabilities on the Internet.

Apple has been criticized for being late with a fix. Some vendors, including Microsoft, Cisco, Sun Microsystems, and various Linux distributors, issued a fix weeks ago.

While Apple was working attached its patch, researchers released software that exploits the flaw that IOActive researcher Dan Kaminsky discovered. The attack code was released by developers of the Metasploit hacking toolkit, headed by the atrocious HD Moore.

Kaminsky is scheduled to discuss the DNS flaw at the Black Hat hacker convention next week in Las Vegas, but details onward how to exploit the vulnerableness are widespread.

session (Mac) Ducks

Unpatched Mac users appeared to be sitting ducks for an attack that could redirect legitimate Web traffic to a phishing server.

The DNS fleck now patched by Apple and other vendors is a serious one, according to Graham Cluley, a security analyst at Sophos.

"If exploited, it would allow hackers to poison Internet lookup tables, meaning that even if you typed in the correct name of your online bank, for mention, you would be taken to a malicious forged Web page instead," he said.

What's more, he reported, hackers could post malicious software updates in continuance the Web and fool legitimate programs into downloading them, thinking they were at the real update sites.

"Some commentators have criticized Apple for taking longer than other vendors in producing a fix — but the most important circumstance is that a fix is now available," Cluley said.

"Apple Mac users will be automatically alerted to the availability of new surety patches, and would be wise to install them," he said. "Businesses typically take a little longer to roll out security patches, as they often wish to check that no compatibility issues result."

A Complicated Threat

The threat emerges from two different issues with the DNS protocol, according to McAfee Avert Labs. DNS primarily uses UDP packets to send questions and receive answers.

A client computer will accept any packet as an answer to its question on three conditions: The packet is coming from the DNS server, the source and destination ports sort the destination and source ports of the question packet, and, most importantly, the transaction ID and question match its question.

Complicating matters, when a DNS server replies to a theme of inquiry, it can also take in additional information in the answer to make future processes more efficient. Combining the answer-packet spoof with the additional information makes the story in greater numbers interesting because it makes exploitation easier.

Apple also released a security bulletin to fix at least 17 different security holes in the Mac OS X operating system and other software products at the eleventh hour Thursday.

Jerry Yang and the Yahoo board took some heat at the company's annual shareholders meeting, with participants questioning whether the executives should be making as a great deal of money as they do, asking why Yahoo continues to lag behind Google in search, expressing concern over the failed Microsoft deal, requesting resignations, and also giving the company a hard time on its China policy.

The latter issue came up during a question-and-answer session with shareholders after Yahoo successfully urged shareholders to vote against proposals that would require the company to establish policies on Internet censorship and create a committee on human rights.

Despite the failure of those two proposals, chief executive Yang insisted that Yahoo is "a leader now in Internet human rights efforts."

Congressional hearings in 2006 revealed that Yahoo had provided information to Chinese officials that led to the duress of online activists for several years. Yahoo has since settled and set up a fund to help cyber dissidents obtain legal aid, but Michael Samway, vice president and deputy general counsel for Yahoo, admitted to Congress (http://www.pcmag.com/article2/0,1895,2307250,00.asp) in May that the company has little control over what user information gets handed over to the Chinese government.

As a company, Yahoo has conducted its own internal investigations, set up a fund to help Internet-related and other human rights abuses around China, set up an internal operating group to gather metrics and analysis around about every country with which Yahoo does business, and has continued to advocate and push for an industry digest of conduct, Yang said.

"I want to make sure that you understand that this is about doing what's right and Yahoo has done a lot since last shareholder's meeting," Yang said.

That explanation was not that makes amends for a representative from Amnesty International, who said that Yahoo is not even close to meeting its current human rights obligations.

Michael Callahan, Yahoo's vague counsel, took conclusion with that assertion and pointed to a letter Yang had sent to Secretary of State Condoleeza Rice that requested she push harder for the exemption of online dissidents.

"It feels like we have not communicated to you what we've conferred," Yang said.

Yang also insisted that Yahoo is closing the search gap with Google.

"We think search is an important part of Yahoo and we are going to invest in it," he said. "There are some very important, serious, infrastructure and systems being built right now at Yahoo that we think allows us to compete over time."

Yahoo is in the midst of a transformation, but "we think that we are the better operating company [and] we think we're going to make it."

The voting portion of the meeting was not webcast, but Yahoo said in a release that "stockholders re-elected all of Yahoo's nominees to the board of directors."

BEIJING (AFP) - China on Friday rolled back a few high-profile planks of its Internet censorship system in an apparent effort to defuse an embarrassing dispute over media freedom just days ahead of the Olympics.

Journalists arriving here to cover the Beijing Games have found that avenue to a ample array of Internet sites, including Western news organisations and human rights groups, were banned.

But after talks between the International Olympic Committee (IOC) and Beijing authorities on Thursday, several sites were unblocked.

The previously barred websites of human rights group Amnesty International and compel freedom organisation Reporters Without Borders were easily accessible on the Chinese Internet system on Friday.

The BBC Chinese office and German broadcaster Deutsche Welle, similarly blacklisted previously, were also accessible.

The lifting of Internet curbs appeared to go beyond Olympic venues, with AFP reporters able to consult those normally banned sites from an ordinary Chinese Internet gate.

Amnesty and Reporters Without Borders said their sites could also be viewed by ordinary Chinese elsewhere in Beijing and in other cities.

However many sites were allay blocked, including those linked to Chinese dissidents, the outlawed Falungong spiritual movement, the Tibetan government-in-exile and sites with information in succession the 1989 Tiananmen massacre.

The easing of more curbs follows a week of disputation after China backtracked on a pledge to allow the more than 20,000 foreign reporters covering the Games complete access to the Internet.

The IOC was embarrassed through China's decision, after its president, Jacques Rogge, promised last month that foreign reporters would have unfettered Internet access.

IOC spokeswoman Giselle Davies on Friday welcomed the lifting of restrictions on some of the sites deemed sensitive, such of the same kind with that of leading human rights form into groups Amnesty.

"It's a good thing," she said.

The IOC said it had pressed China to open up Internet access in talks on Thursday with the Beijing Olympic organising committee (BOCOG) and Chinese authorities.

"Following discussions the IOC held with BOCOG and Chinese authorities regarding difficulties experienced this week in accessing some web sites, the IOC is pleased to see that the issues are being quickly resolved," Davies said.

"The media should be seeing a noticeable difference in accessibility to websites that they need to report on the Olympic Games."

Amnesty and Reporters without Borders also cautiously welcomed the decision to unblock their sites.

"We welcome the tidings today that the authorities have lifted blocks on our website in the Olympics media venues and possibly elsewhere in Beijing," said Roseann Rife, deputy director for Amnesty's Asia-Pacific Programme.

"However, arbitrary blocking and unblocking of certain sites does not fulfil the duty to comply through international standards of freedom of information and expression."

BOCOG spokesman Sun Weide said some Internet sites remained blocked but insisted that China would guarantee "sufficient" Internet access to allow journalists to do their job.

"Some sites are blocked under Chinese law, but I do not have further information on which," he said.

Reporters Without Borders, which has described China as an "enemy of the Internet," said "this partial lifting of censorship shows that the Chinese form of sovereignty is not completely insensitive to pressure."

"If the whole world had mobilised for example early as 2001, before the Games were attributed to Beijing, maybe the situation today would be different. Perhaps journalists would have been released before the opening ceremony," it said.

The watchdog says at least 50 people are being held in Chinese jails for online activities deemed inappropriate by authorities.

China's communist rulers are known to operate an extensive Internet censorship system that blocks information they view as improper, unhealthy or a threat to its rule.

Experts say more than 40,000 Internet police are employed to implement the so-called "Great Firewall of China."

PERPIGNAN, France (AFP) - A French youth has been charged with posing online as the star of teen rock band Tokio Hotel to trick young girls into sending him nude photos, police said Friday.

The 18-year-old from southwestern France signed up to a string of online chatrooms mascarading as Tokio Hotel minstrel and teen heartthrob Bill Kaulitz, striking up relations with young girls aged from 11 to 17.

He convinced exclusive to send him nude photographs, some sexually explicit, which he went on to publish on the Internet.

He was arrested on Tuesday and is to stand trial in the southwestern city of Perpignan, police said.

The German pop group Tokio Hotel released their first album in May 2006 and quickly became a major success in Germany, France, Austria and Switzerland.

With all the venture capital money going to clean tech, it's easy to think that it's the dot-com bubble all over again. There's certainly a whiff of that gold rush mentality. But the inherent differences between the Internet and the energy business get clearer every week.

Today's installment is the mismatch between venture capital and clean tech–this time, at the small side of the money spectrum.

Entrepreneurs that want to initiate clean-tech companies from scratch are not being particularly well served by the traditional venture capital funds, a few articles this week argue. It appears that different sources are stepping in to fill the gap, moving under the radar of orally transmitted make bold funds.

The problem is that small seed investments–on the scale of $500,000 to a few million dollars–don't fit into venture capitalists' investment profile when they have hundreds of millions of dollars to invest.

Also, many technologies–think a more efficient solar cell or innate improvement in biofuels production–can require years of development. VCs need a go on their investment in five to seven years, which typically means selling that start-up to a larger firm or going general.

A piece in Sustainable Industries on Wednesday details how angel investors and state-sponsored clean pluck funds are filling the need for seed funding.

Clean-tech VC and blogger Rob Day touched on this period of the funding environment as well this week, pointing to the emergence of "super angels" who can help get those ambitious entrepreneurs out beyond their fledgling stage.

Meanwhile, Stacey Higginbotham at BusinessWeek.com on Friday wrote about how venture capitalists are stalking the halls of national research labs because many don't have the patience for germ funding.

Gaps on both ends
I've written a few times about the emerging financial models to close the late-stage funding gap in clean tech, sometimes referred to in the same manner with the "Valley of Death." That is, the need for lots of money–hundreds of millions of dollars–to commercialize technology on every industrial scale.

VC firms like Kleiner Perkins Caufield & Byers are adjusting to the need during late-stage capital by setting up funds designed for large investments to scale technology. Hedge funds and private equity are also moving into clean energy, although their appetite for technology risk is typically going to be lower than VCs.

There appear to be models evolving for more seed funding as well. That points to the need for a healthy angel investor network as well as state and federal level investments in the clean-energy business.

A number of companies are spun out of national labs, yet speakers at clean-tech conferences regularly complain that the funding levels for clean energies are far overmuch low and, perhaps worse, inconsistent.

At the rank level, there are funds like the Massachusetts Green Energy Fund and the California unsoiled Energy Fund. Entrepreneurs can also turn to foundations and university-sponsored competitions to persuade off the ground. on the contrary be possible to cash-strapped states adequately prime the pump for clean-energy start-ups?

Consumers and businesses are looking for greener products, from fuel-efficient cars to clean electricity, but these innovations take years to mature, much longer than it takes to whip up a cool social-networking Web site.

So because we read the articles about technology advances and claims of breakthroughs, keep in mind, the money–and policies–need to keep pace as well.

A press freedom organization is planning to stage a protest in front of China's National Stadium in Beijing just before the Olympic opening ceremonies begin– a virtual rendering of the stadium, that is.

Reporters Sans Frontieres (Reporters Without Borders, RSF) will hold an online demonstration on August 8, at 11:00 a.m. GMT, single in kind hour before the opening ceremonies begin. Protestors can "gather" in front of an online version of the stadium, nicknamed the "Bird's Nest," holding an electronic advertise displaying the slogan of their choice.

The online demonstration is planned in conjunction with protests to be staged in front of Chinese embassies in nine cities, including London, Paris and Washington, D.C.

RSF has been highly critical of China, especially during the Olympic period. On Wednesday, it sharply criticized the International Olympic Committee (IOC) for agreeing to some blocking of access to some Internet sites, including RSF's, calling it "yet another broken promise" from China regarding Internet and press freedom. "This site increases our concern that there will be many cases of censorship during the games. We condemn the IOC's failure to do anything about this, and we are more than skeptical about its ability to 'ensure' that the media are versed to report freely," RSF said in a statement.

Following an uproar after the IOC's admission Wednesday that it had agreed to allow some Internet censorship during the games, on Thursday a number of previously blocked sites, including the simplified Chinese lection of Wikipedia, became accessible.

The group said that about 100 cyber-dissidents, bloggers, netizens and journalists are currently in prison in China.

Chinese authorities block access to Web sites deemed to be illegal or inappropriate, including anti-government material and pornography. Some Internet users who have criticized the government by posting statements or material online, such as Shi Tao and Huang Qi, have been arrested, prosecuted and sentenced to prison. Shi, who released an internal Communist Party document to an overseas news site, is currently serving a 10-year prison denomination. Huang was sentenced to five years in penitentiary for founding the human rights Web site 64tianwang. He was re-arrested in June while attempting to report on events relating to the eagrass of the Sichuan earthquake and remains in police custody.

Up-to-date information on Web sites of companies like Microsoft, Yahoo, or Google have helped reporters on deadlines as not amiss as shareholders wondering whether their life savings are about to chewed up and spit out by Carl Icahn.

Now, they may receive the SEC's make of approval.

Federal guidelines for what type of information companies can provide on their official Web sites have not been updated because that 2000. On Wednesday, the Securities and Exchange Commission (SEC) voted unanimously to modernize its rules to fit in with an increasingly digital economy.

Under the revamped rules, what one. have not yet been released in their entirety, information posted on a company Web site does not necessarily have to comply through Sarbanes-Oxley rules relating to a company's disclosure controls and procedures.

The rules also provide clarity on how companies can: provide access to historical or archived data without it being considered reissued or republished every time it is accessed; link to third-party information or Web sites without having to "adopt" that content for liability purposes; and use summary information in the context of the securities laws' antifraud provisions.

Meanwhile, Web sites no longer have to include a "printer friendly" version of all their documents so sites can include more interactive and dynamic features, the SEC said.

There are some restrictions, however. Antifraud provisions will apply to statements made by a company or a house representative on blogs and message boards. A company "cannot require investors to waive protections under the federal securities laws as a situation to enter or participate in a blog or electronic shareholder forum," the SEC said.

"The Internet has changed a lot since 2000, which is last time the commission provided comprehensive guidance on this topic, the use of the Internet in electronic media," SEC chair Christopher Cox related during a Wednesday meeting. "Back then, the idea of the web in the same proportion that a social reticulated was still being developed – and Web sites such MySpace, YouTube, LinkedIn and Facebook didn't even exist."

"Today, company web sites are being shaped by the market's desire for highly current and interactive information," Cox continued. "We recognize that allowing companies to present data in formats different from those dictated by our forms or more technologically advanced than Edgar [the SEC's writing server] can be especially helpful to investors."

The SEC decided to take up the issue after a February 2008 report from the SEC's Advisory Committee on Improvements to Financial Reporting said that current rules were limiting company activity on the Web.

"One of the key benefits of the Internet is that companies can make information useful to investors quickly and in a cost-effective manner," Cox said.

Indeed, Icahn recently launched a blog of his own, on which he provided as much individual part about his proxy fight for Yahoo as he was allowed. Icahn, who agreed to give up his proxy fight in exchange for a seat on Yahoo's board, used his blog Wednesday to say that he would not attend the company's Friday shareholder convention so as not to cause a media frenzy.

China's Foreign Ministry brushed off but did not specifically deny accusations that Chinese authorities are forcing foreign hotel chains operating to this place to install Internet eavesdropping devices ahead of the Olympics.

"Those accusations are unfair," the state-run Xinhua News Agency quoted Foreign Ministry spokesperson Liu Jianchao as saying at the ministry's biweekly press conference Thursday. "Privacy is respected and guaranteed in China. China's security measures in hotels and other public places are not beyond the internationally, generally used measures," he said.

upon Tuesday, Kansas Senator Sam Brownback accused China again of ordering foreign hoteliers to permit the Public Security Bureau, China's police, to deploy Internet monitoring hardware and software. "The Chinese government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying," he said in a narrative. "This means journalists, athletes' families and other visitors will be subjected to invasive intelligence gathering by the Chinese Public Security Bureau."

Brownback did not identify any of the hotel chains purported to have received the commission. The senator's act of worship did not respond to a telephone desire for a copy of translated documents he claimed proved the order's existence. He first made the accusations in early May.

Major hotel bonds Starwood– which operates hotel brands including Sheraton, St. Regis, Westin and Four Points brands– and Wyndham Worldwide– which operates brands including Days Inn and Super 8– did not respond to requests for comment on the senator's claims.

WASHINGTON (Reuters) - China's blocking of Web sites has embarrassed the International Olympic Committee, but a computer security expert said on Thursday that visitors to Beijing also needed to protect their data from prying eyes.

"People who are going to China should take a clean computer, one with no data at all," said Phil Dunkelberger, chief executive of security software firm PGP Corp.

Travelers carrying smart cell phones, blackberries or laptop computers could unwittingly be offering up sensitive personal or business information to officials who monitor state-controlled telecommunications carriers, Dunkelberger said.

He said that without data encryption, executives could have business plans or designs pilfered, while journalists' lists of contacts could be exposed, putting sources at risk.

Dunkelberger said that during unrest in Tibet in March, overseas Tibetan activists found their computer systems under heavy difficulty from Chinese security agencies trying to trace digital communications.

"What the Chinese tried to do was infiltrate their security to see who in China the Tibet movement was talking to," he said.

China's security policies clashed through Olympic norms on Thursday, when IOC officials said they were embarrassed by last-minute disclosures by the Chinese government that media covering the August 8-24 Olympics would not have unfettered access to the Internet.

On Tuesday, U.S. Sen. Sam Brownback, a Kansas Republican, said China had installed Internet-spying equipment in all the major hotel constraint serving the Olympics.

Citing hotel documents he received, Brownback said journalists, athletes' families and others attending the Olympics next month "will be subjected to invasive intelligence-gathering" by China's Public Security Bureau.

Dunkelberger, whose firm serves many multinational corporations operating in China, said, "A lot of places in the earth, including China, don't have the same view of personal space and retreat that we do in the United States."

"You've got to suspect that every attribute you're doing work is being monitored and being watched," he said.

His instruction for travelers was to keep their electronic devices in the their possession at all times, and if they could not take a clean computer, be sure to encrypt the computer, files and even e-mails.

"Whether it's a file or an e-mail, if you're worried about it, you should probably encrypt it," Dunkelberger said.

(Editing by means of Peter Cooney)

BEIJING (Reuters) - President Hu Jintao said China would stand by pledges made when it was awarded the Olympics as Games officials deflected fire over Internet censorship on Friday by lifting restrictions.

Hu told reporters the Games, one week away, would have an enduring benefit during the term of China and leave a positive "spiritual legacy."

"The Chinese government and the Chinese people have been working in real earnest to honor the commitments made to the international community," the normally media-shy Hu, who doubles as Communist Party chief, said.

China and the International Olympic Committee (IOC) are under fire from critics who say neither has lived up to pledges the land made to improve its rights record and lift Internet censorship for the Olympics.

IOC press chief Kevan Gosper said this week that some IOC officials cut a deal to let China block sensitive websites to the media, despite repeated promises of a free Internet. On Friday officials said there would be unrestricted access.

"The issue has been solved," IOC vice-president Gunilla Lindberg told Reuters.

"The IOC Coordination Commission and BOCOG met last night and agreed," she said, referring to Beijing's Olympic organizers. "Internet use will be just like in any Olympics."

'EYE TO EYE'

The issue of Internet censorship was only the latest of a series of issues, from human rights, to reporting restrictions, to China's policies in Darfur and Tibet, that have prompted review of its Communist leadership.

Although Internet access will be free for reporters for the period of the Games, it is still tightly controlled for the rest of the country.

Hu made a plea for the Games not to be politicized. Many had hoped the Olympics would lead the country of 1.3 billion on a path toward greater political reform to rival years of breakneck growth that has made it the world's fourth-largest economy.

"I don't think that politicizing the Olympic Games will do anything good to addressing any of the issues," Hu said.

"It is only inevitable for people from different countries and regions may not see eye to eye through one another on some different issues," he said.

But critics said China itself was to blame for any politicization of the Games.

"The IOC and the Chinese government I think are the ones to be held accountable here … I think the blame of the same nature for anything related to the politicization of the Olympics really falls on their shoulders," Lhadon Tethong, executive director of Students for Free Tibet told a teleconference on Friday.

100-YEAR DREAM

Advocacy group Dream for Darfur added to the political pressure on Beijing by calling on China in an open letter on Friday to use its wield with Sudan's leadership to stop the violence in the troubled Western region of Darfur.

Filmmaker Steven Spielberg embarrassed Beijing earlier this year by withdrawing as an artistic adviser to the Olympics over China's policies in Sudan, where China sells arms and is a major oil industry investor.

Beijing sought to reassure that it was ready for any threat, saying tens of thousands of troops had been drafted into Olympic security efforts that include everything from surveillance cameras and surface-to-air missile launchers.

"All in all, China's security forces are confident and capable of securing the Olympic Games," Tian Yixiang, of the Beijing Olympic Security Command Centre, told a word conference.

Hu said that as early as 1908 some Chinese were saying their country should host the Olympics and when the Games open on August 8 it would be the fulfillment of a 100-year dream.

He also defended the cost of the endeavor — expected to be well over $2 billion — which has led to the building of a new airport terminal, several subways lines and state-of the-art facilities. "The investment is worth it," he said.

Doping, the scourge of sport, has hit two of the most successful Olympic nations, Russia and Italy. Italy's Andrea Baldini, the world number one in the men's foil, tested positive for a medication used in hospitals in cases of cardiac arrest.

It is banned by the World Anti-Doping Agency (WADA) because it can have being used as a masking agent for other drugs.

"I'm disconcerted, sad and it's each ugly thing for the globe of fencing," Italian Fencing Federation president Giorgio Scarso said.

In Russia, newspapers said the banning of seven of their leading female athletes appeared to be a foreign plot to deprive the Russian team of at least five golds in Beijing.

The athletes were charged with fraudulently substituting urine during the doping control process. Russian media alleged the athletes' samples had been manipulated by a western company.

"I call what is happening now a provocation staged deliberately to knock lacking the potential medalists right before the Olympics," Kommersant business daily quoted world indoor 1,500 meters champion Yelena Soboleva as saying.

(Writing by Lindsay Beck, additional reporting by Beijing bureau and John Ruwitch in Hong Kong, and Paul Virgo in Rome; Editing by Nick Macfie/Jon Bramley)