Industry News

Is the Anti-Counterfeiting Trade Agreement (ACTA) a harmless attempt to quietly harmonise intellectual property laws and enforcement around the world, or a threat to civil liberties that will require fundamental legislative changes to implement?

The views of officials and lobby groups differ widely on what ACTA entails, as was evident in Wednesday’s ACTA briefing in Auckland, organised by InternetNZ. Speaking on background at the briefing was a Ministry of Foreign Affairs and Trade (MFAT) negotiator who leads the New Zealand team at the ACTA talks.

ACTA is an attempt to update earlier intellectual property regimes such as the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS) from 1994 and is aimed at large, commercial counterfeiters and copyright infringers, MFAT says.

ACTA won’t impact on the activities of ordinary New Zealanders, the spokesman says, nor is the treaty designed to be intrusive or to have an impact on consumers’ ability to purchase and use legitimate goods. Parallel importing and access to generic medicines will still be available under ACTA, he says.

According to the ministry, the negotiations won’t change existing intellectual property rights standards as set out in TRIPS and the World Intellectual Property Organisation (WIPO). Also, it won’t change existing consumer rights or interfere with the Privacy Act or the Bill of Rights Act.

However, InternetNZ’s senior research fellow in cyberlaw, Jonathon Penney, intellectual property lawyer Rick Shera of Lowndes Jordan and independent technology consultant and media commentator Colin Jackson also spoke and warned of the potential consequences of ACTA.

There has been no economic analysis on ACTA, Jackson pointed out, saying that instead of providing benefits to New Zealand exporters, overseas industries are the ones that will reap the rewards.

InternetNZ’s Penney says the spirit of the treaty will have to be adhered to under international law, and New Zealand can’t enact legislation that contradicts ACTA. As it stands, ACTA is essentially an extension of the US Digital Millennium Copyright Act or DMCA, according to Penney and introducing it will alter New Zealand law, especially the Copyright Act.

MFAT says New Zealand joined a group of like-minded countries in the ACTA negotiations to foster innovation, productivity and economic prosperity. International standards and cooperation will provide New Zealand exporters with certainty.

There is a growing trade in counterfeited and pirated goods, the spokesman says. In 2009, NZ Customs seized in the order of” 270,000 counterfeit items including clothing, footwear and electronic goods.

He says there will be efforts to produce counterfeit products in relation to the upcoming Rugby World Cup and also referred to an unnamed 2005 study that estimated the losses due to copyright infringement for New Zealand’s film industry at $70 million.

MFAT confirmed that software patents are on the table at ACTA, with some members wanting these to be covered. There is, however, no agreement on this.

The mandate for ACTA goes back to the previous Labour government in 2008, and has been re-endorsed by the present National government.

The process behind ACTA is no different to how New Zealand conducts other negotiations and treaties, and once the talks are concluded, the government can decide whether or not it wants to sign it. MFAT disputes suggestions the negotiations are being held in secret, saying the New Zealand government is pushing for the process to be as transparent as possible and welcomes feedback.

Once the negotiations have concluded, the text will be publicly available, and there will be a National Interest Assessment (NIA) that weighs up costs and benefits for government and parliament to review.

Penney, however, says the plurilateral treaty came about as the rich countries couldn’t push a similar deal through multilateral bodies such as WTO and WIPO where developing nations are represented in larger numbers.

ACTA is likely to be used as a bargaining device with developing countries, Penney says.

Intellectual property lawyer Shera says New Zealand is a minnow in ACTA. “If we can get Australia, Canada and Singapore in some areas alongside us, then it makes a difference,” as it will add weight to New Zealand’s position, Shera says.

Shera says that the entertainment industry has a consistent position worldwide and will use copyright laws, termination regimes and TPM rules enacted in other countries to push its agenda in other jurisdictions. Countries need to be vigilant here, Shera says, and pay attention to what happens elsewhere.

New Zealand is also likely to be pressured into forcing ACTA on the Pacific nations, Shera says, by other signatories of the treaty.

The public briefing comes ahead of the eight round of ACTA negotiations, which will be held in Wellington between April 12 and 16. Commerce Minister Simon Power has called for submissions on digital rights enforcement before the Wellington ACTA talks with a paper published on the Ministry of Economic Development website.

Submissions on digital enforcement can be sent to trademarks@med.govt.nz.

When the "ILOVEYOU" worm crippled computer systems worldwide 10 years ago this spring, authorities in the Philippines didn't even have a law to properly charge its author.

Since that time, many countries have developed computer crime laws in part due to the 2001 Convention on Cybercrime, an international treaty that lays out legal guidelines for high-tech crime legislation.

This week, more than 300 experts met at the Council of Europe's conference on cybercrime to discuss the treaty and better cooperation in a fast-changing landscape where criminals clearly still have the upper hand.

From advance fee frauds to spam to malicious software, the Internet has become a wild west-style frontier where law enforcement officials have had notable successes in recent years but where most cybercriminals operate with near impunity.

"Criminal actors know that law enforcement investigations take time," said Kauto Huopio, senior information security adviser at the Finnish Communications Regulatory Authority. "They are looking for areas where they are less likely to get caught and where there are challenges in international cooperation."

Much of the effort at the Council's conference is focused on uniting various Internet stakeholders that have only a recent history of tenuous cooperation, such as Internet governance groups, network providers,domain-name registries, law enforcement and commercial enterprises.

Close ties between law enforcement and private companies is sometimes viewed as a sign of corruption, said Bernard Otupol, assistant director for the financial and high-tech crime sub-directorate at Interpol. In some developing countries cybercriminals have co-opted network infrastructures where police don't have many resources.

"A lot of countries have a lot of problems," Otupol said.

The London Action Plan is one organization that works to foster ties between industry and government on antispam and spyware enforcement and improve information sharing, said Shaundra Watson, counsel for International Consumer Protection at the U.S. Federal Trade Commission.

But that cooperation is "not a given in many places in the world," she said.

Law enforcement officials are seeking ways to make it easier to get information from other countries during breaking cybercrime cases. They need quick information from other police agencies as well as contacts at ISPs (Internet service providers), which can help preserve electronic evidence that might quickly disappear, hampering cases.

"It's safe to say law enforcement successes have been in spite of the landscape rather than because of it," said Paul Hoare, senior manager and head of e-crime operations for the U.K.'s Serious Organised Crime Agency (SOCA).

SOCA and the U.S. Federal Bureau of Investigation have proposed stronger verification checks for people registering domain names and a revamp of privacy services that make it hard for investigators to find out who is running a domain.

"We actually can't expect a lot to change on the Internet to catch criminals if we as law enforcement really can't do our job," said Robert Flaim, supervisory special agent with the operational technical branch of the FBI. "Right now we are fighting a ground battle, but what I propose is that we start an air war."

Part of that effort involves looking for choke points where potential criminal activity could be blunted. Law enforcement have had increasing contacts with the five regional Internet registries (RIRs), which are entities that assign IP (Internet protocol) addresses to network providers, Flaim said.

Cybercriminals have been able to build their own networks, pretending to be legitimate businesses. The Russian Business Network (RBN), a well-known group linked to malicious software, received an IP (Internet protocol) address allocation so it could essentially act as its own ISP.

The five RIRs either already have or are close to establishing law enforcement working groups. "We are on our way to establishing good relationships with the RIRs but we have to follow through," Flaim said.

The RIPE Network Coordination Centre, a RIR that covers Europe, the Middle East and parts of Asia, has had increased contact with law enforcement over the last few years, said Roland Perry, RIPE NCC's public affairs officer.

"We've had more requests for information about how we operate," Perry said. "We've had more requests for information about 'This member of yours seems to be misbehaving can you tell me a bit more about him please'."

Meanwhile, efforts have been underway to educate judges and prosecutors cybercrime, which can be highly technical.

Esther George, senior policy advisor for the U.K.'s Crown Prosecution Service, designed a training program for prosecutors, which is now used for the Global Prosecutors E-Crime Network (GPEN) initiative. In the U.K., some 120 prosecutors and 45 case workers now have e-crime training, she said.

But prosecuting e-crime also requires that juries understand the evidence as well. Plans are underway for videos that could be used in court that can explain, for example, how a Trojan horse works in a way that doesn't overwhelm jurors with complicated technical concepts.

"The problem is developing this type of material is very, very expensive," George said.

Two researchers yesterday won $10,000 each at the Pwn2Own hacking contest by bypassing important security measures of Windows 7.

Both Peter Vreugdenhil of the Netherlands and a German researcher who only would give his first name of Nils, found ways to disable DEP (data execution prevention) and ASLR (address space layout randomization), two of Windows 7's most vaunted anti-exploit features. Each faced down the fully-patched 64-bit version of Windows 7 and came out the winner.

Vreugdenhil used a two-exploit combination to circumvent first ASLR, then DEP, to successfully hack IE8. A half hour later, Nils bypassed the same defensive mechanisms to exploit Mozilla's Firefox 3.6. For their efforts, each was awarded the notebook they attacked, $10,000 in cash and a paid trip to the DefCon hackers conference in Las Vegas this July.

"Every exploit today has been top-notch," said Aaron Portnoy, security research team lead with 3Com TippingPoint, the contest sponsor, and the organizer of Pwn2Own, in an interview at the end of the day Wednesday. "The one on IE8 was particularly impressive."

Vreugdenhil, a freelance vulnerability researcher, explained how he bypassed DEP and ASLR. To outwit ASLR -- which randomly shuffles the positions of key memory areas to make it much more difficult for hackers to predict whether their attack code will actually run -- Vreugdenhil used a heap overflow vulnerability that allowed him to obtain the base address of a .dll module IE8 loads into memory. He then used that to run his DEP-skirting exploit.

DEP, which Microsoft introduced in 2004 with Windows XP Service Pack 2, prevents malicious code from executing in sections of memory not intended for code execution and is a defense against, among other things, buffer overflow attacks.

"[The exploit] reuses Microsoft's own code to disable DEP," said Vreugdenhil. "You can reuse Microsoft's own code to disable memory protection."

In a paper he published today ( download PDF ), Vreugdenhil spelled out how he evaded both ASLR and DEP in more detail.

"It was a two-step exploitation," Vreugdenhil said of the unusual attack. "I could have done it with one, but it would have taken too long." Using the double-exploit technique gave him control of the machine in a little over two minutes; if he had used only one exploit, the task would have required 50-60 minutes.

"I didn't know how much time I would have at Pwn2Own," he said, referring to the constraints of the contest, where hackers had limited time slots. And he didn't want to bore his audience. "I put some eye candy in the exploit," he said, referring to a progress bar he inserted that read "Please be patient while you are being exploited..."

"It feels great," said Vreugdenhil of winning. "But I was nervous. I was convinced that there would be other exploits for IE8." This year's Pwn2Own was a first-come, first-served contest: The first researcher to hack each browser would win $10,000, but the second would take home nothing.

Nils also sidestepped DEP and ASLR in Windows 7 when he exploited the newest version of Firefox later in the day. Like Vreugdenhil, Nils also was awarded the notebook and $10,000. This was Nils' second Pwn2Own; last year he grabbed $15,000 by exploiting not only Firefox, but Safari and IE8 as well.

"As usual, Nils' exploit was very thorough," said TippingPoint's Portnoy.

TippingPoint purchased the rights to the flaws and attack code from Vreugdenhil, Nils and the other Pwn2Own winners. It will turn over that information to Microsoft, Mozilla and other affected vendors on Friday at the conclusion of the contest. Until vendors patch their vulnerabilities, TippingPoint will not disclose any technical information about the bugs.

Both Microsoft and Mozilla had representatives at hand during the contest.

Later, Jerry Bryant, a senior manager with the Microsoft Security Research Center (MSRC) acknowledged the vulnerabilities exploited by Vreugdenhil, but little else. "Microsoft is aware of a new vulnerability in Internet Explorer introduced at CanSecWest in the Pwn2own contest," Bryant said in an e-mail Wednesday. "We are investigating the issue and we will take appropriate steps to protect customers when the investigation is complete."

Bryant did not say when Microsoft would patch the flaws Vreugdenhil used. The company's next scheduled Patch Tuesday is April 13, but Microsoft typically takes much longer to produce its fixes, with testing time alone often running 30-60 days.

The lesson from this year's Pwn2Own is pretty simple, suggested Charlie Miller, another of Wednesday's winners. "What you can see at Pwn2Own is that bugs are still in software, and exploit mitigations like DEP and ASLR don't work. Even as [defensive measures] improve, researchers still end up winning."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer , or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.

A malware attack dressed up as an e-mail from organizers of the upcoming Shanghai World Expo targeted at least three foreign journalists in China, in the latest sign of increasingly sophisticated cyberattacks from the country.

The e-mail appeared to be sent from the inbox of the Expo news office, but it was not sent by the Expo and may be targeting journalists who signed up to cover the event, a reporters' advocacy group in China told members in an e-mail on Thursday.

Google drew global attention to cyberattacks from China two months ago, when the company said it had detected hacking attempts from the country partly aimed at the Gmail accounts of Chinese human rights activists. Google also said the attacks had caused the loss of Google intellectual property and that at least 20 other large companies were targeted. Chinese authorities use various methods to keep political dissidents under surveillance, but Google did not blame the Chinese government for the attacks.

There was also no evidence to suggest that the e-mail sent to foreign journalists had any tie to the government. But at least one version of the e-mail, which was sent by an attacker to IDG News Service, clearly targeted people who had filled out a spreadsheet to register for the Expo. The e-mail had a .pdf attachment that exploited a recently patched vulnerability in Adobe Reader, according to scan results on the Wepawet malware analysis Web site.

"There seems to be a [definite] increase in sophisticated, targeted attacks coming out of China," said Paul Ferguson, a researcher at Trend Micro, in an instant message.

Eastern Europe is a base for many cybercriminals who aim to profit by illicitly obtaining credit-card and banking information from victims. But large-scale attacks from China are often aimed at stealing intelligence or intellectual property, Ferguson said.

The World Expo will be a months-long show in Shanghai this year where dozens of countries will set up displays. The government sees the event as a display of China's rising influence abroad.

The alert sent out by the reporters' group in China said .pdf attachments had become a common mode of attack and that antivirus tools often do not pick up the types of malware involved. On Thursday afternoon in China, Kaspersky was the only vendor out of 42 tested by VirusTotal that labeled the file in the fake Expo e-mail as malicious.

China has repeatedly said its laws ban cybercrime including hacking attacks when asked about accusations of government involvement in attacks.

IDC analysts on Thursday said the global chip industry will grow this year but offered one of the least optimistic industry revenue forecasts so far this year, saying the global recession remains a problem.

IDC expects chip industry revenue to rise 16 percent this year as a recovery in the sector continues, but warned that end demand may be disappointing later this year due to unemployment in key markets around the world and an end to some government stimulus projects.

"When you look at the semiconductor market, we are definitely in a full recovery mode," said Mario Morales, head of chip research for the market researcher, at a conference in Taipei. However, IDC does not expect the strong recovery in consumer demand that other analysts are forecasting.

The chip market is on the rise this year mainly because the global recession caused orders to slow so much early last year that companies have had to catch up with replenishing their inventories. Inventory rebuilding may account for around half of all chip orders today, Morales said, but those orders will slow as companies fill their needs. End demand has rebounded since the depths of the recession, but it's not rebounding fast enough to take up the slack from slower inventory orders.

The 16 percent figure puts IDC at the low end of global chip revenue forecasts for this year. IDC's main rival, Gartner, predicts 20 percent year-on-year growth to US$276 billion this year, up from $231 billion last year, when worldwide chip revenue declined 9.6 percent. Gartner noted strong demand for memory chips and PCs as a basis for its forecast, but also warned that inventories may be building too fast.

Many market researchers, including Gartner, expect strong global PC sales to boost the chip industry. Investment banking firm Credit Suisse said in a report published Tuesday that corporations will be heavy buyers of new PCs, a main reason the firm is bullish on chip industry growth this year.

IC Insights, a smaller researcher focused on chips, forecast 27 percent revenue growth for chips in 2010, in a report earlier this month. The market research firm predicts DRAM revenue will surge 74 percent this year to lead the chip industry rebound.

IDC also sees DRAM as a major contributor to the global chip rebound this year, but puts its growth at a more modest 44 percent this year to US$32 billion. The memory chip industry is recovering from a decade low hit last year amid the global recession as companies such as Qimonda declared bankruptcy.

DRAM makers have started to increase output at a pace that will trigger a correction, or a short-term drop in sales, later this year, predicted Soo Kyoum Kim, memory analyst at IDC.

"I see some oversupply [in the second half]," he said. DRAM output will increase 25 percent in the fourth quarter from the third, he said.

But DRAM chip prices will remain at profitable levels for companies, he noted.

The main difference between IDC and other research groups is its focus on the potential impact of the global recession. Some government stimulus packages put in place early in the recession will end soon, which could lead to a slackening of demand. Job losses have also remained a problem in many parts of the world, which could mute end demand. Still, the research firm predicts the chip industry will post a strong rebound this year.

"I think the recovery will continue to be very gradual," said Morales.

(IDC is part of IDG, the company that operates IDG News Service.)

The electric vehicle battery industry will cave in by 2017, according to a new report that predicts massive oversupply — basically too many batteries for too few cars on the road.

Published by German consulting firm Roland Berger, the report estimates that only six or seven of about 60 worldwide EV lithium-ion battery makers will survive the decade. That includes recent American upstarts like A123Systems and Valence Technologies. The field will literally be decimated.

Johnson Controls-Saft, one of the more formidable companies in the field in the U.S., claims that demand will be 62 percent behind supply by 2015 — a critical unbalance. The projected bloodbath could easily be as bad as the 2001 tech bubble, analysts say.

The Roland Berger findings have been backed up by Lux Research, which claims that global EV battery companies will be able to sell only one-third of their manufacturing capacity by 2015. “We are definitely predicting a li-ion glut coming,” the company told Earth2Tech.

There may be a silver lining, however. As battery companies go belly up, prices for the actual hybrid and electric vehicles themselves are likely to come down. Right now, batteries are the single most expensive components of cars like the Tesla Roadster and Chevy Volt. If overstocked batteries sell for cheap, automakers will be able to increase their profits and lower sticker prices. This trend could even lead to widespread adoption of plug-in cars much sooner than expected.

The Roland Berger report estimates that EV battery companies will need to bring in close to $1 billion in revenue in order to stay afloat. This is a tall order for young entrants like A123Systems, which posted a total revenue of $66.5 million in 2009.

It will be interesting to see whether any of the venture-backed companies make it. A popped bubble could leave only the corporate giants like Panasonic standing in its wake.

Tags: electric cars

Companies: Lux Research, Panasonic, Roland Berger

China is scaling up its nuclear power plans in a big way. Its goal is to build 70 gigawatts worth of nuclear capacity by 2020 — 50 percent higher than its 2020 target was five years ago. It looks like uranium, still unpopular in the U.S. is finding big fans in Asia.

Achieving this goal will cost the country as much as $59 billion for 28 more reactors — 20 of which are already in the process of being built. As of this year, China is home for one-third of the world’s nuclear power construction. And the industry looks pretty healthy. Nuclear is thriving in its relatively lax regulatory environment. In the U.S., projects can be bound up in red tape for years before inevitably being abandoned. In China, plants can be built in just four years, like clockwork.

But the country isn’t the largest nuclear generator in the world, it’s simply the fastest growing. In fact, nuclear only provides about 2 percent of the energy used in the country, compared to 19.7 percent in the U.S., and more than 75 percent in France.

China still consumes more coal than any nation on earth — but it knows that has to change. That’s one of the reasons it’s pushing so hard to build rectors — to limit reliance on dirty power while also expanding the energy supply to meet skyrocketing demand. After the United Nations climate talks in Copenhagen went bust, China said it would ramp up efforts to cut emissions. Nuclear could help it make good on its word.

The difficulties associated with wind and solar energy in China have also made nuclear look more appealing. Without a well-developed electrical grid, much less a Smart Grid with adequate storage, fully harnessing distributed sources of energy is somewhat of a fool’s errand. The country is still investing in solar and wind — developing a market presence in the U.S. in both areas, as well (think SunTech) — but not as much as in nuclear.

China’s latest nuclear strategy will be detailed in full later this year. As it stands, the country is building more than twice as much new power as its closest competitor, Russia. In addition to delivering the power generated to its own people, China hopes to export it to its neighbors, including India, South Korea, and Russia — each of which are building more reactors than any other three countries outside of China. By selling nuclear energy abroad, Chinese companies will be competing directly with France’s Areva and General Electric.

Around the world, 370 gigawatts-worth of nuclear facilities are in operation. Another 200 gigawatts are currently under construction.

Tags: china, Nuclear

Companies: Areva, General Electric

South Africa’s economy has grown by two-thirds since 1994 and its demand for electricity has kept pace. But, despite near-perfect wind conditions, its minister of finance, Pravhin Gordhan, has decided to keep coal at the heart of the country’s energy policy.

Here’s his logic:

1. Local coal resources are abundant and cheap.
2. Coal plants can be built faster and require less maintenance than nuclear reactors.
3. Brownouts are not an option in South Africa. (When energy demand exceeds supply in the U.S., the lights dim — when it happens in Africa, thousands may go without clean water or safe food).
4. Five other countries rely on South Africa for electricity. Failing to meet this demand could send these satellites deeper into poverty, and strain relations.
5. Coal keeps South African miners employed. The industry accounts for 18 percent of the country’s GDP.

Gordhan isn’t necessarily the world’s biggest fan of coal. He emphasized that he would prefer that the country invest in renewable and nuclear sources of energy, but that the money and technology just aren’t there. If there was any other way to meet the region’s power needs, South Africa would be interested, he said.

Instead, the country is seeking a $3.75 billion loan from the World Bank, with $3 billion of it going toward the construction of a cutting edge coal-fired power plant capable of generating 4,800 megawatts. The remainder will be used to fund efficiency, wind and concentrated solar projects.

Gordhan’s recent editorial in the Washington Post takes the issue of climate change head on. He outlines South Africa’s plan to lower carbon intensity by 43 percent before 2025. This is a pretty ambitious goal for a developing country.

If the loan comes through as planned, wind projects will probably crop up near Cape Town. Located on the southwestern coast of the nation, the city is ideally situated for wind farms. It even blows reliably during peak hours every day. Nationwide, South Africa is predicted to have wind power capacity equivalent to 70 percent of it’s total energy demand.

There’s one major obstacle standing in its way: a distinct lack of government incentives. Without the government playing an active role in renewable energy development, like in Germany, Spain and the U.S., it’s up to the market to make solar and wind competitively cheap. In a country with 24 percent unemployment, money is always the deciding factor.

South Africa’s power mix is already 90 percent coal. This is a pretty big tide to turn back.

People: Pravhin Gordhan

China Unicom says it is in talks with Research In Motion about offering BlackBerry devices, making it the third Chinese mobile carrier interested in the popular handsets.

China Telecom, another Chinese carrier, also said this week that it hopes to offer the BlackBerry around May. The statements come as China's carriers compete to pin down deals for popular handsets, a key to attracting more users.

A China Unicom executive revealed the talks with RIM but gave no details during an event this week, a China Unicom spokeswoman said Thursday.

China Unicom late last year started offering Apple's iPhone in a push to attract more users for its 3G services. China Telecom is in talks with Palm to offer its Pre smartphone and the company reportedly said this week that it plans to offer the phone in July.

China Mobile, the world's largest mobile carrier by accounts, sells the Dell Mini 3i smartphone in China, and says it is also in talks with Apple on offering the iPhone.

China Mobile has sold the BlackBerry in China since 2006, but only said in recent months that it would start selling the devices to consumers in addition to businesses. RIM is working on a version of the BlackBerry that supports China Mobile's 3G standard, which was developed largely in China and has strong government backing.

No one at RIM was immediately able to comment.

A Chinese regulator last month gave a network access license to a version of the BlackBerry 8310, according to a list on the Web site of China's IT ministry. The license means that version of the phone can be sold in China, but it is unclear where it will be distributed.

Tech industry blog TechCrunch caused a big stir last year when it posted internal business documents from Twitter. At the time, no one knew the identity of the hacker who broke into Twitter’s defenses and stole the documents.

But now the hacker has allegedly been arrested in France for the cyber crime. The AFP reported that French police arrested a hacker who sabotaged the Twitter account of Barack Obama. But ReadWriteWeb says the technique described by the AFP is the same as that attributed to how a hacker stole Twitter documents and then turned them over to TechCrunch.

The AFP says the hacker was an unemployed 25-year-old who went by the pseudonym “Hacker Croll.” He was arrested in central France after a joint operation between French police and the FBI, which reportedly alerted the French police about his presence in France last July. The hacker was able to get Twitter’s admin codes and manage accounts at will.

Companies: techcrunch, Twitter

Trip Hawkins, chief executive of Digital Chocolate, isn’t shy about describing his company’s latest Facebook game, NanoStar Castles. He first conceived the game, which you could summarize as Pokemon for grown-ups, more than 16 years ago. He boldly says it is “the best idea I’ve ever had” and personally oversaw its design and production.

Those are pretty big words, considering Hawkins founded Electronic Arts, started 3DO, and is now on his mobile-social game company, Digital Chocolate. There may be a lot of bluster in that comment — Hawkins is known for that — but it’s also clear that Hawkins can’t just be laughed off.

After about four years of actual design, NanoStar Castles is finally launching on Facebook, and I have to say that it’s very clever. If it takes off, it will be part of a series of NanoStar social games.

Hawkins has taken a traditional deck-of-cards game and combined it with a trading-card game like Pokemon, adding 151 character cards that can be played on top of the original 52-card deck. Players are dealt four cards each and try to get the highest number of points. But the character cards can be used to modify the value of the dealt cards.

“The kernel of the idea is to use a regular deck of cards that can be modified by another deck of cards,” he said.

The game is a bid by Digital Chocolate, a mobile games company, to implant itself on Facebook, where lots of game companies are starting to make big profits. This game is firmly rooted in Hawkins’ long-held belief that deep, original games, not shallow, cloned games derived from console or PC titles, are the key to gaining a competitive advantage over rivals.

“I think this is the most important work I’ve done in my career,” Hawkins said.

Hawkins notes that it’s about time that someone creates a brand-new card game. But rather than do it on paper, it is best done as a social game on a huge platform like Facebook, which sorely needs addictive games that players will come back to over and over. The complaint about a lot of Facebook games, such as FarmVille, is that they’re designed to be viral — where one friend spams another to get them to play the game — but they’re not truly addictive games in their own right.

In the NanoStar Castles game, two players fight a duel and are dealt four playing cards each. They can draw a card to replace one that they already have, or they can play a modification card from a deck of the zany 151 characters. The NanoStar characters are designed to evoke emotions in gamers, making them more endearing. It’s a simple game, but the theory is that the depth of game play will keep the veteran players coming back.

“I have a great admiration for the simplicity of poker, but I also like the games with a lot of luck involved,” Hawkins said. “That’s the way I designed this one. It takes a combination of luck, skill and strategy.”

This game is designed to tap into the virtual-goods craze that has swept through social games, where players are encouraged to spend real money for purely digital in-game add-ons that give some advantage in play. The virtual-goods system in NanoStar Castles could be used in other games such as NanoTown (pictured with Hawkins at top), a new Digital Chocolate game that has been growing fast on Facebook. One of the unique things about the NanoStar Social Games series of games is that the virtual goods you buy in one game could also be used in another game. (Digital Chocolate has applied for a patent on how the NanoStars virtual currency platform is transferable to other games.)

Trading-card games such as NanoStar Castles could potentially generate far more loyalty and transactions than is typical in a virtual goods-based social game on Facebook, where maybe three percent to five percent of all users spend any money at all. By contrast, Hawkins said he knows friends who have spent $10,000 or more on Magic: The Gathering paper-based trading cards. (This is why Hasbro bought the Magic card business via Wizards of the Coast for $350 million in 1997).

“The average revenue per paying user on trading cards is just off the grid,” Hawkins said.

The tough thing about launching NanoStar Castles, Hawkins realizes, is that creating a new playing card game isn’t easy. It’s so hard to establish a new kind of game, in fact, that Hawkins is a little worried about the reception his game will get in its first commercial test after all this time. (Indeed, whether it is popular or not, it is still the best idea he’s ever had).

Playing-card game fans are especially slow to adapt to new innovations. Poker, for instance, got formalized in the 1800s but it didn’t truly take off until the Texas Hold ‘Em variant was created in the early 1900s and then institutionalized in Las Vegas in 1967. Games such as Magic: The Gathering, Pokemon, and Yu-Gi-Oh have also taken off. But they have not changed dramatically in the period since they were introduced.

To create what he believed would be a truly addictive game, Hawkins had to reach deep into his past growing up in the 1960s. That was when Strat-O-Matic Baseball, a playing card game based on the ever-changing statistics of baseball players, was his favorite game. He started Electronic Arts in 1982 so that he could do sports games on a computer that would be better than what Strat-O-Matic did on paper. As a result, EA Sports became a multibillion-dollar sports game franchise on the foundation of what Hawkins started.

“I give Strat-O-Matic the credit for propelling me into games and the creation of EA,” Hawkins said.

Digital Chocolate will let you play its games on Facebook for free. But if you want to get better capabilities, you’ll have to buy more NanoStars characters in packets, like buying a pack of trading cards for about 75 cents per character. Starting about 18 months ago, Hawkins had a paper-based prototype that he used to test with a small group of family and friends. Digital Chocolate designed the tongue-in-cheek characters that go with the final game.

One cute character is the Governator (modeled after Arnold Schwarzenegger), who delivers a political speech and has a robotic arm. In the game, the Governator transforms into a barbarian with an ax and can crush two of your opponents’ cards. Another character is Pamela (i.e. Pamela Anderson), a bikini-clad blonde bombshell who distracts all male characters in the game and essentially nullifies their attacks. The satirical elements are meant to appeal to adults of a certain age.

Besides NanoStars Castles, Hawkins is also launching another NanoStars Siege defense style game on Facebook as well, where you both attack and defend with an army at the same time. Both are attempts by Digital Chocolate to come from behind on Facebook and steal away the audience from market leaders such as Zynga and Crowdstar.

A typical NanoStars Castles game lasts five or six minutes and can be played while the other player is online or offline. Since it’s turn-based, you can wait for your opponent to make a move. Having watched a round of game play, I can see how this game could prove to be addictive for lots of fans. It moves fast and requires the players to strategize.

Digital Chocolate’s other social games are starting to take off. MMA Fighter has more than a million users since its launch in December. Overall, the investment in social games is a serious one, since Digital Chocolate now has 150 of its 400 employees working on social games now. About 40 people have worked on various parts of NanoStars Castles. A couple of more NanoStars games are in the pipeline.

Will NanoStars Castles take off? Hawkins himself refers to his failed attempt to create the 3DO game console back in the 1990s as “Trip’s Folly.” He said that some folks have told him that this NanoStars effort might be “Trip’s Folly: The Sequel.” Like all things that Hawkins does, it’s a hell of a wager.

Companies: Digital Chocolate

People: Trip Hawkins

Hackers took down Apple 's iPhone and Safari browser, Microsoft 's Internet Explore 8 (IE8) and Mozilla's Firefox within minutes at today's Pwn2Own contest, as expected.

The two-man team of Vincenzo Iozzo and Ralf-Philipp Weinmann exploited the iPhone in under five minutes, said a spokeswoman for 3Com TippingPoint, the security company that sponsored the contest. The pair also walked away with $15,000 in cash, a record prize for the challenge, which is in its fourth year.

Iozzo, an Italian college student, works for Zynamics GmbH, the company headed by noted researcher Thomas Dullien, better known as Halvar Flake, while Weinmann is a post-doctoral researcher at the Laboratory of Algorithms, Cryptology and Security at the University of Luxembourg.

Weinmann is probably best known for being part of a three-man team that in 2007 demonstrated how to crack the Wi-Fi security protocol WEP much faster than previously thought possible.

Charlie Miller, an analyst at Baltimore-based Independent Security Evaluators, brought down Safari on a MacBook Pro running Snow Leopard for a three-peat at Pwn2Own.

Miller won prizes in both 2008 and 2009 by hacking a Mac; last year, Miller cracked Safari in just 10 seconds . For his work today, Miller walked off with the notebook and $10,000 in cash.

No one else has won at Pwn2Own three times.

When his turn came, Pwn2Own newcomer Peter Vreugdenhil successfully exploited a vulnerability in IE8 running on Windows 7 with attack code called "technically impressive" by TippingPoint because it bypassed the operating system's Data Execution Prevention, or DEP, security mechanism, which is designed to stop most attacks.

Like Miller, Vreugdenhil, a freelance vulnerability researcher from the Netherlands, earned a $10,000 prize.

Another former winner, a German computer science student known only by his first name, Nils, was awarded $10,000 for hacking Firefox on Windows 7.

Of the browsers set up as targets for the contest, only Google 's Chrome remained standing on the first day.

TippingPoint does not release details of the vulnerabilities exploited for Pwn2Own, but instead purchases the rights to the flaws and exploit code as part of the contest. It then turns over information to the appropriate vendors, who all had representatives on hand.

Only after the vendor has plugged the hole does TippingPoint disclose details of each flaw.

If history is any indication, vendors will push out patches for the exploited vulnerabilities fairly quickly. In 2008, for example, Apple took just three weeks to patch the Safari bug that Miller used to win $10,000 at his inaugural Pwn2Own.

Mozilla beat that record last year when it updated Firefox a week after Nils exploited the browser.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about spam, malware and vulnerabilities in Computerworld's Spam, Malware and Vulnerabilities Knowledge Center.

LAS VEGAS -- As the nation's wireless carriers rush to compete with faster 4G speeds on either WiMax or LTE technology , their workers are toiling in the trenches to make it happen.

One senior manager of handset marketing at Sprint Nextel, Trevor Van Norman, estimates he has helped launch 150 different phones over six years, and this week helped launch the WiMax-capable HTC EVO 4G , a smartphone seen as a boon for Sprint's WiMax service now in 27 cities and operated by Clearwire.

Having the first WiMax-capable phone on the market will help the WiMax cause , even as some analysts predict only a minor market share for WiMax compared with LTE by 2014, he told Computerworld .

"Having the [HTC EVO 4G] brings the [WiMax] message home," Van Norman said. Analysis firm Infonetics recently gave WiMax only a 3% U.S. market share in 2014, probably because essentially only one company, Sprint, will offer WiMax.

By comparison, LTE will be offered by Verizon Wireless, AT&T and eventually T-Mobile USA, he noted.

Just about everybody agrees LTE subscribers will be much bigger than WiMax, although several analysts surveyed this week said they believe WiMax will grow to a larger share than 3% by 2014.

Sprint CEO Dan Hesse told a large CTIA audience this week that "LTE will be the larger of the two 4G standards," but noted that Sprint couldn't wait on LTE technology when it had "proven, tried and true" WiMax technology to run over Sprint's readily available spectrum.

Even with a minor share in the market, Sprint sees WiMax as vital to its future, and has even tied its compensation package to growth in 4G subscribers, Van Norman said.

"True, they are small financial rewards, just drinking money," Van Norman explained. "But our executives have committed to 4G." Sprint is offering WiMax to markets with 30 million people and expects to reach 120 million by year's end.

Hesse highlighted the value of a WiMax device to the medical profession, since it serves as a Wi-Fi hot spot to eight other devices, and could be used by a home visitation nurse who might collect data over Wi-Fi from various medical devices. "All kinds of medical devices could connect," he said.

One concern with the new HTC EVO 4G smartphone is how it will perform in wireless networks where WiMax is not available. Van Norman said that when WiMax is not there, the EVO will function over Sprint's EVDO 3G network.

Van Norman did say there might be a two or three second disruption for a bandwidth intense application such as streaming video when the phone switches from 4G to 3G.

Clearwire CEO William Morrow, also speaking to the CTIA crowd, urged other carriers adopting LTE to interoperate with WiMax. "We have the opportunity to converge [WiMax and LTE]," Morrow said. "Let's work together and go forward."

He noted that Intel and Vodafone, among other companies, "all believe the time is not to integrate this and move forward."

Morrow also noted that chipmaker Beceem Communications recently announced a chip that supports both WiMax and LTE.

Verizon and AT&T representatives' responses to questions at CTIA about whether they would be willing to allow future devices to work over both LTE and WiMax were less than encouraging.

A spokesman for Verizon said that interoperability was "not something we are looking at."

But Glenn Lurie, AT&T's president of emerging devices, was more blunt, saying that even though AT&T was wirelessly enabling all types of devices, not just smartphones, WiMax was not in the mix. "At AT&T, it's all about Wi-Fi. We're not supporting WiMax," he said.

ABI analyst Kevin Burden said it might make some sense for AT&T and other LTE carriers to interoperate with WiMax, at least in terms of dual chipset in devices that will work on both standards. "What's it going to cost to add a WiMax capability to a phone? Maybe $10?" Burden said.

Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld . Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed . His e-mail address is mhamblen@computerworld.com .

Read more about mobile and wireless in Computerworld's Mobile and Wireless Knowledge Center.

A delayed flight didn't stop Vincenzo Iozzo and Ralf Weinmann from scoring a cool US$15,000, a brand-new iPhone and a trip to Las Vegas at the annual Pwn2Own hacking contest in Vancouver on Wednesday.

The security researchers developed an undisclosed attack on the iPhone's mobile Safari browser to get access to a phone and then run a program that sent the phone's SMS messages to a Web server.

It is the first fully functioning attack on an iPhone since Apple released version 2 of the device in 2008, said Charlie Miller, the hacker who followed up Iozzo and Weinmann's hack by breaking into a MacBook Pro running Safari 4 on MacOS X Snow Leopard. His takeaway: the laptop and $10,000.

By the day's end, Pwn2Own competitors had hacked not just the iPhone and Safari, but also Internet Explorer 8 and the Firefox browser. Both IE 8 and Firefox were running on the Windows 7 operating system. IE was hacked by researcher Peter Vreugdenhil, and Firefox was claimed by a man identifying himself only as Nils. This is the same Nils who, last year, pocketed $15,000 after hacking IE, Firefox and Safari.

The iPhone attack got a lot of attention, however, because in last year's contest, Apple's smartphone did not get hacked.

Contest winners take home the device they hack, in addition to $10,000 in prize money for a Web browser attack and $15,000 for a mobile-device attack.

Google's Chrome browser, the BlackBerry, the Nexus One and the Nokia E72 are also included in the contest, but right now only one more contestant -- an anonymous hacker -- is on the schedule. He will take a shot at the Nokia phone on Thursday.

Apple introduced a number of advanced security measures with iPhone 2.0, including a "sandbox" in the device's kernel that restricts what hackers can do on a compromised machine, and a cryptographic code-signing requirement that makes it harder for them to run their initial malicious payload.

"When iPhone 2.0 came out, it became a lot harder" to hack the device, said Miller, who earned fame three years ago as the first person to hack the iPhone.

In fact, Weinmann said he had been set to compete in last year's Pwn2Own contest but had to abandon his plans at the last minute when he discovered his attack only worked on jail-broken phones, which have been hacked to run unapproved applications. Jail-breaking circumvents the iPhone's memory protections, but the Pwn2Own rules force contestants to use unmodified phones.

The Pwn2Own contest pays contestants for their exploit code, which leverages software flaws to give the attacker a foothold on the machine being attacked. But because of the iPhone's sandbox architecture, Weinmann and Iozzo actually spent much more time working on their payload software.

To make their attack work, they used a technique called "return-oriented programming," in which they essentially cobble together instructions from different parts of the iPhone's memory. But even with this technique, the iPhone's sandbox restricted what they could do once they had hacked into the machine.

Return-oriented programming has been around for more than a decade, but this attack is the first public demonstration of this technique on the Arm microprocessor, contest organizers say.

Iozzo and Weinmann were selected by lot to be the first to try out their attack at the three-day hacking contest. But Iozzo wasn't actually at the conference when his slot came up. A delayed flight caused him to miss his connection to Vancouver, but a co-worker, Thomas Dullien (better known as Halvar Flake), stood in for him at the contest.

Even though they tested the hack before the contest, Dullien and Weinmann ran into some trouble. "The first try gave us an empty database, but that was probably due to a bug in our database," Weinmann said after winning the prize. A second attempt was successful.

Run in conjunction with the CanSecWest security conference, Pwn2Own has become a closely watched test of exploit-writing skills, where professional hackers routinely show up and demonstrate how easy it would be to break into a computer running the latest software.

The contest provides a high-profile demonstration of just how common exploitable software bugs really are, despite concerted efforts by companies such as Microsoft, Mozilla and Apple to lock down their code.

TippingPoint, a security company that sponsors the contest, runs a program that pays hackers for working exploit code. According to Aaron Portnoy, TippingPoint's security research team lead, software makers have introduced techniques that make it harder to hack their products, but there are still plenty of bugs out there.

CanSecWest and the Pwn2Own contest run through Friday.

Want the go-anywhere spirit of a netbook and the full keyboard (and features) of a typical laptop? The Gateway EC14D07u ($630 as of March 22, 2010) attempts to merge the two, and in some ways it succeeds: The laptop feels light and yet manages to pack a DVD burner and an 11.6-inch screen. But in other ways--such as with its mediocre audio and video performance--it stumbles. Ultimately, it ranks as an average ultraportable laptop, albeit one that is fast enough for most applications and small enough to tote anywhere.

On our WorldBench 6 test suite, the EC14D07u earned a score of 64, strong enough to handle office work, Web browsing, media playback, and most other general tasks you may want to throw at it. The system's 4GB of RAM help it run multiple applications smoothly. (The similarly configured, similarly priced HP Pavilion dv2 earned a WorldBench 6 score of just 45.) But games and other 3D applications drag in the absence of a dedicate graphics processor. Even 3D titles from a few years back, such as Half-Life 2: Episode 1, are unplayable.

The 1.3GHz Intel Pentium SU4100 seems better tuned toward power conservation. In our testing, the battery lasted a solid but unspectacular 6 hours, 20 minutes, and you can extend that time if you dim the screen.

The keyboard and trackpad are average, too. Full-size matte keys feel good to the touch, and the responsive trackpad usually keeps up. You can even use a few gesture commands to navigate, such as swiping two fingers to scroll. Oddly, however, if you tap almost any keyboard key, the mouse freezes in midmovement.

The laptop weighs about 3.5 pounds and has a maximum thickness of approximately 1.25 inches, so it's easy to sling anywhere. Somehow, Gateway slipped a dual-layer DVD burner into that svelte body, too. The laptop's shiny exterior is a fingerprint magnet; but except for the two mouse buttons, almost all of the laptop's interior surfaces are matte

In PC World's most recent survey of laptop vendor reliability and service, Gateway ranked in the top third, suggesting that the company is responsive customers' initial or late-developing hardware problems.

Colors on the EC14D07u's bright LCD look a little muted compared to those on competing screens, and the glare on the glossy screen can be distracting. But you get good resolution (1366 by 768 pixels)for a screen of this size. The thin but adequate audio is typical for a laptop, with weak sound separation from the speakers. At least there's no distortion at the machine's loudest volume, since you may frequently have the controls set to that level.

The EC14D07u comes with three USB 2.0 ports, audio in and out, VGA and HDMI out, a flash-card reader, 802.11b/g/n Wi-Fi, and gigabit ethernet. An average Webcam records images that can look posterized, but pictures stay fairly defined in moderate lighting.

Being average isn't a bad thing. The thin-and-light Gateway EC14D07u travels almost anywhere; its processor and a 320GB hard drive are adequate for business and school work; and its LCDpacks in pixels. Nevertheless, nothing about this machine causes it to stand out from the pack.

Nintendo may be hip to sell 3D handhelds, but Sony's having none of it.

Responding to Nintendo's surprise announcement yesterday that the company plans to release a 3D version of its popular DS handheld by March 2011, Sony's marketing director John Koller told IGN he believes works best in the console space.

"The amount of interest in 3D from the retail side and game publishers is off the charts," said Koller. "We know we have a hit with 3D on PS3 and we're going to concentrate our efforts there."

Well sure, you're probably saying, what else is Sony going to say? The company's lining up to sell ultra-expensive 3D TVs, after all, and wants you to believe 3D's the next big thing--even if it isn't.

Even then, Sony's probably right to be skeptical about 3D in the portable space. We're talking about screens--or possibly a single screen--less than 4-inches diagonally. It may look cool for a couple of seconds in a YouTube video, but could be distracting (in a bad way) or strain your eyes over extended play sessions.

Koller calls Nintendo's unexpected 3D gamble "an interesting move," but wonders if they've really got their demographics straight.

"8 and 9 year-olds playing 3D is a little bit of a stretch given where some of our research is right now," he said.

Count me with Koller until Nintendo proves me wrong (and hey, prove me wrong Nintendo--I'll be first in line to buy one if you do).

Also, lest Sony forget, remember that you'll pay upwards of $4,000 for a 3D TV set, where Nintendo's 3D handheld should come in somewhere under $200.

Follow Game On on Twitter.

GoDaddy is joining Google in its fight against China's Internet control.

The company has announced it'll no longer register new domains in the People's Republic -- and it has some strong reasons why.

GoDaddy's China Change

GoDaddy divulged its decision during a congressional hearing on Wednesday. Christine Jones, the company's executive VP, delivered a prepared statement explaining the shift in strategy.

The nine-page testimony details an apparent change in Chinese law that requires GoDaddy to now collect color headshot photos of all users trying to register new domains. In addition, the company must obtain business identification documents and physically signed registration forms from all of its Chinese customers.

Here's the kicker, though: All that data has to be forwarded on to China's government-run Internet Network Information Center (CNNIC) for "review."

Sound fishy to you? It did to GoDaddy, too.

"The intent of the new procedures appeared, to us, to be based on a desire by the Chinese authorities to exercise increased control over the subject matter of domain name registrations by Chinese nationals," Jones' testimony states.

And that's not all, either: The testimony goes on to reveal that GoDaddy has been told to apply the new rule retroactively, obtaining photo identification from every existing China customer and supplying it to the government. If someone's data isn't turned over, Jones says, his domains are turned off.

"We are concerned for the security of the individuals affected by CNNIC's new requirements, as well as for the chilling effect we believe the requirements will have on new .CN domain name registrations," the testimony explains.

The China Internet Challenge

So far, GoDaddy's the first major Internet company to follow Google's lead in the China Internet challenge. Microsoft's explicitly said it has no plans to make any changes. And, let's be honest, Apple practically uses the same oppressive tactics as China's regime, so it's not likely to be taking a stance anytime soon.

All joking aside, though, don't think the division's going unnoticed. According to CNN, U.S. lawmakers at Wednesday's hearing praised Google and GoDaddy's efforts and slammed others for not following suit.

"They need to get on the right side of human rights rather than enabling tyranny, which they're doing right now," Rep. Chris Smith is quoted as saying.

Of course, this is only the beginning; we can expect to hear more fighting words from all sides as the global battle rolls on.

But hey, on the upside, at least this whole debacle will make for a brilliant movie some day. Just imagine the possibilities...

JR Raphael is a PCWorld contributing editor and the co-founder of eSarcasm. He's on Facebook: facebook.com/The.JR.Raphael

If you've got the latest version of Apple's Final Cut Studio suite of pro video applications on your Mac, it's time to fire up Software Update--Apple has an update just for you!

Pro Applications Update 2010-01 includes 24 bug fixes and improvements for five different applications. Final Cut Pro moves up to version 7.0.2 with three fixes related to clip duration when removing reverse speed, the Log and Capture window, and HDV to Apple ProRes capture via FireWire. Motion 4's five updates bring its version up to 4.0.2 and address a number of issues ranging from stability on Macs with limited graphics or system memory to rendering of 3D scenes using the Checkerboard generator.

Compressor sees the most fixes, with 11 updates that correct issues including long chapter names and titles not showing up correctly in disc templates, color shift problems when transcoding image sequences, problems with MobileMe uploads, and more, bumping up its version number to 3.5.2. Color (now at version 1.5.2) receives fixes with color correction, loading and processing of trackers, and a problem with the green channel on video scopes displaying an incorrect value. Finally, Cinema Tools moves up to version 4.5.1 with a fix for a problem that occurs when importing telecine logs.

The year is 1975. Gerald Ford is in the White House, South Vietnam falls, Muhammad Ali defeats Joe Frazier in the "Thrilla in Manila" world championship boxing match, the late-night comedy show NBC's Saturday Night (later called Saturday Night Live) debuts, One Flew Over the Cuckoo's Nest sweeps the Oscars, and Captain & Tennille's "Love Will Keep Us Together" and Glenn Campbell's "Rhinestone Cowboy" top the music charts.

And in Albuquerque, N.M., Harvard dropout Bill Gates and his high school friend Paul Allen set up a tiny business to write software for a new microcomputer called the Altair 8800. Their first product is the Altair BASIC language. At some point during that year, the company is called Micro-soft, and then MicroSoft, before it is ultimately named Microsoft.

From those modest beginnings, that company went on to help give birth to an entire industry, change the way we live and work, and become one of the largest software companies on the planet, creating countless millionaires -- and several billionaires -- along the way.

As Microsoft celebrates its 35th anniversary, I've decided to take an idiosyncratic and opinionated look at the best, worst and most notable moments, technologies, products, decisions and people in the company's history. A lot has happened in that time, so if you think I've left anything out or disagree with my choices, share your thoughts in the article comments.

Now, step into the Wayback Machine and read on.

Savviest business deal

In November 1980, Microsoft signed an agreement with IBM to provide an operating system for the still-secret IBM Personal Computer, to be released in 1981. The operating system would ultimately be called PC-DOS, a rebranding of Microsoft's MS-DOS.

Microsoft didn't actually write MS-DOS; instead it paid to have Seattle Computer rewrite its own QDOS (Quick-and-Dirty Operating System) for the purpose, without telling Seattle Computer to whom the operating system would be sold. (Microsoft signed the contract with Seattle Computer one day after signing the contract with IBM.)

QDOS was largely based on the CP/M operating system, owned by Digital Research. Ironically, IBM had originally turned to Digital Research for an operating system for the IBM PC, but the two companies' negotiations broke down. Too bad for Digital Research; Microsoft went on to use its relationship with IBM as a springboard to develop its worldwide dominance in business operating systems.

Smartest acquisition

In July 1987, Microsoft bought Forethought Inc. for $14 million in cash. Forethought had developed a presentation program for the Macintosh, initially called Presenter, which it renamed PowerPoint for trademark reasons. PowerPoint later became one of the core programs of Microsoft Office, which for many years has been the dominant office productivity suite.

Prickliest partnership

In August 1985, Microsoft and IBM signed a deal to partner in the development of an advanced operating system called OS/2. The operating system never achieved the widespread popularity of DOS -- or, later on, Windows -- and became a bone of contention between Microsoft and IBM.

Microsoft devoted most of its development resources to Windows and Windows NT, rather than OS/2, and ultimately abandoned OS/2 to IBM, which eventually abandoned it as well.