Mac News Briefs

Apple has released Logic Pro 9.0.2, a minor update to its professional music recording, editing, and mixing software. According to the release notes, the 9.0.2 update allows Flex Markers to align and snap to MIDI notes, makes performing a punch-in recording with Replace Mode behave correctly, adds an option for latency measurement to the I/O plug-in, and causes TDM plug-ins to behave as expected (only an issue previously for users with Pro Tools HD audio hardware.) The update is available via Software Update or from Apple's support Web site. Logic Pro 9 is part of the Logic Studio suite of music applications. Apple had yet to update its Logic Pro 9: Release Notes Web page with additional details when this story was posted.-Jonathan Seff Prosoft updates Data Rescue recovery utility Prosoft Engineering updated Data Rescue, introducing a new interface and a number of speed and performance improvements to its data-recovery utility.

Prosoft also added more than 100 new Reconstructed file types for Deleted and Deep scans. Data Rescue 3 features animated visual effects in its redesigned interface to help guide users through recovering files from corrupted hard drives or accidental deletions. The new FileIQ features lets the software learn about new file types from user-supplied samples, extending the number of potential Reconstructed file types supported by Data Rescue. Prosoft improved support for scanning Apple software RAID drives and 1TB or greater drives as well as support for recovering large sparse disk image files, pkzip files, and hard linked files. Other enhancements include the ability to suspend and resume scans and manage the results from multiple scans.

Data Rescue 3 runs on OSX 10.4.11 or later, including Snow Leopard. In addition, File Stitcher 2.1 features a pre-stitch validation check list, expanded bitrate support, and Snow Leopard compatibility. The software costs $99 for a personal use license; licenses for IT pros cost $249.-Philip Michaels File Stitcher 2.1 features redesigned merging engine File Stitcher, the MP3 merging tool from Pariahware, has been updated to version 2.1. The latest update features redesigns to both File Stitcher's interface and merging engine. Version 2.1 is a free upgrade to all File Stitcher 2.0 license holders. Available for $15, the program also offers a demo where you're limited to stitching two files together at a time.-PM

NASA: Orbiter spots ice in Martian meteor craters

A NASA spacecraft orbiting Mars has spotted exposed ice in five different spots on the Red Planet. NASA scientists said they found the exposed ice inside craters , caused by meteors slamming into the Red Planet last year. After years of speculation and last year's intensive hunt for water and other elements that could support life , NASA scientists reported today that they've found frozen water just a few feet below the planet's surface. "This ice is a relic of a more humid climate from perhaps just several thousand years ago," said Shane Byrne of the University of Arizona, Tucson, during a press conference today.

Scientific instruments onboard the Mars Reconnaissance Orbiter found that the icy craters range from 1 1/2 to 8 feet deep. The images are sent back to Earth where scientists pour over them, comparing any new spots, or possible craters, to photos taken earlier. The exposed ice first appeared as bright patches and then darkened in a matter of weeks as the ice vaporized in the Martian atmosphere. "Craters tell us a lot about the object on which they occur," said Ken Edgett, a senior staff scientist at Malin Space Science Systems. "They're great probes of what lies beneath the surface." In the average week, the orbiter's high-resolution camera captures more than 200 images of Mars, covering an area greater than the size of California. Because of the area where the ice was discovered, scientists said today that if NASA's Viking Lander 2, which worked on the surface of Mars in 1976, had dug four inches deeper than it had at the time, it would have struck ice. Before NASA's Phoenix Mars Lander froze to death in the long, cold Martian winter last year, the robotic vehicle dug up and analyzed soil samples and verified the existence of ice on Mars . The found ice proved that water - a key element to support life - exists there.

The Net's Most Heinous Hoaxes

Most online hoaxes are mildly annoying, and a few are hilarious. Plastering an epilepsy forum with flashing images? But propagating a false AMBER Alert over Twitter?

Not cool. Twitter/Facebook Amber Alert The AMBER Alert system-a child abduction alert system broadcast over radio, TV, satellite radio, and other media whenever a child is abducted-was created after nine-year-old Amber Hagerman was abducted and murdered in Arlington, Texas, in 1996. Recently, some users have also broadcast alerts over text messages and Twitter. We'll take a look at some of the Web's most heinous hoaxes over the years, and sprinkle in a handful of amusing ones. Last July, someone tweeted an AMBER Alert for a three-year-old girl. It turned out to be a false alarm. People responded by spreading the alert as fast and as far as they could.

A similar sequence of panicked, rapid-fire tweeting followed another false AMBER Alert occurred in September. Though we're glad that no abduction occurred in either case, there's a disturbing "cry wolf" aspect to the story-what happens the next time a real AMBER Alert goes out? How heinous is this? For eroding the value of a potentially vital line of defense against child abduction, this hoax sets the platinum standard for repugnance. The site included tips on how to insert a feeding tube and a waste removal tube, and where to drill air-holes "prior to kitten insertion." It also included a gallery of pictures of "Bonsai Kittens" and a guestbook filled with love (and hate) mail. Bonsai Kitten Paging PETA: In 2001, a group of enterprising MIT grad students put together a little Web site called Bonsai Kitten, which detailed how to grow a kitten in a jar for aesthetic purposes.

The site was so realistic that it caused uproar among kitty enthusiasts and animal rights activists (including the Humane Society), and it eventually gained enough notoriety that the FBI investigated the site's authenticity (or lack thereof). But since no kittens were actually harmed in the perpetration of this hoax, we think it tends more toward the hilarious than the heinous. Some of the pranks they allegedly pulled are a bit more serious, however, such as the Epilepsy Forum Raid. Epilepsy Forum Raid Anonymous, a group of online pranksters, has been blamed for an array of notorious acts of Internet grief-from uploading porn on YouTube to launching denial-of-service attacks on Scientology sites. In March of 2008, an epilepsy support forum run by the Epilepsy Foundation of America was attacked with uploads of flashing animations. The animations-which were clearly intended to induce seizures and/or migraines in epileptics-can be very dangerous for epilepsy sufferers. The National Society for Epilepsy, based in the UK, fell prey to a similar attack.

The attack was investigated by the FBI, which found no connections to the group Anonymous. Bigfoot's Body Bigfoot is alive-okay, actually he's dead, and he's in a freezer in Georgia. Internet speculation has attributed the attack variously to The Internet Hate Machine, to 7chan.org, or to eBaum's World. At least, that's what The New York Times and other major news outlets reported on August 14, 2008. In the finest "made you look" tradition, two men from Georgia announced that they had found the body of Bigfoot and would present definitive proof (in the form of photographs and DNA) that Bigfoot existed. Quasi-expert Tom Biscardi, an inveterate promoter of all things Bigfoot (and perpetrator of his own Bigfoot hoax just three years prior), vouched for the men. In fact, they revealed, they saw three other Bigfoots in the woods as they were dragging the dead beast's body back to their car-possible evidence that these creatures had mastered the intricacies of contract bridge but had not yet learned to control their tempers over botched bidding.

How bad is this? But an Indiana man fronted $50,000 on behalf of Biscardi for the "body," and is now suing the pair of hoaxers to get his money back. Not surprisingly, the body turned out to be a costume stuffed in a freezer. The most heinous part of this hoax is the fact that someone actually fell for it. Alabama legislators began receiving letters from outraged scientists and civilians, but that's about as dangerous as the situation got.

Changing the Value of Pi On April Fool's Day 1998, Mark Boslough wrote a fictional piece about Alabama legislators calling on the state government to pass a law that would change the value of pi from 3.14159... to the "Biblical value" of 3. Boslough's titled his article "Alabama Legislature Lays Siege to Pi." Though the piece was originally posted to a newsgroup, it ended up being forwarded...and forwarded...and forwarded... The funniest part of the hoax? Save Toby Taking a cue from Bonsai Kitten, a site called Save Toby used a creepy premise to throw animal rights activists into a tizzy. It echoes an actual event: In 1897, the Indiana House of Representatives passed a resolution to change the value of pi to 3-luckily, irrationality prevailed and the bill died in the State Senate. The Save Toby saga began in the early days of 2005, when the site announced that its owners had found a wounded rabbit (which they named Toby) and nursed it back to health-but then declared that if they did not receive $50,000 in donations for the care of Toby by July 30, 2005, they would be forced to cook and eat the rabbit.

Animal rights activists cried "animal cruelty," to which the owners responded that they were doing nothing cruel to Toby-in fact, they were trying to save him. The owners asserted that the site was not a hoax: They would, indeed, cook and eat Toby if they did not receive the money. Supposedly, the site collected more than $24,000 before Bored.com bought it, and Toby was saved. (By the way, possible inspirations from pre-Internet days for the Save Toby hoaxers aren't hard to find.) But holding a bunny hostage for ransom? MySpace Suicide This hoax may have been the most senselessly cruel of any listed here. Real classy, fellas. In 2007, a 13-year-old girl committed suicide after being dumped by her MySpace "boyfriend." The girl's family later learned that the MySpace "boyfriend"-a cute boy named Josh-never existed.

The Josh character had gained the girl's confidence before sending her a message that told her he didn't want to be friend anymore because he'd heard she was a mean person. He was a fictional character made up by the mother of another girl. The girl, who was on medication for depression and attention deficit disorder, took her own life the next day. Then again, the scammers send out thousands of e-mail appeals every day in the hope of getting just one gullible person to reply. Our take: Unforgivable. 419 Nigerian Money Scams Nigerian money scams are so overexposed in the media these days that it's hard to believe people still fall for them.

The scam itself is pretty simple: The grifter promises the randomly chosen e-mail recipient an absurd amount of money to help the crook "transfer funds" from one bank to another (or some variation thereof). To help the con artist, all the victim has to do is provide his/her personal information, bank information, and, oh yeah, a small fee (around $200-a small price to pay, considering the impending payoff) to help transfer the money. The scammer obtains all of the scammee's personal info, and a tidy little sum besides. If the scammee goes along, bam! Not bad for one e-mail. In some cases, the scammers invite the victims to travel to Nigeria or a bordering country to complete the transaction. These scams can be life-threatening as well as costly.

In 1995, an American was killed in Lagos, Nigeria, while pursuing such a scam. Work-At-Home Scams Like the Nigerian money scams, work-at-home come-ons are heavily reported in the media. Truly horrific. Yet people still fall for them. But desperation or greed makes some people forget. Most people know that if it sounds too good to be true, it probably is.

Work-at-home scams promise you the opportunity to make quick, easy money from the comfort of your house; all you need is a computer-which, of course, you have. Except, of course, that materials will never come, and you'll have lost your money, and you still won't have a job. Any number of activities may be your ticket to riches-stuffing envelopes, transcribing, medical billing-but first you need to do send the scammer some money for preliminary materials. Heinous? And the fact that they prey primarily on unemployed or underemployed people who aren't exactly swimming in discretionary income (it's hard to imagine Warren Buffett jumping at the chance to make money by stuffing envelopes) increases their vileness quotient at least a little. Such scams aren't life threatening, but they can certainly put a dent in your savings-especially if you fall for them more than once.

Remember, if prospective employers ask you to send money before you start working for them...it's probably a scam. In September 2009, Facebook's PR went rogue and punk'd TechCrunch with a "Fax This Photo" option. Facebook Hoax on TechCrunch Guess you should stay on the good side of people who run your primary social networking site. TechCrunch reporter Jason Kincaid opened his Facebook on September 10, 2009, and discovered that under every photo there was a new option: "Fax This Photo." It seemed ridiculous-but everyone in the TechCrunch network saw it, so he sent an e-mail to Facebook. He then called Facebook PR...and discovered that it was all a big prank, and that Facebook staffers were placing bets on how long it would be before TechCrunch posted it. They didn't respond, so he posted a skeptical note.

Heinous? TechCrunch got PWN'd. Of Related Interest For two discussions-one old and one fairly new-of online scams, check out these stories: • "Top Five Online Scams" (2005) • "5 Facebook Schemes That Threaten Your Privacy" (2009) For a look at some relatively benign online hoaxes (mixed in with some evil ones), read this: • "The Top 25 Web Hoaxes and Pranks" (2007) And from deep in the vaults of PCWorld.com come these chestnuts: • "Devious Internet Hoaxes" (2002) • "The Worst Internet Hoaxes" (2001) Not at all.

Realmac Software acquires social app EventBox

EventBox, the one-stop shop for many of your social media needs, is taking a big step up in the world of Mac software. Last July, Macworld's James Dempsey dove into EventBox and all the socializing it has to offer, and I picked it as part of my $300 Student Challenge last month. Realmac Software, makers of RapidWeaver and LittleSnapper, announced Tuesday morning that it has acquired EventBox from its developers, The Cosmic Machine.

Instead of visiting separate websites to get your daily dose of Facebook, Digg, Twitter, Google Reader, Reddit, Flickr, Identi.ca, and even plain ol' RSS feeds, EventBox wraps them all into one polished, centralized application. You can create smart folders to organize your friends and information for the way you, erm, "work," upload photos to compatible services, and even send links to Instapaper for reading later. It even makes a few services work together in useful ways, such as letting you post Google Reader headlines to Facebook or Twitter right from inside the app. Realmac Software's acquisition means that EventBox will have more resources and room to grow, as Realmac is no stranger to bringing solid products to market. EventBox is now huddling into a cocoon, undergoing a transformative process that should finish in November.

RapidWeaver has long been known as a sort of "iWeb Pro" upgrade, and LittleSnapper quickly gained traction as a powerful "iPhoto for designers and web developers." EventBox doesn't currently have much in the way of competition as far as tackling such a broad sample of the social media space, so The Cosmic Machine and Realmac are already a step or three ahead of the game. When it reemerges, it will be renamed as Socialite. EventBox owners who purchased a license in the past will get a free Socialite 1.0 license, which will cost everyone else $20. Customers who scored licenses through MacHeist will receive an email with the option of purchasing a license upgrade at a discounted price. Realmac is soliciting feedback in its forums for what users want out of version 1.0 and beyond.

Large online payroll service hacked

In a somewhat unusual data breach, hackers recently stole the login credentials of an unknown number of customers of payroll processing company PayChoice Inc., and then attempted to use the data to steal additional information directly from the customers themselves. Hackers broke into the site and managed to access the real legal name, username and the partially masked passwords used by customers to log into the site. The breach, first reported by the Washington Post this week, took place on Sept. 23 and involved PayChoice's onlineemployer.com portal site. They then used the information to send very realistic looking phishing e-mails to PayChoice's customers directing them to download a Web browser plug-in to be able to continue using the onlineemployer.com service.

Users who clicked on the link to download the plug-in instead got infected with a username and password stealing Trojan. Each of the messages addressed people by their real names and contained their real username and passwords (partially masked), which had been harvested earlier from PayChoice. It is not immediately clear how many customers might have actually clicked on the malicious link. The company bills itself as the "national leader" in the payroll services and software industry and claims over 125,000 business customers. PayChoice, based in Moorestown, N.J, proivides payroll processing services and technology.

In an e-mail statement to Computerworld , PayChoice said today it discovered the security breach in its online system last Wednesday. "We are handling this incident with the highest level of attention as well as concern for our clients, software customers and the employees they serve," CEO Robert Digby said in the statement. The company has also engaged two outside forensic experts to help figure out the full scope of the intrusion. "PayChoice is determined to find the cause and extent of the breach and to take further measures to prevent a future occurrence," Digby said. Once the company discovered the breach, it immediately shut down the online system and instituted "fresh measures" to protect client information, the statement said. Steve Friedl, an independent security consultant, said he first heard of the breach last Thursday when a PayChoice customer informed him. But it appears very likely that the only data the hackers accessed was the information they included in the fake e-mails that PayChoice's customers received, said Friedl, who wrote about the incident in his blog . If hackers had in fact accessed on more data, it is highly unlikely that they would have resorted to sending out those additional e-mails to PayChoice's customers, and thereby running the risk of being exposed, he said. At this point, it is not clear what other information the hackers might have gotten access to, said Friedl who consults for a rival payroll services firm.

Friedl said the links in the phishing e-mails were to Websites hosted at Yahoo. The relatively poor English in the e-mails appear to indicate that those behind the attack were from outside the country, he said. The malware itself was a password-stealing Trojan that was designed to send the stolen information to a Web server in Sweden. Chris Wysopal, chief technology officer at application security vendor Veracode Inc., said the breach is interesting because it shows that hackers are looking for targets other than credit card numbers and social security numbers to steal. "The market is saturated with [stolen] credit card data," Wysopal said. As a result cybercrooks looking to monetize what they are doing are moving up to higher value attacks where possible, he said.

A credit card record that was worth $10 in the underground in 2007 today can be had for about 50 cents, he said. In this case, the hackers appear to have been trying to install keystroke loggers to get information that would have allowed then to access online banking accounts of PayChoice's customers, he said. "That is where they would have got tens of thousands of dollars," had they been able to pull it off. An online payroll service company such as PayChoice presents a "huge attack surface" to those looking for ways to compromise it, Wysopal said. "An application like that, which is exposed to the Internet, is susceptible to SQL injection, cross-site scripting," and numerous other Web application attacks, he said.

Want to make BI pervasive? It's the culture, stupid

Business intelligence software may have been around for several decades, but it remains an esoteric niche in most companies, according to an analyst. It's the people that often get in the way," said Dan Vessett, an analyst with IDC Corp. Unfriendly corporate cultures, not the BI tools or apps themselves, are preventing BI from becoming pervasive. "The technology has been around for a long time.

IDC recently conducted a study of 1,100 organizations in 11 countries measuring how pervasive BI is in companies, what factors helped make it more pervasive, and what "triggers" data warehousing architects and IT managers can use to the further the spread of BI in their companies. According to IDC, that was between 48% to 50%. Degree of external use, or how much it shared data with vendors or customers. In a speech Tuesday at Computerworld's Business Intelligence Perspectives conference in Chicago, Vessett said IDC measured BI's pervasiveness via six factors: Degree of internal use. Sharing BI data keeps customers loyal, Vesset said. Percentage of power users in a company. And canny BI users in industries such as retail can sell that data to generate non-trivial revenue, he said.

The mean was 20% in surveyed companies. Over five years, the average at surveyed companies grew to 28 from 11. Data update frequency. Number of domains, or subject areas, inside the data warehouse. While real-time updates can be indicative of heavy dependence upon BI, "right-time data updates" is more important. "Daily, weekly or monthly could be sufficient," he said. They still rely more on experience rather than analytics," Vesset said. Analytical orientation, or how much the BI crunching helped large groups or the entire organization make decisions, rather than isolated individuals. "The fact is that most individuals and companies are not data driven.

According to Vesset, these factors in descending order had the most impact on BI pervasiveness: Degree of training, not in the BI tools - "the vendors do a pretty good job" - but in the meaning of the data, what the key performance indicators (KPIs) mean, etc. Satisfied users will talk up the BI software, creating "BI envy" in other employees, helping spread the software's use. Design quality,or the extent to which IT-deployed performance dashboards are able to satisfy user needs. Unsatisfied users will go around IT and use Excel or some SaaS applications. Involvement of non-executive employees. Prominence of the data governance group.

Prominence of a performance management methodology. Vesset also listed a number of potential "triggers" for BI projects that IT should take advantage of: