The potential acquisition of ATI Technologies Inc., a Canadian graphics company, by chip maker Advanced Micro Devices Inc. was so secret that the project was at first code-named “Supernova,” and then “Go Big,” said Anil Kumar, a former McKinsey & Co. consultant who advised AMD on the deal. In discussions, AMD was referred to as “Los Angeles” and ATI was called “San Antonio,” he said.

But for months before the deal was announced in July 2006, Mr. Kumar testified, he had been discussing AMD’s plans with Mr. Rajaratnam. Mr. Kumar has testified that Mr. Rajaratnam had been paying him $500,000 a year for inside information, which was reinvested in Galleon through an account in India under his housekeeper’s name.

Read the rest of this post on the original site »

I have had a little disagreement with my IT guy. He says that when taking my laptop out in public, I should never type anything with passwords or confidential information. He says that someone can pick up my information. I say that I can’t believe that everyone in public is totally exposed. There must be some way to protect yourself while on a public network. Who is right?

A:

There’s no single correct answer. It’s true that thieves in public places can and do steal passwords and other sensitive information transferred over public Wi-Fi hotspots. But it’s also true that methods like Virtual Private Networks can mitigate this problem, and that most public hotspots are, just by the odds, unlikely to harbor these thieves at any one time. However, my advice is to avoid doing any sensitive tasks, like banking or stock trading, while using public hotspots. And, if you’re doing anything confidential on your company or home network remotely, use a VPN, which is like a secure tunnel through the internet.

Q:

I recently purchased a new iMac and am considering installing anti-virus/spyware/malware programs on it. Reader forums in MacWorld magazine say it’s not needed. A local newspaper computer columnist says he’s had Macs since the early ’80s and has never run an AV program and has had no problems. Other online computer advisers say Macs are always vulnerable and advise to run AV programs. Any recommendations here?

A:

No computer is inherently invulnerable to malicious software, and that includes the Macintosh. However, nearly every malicious program known is meant to run on Windows and simply won’t operate on the Mac operating system. The handful of Mac viruses and other malware that have been discovered are either proofs of concept, or have spread to very few users and done little or no damage. Most Mac users I’ve known don’t run third-party security software and haven’t had malware problems. So I don’t routinely recommend Mac security software.

There are two caveats, however. If you are running Windows on your Mac, you should install Windows security software, to run while Windows is in use. Also, Mac users are just as vulnerable as Windows users are to online scams, or to insecure public networks. So, even though you may never get a virus, you still have to be careful about doing sensitive Internet tasks via public hotspots or careless behavior like clicking on links sent you by unknown email senders.

Q:

My car has an audio jack that integrates any input into the sound system. I know that Kindle has a text-to-speech feature. Would I be able to use that feature via the audio jack in the car?

A:

Without having tested your car’s input jack, I assume the answer is yes. The Kindle has a standard headphone jack.

However, note that the text-to-speech feature works only on certain books, not all of them. Publishers have the right to allow or disallow it for any book.

Also, even if it’s enabled, it isn’t the same as an audio book, which is usually read by a trained narrator or by the author. Instead, it’s a computer doing the reading.

You can find Mossberg’s Mailbox and my other columns at the All Things Digital website, http://walt.allthingsd.com.

And some memos are “confidential”–meaning there’s no real expectation that they’ll stay within the family.

You’d assume that Eric Schmidt’s memo to “Googlers” announcing big raises falls in the latter category. If that’s all Googlers, that’s some 23,300 people, so that’s pretty much the same thing as issuing a press release, right?

But Google thinks otherwise, says CNNMoney’s David Goldman. He reports that the company has fired an engineer who passed the information along to Business Insider yesterday:

Within hours, Google notified its staff that it had terminated the leaker, several sources told CNNMoney. A Google spokesman declined to comment on the issue, or on the memo.

I’ve gone ahead and asked Google for comment as well, but I’m not hopeful. (UPDATE: I can see the future! No comment from Google.) In the absence of one, I’ll speculate that Google was freaked out that the “leak” would cause it problems with Wall Street and/or the SEC.

But again, if that’s the case, that makes no sense–you can’t hand out big fat checks to 23,300 people and keep it quiet indefinitely.

And since the point of the raises is to keep Googlers happy in a hot job market–and presumably, to help recruit new Googlers–you’d think Google would want the “confidential” memo distributed. Right?

I gather that some of you agree with Google on this one. Since the company won’t talk, feel free to make their case for them in the comments below.

Just how, exactly, RIM (RIMM) reached compliance isn’t exactly clear. The company refuses to discuss its deal with the UAE, claiming its terms are confidential. But according to the TRA, it’s the result of “positive engagement and collaboration” with the company, so my guess is it got what it wanted: An arrangement that will give it access to BlackBerry data.

Meanwhile, RIM’s services will continue uninterrupted as it prepares for the UAE launch of the Torch and Curve model in the weeks ahead.

Doubtlessly, in some business tome to come, it will all be depicted in glorious detail.

And here are three real-life scenes where BoomTown would desperately have loved to be a fly on the wall:

First: The boardroom perusal of the contents of the eight-page letter from former Hewlett-Packard (HPQ) outside contractor Jodie Fisher, sent to former CEO Mark Hurd, which set in motion the circumstances of his ouster–including the odd investigation into that personal relationship that only managed to turn up dicey expense reports.

Second: The welcome-to-the company-and-screw-HP pep talk that Oracle (ORCL) CEO Larry Ellison delivered to Hurd in appointing him co-president and also a director of the database giant.

And third: The furious HP board racing to the door to file a lawsuit against Hurd for the move.

What happens next should be interesting, especially since the idea of settlement has never been one of the tools in Ellison’s wheelhouse, who is doubtlessly egging Hurd on here.

And, after yet another curveball thrown up by Hurd, it is probably not what HP’s board is angling for either.

But perhaps–after all this mishegas–it is precisely what the tech giant should do, focusing instead on finding a new leader to compete with challenges from companies, such as, well…Oracle.

As it was obligated to do, the lawsuit that HP has filed runs through all the typical charges in cases such as this–almost all of which center on the use of confidential information and how Hurd was paid off not to do exactly what he has done.

It certainly is a lot of money–estimated to be about $35 million, depending on HP’s stock price–and hinges on a two-year confidentiality agreement Hurd agreed to.

HP is correctly avoiding any noncompete language, since California–the state where both Oracle and HP are based–shoots holes in those kinds of defenses.

Instead, as it noted in its lawsuit, HP alleges that Hurd “cannot perform his job at Oracle without disclosing or utilizing HP’s trade secrets and confidential information.”

Of course he cannot, but this should not keep HP’s board from settling, as much as it will pain it to do.

Such a move could not have been helped by Ellison’s typically outrageous remarks about how HP treated Hurd, calling the break between them “the worst personnel decision since the idiots on the Apple board fired Steve Jobs many years ago.”

And then yesterday’s statement by Ellison: “By filing this vindictive lawsuit against Oracle and Mark Hurd, the HP board is acting with utter disregard for that partnership, our joint customers, and their own shareholders and employees. The HP Board is making it virtually impossible for Oracle and HP to continue to cooperate and work together in the IT marketplace.”

Of course, that’s just the kind of let’s-go-to-the-mattresses noise that HP needs to ignore, now that the longtime partners are clear rivals after Oracle’s $7.4 billion acquisition of computer maker Sun Microsystems.

This purchase put Oracle directly into the server and data-storage-systems business for the first time.

That’s the real reality for HP–and not the delicious “Real Housewives of Silicon Valley” reality show this has turned into.

And–as much as I would like to see Ellison upending a table onto HP board member Marc Andreessen–no amount of legal and public wrangling with Hurd is going to change that.

If it could not work with him any longer–a corporate psychodrama about which there is still much unsaid–HP needs to move on.

Of course, Hurd should not get off for manipulating the bad situation so deftly either, and perhaps should offer to return some, if not all, of the severance paid for his silence.

Or, it could all just come out in open court and give the world a glimpse into all the twisty machinations that got us here.

Which, as you might imagine, is just fine by me–although not so much for the shareholders of HP.

Of the 600 financial sector workers surveyed on Wall Street and London’s Canary Wharf who lost or left a job last year, 41 percent admitted to taking confidential company data with them. Exactly half, 50 percent, said they would steal company information if they were fired tomorrow, and 39 percent said they would download it if they felt their job was at risk.

Nearly a third, 28 percent, would use the information to negotiate their next position. The most commonly stolen data: Customer contact lists that could be leveraged at a new job.

Cyber-Ark’s study isn’t the first to uncover such employee sentiments. A similar effort by the Ponemon Institute earlier this year found that close to 60 percent of people who left or lost their jobs in 2008 took company data with them. “I’m not sure that malicious intent and future employment are mutually exclusive,” Larry Ponemon, chairman of the Ponemon Institute, told eWeek at the time.

“Clearly the responses show that obtaining future employment was a significant motivating factor,” Ponemon added, “but when we see a high percentage of individuals who took information knowing full well they were acting in violation of company policy, that hints strongly at the presence of malice.”

Now Twitter, which has suffered multiple security breaches in the past, has been punctured again. Someone has gotten into the personal Web services accounts of co-founder Evan Williams, his wife and at least one other Twitter employee, and used that access to make off with a pile of confidential company documents. He’s now distributing them on the Web, and TechCrunch promises to publish many of them.

The media ethics colloquy is well underway and will go on for a while (Boomtown’s Kara Swisher is holding her session, appropriately enough, via Twitter). Beyond that, I’m pretty sure Twitter is going to be okay when this dies down.

Based on Williams’s description of the attack (see the bottom of this post), as well as both TechCrunch’s and the hacker’s descriptions of what got pilfered, this looks roughly akin to having your underwear drawer rifled: Embarrassing, but no one’s really going to be surprised about what’s in there.

The hack certainly will be worrisome for people who are using, or thinking about using, any kind of “cloud computing,” whereby work data/documents are stored on servers accessed via the Web. Google (GOOG) in particular is going to get some scrutiny, both because it’s Google and because it appears that a lot of this stuff was stolen after the hacker used Google’s “password recovery” system to root around. UPDATE: Twitter is now going out of its way to say that the attack isn’t Google’s fault, but Twitter’s fault for using passwords that are easy to guess.

Albert Wenger, a partner at Twitter investor Union Square Ventures, says in a post that his shop is currently considering moving its systems to Gmail and Google Docs, but notes the big problem: “The threat of access by a third party increases exponentially with the move to the cloud, because the machines that now contain the documents and the links to those documents (as sent by email) are accessible to the Internet at large.”

But cloud computing isn’t going away, so someone’s going to need to figure out how to make security better, yet still practical. There’s a reason no one follows the standard advice about having a different, impossible-to-remember password for every account you have. Wenger takes a stab at it in post–he suggests something tethered to a mobile phone. But whoever figures it out is going to have a lot of fans.

Williams’s description of the hack, via TechCrunch:

Yes, we did suffer an attack a few weeks ago and are familiar with this list of stuff. This is unrelated to the hack of twitter where someone gained access to user’s accounts. This had nothing to do with the security of twitter.com, and there were no user accounts compromised here.

Some notes:

- He did not actually gain access to my @ev Twitter account (or any Twitter accounts) nor any administrative functions of the site.
- There is also no evidence that he gained access to my email. There was one administrative employee who’s email was compromised, as was my wife’s Gmail account, which is where he got access to some of my credit cards and other information.
- He also successfully targeted a couple other employees personal accounts (Amazon, AT&T, Paypal…)

In general, most of the sensitive information was personal rather than company-related. Obviously, this was highly distressing to myself, my wife, and other Twitter employees who were attacked. It was a good lesson for us that we are being targeted because we work for Twitter. We have taken extra steps to increase our security, but we know we can never be entirely comfortable with what we share via email.

[Image credit: Wikimedia Commons]

1. If you have a Windows computer, you must obtain and install all of the following: a reputable antivirus program, a software firewall, a junk-mail filter and an antispyware program. Even if you own a Macintosh (Macs have been unaffected by most of these threats to date), you will still need to turn on your computer’s firewall and employ a junk-mail filter.

2. Upgrade to the latest versions of the leading Windows web browsers, Microsoft’s Internet Explorer 7 and Mozilla’s Firefox 2.0, both of which warn you when a web page you’re visiting appears to be phony. (The new Internet Explorer also has under-the-hood security improvements that close some of the holes plaguing older versions.) You might also consider add-on software, like McAfee’s SiteAdvisor or the new Norton Confidential, which warn about fraudulent sites and, in the case of Norton, also about malicious software on your PC. On a Mac, consider using Firefox 2.0 instead of Apple’s Safari, which, while very good and generally secure, lacks a fake-web-site detector.

3. Never respond to or click a link within any unsolicited email message from a financial institution — even your own — no matter how official it looks. Crooks have become skilled at mimicking logos and typefaces used by banks, brokers and payment services like PayPal. When you click on links within these fake emails, you’ll be taken to web pages that look like the companies’ official sites, even down to the address, but they’ll steal your log-in information. Be especially wary of email from a financial institution that asks for account information or says you must log in at a linked site to address a problem. You can phone the company to see if there really is an issue. Obviously, this caution doesn’t apply to some financial emails, such as confirmations of online stock trades you’ve just executed. But in general, you shouldn’t conduct financial transactions via email or links in email. Instead, go directly to the financial sites you use.

4. Similarly, never act on emails offering stock tips, miracle pills or the chance to earn money by storing millions from overseas in your bank account. Sounds obvious, but in the past these scams might have cost you a little money. Now they may be part of more-damaging identity-theft schemes. Treat such come-ons the way you’d treat a stranger in a bad neighborhood who made such promises.

5. Never, ever download software from a company or web site whose honesty or veracity you’re not sure of. If a site says you’ll need special software to use its features, don’t bite. Even if the software is well known and safe — like RealNetworks’ RealPlayer, Apple’s QuickTime or Adobe Flash — don’t get it from a link provided by a random web page. Instead, visit the Real, Apple or Adobe sites to download it manually.

6. Finally, never use security software offered to you via unsolicited email or a popup window, or that suddenly appears on your PC. Such programs are almost always scams and often install malicious spyware, adware and viruses rather than cleaning them up. In general, stick with leading security brands like Symantec, McAfee, Zone Labs and Webroot. Check the software in the reviews section of PC Magazine or the CNET web site. If it isn’t covered there, it’s probably untrustworthy.