Windows holes, Google food, aging tunesmiths, cranky billionaires, Tony Soprano, and -- yes -- the ghost of MicroHoo dominate this week's quiz. Are you ready to demonstrate your geek street cred? Give yourself 10 points for correct answers and bupkis for everything else. Ready? Then let's rock and roll.

1. Australian security researchers have determined that Windows Vista is more secure than XP -- but more prone to attack than Windows 2000. How many unique Vista vulnerabilities did the researchers find?

a. 478
b. 586
c. 639
d. 1,021

Take the InfoWorld news quiz

In its continued attempt to convince business customers to adopt Vista, Microsoft has outlined and tried to explain some of what it calls the OS's most "misunderstood" features in a document posted to -- then mysteriously removed from -- its Web site this week.

In the document, "Five Misunderstood Features in Windows Vista," Microsoft lists what it believes are five features of Vista that "cause confusion" and "slow Windows Vista adoption" for most users. The company identified User Account Control, Image Management, Display Driver Model, Windows Search, and 64-bit architecture as features that are flummoxing IT professionals when they install Vista across desktops on a network. It offered tips for how to deal with common problems.

[ Related: Find out why developers are avoiding Windows Vista ]

The document was posted to the Web site Friday morning; however, by the afternoon, the link was no longer working. It still came up in a Live Search of the Microsoft Web site, but the link provided there also was inactive.

Microsoft did not immediately respond to a request about the document Friday.

Businesses have been slow to adopt Vista since its enterprise introduction in late November 2006, and by now users have identified the features listed in the document as some of their biggest pain points.

One that has been especially problematic -- and even spoofed in an Apple TV commercial -- is User Account Control (UAC). UAC prevents users without administrative privileges from making unauthorized changes to a PC. But because of its settings, it can prevent even authorized users on the network from being able to access applications and features they should normally have access to. It does this through a series of screen prompts that ask the user to verify privileges, and it may require a user to type in a password to perform a task.

In its document, Microsoft said the feature has gotten a "bad rap" because it's a "set of technologies" dispersed throughout the OS and designed to protect the system in a variety of ways, not just one feature that can be controlled in an isolated way.

Microsoft also designed UAC to "help nudge ISVs towards designing applications that function in Standard User mode," one of two user privilege modes in UAC. The other is Local Administrator.

As it stands now, the prompts interrupt normal workflow, even in some mundane tasks, unless a user is set as Local Administrator. This is because the many third-party Windows applications that predate Vista weren't developed to work with UAC's "Standard User" designation, so they default to requiring Local Administrator rights, said Keith Brown, a network administrator for Gwinnett Medical Center in Lawrenceville, Georgia. Gwinnett is a not-for-profit medical network serving more than 700 physicians around the Atlanta area.

If a Standard User asks an application to perform a task that touches a part of the OS that the software says "should not be meddled with," it will prompt the user and require a password to perform that task, he said. This is common, especially when someone tries to install software as a Standard User, Brown said.

"It's an annoyance," he said, which is why most IT administrators will turn off the feature when installing Vista across desktops, which defeats the purpose of Microsoft putting it in to protect the OS in the first place.

One way to get around UAC is to use third-party software, such as Privilege Manager from BeyondTrust, to set user privileges, Brown said. Microsoft even recommended BeyondTrust's product to customers when the company, based in Portsmouth, N.H., came out with Privilege Manager 3.5 last August. That was the first version of the product designed to work with UAC.

John Moyer, CEO of BeyondTrust, said Privilege Manager lets network administrators configure in advance which applications can run or be installed on Vista machines on a network. It assigns the appropriate elevated privileges to Standard Users so they are not prompted even if third-party software does not recognize them as an authorized user of a task. "There is no interruption to the workflow," he said.

Brown said that without Privilege Manager, UAC would probably be turned off for the 30 to 40 Vista desktops his company is testing in its information systems department. He said the incessant prompting from UAC can be turned off from within Vista, but it's extremely time-consuming for the IT department to do that for each user on the network.

Gwinnett Medical Center eventually is planning a broader Vista deployment, but that "won't be this year," Brown added.

Looking to sharpen its business focus, Compuware this week launched its "Compuware 2.0" campaign, which is being characterized by the 35-year-old software tools vendor as a rebirth of the company.

With Compuware 2.0, the company will evaluate its product list and emphasize business value in its solutions. "There's a marketing component [to Compuware 2.0], but in its simplest for [it is] a recommitment in the focus," on economic value for customers, said Jason Vines, senior vice president and chief communications officer at Compuware.

The goal of Compuware 2.0 is corporate growth; the company has been growing at about 10 percent per year and remains profitable, but that has not been enough, according to Vines. A higher corporate profile also is sought.

"Beyond our client base, we're not that well-known even though we've been around for 35 years," Vines said.

Compuware officials will deploy the "chasm" process to drive economic value from its products. Resources will be put behind product areas where Compuware is competitive or better. But some solutions will be discontinued, such as the OptimalJ Java development environment. OptimalJ has been lacking in that is has not offered repeatable processes at different user sites.?

"We are supporting it with our current clients; we are not going beyond [this base of user]," said Vines.

As part of Compuware 2.0, the company plans to focus more on IT services and leverage its Vantage offering for service management. More resources will be devoted to the company's ChangePoint software for IT portfolio management as well. Compuware will emphasize products like Covisint, which is a SaaS-based collaborative portal that will be the subject of an upcoming IPO.

Additionally, Compuware is citing differentiation with its products in the quality assurance testing space including QADirector, TestPartner and Optimal Trace.

The company has no plans to de-emphasize the mainframe platform as part of Compuware 2.0.

Also part of Compuware 2.0 is a new logo and company tagline: "We make IT rock around the world."

The bad news just doesn't seem to end for Yahoo. As the Internet portal prepares to fend off a proxy fight by billionaire investor Carl Icahn, new research from comScore concludes that for the first time, Google has overtaken Yahoo as the most-visited Web site in the U.S.

Google reached the pinnacle of the Top 50 U.S. Properties in April, with an audience of 141 million visitors, according to data from comScore's monthly analysis. In April, more people used Google's job search, career resources, and television sites, according to comScore.

Yahoo sites ranked second, with 140.6 million visitors, followed by Microsoft sites with 121.2 million visitors. Superpages.com Network, the online directory for local businesses, and jobs Web site CareerBuilder both jumped ahead eight spots to come in 18th and 30th, respectively, according to comScore.

"April was a very active month. Google took the top property position, thanks to continued search growth and rapid growth at YouTube," said Jack Flanagan, executive vice president of comScore Media Metrix, in a statement. "The return of the network television programs after the writers strike sent fans to a variety of sites to get information on their favorite shows, catch up on episodes they may have missed, get refreshed on plotlines, and to stream new episodes."

As U.S. citizens raced to meet the April 15 deadline to file their taxes, a number of tax-related Web sites recorded increased numbers of visitors. For example, 23.4 million visitors logged on to IRS.gov, up 35 percent from March and Intuit.com 's traffic rose 11 percent from March to 13.3 million visitors.

"The significant traffic growth at tax sites, which began in January, reached a crescendo by the tax filing deadline on April 15 as taxpayers sought information, forms, and online filing facilities," Flanagan said in the statement.

This was a big IT news week, with the massive earthquake in China on Monday showing once again the role that the Internet plays in connecting us all, in good times and bad, and the importance of telecommunication, particularly for rural areas. HP opened the week with word that it is buying EDS. And the Microsoft-Yahoo saga was back in headlines, thanks to investor Carl Icahn, who hasn't enjoyed a good proxy fight lately and so decided to try to shake up Yahoo's board.

[ Video: Catch up on the stories of the week with the World Tech Update ]

1. HP to buy EDS for $13.9B: Hewlett-Packard is buying IT outsourcer Electronic Data Systems for $13.9 billion in a deal that drew mixed reactions from customers and analysts alike. Some lauded the move, saying it makes a lot of sense, and others were left scratching their heads wondering why HP would make such a move now, given the state of the economy, and whether the combination will be as potent as HP CEO Mark Hurd insists it will be. Everyone seemed to agree that if the deal passes regulatory scrutiny and goes through -- and there's no suggestion it won't -- at the least it will keep IBM on its toes.

2. Icahn takes on Yahoo board; Yahoo tells Icahn that its own board knows best: Investor Carl Icahn scooped up about 59 million shares and share-equivalents of Yahoo in the past couple of weeks, then put together a group of 10 buddies he proposes should replace all of Yahoo's board of directors. He spelled out his dismay that Yahoo rebuffed Microsoft's acquisition attempt in a snippy letter to Chairman Roy Bostock. Bostock responded with a stern missive, telling Icahn, "Unfortunately, your letter reflects a significant misunderstanding of the facts about the Microsoft proposal and the diligence with which our board evaluated and responded to that proposal." It also sought to remind Icahn that "there is currently no acquisition offer on the table from that company or any other party." Even so, Yahoo has been "crystal clear" that it will "consider any proposal ... that offers our stockholders full and certain value." Microsoft bid $44.6 billion for Yahoo on Feb. 1, but withdrew the offer on May 3 when the two companies couldn't agree on financial terms.

[ For the complete saga of Microsoft's unsuccessful bid to take over Yahoo, check out InfoWorld's special report ]

3. Big quake takes out mobile network in Chengdu , Did Twitter beat media with earthquake news? and Telecom: Nice to have or basic necessity?: A 7.9 earthquake (initially reported as 7.8) on the Richter Scale shook Sichuan province in China on Monday, hitting the city of Chengdu and outlying regions particularly hard. The mighty quake -- the largest in China in three decades -- knocked out mobile-phone service in some areas for a time, underscoring how vulnerable communication systems are in times of disaster and yet how critical they are. The earthquake also highlighted the role that online social-networking communities can play in getting news out, with Beijing-based Twitter users among the first to post word that the ground was shaking. Initial media reports also were out of Beijing, some 1,500 kilometers from the epicenter, which experienced a 3.9 earthquake just after the major Sichuan temblor, which led to some immediate confusion about what was going on. By week's end the official death toll was 21,000, with at least 14,000 victims still buried in rubble. Some 4,400 aftershocks -- and still counting -- had been recorded.

4. CBS to buy CNET Networks for $1.8 billion: U.S. broadcasting company CBS bid $1.8 billion cash to snap up CNET Networks, the online media company that owns the news.com and TV.com domains, along with other Internet brands. The deal has yet to be approved by shareholders. CNET's largest shareholder, investment fund Jana Partners, has been engaged in a battle to replace board members and management. The premium-priced deal is expected to close in the third quarter.

5. Adobe refreshes Flash player: Adobe Systems asserted its dominance in the RIA (rich Internet application) arena with an update of its Flash Player technology released to developers through the company's Adobe Labs site. Code-named Astro, Flash Player 10 will be generally released later this year. It features custom filters and special effects capabilities that developers have clamored for, and is considered a "competitive response" to Microsoft's Silverlight technology and Sun's JavaFX platform.

6. Widespread iPhone outages fuel 3G rumors: AT&T limited iPhone sales to one per customer this week, but that assumes that shoppers can find a store that actually still has iPhones available. O2 ran out of the wildly popular Apple smartphones in the U.K., and Macworld called Apple stores all over the country to see where iPhones can be found and didn't have much luck either. Apple's online stores in the U.S. and U.K. were out as well. Reporters did find a few AT&T stores that were carrying both the 8GB and 16GB models. The shortage fueled speculation that an updated version of the iPhone -- possibly the hotly anticipated 3G model -- will hit stores soon.

7. Windows coming on dual-boot OLPC: The One Laptop Per Child Project and Microsoft have teamed to deliver a dual-boot XO laptop in August or September (to the certain dismay of open-source advocates and some developers). The low-cost dual-boot XO will have the Linux-based Sugar OS as well as a stripped-down version of Windows XP.

8. Yahoo Search Monkey opens to all developers: As part of its ongoing Open Strategy, Yahoo has opened up its Search Monkey platform to external developers. Yahoo's hope is that outside developers will be able to create applications that enhace the service and make it more appealing to use, not to mention more useful. It is also hoping to compete not just against search rivals like Google, but also social networking sites like MySpace and Facebook as the Open Strategy takes Yahoo further into Web 2.0 territory.

9. Developers explain why they're avoiding Vista: Fewer than 1 in 12 developers is currently writing applications targeting Windows Vista. The reasons for this lack of interest vary widely; some developers say the new features of Vista amount to little more than "demoware," while others claim Vista is too "leading edge" and hasn't been adopted widely enough to justify being the primary focus of development. Besides the problems developers associate with the OS, there is another reason causing them to balk: Many would rather develop Web applications than target the client side.

10. Is the browser doomed?: As the Internet came of age, the browser was tagged as the killer app. As we move into the Web 2.0 era, however, the browser is being left in the dust. Rich Internet applications are increasingly encroaching on what used to be browser territory, creating an Internet that is much more than simply what can be explored with a Web browser. In short, the Web has changed, but the browser has remained largely the same, and as a result, the Web may outgrow its old companion.

ObjectWave is offering a rich Internet application platform called Swan, which makes it easier to link AJAX (Asynchronous JavaScript and XML) interfaces to back-end server code.

Now in a beta release, Swan enables simpler connectivity between AJAX interfaces and server-side code based on Java, PHP (Hypertext Preprocessor), and Smalltalk. .Net support is planned for a future offering. Developers do not need to write the code for this linkage; JavaScript is binded to server-side components.

"All of that is being done by our engine transparently, so developers don't have to do any of that coding," said Alberto Corona, chief technology officer at ObjectWave. Developers, he noted, leverage AJAX to build dynamic, responsive applications with an enhanced user experience.

Swan abstracts away the user interfaces so that the server logic can manipulate user interfaces directly, said analyst Vishwanath Venugopalan, of The 451 Group,

"It?s a pretty straightforward API," Venugopalan said.

ObjectWave plans Community and Professional editions of the product, with the Professional edition offering more components and wizards for automating application creation. The beta version is based on the Community edition.

The company does not have a date yet for the general release of Swan.

Former One Laptop Per Child president of software and content Walter Bender has launched Sugar Labs, an organization that will promote the development of the open source user interface originally developed for the XO laptop.

Sugar Labs Foundation will refine the development of Sugar, a UI (user interface) for the Linux OS that provides educational tools for kids. The foundation aims to create distributions of Sugar for multiple hardware and open source platforms beyond the XO laptop.

"By being independent of any specific hardware platform and by remaining dedicated to the principles of free and open-source software, Sugar Labs ensures that others can develop diverse interfaces and applications from which governments and schools can choose," the nonprofit said.

GNU/Linux will remain the platform of choice for the development and distribution of Sugar, Bender said in an interview. However, Sugar Labs is not promoting operating systems; it intends to use open source as a tool to promote a learning model, he said.

The give and take of the open source development model embodies the culture of learning and education. "A transfer of this culture could greatly enhance the education industry and its ability to engage teachers and students," he said.

Whether the nonprofit helps port the Sugar UI to Windows is yet to be determined, Bender said. "It is hard to imagine that a Windows port would be done without the cooperation and participation of the core Sugar developers," he said.

The organization has its own road map for developing the Sugar UI, and it hopes to work with OLPC.

"For the moment at least, OLPC is continuing to fund the development, so we anticipate a productive partnership, regardless of the fact that OLPC will be offering Windows XP as an option," Bender said.

Sugar Labs, of which Bender is one of the founders, was announced the same day OLPC announced it would start selling Windows XP on the XO laptop, an ultraportable computer designed as a learning tool for kids in developing countries.

Bender resigned last month from OLPC as the group seemed to move toward loading Windows XP on XO. His resignation earned him applause from the open source community.

After Bender quit, OLPC chairman Nicholas Negroponte questioned the development process of Sugar, calling it a "weakness" due to unrealistic development goals and practices. He urged the developer community to stop bickering, unite, and to help port the Sugar UI to Windows to make XO laptops more appealing to users.

Sugar needs to be separated from the Linux OS core and made platform agnostic, Negroponte wrote. "To do that, we need to hire more developers, work more together and spend less time arguing," he wrote in an e-mail.

Developers in the open source community expressed outrage at Negroponte's comments, calling his appeal vague and demoralizing for Sugar's future development. The comments spawned a debate on the merit of OLPC's move to the Windows OS.

Earlier this month, Kim Quirk, director of the technical team at OLPC, tried to reassure developers that OLPC was committed to Sugar as an open source project, as it provides a great opportunity for learners as well as contributors, she wrote in an e-mail.

If you think that you always get what you pay for, the just-released beta of OpenOffice 3.0 should convince you otherwise. This free, open source software suite provides most of what anyone could want in an office suite, including a word processor, spreadsheet, presentation program, database, drawing tools, and math equation editor.

Although it doesn't include all of the high-end features and the slick user interface of Microsoft Office 2007 (for the PC) and Microsoft Office 2008 (for the Mac), it will handle just about any job you need done. If you're not working in an enterprise that has standardized on Microsoft Office, you should think twice before paying full freight for Office, and give serious consideration to this free alternative when the final version is released.

Keep in mind that OpenOffice 3.0 is in beta and should be used for evaluation purposes only. I tested the Windows version on a 1.83GHz Core Duo PC with 1 GB of memory, and found it to be somewhat buggy. For example, I was unable to create a document and save it without crashing -- I had to first create a document in another program, and then open it in OpenOffice; at that point it worked fine. These types of problems should come as no surprise; the final version isn't due until September, and this is a very early beta.

The download comes with six applications: the Writer word processor, Calc spreadsheet, Impress presentations program, Base database program, Math equation editor, and Draw graphics program. Even as a 147.9MB download, though, it's still svelte compared to Microsoft Office.

What's new
If you've already used OpenOffice 2.0, the beta of version 3 will be very recognizable. Little in the overall interface or each individual application has changed. If you're not familiar with OpenOffice, you'll consider the interface either functional and straightforward or old-fashioned and stodgy, depending on your aesthetic inclinations. Toolbar icons, for example, are cartoonish-looking, and you won't find the equivalent of Microsoft Office 2007's Ribbon.

A nice new addition is the Start Centre, which lets you easily create a new document or open an existing one -- just click on the proper icon. The Start Centre appears only if you don't currently have an OpenOffice application opened. Once you've opened an application, you can create or open a document by right-clicking the OpenOffice icon in the system tray and making the appropriate choice.

Particularly important are changes to support for file formats. OpenOffice 3.0 supports the upcoming OpenDocument Format (ODF) 1.2 standard, and will also be able to open documents created in Microsoft Office 2007 and Office 2008 for the Mac, which means that it's about as universally useful as an Office suite can be. It can also export files to PDF. Mac users will be pleased to know that it can now run natively on Mac OS X without having to use X11.

There's also a new zoom control on the status bar, much like the one in Microsoft Office 2007. And there are minor tweaks to each of the separate applications. For example, both Draw and Impress have improved on their cropping features, and Writer can now display multiple pages.

Writer
Most people will likely spend the majority of their time in Writer, the OpenOffice word processor. The design is simple and straightforward -- a menu atop two toolbars, one for formatting, and one called Standard, which has the usual functions you would expect: opening and closing files, spell-checking, redo and undo, search, and so on. There are a wide variety of other toolbars you can add from the View menu, such as for drawing and creating bullets.

You'll find all the tools you need for performing almost all word processing functions, whether it be simple ones such as formatting and creating tables, or more sophisticated ones, such as comparing documents and doing mail merges. In fact, for well over 90 percent of what most people do with their word processor, there's no real difference between Writer and Microsoft Word. How important that other 10 percent is to you will determine whether you're willing to pay for Office or instead use the free OpenOffice.

For example, Writer doesn't include Word's smart paste feature that lets you decide, when pasting text into a document, whether to use the text's original formatting or your document's formatting. And it doesn't include other features, such as Word's Quick Parts (formerly known as AutoText) that lets you create complex building blocks of text, formatting, and graphics that you easily organize and reuse. In addition, it doesn't come with nearly as many prebuilt templates as does Word.

Calc
Calc, like Writer, will handle over 90 percent of what you use a spreadsheet for. In addition, one of Calc's new features is nice: the ability to collaborate with others via workbook sharing.

In my tests, Calc imported Excel spreadsheets without problems, and created them in Excel format as well. It saves files in an impressive array of formats, including ODF and OpenOffice formats, numerous Excel formats, HTML files, .csv files, dbase files, and others. Like Writer, it can also export files to PDF.

It includes all the spreadsheet functions you would expect, as well as charting features, although here again it falls short compared to Excel 2007. You won't find as many chart types and designs, and you can't customize charts to the same degree, either.

I found one problem: I was unable to edit charts created in Excel 2007; when I imported them into Calc, they turned into graphics.

Impress
This presentation program is particularly useful for those who don't create a lot of presentations, because by default it starts with a wizard-based interface. The wizard walks you through creating a basic presentation: choosing a template, background, transition effects, types of slides, and so on. Fill in the content, create new slides or delete existing ones, edit what you've got, and you're done. It's all exceedingly simple. If you don't like using wizards, you can simply turn it off.

Editing the presentation and individual slides is simple as well. A set of "tasks" appears on the right-hand side of the screen, including those for slide layouts, table design, and animation effects. Fill in the form for the task, and you're done.

As with other components of OpenOffice, Impress falls short when it comes to templates and backgrounds. You get very few of them, and the ones you get won't exactly impress your audience. So if you're someone who frequently creates presentations, and constantly needs new templates and backgrounds, you may be in trouble.

Other components
The remaining components of the suite include the Base database program, Math equation editor, and Draw graphics program. You won't mistake Draw for a fully featured photo editor or illustration tool, but that's not what it's been designed to do. It has a far richer set of tools than the Paint program that ships with Windows, so if Paint doesn't offer you what you want, and you don't want to spend the time or money learning a more complex program, you may want to give Draw a try.

Base has been designed for people who don't normally create databases, which means most of us. Like Impress, it starts out with a wizard interface, so you don't have to know much about databases, and you can still create one in a few minutes.

OpenOffice vs. Microsoft Office
For most of what you use an office suite for, you'll find that OpenOffice 3.0 will more than fill your needs. Whether you're creating documents, spreadsheets, or presentations, the suite offers all the basics and much more. There are excellent formatting tools, mail merge, macros, solid charting tools, and the ability to easily create presentations.

If you're thinking of switching to OpenOffice from Microsoft Office, expect practically no learning curve. Many keyboard shortcuts are exactly the same, as are many menus and toolbar choices. You'll be able to import your existing Office documents, and create them in Office formats as well.

OpenOffice also comes with a nice set of wizards for accomplishing a wide variety of tasks. Want to create a formula in Excel, or create a new presentation in Impress? You'll find a wizard for the task.

However, OpenOffice 3.0 does have some shortcomings compared to Microsoft Office. Start with the interface. There's no way around it -- while functional, the OpenOffice interface is dull and stodgy. You may feel as if you're back in the 1990s when you use it. The issue is more than simply aesthetic -- the Office 2007 Ribbon puts far more tools and features at your fingertips, and in a simpler and more elegant way than does OpenOffice 3.0. (Of course, if you're one of those Office users who dislike Microsoft's new interface, you may find OpenOffice's more traditional look to be an advantage.)

There are other shortcomings as well. OpenOffice doesn't have some of Office's more interesting and higher-end features, such as Quick Parts. In addition, you won't find as many templates, backgrounds, or layouts. OpenOffice 3.0 only has the bare minimum (of course, this is a beta release, so this may change).

That shouldn't surprise anyone, considering that OpenOffice is free and without the backing of a multibillion-dollar company. Still, keep that in mind when deciding which you'd rather use.

The bottom line
Who should use OpenOffice? Anyone who needs an office suite but doesn't require the more sophisticated features of Microsoft Office. It's ideally suited for home users, students, and small businesses who don't want to pay the hefty fee for Microsoft Office. If you plan on purchasing an ultra-low-cost portable such as the Asus Eee PC, the suite is ideal -- it's free, doesn't require an excess amount of RAM, runs on a variety of operating systems (including Windows, Mac OS, and Linux), and won't take all of your precious hard disk space. Even on a normal PC, it's a great alternative to Microsoft Office.

Enterprises, though, may have already standardized on Office. And even if they haven't, there simply aren't the support tools and support ecosystem for OpenOffice as there is for Microsoft Office.

All in all, OpenOffice 3.0 shows that you don't have to pay a bundle for a great office suite -- in fact, you don't even have to pay a penny.

Computerworld is an InfoWorld affiliate.

HP Thursday confirmed that some users of its AMD-based desktops have had problems after installing Windows XP Service Pack 3 (SP3), and said it would issue a patch this week to prevent machines from spiraling into endless reboots. HP also told users to delay installing XP SP3 until that patch was released.

Microsoft, meanwhile, acknowledged Thursday that it's working on a hotfix of its own.

The confirmations were the latest additions to the weeklong saga of problems some users have encountered after upgrading Windows XP to SP3. Last week, reports began showing up on Microsoft's support forum of "endless reboots" crippling machines running Advanced Micro Devices (AMD) processors. Many of the users said that the out-of-control PCs were from HP.

Users, led by Jesper Johansson, a former program manager for security policy at Microsoft and currently an MVP (Microsoft Most Valuable Professional) who works at Amazon.com, identified several causes, including one limited to HP-branded systems. According to Johansson -- and later, Microsoft itself -- HP used a disk image created on an Intel-powered machine to factory-install Windows XP on AMD-based PCs. Microsoft had advised computer makers against doing that as long ago as 2004.

An errant reference in Windows Registry for an unnecessary device driver -- "intelppm.sys," a power-management driver designed only for Intel-based PCs -- causes the XP SP3 upgrade to install that driver to AMD systems, said Johansson. That causes the PC to fail to reboot when it restarts after the update. Because most XP machines are set by default to reboot on a failure, the PC reboots repeatedly; some users have had trouble interrupting the endless reboots and regaining control of their computers.

HP did not explicitly admit the problem was its fault, but confirmed some details of Johansson's analysis. "The affected HP systems do not have an Intel driver loaded onto them, but there is a services registry entry that SP3 appears to be recognizing as an instruction to load the Intel driver, subsequently causing the failure," HP said in an e-mailed statement Thursday.

"HP is working diligently with Microsoft on a software update and will be proactively distributing a patch this week through HP Update that will prevent this error from occurring," the company continued. "HP recommends consumers with AMD-based desktops wait until after HP's or Microsoft's updates have been deployed on their systems to install Service Pack 3." The patch will be posted to this page of HP's support site when it's available.

"Microsoft is also developing a prerequisite fix that must be downloaded before SP3 will automatically install prior to its proactive distribution of SP3," HP statement added.

The Microsoft update that HP referenced is in the works, a Microsoft spokeswoman confirmed Thursday. "Microsoft is developing a hotfix for this issue, and will be available after it has been rigorously tested and meets our quality bar for release," she said in an e-mail Thursday afternoon.

Neither HP or Microsoft provided any details on what the Microsoft hotfix would do, but the "prerequisite fix" phrasing likely indicates the patch would be applied to either selective PCs or all XP machines before they are allowed to receive SP3 in the coming weeks when Microsoft flips the switch for automatic downloading and installing via Windows Update.

Microsoft has had to release several similar prerequisite updates or filters this year to prevent some users from obtaining service packs through Windows Update (WU). Last month, for instance, it delayed XP SP3 from reaching WU until it could craft a filter to exclude machines running its retail point-of-sale software. Microsoft also blocked significant numbers of users from receiving Windows Vista SP1 from WU beginning in late March.

Users impatient with HP's or Microsoft's patch plans can instead download a free tool crafted by Johansson that detects and fixed PCs that may be susceptible to the endless reboot issue.

Computerworld is an InfoWorld affiliate.

A security researcher has published a demonstration exploit that takes advantage of the download mechanism in Apple's Safari browser to automatically download files onto a user's system.

Nevertheless, Apple said it does not consider the issue a security vulnerability, according to Nitesh Dhanjani, a researcher who currently leads application security efforts at professional services company Ernst & Young.

Enterprises have begun paying closer attention to Safari in recent weeks because of a rise in the browser's market share on Windows. Safari is the built-in browser on Mac OS X.

[ See related story: "Apple's Safari browser likened to malware." ]

The problem arises "because the Safari browser cannot be configured to obtain the user's permission before it downloads a resource," Dhanjani said in a recent blog post.

He published a sample cgi script that automatically downloads large numbers of files to Safari's default download directory. "The implication of this is obvious: Malware downloaded to the user's desktop without the user's consent," Dhanjani said.

Apple told Dhanjani it did not consider the issue a security problem, but would consider the ability to warn before downloading content as a feature enhancement.

"Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," Apple said in an e-mail quoted by Dhanjani. "This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated."

A second problem is that Safari doesn't warn when local resources such as HTML files attempt to invoke client-side scripting, which could be a problem in part because Internet Explorer does warn in such cases, Dhanjani said.

"I feel this is an important security feature because of user expectations: even the most sophisticated users differentiate between the risk of clicking on an executable they have downloaded (risk perceived to be higher) to clicking on a HTML file they have downloaded (risk perceived to be lower)," he wrote.

Apple responded to Dhanjani that it would investigate the matter as a security hardening measure but that it would take "a fairly deep investigation to address compatibility issues."

Techworld is an InfoWorld affiliate.

Vodafone is acquiring ZYB, a Danish company that has developed a social networking and online management tool for backing up and sharing contact and calendar information online. Vodafone announced the €31.5 million ($48.7 million) deal Friday.

ZYB's social-networking platform is set apart from others because it works on mobile phones. Vodafone sees the opportunity to make money from, for example, mobile advertising using ZYB's technology, according to a statement from the operator.

ZYB is currently working on a new service called Phonebook, which will launch this quarter. Users will be able to see the location of their friends (if the friends will allow that), see if a contact is available for a call (including the time zone, so no embarrassing wake-up calls), and share their calendars.

Phonebook also integrates with Web-based services for social networking, including Twitter, Facebook, and Flickr, according to its Web site.

At the same time, it will keep the features of the existing platform, so users will continue to receive auto-updates of friends' contact details as well as an online back-up of contacts, calendar events, photos, and text messages.

Non-Vodafone customers need not be worried, according to ZYB's blog. "ZYB will stay open and free for all users all around the world, regardless of whether they are customers of Vodafone or any other network operator," said CEO Tommy Ahlers.

His company will remain based in Denmark, and upon acquisition will be incorporated into Vodafone's Internet Services Division.

The iPhone's reach expanded again Friday, with Orange announcing plans to sell the phone in Europe, the Middle East, and Africa. However, selling the phone might prove to be a challenge in some of those markets: In Egypt, it's all about having a good camera.

Just like previous announcements of new iPhone distribution deals, this one is slim on details: Orange said only that later this year it will bring the iPhone to Austria, Belgium, the Dominican Republic, Egypt, Jordan, Poland, Portugal, Romania, Slovakia, Switzerland, and its other African markets, which include Senegal, Kenya, and Mauritius.

The expansion to Africa is an interesting part of Apple's future strategy for the iPhone, but selling the phone there could be a challenge, and not just because it's an expensive gadget.

"With my Nokia phone I can take pictures at night," said Ragia Mustafa, who manned the information desk at ITU Africa Telecom 2008, which was held this week in Cairo. Unlike some other high-end camera phones, the iPhone does not include a flash light.

Mustafa also doesn't like the fact that you have to use iTunes when downloading music: On other phones, music files can simply be copied onto the phone as if it were a USB memory drive.

The need for a good camera is something that comes up again and again when talking with younger Egyptians about their phones. Easy Internet access, which is one of the features of the iPhone, isn't as important for them as the camera.

But there is some good news for Apple: Egyptians at the ITU conference recognized the iPhone, so the hype has reached this part of the world as well.

Nokia has blazed the trail in Africa, and the market is now starting to see a replacement cycle -- although Nokia, LG, and Samsung will be better placed to take advantage of that than Apple, according to Ben Wood, an analyst at CCS Insight.

"The roll out of the iPhone [in Africa] is more tactical than anything else, but there are some extremely wealthy people," he said.

Lately reports about the iPhone have focused on product shortages and expectations of a model for 3G mobile networks.

"We are waiting for the new model," said Bertrand Deronchaine, press officer at Orange.

He thinks it will be a success, since customers are waiting for it, but can't give more insight to when it will ship.

The string of distribution announcements will also put more pressure on Apple's supply chain, but analysts think Apple is on top of it.

"I am sure this is all part of the plan and the ramp up in production was planned. Of course we need to remember we are not expecting them to do millions and millions each quarter," said Gartner analyst Carolina Milanesi.

Some shortages can be a good thing, since it makes the product more attractive, according to Wood.

Fujitsu has developed a prototype electronic paper screen that tackles one of the technology's biggest weaknesses: the amount of time it takes to refresh the image.

On electronic paper, screens like those used in Amazon.com's Kindle or Sony's Reader for electronic books, it typically takes a second or more to redraw the image on the screen. Sometimes the screen flickers a few times as the new image appears or, as in the case of Fujitsu's cholesteric LCD technology, the image is slowly revealed in a long sweep across the screen -- but it's a long way from the milliseconds required on other display screens.

To tackle this problem, Fujitsu has tried to confine the refresh to just the parts of the screen that need to be changed.

It works best in applications where touch-sensitive e-paper displays are used for things like electronic forms, as the company demonstrated at its Fujitsu Forum event in Tokyo on Thursday.

When a user checks a box or writes in a space on the form, only those rows or columns of the display that have changed are refreshed. Those areas are refreshed at the same speed as before, but because a much smaller area is changed, the user perceives an improvement in performance.

The working prototype was a 12-inch display (about the same size as an A4 sheet of paper) with 768 by 1,024 pixels (XGA) resolution.

Fujitsu has been developing electronic paper for several years, and last year began offering sample portable information tablets to customers in Japan that are based on e-paper and include a network connection.

E-paper displays offer several advantages over conventional LCD panels. They can be made almost paper-thin, are easy to read in bright light, and only use power when the on-screen image is being changed.

The One Laptop Per Child Project and Microsoft plan to make both Windows and Linux available on a version of the project's XO laptop, the companies said Thursday.

The parties expect to deliver a dual-boot XO system in August or September that will have both the traditional Linux-based Sugar operating system of the XO and a low-cost student version of Windows XP, according to Kyle Austin, an OLPC representative.

OLPC chairman Nicholas Negroponte has referred in the past to a dual-boot XO model, but this is the first official announcement of such a system. The XO was developed by OLPC for children in developing countries. The availability of Windows on the system will give customers more choice in operating systems and let them use Windows-based educational software and tools, the parties said. Customers and partners worldwide have asked for Windows on the XO, they said.

Austin said the dual-boot system will have Sugar and Microsoft's Student Innovation Suite, a $3 software offering that Chairman Bill Gates announced last year. Gates said the suite would include a version of Windows XP, Microsoft Office Home and Student 2007, Microsoft Math 3.0, Learning Essentials 2.0 for Microsoft Office, and Windows Live Mail.

A Microsoft representative confirmed the XO would have a version of Windows XP but said the specifics were yet to be determined.

Trials of Windows on the laptops will begin in June in select countries, they said. During the trial, Windows will reside on an SD (Secure Digital) card in the laptop's SD slot, according to Austin, but in the final shipping machine, both OSes will be loaded on the device's flash storage.

OLPC is working with third-party developers to have the XO's distinctive Sugar user interface placed on top of Windows, but the dual-boot systems coming later this year will use the Windows interface for Student Innovation Suite, Austin said.

Microsoft and OLPC did not specify the price of the dual-boot system on Thursday.

A correction was made to this article on May 16, 2008.

In the four months since InfoWorld asked businesses and individuals to sign a petition at SaveXP.com requesting Microsoft keep Windows XP for sale beyond the planned June 30 general end-of-sales date, more than 200,000 have signed up to add their voices. As of May 15, the count was 200,805 signatures, excluding duplicates and fake signups.

"We're pleased and a little bit amazed that so many people from throughout the world have felt so passionately about the need to keep XP on the market," said Executive Editor Galen Gruman. "We had heard grumblings throughout much of 2007 about dissatisfaction with Vista's high hardware requirements, questionable interface changes, slow performance, and incompatibilities with third-party software, but no one seemed to want to say so in public. That's changed since the petition's launch on Jan. 14."

The campaign has caused a media frenzy, with stories in most major newspapers and news Web sites, as well as in blogs and radio programs. For example, Business Week noted in a recent story on increasing enterprise adoption of the Macintosh that Windows Vista was perhaps one of the biggest stumbles in tech history. A separate report noted that large companies such as General Motors and Alaska Airlines are skipping Vista and instead waiting for the next version of Windows, code-named Windows 7. And a major tech analyst firm has warned that Microsoft's many mishaps with Vista are putting the Windows franchise in jeopardy.

A few weeks ago, Microsoft CEO Steve Ballmer seemed to suggest that the company might give XP a reprieve -- something it had done six months ago when it extended XP's end-of-sales date from Dec. 31, 2007 to June 30, 2008, due to customer resistance to Vista, But his PR firm, Waggener Edstrom, quickly issued denials that any change was imminent, suggesting that the voices seeking to keep XP were a small minority.

Through its PR firm, Microsoft has declined to meet with InfoWorld to receive the petition and discuss the concerns of its customers who have signed it. Microsoft has repeatedly stated that it is satisfied with its sales of 140 million copies of Vista, which analysts and press reports repeatedly note include copies of Vista preinstalled on consumer PCs (for which XP has not been an option since spring 2007 at most retailers) or copies shipped to enterprises who exercise their rights to "downgrade" their systems to XP. There is no data on the willing adoption of Vista.

Microsoft has extended XP's life for sub-$400 PCs and for PCs meant for poor countries -- neither type of PC can run the more resource-intensive Vista. But Dell has gone a step further, announcing it would install XP on select new systems after June 30 using the "downgrade" license option from Microsoft in which a customer pays for Vista Business or Vista Ultimate but gets XP installed instead.

Windows holes, Google food, aging tunesmiths, cranky billionaires, Tony Soprano, and -- yes -- the ghost of MicroHoo dominate this week's quiz. Are you ready to demonstrate your geek street cred? Give yourself 10 points for correct answers and bupkis for everything else. Ready? Then let's rock and roll.

1. Australian security researchers have determined that Windows Vista is more secure than XP -- but more prone to attack than Windows 2000. How many unique Vista vulnerabilities did the researchers find?

a. 478
b. 586
c. 639
d. 1,021

Take the InfoWorld news quiz

Yahoo has responded to investor Carl Icahn's threat to take control of Yahoo's board and force it back to the negotiating table with Microsoft. The search company said Icahn's proposal shows "a significant misunderstanding" of how it handled Microsoft's offer, and argued that Yahoo's current board remains "the best and most qualified group" to handle its affairs.

[ For the complete saga of Microsoft's unsuccessful bid to take over Yahoo, check out InfoWorld's special report ]In a letter to Yahoo made public earlier Thursday, Icahn said he planned to nominate 10 candidates to replace the incumbent directors on Yahoo's board. He argued that Yahoo was wrong to reject Microsoft's offer to buy the company for $33 per share, and said he hopes to install a new board at Yahoo's shareholder meeting in July that will resume the merger talks.

Yahoo released its response to Icahn later Thursday, signed by board Chairman Roy Bostock.

"Unfortunately, your letter reflects a significant misunderstanding of the facts about the Microsoft proposal and the diligence with which our board evaluated and responded to that proposal," the company wrote. "A fair-minded review of the factual record leads to one conclusion: that Yahoo!'s ten-member board, comprised of nine independent directors along with Yahoo CEO Jerry Yang, remains the best and most qualified group to maximize value for all Yahoo stockholders."

The letter describes the negotiations with Microsoft in detail, in a bid to show that Yahoo took the offer seriously. It says it would not be in the best interests of Yahoo's shareholders for Icahn to nominate a slate of directors "for the express purpose of trying to force a sale of Yahoo to a formerly interested buyer who has publicly stated that they have moved on.

"Please may I remind you that there is currently no acquisition offer on the table from that company or any other party," the letter states. "That said, we have been crystal clear in our stance that we have been and remain willing to consider any proposal from any party including Microsoft if it offers our stockholders full and certain value."

Microsoft announced its $44.6 billion bid for Yahoo on Feb. 1, but it walked away from the deal on May 3 after the two companies failed to agree on a price. Microsoft eventually raised its offer to $33 per share, or by about $5 billion, but Yahoo's board wanted $37 per share.

Icahn, a billionaire investor who last year pressured Motorola to spin off its mobile-phone division, has bought up 59 million Yahoo shares since Microsoft walked away from the deal and hopes to buy a further $2.5 billion of Yahoo stock. He argued Thursday that Microsoft's offer of $33 per share is "obviously" superior to Yahoo's prospects as a stand-alone company, and said "a number of shareholders" have asked him to launch the battle for Yahoo's board.

"I am perplexed by the board's actions," he wrote. "It is irresponsible to hide behind management's more than overly optimistic financial forecasts."

Yahoo stuck to its guns and insisted again that Microsoft's offer undervalues the company. It said its board has met more than 20 times to discuss Microsoft's offer and other alternatives. It said it solicited input from shareholders, and that "the senior-most management" from both companies met seven times in person to discuss the deal.

On May 2, Yahoo's board instructed Yang to tell Microsoft that Yahoo was prepared to be sold for $37 per share, provided that Microsoft could show it was reasonably certain it could close the deal without running into regulatory issues.

"This was communicated to Microsoft in-person at a meeting in Seattle on May 3rd. With Microsoft's offer at $33 and Yahoo's counter-proposal at $37, Microsoft elected, within hours, to walk away from the negotiating table and informed us that they were 'moving on,' having never engaged further on price or any of the key non-price deal terms."

The letter concludes that Yahoo is open to a deal "with Microsoft or any other party" for the right price, and that its own board can best steer the company moving forward.

"We look forward to a productive dialogue," it concludes, anticipating a response from Icahn.

Billionaire investor Carl Icahn's proxy fight for Yahoo is aimed at reigniting merger talks between the Internet company and Microsoft, but he may have to prepare a backup plan in case Microsoft is unwilling to return to the bargaining table.

After Microsoft walked away from its $44.6 billion bid to acquire Yahoo, the company has been clear, publicly at least, about moving on, and executives said they are not interested in purchasing Yahoo anymore.

"It's not clear that Microsoft is still at the [bargaining] table," said Ned May, an analyst with Outsell. "That's a bit of a problem."

[ For the complete saga of Microsoft's unsuccessful bid to take over Yahoo, check out InfoWorld's special report ]

If Icahn can't woo Microsoft back as a Yahoo suitor, he may end up in the position of being the director of a company that no one wants to buy. And as Icahn has never seemed very interested in actually running someone else's business, this would put him in a rather risky situation.

Having made his $14.5 billion fortune by taking calculated risks, however, it's likely Icahn is preparing himself for the worst-case scenario. A source close to the billionaire investor said he may be consulting with IAC/InteractiveCorp CEO Barry Diller as he mounts his proxy battle for Yahoo.

One possible topic of the talks could be a plan to sell off parts of Yahoo to IAC, which owns Ask.com, a competitor to Yahoo's search engine.

IAC has faced its own troubles of late as it prepares to split itself into five pieces, and could be bolstered by acquiring Yahoo's advertising network and users.

However, it's unlikely that IAC, with a market cap of $6.6 billion, could afford such a deal, although it's clear Diller is interested in expanding his company's media properties, however far-flung they may end up being. On Thursday, IAC's Ask.com announced plans to buy Lexico Publishing Group, the owner of Dictionary.com, Thesaurus.com and Reference.com.

It wouldn't be surprising if Icahn also was speaking with other executives to prepare himself for the event that Microsoft won't return to negotiate a deal. News Corp. has been rumored as a potential suitor now that Microsoft is out of the picture; however, on a May 8 conference call, executives said the company is not in talks to purchase Yahoo at this time.

News Corp. did not reply to a request for comment on Thursday.

One analyst noted that "cash is pretty tight these days," which might make it risky for any company to invest in Yahoo if Microsoft won't bite.

Moreover, "Yahoo worked pretty hard to find other suitors to counter Microsoft, and were apparently unsuccessful in lining those up," said the analyst, who asked not to be named. If no one besides Microsoft came forward during the two months it haggled with Yahoo over a price, it's unlikely anyone would be willing to buy the company now, he said.

A multimedia deal between Icahn and Diller is not unprecedented. Two years ago, the two billionaires were rumored to be interested in joining forces to link up pieces of IAC and Time Warner, in which Icahn is an investor. However, nothing concrete ever materialized.

Right now it seems Yahoo investors will be supportive of Icahn's proxy battle, even as Microsoft remains silent. IDC analyst Caroline Dangson pointed out that Yahoo shares rose 5 percent after his proxy fight was unveiled, indicating some support for the plan.

Indeed, Paulson and Co., an investment firm that holds 50 million shares of Yahoo, came out in favor of Icahn's proxy fight on Thursday in an e-mailed statement, but said it hopes the end result will be a deal with Microsoft, not Icahn taking over the company.

Other major shareholders that had expressed ire over Yahoo's not accepting Microsoft's offer and are likely to support Icahn's proxy fight are Capital Research, which owns 16 percent of Yahoo, and Legg Mason, which owns 7 percent.

Shareholders will get to officially weigh in on Icahn's proposed new board at an annual stockholder meeting July 3. Unless Microsoft and Yahoo iron out a deal by then, Icahn may walk out of the meeting the proud new leader of a $38 billion Internet company.

James Niccolai in San Francisco and Juan Carlos Perez in Miami contributed to this report.

Sprint Nextel Thursday announced that WiMax has met its commercial deployment standards and is due to be launched commercially later this year.

Sprint says it has been using several metrics to test its WiMax technology, including its overall performance, its handoff performance, and its handoff delay. The tests, which began in June 2007, have been carried out primarily in the laboratory environment of Sprint's Xohm business unit and on its prototype commercial-service network that has been deployed in the Baltimore-Washington, D.C. area. 

Sprint says it conducted its first data session on the commercial network in October 2007 and started interoperability tests with WiMax-device vendors this past April.

Samsung, which has been one of Sprint's biggest partners in creating WiMax-enabled mobile devices, helped conduct the WiMax compliance tests, Sprint says. Last month, Samsung introduced several new WiMax-enabled devices, including an E100 PC Card and a WiMax-embedded Ultra-Mobile PC. The company says it plans to have its WiMax devices available to coincide with Sprint's WiMax commercial launch later this year.

"This is a major step towards launch readiness, and Sprint is extremely pleased with the performance of the mobile WiMax network and access devices from Samsung," says Barry West, president of the Xohm unit. "The collaboration with Samsung and our other partners has created a WiMax ecosystem that has now proven that it can deliver this new technology to the marketplace well ahead of any feasible alternative."

WiMax recently received a big boost when Sprint and Clearwire announced they will be combining their WiMax businesses to create a $14.5 billion mobile-broadband company. As has been rumored for the past few months, the new company will be focused on deploying a nationwide WiMAx network that will provide 4G coverage to consumers, businesses and government public-safety services in urban and rural markets.

A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday.

HD Moore, best known as the exploit researcher who created the Metasploit penetration testing framework, called the vulnerability in Debian and Ubuntu systems "ugly" and said it will be a big job for administrators to find every flawed key, then reissue them.

The bug, noted Tuesday by the Debian Project , is in the random number generator used to produce a variety of digital keys, including SSH keys and SSL certificates. The latter are widely used to secure traffic between users and secure sites on the Internet.

According to Moore, the bug makes it relatively easy to "guess" keys. In a posting to his blog Wednesday, Moore claimed he was able to generate 1024- and 2048-bit keys in about two hours.

Stronger keys, however, take considerably longer to create. He estimated that an 8192-bit RSA keyset would take some 3,100 hours (about 129 days) to generate.

Moore also published several key-generating tools -- collectively dubbed "Toys" -- that included a shared library and a key generation script.

With that information out in the wild, other researchers banged the warning drum. "This is very, very, very serious and scary," said Bojan Zdrnja, an analyst at the Internet Storm Center (ISC) in a warning posted on the organization's site Thursday.

Symantec also warned customers of its DeepSight threat network of the vulnerability and Moore's follow-on information and tools disclosures. The California-based company also noted that another hacker, "Markus M," published a tool that automates brute force attacks of the key weakness to the Full Disclosure security mailing list.

That revelation pushed the ISC to up its INFOCon threat status to "yellow," a relatively rare occurrence. "The development of automated scripts exploiting keys looks like a real threat to SSH servers around the world," said Zdrnja in a later posting to the group's site.

It's not just users running Debian-based systems -- which includes the popular Ubuntu Linux distribution -- who are at risk, Moore cautioned, but virtually anyone. If data copied to other platforms has been secured by keys generated on a Debian distribution, that data could be snatched.

"There's a lot of different areas that you're going to have to look, not just within Debian," Moore said. "Administrators will have to audit every single key. Even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system."

Moore, ISC's Zdrnja and others have recommended that Debian and Ubuntu users patch their systems -- updates are available -- and that users and administrators regenerate all keys produced on a Debian system between September 2006 and May 13, 2008. The September 2006 date, said Moore, was when the first builds that included the flaw were made available.

Although he said the situation is serious, Moore doubted that there would be general and widespread attacks. Instead, he said the most likely outcome would be targeted attacks on systems that administered large numbers of Debian users.

Moore also discounted any connection between the Debian vulnerability and his disclosures, and brute force attacks some vendors, including Symantec , have been tracking the last 24 hours. "The timing is definitely funny," he acknowledged, but said the differences -- the attacks have been against user-generated passwords, not authentication keys -- means the two events are probably just coincidental.