T-Mobile announced on Tuesday that it will soon begin using Yahoo as its preferred mobile search provider in Europe, ending the operator's existing relationship with Google for mobile search.

The move was seen by many as a minor coup for Yahoo, which is competing with Google and Microsoft to win the loyalty of a growing number of mobile Internet users. Others noted that mobile search is in its infancy and said the field is still wide-open.

When T-Mobile signed its original deal with Google, it made headlines as one of the earliest partnerships between a mobile operator and a search provider.

"Well done Yahoo for knocking Google off the Web n Walk home page," wrote John Delaney, an analyst for Ovum, commenting on the announcement. Web n Walk is T-Mobile's mobile Internet offering.

Beginning in March, T-Mobile customers in 11 European countries will see Yahoo's mobile oneSearch by default on their phones. OneSearch is designed to make it easy for mobile users to get relevant search results and navigate through different categories within search results.

The companies plan to offer other Yahoo services to T-Mobile customers, including Flickr, Messenger, Mail, Weather and Finance. Yahoo now counts 29 operators around the world as oneSearch customers.

The deal appears to mark a strategy change at T-Mobile. When the operator launched Web n Walk, the service was designed to mimic the Web by minimizing T-Mobile branded services and prominently offering Google, Delaney said. Since then, it has evolved to add more T-Mobile services. It's not clear yet which strategy end-users prefer. "The risk is that T-Mobile will discover that its users really preferred it when T-Mobile gave them access to the Web, and then got out of their way," Delaney said.

While the T-Mobile/Yahoo deal is a blow to Google, the search giant had a significant mobile win of its own this week. Nokia announced on Tuesday that it will add Google search in addition to its own search offering on select phones. Nokia plans to extend the offering to more phones in the future.

Nokia has begun offering an increasing number of services, such as location-based maps and social-networking services, which could compete with offerings from operators. "Nokia is walking a bit of a fine line because they're definitely moving into what some consider carrier territory," said Mike Wolf, an analyst at ABI Research.

So far, the market for branded search services on mobile phones like those from Yahoo and Google is still wide-open, he said. The search providers are increasingly interested in mobile because there is strong growth in mobile Internet usage, he said. The iPhone is contributing to that as a device that aims to make the mobile Internet as similar as possible to the PC-based Internet.

Services from Yahoo and Google also compete with those that are branded by the operator. Companies like Medio specialize in offering technology to operators for branded search services. Operators in the U.S. have been more likely to use the self-branded option rather than partner with one of the online brands. AT&T, however, is one notable exception -- it uses Yahoo's oneSearch.

Success in the mobile Internet is important enough that Wolf believes that Yahoo's track record in the mobile market was a factor in Microsoft's decision to try to buy the search provider. "Mobile is probably at least a consideration in the acquisition attempt," he said.

The number of malware code samples in the wild grew 30 percent to 410,000 in 2007, according to security researchers at IBM's ISS division. The Storm worm in particular accounted for 13 percent of the entire malware collection.

IBM released these findings and more in its security trends report for 2007, which summarizes the threat landscape based on IBM's research on malware, software vulnerabilities, phishing, and Web sites with questionable content.

While software vulnerabilities decreased 5.4 percent last year to 6,437 disclosures by vendors, the most risky "high impact" vulnerabilities that allow immediate remote or local access increased from 16.2 percent in 2006, the first such increase noted since 2004.

Kris Lamb, operations manager at X-Force Research and Development at IBM ISS, says one thing that struck him about this year's threat analysis is that half of the software vulnerabilities reported by vendors in 2007 had no vendor patch available for them.

"It seems that vendors have not produced patches, and we don't know why," Lamb says.

Microsoft, Apple, Oracle, IBM, and Cisco, together accounted for 13.6 percent of the total number of vulnerabilities -- and left 20 percent of those vulnerabilities unpatched, the report points out.

On the spam front, average spam message size is down to pre-2005 levels, corresponding with a decrease in image-based spam, the 2007 IBM ISS report says.

The report also notes that 9 percent of Internet content can be classified as unwanted criminal, pornographic, or "socially deviant" as compared with 12.5 percent last year. Socially deviant content is said to include political extremism, hate sites, and groups advocating discrimination. The United States far outpaces other countries as the primary hosting source of this unwanted content, accounting for roughly 40 percent to 48 percent in each category.

In its malware-code analysis, IBM ISS says there's a shift from mass-mailing worms to sophisticated targeted Trojan attacks with rootkits and other blended threats. Trojans made up the single largest class of malware in 2007, accounting for 26 percent of the total. But IBM ISS believes that malware code is becoming less distinct as simply a virus, worm, spyware, backdoor, or password stealer.

"Modern malware is now the digital equivalent of the Swiss Army knife, and 2007 data continues to support this," the report concludes.

The U.S. Senate defeated on Tuesday an amendment that would take away legal immunity from telecommunications providers that helped the U.S. National Security Agency conduct surveillance on U.S. residents, earning criticism from two civil liberties groups.

The Senate, by a 31-67 vote, defeated an amendment to the FISA Amendments Act, a bill that would make changes to the Foreign Intelligence Surveillance Act of 1978 and allow the NSA program to continue. In the past, the NSA has conducted telephone and e-mail surveillance of U.S. citizens conversing with terrorist suspects overseas without court-approved warrants.

The Senate was scheduled to vote on the full FISA bill late Tuesday.

The Electronic Frontier Foundation (EFF) and the Center for Democracy and Technology (CDT) slammed the Senate vote. "Immunity for telecom giants that secretly assisted in the NSA's warrantless surveillance undermines the rule of law and the privacy of every American," said EFF senior staff attorney Kevin Bankston. "Congress should let the courts do their job instead of helping the administration and the phone companies avoid accountability for a half decade of illegal domestic spying."

It doesn't make sense for Congress to work hard on the FISA bill when the NSA and telecom providers can circumvent the law, added Greg Nojeim, CDT's senior counsel. "The telecom immunity provision sends a message that it's OK for a telecom to assist with unlawful surveillance when secretly asked to do so by the government," he said.

Democratic Senators Chris Dodd of Connecticut and Russ Feingold of Wisconsin had sponsored the amendment to get rid of legal immunity for the telecom providers. AT&T and other telecom carriers are being sued in U.S. court in San Francisco for their participation in the surveillance program, which many civil liberties groups say is illegal.

Last month, U.S. Vice President Dick Cheney said in a speech that it is "entirely appropriate" for U.S. intelligence agencies to seek help from private companies such as telecom providers because agencies don't have all the resources they need to keep the United States safe from terrorism.

"Some providers are facing dozens of lawsuits right now," Cheney said then. "Why? Because they are believed to have aided the U.S. government in the effort to intercept international communications of al Qaeda-related individuals."

A House bill, passed in November, does not include legal immunity for telecom providers that participated in the NSA program. The House and Senate would have negotiate the differences in the two bills before sending the legislation to U.S. President George Bush to sign. Bush has threatened to veto a surveillance bill that does not include legal immunity for telecom providers, but congressional authorization for the surveillance program expires Feb. 15.

It would be counterproductive for Bush to veto a bill that extends surveillance programs that he says are critical, Bankston said. "The only way they can [get legal immunity] is by fallaciously tying it to something critical," he said.

The EFF will push hard to have House negotiators keep the telecom immunity provisions out of the bill that goes to Bush, Bankston added.

The EFF and CDT both prefer the House FISA bill, called the Restore Act. Unlike the Senate bill, the House bill would require court approval of surveillance, and the House version would expire in two years, as opposed to six years in the Senate version. The CDT has produced a chart comparing the two bills.

Krugle shipped on Tuesday an upgrade of its enterprise code search appliance for software development teams that is designed to offer improved scalability and search accuracy.

Krugle is also now offering prospective customers the ability to evaluate the product on VMware before purchasing it.

Krugle Enterprise 2.0 is sold as an appliance and can be configured to work with a variety of software change management systems, including ClearCase, Perforce, Microsoft's Team Foundation Server, Subversion, and others, according to Krugle. It also can crawl flat-file systems and code archives, according to the company, based in Menlo Park, Calif.

Results can be viewed through a Web browser, but Krugle also offers support for searching directly from the Eclipse IDE. There is an application programming interface for creating other integrations as well. "We have a first-class integration with Eclipse, and the next cab off the ramp will be [Microsoft's] Visual Studio," said Matt Graney, senior director of product management.

Michael Coté, an analyst with RedMonk, said Tuesday that it is important for software such as Krugle to be tightly linked with a developer's core environment.

"If it can't be crammed into the IDE, the experience that's in front of the software developer every hour of the day, I think it won't get the face time it needs to be worth it," Coté said. "As an example, project management software that doesn't have a touch-point in IDEs tends to only be looked at by managers, and then developers have no idea about the overall project status."

However, it may in fact be easier to scan code results in a browser window, according to Graney. "From a real-estate point of view, Eclipse is a busy sort of environment," he said.

Users can use Krugle to search code repositories in a variety of ways, such as for a specific project, or solely for the comments that developers place with code upon check-in. The engine can also recognize various code features, such as function calls and class definitions.

It supports more than 40 languages, according to the company. There is also some reporting capability built into the product, such as a "heat map" function that provides a snapshot of activity levels among various projects.

"We've been really impressed with it," said Patrick Hendry, CEO of Thuridion, a software consulting company and early beta user of the 2.0 release. "It definitely saves us time. We haven't sat down and quantified how much we're saving into dollars, but clearly that's happened."

Hendry's company is aligned with Visual Studio, not Eclipse. It hasn't yet built an integration with Krugle, but may down the road if it becomes a paying customer, Hendry said. "We'll probably take a look at that. It's not a must-have, but it would probably be nice to have."

The Scotts Valley, Calif., company mostly creates software for publishers who then sell it, Hendry said. Thuridion has "a large body of code" at any given time -- some 3 million to 4 million lines of code, excluding comment documents, he said.

Thuridion "very briefly" considered other vendors but felt Krugle returned better results, he said.

Subscription pricing typically begins at about $25,000 per year and scales up depending on the size of the code base, the number of users, and how often the code base is crawled.

Krugle was formed in October 2005. Its competitors include Koders and Google. The company also runs a free site, www.krugle.org, which can be used to search more than 2 billion lines of open source code. The krugle.org index can also be accessed through the enterprise product.

Yahoo has acquired Maven Networks for $160 million in a deal that will help the search provider boost its video advertising capabilities.

Media companies including Fox News, CBS Sports, and Sony BMG use Maven's platform to manage, distribute, and earn advertising revenue from their online video content. The platform includes an advertising insertion engine, as well as inventory management and reporting tools. Companies use it to post videos on their sites and insert interactive ads into the videos.

On Tuesday, Yahoo said it plans to contribute its display advertising sales force and technologies to Maven's platform to help publishers display more targeted ads in videos. The deal means that advertisers can buy video, search, and display ads through Yahoo, which believes that video is a fast-growing segment of the online ad market.

Maven has become a wholly owned subsidiary of Yahoo, which has established a Cambridge, Mass., office with the acquisition.

Yahoo makes the acquisition in the midst of an increasingly hostile attempt by Microsoft to buy the search company. In response to Yahoo's rebuttal of its buyout offer, Microsoft on Monday said that it thinks its offer was fair and that it might take the offer directly to Yahoo shareholders.

Microsoft released 11 security updates Tuesday to fix critical flaws in its products, including a publicly known ActiveX bug that affects users of the Visual FoxPro database.

In total, 17 individual software flaws were patched in the updates. Microsoft rates six updates as critical, meaning they should be installed as soon as possible, while the remaining five updates are considered "important." Last month was an easier month on IT administrators, when Microsoft released just two updates.

Microsoft surprised some by releasing one fewer update than expected. Last Thursday, the software vendor had said that it was readying a fix for critical VBScript and JScript flaws in Windows 2000, XP, and Windows Server 2003. That update wasn't included in this week's patches, but on Tuesday, Microsoft wouldn't confirm that it had actually dropped the update because "this could put customers at risk," according a spokeswoman for the company's public relations agency.

Security experts said Tuesday that the MS08-010 update, which fixes four bugs in Internet Explorer, should take top priority this week. "There are four vulnerabilities within that particular patch and all of them are remote-code executable," said Jonathan Bitle, director of technical account management with Qualys.

"The way we're looking at it, our prioritization would put MS08-010 at the top, followed by MS08-007," said Don Leatham, director of solutions and strategy with Lumension Security.

MS08-010 fixes a publicly disclosed ActiveX bug that affects Visual FoxPro users. Although hackers have already posted code showing how to exploit this vulnerability, the buggy ActiveX control is not included in Internet Explorer 7's default list of controls, so the flaw should not affect most users.

The MS08-007 update fixes a critical flaw in the Windows XP and Vista WebDAV redirector software. WebDAV is a Web-based document sharing protocol. The flaw is rated important for Windows Server 2003 users.

Microsoft's Office products are also a major source of patches this month. Tuesday's updates include critical fixes for Microsoft Word, Office Publisher, and Office itself. There is also a critical update for Windows' Object Linking and Embedding (OLE) Automation software. The remaining updates, rated important, are for Active Directory, the Vista TCP/IP stack, the Microsoft Works file converter, and two bugs in the Internet Information Services (IIS) Web server.

The Patch Tuesday updates show that client-side bugs continue to be a much higher risk than server-side vulnerabilities, said Andrew Storms, director of security operations with nCircle. "One would have assumed that the IIS and Active Directory vulnerabilities would have been the most serious because they stand at the core of an enterprise and provide more critical services," he said via instant message. "But with this month's patches, the hacker's best bet is to take advantage of the client-side attacks."

Business Objects, an SAP company, unveiled today the next iteration of its business intelligence platform, XI 3.0.

Bigger and in some ways better than previous versions, it includes so many features that it may be a bit daunting to some users.

Leveraging Business Objects' acquisition of InXight Software in May 2007, XI 3.0 ties together structured information with unstructured information.

"Now you can read through e-mails, Web pages, and documents to understand text and extract sentiment from text," said Franz Aman, vice president for business intelligence platform, product marketing at Business Objects.

Josh Greenbaum, principal at Enterprise Applications Consulting, called the ability to include unstructured data a significant improvement in the platform. "It is an acknowledgement that data comes from all kinds of applications and all kinds of formats," he said.

The technology parses and organizes unstructured data so that users can apply more traditional -- that is, more statistically oriented -- methods to the data.

Greenbaum said that although it is a "somewhat artificial" structure, it does lend itself to data analysis, and he called that an enormous improvement for businesses that have grown so much more complex over the years. "ERP used to be about one activity, closing the books every quarter," he said

Traceability is another key feature in XI 3.0. The technology can trace back the so-called lineage of data in order to give users better insight into how the data was created, what transformation it might have gone through, and whether or not it was merged with another data set.

While knowing the lineage of data is a must-have for regulatory and compliance, it is also essential to good business, said Greenbaum, noting that it is a vast improvement over the old days when executives sat around arguing over the data in a single cell in a spreadsheet.

The lineage capability is available only to those who buy the optional Business Objects Data Services that combine Data Integrator and Data Quality components.

Another significant improvement in the platform is a technology dubbed Polestar that gives nontechnical users the ability to do complex searches and to make natural-language queries. "You don't have to be a special user with SQL knowledge to find information," said Aman.

However, Greenbaum said that while XI does a good job in elevating the accessibility and comprehensiveness of BI, it is also a "bit of a Swiss Army knife."

"What haven't they put into this product?" he wondered.

Nevertheless, it should also replace all the departmental one-off solutions that are typically floating around a company, according to Greenbaum.

While XI 3.0 was in development long before Business Objects was acquired by SAP in January 2007, there are some unique linkages between XI 3.0 and SAP applications, said Aman. For example, XI is more tightly intertwined with the SAP Business Warehouse and offers faster performance when users tap into data that comes from R3 or the Warehouse than if the data was from a non-SAP source.

Also, XI can tap into SAP's use of metadata so that if a user in North America searches for Total Revenue, and a user in France is looking for the same information, despite the fact that the French use a phrase other than "total revenue," both will get back the same information because of the metadata layer.

Business Objects 3.0 will be available later in the first quarter. Later in the year, it will also be available as a SaaS (software as a service) offering.

Microsoft is including a set of nonsecurity updates that prepare customers to install Windows Vista Service Pack 1 as part of its monthly "Patch Tuesday" security fixes.

Two of three prerequisite updates needed to install SP1 are hitting Microsoft's Windows Update for the first time Tuesday along with the usual batch of security updates it releases every month. The technologies -- called KB937287 and KB938371 -- are marked "Important" and will install automatically if a Windows user has Windows Update set to the recommended configuration, according to a post on the Windows Vista team blog.

KB937287 is an update to Vista's servicing stack, and KB938371 is a multicomponent update, according to the blog post attributed to Nick White, a product manager on the Vista team. Both must be installed before a machine can successfully be updated to Windows Vista SP1.

The third prerequisite to installing SP1, KB935509, also is being released through Windows Update Tuesday. However, that technology is an update of a previously released technology, not a brand new release.

Microsoft plans to release Vista SP1 in its first five languages -- English, French, Spanish, German, and Japanese -- to the Windows Update and the download center on Microsoft's Web site in mid-March. However, some computers may not work with the update right away because of device-driver incompatibilities; Microsoft is hoping to resolve those by mid-March, which is why it is putting off the release until then even though the final code for SP1 is available now.

Following its first release, Microsoft in mid-April plans to make SP1 available in the first five languages to anyone who has chosen not to download it. Microsoft will follow with the remaining language releases of Vista SP1 soon after. Many believe the SP1 milestone is the one that will bring about a new wave of adoption for Vista, especially among business customers that have been awaiting the service pack's release before updating employee desktops.

Microsoft releases security updates every second Tuesday of the month, which is why security researchers call the day "Patch Tuesday." The company often includes nonsecurity updates with these releases, although it also will release nonsecurity updates on the fourth Tuesday of the month.

Research in Motion still doesn't know why its BlackBerry service went down for several hours on Monday.

"RIM is continuing to investigate the exact cause" of the outage, the company said in a statement Tuesday. Late Monday, it apologized for any inconvenience caused by the incident, which left customers throughout North America without current e-mail for about three hours starting around 3:30 p.m. Eastern Time.

It was the second major outage in less than a year for the popular mobile data service, on which about 12 million subscribers depended at the beginning of last December. The previous problem, which occurred last April, was caused by a minor software upgrade that went awry, followed by a failed switchover to a backup system, according to RIM. The company said soon afterward that it had identified "certain aspects of its testing, monitoring and recovery processes that will be enhanced" as a result of the failure.

BlackBerry e-mail traverses a complex infrastructure involving mobile operator networks, RIM's network operations center, and BlackBerry Enterprise Servers within companies that use the service. It pushes messages from enterprise e-mail systems, including Microsoft Exchange and IBM Lotus Notes, out to the popular BlackBerry devices.

The system is getting yet more complicated as RIM adds third-party services to appeal to consumers, said Albert Lin, an analyst at investment bank Sooner Cap. As the company tries to keep up with rapid growth in its subscribers -- last year's fiscal third quarter saw a net gain of 1.65 million -- these types of glitches are to be expected, Lin said.

"It's hard to really expect any major service provider to be 100 percent reliable," Lin said. Although enterprises now have more push e-mail alternatives than they did when the BlackBerry debuted in 1999, those competitors, such as Visto and Motorola's Good Technology system, aren't significantly more dependable, he said.

"When it comes to reliable push e-mail ... it's still hard to find a solution that works better than BlackBerry," Lin said.

Intel offices in Munich were raided by the European Commission on Tuesday as part of an ongoing antitrust investigation.

Confirming the raids, Intel spokesman Chuck Mulloy said the company fully cooperated with the EC. He declined further comment.

The Commission inspected the premises of CPU manufacturers and PC retailers, said Jonathan Todd, spokesman for the EC, declining to comment on which companies were raided.

The offices of German consumer electronics vendor Media Markt and DSG International, which runs Dixons in the U.K., were also raided, according to multiple newspaper and wire service reports.

The raids relate to concerns of the abuse of a dominant market position, the EC said in a statement.

"Surprise inspections are a preliminary step in investigations into suspected infringements of EC competition law," the Commission said. The inspections do not prove guilt of anticompetitive behavior or prejudge the outcome of the investigation, the Commission said.

The raid comes on the heels of multiple complaints and lawsuits filed by Intel competitor Advanced Micro Devices with authorities in the European Union, U.S., Japan, South Korea, and Japan, charging Intel with monopolistic behavior.

In 2006, AMD said it planned to file a complaint with German authorities regarding Intel's alleged anticompetitive behavior. AMD alleged that Intel paid German retail chain Media Markt not to stock PCs containing AMD processors, citing a letter to a supplier in which the retailer said it would only buy PCs with Intel processors.

As part of ongoing inquiries into Intel's monopolistic behavior, the EC earlier raided Intel's offices in 2005. Authorities in Japan raided Intel's offices in 2004.

BlackBerry mobile data services were disrupted Monday afternoon due to a problem with Research In Motion's infrastructure, apparently affecting customers of all major North American mobile operators, an AT&T Wireless spokesman said.

RIM told AT&T the problem began at about 3:30 p.m. Eastern Time and that the Waterloo, Ontario, company was working to identify and solve the problem, said AT&T spokesman Mark Siegel. RIM officials were not immediately available for comment.

After 6 p.m. Eastern, users on a BlackBerry Internet message board began reporting that service had returned to normal.

The popular smart phones rely on both a cellular network for transport and RIM's own network for pushing e-mail to end-users. Last month, problems with AT&T's network disrupted service to some of its subscribers with BlackBerrys, as well as iPhone users.

Several users on various mobile networks reported connection problems on Monday afternoon on the message board.

BlackBerry users may not be able to send or receive messages, browse the Internet, or use the BlackBerry Internet Service Web site, according to a message from RIM that some users on the board posted. In addition, BlackBerry Enterprise Servers may not be able to connect to RIM's infrastructure, and carriers and resellers may not be able to create accounts or provision services, the notice said. The outage happened because "a component of the network infrastructure is experiencing a service interruption."

Zenprise, a maker of service management software that monitors BlackBerry service and notifies administrators of problems, detected the outage and notified customers at 3:23 p.m. Eastern, according to Ahmed Datoo, Zenprise's vice president of marketing. After running a series of tests, Zenprise determined that the root of the problem was in RIM's infrastructure. The Fremont, California, company, which counts about 100 enterprises and SMBs among its customers, has not determined the total scope of the outage. BlackBerry service for Zenprise's own customers has been going up and down during the outage, Datoo said.

Microsoft Chairman Bill Gates said Monday that the Windows application platform is to be fitted with "Fluent UI" ribbon capabilities now offered in Office 2007.

The ribbon UI presents a new interface in Office 2007. "We usability-tested it massively, and fortunatel, it has had a very strong positive reaction," Gates said during a keynote presentation the 2008 Office System Developer Conference in San Jose, Calif. "We in the next version of Windows will be using this Fluent UI quite a bit across a number of applications," he said. "It turns out it's a user interface that works very well for the pen and touch [interfaces] as well as being a better way of revealing application functionality."

The Fluent UI represented "a major risk that Microsoft took," Gates said. But the older interface with its dropdown menus was hiding so much functionality that the company was being asked for features that were already there but were concealed, he said.

At the conference, Microsoft is promoting Office as a development platform with users able to write extensions. During Gates's presentation, third party applications were shown that extended Office with custom development, such as the MindJet MindManager planning application and FedEx's QuickShip for processing FedEx shipments from within Microsoft Outlook.

During a subsequent question-and-answer session with the audience, Gates was asked to compare and contrast opportunities for developers working with platforms like Microsoft's with platforms like open source. Gates responded, "Our platform is a commercial platform where customers expect a very high level of service, a very high level of integration, but the nice thing about it is they are willing to pay for software."

Free software has always been around, he said. "We've always had free software out there, it's not really a new thing. In fact, I'd say in some ways it's less of a factor than it's ever been," Gates said.

Everyone has the same business model, he said: Software developers have free versions of their software, inexpensive software, and robust commercial versions of their software. "The commercial environment, I think, will always be the pre-eminent thing in terms of providing business productivity," said Gates.

He advised those who want to develop free software to be careful which licensing model they choose and to select an option that does not restrict commercial versions of their software.

Asked about Yahoo, which has rejected Microsoft's $44.6 billion acquisition offer, Gates said the question was whether Yahoo should be a media company or focus on engineering. In an ad model, scale is needed, he said. Yahoo's engineering could be combined with what Microsoft has done, he said.

Gates's overall presentation did not impress one attendee, who nonetheless was impressed with Gates himself.

"Bill is definitely a visionary, and he's one of the greatest men in the 20th century, but I have to wonder how much of that was just reading from a script," said Aaron Alanen, senior consultant at Sogeti.

"I did see in his questions later on that he really had some deeper knowledge," Alanen said.

During Gates's presentation, he also played a tongue-in-cheek video about what he would do during his upcoming semi-retirement from Microsoft. Included were possibilities such as getting into politics, joining the rock band U2, and becoming a rapper or actor. Guests featured in the video included, among others, Hillary Clinton, Barack Obama, Al Gore, Bono from U2, and George Clooney.

Users may see an iPhone with 3G technology in the next six months, a financial analyst said Monday, citing waning inventory of Apple's current iPhone and the increasing demand in Europe for 3G products.

The iPhone shipments are likely to be weak during the March quarter, and inclusion of 3G technology in the phone could ensure that Apple meets its target of shipping 10 million iPhones in 2008, analyst Richard Gardner of Citigroup said in a research note on Monday. 3G is a high-speed wireless communications standard that provides broadband Internet capabilities to cell phones and mobile devices.

An iPhone upgrade to include 3G technology could help the company forge more relationships with carriers as it builds a European presence. "We believe that lack of 3G has been a significant headwind for iPhone in Europe where 3G is already pervasive," Gardner said.

During meetings with Citigroup, Apple reiterated its plan to introduce the iPhone into additional European countries and Asia by the end of 2008, Gardner said.

In a December report, Shaw Wu of American Technology Research said a 3G iPhone would likely ship around the middle or in the second half of this year after network coverage and battery life issues are addressed.

During the iPhone rollout in the U.K. last year, Jobs said that 3G chips were "power hogs" but also said he expected to see better battery consumption this year. Chip vendors, including Broadcom and Arm, are developing power-efficient 3G mobile chips with multimedia capabilities.

3G is still not widely deployed in the U.S., Wu wrote in a report. Apple could possibly position the new iPhone as a high-end smart phone with the current iPhone being shipped as a more mainstream product, Wu said.

Apple's 3G plans in the U.S. could get a boost from AT&T's announcement last week that it was expanding its 3G wireless coverage to 350 major U.S. markets, including all 100 of the largest cities.

Until the iPhone becomes available in more countries, unlocking numbers will remain high. But as the iPhone's presence expands, "most consumers will prefer to use iPhone on the network with which Apple has a relationship -- only then can they take advantage of innovative features, such as visual voicemail and ongoing software updates," Gardner said.

Up to 35 percent of all iPhones sold since its launch in June have been unlocked and sold in countries where Apple does not yet have a formal relationship with a wireless carrier, Citigroup's Gardner said.

There has been plenty of speculation surrounding the release of a 3G iPhone. Last year, Apple CEO Steve Jobs and AT&T CEO Randall Stephenson separately said a 3G iPhone was coming in 2008, though the exact date is shrouded in secrecy.

Along with the unveiling of prototype handsets using Google?s Android mobile application development platform at the Mobile World Congress in Barcelona, came the promise -- one more time-- of write once, run anywhere.

And while write once, run many gives application developers a maximum market for their applications, industry experts have their doubts that Android or any other mobile solution can fulfill the promise.

Bob Egan, chief analyst with the Tower Group, points out that differentiation often takes place at the hardware level, such as optimizing battery management or display characteristics.

Anthony Meadow, principal at Bear River Associates, a leading mobile development company said the ability to achieve write once, run many depends on how the hardware and software developers do their respective work, the problem being that everyone wants to be different. "How can a hardware manufacturer differentiate their product from everybody else's and at the same time be compatible with the standards they want to set?" he said

Making it even harder to achieve standardization is the plain fact that handset manufacturers are not standing still. New features are constantly being added. Offering music downloads, pictures, and video is practically old school. Now, handset manufacturers and the carriers are talking about new security features like embedded security credentials for a boarding pass or entry to a company, or loading loyalty cards.

"When you start thinking of taking handsets to the next level, there is a whole new set of complexities," said Egan.

So while a cross platform mobile SDK would be welcomed by developers, especially Google, which needs to put its services on as many devices as possible in order to grow, the hardware subtleties are the things that come up to bite people, adds Egan.

Meadow at Bear River admits that if Google had a tough certification program, it would be possible to get much closer to the write once, run anywhere prize.

Google certainly has a great deal of clout in many parts of the high tech industry, but is it powerful enough to make demands on the telecommunications industry as well? Both Microsoft and Palm tried that before with very stringent certification processes for their platform. But it never really worked. "They couldn't keep everybody in line," said Meadow. "It was a lot more pain and trouble to get J2ME apps running on different cell phones."

While the Open Handset Alliance [OHA] -- founded by Google -- is touted as the way to get many companies on board, in fact there are only four handset manufacturers who are members: HTC, LG, Motorola, and Samsung.

Tower Group's Egan says he hasn't seen anything out of the OHA to indicate it's doing anything different than what has been done in the past.?

Meadow doesn't put much faith in the clout of the OHA either. "People join everything that comes along. It is an exercise in PR to be seen as supporting this and being associated with Google," he said.

So while a write once, run many platform is the holy grail for developers, if you look at what happened with J2ME on smartphones, there were inherent limitations in how it was implemented as a platform, and for many developers it was a lot more pain and trouble to get J2ME applications running on different cell phones than it was worth.

While both Egan and Meadow are withholding final judgment, they both say they haven't seen enough that is different -- despite that fact that this is Linux-based rather than Java -- to make them feel any more positive about Android's future success.

Attackers continue to use well-worn techniques, such as SQL injection, to exploit holes in popular Web applications but have also moved on to other targets, including government sites, and newer exploit methods, such as cross-site request forgery, according to the latest report filed by the Web Applications Security Consortium.

The nonprofit industry group released the findings of its annual Hacking Incidents Database report this week, and despite the fact that cyber-criminals are still capable of using familiar means like SQL injection to victimize e-commerce sites and other transactional systems, a growing number of assailants are broadening their efforts and capabilities and going after new sets of targets, the research contends.

Based on WASC's in-depth investigations into roughly 80 individual attacks carried out during calendar 2007, the group concludes that data theft remains the primary goal of most incidents, representing 42 percent of all the events.

Surprisingly, site defacement -- thought to be a dying art in the world of profit-driven hacking -- actually still accounted for 23 percent of the attacks covered in the report, followed by exploits aimed at planting malware on sites at roughly 15 percent.

And while the lion's share of the incidents studied by the group revolved around the attempted theft of sensitive data that could be sold on the underground market or used to carry out fraud, the phishing threats of years past are increasingly becoming outnumbered by attacks that utilize malware code hidden on legitimate Web applications to victimize unsuspecting end-users, the group said.

Of all the threats studied by WASC in its report, 67 percent were designed specifically to derive some form of profit -- pointing to continued growth in the professionalism of those responsible for the attacks, researchers said.

"One of the biggest issues is that so much of this activity is being delivered directly though legitimate Web sites that are being hacked," said Ryan Barnett, a project leader at WASC who also serves as director of application security training at applications firewall vendor Breach Security, which sponsored the 2008 report.

"It used to be that as long as users didn't go to certain Web sites they'd be safe, but obviously, that's changing," he said. "SQL injection still works surprisingly well, so we're seeing plenty of those across the board, but you do also begin to see more use of things like cross-site request forgery, to which even greater numbers of sites might be vulnerable."

SQL injection, which attempts to use security vulnerabilities occurring in the database layer of applications to compromise them, still remains a weak point in some widely-used Web systems, in particular e-commerce sites, a reality that the researcher views as surprising based on the well-established history of the technique. However, CSRF threats, which attempt to hijack authenticated Web sessions to carry out their ploys, are becoming more common, while still far less frequent than SQL injections, according to the expert. Indeed, CSRF threats accounted for only 2 percent of the incidents tracked by WASC for the 2007 report, while SQL injections represented 20 percent, the most popular format for exploit.

Unintentional information disclosure, which involves sites that emanate such detailed authentication failures that hackers may use them to find a way in, was the second most popular format for attackers to break into applications at 15 percent, followed by cross-site scripting exploits, which use malware planted on legitimate sites to subvert end-users' machines, at 12 percent of the incidents.

In terms of the types of organizations being assailed by the attacks tracked by WASC, the group found that government agencies actually represented the largest group of targets.

Perhaps because financial services companies and retailers have improved their applications defenses, hackers have moved on to the government set as well as educational institutions, the report contends.

Some 29 percent of the incidents covered in the report targeted government agencies, followed by education at 15 percent, and retailers and media outlets tied at 12 percent.

In addition to attempts to steal data, WASC contends that government agencies may also be getting hacked by parties looking to embarrass or disable the organizations' sites based on ideological goals. Because government agencies are forced to report more of their security incidents publicly, hackers may merely be trying to force the organizations to admit that they have been exploited in public, the researchers said.

Microsoft said its $44.6 billion offer to purchase Yahoo is "fair" and hinted that it may pursue a hostile takeover of the Internet company, according to a statement Microsoft made Monday in response to Yahoo's formal rejection of its buyout offer.

In a statement, Microsoft said it's "unfortunate" that Yahoo "has not embraced" its proposal to combine the two companies, and the rejection of the offer "does not change our belief in the strategic and financial merits of our proposal."

The company also hinted that it may take the offer directly to Yahoo's shareholders, a move that could result in a hostile takeover.

"As we have said previously, Microsoft reserves the right to pursue all necessary steps to ensure that Yahoo's shareholders are provided with the opportunity to realize the value inherent in our proposal," Microsoft said in its statement.

Earlier Monday, Yahoo formally rejected Microsoft's bid to acquire the company in a half-stock/half-cash purchase, saying it undervalued Yahoo.

On Feb. 1, Microsoft offered to pay $31 per share for half of Yahoo's outstanding shares in cash -- about $22.3 billion -- and 0.9509 of a Microsoft share for the other half. Microsoft's half-cash/half-stock offer to Yahoo was valued at about $44.6 billion at the time it was made; Yahoo's share price was $19.18 at the time.

However, since then Microsoft's stock has gone down while Yahoo's has risen, making the deal, under its current terms, worth less than when it was originally offered. This led to speculation that Yahoo might look for other suitors; the company is reportedly looking for about $40 per share. Yahoo's share price closed at $29.87 Monday; Microsoft's closed at $28.21.

Some have speculated that Microsoft would raise its offer to the company to about $35 per share -- about midway between its original offer and Yahoo's target price -- but in its statement on Monday, the company seemed adamant about keeping the offer as it stands.

"We are offering shareholders superior value and the opportunity to participate in the upside of the combined company," Microsoft said. "Based on conversations with stakeholders of both companies, we are confident that moving forward promptly to consummate a transaction is in the best interests of all parties."

Microsoft's offer to purchase Yahoo is an attempt to join forces and improve both companies' positions against Google in online advertising and services. However, many questioned both the logistical complexity and cultural differences involved in combining the companies, and there are fears that it will thwart rather than help their efforts to compete with Google.

Yahoo is reportedly in talks with both AOL and Google to try to avoid being acquired by Microsoft. Analysts said Monday that Yahoo's initial rejection of the offer is more of an attempt to elicit a higher bid -- either from Microsoft or another company. If none comes, the company might decide in the future to accept Microsoft's offer as it stands, they said.

A new survey by IAG Consulting finds that among two-thirds of companies polled, it is "improbable" that an IT project will be considered an overall success due to inadequately or improperly gathered business requirements.

Fifty percent of these companies' projects could be termed "runaways," marked by at least two of these three factors: Taking more than 180 percent of estimated time to be completed, going over 160 percent of the established budget, and delivering less than 70 percent of the desired capabilities.

The other 32 percent of the companies surveyed enjoy a "probable" chance of success for IT project, according to the study, which surveyed more than 100 midsized and Fortune 1000 companies in North America.

"The numbers here came back far, far bigger than we ever expected," said Keith Ellis, vice president of IAG, which is based in the U.S. and Canada. The independent company focuses on business requirements analysis.

"One big reason that really stands out for me is that people tend to look at requirements as a document, not as a process. If you do that, you're going to fail," Ellis said. "Here's one of those cases where the means is as or more important as the end."

Good requirements analysis can ensure a project's scale is minimized, but not at the expense of meeting a business' needs, according to the study. Another hallmark sees changes to requirements occurring infrequently, because the proper level of consensus has already been reached.

The study weighed development projects, which cost at least $250,000 and involved "significant new functionality," as opposed to matters like maintenance or a rollout of new client machines. The projects consisted of either internally developed software or application implementations. Their average scope was $3 million, according to IAG.

The damage was worst when non-IT business analysts were in charge of the requirements. Those projects came in at nearly double their budgets and took more than 245 percent of their allotted time, according to IAG.

When IT workers managed the requirements analysis, the results were only slightly better, with budget overruns at 163 percent and time at 172 percent.

The best results came when business and IT worked together on defining requirements. There, budgets ran an average of 143 percent and time, 159 percent.

The study suggested many companies are working on an ad-hoc basis. More than half "did not have professional, trained staff dedicated to the function of getting requirements, and the vast majority view the process of getting requirements to be inefficient," the report states.

Companies should form a "center of excellence" for business-requirements gathering managed by both IT and business employees, the study concluded.

IAG conducted the study with the help of analyst Michael O'Neil and Info-Tech Research Group over the past several months, Ellis said.

Starbucks has upgraded its Wi-Fi offering from a tall to a venti, switching partners from T-Mobile USA to AT&T in a deal that will mean free coffee-shop wireless for millions of U.S. broadband subscribers.

The chain's network of hotspots, the best-known in the U.S., covers more than 7,000 company-owned stores. Users of AT&T Broadband and U-verse DSL (Digital Subscriber Line) services will get free access to the networks, and the carrier will soon extend benefits to AT&T Wireless customers as well, according to a news release. AT&T business customers with remote-access subscriptions will be able to buy unlimited, flat-rate access at any Starbucks location.

AT&T had 14.2 million lines of DSL in service at the end of last year. Its wireless arm has about 70 million subscribers. T-Mobile, a subsidiary of Germany's Deutsche Telekom, said it had 28.7 million subscribers at year's end.

Although 3G (third-generation) cellular networks are nearing typical wired broadband speeds, Wi-Fi hotspots in key locations such as airports, hotels and cafes remain an attractive option for people who need high-speed connectivity on the road. T-Mobile has provided the Starbucks networks as part of its national hotspot service for several years, with a variety of paid plans including US$6 for one hour, $9.99 for a day and $29.99 per month with an annual agreement. Prices under AT&T will be slightly lower, including $3.99 for two hours and $19.99 per month.

But the deal also opens up a whole new customer base for the hotspots: Starbucks customers with an active Starbucks stored-value card will get two hours of free access per day. All that's needed to keep a card active is to have money stored on it and to buy something with it at least once a month, said Starbucks spokeswoman Bridget Baker. Starbucks employees will also get free access.

AT&T will take over the networks market by market, starting in the next few months and finishing by the end of the year, the companies said. Under a roaming agreement to be implemented by March 31, T-Mobile subscribers will also be able to use the AT&T Starbucks networks, Baker said.

The deal significantly expands AT&T's network of hotspots, giving it 17,000 U.S. sites (about 70,000 worldwide) and adding a popular Web-surfing location to its lineup, which today includes McDonald's restaurants, Barnes & Noble bookstores and some hotels and airports. It builds on an existing relationship in which AT&T has provided back-end networks for Starbucks stores for more than 10 years, Baker said. The carrier will provide Starbucks an enterprise-class network with increased bandwidth and redundancy, according to the release.

The prospect of high-speed access at Starbucks should help AT&T attract new DSL customers and hold onto existing ones, telecommunications analyst Jeff Kagan wrote in a commentary on the deal.

"The customer wins because they get to take advantage of money saving bundles, and AT&T win's because it keeps customers happy which means hanging on to the customer in an increasingly competitive marketplace, and Starbucks win's because it expands their digital entertainment platform and gives customers more reasons to spend time in the stores," Kagan wrote.

Microsoft has updated its Office Live Small Business hosted service with new e-commerce and marketing tools to help small businesses sell their products and services online.

The new version of Microsoft's service to help small businesses build a Web presence, unveiled Monday, now includes Store Manager, a tool aimed at helping small businesses build their own e-commerce sites as well as storefronts on eBay.com to sell their products. Store Manager costs US$39.95 per month.

Microsoft also has added a beta version of an e-mail marketing service that allows users to send out regular e-mail newsletters, promotions and updates. The service is free for up to 200 e-mails per month during the beta, the company said.

Other new features to Office Live Small Business include custom domain name and business e-mail that is available free for one year and $14.95 per year after that. Through the service, businesses can privately register their domain names and brand up to 100 business e-mail accounts, each with 5G bytes of storage, according to Microsoft.

Microsoft also has added Web-site customization tools; support for Firefox 2.0 so Mac users can use Office Live Small Business tools and features; and an improved interface and enhanced search ability in Contact Manager, the service's contact-management system, to the updated service.

Office Live Small Business is Microsoft's Web-based service aimed at giving small businesses a Web site as well as providing basic management, worker collaboration, accounting, and CRM (customer relationship management) capabilities. Microsoft defines small businesses as those with 50 employees or fewer. The service originally was called Office Live but Microsoft recently changed the name.

People often mistake Office Live for a Web-based version of Microsoft's Office productivity suite, one of the reasons Microsoft added "Small Business" to the service's name. Eventually, Microsoft does plan to offer features of its Office software online as a service, plans Microsoft Chairman Bill Gates discussed Monday at the Microsoft Office System Developer Conference in San Jose, California.

Microsoft said Office Live Small Business currently has nearly 600,000 customers in the countries where it is currently available -- the U.S., U.K., France, Germany and Japan.

More information about Office Live Small Business can be found on the home page for the service.

Sony Ericsson, LG, and Samsung have all caught "iPhoneitis," joining in on one of the hottest trends at the Mobile World Congress -- touch-based user interfaces.

All three launched mobile phones at the show in Barcelona, and they all use touch in different ways -- from LG's icons that change function depending on what part of the phone is being used to Sony Ericsson's ability to focus where a user touches while taking a picture.

Sony Ericsson likes to point out that it has supported touch since the birth of the company. But it also gives Apple some credit.

"They are a source of inspiration," said Rikard Skogberg, category manager at Sony Ericsson.

The point is to make mobile phones easier to use and to open the door for more features, such as mobile Internet.

"Sony Ericsson's goal is to make our phones as easy as possible to use, and touch is a big part of that. If people are going to buy more advanced phones, they must be able to use all the features -- and for that to happen, they must be intuitive," Skogberg said.

LG's Channel Marketing Manager Heather Seabrooke agrees.

"It's all about usability. With touch, you don't need a million different buttons. Instead, you can use the same ones for different things," she said.

But not all phone vendors seem to be convinced. Nokia was expected to show a new version of its S60 operating system with an integrated touch-based user interface, but it was nowhere to be seen.

Nokia says it will use touch starting sometime during the second half of this year but not in a gimmicky way. And there must be a clear migration path for users.

Several analysts are also skeptical.

"We believe that a good user interface must also support buttons to be effective and fast. And we will see a lot more innovation before this market becomes mature," said Leif-Olof Wallin, research vice president at Gartner.

But at the same time he thinks that Nokia's lack of support for touch may hurt its sales in the short term.

"Nokia's new flagship phone, the N96, has an impressive spec, but it doesn't support touch. And that makes it a bit handicapped," said Wallin.

Ben Wood, director of research at CCS Insight, has this warning for users: "We think 2008 will be the year of crap touch phones."