Kool Lite Tools Forum Rules

HelpSearchMembersCalendar

You can submit world news and events articles from the internet by creating a thread in this section.


When compiling a news thread please use the following format:

• The topic title should be shown in bold lettering.
  
  
• If copying and pasting from a news source ensure that any unnecessary advertising, text etc. that may also be collected whilst copying is removed before submitting the post.
  
  
• All paragraphs should be evenly spaced.
  
  
• At the end of the news article please give credit to the source of the story. To do this post an image logo from the site and also a link to the news story.
  
  For example if the source was from Yahoo! News their image would look like this .
  
  
• So in the "Insert Link" box you would first of all enter the complete URL for the hyperlink to the news story, click OK, then enter the full URL address of the image you are using together with the [*img] [*/img] tags (without the asterisks).
  
  
• or copy and paste the text below at the end of your post, remove the stars (*) from it and then replace the red text with the address to the story and the blue text with the address of the image of the source's site.
  
  [*url=http://news.yahoo.com][*img]http://img451.imageshack.us/img451/3851/yahooij1.gif[*/img][*/url]
  
  
• If you wish to add any of your own comments to the post, make a clear separation at the very bottom and add your comment there.

Please remember to not hotlink any images, we have posted some images from popular sites, please use these images so that we are not hotlinking, thank you.

Will the digital world be destroyed in 2012?

2012. The end of the world. Or, maybe, the end of electronics. Or, maybe not. Maybe it’ll be 2013. It could be the end of civilization as we know it. Or, maybe not.

For the record, I’m not making this up. These are the sort of third-hand, reasonably imprecise dire warnings we’re hearing from some sources.

Follow along, because either we’re doomed — or duped.

According to an article in Monday’s issue of New American, an Australian columnist and “lecturer” named Dave Reneke is claiming that 2012 (or maybe 2013) could be the year that the sun flares to a level that it destroys global electronics.

Reneke bases his analysis on interpretations of a $31 research report published by the National Academies Press, based out of Washington, DC.

Another report claims, and I couldn’t make this up if I tried, that a “Sun storm to hit with ‘force of 100m bombs’”.

This one, too, goes on to quote Aussie “lecturer” Reneke, who states that a coming Solar Max storm “will be the most violent in 100 years”.

Sigh.

I got involved in this story when one of my favorite fellow ZDNet bloggers (who shall remain nameless as I’m about to put my mock on) suggested I write about what the American government was going to do about our impending doom.

Okay, okay. Fine. First, the obvious disclaimers. I am not an astronomer. My engineering degree is in computer science, which gives me some technical cred, but I did not take even one course on the subject about which I’m writing today.

That said, I am a darned good researcher. I have not found much credible information that backs up Reneke’s claim. There are a lot of blog spoutings on the topic, one article by an ABC (Australian Broadcasting Corporation) affiliate claiming it’s all rubbish, but nothing tangible that supports Reneke’s doom and gloom story, especially as he’s managed to situate it in the middle of 2012.

Of course, that doesn’t mean he’s not right. History is filled with stories of renegade Renekes who warned about impending doom, only to be ignored and later proven correct.

This brings us back to my fellow blogger’s question about what the American government is doing about it. Let’s chunk that question up and ask what the American government is doing about any of our crisis areas?

Are they fixing our roads and bridges? No. Are they really solving our health care crisis? No. Are our politicians able to stand in a room together for even a few hours without making sophomoric outbursts? No.

America is having a focus problem. Right now, the left is fighting with the left. The right is fighting with the right. Neither side is putting America first for problems that are provable, urgent, and tangible right now.

In that light, has American prepared its infrastructure for an influx of solar radiation?

Um, no. Outside of a few structures and systems hardened for any eventuality, if we’re hit by the Mother of All Solar Maxes, we’re probably screwed.

On the other hand, 2012 is an election year, and we could wind up with President Palin.

I guess you just takes your chances no matter how the world turns.

Microsoft's security response center is recommending that businesses consider blocking Excel spreadsheet attachments at the network perimeter to help thwart targeted attacks that exploit an unpatched software vulnerability.

The Redmond, Wash., software giant published a pre-patch advisory on June 19 with a list of workarounds that include blocking Excel file-types at the e-mail gateway.

File extensions associated with the widely deployed Microsoft Excel program are: xls, xlt, xla, xlm, xlc, xlw, uxdc, csv, iqy, dqy, rqy, oqy, xll, xlb, slk, dif, xlk, xld, xlshtml, xlthtml and xlv.

The company's guidance comes just a few days after public confirmation that a new, undocumented Excel flaw was being used in an attack against an unidentified business target.

The attack resembles a similar exploit that targeted Microsoft Word users, prompting suspicion among security researchers that the attacks may be linked.

The Excel attack includes the use of Trojan horse program called Trojan.Mdropper.J that arrives as an Excel spreadsheet with the file name "okN.xls."

When the Trojan is executed, it exploits the Excel flaw to drop and execute a second piece of malware called Downloader.Booli.A. It then silently closes Microsoft Excel.

Downloader.Booli.A attempts to run Internet Explorer and inject its code into the browser to bypass firewalls. It then connects to a remote Web site hosted in Hong Kong to download another unknown file.

In the latest advisory, Microsoft confirmed that the vulnerability exists in Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac.

Excel 2000 users are at highest risk because the program does not prompt the user to Open, Save, or Cancel before opening a document. Other versions of the software present a warning before a file is opened, Microsoft said.

The company insists that a user must first open a malicious Excel file attached to an e-mail or otherwise provided to them by an attacker to be at risk.

The flaw is described as "improper memory validation" in Excel that occurs only when the program goes into repair mode.

Microsoft also recommends that businesses using Excel 2003 prevent Excel Repair mode by modifying the ACL (Access Control List) in the Excel Resiliency registry key.

Detailed instructions can be found in the advisory.

Microsoft said businesses should also consider blocking the ability to open Excel documents from Outlook as attachments, Web sites and the file system directly.

This can be done by removing the registry keys that associate the Excel documents with the Excel application.

As best practice, the company said Excel users should remember to be very careful opening unsolicited attachments from both known and unknown sources.

http://www.guardian.co.uk/world/2005/nov/1...ael2?CMP=twt_gu

· Officer ignored warnings that teenager was terrified
· Defence says 'confirming the kill' standard practice



An Israeli army officer who fired the entire magazine of his automatic rifle into a 13-year-old Palestinian girl and then said he would have done the same even if she had been three years old was acquitted on all charges by a military court yesterday.

The soldier, who has only been identified as "Captain R", was charged with relatively minor offences for the killing of Iman al-Hams who was shot 17 times as she ventured near an Israeli army post near Rafah refugee camp in Gaza a year ago.

The manner of Iman's killing, and the revelation of a tape recording in which the captain is warned that she was just a child who was "scared to death", made the shooting one of the most controversial since the Palestinian intifada erupted five years ago even though hundreds of other children have also died.

After the verdict, Iman's father, Samir al-Hams, said the army never intended to hold the soldier accountable.

"They did not charge him with Iman's murder, only with small offences, and now they say he is innocent of those even though he shot my daughter so many times," he said. "This was the cold-blooded murder of a girl. The soldier murdered her once and the court has murdered her again. What is the message? They are telling their soldiers to kill Palestinian children."

The military court cleared the soldier of illegal use of his weapon, conduct unbecoming an officer and perverting the course of justice by asking soldiers under his command to alter their accounts of the incident.

Capt R's lawyers argued that the "confirmation of the kill" after a suspect is shot was a standard Israeli military practice to eliminate terrorist threats.

Following the verdict, Capt R burst into tears, turned to the public benches and said: "I told you I was innocent."

The army's official account said that Iman was shot for crossing into a security zone carrying her schoolbag which soldiers feared might contain a bomb. It is still not known why the girl ventured into the area but witnesses described her as at least 100 yards from the military post which was in any case well protected.

A recording of radio exchanges between Capt R and his troops obtained by Israeli television revealed that from the beginning soldiers identified Iman as a child.

In the recording, a soldier in a watchtower radioed a colleague in the army post's operations room and describes Iman as "a little girl" who was "scared to death". After soldiers first opened fire, she dropped her schoolbag which was then hit by several bullets establishing that it did not contain explosive. At that point she was no longer carrying the bag and, the tape revealed, was heading away from the army post when she was shot.

Although the military speculated that Iman might have been trying to "lure" the soldiers out of their base so they could be attacked by accomplices, Capt R made the decision to lead some of his troops into the open. Shortly afterwards he can be heard on the recording saying that he has shot the girl and, believing her dead, then "confirmed the kill".

"I and another soldier ... are going in a little nearer, forward, to confirm the kill ... Receive a situation report. We fired and killed her ... I also confirmed the kill. Over," he said.

Palestinian witnesses said they saw the captain shoot Iman twice in the head, walk away, turn back and fire a stream of bullets into her body.

On the tape, Capt R then "clarifies" to the soldiers under his command why he killed Iman: "This is commander. Anything that's mobile, that moves in the [security] zone, even if it's a three-year-old, needs to be killed."

At no point did the Israeli troops come under attack.

The prosecution case was damaged when a soldier who initially said he had seen Capt R point his weapon at the girl's body and open fire later told the court he had fabricated the story.

Capt R claimed that he had not fired the shots at the girl but near her. However, Dr Mohammed al-Hams, who inspected the child's body at Rafah hospital, counted numerous wounds. "She has at least 17 bullets in several parts of the body, all along the chest, hands, arms, legs," he told the Guardian shortly afterwards. "The bullets were large and shot from a close distance. The most serious injuries were to her head. She had three bullets in the head. One bullet was shot from the right side of the face beside the ear. It had a big impact on the whole face."

The army's initial investigation concluded that the captain had "not acted unethically". But after some of the soldiers under his command went to the Israeli press to give a different version, the military police launched a separate investigation after which he was charged.

Capt R claimed that the soldiers under his command were out to get him because they are Jewish and he is Druze.

The transcript

The following is a recording of a three-way conversation that took place between a soldier in a watchtower, an army operations room and Capt R, who shot the girl

From the watchtower "It's a little girl. She's running defensively eastward." "Are we talking about a girl under the age of 10?" "A girl about 10, she's behind the embankment, scared to death." "I think that one of the positions took her out." "I and another soldier ... are going in a little nearer, forward, to confirm the kill ... Receive a situation report. We fired and killed her ... I also confirmed the kill. Over."

From the operations room "Are we talking about a girl under the age of 10?"

Watchtower "A girl about 10, she's behind the embankment, scared to death."

A few minutes later, Iman is shot from one of the army posts

Watchtower "I think that one of the positions took her out."

Captain R "I and another soldier ... are going in a little nearer, forward, to confirm the kill ... Receive a situation report. We fired and killed her ... I also confirmed the kill. Over."

Capt R then "clarifies" why he killed Iman

"This is commander. Anything that's mobile, that moves in the zone, even if it's a three-year-old, needs to be killed. Over."






The only thing I can say is this. Israel is getting on my nerves a lot.

Police say Waco auto-ped victim was playing "Frogger"

WACO - A man was hit by a vehicle Wednesday evening on Interstate 35 in Waco while he was reportedly trying to play game.

Waco police say the man was trying to play "Frogger," a reference to a game where an individual weaves across lanes of traffic, darting between cars.

He was hit by a vehicle around 9 p.m. in the southbound entrance of I-35 near 15th Street, at mile marker 334.

The victim's condition is unknown at this time.



I know this is really not WORLD news..... but I thought you just have to be a idiot to do something like this...... its hard to believe that there are people really that stupid in the world

1-in-4 worms spread through infected USB devices

Hard on the heels of a report that a USB drive was used to compromise U.S. military networks in 2008, a security company today claimed that 25% of all new worms are designed to spread through the portable storage devices.

"Much of the malware in circulation has been designed to distribute through these devices," said Luis Corrons, the technical director of PandaLabs, the research arm of Panda Security, in a statement Thursday. "Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user."

While a quarter of all 2010's worms rely on USB devices to spread to other PCs, a recent Panda survey of more than 10,000 small- and medium-sized firms found that 27% of those victimized by a malware infection in the last year reported that the attack had originated with infected USB hardware, primarily flash drives.

Other devices that connect to PCs via USB, including smartphones, cameras and music players, also are a threat, added Corrons. "All these devices have memory cards or internal memories and therefore it is very easy for your cell phone, say, to be carrying a virus without your knowledge," he said.

The Stuxnet worm was one of the year's high-profile threats that relied on USB drives. In July, Stuxnet targeted PCs running software that managed large-scale industrial control systems in major manufacturing and utility companies by exploiting a then-unpatched vulnerability in Windows's shortcut files.

When users viewed the contents of an infected USB drive with a file manager like Windows Explorer, Stuxnet loaded itself onto the PC.

Microsoft issued an emergency "out-of-band" security update on Aug. 2 to plug the shortcut hole.

The USB infection vector isn't new. Two years ago, the Conficker worm made headlines worldwide after it spread using flash drives, among other avenues.

Earlier this week, U.S Deputy Defense Secretary William Lynn revealed that the U.S. Central Command's (CENTCOM) network was compromised after an infected USB drive was plugged into one of the network's PCs. CENTCOM is the military's joint regional command responsible for the Middle East, including Iraq and Afghanistan.

After Conficker's appearance, Microsoft patched Windows to fix a bug that prevented users from disabling "AutoRun," the mechanism that hackers used to automatically infect PCs when USB drives were plugged in. The company also changed AutoRun's behavior in Windows 7 to stymie such attacks.

Today, Corrons touted "USB Vaccine," a utility he said completely disables AutoRun. The tool can be downloaded from Panda's Web site; although USB Vaccine is free, users must provide their name, phone number and e-mail address before downloading.

http://edition.cnn.com/2010/CRIME/08/16/ge...i&wom=false

Atlanta, Georgia (CNN) -- The city of Atlanta will pay $4.9 million to the family of Kathryn Johnston, a 92-year-old woman killed in a botched November 2006 drug raid, Mayor Kasim Reed's office announced Monday.

Johnston was shot to death by narcotics officers conducting a "no-knock" warrant. Investigators later determined the raid was based on falsified paperwork stating that illegal drugs were present in the home.

The incident prompted a major overhaul of the Atlanta police drug unit, and three former police officers were sentenced to prison terms for a cover-up that ensued.

Johnston's family will receive $2.9 million sometime in fiscal 2011, the city said, with the remaining $2 million to be paid in fiscal 2012, on or before August 15, 2011.

The payment represents the settlement of a lawsuit filed against the city by Sarah Dozier, Johnston's niece, Reed's office said in a statement. Initially filed in state court, the suit was moved to federal court, where a judge ordered the parties to mediation.

As the search warrant was being executed November 21, 2006, at Johnston's home, she fired at officers with an old pistol, apparently believing her home was being broken into. Six officers returned fire. Johnston's one shot went through her front door and over the officers' heads. They responded with 39 shots, hitting the elderly woman five times.

"The resolution of this case is an important step in the healing process for the city and its residents," Reed said in the statement. "As a result of the incident, several police officers were indicted in federal and state court on charges and were later convicted and sentenced for their actions. In addition, the narcotics unit of the Atlanta Police Department was completely reorganized, which included changes in policy and personnel."

Last year, former officer Jason Smith was sentenced to 10 years in federal prison, while former officers Greg Junnier and Arthur Tesler were sentenced to six and five years, respectively.

All three men pleaded guilty to federal charges of conspiracy to violate civil rights resulting in death. Smith and Junnier also pleaded guilty to state charges of voluntary manslaughter and making false statements, and Smith admitted to planting bags of marijuana in Johnston's home after her death.

U.S. District Judge Julie Carnes ordered the three to split Johnston's funeral costs of $8,180, and to serve three years of supervised release after they complete their prison terms.

"I pray daily for Ms. Johnston," Smith said at the sentencing hearing, according to CNN affiliate WXIA-TV. "I also pray other officers in Atlanta will have the moral fortitude I didn't have."

Tesler was convicted on one state count of making false statements after filling out an affidavit saying that an informant had purchased crack cocaine at Johnston's home, in a crime-plagued neighborhood near downtown Atlanta.

The informant, however, denied ever having been to Johnston's home, leading to probes by federal and state authorities as well as the breakup and reorganization of the narcotics unit.

Tesler's state conviction was reversed on appeal. According to their plea agreements, Junnier and Smith will serve their state sentences concurrently with the federal sentence.

Shortly after the probe began, Junnier began cooperating with authorities, providing "valuable assistance in the investigation and prosecution of Smith and Tesler," according to a statement issued last year by federal prosecutors. Smith also cooperated to a lesser extent, and both men's sentences were reduced in exchange for their cooperation.

Prosecutors have said that officers regularly presented false information to obtain warrants and that they cut corners to make more time for lucrative side jobs providing additional security to businesses, often while on duty, and receiving cash payments.

The investigation into the botched raid also led to guilty pleas from the police sergeant in charge of the narcotics unit and another officer who admitted to extortion, authorities said.

<object width="416" height="374" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="ep"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="wmode" value="transparent" /><param name="movie" value="http://i.cdn.turner.com/cnn/.element/apps/cvp/3.0/swf/cnn_416x234_embed.swf?context=embed&videoId=crime/2010/08/16/dnt.kathryn.johnston.lawsuit.wsb" /><param name="bgcolor" value="#000000" /><embed src="http://i.cdn.turner.com/cnn/.element/apps/cvp/3.0/swf/cnn_416x234_embed.swf?context=embed&videoId=crime/2010/08/16/dnt.kathryn.johnston.lawsuit.wsb" type="application/x-shockwave-flash" bgcolor="#000000" allowfullscreen="true" allowscriptaccess="always" width="416" wmode="transparent" height="374"></embed></object>

I don't know what to say, other than this (again) gives me another reason to NOT trust the police ANY where, whether the family got paid or not.

Hiring hackers: The good, the bad and the ugly

Hack into the Department of Defense, go to prison, come out and get a high paid job as a security analyst. For a while there, it seemed this was a hot career path for geeky, rebellious teenagers who might have viewed spending four years sitting in college classrooms as not that different from being behind bars, anyway. From the point of view of the ex-con kids, it was a dream come true: they got paid - often very well - to do what they were doing anyway, for free, and didn’t have to worry that the FBI would come knocking at the door (or bust it down) late some night.

From the point of view of the companies doing the hiring, who better to do penetration testing than people whose skill levels have been proven in a court of law? It seems to make sense, but the trend appears to have leveled off as many organizations have tightened their general hiring criteria in a less robust economy. However, even if your HR department isn’t bringing them on staff, a close look at the employees (and owners/founders!) of that security consulting firm you’re contracting with might reveal a few folks whose backgrounds include more than a few illegal activities. What are the arguments for and against allowing such people access to your network, and what are the ramifications if it goes wrong?

The good

The obvious argument for hiring reformed black hat hackers to provide advice on network security is that, when it comes to the network intrusion game, they have real world experience in playing offense. The typical IT pro only knows about playing defense. There is a very big difference in mindset between being someone whose primary training is in protecting the network and someone who has learned, usually mostly through trial and error, all the little “tricks of the trade” for breaking into networks. A good hacker really loves the challenge and spends many, many hours perfecting his craft.

There’s also the possibility that you can get the hacker to work cheap - or at least, at a lower salary than the computer science Ph.D. who’s paying off $100K in student loans - and who doesn’t have a felony conviction on his/her record. It’s not just the lack of conventional credentials that can lower the ex-hacker’s compensation expectations, though. Finding vulnerabilities in networks and systems is something that those with hacking in the blood would happily do for no compensation at all.

The bad

Even if the hacker you’re considering hiring as an employee or contractor is completely reformed, having a criminal onboard may not set well with your clients. If your company has or hopes to bid on government contracts that require a security clearance, having a known hacker associated with the company could count against you.

Then there’s the question of whether the hacker really is completely reformed. Maybe he’s sworn off cracking DoD passwords and writing viruses, but will he be tempted to dip into your company’s confidential files and take a look around, just because he can? Can you trust him not to illegally download copy protected music and movies or install warez on computers on your network in his spare time? If he gets bored, might he decide to peruse the personnel files just for fun, or whip up a “harmless” little practical joke script to turn everyone’s desktop wallpaper into a graphic of the blue screen of death?

It all comes down to a question of trust. Giving a person access to your network - especially the kind of access that’s required to analyze your security - is akin to giving someone access to your bank accounts. It’s a position that carries a great deal of responsibility. Would you hire a former embezzler to oversee your money? Probably not, because that person has been shown to misuse that type of access in the past.

Those in favor of hiring hackers (and the hackers hoping to be hired) will argue that “it takes one to catch one.” However, you don’t see law enforcement agencies hiring former murderers to help them catch violent criminals or former burglars to help thwart other breakers-and-enterers. Oh, they might make use of those people as confidential informants but they would never put them into positions of trust where they would have the opportunity to commit the same crimes again.

The ugly

What if your hacker hasn’t reformed at all, but has merely learned to play the game in a more sophisticated way. Social engineering is the art of manipulating people, rather than or in addition to code, to gain entry into a network or system. I’ve always found it interesting when supposedly reformed hackers, who themselves go around preaching the dangers of social engineering, are then hired by companies in spite of the fact that they’re basically telling you that what they’re doing now could easily be another big social engineering ploy. Posing as a reformed hacker/consultant is a great way to gain access to networks - much better than pretending to be a phone company employee or someone from “headquarters” that you’re not. Not only do you get a legitimate pass to get into the network, you also get a paycheck from your target for doing it.

The possible ramifications of having a covert hacker on the “inside” of your network range from serious to devastating. He could use your network to launch a botnet attack. He could send out malware from your location. He could even access files with your company’s confidential financial data or trade secrets and sell the information to one of your competitors.

If you’re in a regulated industry such as healthcare or financial services, such an insider security breach could put you in a precarious position. It would be difficult to argue that you practiced due diligence to protect your data if you knowingly and voluntarily put it in the hands of a known hacker.

You also need to consider whether the self-proclaimed hacker really has the level of skill he claims to have. After all, if he’s been convicted, that means he got caught - and if he were really good, wouldn’t he have been able to cover his tracks? Perhaps he’s just a “script kiddie” who ripped off hacks constructed by others and used them clumsily. On the other hand, if he hasn’t ever been arrested or convicted, what proof do you have that he’s really a hacker at all? Maybe he’s only a wannabe who talks the talk but doesn’t have the programming chops to walk the walk.

Bottom line is that someone who would illegally access someone else’s network may not have a strong sense of right and wrong and/or might have a problem with authority. If he had no compunction about breaking the law, why would you think he would be willing to abide by your company’s policies and the rules and boundaries that you lay down for him as an employee or consultant?

It’s also important to remember that “birds of a feather flock together.” Hackers tend to be friends with other hackers. They learn from each other, and it’s also a culture in which members get a lot of gratification out of impressing each other. Even if “your” hacker doesn’t attempt to harm your network or its assets, can you be sure that he won’t inadvertently let slip information about it when bragging to his hacker friends, that they might use to get in and wreak havoc?

Remember: All hackers are not created equal

In last month’s Cybercrime column, Profiling and Categorizing Cybercriminals, I discussed how different cybercriminals have different motivations for committing criminal acts. If you’re considering hiring a former hacker, it’s a good idea to delve deeply into his background and record and try to discern exactly what category he fits into. That can give you a clue into how much of a risk you would be taking on by hiring him.

A former teenage hacker who stumbled into a federally protected network with no real intent to do harm might very well have been “scared straight” by getting caught. (On the other hand, he may also have been embittered by his experience behind bars, and he might have had his criminal tendencies reinforced in an environment where “being bad” is not looked down on but is rewarded with admiration). A more mature white collar criminal who was deliberately moving money into his own account from another or committing corporate espionage as a “hacker for hire” is likely to have a more deeply ingrained criminal mindset and attitude that’s not so easily changed.

There is always some element of risk in hiring a person to do a job you don’t know how to do yourself, because it makes it easy for that person to put one over on you. There is a greater risk in hiring someone who has committed illegal acts in the past - but some hackers are more of a risk than others.

Protecting your company from your own “hired gun”

If you do make the decision to hire a former hacker, take steps to protect your company from the possible consequences:

• Do a thorough background check. Don’t assume that what the hacker tells you is true. Believe it or not, some people will claim to be criminals when they really aren’t, if they think it will get them a high paying job that makes them look “cool” to their friends.
• Have the hacker sign an employment contract (or independent contractor agreement) that very explicitly sets boundaries and prohibits any access not specifically authorized, prohibits any use or sharing with others of information gathered in penetration testing or other parts of the job, and specifies the penalties for violation.
• Consider having the hacker covered by an employee dishonesty/fidelity bond, or if the hacker is a contractor, require that he provide proof of insurance that will reimburse you if he steals from you, defrauds you or otherwise deliberately causes a loss to your business.
• Don’t give the hacker access to any more than he needs to do the job for which you’ve hired him. Never give him administrative passwords. If he can obtain those credentials on his own, you know you have a security problem, but you should not provide him with them.
• If the hacker leaves or when his contract work is over, change passwords (even if you think he didn’t have them) and make sure strong intrusion detection/prevention controls are in place.
• Monitor network access while and after the hacker works for you and be on the lookout for any suspicious activity. Remember that the hacker may use some other user’s account, not necessarily one that you’ve given him for his own use.

Summary

The practical reasons aside, those who set the tone for a company must examine whether hiring a hacker fits in with their own codes of ethics. Do you want to encourage the practice of profiting from one’s criminal background?

On a final note, I’ve used the masculine pronoun throughout this column, not only because I hate the grammatically incorrect use of “they” and “them” as a singular, but also because the vast majority of black hat hackers - and especially convicted ones - are male.

http://nymag.com/daily/intel/2010/08/judge...hands_vict.html

U.S. District Judge Vaughn Walker ruled on Wednesday that the California's Proposition 8 ballot initiative denying marriage rights to same-sex couples was unconstitutional, in a case that will almost certainly go all the way to the Supreme Court.

Walker ruled that Proposition 8 is "unconstitutional under both the due process and equal protection clauses." The court, therefore, "orders entry of judgment permanently enjoining its enforcement." Two key sentences from the ruling:



That's what history sounds like.
Update: Good As You has a PDF of the decision.

The ruling was a win for lawyers Ted Olson and David Boies, an unlikely pair who faced off against one another during the aftermath of the 2000 presidential election. (Olson represented George W. Bush and Boies represented Al Gore.)

California Governor Arnold Schwarzenegger applauded the ruling, saying it "affirms the full legal protections and safeguards I believe everyone deserves."

Even before the ruling was released, lawyers for the opposing side filed a motion to stay the judge's ruling pending an appeal to the 9th Circuit Court of Appeals.

But opponents of the ban weren't wasting any time. The San Francisco Appeal reported "an absolute scrum at the City Clerk's office, where Vanessa Judipli and Maria Ydril have been issued a marriage license," with an official on hand to marry the two women before any stay can go into effect.
Here's the full conclusion by Judge Walker:

Fake femme fatale shows social network risks
Researcher Thomas Ryan says fictitious Robin Sage character fooled many holding security, military and intelligence posts

Hundreds of people in the information security, military and intelligence fields recently found themselves with egg on their faces after sharing personal information with a fictitious Navy cyberthreat analyst named "Robin Sage," whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking.

In a conversation with Computerworld, Thomas Ryan, co-founder of Provide Security, said he used a few photos to portray the fictional Sage on Facebook, LinkedIn and Twitter as an attractive, somewhat flirty cybergeek, with degrees from MIT and a prestigious prep school in New Hampshire. Then he established connections with some 300 men and women from the U.S. military, intelligence agencies, information security companies and government contractors.

The goal, said Ryan, was to determine how effective social networking sites can be in conducting covert intelligence-gathering activities.

Despite some patently obvious red flags -- such as noting that the 25-year-old Sage had worked professionally for 10 years -- the scheme worked. The connections to Sage, who was depicted as a real-life Abby Scuito, a fictional character in CBS's NCIS television series, were established in less than a month. Many friends freely shared personal information and photos, invited the fictional threat analyst to conferences and asked her to review documents. Some "friends" at major companies, including Google and Lockheed Martin, even expressed interest in hiring her, he noted.

A security researcher created a fake online profile for a fictional cyberthreat analyst named "Robin Sage."

Had Sage really been a foreign agent, she would have had access to a lot of very useful information, said Ryan, who is scheduled to present his findings next week at the BlackHat security conference in Las Vegas. Excerpts from his interview with Computerworld follow:

What prompted you to conduct the experiment? One of the biggest drivers was all the talk about cyberwarfare and cyberespionage -- and what's real and what's not real. I wanted to see how much intel you could gather from a person just by lurking on a social networking site. I [also] wanted to see who was most susceptible to clicking. I wanted to see how fast this thing would propagate. One of the things I found was that MIT and St. Paul's [prep school] were very cliquey. If they don't remember seeing you, they are not going to click. You had less of a chance of penetrating those groups than the actual intel and security communities.

How many connections and friends did Robin Sage make? On Facebook, 226; on LinkedIn, 206; and on Twitter, 204. The connections on Facebook were security and military, LinkedIn was mainly security and intel, and Twitter was mostly hackers.

Did Sage mostly seek out these friends, or were they more likely to make the first move? It was a combination of both. I did approach a few people, [mostly] from the security industry. They had the most connections. They are the speakers, the ones that are always sociable.

What type of information can one get through such connections? Pretty much everything. I had access to e-mail and bank accounts. I saw patterns in the kind of friends they had. The LinkedIn profiles would show patterns of new business relationships.

Why do you think Sage was so successful at making new connections? Because she was an attractive girl. It definitely had to do with looks.

Were most of the connections male? It wasn't all men. The male versus female split was 82% to 18%. The highest number of women were from the intelligence community. The only women who were there from the security community were people promoting conferences and stuff like that.

Do you think a fictional male character would have been as successful in attracting "friends"? It depends on who the male was and how he was portrayed.

What did Facebook do when they discovered what was going on? Facebook shut down the Robin page and my personal page. They said, due to security reasons, I am not allowed to use Facebook again. LinkedIn just deleted the Robin account but [a cached version] is still there on Google.

What's the takeaway from the experiment? The big takeaway is not to friend anybody unless you really know who they are. The same tactic was used to infiltrate a secret Israeli base. The people on the base were the only ones on a private Facebook page. Somebody was able to gain access to it and gather intel on the base.

Anything else? I was never able to friend anyone from the CIA or the FBI. I tried. It just didn't work. Toward the end of the experiment, there was this massive influx of Arabs from overseas that were trying to get on the Robin page where all the military stuff was. I didn't really care for it. That was a bit scary.

Microsoft sets emergency Windows patch for Monday
As exploits of shortcut bug climb, company commits to 'out-of-band' update

Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2.

The company said it is satisfied with the quality of the "out-of-band" update -- Microsoft's term for a patch that falls outside the usual monthly delivery schedule -- but also acknowledged that it has tracked an upswing in attacks.

"In the past few days, we've seen an increase in attempts to exploit the vulnerability," Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), said in a entry to the team's blog. "We firmly believe that releasing the update out of band is the best thing to do to help protect our customers."

Budd said that Microsoft would release the patch on Monday at approximately 1 p.m. ET, 10 a.m. PT.

Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.

The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the "Stuxnet" worm, which targeted Windows PCs that manage large-scale industrial control systems in manufacturing and utility firms.

Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.

One of those campaigns apparently tipped the scales toward an early patch.

The Microsoft group responsible for crafting malware signatures to defend customers using the company's antivirus products, including the free Security Essentials, said that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal.

"Sality is a highly virulent strain ... known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware," wrote Holly Stewart of the Microsoft Malware Protection Center, on the group's blog Friday. "It is also a very large family -- one of the most prevalent families this year. "

Sality's inclusion of the shortcut exploit quickly drove up the number of PCs that have faced attack. "After the inclusion of the [shortcut] vector, the numbers of machines seeing attack attempts combining malicious [shortcuts] and Sality.AT soon surpassed the numbers we saw with Stuxnet," said Stewart.

"We know that it is only a matter of time before more families pick up the technique," she added.

Other security researchers had spotted Sality exploiting the shortcut bug earlier this week. On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan.

Last week, security researchers had argued over Microsoft's ability to quickly patch the vulnerability, with HD Moore, the chief security officer of Rapid7 and the creator of the well-known Metasploit hacking toolkit, betting that Microsoft would fix the flaw within two weeks. Moore's prediction was nearly on the dot.

All versions of Windows contain the shortcut vulnerability, including the preview of Windows 7 Service Pack 1 (SP1), and the recently retired-from-support Windows XP SP2 and Windows 2000.

EXCLUSIVE: Sophisticated Network Helps AWOL Afghans Make Trip to Canada

For the Afghan soldiers who have gone AWOL from an Air Force base in Texas, there's no place like Canada.

Since 2002, 46 Afghans have deserted their armed forces while in the U.S. for language and military training. Of those 46, roughly half--at least 22--have found their way north of the border.

They made the trip with the help of a network of people, including Afghans who left Lackland Air Force Base before them; a group of naturalized and undocumented Mexican women in Texas; relatives of current and former Afghan military students living in the West; and at least one Iranian taxi driver who runs a human smuggling business at the Canadian border.

The Afghans who have made it to Canada appear to be living comfortably there -- and many have put themselves on Facebook, where they connect with other Afghan dissenters and active U.S. and Afghan military personnel, including members of the Afghan military currently attending the Defense Language Institute at Lackland or receiving training at other military bases in the U.S.

Based on interviews with U.S. and Afghan military personnel, civilian and military sources at the Defense Language Institute, interviews with some of the AWOL Afghans and information gleaned from their online profiles, FoxNews.com has exclusively uncovered details of a pipeline that runs from San Antonio to Toronto.

The first leg of the pipeline involves a group of women, some of whom are believed to be Mexicans illegally in the U.S., who pick up the men outside Lackland Air Force Base in San Antonio and drive them to their next stop. Often, that’s a bus station or airport, but sometimes the women drive them farther. In at least two instances, they accompanied the Afghans all the way to Canada.

At least six Afghans flew from Texas to Buffalo, N.Y., multiple sources say, and then traveled the short distance to Niagara Falls, where they posed as bumbling, lost tourists who crossed into Canada and kept on going.

At least three of the AWOL men now living in Toronto have profile pictures on Facebook that feature them standing in front of Niagara Falls, including. Mohammad Nasim Fatehzada, whose Facebook profile picture, timestamped June 21, 2008, shows him posing at the Falls.

Two others, Sardar Ahmadi and Mohammad Zaher Aetimady, traveled to Canada by way of a long cross-country bus trip, Ahmadi told FoxNews.com. He posted photos online of his DLI graduation and of his sightseeing trip to Washington D.C., where he posed in front of the Capitol. There are also photos on Facebook of Ahmadi at a Quality Inn in Philadelphia. Aetimady, who belongs to the Facebook group “We Love Roadtrips,” posted photos of himself inside the Toronto subway system.

When asked if anyone had given him money to travel to Canada, Ahmadi said in a Facebook message:

“hi, this is sardar Ahmadi. that is not true nobody give money to any one . it is very cheap . not that much expensive only 120 or something by bus from taxes to bufolo. in D L I every body gets money from school about $1500 USA Daller per month. that school scholarship money or something.”

The former Afghan liaison at DLI, Wahab Sultany, told FoxNews.com that students receive a monthly stipend of $650 from NATO. But a NATO spokesman told FoxNews.com in an email:

"The Afghan students are in receipt of their ANA pay. They also receive a supplementary travel and living allowances, this is funded through NTM-A. NTM-A/CSTC-A is funded through several ways but it is not appropriate to discuss the detail of this funding and how it is allocated."

Many of the men took sightseeing detours through Washington, where they posed for photos wearing cowboy hats in front of the Capitol and the Washington Monument, which more than one referred to as the Washington Tower. Facebook photos show that at least one of the men appeared to have taken a short-time job at a hotel or conference center while in Washington.

At least three others spent time in Arizona, where they took photos at the Grand Canyon.

At least 26 of the Afghan deserters are linked directly or through friends to one another on Facebook. Many of their online profiles feature group photos featuring other AWOL Afghans who deserted from DLI over the course of five years — men who did not attend DLI at the same time but who appear to have become friends after settling in Canada.

Prior to July 23, 2009, Afghan military dissenters could apply for refugee status the minute they set foot in Canada.

One of them, Sardar Ahmadi, said in phone interview with FoxNews.com last month that he and Mohammad Zaher Aetimady, his friend and classmate at the Defense Language Institute (DLI), left Lackland together after graduating from the program in January 2009. “I applied for immigration, for study,” he said. “We finished the school, we came to Canada as refugee”

At the time, citizens from Afghanistan who arrived at the Canada-U.S. border were eligible to make a refugee claim in Canada, based on an exception to the 2004 Safe Third Country Agreement, which compelled refugee claimants arriving in North America to seek refugee status in the "first" safe country — either the U.S. or Canada — they reached.

But a temporary exception was granted to nationals from Afghanistan, Democratic Republic of Congo, Haiti, Iraq and Zimbabwe.

Many of the Afghans who deserted from DLI entered Canada while the exception was in effect. But on July 23, 2009, the exception was revoked, and now any Afghan who tries to claim refugee status in Canada after leaving the U.S. is supposed to be turned back.

Since then, sources with knowledge of the process told FoxNews.com, some of the Afghan deserters have relied on the help of a Iranian cabdriver who shuttles across the Canadian border at a specific checkpoint and will sneak someone across the border in his trunk for $400. Sources say the network of former AWOL Afghans and their supporters know how to get in contact with this taxi driver. Those sources also believe he makes round-trips and smuggles people into the U.S. as well.

An FBI spokesman, when asked to comment on the Iranian taxi driver, told FoxNews.com, “I don’t have any particular knowledge of this and have nothing further at this time.”

Patrizia Giolti, spokeswoman for Canadian Border Services Agency, said in an email statement to FoxNews.com, “The CBSA works closely with domestic and international partners to combat irregular migration to Canada, including smuggling and trafficking in persons.” Citing Canada's Privacy Act, she said she could not answer questions about specific individuals or cases.

Twenty-Five Afghan military members remain unaccounted for, NATO officials have told FoxNews.com, citing data provided to them by the Department of Homeland Security. But sources at DLI and Lackland say they don’t know the whereabouts of only five of the AWOL Afghans: Ahmad Sameer Samar; Bahram Mohmand; Abdullahad Ahadi; Javed Aryan; and Mirza Gul Neshat.

But at least three of those five have put themselves on Facebook with no apparent concern for law enforcement searching for them.

One Afghan’s journey north is well documented through photos posted on his Facebook profile. On Sept. 15, 2008, after graduating from DLI, Matiullah Mahdi began International Captains Career Courses at Arizona’s Fort Huachuca, home of the U.S. Army Intelligence Center and the U.S. Army Network Enterprise Technology Command. U.S. Army spokesman Christopher Garver told FoxNews.com:

"Capt. Mahdi failed to return for training after the 2008 Holiday Exodus leave program (18 DEC 08- 4 JAN 09). His leave form stated that he was going to spend his leave in Tucson, Ariz. He was reported as unaccounted for to the battalion commander (Lt. Col. Richard M. Monnard at the time) on 5 JAN 09. He was declared AWOL. AWOL reports were sent through the U.S. Army chain of command, U.S. Army Security Assistance channels, Fort Huachuca Provost Marshall, and the U.S. Department of Homeland Security.

"All of the training that Capt. Mahdi received while in the U.S. for training was at the UNCLASSIFIED level. At no time did he have any access to any classified or sensitive information. He was assigned to Company A, 304th MI Bn."

A photo uploaded to Mahdi's Facebook profile, timestamped March 19, 2009, shows him still in Arizona, visiting the Grand Canyon. A photo timestamped May 31, 2009, shows him in Toronto. He lists his current employer as the Defense Language Institute’s English Language Center.

Those who make it to Canada find jobs at establishments that include a supermarket, a Subway sandwich shop, and often in hotels doing housekeeping.

But life as a deserter isn’t always easy. One Afghan, Naqibullah Mayar, wrote to a friend:

"I am not as good as you man, Just surviving and hardly making living."

At least two Afghan deserters spent time in Arizona and may still be living there. In May, one wrote on Facebook that he was going to visit another AWOL Afghan who was living in Arizona. Of the five unaccounted for Afghan military members, at least three are believed to be still living in the U.S, according to diplomatic and Air Force officials.

And there could be more. While Sardar Ahmadi said he was in Toronto, his secondary Facebook profile — the one to which he posted photos of his DLI graduation ceremony — lists his current location as “Davenport, Iowa.”

When FoxNews.com asked him why, in a Facebook message, Ahmadi abruptly "defriended" the reporter.

Immigrations and Customs Enforcement declined to comment.

The Department of Defense and U.S. Customs and Border Protection did not return requests for comment.

Apple, AT&T sued over iPhone 4 antenna problems
Another law firm claims it has received inquiries from more than 1,400 frustrated owners

Just six days after the iPhone 4's launch, a pair of Maryland residents sued Apple and AT&T, alleging that the smartphone's defective antenna design drops calls and can't hold a strong signal.

The lawsuit, filed in federal court in Maryland, claims that Apple knowingly sold defective phones and broke its warranty promises. The lawsuit also levels seven additional charges against Apple and AT&T, including general negligence, deceptive trade practices, fraud and misrepresentation.

Kevin McCaffrey and Linda Wrinn each pre-ordered a new iPhone from AT&T on June 15, but after receiving their phones on June 24 and 28, respectively, they experienced dropped calls because of the device's antenna design, the suit alleges.

"Plaintiffs are left with a device that cannot be used for the normal purpose and in the normal manner in which such devices are intended to be used," reads the lawsuit. "Plaintiffs are unable to return the phone without incurring a substantial restocking fee."

The lawsuit seeks class-action status, a move that if granted would allow any U.S. iPhone 4 owner to join the case.

McCaffrey and Wrinn are represented by attorneys with Ward & Ward PLLC, a Washington law firm, and Charles A. Gilman LLC of Timonium, Md.

Their lawsuit is the first stemming from complaints about substandard iPhone 4 call reception, which started last week when the new phone reached users. Almost immediately, owners reported that their phones would lose a signal, or that the signal indicator would show a weakened signal, when the smartphone was gripped in a certain way, especially if it was held in the left hand.

Hardware experts believe that holding the iPhone can bridge the two antennas embedded in the steel band that encircles the device, lowering signal strength and changing their ability to receive and transmit signals at the designed frequencies.

McCaffrey and Winn's lawsuit cited several of the accounts on the Internet of the reception problems, as well as e-mailed statements allegedly made by Apple CEO Steve Jobs to users and a leaked script for Apple support technicians that ordered them not to offer warranty service for the flaw.

The suit demands that Apple and AT&T pay compensatory and punitive damages, and that Apple be barred from selling more iPhone 4s until it has "repaired the design and/or manufacture defect."

This lawsuit will likely not be the last. Last Monday, Sacramento law firm Kershaw, Cutter & Ratinoff began soliciting potential plaintiffs who had experienced poor reception for a class-action case. Tuesday, the firm said it had received more than 1,400 e-mails from iPhone 4 owners interested in joining a lawsuit.

"Thousands of people are really unhappy with their new iPhones and Apple's response to the antenna issue," the law firm wrote on its blog.

William Kershaw, KCR's lead class-action counsel, did not respond to a request for comment on the firm's plans.

Palestinian jailed for rape after claiming to be Jewish

A Palestinian man has been convicted of rape after having consensual sex with an Israeli woman who believed he was Jewish because he introduced himself as "Daniel".

By Adrian Blomfield in Jerusalem
Published: 10:00PM BST 20 Jul 2010

A court in Jerusalem has made international legal history by jailing Sabbar Kashur, a 30-year-old delivery man from East Jerusalem, for 18 months.

He was convicted of "rape by deception" following a criminal trial that has drawn criticism from across Israel.
The court heard accusations that Mr Kashur misled the woman, whose identity has not been disclosed, by introducing himself with the traditionally Jewish name during a chance encounter on a street in central Jerusalem in 2008.

After striking up a conversation, the two went into a top-floor room of a nearby office-block and engaged in a sexual encounter, after which Mr Kashur left before the woman had a chance to get dressed. It was only later that she discovered Mr Kashur's true racial background, lawyers said.

Although conceding that the sex was consensual, district court judge Tzvi Segal concluded that the law had a duty to protect women from "smooth-tongued criminals who can deceive innocent victims at an unbearable price"

"If she hadn't thought the accused was a Jewish bachelor interested in a serious romantic relationship, she would not have co-operated," Mrs Segal said as she delivered her verdict.

A conviction for rape by deception on the grounds of racial misrepresentation is believed to be internationally unprecedented, according to British legal experts.

The charge is rarely used in the West. In 2007, a Syrian pilot walked free from a court in Swansea after being accused of tricking a woman into intercourse by saying it could cure her of a sexually transmitted disease.

A court in Massachusetts also acquitted a man who allegedly masqueraded as his twin-brother in order to have sex with the man's wife.

While forced sex by deception is an offence under Israeli law, legal experts say it is a charge used sparingly in cases involving protracted deceit and a promise of marriage.

Kashur was originally accused of violent rape and indecent assault, but later accepted the lesser charge under a plea-bargain after prosecutors received evidence suggesting the encounter was consensual.

Kashur’s lawyer, Adnan Aladdin, said he had filed an appeal to ensure that the verdict was not considered precedent-setting, adding that otherwise “many men would find themselves in jail.”

Israeli legal experts said they found the verdict disquieting.

"In the context of Israeli society, you can see that some women would feel very strongly that they had been violated by someone who says he is Jewish but is not," said a former senior justice ministry official.

"The question is whether the state should punish somebody in that situation. It puts the law in the position of what could loosely be described as discrimination. I would feel intuitively uncomfortable about prosecuting someone for something like that."

Asked whether his client was the victim of racial discrimination, Mr Aladdin said he "would rather not comment". Others, however, were scathing.

Gideon Levy, a leading liberal commentator, said: "I would like to raise only one question with the judge. What if this guy had been a Jew who pretended to be a Muslim and had sex with a Muslim woman. Would he have been convicted of rape? The answer is: of course not."

Israeli human rights activists said that Kashur's actions reflected the deceits many Palestinians practise when in Israel in an attempt to avoid official and private prejudice because of their background.

"It is very well known that Israeli-Palestinians living in Israel disguise themselves," said Leah Tsemel, a human-rights lawyer. "You change your accent and you change your dress because if you look like an Arab you face harassment.

"If you want to enter a pub, you'd better not look like an Arab and if you want to have sex with an Israeli girl, you had better not look like an Arab."

The prosecutor in the case was unavailable for comment and officials in the Jerusalem district attorney's office declined to discuss it.


________________________________________________________________________________
___

hmmmm is this not what you could call racism ? and fubar, and snafu beyond anything yet ? But then again I know of a country that supports Israel´s persecution, and what not. That has some VERY insane laws too.
And I do not think I need to mention its name, but no it is not my country, but a country where the Danish politicians has been kissing its arse , ever since after WWII. And well, I have friends in that country, but still some times you just shake your head, again and again.

Real-world testing: iPhone 4 vs. HTC EVO 4G
Our writer spent a few weeks with the Apple iPhone 4 and the HTC EVO 4G. Which came out ahead?

I've been using an iPhone for three years now, first the original iPhone then the 3G. I like the iPhone a lot -- but I'm not married to it. When I began hearing great things about the Sprint's Android phone, the HTC EVO 4G, I thought hard about switching. And although I eventually decided to upgrade to the iPhone 4, I was curious what I was missing.

The good people at Sprint let me borrow an EVO for a few weeks, and I compared it to my personal iPhone 4. I found that there were a lot of factors where one phone excelled over the other -- but that, in the end, it was hard to choose between them.

What follows are my observations about how the two phones compared in a variety of aspects. In each case, I've chosen the phone I think is the winner in each category -- when there was a winner.

Note: The EVO I tested ran Android OS 2.1, but the next version of Android, version 2.2 or "Froyo," is due any day now. Froyo is a major upgrade -- but many of the new features are interesting only to developers, and others are already available on the EVO, including wireless tethering and Flash support.

According to all reports, Froyo performs faster than Android 2.1, but even using Android 2.1, I didn't find performance to be a problem.

Style
The iPhone is a sexy little thing -- 4.5 x 2.3 x 0.4 in. and weighing 4.8 oz. But though the phone is small, it feels solid and comfortable in my hand.

The glass-and-stainless-steel case looks great. The glass is a special reinforced kind, called "aluminosilicate." Apple says it's 30 times harder than plastic. It sounds awesome. (I think Doctor Who has aluminosilicate glass in the windows of the TARDIS.)

At 4.8 x 2.6 x 0.5 in. and weighing 6 oz, the EVO is very large for a smartphone, but not freakishly so. It'll fit in your shirt or pants pocket (unless you wear ultratight 70s disco pants). I have small hands and even so, I found the EVO comfortable as well.

Still, I prefer the smaller size and design of the iPhone 4.

Winner: iPhone 4


Display
The iPhone has a gorgeous screen, which Apple calls a "Retina" display. Looking at photos and images on the iPhone 4 is very nearly paper quality.

When I've taken photos with a phone, I've always waited to get back to my computer to get a better look and decide which pictures to share on the Internet -- until I got the iPhone 4. The display is as good as anything available on most people's desktops.

The EVO's display isn't as good as the iPhone's. Its resolution is 800 x 480 pixels, compared with the iPhone's 960 x 640. On the other hand, the EVO's 4.3-in. display is much bigger than the iPhone's 3.5-in. screen. The big display is one of the chief things EVO enthusiasts like about it.

Winner: iPhone 4

Call quality
Recently, iPhone 4 news has been dominated by user complaints that the device drops calls when you touch a particular spot on the lower-left edge of the case. In a press conference held on July 14, Apple CEO Steve Jobs denied that it was a serious problem but agreed to give a free bumper case to iPhone 4 owners. Jobs said very few users are affected. I believe him. I'm not affected by the problem.

But antenna problems aside, I found that the EVO beats the iPhone in call quality. I tested both phones in a variety of locations around San Diego, where I live. Call quality was very good on both phones, but better on the EVO, with clearer, more natural sound. On the other hand, the iPhone did a better job screening out background noise.

The iPhone is available in the U.S. only with AT&T as a carrier, and AT&T users around America complain about dropped calls and poor audio quality. Customer satisfaction for AT&T was tied for last place among four major American wireless carriers in a March 2010 study by ChangeWave. Just 23% of AT&T customers described themselves as "very satisfied" with service. Sprint, the carrier for the EVO, did much better than AT&T, ranking second with 35% of customers saying they're "very satisfied."

If asked, I would have been one of those "very satisfied" AT&T customers, since service is good where I am. Still, EVO call quality was better.

Winner: EVO 4

Battery life
Battery life was not an issue. Both phones lasted more than a full day of checking e-mail, Web browsing, making phone calls and taking pictures and video. I finished the evening with a significant charge left over at bedtime.

Winner: Tie

Tethering
You can use the EVO as a portable Wi-Fi hot spot for up to eight other devices. It's easy to set up -- you connect your notebook computer or any Wi-Fi enabled device to the EVO the normal way you connect to any Wi-Fi network. When I tried it out, I found that performance was fine for Web surfing, e-mail, instant messaging and other typical Internet usage.

Using the EVO as a Wi-Fi network runs down the phone battery faster than other uses. Starting with the EVO battery topped up, I got 3 hours 45 minutes use out of the phone as a Wi-Fi hot spot before the battery ran completely dry.

The iPhone 4 also offers tethering -- in theory. Your choices are either Bluetooth or USB cabling; you can't use it as a Wi-Fi hot spot. I was unable to get Bluetooth tethering to work, even after an hour on the phone with AppleCare support. On the other hand, USB tethering was easy to set up and worked very well.

Sprint charges $30 per month to activate tethering on the EVO, while AT&T charges $20 per month for tethering on the iPhone. (There are Android apps that purport to offer tethering over a USB cable for free.)

The EVO has a major advantage here, since tethering will be hugely attractive to road warriors who need to take their laptop computers out and about.

Winner: EVO 4G

Wireless broadband
Both phones operate on the 3G network. The EVO also supports the faster 4G networks. However, 4G networks are currently deployed in only a few places in the U.S., so the overwhelming majority of people won't be able to take advantage of the faster network speeds. When using 3G, I noticed no difference in the speed and responsiveness of the two phones.

Winner: The EVO 4G if you live in one of the areas served by 4G. Otherwise, tie.

Camera
The iPhone 4 proves that megapixels (MP) aren't everything. The EVO has a higher-resolution rear-facing camera, 8MP compared with 5MP for the iPhone 4. But the iPhone 4 took better still pictures and video. Lighting in the photos and videos was better and brighter, colors seemed richer and audio quality in videos was better (both phones take HD video).

Winner: iPhone 4

Notifications
Android -- and, by extension, the EVO -- does a great job displaying notifications of incoming e-mails, Twitter @mentions, missed phone calls, new voicemail messages and other events. Notifications appear as icons in a horizontal bar at the top of the home screen. Pull down the bar and you see your notifications in a neat column. Tap on each notification to read it (or in the case of voicemail, listen). It's a great way to catch up if you haven't looked at your phone for a few hours.

On the iPhone, by comparison, notifications are poorly handled. The iPhone can be set so that a small number appears on the icon of each application with new messages. If you have a lot of applications peppering you with notifications, that's messy. You can also get pop-up windows displaying notifications onscreen, but you see only the most recent notification in the pop-up.

Winner: EVO 4G

Video chat
Both the iPhone 4 and the EVO 4G support video chat. The iPhone's FaceTime video chat works only with other iPhone 4s and only on the Wi-Fi network, not 3G or EDGE. But within those limitations, FaceTime works great: One tap on a button while on a conventional phone call and FaceTime starts. Video and audio are crisp and clear.

In theory, the EVO's video chat should be better than the iPhone's, because it's designed to work with any other device on any network. The reality is that video chat on the EVO didn't work for me. The only apps it currently works with are Fring and Qik, but in my tests, Fring video was badly pixilated and the audio was indecipherable. I couldn't get Qik video chat to work at all.

Winner: iPhone 4

Google integration
Gmail is my primary e-mail application, Google Voice gives me my primary phone number, and I use Google Calendar (synced with BusyCal on the Mac) to keep track of my schedule. To sync my mail, contacts and calendar on the EVO, I just had to enter my Google login and the EVO took care of the rest.

On the iPhone, those things are nowhere near as convenient. A while ago, I spent hours figuring out how to get my iPhone 3G to sync with Gmail, contacts and Google Calendar, and I had to go through the whole painful process again when I upgraded to the iPhone 4.

In addition, Google Voice integration on the iPhone 4 is clumsy. You can easily receive Google Voice calls on your iPhone, but you have to use a Web app to place a call with Google Voice. And you have to manually forward your iPhone voicemail. All of that is automatic on the EVO with the free Google Voice app.

If you're not a Gmail user, both phones enable you to pick up POP3 and IMAP email through their built-in mail clients, and both support connectivity to Microsoft Exchange.

Winner: EVO 4G

Multitasking
Android multitasks in the same way that most other computers do. You can run any application in the background while using another.

The iPhone's operating system, iOS 4, keeps third-party app multitasking on a tight leash -- it just lets some apps do some things in the background. For example, GPS apps can continue tracking your location and giving voice directions in the background, while other applications can finish uploading and downloading data.

In theory, the Android approach offers more freedom, but in practice, the multitasking limitations on the iPhone didn't affect my day-to-day use of the phone. Apple says it locks down the iPhone 4 to improve performance and enhance stability, but I did not notice problems with either while multitasking on the EVO.

Winner: Tie

App choice
Both the iPhone and Android have rich ecosystems of third-party applications. With 200,000+ apps available in Apple's App Store versus 70,000+ in Google's Android Market, you'd think the iPhone would have it all over the EVO in app selection. But some types of applications that are available on the EVO are blocked from the iPhone.

For example, Google developed a native version of Google Voice for the iPhone, but Apple blocked it because it duplicates existing phone capabilities. (Surely the fact that Apple and Google are fierce competitors had nothing to do with the decision.)

There were other apps that I found handy that I could get on the EVO, but not on the iPhone. For example, you can download apps to customize text input, changing the default EVO onscreen keyboard.

And the $6.99 DoggCatcher Android app downloads podcasts over Wi-Fi, without having to connect to the desktop to sync. On the iPhone, I have to connect my phone to my desktop computer to download new podcast subscriptions.

I have no philosophical objections to Apple running a closed platform. I just wish they had different rules.

Winner: EVO 4G

Flash
EVO supports Flash, while the iPhone does not. I had mixed results viewing Flash pages on the EVO: Simple Flash animations at corporate Web sites displayed flawlessly, a Flash game rendered extremely slowly and Vimeo videos wouldn't play at all.

Flash support simply doesn't matter to me -- and I think despite all the noise from Apple critics, Flash support isn't going to matter to the overwhelming majority of users. There are plenty of alternatives to sites that require Flash, and some of the most popular Flash sites, like Hulu and YouTube, have non-Flash versions for non-Flash-supporting mobile devices.

But, still, even partial Flash support is better than none.

Winner: EVO 4G

Conclusions
After a couple of weeks putting both phones through their paces, I decided I made the right decision in upgrading to the iPhone 4.

Why? Well, mainly because it's work to switch platforms. You have to learn how to use the new device, and find and download apps to do the same things you did on the old device. To be worth the cost and trouble, the new platform has to do something new and great that the old platform can't do. While there are distinct differences between the iPhone and its Android competition, neither is superior enough to the other that it's worth the inconvenience of switching if you're satisfied with your current platform.

But what if you have neither yet and you're trying to decide between an Android phone and an iPhone?

Well, first you need to consider which carrier you want to go with. The problems people have with AT&T's service are well publicized -- if that is a concern, or if you already have a favorite carrier you want to go with, then choose a phone that works with your service.

If you don't care which carrier you use, then this is the way I'd choose: If photo and video quality are important to you, go with the iPhone, because it's better at those things. Likewise, if style is an issue, go with the iPhone. Otherwise, after working with both the iPhone 4 and the HTC EVO 4G, I would recommend the Android phone as the better choice, for its Google integration, Wi-Fi tethering, open applications and a choice of Android hardware vendors and wireless carriers.