Wednesday, December 30, 2009

Top 10 Security Nightmares of the Decade

Trusted by over 7 million customers!

Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn't even recognize the terms phishing, cybercrime, data breach, or botnet. Let's revisit the top security horrors of the past ten years, and try to remember what we learned from each.

1. Cyberwar

What started out small ended up pretty big. Back in February 2000, a Canadian teenager named Mafiaboy used automated floods of incomplete Internet traffic to cause several sites--including Amazon, CNN, Dell, eBay, and Yahoo--to grind to a halt, in what is called a distributed denial of service (DDoS) attack.

Michael Calce, aka Mafiaboy, pleaded guilty to 55 of 66 counts of mischief and was sentenced to eight months detention. Calce later wrote a book about his experience, entitled Mafiaboy: How I Cracked the Internet and Why It's Still Broken. Some experts say that all security threats progress through a cycle that moves from fun to profit to politics, and DDoS attacks were no different: Opportunist criminals next started using DDoS to hold various gambling sites for ransom.

In May 2007, DDoS attacks turned political, with hundreds of online Russian sympathizers blocking Estonian government Websites, all because a World War II memorial had been relocated. The attacks continued through the summer until Computer Emergency Response Teams (CERT) from various nations mitigated them. The following year, Russian organized crime targeted the government of Georgia with a DDoS attack.

While some people think the United States might not be ready for the upcoming cyberwars, experts from CERT are now advising the U.S. government on how better to protect its infrastructure based on the attacks we've seen thus far.

2. Malware Makes Strange Bedfellows

Viruses and worms have always been around, but in the summer of 2001 one aggressive worm threatened to shut down the official White House Website. Code Red, so named because the discoverer was drinking "Code Red" cola from Mountain Dew at the time, warranted an unprecedented joint press conference with the FBI's National Infrastructure Protection Center, the U.S. CERT, the Federal Computer Incident Response Center (FedCIRC), the Information Technology Association of America (ITAA), the SANS Institute, and Microsoft.

Two years later, Microsoft again teamed with the U.S. Secret Service, the FBI, and later Interpol to offer a $250,000 reward for information leading to the arrest of those responsible for SoBig, MSBlast, and other major viruses at the time.

Such public-private cooperation is rare, but it happened again in early 2009 when Conficker was poised to wreak havoc on the Internet at midnight on April 1. That didn't happen, thanks in part to a unique coalition of rival antivirus companies that collaborated with government agencies under the Conficker Working Group name. To this day, this group continues to monitor the worm. Organizations are stronger when they team up against a common enemy, and even security companies can put aside their differences for the common good.

3. MySpace, Facebook, and Twitter Attacks

At the beginning of the decade, security experts at businesses had to struggle with employees' use of instant messaging from AOL, Webmail from Yahoo, and peer-to-peer networks. These applications poked holes in corporate firewalls, opening various ports that created new vectors for malware.

The battle initally focused on server port 80; but by the end of the decade, the top concerns were Facebook, Twitter, and other Web 2.0 applications.

In 2005, a teenager authored the Samy worm on MySpace, which highlighted a central problem of Web 2.0--that user-contributed content could contain malware. Even as Facebook endured a few privacy snafus, it also had its own worm, called Koobface.

In 2009, Twitter came of age, too, attracting its own malware and highlighting the dangers of shortened URLs--with them, you can't see what's waiting on the other side. Twitter also suffered from spam...or did Guy Kawasaki really send you that porn link?

4. Organized Viruses and Organized Crime

After the Melissa virus struck in 1999, e-mail-borne viruses peaked the following year with ILOVEYOU, which clogged e-mail servers worldwide within 5 hours. (See "The World's Worst Viruses" for more about a clutch of the decade's early offenders.)

As e-mail spam filters improved to block bulk mailings, malicious coders looked elsewhere, turning to self-propagating worms like MSBlast, which exploited a flaw in Remote Procedure Call messages, and Sasser, which exploited a flaw in Internet Information Services (IIS). About this time, viruses and worms began using Simple Mail Transfer Protocol (SMTP) to bypass e-mail filters so that the compromised machines could spew pharmaceutical spam to random addresses on the Net.

Shortly after Microsoft's Reward program netted Sven Jaschen, author of Netsky and Sasser, in 2004, the image of a single author creating viruses in a parents' basement fell out of favor, replaced by organized crime operations with financial ties to porn and bulk pharmaceutical companies. (In 2005, PCWorld wrote a series on the problem, "Web of Crime.") Groups such as the Russian Business Network (RBN) ran sophisticated spam campaigns, including pump-and-dump penny-stock spam.

5. Botnets

With the financial backing of organized crime syndicates came widespread and clever innovations in malware.

In 2007, the Storm worm--which began like any other virus--started talking to other Storm-compromised computers, forming a network of compromised computers all using the Overnet peer-to-peer protocol. This protocol allowed the operator to send out a spam campaign or to use the compromised computers to launch a DDoS attack.

Storm was not alone. Nugache, another virus, was building a botnet, too. And there were others. Today, botnets have spread to the Mac OS and Linux operating systems. The chances are approaching 50/50 that you might have at least one bot on one of your computers now. - Printer Ink, Toner, & More!

Dave & Busters, Hannaford Brothers, Heartland Payment Systems, and TJX, to name just a few. One man, Albert Gonzalez, pleaded guilty for most of these heists, and was implicated in others. Gonzalez and his crew entered malicious code through the Web-facing sites of these major companies. In turn, the malware infiltrated the internal network, where it could look for unencrypted credit card data.

To combat such data breaches, in 2005 the Payment Card Industry (PCI) produced 12 requirements that all of its member merchants must follow; the PCI Security Council updates those requirements every two years. What lies ahead is end-to-end encryption of the credit card data, so that your personal information is never in the clear from cash register to card brand.

7. Gone Phishing

More effective than spam, yet short of a full-blown data breach, is phishing. The idea here is that a creatively designed e-mail can lure you into visiting a believable-looking site designed solely to steal your personal information. Often these sites use "fast flux," the ability to switch domains quickly so that you can't lead law enforcement back to the site.

Using logos and designs from banks and e-commerce sites, some phishing sites seem entirely realistic, a vast improvement over the crude pages full of misspellings of a few years ago. The best defense? Don't click!

8. Old Protocol, New Problem

Behind the Internet are protocols, some of which today perform functions far beyond what they were originally designed to do. Perhaps the most well-known of the overextended protocols is the Domain Name System (DNS), which, as IOActive researcher Dan Kaminisky explained in 2008, could be vulnerable to various forms of attack, including DNS cache poisoning.

DNS converts a Website's common name (for example, into its numerical server address (for example, Cache poisoning means that the stored address for a common name could be incorrect, thus leading a user to a compromised site rather than to the intended site--and the user had no way to know. Kaminsky managed to keep the flaw known to a limited group of companies for about six months, and then rolled out a coordinated series of patches that seemed to address many of the more serious vulnerabilities.

Similarly, researcher Marsh Ray of PhoneFactor discovered a hole within SSL/TLS, one that allows for man-in-the-middle attacks while authenticating the two parties. This wasn't a vendor-specific problem, but a protocol-level flaw. Ray, like Kaminsky, also set about coordinating a patch among affected vendors. However, a second researcher stumbled upon roughly the same thing, so Ray felt compelled to come forward with his vulnerability, even though some of the patches are still to come.

Disclosures such as these have hastened the move to newer standards, such as DNSSEC, which authenticates data in the DNS system, and a newer version of SSL/TLS. Look for the replacement of existing protocols to continue in the coming years.

9. Microsoft Patch Tuesdays

A decade ago, Microsoft released its patches only as needed. Sometimes that was late on a Friday afternoon, which meant that bad guys had all weekend to reverse-engineer the patch and exploit the vulnerability before system administrators showed up for work on Monday.

Starting in the fall of 2003, Microsoft released its patches on a simple schedule: the second Tuesday of every month. What has become known as "Patch Tuesday" has, over the last six years, produced a crop of fresh patches every month, except for four. Oracle patches quarterly, and Adobe recently announced that it would patch quarterly, on or near Microsoft's Patch Tuesday. Apple remains the only major vendor that doesn't adhere to a regular cycle for its patches.

10. Paid Vulnerability Disclosure

Independent researchers have debated for years whether to go public with a newly found flaw or to stay with the vendor until a patch is created. In some cases the vendor doesn't get back to the researcher, or doesn't make publication of the flaw enough of a priority, so the researcher goes public. On the other side of the fence, criminals certainly don't go public, knowing that such vulnerability information is worth serious money on the black market.

After years of back and forth, in recent times one or two security companies have decided to pay researchers to stay quiet; in exchange, the company works with the necessary vendor to see that the patch is produced in a timely fashion and that clients of the company get details of the flaw sooner than the general public.

For instance, at the CanSecWest Applied Security Conference, Tipping Point Technologies annually awards $10,000 to the researcher who can hack a given system. And payment-for-vulnerabilities programs have matured in recent years. For example, in Microsoft's December 2009 Patch Tuesday release, all five of the Internet Explorer vulnerabilities patched can be attributed to the iDefense Zero Day Initiative program.

Tuesday, December 22, 2009

Cost-cutting Yahoo to close offices for holidays

Limited Edition New Moon Gift Cards

Yahoo says it will close its offices from Christmas through New Year's to help save money. The cost-cutting move ends a year in which Yahoo's revenue declined for the first time since 2001.

It's the first time that Yahoo has required most of its 13,200 employees to use vacation time or unpaid leave during the holidays. Only employees performing essential duties will be working from Dec. 25 through Jan. 1.

Yahoo Inc., based in Sunnyvale, Calif., has eliminated about 2,000 jobs and shed other expenses since September 2008. The streamlining has helped offset a 12 percent decline in Yahoo's revenue through the first nine months of this year.

Several other Silicon Valley companies traditionally close most of their offices during the holidays.

Thursday, December 17, 2009

Netbooks meet luxury in ultra-light

Cash Back Coupon!

Netbooks have been a hit among laptop buyers because they're cheap and they're easy to carry. Now there's the option to pay a lot more and get a lot less — a lot less weight, that is.

Sony's Vaio X is the runway model of netbooks: stylish, super-thin and without an ounce of weight to spare. It's expensive too: the base model is $1,300 at and Sony Style stores. The price is nearly four times as much as a standard netbook.

Its carbon-fiber body, just over half an inch thick, houses an 11.1-inch screen and weighs just 1.6 pounds. How light is that? Well, it nearly blew out of my hands one day when I was walking down the street with it opened. I'm not kidding. It makes 2.5-pound netbooks feel heavy. It makes the 3-pound MacBook Air seem like a dumbbell.

Sony says it's the world's thinnest, lightest laptop with a screen larger than 10 inches diagonally. Whatever the state of the competition may be, the light weight means that carrying the Vaio X around never really felt like a burden. It was a great companion on my commute, with a screen large enough to read comfortably on, and light enough to hold in one hand when standing, at least for short periods of time. For the ultimate in mobility, the computer has a built-in modem for Verizon Wireless' cellular broadband network. Service costs an extra $60 or so per month.

Of course, a mobile laptop isn't much good if it has poor battery life and constantly needs to be tethered to an outlet. The Vaio X does pretty well in this regard, at least if you consider the weight. On battery power, it lasted 1 hour and 47 minutes when playing high-definition video nonstop and accessing the Web via Wi-Fi. In more typical circumstances, this translates into about three hours of use.

The Vaio X also comes with a protruding extended battery with four times the capacity of the regular one. Together, you could get about 17 hours of work from them. The extended battery bumps the weight of the unit to 2.3 pounds.

The carbon fiber and aluminum frame is part of the reason the Vaio X can be so light. Like other netbooks, it uses an Intel Atom processor, which is small and doesn't run hot, so the Vaio X doesn't need a big ventilation fan or ducting to carry away heat. The unit also dispenses with the standard, disk-based hard drive. Instead, it has a "solid-state disk," or SSD, composed of flash memory chips that don't have moving parts.

The chief drawback of SSDs is that they have low capacities and high prices. The basic Vaio X has 64 gigabytes of storage. There's a model with twice as much for $1,500.

$5.95 Aplus.Net web hosting

The small hard drive isn't likely to be a major impediment, however, because the Vaio X isn't capable of heavy-duty computing in any case. The Atom processor is good enough for e-mail, Web surfing and office applications, but will crawl when forced to do anything more demanding. Running the premium version of Windows 7 is already a bit of a struggle for it, and it doesn't have the processor power to play TV shows from Hulu without stuttering.

Other sacrifices to the design include feeble speakers and a somewhat flimsy feeling. The carbon-fiber cover isn't as good at repelling fingerprints as anodized metal or matte plastic, so the runway-ready looks can get grubby fast. The keys don't "give" much under the fingers, so extended typing can be uncomfortable.

The Vaio X does have a slot for SD memory cards, common in digital cameras, and an Ethernet jack for plugging into wired networks. Both are missing from the MacBook Air. The Sony model also comes with a GPS chip and navigation software, but I wasn't able to get it to work.

If you have the money and need something portable, the Vaio X is a nice choice indeed. Like most netbooks, it's best used as a backup for a standard laptop or desktop.

Wednesday, December 16, 2009

Over the next decade, the evolution of computing and the Internet will produce faster

Ten years ago, we would have been blown away by a cell phone with far more computing power and memory than the average PC had in 1999, along with a built-in camera and programs to manage every aspect of our lives. Ten years from now, the iPhone and its ilk will be antiques.

Over the next decade, the evolution of computing and the Internet will produce faster, increasingly intelligent devices. More of our possessions will contain sensors and computers that log our activities, building digital dossiers that augment our memories, help us make decisions and tame information overload.

Such ideas may sound futuristic and excessive today. And technological predictions are notoriously off-base. Short-term forecasts tend to assume too much change and long-term forecasts underestimate the possibility of sudden, major shifts.

Even so, this vision of interconnected devices that produce and filter massive amounts of data in the 2010s is a logical progression of the Web, computers and gadgetry that emerged in the 2000s. Moore's Law, the principle that computing power doubles every two years without increasing in cost, still rules.

Recall the personal computer, circa 2000. It likely had a "clock speed" — a measure of how fast it could do things — just one-sixth of many computers today.

Apple's 1999 iMac came with 64 megabytes of RAM, memory that helps computers switch among programs. Today's iMac today has 60 times as much. The vintage iMac had a 10-gigabyte hard drive for storing digital photos and other files. Now iPods have more space than that, and iMac drives start at 500 gigabytes.

Remember dial-up? In 2000, fewer than 10 percent of U.S. households had broadband Internet, according to Forrester Research. In 2008, 61 percent of homes had it.

As computers and Internet connections got faster, we enjoyed them more. In October 2002, the average American spent about 52 hours a month on a home computer, according to the Nielsen Co. This October, the figure was nearly 68 hours a month.

We filled ever-more-spacious hard drives with music and photographs, as households with digital cameras jumped from 10 percent in 2000 to 68 percent last year, and those with an MP3 player climbed from less than 2 percent in 2000 to 41 percent in 2008, according to Forrester.

Meet Gay Singles - at!

We increased the ways we could stay connected: More of us got cell phones, camera phones, smart phones and the iPhone. We bought more laptops and came to expect Internet connections almost everywhere.

Personal home pages were replaced by blogs that could be set up in seconds, which gave anyone with a computer and Web access the potential to reach a bigger audience than many newspapers. First-generation social networks, little more than online address books, gave way to sites such as Facebook and Twitter, where we add our words, photos, links and video posts to a collective stream of consciousness.

Online, we also tripped over the line between private and public. We shared intimate details with our network of online "friends," and sometimes it was simply too much information, especially when our boss was reading.

All these changes unfolded because of an explosion in computing power and connectivity that only figures to accelerate in the next decade.

As we move through our lives, we'll leave more and more digital detritus. Some of it will resemble what we share online today. Some will be emitted quietly by devices, just as mobile phones can signal their location.

We'll also have access to more data about the world around us, dwarfing the real-time stock quotes, government statistics, scientific databases and other information stores available today.

In the next decade as conjured by Forrester Research analyst James McQuivey, all that information will be available instantaneously, anywhere. He imagines spotting an acquaintance at a conference and having at his fingertips links to the person's most recent research, plus a reminder of her husband's name.

Software will remember everything McQuivey buys, reads online and watches on TV. A "smart filter" will use his past choices to suggest the next book or show, or even what he should eat for dinner. It's a more powerful version of the way and Netflix make book or movie recommendations.

He also thinks we'll all use this technology just to keep up with everyone else. He likens the situation to calculators in math class: At first teachers banned them but now they're required. Leaving yours at home on test day would be a big disadvantage.

Craig Mundie, Microsoft Corp.'s chief research and strategy officer, believes we are near a long-wished-for era of computers that respond to speech, gestures and handwriting.

In Mundie's vision, "digital assistant" programs will help us solve specific problems. Imagine you're moving to a new city and need to find a house. "Relocation assistant" software would listen as you brainstorm out loud about whether you want to drive to work or take the bus, about school preferences and the market value of your current house. As you converse with it, the program scouts real estate listings and plots the best on a map.

Our smaller devices will also benefit from speedy connections to "the cloud" — powerful networks of computers that perform services remotely. In a decade, Manny Vara, chief evangelist for Intel Labs, imagines he'll tap the power of the cloud on trips to foreign countries, speaking into his phone and seeing a translation on his screen within seconds.

In another scenario, Vara imagines we will each wear a tiny camera. It could snap a photo of the cutie next to you in the bar and send it up into the cloud for analysis. If it matches your friend's nasty ex, a voice could whisper into your earpiece that it's time to move on. Your portable devices don't have to be powerful enough to run facial recognition software; they just need a connection to the cloud.

Such ideas aren't brand new, but budding technology might finally make them happen. In the 1990s, Mark Weiser, then chief technology officer at Xerox's Silicon Valley research center, wrote about "calm technology" that will exist in the periphery and come forward to claim our full attention when needed. We won't "go on the Internet." Rather, it will become built-in, ubiquitous and unremarkable, much as electricity is today.

"Every physical object will have a digital cloud around it," says Marina Gorbis, executive director at the Institute for the Future.

That raises new challenges for our privacy. And it opens the door to a new leader in the technology industry.

The 2000s saw Google become one of the world's most powerful companies because it helped us get a grip on the sprawling content of the Web. What we will need next, however, is a company that doesn't just organize data. Google, or the next Google, will have to synthesize all that information and help us understand what it all means.

Wednesday, December 09, 2009

How fake sites trick search engines to hit the top

Even search engines can get suckered by Internet scams.

With a little sleight of hand, con artists can dupe them into giving top billing to fraudulent Web sites that prey on consumers, making unwitting accomplices of companies such as Google, Yahoo and Microsoft.

Online charlatans typically try to lure people into giving away their personal or financial information by posing as legitimate companies in "phishing" e-mails or through messages in forums such as Twitter and Facebook. But a new study by security researcher Jim Stickley shows how search engines also can turn into funnels for shady schemes.

Stickley created a Web site purporting to belong to the Credit Union of Southern California, a real business that agreed to be part of the experiment. He then used his knowledge of how search engines rank Web sites to achieve something that shocked him: His phony site got a No. 2 ranking on Yahoo Inc.'s search engine and landed in the top slot on Microsoft Corp.'s Bing, ahead of even the credit union's real site.

Google Inc., which handles two-thirds of U.S. search requests, didn't fall into Stickley's trap. His fake site never got higher than Google's sixth page of results, too far back to be seen by most people. The company also places a warning alongside sites that its system suspects might be malicious.

But even Google acknowledges it isn't foolproof.

Some recession-driven scams have been slipping into Google's search results, although that number is "very, very few," said Jason Morrison, a Google search quality engineer.

On one kind of fraudulent site, phony articles claim that participants can make thousands of dollars a month simply for posting links to certain Web sites. Often, the victims are asked to pay money for startup materials that never arrive, or bank account information is requested for payment purposes.

"As soon as we notice anything like it, we'll adapt, but it's kind of like a game of Whac-A-Mole," he said. "We can't remove every single scam from the Internet. It's just impossible."

In fact, Google said Tuesday it is suing a company for promising "work at home" programs through Web sites that look legitimate and pretend to be affiliated with Google.

Stickley's site wasn't malicious, but easily could have been. In the year and a half it was up, the 10,568 visitors were automatically redirected to the real credit union, and likely never knew they had passed through a fraudulent site.

"When you're using search engines, you've got to be diligent," said Stickley, co-founder of TraceSecurity Inc. "You can't trust that just because it's No. 2 or No. 1 that it really is. A phone book is actually probably a safer bet than a search engine."

A Yahoo spokeswoman didn't respond to requests for comment. Microsoft said in a statement that Stickley's experiment showed that search results can be cluttered with junk, but the company insists Bing "is equipped to address" the problem. Stickley's link no longer appears in Bing.

To fool people into thinking they were following the right link, Stickley established a domain ( that sounded plausible. (The credit union's real site is After that, Stickley's site wasn't designed with humans in mind; it was programmed to make the search engines believe they were scanning a legitimate site. Stickley said he pulled it off by having link after link inside the site to create the appearance of "depth," even though those links only led to the same picture of the credit union's front page.

The experiment convinced Credit Union of Southern California that it should protect itself by being more aggressive about buying domain names similar to its own. Domains generally cost a few hundred dollars to a few thousand dollars each — a pittance compared with a financial institution's potential liability or loss of goodwill if its customers are ripped off by a fake site.

"The test was hugely successful," said Ray Rounds, the credit union's senior vice president of information services.

Stickley's manipulation illuminates the dark side of so-called search engine optimization. It's a legitimate tactic used by sites striving to boost their rankings — by designing them so search engines can capture information on them better.

But criminals can turn the tables to pump up fraudulent sites.

"You can do this on a very, very broad scale and have a ton of success," Stickley said. "This shows there's a major, major risk out there."

Robert Hansen, a Web security expert who wasn't involved in Stickley's research, said ranking high in search engine results gets easier as the topic gets more obscure. An extremely well-trafficked site such as Bank of America's would always outrank a phony one, he notes.

Still, Hansen said, criminals have been able to game Google's system well enough to carve out profitable niches. He says one trick is to hack into trusted sites, such as those run by universities, and stuff them with links to scam sites, which makes search engines interpret the fraudulent sites as legitimate.

"I don't think we're anywhere near winning" the fight against such frauds, said Hansen, chief executive of the SecTheory consulting firm.

Roger Thompson, chief research officer for AVG Technologies, who also wasn't involved in the research, said search results can be trusted, for the most part.

"But the rule is, if you're looking for something topical or newsworthy, you should be very cautious about clicking the link," he said. That's because criminals load their scam sites with hot topics in the news, to trap victims before the search engines have a chance to pull their sites out of the rankings.

"The bad guys don't have to get every search," he said. "They just have to get a percentage."

Consumers can protect themselves from scam sites by looking up the domain at, which details when a site was registered and by whom. That can be helpful if the Web address of a phony site is similar to the real one.

Monday, December 07, 2009

AOL ends ties with Time Warner

AOL is shaking loose from Time Warner Inc. and heading into the next decade the way it began this one, as an independent company. Unlike the 1990s, though, when AOL got rich selling dial-up Internet access, it starts the 2010s as an underdog, trying to beef up its Web sites and grab more advertising revenue.

Buy Books. Save Green. Fund Literacy.

Despite a few bright spots in its portfolio of sites, such as tech blog Engadget, AOL has a long way to go until Web advertising can replace the revenue it still gets from selling dial-up Internet access. One especially popular property, entertainment site TMZ, is a joint venture with a Time Warner unit that will keep TMZ and its revenue after AOL splits off.

Now investors are getting a chance to place bets on AOL. On Wednesday, Time Warner shareholders as of Nov. 27 will get one share of AOL for every 11 of their Time Warner shares. The next morning, AOL CEO Tim Armstrong is set to ring the opening bell at the New York Stock Exchange, and AOL will begin trading under the ticker symbol of the same name — the one it had when it was known as America Online and used $147 billion worth of its inflated stock to buy Time Warner in 2001.

The parent company was even known as AOL Time Warner in the heyday. At the time, Time Warner thought its movie, TV and magazine content would benefit from ties with AOL's Internet access business. The media conglomerate announced AOL's spinoff in May after years of trying unsuccessfully to integrate the two companies.

AOL will initially be worth about $2.5 billion, based on the value of preliminary AOL shares that have been trading ahead of the formal spinoff this week. AOL will have no debt, and the company is profitable, though falling — operating income dropped 50 percent to $134 million in the third quarter compared with last year.

In the past year, AOL hired Armstrong, a former Google advertising executive, to engineer a turnaround that eluded the company while it was part of Time Warner.

In those years, AOL struggled to complete its transition away from relying on its dial-up business. The service peaked in 2002 with 26.7 million subscribers, and has declined steadily as consumers switched to broadband. In the third quarter, AOL had 5.4 million dial-up subscribers, who paid an average of $18.54 per month.

Even with the decline, this business brought in $332 million during the quarter, or 43 percent of AOL's total revenue. But that's down from $1.8 billion, or 82 percent of revenue, during its peak quarter seven years earlier.

Overall third-quarter revenue dropped 23 percent from last year to $777 million.

AOL has tried to offset the fading service by moving away from its origins as a "walled garden" with subscriber-only content to a network of online destinations with free material, supported by ads. AOL even began giving away e-mail accounts.

The results have been mixed. After initially showing promise, AOL's ad revenue fell last year and in each of the first three quarters of this year. AOL's advertising shortfall in the third quarter — an 18 percent decline from the same period a year ago — was much worse than the 5.4 percent drop in overall Web ad market, according to PricewaterhouseCoopers LLP.

Another problem: AOL's more than 80 Web sites are struggling to keep their viewers. In the third quarter, AOL's network had 102 million unique visitors in the U.S., according to comScore, a 7 percent drop from 110 million a year ago. By contrast, Google and Yahoo both showed gains of more than 10 percent.

AOL has responded partly with plans to shed up to 2,500 jobs, or more than a third of its employees, in an effort to save $300 million a year. That comes on top of thousands of other cuts in recent years and will leave the company at less than a quarter the size it was at its peak in 2004. The cost-cutting has allowed AOL to stay profitable despite shrinking revenue.

PowWeb Hosting - *On Sale * $3.88/month!

AOL also is trying to produce online material far more cheaply. It plans to launch dozens of new sites next year and populate much of them with work done by freelancers. These freelancers will be paid by the post — some with a flat rate, some with a share of revenue based on the amount of traffic the post generates.

Ned May, an analyst with Outsell Inc., believes AOL can use this low-cost method to experiment with building lots of new sites and see what sticks with viewers.

To stimulate the process, AOL is counting on a content-management system it calls Seed. It shows information about the kinds of things people are searching for online so that writers and editors can quickly create material people presumably want to read.

For example, a site might traditionally write about Halloween costumes in mid-September, but search data showed that people were looking for costumes in August, said Bill Wilson, AOL's head of media.

"There was this whole window we were missing," Wilson said.

Gabelli & Co. analyst Christopher Marangi believes AOL will have to figure out how to better integrate social networking into its sites. AOL owns a social site called Bebo, which is popular overseas but gets about 6 percent as many visitors as Facebook does in the U.S., according to comScore data.

Being its own company again means AOL will regain the freedom to use its resources solely for its own benefit, rather than worrying about how they fit into the Time Warner empire. If the stock performs well, it could become a currency AOL can use to snag employees and acquire other companies.

Of course, now the world also will be able to more closely follow whether AOL is making progress on its strategy.

"That may be a challenge," Armstrong said, "but I think it's a challenge we knew we were signing up for whether we were public or private."

Wednesday, December 02, 2009

Black Friday LCD-TV prices down 22 pct

Decisive price cuts are helping to lift sales of LCD flat-panel TVs after Thanksgiving, research firm iSuppli Corp. said in a new report.

ISuppli said promotional prices are 22 percent lower than before Black Friday, the traditional start of the holiday shopping season. ISuppli estimates 6 percent more TV sets will be sold during a seven-day period that began on Black Friday compared with the same period last year.

The average advertised Black Friday price for a 32-inch set was $369, down from $490 before Thanksgiving.

Prices for larger sets were down more modestly, about 7 percent. Manufacturers instead packed better features into the models that went on sale, such as faster refresh rates for a steadier picture, iSuppli said.

Big brands like Samsung Electronics Co., LG Electronics Inc. and Sony Corp. offered the biggest discounts because they have had the highest regular prices, according to iSuppli analyst Tina Tseng.

JustTechJobs - Post a Job for $199!

ISuppli's analysis excludes plasma TVs, another type of flat panel that's less popular than LCD-based units.

A power outage at a Corning Inc. factory in Taiwan didn't cause a shortage of glass for TVs as initially feared, iSuppli noted. The outage occurred in October, after manufacturers had already bought components for the sets that went on sale on Black Friday.