RFID tags used in two new types of border-crossing documents in the U.S. are vulnerable to snooping and copying, a researcher said on Thursday.

United States Passport Cards issued by the U.S. Department of State and EDLs (enhanced driver's licenses) from the state of Washington contain RFID (radio-frequency identification) tags that can be scanned at border crossings without being handed over to agents. Both were introduced earlier this year for border crossings by land and water only, and can't be used for air travel. New York is the only other U.S. state with an EDL, though others are in the works.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card if a U.S. Department of Homeland Security agents at the border didn't see the card itself, the researchers said. Another danger is that the tags can be read from as far as 150 feet away in some situations, so criminals could read them without being detected. Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance, they said.

Another danger is that hackers could cause EDLs to self-destruct by sending out a certain number, they said.

"It would be relatively easy for someone to read your passport card or EDL," said Tadayoshi Kohno, an assistant professor of computer science and engineering at the University of Washington.

Though there's no reason for panic, "Our hearts should start to beat a little faster," Kohno said. The risk to individual passengers is low, but the problems create systemic weaknesses in the border-crossing system, according to a summary of the report.

Retail, shipping and other businesses are increasingly using RFID tags as wireless bar codes that can contain more information than traditional printed ones. The growth of the technology is making the tools of RFID hacking more easily available, Kohno said.

In a cloning attack, a hacker could read the information off a card's RFID tag, either while the cardholder was passing by or as the official card reader was picking up the data. The attacker could then encode a generic RFID tag with that same data, Kohno said. With that newly encoded tag, someone could slip through the border by appearing to the RFID reader to have a legitimate identification card, as long as no one asked to look at the actual card.

By themselves, the RFID vulnerabilities don't mean someone will get away with cloning or other attacks, Kohno pointed out.

"In reality, the system involved in border crossings is much greater than just the technical aspect," Kohno said. For example, authorities are likely to interview drivers and passengers crossing the border and look at their identification cards, he said. They may also use other measures against card-cloning near border crossings.

However, Kohno and three fellow researchers believe there are mechanisms available for the RFID tags that the U.S. and Washington governments aren't using.

For example, each tag has two specialized numbers: an access PIN (personal identification number) and a kill PIN. (These are larger than bank-card PINs and aren't chosen by the cardholders.) The access PIN can be used to verify that a tag is legitimate and the kill PIN can be used to render the tag unreadable.

The access PINs are used on both the passport cards and the EDLs, but there are additional security measures that the researchers don't think authorities are using. For example, they could test the access PIN using information from a database, Kohno said. In addition, the kill PIN is not set up on the Washington EDLs, which could make them vulnerable to an attack that would make all such cards at a certain site unreadable, he said. Such an attack could cause a nuisance or undermine travelers' confidence, the summary said.

The researchers have given recommendations to both U.S. and Washington authorities, Kohno said.

Full-size U.S. passports, which are booklets instead of cards, aren't affected by these vulnerabilities because their RFID tags have cryptographic protections and the booklets have metallic covers that protect against snooping, the researchers said.

For self-protection, the researchers suggest consumers use the protective sleeves that come with both cards, which can help to prevent clandestine scanning. Travelers can also use the safer full-size U.S. passports instead.

Intel distanced itself from criticism of Apple's iPhone made by executives at the company's Intel Developer Forum conference in Taipei, saying the comments were not appropriate. The chip maker also acknowledged its own products weren't yet suitable for such a product.

Earlier this week, Intel executives Shane Wall and Pankaj Kedia described the iPhone as slow and said the popular handset wasn't able to run the "full Internet" because it uses an Arm processor, instead of an Intel chip. The executives comments -- which neglected to note that Intel doesn't make a low-power processor capable of powering a handset like the iPhone -- were reported by ZDNet Australia, causing consternation within Intel's PR ranks.

[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

"Apple's iPhone offering is an extremely innovative product that enables new and exciting market opportunities. The statements made in Taiwan were inappropriate, and Intel representatives should not have been commenting on specific customer designs," the company said in a statement posted on its Chip Shots Web site .

Intel also admitted its own chips are not yet capable of running a device like the iPhone.

"Intel's low-power Atom processor does not yet match the battery life characteristics of the Arm processor in a phone form factor; and, that while Intel does have plans on the books to get us to be competitive in the ultra low power domain -- we are not there as yet," the statement said.

The comments by Wall and Kedia are at odds with other statements by Intel executives, who generally lavish praise on the iPhone for its design and success in giving users easy access to the Internet. The remarks may have also put Intel in a difficult spot with Apple, since Intel is widely believed to be hopeful that Apple will use its low-power processors in future products.

Microsoft's chief financial officer outlined a three-part plan the company will undertake to weather the current economic crisis, which spurred Microsoft to lower its revenue and earnings expectations for fiscal 2009 on Thursday.

Microsoft will focus on lowering customers' total cost of ownership, tighten its own spending to encourage operational efficiency, and choose its investments carefully in the near term as the U.S. and global economic outlook continues to be volatile, Microsoft CFO Chris Liddell said on a conference call Thursday.

[ Learn more about how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. ]

"There's a high degree of uncertainty in outlook based on the state of the economy," Liddell said. "We can't control the economy, but we can control our overall performance in regard to [it]."

As part of its fiscal 2009 first-quarter financial announcement, Microsoft on Thursday lowered its financial outlook for both second-quarter and full-year 2009 results. The company fears that PC spending may be lower than expected, which would negatively affect its Windows client business. Along with its Business Division, which includes Microsoft Office, the company derives the bulk of its revenue from its client business.

New guidance for the second quarter, which ends Dec. 31, is in the range of $17.3 billion to $17.8 billion for revenue and $0.51 to $0.53 for diluted EPS. Previously, the company said it expected about $18 billion in revenue with EPS of $0.55 for the second quarter. For the fiscal year, revenue is now expected to be in the range of $64.9 billion to $66.4 billion, with EPS in the range of $2 to $2.10. Previously, Microsoft had expected revenue in the range of $66.59 billion to $67.1 billion, and EPS to be between $2.11 and $2.18.

To lure and retain customers who are looking "to do more with less" in the challenging economy, Liddell said Microsoft will focus on providing "high-value products at a low total ownership cost as a competitive advantage." He cited products such as its Hyper-V virtualization software for Windows Server and its unified communications software as ways companies can use IT infrastructure to reduce business costs.

As part of its own plan to manage its expenses, Microsoft will decrease its spending $500 million for the remainder of its 2009 fiscal year, which ends June 30, he said. The company also will lower headcount costs by revising hiring strategies and cutting employee costs such as travel expenses, Liddell said.

Microsoft also plans to lower its marketing expenses to keep the company running efficiently, he said. In this area, the company recently spent $300 million on a marketing and advertising campaign for Windows Vista, which already has been spoofed by competitor Apple in television ads.

Microsoft also will invest only in "key opportunities" for growth as the economic climate remains uncertain, he said. Liddell did not address the possibility of Microsoft making another bid for Yahoo, although recently CEO Steve Ballmer said publicly that a deal between the two companies would still make sense economically.

Google this week continued to hone its effort to push its Google Analytics service into corporate IT shops by adding a slew of new features, including custom report generation, advanced segmentation and integration with Google AdSense.

The new features will let larger companies using Google Analytics ditch any third-party tools they are using for segmentation or custom reporting of data generated from Google Analytics, noted Brett Crosby, group manager for Google Analytics.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

"This is an enterprise class feature launch," he said. "[Users have] been spending a lot of time and money trying to squeeze out this information from a lot of other tools. We think this will solve the dueling tool problem within these organizations."

The free hosted Google Analytics service was launched three years ago to demand so great Google had to temporarily suspend taking on new users.

The integration with Google's AdSense advertising network lets users see which pages of their site are driving the most revenue from AdSense ads. Integrating AdSense and Google Analytics will allow users to determine what content people like, which referring sources are driving the most revenue and which geographies are driving the most revenue, Crosby added.

"There are a lot of sites that use AdSense to drive revenue, and that is their primary source of revenue," he noted. "They can see what their return on investment is."

The update also adds support for advanced segmentation, allowing users to isolate and analyze subsets of their Web traffic -- like visitors who came through an e-mail marketing campaign or those who can from a company buying keywords, Google said. "It allows you to basically zero in on any segment of traffic you want to look at," Crosby said.

Once a company creates a segment for analysis, the tool can be used to compare the past behavior of that subset to the rest of the traffic on the site, Crosby added.

"The idea is to create segments of customer so you can see that buyers behave really differently than my 'looky loo' customers," Crosby noted. "You can start to identify the differences in those sorts of traffic."

Another new feature in Google Analytics allows users to create custom reports using any metrics, Crosby added. This feature could also be used in conjunction with advanced segmentation so users can have more options on how to analyze data.

New advanced visualization capabilities, which provide motion charts of data -- bubble charts that can be animated to show trends over time -- can help users find aspects of data that might not otherwise be apparent, Crosby added.

Finally, Google unveiled a beta of a new Google Analytics API, which will allow developers to pull data out of the analytics service to build new applications. Crosby said that "renegade developers" have already written scripts or created other ways on their own to build new applications that use Google Analytics data. Examples, he said, include iPhone applications that display Google Analytics data on the iPhone, and a Flash-based desktop version of the analytics service.

"I think this is one of the most significant things we can do is allow people to pull data out of Google Analytics and build applications for it that we might never have dreamed of," Crosby noted. "We have a very large customer base, and a lot of these people are developers and want to do things with the data."

Google plans to roll out most of the new features to users over the next several weeks. Crosby noted that the integration with AdSense may take longer than a few weeks, and that the API is available by invitation only.

A year ago Google updated Google Analytics by adding internal search and event tracking capabilities. The latter feature allows Web site operators to more accurately measure how visitors are using interactive Web site elements like AJAX (Asynchronous JavaScript and XML), JavaScript, Flash movies, page gadgets, and other multimedia tools, Crosby said.

Computerworld is an InfoWorld affiliate.

Microsoft's quarterly call with Wall Street on Thursday told the tale of two software franchises and their diverging financial fortunes.

Microsoft's Client revenue, which virtually all comes from sales of Windows Vista, grew just 2 percent year-over-year to $4.22 billion in its fiscal first quarter of 2009.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

"That fell pretty far short of Microsoft's expectations," said Matt Rosoff, an analyst with the independent research firm Directions on Microsoft. "That's always a worry, since it's the core of the company's business."

This was the second recent quarter out of three that saw Vista sales grow sluggishly or shrink. In Microsoft's third quarter of 2008, Client revenue fell 24 percent year-over-year, although sales grew 13 percent year-over-year in the intervening fourth quarter.

Vista's weak growth was in spite of 10 to 12 percent growth in PC shipments. Microsoft blamed the sluggishness on flat PC sales in developed countries and zooming sales of low-cost PCs, in particular, netbooks. Customers in developing countries are more likely to buy PCs with cheaper, basic versions of Windows Vista installed. Or, if they buy netbooks, they are likely to get Windows XP Home or Linux, which results in little or no revenue to the software maker.

As a result, sales to PC manufacturers, which supply 80 percent of Vista's sales, actually fell 1 percent. (The rest of Vista revenue comes from volume licenses to big companies and retail purchases by consumers and small businesses).

Microsoft hopes Vista can rebound in the second quarter with 7 to 10 percent growth during the traditionally strong holiday season.

"We think, particularly with Christmas coming up, that overall sales will be relatively good," said Microsoft CFO Chris Liddell during the earnings call. "We have reasonably good visibility into this quarter in terms of the inventory positions. We feel pretty good about some of the initiatives that we have in the unlicensed area. We've got channel inventory down to where we would like to see it."

But Rosoff said he is "surprised they are that optimistic for the holiday quarter."

Other bellwether PC vendors also lack Microsoft's confidence. Chipmaker Intel Corp. expressed an uncertain outlook during its earnings call earlier this month. While Phoenix Technologies Inc., which supplies BIOS software to half of PCs, on Thursday cut its forecast for laptop sales growth in half to 15 percent from 30 percent.

Microsoft admits the picture for Vista sales is bleaker for the rest of the year. It expects sales to increase just 2 percent, meaning that revenue in the last two quarters of the year might actually fall slightly from the prior year.

That is despite Microsoft's own forecast that PC shipments would grow from 8 to 12 percent for the year. The reason, again, is the expectation that Vista sales will be flat in developed countries and that non-Vista-using netbooks will drive PC unit growth.

Office 2007 enjoys strong growth
Office 2007, meanwhile, appeared to continue its unbroken string of stellar growth. Revenue in the Microsoft Business Division grew 20 percent year-over-year to $4.95 billion.

The company doesn't break out the percentage of MBD revenue that comes from Office. Microsoft has added several highly profitable products to MBD in recent years, most significantly, Exchange Server, which Rosoff estimates is almost a $2 billion annual business.

Still, Office undoubtedly comprises the majority of MBD's revenues, Rosoff said. Those revenues are expected to grow 7 to 8 percent in the next quarter, and 12 to 13 percent for the entire year, far higher than Client (Vista's) revenues.

Microsoft Office has beaten back many threats during its long era of domination. But with the advent of credible SaaS (software as a service) competitors such as Google Docs, cheaper desktop competitors such as IBM Symphony or the much-improved, free OpenOffice 3.0, and the weak economy, could Office's grip on 550 million users finally be weakening? Rosoff isn't buying it.

"I've heard this argument many times over the years. But Office continues to have a real stranglehold in the corporation," Rosoff said. "In the absence of evidence to the contrary, I think it's going to stay that way."

Microsoft will herald a security project called Web Sandbox, for securing Web content through isolation, at the company's Professional Developers Conference in Los Angeles next week.

The Microsoft Live Labs Web Sandbox features a prototype of technology for mashing up code while maintaining better process isolation, quality of service protection, and security, according to the company.

"This will foster more efficient cross-browser development, increased mash-up innovation, and new third-party extensibility models," according to a description of the PDC effort released by a Microsoft representative.

The Live Web Sandbox Web site describes the project as addressing the problem of modern Web applications being "intrinsically insecure, often with unpredictable service quality."

"Today, Web gadgets, mashup components, advertisements and other third-party content on Web sites either run with full trust alongside your content or are isolated inside of IFrames," resulting in a lack of security, the Web page states.

"We have created a cross-browser JavaScript virtualization layer that provides a secure standards-based programming model without requiring any add-ons," according to the site. "We are not done yet. We need your help: Experiment with the Sandbox and make sure it works. We've included a set of samples so you can try to break the Sandbox. Our goal is to provide reusable components that will allow you to secure your Web 2.0 mashups. Our goal is to work together to standardize a secure Web platform. "

A growing number of Web 2.0 applications incorporate third-party content either via direct script inclusion or embedded in an IFrame, Live Labs said. Components included directly execute with full trust and can access private information, according to Live Labs. This leaves a site subject to intentional or non-intentional bugs that could compromise personal information or degrade a Web application's quality of service.

IFrames, meanwhile, offer isolation but not complete security, Live Labs said. Malicious code can try to install ActiveX controls, redirect users, or interrogate a browser history, thus degrading quality of service. IFrames also pose a problem with providing an integrated experience and sharing data across components, the labs said.

In the run-up to its Professional Developers Conference, Microsoft on Friday opened a new initiative to let the developer community hear about and try early developer tools that the software giant is working on.

DevLabs is an online portal where Microsoft plans to share some "early thinking" and let developers help shape the direction of projects, wrote S. Somasegar, senior vice president in Microsoft's developer division in a blog entry. Developers will also get to use some early versions of tools in order to offer feedback.

Many of the projects will start with people who work in Microsoft's developer division, but they can come from other groups that may be working on projects geared toward developers, he said.

Somasegar stressed that the site isn't meant to draw feedback on next releases of existing products, since mechanisms for that are already in place. The projects featured on DevLabs will be early ideas that haven't yet been hammered into exact products, he said. Some projects could become features in existing products, others might be open sourced for the community and others may be trashed, he said.

For now, DevLabs is featuring four projects, including Small Basic, first unveiled on Thursday. Small Basic is a development tool for beginning developers that could be used by kids or adults. It is inspired by the BASIC programming language and based on .Net.

Pex and Popfly, two projects that have been around for a while, are also featured on the site. Popfly users can create games, mashups and Web pages, and Pex is a software testing tool.

Finally, developers can get involved with the creation of Chess, another software testing tool that Microsoft has been developing for a couple years and that it plans to reveal more about next week at its Professional Developers Conference.

dMicrosoft will distribute the second service pack for Windows Vista to a small group of beta testers next Wednesday, the company said Friday.

A small group of Technology Adoption Program members will get a test version of Windows Vista Service Pack 2 (SP2) in the middle of Microsoft's Professional Developers Conference (PDC), which it scheduled next week in Los Angeles, the company revealed on the Windows Vista team blog.

Vista SP2 will include previously released fixes that focus on specific reliability, performance, and compatibility issues with Vista, according to the blog entry, attributed to Mike Nash, vice president of Windows product management at Microsoft.

The company expects Vista SP2 will be compatible with applications that are written using public APIs (application programming interfaces) that run on both Vista and Vista SP1, he said. It also will be released for both Vista and Windows Server 2008 simultaneously.

Microsoft has not set a date for the final release of SP2 and will base that release on feedback from the beta program, according to Nash's post.

Some of the improvements Microsoft plans to deliver in SP2 include the addition of Windows Search 4.0 to enable faster and better relevancy in searches, Bluetooth 2.1 Feature Pack to support the latest Bluetooth technology and the ability to record data onto Blu-ray video format natively in Vista, Nash said.

Vista SP2 also will add Windows Connect Now technology to simplify the configuration of Wi-Fi networks, and include support for UTC (Coordinated Universal Time) timestamps to ensure that files are synchronized across time zones, according to the blog post.

In his post, Nash advised users that if they are waiting for SP2 to upgrade to Vista, they should consider using the Vista SP1 OS now rather than wait.

"While we will recommend SP2 when it ships, your best bet today is Windows Vista SP1," he wrote.

Even as Microsoft readies Vista SP2, the company is expected to distribute an early release of Vista's follow-up, Windows 7, at the PDC next week.

The lawsuit filed by Waste Management against SAP in March over what the trash-disposal company claims was a botched ERP implementation is growing increasingly rancorous, with accusations of withheld information and deliberate foot-dragging.

In addition, the systems integrator Deloitte Consulting has become caught up in the suit, though not as an official party.

[ See earlier developments in this story: "Waste Management sues SAP over ERP implementation" and "Update: SAP files counterclaim against Waste Management" ]

In a filing in Harris County, Texas District Court earlier this month, SAP asked the court to delay the trial until February 2010 due to the complexity of the case. The vendor also alleges Waste Management has not behaved in good faith during the discovery process.

"Rather than focusing on producing the most relevant documents first, Waste Management appears to have taken the opposite approach," SAP said.

While Waste Management's production "has been voluminous, most of those documents -- such as customer invoices, office building sign-in sheets, and customer addresses -- relate generally to its business operations and not specifically to the purchase or implementation of the software at issue in this suit."

SAP also wants the court to delay the depositions of a number of SAP employees.

"The only possible explanation for Waste Management's refusal to produce the documents on which it intends to rely at the depositions -- or, for that matter, for seeking to depose key witnesses before producing its own documents -- is that it hopes to 'surprise' SAP's witnesses with documents they have never seen, or have not seen in years and have long forgotten," the filing alleges.

Meanwhile, SAP has produced "hundreds of thousands of pages of documents, including e-mails and what Defendants believe are most of the critical documents," SAP said.

But a response filed by Waste Management states "SAP has sought to delay the case at every turn," and that trial should begin in April 2009.

"These types of lawsuits, arising from defective software and failed implementation, are routine for SAP," Waste Management said. "There are standard motions it files and it uses the same types of expert witnesses. ... There is no reason the case cannot be discovered and tried in 2009."

SAP's assertions regarding Waste Management's conduct during discovery are "baseless," the filing adds. "Waste Management has made 10 separate productions of 'substantive' information to SAP totaling 947,304 pages (compared to SAP's production of approximately 308,000 pages)."

The documents include issue and resolution logs "addressing specific issues with the programming, conversion and implementation of SAP Waste & Recycling software," the filing states.

SAP has also "refused to present witnesses for deposition, has failed to substantively answer interrogatories, and has lodged boilerplate objections to discovery that it refuses to withdraw," Waste Management said.

Therefore, "it is important for Waste Management to start depositions to determine what SAP refuses [to] disclose and determine what discovery SAP is not providing," the filing adds.

SAP previously filed a counterclaim to Waste Management's suit arguing in part that the trash-disposal company violated its deal with SAP including by "failing to timely and accurately define its business requirements" and not providing "sufficient, knowledgeable, decision-empowered users and managers" to work on the project.

Apparently in support of this line of argument, another recent filing shows that SAP has subpoenaed Deloitte, asking the company to provide all documentation tied to work Deloitte performed for Waste Management regarding the licensing and implementation of a range of SAP software, as well as "any analyses or other work performed by Deloitte concerning Waste Management's business processes."

Waste Management's internal name for the SAP implementation project was "C1" or "Customer First," and the company hired Deloitte to perform an independent review after a site in New Mexico went live, according to the filing.

Deloitte allegedly told Waste Management that "the original Blueprint workshops were ineffective at capturing the business requirements for the WM solution" and that "as a result, after the workshops the Blueprint design was allowed to constantly change as the teams' understanding of the functionality evolved."

"To the extent Waste Management believes [SAP's] software was a failure, the blame lies with Waste Management," the filing adds.

Waste Management argues that SAP's subpoena is worded too broadly. "To the extent that Deloitte's work at Waste Management is not part of the SAP implementation project, plaintiffs object that the request is an improper fishing expedition."

Waste Management and Deloitte declined additional comment on Friday.

SAP spokesman Andy Kendzie said the company does not discuss ongoing litigation. "I would say that beyond that, we will vigorously defend our brand and reputation during the litigation process," he added.

One day after Microsoft issued a rare emergency Windows security patch, the bad guys have a few new ways to take advantage of the bug.

By Friday, security researchers had identified a new worm, called Gimmiv, which exploited the vulnerability, and a hacker had posted an early sample of code that could be used to exploit the flaw on the Web.

[ For earlier developments in this bug's progress, see "Microsoft to rush out emergency Windows patch" and "Attack code for critical Microsoft bug surfaces" ]

Microsoft issued the patch more than two weeks ahead of its next security updates because the bug could be used to create an Internet worm attack and Microsoft had already seen a small number of attacks that exploited the flaw.

This vulnerability lies in the Windows Server service used to connect with other devices on networks. Although the firewall software that ships with Windows will block the worm from spreading, security experts are worried that the flaw could be used to spread infections between machines on a local area network, which are not typically protected by firewalls.

And that's exactly what the Gimmiv worm is designed to do, according to Ben Greenbaum, a senior research manager with Symantec. "It is downloaded onto a target machine via social engineering and then proceeds to scan and exploit machines on the same network, using this newly disclosed vulnerability in the Server service," he said.

The worm then loads software that steals passwords, security experts say.

Both Symantec and McAfee said Friday that they had seen only a very small number of attacks based on this exploit, but Symantec says that, starting Thursday evening, they found a 25 percent jump in network scans looking for potentially vulnerable machines. That could be a sign that more attacks are coming.

That scenario becomes more likely, too, as more tools that exploit the flaw are released to the public. On Friday, sample exploit code was posted to the Milw0rm.com hacker site, and over the next few days hackers are expected to move that code into attack tools that are easy to use.

Greenbaum predicted that the attack code will soon be used to build botnet networks of infected computers. "What we are going to see is this attack being added to the arsenal of botcode," he said.

"Once it evolves to the point where people really don't have to know much about the exploit ... those are the situations where people write the worms that do a lot of [damage]," said McAfee researcher Craig Schmugar.

Does he expect a damaging worm to emerge from this latest bug? "If history is a lesson, then yes," he said.

Researchers at McGill University in Montreal have discovered a new state of matter that they say could greatly extend Moore's Law.

Engineers at companies like Intel and AMD have long been cramming more and more transistors -- the building blocks of the processor -- onto a chip. Last fall, for instance, Intel announced that each of its new Penryn chips hold 820 million transistors. The Penryn chip keeps alive the 40-year-old prediction by Gordon Moore that the number of transistors on a chip will double every two years.

Some observers have long predicted that leakage and energy consumption will be significant roadblocks to the law at some point.

The McGill scientists, though, think they may have a way around those roadblocks.

The researchers say they've found a quasi-three-dimensional electron crystal that could enable them to harness quantum physics to make increasingly small computer chips. The crystal was discovered using a device cooled to a temperature that is 100 times colder than intergalactic space.

Dr. Guillaume Gervais, director of McGill's Ultra-Low Temperature Condensed Matter Experiment Lab, said that the material is not quite three-dimensional but it's something in between two- and three-dimensional.

"In a standard transistor, you have a gate, and the electron flow is controlled by it like a faucet would control a gas flow," Gervais said in a statement. "You can understand the particles as independent units, which lets us treat them as ones and zeroes or on and off switches in digital computing. However, once you get down to the nano-scale, quantum forces kick in and the electrons may condense into a collective state and lose their individual nature. Then all sorts of bizarre phenomena pop up. In some cases, the electrons may even split. Concepts of 'on' and 'off' lose all meaning under these conditions."

Dan Olds, principal analyst with the Gabriel Consulting Group, said the McGill scientists are working on far-reaching science, and even if their theories hold true it would be quite some time before they could be used in the chip manufacturing process.

"There also isn't any evidence to say that this is the answer to continuing Moore's Law. It's a possible answer, it's a potential answer, but only after we understand how these new materials work, which we don't yet," said Olds.

"From a higher perspective, this is the kind of experimental activity that is taking place all over the world. It's great, because we see these breakthroughs that others will build on. Many will fall by the wayside -- blind alleys that don't go anywhere interesting -- but a few will be found to be extremely useful over time. It's the law of the jungle in technology," Olds added. "There are many experiments. Some are interesting but useless. A very few are interesting and very useful. It's too soon to tell which camp this one will fall into."

In its work to shrink transistors and extend Moore's Law, IBM announced last February that they had hit a major milestone in nanotechnology, figuring out how to measure the amount of force needed to move an atom. Their new measurement capabilities could enable researchers to shrink the size of transistors used in computer chips.

Shrinking transistors cuts power requirements and boosts speed.

Computerworld is an InfoWorld affiliate.

Soon after Microsoft released a patch for a critical bug in its Windows Server software, attack code surfaced, and by Friday afternoon an early sample of the code was out, which led to the week ending on a warning note. Between the beginning and the end of the week, former Fed chairman Alan Greenspan blamed the U.S. economic crisis at least in part on the use of bad data. Perhaps next week will bring better news.

1. Attack code for critical Microsoft bug surfaces and New worm feeds on latest Microsoft bug: It didn't take long after Microsoft provided information about a critical Windows flaw, along with a patch, before attack code showed up. Developers of the Immunity security testing tool had an exploit written within a couple of hours of Microsoft's announcement on Thursday. Although the developer's software is only for paying customers, security researchers said they expected a version of the code to go public soon. That happened Friday afternoon when sample code appeared on the Web. The flaw, in Windows Server service, which is used to connect network resources, was also being exploited by a worm.

[ Video: Catch up on the news of the week with the World Tech Update ]

2. Greenspan, Cox tell Congress that bad data hurt Wall Street's computer models: Insufficient and faulty data used in risk management models contributed to the financial mess embroiling the U.S. and rippling across the globe, said former U.S. Federal Reserve chairman Alan Greenspan. Financial firms made business decisions using "the best insights of mathematicians and finance experts, supported by major advances in computer and communications technology," Greenspan told the House Committee on Oversight and Government Reform. "The whole intellectual edifice, however, collapsed in the summer of last year because the data inputted into the risk management models generally covered only the past two decades -- a period of euphoria."

3. Microsoft expanding Surface access: In order to get the SDK for Microsoft's touch-based apps platform, developers had to buy Surface hardware, which could be a pricey proposition. Well, no more: Microsoft will give the SDK to developers who attend a Surface workshop at its Professional Developers Conference next week.

4. Android phone launch day relatively quiet: Google's Android phone went on sale Tuesday, with people here and there standing in short lines outside of stores to be first to get their handsets. While there wasn't anything approaching the buzz surrounding the first iPhone sales, T-Mobile stores reported a steady stream of customers for its G1 phone, which is the first on the market to run the Android operating system.

[ Special report: All about Google Android ]

5. Intel repudiates executives' criticism of the iPhone: Comments from Intel executives who criticized the iPhone weren't appropriate, Intel said, after reports on the statements emerged from the company's developer forum in Taipei. Shane Wall and Pankaj Kedia said the iPhone is slow and incapable of running the "full Internet" because the smartphone has an Arm processor instead of, you guessed it, an Intel processor. "Apple's iPhone offering is an extremely innovative product that enables new and exciting market opportunities. The statements made in Taiwan were inappropriate, and Intel representatives should not have been commenting on specific customer designs," the company said later in a statement posted on its Chip Shots Web site.

6. Gmail activation problem in Apps finally solved: A problem was finally solved this week with Google Apps that kept those who recently subscribed to its Web-hosted office suite from being able to get to their new Gmail accounts. The problem kept Gmail accounts from being activated for new Apps users, starting late last week. The company said Monday the problem would be fixed by Tuesday, but it didn't work out that way, to the consternation of many Apps users, or would-be users.

7. Sun tussles with startup over noted systems designer: In an oddball of a story, startup Arista Networks set off a mini firestorm with Sun Microsystems when it announced that Andreas Bechtolsheim is the company's new chief development officer. Bechtolsheim, you see, is Sun's chief scientist and a top-notch systems designer, so Arista's news led to reports that he had resigned from Sun, which Sun denied, sending e-mail to journalists saying those reports were inaccurate and that he would continue at the company, though part time. That led Arista's director of marketing, Mark Foss, to say that as far as the startup is concerned Bechtolsheim is working full time at Arista, and that there was "a miscommunication" between his company and Sun that they were working to clarify. Bechtolsheim then did the clarifying -- he works full time now at Arista, which he cofounded and where he also serves as chairman, but he's going to advise Sun on a part-time basis of "no more than one day a week."

8. Intel shows off new laptop platform: Users got a glimpse of Intel's upcoming laptop platform, code-named Calpella, at the Intel Developer's Forum in Taiwan. The primary focuses of Calpella are efficiency and battery life.

9. Microsoft looks to secure Web content: At its Professional Developers Conference next week, Microsoft will show off its Web Sandbox initiative, which seeks to secure Web content by isolating it. The technology includes a cross-browser JavaScript virtualization layer that provides a secure standards-based programming model without requiring any add-ons.

10. Where the presidential candidates stand on tech issues: Both Democrat Barack Obama and Republican John McCain bring technology experience to the table as presidential candidates, though the experiences are quite different. Obama is an avid user of technology -- he's among the capital's BlackBerry enthusiasts -- while McCain admits he's not much for using electronic devices, but he has been on the Senate Commerce, Science and Transportation Committee for a long time, and a lot of technology-related legislation passes through that group before going to the full Senate. IDG News Service took a look at where they each stand on five key technology areas: telecommunications, national security, privacy, IT jobs, and innovation.

Microsoft will rush out an emergency security patch for Windows users on Thursday.

The company offered few details on why it was releasing the software update, which is rated critical for users of Windows 2000, Windows XP, and Windows Server 2003. A critical flaw is worrisome, however, because it can be exploited by online attackers to seize control of the PC.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The update will be released at 10 a.m. PT, said Microsoft spokesman Christopher Budd in a blog posting published late Wednesday.

The flaw is considered to be a less serious risk for users of the Windows Vista and Server 2008 operating systems Microsoft said in an advisory on the issue.

For years, Microsoft has released its patches on a predetermined day -- the second Tuesday of every month -- but it has occasionally released patches ahead of schedule when bugs have been actively exploited by computer criminals.

The last such emergency patch issued by Microsoft was in April 2007, when the company fixed a bug in the way Windows processes .ani animated cursor files. That flaw was publicly known and being exploited in attack code hosted on hundreds of Web sites.

This latest vulnerability, however, appears to be unknown to the security community.

For Microsoft to rush out this type of emergency update, it must consider the bug to be very serious, said Dragos Ruiu, organizer of the CanSecWest hacking conference in an instant message interview.

Ruiu said that presenters at Microsoft's recent Blue Hat internal security conference told him that they'd discovered some serious Windows bugs using security testing tools and that the update could fix one of these issues. "It might have wide reaching impact, or might be used easily for significant malicious hijinks," he said.

Ericsson has managed to achieve rates in excess of 100Mbps with next-generation mobile technology LTE (Long Term Evolution) during recent field trials.

LTE is pitched as a successor to the 3G (third generation) mobile services such as the European UMTS (Universal Mobile Telecommunications System) and similar wide-band CDMA (W-CDMA) services.

[ For more on LTE and its struggle to become the dominant architecture for broadband wireless infrastructure , read "The looming battle over wireless broadband." And find out more about rival WiMax in InfoWorld's report "Does WiMax work in the real world?" ]

Ericsson's goal in the field trials was to show that LTE works all the way from the base station to the terminal. "It's always easy to say that you can get a certain speed in a lab environment, but here we have used real antennas and real distances to the terminals, and also in a moving vehicle," said Lars Tilly, head of research at Ericsson Mobile Platforms.

Using four transmit streams (the maximum number supported in the LTE standard), four receive antennas and bandwidth of 10MHz, the measured peak rates exceeded 130Mbps. This translates into approximately 260Mbps, given the maximum bandwidth of 20MHz, according to an article in Ericsson Review.

"Not everyone will be able to get 100Mbps. You need pretty good conditions for it to work, and you need to be relatively close to the base stations, a couple of hundred meters," said Tilly.

The company also evaluated application-level performance using two transmit and two receive antennas, and the TCP (Transmission Control Protocol) bit rate was more than 40Mbps at least 50 percent of the time and more than 100Mbps at least 10 percent of the time along a test route, which a majority of the time stayed within 1 kilometer from the test site.

The test also shows how important it is to use MIMO (Multiple-Input Multiple-Output) to get the most out of LTE. Using four transmit and receive antennas increase performance by a factor of three compared to a basic setup. But at the same time Ericsson warns that MIMO-related gains are strongly dependent on radio conditions.

All the major telecommunications equipment vendors are currently working at full speed to get LTE out the door, according to Martin Gutberlet, analyst at Gartner.

He isn't worried about the base stations. Instead it's the lack of access to the necessary spectrum, which still hasn't been handed out in many European countries, including U.K., France, and Germany, that could lead to delays, according to Gutberlet.

Ericsson expects that the first commercial LTE network will go live in the fourth quarter of 2009, according to a spokeswoman.

Intel and IBM have agreed to open up IBM's BladeCenter switch technology for more server makers to use, part of an initiative to spur adoption of a specification for low-cost blade servers.

"We will be taking the BladeCenter switch specification and opening it up for access, royalty-free access, to any SSI adopter," said Kirk Skaugen, vice president and general manager of Intel's Server Platforms Group, during an interview at the Intel Developer Forum in Taipei.

[ Keep up with Windows Server and related developments in InfoWorld's Enterprise Windows blog. ]

SSI, or the Server System Infrastructure Forum, is an industry group that was established by Intel to define server standards.

Last year, SSI released a draft specification for low-cost blade servers that did not include all of the components required to build a blade server. "The piece, quite candidly, that was missing if you're going to build a whole blade system was the switch specification," Skaugen said.

"This will be the final puzzle piece to complete a full blade system," he said, adding that the final SSI specification for blade servers should be ready by the end of the year.

The SSI specification is aimed at smaller server makers and regional players, such as India's HCL Infosystems and Tyan in Taiwan. The SSI blade specification is designed to reduce manufacturing costs for these companies by setting standards for various components, such as power supplies and motherboards.