Sprint Nextel Thursday announced that WiMax has met its commercial deployment standards and is due to be launched commercially later this year.

Sprint says it has been using several metrics to test its WiMax technology, including its overall performance, its handoff performance, and its handoff delay. The tests, which began in June 2007, have been carried out primarily in the laboratory environment of Sprint's Xohm business unit and on its prototype commercial-service network that has been deployed in the Baltimore-Washington, D.C. area. 

Sprint says it conducted its first data session on the commercial network in October 2007 and started interoperability tests with WiMax-device vendors this past April.

Samsung, which has been one of Sprint's biggest partners in creating WiMax-enabled mobile devices, helped conduct the WiMax compliance tests, Sprint says. Last month, Samsung introduced several new WiMax-enabled devices, including an E100 PC Card and a WiMax-embedded Ultra-Mobile PC. The company says it plans to have its WiMax devices available to coincide with Sprint's WiMax commercial launch later this year.

"This is a major step towards launch readiness, and Sprint is extremely pleased with the performance of the mobile WiMax network and access devices from Samsung," says Barry West, president of the Xohm unit. "The collaboration with Samsung and our other partners has created a WiMax ecosystem that has now proven that it can deliver this new technology to the marketplace well ahead of any feasible alternative."

WiMax recently received a big boost when Sprint and Clearwire announced they will be combining their WiMax businesses to create a $14.5 billion mobile-broadband company. As has been rumored for the past few months, the new company will be focused on deploying a nationwide WiMAx network that will provide 4G coverage to consumers, businesses and government public-safety services in urban and rural markets.

A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday.

HD Moore, best known as the exploit researcher who created the Metasploit penetration testing framework, called the vulnerability in Debian and Ubuntu systems "ugly" and said it will be a big job for administrators to find every flawed key, then reissue them.

The bug, noted Tuesday by the Debian Project , is in the random number generator used to produce a variety of digital keys, including SSH keys and SSL certificates. The latter are widely used to secure traffic between users and secure sites on the Internet.

According to Moore, the bug makes it relatively easy to "guess" keys. In a posting to his blog Wednesday, Moore claimed he was able to generate 1024- and 2048-bit keys in about two hours.

Stronger keys, however, take considerably longer to create. He estimated that an 8192-bit RSA keyset would take some 3,100 hours (about 129 days) to generate.

Moore also published several key-generating tools -- collectively dubbed "Toys" -- that included a shared library and a key generation script.

With that information out in the wild, other researchers banged the warning drum. "This is very, very, very serious and scary," said Bojan Zdrnja, an analyst at the Internet Storm Center (ISC) in a warning posted on the organization's site Thursday.

Symantec also warned customers of its DeepSight threat network of the vulnerability and Moore's follow-on information and tools disclosures. The California-based company also noted that another hacker, "Markus M," published a tool that automates brute force attacks of the key weakness to the Full Disclosure security mailing list.

That revelation pushed the ISC to up its INFOCon threat status to "yellow," a relatively rare occurrence. "The development of automated scripts exploiting keys looks like a real threat to SSH servers around the world," said Zdrnja in a later posting to the group's site.

It's not just users running Debian-based systems -- which includes the popular Ubuntu Linux distribution -- who are at risk, Moore cautioned, but virtually anyone. If data copied to other platforms has been secured by keys generated on a Debian distribution, that data could be snatched.

"There's a lot of different areas that you're going to have to look, not just within Debian," Moore said. "Administrators will have to audit every single key. Even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system."

Moore, ISC's Zdrnja and others have recommended that Debian and Ubuntu users patch their systems -- updates are available -- and that users and administrators regenerate all keys produced on a Debian system between September 2006 and May 13, 2008. The September 2006 date, said Moore, was when the first builds that included the flaw were made available.

Although he said the situation is serious, Moore doubted that there would be general and widespread attacks. Instead, he said the most likely outcome would be targeted attacks on systems that administered large numbers of Debian users.

Moore also discounted any connection between the Debian vulnerability and his disclosures, and brute force attacks some vendors, including Symantec , have been tracking the last 24 hours. "The timing is definitely funny," he acknowledged, but said the differences -- the attacks have been against user-generated passwords, not authentication keys -- means the two events are probably just coincidental.

The industry momentum for data portability brotherhood hit a bump on Thursday when Facebook blocked Google's Friend Connect service from accessing Facebook members' data.

Friend Connect violates Facebook's terms of service because it "redistributes user information from Facebook to other developers without users' knowledge," Facebook official Charlie Cheever wrote on the company's blog for developers.

"Just as we've been forced to do for other applications that redistribute data in a way users might not expect or understand, we've had to suspend Friend Connect's access to Facebook user information until it comes into compliance," Cheever wrote.

Facebook has already contacted Google "several times" about the issue and is looking forward to finding a resolution, according to Cheever.

Friend Connect, Facebook Connect, and MySpace Data Availability are separate initiatives announced in the past week designed to let people reuse the content from their social network profiles in other sites.

The main idea behind this data portability concept is to save people from having to reenter into multiple sites common profile information such as their personal interests, list of friends, photos, video clips, blog postings, and the like.

However, none of the three initiatives even comes close to providing a broad data portability solution, although MySpace, Google, and Facebook have been commended by industry observers for at least taking some first steps to address the issue.

It's not a secret that data portability itself is a complicated matter to solve due to significant technical as well as commercial and operational challenges that surround it.

Thursday's move by Facebook highlights just one of the considerable obstacles for data portability: the different user-privacy policies and settings that exist among social networks and online service providers. These policies and settings need to be reconciled and harmonized in order for them to share and accept user data from each other.

Google didn't immediately respond to a request for comment about Facebook's decision to block Friend Connect.

The U.S. International Trade Commission (ITC) has voted to investigate complaints by two U.S. companies that 18 other companies are violating their patent for semiconductor chips containing tungsten metal.

LSI of Milpitas, Calif., and its subsidiary Agere Systems have asked the ITC to bar imports of semiconductors containing tungsten by companies including National Semiconductor, based in Santa Clara, Calif., Integrated Device Technology of San Jose, Calif., and Elpida Memory, based in Japan.

LSI and Agere Systems also want the ITC to issue "cease and desist orders prohibiting the importation, sale, offer for sale, advertising, or the soliciting of the sale of semiconductor devices encompassed by the claims," the companies said in their complaint, filed on April 18.

LSI and Agere Systems say they have a July 1993 patent for using tungsten, along with a glue layer, to manufacture several types of electronic devices, including semiconductors. The companies have brought several lawsuits in an effort to enforce their patent, and they are facing a recent lawsuit asking that the patent be invalidated.

The ITC's decision to pursue an investigation is a first step in determining whether patent infringement has occurred. The case will be referred to an ITC administrative law judge, who will hold an evidentiary hearing. The judge will make an initial determination about whether there has been a violation of the so-called section 337 trade laws, and the judge's decision is subject to review by the ITC.

Representatives of National Semiconductor and Integrated Device Technology weren't immediately available for comment.

VersionOne launched an agile project management platform for small teams of developers this week and is sprucing up its enterprise-level product next week.

Agile development involves short, iterative development processes rather than planning out everything well in advance. This accommodates changes in requirements.

"One of the more significant shifts right now over the last six months to a year is [agile development has moved] from an early adopter [stage] to mainstream," VersionOne CEO Robert Holler said. Previously, agile was the domain of teams of 20 to 100 developers, but now there are organizations that have 1,000 developers using it, such as in the financial services, government, and high-technology spaces, he said.

The company's V1: Agile Team application enables small teams to plan and track agile projects, VersionOne said. Looking to entice users to try the product, the company will offer it free for a time for an unlimited number of users.

Capabilities include:

* The ability to import stories and defects from a spreadsheet and manage a consolidated product backlog. A story is defined as a feature or functionality. * Prioritizing of stories via multi-item drag-and-drop functionality. * Planning of multiple releases and sprints via a whiteboard interface. A sprint is a development iteration. * Track releases and sprints. * Generate agile metrics such as Burndown, Velocity, Estimate trends, and Cumulative Flow reports.

Many development teams rely on spreadsheets, bug trackers, e-mails, or homegrown time-tracking tools to manage agile projects, VersionOne said. V1:Agile Team is intended to provide a better alternative. VersionOne defines small teams as having anywhere from five to 15 developers, but the product can accommodate more.

V1: Agile Team is extensible via its API/SDK and open source third-party integrations. It can integrate with development tools such as Subversion, CruiseControl, Bugzilla, and FitNesse, enabling users to build a best-of-breed agile ALM platform, VersionOne said.

For users running multiple software development projects, VersionOne offers its Enterprise edition. V1: Agile Enterprise release 8.1 adds a capability called My Dashboard, providing a single source of insight into multiple projects.

Also featured is Testboard, with capabilities akin to an electronic whiteboard where test cases can be defined for various features.

Via an integration with the CruiseControl.net build integration capability, V1: Agile Enterprise provides visibility into stories and defects in each build in .Net-based development projects. The story perspective offers information on which build contains work toward completing a story and which build contains the completed story.

With defects, the build integration capability shows where a defect has been found or fixed.

Agile Team and Enterprise are both available in either hosted or behind-the-firewall editions. VersionOne anticipates that users starting with Agile Team could move to the Enterprise product.

While Agile Team is being offered for free at the moment, eventually it will be priced at $995 per year for a team of users.

The Enterprise Edition 8.1 is priced at $30 per user per month for the hosted edition and $595 per user for the in-house release based on a perpetual license.

A server problem at the U.S. National Security Agency has knocked the secretive intelligence agency off the Internet.

The nsa.gov Web site was unresponsive at 7 a.m. Pacific time Thursday and continued to be unavailable throughout the morning for Internet users.

The problem was resolved at around 11 a.m. Pacific time, according to Web site measurement company Netcraft.

The Web site was unreachable because of a problem with the NSA's DNS servers, said Danny McPherson, chief research officer with Arbor Networks. DNS servers are used to translate things like the Web addresses typed into machine-readable Internet Protocol addresses that computers use to find each other on the Internet.

The agency's two authoritative DNS servers were unreachable Thursday morning, McPherson said.

Because this DNS information is sometimes cached by Internet service providers, the NSA would still be temporarily reachable by some users, but unless the problem is fixed, NSA servers will be knocked completely off-line. That means that e-mail sent to the agency will not be delivered, and in some cases, e-mail being sent by the NSA would not get through.

"We are aware of the situation, and our techs are working on it," a NSA spokeswoman said at 9:45 a.m. PT. She declined to identify herself.

A similar DNS problem knocked Youtube.com off-line in early May.

There are three possible reasons the DNS server was knocked off-line, McPherson said. "It's either an internal routing problem of some sort on their side or they've messed up some firewall or ACL [access control list] policy," he said. "Or they've taken their servers off-line because something happened."

That "something else" could be a technical glitch or a hacking incident, McPherson said.

In fact, the NSA has made some basic security mistakes with its DNS servers, according to McPherson. The NSA should have hosted its two authoritative DNS servers on different machines, so that if a technical glitch knocked one of the servers off-line, the other would still be reachable. Compounding problems is the fact that the DNS servers are hosted on a machine that is also being used as a Web server for the NSA's National Computer Security Center.

"Say there was some Apache or Windows vulnerability and hackers controlled that server, they would now own the DNS server for nsa.gov," he said. "That really surprised me. I wouldn't think that these guys would do something like that."

The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyber attacks, so the outage is an embarrassment for the agency.

"I am certain that someone's going to send an e-mail at some point that's not going to get through," McPherson said. "If it's related to national security and it's not getting through, then as a U.S. citizen, that concerns me."

Anders Lotsson with Computer Sweden contributed to this report.

This story was updated on May 15, 2008

Microsoft is looking at alternatives to ultra-low-cost laptops in the drive to arm people in developing nations with a way to communicate and access the Internet, and the company is turning its sights on cheaper devices that can give people a start in computing, such as smartphones and shared computing.

The world's largest software maker has a few projects in the making, including a push to use mobile phones in computing and microfinance. Mobile phones have already made an impact in nations across the developing world, from India to Zimbabwe, enabling people such as farmers and fishermen to find better markets and prices. Handsets also give a person a way to be reached for jobs.

"Technologies like the mobile phone promise to take things like very small loans, microfinance, and allow them to operate in a very efficient infrastructure so that the price and the availability of financial products can be far broader, reaching out to everyone in society," said Bill Gates, chairman of Microsoft, in a speech at the Jakarta Convention Center last week. "We haven't achieved that yet, but that's an area where Microsoft and my foundation are working on and investing very heavily."

Microfinance is important because people in developing nations don't often have access to loans, and when they do, they face interest rates as high as 20 percent to 30 percent a day to loan sharks. The microfinance trend was made famous by Grameen Bank in Bangladesh.

Identity and billing are benefits of tying mobile phones to finance products. A mobile phone provides an identity, and cellular network operators can be part of the microfinance process through their billing processes.

One of the reasons companies are looking more to mobile phones for developing nations is because of the huge number of handset users worldwide, estimated at 3 billion, and widespread network coverage. Nearly 90 percent of the global population is covered by a mobile phone network, according to information from the GSM Association and CDMA Development Group.

Handsets are so popular in developing nations that those countries are finding novel ways to use the technology. For example, in Indonesia, a nation of 230 million people spread across 17,000 islands, the government has started allowing certain services and bill payments over mobile phones. The president of the country even set up a mobile phone number, 9949, so people can SMS to communicate directly with him.

"I was immediately buried in an avalanche of messages telling me what to do to solve the nation's problems and also scores of SMSes containing personal, including marital, problems. But my office has been able to cope very well," said Indonesian President Susilo Bambang Yudhoyono in a speech.

Microsoft is looking at ways to hook smartphones up to TVs to use the computing power and connectivity of the handset with the larger screen of the TV for a better, and cheaper, Internet experience in the developing world. The company began working on Fone+ a few years ago, and has tested prototypes proving such devices can lower the cost of computing for the poor.

The company still says ULPCs (ultra-low-cost laptop PCs) have an important role to play, but such devices are still expensive for developing nations, according to Craig Mundie, Microsoft's chief research and strategy officer, and the head of its Unlimited Potential Group, which works on projects for the poor.

"We would love to see an environment where every kid has their own laptop, and that is the long-term outcome that you ultimately want to strive for," he said in a recent interview. "But we're also realistic, given the number of kids that don't have anything today, that it's going to be a big lift for governments around the world to figure out how they'd buy even a $200 device for every kid."

That's why the company is working on projects such as Fone+ and MultiPoint, a technology where each student has his or her own mouse and unique cursor to use the same computer. That drops the price of computing dramatically, to one PC, a projector and 30 computer mice per classroom, instead of $200 per laptop.

"You have the opportunity to introduce the computer into the curriculum for every class there," he said. "Now that's not as good as every kid having their own laptop, and they don't get to take it home with them, which is a big loss, but it gets them started."

The idea of using ULCPCs as a way to bring computing to students in developing countries began with the One Laptop Per Child Foundation's (OLPC) $188 notebook. The XO originally started with an Open Source OS, but OLPC has worked with Microsoft on using XP, and Microsoft has dropped the price of a suite of Office software for such devices.

The fact that Microsoft and so many other organizations are concerned about bringing computing to the developing world is comforting to some people. The fear is that modern countries with access to IT and the Internet will continue to expand the gap in technological know-how over developing nations, a conundrum commonly referred to as the digital divide.

"With ICT, we now have the most potent weapon of all to break the vicious cycle of poverty and ignorance," said Yudhoyono, adding a warning: "Whether we like it or not, there is a digital divide. The gap is widening between the information technology 'haves' and 'have-nots.' There is a real danger that the world's poor will be virtually excluded from the emerging knowledge-based global economy -- with dire consequences to global peace and security."

Yahoo will make its Search Monkey platform available to all developers on Thursday, another step in its wide-ranging effort to open up its sites and services.

Search Monkey is Yahoo's initiative to let external developers create applications to enhance its Web search results and, in theory, make them more appealing and useful.

"We're responding to people's demands to be able to complete tasks in search results," said Amit Kumar, Director of Product Management for Yahoo Search. "We're focused on creating a better search experience for our users and want to let developers with an understanding of structured data jump start the system with their apps."

It is the first component of Yahoo's broad Open Strategy, announced last month and described as a long-range plan to open all Yahoo sites, online services, and Web applications to outside developers, and give users a "social profile" dashboard to unify and manage their Yahoo services.

With Open Strategy, Yahoo wants to improve its position in key areas like search and social networking, and compete better against Google, MySpace, and Facebook.

The Search Monkey development platform, which has been in a closed beta test for the past several weeks, can be used by any outside developer and doesn't require Yahoo approval.

At the moment, developers can create two types of Search Monkey applications. One type, called Enhanced Results, acts as a richer, more useful replacement for standard search results, and can only link to the site in question. The other type, Infobar, opens up below a search result and can include complementary data and links to other related sites.

Kumar said that for now, Search Monkey will be specifically for applications for Yahoo's general Web search engine and not for its specialty engines for specific results like images and news.

In a few weeks, Yahoo expects to launch a gallery of Search Monkey applications that users of its Web search engine can install, he said.

Although there is no revenue-generating potential for Search Monkey applications, Yahoo is holding a contest called the Search Monkey Developer Challenge with $20,000 in prizes. Developers have until June 14 to submit their applications for consideration. Prizes will be awarded in several categories, including Best Enhanced Result, Best Infobar and Best Data Service.

AOL plans to launch later this year a program that will allow third-party developers to develop applications and content, including instant messaging and social networking, for its e-mail sites.

"We are opening up the panel architecture in Web suite, which is the content portion of Web mail, to third-party developers by the end of this year," said Richard Landsman, senior vice president for mail product and technology at AOL, in an interview on Thursday. "Once that is opened up, technically, there is no reason why somebody cannot create some other IM mashup or some other IM client that can be plugged in there," he added.

The strategy reflects AOL's recognition that users will want some applications and content from competitors like Google and Yahoo, and no single company can control all the applications that users will want to use, Landsman said.

Panels developed by third-party developers will be included on AOL's mail sites in various countries, giving the user the option to choose a variety of content, and integrate AOL mail with popular applications in local markets, Landsman said. AOL will however have some process in place to ensure that, for example, a third-party application on its site does not behave maliciously, he added.

Having already integrated its AOL Instant Messenger (AIM) into its e-mail, AOL also plans to integrate the ICQ instant messenger with its mail application this year in certain markets where ICQ is popular, said Roy Ben-Yoseph, AOL's vice president for mail products.

The company will also offer ICQ mail as a separate domain under its Affinity domains program, which allows a user to customize an AOL mail address by using a domain name of their choice instead of the default aol.com, Ben-Yoseph added. ICQ became part of AOL after it acquired Mirabilis in 1998, but has been run as a separate service.

AOL is also including Microsoft's Silverlight multimedia technology to deliver a new high-performance, Web mail application, Landsman said. Silverlight is a cross-platform plug-in that lets developers create multimedia and rich Internet applications and then run them from the browser. The mail product from AOL will probably go into beta testing by the third quarter of this year, Landsman said. AOL plans to use the flexibility offered by Silverlight to give users the ability to change the user interface, change skins, themes, and also change the organization of the mail, Ben-Yoseph said.

A 23-year-old Oregon man has pleaded guilty to charges that he used identity theft to set up bogus accounts on eBay, where he sold counterfeit software with a retail value of more than $1 million, the U.S. Department of Justice said.

Jeremiah Joseph Mondello of Eugene, Oregon, pleaded guilty Wednesday to one count each of criminal copyright infringement, aggravated identity theft and mail fraud before Judge Ann Aiken in U.S. District Court for the District of Oregon. He faces up to 27 years in prison and a fine of $500,000, the DOJ said.

Mondello initiated thousands of separate online auctions, using more than 40 fictitious user names and online payment accounts to sell copies of counterfeit software between December 2005 and October 2007, the DOJ said. Mondello made more than $400,000 from the sales, the DOJ said.

Mondello also admitted to stealing personal information as a way to set up online payment accounts in the names of his victims, the DOJ said. He used a computer keystroke logger to acquire victims' names, bank account numbers and passwords, the agency said.

The Software and Information Industry Association (SIIA) began investigating Mondello in 2007 and later turned over information to the DOJ, the trade group said.

The SIIA used its proprietary Auction Enforcement Tool to identify Mondello through his eBay seller ID. The trade group found that Mondello was likely using several other eBay IDs, the group said.

The Mondello case is "a huge victory in the fight against software piracy on eBay and other auction sites," said Keith Kupferschmid, SIIA's senior vice president of intellectual property policy and enforcement. "He was doing a lot of other things that were just as bad, if not worse, than piracy."

Mondello, through the use of multiple IDs, was making it appear he was "great, reliable seller, when in fact, he was not," Kupferschmid added.

In addition to the Mondello plea, SIIA announced Thursday it has filed nine lawsuits against eBay sellers suspected of trafficking in pirated software. The trade group has filed 26 cases against online sellers this year.

The new SIIA lawsuits were filed against sellers based in North Carolina, New Jersey, California, Nevada, Michigan, Florida, and New York.