The Internet attack took Yahoo engineers by surprise. It came so fast and with such intensity that Yahoo, then the Web's second most-popular destination, was knocked offline for about three hours.

That was on the morning of Feb. 7, 2000. A few months later, 15-year-old Michael Calce was watching "Goodfellas" at a friend's house in the suburbs of Montreal when he got a 3 a.m. call on his cell phone.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

His father was on the line. "They're here," he said.

Calce knew right away what that meant. He had already talked to a lawyer after warning his father, weeks earlier, that he'd knocked offline a string of high-profile Web sites -- Amazon, Dell, CNN -- and his attacks had been widely covered in the press.

Although the late-night visit by the Royal Canadian Mounted Police was not a surprise, Calce said his mind was racing as he walked out to a street corner to wait for a police cruiser to swing by and arrest him. What was going to happen? Would he go to jail?

Calce, who was known at the time only by his online moniker, Mafiaboy, eventually pled guilty to criminal hacking charges. He served time in a group home where he was allowed to attend school and a part-time job, but was otherwise essentially locked in his room. He couldn't use computers and, isolated from friends and family, he "almost hit a state of depression," he said in an interview this week -- one of his first since his arrest eight years ago.

"It changed me completely," he said of his time in detention. "I started to think about how I could help society rather than be a detriment."

To hear Calce tell it, it's easy to see what got him into the world of criminal hacking: the power.

At nine and a half years old he was knocked offline by someone he'd annoyed while hanging out in an AOL chatroom looking for pirated software. "I was amazed that somebody was able to do that," he said.

Intrigued, he soon learned how to do the same to others, a practice called "punting."

Three years later, when his best friend was killed in a winter car accident, Calce said he became a darker, more isolated kid.

"It definitely fuelled me to not really care about what was going on in the real world," he said.

At 15, he had moved from AOL's chat rooms to the EFnet IRC network where he learned some very nasty tricks indeed.

On the day he knocked Yahoo offline, Calce estimates that he had hacked into perhaps 40 percent of the major universities in the United States, using attack code that he picked up online.

His bag of tricks included attacks for Solaris, HP-UX, and the Linux operating systems. The BIND (Berkeley Internet Name Domain) software used to manage the Internet's DNS was also a favorite target.

To hit Yahoo, he used a DoS attack, sending the online portal's Web servers a stream of useless information and forcing them to constantly respond, using up precious network bandwidth.

He took DoS attack code written by a hacker named Sinkhole and developed a way to remotely train all of his approximately 200 university networks on the same target simultaneously, he said.

Soon Yahoo was offline.

"I really couldn't believe it at first," Calce remembered. "Did I get lucky with that attack, or was my network really that powerful?"

"This is why I continued with my attacks. I thought Yahoo might have been a fluke," he added.

Over at Yahoo, nobody seemed to think that luck was involved.

"It was horrible," said Jeremiah Grossman, who worked in Yahoo's security department at the time. "It worked quite well; it knocked down one of the most stable sites on the Web."

Grossman, now CTO at White Hat Security, said he still uses Calce's Yahoo attack as a point of reference when he needs to talk about what kind of bandwidth it takes to knock a site offline.

DoS attacks may soon be in the news again, security experts say.

Last week researchers Robert Lee and Jack Louis of security vendor Outpost24 said they discovered a major flaw in the Internet's TCP/IP protocol that could allow an attacker to take out a major Web site without first building up the massive network of attacking machines that Calce needed for his crimes.

Calce said one thing is certain: Mafiaboy won't be involved in any new computer attacks. Today he works as a legitimate security consultant and he's on a book tour this week, having published a tell-all story documenting his criminal career and offering advice on how people can protect themselves from, well, people like him on the Internet.

He wants to help protect regular computer users, he said, because they've now replaced universities and corporations as the major targets of attack. And, clearly, he wants to dispel the notion that he was a know-nothing "script kiddie" who used other people's software to wreak havoc on the Internet.

"I want to let everybody know that I acknowledge what I did was wrong," he said. "I just want to share my knowledge with people."

If you know one thing about Linux users, it's probably this: They enjoy the challenge of installing their operating system of choice on pretty much anything with a transistor in it. It's only a matter of time before they get around to replacing all those electronic singing greeting cards to make the sound of penguin mating calls.

So the news that Linux has been ported to the iPhone and the iPod touch shouldn't exactly come as a shock; please hold your cries of heresy until the end. OpeniBoot, which brings the Linux 2.6 kernel to the iPhone platform was developed by members of the iPhone DevTeam, the same folks who have long been working on cracking the iPhone's firmware every time a new version comes out.

[ Special report: IT's guide to the iPhone ]

The capabilities of OpeniBoot are still incredibly limited--at present, there's no support for writing to the flash memory, using the touch screen, wireless networking, the cell phone, sound, or the accelerometer. So if you thought that you'd be ending up with a fully operational Linux iPhone--or even a partially operational phone--I'm afraid you're going to be disappointed for now.

There's also some talk that this may pave the way for installing Google's Android OS on the iPhone, though as someone who's been using a G1 for a few days now, that seems like overhauling a Porsche to run like a Hyundai. But then again, there's always somebody who wants to prove that it's possible. So knock yourself out, guys.

Macworld is an InfoWorld affiliate

Consumer electronics giants Apple, Dell, Motorola, Microsoft, Nintendo, and Samsung have been slow to get serious about climate change, and are notably lagging behind, according to the latest edition of the Greenpeace Guide to Greener Electronics.

Many companies still show little engagement with the issue, which is a disappointment, according to Greenpeace International Climate & Energy campaigner Mel Francis.

[ For more on technology and the environment, see Ted Samson's Sustainable IT blog | Stay ahead of advances in technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

"They are basically lagging behind on what we need for a good climate package. They haven't demonstrated any real commitment to cutting their own CO2 emissions, or to lobbying politicians to get a good deal post-Kyoto," said Francis.

"They assume that growth in their business also must therefore mean growth in their CO2 emissions. At Greenpeace we think that's not necessarily true," said Francis.

Greenpeace would like to see a lot more action going forward. "We are simply asking them to become climate leaders. They need to put their words into action and follow through on the claims they're making," said Francis.

Still, there are a few exceptions: Fujitsu Siemens Computers, Philips and Sharp support the level of cuts in greenhouse gases that science requires, according to Greenpeace.

In its latest Guide to Greener Electronics, Greenpeace gives Philips marks for committing to making absolute reductions in its own greenhouse gas emissions from the product manufacture and supply chain, which HP has done as well.

Both Philips and HP have also committed to making cuts in greenhouse gas emissions from their own operations. Nokia has done the same, said Francis.

Its overall ranking -- which takes into account company policies on toxic chemicals, recycling and climate change -- is topped by Nokia (Greenpeace likes its take-back program and use of renewable energy), followed by Sony Ericsson and Toshiba.

Philips and HP are in the bottom half of the list: good energy policies aren't enough, and both companies must improve how they handle e-waste, said Greenpeace.

Motorola, Toshiba and Sharp made the biggest moves up the chart, while the companies falling down the ranking are the PC brands Acer, Dell, HP -- and Apple, although it still gets a thumbs-up for improving its score, by better reporting on the carbon footprint of its products.

Apple's new iPods are also are now free of both PVC and brominated flame retardants, according to Greenpeace.

In general, the PC manufacturers need to improve the handling of e-waste.

Dell and Acer also need to reduce their use of toxic chemicals, said Greenpeace. Dell loses points for withdrawing from its commitment to eliminate all PVC plastic and brominated flame retardants by the end of 2009.

The use of toxic chemicals has in the past been a focus area for Greenpeace, but here there has been some positive movement. Consumer electronics companies have been allies to Greenpeace as it has tried to reduce the use of toxic materials and get legislation passed, according to Francis.

Nintendo remains in last place in the ranking, although it is taking small steps to remove or monitor the presence of some potentially toxic additives in the plastics it uses, Greenpeace said.

JetBrains released TeamCity 4.0, a continuous integration server and distributed build management tool featuring enhanced build capabilities, this week.?

Version 4.0 offers build chains support for breaking down a single build procedure into several parts that can be run on different build agents using the same sets of sources.?

Other improvements in version 4.0 include the ability to redo a particular build from a particular control revision, known as a history build, and improved authentication mechanics.

With version 4.0, statistics are offered for an entire project. Extensibility is enabled via a Java API, the company said. A tests reordering capability determines which tests are likely to fail and performs those first during the next project build.

TeamCity 4.0 automates routines and streamlines the software development process. Team communication is improved, and teams can implement agile methodology, JetBrains said. The product integrates with multiple IDEs.

Eclipse integration is highlighted as is integration with ClearCase, with Eclipse backing bringing IntelliJ Idea IDE capabilities to Eclipse users.

"Since its creation, TeamCity has been a key element in our own development process," said JetBrains CEO Sergey Dmitriev, in a statement released by the company. "The production TeamCity server at JetBrains is currently having over 50 build configurations in a build grid with more than 50 build agents, with literally every project and every developer using it on a daily basis

Version 4.0 also has an improved search engine and user interface improvements, JetBrains said. TeamCity automates more than 600 Java code inspections.

TeamCity 4.0 is available free to individual developers and small-to-medium-size teams. The free edition is restricted to 20 build configurations and three build agents.

TV network CBS has become the latest big name to have it Web site used to host malware, a security company has reported.

It appears that Russian malware distributors were able to launch another iFrame attack on a subdomain of the cbs.com site so that it was serving remote malware to any visitors. A user's vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs," said Finjan CTO, Yuval Ben-Itzhak, who has devoted a fair amount of time in recent months to finding these hacks.

"Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," Ben-Itzak continued, taking a pop at the anti-virus products against which his company in part competes.

"It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he said.

Finjan has it had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being.

iFrame and SQL injection attacks on big-name Web sites have been one of the fashionable attacks of 2008, embarrassing a string of household names.

Techworld is an InfoWorld affiliate.

As President-elect Barack Obama prepares to take office, the task of upgrading the security of federal computer systems continues to be a work in progress.

Several cybersecurity initiatives launched during the Bush administration are still years away from being completed. Others are closer to completion but don't do enough by themselves to defend networks and systems against increasingly sophisticated attacks, according to IT security analysts.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

And, they said, resolving the security issues will require Obama to focus on more than just finishing the ongoing initiatives.

For starters, he needs to end the policy of tying federal cybersecurity efforts so closely to the post-9/11 war on terror, said Gartner analyst John Pescatore. "The terrorist attacks sent the Bush administration in the wrong direction" on cybersecurity, Pescatore said, adding that more immediate threats to federal systems have been overlooked.

Progress has been made, claimed Karen Evans, administrator of e-government and IT at the White House Office of Management and Budget (OMB). Evans said several security initiatives launched over the past few years are already making, or will soon make, a difference.

At the top of her list is a 2004 mandate by President Bush that required federal agencies to issue new smart-card identity credentials to all employees and contractors. But even that program hasn't been fully implemented. Agencies were supposed to finish issuing the new ID cards in late October, but most will need at least two more years to do so.

Other projects that Evans pointed to include a recent upgrade of federal networks to the more secure IPv6 protocol and the Trusted Internet Connections program, under which agencies are working to reduce their external network connections.

Evans also cited the Federal Desktop Core Configuration (FDCC) project, which is aimed at cutting costs and boosting security by requiring agencies to employ standard security settings on all Windows PCs.

Earlier this year, President Bush also put in motion a highly classified, multiagency program called the Cyber Initiative, with a goal of bolstering the nation's ability to detect and respond to cyberthreats against critical infrastructure targets.

Tom Kellerman, vice president of security awareness at Core Security Technologies in Boston, said the Cyber Initiative marked an "awakening" in Washington about the need for stronger cybersecurity efforts.

But Kellerman, who is a member of a commission that's developing cybersecurity recommendations for Obama, said much remains to be done. "The existing administration has only just begun to pay attention to cybersecurity" as a national security issue, he said.

Many of the ongoing initiatives are helping to improve security in bits and pieces, Pescatore said. But, he added, they were the result of "random edicts" from the OMB, not broad cybersecurity objectives.

Increasingly, new funding has been moving toward surveillance and monitoring initiatives related to fighting terrorism. While such efforts are needed, Pescatore said, they do little to protect federal agencies from cybercriminals.

Franklin Reeder, an independent consultant and former chief of information policy at the OMB, said the most important step for Obama is to use the government's purchasing clout to compel IT vendors to build more security capabilities into products. The FDCC program has shown that such an approach can be successful, Reeder said.

More spending is needed on security training, he added. He also thinks the feds must change how they work with the private sector on security. Existing programs, Reeder contended, "have just been convened by the government for the government."

This version of the story originally appeared in Computerworld's print edition. Computerworld is an InfoWorld affiliate.

Got something to add? Let us know in the article comments.