E-readers could push growth in e-textbook market, analysts say

With more e-readers hitting the U.S. market, analysts predict a big uptick in device sales in late 2010 with a strong surge in the popularity of electronic textbooks used in high schools and colleges in time for school in the fall of 2011. The market for e-textbooks is considered a rich one, but is also governed by many factors, including the cost of e-readers. How fast and large the e-textbook market grows depend on a diverse array of more than 20 textbook publishers in the U.S., many of whom are weighing the use of proprietary or standard e-publishing technology and evaluating whether students will rely on e-readers to purchase expensive textbooks and other books, analysts said. "It's a two-year window for e-textbooks before there's significant market traction," said Gartner Inc. analyst Allen Weiner in an interview. "But it's a fertile market." Weiner predicted that a number of major vendors, including Google Inc. and Apple Inc., could enter the market with devices and marketing plans that involve textbook publishers and, possibly, college bookstores. They can run about $400 - the price of the new Irex DR800SG announced yesterday - putting them out of the reach of many students.

Apple has long been rumored to be working on a tablet computer , perhaps with a 9-inch screen, for debut in February. It will use the Verizon Wireless network for downloading books and newspapers. That hardware could be targeted at college students accustomed to dropping $100 or more for traditional hardback texts, Weiner said. "An Apple tablet could be the sweetest college textbook reader you've ever seen," Weiner said. "Apple is letting the e-reader market simmer and will come into it when the market's ready to boil." The market in the U.S. now includes the Irex device, which has an 8.1-inch screen and goes on sale at Best Buy stores in October. Sony Reader devices are being sold at Best Buy to work with AT&T's wireless network. Plastic Logic is planning to introduce an e-reader in the U.S., while Asian manufacturers are expected to launch products - though not necessarily in the U.S., she said. "There's also a lot of speculation about whether Barnes & Noble will launch their own e-reader or use existing ones," she said.

And Amazon.com has produced several Kindle e-readers with wireless connections via Sprint Nextel Inc. "While we've just seen three vendors in the U.S., there will be a lot of activity in the next year," said Vinita Jakhanwal, an analyst at iSuppli. While the cost of components inside e-readers is dropping, lowering the overall cost of an e-reader, Jakhanwal predicted it could be three years before e-readers hit the magic $99 price point coveted by many consumer electronics manufacturers to attract a large audience. A publisher might not want to sell books only to a one platform, he noted. Globally, iSuppli estimates about 5 million e-readers will be sold in 2009, a number expected to climb to between 13 million and 14 million in 2010. Weiner said that textbook publishers differ over the use of the open ePub standard or a proprietary approach like that used by the Kindle. Publishers are also weighing whether e-textbooks should be rented, and if they are sold, whether buyers can re-sell them afterwards. "There's a lot to be worked out," Weiner said.

For example, a user might click on a button in text to see a video of a lecture by the author of the text, or to click for an updated interactive quiz on the material, delivered via a fast wireless network. "It's important for textbook publishers to give more value and charge more, with an ability to update material so a user would want it for being current," Weiner said. A potentially lucrative area for publishers is "value-added" technology that can be included with e-books, Weiner said. Some colleges are also testing e-readers to be used as mobile clients that connect to a college's server for access to course work, professors' notes and other materials. "The possibilities are endless," Weiner said, noting that some textbook publishers are experimenting with hybrid models that combine e-book technology with print-on-demand books, so that a publisher only prints the portions of text or the number of textbooks that it needs. While there is clearly a market opportunity with e-readers and e-books, including e-textbooks, there seems to be a general consensus that e-readers will encourage reading and promote education , analysts, some educators and even librarians have said. Weiner said it is too early to determine how much an e-textbook might save over the cost of tradition textbooks, adding that college-owned bookstores will have a say in the price of e-books. "You have to figure you can't [leave out] the bookstore, since that's a large revenue stream for a school," he added. "It's basically a question of whether you empower them to to become online bookstores, as is happening in some cases." Some publishers might use the ability to attract life-long e-book readers by first luring them with lower-priced e-textbooks. "One motivation for publishers, as they've told me, is if you get students in the habit of using e-books and get e-readers devices in their hands, then it might be easier to get them to buy other e-books," Weiner said.

Having e-textbooks and e-readers "could stimulate reading, and that improves education," Weiner said. "Anything to get people to read more, particularly young people, is big."

Undercover 1.5 ousts iPhone thieves with push notifications

It's 2 AM. Do you know where your iPhone is? What if you want an app devoted to recovering a stolen iPhone or iPod Touch-one that has a few more tricks up its sleeve? Well, maybe you do, thanks to MobileMe's "Find my iPhone," but what if you're not a MobileMe subscriber?

That's exactly what Orbicule's Undercover for iPhone is. Our iPhones are now smarter, faster, stronger, better, and able to let third-party apps do more than ever. We've already covered this app and its Mac OS X cousin, back when push notifications were little more than a bullet point on a wish list, but times have changed. Back in the 1.0 days, when Undercover was just a wee lad, you had to fool your iPhone's captor into launching the app before it was able to transmit its location. You can make the messages as enticing as you want-say, by having them pretend to be a notification from your bank account. Not an easy task: Thanks to App Store policy, apps cannot change their names or icons, and I'm guessing that all but the thickest criminals knew better than to launch an application called "Undercover." Now you have the ability to send push notifications with any message of your choosing directly to the iPhone-yes, just like MobileMe. But the comparisons end there.

If the crook chooses to view the push notification, Undercover will launch, disguised either as a game that's taking its sweet time to load or loading any Website of your choosing, such as the aforementioned bank's. While the thief is distracted, Undercover will be happy to save the device's GPS coordinates and IP address to Orbicule's Website. They'll also be sent directly to any police officer you've contacted to work on the case and registered in Orbicule's Undercover Center. Each time that Undercover launches, it will save a new set of coordinates that you can view in Google Maps. Orbicule has made a video to demonstrate this killer feature. You could use Find My iPhone to collect live GPS information from MobileMe and log a record of GPS coordinates via Orbicule, submitting it all to the police.

It looks as though this app could be used not only as an alternative to Find My iPhone, but a nice companion app as well. It's still far from perfect, at least until (or unless) Apple can be made to change their iPhone app policies to let third-party apps like Undercover do a little more. It requires iPhone OS 3.0 or later. Undercover for the iPhone costs $5 and works on all iPhones and iPod touches.

The Internet’s First 40 Years: Top Ten Milestones

While 40 years in a person's lifetime is a very long time, the Internet - which turned 40 today - is really only getting started. No birthday celebration for the Internet would be complete without giving recognition to some of the biggest milestones. Still, like just about any 40-year-old guy, the Internet has packed a lot of changes into its life so far.

Deciding on which ones is a totally tough call, because the Internet has made such a huge impact on anyone lucky enough to access it. So here, in chronological order, is my rather arbitrary list of Top Ten Internet Milestones, gleaned largely from a nostalgic look back through the pages of PC World. But as I view things, anyway, it's important to pay tribute to the myriad technologies created over the past four decades to connect people to the Internet - first through modems and then through wireless and cable - as well as to let them access communications like data, radio, and TV in ways once unimaginable. October 29, 1969. Leonard Kleinrock, a UCLA college professor, sends a two-letter message - "lo" - to a computer at Stanford Research Institute. October 13, 1994 - The - eventually to be known as Netscape Navigator - is released as beta code. The Internet is born.

November 6, 1997 - Intel ships a videoconferencing system that runs on the Internet (gasp!) as well as on ISDN phone lines (remember them?) and corporate LANs. February 18, 1998 - The first V.90 modems, enabling Internet access at the then-whopping rate of 56 Kbps, are shipped to stores by 3Com Corp. August 21, 2002 - Together with T-Mobile and HP, Starbucks expands WiFi access to users at 1200 coffee shops throughout the US . Early January, 2009 - Yahoo shows off Connected TV, a platform allowing Web widgets to dock on Internet-connected HDTVs at the Consumer Electronics Show in Las Vegas. Sometime in September 1999 - An Internet-enabled game machine named Dreamcast debuts, pioneering a pathway that will eventually lead to Nintendo's GameCube and Sony's PS3. June 28, 2000 - Metricom rolls out the then-blazingly fast, 128Kbps Ricochet wireless service in Atlanta and San Diego. Early July, 2009 - Internet radio services like Pandora, Blip.fm and Last.fm are saved - albeit temporarily - when recording companies agree to make royalty fees more comparable to those paid by satellite TV services, for example. October 22, 2009 - Microsoft's Internet TV, a new service for accessing Web-based streaming TV shows and movies from directly inside Media Center - finally leaves beta as part of the launch of Windows 7.

How a Botnet Gets Its Name

There is a new kid in town in the world of botnets - isn't there always? When a botnet like Festi pops onto the radar screen of security researchers, it not only poses the question of what is it doing and how much damage it can cause; there is also the issue of what to call it. A heavyweight spamming botnet known as Festi has only been tracked by researchers with Message Labs Intelligence since August, but is already responsible for approximately 5 percent of all global spam (around 2.5 billion spam emails per day), according to Paul Wood, senior analyst with Messagelabs, which keeps tabs on spam and botnet activity. For all of their prevalence and power online, when it comes to naming botnets, there is no real system in place.

Wood explained Festi's history. "The name came from Microsoft; they identified the malware behind it and gave it the catchiest name," said Wood. "Usually, a number of companies will identify the botnet at the same time and give it a name based on the botnet's characteristics. A common practice so far has been to name it after the malware associated with it; this is a practice that has some drawbacks. Its original name was backdoor.winnt/festi.a or backdoor.trojan. Usually the name and convention comes from wording found within the actual software itself and that is used in some way. Backdoor droppers are common and that wouldn't stick, it would be too generic.

This one may have been related to a word like festival." Because the security industry lacks a uniform way to title botnets, the result is sometimes a long list of names for the same botnet that are used by different antivirus vendors and that can be confusing to customers. The Srizbi botnet is also called Cbeplay and Exchanger. As it stands now, the infamous Conficker is also known as Downup, Downadup and Kido. Kracken is also the botnet Bobax. For instance Gumblar, a large botnet that made news earlier this year (and is possibly perking up again), first hit the gumblar.cn domain, said DiMino. Why they are called what they are called is up to the individual researchers who first identified them. "A lot of time it depends on the first time we see bot in action and what it does," according to Andre DiMino, director of Shadowserver Foundation, a volunteer group of cybercrime busters who, in their free time, are dedicated to finding and stopping malicious activity such as botnets.

Another known as Avalanche was deemed so because of what DiMino described as a preponderance of domain names being used by the botnet. Over the years naming for malware has had a few ground rules. "Don't name anything after the author," he said. "That was most important back when viruses were written for fame." Weafer whipped off a few botnet names that have made headlines in recent years and did his best to recall how they got their titles. The naming dilemma can be a difficult one to tackle according to Vincent Weafer, vice president of Symantec's security response division. Among the more notable, he said, is Conficker, which is thought to be a combination of the English word configure and the German word ficker, which is obscene. Kracken is named after a legendary sea monster. The Storm botnet was named after a famous European storm and the associated spam that was going around related to it.

And MegaD, a large spambot, got its name because it is known for spam that pushes Viagra and various male enhancement herbal remedies. "You can guess what the D stands for after Mega," he said. Because botnets morph and change so frequently, he said, they rarely continue to have a meaningful association with the original malware sample that prompted researchers to name it in the first place. "Botmasters don't restrict themselves to a single piece of malware," said Ollmann "They use multiple tools to generate multiple families of malware. Gunter Ollmann, VP of research with security firm Damballa, believes it is time for a systematic approach to naming botnets that vendors can agree upon. To call a particular a botnet after one piece of malware is naïve and doesn't really encompass what the actual threat is." Also see Botnets: 4 Reasons It's Getting Harder to Find Them and Fight Them Ollmann also adds that the vast majority of malware has no real humanized name, and is seen simply as digits, which makes naming impossible. The most recent iteration of the discussion focused on how to transport the meta-data that describes the particular name threat of the malware.

The result is a confusing landscape for enterprise customers who may be trying to clean up a mess made by a virulent worm, only to find various vendors using different names for the same problem. "There is some work going on among AV vendors to come up with naming convention for the malware sites, but this is independent of the botnets," said Ollmann. "This has been going on for several years now. But there has been no visible progress the end user can make use of." Ollmann said Damballa is now using a botnet naming system, with the agreement of customers, which favors a two-part name and works much like the hurricane naming system used by the National Weather Service. Once a botnet is identified, the name is used and crossed it off the list. The first part of the name comes from a list of pre-agreed upon names. It becomes the name forever associated with that botnet.

While the botnet master changes their malware on a daily basis, they usually only change their malware family balance on a two-or-three day basis, said Ollmann. The second part of the name tracks the most common piece of malware that is currently associated with the botnet. The second part of the name then changes to in order to reflect that fluctuation. "So many of these are appearing it just becomes a case of assigning a human readable name and no other name associated with it," said Ollmann. "It is perhaps ungracious to name them with a hurricane naming system, but it speaks perhaps to the nature of this threat."

The Internet’s First 40 Years: Top Ten Milestones

While 40 years in a person's lifetime is a very long time, the Internet - which turned 40 today - is really only getting started. No birthday celebration for the Internet would be complete without giving recognition to some of the biggest milestones. Still, like just about any 40-year-old guy, the Internet has packed a lot of changes into its life so far.

Deciding on which ones is a totally tough call, because the Internet has made such a huge impact on anyone lucky enough to access it. So here, in chronological order, is my rather arbitrary list of Top Ten Internet Milestones, gleaned largely from a nostalgic look back through the pages of PC World. But as I view things, anyway, it's important to pay tribute to the myriad technologies created over the past four decades to connect people to the Internet - first through modems and then through wireless and cable - as well as to let them access communications like data, radio, and TV in ways once unimaginable. October 29, 1969. Leonard Kleinrock, a UCLA college professor, sends a two-letter message - "lo" - to a computer at Stanford Research Institute. October 13, 1994 - The - eventually to be known as Netscape Navigator - is released as beta code. The Internet is born.

November 6, 1997 - Intel ships a videoconferencing system that runs on the Internet (gasp!) as well as on ISDN phone lines (remember them?) and corporate LANs. February 18, 1998 - The first V.90 modems, enabling Internet access at the then-whopping rate of 56 Kbps, are shipped to stores by 3Com Corp. August 21, 2002 - Together with T-Mobile and HP, Starbucks expands WiFi access to users at 1200 coffee shops throughout the US . Early January, 2009 - Yahoo shows off Connected TV, a platform allowing Web widgets to dock on Internet-connected HDTVs at the Consumer Electronics Show in Las Vegas. Sometime in September 1999 - An Internet-enabled game machine named Dreamcast debuts, pioneering a pathway that will eventually lead to Nintendo's GameCube and Sony's PS3. June 28, 2000 - Metricom rolls out the then-blazingly fast, 128Kbps Ricochet wireless service in Atlanta and San Diego. Early July, 2009 - Internet radio services like Pandora, Blip.fm and Last.fm are saved - albeit temporarily - when recording companies agree to make royalty fees more comparable to those paid by satellite TV services, for example. October 22, 2009 - Microsoft's Internet TV, a new service for accessing Web-based streaming TV shows and movies from directly inside Media Center - finally leaves beta as part of the launch of Windows 7.

HITECH Act: What you need to know about new data-breach guidelines

Healthcare providers and others handling sensitive patient data are now finding the stakes raised if they suffer a data breach because of a new law known as the "Health Information Technology for Economic and Clinical Health Act," or HITECH Act. Depending on whether a data breach arises from a simple mistake to willful theft, fines will range in tiers from as low as $100 per violation for a slip-up regarding unencrypted data to $1.5 million or more for knowingly and willfully violating the data-breach rules, say those familiar with the HITECH Act. "Under the HHS rule, you have to figure out if you had a data breach," says Rebecca Fayed, attorney-at-law firm Sonnenschein, Nath & Rosenthal's healthcare group division in Washington, D.C.. But the new rules, which cover both electronic and paper formats, are far from simple.  Healthcare organizations find IT cures for identity and security  The HITECH Act, devised by Congress primarily to address electronic medical records, is being noted for its impact in adding a tough data-breach notification requirement to the long list of long-existing Health Information Portability and Accountability Act (HIPPA) security and privacy rules. Passed by Congress in February, the HITECH Act is now coming into enforcement by the U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC), which each have been given a role to play under the law, potentially levying punishments and fines on organizations that stumble in protecting personal health information. Like HIPAA, the HITECH Act covers healthcare providers, insurers, clearinghouses and also business associates handling personal information about patient health, as well as other protected information, including name, Social Security number, address and insurance account numbers.

If the data breach "is only five people, HHS doesn't want you calling them," though you will have to inform the individuals impacted. Fayed says there's often the misperception that the HITECH Act will require public disclosure of any data breach of unencrypted personal health information (PHI) but the fine print actually says the data breach has to have impacted at least 500 people in one state. "Then you have to notify the media," she says. And it appears there's no need to report an employee unintentionally accessing a record by mistake in the course of doing his  job. The HHS guidelines set forth two basic ways to secure that data, "encryption" for electronic data and "destruction" applied as a means to destroy electronic data or paper. A lot of the talk about HITECH is centering on encryption because the breach notification only applies to "unsecured PHI," Fayed says.

When it comes to encryption and stored data security, guidelines from the National Institute of Standards and Technology are referenced, including NIST's FIPS 140-2 for certification of encryption products. So, the bottom line is the HHS-issued guidelines, now an interim final rule that went into effect Sept. 23 (though it won't be enforced until February 2010 by the office of civil rights at HHS), is a game-changer. Though encryption isn't mandatory under HITECH Act, just by bringing encryption technology into the discussion of a data breach the federal government is raising the bar about what's implied about best practices, Fayed notes. Wes Rishel, vice president and distinguished analyst at Gartner, calls the HITECH Act ground-breaking. "This is the first time there's been a federal regulation for data breach," Rishel says. Although there are now far fewer known instances of data breaches involving PHI than credit cards, for example, it doesn't mean that these cases don't happen, many say. It changes the balance in terms of security and puts an emphasis unknown before on encryption because a data breach of encrypted data is not going to have to be reported.

Fraud involving stolen patient healthcare data, primarily Medicare/Medicaid identity theft for making money off submitting fraudulent claims, is not uncommon, Fayed says. "The reason you haven't heard about these is because people haven't had to report these yet," she says. But encryption use to protect stored data is not typical today among HIPAA-regulated organizations and they are going to be struggling to encrypt and decrypt effectively among business partners. "Encryption can create a big mess, too." The HITECH Act has more healthcare providers crafting encryption strategies.  "They should be deploying encryption," says Forrester analyst Noel Yuhanna.