Tuesday, February 20, 2007
Merger Would End Satellite Radio’s Rivalry
By RICHARD SIKLOS and ANDREW ROSS SORKIN
The nation’s two satellite radio services, Sirius and XM, announced plans yesterday to merge, a move that would end their costly competition for radio personalities and subscribers but that is also sure to raise antitrust issues.
The two companies, which report close to 14 million subscribers, hoped to revolutionize the radio industry with a bevy of niche channels offering everything from fishing tips to salsa music, and media personalities like Howard Stern and Oprah Winfrey, with few commercials. But neither has yet turned an annual profit and both have had billions in losses.
While there had been speculation of a merger, neither side had engaged in serious negotiations until December, when both companies determined it was in their best interests to complete a deal while the Bush administration was in power, people in the negotiations said.
The companies said yesterday that their $13 billion merger — code-named Project Big Sky by XM — would give consumers a broader range of programming, while eliminating overlapping stations that focus on genres of music. At the same time, they said, they could cut duplicated costs in sales and marketing.
A merger would require antitrust approval from the Justice Department and would have to be considered in the public interest by the Federal Communications Commission.
Under their operating licenses, XM and Sirius were prohibited from ever owning each other’s license. The commission could waive that rule. But critics pointed to its rejection of the merger of the satellite television broadcasters EchoStar and DirecTV four years ago.
Questioned last month about a possible Sirius-XM merger, the F.C.C. chairman, Kevin J. Martin, initially appeared to be skeptical, but later said that if such a deal were proposed, the agency would consider it.
In a statement yesterday, Mr. Martin acknowledged that the F.C.C. rule could complicate a merger but said the commission would evaluate the proposal. “The hurdle here, however, would be high,” he said.
The proposed merger, first reported yesterday by The New York Post, promises to be a test of whether regulators will see a combination of XM and Sirius as a monopoly of satellite radio communications or whether they will consider other audio entertainment, like iPods, Internet radio and HD radio, to be competitors.
“If the only competition to XM is Sirius, then you don’t let the deal through,” said Blair Levin, managing director of Stifel Nicolaus & Company and a former F.C.C. chief of staff. But Mr. Blair said he expected the F.C.C. to approve the merger.
“It’s my view that in looking at this picture, the Justice Department is going to conclude that the market is contestable, that there’s various ways these services compete and they’ll allow this merger.”
Both Sirius and XM have been rapidly adding customers since they began selling the concept of subscription-based radio available coast to coast about six years ago. XM ended 2006 with nearly eight million customers but Sirius increased its subscriber base by 80 percent last year, to about six million, after it signed Mr. Stern in a $725 million cash and stock deal.
Still, both companies had expected faster growth, and the real number of subscribers may be less than appears at first glance. Many receive the service free for a trial period when buying a new car or truck.
The two services have some $6 billion in accumulated losses. Both companies’ share prices have slumped recently as investors cooled on the companies’ prospects for generating profits, given the heavy costs of acquiring programming talent like Mr. Stern and the radio rights to the National Football League and Major League Baseball.
The companies’ services are, for the moment, not compatible. If the merger were approved, officials said yesterday, they would provide subscribers with technology that would allow them access to both services.
Each sells subscriptions for $12.95 a month. The cost of the combined service is yet to be determined.
Pricing the service is only one of many commercial and operational challenges the merger would face. For one thing, XM has prided itself on being advertising-free while Sirius sells ads on its talk radio fare, including Mr. Stern’s shows.
Craig E. Moffett, an analyst with Sanford C. Bernstein & Company, said it was not clear that Mr. Stern, Ms. Winfrey and some of the other major draws on the channels would be readily accessible to the merged companies’ wider audience.
Mel Karmazin, the longtime broadcasting executive who has been chief executive of Sirius for the past two years, said he had tried to reach Mr. Stern, who is on vacation, but had not yet done so, and a company spokesman said Sirius does not discuss its contracts.
The new company’s name and where it would be based — Sirius is in New York and XM in Washington — have not yet been determined. Mr. Karmazin would continue as chief executive while Gary Parsons, XM’s chairman, would remain as chairman of the merged company.
In an interview yesterday, Mr. Karmazin and Mr. Parsons said they believed they could prove the combination would be in the public interest.
Mr. Parsons said that unlike EchoStar and DirecTV, whose only rival was cable television, the satellite radio companies have a very small audience compared with the ways people get music, information and entertainment in audio formats, including iPods and the Internet. “The only thing that you could even think of as similar between those companies and us is that they both use satellites,” Mr. Karmazin said.
But critics are lining up. The National Association of Broadcasters, a trade group that represents broadcast radio and television stations, issued a statement within hours of the XM-Sirius announcement.
“In coming weeks, policy makers will have to weigh whether an industry that makes Howard Stern its poster child should be rewarded with a monopoly,” it said.
XM and Sirius had been in a mating dance for years, with Mr. Karmazin and Mr. Parsons flirting both publicly and privately. According to people involved in the talks, they began serious talks just before Christmas.
Anxious about Mr. Karmazin and Mr. Parsons being spotted together, the two sides decided to meet in an inconspicuous spot: the Upper East Side apartment of one of Mr. Parsons’s bankers, Dennis S. Hersch, a former lawyer who joined JPMorgan Chase two years ago.
Mr. Karmazin met with Mr. Parsons for several hours in Mr. Hersch’s living room one morning in late December, these people said. They sat on sofas flanked by their advisers, James B. Lee and Mr. Hersch of JPMorgan Chase, which represented XM, and Paul Taubman of Morgan Stanley, which worked for Sirius. The men decided to pursue a deal.
An army of merger and antitrust lawyers for both sides worked several marathon weeks of conference calls and trips to Washington to gauge the political climate for the transaction before opining that the deal should pass regulatory muster. Simpson Thacher & Bartlett and Wiley Rein are representing Sirius; XM is being advised by Skadden, Arps, Slate, Meagher & Flom; Jones Day; and Latham & Watkins.
About a month later, the two sides reconvened, this time at Mr. Karmazin’s apartment in the Trump International Hotel and Tower just off Columbus Circle overlooking Central Park. It was a daylong negotiation. But both sides were far apart on price: Mr. Karmazin didn’t want to pay much of a premium and Mr. Parsons was seeking an even higher one than he got yesterday. Mr. Parsons and his advisers left the apartment thinking the talks might collapse.
About a week later, after talking to their boards, the two sides were coaxed back together, both giving a little on price. Two weeks ago, Mr. Parsons returned to Mr. Karmazin’s apartment. This time, the men reached a deal and shook hands on it.
Jeremy W. Peters contributed reporting.
Tuesday, January 30, 2007
A Lively Market, Legal and Not, for Software Bugs
Microsoft says its new operating system, Windows Vista, is the most secure in the company’s history. Now the bounty hunters will test just how secure it is.
When its predecessor, Windows XP, was released five years ago, software bugs were typically hunted by hackers for fame and glory, not financial reward. But now software vulnerabilities — as with stolen credit-card numbers and spammable e-mail addresses — carry real financial value. They are commonly bought, sold and traded online, both by legitimate security companies, which say they are providing a service, and by nefarious hackers and thieves.
Vista, which will be installed on millions of new PCs starting today, provides the latest target.
This month, iDefense Labs, a subsidiary of the technology company VeriSign, said it was offering $8,000 for the first six researchers to find holes in Vista, and $4,000 more for the so-called exploit, the program needed to take advantage of the weakness.
IDefense sells such information to corporations and government agencies, which have already begun using Vista, so they can protect their own systems.
Companies like Microsoft do not endorse such bounty programs, but they have even bigger problems: the willingness of Internet criminals to spend large sums for early knowledge of software flaws that could provide an opening for identity-theft schemes and spam attacks.
The Japanese security firm Trend Micro said in December that it had found a Vista flaw for sale on a Romanian Web forum for $50,000. Security experts say that the price is plausible, and that they regularly see hackers on public bulletin boards or private online chat rooms trying to sell the holes they have discovered, and the coding to exploit them.
Especially prized are so-called zero-day exploits, bits of disruption coding that spread immediately because there is no known defense.
Software vendors have traditionally asked security researchers to alert them first when they find bugs in their software, so that they could issue a fix, or patch, and protect the general public. But now researchers contend that their time and effort are worth much more.
“To find a vulnerability, you have to do a lot of hard work,” said Evgeny Legerov, founder of a small security firm, Gleg Ltd., in Moscow. “If you follow what they call responsible disclosure, in most cases all you receive is an ordinary thank you or sometimes nothing at all.”
Gleg sells vulnerability research to a dozen corporate customers around the world, with fees starting at $10,000 for periodic updates. Mr. Legerov says he regularly turns down the criminals who send e-mail messages offering big money for bugs they can use to spread malicious programs like spyware.
Misusing such information to attack computers or to aid others in such attacks is illegal, but there appears to be nothing illegal about the act of discovering and selling vulnerabilities. Prices for such software bugs range from a couple of hundred dollars to tens of thousands.
Microsoft is not the only target, of course. Legitimate security researchers and underground hackers look for weaknesses in all commonly used software, including Oracle databases and Apple’s Macintosh operating system. The more popular a program, the higher the price for an attacking code.
The sales of Vista faults will therefore continue to trail the sale of flaws in more widely used programs, even Windows XP, for the foreseeable future.
“Of course it concerns us,” Mark Miller, director of the Microsoft Security Response Center, said of the online bazaar in software flaws, which it has declined to enter. “With the underground trading of vulnerabilities, software makers are left playing catch-up to develop updates that will help protect customers.”
Throughout the 1990s, software makers and bug-hunters battled over the way researchers disclosed software vulnerabilities. The software vendors argued that public disclosure gave attackers the blueprints to create exploitative programs and viruses. Security researchers charged that the vendors wanted to hide their mistakes, and that making them public allowed companies and individual computer users to protect their systems.
The two sides reached an uneasy compromise. Security researchers would inform vendors of vulnerabilities, and as long as the vendor was responsive, wait for the release of an official patch before publishing code that an attacker could use. Vendors would give public credit to the researcher. The détente worked when most researchers were motivated by acclaim and a desire to improve security.
But “in the last five years the glory seekers have gone away,” said David Perry, global education director at Trend Micro. “The people who are drawn to it to make a living are not the same people who were drawn to it out of passion.”
In 2002, iDefense Labs became one of the first companies to pay for software flaws, offering just a few hundred dollars for a vulnerability. It administered the program quietly for a few years, then answered early critics by arguing that it was getting those bugs out into the open and informing software makers, at the same time as clients, before announcing them to the general public.
“We give vendors ample time to react, and then we try to responsibly release them,” said Jim Melnick, the director of threat intelligence at iDefense.
In 2005, TippingPoint, a division of the networking giant 3Com, joined iDefense in the nascent marketplace with its “Zero-Day Initiative” program, which last year bought and sold 82 software vulnerabilities. IDefense said its freelance researchers discovered 305 holes in commonly used software during 2006 — up from 180 in 2005 — and paid $1,000 to $10,000 for each, depending on the severity.
Security researchers warmed to the idea that vulnerabilities were worth real dollars. In December 2005, a hacker calling himself “Fearwall” tried to sell on eBay a program to disrupt computers through Excel, Microsoft’s spreadsheet program. Bidding reached a paltry $53 before the auction site pulled it.
Nevertheless, several Internet attacks in the following months exploited flaws in Excel, suggesting to security experts that its creator ultimately found other ways to sell it.
In January 2006, a Moscow-based security company, Kaspersky Labs, found more evidence of an emerging marketplace for software bugs. Russian hacking gangs, it disclosed at the time, had sold a “zero-day” program aimed at the Microsoft graphics file format, Windows Metafile or WMF. The price: $4,000.
The program was widely used that month and allowed criminals to plant spyware and other malicious programs on the computers of tens of thousands of unsuspecting Internet users. Microsoft rushed out a patch.
It had to distribute another patch in September, to counter one more malicious program, which involved a flaw in the vector graphics engine of Internet Explorer, that enabled further cyber mischief.
Marc Maiffret, co-founder of eEye Digital Security, a computer security company, said prices in the evolving black market quickly proved higher than what legitimate companies would pay. “You will always make more from bad guys than from a company like 3Com,” he said.
Even ethical researchers feel that companies like iDefense and TippingPoint do not adequately compensate for the time and effort needed to discover flaws in complex, relatively secure software.
And some hackers have little ethical compunction about who buys their research, or what they use it for. In a phone interview last week arranged by an intermediary in the security field, a hacker calling himself “Segfault,” who said he was a college-age student in New York City, led a reporter on an online tour of a public Web site, ryan1918.com, where one forum is provocatively titled “Buy-Sell-Trade-0day.”
Segfault, who said he did not want to reveal his name because he engages in potentially illegal activity, said the black market for zero-days “just exploded” last year after the damaging Windows Metafile attack.
He claims he earned $20,000 last year from selling his own code — mostly on private chat channels, not public forums like Ryan1918 — making enough to pay his tuition.
Although he conceded that Microsoft had made significant strides with Vista’s security, he said underground hacker circles now had a powerful financial incentive to find its weak links.
“Vista is going to get destroyed,” he said.
That may be an exaggeration. Microsoft has taken precautions such as preventing unauthorized programs from running at the most central part of the system, called the kernel, and creating an extra level of protection between the operating system and the browser.
Microsoft appears to wish the open market for flaws in their products would simply disappear. “Our practice is to explicitly acknowledge and thank researchers when they find an issue in our software,” said Mike Reavey, operations manager of the company’s security response center. “While that’s not a monetary reward, we think there is value in it.”
But independent security analysts say those days are over. Raimund Genes, the Trend Micro researcher who found the Vista bug for sale on a Romanian Web site, said, “The driving force behind all this now is cash.”
Saturday, January 27, 2007
Intel Says Chips Will Run Faster, Using Less Power
Intel, the world’s largest chip maker, has overhauled the basic building block of the information age, paving the way for a new generation of faster and more energy-efficient processors.
Company researchers said the advance represented the most significant change in the materials used to manufacture silicon chips since Intel pioneered the modern integrated-circuit transistor more than four decades ago.
The microprocessor chips, which Intel plans to begin making in the second half of this year, are designed for computers but they could also have applications in consumer devices. Their combination of processing power and energy efficiency could make it possible, for example, for cellphones to play video at length — a demanding digital task — with less battery drain.
The work by Intel overcomes a potentially crippling technical obstacle that has arisen as a transistor’s tiny switches are made ever smaller: their tendency to leak current as the insulating material gets thinner. The Intel advance uses new metallic alloys in the insulation itself and in adjacent components.
Word of the announcement, which is planned for Monday, touched off a war of dueling statements as I.B.M. rushed to announce that it was on the verge of a similar advance.
I.B.M. executives said their company was planning to introduce a comparable type of transistor in the first quarter of 2008.
Many industry analysts say that Intel retains a six-month to nine-month lead over the rest of the industry, but I.B.M. executives disputed the claim and said the two companies were focused on different markets in the computing industry.
The I.B.M. technology has been developed in partnership with Advanced Micro Devices, Intel’s main rival. Modern microprocessor and memory chips are created from an interconnected fabric of hundreds of millions and even billions of the tiny switches that process the ones and zeros that are the foundation of digital computing.
They are made using a manufacturing process that has been constantly improving for more than four decades. Today transistors, for example, are made with systems that can create wires and other features that are finer than the resolving power of a single wavelength of light.
The Intel announcement is new evidence that the chip maker is maintaining the pace of Moore’s Law, the technology axiom that states that the number of transistors on a chip doubles roughly every two years, giving rise to a constant escalation of computing power at lower costs.
“This is evolutionary as opposed to revolutionary, but it will generate a big sigh of relief,” said Vivek Subramanian, associate professor of electrical engineering and computer sciences at the University of California, Berkeley.
For several decades there have been repeated warnings about the impending end of the Moore’s Law pace for chip makers. In response the semiconductor industry has repeatedly found its way around fundamental technical obstacles, inventing techniques that at times seem to defy basic laws of physics.
The chip industry measures its progress by manufacturing standards defined by a width of one of the smallest features of a transistor for each generation. Currently much of the industry is building chips in what is known as 90-nanometer technology. At that scale, about 1,000 transistors would fit in the width of a human hair. Intel began making chips at 65 nanometers in 2005, about nine months before its closest competitors.
Now the company is moving on to the next stage of refinement, defined by a minimum feature size of 45 nanometers. Other researchers have recently reported progress on molecular computing technologies that could reduce the scale even further by the end of the decade.
Intel’s imminent advance to 45 nanometers will have a huge impact on the industry, Mr. Subramanian said. “People have been working on it for over a decade, and this is tremendously significant that Intel has made it work,” he said.
Intel’s advance was in part in finding a new insulator composed of an alloy of hafnium, a metallic element that has previously been used in filaments and electrodes and as a neutron absorber in nuclear power plants. They will replace the use of silicon dioxide — essentially the material that window glass is made of, but only several atoms thick.
Intel is also shifting to new metallic alloy materials — it is not identifying them specifically — in transistor components known as gates, which sit directly on top of the insulator. These are ordinarily made from a particular form of silicon called polysilicon.
The new approach to insulation appears at least temporarily to conquer one of the most significant obstacles confronting the semiconductor industry: the tendency of tiny switches to leak electricity as they are reduced in size. The leakage makes chips run hotter and consume more power.
Many executives in the industry say that Intel is still recovering from a strategic wrong turn it made when the company pushed its chips to extremely high clock speeds — the ability of a processor to calculate more quickly. That obsession with speed at any cost left the company behind its competitors in shifting to low-power alternatives.
Now Intel is coming back. Although the chip maker led in the speed race for many years, the company has in recent years shifted its focus to low-power microprocessors that gain speed by breaking up each chip into multiple computing “cores.” In its new 45-nanometer generation, Intel will gain the freedom to seek either higher performance or substantially lower power, while at the same time increasing the number of cores per chip.
“They can adjust the transistor for high performance or low power,” said David Lammers, director of WeSRCH.com, a Web portal for technical professionals.
The Intel development effort has gone on in a vast automated factory in Hillsboro, Ore., that the company calls D1D. It features huge open manufacturing rooms that are kept surgically clean to prevent dust from contaminating the silicon wafers that are whisked around the factory by a robotic conveyor system.
The technology effort was led by Mark T. Bohr, a longtime Intel physicist who is director of process architecture and integration. The breakthrough, he said, was in finding a way to deal with the leakage of current. “Up until five years ago, leakage was thought to increase with each generation,” he said.
Several analysts said that the technology advance could give Intel a meaningful advantage over competitors in the race to build ever more powerful microprocessors.
“It’s going to be a nightmare for Intel’s competitors,” said G. Dan Hutcheson, chief executive of VLSI Research. “A lot of Mark Bohr’s counterparts are going to wake up in terror.”
An I.B.M. executive said yesterday that the company had also chosen hafnium as its primary insulator, but that it would not release details of its new process until technical papers are presented at coming conferences.
“It’s the difference between can openers and Ferraris,” said Bernard S. Meyerson, vice president and chief technologist for the systems and technology group at I.B.M. He insisted that industry analysts who have asserted that Intel has a technology lead are not accurate and that I.B.M. had simply chosen to deploy its new process in chips that are part of high-performance systems aimed at the high end of the computer industry.
Intel said it had already manufactured prototype microprocessor chips in the new 45-nanometer process that run on three major operating systems: Windows, Mac OS X and Linux.