Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts.

Some cyber criminals have exploited file-sharing networks and popular webpages to attack targets.

The malicious hackers have turned to these methods instead of going to the trouble of hijacking home PCs.

Using these methods the hi-tech criminals have staged some of the biggest attacks security experts have ever seen.

Poker champion Phil Laak has a good chance of winning when he sits down this week to play 2,000 hands of Texas Hold’em — against a computer.

It may be the last chance he gets. Computers have gotten a lot better at poker in recent years; they’re good enough now to challenge top professionals like Laak, who won the World Poker Tour invitational in 2004.

But it’s only a matter of time before the machines take a commanding lead in the war for poker supremacy. Just as they already have in backgammon, checkers and chess, computers are expected to surpass even the best human poker players within a decade. They can already beat virtually any amateur player.

“This match is extremely important, because it’s the first time there’s going to be a man-machine event where there’s going to be a scientific component,” said University of Alberta computing science professor Jonathan Schaeffer.

The Canadian university’s games research group is considered the best of its kind in the world. After defeating an Alberta-designed program several years ago, Laak was so impressed that he estimated his edge at a mere 5 percent. He figures he would have lost if the researchers hadn’t let him examine the programming code and practice against the machine ahead of time.

Earlier this week, Microsoft Windows watcher Winbeta.org posted an e-mail from the software giant’s Windows Driver Kit team that ended up launching a media feeding frenzy on news sites around the world. According to Microsoft’s e-mail to the site, the release of a beta version of the first service pack for Vista was available for download.

The resulting avalanche of press reports from around the globe forced Microsoft to clarify the report by saying that the earlier e-mail was actually designed to announced the availability of the beta of Windows Server 2008 instead of Vista Service Pack 1 (SP1), and that the confusion was due to a typo.

Michael Silver, research vice president in Gartner’s Client Computing group, said that although Vista SP1 is not yet ready to roll, the sooner Microsoft releases it, the sooner businesses that look at SP1 as an important milestone will start adopting Vista.

If Microsoft gets SP1 out this year, he said, it could buy Microsoft an extra quarter of adoption in businesses, Silver explained. “That may not fuel a lot of extra revenue, but it helps improve the perception of Vista,” he noted.

For some security researchers who uncover flaws in leading computer programs, a nod of appreciation from software companies is no longer enough. Now they want money.

Critics say the purity of research is in jeopardy as discoveries are shopped around instead of submitted directly to software vendors so they can quickly develop a fix.

“I don’t like there being an incentive to turn this into a market,” said Bruce Schneier, chief technology officer for security company BT Counterpane. “Then you create incentives for the bad guys to start finding this stuff and selling it, and if the bad guys charge more, the good guys have to charge more.”

Some companies already have been offering payments for such information — hundreds or thousands of dollars depending the severity of the flaw — and a Swiss-based auction site opened this month to encourage bidding for such knowledge.

Software vendors so far have refrained from purchasing the information themselves, reluctant to encourage extortion — researchers holding out or threatening to sell to criminals unless they get the right price.

Search portal Ask.com plans to make it easier for Web searchers to cover their tracks. The company is introducing a new feature to its Web portal later this year called AskEraser, which will let users perform anonymous searches.

When AskEraser is turned on, the Web site will not retain the data it typically stores during a search, said Patrick Crisp, an Ask.com spokesman. “We will allow users to select a privacy setting that says ‘I do not want you to retain my data at all,’” he said.

If AskEraser is not turned on, the site will store the search query, the IP (Internet Protocol) address and some cookie information from the user, as well as the URL the user visited before coming to Ask.com, Crisp said.

Search engines like Ask.com say that they retain this sort of information in order to improve their sites, but this practice has become controversial, with privacy advocates worrying that the data could be leaked or misused.

Marc Nathoni writes with a ZDet article about a critically dangerous hole in the Java Runtime Environment. Due to the ubiquitousness of Java, this could prove a serious security problem.

“Australia’s Computer Emergency Response Team (AusCERT) analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. ‘Delivery of exploits in this manner is attractive to attackers because even though the browser may be fully patched, some people neglect to also patch programs invoked by browsers to render specific types of content,’ said Lowe.”

Copies of the final Harry Potter book have already been shipped to customers by one U.S. online retailer, U.S. publisher Scholastic said on Wednesday, and purported copies of the novel have flooded the Internet.

Scholastic Corp. said it was taking legal action against book distributor Levy Home Entertainment and DeepDiscount.com for breaching an embargo preventing the seventh Harry Potter book from being sold in America before 12:01 a.m./0401 GMT on Saturday. The publisher said Levy delivered the books to the online retailer.

People started receiving copies of “Harry Potter and the Deathly Hallows” on Tuesday, but the number of copies shipped only made up “around one one-hundredth of one percent” of the 12 million copies due to go on sale, Scholastic said.

Photographs have also been posted on the Internet of what is claimed to be each page of the book, but Scholastic would not comment on whether they were real. Links to the pictures quickly flooded Web sites around the world.

Toshiba Corp. said on Thursday it has recalled more Sony Corp. laptop computer batteries due to fire risk, rekindling concerns over the safety of Sony-made batteries.

Toshiba is replacing a total 10,000 battery packs after three of its laptop PCs using battery cells made on December 3, 2005 caught fire in the last 10 months. No one was hurt in the incidents.

Only 5,100 units of the 10,000 packs are potentially defective, but Toshiba is recalling double the amount to make sure all the battery packs containing targeted battery cells are exchanged.

Apple Inc.’s flashy new iPhones may be jamming parts of the wireless network at Duke University, where technology officials worked with the company Wednesday to fix problems before classes begin next month.

Bill Cannon, a Duke technology spokesman, said an analysis of traffic found that iPhones flooded parts of the campus’ wireless network with access requests, freezing parts of the system for 10 minutes at a time.

A single iPhone was powerful enough to cause the problem, and there are 100 to 150 of them registered on the network, Cannon said. Network administrators have noticed the problem nine times in the past week.

Google Inc. is shortening the life span of its “cookie” data-tracking file - but it’s not clear whether the move would do much to enhance privacy.

Under the new policy, the cookies would expire automatically after two years, instead of in 2038 as is currently the case. However, the two-year period could get automatically extended when users revisit Google’s search engine, so one might have to avoid Google for a full two years to see the cookie automatically expire.

Chinese Web sites published reports and photographs on Wednesday which they said may contain the ending to the eagerly awaited seventh and final installment of the Harry Potter book series.

The author of a Potter article on the Web site of a newspaper called Strait News, said by telephone that the pictures came from an overseas peer-to-peer download site.

“Since the actual book hasn’t been released, no one can be sure if it’s the real thing or not,” he said. The pages were subsequently removed, he added.

But a handful of other sites, including the popular Sina.com, also ran the article and pictures.

Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said.

The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd.

Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches.

The other parties either declined comment or did not respond to requests for comment.