24th > March > 2000 Archive

The Register breaking news

Don't believe the m-commerce hype

The current frenzy about gizmo mobile phones providing wireless access to the Net is nothing short of hype, according to a report by analysts Ovum. In its report Mobile E-commerce - Market Strategies, Ovum claims those involved in this fledgling industry should concentrate on providing "genuinely unique and compelling services" rather than trying to excite the market with over-hyped messages of "cool new technology". The report claims that there are perfectly good alternatives to buying goods and services without having to resort to m-commerce. "What's to persuade someone to order a pizza using a mobile application, rather than just picking up the phone?" asked report author Duncan Brown. "There would have to be a significant value-add to change habits: perhaps discounts, an up to date menu on screen - easy selection of pizza and toppings with a few key presses - and no waiting for engaged tones or overworked staff," he said. What's more, Brown claims the demand for m-commerce is being driven by suppliers, rather than customers. "It's debatable whether ordinary consumers are actually demanding mobile e-commere services right now," he said. "It's more a case of suppliers sensing an opportunity to make money, and pushing the idea at them," said Brown. ®
Tim Richardson, 24 Mar 2000
The Register breaking news

Telewest has bandwidth ‘coming out of its ears’

Telewest, Britain's second biggest cableco, has finally launched its new broadband service, details of which were unintentionally leaked last week. The only thing Telewest managed to keep under wraps was the name of the new service: "Blueyonder". So, now you know. Blueyonder is set to offer unmetered access to broadband services from £50 a month including a host of multimedia services such as live video, online betting and video advertising. Nice. Telewest CE Tony Illsley said: "Blueyonder today is what a lot of us thought the Internet would be until we tried it. "Progressively, it will deliver broadband interactive services from personal and property security, to on-line medical diagnosis and treatment, to entertainment, culture and information of virtually limitless nature - all interactively and with extraordinary graphic and dynamic quality. "At £50 per month, this is a premium service; but one that will offer exceptional value to serious Internet users, home workers, professional people and others." Telewest claims to have invested almost £4 billion to create the UK's "most extensive cable network and one of the world's best broadband digital platforms". "That gives us the ability to do things others simply cannot," claimed Illsley. A spokesman for Telewest said Blueyonder would not suffer the same network problems that have plagued SurfUnlimited. "It's on a completely different network," he said, "and we've got bandwidth coming out of our ears." ® Related Stories Telewest leaks broadband service - by mistake Refunds for SurfVeryLimited customers
Tim Richardson, 24 Mar 2000
The Register breaking news

We're expecting some in today, sir

Orange is still suffering a shortage of WAP phones, while its rivals are scooping up spare handsets. Demand is outstripping supply on the Orange Nokia 7110e (navi-bar WAP phone), the company confirmed. It received a shipment from Nokia today, but was unable to say how big the order was, or how long stocks would last. According to one source, keen customers are "told to call the customer support number between 10am and 12pm daily - when news of a new shipment may arrive". And it could get worse: Orange has scheduled a big ad campaign to flog even more WAP phones but, as it is unable to meet existing demand, the promotion could create even bigger order backlogs. Orange said it was only receiving sporadic deliveries of the phones, priced at £129.99. "We continue to get deliveries through from Nokia – though they're slower than we'd hoped," said one representative. Orange claims to have sold 25,000 of the phones since the handset's launch last November. It splits deliveries equally between existing customers wanting to upgrade phones and new customers. Its problems in meeting orders were first highlighted in January. "The demand for this phone is incredible," said the representative. Orange says it has already sold more of the devices than its Motorola V3688s – the compact phone that nearly gets humped by a tortoise in the TV advert. One of the reasons given by Orange and Nokia for the shortages was that its phones demanded different software in handsets for their menu structure. Orange was unable to clarify how long customers could expect to wait for its shiny Nokia WAP phones. Meanwhile, BT Cellnet has revealed plans to offer pre-pay WAP phones from 3 April. It will have a Mitsubishi Trium Geo Internet package at £99.99, with plans to introduce handsets from Siemens and Alcatel. To overcome the WAP phone shortage which has plagued Europe, Cellnet has bought a number of handsets and hopes to be able to provide half a million to the UK market by June, The Times reports. Orange's WAP sales figure makes interesting reading. Last month the Financial Times stated there were a total of 15,000 WAP phones in the country, of which just 6000 had been sold. Nokia said it was not aware of any other networks suffering a shortage problem on this model. ® Related Stories Motorola unveils phone-in-a-watch WAP device Orange WAP phones in short supply
Linda Harrison, 24 Mar 2000
The Register breaking news

Less to Free Internet than meets the eye

Another Net company has announced its intentions to launch an unmetered flat-fee service. Free Internet Group of Brentford, Middlesex, says it will provide the service for a one-off payment of £50 and £20 a year membership fee. Family membership costs £100.
Tim Richardson, 24 Mar 2000
The Register breaking news

UK online ad spend: puny but growing fast

Online advertising sales in Britain leapt 122 per cent in Q2 1999 compared to Q1, according to the latest detailed survey by Pricewaterhouse Coopers for the Internet Advertising Bureau (IAB). Although the percentage increase sounds impressive, in monetary terms ad spend only increased from £7.9 million to £17.3 million between Q1 and Q2 last year. No matter, say the authors of the study, who reckon these figures are proof positive that advertisers in Britain are beginning to trust the Net. They claim larger sites are now making increasing use of sophisticated ad serving technology, which allows them to achieve broad reach and also to target their advertising. Tom Bowman, chair of market statistics at the IAB, said: "In a market that has more than doubled, ad banners continue to be the tool of choice for advertisers. "These statistics reinforce the power of banner advertising and silence any claims that this medium is no longer the lynchpin of Internet advertising spend. "With revenue of £17.3 million in only the first half of 1999 we expect that the second quarter of 1999 will surpass all expectations," he said. Last year total ad spend in Britain reached a wallet-bursting £13 billion ($20.8 billion), which makes online ad spending a mere single byte in an hour-long sequence of streaming video. ®
Tim Richardson, 24 Mar 2000
The Register breaking news

T-Online puts IPO to the ballot

T-Online's chairman, Wolfgang Keuntje, told German business television channel n-tv that he has not excluded the possibility of offering shares in his company via a lottery. The details of how it would work are not clear yet, he told n-tv, but the demand is so high that a traditional quotation is just not possible. T-Online, the number one ISP in Germany with seven million subscribers, is a fully owned subsidiary of Deutsche Telekom. AOL Germany is number two. About 21 per cent of 28 million German households have an Internet connection. The bookbuilding will run from 3 April to 12 April, with First Notice on 17 April. Only ten per cent of T-Online's capital will be floated - about 100 million shares. T-Online will price its IPO conservatively, according to Keunte. He would prefer to have a positive market debut than "end up seeing the stock fall in the first days after issuance", the FT reports. But generous pricing will stoke up demand even further. The lottery idea will be necessary if the demand for shares of T-Online are as mad as the demand was for Infineon, the Siemens semiconductor unit spin-off. Infineon was 33 times oversubscribed in the days leading up to its market debut. Raising E6 billion ($5.82 billion), it was the biggest IPO in the country since Deutsche Telekom. The former monopoly-holder's IPO in November 1996 raised E13.19 billion ($12.8 billion). Lastminute.com's recent IPO left many retail investors dissatisfied. In an attempt to keep everyone happy, the company sold shares to everyone who applied - all 200,000 of them. Unfortunately, each new shareholder was left with just 35 shares apiece, worth under £150 at IPO day, too few to make a profit (once dealing costs are taken into account). This week, with the beginning of official trading in Lastminute stock, has seen an exodus of disgruntled retail investors - and a big fall in the company's share price. Lastminute's share price rallied yesterday to close up 19.5p at 307.5p, well underneath its 380p IPO price. ®
The Register breaking news

Acer looks to Net for post-hardware profits

Acer, like the world+dog, plans to expand beyond its traditional hardware markets into the Internet business, the company's co-founder said today. George Huang, Acer's corporate general controller, told Reuters that the company wants to become a major player in the Asia Internet market. The report paints Huang's comments as a new shift in focus, but Acer has clearly been thinking along these lines for some time. Last year, chairman Stan Shih told Reuters he predicted Acer's hardware business would last only ten years. In December, Acer offloaded its semiconductor business to Taiwan Semiconductor Manufacturing Corp. And the company has to date invested $50 million in 16 Net firms. However, according to Huang, that sum is set to rise to $500 million over the next two to three years. The focus, he said, will be on the Asian market: "The Internet... is very culture-oriented. Lots of content must be localised or regionalised, and Acer has had great experience in this region." That said, the money will be coming from the West. Huang said Acer's Internet business, to be known as Acer Digital Services, will seek funding from the US and ultimately be listed on Nasdaq. The IPO should take place by the end of the year. ®
Tony Smith, 24 Mar 2000
The Register breaking news

Rambus extends Hitachi legal action

In a ploy closely mirroring an Intel legal strategy, Rambus yesterday filed a suit with the US International Trade Commission (ITC) in an attempt to prevent Hitachi from importing its memory into the US, reports Semiconductor Business News. At the same time, Rambus also filed an action against Sega, which uses Hitachi memories in its Dreamcast console. Rambus already has an existing legal action pending, which alleges that Hitachi uses some of its technology in memory chips it makes. The paradoxical part of that case is that most of the other big memory companies in the world use similar technology to Hitachi, implying that they too infringe Rambust patents. The patent in question refers to clock timing, but, SBN reports, the suit filed with the ITC specifically mentions not just SDRAM and double data rate (DDR) memory, but also Hitachi microprocessors. Intel filed a complaint to the ITC back in late January, requesting that the US government prevent imports of Via chipsets. Intel alleges that its patents are infringed by Via, and has also pursued independent legal action against Via and associated companies in a number of different countries. Rambus appears hell-bent on ensuring that its own memory technology eventually wins the day, despite a number of setbacks which mean that, so far, it has little market share. On the Intel x86 platform, many third party companies, including semiconductor and motherboard firms, do not care to use Rambus memory in their designs. ® See Also The SBN story can be found here
Mike Magee, 24 Mar 2000
The Register breaking news

Micron rolls out faster DDR chips

US semiconductor firm Micron said yesterday it has started to sample 150MHz and 166MHz versions of 2MB x 32 double data rate (DDR) memories. The firm said the memories, which uses 0.18 micron process technology, are intended for high bandwidth applications. The parts are intended for graphics and telecoms applications, Micron said, and will be available in volume during the third quarter of this year. The 2MB x 32 DDRs will function at speeds of 183MHz and 200MHz, Micron said, and complement existing products which clock at 143MHz, 150MHz and 166MHz. Micron demonstrated a chipset codenamed Samurai which supports DDR memories at the Intel Developer Forum last month, but, at the time, said that the chipset was unlikely to go into production. Many of Intel's larger PC customers will use DDR memory in servers arriving later this year, including machines using the Foster IA-32 technology. However, Intel is still recommending that PC vendors use Rambus memory for Foster's blood brother, the Willamette platform, although analysts say that there are bound to be DDR chipsets for this microprocessor too. ®
Mike Magee, 24 Mar 2000
The Register breaking news

Undercover Intel goons terrorise dealers

Intel resellers are bracing themselves for visits from trenchcoated undercover agents checking up on their recall of Chipzilla marketing speak. Under the 'Intel Mystery Shopper' T scheme, dealers who drop casual references to Advanced Transfer Cache, Screaming Sindy's Extensions and the very wonderful* WebOutfitter service, can win a mystery prize. Check out the details here. If they run a demo using a Pentium III, they will "instantly win an attractive bonus". Details of the mystery prizes and bonus are unavailable (as it is Intel's policy not to comment on unannounced prizes and bonii). This latest harebrained scheme from the Great Stan of Marchitecture is in no way an attempt to locate dodgy dealers who are flogging engineering sample Intel chips because Chipzilla won't send them any production ones. Oh deary me, no. So repeat after me: "Rewarding Internet experience... 70 new instructions... unbelievable 3D..." Now where's my prize? ® *Wonderful in the sense that it doesn't work under Windows 2000.
Andrew Thomas, 24 Mar 2000
The Register breaking news

Allchin admits Win2001 code leak after Web slagfest

The strange escape of pre-beta code for Whistler, the proposed successor to Windows 2000, earlier this week was followed up by a bizarre flurry around the Web over the last 12 hours or so. Several sites seem to have seized on an apparent Microsoft claim that the whole thing was a fraud, and then retreated with their tails between their legs when Jim Allchin, no less, came out with his hands up and admitted it was real. This morning UK time there doesn't seem to be a whole lot left of whatever it was they said, but a victorious and vindicated Byron Hinson of ActiveWin, which along with BetaNews broke the story, told The Register that several sites "had started to state that the Whistler leak we posted about was faked". Nate Mook of BetaNews, however, emailed MS OS supremo Allchin who confirmed that it wasn't, and claimed that InfoWorld had misquoted him as saying he thought it was a "press ruse". We at The Register marvel at the venom levels prevalent in certain parts of the Web, and confess ourselves entirely baffled by anybody, even briefly, believing the leak was a fake. The key proof that is wasn't is that the claimed content was so dull - if you're going to make something up, you're going to make it exciting, right? This is what Microsoft spinmeisters do when they're leaking slideware about operating systems that don't exist yet (eg. Millennium, as leaked getting on for a year ago). But enough of that. Unless there's a misattribution on the ActiWin site, the "press ruse" misquote seems to have made it onto CNet as well, although if so, it's gone again by this morning. In his reply to Mook's email Allchin says that "we heard it was out there and when we went searching for it we couldn't find it". He claims that rather than him saying it was a press ruse, he'd said that "a person who had searched for it concluded it might be a press ruse, but I said that it didn't seem likely because the build number was so exact and we did make such a build. I said I just didn't know". In his earlier email to Allchin, Mook had admitted having received an unsolicited copy of Whistler build 2211.1 anonymously last week, and said he'd subsequently found it was "spread very widely across the net". Mook says he's agin this kind thing, and adds: "I will help do whatever you need me to do to assist in tracking down who is pirating this release." ® Related Story Code leak 'ships' Win2001 a year early See Also ActiveWin BetaNews
John Lettice, 24 Mar 2000
The Register breaking news

Who you gonna call? Scambusters!

The Office of Fair Trading has issued e-mail alerts to 100 potentially misleading Web sites offering "get rich quick scams", warning them that they could face prosecution. The scambusting clampdown was part of a co-ordinated sweep of the Net conducted by authorities in 27 countries and led by the US Federal Trade Commission. In all, consumer organisations around the globe identified 1600 sites during operation GetRichQuick.Con. Officials trawled the Net for three hours searching for bogus homeworking schemes, business and investment opportunities, lotteries, pyramid and multi-level marketing plans, money-making clubs and chain letters. John Bridgeman, DG of Fair Trading, said: "People should be wary of claims that large amounts of money can be earned for little or no effort in an extremely short timescale." "If something sounds too good to be true, then it probably is," he said. Officials will re-visit all 1600 sites in a month to see whether any improvements have been made. If not, consumer organisations will consider launching investigations, which could lead to prosecutions. This is the third time the OFT has taken part in a sweep of the Net looking for "dubious" sites. Last time, it looked at health sites offering misleading claims and miracle cures. It wouldn't say when it would target IT news sites... ahem. ®
Tim Richardson, 24 Mar 2000
The Register breaking news

Sneak thief steals state secrets in MI5 laptop

A careless M15 spy has lost top Government secrets after his laptop was pinched while he was buying a train ticket. The thief snatched the £2000 computer from between the agent's feet as he was rummaging in his pockets for change at Paddington station. The agent and two London bobbies gave chase through the crowded station, but the crook sprinted away and disappeared into Paddington's labyrinth of corridors. It is believed that the laptop, stolen on 4 March, is crammed with data crucial to the Northern Ireland peace process and other sensitive issues. A squad of 150 Special Branch and police are reported to be working round the clock to find the laptop, which belonged to a middle-ranking M15 officer. Last night a Government source said: "There is nothing in the laptop which threatens national security. "The information does relate to Northern Ireland. But it does not contain anything about possible IRA or breakaway terrorists' plans to resume bombing campaigns on the mainland if the peace process breaks down," today's Sun newspaper reported. A humiliated M15 insisted the material stored on the laptop was so well encrypted that it would be useless to whoever was in possession of it. But Mike Graves, European marketing manager for Internet security at Hewlett-Packard, told The Register that the information may not be as safe as the Government claims. "All encryption keys have a sell-by date. As long as the information is only sensitive for a short period of time, this is OK. But not for longer-term sensitive information," said Graves. "The time it takes to decrypt expires as computer power grows." The thief was believed to be an opportunist, not someone who targeted the bungling M15 agent, but the incident is yet another humiliation for Britain's undercover units. It comes at a time when M15 is struggling to stop former officer David Shayler from revealing sensitive information. And last year, M16 was unable to stop its former spy Richard Tomlinson splashing British agents' details over the Web.
Linda Harrison, 24 Mar 2000
The Register breaking news

Nvidia to bring volumetric rendering to X-Box, GeForce

Now Nvidia and Microsoft are the best of chums, thanks to X-Box, the 3D graphics specialist's technology is beginning to appear in DirectX, Microsoft's games-oriented API. The first contribution is Nvidia's Volume Texture Compression (VTC) format, which doesn't sound much but gives a very tasty hint about the direction Nvidia is taking the X-Box's graphics engine. The key word here is 'volume'. The latest generation of 3D engines - with one exception, Mitsubishi's VolumePro chip - form object models out of matrices of points. The network of points define a surface over which a texture can be wrapped. That's fine as it goes, and greater external detail can be added by upping the number of points that define the model. The trouble is, this approach provides no information about the space within the model. Real objects, after all, tend to be solid - current 3D models aren't. That's why many 3D games developers - most notably iD Software's John Carmack - reckon that the next level of sophistication 3D games can achieve is to work with volumetric rendering. Models are constructed from layers of 2D data, rather like the way a series of 2D brain scans can be stack up to form a 3D model of the organ. The idea here is that when you frag a guy in Quake IV, blowing him in two, you won't just get a mess of blood, you'll be able to see the dude's internal organs. You can also do clever stuff like removing a character's skin, muscles, organs, right down to the bone, without having to generate a separate 3D model and texture for each view. Gross, yes, but that's what the kiddies like these days. Clearly Nvidia's development efforts have been thinking along these lines. The trouble with volumetric data is that each layer in the model is a texture, and that can mean the entire Strogg Tank (or whatever) will take up a heck of a lot of RAM. Each texture slice can be compressed individually using established techniques, such as S3's S3TC scheme (already a part of DirectX) and 3dfx's open source FXT format, but that still requires mucho memory. Presumably VTC also includes some kind of stack compression - if a pile of layers are identical, you only need to store the layer once. The upshot of all this for the X-Box is that by basing its 3D engine around a volumetric rendering system, it should be able to display very detailed 3D models indeed, something that's key to delivering Bill Gates' promise of "better than PlayStation 2" graphics. The actual on-screen rendering of the volumetric data can be handled by a regular 3D graphics chip, such as Nvidia GeForce 256, which is how Mitsubishi's VolumePro products actually get the volumetric numbers they've crunched onto the system's monitor. VTC will ship later this year, though Nvidia hasn't given a specific date. Whether it will remain an 'X-Box only' technology remains to be seen, but it seems unlikely - why make such a big deal about its incorporating into DirectX, if that were the case? Besides Microsoft wants X-Box to play PC games better, it doesn't want X-Box replace the PC altogether, so it makes sense to get this kind of technology out into the desktop 3D world too. That suggests Nvidia next chip - or maybe the next-but-one - will support volumetric rendering. One more thing. One Tony Barkans, Microsoft's program manager for DirectDraw, said in a statement that VTC will bring "stunning 3D graphics to Internet users". Look beyond the hyperbole, and Barkans' comment suggests that Microsoft is also planning to incorporate a WildTangent-style 3D metaformat into DirectX. WildTangent allows complex 3D Web graphics to be described in a relatively simple way, the upshot being that the Web site can send 3D information to a browser without gobbling up bandwidth - a browser plug-in uses client-side DirectX-compatible hardware acceleration to do the rendering. Curiously, WildTangent (the company and the software it offers) is the brainchild of one Alex St.John who just so happens to be one of Microsoft's original DirectX development leads. Could Microsoft's DirectX equivalent be a licensed version of WildTangent? It's certainly plausible, but unlikely since it appears St.John's parting of the ways with the Beast of Redmond may not have been amicable. In any case, Microsoft once had a scheme of its own to do something similar. Called Chromeffects, it was announced with much fanfare in 1998 only to be canned less than a year later. Time for a reincarnation, perhaps? ® Related Stories Nvidia NV15 to clock to 200MHz Nvidia's Virtual AGP design Nvidia gets $200m X-Box injection X-Box unleashed: MS snubs PC OEMs, dumps AMD Athlon Will X-Box win (X) Windows Everywhere for MS? WildTangent to simplify DirectX game creation
Tony Smith, 24 Mar 2000
The Register breaking news

California woman dreaming of bricks for clicks

A Californian woman wants to swap her domain name for a new home because she can't afford to buy a house in Palo Alto. Ann Bradley, children's author and Web designer, placed a small ad in the Palo Alto Daily News offering to swap thiswiredhouse.com or etake-out.com for something compact and bijou. Although she has yet to receive a single nibble of interest for the swap, she been offered a job interview. According to Reuters, one bedroom apartments in this boom area can fetch as much $2000 a month in the rental market place. Well, Ann, there's a small tumbledown shed at the bottom of moi 'Ampshurr gaaarden you can have in exchange for both domains -- leasehold mind, not freehold (terms and conditions apply). Any good to ya? ®
Tim Richardson, 24 Mar 2000
The Register breaking news

EU chief slams US strong-arm phone tactics

In a strange reversal of the usual roles, European Union trade commissioner Pascal Lamy has lashed out at US strong-arm tactics in the Brazilian mobile phone market. With a population of 165 million Brazil is a huge prize for revenue-hungry telecoms manufacturers, but for whose telecoms manufacturers? Lamy says that the US is pressuring Brazil to license spectrum at 1.9GHz, which is of course where the US PCS companies operate. In Europe, on the other hand, 1.8GHz is one of the two places where the handsets currently hang out, so you can see how 1.9 would be handy for US companies wanting to sell into Brazil, while 1.8 would be better for European ones. Considering that the US is pretty much out on a limb with 1.9, it might make more sense for Brazil to go with Lamy on this, but there's the ticklish question of whose backyard Brazil counts as being in. And the one about whether the Monroe Doctrine still applies in these WTO days. Or indeed the one about whether Brazil actually ought to be anybody's back yard. ®
John Lettice, 24 Mar 2000
The Register breaking news

Virtual voyeurs watch DIY peep show

An enterprising British couple has saved £100,000 by decorating their bungalow live on the Web. DIY fanatics Paul and Louise Jones are pulling in around 32,000 hits every night from surfing voyeurs keen to watch them grouting and wallpapering their Dorset home. The two were quick to pick up on the advertising potential, and have gained sponsorship from more than 400 firms, including Dulux, Black & Decker and Laura Ashley. With their help, they have turned their £98,000 abode of three years ago into a £380,000 masterpiece. Perks the décor dabblers have received include: carpets worth £10,000; paint worth £6,000; and an £18,000 American-style wooden deck that surrounds the property. "The way it has snowballed over the past few months is unbelievable," said mum-of-four Louise. "We are offering something different from traditional TV decorating programmes. "It is an honest warts-and-all fly-on-the-wall documentary. If Paul hits his thumb with a hammer, there's no editing of what he says!" Their site, Internethomemakers.com, has been such a hit that the two have registered the ideas as their own company, Internet HomeMakers Ltd. They plan to continue the winning idea once the property is finished – they currently have Feng Shui experts perfecting the place – by buying another house in Dorset which they plan to change into a Spanish-style villa online. DIY freaks can watch paint dry at the Jones' between 5.30pm and 7.30pm every night here® Related stories Sex change op to be broadcast on the Web Planet support staff put themselves in the picture
Linda Harrison, 24 Mar 2000
The Register breaking news

Hacking credit cards is preposterously easy

Recent headlines exposing vast credit card heists from retail Web sites have prompted a media frenzy around issues of Internet security. Most recently, MSNBC broke the story of one semi-malicious hacker who gathered the details of nearly a half-million credit cards which he tauntingly stored on a US government computer. Meanwhile, a hacker named 'Curador' claimed to have gathered 23,000 credit card numbers, many of which he published on Web sites across the Net. And now The Register is here to tell you that the situation is a good deal worse than even the normally twitchy mainstream press imagine. Child's Play One computer enthusiast well known to The Register, who goes by the alias 'Ksoze' (as in Kayser Soze), shows particular contempt for the security of the popular CGI log-in forms which enable consumers to enter their credit details when making a purchase on line. These Perl scripts are ripe for exploitation -- the real low-hanging fruit of the IP jungle. Some of the worst on-line credit card payment processors, Ksoze says, are those that cater to sites with adult content, where credit fraud rates are so high that most billing service providers won't handle their accounts. ICVerify, a popular billing software product for online credit-card transactions marketed by Cybercash, was exploited for the 300,000-account score at CD Universe. Ksoze's pet hate is CCBill, a similar product. "I cracked over fifty passwords using their weak CGI recently. [An associate] got in [there as well] and found a lot of credit card numbers," Ksoze told us. It's all too easy: "Just hit 'update account' and you get the form as filled in by customers," he says. Much of the weakness comes from the site administrators, who often know little about Web security and must therefore rely on the product to protect their data and that of their customers. "Defaults are also a great inherent weakness," Ksoze says. "Site administrators don't care or don't understand, so they leave CGI scripts in default locations. It's quite dangerous." "CCBill are thieves, OK, but they're morons too," he said. "They supply a CGI script to their customers named ccbill-local.cgi by default. Site administrators need that CGI to add users, update accounts, and so on; but CCBill supplies the CGI chmoded as world-readable, in a world-readable directory! Aren't they totally lame?" Indeed, they must be. Such a setup requires no hacking skills whatever to exploit. No UNIX box, no knowledge of Internet architecture, no stealth except perhaps an http proxy. A Web browser and a modem are all anyone would need. The problem here is that smaller commercial Web sites lack the resources to hire a security specialist, and, being innocent, will most likely trust the company's default settings. Even worse, "the first CCBill local.cgi version allows anyone to add their own login pass file," Ksoze notes. This has been fixed in later versions; but even there, only a single wordlist is needed to crack an administrator's password to gain access. Combination passes, which take longer to crack, are not required. Ksoze is far from sympathetic. "The problem is, CCBill are morons, so they fuck whoever trusts them. I wonder....how can an experienced company supply a CGI which is world readable and which allows anyone to add any login to the pass file?" Industry Backpedaling We thought that a good question, so we asked. CCBill spokesman Craig Tant assured us that the company has one of the highest security ratings in the industry. If they were easy to hack, he says, they would have been already. Tant suggested that we arrange for Ksoze to attempt to penetrate the site, so that he could learn for himself how difficult it really is. We were arranging to introduce Tant and Ksoze on line, but first we e-mailed to CCBill security specialist and UNIX co-developer Peter Mountain an exploit which Ksoze had written to make hacking the company's admin CGI form a more convenient procedure. The Register hasn't heard from CCBill since. It would be unfair to single out CCBill as a unique example. The entire on-line retail industry is in denial of credit, privacy and other security threats. Consumer confidence in on-line shopping is very shaky, and merchants and their billing service providers face a dilemma: worrying in public risks unfairly stigmatising one company as less secure than another, while keeping silent about a threat which everyone suspects is bigger than reported compromises their credibility. Internet Fraud Prevention Advisory Council (IFPAC) co-founder Joe Barrett calls on-line losses to credit fraud the "dirty little secret" of the retail industry. Whereas the fraud rate in face-to-face credit card transactions is in the range of two or three tenths of one percent, the rate in on-line sales is in the range of one to two percent, in spite of the card issuers' constant insistence that the rates are roughly equivalent. A rate below one percent is considered good for a commercial Web site; the rate for adult Web sites is in the range of eight to twelve percent, Barrett told The Register. But the true losses are concealed from the public, he maintains, because even when a site or a billing service provider can claim a charge-back rate of only one percent, the number of sales declined in order to achieve such an exemplary record is high. "How much business are you willing to throw away?" Barrett asks rhetorically. "If you turn away five percent of revenues to keep your charge-back rate below one percent, are you really doing yourself any favours?" Managing Risk Numerous proposals for easing the on-line security problem are circulating. Government law-enforcement agencies are especially eager to take matters into their own heavy hands, but at a significant cost to civil liberties and national treasuries. Internet security firms pitch their own solutions, but the problem there is that very good security is very expensive security. Most small merchants simply can't afford the sophisticated security tactics that large corporations and banks use. The real solution to on-line fraud, Barrett says, is risk management, such as that which his company, Vitessa, offers. Such services enable merchants to select the level of fraud protection that makes the most business sense in their market. The trick is to configure the software to flag a sale as suspicious based on the actual needs of the individual merchant, and his likelihood of encountering fraudulent purchases. Vitessa partner HNC Software VP Allen Jost agrees. "Merchants need to manage fraud to a cost that makes business sense to them," he told The Register. There is no point spending more on fraud prevention than the potential losses would represent. "If fraud losses would cost you X, and it would cost Y prevent them, then you had better make sure that Y is less than X," he says. HNC has a fraud-detection service for small on-line merchants called e-HNC, which is modelled on its more expensive, corporate-oriented Falcon service. Merchants can buy into it at a per-transaction cost of only a few pennies, Jost said. The Web makes it extremely easy for fraudsters to make use of stolen credit data, where a card number, a name and an expiry date are all that's needed. But Jost says that the card numbers themselves are still gathered in the more traditional fashion, most often by a technique called skimming. A simple scanner, small enough to fit in a pocket or a waitress' apron, which can read and write to the cards' magnetic strips is readily available. The fraudster, presumably in a position to handle a card unobserved for a few seconds, swipes it through the scanner, which records all the necessary information, such as the card holder's name, address and account details. Later, the device can be used to write to the strips of out-dated or cancelled cards, converting them to working copies of the originals. Apparently, hackers, who seem able to gather hundreds of thousands of credit accounts with ease, are reluctant to misuse the data. We note that in the grand heist reported by MSNBC, none of the accounts was used. We note as well that in the CD Universe case, and in Curador's case, none of the cards appears to have been used either, though some of the data has been posted on the Web for months now. And the French whiz who cracked the smart cards also refrained from committing fraud with what he had learned. The hacking underground is generally motivated by curiosity and a desire for bragging rights, not larceny. But that could change. 'Market pressures' from organised crime syndicates may well corrupt enough skilled hackers to make them a potential threat in future, Jost predicts. At US $5 a pop, which seems to us a very reasonable cost to a criminal outfit, a hacker with a half-million card numbers could pocket a cool $2.5 million for a few hours' risky business. Hardly chump change, we must allow. ® Related Coverage Biggest online credit card heist leaked to MSNBC Chinese hackers turn to identity theft Credit card fraudsters cost Expedia $6 million French credit card hacker convicted Chinese Govt. loosely implicated in credit info heist Online store security holes let hackers buy at cut price Net credit card fraud pushes up crime figures Popular online billing software hacked Credit card details published on Web after hack attack
Thomas C Greene, 24 Mar 2000
The Register breaking news

Intel 0.18 micron Celerons to tip up next week

Intel is now expected to roll out high-end Celeron processors next week based on the Coppermine Pentium III core and including Screaming Sindie, multimedia extensions. We revealed the existence of these processors earlier on this year. But, like Celerons based on Pentium II technology, the cache on the processors is expected to be halved, as Intel starts to position the products against AMD Athlon offerings. AMD is taking extremely aggressive price action in the second quarter, according to sources close to the firm. But a representative at the company said no price cuts were expected in the near future. The first Celerons to appear will be 600MHz and 566MHz units, and other microprocessors based on the same technology are expected to follow shortly in April. No pricing details are available as yet for the parts to launch next week. For quite a long period of time over the last 18 months, savvy end users, rather than paying through the nose for Pentium IIs, preferred to buy the extremely cheap Celerons, which, even though they only had 128KB cache, showed little performance loss over their far more expensive 512KB counterparts. (As a reader points out, thank you, the small speed difference was due to the fact that the Pentium's 512KB cache ran at half the clockspeed of the Celeron's 128KB cache. He said he is looking forward to a whole new era of overclocking...) The same may well be true for the Celeron/Coppermine combination, and although Intel has a sound track record in positioning its microprocessors in the low-end market and beating down AMD prices, this time the fight is somewhat different. There is also a question mark over whether Intel will have similar availability problems with Celerons as it did, and still does, with Pentium IIIs using Coppermine .18µ process technology. The company is expected to follow the introduction of the two Celerons next week with two further chips at 633MHz and 666MHz, echoing its Pentium III strategy. Intel's Celeron roadmap, in any case, will change later this year when it positions its system-on-a-chip - Timna option - into the low end market. The profusion of different processors during the first quarter of this year, coupled with different chipsets, and associated with the move from Slot One to flip chip packaging, makes for a rich mix which, if you'll excuse us too, is pretty hard to follow, particularly as Intel will change its plans at a drop of a hat. ® Register Stories Intel's Boxed Desktop roadmap revealed AMD prices set to kybosh Intel's 0.18 micron Celeron plans Intel positions Celeron against Athlon Intel's Celeron pricing to June Intel's Y2K roadmap for desktops, mobiles, servers Yu rips open Willamette kimono
Mike Magee, 24 Mar 2000
The Register breaking news

K I L L K I L L K I L L – Baan Company

Press release headline of the year (so far) has to go to those whacky creatives at Dutch software outfit Baan. Yesterday at 5:00 pm, Eastern Time, the company issued the rather plodding PR: "Baan Company Announces Changes to its Supervisory Board". Ninety one minutes later it issued: "K I L L K I L L K I L L -- Baan Company". Was this an instruction to try and assassinate the company -- or just an open instruction from Baan to anyone who might be listening to run amok willy-nilly? The dull original company statement simply referred to the resignation of board member due to health reasons. Now, what's happening at Baan sounds altogether more gratuitous and stimulating. We watch with interest to see what happens...but suggest you sleep with one eye open tonight. ®
Tim Richardson, 24 Mar 2000
The Register breaking news

Hewitt declares war on ‘devastating’ hackers

The government has earmarked £15 million to fight Web hackers. E-Commerce Minister Patricia Hewitt today unveiled the Computational Immunology for Fraud Detection (CIFD) project, part of the DTI's Management of Information (MI) programme. Details of how the scheme will stop hackers doing their worst are hazy, but funding for the scheme is expected to come from both public and private sectors. The DTI will plough in £4.5 million, with £3.3 million coming from two research councils -- the Engineering and Physical Sciences Research Council (EPSRC) and Economic and Social Research Council (ESRC). Companies are also expected to participate in the scheme, and to cough up the rest of the cash. "We have recently seen to devastating effect how hackers can penetrate and disrupt services offered on the internet. Projects I have approved today will help us combat these internet criminals," said Hewitt. The MI programme is a 3-year venture designed to stop e-commerce fraud.® Related stories Govt e-commerce policy a shambles Hacking credit cards is preposterously easy FBI Web site hacked
Linda Harrison, 24 Mar 2000