7th > December > 2000 Archive

Hospital records hacked hard

A sophisticated hacker took command of large portions of the University of Washington Medical Centre's internal network earlier this year and downloaded computerized admissions records for four thousand heart patients, SecurityFocus has learned. The intrusions began in June, and continued until at least mid-July, before network administrators at the Seattle teaching hospital detected the hacker and cut him off. The medical centre was reportedly unaware that patient records were downloaded, and elected not to notify law enforcement agencies of the intrusions. "It's a story of great incompetence," said the hacker, a 25-year-old Dutch man who calls himself 'Kane'. "All the data taken from these computers was taken over the Internet. All the machines were exposed without any firewalls of any kind." SecurityFocus reviewed portions of the databases the hacker downloaded. One file catalogues the names, addresses, birth dates, Social Security numbers, heights and weights of over four thousand cardiology patients, along with each medical procedure they underwent. Another file provides similar information on seven hundred physical rehabilitation patients. A third file chronicles every admission, discharge and transfer within the hospital during a five-month period. "I can say we're investigating an incident," said hospital spokesperson Walter Neary. "We are taking it very seriously." In a telephone interview, Kane said he did not tamper with any hospital data, and described his forays into the hospital's network as a renegade public service aimed at exposing the poor security surrounding medical information. A self-described computer security consultant by trade, the hacker's illicit investigation was inspired by a conversation with a colleague, in which they wondered aloud about how well highly sensitive computers were protected. "The conversation came around to medical data, which is sensitive indeed, and I thought I'd have a look around," said Kane. The hacker said his quest also led him to crack a university medical centre in New York, and one in Holland, but neither of those penetrations gave him significant access. David Dittrich, a well-known security guru and a senior security engineer at the University of Washington, helped the hospital's computer staff evaluate the incident at the time. Dittrich agreed that the intruder's motives appeared to differ from those of the common cyber vandals and Web taggers he confronts daily. "There are much less frequent intrusions where they will be very up-front about what they know, to try and scare people into doing something about the problem," said Dittrich. "This particular incident was more along those lines." The incident highlights the unique vulnerability of university hospitals, which tend to adopt the generally relaxed security posture of academia. "Private hospitals in general don't have an Internet presence, except for a Web page," says Kane. "But universities are traditionally insecure, and they use the same methodologies for their medical centres." A University of Washington Medical Centre IT worker, speaking on condition of anonymity, agreed with the hacker's evaluation, and said there continues to be little support within the centre and the university for erecting firewalls between the hospital and the Internet -- even after the intrusions. The worker said that with more effort, an intruder could have gained access to even more sensitive data. Although the hospital deployed personal firewalls after the incident, the worker painted a bleak picture of the hospital's state of network security. "I'm confident that it hasn't happened since then," said the worker. "But that it couldn't happen again? No." Dittrich acknowledged that the university, including the medical centre, has no perimeter firewall, but added that he didn't believe a firewall would fix the problem. The sheer size and complexity of the medical centre, and the rapid rate at which it embraces new technology, makes it vulnerable. "You can get to a point where you're almost too big too survive," Dittrich said. The hacker gained initial access through a Linux system in the hospital's pathology department. That system was running the client side of a remote administration tool called VNS, which allowed him access to a Windows NT box. From there he exploited file shares and remote administration relationships and used Trojan horses to expand his access throughout the network. According to Kane, some of the backdoors installed in the network remained in place, undetected, until September -- long after administrators thought they had evicted him. "If I've been in over this period of time, how many other people have done it?," asked the hacker. The University of Washington Medical Centre was ranked thirteenth in the nation by US News & World Reports' annual list of America's finest hospitals. © 2000 SecurityFocus.com. All rights reserved.
Kevin Poulsen, 07 Dec 2000
SGI logo hardware close-up

UK telecoms some of the cheapest in Europe

Consumers should stop whinging about the cost of phone services in the UK and be grateful for what's been achieved, according to the latest report from the telecoms regulator. Oftel has just completed an international benchmarking study that compares the UK to France, Germany, Italy, Sweden, and the US states of Ohio and California. The study found that UK consumers benefit from some of the lowest prices in Europe. It also compares well with the US, often cited as one of the most competitive market places. According to the winged watchdog: The UK continues to have the lowest prices for residential off-peak and peak metered Internet access. Only California has cheaper residential unmetered Internet access for residential customers. The UK has the cheapest unmetered Internet access for businesses in Europe. However, for metered business Internet access, the UK is the second most expensive of the countries considered. Only Germany has significantly lower prices than the UK for mobile services, which is largely attributable to bigger handset subsidies in Germany. Puffed with pride at such good news, David Edmonds, head of Oftel, said: "This survey shows that UK consumers continue to get some of the best deals for Internet access and mobile telephony. Compared to many other countries, UK prices are low, and continue to fall. "The availability and price of unmetered Internet access in the UK is much better than the UK's major European competitors. "The range of choices for Internet access has grown and UK consumers now pay roughly the same as, or less than, those in the US states for unmetered Internet access. "Prices of mobile phone packages have continued to fall and UK consumers continue to get some of the cheapest deals available," he said. Despite such splendid news, David refuses to rest on his laurels. He's pledged to continue to improve services so that customers get a better deal in the future. What a guy. ® Related Link International benchmarking study of mobile services and dial-up PSTN Internet access
Tim Richardson, 07 Dec 2000

Lucent's Inferno does a Java

The Inferno OS has parked a heavily-armoured tricycle on Sun's lawn. Lucent spin-off Vita Nuova, which also markets the Plan 9 system, has made an Inferno plug-in for Microsoft's Internet Explorer to run downloadable code. Vita Nuova has also made some sample Inferno plug-ins available, including the Tetris game, as you can see in this screenshot. Inferno applications are written using the simple Limbo language: which is refreshingly like C, but depressingly like Pascal. The plug-in itself weighs in at 700KB. Inferno was developed by a team including Unix co-creator Ken Thompson and co-author of the C language, Dennis Ritchie. Licensees can modify code and distribute code to other licensees. Academic subscriptions start at $100. On a related note, there's a short but very pithy, and very sweet interview with Dennis Ritchie over at LinuxWorld. He gives his opinion on the first revision the C language spec for ten years: "Of the new things, restricted pointers probably are a help; variadic macros and bool are just adornment... I'm less ecstatic about the C99 standard, but don't denounce it. They did a pretty good job; C does have to evolve," he says. He and Kernighan haven't comitted themselves to updating the famous C 'White Book' just yet. ® Related Link Read more here
Andrew Orlowski, 07 Dec 2000

Time sues IBM for £3m

Time Computers is suing IBM for £3 million in the New York State Supreme Court. Which could be handy as it is supposed to be in urgent refinancing talks with its bankers, HSBC. Time is alleging that IBM committed fraud and sold it memory chips IBM knew to be defective back in 1994. The summons was served on IBM in the US last week. According to the Observer, IBM UK has also been hit with a separate £3m suit in respect of the same components by another UK computer assembler, Adex International. In July, Time settled a £13 million compensation claim with IBM UK over the same issue. Time is currently suffering from falling PC prices and lower than expected Xmas demand for PCs. This, combined with the company's own headlong expansion, have forced it to change its forecasts and business plans. And seek the urgent refinancing talks. ® Related Link The Observer story Related Stories IBM pays off Time High time for Time Computers Time Computers in 'urgent refinancing talks'
Robert Blincoe, 07 Dec 2000

HP confident of double-digit growth in 2001

Hewlett-Packard CEO Carly Fiorina yesterday ruled out bonuses for senior executives - including herself - for the second half of the company's just-completed fiscal year. The scheme follows disappointing fourth quarter and fiscal 2000 results for the year and the three-month period which both came to a close at the end of October. Fiorina's 'we're taking responsibility for our actions' move was announced at the company's bi-annual investors and analysts conference. At the same time, she said the company was on track to see 15-17 per cent revenue growth through fiscal 2001, despite the downturn in PC sales that has hit HP, Dell, Gateway and Apple, to name but four. That said, she warned that the current quarter will see growth at the bottom end of that range. HP's most recent results - they were off earlier projections by around 20 per cent - and the failed takeover of PriceWaterhouseCoopers' IT consultancy wing prompted mutterings that Fiorina may not be quite the saviour she was portrayed as after taking the helm last year from Lew Platt. "It is a multiyear process," she told the conference audience. "I don't think anyone at HP believed we could take on substantial and systemic change... and have it over and done with in 12 months." Actually, they did, but refusing her bonus is a way of deflecting such criticism by showing she has a deeper stake in the company's future performance. Analysts and investors love this kind of thing. Fiorina was confident of success this year. "This is the year when the heavy lifting starts to pay off," she said. While the PC market remians depressed, HP hopes to give Sun and run for its money in the high-end server space - expect 20 per cent growth here, Fiorina said. She also anticipated 42 per cent growth in notebook PC sales and a 26 per cent jump in sales of PDAs. ® Related Stories HP says US PC sales worse than expected HP grows sales but misses earnings targets HP walkout threat to PwC
Tony Smith, 07 Dec 2000
DVD it in many colours

Telewest's blueyonder under strain

UK cable operator Telewest has admitted that networking issues and insufficient capacity are behind the poor performance of some aspects of its broadband service, blueyonder. Under pressure from network gamers, one of whom alerted The Register to the issue that has affected users for almost a month, Telewest has issued a statement to subscribers. This statement lays out the extent of the problems and promises a program of upgrades to fix the problem. In the statement, Gary Jennings, of the Internet Operations division of blueyonder, said: "We are currently experiencing various issues with packet loss. This is affecting some aspects of the overall service, in particular it is affecting UDP [User Datagram Protocol] based applications such as gaming and real-time chat when the traffic to these services is passing through the areas affected." Telewest spokesperson, Rachel Turner, said that it working hard to fix the problems, which she admitted were effecting some aspects of the service. "We've identified issues which may mean that users experience some temporary interruption or slow down in speed. Telewest is working hard to resolve these issues," said Turner. The worst affected by the problems are gamers, particularly in Croydon, where the presence of Telewest's news peering hub is putting a heavy load on network resources, but networking problems are affecting Telewest at a range of sites. At the London Internet Exchange (LINX) packet loss at peak times is impacting service delivery. To address the issue Telewest is planning to upgrade from a 155Mbps to Gigabit link. It is also planning to upgrade its existing router on Friday. Similar problems are effecting Telewest in the US and the telco has pledged to upgrade its equipment and increase the speed of links at switching centre Mae East before Christmas. Meanwhile at Telewest's Woking base its news server is dropping packet due to the heavy load the news service is placing on its core router. To ease the load Telewest aims to move its news server from both Woking and LINX before Christmas. blueyonder costs £33 per month and provides always on-access to the Internet through a cable modem at around 500Kbps. The service, which also experience 'teething troubles' when it was introduced in April, and there have been complaints about long waiting times for the service. ® Related Stories Telewest cuts cost of broadband Net access Cableco cuts cable Blueyonder suffers curse of free ISPs
John Leyden, 07 Dec 2000
Cat 5 cable

US Govt backs Iridium relaunch

Iridium Satellite, the company that last month bought the remains of failed cellphone company Iridium's satellite and groundstation network for a piffling $25 million, has won the backing of the US Defense Department. IS' bargain-basement acquisition of Iridium's assets was conditional on winning key government contracts originally held by the collapsed comms company. Yesterday, the Defense Department said it would indeed pick up its original contract and re-sign with IS. The Defense Department's spin meisters nicely tied in the announcement of the IS deal with last week's crash and burn of an old, long-malfunctioning Iridium satellite in the Earth's atmosphere above the Arctic. The Department spokesman told Reuters that the organisation was striking the deal to prevent "widespread anxiety" over Iridium's 70-odd satellites plummeting to Earth. So there you have it: the deal is nothing to do with providing the US military and spooks with an advanced communications facility, it's all about preventing the public panicking over Deep Impact and Armageddon doom scenarios. Yeah, right... The Pentagon is, of course, simply maintaining a communications network it's been operating since Iridium went live. It already has around 1600 Iridium handsets. And for a deal that's about soothing public fears, the Defense Department contract is remarkably brief: it covers just three months, though a DD spokesman said it was likely to be maintained after that trial period, probably for two years at least. Initially, the Defense Department will pay IS $3 million each month. ® Related Stories Iridium satellite crashes over Arctic Iridium back from the dead
Tony Smith, 07 Dec 2000

Encryption tears holes in RIP

A group of cryptographers think they have found a way to defeat the RIP Act, by making it impossible to hand over the keys to encrypted information. The section of the act that has caused so much controversy in the UK gives the government the right to the plain text of, or key to, enciphered information. However, if a person has used an ephemeral key, they never know what the key is and so cannot pass it on to a third-party, and it is this vulnerability that the group wishes to exploit. They state that their aim is "to defeat RIP Act Part3 and make it look silly, and to allow UK citizens to communicate and to store information without worrying about it. We are doing this so people can be private elsewhere than in our heads. We object to the idea that people should not be allowed to seek privacy from governments." Lead by mathematician Peter Fairbrother, M-o-o-t is an amalgamation of encryption specialists and civil liberties campaigners, of whom most have chosen to remain anonymous. They aim to have software ready to ship by June 2001, in time for the "activation" of the RIP Act. The group plans to ship M-o-o-t on CD. It is an alternative operating system that doesn't use local storage. That way, the group says, if your computer is seized by police, there will be nothing for them to find. Fairbrother, quoted in IT paper Computer Weakly, said: "It is technically impossible to have an effective law, because of the state of cryptography. RIP says you have to give a key but you can use an ephemeral key - where you never knew what the key was." He went on: "The thing that amazes me is that the Government is putting in laws that a simple hobby cryptographer can overcome." ® Related Link The group has posted its work-to-date online for peer review and discussion. Check it out and let us know what you make of it.
Lucy Sherriff, 07 Dec 2000

MacOS X 1.0 to launch 24 February

Apple has set 24 February as the official launch date for its next-generation operating system, MacOS X, according to company sources speaking to ZDNet US. The final version of the OS will be unveiled during CEO Steve Jobs' keynote at MacWorld Expo Tokyo, and followed by a "massive" ad campaign, the sources said. Many Mac users were expecting Jobs' speech at MacWorld Expo San Francisco, which will take place in the first week of January, to mark the launch of MacOS X - exactly a year after the OS' introduction to the public. Instead, Apple will officially announce the date of the official announcement. If you see what we mean... Rumours have been doing the rounds of late that Apple will ship an update to the currently available Public Beta version of the OS. ZDNet US' sources said the MacOS X is now "feature complete" and all that's left is bug fixing and optimisation. That suggests that the OS will ship around the time of its launch, though the sources don't actually say MacOS X 1.0 will be available at launch. If it does ship, then the OS will be made available ahead of expectations. When the release of the Public Beta slipped from early summer to September - just scraping in ahead of the very broad deadline Apple had officially announced - it emerged through company sources that the final release was unlikely to appear before March 2001, which is pretty damn close to the 24 February launch window. Apple is banking on MacOS X to revive high-end Mac sales, depressed by both a lack of software to take advantage of their multiple processors and the fact that the fastest PowerPC 7400 CPU still only clocks at 500MHz. Company CFO Fred Anderson noted this week that Apple's poor Q1 2001 sales are in part due to professional and power users hanging fire on hardware upgrades until they can see MacOS X running on it. The fact that Apple also announces upgrades in January after the end of the quarter doesn't help either, we'd submit. Between three months and a year after the launch of MacOS X 1.0, Apple will release a major update, codenamed 'Orient', the ZDNet US sources said. ® Related Stories Apple to fall into the red with $225m loss Give us MacOS X or give us death, Intel users demand Apple ships MacOS X public beta for $30
Tony Smith, 07 Dec 2000

Infogrames buys Hasbro

Infogrames has bought a chunk of legendary games company Hasbro for $100 million and gets exclusive rights to all its games in all formats for the next 20 years. A cracking deal because we are talking about all Microprose games, all Atari games and all the board games. Still not impressed? Think Civilization, think Missile Command, think Risk, Monopoly, Scrabble, Mr Potato Head, Action Man, think Pong for chrissakes. Is all this really only worth $100 million when loss-making, poor-service portal Freeserve went for £1.6 billion yesterday? It's a mad world. And what's worse is that Infogrames only really paid $5 million because the rest of it was paid in bloody shares. In the grand days of games such as these, companies were worth money and not many could be swallowed because no one could get enough cash together. It's a sad indication of the modern world that Hasbro can be bought. Anyway, back to the news. For some reason this has been called a "strategic agreement", which of course means nothing. And it comes in three bite-sized chunks. One, the purchase of Hasbro Interactive. Two, a long-term licensing deal for all the games in all formats, plus any new ones. And three, the acquisition of the Games.com Web site. Hasbro will get an annual fee from Infogrames based on sales generated from the licensing agreement. The deal isn't done and dusted, it needs shareholder approval and all that, so there still is time to save Hasbro. But it doesn't want saving, or so says its CEO Alan Hassenfield in a load of management gibberish: "This arrangement with Infogrames is a very positive one for Hasbro on many different levels. First, we have aligned ourselves with a premier player in the interactive arena. Second, this strategic agreement with Infogrames meshes with our strategy of reducing costs as we focus on consistently delivering profits going forward. Third, this arrangement will provide a continuing revenue stream." This is not the kind of talk we want from a man with his finger on the Pong button. We want someone who will stick it to the suits and justify Hasbro's proud heritage - we've got more than money invested in Hasbro, we've got emotion in it, dammit. ®
Kieren McCarthy, 07 Dec 2000

AltaVista Inc loses another CEO

AltaVista Inc is looking for yet another CEO after Ken Barber announced he will retire at the end of the year, according to AFX News. Barber was AltaVista's CFO and acting CEO of the search engine-cum-failed ISP. He took charge of the company following Rod Schrock's sudden departure in October. Schrock left to "spend more time with his family" - a euphemism that means he was sacked. AltaVista always maintained Shrock's departure had absolutely nothing to do with the failed launch of an ISP in Britain earlier this year. Yesterday, The Register reported that AltaVista will ditch its subscription free ISP in the US on Sunday. It's our guess that Barber's departure has nothing to do with that either. ® Related Stories Schrock Shlock Shock: AltaVista CEO resigns AltaVista cans free Net access in US
Tim Richardson, 07 Dec 2000

UK's randiest rodent pops up on Net

Sooty the superstud guinea pig has been given his own Web page to keep up with public interest. You may not know what the hell we're talking about, so read on. It was a cracker tabloid story - Welsh guinea pig Sooty managed to squeeze out of his cage and make it into the female area. Then, in one night, he managed to get his way around all 24 females in the pen and made every one pregnant. He was found fast asleep in the corner the next morning and continued to sleep for two days straight. Ten weeks later, there were another 43 Sooties. Now that's class. Of course, it's all got a bit publicity stupid since then and Peter Stringfellow got Sooty down to his club to promote some strippers, amongst other daft events. And now the Web site, which, unfortunately, is rubbish. A few pics of Sooty, some terrible copy with loads of exclamation marks and that's it. But then it is the small site of a little farm in Wales, so we won't be too nasty. If you still want to have a look though, go here. Related Link Sooty's site
Kieren McCarthy, 07 Dec 2000

Global PC sales to grow 20% in Q4

Europe and the US might be suffering, but the global PC market is looking very healthy indeed. New research from IDC suggests that worldwide shipments will reach 40.15 million units in Q4 - growth of nearly 20 per cent on last year. Although demand for PCs is slowing stateside and Q4 consumer spending is not expected to be as strong as in Q3, researchers said that the introduction of Windows 2000 had sparked the beginning of a recovery in the commercial market. PCs bought in 1997 and 1998 for Y2K compliance reaching the end of their life cycle would fuel this gradual pickup. In Western Europe the commercial sector was responsible for the industry's woes. Business investment was slower than expected in the second half of this year. Predictions for Q4 were duly trimmed from 19 per cent growth to just over 15 per cent. The numbers were similar to those for the US where the shipments are expected to gain 15.8 per cent. Loren Loverde, director of IDC's Worldwide PC Tracker program, commented: "PCs remain the dominant means of accessing the Internet, and a lot of people out there are still buying PCs to get online." The global market is primarily driven from the Asia-Pacific region, the researchers said. Year on year growth in the region (excluding Japan) stood at 42.7 per cent - a high figure in itself, but beating analysts' predictions by 6.5 per cent. Forecasts for Q4 have been revised to 33.4 per cent year on year growth. Dell tops the vendor tables with nearly 20 per cent market share but Compaq was close behind with 17 per cent. The rest of the top five goes HP, Gateway and IBM. Between them these five account for more than 60 per cent of the market. ® Related Stories High time for Time Computers Gateway in PC price war gloom HP says US PC sales worse than expected
Lucy Sherriff, 07 Dec 2000

Freeserve deal provokes little enthusiasm

Despite the significance of yesterday's announcement concerning the sale of Freeserve to French outfit, Wanadoo, the deal has received a lukewarm reception from commentators and investors alike. Which begs the question: who got the best deal? Has Dixons slipped Wanadoo top merchandise at a knockdown price - or is Dixons well shot of Freeserve? Or, to put it another way, did Dixons hand France Telecom the crown jewels of Britain's Internet industry - or did it give 'em a knackered old beast infected with BSE? Well, shares in Freeserve and Dixons both fell yesterday on the news, which suggests that investors aren't that fussed. The Express ran the headline today "Freeserve gloom as it falls to French" - which kinda says it all. Peter Misek, a senior analyst at Chase H&Q, is widely quoted in many of the papers as saying that the £1.65 billion valuation of Freeserve and the meagre premium was "disappointing". He did concede that the deal made strategic sense. In its assessment, the FT maintains that Freeserve "could not afford for the deal to fall through, especially after the collapse of its talks with T-Online." The Gurdian quotes Robin Hutchings, analyst at West LB, who said: "At the end of the day this deal is about exchanging poor quality paper for slightly less poor quality paper." So what do you think? Has France Telecom been handed the Crown jewels or mad cow disease? You decide. Check out the Register Forum to voice your opinion. ® Related Links The real story behind the Freeserve Wanadoo deal Freeserve and Wanadoo get hitched
Tim Richardson, 07 Dec 2000

ISP builds own power plant

Leading disaster recovery specialist turned ISP Guardian iT has announced it will build its own power plant in London to bypass the city's power problems. The 24MW plant will be built next to the group's planned data storage centre near Heathrow airport, reports the FT. The new market of huge data storage centres due to the Internet growth has caused a huge increase in demand for electricity, particularly in London. Unlike California - which suffered blackouts and electricity restrictions - London is still working fine, but Guardian iT has obviously decided to follow the US suit and build a power plant before it has to. Also, since the group is spending about £20 million on the centre, the power plant is a good insurance policy - although it will actually cost more - around £25 million. It will be gas fired and run by PowerGen. Guardian iT's poor interim profits were blamed on the cost of entering the IT market. Incidentally, we couldn't help but notice that the FT's article was written by the same journalist that predicted the failure of London's power network in July, but then backtracked when the National Grid got shirty. Were we wrong to have a go? Was he right after all? Time will tell. ® Related Stories How to save your ass. By the FT FT's Net scaremongering denounced
Kieren McCarthy, 07 Dec 2000

Missing laptop causes US State Dept shake-up

The US State Department's Assistant Secretary for Intelligence, Stapleton Roy, resigned his post this week after US Secretary of State Madeleine Albright suspended three staffers over a lost-laptop fiasco in which sensitive information went missing from Department Headquarters in Washington nearly a year ago. Albright went over the top this week by suspending Roy's deputy, Donald Keyser, for thirty days without pay over the incident. This, apparently, was too much for Keyser's boss and friend, Roy, to endure. Back in March the Iron Lady had vowed that heads would roll when the incident first became public. She immediately took steps to shift security responsibilities from Roy's intelligence division to the security division, which sounds like the sort of crew that ought to have been in charge of it in the first place. "The secretary of state decided to pursue her crusade against what she deems to be weak security inside the State Department," former US Ambassador to Pakistan Robert Oakley is quoted by the Washington Post as saying. "Roy says it is unjustified and said, 'If you've lost confidence in my deputy, then you've lost confidence in me.'" The resignation is of course entirely symbolic, as Roy is scheduled to retire in January, and Albright (perhaps to the relief of the rest of the world) is on her way out the door as well. ®
Thomas C Greene, 07 Dec 2000

Bull scores Itanium server architecture from NEC

NEC has signed a deal with Bull to provide it with a high-end platform based on Intel's Itanium architecture. Bull will integrate NEC's 16-way hardware platform (code named AzusA) platform, which features an NEC developed chip set, with the AIX 5L operating system and market it worldwide as part of its range of enterprise servers. This OEM agreement will allow Bull to expand its portfolio with new Itanium based servers, running AIX 5L, 64-bit Windows 2000, and 64-bit Linux. For NEC the deal allows it to extend the distribution of its technology. Earlier this year Bull became the first vendor to have successfully ported and run AIX5L on a 16-way Itanium-based platform. ® Related Stories Bull splits to tackle poor sales IBM preps Itanium workstation
John Leyden, 07 Dec 2000

VIA up, Creative down

Chip designer VIA Technologies had net sales for November 2000 of US$89 million, up almost 32 per cent on the same period in 1999. Sales from January to November 2000 of $938 million were 193 per cent up over the same period last year. But Creative Technology shares fell 4.3 per cent following analyst downgrades. The sound card behemoth was hit on concerns over weak Christmas sales after computer makers cut revenue forecasts. Creative has cancelled orders to component makers, according to HSBC Securities in Singapore. HSBC's Victor Lim cut his recommendation to 'reduce' from 'hold'. "Creative has made component order cancellations across the board," said Lye. "The slowdown in PC demand has been a major negative." Creative's forecasts of Q4 sales of between $440 million and $460 million, five per cent up on the previous year, are no longer achievable, added Lye. ®
Andrew Thomas, 07 Dec 2000

Fujitsu pumps out lower power app specific memory

Fujitsu has introduced its latest application specific memory (ASM) - a second generation 16Mb RAM. The company blurb says it has lower power requirements than previous generations, drawing as little as 70 microamps of current, and has been designed for next generation mobile phone applications. The poetically-named MB82D01-171A is based on Fujitsu's Fast-Cycle RAM (FCRAM) architecture that was originally introduced at 1998 VLSI symposium. The new ASMs are designed to complement the Flash memory products already available for the mobile communications market, including the next generation and W-CDMA cellular phones and PDAs Fujitsu's European spokesman, Manfred Mettendorff, said that the new ASMs would be available both as discrete devices and as multi-chip packages integrated with Flash. Samples will be available in February 2001 with prices starting at $30 per unit. ®
Lucy Sherriff, 07 Dec 2000

IBM resurrects 1970s memory technology

IBM and Infineon are jointly to develop a memory technology dating from the 1970s that could significantly increase the battery life of portable computing devices and help the spread of 'instant-on' PCs. Magnetic Random Access Memory (MRAM) uses magnetic charges to store data and the two companies claim commercial products could appear by 2004. MRAM is non-volatile, faster and uses less power than standard memory, it is claimed. IBM developed a technology called the magnetic tunnel junction back in 1974, eventually adapting it for use in data storage and built a prototype MRAM chip in 1998. About 80 IBM and Infineon engineers will work on the project at IBM labs across the US. ®
Andrew Thomas, 07 Dec 2000

AOL 6.0 security questioned

The annoyingly buggy AOL 6.0, carefully engineered to redeem its hopelessly buggy 5.0 predecessor, brings up a few spyware-esque security issues, according to WinMag.com columnist Fred Langa who actually went so far as to install it (talk about journalistic sacrifice). "About a year ago, I tried AOL 5.0 when it was new. But I ended up reformatting my hard drive after the AOL software made myriad clumsy, undesirable and irrevocable changes to my system," Langa reports in a recent column. AOL's latest newbie trap seems to offer better, if not actually good, stability, but installs something like eleven superfluous networking protocols, among them what Langa characterises as a "dangerous" Virtual Private Networking (VPN) set-up. "Dial-Up Adapter #2 also gets TCP/IP but in that case 'file and print sharing' is enabled - a potentially huge security hole. Worse, AOL binds IPX to that adapter, creating a potentially dangerous cross-link between the normally internal LAN protocols and the normally external Internet protocols," he says. This is no understatement. Unless a user knows what he's doing - and AOL clients rarely fall into that category - file and print sharing is the easiest of all security holes for malicious third parties to exploit. Indeed, there's little we can think of that could make one's box less secure on the Net. So what's up with that? Does AOL want access to users' files for some diabolical purpose? Langa doesn't think so. Grotesque technical incompetence, not malevolence, strike him as the chief operator here. "I was able to get AOL to run after modifying the VPN components to improve their security." he reports. "For example, I unbound IPX from the second Dial-Up Adapter; and likewise disabled print and file sharing for that adapter. AOL6 ran without complaint, which suggests that AOL's default VPN settings are probably incorrect." Unfortunately, 6.0 wouldn't run with the VPN set-up disabled, so we can assume that AOL definitely wants it there, whether the user does or not. The problem is that the company attracts precisely the sort of newbie user who's unlikely to know that file and print sharing is a suicidal option and to have less than a clue as to how to muck about successfully with network settings. AOL, we're disappointed to report, was unable or unwilling to return our call by press time and explain the rationale behind this apparent security faux pas. We'll be delighted to update the story if and when they do. ® Related Story AOL 6.0 gets user flak
Thomas C Greene, 07 Dec 2000

Napster steals the brains of Senate Committee chief counsel

Napster has stolen the brains of a chief counsel to the US Senate Judiciary Committee to help with its policy strategy. Manus Cooney is to ditch his job as key policy and political advisor to committee chairman Senator Orrin Hatch, of Utah, to join the online file-swapping service next month. Cooney will get to represent Napster before Congress in his new role of Napster VP for corporate and policy development. He will be responsible for setting strategy on legislative policy issues affecting the California company, its 44 million users, and its artists, and for doling out advice on licensing and deals with other companies both in and outside the US, Reuters reports. The coup follows German group Bertelsmann's shock decision in October to break ranks with rival music giants and drop its lawsuit against Napster. The two are currently deciding how the company can come up with a paid-for service. The remaining music companies are still ploughing ahead with the legal battle. "Manus Cooney joining our team ensures that Napster's more than 44 million users will be well represented in the coming critical policy debates over how to best grow and share the benefits of new technologies," said Napster CEO Hank Barry. Cooney is no stranger to Napster - he was involved in Committee hearings such as "The Noise Over Napster" through his work with Sen. Hatch, and has worked on a batch of intellectual property law-related issues. ® Related Stories Senator Hatch's Napster Epiphany Napster makes sweet music with Bertelsmann Top Bertelsmann brass resign Napster told to say 'Sorry, Metallica' We can make Napster pay - Bertelsmann BMG to bring music downloads to Europe
Linda Harrison, 07 Dec 2000

Internet neighbourhood watch set up

A site has been created that will allow network administrators or tech-savvy users to exchange information on crackers who are trying to break into other people's computers. It is hoped the site Dshief.org, which provides a free service that allows users of firewalls to share information, will act as a kind of neighbourhood watch for the Net by identifying the Internet's more shady and disreputable characters. Anyone who has placed a personal firewall on their home PC will know how often their computers are probed - without any help, users might come to feel besieged by crackers and script kiddies. A very small percentage of computers might be vulnerable to a particular exploit, but by scanning many PCs, attackers can find a host of machines that are poorly configured or are open to the exploit of a particular flaw. The current vogue for crackers to place software on a victim's machine in order to turn them into zombie agents from which denial of service attacks can be mounted, is only making matters worse. Several of the denial-of-service attacks that crippled major Internet sites in February, including eBay and Yahoo, were found to have been launched from the compromised machines of home users or academic institutions. However users often find that reporting incidents of attempted hacking to ISPs is met by a wall of silence, and little gets done about the problem. Tired of feeling powerless, webmaster Johannes Ullrich created Dshield.org. The site, which is only two weeks old, aims to pinpoint the Internet addresses from which crackers launch attacks. By comparing hundreds of logs of Internet addresses attempting to connect to particular ports of a computer, it is possible to identify patterns of suspicious behaviour from legitimate activity - such as a web server checker to see if a user is still online. By correlating information it would be possible to identifying anyone who is attempting to prize open the doors of a variety of Internet addresses. It is hoped this data can then be used to protect networks from intrusion attempts. The site is still in its infancy so its not sure whether the system of voluntary reporting will scale, nor how reliable the data obtained will be - particularly because no attempt is made to authenticate user submissions. That said the site represents a welcome attempt to raise security awareness. If nothing else the distributed denial of service attacks this year showed that security on the internet needs to become a community effort, or else everyone is at risk. ® Related stories DDos degrades the Net
John Leyden, 07 Dec 2000

SyncML open sources universal data sync system

Industry-sponsored standards development body SyncML unveiled version 1.0 of its platform-independent data synchronisation spec today. The organisation, founded back in February by the IBM, Motorola, Ericsson, Psion and Palm, among others, released the system's XML-based data transfer specification and the software behind it free to the public under an open source licence. SyncML's technology essentially allows multiple systems to synchronise data much as Palm's HotSync ensures copies of data on a host PC and a PDA are kept in harmony. SyncML, however, is platform-independent, so neither PIM, say, or PDA need to know how either works in order to communicate. SyncML initally operates over HTTP, WAP's WSP, Bluetooth and IrDA (infra-red) transport protocols, though it is transport-independent. The organisation expects the first SyncML-compliant devices to appear during the first quarter of 2001. SyncML chairman Douglas Heintzman said he expects the number of compliant devices and applications to ramp up significantly throughout the year. Incidentally, SyncML sponsor Palm is expected to ship the next major version of PalmOS during that period, so it's likely the technology will be incorporated into Palm's HotSync, ultimately ending the need for different Conduits for different applications. That said, SyncML's success depends on its acceptance by software and OS vendors. In addition to its eight founder members, the group cites some 500 supporting companies, but the vast majority are small developers and wireless firms. And Microsoft isn't among them. Heintzman played that down, suggesting the software giant knows what SyncML is up to and will presumably be digesting the newly release spec. Lack of support from the maker of Outlook and PocketPC is something of a handicap for take-up in the consumer arena. SyncML's support from Palm and Symbian is probably more important than getting PocketPC SyncML compliance, but Outlook support is essential. Sun's support for the would-be standard suggests it will soon make its way into Java. ®
Tony Smith, 07 Dec 2000
Cat 5 cable

BT Bonfield's head to go on MP platter this month

BT head honcho Peter Bonfield faces a grilling by MPs later this month over charges of delaying Britain's high speed Web access. The CEO of BT will go before Parliament's cross-party Trade and Industry Committee on December 19 to reply to criticism from Oftel chief and Bonfield foe David Edmonds. Edmonds finally plucked up the courage to get cross with BT last month. He appeared before the committee and asked for Bonfield's head on a platter over BT's obtrusive behaviour regarding unbundling the local loop, while receiving a roasting on Oftel's "impotence" and "complacency". But it is unclear whether Bonfield will get the same treatment. "We believe Oftel has not been pushing BT hard enough," committee chairman Martin O'Neill told Reuters today. "I don't think you can blame BT in that BT is merely protecting its commercial interests." This "protecting" strategy from BT included such blameless actions as withholding information from watchdog Oftel for months on end, Edmonds previously alleged - something he said was part of the "trench warfare" that had gone on between the two all summer. Whilst they have him before them, MPs also plan to probe Bonfield on his plans to restructure BT. Bonfield will take centre stage hours after rivals Cable & Wireless and Kingston Communications air their grievances about BT and the local loop debacle. ® Related Stories Oftel head flambéed by angry MPs Unmetered access is here! No thanks to BT Oftel investigates 'anti-competitive' BT The secret diary of David Edmonds, aged 46 and nine months
Linda Harrison, 07 Dec 2000

Cybercrime laws are super weak

Cybercriminals are getting away with virtual murder because criminal laws in most countries have not been extended into cyberspace. That's the conclusion of a study by McConnell International, a technology management consulting firm. It says that the lack of criminal laws is making the prosecution of computer related crimes - such as hacking or spreading viruses on the Internet - nigh on impossible. The study, "Cyber Crime ... and Punishment?", found that only nine of the 52 countries surveyed had amended their laws to cover computer related crime. "The long arm of the law does not yet reach across the global Internet," said Bruce W. McConnell, the firm's president. "Organisations must rely on their own defences for now. Governments, industry, and civil society must work together to develop consistent and enforceable national laws to deter future crime in cyberspace." The report looked at ten different types of cyber crime in four categories: data-related crimes, including interception, modification, and theft; network-related crimes, including interference and sabotage; crimes of access, including hacking and virus distribution; and associated computer-related crimes, including aiding and abetting cyber criminals, computer fraud, and computer forgery. Nine countries were found to have updated their laws to deal with six or more of these ten categories of offences, which was judged to be enough to provide some blanket of cover. A further 10 had some legislation against computer crime but an alarming 33 states had no laws against crime on the internet. Neil Barrett, technical director at Information Risk Management, said the study was factually correct but represented an "unnecessarily bleak" picture. He said in many cases computer crimes could be prosecuted under existing laws against fraud, criminal damage, theft or conspiracy - though the application of these laws sometimes falls down, resulting in weak penalties. To at least partly address this, Barrett, who has been a key advisor to the police force in the UK on computer security, is working with a group to develop a trans-national code of best practice for dealing with cyber-crime. He added this would enable the better international co-operation, as well as sharing of information and of best practices in tackling crime on the internet. ® Related Link McConnell International Related Stories Calls for fresh love bug charges Hackers, Windows NT and the FBI Politicians line up against Euro email snooping laws
John Leyden, 07 Dec 2000