27th > April > 2001 Archive

SDMI crack team scurries away in fear again

Princeton University Computer Science Professor Edward Felten, who has credited himself and his team with cracking the Secure Digital Music Initiative (SDMI) Public Challenge, has once again wussed-out after threatening to do something frightfully daring like publish the results of his research. Felten first backed down from publishing in January, after lawyers terrified him with horror stories of how the music Titans would punish him with the Digital Millennium Copyright Act (DMCA). Felten subsequently appeared to have grown a pair when he arranged to deliver his results at the Fourth International Information Hiding Workshop in Pittsburgh, Pennsylvania this week; but at the last minute, whatever endocrine tissues he'd managed to develop magically retracted whence they came. Felten announced Thursday that he'd just as soon not reveal his research during the workshop because legal action had once again been threatened. "Litigation is costly, time-consuming and uncertain, regardless of the merits of the other side's case," Felten whinged. "Ultimately, we....reached a collective decision not to expose ourselves, our employers and the conference organizers to litigation." A 'collective decision' indeed. If there's anything worse than a wuss, it's a wuss who tries to implicate others in his cowardice. For those who still care, we've got the paper Felten can't quite bring himself to publish mirrored here. ® Related stories SDMI cracks revealed Prof hushes SDMI crack on DMCA terror
Thomas C Greene, 27 Apr 2001

Egghead credit card hack: serious questions remain

It started with a tip from a Register reader whose bank advised him to cancel his Visa credit card after shopping at on-line retailer Egghead.com, then developed into a tour de force of public-relations worst practices, and finally ended in lingering doubts about whether Egghead's vehement claim that no credit card data was compromised during its Christmas hack is trustworthy. Initially, all we knew was what our reader told us: "Late last week my [bank] called to tell me that Egghead had told the Visa company that a large number of their customers credit card info had been accessed by a hostile cracker. They told me to cancel my card and request a new one. I asked if my card had been used by the crackers, and they said 'no.'" We first replied to the reader asking the name of his or her bank; and then contacted Egghead. We were intensely curious because if our reader was right, we'd found a real discrepancy between what Egghead told Visa, and what they told the public, about the extent of the December attack. We also needed to learn whether this item indicated a more recent hacking incident, as we originally suspected, because a full four months had elapsed between the holiday hack and our reader's warning from their bank. Yesterday's news "Oh, this is nothing," Egghead PR bunny Robin Crandall chuckled to us in a flutey voice. "This happened ages ago. It's old news, nothing to report at all." Crandall suggested that the bank was needlessly alarming customers about an incident which Egghead had determined to be harmless. She also cast doubt on their security competence, noting more than once that it had taken them four months to alert their Visa customers. "I'm sorry to say it, but you just don't have a story here," she told us in a patronizing tone, as if we were some greenhorn who needed a bit of friendly advice from a real insider. We assured her that we'd been around long enough to know that we already had a story, as the glaring discrepancy between Egghead's reassuring press release, and the decidedly skittish behavior of a bank which issues Visa cards, is news in itself. We made it clear that we intended get to the bottom of it as well as we could. That little performance instantly concluded our friendly chat with Crandall, but soon yielded a phone call and e-mail memo from her supervisor, Egghead Corporate Communications VP Joanne Sperans Hartzell. "We are confident that the breach was contained, our database was not accessed, and customer data remained uncompromised. We have been confident of this since a thorough investigation led by Kroll Associates, working with our internal team, the FBI and the credit card companies, completed in early January, revealed no evidence that any customer information left our system," Hartzell told us. Which is not the same as saying that they'd determined that no customer information had left their system. 'Revealed no evidence' wasn't quite final enough for us. We pressed on. Meanwhile, back at the bank Once we learned the identity of the Visa issuer (bank) which sent out the warning, we contacted their security department. We didn't identify ourselves, and in fact affected to sound like a worried customer. Because the bank's Visa security officer never knew they were talking to the press, we won't quote him or her; but we will say that their understanding of the Egghead hack struck us as not quite in alignment with Hartzell's. Next we spoke on the record with the bank's card-holder account manager, who asked that s/he, and the bank, not be identified in print. "There's got to be something going on here," they reasoned. "Surely the Egghead database was compromised; otherwise, why would Visa recommend [that we cancel our customers' cards]"? Visa cowers in fear Why indeed, we wondered. Surely, if Egghead's version of events was accurate, there'd be no need for a bank to go to such lengths. And surely, no image-conscious bank would inconvenience its customers needlessly. A day later we obtained a letter written by Visa USA Senior VP and security specialist John Shaughnessy to card issuers warning about the Egghead hack, which unfortunately raised more questions than it answered. The letter, dated 23 December 2000, warns card issuers that "on December 21, Visa USA was informed that a merchant had discovered a security breach in its computer system that may have put cardholder data at risk." The next sentence, however, reads: "The cardholder data compromised included account numbers, CVV2*, cardholder names, addresses and possibly card expiration dates." Sentence one says the breach 'may have' compromised account data. Sentence two assumes that the data was compromised. We very much wished to clear that bit up. Reading further, we noticed that in paragraph five, Shaughnessy says that "Visa has begun to monitor the account numbers at risk from this compromise through our neural network fraud detection system," once again implying that account information did get out. He also says that the affected accounts would be "monitored as a portfolio at risk, measuring fraud rates outside the norm," and promises to "notify [issuers] directly if we have additional information." So, in addition to clearing up the uncertainty in Shaughnessy's wording about whether a compromise of data 'may have' occurred, or did in fact occur, we also needed to know if our bank might have been responding to 'additional information' as he promised to supply. We thought it would make sense that the bank in question would be canceling credit cards four months after Shaughnessy's initial contact if he had delivered specific warnings in the interim. So naturally we rang Shaughnessy's office and asked him to clarify his wording in the letter. An hour later a Visa flack rang to tell us that we'd be getting a call regarding our inquiry later that day. We were quite surprised a few hours later to take a call, not from Shaughnessy, but from Devorah Goldburg, with Visa's media relations contractor, Ketchum, whose home-page mousetrapped us (hence our omission of a link). There was absolutely nothing, Goldburg told us (with a redeeming hint of embarrassment, we should add), that Shaughnessy was willing say about his own written words. And not only was he unwilling to explain his letter, he lacked the spine to ring us and tell us so himself, but had cowered behind a third party -- not even a Visa employee -- whom he ordered to disappoint us on his behalf. As so often happens in news-gathering, we were shut down by a frightened wimp. And his pretext was ever so tired; he couldn't bring himself to comment because an FBI investigation was still underway (in contradiction to Hartzell's assertion above that it had been completed months ago). When we started this story we'd hoped to advise those of our readers who shopped at Egghead prior to the holiday hack as to whether canceling their credit cards would be a prudent move, or an overreaction; but thanks to Shaughnessy's irrational fear of explaining himself, we remain unprepared to do so. For now. Ironically, Egghead's Hartzell approached us last week proposing to "put an end to the disinformation regarding the attack on our systems in December," but, as events would have it, she only contributed to it in the end. ®    *CVV2 refers to a number on the back of a credit card which can provide a checksum based on the owner's address and postal code. Egghead is one of the few Web merchants which currently advises shoppers to supply the CVV2 value for added security, thus. Related Stories Egghead doubts hackers got the goods Egghead.com hacked Background on CC fraud Online Fraud Museum details CC hacking techniques Amazon, despite denials, was warned about hack Hacking credit cards is preposterously easy
Thomas C Greene, 27 Apr 2001

AOL class action clears first hurdle

Net users who alleged that AOL access software tampered with the workings of their PCs have cleared the first hurdle in their legal fight against the Internet giant. Earlier this week the United States District Court for the Southern District of Florida gave the green light for Net users to proceed with their legal action to sue AOL under the Computer Fraud and Abuse Act. Until now there had been doubts whether the plaintiffs had a case or not. One of the sticking points centred on the amount of damage that had to be done to a computer before the Act could be invoked. The court rejected claims that $5,000 worth of damage had to be caused to each computer before they could proceed. Instead, it ruled that the $5,000 worth of damage could include more than one machine. It said: "If the court were to interpret [the Act] as requiring each home user to sustain more than $5,000 in damages, the home user never would be protected because $5,000 is far more than the average price of a home computer system.'' AOL has consistently contested the allegations that its AOL Version 5.0 software damaged computers running Windows software. A senior spokesman for AOL said: "This lawsuit is without merit. We strongly dispute the allegations and vigorously intend to defend our position in court." ® Related Stories AOL lays out legal defence over version 5.0 class actions
Tim Richardson, 27 Apr 2001

PlayStation and consumer electronics do better for Sony

Sony has narrowed losses at its consumer electronics business and PlayStation division. Overall it has reported strong Q4 profits, but this is because of top arty martial arts flick Crouching Tiger, Hidden Dragon, and the less good movie Charlie's Angels Group net income for the three months to 31 March was 15.8 billion yen ($130 million). Sony's results last Q4 were spoiled by losses at its consumer electronics business and PlayStation operation. But Q4 at the game unit was better this year with sales leaping 24.7 per cent to 191.4 billion yen ($1.54 billion) and operating losses slimming down 37 per cent to 16.2 billion yen ($130.7 million). Sony's electronics unit saw Q4 operating losses reduce to 8.9 billion yen ($71.8 million), from 24.8 billion yen ($200 million). Sales at the unit, which makes Vaios as well as TVs, and hi-fis, rose 22.3 per cent to 1.4 trillion yen ($11.3 billion). This division accounted for 76 per cent of sales in fiscal 2000. Group net income fell to 16.7 billion yen ($134.87 million) in the year, from 121.8 billion yen ($980 million) a year earlier. This was down to a one off charge complying with US TV and film advertising rules. Sales rose 9 per cent to 7.3 trillion yen ($58.96 billion). ®
Robert Blincoe, 27 Apr 2001

Tosh op profits dip on memory slump

Toshiba is back in black for the year, but the company's operating profits dipped in the second half due to the chip market slump. Operating profits for the six months to 31 March were down 4.3 per cent to 126 billion yen ($1.02 billion) on fairly flat sales. The company posted net profits of 96.17 billion yen ($780 million) for the full year to March 31. The year before it made a loss of 32.9 billion yen ($265.41 million). The jump is down to Toshiba taking 110 billion yen ($890 million) charge in the six months to March 2000 to settle a U.S. class-action lawsuit that alleged the company sold defective laptop PCs. Sales for the year hit 5.95 trillion yen ($48 billion). Laptops, mobile phones and other digital devices earned 6.3 billion yen ($50.84 million) in the six months to 31 March, down from 30.7 billion yen ($247.74 million) a year earlier. For the financial year, which started on 1 April, Toshiba predicts net profits will drop to 60 billion yen ($480 million), and operating profits will fall 14 per cent to 200 billion yen ($1.61 billion). ®
Robert Blincoe, 27 Apr 2001

French to lead Bell Microproducts Euro push

Ian French, Ideal Hardware's CEO, is to work full time on European M&As and growth for parent company Bell Microproducts Europe. BME has set up five new European subs in its quest to be come the continent's definitive storage services distributor." Joining him at BME as CFO is Steve Lundy, previously finance and operations director at Ideal. Alex Tatham, Ideal's commercial director is promoted to country manager for the UK, reporting to French (who retains the Ideal CEO job title) Nick Lee, Ideal's company secretary and financial controller, has been promoted to be Ideal’s Finance Director. ® This story also appear in Microsoft Partner, a site for UK resellers. And you can read some more dealer squealer stuff in our Channel Flannel Channel.
Drew Cullen, 27 Apr 2001

MS applying prod activate tech to Win2k et al?

A post on The Tech Report suggests that Microsoft just might be preparing to retro-fit XP’s product activation to Win2k. According to the author, installation of the Internet Explorer 6 preview on a Win2k machine resulted in the addition of a new, suspicious-sounding registry key. The item appears as \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing, and there are two sub keys - HardwareID and Store. Says the author: “Under the HardwareID key is a ClientHWID binary value entry, containing what I'll assume is a hash key generated off my system's hardware. “Under the Store key is another key named LICENSE000, which contains four binary values named the following: ClientLicense, CompanyName, LicenseScope, and ProductID.” This certainly sounds like it contains the kind of info Microsoft is using for XP product activation, but it also seems to be a different way of doing it from the one used in XP beta 2. In the interests of The Truth, The Register has just turned itself in and finally got around to activating the office test rig, and although the MSLicensing entry existed both before and after activation, it obstinately remains as “value not set.” It seems most likely that Microsoft is experimenting with a number of different ways to handle activation, and that the code in the IE6 preview is just another one of them. It certainly can’t be the case that Microsoft intends to make you activate products you’ve already bought and installed, and that didn’t ship with activation built in. But it does seem inevitable that, so long as the system actually flies, it’ll get fitted to new revs of earlier software. It’s also likely, as it’s Microsoft’s intention to roll out product activation across all its software, that the tools to execute it will appear in your old OS as you install new software. Friends, there is no escape. Well all right, there is one, before you lot all start bombarding me again. It begins with L, OK? ® Related links Tech Report article WinXP product activation: is MS only kidding?
John Lettice, 27 Apr 2001

'They've just replaced one Sir Idiot with another'

The City, media and everyday investors are not impressed with the announcement yesterday that Sir Iain Vallance was to step down as BT chairman and be replaced with current BBC governor Sir Christopher Bland. One Internet poster appeared to capture the mood when he said "they have just replaced one Sir Idiot with another". BT's share price fell 5.5 per cent on the news yesterday, wiping £2 billion off the company's value. It has continued to fall today and currently stands at 534p, down 3 per cent on yesterday - another £1 billion lopped off. Media reports are nearly all hostile: "Bonfield faces the storm alone", "The £1m failure", "Can Bland of the BBC rescue BT?" and the consistently bland Independent goes with "BBC chairman Bland to succeed Vallance in the UK". As you would expect there is heavy speculation, but these are the things that everyone agrees upon: Vallance was right to go BT will soon embark on some fund-raising to help cut its £30 billion debt Bland is a no-nonsense leader Bland has taken on one hell of a challenge Bonfield's position still looks shaky as the last one of the old BT triumvirate Add to this the political whirlwind revolving around Bland's current position as BBC chairman - tied in, of course, to party politics because national journalists refuse to accept that anything happens without their chums in Parliament having something to do with it. The fact remains that by behaving like the arrogant monopolist of old, failing to seize the potential of the Internet, being too slow and cumbersome to tackle the mobile market as effectively as others, angering huge sectors of business by foot-dragging and trying to buy their way out of trouble, the BT top three made the unpardonable sin of causing share price to fall. Significantly. Sir Iain has seen shares fall from £15.03 to today's £5.34 during his chairmanship, but will still get a £600,000 pay-off with £333,000 pension plus his share options (worth £157,000) and will retain the "president emeritus" title until July next year. Finance director Robert Brace has paid the price for failing to deal with mounting debt, now Vallance has paid the price for not steering the BT supertanker away from the rocks early enough. Will Bonfield see his lack of foresight and vision rewarded in the same way? ® Related Story Vallance quits BT
Kieren McCarthy, 27 Apr 2001

Firms turn to vigilante tactics against crackers

Firms are becoming prepared to adopt vigilante tactics against crackers in response to a rise in cybercrime that law enforcement measures alone cannot be expected to control. That was the conclusion of a panel of security experts at London's Infosecurity show yesterday who warned that the reluctance of business to use the law when they are subject to Internet attack is leading to a state of "cyber anarchy". Bob Ayers, former Head of the US Information Warfare Programme, said that a survey by Infowar.com suggests that 70 per cent of companies who have suffered a hack attack said they would fight back. "The private sector is adopting vigilante tactics to respond to cybercrime," said Ayers. Ayres, who is now director of security consultancy Para-Protect, cited other studies which suggest that 32 per cent of Fortune 500 companies had installed counter-offensive software, which he suggested had similar capabilities to the tools crackers themselves use. Whether this 'counter-offensive' software refers to intrusion detection software or something more nefarious wasn't clearly explained but the argument firms might take the law into their own hands is fairly persuasive. Peter Sommer, a security expert from the London School of Economics, said that in the same way that routine burglaries don't warrant the use of a lot of police resources, many cases of hacking are unlikely to be fully investigated by police, whose resources are limited. If firms report hacking attacks to the police they risk public disclosure of their problems and are embarking on a uncertain legal process which might tie a great deal of their resources. Even if a cracker is arrested and convicted his punishment courts are reluctant to levy out heavy sentences or fines. Also the police can only act after an attack, which might cause thousands of even millions of dollars of damage to a firm and its reputation, has taken place. These factors might lead firms to take the law into their own hands and hire shadowy "information brokers" to hunt down hackers or authorise their own staff to strike back at crackers by trying to disable their machines through mounting a denial of service attack. But by taking up information warfare tactics firms could fall foul of laws like the UK's Computer Misuse Act. It's also possible they might hit back at the wrong target. Commodore Patrick Tyrrell, deputy chief executive of the UK's Defence Communication Services Agency, a group in the Ministry of Defence, said we may be headed for what he described as "short term cyber-anarchy". Whether the situation will improve in the longer term was left unclear at the end of the debate, which emphasised the need for firms the get their security infrastructure robust enough to frustrate attacks in the first place. ®
John Leyden, 27 Apr 2001

IBM makes nano chip breakthrough

UpdatedUpdated IBM has claimed a breakthrough in producing smaller processors based on nanotechnology. Nanoelectronics isn't new, but IBM's Thomas J Watson Lab says the new research - it's actually a process improvement - makes more precise and reliable placement of transistors based on carbon nanotubes, rather than silicon possible. Specifically, the researchers' breakthrough is in exploiting characteristics of what's called the 'van der Waals' interaction - the effect between a Nanotube and the surface on which it rests - to manipulate the tubes into useful shapes. IBM hopes to have the technology ready where it could be adopted for production in three years, although Professor Chris Wilkinson of Glasgow's Nanoelectronics Research Centre at the University of Glasgow says processors are 12 to 15 years away. IBM has a basic walkthrough here, and a much more detailed page here. IBM has also updated its page of nanotechnology links here, which have been fixed since our whinge earlier today. Nice work, gentlemen. ®
Andrew Orlowski, 27 Apr 2001

Madge.web goes titsup.com

Madge.web, the wholly-owned subsidiary of Token Ring card maker Madge Networks, has gone bust. Its parent company has called in the UK receivers and is actively seeking to sell the rich media streaming host as a going concern. Madge Networks BV is to restate its results to January 31, 2001 to "reflect the fact that" Madge.web is no longer part of the group. Obviously, accountancy rules are accountancy rules, but this looks somewhat like rewriting history to us. Post-airbrush, Madge Networks will see its liquidity 'significantly improved'. From the look of it, Madge.web is in the Akamai/Inktomi space - not a very good place to be right now. ®
Drew Cullen, 27 Apr 2001

Siemens to axe another 3,500 staff

Siemens will axe a further 3,500 jobs following a poor set of Q2 results, the company announced yesterday. The job cuts will come from its corporate networks business and add to the 2,600 in the mobile side of the business announced two weeks ago. The cuts come on top of an appalling two weeks in the IT industry. A slowdown in the sale of mobile phones, chips and PCs has seen a huge number of companies' lay off staff. The current leader in terms of numbers is Ericsson, which said a week ago it was letting 12,000 staff go. Siemens' Q2 profits fell by 11 per cent and Net income dropped from £407 million Q2 last year to £360 million. The company actually refused to give an expected future earnings figure. Sales rose 8 per cent - sparking the company to proudly point out it had overtaken Ericsson in terms of handsets and now sits third behind Nokia and Motorola. However, shares fell by up to 4 per cent. Chief exec Heinrich von Pierer said: "The environment will get increasingly tougher, however. We will take further countermeasures." The jobs losses put Siemens in second place over the number of staff axed in the past month. Some of the others are: Ericsson (12,000), Motorola (3,000), HP (3,000) SGI (1,000), Caldera (32). ®
Kieren McCarthy, 27 Apr 2001

Alcatel, Lucent mull merger

Alcatel has held talks with Lucent Technologies concerning a possible acquisition or merger of the two companies. According to a report in Wall Street Journal wider discussions flowed out of negotiations about the sale of Lucent's fibre-optic business to Alcatel, which debt-ridden Lucent values at $6 billion. The paper quotes unnamed people familiar with the situation who told it of the talks but also suggested the chance of a deal are slim. Among other reasons putting together a package attractive to Lucent shareholders would be difficult in current market conditions. Alcatel and Lucent both have market capitalisation of around $35 billion. However French-based Alcatel has weathered the fall in spending on telecommunications equipment far better than Lucent, which earlier this week announced that it lost $3.69 billion in its second quarter. Lucent, an AT&T spin-off, has been hit by a string of disasters - last year it issued a steady flow of profit warnings, ousted its chief executive Richard McGinn, and was forced to restate its fourth quarter sales. In an attempt to turn around its business Lucent has launched a restructuring program, which involves the loss of a total of 16,000 jobs at the firm. ® Related Stories Lucent 'severely impacted' by Winstar bankruptcy Lucent to restate sales and cut 10,000 (full-time) jobs Lucent denies bankruptcy rumours Blunder cuts lucent Q1 sales by $125 million
John Leyden, 27 Apr 2001

Wicca man gets hot under collar

UK Jedi get green light Those who intend to declare their religion as 'Jedi' in the forthcoming UK census have some competition in the form of the Pagans. Whereas the Jedi are a frivolous bunch of spotty youths out to annoy the government, the Pagans are an international force of alternative faiths. And not just naked tree huggers and wiccas. Suzi explains: I wish to protest about the term you used to describe Pagans in your recent article. You obviously have no idea of the diversity of faiths covered by the "Pagan" description - we aren't all "naked tree-huggers and wiccas". A retraction of some kind would be appreciated by those of us who are covered by the generic term Pagan (for information - the generic term "Pagan" covers just about anyone who has a faith that does not belong to one of the main three religions of Christianity/Judaism/Islam - so you just insulted rather a lot of people). Then we have Sylvain Pimparé, who thinks that we've missed a lesson from history: Can you tell me why it is MAD to be another religion than your own? Why do you have so much hate about other religions? Didn't the Holocaust teach you anything? If you want to be a good journalist I suggest you stop making those last sentence and stay into facts. And finally, thanks to Yule Zephyr for this contribution: I am very disappointed with your comment describing adherents of modern Pagan religions as "naked tree-huggers and wiccas". Even minimal research would have prevented the misspelling of "wiccas" (I'm not going to tell you what it *should* be, you're the one supposed to be doing the research). The suggestion that we are all "naked tree-huggers" is very misconceived; those who adopt Paganism as a spiritual framework are just as varied in their opinions of naturism, trees and environmental issues as members of any other Religion. You are insulting all religions when you assume that being spiritual implies replacing your individual identity with your chosen religion's 'uniform' outlook on all matters (religious or not - including politics and attire). I wish to point out that modern Paganism is already recognised as a faith by the Department of Health (who support fifty pagan chaplains to fulfil the 'right to solace' within the Patient's Charter) and the Home Office (funding thirty pagans to visit devotees in jail). The Heritage Lottery Fund is also considering a pagan-backed bid for restoration of Oxford's Rollright Stones, an ancient site of worship. Pete Jennings (then president of the Pagan Federation) met the International General Secretary of the World Council of Hindus and his British counterpart in May last year, where the Hindus told him that they regard themselves as a Pagan religion and feel they have much in common with modern Pagans here in the UK. As of the 2nd of October last year, freedom of religion for all those resident in the UK has been protected by the Human Rights Act 1998. Finally, Pagans here have been looking forward to the 2001 census for a number of years not only as an opportunity to gain recognition for their very eclectic belief system, but also to learn how large their community really is. While there have been a number of estimates in recent years, they have varied wildly and an accurate appraisal is eagerly anticipated. I wish the 'Jedi' every success, but am concerned that many of their recorded adherents at the Census will have been attracted more by the novelty than a deep-seated philosophical outlook. To equate them with the young but established spiritual group known as modern Pagans is at best naïve and at worst offensive. I believe an acknowledgement of this, if not an apology, is required. 'Fraid not. We do, however, wish all Pagans everywhere - clothed or otherwise - the very best of luck against the Jedi this Sunday.
Lester Haines, 27 Apr 2001

Computer fires man II

Computer fires man DIY boxshifter B&Q is not the only company to use telephone virtual interviews to weed out undesirable job applicants - even after they've already worked for the company. Andrew Veitch should know: Many years ago I worked for the Standard Life in Edinburgh. I worked for a year in the pensions department under a temporary contract and then when there was a permanent vacancy applied for the post. I was turned down on the grounds that I failed the two minute telephone test. I was then asked to stay on to train my replacement! The fact that my manager recommended me and had spent a year working with me was not relevant. Needless to say I walked out immediately. Good lad. Unfortunately, we have run your email through the Vulture Central personality profiling computer and regret that we cannot presently offer you employment.
Lester Haines, 27 Apr 2001

ISS – Ivan knows best

Space station computers crash What, I wonder, would NASA make of Elijah Jacob Shalis International Space Station theory?: For a while I believe the Russian module controlled the station and all its aspects and there were no problems. A few months ago those tasks were transferred to a US module and NASA ground control. It looks like the Russians have superior technology still. Absolutely. If I was building a space station - or a nuclear reactor for that matter - I'd want the Russians at the helm. Safe as houses. Uncannily, we now have a message from one Anton R. Ivanov. He knows what the problem is: Re:"The IBM Thinkpad laptops to which you refer, called PCS (Portable Computer System) are used throughout the station. They are indeed 486 based laptops. However, they are running Sun's Solaris OS for x86, and the OpenWindows WM, and a custom application that provides a graphical interface to the various on-board systems. Well... it is either bound to crash or this is a lie. If they are using an older version of Solaris the support for PCMCIA does not stand a chance in real life and the drivers for the 3COM cards seen on the shots presented on the Reg web site are extremely buggy. If they have violated Nasa rules and have updated them to a recent Solaris it blows up on classic 486 (or IBM-BL) or whatever is used on the ThinkPad. Either way it is complete FUBAR. That is besides the fact that due to the fact that Solaris does not have working APM support and the bloody thing will overheat especially in low gravity. Convection with no gravity anyone? Part of the standard university level physics course (not in the USA). If there is no convection you can start frying eggs on the CL graphics chip that these machines use very soon. As for NASA, one of their boffins chipped in his two bits worth regarding ISS technology here.
Lester Haines, 27 Apr 2001

Business 2.0 folds in Europe

Future is to shut down Business 2.0 in Europe. The closure of the UK, German and Italian editions will cost it £1 million. At the same time, it is shutting down its heavily lossmaking German subsidiary, Future Verlag. Not so long ago Business 2.0 ws described as the jewel in Future's crown. In February, the company employed Morgan Stanley Dean Witter to find a buyer for the magazine, but it says that whatever the outcome, it's "become clear that European editions will need to be closed". A downfall in advertising is blamed. The US edition remains open for business - and perhaps is a more attractive prospect for potential buyers now. Earlier this month The Industry Standard shut down its paper operations in Europe - but this title never had an upswing in advertising to lose in the first place. Goodbye Germany Future Verlag looks decidedly sickly - the company lost DM 20.5m (£6.4m) on revenues of DM 22.5m (£7m) in 2000. The company is expected to lose another DM 2.9m on sales of DM 7.7m (£2.5m)in the run-up to closure. After the disposal (presumably sale) of some assets, Future expects to take a hit of DM 2.5m (#0.8m) for the closure of Germany. IDG is taking on Future Verlag's subscription obligations for PC Player, its main PC games title, by supplying its own rag Gamestar instead. ®
Drew Cullen, 27 Apr 2001

Sony releases Linux for Playstation2

Sony has released a beta of the long-awaited Linux kit for its PlayStation2 games console. The kit includes a 40Gb hard disk, which connects through the PC Card adaptor, a VGA adaptor, and mandatory custom USB keyboard and mouse. Or as the website puts it - once munged through Babelfish for a delightful Engrish effect - "mouse of marketing". The distro, aimed at the Japanese market only, is Red Hat based on 2.2.1 kernel, gcc 2.95.2 and glibc 2.2.2. Linux is no stranger to the PS2 - it provided the development platform for the console - but this is the first time the code has escaped outside the company. Sony says it hopes to have the release kit on sale in June for 25,000 Yen. But the company begs people to be patient:- "Concerning the first shipment quantity the demand which has already been moved aside on the net we plan 1,000 units on the basis of after that shipping continuously in accordance with the demand of everyone of the Linux community, we are defeated," notes our translation. Crumbs. There's a picture up at http://www.jp.playstation.com/linux/image/main.jpg, but in this case, a dmesg log is worth a thousand pictures, so instead feast your eyes on the bootup sequence. ® Related Link Sony's Linux on PS2 Page
Andrew Orlowski, 27 Apr 2001

FOTW Absolutely zero effort

Dixons' PC builder talks to the Reg. It's normally the Vulture Central footsoldiers - the hacks - who are on the receiving end of flame abuse. Rarely does our beloved news editor, Rob 'The Pond' Blincoe, cop some. After all, he merely edits the poorly-researched and semi-illiterate drivel that we punt out. It is with great pleasure, therefore, that we print the following, courtesy of Andy West: Perhaps better titled 'Reg regurgitates Centerprise handout. No evidence of actual visit to factory in story.' Absolutely zero effort went into this article and as 'News Editor' you ought to be ashamed of that. Just so you know people notice. Rob is on gardening leave for the rest of the day.
Lester Haines, 27 Apr 2001

Pope on ropes

NASA grounds Pope NASA has received the whole-hearted support of reader James Langford in banning Endeavour crew member Umberto Guidoni from delivering a extra-terrestrial message from the Pope: I don't know what a 'papal missive' is (or really care) but I am glad to see NASA have done this. Religious nonsense and intollerance has no place in any part of mankind's future. Also let us all remember Yuri Gagarin's words when he, as the first man to look down on Earth from space, said "Where is God? I do not see him" Of course he couldn't. How are you going to spot Larry Ellison from that distance? While we're on the subject of godless commies, let's have some input from Ed VanVliet: Re: "As the Endeavour possee includes a representative of the godless ex-Soviet Union and - worse - a Canadian, the administration's reasoning appears sound enough." The ex-Soviet Union (Russia) is a diverse nation that does not have the monolithic godless point of view that the official stance of the soviet union brand of communism had. When you make a joke like that it should have a basis in reality. Otherwise it is just a fictional story (or ranting). Or just a joke...
Lester Haines, 27 Apr 2001

Does anybody know who's in charge of security here?

Confusion between the level of security an ISP is willing to provide, and the level of protection users understand they receive, leaves companies vulnerable to attacks by crackers. That's one of the main conclusion of a survey of ISP and end-user attitudes to security by consultant MIS Corporate Defence Systems which found that 54 per cent of the organisations it questioned have been victims of an attack by hackers. The study can't be regarded as definitive because only 60 end-users and 25 ISPs were questioned but some trends that emerge from its results bear thinking about. More than half the end users questioned in the survey believed Internet security was the joint responsibility of an ISP and its users. Despite this end users are reluctant to accept ISPs assurances about security and only around a third would put in place security proposals suggested by their ISP. Worryingly every ISP questioned thinks its user follow their advice, which in 50 per cent of cases will not be tailored towards their clients. According to MIS confusion over responsibility for security between ISP and end user can lead to poor levels of protection and an over reliance on basic security tools, such as firewalls and anti-virus software. These don't provide complete protection against many forms of Internet attack, it warns. MIS conducts penetration testing and security audits on behalf of its clients and it list of the most common and serious security concerns makes interesting reading. According to MIS these vulnerabilities include BIND Domain Name System bugs, exploits of security holes on Web servers running Microsoft's IIS and exploitation of Unix services on vulnerable boxes. Weak passwords, SNMP vulnerabilities on networked kit and open file shares are other issues regularly flagged up during security tests by MIS. ® Related stories WIN2K is even easier to deface than NT CERT defends vulnerability info restrictions
John Leyden, 27 Apr 2001

Creative posts $100 million Q3 loss

Creative Technology - the folk behind the SoundBlaster cards - has posted a $101 million loss for its third quarter, compared to a net income of $88.3 million in Q3 last year. It's not the company's fault though, claims president Craig McHugh. This loss included one-off charges of $31 million and the stock market nobbled its investments, which fell $75.4 million. With losing this money, it would actually just have made money, the company said. Sales fell from $330 million last year to $263 million this year, but these were in line with expectations, the company said. As for the nine months of fiscal 2001, sales are down to $994.4 million from $1.036 billion last year. "Between the difficulty of the economic climate and the restructuring of our businesses, this was a challenging quarter," said Craig. "However, we achieved some important successes during the period. We made significant reductions in our operating expenses that will better position us going forward. At the same time, we met our revenue target as we continued to generate strong demand for retail audio products. We substantially reduced our inventory level, achieving our target of net inventory of $200 million at the end of the quarter." The company's chairman and CEO SimWong Hoo was naturally upset about losing over $70 million on their investments: "During the quarter, we sustained, for the first time, a net loss from our investment portfolio." But here comes the excuse: "The $75 million write-down from our investment portfolio should be taken in the perspective that we posted realized gains of $103.4 million in fiscal year 2000." That's alright then. Creative also bought back about 892,000 of its shares for $8.6 million. ®
Kieren McCarthy, 27 Apr 2001

Readers' Letters Reg buys Intel spin

1.7GHz P4 spanks 1.33GHz Athlon in Quake 3 The splendidly-named Spencer T. Kittelson reckons that standards are slipping at your runaway Reg. Seems we've been a little unkind to the Athlon: [Your article] should contain the subheading "But gets beaten in virtually everything else". That would help cancel out the slant. I've read all the reports, particularly the Tech-report piece. If you're doing large matrix LINPACK or are a Quakehead then go for the P4. Otherwise, use the Athlon. A little truth in reporting would go a long way and The Reg has been slipping of late... Hmmm. David M. Pender wants to discuss this matter further. All our base still are belong to Intel, apparently: I find it troubling that you title an article "1.7 GHz P4 Spanks 1.33GHz Athlon in Quake 3" for several reasons, and please correct me if I go wrong here... You make this claim in the title of the article and then go on to say "Overall, the Athlon 1.33 GHz is slightly faster in most legacy benchmarks." Don't you see the irony in that? I should think that the P4 at 1.7 GHz would be faster at everything, and of course, if you ask Intel, it is. Truth is, Intel's totally new P4 chip can't keep up with a slower clock and FSB in the Athlon that has been out for over a year. Don't you see what is wrong here, the big Intel media wheel is turning and you guys are rolling right along with it. Price and performance are all that matter anymore, both of which AMD wins. You can't by a processor from Intel that compares to the Athlon. Sure, in some benchmarks the P4 edges out the slower, older Athlon - in some!!! It should be all if this chip from Intel is so great. More than likely, if you look at it, most of the benchmarks that the P4 edges (and I use "edges" on purpose meaning "barely beats") out the Athlon are optimized for the Intel instruction sets. I guess no one sees the logic behind the following... 1. Athlon and Pentium III are released a. Athlon beats Pentium III hands down at pretty much everything i. Athlon is cheaper, cooler, and available (remember the great Intel chip shortage) ii. Intel and AMD pass the speed crown back and forth iii. AMD stock soars (I was happy about this one as I owned a few shares, and still do) 2. Pentium 4 released at 1.7 GHz, Athlon still going strong a. "Overall, the Athlon 1.33 GHz is slightly faster in most legacy benchmarks." to use your line again comparing to a 1.7 GHz P4 i. Athlon is cheaper, cooler and more STABLE!!! ii. Gobble, gobble gobble - no, that is not an American Thanksgiving turkey, but the sound of AMD gaining market share!!! Thanks, Dave. Nice to get the objective viewpoint from an AMD shareholder. Best of the rest Wicca man gets hot under collar Summer is a-coming in... Computer fires man II This time it's personal ISS - Ivan knows best International Space Station broken by Americans Pope on ropes Yuri Gagarin backs NASA ban Transexual jokes too close to home Submariner speaks
Lester Haines, 27 Apr 2001

Transsexual jokes too close to home

Miss France or Mr Snip? Life on the Vulture Central Mailbag desk prepares you for most things. Occasionaly, however, we do get something rather different. Ladies and Gentlemen, give it up for Kimberly: Really Kieren, I am a bit disappointed. I found the linked page amusing, but let's just say my humor is lacking this morning (7:42 AM PST). Here in the US, our military is not nearly as enlightened as that of the UK. As a result, I lost a nearly 7 year career as a submariner for the US Navy just because I was medically diagnosed as transsexual and sought civilian help. I do wish our medical profession was also up to a more British standard too, as American insurance does not cover the surgery. Let's just say that I have been remarkably fortunate despite starting my transition as late as 26 and took after my prettiest aunt in looks. Sorry bloke, I just can't find the humor today since it hits too close to home. Here's to your next article, may it tickle my funny bone! There is a serious side to this issue, as Kate Elliot, of Linuxgrrls.org, points out: I'm saddened to see a news site which I like and read regularly make fun of a recognised medical condition. I'm not sure exactly what Kieren McCarthy has against transexuals but perhaps he should consider doing some research into the suffering which individuals with this condition go through. The world has moved on a lot, and *most* people don't feel that transexuals should be the object of ridicule - perhaps Kieren McCarthy feels differently, but would you publish a story making fun of those with cancer, or depression just because one of your journalists felt it was amusing? I hope not. Perhaps you, and Kieren should do some reading on the subject of transexuality, which I say again *is* a recognised medical condition. Just to give you an idea of the seriousness of it; last time I checked, the statistics were something like 50% of untreated sufferers commiting suicide before the age of 25. I hope that in future you'll think more carefully before making fun of medical conditions.
Lester Haines, 27 Apr 2001

Dixons opens 100th PC World store

Dixons Stores Group is cutting a layer of management out of its PC World stores leaving 300 managers without a job. It is also reaching its 100th store milestone this weekend - we believe it's going to be a branch in Liverpool, and we're waiting to hear which cast member of Brookside is going to cut the ribbon. The company doesn't expect any redundancies from its management reorganisation and believes it can move all the affected staff into other jobs within the group. It doesn't even think anyone will have to move to a new area. "We have 1,100 stores within the country and there are plenty of career opportunities," a spokesman said. Dixons is creating one new title - assistant manager - to replace a couple of other high falutin' job positions. Each store will have four assistant managers, so there are 400 jobs going and 700 managers who'll fight it out for them. And the reason for the job shuffle - more bodies working the punters. "The assistant managers will be heavily shopfloor-focused," according to the spokesman. ® Related Stories Dixons' PC builder talks to The RegDixons confirms Kalms retirement Dixons doesn't dominate UK PC market
Robert Blincoe, 27 Apr 2001

Time Computers culls 130 workers

Time Computers cut back around 130 jobs from its head office this week, according to the remaining staff. The company admits it was caught out by the first time computer market dropping off 12 months earleir than it had expected. Workers have gone from almost all departments except sales, and the figure includes at least 20 job losses from each of the warehousing, manufacturing, and returns/repairs sections. The jobs losses are across Time and its manufacturing business VMT. Time, a privately owned business, has been reluctant to admit any lay-offs. But Time boss Tahir Mohsan has conceded just 30/40 job cut backs in logistics/warehousing and administration. He said the job losses followed on from closing down its Time Talk mobile phone chain. The company has closed 40-50 shops this year. It is estimated that Time now has 100 workers left in its manufacturing section, and 60/70 in support. Around 440 worked in manufacturing just before December 2000. The difference in the figures quoted by Mohsan and Time staff could be explained by Time's practice of employing a lot of temporary workers on week by week basis. Not renewing a temporary contract is not considered to be a lay-off. Mohsan said: "We hire temporary people on a week by week basis. Sixty per cent of work force is not directly employed by us." He said this is common practice in all manufacturing companies, and the company didn't announce when it was taking temps on, nor when it didn't rehire them. But one long serving Time employee said: "All the temps have gone - we're into core staff now." He is very worried for his own and Time's future and said the mood of workers at Time's head office near Burnley was very bad. "You get very nervous, you're getting rid of experience. If you get through to Friday lunchtime, you know you've got a job for the next week. You get no redundancy - you get a weeks money and you're on your way." Time's manufacturing plant is enormous; it was bought off Philips which used to make TVs there. The manufacturing side was set up to handle 20 production lines each capable of building 250 PCs a day. Two lines are currently working, building 300-400 machines a day. The 130 staff are not all expected to leave immediately. Notice will be worked depending on their contracts. Tahir Mohsan and his family were valued at £50 million in the Sunday times Rich List. They'd been up at £175 million in last year's list. ® Related Stories More Time shops shut Time closes shops, says it'll open more
Robert Blincoe, 27 Apr 2001

Compaq buys US systems integrator

Compaq is to buy a US systems integrator called Proxicom for $266m. This will increase the numbers of service professionals working for Compaq in North America by 1000, or 20 per cent of the total. Compaq is getting to look more and more like IBM with each passing day. The company may have lost its crown as the world's biggest PC maker this quarter to upstart Dell. But it is consoling itself by moving up the value chain into more and more services. Big Q is looking for more acquisitions in so-called econsultancy, and not just in America. The company says this won't create conflict with other systems integrators - but it's difficult to see how it won't avoid conflict. The more people it has working inhouse for services business, the less need it has for using third party integrators. Compaq currently services around 250 global accounts direct, inherited mostly, we guess, from the Digital Equipment Corporation acquisition. And it's letting integrators and resellers know which these customers are. One could view this either as refreshing openness, or as a none-too-subtle ringfencing manoeuvre. ® You can find more Reg channel stories here.
Drew Cullen, 27 Apr 2001

Atlantic hesitant about DSL, EasyNet encouraged

British-based Atlantic Telecom is forging ahead providing DSL-based broadband service in Holland and Germany but is hesitant about progress in the UK. Releasing its Q4 performance statistics today it reported that it had signed a framework agreement with mobile telco outfit, Sonera, to provide DSL services in Holland and is finalising a similar agreement with a major carrier to provide high-speed wholesale DSL services. In the UK, Atlantic is apprehensive about DSL. Despite being part of the local loop unbundling process, it is looking at DSL provision just in Manchester concentrating instead on the provision of broadband fixed wireless services. In March Atlantic told analysts that it had a "conservative view on UK local loop unbundling" and that "future DSL investment in the UK [would] be subject to a proven track record in Manchester". Yesterday, Easynet said it had installed 5,000 DSL lines - an increase of 2,500 during the last three months. On the surface, this sounds promising but David Rowe, Chairman and CEO of Easynet was somewhat restrained about DSL saying its progress had been "encouraging". However, the outfit is on target to roll-out unbundled services in the second half of the year. And on Tuesday Fibernet reported that it had made half-year pre-tax profits of £3.2 million on increased revenues of £24.6 million. Despite this, it sounded a cautious note to LLU promising shareholders a "cautious approach to capital expenditure" in this area, "driven by customer demand". And to round things off, Redstone - which is making great progress with its distant location strategy - said recently that it would axe 85 jobs at its Borehamwood headquarters in a bid to save cash.
Tim Richardson, 27 Apr 2001

Online chip broker sets out UK stall

ce Consumer Electronic AG, the online chip broker, is setting up a subsidiary for the UK and Ireland. Based in Germany, ce Consumer Electronic is also a wholesale distributor of electronics components, with subsidiaries in several countries. There's a profile of the company here. ®
Drew Cullen, 27 Apr 2001

SCO channel chill bodes ill for Caldera

The day after Caldera cut 17 per cent of its staff (including OS/2 and Java vet Nick Petreley), we found ourselves musing how urgently the Utah-based Linux distro needed the stability of SCO's revenue. Caldera is expected to complete the merger next week. But, um what stability ... and what revenue? Those questions are posed by one SCO reseller in a chastising message to us. His tale, if typical, doesn't bode well for the merged Unix company:- We're a SCO reseller ... or rather we're a SCO reseller who're not selling any SCO product any more because customers and prospects are universally saying "can we run your application under Linux" and when we say we can they go the Linux route. Even long standing SCO users are switching to Linux when they upgrade. Given the difference in price this is hardly surprising. Talking to other SCO resellers I've found that this is happening to them too. Given this I'd expect to see Caldera's revenue from SCO UnixWare and Open Server to be plummeting at the moment. It's also clear to me from conversions and communications we've had with SCO/Caldera that Caldera believe that by buying SCO they're positioning themselves at the "enterprise" end of the Linux market by grabbing into SCO's strong IA32 Unix customer base but our customers are saying "who? Why aren't you selling us RedHat?". So we do. The reason, he adds, is that SCO OpenServer binaries now run so well on Linux that customers consider the $1000+ license fee an easy saving, and do without. Scaldera urgently needs a predictable regular revenue stream because it's one of the few companies left standing that's burning through cash as if it was still the height of the dot.com bubble economy. Caldera's revenues were static at $1m in the last quarter, but the company ran up $9m in costs. If our correspondent is remotely correct, Caldera needs to do some urgent, high profile rebranding of its Linux distros. Assuming that SCO's reseller channel would simply become Caldera resellers always was one of the shakier points of the merger. Caldera could discover that in a business as competitive as PC Unix, keeping its new VARs happy is as thankless as herding cats. ®
Andrew Orlowski, 27 Apr 2001

MD of Cisco gold partner pleads guilty to fraud

The managing director of Cisco Gold Partner NSC technology has pleaded guilty to several counts of fraud at the Crown Court at Middlesex Guildhall today. Muhammed Yaseem was in court with co-defendants Charles Warner Allen and Jonathan Palmer, not of NSC. Yaseem started NSC Technology in 1992 with two colleagues and by 1999 it had built up to 50 people. The company was awarded gold partnership with Cisco in 2000 and won Cisco Partner of the Month that March. The company now has offices around the world but retains its headquarters in London. Yaseem faced five counts of fraud, but by Friday evening the only records available to us regarded count 3 of conspiring falsely to account, which Yaseem pleaded not guilty to and the Judge said was to lie on file (i.e. not be pursued), and count 5 of Conspiracy to make corrupt payment, to which Yaseem pleaded guilty. The payments concerned the purchase of computer equipment between December 1995 and June 1997 between two companies - Perfect Information Ltd and GLP Technology Ltd. A date for the sentence has yet to be decided. NSC had not returned to us with an official statement by the time we left on Friday. ®
Kieren McCarthy, 27 Apr 2001

WorldCom to axe 800 UK jobs

WorldCom is expected to announce massive job cuts as early as next week slashing its UK workforce by almost 20 per cent. The committee responsible for handling the redundancies in the UK is meeting this afternoon after delaying a decision on the redundancies last week due to insufficient information. Negotiations are expected to continue well into the evening. According to documents seen by The Register some 832 jobs will be lost across WorldCom and its UUNet operation in the UK - representing a reduction of more than 17 per cent of its workforce. At the end of last year both operations employed a total of 4,770 people in the UK including temporary staff and contractors. Although a formal decision was delayed last week it's understood that management has been meeting with employee groups to discuss the terms of the redundancies. One insider said that the cuts are due to be announced next week. Employees have known about the cuts since January when it was announced internally that WorldCom and UUNet operation were to merge as part of an internal cost-cutting operation. Three months on and employees at both companies are still in the dark about exactly who will face the chop. Last month, insiders warned that as many as 1,000 jobs could go in Europe as the Internet company merged with its UUNet operation. No one from WorldCom was available for comment by press time. Yesterday, WorldCom Inc reported that Q1 net income had fallen by half. In March it laid off some 6,000 employees in the US. ® Related Stories WorldCom to axe 1000 European jobs WorldCom silent about job losses WorldCom slashes 6,000 jobs WorldCom raises spectre of job losses WorldCom to swallow UUNet
Tim Richardson, 27 Apr 2001

All your Unix™ are belong to Dennis Ritchie

Dennis Ritchie, co-author of Unix and the C language, has posted a panoramic view of the sheer versatility of his operating system. Or more precisely, the Unix name itself. Pre-empting the All Your Bases meme (which should have expired by now, as it was on its last legs when we wrote about it), the great man has rounded up examples of Unix in the unlikeliest places. "We've eliminated one of your biggest hassles ... loose hinge screws: Introducing UNIX!" boasts the Rodenstock UNIX spectacle frame, echoing a crie de Coeur of myopic BOFHs everywhere. Other examples Ritchie offers include body toners, nappies and a Costa Rican barbershop. The Unix trademark is officially owned by The Open Group, of course. Ritchie made the list on April 1 last year (oh yus...), and updated it last month, but it is Friday, and we were only just recovering from the shock of seeing the phrase Digital UNIX epoch (1952) on the Sony Playstation2 Linux boot-up sequence, and began to wonder what mysterious snake oil Ken Olsen had been brewing in his youth, before realizing we'd misread it. Don't write to us about that one. ® Related Link Other Unix Page Related Story Archaeologists unearth prehistoric C compiler
Andrew Orlowski, 27 Apr 2001

Lego porn! Hot and plasticky

While you can get sacked for looking at, saving or Photoshopping your work colleague's head onto some filthy porn, the Internet has provided us with a clean, safe, legal way of focussing those lustful intentions. In this field of comedy porn, the crown is undoubtedly held by FurniturePorn.com. There was a brief tussle for the top spot last year when Barbie tied herself to a miniature bed and had a friend attempt the impossible but it didn't beat the sight of two deckchairs going at it like wild dogs. But now we have Lego Porn. That's, those loveable dumpy yellow plastic folk have gone adult. The scenarios are incredible and every manner of filth including sadistic violence and arsonic murder are covered by the tots. The incredible customisation of the Lego figures - paint a crop top on that flat body and you suddenly have a prostitute - also allow for exotic storylines. Enough, you say. My mouse hand is getting sweaty for clicks. Well, here you go then. Enjoy. Related Link Lego porn! Related Stories Click here for furniture porn! Reg reader finds hardcore Barbie porn
Kieren McCarthy, 27 Apr 2001

Reports of death of email viruses greatly exaggerated?

The UK Ministry of Defence (MoD) has come under fire over the capabilities of a product designed to protect business from the effects of email viruses, such as the Love Bug and Anna Kournikova worm. Anti-virus vendors have said that software developed by the MoD's Defence Evaluation and Research Agency (DERA) is neither innovative nor what the market needs. Dera has hit back by suggesting antivirus software on its own isn't enough to protect people from malicious code. As previously reported, Dera unveiled a product called ::Mail this week which works on the principle of displaying a pop-up box when a user sends an email, confirmed whether they intended to send it or not. The software is designed as an add-on to antivirus software. The idea of ::Mail is that it will both highlight the activation of covert email virus from infected PCs and effectively block propagation of viruses by methods such as Visual Basic scripts embedded in harmless looking email attachments, a technique used by the Love Bug. Promising as this sounds the idea has been criticised on two grounds by antivirus firms: that the idea has been tried before and has been seen as a nuisance by end users and that such techniques would not stop the latest batch of email viruses. MessageLabs, a managed service provider that scans its customers email for viruses, said that the techniques used by ::Mail would be effective against the not stop the second most common virus this month, W32/Magistr-mm. This is because the virus comes bundled with its own SMTP client. Eric Chien, chief researcher at Symantec's antivirus research centre, said it might help block the spread of viruses in some organisations but is not a novel approach. Putting users in control of deciding whether or not it is safe to send a message is likely to lead to more help desk calls in many organisations, he argued. "Dera's technology sounds like a classic behaviour blocker, it's all a bit draconian and I don't believe the average customer would adopt it," said Chien. In fairness to Dera, which enjoys a reputation for quality cutting-edge research, it has to be said that ::Mail is far more sophisticated than early reports suggested and in its professional version includes content control and techniques to prevent email spoofing. Simon Wiseman, an information security specialist at Dera, hit back at the criticism by antivirus software vendors by saying their products, though widely used, failed to prevent the expense and inconvenience caused by viruses like the Love Bug. Organisations often turn off all the checks their anti-virus scanner can perform in order to speed up operations, said Wiseman, who said that greater defence in depth against malicious code was needed in order to mitigate risks. Symantec's Chien agreed that misconfiguration of antivirus scanners was an issue and that vendors needed to educate users and ship products with sensible default settings. He added that there's no good reason for Visual Basic scripting to hook into Outlook and that firms should consider applying Microsoft's Outlook security patch, which is available here. ® External Links Technical details of Dera's ::Mail (no pricing or availability on this product yet) Related Stories No more I Love You viruses Rise in viruses within emails outpacing growth of email Virus plague causes charity to consider Linux Hardware-trashing virus spreads by email Anna Kournikova bug drops harmlessly onto the Net Users haven't learned any lessons from the Love Bug
John Leyden, 27 Apr 2001

NT 4.0 SP7 available, but not on planet Earth

NT 4.0 Service Pack 7 is available - but not on this planet. Sharp-eyed reader Jon Bright, who has interesting tastes in bedtime reading, points us to a few clues to this bizarre piece of Microsoft channel segmentation. If you check the January crew logs for the International Space Station, and you don't nod off immediately, you eventually find extraterrestrial tech support fixing the server. "Shep and Yuri," it says, "update the file server with service pack 7. No problems. We reboot the server and it runs well all day." And clearly, they are running NT. Jon (who still doesn't seem quite able to close his eyes) refers us to the December crew logs, where the chums are caught musing about memory management and storage: "We do the MPV update on the file server per the OCA note. MPV load does not seem to copy completely and server has a number of error messages. We are apparently out of memory space on the disk, although we're not sure exactly how NT manages its memory. Wait to talk to Houston. We discuss this later in the day, and then delete all the MPV files which frees up about 800 Mb. We also plug in one of the 1 Gb PC cards, so at least for the short term, the server has some more storage space. We would like to know a little more about the long term plan to manage storage on the server--we were kind of wondering when the hard drive was going to get full. Answered that question today." Further into the December logs there's some indication of why a service pack became necessary. "Backup took a while. Kept getting messages that "registry" was full, [uh-oh...] although backup eventually completed itself. We believe that the server is trying to handle a lot of program transactions, and this is taking most of the computing power it has." But maybe the trouble's something to do with Sergei getting dubious attachments in Russian: "Everyone at a laptop to read mail and sort through the message traffic. We all are seeing some problems. Sergei moved all his mail to a personal folder, yet his ".ost" file is still over 1 Mb. Shep can't run outlook at all on the MEC configured with the SSC 2 hard disk. Yuri is having trouble doing mail in Russian. He needs help on fonts." So all things considered, it's a good job they got SP7 in January. Especially as SP7 doesn't exist, and got cancelled in April. And even the page at microsoft.com that said it did exist last week doesn't exist any more. You think maybe we could get the Space Station crew to upload it to an FTP site somewhere? ® Related links: Space Station December crew logs Space Station January crew logs MS marketing droids release imaginary NT 4.0 SP7
John Lettice, 27 Apr 2001

Chinese crackers May attack US warns FBI

The FBI yesterday issued an alert warning system administrators to bolt up their security hatches in order to block possible attacks next month by Chinese crackers bent on revenge against the US. The agency said a spate of Web page defacements by the Chinese might be expected early next month because of heightened political tension between the countries over the seizure of a US spy plane. The 7 May anniversary of the accidental bombing of the Chinese Embassy in Belgrade may also prove to be a flash point, it warned. In an alert the FBI's National Infrastructure Protection Center (NIPC) warns of the increased likelihood of defacement or denial of service attacks and the techniques it believes Chinese crackers might use. 'To date, hackers already have unlawfully defaced a number of US web sites, replacing existing content with pro-Chinese or anti-US rhetoric,' said the FBI alert. 'In addition, the NIPC previously reported on an Internet worm named "Lion" that is infecting computers and installing distributed denial of service (DDoS) tools on various systems. 'Analysis of the Lion worm's source code reveals that, when illegally exploited, it sends password files from the victim site to an email address located in China.' The FBI has established a unit to monitor computer intrusion and incidents on attack can be reported online here or by phone to local FBI office. ® External links FBI alert
John Leyden, 27 Apr 2001

Google restores Usenet archive, plans posting

Google overnight yanked the Deja backup tape out from under the Foosball table, where it had been propping up that wobbly leg, and now much of Deja's historic Usenet archive is online again. Google also plans to add the ability to post Usenet message by mid-May, company spokesman David Krane told us. The company took enormous heat in February when it acquired the Deja archive, but failed to replace its web front end. Within weeks however, a beta replacement added threading capabilities, which while not quite replacing the functionality of the Deja UI at least introduced Google's famed speed. So you could get not-very-far, very fast, jibed cynics. And there's no pleasing some people. "Until they have threading by message ID (ANY threading at all, please) it is kind of pointless to try to follow a discussion. Until the basic search sorts by date instead of relevance, you'll get a jumble of messages from 1995, 2000, 1998, 1997, conveniently mixed up for your perusal," notes a posted over at Slashdot. Krane says Google is still working on UI improvements, so if you have a suggestion, let them know. A core team of fewer than ten is working on the beta service, out of around 200 employees. The Deja archive represents over a terabyte of data, he says. Long-term campaigner for a good home for the archive, Netizens author and Internet historian Ronda Hauben is scheduled to give a lecture entitled Usenet and the Usenet Archives The Challenges of Building A Collaborative Technical Community at nearby Stanford University on May 23. The event as originally floated, was to be a two-handed with Google CEO Larry Page. Now it seems Larry will out of town that day, which saves us a fortune in additional flame retardant clothing, we guess. However we can banish the fear that the archive was lost for good. At least it wasn't propping up the aquarium. ® Related Stories Netizens blinded by 'half-assed' Google stunt Deja UI too costly to save, Google boss tells Reg Readers Letters My Google Usenet - wrong or right? Deja geeks leave amusing sub-domains for new Google master Open access challenge to Google
Andrew Orlowski, 27 Apr 2001

UK is broadband laggard – OECD

Britain is languishing in 21st place in a league table of broadband-enabled countries according to figures compiled by the Organisation for Economic Co-operation and Development (OECD). The figures show that South Korea is currently experiencing the highest penetration levels among OECD nations with 10 broadband connections per 100 people. Canada is placed second with four per hundred closely followed by the US, which boasts three broadband connections per hundred. Britain, on the other hand, is 21st in a list of 30 countries - just ahead of nations including Hungary, Greece, Poland and the Slovak Republic. According to the stats, it only has a pitiful 0.08 broadband connections per hundred people. This is despite the Government's stated aim to make the UK a broadband leader among G7 countries by 2005. There can be no doubt that Britain's headline figure is unimpressive - especially when compared to the rest of the world. It's poor ranking in such an important survey has, quite rightly, been used as a weapon to bash the Government's arrogant and over-inflated position on broadband, deride the sluggishness of incumbent telco, BT, and highlight the ongoing problems concerning broadband roll-out in Britain. However, the OECD analyst who compiled the figures is less quick to judge the performance of nations just on the basis of these figures alone. He believes things could change rapidly over the coming months and years. Specifically talking about the UK's performance, Sam Paltridge told The Register: "I'm quite optimistic about what can happen in the UK. "There is no reason why the UK can't accelerate [up the league table] very quickly. "The UK has had ten years of infrastructure competition - something that other countries haven't got...and competition can help drive this technology to consumers," he said. ®
Tim Richardson, 27 Apr 2001

Microsoft's Passport service: No Marylanders allowed?

Passport is Microsoft's online wallet service, to which you're supposed to sign in once and shop online feeling all secure forever after. Except, perhaps, in Maryland, where the local version of the UCITA law, which Microsoft itself worked to pass, conflicts with Passport's terms of use so heavily that Maryland residents are apparently not eligible to use Passport. Passport's terms of use say, in small part: This agreement is governed by the laws of the State of Washington, U.S.A. You hereby irrevocably consent to the exclusive jurisdiction and venue of courts in King County, Washington, U.S.A. in all disputes arising out of or relating to the use of the Passport Web Site or service. Use of the Passport Web Site and service is unauthorized in any jurisdiction that does not give effect to all provisions of these terms and conditions, including without limitation this paragraph. (The above passage is under "general" in Passport's 2,212-word terms-of-use agreement, for those of you actually checking my accuracy.) What's that mean? Basically, if you want to sue Microsoft because its self-proclaimed "powerful online security technology" allowed some script kiddie in a formerly communist country to access your credit card number, or Microsoft wants to sue you for misusing the service, you have to play ball on Microsoft's home turf. (You Passport fans in Australia or Luxembourg or south Florida, for that matter, may want to think about that scenario before you sign up.) It also appears that Microsoft is attempting to bar residents of Maryland and, potentially, other states considering the Uniform Computer Information Transactions Act from using Passport with this sentence in the terms-of-use agreement: "Use of the Passport Web Site and service is unauthorized in any jurisdiction that does not give effect to all provisions of these terms and conditions, including without limitation this paragraph." Maryland's much-maligned UCITA, which is slightly different from the version originally proposed, gives its state courts jurisdiction over software licensing issues for Maryland residents and companies. (Here's the text of Maryland's UCITA, but it's in rich text [rtf] format.) Of course, UCITA also binds consumers to the software license agreements they sign, so it would seem that Maryland's UCITA would contradict itself in this case -- by giving Maryland courts jurisdiction over software disputes at the same time it ties the user to an agreement to use courts in King County, Wash. Maryland Delegate Kumar Barve, a sponsor of UCITA and chairman of the House Subcommittee on Science and Technology, says Microsoft may be on the losing end in a fight between its terms of use and UCITA. When a state government creates consumer protection laws, that law trumps individual agreements such as Passport's. Maryland's UCITA doesn't change that practice of which state's law would be followed in such a case -- what it does affect is the venue. So in the case of a Marylander suing Microsoft over Passport, a Maryland judge would decide where the case was tried. If Microsoft was a tiny little company that didn't have much of a business presence in Maryland, it might persuade a judge to allow it to defend itself back home in Redmond. But most judges, Barve says, are likely to decide that Microsoft does have a "significant business presence" in the state, and therefore, would likely make Microsoft's lawyers take the long airplane ride into BWI. Of course, Microsoft could always challenge Maryland's UCITA. We wouldn't dare to encourage frivolous lawsuits, but it might be kind of fun to observe a slugfest between the boys from Redmond and the folks that brought us the distasteful UCITA -- including Microsoft itself. © Newsforge.com. All rights reserved.
Grant Gross, 27 Apr 2001