6th > July > 2001 Archive

IIS buffer-overrun attack has been scripted

A Japanese computer enthusiast named 'HighSpeed Junkie' has developed an attack script for a recently-identified unchecked buffer in the Microsoft IIS (Internet Information Services) Indexing Service ISAPI filter, which, if exploited, can yield system-level access to an intruder. At issue is IDQ.DLL, a component of Index Server (or 'Indexing Service' in W2K) which supports administrative scripts (.IDA files) and Internet Data Queries (.IDQ files). The library is installed by default on all IIS versions and implementations. The service need not be running for an attacker to exploit the vulnerability. So long as script mapping for .IDQ or .IDA files is present and an attacker can establish a Web session, the exploit will work. The vulnerability was first reported by eEye Security on 18 June. The attack script was released on 21 June, and posted to the Win2KSecAdvice mailing list on 27 June. Patches are available for NT and 2K, except for W2K Datacenter Server, whose users need to bug their OEMs. The hole will be bunged in Win-XP before it and its Raw Socket Terror are unleashed upon the public. ® Related Links The relevant MS security bulletin The Win-NT 4.0 patch The Win-2K Pro and Advanced Server patch
Thomas C Greene, 06 Jul 2001

Win2K becomes a spam relay

A flaw in the Win-2K SMTP (Simple Mail Transfer Protocol) authentication scheme allows unauthorized users to access the system using bogus credentials and bounce spam and death threats off unwitting users' machines with impunity. "An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server," an MS security bulletin explains. SMTP service is installed by default on Win2K server, and can be enabled by choice on Win-2K Pro. The vulnerability affects only stand-alone machines. W2K machines configured as domain members are not affected. The SMTP services in NT 4.0, Exchange 5.5 and Exchange 2K are also not affected. Technical details are quite sketchy at the moment, but MS says they will post additional information by way of Knowledge Base article Q302755 within 24 hours. It was not available at press time. ® Related Link The W2K patch
Thomas C Greene, 06 Jul 2001

Phoenix BIOS phone-home questions addressed

It's taken time and a number of e-mail exchanges, but we have got a preliminary response from Phoenix on the questions we raised in a recent story regarding the new PhoenixNet-enabled BIOS, which automatically connects users to Phoenix servers. Anecdotal reports had suggested that the Phoenix installation CD enables the Net service without warning the user that they're about to do so. We gathered that the only way to disable it before it made its first connection was in CMOS setup. Following a good deal of back and forth during which Phoenix implied that we were unusually difficult to reach, company PR rep Katie Thomas suggested that we e-mail our questions so they could be reviewed carefully and answered fully. This we did; and reproduce the text below in full: 1. Does the PhoenixNet installation software alert the user to the Net feature and give them a chance to decline to install it? (We understand that the user can disable the service in CMOS setup; but if an option is not present during installation, then the connection, when available, will likely be made without the user's knowledge since only a fraction of users will go into setup before using their machine.) 2. Are there any versions of PhoenixNet-enabled BIOS which do not offer the option to disable it in CMOS setup? If not, is Phoenix prepared to guarantee that there won't be any in future? 3. Certain PhoenixNet installed files, PTLSEQ.DAT; PTLSEQ.MET; and PTLSEQ.RCL, appear to contain some configuration and hardware information related to the individual PC its running on. What data about the PC is sent to Phoenix during the Net connection? Is it recorded? If so, what is it used for and by whom can it be accessed? 4. What data about the PC *can be* sent to the mobo manufacturer during the Net connection? In other words, how flexible is this feature? Could a manufacturer track the aggregate use of their mobos with this feature? Could they track individual use? 5. Is it possible to identify a particular mobo with any feature currently included in, or planned for, the Net service? 6. We assume that the purpose of PhoenixNet is to attract ad revenues for Phoenix and possibly mobo manufacturers by driving consumers toward commercial products and services which you or the manufacturers have been paid to promote. Correct us if we're wrong. We sent the memo on Monday night, and what with the bank holiday on Wednesday, the reciprocal momentum sort of dissipated. So we alerted Phoenix on Thursday afternoon that we were planning a story update on Friday, in which we hoped to report their answers to our questions rather than the fact that we'd received none. That got us a reply from Katie Thomas in a matter of hours, the text of which we reproduce in full below: We have received your questions and will provide detailed answers to each specific question next week. In the meantime, let us assure you and your readers that Phoenix Technologies has always understood and continues to appreciate the issue of privacy. For this reason, the PhoenixNet utility has never "uploaded" any information relative to hardware configuration or personal data and there is no way to identify any individual user. The PhoenixNet utility was designed from the beginning with these concerns in mind and is initiated strictly on an "opt-in" basis. The utility does only these things: 1) Provides links (icons on the desktop) to sites that may be of interest to the user according to the information they provided during the "opt-in" screen; 2) Sets a new homepage and search engine in Internet Explorer which may be of local interest to the user (again according to the info provided by the end-user); 3) Installs links to selected websites in the IE Favorites folder, and; 4) Checks, via an internet connection, whether an updated version of itself is available. If so, it downloads the updated version. Again, NO INFORMATION RELATIVE TO THE USER OR HIS/HER HARDWARE IS UPLOADED. To remove the PhoenixNet features: 1) Icons can simply be dragged to the recycle bin; 2) Home page and search defaults can be reset using the standard browser functions, and; 3) Favorite items can be deleted from the Favorites folder. To disable and remove the PhoenixNet utility, simply "right click" the application in the system tray and delete it. (In some versions, the user may also have to select the Add/Remove Programs function in Control Panel; scroll to the "PhoenixNet" application, select it, then click the "Remove" button.) We hope this addresses the immediate concerns. All right then. Since we've been offered detailed and specific answers to our inquiry next week, we thought we'd ask our beloved readers if there are any questions they'd like us to add in the mean time. Use the e-mail link above if you wish. ®
Thomas C Greene, 06 Jul 2001
cable

IP Telephony poised to take off, at last

Productivity applications will drive adoption of IP Telephony, according to Cisco Systems, which argues companies are at last ready to junk their PBXs and embrace a converged network architecture. Networking vendors have been promoting the idea that firms should integrate their voice and data networks for years, citing benefits such as reduced infrastructure deployment costs, flexibility and the ability to deploy advanced call centre applications. However doubts about the reliability and quality of IP Telephony, as well as long depreciation times for PBX kit, have contributed to slow uptake of the technology. Industry analysts Gartner believes that it will be sometime between 2003 and 2005 before most enterprises migrate from circuit-based phone systems to IP telephony. That's around the time we'll start to see the introduction of 3G phones and it seems possible wireless technology, which has widespread industry backing, might overtake IP Telephony in its development and appeal. Not so said Cisco, the technologies are complementary. We're not so sure about that but in a rare meeting with IT journalists in central London yesterday, Cisco and its integrator partner Logical Networks highlighted a number of recent high profile deployments to back up their case that IP Telephony is about to take off. Logical has recently completed the rollout of a VoIP (voice over IP) network to 8,000 users in 210 locations of New Zealand's Ministry of Social Policy. The Dow Chemical Company has also signed up to build an integrated network based on Cisco's Architecture for Voice Video and Integrated Data (AVVID) Phil Dean, Cisco's marketing manager for voice solution, said up to March this year it had shipped more than a million VoIP gateway ports and in excess of 320,000 IP telephones. The development of unified messaging and call centre applications, according to Dean, will encourage more firms to replace PBXs and traditional handsets with software based PBXs, which typically run on Windows 2000 machines, and IP telephones. Mark Dervill, technology director at Logical Network infrastructure division, said that as IP voice systems become more entrenched, PBX development will stagnate. ® Related stories: Cisco beefs up VoIP portfolio VoIP finds captive market in US prisons Europe gets first big cable VoIP rollout
John Leyden, 06 Jul 2001

iomart mops up OnCue's punters

Scottish broadband outfit iomart has paid £200,000 to acquire more than 600 business DSL customers from failed start-up, OnCue Telecommunications Ltd. iomart claims the acquisition of OnCue's customer base will add around £1 million a year to its revenue. It also claims this makes it the second largest DSL operator in the UK, behind BTopenworld. OnCue called in the liquidators last week after failing to raise additional cash from its backers which included Soros Private Equity Partners, Madison Dearborn Private Equity Partners and T D Capital. Some 130 people are set to lose their jobs because of the company's collapse. iomart reported that OnCue customers should be migrated across to its service over the next fortnight or so. It's hoped there will be no interruption to service. Angus MacSween, iomart CEO, said: "This is an excellent piece of business for iomart; it is a good price and keeps us at the forefront of ADSL delivery in the UK. "However the demise of OnCue highlights the ongoing difficulties of rolling out broadband Britain under the current regulatory and competitive environment," he said. ® Related Story Broadband start-up goes titsup.com OnCue
Tim Richardson, 06 Jul 2001

'Ballmer doesn't look like Uncle Fester' MS flack lashes out

The Register is saddened to have to report yet another instance of Microsoft giving preferential treatment to certain elements of the press. In today's Guardian Richard Adams (who we note has not been round to ply us with beers recently) writes that colleague Jane Martinson has received a complaint from MS spinner Mark Thomas for describing Steve Ballmer as "a chief executive who looks like Uncle Fester."
John Lettice, 06 Jul 2001

MS uk.gov deal wobbles as spin doctors seek revenge

Microsoft's cosy relationship with the UK government may be about to go critical, thanks to a combination of outraged Unix boffins and vengeful government spin doctors. E-envoy Andrew Pinder himself seems to be back-tracking like crazy on the Microsoft connection, while cabals of Whitehall techies plot the counter-revolution. But if the Redmond Empire is rolled back, it'll likely be WinXP wot won it. During the recent election here Microsoft's PR strategists pulled off a major coup by co-opting the Dear Leader Tony Blair for what was in effect a commercial for Windows XP. The Register's sources indicate that it is this outrage, rather than more logical issues such as whether or not Microsoft's software is any good, that's most likely to get Microsoft run out of UK government computing on a rail. But if the cat catches mice, who cares what colour it is, quips one source. The techies, meanwhile, have been busy asking uncomfortable questions and diligently educating their masters. Procomp, the anti-MS Project to Promote Competition & Innovation in the Digital Age, seems to have been more use than we cynics at The Reg could ever have believed; its white paper Passport to Monopoly, Windows XP, Passport and the Emerging World of Distributed Applications is currently circulating in the relevant offices, and it seems to be winning some hearts and minds. The e-Envoy himself has come under fire for his perceived closeness to Microsoft, and seems - albeit somewhat belatedly - to have decided they can't go on meeting like this, as people will start to talk. Speaking to Computing yesterday Pinder seems to have virtually rulled out using Microsoft's Hailstorm: "People expect government to be above suspicion in the way that it protects their information, and we would want to retain control of that. I don't see how that is compatible with the Hailstorm approach." That's pretty shocking coming from the man who participated in Microsoft's UK Government Gateway announcement in Seattle, and who was down as a speaker for the Microsoft-sponsored Digital Britain conference - if indeed he did say it. His office however has yet to call us back protesting that he was misquoted, and our own enquiries indicate that no, he wasn't. Pinder, we are told, has already come to the conclusion that Passport and Hailstorm are not appropriate for putting the UK government online, and wants that message to get out. They haven't yet been entirely ruled out, but they stand barely any chance at all of being adopted. And Microsoft seems to have ticked off other spin doctors too. The company is seen as having wildly oversold it's role in the government Gateway, which in any event is only one part of the whole project, and Pinder may well be feeling he's been stitched up in the same way Blair was. For the moment, Microsoft is still in there, but we understand that the gateway itself is subject to a European Journal re-tendering process in a year's time. So that's 12 months for Bill's Merry Men to save the contract - but it doesn't look good... ® Related stories: MS-built UK 'Government Gateway' locks out non-MS browsers e-Envoy's office defends Windows-only portal - climb down begins? e-Envoy to speak at MS-sponsored Digital UK summit
John Lettice, 06 Jul 2001

‘Bill Gates’ hacker escapes jail

A Welsh cracker whose "campaign" to expose the insecurity of ecommerce sites led to an FBI investigation has escaped jail. 19 year-old Raphael Gray was sentenced to a psychiatric and community service rehabilitation order of three years, in a hearing before Judge Gareth Davies at Swansea Crown Court today. Gray (whose handle is "Curador", or custodian in Welsh) obtained the credit card details of thousands of people from sites with flakey security and published those details on two sites, paid for with stolen credit card details. Neil Barrett, technical director of Information Risk Management, and expert witness for the prosecution in the case, described Gray's offences as "very serious" because many people could have had their credit card details exploited. That said, Gray himself did not commit widespread fraud, said Barrett, who added that no "collateral damage" was inflicted by the cracker to the sites he targeted. Credulous news outlets continue to report that Gray published the credit card details and phone number of Bill Gates on his sites ecrackers.com and freecreditcards.com, and sent a consignment of Viagra to the Microsoft boss. In fact the details published were an obvious fake, as you can see on an archive of his site (minus credit card details) here. Nonetheless the self-styled "saint of ecommerce" caused huge inconvenience to the American, British and Canadian dotcoms he targeted. His activities brought him to the attention of the FBI and, amid fears details of 26,000 credit cards had been compromised, his house in the sleepy hamlet of Clynderwen in west Wales was raided in March last year. Gray pleaded guilty to theft and hacking offences which fall under the Computer Misuse Act when the case came to trial four months ago. He admitted two charges of obtaining services by deception and offences under the Theft Act in setting up the two Internet sites on which credit card information was published. He also pleaded guilty to six charges of intentionally accessing sites containing credit card details, but without using this information for financial gain. Prior to pleading guilty, Gray had argued in his defence the he hadn't hacked into the Web sites. His defence was that because there was no way for him to establish that his access was authorised, it couldn't be unauthorised. Because of his guilty plea these arguments, which have a wider significance beyond Gray's case and could have opened up a line of defence for hackers, were not tested in court. "It was a shame that the interesting arguments about authorised versus unauthorised access on Web sites were not fully exposed in the case," said Barrett. ® Related Stories: Cracker in 'credit card Viagra sting on Gates' Welsh hacker pleads guilty to deception and theft FBI tracks Bill Gates credit card hackers to Welsh village Hacking credit cards is preposterously easy Identity Thefts from the Rich and Famous External links: Curador's web site (minus real credit card details) - as mirrored by Attrition
John Leyden, 06 Jul 2001

MSN Instant Messenger still dead. But why?

Microsoft's Instant Messenger service is still giving people problems across the world - with those capable of actually getting on finding their contact lists are missing. The service was down throughout the world on Wednesday. It started working on Thursday but many people were reporting difficulty in getting on and a complete loss of the contacts saved on it - which kinda makes the service useless. These problems are still going on. The question is: what is behind the service's failure? Microsoft in its usual fashion has leapt into the bunker and only pops its head up occasionally to shout "hardware problem" before disappearing again. One mischievous IT pulbication is now suggesting that the problem comes down to MS' Passport system. The Passport setup is Microsoft's great control plan where you log on just once and then spend the rest of your life in Microsoft-controlled Web sites (well sort of - massively inaccurate precis R US). The implications of Passport not working are obvious and fairly big. And if it is, Microsoft will do anything not to tell us. Over the last year, The Register's experience has been that the delay between MS IM stopping and starting working has grown and grown. Now, if it doesn't work in the morning, we don't bother trying again until after lunch. So maybe this week is just the whole shambles coming to its logical and messy conclusion. ® Related Story MSN stunts sex life
Kieren McCarthy, 06 Jul 2001

BT mulls price cut for DSL

BT is toying with the idea of reducing the wholesale cost of DSL services in the UK. The monster telco is currently looking at two initiatives which could give it scope to reduce prices. As reported last week, BT is considering introducing a "wires only" option leaving customers free to shop around for their modems. It is also looking into providing a DIY installation service. Both options could give BT scope to cut the cost of its wholesale service. However, BT spokeswoman, Rebecca Webster, was unable to say exactly by how much costs could fall. She also confirmed that there were no plans, "in the short-term", to reduce the price of its current wholesale single user DSL service, which costs £35 a month. Defending BT's pricing for its wholesale DSL service, she said that it included the cost of hardware, a high quality service and offered "good value for money". Elsewhere, industry insiders claim BT is finally waking up to its lacklustre performance concerning the roll-out and implementation of DSL. Worryingly, the monster telco is damping down expectation about DSL, telling people "not to get too excited about broadband". Sources claim there is a distinct change in tone from BT, which appears to be admitting that it has made mistakes and that it needs the industry's help to get things right. ® Related Story BT preps wires-only ADSL
Tim Richardson, 06 Jul 2001

Technophobia drives politician from office

A Dutch politician has quit his job after claiming he can't take the pressures of the wired world. Alderman Edgar Kaldijk resigned from the local council in Peleka, saying he was unable to cope with the amount of emails he received each day, AP reports. The 64-year-old said he was fed up with people asking him why he hadn't replied to their emails. Colleagues tried to help out by writing every email out by hand, and offered to show the technophobe how to use the Internet and email. But Kaldijk decided it was all too much for a man of his years. "In the last month, people have kept annoying me with questions as to why I didn't reply to their e-mails," he said. "I'm 64. At my age I don't want anything to do with computers, so it's better if I retire and leave my seat to a younger man." ® Related Link 'Technophobe' politician resigns because he can't cope with emails Related Stories The Internet MP list of shame MPs forced to shut down their Web sites Email smut sent quicker than a Prescott punch
Linda Harrison, 06 Jul 2001

AMD Q2 profits will miss forecasts by a mile

AMD has warned its second quarter earnings will fall miles short of forecasts. The chipmaker yesterday said sales for the three months ended July 1 were $985 million, down 17 per cent down on the first quarter. In April the company said it was expecting a maximum drop in sales of ten per cent. Revenue is also down 11 per cent down on Q2 last year. Net profits are expected to fall to between three and five cents per diluted share, the California-based company said. Analysts were expecting 27 cents per share. "First, demand for flash memory devices was and continues to be weaker than expected," AMD said in a statement. "Second, competitive pressures in the PC processor market depressed the company's average selling prices." AMD, which aims to control 30 per cent of the chip market by the end of the year, is due to report its Q2 figures on July 12. ® Related Link AMD statement Related Stories AMD 'on track' for 30% market share, exec claims AMD updates roadmap, delays desktop Athlon 4 Dell gets curious about AMD merits
Linda Harrison, 06 Jul 2001

Marconi drops even further; everyone suffers

Marconi's shares are continuing to fall this morning. Down 4.5 per cent to 107.5p - the lowest for 20 years and then by 11am down to 104p. Shareholders are furious and are calling for the head of CEO Lord Simpson and his deputy John Mayo. Not only this but Marconi's fall has had a knock-on effect across the whole market (it finally closed down 54 per cent yesterday). The FTSE 100 index has fallen to its lowest level since April, also bringing down the Dow Jones and Nasdaq. This was in part due to AMD's profit warning but there is a general cloud over technology stocks and it has caused across-the-board drops. Logica is down 8.4 per cent, Sage 5.3 per cent, Invensys down 4.6 per cent; Fujitsu 3.3 per cent; Hitachi 3.5 per cent; Sony 4.5 per cent and on and on. Marconi's fall from grace is drawing parallels with BT. Investors are now asking for a Vallance-style management sacrifice and a possible rights issue. John Mayo may be the Bonfield character in this that survives but with credibility dashed. Ironically though, BT may bring Marconi down still further as it announces it will reduce spending as part of its ongoing recovery plans. This means the company will not get anywhere near the £860 million BT spent with it last year - just under 15 per cent of its total sales. ® Related Story Massive fall-out from Marconi share collapse
Kieren McCarthy, 06 Jul 2001

iDesk ex-employees mount slagfest

Employees at iDesk are taking their own revenge on the company following its decision to axe 120 staff. In postings to a forum set up in the wake of redundancies, employees past and present paint an unpleasant picture of life at the company. There are, for example, allegations of drug-taking among staff working the night shift. Someone calling themself "Muckboy" wrote: "I remember finding out about the guys who were smoking da spliff on the call centre at night." And Speederuk chipped in: "Yea I used to come in, in the morning to find em stubbed out on the mouse!" There are also allegations concerning the accuracy of performance figures presented to key clients. Another post attempts to sum up the problems at the company: "idesk has been excising its own brains from its skull for years now, in order to replace those vacant spaces with 'mates' that can't actually do anything, so they are given 'management' type roles. "idesk has been for some time now a top heavy company, with no actual techies, just a load of managers, sales-people and project managers, telling potential clients that idesk has a work force of fabulous techies at the ready! "It's all proved rather surreal for those of us that know the truth. It was only a matter of time before the whole place caved in on itself, and now that is happening," it said. No part of the business remains unscathed from the verbal onslaught. Another contribution attacks the way staff were treated. "What the F*** was those employee workshops all about earlier in the year ? That stoopid woman standing up in front of us all looking like Velma from Scooby Doo, getting us to play with balloons and bond, then busting up our teams and making us feel like shit. "How can a company treat their staff like this, playing with peoples emotions and screwing their brains up, this is inhumane . "By god I dot know how someone hasn't blown the place up, I have never been in a company that can treat people so badly. "When D-day comes and the dust settles, lets hope that no-ones brain got so screwed up that they come back as a psychopath! "Be afraid - BE VERY AFRAID - OH MY GOD I JUST SH*T MYSELF." Get the drift? ® Related Story ISP help desk operator culls 120 staff
Tim Richardson, 06 Jul 2001

Nautilus resurfaces from Eazel wreckage

It's a terrible thought, but Eazel's demise may prove to be the best thing ever to happen to Nautilus, the software libre file manager. Eazel went titsup.tar.gz in March, having burned through $13 million trying to make a business of selling services around Nautilus. But the GPL software lives on. A new release 1.04 issued yesterday includes both real and cosmetic fixes, and doesn't keep trying to force the now-defunct Eazel services down the user's throats. So it's leaner for that. A quick list of fixes can be found here at LinuxToday, or at the Nautilus home page at FreshMeat. It's Friday, and we feel an apt-get coming along... ® Related Stories Eazel pulls plugs after cash quest fails Dell fumbles open source desktop gambit Andy Herzfeld on Eazel
Andrew Orlowski, 06 Jul 2001

Bright Station retags itself smartly

UK Internet group Bright Station plc has changed its name to Smartlogik Group plc, after securing £12 million to bail out the company. In May the outfit warned that unless it received additional funding it would run out of cash by the end of the summer. Then, it was losing £3 million a month and only had £4 million left in the coffers. Five directors have resigned from the company. They'll be replaced by a new batch of Monday. Stephen Hill, CEO of Smartlogik Group plc, said: "We are delighted that the shareholders have overwhelmingly supported the resolutions. "Their investment in Smartlogik is a significant vote of confidence both in the strength of our solutions and the future of our company in the fast growing knowledge management sector. "We can now proceed with the business of enabling them to unlock the value of their information, which will in turn deliver real value to our shareholders," he said. ® Related Story Bright Station shares continue slide
Tim Richardson, 06 Jul 2001

Europe should tackle home-grown Echelons, says MEP

A European Parliamentary committee report on Echelon has failed to censure Holland, Germany and France who are likely to be equally active in spying on their citizens electronically. That's the view of Maurizio Turco, an Italian member of the European Parliament, who sat on its temporary committee on Echelon and whose opinions have been added to the committee's final report on the subject, which will be debated by the European Parliament as a whole in September. Echelon is an automated global interception and relay system created during the cold war and operated by the intelligence agencies of the United States, UK, Canada, Australia and New Zealand. Unlike most spy systems Echelon is designed to intercept private and commercial communications, not military traffic. European MPs have been investigating Echelon for over a year after allegations that the US had used the shadowy system to engage on a spot of industrial espionage on European firms. A report by the temporary committee looking into the subject, which was published this week, concluded that Echelon almost certainly existed but downplayed concerns that it was being used for widespread industrial espionage. Echelon is considered by the parliament as something of a paper tiger, and MEPs have dismissed speculation that the system can intercept virtually all electronic communications around the globe through intercepting satellite transmissions. The report makes it clear that the parliamentarians dislike Echelon, but makes the tacit admission that beyond stepping up diplomatic pressure on the US to abide by human right and privacy laws, there's little that Europe can do about it. In the view of Turco, Europeans would do better to look closer to home when investigating the civil rights dangers posed by government surveillance system. In short, his argument is that Holland, Germany and France (the biggest critic of Echelon) are bigger buggers of their own citizens than the Anglo-Saxon nations they're so paranoid about. "The report takes for granted the probable existence of the Anglo-Saxon system and overshadows what is certain about Germany and Holland. It speaks on behalf of a presumed 'European' industry while it shuts the 'European citizen' up," said Turco. After looking at Echelon, the committee of MEPs has come up with the recommendation that encryption should be more widely used to protect the confidentiality of sensitive communications, just in case they might be intercepted by systems like Echelon. For all the work the European Parliament has put into the subject the exact capabilities of Echelon still remain unclear, and will probably remain so given the climate of secrecy that surrounds such matters. ® Related stories: European Parliament Temporary Committee on the Echelon Interception System Echelon FAQ Related stories: Euro Parliament calls Echelon a paper tiger US expands Echelon spying in UK What are those words that trigger Echelon? An Outlook worm to jam NSA's Echelon CIA patching Echelon shortcomings French Echelon report says Europe should lock out US snoops Euro Parliament to investigate Echelon
John Leyden, 06 Jul 2001

If you downloaded VirtuaGirl click here

Okay, so we wrote a story about VirtuaGirl this week. Now while you may be enjoying your two-inch-high lady dancing on your PC, the software does install a little bit of spyware on your PC. Fortunately, it's not malicious. It simply queries when you last ran VirtuaGirl, where and how you last started it and whether you have registered the software or not. This is standard enough and will not affect you and (hopefully) not cause you to receive emails from dodgy outlets. What it may do is make company firewalls question what is going on. So if your boss or BOFH man starts having a go, you can tell them. If you are really paranoid, this is how to stop it (Windows users). Click the Start button. Click "Run". Type in "regedit". Go to Edit, click "Find". Type in "geishalounge.com" and hit return. Delete the entry. And then close everything down. Do NOT touch anything else. If something looks dodgy, call your IT man and tell him. He'll then ask you who the hell told you about editing the registry. So keep schtum. ®
Kieren McCarthy, 06 Jul 2001

Dot-commers to blame for anti-capitalist violence, says WTO boss

"Dot com types" are to blame for the violence at recent gatherings of the World Trade Organisation, according to WTO director general Mike Moore. Moore made his remarks in Geneva, in an appeal for citizens groups (NGOs) to distance themselves from "masked stone-throwers who claim to want more transparency, anti-globalization dot.com-types who trot out slogans that are trite, shallow and superficial," he said. Which came as news to us. We thought "dot com" types were too busy braying into mobile phones and snorting enormous quantities of Bolivian marching powder as they vandalised a communication infrastructure created at great public expense for research purposes, with marketing plans that would get a six year old suspended from kindergarten for frivolity. They'd certainly be the last group we'd suspect of complaining about capitalism. "Critics, who are not all mad or bad, frequently say we have too much power," Moore conceded generously. Moore then went on to propose a contract demanding "transparency from NGOs as to their membership, their finances, their rules of decision-making," which most citizens groups will find deliciously ironic. Alas, we suspect, he was being serious. A full text of Moore's speech can be found here ® Related Story Police caused more damage to IT firms than protestors
Andrew Orlowski, 06 Jul 2001