14th > September > 2001 Archive

Sun WTC staff are all alive

Although it may look like clutching at straws after the slaughter of so many lives, minor miracles do appear have taken place. Brokers Morgan Stanley occupied 25 floors of the World Trade Center, employing 3,500. Remarkably only 15 are missing. All 340 of the staff in Sun Microsystems' field office at the South Tower has been accounted for. Such statistics bring little comfort to the bereaved, of course, but reflect on the bravery of the rescue workers, the ability to put collective survival over blind panic, and the extraordinary resiliance of the WTC towers, which between them allowed an hour and forty vital minutes for evacuation. Around 50,000 people are in the towers and plaza on a typical weekday morning. The latest toll put the number of missing at 4,998, including 170 at the Pentagon. Today has been declared a national day of mourning in the US. ®
Andrew Orlowski, 14 Sep 2001

Kimble.org offers $10m reward for arrest of bin Laden

Kim Schmitz - computer hacker turned Internet millionaire - is offering a reward of up to $10 million for information leading directly to the arrest of Usama bin Laden, the man many believe is behind the terror attacks in the US. A statement on Schmitz's home page, kimble.org reads: "Kimble.org most wanted terrorist. "Murder of US nationals outside the United States; conspiracy to murder US nationals outside the United States; attack against the World Trade Center & Pentagon. "Usama bin Laden." In 1998 the US State Department offered a reward of $5 million for bin Laden following the bombing of US embassies in Africa in which more than 200 people were killed. ®
Tim Richardson, 14 Sep 2001

Handspring pre-announces two new Visor PDAs

Handspring will launch two new PDAs next week, the Visors Pro and Neo, the company has admitted after some initial shipments hit store shelves too soon. The existence of both models was leaked in August, but the rumoured ship date came and went with nothing but a 'there's nothing going to happen' message from Handspring. The silver Visor Pro is based on a 33MHz Dragonball VZ CPU and boasts 16MB of memory. The screen is a 4-bit monochrome backlit LCD. Power comes from a built-in rechargeable Lithion Ion battery. It is priced at $300. The Visor Neo comes in at $200. The chip and screen are the same as the Pro's, but it has just 8MB of memory and operates off two AAA batteries. It comes in three colours: 'smoke', red and blue. Like the Pro, it runs Palm OS 3.5.2, though since it contains none of the main features of Palm OS 4.0 - SD card and 16-bit colour LCD support - it's not entirely surprising the more up-to-date OS isn't being used. As expected, the Pro will replace the Visor Platinum, which is to be discontinued soon. The Neo supersedes the current Deluxe model, though the latter is likely to be around until the end of the year, reflecting a higher level of stock in Handspring's warehouses. In the meantime, we await the arrival of that other rumoured Handspring launch, the Prism II. According to the leaks so far, it too will ship with 16MB of memory and a 33MHz CPU, but feature a 16-bit colour display and the requisite Palm OS 4.0. ® Related Stories Handspring to update Visor line RSN Handspring preps Prism II? Palm, Handspring wireless PDAs debut on Web
Tony Smith, 14 Sep 2001

‘Fluffi Bunni’ hacker declares Jihad

An undisclosed number of Web sites have had their front page redirected by "Fluffi Bunni" in response to the events that have shaken the world. They all appear to be victims of a hacking of the DNS( Domain Name Sytstem Server) of NetNames, a domain name registrar. Entitled "Fluffi Bunni goes Jihad", those behind the hack say: "If you want to see the internet again, give us Mr Bin Laden and $5 million in a brown paper bag. Love Fluffi B." The note is accompanied by a picture of a small fluffy bunny sat a PC screen with what appears to be an electric razor, a CD, an empty pint glass and some sunglasses in the background. In a further 530 word statement, those behind the hack respond to the events of the last week. It reads: I will not attempt to explain all the faults in religion for that would be to much for people to handle at one time. Religion's formed and spred throughout societies. They attempt to form a strict set of moral and social guidelines in which all men should live. Who are they to tell people how they should live? But they have and people have listened because it gives them a sense of stability and no need to think. They believe that following society around them is "good" and questioning it is "bad." Although people may question their society, any excuse to fall back into the norm is taken. Its a lot easier to be good. So now what happens when people from another religion live amoung you? Their ingrained idea of "good" is not your idea of "good." How do they resolve this discrepency? Although many let others have their opinions, there will always be the instigators amoung us. How will they react, especially when faced with hardship? They will blame the people who don't prescribe to their idea of "good." And why not they dont follow God's way. They must be evil. No society is immune from this. Obviously where it is most aparent is in the conflict between Israel and Palestein. The Israelis believe they are God's chosen people. It is their right to control the holy land. Surely anyone fighting for it will be rewarded after they die. The Palestines believe they are in a jihad, a holy war. Anyone dying in a holy war will be rewarded with a herram of the 30 most beautiful women. Doesn't this seem a little childish? How is this gonna stop? Yes even if 99% of the people realize how stupid this is there will still be that 1% that is looking for a fight. So the Mulims and Jews hate each other. But why do I rant about this now? The United States is that different culture to all the poor societies in the world. They are the self proclaimed "beacon of freedom." But you can't take part in this. Your country is not fit. The IMF and the World Bank make sure of this. If your country is poor, and you are offered loans and/or grants from someone else, isn't it ok to let them influence your policy? They're your benevolant neighbor trying to help. We all know that much money isn't handed out out of the goodness in someones heart. They see that it will benefit them. So the IMF and the Worldbank gives out their money and influences policy. Why do they wish to influence policy? To promote the economic growth and get more competetion? Or maybe to promote cheap labor to fund their own industries... I think the answer there is obvious. Now we have the United States coming into every country in the world influencing their societies. Conflicting with their version of "good" is. Can't we predict this violence? Do we really not see this coming. How naive could soemone be to not expect this. If only we could get rid of these strick moral and social guidelines... get rid of religion. -Philo Bunny
Tim Richardson, 14 Sep 2001

Be to appeal against Nasdaq de-listing

Alternative operating system vendor Be has been threatened with having its stock booted off Nasdaq. Under the stock exchange's rules, if a company's shares fall below $1 for more than 30 consecutive trading days, the company risks being de-listed. It has 90 more days to get its shareprice back over $1 - or else. And that's exactly what has happened to Be. Its 120 days are up and so its stock is set to be yanked from Nasdaq's listing. Oddly enough, Be is planning to appeal against the decision. Since it plans to shut up shop just as soon as Palm's $11 million acquisition of its technology and other assets is done, what does it matter if it drops off Nasdaq? One reason for the appeal is that it keeps Be on the Nasdaq list while its request is judged. While it's on the list, it's stock can still be traded - though clearly there's not very much demand for its shares at the moment - and directors' shareholdings continue to have a nominal value. This is particularly true if the Palm deal doesn't happen, either because Palm pulls out - as it did with its proposed acquisition of Extended Systems - or Be's shareholders vote against the deal. Presumably Be fears they will nix the deal if Nasdaq delists the company. ® Related Story Palm buys Be
Tony Smith, 14 Sep 2001

Palm gets snotty with Palm-friendly Web sites

Palm has been tacitly threatening Web sites set up by fans of its PDAs with legal action for alleged trademark infringement if they don't license the company's name or change their own. A number of sites, including PalmSorcerer, PalmGuru and PalmLoyal, have been told by Palm that they must come up the new monikers or modify their names to replace 'Palm' with 'PalmOS'. Says Palm's trademark usage rules: "Third-party Web sites should not use 'Palm' as part of their top-level domain names. After signing a no-fee licence agreement, they can use 'PalmOS' as part of their top-level domain names." At issue appears to be their domain names rather than the titles of the sites themselves. Palm is essentially saying that 'www.palmguru.com' must be changed, but, say, 'www.pda.com/palmguru/' is acceptible as is. To be fair to Palm, it's not charging sites money to use its name, but it does seem a little mean-spirited to us to force established sites to switch from 'Palm' to 'PalmOS' - or even to come up with something else altogether. Not least because many will choose a vendor-neutral name, which will hardly serve to boost the company's profile. Indeed, the recently launched PalmGoddess site has already changed to PocketGoddess to avoid any future entanglements with Palm. Many vistors to the site will, of course, assume its more about PocketPC than Palm. The same is true of PocketAnywhere.com, the new name PalmGuru has chosen. Behind the move appears to be Palm's decision to split in twain, Psion-fashion, into a PDA maker and a separate provider of the core PalmOS technology. The company's trademark rules clearly serve to promote the generic name 'PalmOS' rather than the vendor-specific 'Palm', as if ordinary consumers do or will ever make such a distinction in any case. That's clearly what's worrying Palm, particularly now that licensees like Sony and Handspring are, nominally at least, making Palm devices. As Palm's senior trademark counsel, Jason Firth, told PalmLoyal, the company is now open to harm by association from the actions of third parties. In short, if someone makes a duff PalmOS-based PDA, Palm gets tarnished with the same brush. That's probably true - Palm is a far stronger PDA brand than any of its licensees' own brands or even those of its competitors. And unlike Sony, Compaq, Casio, Hewlett-Packard and even Microsoft, its fortunes are tied to a single product category. It ought to be more consistent, then. We note that Palm is now suggesting that third parties use stress that their products are for 'PalmOS handhelds' or 'for PalmOS', but as yet it hasn't got rid of the 'Palm powered' logo. If it wants to distinguish clearly between 'Palm' and 'PalmOS' - which affect products that are sold to consumers - it should do so before bothering sites that largely preach to the converted. And certainly not if it only serves to weaken the very brands it hopes its trademark rules will strengthen. ® Related Link PalmLoyal: Palm and trademarks
Tony Smith, 14 Sep 2001

Hard times for Linux biz

A day after Caldera-spin off Lineo laid off 22 per cent of its staff, Caldera itself confirmed fifty one redundancies. Up to 20 per cent more are expected according to Linuxgram, which first caught wind of the redundancies a couple of weeks ago. Caldera, which finally acquired SCO's Unix on Intel business earlier this year after many months of wrangling over the shape of the final entity, shed over thirty staff in April. SCO also made deep cuts in its Unix and services divisions ahead of the merger. Last week Caldera announced in a SEC filing a consolidation of their stock, in other words a reverse split with a 1:6 ratio. Caldera's hand has been forced by the stock trading well below the $1 required to justify a NASDAQ listing. When the deal was announced in August 2000, the plan was for Caldera to take the reins of SCO's Unix business and gradually and painlessly shift the customer base to a proprietary Unix/Linux mix. We left last year's SCO Forum convinced that the two understood each other pretty well, but just how this was supposed to happen on a technical level, we weren't sure. And we weren't much wiser a year later at the Forum, where there was talk of UnixWare providing a host for legacy Linux apps - or wait, was that the other way round? No, that's right. CNet's Stephen Shankland gleaned the news that amongst yesterday's redundancies was Juergen Kienhoefer, who devised the Linux Kernel Personality layer - than allows UnixWare to consolidate Linux sessions on a single UnixWare box. Kienhofer it was who gave us a long and enthusiastic explanation of LKP, over ales and to the tune of Roger McGuinn, which you can read about here and here. This year, Caldera officials still remembered that this was a useful technology: but not enough to retain its lead architect. UnixWare looks sorry and abandoned today, having lost its Non Stop Clustering technology a few weeks back. We're told that was because maintaining two kernels was considered prohibitively expensive. Both Caldera and Lineo have their genesis in a team of Linux pioneers at Novell, with leader Brian Sparks moving on to head Caldera, and later the embedded spin-off Lineo. ®
Andrew Orlowski, 14 Sep 2001

Anonymous Remailers Survive Politech Attack

The anonymous remailer network isn't closing, despite an alarmist and inaccurate story by Wired's Declan McCullagh, and postings to his own widely-read Politech mailing list. Len Sassaman, a security expert and privacy advocate who runs the Randseed remailer, is cited by McCullagh as having "pulled the plug" on his system in the wake of the World Trade Center bombings, and the report hinted that others had too. But Sassaman's system didn't go off-line and McCullagh, it turns out, hadn't been in touch to check. An announcement rapidly followed explaining that Randseed had been switched into middleman mode, which simply prevents it from being the last machine in the remailer chain. And real-time statistics at press time showed thirty six Type II 'Mixmaster' remailers in operation, more than are usually running. Many more Type I remailers were also active. Sassaman told us that the precaution was to preempt concern about hate mail or threats being made using the system. His remailer processes around three thousand messages a day, and out of a million messages over the past year, only two have drawn the attention of the authorities. However, simply because one machine goes into middle man mode doesn't weaken the remailer system: the chain only needs a single system operating in both entrance and exit modes to be effective, and given a geographical dispersal of remailers, it's unlikely to be compromised by a crackdown in the wake of the New York and Washington atrocities. "These terrorists probably don't use anonymous remailers," explains Sassaman. "They don't know if the machine they're using could be honeypot. But disturbed individuals could capitalise on the terror of the attack by sending in false information or additional bogus threats." "But equally," he adds, "the mailer network could aid the investigation, providing a channel for people with legitimate information who fear for their lives, and don't trust the protection that the United States could offer them." Anonymous remailers networks are effective not (as asserted in another McClunker) because the operators don't keep logs, but because no operator on the chain is aware of both the sender or the contents of the message. "Stay operational," advised remailer operator Michael Shinn in a follow-up post to the Remop list:- "If we give up all that is American to secure some safety, and freedom of speech is one of the many things that is truly American, then the terrorists will win. And thats what the terrorists WANT: for America to be destroyed. Shutting down freedom of speech would be to do the terrorists job *for them*. I will not surrender to terror. I will not carry out the will of these cowards. They will have to do it themselves: I'm keeping my remailer up." That's the stuff.®
Andrew Orlowski, 14 Sep 2001

MS forecasts XP will generate £13.2bn in UK

Microsoft is forecasting the launch of Windows XP will generate £13.2 billion in IT sales across the UK in the year following its launch. The figure includes software upgrades, new PCs, and other bits of kit like printers, memory, scanners, CD-Rs, digital cameras, and the rest. Microsoft's UK group marketing manager Nick McGrath used the figure to fire up members of the Personal Computer Association at their annual conference. He came armed with gung ho high expectation data culled from various market research organisations. It went like this: There is an installed base of 24.7 million PCs in the UK. Of these, 7.4 million of them are capable of being upgraded to run Win XP. Of these 7.4 million, 2.5 million are in the home, and 4.9 million are used by businesses. If all these machines got an upgrade, and paid full price for it (£89.99 for the home version, £169.99 for the professional edition) then this would generate revenues of £1.058 billion. Microsoft doesn't quite expect a 100 per cent upgrade hit rate. "I didn't sign up for £1 billion as a revenue target," said McGrath. But he pointed out that the big number wasn't really with the OS upgrade market, it was the 17.3 million PCs, the PII systems and below running Windows 95, which are deemed not up to the job of handling XP. These people are "going to see XP, but they're not going to be able to run it," said McGrath. And this is how you come up with the £13.2 billion sales figure which was just what the PCA members wanted to hear - they're system builders, vendors, and dealers. McGrath's advice to his audience was to leave users of Win 2000 alone. "You can catch them with a future version of XP." But NT workstation users are a different matter. "That's low hanging fruit. Go and get them. And if they're on a 9x platform they need to upgrade. In a business environment they need to run 2000 or XP." XP will be launched on 25 October if you've not put a little mark in your diary. ® Bootnote McGrath admits to "still getting goose bumps" when he watches a video showing the highlights of Microsoft's launch of Windows 95. Related Link Personal Computer Association Related Story So how much memory does XP need?
Robert Blincoe, 14 Sep 2001

HP ships chipset staffers to Intel

Hewlett-Packard has transferred nearly 100 chipset designers to Intel, almost certainly to develop Itanium support chips. That's what they did at HP, after all. They also worked on chipsets designed to work with HP's PA-Risc processor line. For some time now, Intel has relied on third-parties, such as ServerWorks and Micron, to provide chipsets for its server-oriented processors. However, with the Itanic-oriented i870, it's having another go at serving the market itself. The i870 is due to ship next quarter and will support the second-generation Itanic, codenamed McKinley. The i870 will initially support two- to eight-way servers, but Intel has discussed extending it to 256-processor systems. Given that takes it way beyond the chip giant's areas expertise, it's hard to imagine that HP hasn't had some considerable input into the i870's design. After all, HP's engineers co-designed Itanium and have been recently working on McKinley. Sending the chipset staff to Intel - a plan confirmed by an Intel representative, CNET says - may indeed be the first stage of a programme that will eventually see HP transfer the rest of its processor development staff to Chipzilla. HP has committed itself to Itanium, to the extent that it will ultimately supersede its own PA-Risc technology. But now, under Carly Fiorina, it wants to focus itself systems and services, it makes sense to hand its chip operation over to its chip partner, Intel. That plan mirrors Compaq's own sale of its Alpha chip unit to Intel. Indeed, following HP's move to acquire Compaq, we strongly believe that the Alpha sale was made to prepare the way for the merger. On the same grounds, we can see HP passing its PA-Risc team on to Intel, too. Indeed, it's beginning to look like a three-way scheme to strengthen the momentum behind Itanium - and the companies riding on it - as it goes up against Sun's Sparc platform. ® Related Stories Intel details 16-way DDR-based i870 chipset HP to buy Compaq for Battle of the Bulge Itanic looks healthier with Alpha transfusion Intel takes Alpha from Compaq's hands
Tony Smith, 14 Sep 2001

Down's Syndrome screening failures linked to Y2K bug

More than 150 pregnant women may have been given incorrect results from a test for Down's Syndrome because of the Y2K software bug. Between January 4 and May 24 last year, the PathLAN system at Northern General Hospital, which processed results of the screening of mothers at nine hospitals in South Yorkshire, Lincolnshire and the East Midlands, gave potentially incorrect results because of the Millennium bug. After the year 2000 passed the ages of women were calculated incorrectly, which meant that many patients were informed wrongly that their babies were at low risk of the disease, according to a UK government report. Four women subsequently gave birth to Down's Syndrome babies and two terminated their pregnancies. If an error in calculating the women's age correctly had not been made during routine screening they would have been identified as high risk far earlier and offered a more conclusive amniocentesis test for Down's Syndrome far earlier in their pregnancy. The delay caused by incorrect processing of data at Sheffield's Northern General Hospital meant that tests had to be conducted far later in pregnancy, putting mothers and babies at greater risk. Professor Lindsey Davies, regional director of public health, who commissioned a 112-page report into the affair, blamed over-reliance on the PathLAN computer software used to perform the tests. The health services need to put increased safeguards in place. PathLAN accesses the risk of a woman giving birth to a baby with Down's Syndrome based on her age, body weight, length into a pregnancy and blood test results. ® Related stories: Millennium Bug claims more victims Millennium Bug stalls Norwegian trains
John Leyden, 14 Sep 2001

Airline security measures damage e-ticket simplicity

New security measures installed at the request of the FAA at all US airports will remove much of the simplicity of tickets bought over the Internet. Previously, passengers needed only to show a valid form of ID like a driving licence at the gate to catch an internal flight. Now however, passengers will be required to present a receipt of their e-ticket purchase before being allowed past security. The tougher security measures come in response to the terrorist attacks suffered in the US this week after groups of men hijacked several planes and flew them into the World Trade Center and the Pentagon. Airlines are implementing the rule that proof of ticket purchase must be shown before boarding in different ways. Some are allowing passengers to print out confirmation of their purchase and offer that as proof. However there is no escaping the fact that much of the convenience of e-tickets has been lost and people will have to queue for long periods to catch a flight. It is hoped that this and other measures will make it far harder for a terrorist to board a plane, and US authorities arrested five men trying to get on a flight this morning. They had apparently been stopped on Tuesday attempting to board another plane. Yesterday a man whose credit card had been used to purchase tickets for the terrorists was arrested in the US. No clear explanation has been given over how the proof of ticket checking procedure will reduce the likelihood of a terrorist boarding a plane but many travellers will feel more secure with the new rule in place. Sharp implements banned No knives or even sharp objects such as knitting needles are being allowed on in hand luggage. Other security measures include a ban on luggage check-in by airport entrances and passenger check-in anywhere but the airport itself. US Airports that open have had to conduct a thorough search, increase police numbers in the airport and reduce access to any parts of the airport beyond the security area. ®
Kieren McCarthy, 14 Sep 2001

Letter from Cisco

I read your story 'Sales reps peddle through terror aftermath'(12/09/2001) with great distress. The content of the email you refer to is in incredibly bad taste and the story is categorically NOT representative of mine nor any of my colleagues' thoughts at this time. Our number one priority right now is people - families, employees and our customers, many of whom have been deeply impacted by this horrible tragedy. Yours sincerely Duncan Mitchell Vice President and Managing Director Cisco Systems UK & Ireland
Duncan Mitchell, 14 Sep 2001

So how much memory does XP need?

Microsoft's XP sales push to UK system builders, at the annual Personal Computer Association conference, prompted friendly discussion on the memory requirement for the OS. A few laughs of disbelief, and mutters of "No way will it run on that" and "As if", met group marketing man Nick McGrath's word on the subject. He said 64MB is the minimum XP will run on, but 128MB is recommended. He added that this is the first time Microsoft has come out with a memory recommendation. When pushed he reckoned a 300MHz PII box with 64MB would just about do the job. But earlier in his address he'd dismissed PII machines as XP-incapable, and their users ripe for an upsell, but his audience would want to hear that so they wouldn't be bothered to argue the point. XP allows several users to log into a machine simultaneously. McGrath thought that 128MB would handle four users, but you'd need an extra 32MB for each additional user above four. In a private chat after his presentation he said that "128MB is more than sufficient for mainstream users". Amazingly, memory distributor Memory Plus, thought XP PCs could do with a little more in the way of memory spec. Marketing director David Flack kicked off his PCA presentation with a picture of someone's slashed wrist, to subtly illustrate the state of the memory market. He thought that with 256MB you "may get XP to boot up." He recommended 512MB, which with prices as they are, you might as well go ahead and do. ® Related Story MS forecasts XP will generate £13.2bn in UK
Robert Blincoe, 14 Sep 2001

STMicro trims workforce by 2500

STMicroelectronics intends to rid itself of six per cent of its workforce - some 2500 staff in total - this year, although only 650 of them will be fired. The rest will go through voluntary redundancy schemes, the company has said in an email sent to the Bloomberg newswire. The announcement follows a report in the La Tribune newspaper that the chip company planned to dismiss all 2500. No so, said STMicro, almost all will go - those that haven't gone already; many of the 2500 have, apparently - through natural attrition. The cuts have been made to bring STMicro's costs down in the light of the global semiconductor slump. The company has already implemented a pay freeze. ®
Tony Smith, 14 Sep 2001

This is how we know Echelon exists

The European Parliament published its report into the Echelon spying system last week in which it concluded it did exist, was against the law and that the UK had a lot of explaining to do. We've sifted through about 100 of the 194 pages and decided that since no one had yet to officially admit its existence, you may be interested in how the European Parliament decided it was definitely out there. The report admits from the outset that the existence of Echelon can only be proved by gathering together as many clues as possible so that it remains the only possible explanation. Since we are talking about an extremely secretive spying mechanism run by some of the most secretive (and powerful) organisations in the world, this is the only method at our disposal. The report used three basic routes to gathering the clues together. One, physical evidence - all the listening stations dotted about the globe. Two, unclassified documents and other bits of information from the military, NSA and other bodies that run the system. And lastly, the testimony of investigative journalists who have concentrated on Echelon - including Duncan Campbell and Nicky Hager - and former employees of the security services. Where's The Evidence? Physical evidence consists of a study of twenty listening stations around the world - five in the US, three in Australia, two in the UK, then others in New Zealand, Germany, Puerto Rico, Japan, Hong Kong, Cyprus, Guam. The question is: how do we know that the stations are listening stations and not kosher satellite bases? A bit of a giveaway is that they are all run by the military and you are not entitled to visit them - which you would be if they were normal dishes. That operatives and staff from different countries are also stationed at each station is a little peculiar too. Another clue is that many have normal satellite bases located very close to them - why would you need two stations for one satellite? Then there are the different types of antenna in use. Various types of antenna, each with a distinctive shape, are used to pick up different sorts of signals. If you want to receive satellite signals you need a huge parabolic antenna - and these are the huge golf-ball like domes you see in pictures. The spherical covers not only protect the antenna but also hide which direction it is pointing in. That doesn't prove what sort of signals are being picked up though. Nevertheless, if a station has two or more satellites with diameters greater than 18 metres, they are intercepting civilian communications. Which - tied in with the other information above starts making the case for a spy network. One of the most important aspects to the whole Echelon issue is that it consists of an agreement between the US, UK, New Zealand, Australia and Canada to work together and share information. Without this agreement, it would be impossible for a global spying network to be built since no one country has territories all over the world. (This is also the reason why only the French and Russians could possibly be running effective spying networks as well.) Secret Love By finding evidence of unusually close ties between the security services in these different countries, the idea of Echelon is further supported. This comes in the form of the UKUSA agreement. There is surprisingly little official evidence of the agreement's existence but there is enough to conclude it exists. The UKUSA agreement is an extension of the information-sharing agreement signed by the UK and the USA during the Second World War. Australia and New Zealand were also tied into this later thanks to the continuing war with Japan. The report quotes several official documents that make reference not only to a UKUSA agreement but also Echelon. For example: the 1999/2000 annual report of the UK Intelligence and Security Committee - a parliamentary watchdog - explicitly states: "The quality of intelligence gathered clearly reflects the value of close co-operation under the UKUSA agreement." It then refers to when the NSA's equipment failed in that year, it ran it operations through the UK equivalent, GCHQ. By piecing together this and other mentions in seven other official reports, a clear picture is built up. Then there are declassified US documents (in the UK we still maintain archaic laws which enable the government to keep things secret as long as they fancy). These refer to Echelon and also give the boundaries by which NSA operates. Foreign Intelligence It's safe to assume that if an organisation like the NSA is told it may do something then it will. This can be extended to: if the NSA isn't told it can't do something then it probably does. In its make-up, the NSA defines "foreign intelligence" as "any government communications in the widest sense (not only military) and all other communications which might contain information of military, political, scientific or economic value". So, basically, since the NSA can listen in on civilian communications, it will. This ties in with the final aspect of evidence - journalists and ex-security service personnel testimonies. The report does point out inconsistencies with the various versions of what people believe Echelon to be but between them they make a strong case for Echelon's existence and basic functions - it's just the fine detail in which people vary. What most concerns the European Parliament of course is the use of Echelon for economic reasons. Duncan Campbell has made various allegations in this sector, tracking what he says is evidence that important information has been picked up from European companies and relayed through the CIA, Advocacy Center and Department of Commerce to US firms. The report makes a point of saying Mr Campbell's claims are not evidenced; nevertheless, after more testimony it concludes that there is a substantial risk that that is exactly what the US is doing and strongly advises all European companies to encrypt their emails as a matter of course. The ex-security personnel's testimonies are quite interesting. Apparently while we all use Echelon as the name for the entire system, Echelon is in fact the name of the network. The software - which searches for key words - are called Silkworth and Sire. However a journalist says the network is called Platform and Echelon is the software. Ah well. Anyway, this is only a small part of the report - which can be found here - but quite interesting we think you'll agree. ® Related Story EC releases Echelon spying report
Kieren McCarthy, 14 Sep 2001

Anna Kournikova virus author stands trial

The author of the infamous Anna Kournikova email worm has appeared in court in the Netherlands with prosecutors calling for a lenient sentence for his admitted crime. Lawyers for 20-year old Jan de Wit have called for the dismissal of charges against him, arguing that the worm caused minimal damange. The FBI submitted evidence to the Dutch court, suggesting that $166,000 in damages was caused by the worm, based on reports of damage from 55 firms. Prosecutors called for a sentence of 240-hours community service at the beginning of a trial yesterday on charges that de Wit spread data into a computer network, with the intention of causing damage. The charges carry a maximum sentence of four years in prison and a fine of 100,000 guilders ($41,300). According to IDG, de Wit admitted created the worm using a virus creation toolkit but told the court when he posted the virus to a newsgroup he didn't "without thinking and without overseeing the consequences". He denies any intent to cause damage. Sentencing of de Wit has been set for September 27. The Anna Kournikova email worm was written using a Visual Basic Worm Generator, written by [K]Alamar. The worm was released onto the Internet in February, and spread rapidly, prompting many firms to shut down their email servers as a precaution. Kournikova caused a great deal of inconvenience and irritation - several million computers were infected, according to Sophos. But its effects were much milder than early reports suggested. The worm caused nothing like the damage caused by the otherwise similar Love Bug, or the Melissa virus, estimated to cause $80m-worth of damages at the US trial of author David Smith. Smith still hasn't been sentenced despite pleading guilty to writing the virus in December 1999. ® Related Stories Kournikova suspect to stand trial in September Justice mysteriously delayed for 'Melissa' author Dutch police arrest Anna Kornikova virus suspect Anna-bug author OnTheFly 'fesses up Anna Kournikova bug drops harmlessly onto the Net Anna Kournikova virus spreading like wildfire Users haven't learned any lessons from the Love Bug
John Leyden, 14 Sep 2001

Creditors cast doubt on Hynix bail-out plan

Hynix's $5.4 billion debt rescue plan is, like the troubled memory maker itself, in danger of collapse after a creditors' meeting failed to back the company's plan. Essentially, Hynix wants to borrow a further 500 billion won. It also wants the banks to extend its repayment terms for 2.1 trillion won it has already been lent, and to swap three trillion won of debt for bonds that can be converted into equity at some future date. Hynix got its creditors to agree to the debt-for-equity plan, according to a Korea Exchange Bank spokesman, cited by Bloomberg. However, that scheme is simply a way of reconfiguring Hynix's existing debt and won't help the company in the short term. Rather more important - if not to say essential - is the creditors' failure to come to a decision on the 500 billion won loan Hynix desperately needs to stay in business. The signs are not good. KEB president Kim Kyung Lim stressed the importance of the loan in a press conference after the creditors' meeting. "Without the fresh loans, the future of Hynix is uncertain," he said, but added that his fellow creditors will "find it extremely difficult to support Hynix if DRAM prices do not show signs of recovering to $1.50". In short, the money Hynix needs to dependent on the world DRAM market, and that shows no sign of recovery in the near future. Certainly other creditors are unwilling to give Hynix any more money. Before the meeting took place, representatives of Korea's Hana Bank and H&CB said they would not agree to extending Hynix's credit. Shinhan Bank and Kookmin Bank yesterday took the same stance. KEB appears willing to lend Hynix money, as does Hanvit Bank. Hanvit governor Lee Deok-hoon last week said it makes more sense to lend Hynix the money than let it collapse, but the bank this week said it would only agree to extra loan if other creditors would do so too. New Korean laws mean that Hynix's rescue plan can't go ahead without the agreement of its creditors. And there's clearly not much sign of that happening. ® Related Story Hynix creditors fail to agree on loan provider
Tony Smith, 14 Sep 2001

UK shares out £25m XP ad bonanza

Microsoft will spend £10 million marketing XP in the UK. Add in the marketing spend from Intel and the major PC manufacturers and the figure is expected to hit £25 million. Microsoft group marketing manager Nick McGrath likens the spend to the amount used in launching a new car. The OS comes out on 25 October but gets its big consumer launch at the Live consumer electronics exhibition which runs from 21-23 September at Birmingham's NEC. At the Personal Computer Association annual conference last week McGrath told attendees that advertising will be based around the green hillock, blue sky, fluffy white cloud image that comes up as the default XP desktop backdrop. The PCA's system builder, retailer, and dealer members were advised to incorporate the TellyTubbieland image in their own adverts. The Microsoft marketing money is to be spent in the usual places - TV and print adverts, promotions, co-op marketing, and a party for journos who get a free copy of XP (which they won't sell into the grey market). ® Related Link Live expo Related Stories So how much memory does XP need? MS forecasts XP will generate £13.2bn in UK
Robert Blincoe, 14 Sep 2001

PC builders have to sell 20% more kit to stand still

UK system builders have to sell 20 per cent more kit than they did last year just to stand still. This is the view of Rafi Razzak, MD of Centerprise, the company which builds Dixons' Advent brand PCs. Razzak made the observation at the Personal Computer Association annual conference where he acted as chairman. He was trying to engage the conference in a debate about whether recent months had really been terrible for everyone in the PC business. A handful of attendees said they were suffering but a surprisingly large number said they'd been doing OK, keeping margins high, selling on service. But then you might not reveal your woes to your peers. ® Related Story Worldwide PC sales fall in 2001 - IDC Related Link Personal Computer Association
Robert Blincoe, 14 Sep 2001

BTopenworld to get new chief exec

BTopenworld is looking for a new chief exec following today's announcement that CEO Andy Green is to take charge of BT Ignite from November. The current BT Ignite CEO, Alfred Mockett, is to step down at the end of November to take up a position as chairman and CEO of an as yet unnamed US-based public company. The monster telco said Mr Mockett's departure was "amicable". A replacement for Mr Green will be announced in due course. Whoever takes up the job of running BT's retail Internet and broadband outfit will have a job on their hands. The business is nicknamed "openwound" by some commentators because it is haemorrhaging so much money. ®
Tim Richardson, 14 Sep 2001

SSL toolkit flaw poses risk

A vulnerability has been discovered in versions of software development toolkits from RSA Security, which could allow an attacker to bypass SSL client authentication. In a security notice on the issue, RSA said the vulnerability meant that hackers "might potentially gain access to data intended only for authorised users". The company has a patch and it advises customers to apply this to affected software. Due to a bug in the SSL (Secure Socket Layer) session cacheing feature implemented in RSA BSAFE SSL-J versions 3.x, unauthorised clients may be able to impersonate authorised clients, RSA confirms. The problem does not affect clients nor does it impact the performance of servers which do not use client authentication. But the vulnerability is noteworthy because it affects commonly used-cryptographic protection techniques. It's been discovered that (with use of the vulnerable software libraries) if an error occurs while the handshake is being performed, the session key is, under certain conditions, stored in the cache when it should be discarded. Once cached, this session key can be used by an attacker to cause a server to skip the full client authentication scheme, and use a much shorter sign-on procedure. The SSL protocol provides for caching of SSL sessions between subsequent connections by the same user; this speeds up connections and lower processing overhead in most cases. The flaw would not give a user root access to a server. The issue affects RSA BSAFE SSL-J 3.0, 3.01 and 3.1 and Cisco Internet Content Distribution Network 2.0 (because of its use of the toolkit). Users of RSA BSAFE SSL-J 1.x and 2.x are unaffected, as are RSA customers using BSAFE SSL-J 3.1.1 or 4.0 beta 2 and higher. ® External links RSA Security Bulletin Cisco advice to iCDN network Related Stories Secure the Wireless Network firmware RSA poses $200,000 crypto challenge RSA takes a long-term risk on safety Internet security firm RSA's Web site hacked
John Leyden, 14 Sep 2001

Over-zealous mourners backtrack

It's hard to know how to react when something on the scale of the recent attacks occurs, however in attempting to do something tangible to express their concern, some people got carried away. The CEO of one company sent out a company-wide email an hour after the attack which said: "We would like to also say on record that if any country is found responsible for these attacks, we call for that country's complete destruction and annihilation". A little over the top? Well, he seems to think so now. A second email has been sent out which says: "In my last e-mail I was angry. Now I am angry and saddened. My thoughts were emotional, not political or commercial. I will stand by my conviction that those responsible should not walk with us on this planet. I will though take back the word 'annihilate', this was anger speaking from someone that has now cried for the victims of this attack. "This may surprise some people ... I am only human. Just as President Bush almost cried on CNN today, that does not make him less of a President. I as a CEO have the right to be angry, and to vent my emotion. This does not make me any less of a CEO or human. It makes me more of one." Whether you agree with this summary is up to you. Equally, as we predicted, Gartner's extraordinarily generous but flawed idea of opening its entire research database for free has been quickly put an end to too. The data contain within was worth a fair penny but the company soon recognised that people were abusing the offer and downloading huge chunks - no doubt with the aim of selling it at a far more reasonable price in the next few weeks. It was a lovely gesture, but we did warn you. While we're here, newsgroup witterings about the WTC being built to withstand a 747 crashing into it are not as far out as we first thought. They were built to withstand an impact by the biggest plane of the time - the 707 - because they were so tall. As we all know now, the buildings withstood the impact well but it was the heat produced from fuel in the planes burning that caused the buildings to collapse. As for the Nostradamus quotes, the third was definitely fake, we don't know about the other two. The mass email with the false quote didn't help matters by stating that Nostra said it in 1654, when in fact he died in 1566. ® Related Story US disaster causes some to slip a gear
Kieren McCarthy, 14 Sep 2001

DNS mega-hack hits thousands of sites

Thousands of UK Web sites registered with domain name registrar NetNames had their front pages redirected to a rant by hacker Fluffi Bunni this morning. Jonathan Robinson, chief executive at Net Benefit, which runs the NetNames registration and hosting service, told us that the "majority" of its 100,000 customers had their Web traffic re-routed in the hack. He said the firm was focused on restoring services, which were disrupted for more than an hour before been returned to normal between 10am and 1030am today, than counting the number of people affected. The hack, which directed surfers to a diatribe entitled "Fluffi Bunni goes Jihad", involved an attack on NetNames' Domain Name System server, according to Robinson. Fluffi Bunni compromised the network of Net Benefit before sniffing a password and disrupting the firm's DNS server to pull off the attack, he said. The DNS servers were loaded with the latest version of BIND and the attack was not on them directly, according to Robinson, who added that he was now satisfied its systems were secure. Register readers have informed us of the numerous Web sites affected by the attack among whom were www.forceinternet.co.uk, www.expressandstar.co.uk, www.ammoweeklybulletin.co.uk, www.discoveryhealth.co.uk, www.clicktomusic.co.uk, Totaljob.com, Vnunet.com, and www.westlife.co.uk. The list goes on. Aidan Goldstraw, head of Internet development at the Express & Star Wolverhampton, was scathing in his criticism of NetNames. "The hack affected both our own secondary domain, expressandstar.com, and dozens of other third party sites we host with NetNames Web forwarding arrangements. "What I found incredible was that no-one at NetNames appeared to have the gumption to pull the network plug out of the back of the machine as soon as they knew what was happening". He added: "I also find it worrying that a company whose stock-in-trade is domain management could fall prey to what at least appears to be a fairly elementary scripting hack." Russ Spooner, a security consultant at network security specialists Interrorem, pointed out that a DNS redirection hack was particular embarrassing for Net Benefit, The domain registrar has issued press releases advising firms to protect their online identity, something it has conspicuously failed to do itself in this case. Mark Read, a professional services consultant at MIS Corporate Defence, accused Net Benefit "as a firm offering Internet services" of failing to do its job properly and protect against hack attacks. Previous victims of Fluffi Bunni (aka Fluffy Bunny) include the Apache Project and Exodus Communications. The attacks by the group (or individual) operating under the Fluffi Bunni moniker are generally more sophisticated than the average defacements. ® Related Stories: 'Fluffi Bunni' hacker declares Jihad Hackers run amok during Defcon Cowboy cracker nails Apache Linux hackers fall victim to crackers
John Leyden, 14 Sep 2001