Hackers were able to penetrate a Federal Aviation Administration system earlier this week and download unpublished information on airport passenger screening activities, federal officials confirmed Thursday. Styling themselves "The Deceptive Duo," the hackers on Wednesday publicly defaced an FAA server used by what was the administration's Civil Aviation Security organization, which until recently was responsible for supervising passenger screening at U.S. airports. There, the intruders posted a mission statement vowing to expose America's poor state of cyber security for the good of the nation. "Tighten the security before a foreign attack forces you to," the Duo extolled. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy." At the bottom of the page, the defacers included a screen-shot showing a portion of a Microsoft Access database, with each row displaying the three-letter code for a different U.S. airport, the name of an FAA inspector, a screener I.D. number, the number of passengers the screener handled, and the number of guns, explosives or chemicals he or she intercepted. An FAA spokesman described the file as a "screener activity" report for the year 2000, but insisted it wasn't particularly sensitive. "It was data that was used for a report that went to Congress, so it's essentially public information anyway," said spokesman Paul Takemoto. In February, the FAA's airline security functions were taken over by the newly-created Transportation Security Administration. Computer security weaknesses have dogged the FAA since 1998. Most recently, the agency was criticized in a September, 2000 GAO report for not performing background checks on IT contractors, failing to install intrusion detection systems, and not performing adequate risk assessments and penetration tests on agency systems. Speaking at the RSA security conference in February, agency CIO Daniel Mehan said the FAA had made significant progress in boosting cyber security, but needed more funding from Congress to continue the effort. The FAA said Thursday that they'd reported the Deceptive Duo's intrusion. "We've asked the FBI to prosecute if they catch the people," said Takemoto. String of Intrusions The agency is only one target of the Deceptive Duo's inaugural week of defacements. On Monday, the pair vandalized a U.S. Navy site and posted information lifted from a Midwest Express Airlines passenger reservation system, according to a report by InternetNews.com. The defacement mirror site alldas.org shows attacks on two NASA sites on Wednesday, and on Thursday the attackers struck a U.S. Department of Transportation site and several seemingly random corporate targets -- one of them in Israel. Each defacement featured the hackers' patriotic "mission outline" -- in which they claim to be U.S. citizens determined to save the country from a "foreign threat" by exposing security holes -- and the group's logo: two handguns in front of an American flag. Longtime defacement-tracker Brian Martin, a security engineer at CACI Network Security Group, suspects the Duo's message may owe as much to media-friendly theatrics as genuine fervor. "They're probably casually into it," says Martin. "But if they write it up well, they hype it up and sensationalize it, they get more attention." But in an e-mail interview, the Deceptive Duo said their intrusions were a matter of national security. "We are two individuals who risk our future and our lives to help the Nation in such a vulnerable time," the Duo wrote. "Somebody has to do it; if we don't, a terrorist might." © 2002 SecurityFocus.com, all rights reserved.
A project to link hundreds of magistrates' courts in the UK electronically may have to be abandoned because discussions between the government and a key supplier are floundering. An internal memo from the Lord Chancellor's Department said it had been "unable to reach an agreement with Fujitsu" on a proposal for the delayed system which "represents value for money and which we can afford", Computer Weekly reports. Talks with Fujitsu are continuing but the Lord Chancellor's Department is now considering a "fallback position", the memo says. The Libra system, which is being supplied by Fujitsu, is an important part of government plans to speed up the criminal justice system. Court cases are often delayed because of errors in paperwork, the National Audit Office has found and the aim of the Libra system is to minimise such mistakes, which can delay court proceedings and cause unnecessary expenditure. A key aspect of the project is a common case-working system linking all magistrates' courts in England and Wales, and this might be dropped in favour of establishing "commercial arrangements for delivering a robust, standard national system based on the best of the legacy systems". If the latter route is taken, magistrates courts will have to cope with three existing types of case-working system, which are incompatible and part of which date back to the 1970s. This could leave staff with terminals on their desk a new PC delivered in advance of the core software and a terminal to access legacy systems. Rosie Eagleson, general secretary of the Association of Magisterial Officers, told Computer Weekly, "If the core service is not delivered, we are right back to square one, except that enormous sums of public money will have been expended to deliver the sort of hardware and software that is available off the shelf at PC World." If the core case-working part of the project is abandoned, Fujitsu will still get more than half of the contract's value because for supplying new PCs and Microsoft Office to support the Libra system. The cost of the private finance initiative (PFI) IT project has risen from £183m to £319m. A decision of the future of the project is expected later this month, according to the leaked memo. ®
Analysts have cast doubt over BT's latest assault on the UK's broadband market and its planned introduction of a "no frills" service. It seems the pricing of the access-only service - just £3 cheaper than full ISP services on offer from the likes of BTopenworld and Freeserve - might not be enough to sway punters to opt for the stripped down BT Broadband service. According to research from J P Morgan: "In our view, the discounted price and content 'landing page' do not compensate for the lack of bundled content and services, notably email and web space." And the chances of BT dropping the price of BT Broadband still further (a move that might make it more attractive) seem slim since J P Morgan agrees that BT's margin on the service is tight. It also maintains that existing Net users who've built up loyalties with ISPs will be reluctant to move to this new service despite BT Retail's undeniable advantage of having access to some 21 million customers. And while some industry sources claim consumer ISPs such as Freeserve are most at risk following yesterday's announcement J P Morgan believes that Freeserve will gain almost one in five of all ADSL connections. It concludes that the threat to Freeserve's business from BT's new product "has been overdone". ® Related Story BT spells out plan for broadband domination
Things must be looking up: Intel has begun work again on building Fab 24 in Leixlip, Ireland. The chip monster has frozen construction on the $2bn building twice, citing downturn in demand. The news comes as a boost to the Irish government, which is fighting a General Election. But the Tánaiste (deputy prime minister) Mary Harney told the Irish Times that the timing was a "a coincidence," she said. "A company like Intel, the world's largest semiconductor firm, doesn't make a decision like this due to a general election." Fab 24 will lead to another 1,000 jobs at Intel Ireland, and bunce for 1,500 construction workers. ® Irish Times article
UpdateUpdate Nvidia has appointed New Jersey firm PNY Technologies to flog Quadro workstation graphics boards into the OEM market worldwide. PNY recently told the German press that it was in talks with administrators about Elsa's graphics business. It says it will release more details in coming days. Elsa, the German graphics card maker, which is currrently operating under bankruptcy protection, had - until today - solus distribution rights for Quadro boards. How much Quadro business is there for PNY ? The workstation graphics board market is comparatively small, and Nvidia has creamed off the top five OEM customers for itself. It sells Quadro chips direct to Compaq, Dell, Fujitsu Siemens, Hewlett-Packard and IBM. Elsa also makes data networking equipment and employs 260 people. But this business is to be put into liquidation on May 1, according to Heise (German language) . There may be a management buy-out, but with much fewer employees. ® Nvidia/PNY press release Related stories Nvidia looks Elsawhere for Quadro backups Elsa files for bankruptcy Elsa derailed by closed credit lines
If you've chosen MS Word for your e-mail editor in Outlook 2000 or 2002, you'll need to patch a flaw which enables script execution when a malicious memo is replied to or forwarded. Outlook blocks scripts when an HTML e-mail is viewed; but when Word is the editor, replying or forwarding calls it in an unprotected mode, and it then allows the script to run. Essentially, Word behaves as if a new memo were being created, a situation where security wouldn't be an issue. The actual flaw, then, is a failure to distinguish between a user's own e-mail and his modifications to someone else's. The consequences of exploitation here are running arbitrary code on the local machine with the user's level of privilege. As usual, MS provides an extremely vague description of the exploit, calling it only a "specially malformed HTML e-mail," so we can't tell you anything about the likelihood of exploiting other versions of Outlook with this little oversight. We also can't verify that the patches work as advertised. But none of that is necessary, now that Trustworthy Computing is in force. The MS bulletin, along with links to the patches, is posted here. ®
eTesting Labs has run a series of tests of eight commercial available diskwiping products - and only one of them worked properly. This is Redemtech Data Erasure, from the company which contracted eTesting to run the trials. So the results should be treated with caution. The eight products were run on six variously configured PCs. IBAS Expert Eraser failed to overwrite all of the disk sectors on one of the PCs under test. Ontrack DataEraser and Blancco Data Erasure failed to overwrite all the sectors on two PCs; East-Tec Disk Sanitizer and InfraWorks Sanitizer failed in the same task with five PCs; while NTI Diskscrub and Wipe Clean (freeware in wide circulation, according to Redemtech) failed to overwrite all the sectors on all six PCs. Norton Wipeinfo/Wipedisk is no longer being updated, and works so differently from the others - it's very fiddly - that eTesting Labs did not feel able to include it with the rest. The eTesting Labs report, complete with methodology, is available as a PDF here. Of particular note is the poor showing for Infraworks Sanitizer, used by the Department of Defense in the US and the MOD on the UK. It's surprising that eTesting Labs/Redemtech found something that the US government missed. Secondly, there are quirks in all testing tools - Norton Datawipe does not recognise NT partitions - and all hard drive technologies - software will not write over RAID for example, and why should it - RAID is designed to protect data. It's necessary is to strip out each HDD and overwrite individually. sometimes a very large HDD. Paul McCartney's worth - how much? Datawiping is a boring but important subject for end of life kit. Corporates pay recycling firms to dispose of their equipment - the residual value of the kit rarely covers the cost of collection, datawiping - important for security and for data protection - and reselling. By far the cheapest option is smashing and dumping - but that's dirty and in many rich countries, illegal. But what if the broker is not datawiping the kit, or is using the wrong datawiping software? Then there's a headache. The most famous case in recent years was Morgan Grenfell, now part of Deutsche Bank, which let loose an end-of-life PC containing the bank details of Sir Paul McCartney into the secondhand market. But there has been a series of incidents, including details of children at risk found on a PC dumped on a skip by Lincolnshire Council, and a register of sex offenders contained on a PC used by students studying statistics furnished them by Bristol police. The machine was later sold, with the register. Then there was the doctor who returned his machine to PC World under a 21 day no-quibble swap-out. This was later sold as a shop refurb, complete with patient records. Related stories Windows wipe utilities fail to shift stubborn data stains Paul McCartney account details linked on second user PC
Tens of thousands of people in southern England were without phones last night after a power failure in Southampton brought down BT's network. Parts of Hampshire, the Isle of Wight and Wiltshire were hit after phones went dead at around 6.30pm yesterday evening. Most were restored by midnight although the whole service wasn't back up and running again until just before 4.00am this morning. Emergency services were also hit with people unable to dial 999 calls. BT has launched an investigation into the disruption. ®
Guardian IT, the ailing disaster recovery firm, up for sale after spending lots of borrowed money in anticipation of business which never happened, has a buyer. It's Sungard Data Systems, a $2bn t/o disaster recovery player from the US. Sungard values Guardian IT at £168m, inclusive of debt. As Guardian IT's net debt is £110m - this leaves £58m cash for shareholders. Guardian IT (can we make this shorter - what about GIT?) has accepted the offer - the 80p a share offer is a big hike on the closing price of 33p at Feb 13 - the day before the company disclosed it was in talks which could lead to a deal. ®
The boss of subscription-based email service, Another.com, said he hopes that a snag that has crippled the service for some 100 users during the last week will be resolved today. Users have reported that their emails - both those sent to their account and those saved in their inboxes - have been lost. According to reports the problem started at the beginning of the week. Steve Bowbrick, CEO of Another.com, said he hoped the problem will be fixed today but insisted it only affected a "very small minority of users...around 100 people". He added that those affected would have their subscriptions extended for the period of time they have lost. In February, Another.com started charging existing members to use its Web-based email service after introducing charges for new users last autumn. ® Related Story Another.com calls time on free email
A top Japanese electronics executive has criticized the country's leading manufacturers for their wholesale abandonment of the DRAM memory chip business, warning that an "emotional" herd mentality could seriously damage the country's high-tech sector. In an article published by Nikkei Business, the chairman of Texas Instruments Japan, Toshiaki Ikoma, said the decisions of Fujitsu Ltd, Toshiba Corp and others exit DRAM production will leave the DRAM business in the oligopoly control of Samsung Electronics and Micron technology. As an oligopoly, the DRAM market promises to be a "pot of gold" that Japan's electronics industry will now miss out on, said Ikoma. Whilst using measured language, Ikoma nevertheless accused his counterparts in the Japanese electronics business of a failure of complacency and short-term thinking. By simply "going with the flow" he said all of Japan's major chip companies are now heading out of DRAM and into the LSI business. "However, as they move all together, they will surely face the same fate as in DRAM or other memory business, because there will be severe competition centering on smaller profits," he said. In conclusion, Ikoma warned the Japanese electronics community that its abandonment of the DRAM business cold have important long-term repercussions for the entire industry. "To assure the growth of the global electronics market as well as to let the high-tech industry drive the Japanese economy, they have to prevent an oligopoly in the DRAM sector by the two companies. Appropriate competition in the memory market is necessary for the development of digital consumer electronics. From this point of view, Japanese makers should spare no efforts to remain in the DRAM market," he said. © ComputerWire. All rights reserved.
Network Associates on-off bid for the shares in its McAfee.com consumer ASP subsidiary that it doesn't own is off, again. Last Month, NAI offered a stock swap deal worth around $208.2 million for the 25 per cent of McAfee.com shares outside its control. The aim of the acquisition was to remove confusion over Network Associates business units and to streamline its operations. The offer suffered a setback when the board of McAfee.com described it as "financially inadequate" and encouraged its shareholders to reject NAI's overtures. When the Securities and Exchange Commission (SEC) began investigating NAI's accounting practices, NAI decided it had little choice to postpone the bid. That seemed to be the end of the matter, but days later NAI came back upped its original offer by 15.6 per cent. The new offer was more to McAfee.com's liking and its board of directors has recommended that shareholders accept the offer. However the revised bid was withdrawn yesterday after NAI said that "it has discovered accounting inaccuracies in its 1999 and 2000 financial statements requiring the restatement of these financials". The company has informed the SEC of the preliminary results of its internal investigation and will keep the regulators informed as to its progress. ® Related stories NAI ups bid for McAfee.com Cost, mistrust hold back security outsourcing McAfee punts proactive virus protection NAI faces SEC probe All of McAfee, why don't you take...
Yahoo! Inc has decided to renew its contract with Overture Services Inc for three years, Overture announced yesterday. The decision dashes speculation that Yahoo was poised to give its advertising search business to Google Inc, which is already a key partner, or build its own customer service in-house. "Since its inception, the Yahoo! Sponsor Matches program has shown strong performance and experienced click-through rates considerably higher than the industry average," Overture said in a statement. Terms were not disclosed. Overture gets about 40% of its revenue from its portal partners, which display paid search engine listings aggregated by Overture from 60,000 advertisers. Google provides a similar service, as well as providing a regular search engine to portals including Yahoo. Yesterday the company reported a net income for the first quarter 2001 of $29.3m, compared to $20.8m in the fourth quarter and $6.7m loss a year ago, on revenue of $142.8m compared to $101.2m in the fourth quarter and $51.9m a year ago. © ComputerWire. All rights reserved.
Hoping to cash in on all the excitement building in the market about blade servers, IBM Corp's top brass in the Server Group who are responsible for the company's entry into this market started talking, very generally, about the company's plans, Timothy Prickett Morgan writes. Like other blade server vendors, IBM is working on a line of blades for processing, storage, and other jobs that plug into a central chassis, which the company is calling an eServer BladeCenter. IBM isn't saying that its blades will or will not adhere to the CompactPCI standard developed and supported by the telecom and service provider community, but the fact that IBM didn't come out and say this yesterday is probably an indication that at least some - if not all - of IBM's blades will use some sort of proprietary chassis connectivity scheme. This is the tack that rivals Compaq Computer Corp and Sun Microsystems Inc are taking with their blades. HP, with its PowerBar blade machines, is adhering to the CompactPCI standard and is even pushing for the expansion of that standard to include the requirements of enterprise customers, which are sometime distinct from those of service providers. In February, HP put forth the OpenBlade standard, an extension of the CompactPCI spec. This was two months after it announced the PowerBar blade machines, which will eventually support Intel and PA-RISC processor blades and can, in theory, even support Sun's CompactPCI cards running Solaris. Analysts at Gartner Group chimed in a few days after HP bowed the OpenBlade spec and threw down the gauntlet to the server industry, saying that it, too, believed that the nascent blade server market needed some kind of standard to govern architectural options, connectivity, and interoperability between blade server hardware and software components. This talk of standards has, it seems, more or less fell on deaf ears. But IBM could yet surprise us. Tom Jarosh, vice president of business development and blade servers at IBM, has been a marketing executive in the old RS/6000 division and ran the midrange AS/400 division for a few years as well. He knows all the issues concerning openness, and might try to beat Sun, Compaq, Dell and others over the head by pushing standards - particularly if the market starts demanding it. Jarosh hasn't said anything terribly specific about what IBM will do with the BladeCenter designs, except that its machines will support processor blades using Intel Corp Xeon and Itanium processors as well as IBM's own Power line of processors. (IBM might mean Power4 and Power5 processors here, or it might mean a mix of S-Star PowerPC and Power4 processors.) Jarosh also divulged that IBM will deliver a series of storage and networking blades, which are part and parcel of a complete blade server offering. As usual these days, IBM talked an awful lot about the Project eLiza technologies it is developing or has developed for self-administration, self-management, and self-healing for its eServer products. IBM said further that its BladeCenter offerings would have no single point of failure and use hot swappable components. IBM's goal is to allow new blades to be brought online within a matter of minutes instead of hours. IBM's first BladeCenter will apparently be based on Intel's "Prestonia" Xeon DP processor, which supports two-way configurations, and IBM says that the chassis will offer twice the density (meaning processing power per cubic foot) of today's 1U form factor servers. This blade server will be available in the third quarter of 2002, and it will run both Linux and Windows operating systems. It also looks like the machines will use the Grand Champion chipset developed by the ServerWorks unit of Broadcom. Analysts at International Data Corp believe that sales of entry-level tower servers are in modest decline in terms of shipments and revenues, but that shipments and revenues of rack-mounted servers and blade servers are both on the rise. By 2005, IDC figures that blade servers will represent just over 2 million shipments and around $5bn in annual revenues. This represents 23% of entry server unit sales, but only 10% of entry server revenues. Beyond 2005, it looks like this blade server market will still be growing. © ComputerWire. All rights reserved.
The advanced maturity of Europe's formerly booming wireless network business was underlined yesterday as Vodafone Group Plc, the biggest operator in the region, posted quarterly subscriber growth figures down heavily on the earlier quarter. Net subscriber growth for the Newbury, UK-based company was 1.3 million in the quarter, compared to 4 million in the previous quarter, and pushed the company's global customer base to 101.1 million proportionate users. The positive quarter, which brought the net growth for the year to 18.1 million (22%) was mildly surprising, belying fears that Europe's high wireless handset penetration (now at 70% of the population), coupled to the negative effects of Vodafone attempts to decrease the proportion of pay as you go users would see a net decline in subscriber numbers. Nevertheless, whilst average revenue per user (ARPU) per month was also said to have stabilized, the positives in Vodafone's latest indicators did little to outweigh a sense of impending crisis for the company, and for the rest of the global wireless network operator (WNO) community. In London, the muted response of analysts did little to dissuade a growing perception that pressure on Vodafone's share price is sharpening, and Reuters reported an "appetite to dump Vodafone stock" is evident among some market makers. The key to this sentiment, one analyst said, is that until investors see concrete growth in ARPU, they will treat any indicator statement as essentially negative. Certainly, yesterday, the assertion of Vodafone's chief executive Chris Gent that "this year has seen ARPU stabilize in our major markets, ahead of our previous expectations, .... [and] the continued adoption of data services provide a solid base for an expected improvement in ARPU in most of our major European markets in the year ahead" smacked of making the most of thin material. In fact, in at least one of Vodafone's key European markets, Germany, ARPU slipped 5 euros ($4.49) to 298 euros ($267.4m) as the net subscriber base of its former Mannesman network fell 399,000. In Vodafone's other key European markets, Italy and the UK, the news was positive, if modest. Overall, data services contributed 13% of revenue, an increase of 4% in the quarter, and grew 3% to 11% of revenue for the year. This is moving in the right direction, and might show some acceleration once the group's dependence on SMS (by far the biggest source of data revenue) is diluted by the emergence of MMS and the roll-out of new GPRS-based applications. However, GPRS uptake is still lackluster, with little to suggest that Vodafone and other operators truly have compelling new uses for it waiting in the wings. The growth of MMS revenue will have to wait for a new generation of handsets to penetrate the market, which also looks an optimistic bet in the present climate, and runs contrary to MNO ambitions to reduce their commitment to subsidizing handset sales. © ComputerWire. All rights reserved.
One of the exhibits in the previous stages of the Microsoft antitrust trial included an email from one Chris Jones, recommending to Bill Gates that the binding of IE into Windows should be such that users would find running rival browsers "a jolting experience." At the time many people, not least of them the Department of Justice, seemed to think that this and other associated exhibits were all about the anticompetitive tying of IE into Windows in order to destroy Netscape. But apparently not - MS Windows exec Chris, taking the stand yesterday, put forward an explanation of almost patentable novelty. What he meant, he said, was that the experience would be jolting for good reasons if it occurred because of the "great innovations" that integration of IE brought to Windows. So presumably you could think about the new versions of IE Microsoft was designing as being truly wondrous, and that users would therefore find use of the comparatively stone age rival products truly unpleasant. One could almost convince onself that Jones has a point here; but not quite. As far as we can make out he did not yesterday specifically exclude the possibility that users might get their jolt even if the innovations associated with integration turned out not to deliver truly wondrous software after all. Nor is it obvious why, if this and similar emails were really talking about building great software, there seems a marked deficit of emails saying something to the effect of 'we're going to build great software so the users don't want to use Navigator.' There are, on the other hand, emails from senior execs that say that IE wasn't at the time good enough to win the browser war on its own, and recommending that the Windows franchise should be leveraged to build IE's market share. On the broader issue of Microsoft breaking other people's software Jones almost had another point too. He objects to the States' proposed requirement that Microsoft shouldn't be allowed to interfere with rivals' software without good cause. This requirement might strike you as remarkably reasonable, so Jones should be commended for his resourcefulness in finding an objection to it which is also, in its way, quite reasonable. Essentially, if Microsoft's rivals have the ability to object to changes Microsoft makes on the basis that it interferes with their own software, and hence disadvantages them, they are going to abuse this right. They're going to make it up. Every time Microsoft makes a change that they can argue is somewhere in the general vicinity of their own turf, they're going to complain about it. He's right, isn't he? Are these nice, generous people, or are they going to seize every possible weapon there is in their war against Microsoft? But before we wholeheartedly agree that the ability of rivals to put forward spurious an inaccurate instances of "without good cause" we should maybe rewind a little to what these current trial sessions are actually about. Microsoft has been found guilty of various anticompetitive activities, and the court is now considering what measures should be imposed in order to stop the company from doing it again. Left to its own devices to define "good cause," Microsoft has abused its position, and spurious justification cuts both ways. There is possibly an argument that this part of the States' proposal will cause wrangles if implemented, but under the circumstances that is not an automatic justification for tossing it out. Another interesting point was brought up by States' attorney Kevin Hodges, who established that the proposed MS-DoJ settlement had less teeth to it than appears at first glance. Under this deal PC manufacturers will have the right to install rival companies' software, but it's still feasible for Microsoft to bar them from running Netscape when the computer is first turned on. Jones seems to have argued that as IE was a part of Windows, Microsoft didn't have to give OEMs the right to run Netscape. At time of writing the full transcript of the session wasn't yet available, so we're currently unable to dig deeper into this eccentric argument. However, as he seems to be arguing that the levelling of the playing field doesn't entirely apply if a component is a part of Windows, we may have another bid for a 'get out of jail free' here. More once we've checked the details. ®
Time Group, the UK's biggest system builder, has created a new job - chief information officer - to handle "joined up IT delivery". The first incumbent is Jason Campion, who moves over from Time sister company Internexus, where he was technical director. Campion's job is to manage the installation of a retail system for the company's 150-strong computer chain, and to improve back-end systems. Internexus provides virtual ISP services for several customers, including Supanet, Time's ISP. The Register's a customer too: Internexus handles our web hosting. ®
An international group of investors led by a British financier has emerged as the frontrunner in the race to buy PSINet Europe. The group, which includes ClearBlue Technologies, Israel Corporation, Infinity Holdings and British financier Michael W Stevens, has entered into a contract to buy the ISP and Web hosting business for $9.5 million cash. The deal still needs to be approved by the US Bankruptcy Court. If the sale is given the go-ahead then it's expected to be completed by the end of June. PSINet Europe generated revenues of approximately $160 million in the year ending December 31st 2001 and employs around 600 people. PSINet Europe was put up for sale earlier this month after its parent, PSINet Inc, filed a motion with the US Bankruptcy Court to auction its European operation. Earlier this month Cogent Communications Group Inc confirmed it had bought the US operations of PSINet Inc for $10 million. PSINet Inc filed for Chapter 11 bankruptcy protection in June 2001. ® Related Story PSINet Europe for sale
InfoSecurity EuropeInfoSecurity Europe With all the talk about zero day exploits and sometimes esoteric vulnerabilities its easy to lose sight of the role of older, less sophisticated techniques as a mainstay of cracker activity. During a hacking debate at InfoSecurity Europe yesterday, black hat hacker KP said that when he broke into a network he did so 90 per cent of the time through an unprotected modem, often through war dialling. War dialling involves systematically trying to locate the numbers associated with corporate modems through testing each extension of a corporate phone system in turn. "Intrusion detection systems are no real deterrent for me because I get in through the back door," he said. "Many networks are constructed like Baked Alaska - crunchy on the outside and soft in the middle." KP often takes advantage of weak or default passwords to break into networks, and only uses social engineering attacks on telco companies. Coldfire, another cracker speaking at the debate, said he too only used social engineering (persuading people to give confidential information over the phone), against telco suppliers. "Hackers don't like talking to people - remember we're socially inadequate," he joked. In response to customer demand, security testing specialists NTA Monitor this week launched a service to test against war dialling vulnerability. "This isn't particularly sexy," said NTA Monitor's technical director Roy Hills. "But we're seeing high demand for this low-tech service." The issue of war dialling and insecure modem connections was highlighted last month when BT inadvertently published the private remote access numbers of thousands of its customers on its Web site. The list was supposed to include the dial up numbers of ISPs, but modem numbers of private companies and people were published as well by mistake. BT swiftly pulled the information from the BT Together site but now before the monster telco earned brickbats from security consultants. ®
Picsel's Interactive File Viewer (IFV) doesn't entirely lend itself to simple explanations. It's a file viewer (of course) that lets you look at and manipulate a variety of file formats, Word, Powerpoint, PDF, eBook, on a mobile device. Clever, no doubt, but why on earth would you want to do that? Picsel CEO Imran Khand sits down with The Register at Symbian Developer Expo this week, fires up a postage stamp sized display of an Amazon web page and starts zooming in and out. Cute, OK, but why would you want to do that either? After some robust discussion (Picsel is a Glaswegian company), it becomes clear that 'file viewer' is far too modest and limited a term to use for the technology, because what we're talking about here is the ability to mix, match and interact with any data you choose, without dull stuff like browsers, applications and user interfaces getting in the way. Indeed, there are aspects to this that under other circumstances might have had some companies trying to cut off Picsel's air supply. You could certainly use the technology to construct an alternative UI/browser or similar, and the description of Picsel's Carrier Solution gives a clear explanation of how this could work, and why Picsel could make a great deal of money. This is a "comprehensive, end-to-end client-server technology" for 2.5G and 3G networks. Networks can use it to build applications specific to their users, so can bundle together email, SMS, MMS, video, PIMs and more or less anything else they like in order to produce a compelling, network-specific 'do everything' package. And although the service is designed to deliver multimedia content to "devices with limited real estate," it's claimed to be device, OS and network agnostic, so it can be applied to devices of somewhat less limited real estate as well. The Register homepage, which we got onto after Amazon, actually doesn't look half bad on a very small screen via a 2.5G connection, but IFV would clearly make it perfectly acceptable on something the size of a Psion netBook screen, or even on something a little bit smaller. IFV itself is based on Picsel's ePAGE multimedia content engine, which is the bit that actually does the business. It's designed to work without the presence of the source application and without the content being re-engineered, and in addition to phone-type devices it's aimed at PDAs, games consoles, set-top boxes and in-car systems, and it can either sit on top of the resident OS or be embedded in it. As far as browsing of the general web via an IFV-enabled device is concerned, we wound up agreeing that this is a capability that's helpful to have for use in circumstances where you have no choice, but that realistically if you do have a choice, you'll shop off standard format Amazon screens from more standard devices. If content and service providers put a little more effort into tailoring their offering for limited real estate devices that would be different of course, because then you wouldn't so much be navigating a football pitch through a letter box. That however is why it makes sense to offer the products packaged to the networks, because they would then be in a position to optimise the presentation of services, multimedia and not so multimedia, for a broad range of real estates. From the user's point of view, it operates as an easy way to get at your stuff, and all of the stuff you're likely to want on this class of device. So you could have the statutory Britney video going, your contact book so you can phone your mother, the ability to toggle over to your mother via the video phone capability, the game of asteroids to play while you're pretending to listen and look attentitive (why does he grit his teeth and look so stressed whenever he calls me?), whatever. Some people are certainly buying into the concept. Samsung announced it was licensing IFV on Tuesday, and The Register's interview was delayed slightly by a team from Nokia. Which could of course just have been saying hi. Picsel's initial funding comes from Softbank Europe Ventures and BancBoston Capital, and earlier this month it raised a further $6 million in second round finance via a consortium of Japanese investors. Reading the biogs later The Register discovers too late that Imrand Khand's "experience of raising funds... has proved invaluable to Picsel." Curses - let another one slip through our fingers. ®
Today is World Intellectual Property day; so how appropriate for WIPOUT to announce the 11 winners of its international intellectual property counter-essay contest. The Register is, we seem to recall, a sponsor in a very small way, of this contest, so clearly we think it's worth a story. And considering the provenance of WIPOUT, we are sure that it won't mind that we are stealing its press release and reprinting it in full. ® WIPOUT ANNOUNCES ITS CONTEST WINNERS WIPOUT, the international intellectual property counter-essay contest, today announces its eleven winners on the day that has been tagged "World Intellectual Property Day" by the World Intellectual Property Organisation (WIPO). The winners, selected by an international panel of judges, live in six countries across the globe and submitted essays in four different languages: English, French, German, and Spanish. They are named below and are also available on the WIPOUT web site at: www.wipout.net "The obvious interest in the counter-essay contest and the high quality of the entries show that a growing number of people are dissenting from WIPO's dangerous stance that more and more extensive protection of more and more forms of intellectual property is a good thing," the WIPOUT co-chairs stated today. A total of 77 essays were submitted from 18 countries in response to the question: WHAT DOES INTELLECTUAL PROPERTY MEAN TO YOU IN YOUR DAILY LIFE? Earlier in 2001, WIPO, a United Nations organisation, had set up an essay contest that asked the same question. But WIPOUT organisers decided that a WIPO-sponsored contest would fail to appreciate the damage that the over-protection of intellectual property is doing to education, health care, the environment, and economic security for millions around the globe. As Noam Chomsky, one of the more than 50 individuals and groups who endorsed WIPOUT said, this counter contest reminds people that "this harsh regime [of intellectual property rights] is designed to grant multinational corporations control over the technology of the future...it really is a scandal." (The complete list of contest endorsers can be found at: http://www.wipout.net/endorsers.html). All of the 77 essays submitted, including the winning essays, are available on the WIPOUT site, www.wipout.net. The essays to WIPOUT came from the USA, UK, Republic of South Africa, Canada, Sweden, Finland, Germany, Japan, Australia, Greece, Russian Federation, Sri Lanka, Switzerland, Netherlands, New Zealand, France, People's Republic of China and Bulgaria. Among other issues, the 77 essays reveal: - how illiterate persons in South Africa are required to pay copyright royalty fees if they wish to learn to read - and hence don't get the opportunity. - how the conductor of a volunteer church choir in the United States could not lead his choir in a proper public performance, again because of copyright restrictions; - how drug patents are blocking access to desperately needed anti HIV/AIDS drugs...and again, how copyright royalties are charged for anti-HIV health materials; - how the TRIPS agreement is turning into a cruel hoax for countries of the South; - how IP laws are transforming the Internet into a restrictive, user-pay experience; - how the patenting of plants and genes is doing great damages to the interests of farmers and consumers; Among the contributions are poems, drawings, short stories, fictional IP "nightmare scenarios" of coming years, calls to action, parodies, historical explorations, and theoretical critiques of intellectual property. Each of the winners will receive a small financial prize from the WIPOUT prize fund that was created primarily through a generous donation from the Center for the Public Domain in the United States. "Our small group of volunteers hardly has the financial or publicity resources of WIPO, which is housed in palatial head offices beside Lake Geneva in Switzerland, and so we think it was a good accomplishment to get 50% of number of essays that WIPO's contest received." WIPO is also announcing its essay contest winners today. WIPOUT is an international organisation consisting of academics, artists,musicians and other activists. Future projects and programmes are now under discussion. The WIPOUT contest started on 4 September 2001 and concluded on 15 March 2002. Today WIPOUT celebrates the winners, but the competitive aspect of the contest was always secondary to the purpose of giving a platform to the voices who disagree with the constant expansion of intellectual property protection. NAMES OF WIPOUT CONTEST WINNERS, TITLES OF THEIR ESSAYS, AND THEIR LOCATION (THE NAMES ARE LISTED IN ALPHABETICAL ORDER.) ENGLISH-LANGUAGE WINNERS John Cahir, ON CIVIL DISOBEDIENCE AND POLITICAL ACTION, London, United Kingdom. http://www.wipout.net/essays/0113cahir.htm Jason Holt, INTELLECTUAL PROPERTY AFFECTS MY LIFE, Provo, Utah, United States of America. http://www.wipout.net/essays/0216holt.htm Eddan Elizafon Katz, MY FIRST SEVEN DAYS ON THE INTERNET, Oakland, California, United States of America. http://www.wipout.net/essays/0315katz.htm Vijaya Kumar, INTELLECTUAL PROPERTY RIGHTS AN OBSTACLE TO DEVELOPMENT?, Dangolia, Kandy, Sri Lanka. http://www.wipout.net/essays/0314kumar.htm Denise Nicholson, DOES COPYRIGHT HAVE ANY SIGNIFANCE IN THE LIVES OF ILLITERATE OR VISUALLY-IMPAIRED PERSONS?, Johannesburg, South Africa. http://www.wipout.net/essays/1128nicholson.htm Percy Schmeiser, GENETIC CONTAMINATION AND FARMERS's RIGHTS, Bruno, Saskatchewan, Canada. http://www.wipout.net/essays/0904schmeiser.htm Louise Szente, THE CROW AND THE OWL, Durban, KwaZulu-Natal, South Africa. http://www.wipout.net/essays/1112szente.htm Philip Tagg, COPYRIGHT VS. THE DEMOCRATIC RIGHT TO KNOW, Liverpool, United Kingdom. http://www.wipout.net/essays/1112tagg.htm FRENCH-LANGUAGE WINNER Alexandre Pirsch, ANTHROPOLOGIE ET DROITS D'AUTEUR: (D)ÉCRIRE L'AUTRE ET LE (DÉ)POSSÉDER (ANTHROPOLOGY AND COPYRIGHT: HOW "WRITING" CAN DEPRIVE THE OTHER OF HIS/HER RIGHTS.) Montreal, Quebec, Canada. http://www.wipout.net/essays/0315pirsch.htm GERMAN-LANGUAGE WINNER Alesch Staehelin, SUCHE NACH BILLIGEN AIDS-MEDIKAMENTEN (THE SEARCH FORCHEAP AIDS DRUGS ) Venice, California, United States. http://www.wipout.net/essays/0310staehelin.htm" SPANISH-LANGUAGE WINNER Juan Mateos Garcia, DERECHOS DE PROPIEDAD INTELECTUAL Y ESPACIOS DE INFORMACIÓN PÚBLICA (INTELLECTUAL PROPERTY RIGHTS AND THE INFORMATION COMMONS), Salamanca, Spain. http://www.wipout.net/essays/1012garcia.htm"
Westcon is to buy the networking distie assets of Landis, the stricken Dutch-owned firm, for the knockdown price of €7m. It assumes responsibility for 500 employees, fixed assets and customer contracts, but no debt and no liabilities. We guess there's a separate conversation going on for the products in Landis' warehouses. Westcon is the distie arm of Datatec, a networking reseller headquartered in South Africa. It signed a letter of intent to buy Landis' networking business in January, but the deal fell through. This time, we guess, it's got Landis much cheaper. Landis is by any standards a big business - the distribution division turns over €450m a year. But it was in hock to the banks and faced a huge credit crunch from its suppliers. Without credit, an IT distie simply cannot operate. ® Related story Westcon buys Landis (premature headline)
In February VIA launched the Apollo KT333 chipset onto a suspecting world+dog. At the time, the Taiwanese chipset house (it prefers to call itself a core logic business these days), said that 40-50 per cent of new mobos would support DDR333 fast memory by the end of the year. Some industry observers raised their eyebrows. But there's little sign yet of VIA revising its projections. Yesterday the company published a press release in which it boasted of its "success of the VIA Apollo KT333 chipset in becoming the first choice platform in the market for AMD Athlon XP compatible motherboards". And it names its KT333 mobo design wins - all 20 of them. The list is as follows: Microstar, Asus, Gigabyte, ECS, Epox, ABIT, Chaintech, Acorp, Shuttle, Aopen, FIC, Soyo, Biostar, DFI, Luckystar, Soltek, Jetway, Albatron, Azza and QDI. It's a long list, it's an impressive list. But there's no sign of market share figures. VIA is also careful to note the "exceptional speed and stability" of the Apollo KT333 chipset. There were stability and performance issues with the first iteration of the KT266 chipset, and the company is keen to make good any harm that this may have done to its reputation. ®
The results of the transfer of Silicon Graphics' 3D patent portfolio to Microsoft have begun to show up in the US Patent Office database. Last October, SGI revealed a payment of $62.5 million from Microsoft for "non core" intellectual property. In January, we explained what this was. The US Patent Office now shows three patent applications assigned to Microsoft Corp. which were invented at SGI by SGI employees. None of the inventors has worked for Microsoft. The three patents are 6,362,828 ("Method and system for dynamic texture replication on a distributed memory graphics architecture") filed on June 24 1999 by David L Morgan; 6,369,814 ("Transformation pipeline for computing distortion correction geometry for any design eye point, display surface geometry, and projector position") filed on March 26 1999 by Angus M Dorbie; and 6,373,482 ("Method, system, and computer program product for modified blending between clip-map tiles") filed on December 23 1998 by Christopher J Migdel [sic] and Don Freeman Hatch. "Migdel" is a typo, it's actually Migdal, as his previous patent filings and another published paper confirms. Morgan and Dorbie confirmed the details, but declined to comment. Through a spokesman, SGI's legal department said this was "business as usual". SGI has maintained that the patents transferred are not essential to the company's business. And true, the company isn't in the 3D card business, and remains the industry's richest source of graphics intellectual property. Our story launched feverish conspiratorial speculation about why Microsoft should want to acquire even more 3D graphics know how - speculation we were partly responsible for fuelling. But the context, as we understand it, was fairly straightforward: the transfer paved the way for the launch of the Xbox, which had been threatened at the eleventh-hour, over rights to patents that originated at SGI and that were subsequently licensed to NVidia. Late in the day, NVidia discovered that it didn't have the rights to sublicense them. And the deal provided SGI with cash, which it needed fairly urgently last year. Sometimes, the chicken wants to cross the road just to get to the other side. ® Related Stories SGI transfers 3D graphics patents to MS
Attention: medical staff. Handspring's fine Treo communicator had Walt Mossberg of the Wall Street Journal hyperventilating recently, with Walt describing it as the best phone and the best PDA he'd ever used. It probably is. But when Walt gets to see the Sony Ericsson P800, we recommend that the demonstrators bring along a team of paramedics. Although the Treo and the P800 are functionally similar, our first impressions of the new Ericsonny device leave the Treo looking like Dilbert's secret Elbonian recipe for mud (that's soil and water, by the way). It's far from perfect, but after several years of looking at smartphones, the P800 has the kind of potential to break out of the geek ghetto, and one that leaves us even more convinced that today's PDAs need to evolve dramatically, and fast. For years they've been a secure little niche: PDAs and have even been fashionable, usually during consumer booms when material excess was in vogue: think of Psion's Organizer in the 80s, and Palm in the late 90s. But the total volume of these units shipped remains miniscule compared to phones. By way of comparison, one in nine people uses a cellphone, according to the GSM Association. Manufacturers are betting that most smartphones will simply be modelled on today's devices with numeric keypads, and a larger screen: both Nokia's Series 60 UI and The Beast's Smartphone 2002 follow this form factor. But the P800 - like the Motorola Accompli 008 is a true pen input PDA that is unmistakeably a phone. Phones have now shrunk beyond the point of convenience: I'm using a Motorola V.66 and it's a fine phone, but really too small to be comfortable with. It gets lost in my deep trouser pockets, and the keypad buttons are pretty fiddly. Sony/Ericsson isn't the first phone that grafts PDA functionality into the device without compromising the low mass of a real phone - that goes to last year's Accompli - but it is the richest: a far more capable color device, that just happens to include a camera too. So what's it like? It's very light. The blue translucent styling is strongly reminiscent of the original iMac, and this is matched by the user interface effects: click on an icon and it wooshes a little like the Aqua genie. Like Ericsson's well received T68 phone, it's supports color schemes. The P800 resembles its Symbian predecessor, the R380, sporting an LCD that takes up much of the front of the device, with a flip down keypad that mechanically touches the LCD. The camera is built into the back, but unlike Nokia's 7650 camera phone, there's no lens cover, which could leave the device vulnerable to dirt and dust (or in my case, stray tobacco). In a nice touch, when you take a picture, the phone gives you audio feedback in the form of a 1958 Leica shutter. There's no USB connector, but we're told that the Ericsson texting pad - a tiny Alphanumeric keyboard - will work with the device. A combination bluetooth and infra red port is on the left of the device, along with a rocker wheel, and a thin plectrum of a stylus slots uncomfortably onto the right. This is fiddly and will hopefully be fixed when the device goes on sale in the fall. It's the weakest design feature of the phone. On the right side you'll also find the camera button, and a blue button that "connects you directly to the Internet". Strange for an always-on device: we figure this means that when you're out of range of a GPRS cell, it makes a regular GSM call on your behalf. Polished quartz The user interface makes for the most interesting comparisons with rivals, however. It's running on a 320x208 display, which feels cramped compared to PocketPC PDAs but is luxurious compared to PalmOS devices. In terms of UI metaphors, it very closely resembles the Palm UI, applications overlay each other, but with the addition of a tabbed navigation strip at the top of the screen. You can view as icon, or a list view. Perfecting this UI has been a long and painful process with Ericsson canning projects that used a bulkier 320x240 version. The UI originated at Ronneby in Sweden, in a lab which was spun off into the Symbian operation, and it was formerly announced two years ago as "Quartz". But it's been worth the wait, we reckon. This is a slimmer version of Quartz, called UIQ and gains enormously from the higher pixel density that's now possible. (Both the fatter and the thinner versions of UIQ are available to licensees). "We had to make it smaller," Ulf Wretling Sony Ericsson's head of third-party programs told us. "Asian consumers are picky on size as well as style, while US consumers are more used to bigger devices, and look for functionality." The device uses Ericsson's own AU System Browser, which can handle real HTML, cHTML or WAP 2.0 pages, so you don't have to carry two browsers into the shower. There's also been some effort to make download Java midlets easier, with a built-ion AppLoader fetching them directly from the server. With a huge amount of software rolling out for Symbian phones (Nokia, Motorola, Siemens and Panasonic all have devices in the pipeline), we'd like to see installing apps made as easy: it's absurd, with the Nokia 9210, to be required to use a PC for software installation. Devices should bootstrap themselves. It's a triband device, so it will work on US networks, and the camera will allow you to store 200 pictures in VGA format. (The screen supports 4,096 colors). In conclusion, it's probably the most desirable little piece of technology we've seen for a while. It certainly obliges Handspring and Danger to price their Treo and HipTop smartphones low, as the Ericsson is from the outset a much more capable device. But we hope there's room in the market for all three. Earlier this year we called in on Danger's University Avenue HQ in Palo Alto, and thanks to the splendid Joe Palmer - hardware chief for the HipTop, and designer of the original BeBox - were able to snap a prototype HipTop running your favorite tech news site. Alas we couldn't provide you with a size comparison of the P800. We'd run out of cigarettes. ®
Linux heavyweight Alan Cox is to speak on a debate next week about the proposed European Union Copyright Directive which has alarmed many in the Internet community. Cox will speak on the negative effects the directive could have on open source software development during a Campaign for Digital Rights mini-conference, to be held in London's City University on Monday evening. The debate is likely to cover the Dmitri Sklyarov case, DVDs on Linux and copy protected CDs, as well as the EU copyright Directive - which has been compared to the America's controversial Digital Millennium Copyright Act by its opponents. Opponents say the directive will stymie legitimate free uses of copyright material enshrined in international copyright law. You can find out more details of the free event here. ® Related stories Brit music indies want copy-protected CDs UK campaigners call for anti 'anti-rip' CD day of action ElcomSoft attacks DMCA in Sklyarov test case US courts claim jurisdiction over Sklyarov US courts kowtow to entertainment industry
Cisco Systems has written to users to warn against forged messages containing computer viruses which purport to come from its Product Security Incident Response Team (PSIRT). Several forged virus bearing emails apparently from email@example.com have been sent out, one of which (containing an infected attachment 'width.pif') was received by The Register this morning. These messages are not authentic and can be safely ignored, Cisco advises. Cisco is "aware of these emails and is actively looking at solutions to reduce or eliminate the forged messages", it said in a notice to subscribers of the list this evening. Authentic Cisco messages on the moderated mailing list can be identified by a PGP signature and will originate from a verified "cisco.com" address, it advises. Similarly spoofed email messages infected with the Klez virus have forced AV vendor Sophos to deny any responsibility in the wider distribution of the virus. The recent Klez-H worm uses its own SMTP engine, and can appear to have come from any email address, it advises. Some of its other customers have also reported receiving an unsolicited email apparently from Sophos claiming to contain disinfection tools for the W32/ElKern virus. These emails contain a copy of the Klez-G worm and, again, do not originate from Sophos, the company states. Sophos recommends that users do not open or launch unsolicited executable attachments and keep their anti-virus software updated. Computer users are also advised to consider installing a patch from Microsoft which should fix a vulnerability in some versions of Outlook, Outlook Express, and Internet Explorer that is exploited by Klez-H and a number of other viruses. After a slow start, spread of the Klez-H worm has reached near epidemic proportions. Managed services firm MessageLabs reports blocking more than 200,000 virus infected emails destined for its customers, since the virus first appeared last week. ® Related stories Klez worm infects and infuriates Newmedia agency cleared of spreading worm Sophos rebuffs virus-spreading charge Norton AV update rings false alarm bells Symantec spills email addresses of list subscribers How secure is CA's security mailing list? Virus writers outpace traditional AV
SuSE Linux aims to make its open source distribution more user friendly with version 8.0 of its Professional Edition, launched today. Version 8.0 is based on version 2.4.18 of the Linux kernel and includes an improved desktop interface, KDE 3.0, which is closer to the Windows desktop environment most users are familiar with. Using the YaST2 configuration program, users can have SuSE Professional Edition version 8.0 (which comes in seven CDs or one DVD) up and running on a blank PC in 20 minutes, according to Roger Whittaker, a technical consultant at SuSE. "We're trying to develop the most functional and easy to use Linux distribution available," said Whittaker, who added that many large businesses and police organisations are exploring the use of Linux on the desktop. Desktop use of Linux remains the exception, of course, but SuSE reckons Microsoft's latest licensing policies will see Linux distro make inroads into the Windows hegemony. Office suites OpenOffice.org and StarOffice 5.2 both come bundled with SuSE Professional Edition Version 8.0, along with an improved Linux-based firewall. It also includes Sun's Grid Engine 5.3 distributed resource management software, Apache 1.3.23 and file and print server for Windows networks, Samba 2.2.3a. Support for multimedia devices such as CD writers is improved but SuSE support for scanners, though improved, remains less than perfect. ADSL users will still have to download proprietary software from Alcatel to get their connections up and running with the distro. Meanwhile, DVD support for Linux users remains embroiled in legal issues, particularly in America where the DeCSS case impedes out-of-the-box support. The recommended retail price for Linux 8.0 Professional (which comes with 90 days installation support) is €79.90. ® Related stories DVD hacker Johansen indicted in Norway Forcing Linux on a crap Presario laptop SuSE 7.3 rocks Red Hat and flips XP the bird SuSE wins fresh finance SuSE buys off trademark extortionist A fresher Linux for Macs Sun embraces x86 in Linux overture Sun to charge for StarOffice (Linux and Windows) Microsoft's License to Confuse Finnish city closer to switch from Windows to Linux Danish local govt. rebels against MS license terms Linux to help police with their enquiries?