16th > August > 2002 Archive

Ad watchdog critical of Domain Registry of Europe

The Advertising watchdog has slammed Domain Registry of Europe (DRoE) for misleading consumers over its mailshots that "look like bills". Last month The Register reported how the Canada-based domain registration outfit is currently targeting domain holders in the UK with unsolicited letters that readers claim "look like bills". DRoE maintains that the letters point out that the notice is "not a bill, rather an easy means of payment should you decide to register or renew your domain(s) with us". However, that hasn't satisfied the Advertising Watchdog Authority (ASA). A document seen by The Register reveals that the ASA is highly critical of DRoE's approach and demanded that it revises its letters to ensure they are clearly marked as an advertisement. Said the ASA in correspondence to one of those people who complained about DRoE's tactics: "We consider that the mailing suggests that it is an official notice, that it misleadingly exaggerates the importance of the mailing's content and that it fails to indicate clearly that this is an advertisement. "We have therefore asked for the advertisers' assurance that the mailing is amended to delete the words "IMPORTANT NOTICE" and other suggestions that exaggerate the status of the mailing and that it states clearly from the outset that the material is an advertisement." If DRoE fails to amend its documents then the ASA said it would consider "pursuing the matter further". The ASA declined to comment on the matter except to say that it had written to the DRoE and that the company was under investigation. Those behind the complaint to the ASA have also reported DRoE to Trading Standards officers. Separately, UK domain name registrars, Internetters, has called on the industry to adopt a code of practice to deter what it calls "cowboy registrars" from riding roughshod over the Net. It believes a code of practice would help deter cybersquatters and disreputable domain name registrars. It also believes an industry wide code of practice would result in better service for customers and lead to a decrease in the number of domain name scams. ® Related Story Domain Registry of Europe defends tactics, sues Tucows
Tim Richardson, 16 Aug 2002

Check Point secures IPv6 and P2P

Check Point Software Technologies Ltd is gearing up for a new release of its Check Point VPN-1/Firewall-1 security software, and is claiming a number of industry firsts will be delivered in the new version. The Ramat-Gan, Israel-based company is claiming to be the first vendor to secure IPv6, peer-to-peer, instant messaging and Microsoft Common Internet File System file sharing and printer services with VPN-1/Firewall-1 Next Generation Feature Pack 3, due for release in September. The company said it is the first security vendor to support IPv6, the next generation internet protocol, and also the first to recognize and control peer-to-peer applications such as Gnutella and Kazaa, as well as instant messaging applications, through its Stateful Inspection technology, which enables more granular inspection and access control of applications traveling through the firewall. The company is also promising support for Microsoft's CIFS-based file sharing and printer services, which enable users to access file and printer service across the corporate network, with the forthcoming release, which will also include enhancement's to Check Point's Security Management Architecture. Enhancements in feature Pack 3 include Policy Revision Control with policy rollback for security policy development and management, live updates of software and licenses through the SmartUpdate tool and User Center web site, as well as a "one-click" process for upgrading software on all security modules across the network. © ComputerWire
ComputerWire, 16 Aug 2002

LSB certifications confuse Sun's Linux standards story

Red Hat Inc, SuSE Linux AG, and MandrakeSoft SA have become the first Linux distributors to have their versions of the open source operating system certified as compliant with the Free Standards Group's Linux Standards Base (LSB) specification. The announcement of the first certified distributions is particularly interesting given comments made by Sun Microsystems Inc's chairman and CEO Scott McNealy at this week's LinuxWorld. Launching Santa Clara, California-based Sun's first Linux distribution and server, McNealy launched an attack against market leader Red Hat. "We have to force the world to LSB compliance," McNealy told delegates as he announced Sun's support for the LSB. "Not Red Hat or IBM compliance." McNealy's comment seems strange given that, according to Sun's own developer resources, Sun Linux 5.0 is "highly compatible with Red Hat Linux 7.2", and differentiated from Red Hat Linux 7.2 only by different RPM package manager versions and installer functions. Now that Raleigh, North Carolina-based Red Hat is one of the first distributors to become LSB-certified, McNealy's comments look increasingly like smoke and mirrors. The certification of Nuremberg, Germany-based SuSE's Linux distribution is also important to the future of the Linux market, as SuSE's Linux Enterprise Server forms the basis of the UnitedLinux partnership between SuSE, Caldera International Inc, Turbolinux Inc and Conectiva SA. The first product from that partnership is scheduled to enter closed beta at the end of the month. The third certified distributor, Paris, France-based MandrakeSoft, recently rejected an approach to join the UnitedLinux initiative, preferring instead to differentiate its Linux distribution from the crowd. As MandrakeSoft's LSB certification indicates, that differentiation does not have to lead to fragmentation. Launched in July 2001, the LSB is an attempt to create an agreed standard set of base-level Linux features to ensure a level of compatibility between distributions and portability for applications. The LSB features contributions from Red Hat, SuSE MandrakeSoft and Caldera as well as IBM Corp, Hewlett-Packard Co, Intel Corp, and Oracle Corp, among others. Managed by the Oakland, California-based Free Standards Group, the LSB 1.1 specification was released in January 2002, followed by the certification program in June 2002. The certification program itself is managed by The Open Group, the keeper of the Unix 98 standards. © ComputerWire
ComputerWire, 16 Aug 2002

Genuity pulls plug on European Web Hosting arm

Ailing network services and hosting firm Genuity Inc has pulled the plug on its European web hosting business Integra SA after securing a new 30-day lifeline with its banks. Woburn, Massachusetts-based Genuity, which acquired a 93% stake in Paris, France-based Integra for $125m last October, said it had decided not to continue funding the business despite being on course to meeting its financial targets. The move follows an earlier decision by Genuity in May to pull out of the professional services market in France, Italy and Spain, when it also began weighing up the viability of its other European operations in Denmark, Germany, Italy, the Netherlands, Sweden and the UK. At the time, Genuity also began a company-wide restructuring, involving the loss of between 1,100 and 1,200 jobs, or between 27% and 29% of its workforce. Meanwhile, Genuity paid $50m to be granted an additional 30-day reprieve against paying back $2bn worth of debt with its banks and $1.15bn worth of debt to major shareholder Verizon Communications. The extension follows a two-week standstill agreement Genuity signed with its banks in July. Genuity defaulted on its credit repayments in July after New York-based Verizon unexpectedly decided not to acquire a majority stake in the business.The decision by Verizon means it will avoid having to spend a further $850m on funding Genuity. This has left the company with no option but to approach its other investors, and so far it has raised $723m of the $850m total from eight banks including Chase Manhattan, Citibank and Credit Suisse First Boston, bringing its cash balance to $1.3bn. One of the major investors Deutsche Bank decided not to reinvest, and Genuity is now taking legal action to get the money. Genuity's future now looks decidedly bleak since the current depressed state of the telecom and hosting markets makes a sale unlikely. The company claims that it has enough working capital to continue trading, but with a debt mountain of about $3.84bn, it will be seeking another reprieve from its creditors in 30 days, or bankruptcy could be looming. © ComputerWire
ComputerWire, 16 Aug 2002

Agere to exit optoelectronics, fires 4000

Agere Systems Inc plans to pull out of the optoelectronics business after a catastrophic collapse in demand for products that provided the company with $1.2bn of revenue last year. The move is part of a huge round of cost-cutting at the Allentown, Pennsylvania-based company that will reduce its 11,200-strong workforce to about 7,200 by December 2003. The optoelectronics market has become a disaster area after carriers brought spending to a virtual halt. Agere has concentrated on the long-haul sector, which has been most drastically affected by the downturn. Agere quoted market research firm RHK as predicting that optoelectronics component revenue will decline from $7bn in 2000 to $2.3bn this year. Agere has been a leading company in the sector and in the year to September 30, 2001 its optoelectronic revenue rose 83.8% to $1.2bn. But it now says that in the third quarter to June 30, optoelectronics provided just 10% of its $560m revenue. This suggests that what a year ago had been a $1.2bn business has now shrunk to $224m. All the players in the sector are suffering and have responded by slashing their workforces. Nortel Networks has said it is considering the sale of its optical components operation, and said there will not be a meaningful recovery in the market until late 2003 or early 2004. Agere said it is seeking a buyer for all or parts of the business, but in any case will shut its own operations by the end of June 2003. There will now be an expensive poker game in the sector because those companies with the resources to stay in operation will profit handsomely when demand eventually picks up. Agere's aim is to bring down its quarterly revenue breakeven point from the current $700m to $500m by the second half of 2003. © ComputerWire
ComputerWire, 16 Aug 2002

Dell reports higher profits

Dell has posted a fiscal second quarter profit of £501 million, beating analysts' expectations, as its worldwide shipments rose 18 per cent. Dell reported net income of $501 million, or $0.19 per share, compared with a net loss of $101 million, or $0.04 per share in the same quarter last year and profits of $0.16 per share in the previous quarter. Revenues for the quarter, which ended 02 August 2002, were $8.46 billion, up from $8 billion in the previous quarter and up from $7.6 billion in the same quarter last year, which means that Dell's revenues are up 4.9 percent sequentially and 11.1 percent year-on-year. Importantly, Dell said that worldwide product shipments rose 18 percent, with shipments of servers and workstations jumping 20 percent. The company also said that it expects to increase shipments by more than 5 percent in the next quarter, projecting third-quarter revenue of $8.9 billion. Dell product shipments in EMEA were up 5 percent in the quarter and up 23 percent in the US. The company credited its strength in the US to a 21 percent increase in shipments to education and government customers. The company also had 12 percent growth in Asia-Pacific and Japan. Kevin Rollins, Dell's president and chief operating officer, said that Dell is ahead of plans for its $1 billion cost-trimming programme. Dell said it generated nearly $870 million in cash from operations during the second quarter. At the end of the period, total cash and investments totalled $8.6 billion. Inventory was flat with the year-ago quarter, as product shipments rose sharply. On Thursday, Dell shares rose in after-hours trade to $27.20, after having initially topped $27.40. Dell shares had closed at $27.14 in regular Nasdaq trade. With speculation mounting that Dell will soon enter new markets, Chief Executive Officer Michael Dell admitted in a conference call that the firm "was "likely to enter the PDA and printer markets." But went on to say that the company would remain focused on it core products, computer systems, despite any new moves. © ENN.
ElectricNews.net, 16 Aug 2002

Record A-Levels. Thank you, PC World !

So you thought yesterday's record A-Level results were down to easier exams or brighter youngsters or better teaching? Go to the bottom of the class. No, it's down to students making better use of their PCs, according to PC World, the UK's leading retailer of PCs. In a survey of 300 students, 'making most of their computer resources', was rated higher than 'more reading', 'better attendance at lectures' and 'paying more attention at class' as the best way to raise grades. Only 'more revision' (mentioned by 31 per cent) came ahead of computing (ranked top by 26 per cent) as the best way to boost results in a study of attitudes sponsored by PC World. So playing games, downloading MP3, gossiping by email and copying other people's work, with a bit of last-minute cramming thrown in, is the way to academic glory. God Bless you, PC World! ® Related Link Free Essay Network. Links to loadsa free essay sites.
John Leyden, 16 Aug 2002

MPs shun email

The UK's politicians are reluctant to use email to communicate with their constituents, according to a survey by IT outfit Parity Group. The survey found that the vast majority of MPs conducted less than a quarter of correspondence with their constituents via email, with MPs preferring to use snailmail instead. The survey also found that only one in 20 MPs is comfortable using email. Those behind the survey reckon MPs could be more productive if they used email. Said Rick Bacon, of Parity Group: "At a time when the government is pushing forward at a rate of knots with reform and development in the online world, it's ironic that most MPs are still unwilling to embrace current communications technologies." "With 43 per cent of the country now connected to the Internet, there is clearly an opportunity for many more than 5 per cent of MPs who are willing to communicate with the electorate via email to do so," he said. Parity received responses from 151 MPs out of a possible 659 Member of Parliament. Nine out of ten said they conducted less than a quarter of correspondence via email, while only one MP conducted more than three quarters of correspondence online. ®
Tim Richardson, 16 Aug 2002

MP3s are good for music biz – Forrester

Forrester Research has surveyed a thousand music customers and concludes that MP3 downloads are good for the music business. Twenty per cent of those surveyed - two groups Forrester describes as "music lovers and music learners" - buy 36 per cent of CDs, and these enthusiastic downloaders said MP3s had no effect on their CD purchasing. "The idea that digital music is responsible for slump is completely false," concludes Forrester analyst Josh Bernoff. The news will dismay the entertainment pigopolies*. Forrester attributes the 15 per cent slump in music sales to a number of other factors. The economy is in a slump, there's much more competition from games, from DVDs - which saw an 80 per cent rise in sales - and most interestingly - from the "limited playlists" rotated by commercial US radio stations. Forrester notes that one company, ClearChannel controls 60 per cent of radio, so new artists don't get the opportunity to be heard. "Playlists are very short," it notes. And that's how the Recording Industry of America Association (RIAA), the music Pigopolists' trade association, likes it. It has lobbied hard to tighten its grip on alternative promotional channels recently, forcing many small webcasters off the air by imposing royalties that traditional radio stations don't have to pay. Forrester is upbeat about the industry's prospects - if only they were smart enough to embrace downloads. But Forrester concludes that it is essential that citizens have variety - "more than two or three labels worth of choice" - and that their right to control music, to copy and burn it, is preserved. "Labels have to stop focussing on distribution, and concentrate on promotion, and new accounting systems," says Bernoff. "There's a chance that labels can monetize peer-to-peer networks," he adds. Forrester summarizes its conclusions here. *Register Dictionary Definition: [n,pl.] "market condition formed by several extremely greedy oligopolists." Adopted by Dave Marsh, who was nice enough to credit us. Related Stories Big name microcasters pull the plug Penny finally drops for Napster Judge
Andrew Orlowski, 16 Aug 2002

MS soft-pedals SSL hole

A Microsoft security PR bulletin dealing with the recent SSL (Secure Sockets Layer) certificate hole reported by Mike Benham goes out of its way to assure Windows users that there's little to be concerned about. The recent negative talk about it hasn't been properly 'balanced' (i.e., approved by the Marketing Department), apparently. "We regret any anxiety that customers may have experienced regarding this issue. Clearly, it would have been best if a balanced assessment of the issue and its risk had been available from the start," the company's PR bunnies want you to know. Attacking the flaw, MS says, would be well-nigh impossible for three reasons. First, there's no easy way for an attacker to lure a victim to a malicious knock-off Web site, which MS flacks insist is a precondition for exploitation. Actually, what they say is, the attack scenario "provides no way to make the user actually arrive at the attacker's site." Well, that's true in a sense. Luring the victim is a problem which needs to be solved or sidestepped for an attack to work. But is it strictly necessary? The short answer is no. Benham's attack tool, sslsniff, uses ARP (Address Resolution Protocol) spoofing rather than social engineering, and just grabs data from other people's SSL sessions using ARPspoof to get between client and host as a proxy, and his certificate chaining attack to defeat Windows' certificate verification mechanism. Thus an attacker can easily place himself between you and your bank and log your business using a bogus SSL certificate which IE will not warn you of. We publish this because there's a simple, free workaround. Just install Mozilla for Windows if you need to rely on SSL while MS comes up with a fix. Second, MS claims that the attacker's identity would be 'easy to determine' because there are fairly strict ID requirements for people to obtain digital certs, and Benham's approach requires the attacker to use one in signing an intermediate cert. Reader Andrew Gray of Icons, Inc. doesn't buy that for a minute, and sent us an email disputing the claim. "Most likely, the identity of the fool that had his Web server rooted and keys stolen could easily be established," he writes. "Many SSL Web site operators remove the 'key-protecting key' that protects the Web server's private key so that the SSL component of httpd will start at reboot without manual intervention. Will the first person to post a valid signed certificate and its associated unprotected private key to USENET bring down the E-Commerce infrastructure of the world? Does IE even check to see if the certificate has been revoked?" "Unfortunately, what this issue means is that we need to not only trust VeriSign and all the other root CAs [Certificate Authorities] in their ability to protect their keys (as we have historically done), we now have to trust every Web server and its associated people, policies, and procedures for maintaining the integrity and confidentiality of their keys." Well of course we always did have to; it's just since Benham showed us how easy it is to forge an SSL cert with any valid key that we've appreciated it fully. Finally, Redmond's PR bunnies tell us that "the user would always have the ability to determine the truth," if he were confronted by a dodgy SSL cert from somewhere outside the site he's trusting. He would not be warned, mind you; but he'd have every opportunity to look into it on his own. "Anytime an SSL session has been established, an icon shaped like a lock is present in the lower right corner of the screen. By double-clicking on the icon, the user can see information about the site's digital certificate, including the identity of the issuer. This would clearly show that, in contrast to the norm, this one hadn't been directly issued by a commercial Certificate Authority," MS cheerfully notes. Gray has a colorful comeback: "You can tell the average user that they need to start validating certificate chains manually. End users have trouble keeping food off their keyboard and sorting messages in Outlook. Try explaining this problem to them." We sense a period of bitter helpdesk experience somewhere in that CV. But the point is fair. The fact that a certificate is signed by an intermediary may not ring alarms for many users, assuming they ever bother to check what their little padlock icon has to say. They've been told in a million ways that incomprehensible and virtually infallible technology is always invisibly at work on their behalf. A naive user may well assume that if there were anything wrong with a certificate being signed by an outside entity, surely a company that promises nothing but Great Experiences from Great Software would have taken steps to prevent it from happening. ®
Thomas C Greene, 16 Aug 2002

Rock bible returns

Stuff We LikeStuff We Like For music fans under fifty, this site will keep arguments raging well past last orders have been called. Trouser Press was a New York-based shoestring independent music 'zine that ran for ten years from 1973, with a heavy bent towards British artists - it was named after a Bonzo Dog band tune - and new music. And it published an epic artists encyclopedia, which was last updated in 1996. And as of this week, the whole freaking, monumental lot is back on line - a tribute to co-founder Ira Robbins' persistence. "This is a critique not a catalogue," wrote Robbins in the preface to the last edition, which gives you a clue that it steers away from the academic worthiness that kills so many similar projects. In fact it's a cross between the two - it's pretty comprehensive, but not exhaustive; and yet it's personal and catholic enough to leave room for some terrific writing. But the fact that it's opinionated, not canonical, makes for addictive browsing. The bad news is that in its new incarnation, little has been refreshed since 1996, as the curators admit. The good news, is that they're looking for new submissions. And the best news of all, is that the old hands seem to be in charge, so fortunately new reviews will trash both Phd-length thesis and fanboy cumshots. So the future could be bright indeed. It's in two sections, reflecting when the two books were updated: a 70s/80s section and a nineties section. To be honest, the fun of reading this results from the inconsistency, which makes for a great talking point. The entries for Captain Beefheart and Bongwater (eg, "Some of the funniest, smartest and messed-up ultra-psychedelia ever invented.") were obviously written by admirers, for example, while Can get such arms-length treatment, the entry sounds like it was written by a lab technician observing a not-too-interesting new bacteria. Can were, or are, the high point of European kultur for me, and deserve more. (Pete Shelley of The Buzzcocks said he only learned to play guitar because of Can.) And omissions and anomalies abound. Beefheart is in, though he wasn't strictly an artist who began his work in the 1970s artist, but not Laura Nyro, or The Who. And shockingly, there's no place for The Groundhogs, who were surely as much part of the 70s as Can? Nor is there a mention for The Normal, whose "Warm Leatherette" is known to millions after Grace Jones, and many others covered the single, who've never heard of The Normal, but that's a footnote that should be recorded, if only with a footnote. Plastikman gets in, but neither Black Dog - nor Plaid - earn entries. These are such thirtysomething staples for the chemical generation, that they're practically engraved into IKEA flat pack furniture. There's a fleeting reference to "It's A Fine Day" - a global hit more than once - as a sample in the Orbital entry, but no entries for Jane and Barton, or Edward Barton. DieTotenhosen are in, but not Der Plan. And not a week goes by without Bristol's The Pop Group being namechecked by one of the alternative US weeklies, but all The Pop Group spin-offs - Rip, Rig and Panic, Pigbag and Mark Stewart - receive far more lengthy entries than the epic mothership. (And they've overlooked Maximum Joy and Mark Springer's brilliant solo piano lp altogether, if we were going to be really pedantic). But then you go looking for omissions, and find that such forgotten gems as Judy Nylon (once Brian Eno's girlfriend) are in - with a beautiful summary of her ON-U Sound record, and Nurse With Wound, or the Electric Eels. Artists who either only made one epic record, or who pursued a path so far from the mainstream that the bookish historians of rock would foolishly exclude them altogether. And all is forgiven. So let the arguments begin. Asked about the old Trouser Press values Robbins recently wrote that much contemporary music writing has discarded them "in favor of a comfortable and profitable collusion between stars, audience and publication." Which is very true. I'll save a footnote for a magnificent exception, though - HeadHeritage - home for Julian Cope's reviews. Cope wrote the best rock memoir I've ever read and he believes in rock like his soul depended on it. If you're a Reg regular, you'll know exactly what we mean: let some of this joyous stuff rub off on you too. ® More Stuff We Like (cont'd) Geeks. Law. Everything in between The Greatness of Robot Wisdom Football. Culture. Everything in between Mad mods, amputees and the Really Big Button
Andrew Orlowski, 16 Aug 2002

Russians accuse FBI agent of hacking

An FBI agent was charged yesterday with computer hacking by the Russian counterintelligence service. The unprecedented charges by the FSB, Russia's Federal Security Service, follow the involvement of FBI Agent Michael Schuler in luring two Russian hackers Vasily Gorshkov, 26, and Alexey Ivanov, 20, to the US in November 2000. Schuler is accused of obtaining unauthorised access to the pair's computers in Russia as part of the FBI's operation, according to reports. Sources within the FSB describe the complaint against Schuler to the US Department of Justice as a means of asserting Russian sovereignty. "If the Russian hackers are sentenced on the basis of information obtained by the Americans through hacking, that will imply the future ability of U.S. secret services to use illegal methods in the collection of information in Russia and other countries," a source told Interfax, a Russian news agency. Schuler was praised by US authorities for an elaborate ruse that resulted in the arrests of Gorshkov and Ivanov in November 2000. The operation arose out of a nationwide FBI investigation into Russian computer intrusions against e-commerce sites, and online banks which identified Gorshkov and Ivanov as prime suspects. It was suspected the pair cracked into victims' computers to steal credit card information and other personal financial information, prior to attempting to extort money from the victims with threats to expose the sensitive data to the public or damage the victims' computers. Gorshkov and Ivanov were also suspected of defrauding PayPal through a scheme in which stolen credit cards were used to generate cash and to pay for computer parts. The FBI lured the two to the US by posing as representatives of the fictional 'Invita' security firm, and offering the dynamic duo good jobs if they could prove their skills. Of course the Feds set up a box rigged with a key logger and then set the pair to work demonstrating their amazing prowess. When they accessed their machines back home, the Feds recorded the login info, and later returned to root the boxes. Having placed the pair in handcuffs, the FBI went obtained a wealth of evidence from the hacked boxes. Last October, Gorshkov was convicted of 20 counts of conspiracy, various computer crimes, and fraud committed against Speakeasy Network of Seattle, Washington; Nara Bank of Los Angeles, California; Central National Bank of Waco, Texas; and PayPal. He faced a maximum of 100 years imprisonment and was due to be sentenced in January, but records do not show if any punishment has yet been imposed. Ivanov is in custody awaiting trial. In pre-trial motions, Gorshkov's lawyer argued that the Feds violated Russian law when they searched the contents of his remote machine. US District Judge John Coughenour ruled that Russian law doesn't apply to American agents, and left it at that. That ruling and the failure of US agents to co-operate with Russia, has not returned to haunt the Americans. The issue will probably be resolved at a diplomatic level but, if not, the idea of an FBI agent faces hacking charges has intriguing possibilities. It would never happen in a Tom Clancey novel... ® Related stories US Feds can hack overseas boxes -- judge FBI hacked Russian hackers Russian Mafia uses NT flaws to raid Internet banks
John Leyden, 16 Aug 2002