6th > February > 2003 Archive

Slammer: Why security benefits from proof of concept code

The UK security expert who discovered the flaw which was exploited by the Slammer worm has concluded it does more good than harm to publish proof of concept code. In a posting to BugTraq, David Litchfield of NGSSoftware expressed concerns that his proof of concept code was used as a template by unknown vandals in creating the destructive Slammer worm. The Slammer Worm uses SQL Server Resolution service buffer overflow flaw, discovered by NGSSoftware, and patched by MS last July. In August last year, Litchfield made a presentation on the issue at the Black Hat conference in Las Vegas that featured a demonstration of proof of concept code. At the time, Litchfield warned of the DDoS potential of the flaw and urged admins to patch their systems. The following month, NGSSoftware published a white paper on auditing SQL Server which contained an explanation of its proof of concept code. Was this helpful to the unknown criminal or criminals who created Slammer? Litchfield thinks the information only helped save time in writing the code. The virus authors were skilled and were quite capable of writing Slammer even without NGSSoftware's work to build on, he reckons. "Whoever authored the worm knew how to write buffer overflow exploits and would have been capable of doing this without using my shellcode as a template," Litchfield writes. "Having access to my code probably saved them around 20 or so minutes - but they still would have been able to do it without mine". Access all areas The chaos which unfolded last weekend after the release of the Slammer worm has re-ignited the debate on full disclosure of security vulnerabilities. It has also prompted Litchfield into a bout of soul-searching. But he still concludes that the publication of proof of concept code has a beneficial role to play in Internet security. So NGSSoftware will continue to provide full disclosure on the security issues it unearths, he told us. Here is Litchfield's explanation for this decision: After careful consideration I've decided that the publication of proof of concept code does have an important and beneficial role to play in Internet security. This decision was not made lightly and has been influenced by conversations with my colleagues at NGSSoftware, friends and peers in the industry and the many mails I received in response to my original mail to the Securityfocus Bugtraq list. As far as those responses go not a single one suggested that I, or NGSSoftware, cease to provide proof of concept code for the vulnerabilities we find and most gave salient reasons as to why we should continue to do so. This message is to explain why NGSSoftware will continue with full disclosure of issues. The threats and risks Internet connected systems are exposed to are well known. Connect an unpatched system to the Internet and it will be compromised by a worm or hacker within minutes. There are people out there with high levels of intelligence developing, sharing and actively using exploits against such systems. Some do it for the fun of it, others as they see it as a challenge and still others who try to gain from it - whether financially or through peer recognition. Regardless of motive, there is much to be learnt from these people and their exploits. But if this was the only source of information for those working in the security industry then the "bad guys" would always be one step ahead of the "good guys"; and if they're one step ahead we lose and so do the organizations we're trying to protect. It is imperative, therefore, that we derive and make available to everyone our own source of information. If we can find the bugs still waiting to be discovered before the "bad guys" we can then alert the vendor to the problem and get a fix out, hopefully giving people a chance to get there systems patched. Here in lies one of the greatest ironies of such research. Imagine NGSSoftware discover a bug and choose not to alert the vendor but keep the bug secret. Who is to say whether those in the underground would ever find the bug? The vulnerability could lie undetected for the whole shelf life of the vulnerable product. No-one would know a thing save for NGSSoftware. But then what happens if someone else did discover the problem and happily went around popping boxes on the Internet, or worse, wrote and released damaging worm. In the absence of a patch there would be mayhem. So as an industry we must err on the side of caution and alert the vendor and get them to produce a patch. But in doing this the world at large is alerted to a new bug in the product. Had NGSSoftware kept the hole to itself though it could have been that noone would have ever known. We end up in a Catch-22 situation. This has still not justified the publication of a full disclosure advisory, though, with in-depth details and a proper dissection of the vulnerability in question. When a patch has been made available to the public someone who knows their way around computers will be able to compare the patched program and the vulnerable program and spot the differences within minutes - isolating the vulnerable bit of code. A couple of minutes later, and with the use of tools such as debuggers, they'll be able to work out exactly how the program is vulnerable and code up an exploit to take advantage of it. This can all be done without any information other than 1)There is a bug and 2) a copy of the new program and a copy of the old program. Such people, and there are thousands of them, do not need proof of concept code or advisories so even in their absence exploits, worms and virii will still be written and used. So in the interests of "levelling the playing field" it is necessary to publish full details. With these details companies that produce Intrusion Detection/Prevention Devices can update their products more swiftly. Administrators can take steps to modify their firewalls' rule bases to protect their network. Developers of security assessment scanners can add new checks to their products so their users can scan their networks to see if they are vulnerable. Finally there is the educational value in publishing full details with proof of concept source code. If I say to a software developer, "Don't code that way. It's dangerous." they'll probably shrug it off. If I say to a developer, "Don't code that way. It's dangerous and here's why" and then proceed to demonstrate exactly why it's dangerous (their eyes often widen) and they take it on board. They immediately see the threat it poses. So through education developers can learn from others' mistakes. Often CXOs are blind to security issues and it is only when their network administrator proves to them the severity, with the use of proof of concept code, that they understand the impact a vulnerability can have to the business and organizations. [7 of the responses I received to my original posting stated that at some point in the past they've use proof of concept code to get better budgets to enable them to do their job more effectively.] Lastly there is education of the new comers to the security industry. Clients expect the very best from their security professionals - and to give their best security pros need to know the current state of security affairs. Only through education and diligent learning can this be achieved. Without the publication of proof of concept code and vulnerability details this educational gain would be lost - and this in the long run would have a negative impact upon the state of computer and Internet security. ® External Links Security consultant Robert Graham gives the best Slammer analysis we've seen so far CERT advisory on SQL Server (Slammer) worm Slammer worm effects far more than just SQL Server, informative list by SQLSecurity.com (work in progress) Slammer: the first Warhol worm (infecting 90 per cent of vulnerable hosts within 10 minutes, according to Silicon Defence) NGSSoftware's original advisory Related Stories Korean Net users blame MS for Slammer carnage ATMs, ISPs hit by Slammer worm spread MS struggles to contain the Slammer worm SQL worm slams the Net 'Secure by design', claims MS op-ed ad Out of the Slammer
John Leyden, 06 Feb 2003

Perens throws hat into SPI ring

Software in the Public Interest (SPI), the entity that owns the Debian trademark, is holding elections and working to generate enough interest in said elections to actually elect some new board members. Ironically, the last "original" board member just resigned at the same time a former board member is getting re-acquainted with the project. SPI is looking to elect three new board members from a total of eight candidates. Contributing members of SPI are eligible to vote. A contributing member is one who is considered to have made a significant contribution to the Free Software community, as determined by SPI's membership committee. The group has experienced a flurry of activity over the past several months starting with the resignation of former v.p. Martin "Joey" Schulze. He left because of his frustration with perceived indifference from other board members, including president Nils Lohner, secretary Wichert Akkerman, and original board member Ian Jackson. Since then, Lohner and Jackson have also stepped down, and the departures stirred emotions and much discussion about the future of SPI. "We feel that with some fresh blood elected by the membership, SPI can be infused with some more vigor, and the visibility and accountability of the Board to SPI's members will be increased," says Branden Robinson, SPI treasurer. He says that overall, the SPI functions well, especially considering the global distribution of the membership as a whole and the fact that it is an entirely voluntary organization. "The existing SPI Board strongly feels that we can do better, and it is our intention to do so." Throwing his hat into the ring is former founding board member Bruce Perens, who left under less than desirable circumstances in 1998 to form the Open Source Initiative (OSI) with Eric Raymond. In a well-publicized spat, OSI demanded that SPI transfer its claims to the potential "Open Source" trademark to OSI, even producing an email from Perens to Raymond stating that SPI relinquished its claims on the mark, a correspondence that other members of SPI denied having any knowledge of. In the end, it was a moot point because OSI determined that the U.S. Patent and Trademark office would not grant a trademark on the phrase "Open Source" because it is too generic. Despite some hard feelings directed towards Perens from SPI in the past, it appears that at least a few current SPI members are ready to take him back. Ean Schuessler, a contributing member who admits "complaining bitterly" about Perens in the past, says "the only real problem with Bruce is that he is so used to being a leader that when he gets on the wrong track its insanely hard to get his head screwed back on. But if 90% of what he does is positive, which it is, then that seems like a tractable problem to me." Schuessler still maintains his belief that Perens will not be elected, however. Perens characterizes his current relationship with SPI as official, though. "I have been representing SPI, with the permission of SPI's board, to the W3C patent policy working group for the past two years," he says. Robinson says that SPI is exercising an advanced voting system called the Condorcet Method, which requires voters to rank candidates in order of preference instead of simply casting one vote for one person. He says that the method is more "sophisticated" than the one used in U.S. federal elections. Tomorrow is the final day that votes will be accepted, but it is unclear whether there has been a "quorum" of votes from eligible members. Robinson posted a plea to the SPI mailing list, writing that "it is very important that SPI's contributing members vote. I saw a lot of passion on this list back in December and I personally would not like to see that momentum get lost." © Newsforge.com
Tina Gasperson, 06 Feb 2003

Business wants grants to help take-up broadband

Half of UK businesses want tax breaks or grants to encourage the take-up of broadband, according to a joint survey by the Institute of Directors (IoD) and Tiscali. The survey also found that a third of businesses thought that local councils should subsidise the adoption of broadband by running 'try before you buy' schemes. The call for help from business comes as nine out of ten of industry bosses said that broadband is an important issue for business, with eight out of ten saying that the lack of any local service was one of the main obstacles to hooking up to broadband. However, the Government isn't keen on giving broadband special treatment. In December 2001, it rejected the idea of using tax breaks to stimulate investment in broadband networks and instead called on companies to use existing tax breaks to help get wired up. A spokesperson at the Department of Trade and Industry (DTI) underlined this saying that tax breaks were available to small firms. Critics claim that the existence of the tax breaks was not well known. In a statement Jonathan Cummings, Director of e-Business at the IoD said: "It is very encouraging to see that so many business chiefs cite broadband as an important business issue. "However, for the government to meet its target of making the UK the 'best environment for ebusiness', UK business needs more coverage, more competition and more bandwidth options. To achieve this, more government support is needed," he said. Last week European Commissioner Erkki Liikanen said political leaders must do more to help the development and take-up of broadband in Europe if they want to secure the benefits of a wired world. ® Politicians must do more for broadband
Tim Richardson, 06 Feb 2003

‘Slammer terror’ story sent to the, er, slammer

"Terrorist group claims responsibility for Slammer worm", screams the ComputerWorld headline, so we tear straight over there. Only to find: "Computerworld has removed this story due to questions about its authenticity. We expect to post an update about this situation tomorrow."* Which we presume is now today, and as whatever it was doesn't seem to have been around long enough to make it into Google cache, we'll look forward to that. As fellow gentlepersons of the press we should not laugh, because it will merely provoke the victims to laugh even harder at us at the next available opportunity. Which will happen, sure as sunrise. You lot, however, needn't feel in any sense so constrained. Seriously though, although we doubt that any terror group was behind Slammer, if they're paying attention it might well have given them ideas. Slammer used a known vulnerability that sensible companies should have fixed, did not carry a destructive payload, yet it caused havoc. QED, speculative attacks on known vulnerabilities could cost little to mount, have a reasonable percentage chance of success, and could be designed to wreak greater and far less transient havoc in the event of success. If the industry doesn't get real about security, sooner or later some organisation will do this, or something similar. If you're lucky, it'll only be the Provisional wing of the Linux User Group (ProLUG). ® * Strewth, here's another one. CW's sure been busy... Related stories: Slammer: Why security benefits from proof of concept code Korean Net users blame MS for Slammer carnage ATMs, ISPs hit by Slammer worm spread MS struggles to contain the Slammer worm SQL worm slams the Net 'Secure by design', claims MS op-ed ad Out of the Slammer
John Lettice, 06 Feb 2003

So why do so few UK schools use Open Source?

Yes, it's the Open Source in Education Conference 2003, a "National Conference to explore the use of Open Source software in UK Primary and Secondary Education Institutions". The gig's organised by Anglia Polytechnic, the date is Friday, 4 April, the venue is in Danbury Conference Centre in Danbury, Essex, and the cost is £79+VAT. The full spiel is here. The most basic aim of the conference is to "raise awareness of open source as an alternative solution". This is an interesting challenge. UK schools are a cautious bunch when it comes to what they call ICT. The primary school in the village where I live for example declined to accept my donation of educational software CD-ROMs -brand new, still in the wrapper -"because they might have a virus". Most state secondary schools and the vast majority of primary schools do what their LEA tells them. And most LEAs are thrall to their suppliers, the likes of RM and Viglen, and soon, if Greg Dyke has his way, the BBC. But school IT budgets are limited, and getting squeezed: so where better to look for cuts than software costs? The educational sector is a nice little earner for Microsoft: in 2001, Viglen won a contract to supply all of Northern Ireland's schools with MS Software. The deal covers up to 40,000 desktops in 1,380 schools and is worth an estimated £3.8m over five years. Clearly there is some hefty discounting going on. Even so, Microsoft has received some unwelcome attention for its pricing policies. In July 2002, the company came under fire from Bob Blizzard, a Labour MP, for unfairly 'hoovering' millions of pounds from UK schools. ® Related Stories Microsoft 'hoovers millions' from UK schools - MP Microsoft 'hoovers millions' from UK schools -update
Drew Cullen, 06 Feb 2003

Lastminute slips into the red

Dotcom darling Lastminute.com has slipped back into the red after posting its first pre-tax profit last year. In Q4 2002, the bucket travel outfit made a pre-tax profit of £300,000 making many people giddy with excitement at its achievement. Today, those high spirits could be dashed on the rocks of despair as lastminute.com reported a pre-tax loss of £3.8m. Still, looking on the bright side, at least this was less of a loss than the corresponding period last year, when the outfit made a pre-tax loss of £7.2m. Revenue-wise, turnover for the three months to the end of December more than doubled to £11.3m, up from £4.46m in Q1 2002. And the value of transactions (holidays and flights sold, that kind of thing) rose strongly from £31.7m in Q1 2002 to £87.1m in Q1 2003. In a statement chairman Allan Leighton said: "Lastminute.com continues to make progress. Despite the uncertain political and economic environment that Europe is facing, our business model allows us to anticipate 2003 being another year of sustained and improving performance." By late morning shares in lastminute.com were down 4.75p (5 per cent) at 92p. ® Related Story Lastminute.com lands profit
Tim Richardson, 06 Feb 2003

PCCW linked to £2.4bn bid for C&W

Cable & Wireless has rejected advances by Hong Kong telco PCCW that would have valued C&W at around £2.4bn. Talk of takeover offers between the two companies was supposed to have taken place last month, according to the FT, which reports that PCCW was prepared to cough up at least 100p a share for C&W. Last night C&W shares closed at 57.75p. By mid morning today its shares had risen 2p (3.5 per cent) to 59.75p. It seems PCCW is interested in C&W's operations in Macau and the Caribbean and had already lined up someone to takeover C&W's US operations, the FT says. But in a new twist PCCW is now playing down the FT's story and denying that it made an approach to C&W. Last week reports surfaced that PCCW was interested in C&W and another UK telco, Energis. ® Related Stories Energis pooh-pooh's PCCW approach PCCW mulls Energis bid - report
Tim Richardson, 06 Feb 2003

If it's Thursday it must be IE patching day

Microsoft yesterday released a cumulative patch for Internet Explorer with rolls up previous fixes with a couple of extra damage limitation measures. Dubbed critical by Redmond, the patch includes fixes for two newly discovered vulnerabilities involving IE's cross-domain security model. The first of these two flaws arises because incomplete security checking means a Web site can potentially access information from another domain through certain dialog boxes. An attacker would exploit this flaw by tricking users into visiting a malicious constructed Web site. Thereafter it would be possible for an attacker to run malicious script by misusing a dialog box to allow a malicious script to access information in a different domain. "In the worst case, this could enable the web site operator to load malicious code onto a user's system," Microsoft warns. In addition, this flaw could also enable an attacker to invoke an executable that was already present on the local system." This flaw affects only IE 5.5 and 6.0. A second vulnerability affects IE 5.5, 6.0 and IE 5.01. This second (related) cross-domain vulnerability allows IE's showHelp() (HTML help) function to execute without proper security checking. The flaw arises because the function allows more types of pluggable protocols than necessary, Redmond admits. "This could potentially allow an attacker to access user information, invoke executables already present on a user's local system or load malicious code onto a user's local system," its advisory adds. The exploit scenario here is the same as for the first vulnerability: tricking users into visiting a maliciously-constructed Web site. Microsoft's cumulative patch is designed to fix these two flaws as well as previous bugs with IE 5.01, 5.5 and 6.0. Users are urged to consider applying the fix, even though it has certain drawbacks. The patch disables window.showHelp( ) function so users need to also install the latest HTML Help update, through Windows update, too. Thereafter window.showHelp( ) will function again, "but with some limitations" necessary to block the exploit. Microsoft's advisory explains the issue in greater depth. ® Related Stories Help! MS issues another critical security fix Microsoft in summer patch frenzy MS releases grand daughter of all IE security patches Opera fixes browser flaws
John Leyden, 06 Feb 2003

Insiders finger MS Shop as source of resale racket

A couple of insiders have written with suggestions about what it might be that has triggered Microsoft's crackdown on staff reselling software. For some reason, the fabled Microsoft Store, which offers staff heavy discounts, seems to figure highly. This explanation, from Ian, has plausibility because it is just sooooo Microsoft to fail to notice the obvious for such a long time: "Just outside the Redmond campus, there's a little mall area which includes a great little second-hand book shop that also sells second-hand software. Naturally, it is invariably packed with the latest and greatest, not to mention the oldest and er... least greatest, MS software. "It turns out that all of it, without exception, comes from staff making use of their perk to buy software from the internal shop. They are not supposed to resell it, but of course they do, and I think that's the crime they'd be charged with. "I'm amazed that they've only just noticed though: it must have been the scale that they felt their own salesmen couldn't compete with. "You'd think they would pay their staff to sell things for them, wouldn't you?" At savage discounts, no, not in Redmond. China and India are an entirely different matter. Ian also has some background on the culture thing: "As for the corporate culture change, for many, many years this has been the subject of internal debate. The paper mag MS prints every week (can't remember the name sorry) on campus has had a thread running called 'shrimp or weiner' for at least the last decade, in which one person argues that the culture is degrading because MS have made record profits again, but have decided to reduce the quality of food on offer at the company launch parties, hence the title of the thread. Others point out that extra benefits include MS closing one local restaurant every night and ordering all their food to be brought in, for those people that are working late, or weekends. A culture like that is to be applauded, and if they feel that they should reduce the quality from time to time, well, that's not so bad." We won't reveal whose stapler Ian now claims to own, and we'll draw a veil over Steve (we'll just call him Steve), who says MS has great notebooks and he lifts one every chance he gets. We're fairly sure he means paper notebooks, but some Tablet PCs do look a bit like paper notebooks. In bad light. No, really, officer...
John Lettice, 06 Feb 2003

Nvidia and Microsoft are chums again

Microsoft and Nvidia are friends again, amicably settling their argument over prices for X-Box components. Actually it wasn't amicable for a long time: In April last year, Nvidia disclosed in an SEC filing that Microsoft was seeking to force it to supply graphic chips for less than it thought it had agreed. Terms of the arbitration are not disclosed but Nvidia describes it as a win-win for both parties. Which is nice. It also means that Nvidia screwed a little more money out of Microsoft, and it increases the likelihood that Nvidia will win the supply contract to supply graphics chips for the next-gen Xbox. It also means that Microsoft will lose a little more on each Xbox it sells. ®
Drew Cullen, 06 Feb 2003

SCH reigns in Spain

Specialist Computer Holdings is bulking up in Spain, by acquiring the local reseller ops of GECITS for undisclosed terms. SCH will fold the business into its existing subsdiary InfoProducts Spain, and the enlarged group will trade under the new name SCC Spain from next month. According to SCH, the combined operations rank as Spain's second biggest corporate computer dealer with annual revenues of € 120m and approx. 300 staff in ten branches. Europe's two biggest resellers SCH and Computacenter, are British. In recent years they have built big overseas arms, an expansion policy helped enormously (in SCH's case) by the implosion of Dutch-based Info'Products, and the retired from Europe badly hurt GECITS. This has enabled both to gain big assets at almost fire sale prices. ® bought GECITS Spain 6 February 2003 SCH acquires GE Capital IT Solutions Spain Enhances leading European IT infrastructure services position in 7 key European markets. SCH and GE today announced that SCH has completed the acquisition of GE Capital IT Solutions Spain (GECITS Spain) GECITS Spain becomes a wholly owned subsidiary of SCH and will integrate with Info'Products Spain and trade as SCC Spain from March 2003. The combined Spanish operation ranks No 2 in the Corporate IT Services & Reseller Marketplace in Spain with SCH holding leading positions in 7 key European markets; UK, France, Holland, Spain, Germany, Italy and Belgium. The combined operation will: • Enhance the integrated solutions and services spanning the whole IT life cycle to customers across Spain. • Accelerate Pan-European vendor engagement with all IT technology vendors to the benefit of its customers • Allow the combined businesses to share important investments and best practices, and to develop common processes to improve the scope, quality, and cost-effectiveness of their offerings • Result in a total revenue of more than Euro 3bn and over 5000 employees operating across a pan-European network of 60 key city locations • Create a Pan-Spanish operation with combined revenues of Euro 120m and circa 300 staff operating from a national network of 10 key locations headquartered in Madrid Chairman and Chief Executive of SCH, Sir Peter Rigby, sees this as another milestone in the group's European expansion. He said “GECITS Spain has both a strong services and enterprise systems bias in its portfolio and this supports our strategy of growing our services base and enterprise business and building contracted revenue streams. This acquisition represents an important step forward in underlining SCH's position as Europe's leading infrastructure services provider with the broadest territory coverage. Eloy Caro, CEO of SCC Spain said “This is an exciting opportunity for our customers and employees. Joining the strengths of our business as SCC positions the combined organisation to deliver seamless and integrated IT services to customers across Spain” SCH is pursuing an aggressive acquisition policy in Europe, with the aim of being Europe's number one provider of technology services and products for business advantage. - - - - ENDS - - - - NOTES FOR EDITORS SCH SCH (Specialist Computer Holdings) is Europe's largest privately owned technology group and a market leader in providing managed IT lifecycle services and solutions for business advantage.The group works with major European enterprise and government organisations to add value at every stage of IT infrastructure investment. The group employs over 5000 skilled people who directly manage IT services, solutions and products in full ownership across a pan European network of 60 offices in seven countries and into over 60 countries worldwide through its controlled Specialist Global Services associated interests.The group trades under a number of leading brands. Service Partner/Reseller brands are SCC in the UK and Spain, Allium in France and Italy, Info'Products in Holland, Belgium and Germany. Distribution brand is ETC. SCH is the UK's fourth largest private company. For more information, contact Judy Groves – SCH Corporate Communications on +44 (0)121 766 2580 or +44 (0)7850 622488 GE GE (NYSE: GE) is a diversified technology and services company dedicated to creating products that make life better. From aircraft engines and power generation to financial services, medical imaging, television programming and plastics, GE operates in more than 100 countries and employs more than 300,000 people worldwide. To learn more about GE, the GE Fund and Elfun, visit www.ge.com
Drew Cullen, 06 Feb 2003

30 per cent off PS2 Game Guides

If you treated yourself to a Playstation 2 for Xmas and are currently stuck somewhere in Vice City, Reg associate IT-minds.com can get you back on the move with tips, tricks and cheats to help you get through some of the best PS2 games available. PS2 Secret Codes reveals all the essential codes, cheats, hidden menus, and more for the hottest PS2 games on the market. Games covered in this guide include Tony Hawk's Pro Skater 4, Mat Hoffman's Pro BMX 2, The Mark of Kri, and other hot PS2 titles! If Grand Theft Auto is your current favourite, we are also offering Grand Theft Auto2 Official Strategy Guide and Grand Theft Auto: Vice City Official Strategy Guide - both books provide cheats, strategies and secrets that will help you succeed. All 3 titles are available at £6.99 each - a saving of 30 per cent. If games aren't your thing, IT-minds is also offering 30 per cent off the following books this week: Real World Digital Video 10 Minute Guide to Lotus Notes 6 Special Edition Using Mac OS X v10.2 Java 2 Primer Plus Search Engine Visibility Designing Web Graphics 4 Applied Enterprise JavaBeans Technology And don't forget that you can get all other books at a permanent 20 per cent discount from IT-minds.com. ®
Team Register, 06 Feb 2003

Using DB2 Information Integrator

Briefing NoteBriefing Note Yesterday, I give a brief overview of some of the facilities offered by IBM's newly announced DB2 Information Integrator, writes Phil Howard. Based on federation and replication, Information Integrator is at odds with the approach advocated by Oracle, which is more slanted towards centralisation. However, we need to be clear what we mean by centralisation. If we mean the centralisation of transactional data or of content management data, then IBM is not in this camp. It believes (and I am inclined to agree) that centralisation is unnecessary, very costly and potentially risky in such situations. On the other hand, there are clear advantages to having a single centralised data warehouse, for example, because you need to be able to support complex, multi-dimensional queries. In such a case it makes more sense to use a conventional ETL (extract, transform and load) tool to populate the data warehouse rather than attempt to federate it with transactional sources. Similarly, complex transformational requirements may predicate an ETL-based approach, while a requirement for up-to-the-minute, consistent data may require a conventional replication environment. IBM gives three examples in which it suggests that DB2 Information Integrator will be most useful. The first of these is to support analytical functions, where there is a need for real-time data analysis, a requirement for cross-enterprise views or for ad hoc enquiries across infrequently accessed data. The second is in customer-centric environments (though this could also be to extend to suppliers, human resources and so on) where there is a need for customer self service and customer care details. And the third is to support migration and co-existence, as a result of mergers, acquisitions and re-organisations. Of course, in this last example, part of the whole point of mergers and acquisitions is often to reduce administrative costs, which may mean getting rid of some IT resources so that database consolidation is a long-term requirement. Still, DB2 Information Integrator may still be useful in an interim capacity. Actually, the scenario I have most problem with of those outlined is in the support for real-time data analysis. With companies like Apama specialising in providing real-time analytical capability, and ETL vendors introducing real-time data feeds into their products, I don't think this situation is as clear cut as IBM might like to think. However, in a sense that is beside the point - it is clear that that are a variety of environments in which Information Integrator has advantages over other technologies - precisely what these environments are should become more obvious once the product is widely available and we have the experience of seeing it in action. © IT-Analysis.com Phil Howard's Biog is here
IT-Analysis, 06 Feb 2003

Daily Sport trials porn to mobile phone service

Last year we took the mickey out of Unix guru Ray Anderson's new career selling computer games. Now however the shameless hussy mails us intimating he's selling dirty pictures as well. The usual stuff - porn the great enabler, mobile phone networks need to find ways to make money out of GPRS, people will pay for filth delivered to mobile phones, and we are merely the carrier/enabling mechanism, not the content. Nope, he didn't say any of that, he just sent us a link to the discussion thread. The Thread of Shame, which we fear is occupied by people who should really be spending their time developing Symbian software, explains that the Daily Sport and Sunday Sport (overseas readers - these are British newspapers, but only sort of) are currently testing delivery of pictures of their famous Page Three Girls to mobile phones, and are offering a £1 credit for first time users to try it out. We'll explain how it works, but be warned, if you follow the instructions you stand at least a chance of seeing something that may frighten the horses. If your eyesight's better than The Register's, that is - pig's trotter? Parsnip? What's that round thing next to her feet? The site in question is http://wap.dailysport.net, but that will only give you instructions on how to access it via a mobile phone and Bango number. Ray's company, Bango.net, provides a service that makes it easier to browse via mobile phone by use of Bango numbers, OK? If you've got a Bango link set up already, you enter the number of the site, which in this case (you've already been warned) is 321456. If you haven't, then point your phone's browser at http://bango.net and enter the number there. Our eyesight isn't up to determing whether this is legal or not, but as Jordan is elsewhere alleged to be planning a webcast of the birth of her child, we shudder to think what else she might do on a Nokia 7650. And we reckon we've a fairly shrewd idea of what the politicians are going to say when they twig that the mobile phone networks are facilitating access to porn on mobile phones. What steps are they taking to protect children from it? (Dunno, actually - what steps are they taking?) The Thread of Shame, however, leads us to believe that Ray's onto a moneyspinner here, at least for as long as the vice squad leaves him at liberty. Here are a couple of snippets: "Not bad, the Jordan stuff is worth a pound, never seen her chewing the meat before.. if you get me drift..... "Pretty hardcore, apparently the guy is Dane Bowers, but we don't get to see his face... Well I've spent a fiver! Cheaper than getting them from the Sundays Sports official web site. [El Reg was as ever unaware of this one - aren't we sweet?] "Wow - cool stuff. I've just burnt through about £15 (company money luckily!) [uh oh...] looking at Daily Sport." Tune in tomorrow for the Parliamentary outcry. ®
John Lettice, 06 Feb 2003

MSN deliberately breaks Opera's browser, claims company

Opera Software has accused Microsoft of deliberately engineering the MSN home page in order to make it look as if the Opera browser has a serious flaw in it. And the Norwegian company has published the results of an investigation which it says proves this. Although Opera is convinced it has been deliberately targeted, it seems at least possible that the problem could be put down to some strangely coincidental finger trouble. But if that's the case, Opera has explained how simple it would be to fix it, and one therefore presumes Microsoft will give the matter its immediate attention. Opera's techies downloaded the page using wget, in three different formats, identifying as Opera 7, MSIE and Netscape 7.01. The files sent to each browser are different, which is not necessarily suspicious, and the one sent to Opera7 has less content and is bigger than the one sent to IE. But that is not necessarily suspicious either. Where it does get suspicious is when you look at the style sheets MSN sends to the browsers. The culprit, says Opera, is a 30 pixel value set on the margin property in the Opera style sheet. This instructs Opera to move list elements 30 pixels to the left of the parent, which means content moves off the side of its container, which means it looks like Opera is broken. Opera tried to test whether or not this was deliberate by changing identification to the non-existent browser Oprah. This returns the IE style sheet, which works perfectly well in Opera. In Opera's view MSN is therefore looking specifically for "Opera" in the User-Agent string and sending it a broken style sheet. That, of course, could still be a mistake, as it's perfectly logical to send IE as the default if the browser can't be identified. But as there was no need for MSN to design an Opera-specific style sheet in the first place, one wonders... ® * The Reg, incidentally, is regularly baffled by being unable to find stuff on Microsoft TechNet using Opera, because yet again we've forgotten that for some bizarre reason, lots of results from there in IE can equal no results at all in Opera. We've no idea whether this is a plot or not, either. Or indeed whether somebody might have fixed it by now.
John Lettice, 06 Feb 2003

US and UK arrests in computer worm probe

Two UK men were arrested this morning following police raids in the UK and US aimed at dismantling an international hacker group believed to have created a virulent computer worm. Officers from the Durham Constabulary arrested a 19 year-old electrician and a 21 year-old unemployed man after seizing evidence related to computer and drugs offences during a raid on two addresses in County Durham this morning. The pair are being interviewed today by officers of the UK's National Hi-Tech Crime Unit (NHTCU). Police believe the two UK based men are members of an international hacking group calling themselves the "THr34t-Krew". The group has created an Internet worm, called the TK worm, which infected approximately 18,000 computers around the world, according to a statement by the NHTCU. Investigators estimate the worm caused disruption and damage to computer systems in the UK and overseas estimated at £5.5 million. The operation against the THr34t-Krew group was jointly planned by officers from Durham Constabulary and the US multi-agency CATCH team (Computer and Technology Crime Hi-Tech Response Team). The California-based CATCH team consists of representatives from the United States Secret Service, Department of Justice, and the FBI among others. While UK police were searching homes in County Durham, a simultaneous search warrant was executed at an address in Illinois, USA, where additional evidence in the case was seized and one man arrested. None of the arrests are connected to the recent SQL Slammer Worm, the NHTCU states. What the heck is the TK worm? Antivirus experts we contacted were not immediately familiar with the TK worm, so (for now) we need to rely on a police description of the malicious code which first came to the attention of the NCTCU in mid- January. The worm known as the TK worm has been found to be present in a number of computers in the UK. The cost of the disruption is estimated at £5.5m. Once connected to the Internet, the infected computer connects to a number of computers under the control of the THr34t-Krew, who are able to send commands to the infected hosts. These commands could range from scanning other computers for vulnerabilities, starting Distributed Denial of Service attacks on other computers and web sites. The TK worm is self-replicating and is able to spread itself across the Internet distributing itself to other computers. A search on Google for THr34t-Krew reveals one user's experiences of dealing with this worm but not much else. ®
John Leyden, 06 Feb 2003

Bloomberg extortion, hacking case opens in New York

The trial of a Kazakhstan man accused of attempting to extort $200,000 from the founder of the Bloomberg financial news service began New York this week. Oleg Zezov, 29, allegedly hacked into Bloomberg's computer system, then emailed Bloomberg founder Michael Bloomberg threatening that the financial news service's reputation would be put at risk if he wasn't paid. The alleged threat was made in March 2000, prior to Bloomberg's election as New York's mayor. Assistant US Attorney Robert Strang told the court that within weeks of his initial contact, Zezov was demanding that $200,000 be sent to an offshore bank account in exchange for telling Bloomberg how he was able to crack into his company's computer system. After receiving this threat, Bloomberg contacted the FBI and arranged to meet Zezov and alleged accomplice Igor Yarimika in London, where the pair was arrested in an FBI sting operation. The two men were subsequently extradited from the UK to face trial in the US. The case against Yarimika is due to go to court later this year. At the beginning of Zezov's trial Robert Baum, Zezov's attorney, claimed his client was only offering his services as a security consultant and that Bloomberg misunderstood Zezov's intentions. "This case is about a rush to judgment by a multibillionaire who could not accept that his computer system was fallible and had a bug in it," Baum said in his opening statement, AP reports. Zezov faces attempted extortion charges punishable by up 20 year in prison. Bloomberg is scheduled to testify in the trial next week. ® External Links The indictment against Zezov and Yarimika Related Stories Extradition hearing in Bloomberg hack/extortion Bloomberg involved in Net sting
John Leyden, 06 Feb 2003

Ericsson boss to retire

Kurt Hellström, 60, is retire in April and make way for a boss at mobile phone giant, Ericsson. He will be replaced by Carl-Henric Svanberg, currently the CEO for the international lock group Assa Abloy. Mr Svanberg will continue to control costs at Ericsson and try and steer the company into profit, the phone maker said in a statement. Earlier this week Ericsson announced it had made a pre-tax loss in Q4 2002 of SEK2.2bn ($250m). Mr Hellström said he remained optimistic asserting that the business was beginning to "stabilise". And he repeated his claim that the company's overriding objective was to return to profit at some point in 2003 and improve cash flow. ® Related Story Ericsson 'stabilises' despite another loss
Tim Richardson, 06 Feb 2003

Tiscali in free ADSL modem promo

Tiscali is handing out free modems in a bid to get punters to sign up to its broadband service. Combined with a free connection promo to its 512kbps service, punters could save £115 getting started. The time-limited offer runs until the end of March. Subscription to Tiscali's broadband service costs £27 a month. Explaining why Tiscali was offering the free modem, Steve Horley, ISP and business development director at Tiscali UK, said: "This is what Tiscali is all about - challenging the market and being a champion for the consumer." Seriously. That's what he said. Anyhow, to find out more go here. ®
Tim Richardson, 06 Feb 2003

Stolen formula torpedos big brand mobos

Has your motherboard been playing up lately? If you bought a new mobo or new PC in 2002, it could contain a cowboy part which has caused its failure, or will do so in the future. Step forward the guilty component, a humble aluminum electrolytic capacitor. But this is not your everyday cock-up, oh no, but the fault of a "a mistake in the stolen formulation of the electrolyte in a capacitor". Yes corporate espionage is to blame! The specialist newswite Spectrum IEEE, run by the Institute of Electrical and Electronics Engineers, has uncovered a cracking story of skullduggery and ineptitude. Here's an extract: "According to the source, a scientist stole the formula for an electrolyte from his employer in Japan and began using it himself at the Chinese branch of a Taiwanese electrolyte manufacturer. He or his colleagues then sold the formula to an electrolyte maker in Taiwan, which began producing it for Taiwanese and possibly other capacitor firms. Unfortunately, the formula as sold was incomplete." Oh dear. So who's affected? Over to Spectrum again. "So far, the only motherboard maker to admit to the problem is ABIT Computer Corp. (Taipei), and the only major PC maker to acknowledge being affected is IBM Corp. But the problem is likely to be more widespread. Indeed, those who have repaired the damaged boards say that they have encountered crippled motherboards from Micro-Star International, ASUSTek Computer, Gigabyte Technology, and others. " Read the story in full here. ®
Drew Cullen, 06 Feb 2003

Floppy disks face extinction

The death knell for the humble floppy drive may have been sounded, following Dell's decision to stop installing them on all new PCs. The Texas-based company has said it will no longer install the devices on its PCs, except as an optional extra, starting next month. Like eight-track tapes and even its 5-1/4 inch floppy cousin, the 3-1/2 inch, 1.44MB floppy disk now faces near extinction. Analysts have said that Dell's decision is probably a precursor to a strategy that most PC makers will embark upon in the next couple of years. It has been almost five years since Apple Computer Inc stopped including floppy disk drives in Macintosh computers. The move from Dell has been coming for some time. In 2001, the company stopped selling floppy drives on some business desktops, followed by a similar move on the Inspiron 4150 and 8200 laptop models in 2002. While the other big computer makers still include floppy drives, they too have made similar overtures. Last year, Hewlett-Packard began offering alternative USB-based flash memory storage drives on some notebooks and the floppy drive was eliminated altogether on a few top-of-the-line Presario 900 notebooks. And experts also note that new storage devices hold far more data and are just as easy to use. Standard CDs, for example, will hold 650MB of information and new higher density versions are capable of storing a whopping 1.3GB, or about as much data as 900 floppy disks. DVDs have even beefier data storage abilities, with a one-sided, single-layer disc able to hold about 4.4GB, and a double-sided, double-layer DVD offering almost 16GB of capacity. For smaller files, other options are available to consumers in lieu of floppy disks, including MP3 players and Zip disks. The proliferation of the Internet and e-mail has also been a killer for the floppy, since files can now be instantly transmitted from any connected computer to any other. What's more, a number of companies are also now selling key chain-sized flash memory devices as floppy alternatives. In fact, Dell sells its own-branded 16-megabyte USB flash memory drive, which is now a standard in high-end Dimension computers. The company has hinted that it will make this same drive available on all desktops, if consumer response to the idea is positive. © ENN
ElectricNews.net, 06 Feb 2003

Dyson cleans out her closet

Esther Dyson, one of the key figures in the development of the commercial Internet, advisor to Al Gore, promoter of the Net in Eastern Europe and poster woman for the dotcom millionaires, went to massive lengths today to distance herself from the failures of ICANN, the Internet Corporation for Assigned Names and Numbers. Despite having been a Founding Director, Dyson now says that her involvement in ICANN's development was actually very limited. "I was peripherally involved", she claimed. "I went to a few meetings and we discussed a bunch of topics. but for my sins of negligence I ended up being invited to join the board of ICANN when it was created." Dyson also attempted to downplay the importance of the first board of directors, of which she was a key member, saying "we were not supposed to be the final board. we were supposed to figure out the transition to the final board". She also acknowledged that many of the criticisms made were justified: ICANN was unaccountable, secretive and inefficient in its early days. "ICANN is not perfect", she admitted, "and I'm not really here to defend it." However she did attempt to justify its continued existence, saying: "I'm a critic who thinks these things are hard to do and I can't see any other way." The unexpected confessional may have been prompted by her current need to re-establish credibility with the net community as she works to develop proposals for getting ordinary users involved in the formulation of ICANN policy through the At Large advisory committee which she chairs. "We want public input into ICANN", she said. "We've got a mechanism where it can have a seat on the task forces, liaisons to working groups, be part of the policy making process - I see that in many ways as more important than having a seat on the board." Others, of course, may disagree. Dyson was speaking in the Oxford Union at a conference called 'The Politics of Code', jointly organised by the Oxford Internet Institute and the Programme in Comparative Media Law and Politics at Oxford University. The one day conference brought together many net luminaries, including Professor Lawrence Lessig from Stanford University, Alan Davidson of the Center for Democracy and Technology and Harvard Alvestrand, chair of the IETF. The goal was to debate two complementary issues: how program code controls our online behaviour, and how the net can be regulated by governments rather than companies. Lessig, jet-lagged and miserable after losing Eldred vs Ashcroft, was entertaining but didn't say anything new. Fortunately the last session was enlivened by a witty contribution from CDT's Alan Davidson, who gave a talk which poked fun at the different cultures of the standards bodies ("In the Web Consortium you pay to play, everybody votes, then Tim decides. At the IETF you hum") while giving several good reasons why you should believe it when a lawyer turns up at a technical meeting saying 'I'm here to help.' Then it was off to drinks in Oxford's delightful Ashmolean Museum, where the real work of the day got done as contacts were established, names put to email addresses and new alliances forged. Let's just hope the policy makers and lawyers get their act together before the pigopolist revolution is complete. ®
Bill Thompson, 06 Feb 2003

Forged cheque scam hits UK retailers

UK computer retailers are warned today of a sophisticated new scam involving counterfeit cheques. The fraud involves British cheques that are very good forgeries - not least because they use a cheque number sequence that is both valid and as yet unused. Online fraud prevention scheme Early Warning believes that these cheques may be accepted and processed by the banks if they came to be presented. The scam is only then spotted when the company whose cheque-book has been copied notices a fraudulent withdrawal. The banks then reclaim the funds from the scammed retailer, by which time the goods might already have been shipped out through freight forwarder firms used by the fraudsters as delivery addresses. Early Warning has been told of two such scams targeting its members to date - the first involving £4,000 and the second £12,000. One of the targeted companies was StinkyInk.com, an online printer consumables store, which narrowly avoided been caught out by the scam. John Sollars, managing director at StinkyInk.com, said: "We received a cheque in the post to cover a quote we'd sent out via email. It all looked a little suspicious, so we checked on the company issuing the cheque and they were a reputable UK firm established for forty years. It was only when we started to investigate things further, both through the bank and through our own research, that we realised it was definitely a scam." Andrew Goodwill, managing director at Early Warning, said: "The fraudsters are finding increasingly sophisticated methods for continuing their scams. This particular example looks to involve people with a good understanding of British banking and cheque printing." Retailers are urged to be cautious of high value cheque orders from new clients, particularly when freight-forwarding firms are used as delivery addresses. In such cases, retailers should double cheque the validity of orders both with the company on whose name a suspicious account is drawn and their banks. How the Fraud Works The targeted online retailer receives an email message, which commonly asks for the delivery of high-value computer equipment to be made through freight forwarding companies. Once the retailer has replied with a quote via email, they then receive in the post a British cheque from an established British company. The retailer presents the cheque to the bank, the funds clear and the goods are shipped out accordingly to a freight company. The scam is only then spotted when the withdrawal is noticed by the company whose cheque book has been forged. The banks will reclaim the funds from the retailer, but the goods have long since gone. The counterfeit cheques appear to be extremely good forgeries and use valid and unused cheque number sequences. ® External Links The Early Warning Web site acts as a repository for known credit card frauds, as well as other scams involving counterfeit cheques and letterheads. It also features an email based Fraud Alert service. Card Watch: information on payment card fraud and its prevention. Related Stories Nigerian freight forwarding scam hits UK Trainee(!) dishwasher pleads guilty to $80m identity fraud
John Leyden, 06 Feb 2003

I'm a Bastard Operator, Get Me Out of Here!

Episode 1Episode 1 BOFH 2003: Episode 1 "IT'S JUST A BIT OF FUN!" The PFY cries. "NO-ONE TAKES IT SERIOUSLY!" "I think the people concerned are taking it rather seriously," The Boss responds unhappily. "In fact, the number of complaints I've seen so far would indicate that EVERYONE involved is taking it seriously!" "I'm not taking it seriously" I point out sagely. "Neither am I," The PFY adds. "You're bloody running it!" The Boss snaps. "Yeah, but only from an administrative stance - no other input. Other than that, it's the company making all the decisions." "I think that in review we'll find there's a very clear case to support the complaints about you wasting the company's resourc.e" "We're not wasting it!" The PFY argues. "It's spare CPU, disk, etc. It'd be a waste if we DIDN'T use it!" "I think it's HOW you use it that people are complaining about." "Why?" "Because an <>b>'Intranet Survivor' Website ISN'T Company business!" "Of course it is - it's ABOUT people in the company. And it's good for morale!" "How?!" "Because people get to vote for people they like. So people get the credit that they deserve. And people can update the website at any time, so good service is rewarded instantaneously! People get to feel good about themselves!" "And how many positive comments have been posted so far?" "I don't know," The PFY responds. "Obviously I can't read EVERY message posted as I've got a JOB to do, but I'd assume there'd be quite a few..." "There are NONE!" The Boss snaps "Well Obviously there would be SOME people who felt the need to..." "AND" The Boss snarls "There's no SUBMIT button on the positive feedback page!" "Did you scroll to the very bottom of the page, hidden behind the jpg picture of the world?" "Uh... YES!" "Really - must be an undocumented bug in the software, which I'll be sure to report back to the developers on their feedback form." "If it has a SUBMIT button," I add. "Anyway," The PFY continues. "The number of negative comments could be seen as a reflection of the negativity inherent in our company than the website itself. When more positive comments were logged, I'm sure it would be good for Morale!" "Yeah, sure. However it doesn't matter, I want the site taken down!" "Ok, we can do that - Now would you be telling the CEO or should we? "The CEO?" "Yes, he's interested in the site, and quite likes it really. See >tap<, >tap< he's the one up the top of the rating. In fact, he's so pleased with the site and feedback that he asked that it not be anonymous. As a matter of fact, I'm rather surprised that you haven't placed any votes - positive or otherwise for him. Is there some problem there - a bit of animosity that would be reflected in the continuance of your empl..." Breaking the land speed record for a standing start, The Boss rockets off to his office to press the "Suck up" jpg a couple of million times before the CEO starts compiling his New Year's Dishonours list. A couple of hours, many many keyclicks, and a brownnosey phonecall later he's back, this time back with some helpful suggestions. "I think you should tone down some of the automated procedures," he mumbles. "Which ones?!" The PFY gasps, horrified. "The one that locks people out of the building if they have a low popularity score for a start!" he suggests, obviously not happy at standing out in the rain after lunch till a courier came. "It doesn't lock them out!" The PFY cries. "The chance of the door opening for them is directly proportional to their popularity percentage. Unless of course their popularity is zero.." "And then?" "It updates the HR Database (changing the Salary to Zero), cancels the person's swipe card and notifies security to put their personal effects in a cardboard box and drop them out a sixth floor window. So it's like real Survivor, with people actually being voted out!" "It's great fun!" I concur, nodding happily. "The Company Caterer left just 10 minutes ago after a particularly nasty cauliflower cheese. It really is a fantastic use of technology." "I think HR will have something to say abou..." "Spoke to them, passed on the CEO's thoughts on the topic and they agreed that perhaps it was a useful workplace incentive practice. "The unions will never allo.." "They got voted out yesterday after a video of them spending Union money at a strip show was anonymously posted to the site," The PFY adds innocently. "I would have thought YOU would be a bit afraid of public opinion," The Boss snaps, not liking the way this is turning out. "It's funny you should mention that, but would you believe it, when someone clicks on either of OUR names, the rating Down-Button disappears!" The PFY burbles. "Must get around to reporting that," I murmur unconvincingly "The software's riddled with bugs - but then you must know that. HEY, isn't that your stuff passing by the Window?!" >One hour later<

"Well at least he put up a fight!" The PFY burbles happily. "It makes for lousy video streaming when they just give in. Who's next?" "Well, bottom of the list - after that last anonymous video, the bloke with the nose picking habit who works in the mailroom." "I hate him!" The PFY snips. "We all do", I agree. ® BOFH: The whole shebang The Compleat BOFH Archives 95-99 BOFH is copyright © 1995-2003, Simon Travaglia. Don't mess with his rights
Simon Travaglia, 06 Feb 2003