17th > February > 2003 Archive

TTPCom pitches 'sub-$200' platform for mobile gaming

Cambridge-based wireless design company TTPCom is kicking off this week's 3GSM World Congress with the unveiling of a mobile games player reference design. TTPCom doesn't actually build phones (more's the pity - we loved the one they showed us last year), but licences designs and IP to manufacturers. The new design will therefore be pitched at companies wanting to produce products for the wireless gaming/youth market, and will to some extent go up against Nokia's N-Gage. Its codename is B'ngo. "How do you say that?" we asked. "Make a noise like you've got a mouth full of sticky toffee?" Apparently not - "Bingo", you say. Bnnneurge (as we still like to think of it) uses an ARM 7, is triband GSM, has a still camera, 176 x 220, 65,000 colour TFT, GPRS, Bluetooth, polyphonic ringer, basically all the gizmos you'd expect in a cool phone today, but it's more of a console shape, and has gaming keys and TTPCom's WGE graphics system included. The spec indicates TTPCom will be pitching it in at least two variants, Java being included in the high end version. But the company expects it to retail in the sub-$200 category before operator subsidies, so it should be possible to get quite a meaty device quite cheap. Whereas with N-Gage Nokia is fairly clearly taking a pop at the console market, B'ngo seems to be anticipating that the phone business will use a slightly different model. It's anticipated that the device will ship with some bundled games, and games will also be available for download; B'ngo, natch, has DRM in it. It'll be able to play network games over the air, but also includes a facility for up to eight players in close proximity to play via Bluetooth. Which could be fun, and considerably less financially taxing than the stuff the networks want to sell you. There's a picture available here, and a bigger one here. ®
John Lettice, 17 Feb 2003

Samsung takes 5% stake in Symbian

First blood to Symbian at this year's Spy v Spy at 3GSM in Cannes. Microsoft and Samsung revealed the Samsung SGH-i700, a GPRS-capable Pocket PC device, but experienced immediate and massive retaliation from Symbian, which today announces that Samsung has become a Symbian shareholder. Samsung is possibly the biggest tug of of love child in the history of the universe, and is subject to more or less alternate strategic announcements from Microsoft and Symbian indicating undying allegiance. Until the next counter-announcement. The Symbian stake, however, is surely more meaningful in the longer term. Samsung gets 5 per cent for £17 million, and a seat on the Symbian supervisory board to go along with it. This puts current shareholdings as follows: Sony-Ericsson 19 per cent, Panasonic 7.9 per cent, Motorola 19 per cent, Nokia 19 per cent, Psion 25.3 per cent, Samsung 5 per cent and Siemens 4.8 per cent. The new shareholder doesn't seem to impact the stakes the existing shareholders have much, but no doubt the £17 million will come in handy. @reg;
John Lettice, 17 Feb 2003

UK.gov aims to demystify security for SMEs

UK online for business has launched a security section on its Web site, designed to help small business keep abreast of the latest Internet threats and how to combat them. Security advice is often too technical, particularly for smaller companies with limited resources. UK online, a DTI-led partnership between Government and industry, which promotes the use of e-commerce in the UK, hopes its advice will be easier to understand. It wants to raise awareness of potential security risks alongside jargon-free instruction on how SMEs can guard against potential threats. The pages draw together a range of tools, advice and guidance on core areas of online security for businesses to review and use. This is supported by case study examples of businesses that have been affected by security breaches. Core areas of the site include: Resources: Reviews five key security breach areas - viruses, theft, inappropriate usage, unauthorised access and systems failure - outlining how to assess the risk to a business. It also provides advice on prevention and recovery Health Check: A 20-minute questionnaire that assesses a company's risk of suffering a security breach. Businesses are provided with a colour coding to show where potential weaknesses lie Security Glossary A-Z: Provides a jargon-free description of over 90 security terms Advice pages: Cover a range of topics, from e-regulation and funding through to skills, training and tax. UNIRAS link: This provides a link to the Unified Incident Reporting and Alert Scheme where visitors can review the latest security breaches affecting UK business Police and ICT Crime Contacts: A list of contact details for reporting security breaches Security breaches to information and communication technology (ICT) systems affected 44 per cent of UK businesses at least once in the last year, according to last year's DTI sponsored Information Security Breaches Survey. Patricia Hewitt, Secretary of State for Trade and Industry, said business need to minimise risks associated with security breaches, as the impact "on business of virus attacks, hackers and inappropriate usage of ICT systems by employees increases". "Security has risen up the agenda over recent years, but is still often seen as a technical issue," said Hewitt. "What companies, especially smaller ones, need is easy to understand advice on key issues as well as guidance on what to do when things go wrong. UK online for business brings together for the first time a comprehensive and valuable source of advice on information security," she added." As well as its dedicated information security site, there's also a booklet Information Security and Why You Need, which is available as a PDF here. Alternatively a hard copy of the booklet can be obtained by phoning the UK online for business Info Line on 0845 715 2000. ® Related Stories MS takes a stab at security bulletin for the masses At a stroke, MS cuts critical vuln reports Govt needs to spruce up its Web sites Hi-tech crime threatens UK plc - survey UK plc reamed online
John Leyden, 17 Feb 2003

London road charging scheme goes live

London's new congestion charging experiment - designed to ease traffic gridlock in the capital - went live this morning. For Mayor Ken Livingstone and the others behind the scheme, it's a nail-biting time. Will it ease traffic in central London or merely lead to snarl-ups elsewhere? Will the technology linking the 800 cameras and payment systems actually work as planned? Early reports this morning suggest that the traffic and technology are currently running reasonably trouble-free. Over the weekend, though, there were reports that the London Congestion Charging Web site - one of the central sources of info for the scheme and, crucially, a method to pay the £5 charge - went tits up. Even when it was up and running people were complaining that they couldn't register to pay the charge. Last week Web consultants, the Usability Company, slammed the site's performance, claiming it took minutes to perform some of the simplest functions. And a week before the introduction of congestion charges those carrying out the assessment said they were unable to pay the charge. Other grips include small text size making it difficult for some to read and problems navigating around the site. The Usability Company's criticisms have been echoed by Dominic Byrne of Internet outfit Radware. In a statement he said: "Ken Livingstone's Web site seems to be in need of some serious decongestion. It is another example of an organisation not undertaking sufficient capacity planning and failing to make the most of available bandwidth to ensure uptime, even during peak demand periods." The Usability Company is keeping an eye on the site and is planning to carry out another analysis in a month or so to see how it is coping. ®
Tim Richardson, 17 Feb 2003

Opera unleashes Linux preview of version 7 browser

On Friday Opera announced the first Linux preview edition of Opera 7, the company's next-generation browser, which recently shipped for Windows. The company stresses that the Linux version's a preview, so there are rough edges, but it means that we're moving, and Linux users can more or less keep pace with what Opera's up to on the Windows platform. Which is particularly good news for The Register. We were recently browbeaten by Opera marcom into installing 7 for Windows, and after a week or so's use we think it's quite nice. Tempting us back to Windows, Opera? Shame on you. In the Linux preview's rough edges of department, Opera says that most Linux-specific features of Opera 6.1 are gone "for now," DnD isn't fully working, there are some focus-related problems, and font setup might be a bit picky. It does however come with the new email and news client, which we think we like. You can download it here.   Opera, you may have noticed, is up to its old 'formation announcements' trick. We've had 7 for Windows, now 7 for Linux, Opera for mobile phones and a Swedish chef gag we haven't even got around to mentioning yet. Well, the latter is not getting a separate story, and that's that. But it's a pretty good gag. Opera recently lashed out over what it said was a deliberate attempt by MSN to make Opera look broken. It has subsequently followed this up with a special commemorative edition of Opera 7 which is fully-functional apart from translating msn.com into Swedish chef language. Slippery slopes, we reckon - The Register will be demanding the Linux version next, and users may revolt if Opera doesn't keep the Bork versions in sync with the vanilla ones. Code borking, we think you call this. But you can more info about it here, and download it from here. Actually there seems to be some other stuff in the custom folder too; CNET version - is that satirical too? ®
John Lettice, 17 Feb 2003

Vodafone licks lips over Nectar deal

Vodafone customers will soon be able to earn Nectar loyalty points following the mobile phone company's decision to sign up to the reward scheme. From late spring, Vodafone punters in the UK will earn two Nectar points for every £1 they spend on using their phone. What an incentive! Just think, spend £250 on texting and chatting and you to could get - wait for it - a Medium Extra Value Meal at McDonald's. Or a purse-jangling £2.50 off your shopping bill at Sainsbury's or Argos. Isn't that just terrific? The scheme is open to those who pay-as-they-go and monthly subscribers. In a statement Lance Batchelor, marketing director of Vodafone UK, said: "What we've done today is take Britain's best mobile network and pair it with the UK's most popular rewards programme. That's an unbeatable offer for our customers. Why would anyone choose to use a lesser network which can't offer Nectar points?" The Nectar loyalty scheme was launched last September backed by Sainsbury's, Barclaycard, Debenhams and BP. Within hours of the scheme going live those behind Nectar had to suspend Web-based signups because the site simply couldn't cope with demand. ® Related Story Nectar suspends Web registrations
Tim Richardson, 17 Feb 2003

London charge zone is security cordon too, says mayor

And with one bound, the Ken formerly known as Red repositions himself as a Big Brother privacy nightmare. London Mayor Ken Livingstone has previously, as we noted yesterday, claimed that data from the cameras in London's congestion charge zone would not be recorded and used for other purposes. But that was then and this is now. Congestion charging went live today, Ken has been running round doing radio and TV interviews, and The Register has been running around behind him sweeping up commitments to control-freakery and privacy invasions in the name of security. Thanks to our team of spotters we have sightings in Sky News, LBC and Capital FM studios, in all of which Ken played the security card. He's claimed that the cameras can be used to view drivers' faces, speaking on Sky News and LBC, and our LBC spotter tells us "Livingstone explicitly confirmed that the cameras were controllable remotely, had variable angles and zoom levels and would be used when needed to assist law enforcement efforts." The best stuff we've had so far however is the Capital phone-in, a transcript of which is available here. There are several notable passages, this one being particularly so: "Even if, at this stage, I lost my nerve and said we wouldn't do it we would still keep those cameras there for security reasons. They?re much more sophisticated than the old ones and the police will be able to use them. So if a terrorist group is trying to drive in we can identify the car, it can be flagged up instantly and we can even possibly be in a position where we can recognise the driver. So there's now an added benefit that we didn't anticipate when we thought about this but since Sept 11th central London will be dramatically safer, not impossible for anybody to get in, but a lot more difficult for a villain to get in and do their damage." A word here about the technology being used. There are two kinds of camera, one an infrared plate recognition unit, and another producing a continuous video stream of the traffic. So if - for example - your plate is obscured, or you want to contest Transport for London's claim that you were in the zone without paying, TfL's techies at Capita would attempt to produce evidence by extracting images of the vehicle in question from the video. It's these cameras Ken's talking about here, not the plate recognition ones. Now, if TfL is using the video purely for its own enforcement purposes, then it is likely to have to retain video for at least several weeks. Time for the fines to go out, time for them to be paid or not, time to use them for chasing purposes as and when people go to ground. So actually TfL's retention need probably squares nicely with what the security services would find handy. The cameras may be good, but there is no way they can do facial recognition. You might, if you were lucky and if you were controlling a camera which you were already training on a suspect vehicle, see someone you recognised. But it's wildly unlikely that the police would score any direct hits from speculative trawls through the archive footage. In that context, Livingstone's claim that it will be "a lot more difficult for a villain to get in" are somewhat imaginative. For now. Livingstone is anticipating next generation technology: "... in 4 or 5 years time there will be satellite technology which will be much more sophisticated and you could exemptions and have a scheme where that happens. This is a crude system. It's the best available at the moment, but in a few years time once we've got satellite and once the government has legislated that every car should have a transponder, like they do in every American states or Europe that just registers it as you go in and out, then you'll get not just a more sophisticated congestion charging system but you'll get charged for the length of time you're on a particular motorway. I suspect that in ten year's time we will have moved away from vast petrol duties and car tax and all that and you'll actually be taxed for the use of your car rather than just having one." The system he describes here is similar to the one already deployed in Singapore, although we fear he's being a tad imaginative regarding the US and Europe. Note however that as he now sees the cameras as being applicable in a purely security role, they are not going to go away when the satellites kick in. You need, obviously, some way to detect when a car with a disabled GPS unit is using the road, otherwise there's no enforcement. So you keep the video cameras, and maybe you enhance them. It would be handy, purely from an enforcement point of view, if TfL could get a clear shot of the driver's face as well as the car, wouldn't it? Facial recognition would be useful too. One sees peculiar and developing synergies between road pricing systems, security and control, even without the Ken formerly known as Red happily mixing the two together. So although they can't do it all now, they're going to try. Livingstone wants to extend the London system out from the central zone, and as he was telling Capital he foresees a time when all roads in the UK are priced this way. And therefore policed this way. As he says: "I have never doubted that the system technically will work. The question is, is it politically acceptable to people." Indeed. Fortunately, we're British and therefore entirely incapable of running anything like a proper police state. Take this clip from Ken on dealing with people who don't pay the charge: "Well, they will be pursued as they would if they had parked in a bus lane...." Ken, bless him, does not drive and is therefore utterly unaware of the state of London's bus lanes. If TfL goes after charge dodgers as hard as it goes after all of the people parked in bus lanes, then there's no point in anybody paying, and somebody should tell Ken. (Hint: Ken, when you're in a taxi - which we hear is quite a lot - why does it zigzag so much, given that it's allowed in the bus lane anyway?) But there's more of an edge to his follow-up, a populist appeal to the 'I pay my rates' vote: "... the one thing you've got to remember in London is that 1 person in 10 in London hasn't registered their car, hasn't paid tax and hasn't got insurance, they're just freeloading off everybody else - they're most probably the people who will most persistently not pay. A quarter of them are being sought by the police for other offences. It won't just be that some poor old guy turns up and clamps your vehicle, you'll most likely have police there in protective gear because you might be dealing with a rather serious character." There you go - if you don't pay, you're probably a serial criminal/terrorist with ricin about the premises anyway, and Ken's going to sic Special Branch on you. Synergy again, no? ®
John Lettice, 17 Feb 2003

BTo gets tough with Sat bandwidth hogs – again

BT Openworld has threatened around 40 of its broadband satellite customers that it might have to cap their service if they continue to hog bandwidth. In a letter to customers BT's ISP has warned them that they have been "using an excessive amount of bandwidth on a regular basis". And unless they curtail their usage, then BT Openworld warned: "We will soon have to start imposing bandwidth limitations on your account at peak hours so that all our customers have a fair share of bandwidth." Of course, instead of imposing a restriction, BT Openworld wants to work with those heavy users in a bid to help them manage their usage more effectively. A spokesman for BT Openworld told The Register that it did not want to cap usage or kick anyone off the service for over-use and hoped that those people contacted would co-operate. Indeed, when BT Openworld warned satellite customers last September about over-use, the matter was resolved without any further action on BT's behalf, he said. ® Related Story BTo gets tough with Sat bandwidth hogs
Tim Richardson, 17 Feb 2003

HP promises ProLiant performance boost

HP today introduced two eight-way ProLiant servers that mark the debut of HP/Intel's F8 chipset in the manufacturer's hardware. The servers, the new HP ProLiant DL740 and the second-generation HP ProLiant DL760, also feature hot-plug RAID memory capabilities and improvements to HP ProLiant Essentials management software. Designed for applications such as high-performance databases and IT consolidation projects in mind, HP says the servers offer great strides in both availability and performance over previous models. Each is built to run either Linux or various flavours of Windows Server. HP's partners, such as VMware, provide technology that allows customers to run multiple, and even disparate, operating systems and applications on the same ProLiant server. And what server launch would be complete without benchmarks? In this case HP highlights how the ProLiant DL760 server achieved 115,025 transactions per minute (tpmC) with a price/performance of $7.69/tpmC in the relevant TPC benchmarks. HP gives credit for this performance to use of the F8 chipset, a follow-on to the Profusion chipset that HP jointly developed with Intel. The F8 chipset has been designed for higher performance and bandwidth by combining PCI-X input/output technology, Gigabit Ethernet, Ultra3 SCSI and Intel Xeon processor MP technology. Last July we reported that HP was quietly "killing off" the F8 chipset. Now it seems reports of its mothballing in some (HP cupboard somewhere, perhaps) were greatly exaggerated. Also announced today are two new additions to the HP ProLiant Essentials management software product line: HP Insight Manager 7 SP2 and the HP ProLiant Essentials Performance Management Pack. HP Insight Manager 7 has an enhanced user interface that provides an integrated console for the Performance Management Pack. The Performance Management Pack features the ProLiant Performance Analyser, which identifies and explains hardware bottlenecks on ProLiant servers, so helping users get the most out of the hardware. Available today, the HP ProLiant DL740 server starts at $24,999. Each ProLiant DL760 server costs $27,999 or above. Licenses for the HP ProLiant Essentials Workload Management Pack are $499 per server. Estimated US licenses for HP ProLiant Essentials Performance Management Pack are $99 per monitored server. The two management packs are currently available only for Windows environments but the lesser HP Insight Manager 7 SP2 ships free with ProLiant servers. Additional information about can be found here. ® Related Stories IBM preps 32-way Intel server IBM, HP quibble over Xeon MPs in midrange servers
John Leyden, 17 Feb 2003

VoIP builds momentum in developing world

Internet telephony is gaining ground, particularly in the developing world, against traditional switched circuit telephony. According to a recent report by telecoms consultancy TeleGeography, voice over IP (VoIP) traffic accounted for 10 per cent of all call transfers last year (six per cent in 2001). In 1999, by the same reckoning, VoIP accounted for less than half a per cent of the world's call volumes. TeleGeography's report shows significant regional disparities, with Western European in particular cautious of embracing VoIP (which offers cheaper but possibly less reliable communications). In terms of total traffic, Latin America, East Asia, and Eastern Europe are reckoned to be the primary destinations of global VoIP termination. Routes into China, Russia and Brazil accounted for 10 percent of global VoIP traffic between 2000 and 2002. Traffic into India and Indonesia is showing greatest increase in VoIP traffic growth, each doubling over the last two years. Calls from the US to countries in the developing world account for a significant proportion of global VoIP traffic. Top international routes included between US to Mexico (with 12.1 per cent route share in 2002), with US to China (4.6 per cent) and US to Colombia (2.5 per cent). So the long predicted move to VoIP is finally beginning to happen, and carriers need to take this on board when developing their business plans. TeleGeography's report states: "While a large portion of VoIP traffic carried by establishing carriers is bundled into enterprise products on private networks, some carriers are beginning to carry significant volumes of wholesale VoIP over their long-haul networks." Some carriers are utilizing their own IP networks to carry voice traffic but most are outsourcing to VoIP middlemen, TeleGeography believes. An example of such a middleman is carriers' carrier ITXC. The company claims to handle 20 per cent of the world's VoIP traffic passes over its network, which spans 175 countries. Last week ITXC committed to using equipment from Cisco to build greater reliability into what is billed as the world's biggest VoIP network. IRXC is to standardise on Cisco's AS5000 Universal Gateway and PGW 2200 Softswitch Voice Over IP (VoIP) products in the further development of its network. By standardising on Cisco equipment, ITXC can get around the interoperability concerns that have historically held back VoIP as a technology. Hanging on the Telephone The idea of making telephone calls over the Internet has been around for years. However it's long being held back by quality and reliability concerns. Incomplete or competing standards further muddied the picture. These technical problems are now, largely, resolved. Although regulatory issues remain (like Panama's recent decision to ban VoIP) and the telco market remains chronically depressed, it seems the march of history it towards voice over IP. Although VoIP is not (in the short term at least) going to match circuit switched telephony it can match, or even surpass, what people accept on their mobile phone. And that's good enough for most people. ® Bootnote For the benefit of our overseas readers: Norman Collier was a comedian of the 1980s famed for a comedy routine where you couldn't tell what he was saying. He got laughs through pretending the microphone he was using dropped every other word ("Is __is _ike on?" etc.). Stanley Unwin, who we originally thought this routine belonged to, is a different comic altogether. Related Stories Cisco refreshes IP convergence line Panama bans voice over IP Reg readers place VoIP ahead of 3G Mass VoIP moves closer to reality
John Leyden, 17 Feb 2003

Sun's Jalapeno almost cooked

We've almost exhausted the taqueria/stale food metaphors for Jalapeno, Sun's UltraSPARC IIIi processor, but surely one more won't do any harm (you mean more harm - Ed). The processor was again missing in action when Sun did its top-to-bottom product refresh last week. Since it had only just been found, it needed some reheating. But we learn that Sun has told customers to expect the processor in two varieties of workstation. A "performance" version will feature dual 1.2Ghz Jalapenos and four independent PCI buses. An el cheapo version will feature a single 1Ghz IIIi an ATA disk rather than a SCSI disk subsystem, and two independent PCI buses. Both systems will sport 1394b Firewire, USB 2.0, and Gigabit Ethernet. Don't expect a Jalapeno blade until next year. These first products are most likely to appear in Q2, now, with V210 and V240 featuring IIIi too. We don't have the prices - but it's only fair that we leave something for Sun to announce itself. ® Related Story Spring-cleaning Sun debuts blades, N1
Andrew Orlowski, 17 Feb 2003

.uk.co domain wiped off face of Internet

The .uk.co domain was wiped off the face of the Internet this morning with no notice, leaving more than 8,000 livid individuals and businesses - including Amazon and Priceline - with no Web presence or email. The only proof of its existence is a posting on www.uk.co from the top-level domain .co owner - the University of the Andes in Bogota, Colombia - saying that the registrar for the .uk.co domains Net Registrar had failed to agree terms of a new arrangement and so it was "no longer entitled to operate uk.co sub-domains". Therefore, "Net Registrar is not entitled to permit you to use the uk.co domain names that you had registered with them". Net Registrar managing director, Robert Fox is not happy. He told us he was "very surprised" at the sudden decision to switch off all the domains and has "no idea" why they took the step. Inevitably, he has been fielding calls all morning from furious domain owners but says "all I can do is take legal action". That legal action is thought to be the reason behind the switch off and is just part of a wider battle between the university and the government of Colombia over the .co domain. The university announced in June 2001 that it was selling off the domain to the highest bidder, in much the same as the island of Tuvalu made a tidy profit from selling the rights to its .tv domain. However, this privatisation attempt upset the Colombian government which decreed on 12 July 2002 that the Minister of Communications in Colombia would take over the administration of the domain no later than 31 December 2003. In December 2002, the University informed Net Registrar of the impending transfer and tried to draw up a new arrangement with the company. Net Registrar immediately put a stop to all new registrations and attempted to get assurances from all involved over maintenance of the .uk.co domains. What went wrong we may find out tomorrow as a Colombian judge decides whether Net Registrar has the continued right to the domain. Until then, Robert Fox tells us, he considers the matter sub judice and so does not want to comment further. The university claims that it "sought to agree a new arrangement with Net Registrar to facilitate the transition by Net Registrar's customers to new domain names", but "Net Registrar did not agree to the terms of this new arrangement", and so it cut them off. Net Registrar on the other hand said in a statement today: "Since we received notice from the Registrar that it may cease to have responsibility for the .co domain we have been trying to obtain assurances on the maintenance of the uk.co subdomain. To date we have received no such assurances. In order to prevent the possible termination of the service we have been obliged to issue proceedings in the High Court of Colombia." With the Colombian government assuming control of the domain and wishing to invite international investment, it is unlikely to adopt a year zero approach to domains and so Net Registrar should retain control of www.uk.co and hence continue to be able to sell .uk.co domains. La Universidad de Los Andes is likely to know this and so the switch off may be interpreted as an attempt to annoy or damage Net Registrar. It has certainly done that, although it may backfire horribly. Robert Fox tells us he doesn't think he is liable for any lawsuits from domain owners claiming loss of earnings because the situation is entirely out of his control. Indeed, the university's stunt may see it loaded with lawsuits itself in the coming weeks. Today's court judgement may increase that possibility. The idea of the .uk.co names is either to act as an alternative to .co.uk if the domain has already gone or to capture the large number of Internet users that type the address in the wrong way around. With over 25 domain sellers signed up with Net Registrar and 8,000 domains sold, it was doing good business. The domains cost £15 for two years. Whether the domain is resurrected we should know by tomorrow. ®
Kieren McCarthy, 17 Feb 2003

Net awards targeted as NTL cap row enters another week

Angry NTL users are looking to hijack this week's Internet industry awards in London to protest about the cableco's decision to cap its broadband service. E-minister Stephen Timms will be among 360 industry bigwigs attending the lavish event - dubbed the UK's "Internet Oscars" - at a swish London hotel on Thursday. Acknowledging that this week's event might be targeted a spokesman for the Internet Service Providers' Association (ISPA) told The Register: "Everyone has the right to protest." Those behind the direct action are hoping that a demo outside the event will help raise public awareness while causing maximum embarrassment to the cableco. Users had hoped that a wave of protests planned for Valentine's Day would help make NTL reconsider its decision to cap broadband use to 1Gb a day. At this stage, it's still not known whether the protests - including the threat of mass disconnections from the service - materialised to any great degree. An online petition calling for NTL to overturn the cap has so far notched up more than 2,700 signatures. ® Related Stories Legal action mulled over NTL BB cap Users call for anti-NTL protest NTL seeks to clarify 1GB/day broadband cap NTL implies 1GB/day broadband cap
Tim Richardson, 17 Feb 2003

Oracle 9i Database, Ap Server bust six ways to Sunday

Oracle admins are in for a busy time with the publication of no less than six vulnerabilities over the last week. Four of the vulnerabilities are buffer overflow flaws affecting various components of Oracle9i Database Server. Then there's two flaws affecting Oracle9i Application Server, which pose denial of service risks... or worse. Some are potentially very nasty indeed. Oracle describes them as critical and that's not the half of it... The buffer overflows in Database server involve: the ORACLE.EXE binary, the TO_TIMESTAMP_TZ function, the TZ_OFFSET function and DIRECTORY parameter of Oracle9i Database Server. These are explained in greater depth in the BugTraq advisories linked to above and the security section of Oracle's Web site. The web site also gives more refers to two Oracle9i Application Server vulnerabilities (involving DAV_PUBLIC Directory and the mod_oradav Module) All vulnerabilities were posted to BugTraq, and patched published by Oracle, last weekend. Over the weekend security researchers have been digesting these reports, and coming up with some potentially unsettling conclusions. David Litchfield, of NGSSoftware, the security firm that has carved something of a niche for itself in unearthed Oracle flaws (and did the lion's share of the work this time too), tells us the majority of the Oracle9i Database Server require an attacker to have a valid user name and password. So the greatest risk here comes from a buffer overflow glitch within the Database Server's authentication process, which a post from NGSSoftware to BugTraq today explains in much greater depth. Various flavours of Database Server (8i, 8.1.7, 8.0.6) as well as Oracle9i are potentially vulnerable to this attack, according to NGSSoftware. Combine that with an Oracle9i Application Server Format String Vulnerability, and we have a way an attacker might gain control of Ap Server and get around what firewall rules might otherwise guard against attack against (potentially vulnerable) Database Servers. Oracle describes this as only a denial of service risk but the issue, albeit it tricky to exploit, seems to go deeper than this would suggest. Litchfield, in masterly understatement, says these various vulnerabilities "need attention". Once again: Oracle's patches can be obtained via links on its Web site here. ® Related Stories Oracle objects to Reg security coverage Staying on top of Oracle's holes How to hack unbreakable Oracle servers Slammer: Why security benefits from proof of concept code
John Leyden, 17 Feb 2003