2nd > December > 2003 Archive

Hackers used unpatched server to breach Debian

A security alert issued by the Debian says that a known Linux kernel code vulnerability was used to break into the project's servers, bringing development builds to a halt. An encrypted program (encrypted using the TESO BurnEye obfuscator) used an overflow in brk() which allowed the user process to get executable access to kernel space. It's a local exploit, which was only possible because a hacker used a stolen password, then escalated the privileges. All passwords on one of the development machines were invalidated. "If you have or had access to a Debian machine and were using the same password on other machines you are strongly advised to change it as soon as possible. When the cleanup is done all passwords will be invalidated and accounts unlocked and people can request a new password through the email robot on db.debian.org," Debian advised on Friday. Debian has yet to disclose the damage, if any, that the attacker caused to the source code tree. The bug was patched in September, but not included in the 2.4.22 release. To the sound of galloping hooves disappearing into the distance, you can find out how to close the stable door here. ® Related Story Check your sums, Debian advises developers after breach
Andrew Orlowski, 02 Dec 2003

Diebold gives up e-vote clampdown

ATM giant and voting machine hopeful Diebold has dropped its attempts to stifle discussion of flaws in its computer systems. An archive of internal Diebold emails, some listing embarrassing errors in Florida during the 2000 Presidential Election count, has been widely hosted on the Internet since it first leaked. Diebold argued that the emails were protected under the Digital Millennium Copyright Act (DMCA), the draconian 1998 legislation written by copyright lobbyists. Since copyright was a concept sanctioned in US law to protected the 'useful arts', this was a novel interpretation of the founding fathers' original intents. Diebold threatened not only ISPs who hosted the material, but anyone who linked to the archive. But after a case was brought by the EFF's publicity officer, a Judge in San Jose in a preliminary hearing has forced Diebold to promise not to threaten any more Internet Providers. The court will hear motions in January. A full case is scheduled for 2004. ® Related Stories E-voting vendor sued for DMCA takedown Electronic Voting Debacle
Andrew Orlowski, 02 Dec 2003

Training police to capture online child predators

A conference to help police capture online child predators is launched today. The International Centre for Missing and Exploited Children (ICMEC) is running the four-day Conference on Computer-Facilitated Crimes Against Children at the headquarters of international police agency Interpol in Lyon, France. This brings together law enforcement reps for extensive training on "investigating online child predators, collecting evidence and computer forensic information, and seeking private industry assistance in child exploitation investigations. "Trainees will learn technical investigative techniques, forensic skills and how to psychologically assess predators," ICMEC says. Microsoft is sponsoring the conference and delegates from 36 countries are attending. The ICMEC training programme is an important component of a 10-point agenda developed during the first Global Forum on Child Pornography in Dublin, Ireland in October last year. ICMEC plans to run up to 10 training programmes a year around the world. ®
John Leyden, 02 Dec 2003

First motorists collared by mobile ban

Police in Scotland have nabbed their first motorists caught using mobile phones while behind the wheel. Eight motorists were stopped by police yesterday, following the introduction of new legislation which outlaws the holding of a phone while driving, the Scotsman reports. Early yesterday morning (around 2am) a 35-year-old woman allegedly became the first person to be stopped under the new legislation, which came into force at midnight. According to reports she was not handed a £30 fine since it is understood that she has also been charged with drink driving. Other drivers in Scotland were slapped with £30 fines after being caught using their mobile illegally. Police in Scotland are taking action against motorists from day one of the mobile ban, but officers in England and Wales are showing more leniency, by giving motorists a couple of months grace to get used to the new law. ® Related Story Mobile phone driving ban comes into force
Tim Richardson, 02 Dec 2003

Rogue diallers now use satellite

The German site Dialerschutz (Dialler Protection) warns Internet users against new rogue diallers which connect through Emsat, Eutelsat's satellite system. Internet users have been faced with exceptionally high phone bills. Emsat provides mobile telephony and data services to regions where terrestrial cellular networks have not yet penetrated. Trojans and premium rate diallers which call out to expensive numbers in faraway countries are a well-established scam. They often come disguised as an ActiveX control that disconnects you from your ISP, then silences your modem and (re)dials a number, usually somewhere in Africa. Phone bills exceeding €1,000 are not unusual. In Germany phone fraudsters have raked in €300 per call. Since most phone companies share revenues with service providers, rogue diallers seem to make good money. In the last fortnight new numbers have began to crop up such as 0088 213881 0510, 0088 213881 1225, and 0088 213881 1582. Calling these Emsat satellite numbers will set you back €3 per minute or more. The odd thing is that nobody seems to know how rogue diallers make money from international satellite calls. Emsat isn't known to have a shared-revenue model. Some of the programs that dial out to Emsat originate from Dutch and Italian sites. Dutch watchdog STIC says it hasn't received any complaints yet about rogue diallers that use satellite communications. One explanation for the change to satellite numbers could be a new law that was finalised by the German Ministry of Economy & Labour earlier this year. This bill requires transparent billing by providers of new web dialing services and also limits the per call charge to € 2 per minute (or €30 per call). Meanwhile, Dialerschutz offers a couple of downloads to protect you from rogue callers. ®
Jan Libbenga, 02 Dec 2003

The Wells Fargo example

OpinionOpinion Companies should protect consumer data better than Wells Fargo did, but in cleaning up its laptop data spill the bank blazed a trail worth following, says SecurityFocus columnist Mark Rasch. In July of this year, a new law took effect in California, SB 1386, that requires all companies that do business in the state to "promptly" notify any individuals whose personally identifiable information was potentially compromised by a cyber attack. Last week, we saw the impact of that law when Wells Fargo notified thousands of its customers that their information may have been compromised after a laptop computer containing account data was stolen from a contractor. Wells Fargo also announced that it would pay $100,000 for the return of the laptop. The case illustrates how the California law is both overbroad on the one hand, and far too limited on the other. While Wells Fargo failed to insist that their contractor adequately secure the laptop in question, and also failed to have the contractor encrypt all sensitive information stored on portable media (including laptops), Wells Fargo deserves kudos for responding appropriately and doing the right thing when the theft occurred. It now appears that a 38-year-old Home Depot employee from Concord, California stole the laptop computer specifically for the purpose of using the data in it to perpetrate identity fraud. So Wells Fargo's actions in notifying potential victims, and offering to pay to monitor and, if necessary, fix, their credit, should be applauded. All the more so because it went far beyond what the California law required. Many people assume that when customer account information is compromised, SB 1386 requires that the customer be notified. However, the law requires disclosure of breaches only when a particular type of account information is disclosed. The language of the statute specifically reads: For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. Unless the information compromised is both the person's name and account access information, SB 1386 does not explicitly require that the potential victim be notified. Limited Law This makes sense when you consider the context in which the law was passed. The primary impetus for the legislation was an electronic break-in at the Stephen P. Teale Data Center that, according the bill's analysis, "saw the personal financial information of hundreds of thousands of state workers fall into the hands of computer hackers," providing "a dramatic demonstration of an all too common event -- a breach in data base security which exposes victims to the further harm of identity theft." Thus, it is clear that the purpose of the legislation was not to alert persons that their privacy may have been violated, but to alert them to particular types of privacy violations -- those that could expose them to the harm of identity theft. The notification is supposed to be timely so the consumer can take prophylactic action. This is one of the problems with the law, because in actuality, simply being notified of a compromise is usually not enough to prevent an identity theft. In this regard, SB 1386 does not really help consumers. Where a compromised system or laptop contains either a person's name and address or their account information, but not in combination, a company could take the position that no disclosure is required. However, that can be a dangerous position to take where there has been an actual compromise of personal data. The company suffering the compromise should do the right thing, regardless of the limited scope of the California law. Wells Fargo's handling of its laptop theft provides an exemplary model. If your company detects a potential compromise of personal information, you should first investigate -- determine as best you can the extent of the loss and the type of data at risk. If information has actually been compromised, notify all of your customers, not just the California ones. Then, do what Wells Fargo did, and offer to pay to protect your customers' personal data -- with fraud reports and credit watch lists. There is a certain amount of self-interest involved in doing the right thing here. First, you let your customers know that you take their privacy seriously -- and this helps with customer retention. In addition, doing the right thing may stave off legislation that would mandate that affected companies not only notify consumers, but pay for credit reports. For example, the proposed Identity Theft Consumer Notification Act, H.R. 818, introduced by Congressman Kleczka, would amend the Gramm Leach Bliley act to require financial institutions "reimburse the consumer for any losses the consumer incurred as a result of the compromise of the security or confidentiality of such information, and any misuse of such information, including any fees for obtaining, investigating, and correcting a consumer report of such consumer at any consumer reporting agency." Similarly, the Identity Theft Notification and Credit Restoration Act, H.R. 3233, would require credit reporting agencies to put fraud alerts in a consumer's credit report if personal information had potentially been compromised. The Identity Theft Prevention Act, S.223, introduced by Senator Feinstein, would also require the use of such fraud alerts, but wouldn't go as far as H.R. 818. Companies like Wells Fargo should remember that they are mere fiduciaries of other people's money, information and privacy, and do the right thing to protect it in the first place. And they should notify consumers promptly if the information is compromised, and help their customers fix any problems that result from the potential breach. It may not be the law, but it's a good idea. Copyright © 2003, Mark D. Rasch, J.D., is a former head of the Justice Department’s computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc.
Mark Rasch, 02 Dec 2003

Sony ships blu-ray 23GB storage system

Sony has begun shipping its blue laser Professional Disc for Data (PDD) optical drives and media. The system, which offers up to 23GB of storage capacity, is being initially aimed at system integrators and OEMs, but Sony expects to offer product under its own name during Q1 2004. Sony didn't disclose pricing, but the drives and media costs are expected to be significant. Sony is pitching PDD against today's DAT, CD and DVD back-up and archiving systems. The electronics giant touts the format's capacity and data transfer speed of 11MBps - more if data compression is turned on. PDD's native storage capacity is more than double commonplace MO storage products. The 12cm PDD discs are fitted inside airtight protective cartridges. Rewriteable and write-once versions are on offer. The 5.25in drive, dubbed the BW-F101, connects to the host system across a Ultrawide 160 SCSI interface. Sony re-iterated its plan to ship a second-generation drive by 2005 that offers a 50GB capacity and 22MBps data transfer rate. Third-generation products will double those figures. ® Related Stories Sony to ship blue laser storage rig next month Toshiba to demo low-cost blue-laser optical disc Toshiba blue laser tech chosen for HD DVD spec.
Tony Smith, 02 Dec 2003

Siebel preps architecture shift

Siebel is preparing to shift its architecture to its new Universal Application Network platform. The concepts and methodology behind the development of the UAN align with wider architectural changes in software architecture, and are leading Siebel's efforts to adapt. UAN is even impacting on how the core Siebel application engine is built, bringing more structure to the way it is developed. The concepts and methodology behind the development of the UAN align with wider architectural changes in software architecture, and are leading Siebel's efforts to adapt. UAN is even impacting on how the core Siebel application engine is built, bringing more structure to the way it is developed. Siebel is making gradual progress in the massive shift towards to process orientation, but the implications of the shift go beyond the application and UAN platforms. When the CRM vendor has made the shift from old architecture to the new and can offer an application in the form of a collection of business services, that is the point when it will be able to move away from its own application server. The company has been trialling UAN for the best part of a year now, and has confirmed that the version 8 of its core application suite will be based on non-Siebel application servers and offer native support for both J2EE and .NET environments. With the UAN, Siebel is trying to apply many of the benefits of a packaged product to the issue of integration, using its own expertise in front-office processes combined with the skills of integration partners and customers to cover as wide a base a possible. One of the concerns has always been whether Siebel has the capacity to manage an operation of this size and complexity; the risk if it fails is that it will have produced another limited use integration platform that merely adds to the complexity of customers' infrastructures. Although Siebel is still working with partners and customers to build out first level processes, one of the next areas of development is to add depth through the development of extensions to some of those existing processes. To date the extensions have been around the area of error-handling in the context of transaction roll-out and rollback over multiple steps. Going forward, there are plans to provide customers with options such as a choice between a simple or complex order processes. As the UAN is the technology that binds the richer and more on-premise Siebel application suite with the more simplistic on-demand Siebel offering, this split process approach will play an important factor in delivering on the promise of seamless integration and migration between the two deployment models, and underlines the significance of the UAN to Siebel as a whole. Source: Computerwire/Datamonitor Get the latest Datamonitor reports in The Reg Research Store
Datamonitor, 02 Dec 2003

Sage profits, customers jump

Sage pre-tax profits climbed 12 per cent (at constant exchange rates) to £151m on sales up 4 per cent to £560.3m for the year to 30 September 2003. The accountancy and business management software vendor squeezed out some extra margin points too, increasing operating margin by 1.6 per cent to 27.8 per cent. The declining dollar affected group profits, which were only partly offset by the appreciating euro. Taking this into account, adjusted (i.e real) turnover grew 2 per cent and operating profit increased 9 per cent. At the end of the year Sage had net debt of £110.6m (2002: £132.8m), with net interest covered comfortably 32 times by operating profit. Continuing its acquisition-hungry policy, Sage bought three companies in the period, with two acquisitions completed after year end. Its new subs are Timberline, Grupo SP and Softline. The companies cost £177.4m in toto and their purchase were funded by a mixture of debt and cash from within Sage. These acquisitions take Sage into three new countries: South Africa, Australia and Spain. Sage reports strong profit growth in the UK and the US, but mainland Europe was “the most challenging of all our markets, and were exacerbated by falling demand in the aftermath of the transition to the euro.” Acquisitions helped Sage hold steady on sales and profits, compared with rivals who saw sales fall, the company said. Sage’s commercial heartland is the small and medium business sector with the emphasis on small – 90 per cent of its 3.6 million customers employ under 100 people. It says that customers everywhere are cautious with their budgets and it notes no uptick in software spending. So the company has concentrated efforts on selling upgrades – it notes that 373,000 existing customers purchased upgrades during the year. As a result, upgrade revenues grew 10 per cent and represented 37 per cent of software revenues. Also small companies mostly don't have inhouse IT, and look to the likes of Sage to provide maintenance and support. Upshot, Sage grew support revenues eight per cent over the year. Sage grew its customer base by 233,000 over the financial year and by another 400,000 customers obtained through acquisitions completed after year-end. The company says it is not relying solely on acquisitions to gain new customers. It recruited 182,000 new customers during the year, excluding acquisitions, and attributes this to “ontinued investment in our products, brands and marketing programmes”. ®
Drew Cullen, 02 Dec 2003

Useless Longhorn build on sale for $1.58 – trade slow in pirate coves?

Over a month after its release at Microsoft's Professional Developers Conference, Longhorn build 4051 has made it into the pirate coves of Malaysia, priced - Reuters tells us - at an eye-watering $1.58. For this you get, well, not a lot actually, but if you happened to be passing the Holiday Plaza centre in Johor Bahru, $1.58 probably beats identifying a warez FTP source and downloading it for free. This build of Longhorn, which was specially put together for the PDC audience in October, has been widely available in unorthodox channels since it leaked immediately prior to PDC. But it was a demo rather than part of the Longhorn development process, didn't include the new UI, and beyond giving you something odd to look at for a day or two isn't likely to fulfill any useful function for you whatsoever. Actually, if you are passing the Holiday Plaza centre we recommend you spend the money on satay or similar instead; then you won't have to waste time reformatting your hard disk afterwards. Nor is it likely that any build leaks of interest to a wider than trainspotter audience will emerge from Longhorn development for some considerable time. With two years or more still to go before the finished product hits the streets, it could easily be a year before anything you could start to class as a serious beta will even exist. ®
John Lettice, 02 Dec 2003

OFT cracks down on dodgy domain sellers

The Office of Fair Trading (OFT) is to continue to crack down on dodgy domain sellers who pressure companies into registering domains. The pledge comes as a Swansea-based company has given written assurances that it will not make misleading claims when flogging domains. The assurance from Internet Registrations Bureau Limited (IRBL), trading as Euro Web Designs, followed an investigation by the OFT. IRBL contacted businesses alerting them that someone was about to register their company's domain name. IRBL then gave the punter the chance to register the domain there and then. Following a number of complaints, the OFT asked for proof that these third party buyers were about to register these domains. IRBL was unable to supply this evidence. As a result, IRBL directors Paul Dilling and Susan Ford have agreed to refrain from using these misleading sales tactics again. Said OFT boss John Vickers: "We will continue to crack down on advertisers who make misleading claims about their services. "Businesses should be wary of domain name registration companies cold calling and putting pressure on them to purchase names in haste." ®
Tim Richardson, 02 Dec 2003

DVD Jon retrial begins today

The retrial of DVD Jon Johansen is set to begin in Oslo today. The hearing is taking place, despite the January acquittal of the Norwegian 20 year-old by a lower court on charges relating to his involvement in creating and distributing a utility for playing back DVDs on his own computer. An Oslo district court decided that Johansen was entitled to copy legally-purchased DVDs using the DeCSS descrambling program, in order to play back movies on his Linux PC. On this basis, Johansen, was cleared of piracy and distribution of the DeCSS DVD code-breaking program. Norway's special division for white-collar crimes, Økokrim, acting at the behest of Hollywood studios, appealed against this verdict. Økokrim is appealing against the "application of the law and the presentation of evidence" during the original trial. An appeal hearing has been expected since the end of the original trial. Johansen's legal team is confident of once again winning the case. The retrial is scheduled to last eight days. "The facts in the case are still the same. Økokrim will present more witnesses than in the first trial and then we will do the same," Johansen's counsel Halvor Manshaus of Schjødt AS told Norwegian reporters. The case began five years ago when Johansen, then aged 15, and two others, from Germany and rom the Netherlands, helped develop DeCSS to bypass the Content Scrambling System on DVD films that prevented their playback on PCs running Linux. The MPAA concluded the tool could be used to facilitate piracy by defeating "security" safeguards on DVDs. It filed a complaint against Johansen with Norway's Economic Crime Unit. A raid on Johansen's home three year ago, led to charges by the Norwegian Economic Crime Unit for obscure offences against Norwegian Criminal Code 145(2) which carry a sentence of up to two years in jail. Last week, Johansen was back in the news when he posted source code to a program designed to help users unlock music downloaded using Apple's iTunes service. ® Related Stories DVD Jon unlocks iTunes' locked music Lock up the copyright cartel - not Johansen DVD Jon gets retrial date Prosecutors to appeal DVD Jon innocent verdict DVD Jon is free - official DeCSS show trial opens in Oslo DVD hacker Johansen indicted in Norway 'DeCSS' DVD descrambler ruled legal
John Leyden, 02 Dec 2003

Orange says sorry for charging for phone spam

Orange has admitted that it made an £84,000 cock-up after billing punters for receiving marketing picture messages from the mobilephoneco. In total, Orange sent around 210,000 picture messages (one batch notifying the end of British summertime and the other around Halloween) to its punters, but charged them by mistake. Yesterday, it coughed up the mistake. In a statement, the company said: "We're sorry that we accidentally charged some customers for receiving marketing photo messages from Orange. We've fixed the problem, and are making sure that it never happens again." Anyone who received the photos will receive a full refund, said Orange. Last month some 18,000 people were charged twice for their BT Internet services following a billing error at the dominant fixed-line telco. ® Related Story 18,000 Net users caught in BT billing error
Tim Richardson, 02 Dec 2003

There's a noose in the hoose – iTunes shoppers discover DRM

If Jon Johansen - who goes on trial again later today in Norway - had the intention of raising public awareness of Locked Music when he posted his DRM crack for iTunes, he's certainly achieved it now, we reckon. Johansen posted his code on Friday a week ago, but the discussions were rumbling on well into Thanksgiving: the remarkable thing being how people who had happily bought iTunes music without realizing that they were guinea pigs for a much larger social engineering experiment were now cottoning on. What seemed like a friction-free source of happiness one day, looked like a noose the next. How so? Well, by observing the time honored BBC tradition - that there are only two, and never more than two sides to an argument - Apple's alliance with the RIAA has been welcomed in the public prints as an honest compromise. On one side, there are P2P file swappers, on the other, are the pigopolists who want to lock down your music forever. It's an appealing, but absurd reduction, however; one that's flawed by the amount of ideology that's already baked-in to the argument. As Register readers pointed out, the issue is one of who owns, or has rights to use our common culture. That means stuff we created ourselves, and only we can decide is worth sharing. And as many of you pointed out, what we call the "entertainment industry" today is merely a distributor, much like the Victorian canal owners were in the last century, in Britain. The smarter Bridgewaters bought into the upcoming railways, while the dumber canal owners didn't, and died a natural death. Today's pigopolists don't "own" the culture simply by claiming that their exclusivity is based on technology - that's a social contract we don't buy, and history, in most cases, is on our side. So for Apple to pop up and grant the dying RIAA members a $99c toll on each song - when the distribution costs are zero, and when the RIAA is so manifestly corrupt - is a pill many find hard to swallow. Many times before, we've compared the social shift that DRM implies to putting your head in a noose, and waiting for someone else to tighten the rope. Until this year, the computer industry had refused to succumb to these terms. Now, in response to sugar-coated schemes such as iTMS, and its many copyists, Johansen put the opposing arguments pretty eloquently on his weblog, last week - "By buying into DRM they have given the seller complete control over the product after it's been sold," he wrote. "The RIAA can at any time change the DRM rules, and considering their history it's likely that they will when the majority of consumers have embraced DRM and non-DRM products have been phased out. Some DVDs today include commercials which can't be skipped using 'sanctioned' players. If the RIAA forces Apple to include commercials, what excuses will the Mac zealots come up with? 'It's a good compromise'?" Buyer, seller. Owner, controller. Which bit don't you understand? By Thanksgiving, many erstwhile iTunes shoppers were waking up to the cold realities. So let the iTunes shoppers speak. 'hmari99' put it nicely. "WOW. I didn't read the whole thread (but most of it) and this one opinion makes the most sense. It's about fair use. It's about using what you bought in any way you want (within the bounds of the law, which is much broader than what iTunes lets you do) Applied to a physical media (aka a stipid CD) the idea of the DRM is this: You can play the CD on three designated CD players that support the DRM. Like, it will play ONLY on xyz brand cd player and only three of those that you pick. Yes, you have to stick to that brand of cd player (the iTunes player, the supported OS of iTunes, no unix support in sight) and too bad if you have a fourth one in the bedroom. It's not gonna play in your second car's player either. Nor in the kitchen. Nor on your neighbor's player. Nor can you trade it on the used market when you're tired of listening to it. Yes consumers would be outraged. QTFairuse is definitely a good thing for fair use and might be a bad one for piracy (not too sure it'll make a difference though) Good argument about no manufacturing costs, no distribution cost, no cut for the middle man, no best buy, no tower records no Borders to pay a cut. They finally found a way to sell you some wind. Even better, they will restrict the direction and force in wich the wind will blow, how often and where it will happen. And people are buying it!" That's a lot of wind. And in answer to the small tribe of Apple Taliban who argued that the analog hole was already open, "StoneRoses" argued thus - "A lot of people still don't know the diffence between DRM strip-off (QTFair use) and reencoding (burn CD -> Aiff -> AAC). For 128kbps range, the degradation when you decode - reencode is significant." Nary a day goes by, here at The Register without a classical music buff arguing that iTMS is not a viable option: the richness and vibrancy of the art, the atmosphere of that unique performance, cannot be conveyed in a hissy 160kbps locked file. We must reluctantly conclude that you guys are on to something. User "fzappa" is but one who has woken up to the limitations of the RIAA-Apple pact, and explains the economics of the deal succinctly - "I'm glad to see the system is being challenged, not being a user of ITunes I didn't realize there were copying limitations on the files. For the life of me I can't figure out why on earth ANYONE would be willing to spend $1.00 per song and get nothing more than a file. This seems to me that the consumer is being screwed royally by the RIAA. It works like this: I end up paying $15-20 dollars for a CD and get no physical product. The record company gets to sell it for the same price but pays nothing for manufacturing and distribution. No middle men to speak of, the public gets hosed. But that's what they've been doing for years anyway. Just curious, does the artists cut increase with online distribution? Support the artists but boycott the RIAA and overpriced online music." But thanks to the connivance of get-rich-quick computer companies, who have this year tried to market DRM, the dying industries have an opportunity: not only to control the distribution of popular culture, but of course its price, too. And remember, most of that $99c goes back to the pigopolists. Even seasoned music industry executives are championing models that allow music to be shared, and that give the artists their fair due. The Apple-RIAA pact closes such arguments, both parties argue, all in the sake of 'convenience'. But at what cost does this convenience come? For a Steve Jobs, relaxing in his Austin Powers Peninsular pad, downloading Fleetwood Mac from one expensive gadget to another expensive gadget must seem the very embodiment of friction-free futurism. Bully for him. But for readers such as Gene Mosher, enjoyment of our culture represents a very inconvenience. Let's hear it in full, once again - My great grandfather was born in 1870. He learned to build crystal radio sets to listen to the earliest radio broadcasts in the 1920's. He would invite the whole town of about 500 over to listen to them. My grandfather was born in 1899. He purchased one of the earliest tape recorders to make copies of radio broadcasts for his friends in the late 1950s. My dad was born in 1924. He had a collection of 78's that he passed around for many years until he died last year. And now I am using the Internet to assemble an MP3 collection of all the tunes on all those LPs, cassette tapes and CD's that I've been buying since 1959. I'll be damned in hell before I accept the notion that I and my ancestors who love to listen to the audio arts are in any sense guilty of anything that is illegal, wrong, evil, immoral or improper. iTunes shoppers have discovered the DRM noose - and it doesn't quite seem to fit. ® Related Stories RIAA attacking our culture, the American Mind DVD Jon unlocks iTunes' locked music Lock Up DVD Jon - or we all lose our jobs Lock up the copyright cartel - not Johansen
Andrew Orlowski, 02 Dec 2003

Delayed GNER Wi-Fi train trial steams out

UK train company GNER yesterday began a free, 19-day Wi-Fi trial on board rail services out of London's Kings Cross to Scotland and the North of England. Access may be free of charge, but the trial is limited to a mere 42 trips in total, operating Monday to Friday through this week and the following two. Access is also restricted to holders of First Class rail tickets. Only a single carriage on each train contains an access point, so participants should reserve a seat in that coach, GNER suggests. GNER's system connects the access point to a satellite-based broadband link. A series of four to six mobile phone links are maintained throughout the journey as back-up and to ensure continuity of service when the train passes through tunnels under station roofs. The system was designed by Swedish wireless specialist Icomera. Earlier this year, it introduced Wi-Fi on Linx trains running between Gottenburg and Copenhagen, and Oslo-Karlstad-Stockholm. The GNER trial was originally due to have taken place last September. Depending on the level of demand for the trial, which is aimed at business customers, GNER plan to expand the service to include up to 40 trains. The service is being branded as 'GNER Mobile Office'. The last trial runs take place on 19 December. The final train is scheduled to pull out of Kings Cross at 23:30, heading for Aberdeen. ® Related Story GNER to spend £1m on Wi-Fi trains Related Products Buy your Wi-Fi kit from the The Reg wireless store
Tony Smith, 02 Dec 2003

ATI begins sampling HDTV chip

ATI has launched its latest picture processing chip aimed at the US HDTV market. The Theater 313 is being pitched at makers of set-top boxes, digital TVs and PC TV add-in cards, and can handle both cable-transmitted and terrestrial-broadcast digital content that meets the Digital Cable Ready and Advanced Television Systems Committee (ATSC) specifications. It can also cope with analog NTSC signals. ATI was particularly keen to stress the chip's signal enhancement technologies, which improve playback in high-interference environments. For the more technical and for jargon buffs, the 313 "incorporates a universal QPSK (Quadrature Phase Shift Keying) forward data channel (FDC) receiver and a BTSC/Dual FM demodulator and decoder", ATI said. The can "operate in either the ITU-J.83B/SCTE DVS-031 compliant 64 QAM (Quadrature Amplitude Modulation) or 256 QAM modes used by digital cable systems, the NTSC analog system, or the ATSC compliant 8VSB (vestigal sideband) mode used in digital terrestrial broadcasting. For digitally modulated input signals (QAM or 8VSB)." ATI is sampling the 313 now. ®
Tony Smith, 02 Dec 2003

PlayStation 3 ‘concept image’ hits web

A picture purporting to be concept art of Sony's next-generation console, the PlayStation 3, has been circulated on the Internet, showing a sleek silver console with a slot-loading DVD drive. So, is this an early glimpse of the future of console entertainment? We have our doubts, since although we've been unable to confirm where the image originated, it doesn't appear to have been officially released by Sony - unlike last month's PSP concept images, which appeared in a presentation given by SCE boss Ken Kutaragi. Indeed, a highly placed source within Sony told us that he'd never seen the concept design shown in the image before. Although he did concede that it "could be something Japan cooked up and hasn't shown us", he was adamant that he thought it highly unlikely that the image originated from within Sony. So what we're left with, perhaps unsurprisingly, is a very clever and well-implemented mock-up of the forthcoming console, which probably bears no resemblance to the final product. It does look nice though, doesn't it? Copyright © GamesIndustry.biz
gamesindustry.biz, 02 Dec 2003

Mimail variant attacks anti-spam sites. Again

A new variant of the infamous Mimail worm attempts to knock anti-spam websites off the Net. Mimail-L typically spreads as an attachment (wendy.zip) to a pornographic email claiming to come from a woman called Wendy. Windows users who run an infectious file (for_greg_with_love.jpg.exe) within the compressed attachment get a compromised PC and not the compromising pictures promised by the email. Mimail-L is spreading but to a lesser extent than previous Mimail variants, which have dominated lists of top Net nuisances in recent weeks. If Mimail-L is activated, the worm forwards copies of itself on to other email users, and reprograms computers to launch a denial of service (DOS) attack against websites run by spam fighting organisations. Sometimes, but not always, the virus spoofs the email address it appears to come from to 'wendy@' a recipient's domain. Anti-spam websites on the virus's list for a denial of service attack include those operated by SpamCop, SPEWS and The Spamhaus Project. Other websites targeted include Disney's Go website. The actions of Mimail-L are much like those of a previous variant of Mimail which also attempts to DDoS anti-spam sites. If, for any reason, Mimail-L fails to propagate correctly it sends an alternative email (without a viral attachment) claiming that the recipient's credit card details have been debited, and that a selection of child porn CDs will be delivered via the post. Users are given the email address of a reputable anti-spam organisation if they wish to 'cancel' this bogus order. "This worm wages war on the anti-spam community, disrupting their attempts to keep the net spam-free, said Graham Cluley, senior technology consultant for Sophos. "The writer of this worm seems to have a grudge against anti-spam Web sites and the suspicion has to be that this person is a spammer or is working in collusion with spammers." "We can't be certain, but all the variants of Mimail seem to come from the same individual or group of virus writers." Standard defence precautions apply against viral attacks from all variants of the worm: users should update their AV signature definition files to detect the virus and resist the temptation to open suspicious looking emails. ® External Links Write up of the Mimail-L worm by Sophos Related Stories Dangerous Mimail variant knocks over anti-spam sites Sneaky virus poses as email from sysadmin (Mimail-A) New worm scams PayPal punters Swen fends off Mimail to top viral charts
John Leyden, 02 Dec 2003

Ebay takes action over child porn complaints

Ebay has taken action following allegations that its online auction house was being used to trade in child pornography. One of its users - who has now been suspended from the service - bought and sold hundreds of items, many of which included pictures of naked children and babies. Although many of the items were old or "antique" photos, the sheer quantity and recurring nature of the "suspicious" images caused alarm among those who stumbled across the images and reported it to eBay. The incident was also reported to the Internet Watch Foundation (IWF) but officials there concluded that while some people might find the content distasteful, it was not illegal. "When IWF hotline staff reviewed the material, they found the images were antique postcards and did not contain any child pornography content deemed illegal by UK law," said an IWF spokeswoman. Even so, the IWF - which has a hotline for people to report illegal content, especially child pornography - did report the matter to eBay. A spokesman for eBay told The Register: "Child pornography is not allowed on eBay as stated within the user agreement, which all users are required to agree to before becoming members. "Ebay has found suspicious items on its US site, which violated both UK and US policies. Immediate action was taken and the listing has been taken down and the seller suspended. "Ebay was made aware of these listings through comments from concerned community members who informed us of these suspicious items." However, those who reported the offensive material originally are angry at the way eBay has handled the matter. They claim they were gagged from discussing the issue after eBay pulled two threads on its bulletin boards. Others were shocked that eBay could have allowed such a thing to go unnoticed for so long. ®
Tim Richardson, 02 Dec 2003