4th > December > 2003 Archive

Council accused of gagging Web site

A Merseyside man claims his Web site has been gagged over allegations that it defamed local councillors. Mick Dempsey runs Kirkby Times, a fiercely independent news site which provides "local news, not spin-doctored rubbish". It receives contributions from local people and takes particular relish in keeping tabs on the activities of the local council. Last week, though, site host Telewest pulled the Kirkby Times site after receiving a letter from Knowsley Council. Mr Dempsey managed to get the site hosted elsewhere and is continuing to publish, but is furious at the way he's been treated. "At no time did Knowsley Council or any of their officers or councillors ever contact me direct to complain about any content," he said. "Knowsley Council pay lip service to democracy, but when confronted with real democracy, in the form of free speech, they seek to gag it." In a statement Knowsley Council defended its actions. "Knowsley Council has not closed down Kirkby Times website. The authority had raised the issue of defamatory remarks about officers and councillors on this site with the Internet provider and asked that they deal with it in an appropriate manner. "The request was that any necessary action was taken for the removal of these remarks; the subsequent action taken by the Internet provider was their decision," it said. A spokesman for Telewest confirmed that it had been contacted by Knowsley Council concerning the site. "We took legal advice and decided to remove the site," he said. ®
Tim Richardson, 04 Dec 2003

Cisco Wi-Fi kit in minor security flap

Cisco yesterday warned of a security vulnerability in the software running on its popular line of Aironet wireless LAN access points. Under certain conditions, Aironet Access Points running Cisco IOS software will send static Wired Equivalent Privacy (WEP) keys to in clear text to Simple Network Management Protocol (SNMP) server every time a key is changed or AP rebooted. Not good - but the relevant enable traps wlan-wep command is disabled by default on Cisco's hardware, so the flaw is not particularly high risk. Network admins are advised to disable the command as a workaround. Any dynamically set WEP key will not be disclosed by the vulnerability. The vulnerability was discovered by security researcher Bill Van Devender. Cisco is not aware of any malicious exploitation of the software flaw. Cisco Aironet Access Point 1100, 1200 and 1400 series running Cisco IOS software are potentially affected. The Cisco AP 350 running Cisco IOS software is not affected, nor are Aironet Access Points running VxWorks based Operating System software. The networking giant is offering free software upgrades designed to remedy this vulnerability for all affected customers. More info in Cisco's advisory here. ® Related Stories Snag in next-gen Wi-Fi security unearthed New WPA wireless security on its way WLAN security is still work in progress Tool dumbs down wireless hacking (AirSnort - WEP cracking tool) Cisco looks for WLAN boost Related Products Great prices on Wi-Fi kit in the The Reg wireless store
John Leyden, 04 Dec 2003

Spam epidemic gets worse

Spam - otherwise known as unsolicited commercial email - accounted for 56 per cent of all emails sent in November. The biggest volumes of nuisance email blocked by anti-spam specialist Brightmail during the month were product promos (22 per cent of all spam messages), financial offers (17 per cent), adult (16 per cent) and scams (13 per cent). Two years ago, spam accounted for just 7 per cent of email, Brightmail says. The UK Government's new anti-spam laws come into force on December 11. Few expect this legislation to make much difference, as the overwhelming majority of spam originates from outside the jurisdiction. ® Related Stories US anti-spam bill edges towards law UK Govt fouls up anti-spam plans, say experts Microsoft aims to 'shift the tide' in war on spam The economics of spam
John Leyden, 04 Dec 2003

Sketching in space

Europe in briefEurope in brief At the EuroMold trade show in Frankfurt this week the 12 German Fraunhofer Institutes showed new developments in the area of Rapid Prototyping, which allow physical objects to be built up layer by layer directly from 3D CAD model data. One highlight is a wireless stylus that enables the free-hand sketching of objects inside a virtual space. When children want to move a cursor towards the top of their computer screen, they typically lift up the computer mouse, notes designer Olaf Barski. So why not develop a cyber-stylus emulates this natural three-dimensional urge? The 3D cyber-stylus is an odd-looking beast. It has buttons like a computer mouse. The small balls are coated with a material that readily reflects infrared. Two or more infrared cameras determine the 3D coordinates of the stylus’s position by detecting at least three balls in their field of vision. You can see a picture here. Czech Republic: Czech Telecom broadband ASDL plans 'unfair' As of 5 January, Czech Telecom will offer cheaper monthly lump-sum plans for its existing broadband Internet ADSL access plans, Prague Business Journal reports. But its main competitor, Czech On Line, isn't too happy. It says the new ADSL offers are unfair. Czech Telecom made its retail broadband offer just a few hours after officially announcing its wholesale ADSL price to alternative providers. Czech On Line says this behaviour is highly discriminatory and accuses Czech Telecom of abusing its market position. Switzerland: credit card fraud on the rise Swiss authorities are worried about the rise of a new type of credit card fraud, according to the Neue Zurcher Zeitung. A card-copying method called skimming leaves credit card holders with little chance of protecting themselves. By swiping a credit card through a special reader, the data from the card’s magnetic strip is copied on to a new card. Victims do not realise that the card has been stolen, so they don’t cancel the card. Since 2001 the number of skimming cases has risen noticeably. In recent weeks, cantonal authorities in Basel have arrested a number of people in what they describe as the largest Swiss skimming case to date. In other cases, waiters have been caught carrying card readers in their trousers. To deal with the problem, Swiss financial institutions have begun replacing magnetic strips with a new chip. Finland: broadband expensive Broadband connections cost more in Finland than in most other European Union countries, a survey published by the Finnish ministry of transport and communications shows. ADSL connections carry the cheapest price tag in Belgium and the UK. In Finland, the most inexpensive cable modem connection costs € 32 a month, and the most inexpensive 256 kbit/s connection € 38. About 17 per cent of Finland's households have a broadband connection. That's 28 per cent of all Internet connections in that country. ADSL in particular is in demand with students and families with children. ®
Jan Libbenga, 04 Dec 2003

Wi-Fi/Flash combo drives proliferate

Gigabyte's recently announced USB Flash drive/Wi-Fi adaptor combo isn't unique, as we first thought. A number of Register readers tell us there are at least half a dozen more versions of this kind of device coming to market by way of Taiwanese manufacturers. Many of them are shipping already, though UK and US availability remains unclear. Take the Okeynet ST-614A. In addition to 802.11b, the device offers 128MB of Flash memory. It connects using USB 1.1. The 80g device features a pocket clip which doubles up as an antenna. The Wi-Fi component only works with Windows 98SE, ME, 2000 and XP systems, but Linux 2.4 and Mac OS 9/X users can at least make use of the Flash drive. Procomp's Flash Drive + 11b, AerieLink's AWUA1211 and KingByte's Wireless PenDrive are all essentially the same 30g product, offering 128MB of Flash storage and 802.11b wireless networking. The Procomp product is distinguished perhaps by its transparent casing. In all three models, the cap that protects the USB 1.1 connector slides back over the body of the drive. The sliding cap also features a pocket clip. The AerieLink AWUA1211 (top) and KingByte Wireless PenDrive Apacer's Wireless Steno MB112 is an 802.11b device to, but comes in 64MB, 128MB and 256MB versions. The Apacer Steno MB112 Finally, the Pretec iDisk WLAN offers the same 128MB and 802.11b features as all the above drives - in fact, it's the same unit as the Apacer product, but coloured white rather than black. Not all the devices are available yet - all but the iDisk and Procomp product are shipping, generally for around TWD2000 ($58), reader Joseph Quinn tells us. ® Related Story Gigabyte combines Wi-FI, USB Flash drive Related Products Buy your WiFi kit from the The Reg wireless store
Tony Smith, 04 Dec 2003

BT and Siemens dance the light fantastic

Siemens and BT today claimed a breakthrough in ultra-high switching of data over optical fibre networks. A field trial, conducted in the UK by BT Exact, BT's research arm, has successfully demonstrated the transmission and switching of data at a rate of 160Gbps per wavelength over installed fibre. This is 16 times faster than the speeds achieved by todays networks, BT says. The new TD-OADM (Time Domain Add Drop Multiplexer) technology achieves this impressive rate by allowing direct switching of ultra-narrow optical pulses. The field trial, carried out over a 280km link of looped between Ipswich and Newmarket, proves the system is effective in real-life operating conditions. The system has also been tested successfully in the labs of Siemens and the Technical University of Eindhoven. Siemens researchers spent two years working on the EU-sponsored FASHION (UltraFast Switching in High-Speed OTDM Networks) project alongside BT Exact and TU Eindhoven's COBRA Institute in the Netherlands in developing the technology. TD-OADM technology is intended to form a key part in future carrier backbone networks. The technology has the potential to support the heavy increase of UK broadband usage in the next two years and could lend itself to the realisation of services such as video-on-demand and other data-intensive applications, according to BT. ® Related Stories Data speed record crushed Bell Labs sets distance record for optical transmissions
John Leyden, 04 Dec 2003

Sex and gambling drive mobile content sales

Gambling services and adult content delivered via mobile phones could generate combined revenues of $6.5 billion by 2006, according to two new studies. The projected growth in these new mobile content industries, however, will only take place if "the right operating conditions" are set by industry and regulators, said UK-based consultancy Juniper Research. "A common hurdle facing the gambling and adult content industries is how to verify age over mobile phones," said Juniper senior analyst Paul Skeldon, author of the reports. "There is a lot of talk about this at the moment and very little agreement on how to go about it....Mobile operators are attempting to sort the issues out amongst themselves. They don't want the governments to get involved and jeopardise the market potential," he told ElectricNews.Net. The entire global gambling market has been valued by analysts at about $1 trillion. Buoyed by successes with e-gambling, the industry is looking to the mobile device market as the next major horizon, according to the Mobile Gambling report. "Regulated lotteries and betting services will be the big winners. These are mass-market forms of gambling that are simple to do and people like them," said Skeldon. A second Juniper study found that adult content will generate around $790 million in revenues by 2006, with $420 million derived from video content, $253 million from images and $118 million from text-based services. Despite large amounts of adult-type content being exchanged by peers via text and camera phones, the researchers believe that content generating revenue will remain relatively low in this sector. Safety, security and child protection must be the number one priority, and "getting these issues right will lay the foundations for future growth," according to Juniper. The Mobile Adult Content Report recommends that trustworthy and reliable two-way payment systems must be in place alongside industry self-regulation safeguards against unsolicited content. The public's perception of operators' and service providers' brands will need to be managed very carefully, with a distancing between the content provider and operator, warned the researchers. © ENN
ElectricNews.net, 04 Dec 2003

Nvidia expands workstation graphics line

Nvidia yesterday filled out its range of workstation-oriented graphics boards with a new mid-range part, the Quadro FX 1100. Based on Nvidia's existing IBM-manufactured 130nm, 120 million transistor Quadro FX chip, the 1100 board sits between the existing FX 1000 and FX 2000 parts. Like those chips, it supports up to 128MB of memory accessed across a bus clocked to handling data at a rate of 10.4GBps - less than the 2000's 12.8GBps but more than the 1000's 9.6GBps. Nvidia quotes proe-02, ugs-03 and 3dsmax-02 figures of 37.9, 36.5 and 26.9, respectively. The new chip can churn out 75 million triangles per second. It offers three parallel vertex engines, and a pixel pipeline with 128-bit floating point precision. It can do 12-bit sub-pixel precision, and 16x full-screen anti-aliasing. The board features dual DVI connectors and resolutions up to 3840 x 2400. The Quadro FX 1100 board is available now and shipping in systems offered by HP and IBM. It is also available from Nvidia's distributors, plus VARs and system builders. ® Related Story ATI offers money back FireGL trade-in temptation
Tony Smith, 04 Dec 2003

The growing problem of identity theft

According to the 2003 Computer Crime Survey conducted by the Computer Security Institute in conjunction with the FBI, nearly 13 per cent of respondents were the victim of identity theft in the past year in the US, writes Fran Howarth OF Bloor Research. In total, losses from identity theft in the US in the past year are estimated to have amounted to around $50 billion. Identity theft is the appropriation of an individual's personal information - including such identifiers as social security numbers, driving license numbers, financial cards and account information. This information can be used to fraudulently obtain such things as loans, credit, employment, healthcare services, rentals and mortgages. Traditionally, the most common way for thieves to obtain such information is carelessness on the part of individuals, including not taking sufficient care to safeguard personal information, especially when disposing of it. One of the richest treasure troves for thieves looking for personal information are family and company rubbish bins - in the US, it is estimated that as much as 70 per cent of all identity theft includes theft of disposed of information from bins. However, as the use of the Internet has grown, so too have the incidences of online identity theft. But why should businesses care? For a start, theft of credit card and account information is one of the most common reasons for identity theft, but consumer liability is generally capped in the case of such fraud - leaving financial institutions to pick up the pieces. According to MasterCard, identity theft accounts for seven per cent of all fraud committed and is a growing problem. Further, fraud committed during card-not-present transactions accounts for 60 per cent of fraud - not all of which is caused by identity theft, although this is a particularly fast growing area. Until recently, identity theft has been less of a threat in Europe than in the US. One reason why it has been such a problem in the US is the traditional use of social security numbers as an identifier - a piece of information that, when linked to the name and address of the individual, makes it relatively easy for a thief to assume an individual's identity. However, the UK Home Office estimates that identity theft is growing at 165 per cent per year in the UK and is currently costing the country £1.3 billion annually. Furthermore, the areas in which identity theft is growing fastest are Eastern Europe and Southeast Asia - two of the new hotspots in the current spate of outsourcing. Companies need to be aware that identity theft is a pressing problem for them - especially since the vast majority of fraud is carried out by insiders. There have been numerous reports recently of employees involved in theft of information, such as customer credit card numbers. And companies are increasingly finding themselves being held responsible. Companies need to look long and hard at the internal and external processes to make sure that they have the business processes and infrastructure in place to prevent themselves falling victim. All data gathered on individuals must be held securely - and disposed of securely when no longer needed. Companies need to think about how data is distributed in their organisations and must train employees on privacy matters relating to customer data. Policies should be drawn up and enforced regarding which employees have access to what data in which circumstances and procedures need to be put in place to handle complaints arising from its misuse. To reduce the likelihood of the problem occurring, background checks should be made on all employees. Much legislation has been passed that affects this area and there will be more to come. But, as a rule of thumb, companies that comply with the principles of the 1998 EU Data Privacy Act will be in a good position to ensure that they are less likely to be targets of identity theft attacks. And individuals - take more care. Losing your wallet these days could be extremely expensive. © IT-Analysis.com
IT-Analysis, 04 Dec 2003

eBay ‘hacker’ challenges PC ban

Accused eBay hacker Jerome Heckenkamp is back in federal court in California this month, but it isn't for his ever-slipping trial date. His attorneys are mounting a constitutional challenge to court-ordered pre-trial restrictions that have kept him from computers and the Internet since his indictment nearly three years ago. Under the conditions of his release, Heckenkamp, 24, is only permitted to use a single "drone" computer at home to review the electronic evidence in his case, without a modem, and with all the connectors but the mouse, keyboard and power ports covered with police evidence tape. Last summer, a planned visit to his parent's home in Wisconsin was conditioned on his family removing all computers from their house, and allowing court Pre-Trial Services officials to inspect the home for wayward CPUs. Once de rigeur in cybercrime prosecutions, such computer bans have become increasingly contentious in the courts as PCs and the Internet become a daily part of American life. Federal appeals courts are split on the question of whether it's permissible to ban someone from the Internet during the supervised release that follows a federal prison sentence: in separate cases, the 2nd and 3rd U.S. Circuit Courts of Appeals have both ruled against the practice, finding that the bans are too broad to serve legitimate sentencing goals. But last month the 9th Circuit, which covers California, upheld an Internet ban against convicted online child porn trafficker Chance Rearden, finding that it "does not plainly involve a greater deprivation of liberty" than is reasonably necessary. But unlike the defendants in those cases, Heckenkamp hasn't been convicted of a crime. Under a federal law called the Bail Reform Act, pre-trial conditions must be the "least restrictive" necessary to assure that the defendant appears in court, and doesn't endanger the community. In a filing with the federal court in San Jose, Calif., Heckenkamp lawyer Benjamin Coleman argues that prohibiting the accused hacker from using the Internet goes too far, and violates Heckenkamp's right to free speech. "In this case, the overly broad computer restrictions not only violate the Bail Reform Act, but they also violate Mr. Heckenkamp's First Amendment rights," reads the filing. Heckenkamp's lawyer is asking that the computer ban be lifted, or that the Pre-Trial Services office monitoring his release be empowered to ease the restrictions at its discretion. The matter is set for a hearing on December 16th. A former Los Alamos National Labs network engineer, Heckenkamp is charged with hacking telecom equipment-maker Qualcomm while a gradate student in 1999, and penetrating computers belonging to Lycos, Exodus Communications, Juniper Networks and Cygnus Support Solutions. He also charged with defacing online auction site eBay under the hacker handle "MagicFX." He's steadfastly maintained his innocence, claiming that hackers used his computer to commit the crimes. Last year, Heckenkamp was jailed at a court appearance after angering a federal judge with a series of baffling legal arguments apparently inspired by failed tax-protester tactics -- including challenging his indictment on the grounds that it spelled his name in all capital letters. He later retained an attorney, and after seven months in stir was released on bail with his pre-trial release restrictions tightened further. His trial date, which has been delayed several times, is currently set for March, 2004. Copyright © 2003,
Kevin Poulsen, 04 Dec 2003

On the Google Deskbar

At the start of November, Google Labs came up with an interesting search feature - the Google Deskbar. We’ve been trying it out. The Deskbar is just that - it sits at the bottom of your Windows screen, a little box to type in whatever comes to mind and then use Google's search engine to throw up whatever information is out there on the Net. The good thing, and what separates it from the widely used Toolbar, is that it means you can search Google while in whatever app you are running. You don’t need a browser open, just an Internet connection. Either hit Ctrl-Alt-G or click in the box, type in the word(s), hit return, and a smaller version of Google pops up on the right-hand side of the screen displaying results. You can click on any of the links to go through to the actual page or click on a small box in the top left to open a full-screen browser of what you see. Click off the mini-browser and it slides back down to the taskbar. On top of this you can search within each of Google's functions by hitting "Ctrl-[X]" rather than return, where X is N for news; I for images; D for dictionary definition; G for groups; F for the Froogle shops search; and L for Lucky - i.e. take you immediately to the top search result. This is all very nice, but is it actually useful or just another bit of downloaded software that you never get around to using? Well, rather depressingly, Google seems to have hit the nail on the head again. We’ve been using it for a little over two weeks and it is rapidly becoming the main way information is accessed off the Net. The tough bit is training yourself out of opening your browser and searching Google the usual way. While pure habit means you can do this extremely fast, soon it becomes clear that it’s faster to use the Deskbar, especially if you want to look within the other sections like news or images. It's actually annoying when you realise you've wasted time going the old route. You also find yourself using sections you don't normally use. For example, the fact that you have to type "definition:" into Google to get a definition usually means you never use Google for this type of job. However, if all you need to do is hit Ctrl-D, there can’t actually be a faster way of finding out what exactly a word means. Never used Froogle before, preferring to go directly to Amazon for most things. But what with Xmas looming, it seems a little long-winded to go to Amazon and then do a search when one search yields plenty of possibilities, sometimes for a cheaper price (Amazon does appear to come strangely low down in the search results though). As you start using the Deskbar more and more, you find that your browser - usually permanently open on the desktop - is making less and less of an appearance. In fact, it is so painfully simple to search for stuff that you wonder why this didn't exist before. But Google Deskbar is in beta, so what are the bugs? Well, it's not a bug but the most annoying for most people appears to be that there is no support for Linux or Macs at the moment. Google is keeping tight-lipped about what its plans, if any, are for this. It takes up a slightly annoying amount of space in the taskbar, but then it can't really be any smaller and still be functional. And we’ve found we’ve actually reorganised the taskbar to give it more room (do you really need to see your firewall icon all the time? It’s easy to get to ICQ if you want etc. etc.). German umlauts appear to be a problem in some cases. If you click on a Flash movie within the mini-window it can continue running even if the browser closes. Some people have had install troubles although it looks as though it is the usual firewall/proxy server hassles that you have with anything connected to the Internet. For us, the 413KB file zapped down, opened and everything ran smoothly within a couple of minutes. So, basically, in summary, Google has done it again. It has come up with another new, interesting, simple and useful innovation and made its competitors look lazy and sloppy. The Deskbar has the added advantage (for Google) that you end up using Google’s search functions more than you even did previously. And you start using its latest features. So long as Google continues to offer the best search function on the Net for free, everyone’s a winner. How long do you reckon it'll be before computer manufacturers start including a Google button? ® Related links All about the Deskbar with download link Deskbar newsgroup
Kieren McCarthy, 04 Dec 2003

Round 3: RIAA sues more file swappers

The RIAA has filed suit against 41 people in a third wave of legal actions against file traders accused of swapping music illegally through peer-to-peer networks such as KaZaA. The lobby group, which represents the major music labels, has also warned another 90 people that it may sue them. The RIAA is targeting high-volume uploaders - people who make songs available for others to download. The 41 snared in this current round of suits have each uploaded around 1,000 songs, an RIAA spokesman told Reuters. The RIAA has sued almost 400 Americans since September. It has obtained the names of supposedly anonymous file traders through a successful legal strategy to force ISPs to hand over names. Some ISPs, notably Verizon and SBC, have fought the RIAA in the courts, but to date, the decisions have all gone the RIAA's way. The RIAA says it has made monetary settlements with 220 P2P file traders and that 1,000 people have taken advantage of a recent amnesty to foreswear unauthorised music copying. ®
Drew Cullen, 04 Dec 2003

ASA slaps Nodots scam

Denmark-based Net naming outfit Nodots has received a slap on the wrist from the UK's advertising watchdog for sending junk mail that resembles and invoice. The company tried to get companies to cough up £500 to register for its "Qname" service by sending out misleading-looking letters that looked like invoices. Only in the small print did it say: "Should you not want a Qname, please disregard the invoice." No Dots told the Advertising Standards Authority (ASA) that it tried to ensure that all the mailings - which were sent to thousands of companies in several European countries - met all the necessary rules and regs. However, the ASA said No Dots' defence was balderdash, deciding instead that the invoice section of the mailing "did not make clear enough that it was merely a marketing communication offering an Internet service". And it seems the ASA isn't the only outfit to be suspicious of these not-so-great Danes. In September, trading standards officers warned businesses to be wary of No Dots following a flurry of complaints. Elsewhere, the ASA also exposed another Internet business it reckons isn't playing fair. Cambridge-based EU Registry Services was caught spamming punters for its ".eu domain approved by the EU Commission". But when challenged on whether it was accredited to offer .eu domain names, EU Registry Services was unable to substantiate its claims. In fact, it failed to reply to the ASA at all. ® Related Story Trading Standards warn of 'unsolicited' Nodots invoice
Tim Richardson, 04 Dec 2003

BT strikes blow in cable blowing patent case

BT is blowing its own trumpet today after scoring a victory in a patent dispute. Last summer BT began legal action in the US against six companies concerning patents for blowing fibre optic cables down bores and conduits. BT's blown cable technology uses compressed air and other gasses to blow fibre optic cables down conduits, as opposed to pulling them through using ropes, for example. Yesterday, the UK's dominant fixed line telco announced it had settled its litigation against Broadwing Communications, Inc. after the US communications outfit agreed to cough up to licence the use of the blown cable technology. Other details concerning the settlement were not disclosed. However, BT will continue to pursue its remaining litigation in the District of Delaware against other telecommunications companies, namely Level 3, Qwest, SBC, Touch America, and Verizon. BT maintains that its fibre-blowing technology has been used to create "significant portions of the extensive fibre optic cable networks" in the US. The technology was also awarded the Queen's Award for Technological Achievement in 1994. Last year BT failed to get US ISPs to pay for using hyperlinks after a court ruled against its claim that it owned the patent for "hidden page" technology. ® Related Story BT blows out in new patent challenge BT loses hypertext claim
Tim Richardson, 04 Dec 2003

Roll up for the MS UK Win2k backdating updating system

Attention British businesses! Are you serious about security? Well, of course you are, so try this little excursion along the Microsoft road to corporate security. First, fish out one of those old Windows 2000 Professional distribution CDs you have, and do a fresh install. As you're a British business, remember to set your system locale to UK. Now, go and get a copy of Microsoft Baseline Security Analyzer. This, in case you weren't aware, is a handy free tool for checking for vulnerabilities on systems, and has the particular advantage (unlike Windows Update) of allowing you to download the patches and install them on multiple machines, rather than just the one. You can get it here. It's an approved Microsoft security tool, as opposed to a favoured one, so they'll kill it off some day, but it's handy for the moment. Install it, fire it up and scan. Scary, eh? Obviously, rather than grab that little lot all in one go, it makes sense for you to grab the latest Service Pack and see how many of the vulnerabilities are hosed by installing that. So now we'll use Baseline Security Analyzer to find the Service Pack. Click on the "How to correct this" link next to one of the vulnerabilities, then on the Software Update Services link at the bottom of the page it takes you to. Next, click on downloads in the left hand panel, then Service Packs. Nearly there? Er, not exactly. Click on the Windows 2000 link and you go through to "How to Obtain the Latest Windows 2000 Service Pack (UK Version)" - because you're in the UK, and Microsoft knows this, right? As you can see, it's all spiffily up to date here - you can get Windows 2000 Service Pack 3, and all the post-SP3 hotfixes as well. What's that we hear you say? Win2k SP4's been out for yonks? Well, not in Microsoft UK land, apparently. But don't worry, as you see, the link to SP3 takes you straight through to an MS UK site 404 page anyway. You may now, if you like, start searching microsoft.com for a version of SP4 that you can download and install by hand, but we really don't advise it, given that Microsoft's ultra-helpful systems will keep kicking you over to what they think are the latest updates for your UK system. And yes, well-spotted, you don't actually need to install Baseline Security Analyzer to have Microsoft's search systems screw over a system set to the UK, but we shoved it in anyway because it's a logical route for your average security-conscious business to take, if they don't want to use Windows Update. And the moral of this little exercise? Well, the minor moral is that you're clearly better off searching for things on microsoft.com with Google (win2k sp4 gets you this as first rank), but the major moral is as follows. Microsoft is, as we keep hearing, serious about security, and it's also very serious about automating its systems so that they magically, painlessly, helpfully keep your systems up to date. Microsoft, however, is demonstrably incapable (see above) of automating its own systems to the extent that the automation itself is up to date. Therefore, the more automated it all gets, the more likely things are to break, and the less likely it is that you'll be able to dig yourself out and fix it by hand. But the next generation of software update services will be better, right? Honest... ®
John Lettice, 04 Dec 2003

MS tightens IP grip on Cleartype and FAT- calls it liberalisation

Microsoft has "announced expanded access to extensive intellectual property portfolio", it trumpets proudly here, while over here one of Microsoft's many lawyers explains why protecting IP is the lifeblood of the industry. But, pray tell, what IP treasures is it that Microsoft is now generously licensing? Well there's ClearType, a Microsoft display technology that is not viewed as entirely defensible IP in at least some circles, then there's FAT. WHAT? Yes, that's right, FAT. Not FAT32, not NTFS, good old FAT. Now, like us you might think that a: nobody much can surely want FAT these days and b: it's not exactly difficult to get hold of it anyway. Any number of disk tools from any number of vendors will produce you a FAT format device and it's really, really a stretch to think of a situation where you'd be inconvenienced by a vendor not having access to FAT. Not right now, anyway. Nevertheless, here we go, Microsoft's wondrous new IP licensing programme proposes two licenses for the FAT file system, as follows: license for removable solid state media manufacturers to preformat the media, such as compact flash memory cards, to the Microsoft FAT file system format, and to preload data onto such preformatted media using the Microsoft FAT file system format. Pricing for this license is US$0.25 per unit with a cap on total royalties of $250,000 per manufacturer. - A license for manufacturers of certain consumer electronics devices. Pricing for this license is US$0.25 per unit for each of the following types of devices that use removable solid state media to store data: portable digital still cameras; portable digital video cameras; portable digital still/video cameras; portable digital audio players; portable digital video players; portable digital audio/video players; multifunction printers; electronic photo frames; electronic musical instruments; and standard televisions. Pricing for this license is US$0.25 per unit with a cap on total royalties of $250,000 per licensee. Pricing for other device types can be negotiated with Microsoft. So if we understand this correctly, Microsoft would like manufacturers of removable solid state storage to give it 25c a pop for the privilege of preformatting their devices with FAT, and while it's about it, the company intends to extend its IP tentacles into a wide variety of up-and-coming consumer electronics devices, with lawyers shuffling behind it.. Jim Gutstke, marketing GM of happy FAT licensee Lexar Media, tells us that "Lexar Media is glad to support Microsoft's goal of standardizing the industry around the FAT file system, which will further ensure interoperability of our memory cards, cameras and other consumer devices." So yes indeed, that is precisely what Microsoft intends to do with its tentacles. Using FAT. You will find further information on MS IP licensing, including FAT patent references, here. And you can get some context on Microsoft's interpretation of expressions like 'liberal new IP licensing policy' here. ®
John Lettice, 04 Dec 2003

e-Minister will make every public library a Wi-Fi hotspot

Government minister Stephen Timms opened today's Wi-Fi & 3G summit in London by listing the achievements of the "light touch regulatory policy" he's been able to put in place since taking over at the Department - and confirmed that his plan to put an open Wi-Fi hotspot in every public library was "going ahead". "I'm very keen on the idea that every public library should be a Wi-Fi hotspot," he said. "Already 90 per cent have broadband, and my department is now working up that idea." Timms strongly supported the future of 3G, and said that it would be "complementary" to Wi-Fi. He said: "A few months, Brian McBride, CEO of T-Mobile and I shared a platform; he's not only a leader in mobile data, but also a leader of Wi-Fi deployment - and he was clear that the hotspot business isn't a fully formed business model. But he also says first, that it's complementary to 3G; and second, it's a technology and a business which nobody in mobile industries can afford to ignore." The public library initiative was first reported by the British Council in September. Their report said: "The new, three-year action plan was launched at the Public Library Authority conference and includes a range of projects and programmes covering the three key development themes for public libraries." The three key areas are: Books, reading and learning Knowledge, skills and information are at the heart of economic and social life Digital citizenship Libraries are providing access to vastly increased information via the Internet. This strand will build on the success of the People's Network and develop national services for information, learning and reading. enabling libraries to play a full and active role in delivering e-Government Community and civic values Libraries are safe, welcoming, neutral spaces open to all the community. They are particularly well-placed to engage hard-to-reach groups. Libraries will develop their role in delivering a wide range of relevant services to help address social exclusion. Timms said that the past year had seen key steps in building the future of wireless in the UK. "The Communications Bill has reached the statute book, we've made a lot more spectrum available for Wi-Fi, and despite a lot of negative comment about 3G and the difficulties, it's important to recall that it is here." Timms said that on his way to London, he traveled on the overnight ferry from Aberdeen to Shetland. "On the ferry, I was able to download the ITN news bulletin and catch up with the day's events," he said. "Those who have been in the industry for a long time will remember the early experience of GSM; when there were widespread complaints about unreliable coverage, poor take-up." And Timms added: "I would remind you of a useful adage: 'If there aren't problems, the technology isn't advanced enough'!" He concluded: "I was particularly interested to hear from Intel that there are now more hotspots in the UK than in the whole of the rest of Europe altogether." Copyright © 2003, NewsWireless.net Recent NewsWireless Stories An "avalanche of demand" will follow cheap WiMax deployment Microsoft scores huge Pocket PC target - 24,000 units for TNT Express Related Stories BT to offer a week's free Wi-Fi access Cisco Wi-Fi kit in security flap Wi-Fi/Flash combo drives proliferate
Guy Kewney, 04 Dec 2003

US man has IT company logo tattooed on head

Those companies looking for a novel way to grow their business could do worse than follow the example of US hosting outfit CI Host. For the next five years a 22-year-old man from Illinois will roam the States with a five-inch CI Host tattoo on the back of his head, handing out business cards and flyers. The company reportedly secured Jim Nelson's services via a eBay auction, although he receives no salary or commission. To date the "human billboard" has attracted 500 new customers, a coup described as "a tremendous success" by CI Host CEO Christopher Faulkner. It appears that CI Host has relied heavily on publicity stunts to attract its current 200,000+ customers. Indeed, the company has in the past sponsored a NASCAR race car, sent one compo winner on a jet-bound trip to the stratosphere, erected a giant Santa on the roof of its headquarters and stuck its logo on the back of Evander Holyfield's boxing trunks. Which reminds us of our own unsuccessful attempt to find some brave and cash-strapped bloke willing to have the famous vulture logo tattooed on his penis. We can't help feeling that CI Host should immediately resurrect this bold marketing strategy. For starters, the average male can comfortably accomodate the length of the name - which "print area" practicality is why you'll never see BTBroadband on someone's todger, unless it's in a video called Swedish ADSL Routerfest. What's more, it's a great and fun way to penetrate the largely untapped female/gay hosting market. And, of course, it'll get you a mention on IT news sites where exasperated, world-weary hacks will twitter on about the depths to which some companies will sink in order to drum up a bit of trade. Oh yes, and speculate about how thick you have to be to have a company logo tattooed on your body. Not on El Reg though, where we always applaud and encourage innovation in marketing. Especially when it involves self-mutilation. Bravo. ®
Lester Haines, 04 Dec 2003

Veritas and NetApp snuggle up

Building on a promise made earlier this year, Veritas and Network Appliance have forged closer ties, linking their respective software and hardware products with ease of use in mind. The two companies have announced their first set of product bundles aimed at specific storage tasks such as data lifecycle management and back-ups. The alliance between the two companies will see some Veritas software packages released first and tuned for NetApp filers. In addition, NetApp will now resell various Veritas products. "Last August, we indicated that we would strategically align our activities," said Rob Soderbery, VP of business development at Veritas in an interview. "We're back for the first time, in this case, with two integrated solutions." As is often the case with such integrated solution exercises, the actual product does not arrive for some time. The Veritas Data Lifecycle Manager/NetApp SnapLock combination will not appear until the first quarter of next year, and the NetBackup/NetApp SnapVault pairing will not arrive until the second half on next year. Patience is required. The data lifecycle management package is aimed at helping administrators pull off policy-based data migration and archiving between NetApp NearStor systems and servers running Windows, Unix and Linux. As one might expect, the NetApp hardware will run Veritas' Data Lifecycle Manager software. One particular feature the two companies have worked on here is the ability to trigger NetApp's SnapLock software via the Veritas DLM product. The second package from the vendors includes Veritas' popular NetBackup software with NetApp's NearStor ATA-based storage systems. Administrators can use the Veritas GUI to perform disk-to-disk-to-tape and filer-to-filer backups. Over the long haul, the two companies are convinced that their shared engineering efforts will result in better performance for end users. They plan to add to these two offerings in the coming months. ®
Ashlee Vance, 04 Dec 2003

Subdermal RFID chip provokes furore

Well, it's already been widely reported, but we reckon it's Vulture Central's turn to chip in its two cents' worth to the subdermal RFID chip debate. To summarise, US cybercorporation Applied Digital Solutions has developed the so-called "VeriChip", a "miniaturised, implantable radio frequency identification device (RFID) that has the potential to be used in a variety of personal identification, security, financial, and potential healthcare applications". Sounds good. Here's the full gen from the company: "About the size of a grain of rice, each VeriChip product contains a unique verification number that is captured by briefly passing a proprietary scanner over the VeriChip. The standard location of the microchip is in the triceps area between the elbow and the shoulder of the right arm. The brief outpatient 'chipping' procedure lasts just a few minutes and involves only local anesthetic followed by quick, painless insertion of the VeriChip. Once inserted just under the skin, the VeriChip is inconspicuous to the naked eye. A small amount of radio frequency energy passes from the scanner energizing the dormant VeriChip, which then emits a radio frequency signal transmitting the verification number." The aforementioned financial benefits to humanity come in the form of "VeriPay", which uses the chip for cash and credit transactions. This is not the first time RFID transaction solutions have been mooted, but there is, of course, a security issue. At the recent ID World 2003 (good title - well done) in Paris, Applied Digital Solutions CEO Scott R Silverman addressed the possibility of someone mislaying their RNID "credit card": "VeriPay’s unique, under-the-skin format offers a much more secure, tamper-proof, and loss-proof solution. VeriPay brings to consumers the benefits of fast and reliable RFID technology along with the security of a subdermal format." There's that word 'benefit' again. In fact, there is no apparent benefit to the consumer from this RFID application. Someone's business will benefit, but you'll be walking around with a chip in your arm carrying personal and/or financial information which can be scanned without your knowledge. Well, that's what Joe Public seems to think, as exemplified by the story of Wal-Mart and its attempt to use RFID inventory control. This is just one example of possible applications which have a whole raft of civil liberties and consumers' groups calling for a moratorium on all RFID chips. But could this not be just another Big Brother-style panic induced by the prospect of fleets of black helicopters disgorging RFID scanner-bearing lizard people bent on the subjugation of the human race? Surely there must be some practical application for this skin-deep technology? A quick straw poll of El Reg hacks offered the following: RFID-scanning autopour beer pumps which dispense your preferred tipple before you've even reached the bar. RFID-enabled talking bins that know in which language to thank you when you deposit litter therein. RFID-tagged microwave pizzas and ice-cream cartons which trigger a supermarket checkout "shame alarm" when purchased by fat people. RFID audio chip which tells David Blunkett you're not an illegal immigrant without the poor bloke having to fumble around the Braille bit of your (easily mislaid) National Identity Card. We're certain readers can think of plenty more. In the meantime, if you don't believe that RFID is the greatest threat to civil liberties since number plate recognition technology, and fancy becoming your very own Captain Cyborg, you can sign up for your register-now-get-chipped-later deal right here. Hurry though - there's currently an unbeatable £50 chipping discount. Now that's what we call consumer benefit. ®
Lester Haines, 04 Dec 2003

Phone scam warning exposed as hoax

An email warning people to beware of a phone scam that could cost them £20 a minute is a hoax. The email warns people about receiving a recorded message which tells them they've won a prize, and then asks them to press '9' to hear further details. Warns the email: "If 9 is pressed, this connects you to a premium line that bills in the region of £20 per minute. Once you dial 9 and connect, even if you disconnect immediately, the call will stay connected for a minimum of 5 minutes (£100). "If you stay connected, after 11 minutes a recorded message asks you to key in your postcode and house number. After a further 2 minutes callers receive the following message: "'Sorry, you are not one of the lucky winners.' "After this the line disconnects," the email says. Not only are phone owners tricked into running up bills of up to £260, the email adds that BT is "relatively powerless to stop the calls". A spokesman for the UK's dominant fixed line telco said he'd received a number of calls on the subject. "It's a hoax, technically impossible, an urban myth," he said. ®
Tim Richardson, 04 Dec 2003

Broadreach scoops up roaming partners

UK wired and wireless Internet access provider Broadreach has extended its roster of roaming agreements, the company said today. Broadreach, the company behind ReadytoSurf-branded hotspots and Internet cafe facilities, has agreed to allow corporate remote access rivals iPass and Gric to add its sites to their list of connection points. US network aggregator Boingo will include them all on its growing collection of hotspots, too. The company's own customers, meanwhile, will be able to bill their access fees to their mobile phone accounts, thanks to a tie-in with Excilan. Users log into the ReadytoSurf access point with their mobile phone number instead of a username. They're called back and told the connection fee. Pressing the '1' key authorises payment and access. Excilan currently provides the service to 37 Wi-Fi providers in Europe and Canada. It has deals with a number of European mobile operators, but currently O2 is the only one in the UK. Broadreach has also signed a deal with clearing house Mach to facilitate multi-network roaming for its customers. ® Related Stories BT to offer a week's free Wi-Fi access iPass aggregates Swisscom hotspots The Cloud enables SIM-based hotspot access T-Mobile buys world's fourth biggest Wi-Fi provider
Tony Smith, 04 Dec 2003

Humans struggle for supremacy in online robot wars

Human ingenuity is just holding its own against AI-designed machines in Sodarace, a joint offering of Soda and Queen Mary College, University of London. Sodarace is "the online olympics pitting human creativity against machine learning in a competition to design robots that race over 2D terrains using the Sodaconstructor virtual construction kit." It seems that - to date - humanity has just about got the edge in this entertaining educational project. Dr Peter McOwan of Queen Mary affirms: "Human creativity will be tough to beat and this will be a fascinating global experiment. Machines designing machines has been the theme of many popular science fiction movies, but in Sodarace that has become a reality." Chillingly, it was touch-and-go for a while on the rubble-strewn human/AI battlefield. Computer-generated offerings from the UK and Austria started strongly, and were eventually subdued only by a Canadian contender developed by good old trial-and-error. The news that we've still got it in the creative thinking department comes as a great relief to all Reg hacks who have for some time believed that the forthcoming Vulture Central implementation of the Bricolage CMS would also involve the activation of a Content Generation System programmed to turn out 50 IT-related stories a day, ten funnies and one non-IT-related human-interest piece. Mercifully, Sodarace proves that we are still some way off the nightmare of the relentless and tireless cyberjourno. ®
Lester Haines, 04 Dec 2003
Broken CD with wrench

What Big Bird knows about Sun

After attending the last two Sun Microsystems' user shows, we can only conclude that CEO Scott McNealy's children are huge Sesame Street fans. Sun continues to offer up a notion often chanted on the kids programme that "being different is okay". Whether you are purple like a Sun server, have a $9 Supercuts hairdo or suffer from a relentless need to make car analogies, you are all right. Being different is neat. Muppet song begins here... The latest proof of Sun's love for the weird comes courtesy of Sir George Martin's speech here in Berlin at the Sun Network conference. The "fifth Beatle" closed out the show by walking attendees through the creation of Sergeant Pepper's Lonely Hearts Club Band and how being different led to infinite success. "I feel a special connection with Sun Microsystems and all you guys because you are innovators," Martin said. "You guys are on the cutting edge now, and I am not." Be it Apple or Sun, "systems" companies seem to feel a kinship with the Beatles. Anyone can have Britney Spears hump a chair or, like Dell, move plain boxes out of a factory, but only the greats dare to be different and go at things their own way. This theme is similar to that delivered earlier this year by comic legend John Cleese at another Sun conference. Cleese told attendees to dare to make mistakes. It's not difficult to see what Sun is trying to do by throwing adventurous Brit luminaries at users. Sun is in the muck at the moment and wants observers to believe part of its problems are by design. "It's wise to take a good risk rather than playing it safe," Martin said. To that end, the Beatles' producer does have a point that fits well with Sun's ambitions. Analysts and the press corps berate Sun at every opportunity for losing cash, being stubborn and limping along. But as disabled as Sun appears at times, it really has no other choice than to be different. The only major server vendor making money at this point and time is Dell. HP could not even pay an electricity bill with its server profits, and IBM goes from the red to the black like a roulette wheel. Both companies make their money elsewhere in good quarters and use the server for other sales. Some analysts charge that Sun has lost its focus. The company is talking about Linux desktops, giving away its software at an insane price, still building its own chips and now dabbling with Opteron, Athlon and Xeon boxes. Then there is the whole Java pitch. When did Sun ever make money on this popular code? A large swath of gurus see these big, confusing bets as Sun's flirtation with the undertaker's daughter, hoping she may pull some strings and secure a reasonable burial cost. But from where we sit - in a Berlin press room surrounded by cookies and beer-rotted hacks - Sun really has few options other than to be different. If McNealy was made of cloth and had a funny voice, Bert and Ernie could not be more proud. A healthy economic recovery would return the server business to the black, and make hardware makers look like winners again, but this is not what equates to long-term planning - at least not for Sun and not in the way it has been done in the past. It's not so much that Sun is irrelevant as some would have you believe but rather that the company plans to remain relevant for a while to come. A less creative company would rest on its laurels as the big daddy of the data center, hoping the good times return and waiting for Michael Dell to be hit with a nasty case of career altering syphilis. Yes, there are times when we look to the hardware heaven and pray that McNealy did not like hockey and cars quite so much. You can only hear about a puck going places or camshafts so many times. But we dare say Scooter is making some sense these days, and that there is some merit to this gift-wrapped hardware idea. Take the Java Enterprise System, for example. It's here that Sun is attacking HP and Dell. These companies have no middleware stack and are dependent on partners to supply the code. These partners have lucrative software businesses, think Microsoft, and aren't about to let go of profits anytime soon. So Sun decided to ship its entire software stack for $100 per employee. Only IBM can match this package and isn't inclined to do so. Or take a look at what Sun did this week with the JES for small companies. If you have 100 employees or less, the software arrives free of charge. The purchase price is in the Sun hardware. This is a risky approach to be sure because it requires a commitment from the customer to Sun. To enjoy the spoils of our software, you must buy the metal to go with it. It may be crazy, but at least it's different. One reporter here described Sun as a medium-sized business and this is a damaging blow for the one-time data center darling. It does, however, indicate the current state of affairs. Sun has lost a lot of its lustre. But those pundits who label Sun as the next SGI should see the company has little choice other than to follow this new, nail-littered road. For Sun to flourish as a server seller again, it has to change the nature of the sale in a way that other companies can't. Dumping Java, its Linux desktop efforts and chips, is not an answer to much of anything. Being different is Sun's only hope. ®
Ashlee Vance, 04 Dec 2003

2 February 2004 is Prescott Day

Intel's 90nm 'Prescott' Pentium 4 processor will launch on Monday, 2 February, according to Xbit Labs which cites sources said to be close to the company. On the big day, the chip giant will roll out the anticipated 3.4GHz Pentium 4 Extreme Edition - for a whopping $999, apparently - along with a vanilla 130nm P4 clocked to the same frequency. Prescott will also be launched at 3.4GHz, and at 3.2, 3.0, 2.8GHz. A fifth Prescott will also run at 2.8GHz but only support a 533MHz effective bit rate frontside bus, rather than the regular 800MHz version. Prices for the various Prescotts will be $417, $278, $218, $178 and $163, respectively. All this talk of 2 February had us puzzled: Intel usually unveils chips and changes prices on Sundays, and we'd been looking to a Prescott introduction on 15 February. But the mystery is solved: that day will see, as expected, a revision of current P4 pricing. ®
Tony Smith, 04 Dec 2003

IT giants fingered over links to China

A human rights organisation has written to more than a dozen of the world's leading IT companies urging them to take a stand against the Chinese government's repression of the Internet. Reporters Without Borders - which fights for press freedom - has written to the bosses of Microsoft, Intel, Thomson, Nortel Networks, Hewlett-Packard, Logitech, Oracle, NEC, Samsung, Sun Microsystems, IBM, Yahoo! and Alcatel saying that they are all selling gear that helps the Chinese government spy upon and crack down on people using the Internet. "All of them [the bosses of the IT giants] should feel responsible for the plight of China's embattled Internet users," said Reporters Without Borders in a statement. Singling out individual companies, Reporters Without Borders claimed that "Cisco Systems supplies special online spying systems while Intel just sells its standard products". It went on: "Yahoo! agreed to change its portal and search-engine to facilitate censorship in exchange for access to the Chinese market, while South Korea's Samsung is simply selling its goods to a neighbouring country." No one from Cisco, Intel or Yahoo! was available for comment at the time of writing. Of course, this isn't the first time that the IT industry has been fingered for its involvement in China. A year ago, Cisco Systems, Nortel Networks, Microsoft, and Sun Microsystems, among others, were accused of aiding and abetting human rights violations in China by Amnesty International. The human rights watchdog argued that China depends on the technological expertise and investment of foreign companies that provide technology which is used to restrict fundamental freedoms. Amnesty listed how the Chinese authorities have "introduced scores of regulations, closed Internet cafes, blocked e-mails, search engines, foreign news and politically-sensitive websites, and recently introduced a filtering system for web searches on a list of prohibited key words and terms". ® Related Story Amnesty slams tech giants for 'aiding' Chinese human rights abuse
Tim Richardson, 04 Dec 2003