28th > January > 2004 Archive

SCO posts $250,000 worm bounty

The SCO Group has posted a $250,000 bounty for information leading to the conviction of the author of the MyDoom worm currently sweeping the Internet. The worm has been nicknamed "SCObig" because it harbors a payload that will create a Denial of Service attack against SCO's company website next month. SCO advises anyone who has knows about the perpetrator to contact their local FBI office. SCO also advises anyone who notices strange executable files, possibly in their /usr/bin directory and messages bearing the text /Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA to contact SCO directly. For a fee of $1,399 per CPU, infected users can be hosed down and sent on their way. ® Related Stories Viruses and hackers make Windows more secure - Gates Latest Email worm has SCO-facing payload
Andrew Orlowski, 28 Jan 2004

Infineon to pay €100m for ADSL chip maker

Infineon today announced a plan to buy Taiwanese fabless comms chip maker ADMtek for up to €100 million - €80 million now and a further €20 million if the acquisition meets two-year performance targets set by its buyer. ADMtek focuses on Ethernet chipsets, but Infineon is more interested in its WLAN and home broadband gateway products. The German company sees ADMtek's products as a way of boosting its own income from the ADSL and VoIP markets. Until the acquisition is completed, it has no consumer-oriented home gateway chip offerings. ADMtek will form the basis of a new firm, Infineon-ADMtek, also based in Hsinchu, Taiwan. The acquisition - Infineon's first in Asia - provides it with a strong R&D centre, favourable cost structure and close proximity to Taiwanese ODMs, which account for more than 70 per cent of the global consumer broadband modem and router market. It is also near many of the world's fastest growing broadband markets, such as China and Japan. ADMtek is privately owned. Its largest shareholder is Accton Technology Corporation, which is one of said Taiwanese ODMs. Under the terms of the acquisition, Infineon has agreed to continue to supply chips to Accton. ®
Tony Smith, 28 Jan 2004

ARM buys fabless SoC maker

ARM has acquired customisable microcontroller and SoC developer Triscend for up to $15 million in cash - $13.2 million now and up to $1.8 million more in the next 12 months if the Californian company meets a number of performance targets. Triscend has a number of ARM connections already. Its president and CEO, Reynette Au, joined the company in 2002 from ARM's US wing. And the company's SoC platform is based on ARM cores. The deal brings ARM an established microcontroller platform. More importantly, it gives it ownership of a 32-bit platform ahead of an anticipated increase in the number of customers looking to upgrade from 8- or 16-bit microcontrollers. "Given the industry trend for upgrading 8- and 16-bit MCU designs, ARM believes the 32-bit MCU market will grow substantially over the next few years," said ARM CEO Warren East, in a statement. "By investing in this market now with the acquisition of Triscend, the ARM partnership will be well positioned to take advantage of the anticipated growth." The company said it will be hopes to proliferate the ARM architecture by selling Triscend's configurable microcontrollers to OEMs for "emerging applications". ®
Tony Smith, 28 Jan 2004

ARM's 2003 revenues dip, despite rising royalties

Rising sales during the last three months of ARM's financial year failed to lift the chip designer's full-year figures, the company reported yesterday. While Q4 2003 yielded revenues totalling £34 million ($62 million), up seven per cent from Q3's £31.7 million, the year as a whole generated revenues of £128.1 million ($230 million), down 15 per cent on 2002's £150.9 million ($274 million). Profit before taxation fell year on year from £45.4 million ($82 million) to £28.4 million ($51 million). ARM was hit hard during the year by currency fluctuations - 90 per cent of its 2003 income was paid in US dollars. The average exchange rate during 2003 was £1:$1.64, compared to £1:$1.50 in 2002. Rates peaked to £:1:$1.71 in Q4. Fourth-quarter royalty revenues reached £12.8 million ($62 million), up from £11 million ($20 million) the previous quarter. Unit shipments rose 20 per cent sequentially to hit a record 236 million units. Five new licensees commenced shipping in the quarter bringing the total to 60, ARM said. During Q4, ARM's operating margin increased to 22.3 per cent from 17.7 per cent in Q3. Profit before taxation totaled £8.9 million, up from £6.8 million in Q3 2003. Warren East, ARM's CEO, said: "After resetting our cost base at the start of Q4 2002, 2003 has been a year of operational stability and gradually improving financial performance. Our decision to maintain high levels of research and development expenditure during the protracted industry downturn has enabled us to introduce a number of new products in the year based on the innovative technologies we have developed. These are already driving licence revenue and underpin our confidence for revenue growth during 2004." ® Related Story ARM buys fabless SoC maker
Tony Smith, 28 Jan 2004

Chairman Bill's ‘magic spam cure’ – a revenue opportunity?

AnalysisAnalysis Spam is a modern tragedy of the commons: as few as two hundred spammers pollute inboxes of hundreds of millions of Internet users, and will fairly soon account for half of all email volume. Fixing spam is simple if we permit ourselves to make slight changes to the Internet protocols. These protocols are supposed to be our servants, not our masters, but the technical community refuses to support a consensus to allow the tweaks that could cure not only spam, but worms too.* A simple modification to the SMTP protocol is now supported even by the author of the protocol herself. "I would suggest they just write a new protocol from the beginning," says Suzanne Sluizer, who points out that the Internet now is very a different place to the trusted community it was in 1981, when SMTP was devised. Unfortunately, fixing the spam problem by other means is wrought with difficulties. As the saying goes, you really wouldn't want to get there from here. Now Bill Gates in what he characterized as "a magic solution" has vowed to defeat junk email within two years, and has proposed three old ideas to defeat it. That Microsoft feels some public responsibility about what goes on on its computers is refreshing, and should be welcomed. Microsoft has more potential to do good here than any other organization, private or public. But it's interesting that Chairman Bill's favored solution isn't the one proposed by researchers - the Penny Black model - although it is the one of the three that offers a revenue opportunity. Gates' three ideas are a challenge response system - which sends an email back to the sender requesting human authentication; a model that requires the spammer's machine to perform a computation that would slow down bulk email dispatches (Penny Black), and charging the sender of email a micropayment. You can guess which one Bill himself favors: "In the long run, the monetary [method] will be dominant," he predicted. Steve Linford of the Spamhaus Project, which monitors spam and maintains a watchlist of ISPs who host spammers, made short work of the first two before suggesting a cynical motivation for Bill's preference. You could cynically suggest that if spam disappeared overnight then Steve himself would be looking for a new job. But then it takes one to know one, and it isn't Steve who's asking for your money. (A caveat: as a consequence of every technical spam countermeasure we've looked at, something will break: building smarter infrastructure will require changes to servers and routers; changing the SMTP protocol will require the clients to be changed. Nothing gets fixed without some eggs being broken.) The arguments against challenge-response are well known, as it's probably the most debated potential model. Challenge-response effectively sends a spam back to an unknown sender asking them to prove that they're not a spammer. This poses problems, Linford points out, for ecommerce systems, which require an automated response; and it breaks legitimate subscription lists. Penny Black doesn't appeal to Linford because spammers "would simply do as they normally do and rotate IPs and domains, offloading the computation to thousands of hijacked computers". It does give the software industry the opportunity to upgrade its software, he adds. And the hardware industry too, of course, which could use it to promote an upgrade cycle. In fact Intel has already advocated offloading virus scanning onto its multithreaded processors users. Some credence was given to this recently when Intel Chairman Andy Grove appeared to give a key speech in Washington DC entirely using spam keywords (see Intel's Grove blames unitease on TWHRUPBS. (But on further investigation, it turned out to be a very buggy transcript - the fixed version you can find linked to from here Modern microprocessors have lots of capacity for this; but once again it's a cure that will hurt legitimate bulk email senders. Finally, onto Gates' preferred solution: pay-to-send. On the face of it, hundreds of millions of people already to pay to send messages, via the most popular messaging infrastructure system in the world, SMS. Which is also the most expensive per byte, and you don't hear too many complaints about that. Why not pay for email, too? Spamhaus' Linford points out that since spammers already use hijacked domains, it would simply hijack pre-pay bundles, too. True, but it would have to work a lot harder to do so, and the 10,000 email bundle that he suggests a typical user would buy wouldn't account for very many spams. However Reg friend Karsten Self, who has been doing some interesting research on junk email which we'll share with you tomorrow, agrees that Microsoft sees a revenue opportunity. "Micropayments don't scale - and Bill Gates knows this. He doesn't sell to individuals. He sells to box vendors such as Dell, IBM, and HP and to large corporate accounts. Everything else is more trouble than it's worth." Clearly there's no indication of Microsoft softening the market to accept an antispam tax - either to ISPs or OEMs. But that's nothing to be complacent about, because the market doesn't need softening up; we suggest that it's willing to pay to see a problem go away, and right now spam is a pretty major problem. Despite a dazzling quarter, Microsoft can't be assured of future growth on such a scale and the Chairman would be remiss not to consider creative revenue opportunities. ® [*] For example, by turning on that firewall that already comes with Windows XP, the 'SCObig'would have had to work a lot harder to find an open port. Related Stories We'll kill spam in two years - Gates Microsoft aims to 'shift the tide' in war on spam Microsoft declares war on spam Microsoft takes 15 spammers to court Why spammers lurve the 'Microsoft support' worm Web giants to declare war on spam The conspiracy against our in-boxes Trust me, I'm a spam message! US anti-spam laws 'will legalise spam' UK Govt fouls up anti-spam plans, say experts MP unleashes brilliant anti-spam plan We hate Spam (email your friends)
Andrew Orlowski, 28 Jan 2004

Crypto booster tech for mobile phones

Discretix, the Israeli embedded-security specialist, yesterday launched an upgraded version of Cryptocell, its encryption technology for mobile phones. The technology includes a co-processor, security software and device drivers designed to optimise the delivery of encryption onto resource-constrained mobile phones. Discretix markets its wares as enabling technology for an emerging range of mobile applications. The technology can be customised for apps such as DRM, over-the-air device management clients, VPN clients, secure storage and device anti-theft products (Secure SIM and IMEI blocking). Handsets featuring CryptoCell produce a faster response to applications that depend on encryption and/or require secure authentication, for example mobile commerce transactions, Discretix says. Ericsson Mobile Platforms, an existing user of Discretix' technology, has licensed the latest version of CryptoCell for integration into its new handset platform design. Gal Saloman, chief executive of Discretix, told The Register that 12-15 handsets feature its crypto technology. These devices include phones from Sony Ericsson and other manufacturers, some of which will be declared publicly during the forthcoming 3GSM conference. Over the last year mobile operators have become more interesting in selling content over mobile phones, providing access to corporate calendaring and performing firmware upgrades over the air. This requirement has led to a need to hardware-based security from handset manufacturers. Without improvements in security the industry risks repeating the cracks to games for Nokia NGage the accompanied the high-profile release of the integrated phone / gaming device last year, Saloman warned. NGage's protection technology was software based and therefore less secure than a hardware-based system, Discretix argues. Discretix is a member of the Symbian Platinum Program and its technology also supports Linux. Saloman said Discretix is "still waiting for its first Microsoft customer". "We'd love to help but we're not seeing much traction in the market," he added. Discretix also provides security technology for PDAs and storage cards. By contrast to mobile phones this is an area where demand for Discretix' security technology for Microsoft-based devices is far more tangible. ® Related Stories Nokia N-Gage cracked M-Commerce for All Sex and gambling drive mobile content sales Mobile games revenue leap like leaping salmon Related Products Find your next phone in The Reg mobile store
John Leyden, 28 Jan 2004

Consumer demand drives record LCD spending

LCD panel makers will spend a record $9.42 billion on equipment this year - 43 per cent more than they forked out last year, market watcher DisplaySearch has forecast. That significant increase in equipment spending - 41 per cent higher than the LCD business’ last record year, says DisplaySearch - underpins growing consumer demand for flat planel TVs and monitors and notebook PCs. Tellies in particular are driving that demand. The researcher expects more than 50 million LCD TVs will ship come 2008. As for the panel manufacturers themselves, Tawainese players are expected to account for half of that $9.42 billion equipment spend, DisplaySearch notes in its latest Quarterly TFT LCD Supply/Demaned and Capital Spending Report. Mainland Chinese companies will account for 11 per cent of 2004 spending, much of it invested in fifth-generation fabs. Indeed, 50 per cent of 2004’s overal spend will go on fifth-gen product lines. Behind Taiwan, South Korean firms will account for 28 per cent of 2004’s spending. Samsung alone will account for 17 per cent of the total, as it expands its fifth- and rolls out its seventh-generation fabs. Japan, meanwhile, will see its share of the total capex drop from 26 per cent last year to ten per cent in 2004, primarily through outsourcing to these other areas. ®
Tony Smith, 28 Jan 2004

Amazon profits climb, forecast raised

Online superstore Amazon.com ended its first full year of profitability and upped its sales guidance for the upcoming year. The company said that low prices and year-round free shipping deals are what have driven its success. "Our commitment to year-round free shipping and lower prices continues to be a win-win for our customers and Amazon.com," said Jeff Bezos, founder and CEO of Amazon. "In addition to purchasing thousands of $29 DVD players this holiday season, customers also bought Tibetan yak cheese, pomegranate molasses and zero carb cheese straws." The Seattle-based company said that in the last three months of 2003, it earned $73 million, or $0.17 per share, compared to $2.7 million, or $0.01 per share in the same period a year earlier. Quarterly sales came to $1.9 billion, up 36 per cent from the year-ago period and slightly ahead of the $1.869 billion figure predicted by analysts. Excluding once-off charges, the company matched Wall Street forecasts with earnings of $125 million, or $0.29 per share, compared to $75.4 million, or $0.19 a share a year ago. For the full 2003 year, earnings were $35 million and sales amounted to $5.26 billion. Still, Amazon shares fell in after-hours trading on Tuesday night. Market watchers chalked the falls up to a disappointment that the strong results were so heavily influenced by the weak US dollar. Currency shifts allowed the firm to add $100 million in international revenue during the fourth quarter, Amazon said. Overall, international sales rose 74 per cent to $804 billion, while North American sales were up 18 per cent to $1.14 billion. Shares were also weighed down by the company's declining gross margins, now at 22 percent and below expectations. "You should expect to see pressure on gross margins" as Amazon expands and cuts prices, said Financial Officer Thomas Szkutak, in a conference call with analysts and the press. Looking forward, Amazon raised its 2004 revenue forecast to between $6.2 billion and $6.7 billion, higher than the current forecast from analysts. In late 2003, the company predicted that revenue for the current year would be between $5.75 billion and $6.25 billion. ®
ElectricNews.net, 28 Jan 2004

Thus passes cash flow positive ‘milestone’

Thus - the Glasgow-based alternative telco that's behind the Demon ISP - has turned cash flow positive, three months ahead of market expectations. Describing it as an "important milestone in the development of the business", Thus has confirmed it will be cash flow positive for the second half of the current financial year. "Thus believes that it is the first UK alternative telecommunication operator to have achieved this goal on a sustainable basis," said the company in a statement. The company is also confident that the business is on a "steady trajectory" to deliver positive operating profit in the second half of the next financial. Shares in Thus were up 0.5p (1.4 per cent) at 36.25p by mid morning. ®
Tim Richardson, 28 Jan 2004

Intel delays next Xeon DP but one – report

What could be Intel's first dual-core Xeon DP processor, 'Jayhawk', has had its release pushed back to the middle of next year. That, at least, is what Xbit Labs is saying, having presumably seen a recent internal roadmap. Jayhawk's existence was made official last September at Intel Developer Forum, and was given a broad release schedule: some time in the second half of 2004. Set to be fabbed at 90nm, Jayhawk is the successor to 'Nocona', Intel's first 90nm Xeon DP. Nocona is expected to debut at 3.06GHz to 3.6GHz; Jayhawk is likely to take clock frequencies to 4GHz and beyond. Nocona is due to ship next quarter, bringing an 800MHz effective bit rate frontside bus to the Xeon DP platform. It will use Intel's 'Lindenhurst' and 'Tumwater' chipsets, which feature PCI Express and DDR 2 SDRAM support in addition to the higher FSB. Just as the next Xeon MP, 'Potomac', is set to be followed by a dual-core version of the chip, codenamed 'Tulsa', so Jayhawk may be a dual-core implementation of Nocona, though Intel has not confirmed this. ® Related Story Jayhawk flies in as next-but-one Xeon DP Intel commits to multi-core Pentiums, Xeons, Itanics
Tony Smith, 28 Jan 2004

Intel's 90nm Celerons fall back to Q2

Intel CFO Andy Bryant's pledge to shift "most of the value line" of processors to 90nm during Q1 2004 appears to have gone off the rails. According to DigiTimes, citing Taiwanese motherboard makers, the first three 90nm Celeron processors will now arrive during Q2. The report suggests the three chips will be clocked to 2.53, 2.66 and 2.8GHz, all operating with 533MHz effective bit rate frontside bus speeds and offering 256KB of L2 cache. The chips are priced as $79, $89 and $117, respectively. DigiTimes also forecasts the arrival next quarter of a pair of entry-level chipsets, the 915GV and 910GL, which support Socket 775 and Socket 478 CPUs, respectively. ® Related Story Intel to shrink Celeron to 90nm
Tony Smith, 28 Jan 2004

Nvidia NV40 to ‘ship next quarter as FX 6000’

Nvidia's long awaited NV40 graphics processor will ship as the GeForce FX 6000 series next April or May following a March unveiling, German web site 3DCenter claims. The 130nm chip will actually use an AGP 8x interface. For video memory, DDR, GDDR 2 and GDDR 3 will all be supported. The GPU itself will contain 175 million transistors, the report says. It's unsure about clock speeds, but suggests 500-600MHz for the core, 600-800MHz for the memory. As for its feature set, the site's summary list pretty much what you might expect from a next-gen Nvidia part: better anti-aliasing and anisotropic filtering; version 3.0 pixel and vertex shader support but with improved shading engines; eight rendering pipelines with two texture mapping units each, together capable of 16 passes without z values. The chip will support DirectX 9.0, not 9.1. NV40 is expected to be accompanied by the NV41, which enables PCI Express support. PCI Express-enabled versions of Nvidia's 5700 and 5200 are likely to surface soon after. ®
Tony Smith, 28 Jan 2004

Online banking condemned by small businesses

The small business online offerings of Britain’s leading banks are not good enough. Despite spending millions of pounds trying to attract business customers and convince them to complete their transactions over the internet, the leading banks are failing to produce a satisfactory service. In a poll of 500 small businesses, conducted by online finance intermediary Xbridge, 61 per cent of customers rated their bank’s business website as either poor or very poor. Bank of Scotland and Lloyds TSB had customers most disgruntled, with almost three-quarters unable to obtain the services they required. HSBC faired only slightly better, failing to impress two thirds of its online customers. According to the report, Abbey is the UK’s top provider of online business banking services, managing to satisfy over half of its customers, while Barclays also figured prominently among the nation's best. The report highlighted that banks are producing expensive and complex websites with lots of guides and information, but not serving small business owners’ most simple requirements. It stated that the banks must leave help and advice to non-bank sources and concentrate on providing simple transaction and lending facilities. Brad Liebmann, managing director of Xbridge, said: "The results show a remarkable lack to foresight by the majority of the UK’s largest lending institutions. Banks need to be more committed to delivering an effective customer experience online. "Employing interactive technology capable of finding the appropriate financial solutions for individual small businesses would significantly increase the banks’ revenue derived online." Copyright © 2004,
Startups.co.uk, 28 Jan 2004

A visit from the FBI

Well, it finally happened. Right before Christmas, I had a little visit from the FBI, writes SecurityFocus columnist Scott Granneman. That's right: an agent from the Federal Bureau of Investigation came to see me. He had some things he wanted to talk about. He stayed a couple of hours, and then went on his way. Hopefully he got what he wanted. I know I did. Let me explain. I teach technology classes at Washington University in St. Louis, a fact that I mentioned in a column from 22 October 2003 titled, "Joe Average User Is In Trouble". In that column, I talked about the fact that most ordinary computer users have no idea about what security means. They don't practice secure computing because they don't understand what that means. After that column came out, I received a lot of email. One of those emails was from Dave Thomas, former chief of computer intrusion investigations at FBI headquarters, and current Assistant Special Agent in Charge of the St. Louis Division of the FBI. Dave had this to say: "I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are." He then offered to come speak to my students about his experiences. I did what I think most people would do: I emailed Dave back immediately and we set up a date for his visit to my class. It's not every day that I have an FBI agent who's also a computer security expert come speak to my class, so I invited other students and friends to come hear him speak. On the night of Dave's talk, we had a nice cross-section of students, friends, and associates in the desks of my room, several of them "computer people," most not. Dave arrived and set his laptop up, an IBM ThinkPad A31. He didn't connect to the Internet - too dangerous, and against regulations, if I recall - but instead ran his presentation software using movies and videos where others would have actually gone online to demonstrate their points. While he was getting everything ready, I took a look at the first FBI agent I could remember meeting in person. Dave is from Tennessee, and you can tell. He's got a southern twang to his voice that disarms his listeners. He talks slowly, slightly drawling his vowels, and it sort of takes you in, making you think he's not really paying attention, and then you realize that he knows exactly what he's doing, and that he's miles ahead of you. He wears a tie, but his suit is ready to wear and just a bit wrinkled. His dark hair is longer than you'd think, hanging below his collar, further accentuating the country-boy image, but remember, this country boy knows his stuff. All in all, he gives off the air of someone who's busy as heck, too busy to worry about appearances, and someone who's seen a lot of things in his time. A-cracking we will go Dave focused most of his talk on the threats that ordinary computer users face: what those threats are, who's behind them, and why they exist. He spent quite a bit of time talking about the intersection of Trojans and viruses. He started by showing us how easy it is to create a virus, using one of several virus creation wizards that can be easily found on the Net (of course, real men and women write their own). More and more, however, the viruses circulating on the Internet are quite purposeful in design. The goal is to install a Trojan on the unsuspecting user's machine that will then allow the bad guy to control the machine from afar, turning it into a Zombie machine under the control of another. All too often, this tactic is successful. Hundreds of thousands if not millions of machines are "owned" by someone other that the user sitting in front of the keyboard and monitor. These Trojans are often the ones that security pros have been watching for years: "SubSeven, Back Orifice, and NetBus. A lot of the time, script kiddies are the ones behind these Trojans, and they do the usual stuff once they have control of a user's PC: grab passwords, use groups of machines to organized DDOS attacks (often against other script kiddies), and jump from machine to machine to machine in order to hide their tracks. What surprised me, however, were how often Trojans are used to mess with the heads of the poor unsuspecting suckers who own the zombie machines. A favorite trick is to surreptitiously turn on the Webcam of an owned computer in order to watch the dupe at work, or watch what he's typing on screen. This part isn't surprising. But Dave had countless screenshots, captured from impounded machines or acquired online from hacker hangouts, where the script kiddie, after watching for a while, just can't help himself any longer, and starts to insult or mock or screw with the duped owner. In one, a hacker sent a WinPopup message to a fellow: "Hey, put your shirt back on! And why are you using a computer when there's a girl on your bed!" Sure enough, the camera had captured a guy using his computer, sans shirt, and in the background you could clearly see a young woman stretched out on a bed. In another, a man was working a crossword puzzle online when the hacker helpfully suggested a word for 14 Down (I think it was "careless"), again using WinPopup. In a third, a screenshot captured the utterly shocked expression on a man's face - mouth agape, eyes open wide in amazement - when his computer began insulting him using, you guessed it, WinPopup. This is bad enough and it's also cruelly funny, but the scary part came in when Dave started talking about the other group behind the explosion of viruses and Trojans: Eastern European hackers, backed by organized crime, such as the Russian mafia. In other words, the professionals. These people are after one thing: money. The easiest way to illegally acquire money now is through the use of online tools like Trojans, or through phishing: set up a fake Web site for PayPal or eBay or Amazon, and then convince the naíve to enter their usernames, passwords, and credit card information. Viruses and spam also intersect in this nasty spiderweb. Viruses help spread Trojans, and Trojans are used to turn unsuspecting users' computers into spam factories, or hosts for phishing expeditions, and thus furthering the spread of all the elements in this process: viruses, Trojans, spam, and phishing. It's a vicious cycle, and unfortunately, it appears to be getting worse. The FBI is working as hard as it can, but the nations of Eastern Europe are somewhat powerless to solve the problem at this time. One way to trace just how bad the situation has gotten: track the price for a million credit card numbers. Just a few years ago, Dave saw prices of $100 or more for a million stolen credit card numbers. Now? Pennies. Stealing credit cards is so easy, and so rampant, that prices have dropped precipitously, in a grotesque parody of capitalist supply and demand. Along with this comes intrusions into banks and other financial institutions. Dave wouldn't name names, but he said several organizations that we would all know have been infiltrated electronically by Eastern Europeans, who then grab customer data. A few days later, the unsuspecting president of the bank gets an email demanding $50,000, or else the media will be told of the break-in. Of course, the break-in is news to the bank. As proof of their exploit, a spreadsheet is attached to the email, with a few hundred rows of client data: bank account numbers, home addreses, balances. Unfortunately, many banks decide to keep it all a secret from their customers, so they reluctantly decide to go ahead and pay the extortion. $50,000 goes to the criminals, and the bank breathes a sigh of relief. Three days later, ten emails arrive, from ten different criminal organizations, each demanding $25,000. Ooops. Far from buying protection, the bank revealed itself as a easy mark, amenable to blackmail. And it will only get worse. Time to call in the FBI, as it should have done from the beginning. American companies have tried to respond to the massive fraud being perpetrated online. One common preventive, adopted by most companies that sell products online, has been to refuse shipments outside of North America, or allow international shipping, except for Eastern Europe. Criminals have figured out a way around this, however. They hire folks to act as middlemen for them. Basically, these people get paid to sit at home, sign for packages from Dell, Amazon, and other companies, and then turn around and reship the packages to Russia, Belorussia, and Ukraine. You know those signs you see on telephone poles that read "Make money! Work at home!"? A lot of that "work" is actually laundering products for the Russian mob. Of course, anyone caught acting as a middleman denies knowledge of their employer: "I had no idea why I was shipping 25 Dell computers a day to Minsk! I just assumed they liked computers!" Proof once again that social engineering, coupled with greed, is the easiest way to subvert any security. Some surprises Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware. Are you listening, Apple? The FBI wants to buy your stuff. Talk to them! Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none. (I hope I'm not helping increase the number of sales Apple has to drug traffickers.) The biggest surprise was how approachable and helpful Dave was to everyone in the room. According to Dave, the FBI has really made reaching out to the local communities it's in more of a priority. Since the September 11th attacks, the FBI has shifted its number one focus to preventing terrorism, but the number two priority remains preventing and capturing crimes based around technology. In order to best achieve both goals, the FBI has been working hard to reach out to American citizens, and Dave's talk to my class was part of that effort. I'm a civil libertarian at heart, and that brings with it an innate mistrust of governmental authority - power corrupts, after all. But I'm glad people like Dave Thomas are in the FBI. He's a good man, and he has a good understanding not just of technology, but also of the complexities of the moral and ethical issues surrounding technology in our society today. He did a great job enlightening my students, and he really made the FBI sound like a pretty cool environment for people interested in pursuing security as a career. My advice: call your local FBI and see if they won't come visit your class, or Users Group, or club. I guarantee you'll learn something. Copyright © 2004, Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients.
Scott Granneman, 28 Jan 2004

Vodafone tops 130m customers

Vodafone signed up more than 4.3 million new punters in the run-up to Christmas, taking its total customer base to more than 130 million users. Recording its best quarter in three years for increased customer numbers, the world's biggest mobile operator said the figures were better than expected. In Germany the company added 888,000 new customers in the three months to the end of December. In Italy, Vodafone attracted 507,000 new users. The 464,000 new punters who joined Vodafone in the UK was the highest level since March 2001. Still in the UK, ARPU (average revenue per user) increased to £303 for the year to December 2003, up from £297 for the year to September 2003. Yesterday, Virgin Mobile reported that it had signed up more than half a million new customers at the end of last year, making it the most successful three months ever for the mobile telco. Boasting about its success Virgin boss, Sir Richard Branson described it a "glittering result for Virgin Mobile". Related Story Virgin Mobile crows over record quarter Related Products Buy the latest phones from The Reg mobile store
Tim Richardson, 28 Jan 2004

MyDoom is the worst virus ever

The prolific MyDoom worm has outpaced Sobig-F to become the fastest spreading virus ever, according to email filtering outfit MessageLabs. MessageLabs blocked 1.2 million copies of MyDoom (AKA Novarg) in the 24 hours after it first appeared on Monday. At its peak the virus accounted for one in 12 emails. In comparison, last August's SoBig-F pandemic peaked with one in 17 email messages containing a copy of the virus. MessageLabs blocked one million copies of SoBig-F in the first day of that outbreak. Just like SoBig-F, much of the huge volume of crap generated by MyDoom is the result of auto-responder messages. As well as replies that someone is out of the office users are getting a stream of accusatory messages from anti-virus gateway products accusing them of sending a virus. MyDoom spoofs the 'from' field in infectious emails, but AV products are still incapable of recognising this: hence the tide of confusing messages. These auto-spam messages are stripped of viral attachments but still contribute to the message load on organisations which are otherwise protected against the virus. We’re all MyDoomed MyDoom attempts to spread via email and by copying itself to any available shared directories used by Kazaa. Emails have variable subject and attachment names and originate from spoofed email addresses. Infected attachments have double extensions (e.g. .txt.pif or .htm.zip) in a ploy designed to disguise their hostile payload. MessageLabs reckons this ploy is a major reason behind the rapid spread of the worm, but there may be additional reasons to consider. Sneakily, MyDoom avoids sending itself to the email addresses of government departments or the military, in a possible move designed to avoid early detection. (See Symantec advisory here) The longer a virus can spread without AV vendors noticing it the better the chance it has of reaching critical mass and thereafter wreaking maximum mayhem. This is, as far as we are aware, the first time that virus writers have used this stealth-spreading approach, which further exposes the shortcomings of the scanner model in fighting rapidly spreading computer viruses. So what is to be done? MyDoom is programmed to packet SCO’s web site from infected machines starting February 1 and is programmed to stop spreading on February 12. Business users are advised to filter for Windows executables and zip files in their email. In the home, it's time to update AV signatures yet again. ® Related Stories SCO posts $250,000 worm bounty Latest Email worm has SCO-facing payload Sobig-F is dead Sobig-F blamed for massive increase in spam Sobig-F is fastest growing virus ever - official Auto-responders magnify Sobig problem Viruses and hackers make Windows more secure - Gates
John Leyden, 28 Jan 2004

O'Really unleashes Word Macro Viruses

Cash'n'CarrionCash'n'Carrion It's been a while, but our associates at O'Really are back with a bang this week with the release of their lovely Writing Word Macro Viruses shirt. Magnificently presented on a 100 per cent black cotton ground, the two-colour artwork is an absolute must for all those who dabble in the black arts. After all, it's good to be bad sometimes... The shirt is available in all sizes from medium to XXL at £12.76 (£14.99 inc VAT). While we're on the subject of O'Really, note that we will not be reprinting either the "User Obliteration" or "BOFH in a Nutshell" shirts once existing stocks are gone. Grab 'em now if you want one for your collection. ®
Cash'n'Carrion, 28 Jan 2004

Yahoo! shuts Scandinavian office

Europe in BriefEurope in Brief Web portal giant Yahoo! is shutting down its Scandinavian operation, Norway's Aftenposten reports. The company claims Scandinavian users, fluent in English, prefer the portal's US-based home page. There are about 5.4 million Yahoo! users in Scandinavia. However, 77 per cent prefer to use the American portal. The Scandinavian office in Copenhagen, Denmark was also losing money, at least DKK 21 million ($3.5 million) in 2002, according to Aftenposten. Figures for 2003 haven't been published yet. The office's 20 employees will be out of work from February 1. Germany: Acer and Fujitsu-Siemens top notebook vendors More than 2.5 million notebooks were sold last year in Germany, according to IDC, a notable 44 per cent increase. Acer and Fujitsu Siemens HP are strongly positioned with 380,000 and 332,000 units shipped respectively. Acer was still the sixth largest notebook vendor in Germany in 2002, now it is number one. Any losers? Afraid so. Toshiba experienced a strong decline in shipments. HP and Gericom did reasonably well with 240,000 and 214,000 shipments respectively, but Dell and IBM have seen better times. 2004 could change that, as IDC expects sales of over 3.6 million notebooks. Netherlands: improving mobile phone conditions An automatic controller developed by Lodewijk Smit of the University of Twente in the Netherlands can improve the reception of mobile phones. The connection can be optimised by frequently evaluating the quality and adapting the receiver of the mobile device. Modern phones will adapt to the service level required (speech, data or video), but not to the reception quality. Current methods send a lot of information over the mobile network, before quality level is determined. Smits method decreases this amount of overhead and also saves energy. The research is part of the CHAMELEON-project of the Centre of Telematics and Information Technology, which develops new architectures for energy-efficient architectures of mobile equipment. Germany: Soundlogo T-Mobile is the first network operator in Germany to provide a personal ringtone for mobile phones with SoundLogo. Callers hear a song selected by the person they are calling instead of the usual ringing tone. Around 100 SoundLogos from Universal Music’s most popular artists will available for the introduction of the service next month. T-Mobile introduced a similar service in the UK in December (called Caller Tunes) and in Asia. Demand is positive, T-Mobile says. The German service will be available to all T-Mobile customers on any phone model. There is a monthly charge of €0.99 to use SoundLogo and a one-time activation charge for each SoundLogo of €1.99. ®
Jan Libbenga, 28 Jan 2004

Woman's breasts swell online charity coffers

The West Country girl who got her top off for charity at VixPix - Tits out for Muliple Sclerosis in aid of Colchester-based Multiple Sclerosis Resource Centre has raised over a grand for this worthy cause. Her assets had swollen to a modest £70 when Tim Richardson wrote his original story earlier this month, but she has now reached a sweater-busting £1,092.50. More than 125,000 charitable souls have now visited the site and in honour of this tally the photo gallery features even more snaps of the sultry temptress in a range of provocative poses and towelling robes. Those who are easily offended should note that one image contains uncensored pussy-stroking and is not for the faint hearted. Indeed, we reckon the girl has plenty of front and deserves our readers' support - it certainly makes a change from self-obsessed college girls rattling the tin for cosmetic surgery. You can make a donation to the Multiple Sclerosis Resource Centre right here. ®
Lester Haines, 28 Jan 2004

US nukes: readers reach critical mass

LettersLetters Our chilling report earlier this week into safety at the US Energy Department's Pantex plant in Texas provoked a veritable inbox meltdown as some readers' ire reached critical mass. Adam Bridge writes: Although I'm sure it was fun to write, I was dismayed by the hyperbole invoked in your article "Homer Simpson let loose on US nuclear weapons facility". I'm trying to understand if you were just writing for laughs or if you were trying to actually be journalistic and couldn't pull it off. Maybe it was the "CHurnobylesque" reference that caught my eye - but the entire article seems disconnected with any real knowledge of things nuclear. In any case you have succeeded in living down to my expectations of any reportage about things nuclear. Incompetence and ignorance are still alive and an easy laugh is ever so much easier to get than facts and insight. True - it's just too tempting to play Weapons of Mass Destruction for laughs. Ben Rosengart further objects to our doomsday scenario which would see Texas razed to the ground: It is *extremely* difficult to set off a modern nuclear weapon by accident. The guts of these weapons are manufactured to precise specs and are very very picky. Modern nukes do contain high explosives, and if a chunk of that went off near a chunk of plutonium, I imagine you could have plutonium bits spread around in an unhealthful way. That's very different from the weapon going off as designed, which you seem to imply is possible. We're glad to hear it. Whether Pantex goes up in a mushroom cloud or not, would the casual visitor notice anything amiss? This correspondent - who has been granted the protection of anonymity for obvious reasons - thinks not: Most people would be hard pressed to tell the difference between Texas as it is and "Texas reduced to an irradiated wilderness for 10,000 years" without the aid of a Geiger Counter. It might even be an improvement. Before picking up hat and six-shooter and heading for Vulture Central, our Texan readers are reminded that it wasn't us who issued this outrageous libel. In any case, you should conserve ammunition for a possible war neighbouring Oklahoma, should the residents of that fine state take exception to this, from Andrew Mattei: I got a kick out of your Pantex article. I lived in Amarillo for a number of years, and a roommate ofmine worked at the facility (in the '50s' program - dismantling 1950s-era technology - scary stuff). You fail to mention, the escape routes for the Pantex facility, as well as the 'red zones', are printed on the local phone books (Pantex Emergency Information pages). ;) However, honestly, Amarillo doesn't have much to worry about. The gale force wind from the west that is pervasive in that area will blow any and all 'nuclear crap' over in to Oklahoma (where, myself being a Texan, it belongs anyway). ;) But what of the burning question of safety? Is the American nuclear industry really in the hands of Homer Simpson? Maybe not: we think he might already be working in Britain: Having previously worked in the British nuclear industry, I can safely say that bodging plute containers with gaffer tape, falling asleep on the job (of overseeing a nuclear reactor), dodging radioactive seagull sh*t and going out to sunbathe every time the sun shines (instead of overseeing a nuclear reactor, cf above) is all part of Standard Operating Procedure. Please don't publish this. :o) OK, we won't. Whatever Homer's current whereabouts, we can confirm that - incredibly - none other than Colonel Sanders is on the Pantex payroll. We kid you not, and as Chief of Security Police the Colonel is in charge of basically a civilian army, more military than law enforcement but with federal arrest authority. Lots of armored vehicle and belt-fed machineguns. Thanks to Colin Fenn for alerting us to this. The sobering truth about America's nuclear safety - that vulnerable facilities are protected by the man who invented chicken in a cardboard bucket - leads to us agree with reader Merlin who has the last word on the matter: Fortunately for India, the US doesn't outsource its nuclear weapons program. ®
Lester Haines, 28 Jan 2004

BT scores £40k win over The Number

Directory enquiries (DQ) outfit - The Number - is to cough up £40,000 in an out of court settlement after being accused of ripping off a BT ad last year. The BT ad - in the form of a "Public Notice" - told readers that the telco was changing its 192 DQ number to 118 500. The next day, The Number - which was busy plugging its new service ahead of the opening up of the DQ market in the summer - mimicked the ad by using the same design to plug its own service. BT got the hump because it maintained that The Number ripped off its ad. The dispute between the two companies was finally resolved last week without making it to court. As part of the settlement, The Number is paying BT £10,000 which the monster telco will donate to charity. Telephone counselling service, ChildLine, will get some of the cash, while the rest will be split between local charities. The Number is also coughing up £30,000 to cover BT's legal costs. A BT spokesman told The Register: "They took our creative approach and changed the wording to suit their message. "I think it was irresponsible and a dangerous precedent. It is indicative of how they operate. It shows the lengths they will go to get their message across," he said. William Ostrom, spokesman for The Number told The Register: "What a sad and lonely company BT must be. "We'd like to point out that BT's original advert was banned because BT had no right to issue a Public Notice about 192 deregulation. It even shamelessly only promoted their own service - it was impossibly biased, and they tried and failed to get away with a similar stunt with their phone books. "Legally, it was OFTEL's job to issue public notices to ensure fair representation. Of course, we broke the same rule by parodying BT to point up the injustice, and we both paid up the fines levied by the regulator. "It is typical of BT to then send in their legal 'Heavies' to squeeze a small company just 1 per cent of the size of BT for a bit of extra cash. "We tried to persuade them to donate the full £40,000 to charity, but they refused and kept £30,000 for themselves. Got your number!" he said. [The Number has since issued an "unreserved apology to BT" over an "incorrect" comment made in its statement. That apology can be found here.] Yesterday, The Number - famous for its ads featuring two moustachioed 1970s-style runners - received a ticking-off from the communications regulator for using the image of former British athlete David Bedford. Ofcom upheld a complaint from Mr Bedford ruling that the 118 118 Runners featured in The Number's TV ads "do caricature David Bedford by way of a comically exaggerated representation of him looking like he did in the 1970s, sporting a hairstyle and facial hair like his at the time, and wearing running kit almost identical to the running kit that was distinctively worn by him at the time, including red socks, sky-blue shorts with gold braiding and a vest with 2 hoops." ® Related Story 118 118 slapped for David Bedford 'caricature'
Tim Richardson, 28 Jan 2004

IBM slices 300 workers from Systems group

IBM this week sent 300 workers packing, making the cuts in the Systems group that accounts for server and storage products. Most of the staffers have been excised from IBM's San Jose, California operation. Both systems development and finance employees saw the majority of the cuts. The layoffs are surely a shock to the Systems group after it helped IBM to a rather strong fourth quarter. Following the earnings announcement earlier this month, IBM PR staffers rushed to promote the solid contributions of both the server and storage teams to IBM's bottom line. The Systems business, however, has been hovering near break-even for a long time. IBM has already said it plans to hire 15,000 workers over the next year in more lucrative areas such as software and services. But just as IBM brings 4,500 of these jobs to the US, it plans to send at least 3,000 jobs offshore. They come: they go. ®
Ashlee Vance, 28 Jan 2004

DVD Jon to sue prosecuter

Jon Lech Johansen is demanding compensation from the Norwegian white collar crime unit, following four years of legal hell during which he twice had to establish his innocence of copyright violations charges. Aftenposten reports that Johansen is seeking NOK 150,000 ($20,000) in compensation from his prosecutors. "What we will demand be covered is Johansen's economic losses, and court costs and what could be called compensation," said Johansen's lawyer Halvor Manshaus. Økokrim has yet to respond to this demand. The case stems from Johansen's involvement when only 15 years-old, in helping to develop and publish a DVD descrambling program, DeCSS, designed to make it possible for him to watch films he owned on his Linux PC. The Motion Picture Association of America (MPAA) concluded the tool could be used to facilitate piracy by defeating "security" safeguards on DVDs. It filed a complaint against Johansen with Norway's Economic Crime Unit, Økokrim. Økokrim in turn brought a prosecution against Johansen for obscure offences against Norwegian Criminal Code 145(2) which carry a sentence of up to two years in jail. This prosecution failed. Last month, a Norwegian appeals court upheld Johansen's earlier acquittal on all counts of alleged copyright violations, much to the irritation of the Motion Picture Association of America (MPAA). Økokrim has decided to finally drop the case. So Johansen, nicknamed 'DVD Jon', 20, is finally free of charges that have hung over his head since his early teens. ® Related Stories Norway throws in the towel in DVD Jon case DVD Jon wins again DVD Jon is free - official Lock up the copyright cartel - not Johansen
John Leyden, 28 Jan 2004

SanDisk ships 1GB SD card

Reg Kit WatchReg Kit Watch Memory cards SanDisk has begun punching out what it claims is the world's first 1GB SD card. The $500 card - we didn't say it was cheap - uses clever chip-stacking technology co-developed with Sharp to essentially squeeze two 512MB Flash memory chips into a standard 2.1mm-thick SD card, allowing it to be used in all existing SD-supporting devices, provided their software can cope with memory cards bigger than 512MB. Sharp describes the technique as its 3D-SiP (Three-Dimensional System in Package) process. Kingston has added 128MB and 512MB models to its Hi-Speed Elite Pro SD card family. The Hi-Speed brand arises from the card's support for 4-bit data transfers, yielding data throughput rates of up to 10Mbps - five times faster than the base specification of the SD card standard. How many SD-supporting devices operate at the higher speed is another matter. However, each card comes with a five-year warranty and free tech support. Available immediately, the two cards retail in the UK for £56 for the 128MB (SD/128-S) version and £87 for the 256MB (SD/256-S) card. Both prices exclude VAT. DVD Writer TDK has introduced its first internal 8x DVD writer, the DVW-A080412N. Capable of 8x write speeds with DVD-R and DVD+R media - which amounts to creating a 4.7GB DVD in eight minutes - it can write to DVD-RW and DVD+RW discs as 4x speed. CD media are even faster: 32x for CD-R and 16x for CD-RW. The drive ships with Nero Express 6 burning software and Nero's Vision Express 2 video editing suite, InCD 4, BackITup, Recode 2 and Showtime. Pricing was not disclosed. Wireless D-Link has begun shipping the Bluetooth equivalent of the Wi-Fi access point. The DBT-900AP allows up to seven BT-enabled devices position up to 200m away to share a broadband Internet connection, linked into the access point through a 10/100Mbps Ethernet port. D-Link is pitching the device at mobile phone and PDA users who regularly check their email, synchronise calendars or use network printers, but want to do so at higher speeds and more cheaply than cellular networks can offer. The DBT-900AP retails for £59 (excluding VAT). ®
Tony Smith, 28 Jan 2004

Brighton tops UK Jedi league

Long, long ago, in a news galaxy some considerable distance from reality, we reported on attempts to get Jedi recognised as an official religion in the UK census. After some concerns that anyone entering their religion as Jedi would be thrown down a very deep well, the government eventually - and certainly with a sigh of resignation - conceded that Jedi could express their faith on the census form. Well, we have just found out something moderately interesting about the UK distribution of Jedi: there are more Luke Skywalkers in Brighton than anywhere else. Of the 247817 people recorded in London-sur-Mer, 6,480 have the force, representing 2.6 per cent of the population. Shamefully, Easington (Durham) could muster just 152 knights, or 0.2 per cent of locals, and takes the Jedi wooden spoon in 376th place. The national total was a healthy 390,000, leaving no doubt that Blighty is well protected against Death Star attack for the foreseeable future. As for Brighton, we're sure that one of the 6,000-plus creative metropolitan types who claim to be a bit handy with a light sabre could turn his or her hand to writing a decent Star Wars movie script and sending it to good old George before he inflicts another Jar Jar Binks on an incredulous world. Jump to it. ® Bootnote Cheers to reader Brett Davis for reminding us of this silliness.
Lester Haines, 28 Jan 2004

Welsh dragon struck by rebranding madness

LogoWatchLogoWatch Anyone visiting Cardiff will note plenty of evidence of a vibrant Welsh economy. Blimey, they've even got Parisian-style pavement cafes serving double-decaf-latte-mocha-chocca at two quid a pop - a sure sign of fiscal buoyancy. An even more certain indicator of affluence is to have enough cash in the bank to hand a London Strategy Boutique £160,000 for a corporate facelift. That's exactly what the Welsh Development Agency did when they asked Glazer to have a shufti at their old dragon logo and come up with something which could replace all of the agency's disparate business support initiative logos. A plausible enough plan, you might say. Indeed, were it not for the fact that after much ado Glazer came back with a virtually identical logo: Far be it for El Reg to suggest that Glazer did not in fact spend thousands of hours brainstorming the brand frontage while waving laser pointers at flipcharts and shouting "synergy, yeah!" at inspirational vases stuffed with leeks, but there must be a suspicion that the WDA would have been better off giving the cleaner a tenner to redo the logo and spending the remaining £159,990 on something useful. Like a seminar entitled "160 grand for a change of font? You must be bloody joking!", for instance. Still, we're sure they know what they're doing. Apparently, the consolidated logo plan will save around £700,000 a year, which is not to be sniffed at. As for Glazer, it will doubtless continue to move forward in pushing back the envelope of the corporate paradigm. Sadly, its website does not contain a whalesong-driven expounding of the new WDA brand, although the guff accompanying the redesigned Mind logo has more than a hint of the aroma of joss-sticks about it. We look forward to reading Glazer's breathless analysis of the sensational WDA facelift in due course. ®
Lester Haines, 28 Jan 2004
server room

IBM muscles up Unix midrange

IBM has added a bit more muscle to a midrange mainstay in its Unix server line. The p655 server will now ship as an 8 processor box packed with 1.7GHz Power4+ processors. IBM previously only offered the p655 as an 8-way with 1.5GHz Power4+ chips. Overall, customers should see a 20 percent performance improvement with the new kit even though the price of the p655 will stay the same. IBM has also tweaked the memory capacity of the p655. With a new DC Power Converter Assembly, customers can install up to four 8GB or 16GB memory cards. This doubles overall capacity to 64GB. The p655 comes with most of the bells and whistles of IBM's high-end Unix kit. Customers can cluster up to 64 of the boxes together as part of the Cluster 1600 package. The system can also be chopped into four dynamic logical partitions (LPARs) with the latest version of AIX. IBM's Unix server business has been on a fairly good run over the last year. Big Blue has managed to edge closer to leaders HP and Sun Microsystems in overall market share. The performance of the Power4 processor is a big reason for this success. Expect some last performance upgrades with the Power4+-based systems as IBM prepares to release servers based on the Power5 processor in coming months. Customers looking for the revamped p655 will have to wait until February 6 to pick up the kit. ®
Ashlee Vance, 28 Jan 2004

Intel preps 540MHz XScale chip

Intel will offer faster XScale PDA processors in May, according to one contributor on a Brighthand forum who claims to have seen "hardware vendor roadmaps". The author of the posting reckons the PXA263 will be extended from 300MHz and 400MHz to 412MHz and 540MHz. Certainly Intel is expected to launch its next-generation XScale, codenamed 'Bulverde', sometime this year. The chip maker announced Bulverde last September at Intel Developer Forum. The next IDF kicks off in the middle of February, and it's very possible that the company will use the event to fulfil its promise of revealing more about Bulverde's features sometime during the first half of 2004. So far, Intel has said nothing about Bulverde's clock speeds. It has said the chip will feature a version of the Pentium family's MMX multimedia instructions, SpeedStep power-conservation technology, and integrated video capture and camera control circuitry. The May release timeframe is suggested to pre-empt the arrival of Windows Mobile 2004 for Pocket PCs in Q2 or Q3. We'd expect Microsoft to time the release of WM2004 to coincide with Bulverde rather than a speed bump to the existing PXA263 line, given that both offer new features. ®
Tony Smith, 28 Jan 2004
SGI logo hardware close-up

Sending jobs overseas could boost UK economy

Punting jobs overseas to countries such as India could "significantly boost" the UK's economic growth, according to a report out today. The Impact of Global Sourcing on the UK Economy 2003-10, commissioned by the National Association of Software and Service Companies (NASSCOM), an umbrella organisation for IT software and service organisations in India, estimates that by 2010 the UK could face a shortfall of 700,000 jobs as a result of an aging population and slow population growth. If the problem isn't addressed it reckons that economic growth in the UK could slow, leading to a loss of £113 billion. Outsourcing would not only bridge that gap, it would also help generate extra income. For the report claims that for every £100 of work outsourced offshore, up to £141 is re-invested directly back into the UK economy. This upbeat assessment of the benefits of exporting jobs comes even though the report acknowledges that more than 250,000 UK jobs would be lost as a result of offshoring But it argues that while the impact of offshoring on the UK workforce is "real" and "will lead to the displacement of workers", it insists that the UK labour market is flexible enough to deal with the problem. Sunil Mehta, NASSCOM VP, said: "Technology allows companies to work with suppliers from all parts of the globe in way that was not possible in the past. "Many companies from the UK and elsewhere are increasingly working with the Indian software and services industry to improve their performance in the global economy. "This report demonstrates clearly that global sourcing offers major benefits to the UK economy opens up new business opportunities." Of course, there are those who disagree and, in particular, the protection of UK jobs has become an issue picked up by unions keen to look after the interests of their members. For instance, the Communications Workers Union (CWU) continues to campaign against BT's plan to create 2,200 call centre jobs in India. While finance union, Unifi, is campaigning to stop HSBC, Lloyds TSB, and other finance companies sending work abroad. According to research compiled by the CWU, some 50,000 jobs have been lost overseas by a number of companies including Abbey, Barclays, BT and HSBC, among others. ® Related Stories In praise of outsourcing CWU steps up action over BT jobs-to-India Classic t-shirt from CashnCarrion My job went to India and all I got was this lousy t-shirt And here's how we make'em
Tim Richardson, 28 Jan 2004

IT giants criticised for running third world ‘sweatshops’

IT giants HP, IBM and Dell have been criticised for running third world factories blighted by "dire working conditions". Development agency Cafod says it has obtained proof that IIT workers in Mexico, Thailand and China suffer "harassment, discrimination and intolerable working conditions". Concerns about poor working conditions and low wages are well understood but Cafod's Clean Up Your Computer report shed light on other less reported but arguably more distasteful work practices, such as discriminatory recruitment procedures and routine humiliation of female workers in some factories. Complaints, union membership and even pregnancy in the workplaces are not tolerated. Meanwhile wages are pitifully low. One unpleasant anecdote Cafod uncovered comes from Monica - a worker in Guadalajara, Mexico. "Monica told Cafod about her recruitment by a contract manufacturer for an assembly line in a company making printers for Hewlett Packard," Cafod said. "Monica says she was forced to strip, including taking off her underwear, then touched in sensitive areas by medical examiners that said they were looking for tattoos. She was made to take a pregnancy test." But this isn't the only place with strange goings on. "Cafod saw interview lists used by recruitment agencies supplying workers for an IBM production line. Reasons for rejection included: 'Homosexual, more than two tattoos, father is a lawyer, has brought labour claims, worked for a union, pregnancy, does not agree with IBM policies.'" In Thailand, a worker making hard drives for Dell is paid the equivalent of £2.50 per day. Michael Dell, the CEO of Dell, earned £134,000 per day last year. The agency wants IT giants to adopt codes of conduct based on UN standards. Hewlett Packard, IBM, and Dell have seen the evidence compiled by Cafod, which has welcomed their initial responses. These responses have been included in Cafod's report, which can be found here. ®
John Leyden, 28 Jan 2004

MyDoom variant attacks Microsoft.com

A variant of the prolific MyDoom worm which is programmed to attack both Microsoft.com and SCO's Web site has been unleashed. Like its predecessor, MyDoom-B spreads via email or the KaZaA file-sharing network. The worm made its first appearance this afternoon and is, so far, less common than MyDoom-A, according to Alex Shipp, senior AV technologist at mail filtering firm MessageLabs. AV vendors are still analysing the malware. Denis Zenkin, of Russian AV outfit Kaspersky Labs, told El Reg that he is convinced the variant was released by the same person or group responsible for the original virus. Revamping a virus requires access to source code - which hasn't yet been published on virus-writing sites, according to Zenkin. Kaspersky also reckons MyDoom-B is probably using machines infected by the original virus to propagate, another factor which points to the same perpetrator being behind both attacks. AV vendors are in the process of updating protection to defend against the worm. For now probably the best advice is to treat unsolicited attachments with extreme scepticism. ® Related Stories SCO posts $250,000 worm bounty Latest Email worm has SCO-facing payload MyDoom is the worst virus ever Viruses and hackers make Windows more secure - Gates
John Leyden, 28 Jan 2004

DeWitt comes to terms with Cobalt's end

InterviewInterview You might think former Cobalt chief Stephen DeWitt would be seeing red after Sun Microsystems put his company out to pasture. Instead, the entrepreneur is seeing blue, or rather azul. Strange as it might seem, DeWitt harbors no resentment against Sun for killing off the popular Cobalt RaQ and Qube server appliances after a two-year, $2 billion flirtation with the kit. DeWitt drove Cobalt from a tiny start-up to a server design and management software pioneer in just a couple of years. But that's all in the past now with the executive moving on to another start-up - Azul Systems. "I don't want to look at it as a demise," DeWitt said, in an interview with The Register. "I want to look at it as an evolution. The market that Cobalt created, the vision it had is very safe and very much moving forward in the hands of a lot of other tech companies and in the hands of Sun. The name is gone but the vision lives on." We were taken aback, to say the least, by DeWitt's comments. Try as we did to have him badmouth Sun, DeWitt would not budge. The man who "lived and breathed" Cobalt and put in "150 per cent effort every day" to the company has no regrets. Cobalt can live on as a costly footnote in Sun's history, and that is just fine. But why should DeWitt be bitter? Sun purchased Cobalt for $2.1 billion at the height of the insane acquisition era. Back in the day, the deal looked okay as it gave Sun a fleet of edge servers, Linux software and even more presence in service providers' data centers. These days, however, many say Sun was caught up in the hype and the main man doing the hyping was DeWitt. "I hear all the comments like everybody else," DeWitt said. "I do believe we did a very good job in the interest of Cobalt shareholders. I believe the deal was fair." DeWitt's analysis of the deal's financial terms falls more or less in line with his view of why Cobalt's demise isn't all that painful - Sun has brought much of the technology in-house. Sun bought a first-hand look at what a truly elegant server should look like from packaging to nitty-gritty code. Sun has carried much of the Cobalt design to its blade and rack-mount products, making sleek purple kit. Sun's blade designs from a purely Apple-like aesthetic point of view are some of the best in the industry. In addition, Sun's Control Station 2.0 management software, available for blades and Xeon-based kit, is really the next-generation of the Cobalt Control Station code. Beyond product, Sun also brought in a large portion of the Cobalt staff. Peder Ulander, for example, came to Sun in the Cobalt deal and has become one of the leads behind Sun's Linux desktop efforts. "Sun has learned how to leverage open source," DeWitt said. "Sun got a tremendous amount of great people that know how to participate in the open source environment." Ultimately, however, these are just pleasant perks from an acquisition that could have been much more important to Sun's future. Near its peak in 2001, Cobalt had created a low-cost business model that could rival that of Dell in certain markets while providing customers with unmatched software. "We were right there with commodity pricing but with all that value-add on top," DeWitt said. From day one, DeWitt placed a high priority on creating a lean manufacturing process that would let customers receive customized gear at a quick clip. Folks in Round Rock will find this story familiar. "I remember challenging our operation teams to hit one day lead times internationally, and we got very close to that by the time we got to Sun," DeWitt said. In addition, Cobalt found a way to "take cost out" by turning to Linux, albeit on very unromantic terms. "Cobalt was not about Linux," DeWitt said. "Linux was an enabler - a means to an end. You had the ability to create a mail server that would never fail by getting to the kernel level but, at the same time, you could shield non-technical users from the horrors of facing binary issues, drivers and all the rest. It was all about sheltering end users from the complexity of how an application is delivered." Once inside Sun it was hard to keep up the fine-tuned manufacturing and the intense focus on the customer experience. The problems came from trying to link Sun's massive business model with a more focused, small system at Cobalt. Over time, Sun could not sustain the appliance business model. Like its rivals, Sun retreated back to the general purpose server except in narrow instances such as security appliances. DeWitt understands the big boys' decision to go this route but thinks it will ultimately be a mistake. The same entrepreneurial spirit that drove DeWitt from Sun after a brief stay now has the executive convinced that he can return some specialist focus to the server market. At present, DeWitt will hardly utter word one about Azul Systems. He will only say that more will be revealed later this year. "We will bring much of the same elegance and sophistication to the market that you saw in Cobalt in solutions that we build here at Azul," he said. We're not even 50 percent sure what that means but will bet that Azul, like many start-ups circling the server market, is prepping a hardware/software combination that makes application deployment and management a bit easier on the end user. The basic premise is easier hardware and software means less administrators and less data center pain. The server heavyweights are applying similar verbal gwana-gwana techniques in their marketing be it Sun's N1 vision or IBM's On Demand computing plans. But DeWitt thinks the big boys struggle to help out customers fast enough using their general purpose server approach. DeWitt went so far as to call this the "Next Big Era of Computing" in which start-ups will use their focus to give Sun, HP, Dell and IBM a real run for their money. Exactly how this will unfold is anybody's guess. Companies in stealth mode aren't all that forthcoming. But Cobalt fans may find some solace in the fact that whatever Azul comes up with is likely to look familiar, at least on the outside. Azul is the Spanish word for blue - DeWitt's color of choice - and the reason the exec is not seeing red over Cobalt's demise. ®
Ashlee Vance, 28 Jan 2004

Dean campaign Waves ‘Net guru’ Trippi goodbye

On Monday we described the position of Democrat Presidential Candidate Howard Dean's campaign manager Joe Trippi as "on the edge". Now he's gone. Earlier this week an old speech of Dean's resurfaced in which the Candidate advocated lock-down controls on personal computers, favoring a technology that would boost the stock of Trippi's consultant and former employer, Wave Systems. Trippi was prominent on bulletin boards as one of Wave Systems noisiest advocates. CNET's Declan McCullagh spun the story as one of Dean advocating Orwellian ID cards, but missed the rather more clear-cut conflict-of-interest charge: the campaign chief lining his own pockets by giving the Candidate bad advice. Trippi was credited with encouraging volunteers to use Internet tools to meet and raise funds. But it was Trippi's poor use of a more traditional medium - TV - that caused dissent in the ranks. The campaign manager had two consultancies of his own: a marketing consultancy called Catapult Strategies based in San Jose, CA and Alexandria, VA; and Trippi, McMahon & Squier, also in Alexandria, through which Trippi himself controlled Dean's considerable TV ad war chest. The poor quality of the TV advertisements has been a consistent complaint in recent weeks, as the former poll-leader plummeted after the Iowa and New Hampshire primaries. "What Trippi built with the Dean campaign was amazing. Unprecedented. But the results weren't there. And in this biz, there's no margin for error," wrote Markos Moulitsas Zuniga of Daily Kos, an online community that's been following the primaries closely. At least the Candidate doesn't have to answer conflict-of-interest charges surrounding his campaign - and he might be getting better technical advice. Trippi is replaced by the chief of Al Gore's senatorial staff, and transition team of 2000, Roy Neel. ® Related Stories Who told Dean to scream for lock-down, TCPA computing? Techno utopians' Net Candidate falters
Andrew Orlowski, 28 Jan 2004