16th > February > 2004 Archive

O2 opens text services to the US

Mobile operator O2 is to extend its international text messaging offering from the end of this month. O2's UK and Ireland customers will be able to exchange text messages with mobile users in North America and send messages to users in Japan and subscribers of Telecom New Zealand, following the launch of the service. SMS messages will be charged at standard O2 international rates of €0.25. This is the same charge as for a similar, but more limited, Vodafone service launched in December 2003. The expansion of the international text messaging facility is the result of an agreement with US inter-carrier mobile messaging vendor InphoMatch. Vodafone Ireland also uses the Chantilly, Virginia-based company to convert SMS messages into the CDMA wireless protocol, which dominates the US market as well as some Asian markets. Until recently, international interoperability existed only between GSM mobile networks, covering about 17 per cent of all US mobile users. The enhanced service opens up a potential market of more than 150 million people to O2 and will be available to both post and pre-pay O2 customers. The US has a comparatively weak SMS market, due to a slow SMS technology uptake and the low cost of both fixed line and mobile voice calls. Operators bundle thousands of "free" minutes with subscription plans and as a result SMS has not taken off as the mass communication method used by thousands of Irish mobile users. © ENN
ElectricNews.net, 16 Feb 2004

AOL UK launches new ISP as Dixons distie deal kicks in

AOL UK has unveiled a new pay-as-you-go ISP as part of its new distie deal with Dixons. The ISP, called Netbreeze, is described as an "Internet taster"’ service offering metered Net access at local call rates with no monthly charges. It's aimed at people who don't want to commit to a subscription service and for those who reckon you just can't have too many subscription-free ISP accounts. Of course, this isn't the first time that AOL UK has offered a subscription-free service. In 1999, it launched the PAYG service Netscape Online, only to close it down three years later. At the time AOL UK said that the subscription-free model was no longer viable. Today's launch of Netbreeze coincides with AOL UK's new high-profile deal with high street electrical outfit Dixons. Once solely the territory of Freeserve, from today AOL UK's dial-up software will be available in 1,100 PC World, Dixons and Currys stores in the UK and pre-loaded onto PCs and laptops, replacing the spot usually reserved for Freeserve. A similar arrangement punting AOL UK's broadband services will come into force from February next year. Financial details surrounding the deal were not disclosed. When the deal was first made public, some sources claimed it would cost AOL anywhere between £10 million and £100 million for the privilege of flogging its ISP services in Dixons stores. ® Related Stories AOL and Dixons confirm ISP distie deal AOL UK shuts down Netscape Online
Tim Richardson, 16 Feb 2004

Police arrest Forces Reunited ‘hacker’

Police have questioned a Lancashire man suspected of hacking the Forces Reunited Web site. The unnamed 29 year-old from Chorley, Lancashire was arrested and questioned last week by Wiltshire Police probing a cyber attack against the military equivalent of the popular Friends Reunited. After questioning, the man was released on police bail pending further inquiries, reports. A number of computers were seized from the man’s address and will now undergo forensic examination. Wiltshire Police have issued a statement on the arrest here. Wiltshire-based Forces Reunited enables acting and former members of the Armed Forces to renew contact with their former colleagues through the Net. In a statement, Forces Reunited said it welcomed progress in the police investigation: "As the UK’s biggest Forces reunion site, with over 150,000 members, we take site security very seriously and are very pleased that our efforts to safeguard the site and our members are successful and prevented any serious damage being done." ® Related Stories Friends Reunited ditches sale, plans to go global Sex, Text, Revenge etc. - 'spot the double standard' SMS security risks highlighted by Friends Reunited hacking case Sex, Text, Revenge, Hacking and Friends Reunited External Links The famous Sex, text, revenge t-shirt from our very own Cash 'n Carrion
John Leyden, 16 Feb 2004

Lexmark printer ink ‘resists fading’

Lexmark Europe has unveiled several new printers and All-In-One (AIO) products for consumers and small office/home office (SOHO) professionals. At its annual conference in Lisbon last week the company also introduced a new ink technology that combines for the first time dye-based and pigmented inks. Lexmark claims that, when used on its own photo paper, the new ink resists fading from light, enabling consumers and professionals to better- preserve treasured photographs and keepsakes. The ink technology is available in the new X5250 printer, which boasts photo capabilities with six-colour and borderless printing. The X5250 can print up to 14 pages per minute (ppm) in colour and can generate up to 20 ppm in black. At the conference Lexmark also launched several new laser printers for the professional market, but the company believes laser printing will become less important in the future. Faster inkjet printers will take over the role of laser printers, as ink jets offer better resolution quality for photo printing, Glenn Hudson, general manager of Lexmark's network attachment product, told the conference. "What we need for inkjet are higher printing speeds and dyes that dry faster." Lexmark refers to its future printers as "liquid lasers". CEO Paul Curlander declined to confirm that Lexmark, still very much a one-product line company, is to expand into other areas; he contented himself with the following: "We are looking into everything that has a relationship with printing". Curlander isn't planning to invest a great deal in OEM strategy, he said. The company claims a "satisfactory" OEM relationship with Dell, where Lexmark printers are sold as Dell products; but Curlander is unsure what will happen, now that Dell is making similar arrangements with other printer manufacturers. "This is just a small part of our business, promoting Lexmark as a brand is much more important. We used to partner with Compaq, but lost that business when it merged with HP", he said. ®
Jan Libbenga, 16 Feb 2004

Women out-shop men online

Women are spending more than men on the Internet for the first time. Although women are responsible for more retail spending than men online shopping has always been a male preserve. But according to research from Verdict women spent an average of £495 online last year – up 71 per cent on 2002. The average UK man spent £470. The total UK etail market grew 36 per cent last year to £4.9bn, an increase of 36 per cent. Online shopping now represents 1.9 per cent of the total retail market. Men still account for more than half of Internet shoppers, but Verdict expects that to change this year. The fastest growing sector is the over-55s, with spending jumping 129 per cent to £747m. The over-55s are also the biggest spenders – splashing an average of £527 a year. Verdict believes there are too many online retailers with too little to differentiate them. The research company predicts this fragmented market will shrink. For more information or to buy the report click here. ®
John Oates, 16 Feb 2004

Anti-virus industry: white knight or black hat?

OpinionOpinion One has to wonder whether the anti-virus industry sleeps well at night. On one hand, it purports to serve the world by defending our computers and networks from any number of electronic critters and malicious code. On the other hand, sometimes its "cure" is worse than the problem its products allegedly treat. Add to that the decades-old concerns over business, market share and publicity, and you have all the ingredients for industry, product and service confusion. This situation regularly benefits the anti-virus software industry at the expense of its customers. Let's start with malicious code outbreaks in general. Unlike hurricanes and tsunamis, there is no standard way of naming malicious code. Gone are the days when simple names like "Jerusalem", "Michaelangelo" and "Stoned" were accepted and used by all anti-virus vendors. So, we might have the same threat labelled "Worm_Minmail.R", "W32.Novarg", "MyDoom.A@m" or "W32/MyDoom" by competing companies. What we need is a return to industry-wide nomenclature for malicious code; used by all vendors and facilitating the reporting, analysis, and resolution of such outbreaks. Marketing and mindshare Then there's the matter of marketing and mindshare. First and foremost, anti-virus vendors are in business to make money. Naturally, it behooves them to seek as much free publicity as they can. Thus, with each new outbreak we see vendors stumbling all over themselves to be the first to detect and defend against the latest malicious code - a likely explanation as to why there's no longer a standard nomenclature. From press releases to media interviews, anti-virus industry executives race to establish their companies and products as the most vigilant and capable on the market. This frenetic activity is often eyebrow-raising when backed by questionable, if not fabricated, statistics and predicted damage assessments - invariably backed by a company pitch espousing the cost-effective security that only their products provide. As a result of such marketing strategies - combined with customer ignorance and easily-exploitable OSes and servers - it's rare to find a wired organization without anti-virus software protection. These sensors are on constant prowl for the latest malicious code attack and are intended to defend their host network from future outbreaks based on existing attack signatures. In other words, these products only defend what they know how to defend; and if a network administrator doesn't keep his anti-virus software current (sometimes on a daily basis), it's quite easy for the "next best" attack to create havoc. Then the game begins afresh. Costs mount for customers and profits rise for anti-virus software vendors, much to their satisfaction. You've got mail In the case of e-mail-borne outbreaks, when these sensors detect a piece of malicious code, they generate an error message back to whomever the server *thinks* sent the message. This obviously ignores the fact that the majority of such alleged users had absolutely nothing to do with the outbreak or that their e-mail address was harvested (or spoofed) from someone else's inbox. Accordingly, thousands of Internet users receive automatically-generated virus alert messages blaming them for something they likely didn't do - a situation made worse when receiving different alerts from different products that use a different name for the same attack. Not only is there no standard nomenclature for "virus detected" messages from anti-virus servers but such messages themselves often function as surrogate attack mechanisms. Sometimes this message is a clear warning in plain text, and other times it's full of cryptic jargon. Incredibly, some products even return a warning message with the malicious code still attached, meaning a greater chance of propagating the outbreak it's trying to mitigate. Security consultant Brian Martin provides a fantastic discussion of this issue at Attrition.Org. Handling the sheer volume of such server-generated virus detected messages can be a daunting task. Early in the recent Novarg incident, I received 319 such messages during a twenty-four hour period, including many that were still infected with the worm. Now imagine a user on a pokey dial-up line or a CIO supporting an enterprise with thousands of users on high-speed networks and with systems that never sleep. Of course, users may be tempted to filter all server error messages, but that's not a reliable solution because doing so would also block legitimate mail server error messages. Ergo, we're stuck with a large number of diverse-yet-related server error messages that clog bandwidth and require a dedicated amount of time to develop and test custom filters while allowing other legitimate error messages to pass. Denial of service How many such virus-detected messages must be received before a malicious code event becomes a denial of service attack? How about when anti-virus software sends a virus detected message containing the detected malicious code, and spreads the outbreak, to a third party? At which point does the anti-virus software become more of a problem for the Internet than the original outbreak? Should anti-virus servers also exhibit responsibility to the Internet community at large by not propagating detected malicious code elsewhere? Even if we're not directly attacked, the collateral damage from a malicious code outbreak costs us time and money to remedy. Anti-virus vendors take note. If anti-virus products were built with customers in mind, all would generate a similar message that could be filtered by customer system administrators to help reduce the amount of "noise" and collateral damage experienced during a malicious code outbreak. Martin discusses fifteen different "virus detected" messages that he encountered during the Novarg incident. Had there been a standard message, users and system administrators would have had a far easier time addressing the outbreak itself instead of also dealing with a sizeable volume of hard-to-filter e-mail detritus. If anyone wants to help draft a RFC on this, please contact me: we can help bring order to this vendor-instituted chaos. As it is, a few power users have written Unix-based procmail rules to remedy this, but it's not an easy solution for the average user. Security Advisory Finally, there's the ethics of the anti-virus industry. Martin shows several vendors blatantly advertising their products in their server-generated virus detected messages, as well as using malicious code outbreaks to hawk their overall product lines through unsolicited e-mails (e.g. spam) bearing a subject line of "Security Advisory" and the name of the latest outbreak. Is this advisory really for the benefit of the internet community or the anti-virus product vendor? The Novarg incident clearly underscores the need for reform in the anti-virus industry. A few industry-wide reforms, such as those discussed above, will go a long way toward making the anti-virus industry both more reputable and useful to its customers while truly improving security on the Internet. These changes are not difficult to implement and can be done on the cheap. Unfortunately, without such changes, the anti-virus industry will continue contributing significantly to internet security problems - instead of helping reduce them. © 2004 by Author. All Rights Reserved. Permission granted to redistribute this article in its entirety with credit to author. Richard Forno is a Washington, DC-based security consultant and author of "Weapons of Mass Delusion". His home in cyberspace is at http://www.infowarrior.org.
Richard Forno, 16 Feb 2004

EC to crunch Wanadoo's numbers

The European Commission is to keep a close eye on Wanadoo's accounts until the end of 2006, following allegations of predatory pricing against the French ISP. According to the FT, the Commission has ordered Wanadoo to hand over accounts for surveillance in order to prevent any further abuse of its dominant position. The newspaper states it has seen an unpublished report by the Commission which reveals that the ISP was engaged in anti-competitive trading. Last July, the EC slapped a €10.35 million fine on Wanadoo for predatory pricing on consumer ADSL services in France. An investigation found that the France Telecom-owned ISP deliberately set prices on broadband products at lower than cost. This restricted the opportunities of rivals to enter the market and constituted an abuse of a dominant market position, the Commission ruled. The matter is the subject of an appeal by Wanadoo. A spokeswoman for France Telecom declined to comment on the report, except to say: "Wanadoo appealed against this decision in October 2003. We have nothing more to say than what was written in our press release from July 16, 2003, that we published after the decision." In that statement the ISP said: "Wanadoo deeply regrets the decision announced today by the European Commission, based on what Wanadoo believes is a flawed economic analysis. It constitutes a bad signal for all businesses wishing to participate, invest and take risks in developing broadband Internet." In December last year, AOL France complained to French competition authorities over allegations that Wanadoo was engaged in predatory pricing. AOL France boss Stephane Treppoz said that Wanadoo was flogging broadband at a price lower than the wholesale cost of the service. ® Related Stories AOL France to challenge Wanadoo over 'predatory pricing' EC fines Wanadoo €10m for predatory pricing
Tim Richardson, 16 Feb 2004
cable

UK firms flop in the data back-up department

Data back-up procedures amongst UK companies leave a lot to be desired, according to early results from a government-backed study out today. A survey of 1,000 companies of all sizes - conducted as part of the Department of Trade and Industry's 2004 Information Security Breaches Survey - found that two-thirds of large businesses suffered an incident where they had to restore significant data from back-up during the last year. Roughly half of the businesses that had a systems failure or physical theft suffered major disruption, a factor which has led 95 per cent of firms to establish some form of back-up. Unfortunately, these back-up procedures are often far from complete, the study concludes. Only a third of businesses store their back-ups off-site, and less than 20 per cent back-up their desktops. Even more worryingly, only eight per cent of companies have tested their disaster-recovery plans to see if they would work in practice. This might lead to a false sense of security, according to the PricewaterhouseCoopers-led consortium of companies which carried out the study. Chris Potter of PwC said that IT staff often lack awareness of which data is business critical and therefore don’t understand what they need to back up: "There’s a disconnect between the boardroom and the IT function which is potentially dangerous. Despite 9/11, the vast majority of UK businesses are living on a prayer when it comes to disaster recovery." Another company involved in the study is online data back-up and recovery specialist Atttix5. Attix5 Chief executive Roelou Barry commented: "The research reveals a worrying trend. Most businesses only back-up their servers, yet critical business information is often distributed across the entire extended enterprise - from servers and desktops to laptops and mobile computing devices.” The full findings of the DTI 2004 Survey will be launched at the InfoSecurity Europe conference in London in April. ® Related stories Hi-tech crime threatens UK plc - survey UK plc reamed online UK plc leaves door open to hackers - report External Links DTI Information Security Breaches Survey home page. Contains background on previous studies, which have consistently advised UK companies to spend more on security. There’s probably a lot of truth in that, but it’s worth bearing in mind the heavy involvement of IT suppliers and consultants in the group conducting the study.
John Leyden, 16 Feb 2004

Belgian police arrest female virus writer

A 19 year-old female technology student suspected of being the infamous virus writer Gigabyte was arrested by Belgian police last weekend. The woman was charged with computer data sabotage offences, Belgian daily La Libre Belgique reports. Her alleged crimes are punishable by up to three years in prison and fines of up to €100,000. Police confiscated five of the teenager's computers and shut down her Web site. The 19 year-old, from Mechelen (30 kilometres north of Brussels), was released on bail pending further police inquiries. "She was preparing to publish new viruses on this site," Belgian Police Inspector Olivier Bogaert told La Libre Belgique. Through her gender and youth, Gigabyte stands out among the virus writing underground. She is credited with writing the first virus to use Microsoft's C# language. She was also well known for frquent run-ins with ubiquitous AV spokesman Graham Cluley over his sociological analysis of virus writers. In anti-virus circles, Cluley is well-known for describing virus writers (VXers) in less than flattering terms, once memorably saying they only wrote malicious code because they were spotty teenage nerds who couldn't pull. Gigabyte took exception to remarks like this, even going as far as writing viral code that mocked Cluley. According to TechTV, Gigabyte began programming aged only six years-old. Gigabyte reportedly began writing computer worms aged just 14 but has always maintained she only did this for "research purposes" and that she never released viruses herself. ®
John Leyden, 16 Feb 2004

Elpida launches 1GB DDR 2 notebook DIMM

Intel Developer ForumIntel Developer Forum Elpida has begun shipping its first 1GB DDR 2 notebook memory module, it said today. It also pointed out that it has begun sampling 256Mb DDR 2 chips. The 200-pin SO-DIMM is based on 16 512Mb DDR 2 chips and is clocked at 533MHz. It's likely to be a while before they're needed - Intel's first DDR 2-based mobile chipset, 'Alviso', isn't due to ship until the second half of the year. Alviso is a core component of Intel's second-generation Centrino platform, codenamed 'Sonoma'. The 256Mb part is, like those used in the SO-DIMM, fabbed at 110nm, and clocked at 533MHz. They all offer 1.8V operation, which yields a 50 per cent power saving over the previous generation DDR, Elpida said. Hence, the company's keenness to promote mobile products. It's not alone - Micron has been sampling DDR 2 SO-DIMMs for some time now. Adding the 256Mb chip fills out Elpida's DDR 2 product line, which already includes 512Mb and 1Gb devices. The 1GB SO-DIMM joins unbuffered 512MB and 1GB DIMMs, along with 512MB, 1GB and 2GB registered DIMMs for servers. ®
Tony Smith, 16 Feb 2004

Brussels to rule on Oracle-Peoplesoft deal by May 11

The European Commission will decide before 11 May whether the proposed takeover of Peoplesoft by Oracle breaks its competition laws. The EC is concerned that a merger will leave only two companies, Oracle and SAP, in finance and human resources software. An investigation was announced in November 2002 and was due to report by the end of March. That date was put on hold while the comissioners collected more information from the companies concerned. The takeover, still bitterly opposed by the Peoplesoft board of directors, must still pass US regulators. According to reports on Yahoo Peoplesoft is expecting to hear from US authorities by 2 March. In February Oracle increased its offer for Peoplesoft by $2bn to $9.4bn but PeopleSoft directors still refused the deal. More unwelcome pressure on PeopleSoft came from its outspoken user group Quest. Quest has invited Oracle co-president Charles Phillips to talk to members about the proposed merger. ® Related stories 'It was all Craig Conway's idea, anyway' -Oracle Peoplesoft spurns Oracle's final final offer Oracle hikes Peoplesoft bid to $9.4bn
John Oates, 16 Feb 2004

Vodafone goes 3G for data only

Come March, you will be able to get wireless data at nearly 400K per second over a 3G link in the UK and Europe, courtesy of Vodafone. Come April, there will be a phone service. But there will not be any Vodafone 3G phones until October. The problem facing the Vodafone network in Germany, Italy, the Netherlands, Portugal, Spain, Sweden and the UK over the next four weeks is simple enough: there aren't any decent 3G handsets. It's the same problem that has bedevilled Hutchison Whampoa's "3" service in Italy and the UK; few of the available phones are things many people would like to have to carry. Vodafone staff, of course, couldn't be provoked into making any comments along those lines after the announcement, but they did go so far as to say that it certainly wasn't simply a question of pricing for voice calls. However, it's hard to see why anybody would pay specifically for a 3G phone when Hutchison has bombed voice call pricing to the ground. And it's easy to see why business PC users would pay a reasonable premium to get mobile data at a reasonable - near broadband - speed of "up to 384 kilobits" per second. What speed is that, in reality? We'll have to wait to be sure. But you could be forgiven for confusion. As you will probably know, most ordinary GSM-based data services use GPRS, which is widely described as "running at 56 kilobits per second" or even "providing over 100 kilobits per second of data" - and both are, in theory, possible. In reality, however, you will frequently find that GPRS data runs at under 20K except for very small file transfers. Vodafone's description of its 3G data as being "up to ten times the speed of GPRS" gives a useful clue. It means that they know as well as the rest of us users what GPRS really provides, which is anything up to 38K, and frequently less. The new data card (see picture) is most probably another Option-built device, like the GPRS-only card; this one, however, does both GPRS and 3G data. Phones? They will probably not ship until October, is our guess. And the SIM card that comes with the data handset may well not be voice enabled, but we'll have more data on that shortly. Coverage? "3G coverage is currently offered in most Vodafone markets in major cities and an increasing number of transport routes. When outside of 3G network coverage, the Vodafone Mobile Connect 3G/GPRS data card automatically switches to Vodafone's GPRS network, which offers full coverage, meaning Vodafone customers will have continuous access to their normal office applications," says the press release. And 3G coverage "will be expanded continually by Vodafone over the next few years". Chief Marketing Officer Peter Bamford didn't discuss data charges. Instead, he merely said: "The announcement of the launch of our 3G services is a major milestone in Vodafone's 3G journey." He went on with customary marketing enthusiasm: "With significantly faster data rates and greater capacity, customers will really start to see and experience the huge benefits of 3G, by being able to do more, faster." It will be over to the sales department to deal with nitty-gritty details like pricing per megabyte. © 2004 NewsWireless.Net Related Products Find for your next phone in The Reg mobile store
Guy Kewney, 16 Feb 2004
cable

Govt mulls compulsory online form filling

Online transactions with the government will be made compulsory for the e-capable, and the police and NHS will be given palm-top computers if radical proposals in a government document are implemented. In a confidential report leaked to the Financial Times newspaper, Sir Peter Gershon identifies £15 billion of wasted public money that should be redirected to services such as education, the police and the NHS. The money will come from greater efficiencies in local government, and better use of technology. The promised benefits of eGovernment have yet to appear, despite massive investment, according to Gershon. Although there is a central government ‘gateway’, individual departments have separate e-initiatives, with little data sharing or co-ordinated development, he notes. Getting more people to interact with the government online is just one way Sir Peter would like to save money. The shake-up could mean the loss of up to 80,000 jobs, which officials at the Public and Commercial Services Union say is unacceptable. There are some startling numbers: Only 30 per cent of payments to government are by direct debit; 95 per cent of the 1.2 billion forms processed every year are received by post, and up to 60 per cent of inquiries to call centres are basic account status queries that could be fully automated. Bad news, too, for Consignia as an annual post bill of £1 billion is flagged for review. For those on the wrong side of the digital divide, more work should be shifted to call and contact centres, with as much as possible being handled by automated systems. The report draws on meetings with senior government officials, including the Prime Minister, the chancellor, and the deputy prime minister. Sir Peter also met with staff at the National Audit Office, the CBI and large IT companies, including IBM and HP. The leaking of the report rather upstages the Shadow Chancellor, Oliver Letwin. He was set to propose changes to the civil service that would lead to savings of £35 billion by 2011.®
Lucy Sherriff, 16 Feb 2004

Broadband returns to Leominster

Leominster in Herefordshire is once again hooked up to broadband after being cut off before Christmas when local operator Independent Networks went titsup. Independent Networks had been funded by regional development agency Advantage West Midlands to provide unbundled DSL by installing its own kit in cabinets next to the local telephone exchange. This approach was taken after BT said there was insufficient demand in Leominster for the monster telco to make the necessary investment. Now though, after two months without broadband, Leominster is back online again after drumming up enough support to convince BT to upgrade the exchange. Local M Bill Wiggin, welcomed the move. He said: "I am pleased that BT have acted so swiftly and would like to thank them for their hard work in getting it up-and-running again. “I have no doubt that my constituents will be thrilled at the prospect of having broadband fully and permanently set up. I have maintained throughout my campaign to secure broadband in Leominster that access to such a service is vital for rural businesses.” According to those in the know, there was genuine excitement last autumn when local people found out that Leominster had been earmarked for the broadband pilot. But their joy turned to disappointment when the firm providing the service went into receivership just before Christmas - and they lost the link. Now they've got it back again they don't want to lose it again. One insider told us: "It's one thing not to have broadband at all, but to have it and then lose it is just too much to bear." ® Related Story Rural broadband outfit goes bust
Tim Richardson, 16 Feb 2004

MS kills Mythica MMORPG

Microsoft Game Studios last week cancelled MMORPG Mythica, "based on a careful evaluation of the competitive MMORPG landscape". An MGS spokesperson said that the publisher had two multiplayer titles in development - Mythica and another, as-yet unannounced project - and didn't want the bother of eventually maintaining two in an already crowded marketplace. Announced just prior to E3 2003, Mythica was conceived as a new breed of MMORPG in which players take on the role of immortals in the mythological world of Norse gods, embarking upon epic quests to earn their place among the stars. Beneath the spin it was a game that tried to shed the chat room baggage and inane levelling cycle of more traditional MMORPGs. Part of this strategy involved "Private Realms" - individual, automatically-generated quests that could be played alone or in groups. These featured fully-destructible environments, individually tailored storylines, and so forth. The game also drew heavily on Norse mythology - you could even earn special abilities by praying to particular gods. Although Microsoft retains the technology developed by the Mythica team and may reuse it, the publisher last week said it had no plans to rework it into a single-player title. Speaking on the game's website, MGS studio manager Adam Waalkes tried to explain the cancellation: "While the game looked ready to deliver advancements to the genre, after careful evaluation of the MMORPG landscape, MGS has decided to streamline its portfolio, making fewer investments in this genre. After a rigorous review of current and future projects, the decision was made that Mythica would not be one of the projects we would continue to invest in." It hasn't all been bottomless beer cans, polished spiky helmets and flowing compliments, though. Regular readers may recall that Dark Age of Camelot developer Mythic Entertainment was in the process of suing Microsoft for infringing its trademark and engaging in unfair competition. Mythic alleged in a Virginia District Court last December that Mythica was too close in name to the rival MMORPG developer, and draws on the same Norse mythology that inspired DAOC - along with Celtic lore and Arthurian legends. At the time, Mythic CEO Mark Jacobs likened the tussle to Microsoft's complaints about the Lindows operating system. It looks like he won't have to worry now, although the 40 staff impacted by Mythica's cancellation may not be so lucky - MS will try to re-home them on other projects, but a number of jobs may now be lost. Copyright © 2004, GamesIndustry.biz
gamesindustry.biz, 16 Feb 2004

XandrosOS: User-friendly to a fault

Reg ReviewReg Review XandrosOS is a good-looking, Debian-based Linux distro designed to lure Windows XP users. It's exceptionally easy to install and use, has good hardware and peripheral detection and good multimedia support, offers Windows networking compatibility, saves one money -- and the desktop, a tweaked version of KDE, even looks like XP to boot. The documentation is good and covers all the main points of system configuration and administration in adequate detail. Xandros wisely includes Crossover Office, an emulator enabling one to install and use Microsoft Office on Linux. This is good for Excel and Word, but the idea of using MS Outlook, even on Linux, concerns me from a security point of view. It would be wise for Xandros to include Ximian Evolution, which is safer than Outlook, looks like it, and works just as well, and encourage users to chuck Outlook in favor of it. People can use Excel and Word happily with Crossover Office, but Outlook, and (heaven forbid) Internet Explorer don't belong on any computer. The default browser and e-mail client are Mozilla and Mozilla Mail, an excellent choice. Mozilla is free and open-source, and gives the user good control over script execution, images and popups, and data traces -- far above the mediocre baselines established by Internet Explorer and Outlook Express. The Xandros file browser is a heavily-tweaked version of Konqueror. It's been designed to look like Windows Explorer and has contracted Microsoft's terminal case of My-itis: My Linux, My Documents, My Home, etc. But this is reasonable; the whole idea here is a Linux box that will seem familiar to Windows users. Just like old times. However, navigating from the shell can be a problem since a number of directories have been re-named to conform with Redmond's august conventions. Still, Krusader is a good file manager / Web browser / sort-of FTP client, and Xandros' version can easily be configured for a bit less Redmond emulation and a bit more serious business. The package manager, called Xandros Networks, is good, allowing for both DEB and RPM installations. It will automatically check dependencies when packages are installed, though silently. It can also automatically fetch package updates from the Xandros server. Xandros succeeds in ease of installation and ease of use. A Linux novice can get it up and running without bother. Indeed, the press release for reviewers urges one not to compare it with Linux, but with Windows XP. But there's actually a bit of unintended irony in that: Xandros does compare favorably with Windows XP; it's only in comparison to a solid Linux distro that it falls on its face. There are a number of problems, most of which are related to its eagerness to be just like Windows XP. It succeeds there as well, only to a fault. The GUI administration interface is nothing more than KDE's Control Center, which is hardly adequate. This means that when one wants to do any serious tweaking, one will be using the shell and editing configuration files manually, which is exactly what you don't want novices to have to do. There is a services management dialog in the Control Center, but it only lists a few services, and it only offers "Automatic" and "Manual" options for them to be started. To minimize the system, either for performance or security, it's necessary to uninstall an unnecessary service using the Xandros Networks package manager, or manually edit the boot scripts in /etc/init.d, which, again, is too much to ask of a novice. Some of the best KDE packages are missing: Krusader, KMplayer, Kpackage, Ksnuffle, KBear, KGet, and KGpg to mention a few. KMail is available, but not installed by default. Ditto for the Gimp and GCC. The distro also lacks such useful packages as Ethereal, Webmin, GnuPG, Whois, Xchat, Licq, Gaim, and Bastille. There is a packet filter front-end called Firestarter, but it is not installed by default, and when it is installed, it's not integrated with the start menu, making it necessary for the user to search for the binary and launch it. It's also rather complicated for a novice to use, with numerous options, and lacks the hardening features of Bastille, which is both simpler and better. There's a serious lack of attention to encryption and data hygiene. It's very easy to integrate GnuPG with KMail; unfortunately, GnuPG and KGpg are not included. It's also easy to integrate GnuPG with Mozilla Mail using a recent feature called Enigmail, though the Mozilla version (1.4) packaged with Xandros lacks it. The Shred utility is included, but it's not integrated with the file browser. The right-click menu and menu bar offer only to delete a file, not remove it securely. Shred must be run from the shell, which, again, is a bit much for novices. But the real security problem in Xandros is precisely the Windows affliction: too many networking services are enabled by default. This is done to make everything easy for the user; but 'easy' and 'simple' are two very different things. Just as Microsoft enables all sorts of superfluous networking whistles and bells that don't belong on an Internet-connected box, so does Xandros. A quick check with Netstat, immediately following a default installation, reveals a problem familiar to all Windows users: Here we've got SLP (Service Location Protocol), IPP (Internet Printing Protocol), SunRPC (portmap) and NetBIOS active. As we saw in the services interface, NFS (Network File System), and Samba (SMB) are enabled by default. These are all handy items, but risky on the Internet. They should all be disabled by default and enabled only as needed. Thus Xandros is like Windows XP in the worst way possible: it makes dangerous "features" available to everyone whether they need them or not, so that using them will be easy, while neglecting to consider the routes to exploitation that they open. And like Windows XP, Xandros doesn't enable packet filtering by default. The user can uninstall Samba, SLP, SunRPC (portmap) and other horrors like Telnet with the Xandros Networks package manager, assuming they know enough to do so. To eliminate IPP, one must navigate to /etc/cups/cupsd.conf and edit the file manually, which is more hackery than I would expect a Linux novice to be capable of. Like Microsoft, Xandros has placed far too much emphasis on features and ease of use, trying to be all things to all people, and far too little emphasis on security. An experienced Linux user can harden it and simplify it nicely, and find and install the additional packages he needs; but the novice will have little hope of doing so. You need to be a power user to make Windows reasonably secure. The same is true of Xandros, although, among Linux distros, it is a rare exception in that regard. I would not recommend it; it's far too inflexible for power users, and a bit too dangerous for novices. The boxed deluxe edition, which I tested, costs $90, a reasonable price only because Crossover Office is included. For the same price one can get an immensely more servicable 'Pro' distro from Mandrake or SuSE, though Crossover will be extra. ®
Thomas C Greene, 16 Feb 2004

Vobis waves goodbye to HQ

Vobis, the German PC retail chain, is to close its headquarters in Aachen this summer, the company announced today. More than 180 people will lose their jobs. It is also to close 20 of its 150 German retail stores. Last week the company shuttered nine stores. The German retail chain is losing money and needs to cut costs. By closing its headquarters, it can shift some administrative activities to cheaper locations. Marketing will be co-ordinated from Brunswick and other functions will move to Potsdam. The German PC business is under great pressure as prices drop and competition from chains such as MediaMarkt and Saturn heats up. Despite the drastic measures, Vobis still has many franchise retail stores and shop-in-shop partners. Altogether, there are more than 300 Vobis outlets. Vobis was formed 29 years ago in Aachen as Vero GmbH and grew to be Europe's biggest PC retailer by the mid-1990s. In 1997, Vobis boasted 776 stores in eleven countries. Shortly afterwards the firm collapsed and was broken up and sold on. Last year the company had 1,100 employees and a turnover of €450 million. Today, most of the company is owned by Divaco. ®
Jan Libbenga, 16 Feb 2004

HP is flavour of the month

HP has come top of Context's channel survey for January. 44 per cent of resellers said HP was their favourite vendor, up from 33 per cent a year ago. The survey asked resellers across Europe their opinion of the major vendors small business programmes. Context credits HP small business initiatives for its high position. Microsoft came second with 26 per cent and IBM third with 13 per cent - up from eight per cent a year ago. Overall, resellers are less aware of the vendors' small business programmes. Context talked to 500 people in the second week of January. ® Related stories ®Sun says HP customers are 'ripe' for change href="http://www.theregister.co.uk/content/51/35099.html">®AMD makes 'substantial' Euro PC share gain
John Oates, 16 Feb 2004

Geordies text from underground

Mobile network O2 is offering subscribers in Newcastle the chance to send text messages from underground. O2 is working with Newcastle Metro, the city's underground network, on what it claims is the first commercial rollout of an underground texting service in the UK. The sytems goes live today and uses micro cells on platforms to pick up mobile phone signals. The network overlaps with existing coverage and O2 claims service will be reliable and continuous. ®
John Oates, 16 Feb 2004

Motorola renames chip division Freescale

Motorola's Semiconductor Products Sector (SPS) will be re-christened Freescale Semiconductor when it is spun off out of the group. That process is expected this Spring, when Freescale makes its IPO. Motorola registered the name-change with the Securities and Exchange Commission (SEC) last Friday. The IPO is being underwritten by Goldman Sachs. "Freescale Semiconductor's name was chosen to reflect a new focus for the semiconductor company," the firm said. Which is odd, given that its SEC filing says the company will continue to focus on the embedded and communications markets. "We've created a name that's intended to identify our team's dedication to agility, service and reliability," Freescale President and CEO Scott Anderson added. ®
Tony Smith, 16 Feb 2004

Flaw on Tuesday, exploit by Monday

Hackers have created an exploit for the latest critical flaw in Microsoft Windows just days after the vulnerability made headlines worldwide. The flaw involves a vulnerability in Microsoft's Abstract Syntax Notation 1 (ASN.1) library which could be applied to seize control of vulnerable systems. Windows 2000/XP/2003 are all affected by the vulnerability, which was discovered by security researchers at eEye six months ago. Last week, security vendors advised there was no known exploit for the vulnerability. That view needs to be revised following the publication of an exploit by 23 year-old white hat hacker Christophe Devine on a full disclosure mailing list over the weekend. Vulnerable systems could only be crashed - and not taken over - using the attack code. Nonetheless the threat level has gone up an extra notch. Thomas Kristensen, CTO of security Web site Secunia, said "this exploit only causes a Denial of Service, it is still believed that a system compromise is possible". ® Related Stories MS releases double-plus critical security fix New exploit heralds Blaster 2 attack
John Leyden, 16 Feb 2004

Alphabetical zoo killer terrorises Brazil

Brazilian police are fighting a desperate battle against time to save the lives of thousands of animals threatened by a merciless serial killer. Since 24 January, Sao Paulo zoo has lost three chimapanzees, three tapirs, a trio of camels and an elephant. All apparently succumbed to rat poison. The death toll mounted yesterday when an orangutan, bison and camel were found dead at the attraction. Chillingly, Brasilia's zoo is also investigating the deaths on 9 January of two kangaroos, Jumper and Lucky - although neither is currently jumping nor particularly lucky, it must be said. In every case the poison used contained sodium fluoroacetate, a banned toxin. Police suspect, therefore, that the killer may have some chemical knowledge. We at Vulture Central reckon that he or she might in addition have an alphabetical guide to animals of the world, given that 12 of the victims began with the letters "a", "b", "c" or "e". No mistake here: the terrifying truth is that the tapir is known locally as the anta do Brasil, while the kangaroo is rendered in Portuguese as canguru. OK, we're prepared to concede that the untimely demise of the orangutan (orangotango) is a serious anomaly, but in the absence of any other leads might we suggest that police throw an immediate defensive cordon around every ferret (furão), chicken (galinha) and hippo (hipopótamo) in the land, while safely diverting much-needed security resources from the xarroco (toadfish) enclosure. ®
Lester Haines, 16 Feb 2004

AMD prunes Athlon XP prices

AMD trimmed its prices today, knocking back the cost of buying its Athlon XP desktop and mobile chips by up to 34 per cent. It also introduced a mainstream Athlon XP-M mobile processor rated at 2600+. Related Story Intel adjusts Mobile Celeron prices AMD Desktop Price Cuts Processor Prev. Price New Price Change Athlon XP 3000+ $203 $163 -19.7% Athon XP 2800+ $140 $117 -16.4% Athlon XP 2700+ $117 $103 -12% Athlon XP 2600+ $103 $89 -13.6% Athlon XP 2500+ $89 $79 -11.2% Athlon XP 2400+ $79 $71 -10.1% Athlon XP 2200+ $71 $66 -7% AMD Mobile (Desktop Replacement) Price Cuts Processor Prev. Price New Price Change Athlon XP 3000+ $208 $168 -19.2% Athlon XP 2800+ $185 $122 -34.1% Athlon XP 2600+ $108 $94 -13% Athlon XP 2500+ $94 $84 -10.6% Athlon XP 2400+ $86 $76 -11.6% Athlon XP 2200+ $71 $71   Athlon XP 2000+ $65 $60 -7.7% AMD Mobile (Mainstream) Price Cuts Processor Prev. Price New Price Change Athlon XP 2600+   $99 -  Athon XP 2500+ $99 $89 -10.1% Athlon XP 2400+ $89 $81 -9% Athlon XP 2200+ $76 $71 -6.6% Athlon XP 2000+ $69 $64 -7.2% Athlon XP 1900+ $59 $59   AMD Mobile (Low Voltage) Price Cuts Processor Prev. Price New Price Change Athlon XP 2000+ $97 $80 -17.5% Athlon XP 1900+ $89 $76 -14.6% Athlon XP 1800+ $80 $71 -11.3% Athlon XP 1700+ $71 $57 -19.7%
Tony Smith, 16 Feb 2004

Intel adjusts Mobile Celeron prices

Intel yesterday tweaked the prices of its Mobile Celeron line. Only the top end of the line was affected. Related Story AMD prunes Athlon XP prices Processor Prev. Price New Price Change 2.5GHz, 256KB L2 $149 $134 -10% 2.4GHz, 256KB L2 $134 $112 -16% 2.2GHz, 256KB L2 $112 $96 -14% 2GHz, 256KB L2 $96 $96   1.8GHz, 256KB L2 $96 $96  
Tony Smith, 16 Feb 2004