10th > March > 2004 Archive

Kodak sues Sony over digital camera patents

Kodak is suing Sony for infringing patents related to its digital cameras. It claims that Sony breached 10 patents between 1987 and 2003. Kodak is seeking damages and an injunction to prevent further infringements. Kodak is moving from its dominant position in film cameras to challenge Sony, which holds the top spot for digital cameras. Kodak says it took the action after the failure of licensing talks with its rival. ® Related stories Kodak to drop 35mm cameras in Europe, US Roll-up computer screen set for 2005 debut Kodak U-turn victory for consumers
John Oates, 10 Mar 2004

MS March patch batch low on peril

Microsoft's monthly patch train rolled through today bearing a cargo of fixes uncharacteristically low on the peril scale. Today we have patches for two moderate and one important security vuln. First up, a Microsoft Outlook flaw could allow hackers to inject hostile code on PCs (MS04-009). The flaw stems from incorrect parsing of specially crafted "mailto" URLs by certain versions of Outlook. Users of Office XP and Outlook 2002 need to apply a Redmond-supplied band-aid to avoid the risk of being rooted should they visit a maliciously-constructed website. Microsoft describes this fix as "important" - its second highest severity classification. Microsoft says that default installations of Outlook make exploitation difficult, hence a slightly lower risk assessment. Hmm. Next up, there's a moderate vuln in Microsoft MSN Messenger (MS04-010). This creates a means for crackers to view files on a user's hard disk providing he knows the location of a file and a user's login details. Microsoft suggests a hacker would have to know a great deal about a user. But it is still pulling out the stops to get a fix out there. An auto-update for MSN Messenger users begins early next week. However, the "Messenger team is working overtime to pull that date in closer", Microsoft's spin-doctors tell El Reg. Still concerned? If so, Updated MSN Messenger client software should be posted at the Messenger MSN home page later today. Lastly, there's vulnerability in Windows Media Services component of Win 2K which carries a moderate DoS risk (MS04-008). ®
John Leyden, 10 Mar 2004

Hutchison picks up 3 UK's tab

Hutchison Whampoa, the Hong Kong parent of mobile network 3 UK, is paying off more a billion pounds of debt for its spendthrift offspring. Hutchison owns 80 per cent of 3 and is believed to be in talks to acquire the remaining 20 per cent from NTT DoCoMo. It will pay the banks £1.5bn which 3 was due to pay back in March next year. The company says there was no pressure from the banks, but with disappointing subscriber numbers it is not surprising the mobile network has needed bailing out. Hutchison told the BBC: "We have a lot of cash on hand and the UK loan is rather expensive." The 3G network owes a total of £2.5bn. 3 claims 210,000 subscriberms in the UK. It has just started offering pay-as-you-go services. ® Related stories Three new handsets from 3 Merging Hutchison Whampoa 3 has too few handsets to meet million user target
John Oates, 10 Mar 2004

Software download site pitches across Europe

Dutch company DISC EMD has launched the first pan-European electronic software distribution portal site ESDNOW.COM, through which vendors and resellers can securely distribute their downloadable software. The company will initially sell software to small businesses and end users in Benelux, but other countries will follow soon. CEO Suat Tuzgöl says electronic software distribution in Europe is still largely ignored: "There are a couple of vendors in Germany, while Digital River from the US only targets the UK market." Non-EU merchants selling software to EU customers don't have to worry about VAT compliance and currency hassle. ESDNOW.COM says it will offer multi-currency support and at the same time take care of VAT clearance and reporting. ®
Jan Libbenga, 10 Mar 2004

Eidos snaps up IO Interactive

Europe in BriefEurope in Brief Entertainment software giant Eidos is to acquire IO Interactive. The Danish-based studio is responsible for the hugely successful Hitman game franchise. The acquisition of IO secures the future rights of the Hitman series and will strengthen Eidos' European creative base and development resource, the company says. France: monitoring patients during transport France Telecom has tested a system for wireless transmission of medical data on patients transported by ambulances in Avignon. By using sensors and electrodes and measuring blood pressure and oxygen saturation continuously, hospitals can monitor the patient during transport. Traffic in major cities often delays the patient's arrival at hospital, so transmitting data to waiting doctors is obviously a potentially life-saving process. The 'Medical Emergency Mobile' service is to be sold commercially at the start of 2004. Germany: Fluid lenses at CeBIT Philips Research will use next week's CeBIT in Hanover to demonstrate a variable-focus lens system with no mechanical moving parts. Suited to a wide range of optical imaging applications, including digital cameras, camera phones, endoscopes, home security systems and optical storage drives, FluidFocus mimics the action of the human eye by using a liquid lens which alters its focal length by changing its shape. The lens is shock resistant and operates over a wide temperature range. Philips says it has tested the lens extensively, although it will take another two years to finish the product. ®
Jan Libbenga, 10 Mar 2004

PDA bargains at The Reg Mobile Store

Reader offerReader offer For people on the move, The Register's Mobile, Wireless and PDA Store is offering readers the chance to pick up a PDA, mobile comms or MP3 bargain. Among the featured kit is the capacious Apple iPod 40Gb MP3 Player at £329.45 inc VAT, and - should you need to know exactly where it is you're listening to your Carpenters greatest hits compilation - then you can have the Fortuna GPSmart with Bluetooth connectivity for just £131.95 inc VAT. Below is a full list of the currently discounted items, available for a limited period only. Prices include VAT: Anextek SP230 GSM/GPRS Pocket PC - Everything that you could possibly need for the bargain price of £505.45. This Tri-band Pocket PC runs Microsoft Pocket PC Phone 2003 . Also featured is an SD/MMC/SDIO slot, 64MB RAM, GPRS and 64MB ROM HP iPAQ H2210 Pocket PC - Features integrated Bluetooth, a CF Type II slot and an SD slot that supports SD/SDIO/MMC. Also includes a removable battery, 64MB RAM and a 400MHz Intel Xscale Processor. £217.45 Siemens S55 - Triband, Bluetooth, Colour! Incorporating MMS (Multi Media Messaging), Bluetooth technology and GPRS. £139.95 Palm Tungsten T - The cheapest PDA available! £129.45 Motorola MPx200 - The tri-band Motorola MPX200 combines the power of the desktop with Windows Mobile(tm) and "always at hand" convenience. £238.95 Ubinetics Wireless GC201 GSM Phone Card - PCMCIA mobile phone card that works in laptops and with the iPAQ. Just insert your SIM and have wireless access to your ISP. £58.95 Apple iPod 40Gb MP3 Player for PC + MAC - The ultimate fashion accessory. Now you can take your entire music collection AND large quantities of your personal data with you wherever you go. £329.45 Fortuna GPSmart (Bluetooth) - A Superb Value GPS with Bluetooth. £131.95 IBM MicroDrive 1GB - 1-Gigabyte IBM Microdrive opens new levels of functionality for next-generation pervasive computing devices. £109.45 Sony Ericsson T68i - Sony Ericsson's T68i is tri-band for use worldwide and features GPRS, Bluetooth and MMS capabilities. It has updated software and a new classy colour scheme which makes it stand out from just about any other phone in the world. £105.95
Team Register, 10 Mar 2004

‘One in six’ Silicon Valley tech jobs ripe for offshoring

What do we do now? Cults such as the extropians see technology as the unstoppable escalator to future prosperity, but the rest of us are discovering that their utopian faith has caused graver problems than anyone expected. A recent report identifies Silicon Valley as the most vulnerable region in what it describes as "the largest out-migration of non-manufacturing jobs in the history of the US economy". Ashok Bardhan and Cynthia Kroll at the University of California Berkeley compiled the report last autumn (PDF from here) and provided a more detailed regional analysis for the San Francisco Chronicle this week. They reach their findings by examining the relative fortunes of "at risk" industries, and conclude that California is particularly at risk because of greater-than-average employment in electronics manufacturing and business support services. In a two-year period between 2001 and 2003, a million jobs were lost in these sectors, 200,000 in California. Outsourcing isn't new, the researchers contend, but white collar services jobs can be sent offshore far quicker than blue collar manufacturing jobs. They offer no prediction on how many of the at-risk jobs will be sent offshore. In a short space of time, the offshore trend has become a US election issue which looks like it'shere to stay. But even politicians don't grasp the extent of the disappointment. Weren't things always supposed to get better? Globalization advocates such as the New York Times Thomas Friedman - the Blimpish fellow in a muddle over Register T-shirts this week - still promise they will. We only have to leave things alone, and not meddle. His economic analysis is nothing if not fatalistic, but he reserves his direst warnings against "protectionism". This causes some mirthless ironic chuckles, particularly in one of the prime destinations for offshore jobs India. Protectionism isn't new, as any student of the Dutch and British trading empires knows, and its greatest advocates are the countries who most vociferously decry it. As Larry Elliott noted here, "if Africa exports raw cocoa to the European Union, it faces a tariff of just 0.5 per cent. If it turns the cocoa into chocolate, the tariff is 30.6 per cent." Protectionism seems to work, but only one side is allowed to play it - while pretending not to. So it isn't hard to see why India and China don't wish to suffer the same fate, and have invested so heavily in science and education. The other great irony is that thanks to the deification of information processing, tools which were supposed to replace human drudgery have instead caused us great anxiety as we seek to preserve a new kind of drudge work - processing information. Information isn't some magical kind of new stuff - it usually refers to facts that machines were supposed to perform faster and cheaper than humans, who took more breaks and complained when beaten. "Anybody that competes with slaves becomes a slave," wrote Kurt Vonnegut in his satirical novel about a society of 'intelligent machines', Player Piano. Information isn't, except in a few specific circumstances, a commodity, and it certainly isn't of itself knowledge. So some responsibility for the crisis in what has become known as the information industry must be laid at the people who build the machines and those of us who write about them. Who else are the people who buy the machines supposed to believe? (The correct response isn't to smash up the looms, but to reassert some fundamental values. Compare the idolatory of Steve Jobs to the relative obscurity of the distinguished engineer Ivan Sutherland, who quite apart from his other achievements [like this], values the longevity of important stuff.) Bardhan and Kroll's study is interesting because it doesn't examine loss by industry by industry, but by occupation: the stuff people do. The extent of offshoring crosses traditional boundaries. Similarly, because both Presidential candidates are funded by the same sponsors, all of whom share the faith in this celestial escalator, both are unlikely to estimate the breadth of the current angst over offshoring, which crosses traditional political boundaries too. A humane view which identifies some of these values was recently expressed by Robert X Cringely who, with the help of his readers, looked at how economic fatalism has brought about the current crisis. "We've managed over the last 40 years to give up control of our own money, placing it in the custody of those who do not share our values and who are ultimately held unaccountable. They impose their values on us and we - for no rational reason - accept this," he writes. A reader cites the example of California bus drivers who, through the vast and influential state pension fund CALPERS, invested in the company that the state outsourced bus contracts to, and which then dispensed with the bus drivers. We've written here how short-sighted and destructive Wall Street logic is, and to many it indeed looks relentless. But that doesn't make it inevitable. ®
Andrew Orlowski, 10 Mar 2004

The perils of Googling

Google is in many ways most dangerous website on the Internet for thousands of individuals and organisations, writes SecurityFocus columnist Scott Granneman. Most computers users still have no idea that they may be revealing far more to the world than they would want. I'm not putting down Google. Far from it: it's a great search engine, and I use it all the time. I couldn't do my many jobs without Google, so I've spent some time learning how to maximize its value, how to find exactly what I want, how to plumb its depths to find just the right nugget of information that I need. In the same way that Google can be used for good, though, it can also be used by malevolent individuals to root out vulnerabilities, discover passwords and other sensitive data, and in general find out way more about systems than they need to know. And, of course, Google's not the only game in town - but it is certainly the biggest, the most widely-used, and in many ways the easiest to use. Throwing back the curtain Most people just head to Google, type in the words they're looking for, and hit Google Search. Some more knowledgeable folks know that they put quotation marks around phrases, or put a "+" in front of required words or a "-" in front of words that should not appear, or even use Boolean search terms like AND, OR, and NOT. Greater Google aficionados know about Google's Advanced Search page, where you get really specific. The page that Google provides for its Advanced Search is nice, and it's certainly easy and full of necessary tips, but if you really want to master all the tricks that Google offers the dedicated searcher, you need to learn at least some of what is detailed on the Google Advanced Search Operators page. For instance, let's say you just type the word "budget" into a Google search box, without the quotation marks. You're going to get over 11,000,000 hits, so many that it would take a tremendously long time to find anything troublesome from a security perspective. Now try that same search, but include the search operator "filetype" along with it. Using the filetype operator, you can specify the kind of file you're looking for. Google's Advanced Search page lists several common formats, including Microsoft Word, Microsoft Excel, and Adobe Acrobat PDF, but you actually search for far more than those. Let's change our search from just "budget" to "budget filetype:xls" (again without the quotes; in fact, just ignore the quotation marks unless I mention otherwise) and see what we get. 63,000 hits and counting Hmmm ... now we're down to 63,000 hits. Still an overwhelming number, but if you start looking through the first couple of pages, you'll notice some items of interest if you were an attacker looking for information you shouldn't have. Let's add another operator into the mix. The "site" operator allows you to narrow down your results to a particular subdomain, a second-level domain, or even a top-level domain. For instance, if you wanted to find out what Google has indexed at SecurityFocus on the topic of password cracking, try this search: "site:www.securityfocus.com password cracking", which gives you 449 results. I often use this trick even when a site provides its own search engine, as Google's index is often far better than the search that many sites include. Let's try our search, but stick to the .edu top-level domain, so we're looking for "budget filetype:xls site:edu". 15,200 hits. Not bad. Things are starting to look very interesting. Let's introduce another tool into your toolbox: the ability to look only on pages that use a certain word or words in their title by incorporating the "intitle" operator into your search. At SecurityFocus, this query would narrow our results list down to only five, an incredible tightening of our search: "site:www.securityfocus.com intitle:password cracking" (note that "password" is the only word that must be in the title; "cracking" should appear on the page as a search term, but not in the title, since I didn't place "intitle:" prior to it). Enter the bad guys Bad guys know about the "intitle" operator, but they know something else that makes it even more powerful. Often Web servers are left configured to list the contents of directories if there is no default Web page in those directories; on top of that, those directories often contain lots of stuff that the website owners don't actually want to be on the Web. That makes such directory lists prime targets for snoopers. The title of these directory listings almost always start with "Index of", so let's try a new query that I guarantee will generate results that should make you sit up and worry: "intitle:"index of" site:edu password". 2,940 results, and many, if not most, would be completely useless to a potential attacker. Many, however, would yield passwords in plain text, while others could be cracked using common tools like Crack and John the Ripper. There are other operators, but these should be enough to make the picture clear. Once you start to think about it, the potentially troublesome words and phrases that can be searched for and leveraged should begin to multiply in your mind: passwd. htpasswd. accounts. users.pwd. web_store.cgi. finances. admin. secret. fpadmin.htm. credit card. ssn. And so on. Heck, even "robots.txt" would be useful: after all, if someone doesn't want search engines to find the stuff listed in robots.txt, that stuff could very well be worth a look. Remember, robots.txt just indicates that the website doesn't want search engines to index the files and folders listed in robots.txt; nothing inherently stops users from accessing that content once they know it exists. Sensitive information A couple of websites have even sprung up dedicated to listing words and phrases that reveal sensitive information and vulnerabilities. My favorite of these, Googledorks, is a treasure trove of ideas for the budding attacker. As a protective countermeasure, all security pros should visit this site and try out some of the suggestions on the sites that they oversee or with whom they consult. With a little elbow grease, some Perl, and the Google Web API, you could write scripts that would automate the process and generate some nice reports that you could show to your clients. Of course, so could the bad guys... except I don't think your clients will ever see those reports, just the end results. Even the Google cache can aid in exposing holes in systems. Couple the operators outlined above with Google's cache, which can provide you with a look at files that have changed or been removed, and attackers have an incredibly powerful tool at their disposal. Responses As I said at the beginning of this column, the fact that it is actually quite easy to find dangerous information using just a search engine and some intelligent guesses is not exactly news to people who think about security professionally. But I'm afraid that there are many uneducated folks putting content onto Web servers that they think is hidden to the world, when it is in reality anything but. We have two seemingly opposite problems at work here: simplicity and complexity. On the one hand, it has become very easy for non-technical users to post content onto Web servers, sometimes without realizing that they're in fact placing that content on a Web server. It has even become easier to Web-enable databases, which has led in one case to the exposure of a database containing the records of a medical college's patients (and by the way, the search terms discussed in that article are still very much active at Google, one year later). Even when people do understand that their content is about to go onto the Web, many do not fully think through what they're about to post. They don't examine that content in light of a few simple questions: How could this information be used against me? Or my organisation? And should this even go on the Web in the first place? Well, of course ordinary users don't think to ask these questions! They're just interested in getting their content out there, and most of the time are just pleased as punch that they could publish on the Web in the first place. Critically examining that content for security vulnerabilities is not something they've been trained to do. Points of failure On the other side of the coin we have complexity. For all the ease that has come about in the past several years, no matter how simple it has become for Bob in Marketing to publish the company's public sales figures online, the fact remains that we're dealing with complex systems that have many, many points of potential failure. That knowledge scares the hell out of the people who live security, while Bob goes blithely on successfully publishing the company's public sales figures ... and accidentally publishing the spreadsheet containing the company's top customers, complete with contact info, sales figures, and notes about who the salespeople think are good for a few thousand more this year. For instance, FrontPage is touted by Microsoft as an extremely simple-to-use Web publishing solution that enables users to "move files easily between local and remote locations and publish in both directions". Unfortunately for those average Joes who buy into the hype, FrontPage is still a very complicated program that can easily expose passwords and other sensitive data if it is not administered correctly. Don't believe me? Just search Google for "_vti_pvt password intitle:index.of" and take a look at what you find. FrontPage is not the only offender, but it is certainly an easy one to find in abundance on our favourite search engine. Now think about all the other programs out there that people are using every day. Personal Web servers that come with operating systems. Turnkey shopping cart software. Web-enabled Access databases. The list goes on and on. Take a moment and start to think about the organisations you oversee. See the list of potential problems tumble off into infinity. Oy. Sure, it's possible for the folks creating Web content to tell Google and other search engines not to index that content. O'Reilly's website has a marvellous short piece titled "Removing Your Materials From Google" that should be required reading for anyone who even thinks about putting anything on or even near a Web server. Of course, as I mentioned above, relying on robots.txt to protect sensitive content is a bit like putting a sign up saying "Please ignore the expensive jewels hidden inside this shack". But at least it will get folks thinking. Understand the threat And really, that's what it comes down to: we have to get folks thinking. Sure, those of us responsible for security can try to shut everything down and turn everything off that could pose a threat - and we should, within reason. But those pesky users are going to do their job: use the systems we provide them, and some we don't provide. We need to help them understand the threats that any Web-enabled technology can provide. Print out this column and hand it out. Show them how easy it is to find sensitive content online. Talk to them about appropriate and inappropriate content. Try to get them on your side so they trust you and come to you with requests for help beforehand instead of coming to you after the fact, when it's too late and the toothpaste is out of the tube. Finally, realise that humans have an innate need to communicate and will seize on any tool to do so, and if that means talking to your users and setting up a wiki or bulletin board or other collaborate tool, then do so. Google and other search tools have made the world available to us all, if we just know what to ask for. It's our job as security pros to help make the folks we work and interact with aware of that fact, in all of its far-reaching ramifications. Copyright © 2004, Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients. Related stories The Google attack engine Dangers of the Google tool bar exposed
Scott Granneman, 10 Mar 2004

No need to panic over IP rights directive

Letter:Letter: The IP Rights Enforcement Directive was passed yesterday by the European Parliament. This framework for national legislation has caused a huge amount of controversy and speculation as to how it will eventually appear in law in each of the member states, and sparked protest by civil liberties and consumer rights groups. But have they overstated their case? Adrian McMenamin, the Press Officer of the European Parliamentary Labour Party, certainly thinks so: Dear Sir, The American quoted in your article clearly doesn't understand how EU legislation works. It is now a matter for member states of the EU to translate the directive - which is a framework for law, not the law itself - into their national laws. If member states want to crack down on file sharers the directive approved by the European Parliament makes no odds - they can do that anyway. But given that the directive does not *require* member states to come down hard on individuals swapping files on a small scale there are no grounds for implying that, if they do, it is because of this directive - it will entirely be a matter for member states and their parliaments. Those arguing against this directive have used scare tactics throughout and as a result have consistently alienated the vast majority of legislators in the European Parliament. Intellectual freedom is a valuable thing and its cause is being damaged by people who constantly cry wolf. Britain has had laws very similar to those required by the directive for some years now and I do not see police raiding the homes of file sharers on a regular basis and nor do I see the development of OSS being halted - I should know, I have written several Linux kernel modules. Claims that the DMCA is coming to Europe are ridiculous. A lot of those who opposed this directive did so because they do not believe in any sort of prohibitive intellectual property protection. It's a legitimate argument (though not one I support) but it has been tarnished by their decision to try to scare the living daylights out of people with talk of a coming "police state". Yours sincerely, Adrian McMenamin Press Officer, European Parliamentary Labour Party ®
Lucy Sherriff, 10 Mar 2004

T-Mobile calls the tune in Europe

It might not be music to everyone's ears, but ring tones have proved to be a massive market, writes Bloor Research analyst Rob Bamforth. From bedroom composers to big business mobile operators, demand has exceeded all expectations. It's even had a substitution effect on the CD single industry. Surprising really, that so many people would want to pay for a low-quality audio clip delivered to their hip, just to be in vogue. But will they pay in such numbers for the latest tone for their callers to hear? Customised ringing where the recipient sets up a tune for the caller to hear instead of 'ring ring' was launched in Korea almost a year ago. It has enjoyed rapid success in the market with a third of users already signed up. Subscribers pay a price per tune and then a monthly subscription. Now this isn't music on hold, but music before answering, so the caller won't get to hear much unless the recipient is slow to answer. But there are other tweaks. The audio content can be varied based on the caller identity for example. So is this a big business opportunity in Europe? T-Mobile UK thinks so. It's the first European operator to launch a caller tune service. There are 100 tunes to select from and it costs £1.50 per tune set up fee and £1 per month service subscription. The market potential is vast. The same user community that spends millions on personalised ring tones might be tempted to pay for tunes to share their musical tastes with callers. It's a straightforward idea, but to deliver the service simply, scale to large numbers of users and keep the service delivery manageable requires a suitable platform. T-Mobile has based its solution on the Telsis Ocean family of platforms. The keys to this service is being able to scale up rapidly to large numbers of users as demand takes off, and being able to switch new content in without affecting the running service. The Ocean solution uses a number of intelligent peripheral units, managed by a service control point. Each intelligent peripheral can support up to 120 simultaneous calls with no response degradation, and a service control point can handle up to 10,000 simultaneous calls. The intelligent peripheral supports up to 6000 hours of caller audio, and services can be added without taking the platform out of operation. That's just the level of flexibility required. More sophisticated mobile data services require more extensive investment in operator infrastructure and the active encouragement of an ecosystem of content and service providers. Whilst this is undoubtedly the direction for long term profitability, there are short-term needs. This type of offering takes existing content, exploits the burgeoning ringtone market, and delivers a simple, but potentially highly-fashionable service. Of course it doesn't have to be just for revealing a taste in music. All sorts of spoken messages could be used in the ringing time - perhaps we'll be longing for the return of the ring. Even so, this looks like just the service to get the tills ringing in new revenues for operators. © IT-Analysis.com
IT-Analysis, 10 Mar 2004

David Bedford upstages 118 Runners relaunch

The launch of The Number's new advertising campaign was upstaged yesterday as former long distance runner, David Bedford, turned up in full running gear promoting a rival director enquiries (DQ) service. The Number - whose ads featuring two moustachioed 1970s-style runners have been elevated to cult status - has been in dispute with Mr Bedford after he alleged that The Number had ripped off his image without his permission. Yesterday, as The Number held a press conference to announce that its 118 118 Runners had "hung up their vests" replacing them with tight, creamy yellow jumpsuits, Mr Bedford pitched up in his running gear along with a couple of friends. And instead of plugging The Number's 118 118 DQ service, he sported 118 500 - BT's DQ number. One onlooker told us: "It was all a bit unexpected - but quite funny." So, did BT have a hand in this stunt? A spokesman for the telco said: "It's not down to us. Although we're flattered that he used our DQ number." The Number denied that its decision to reinvent the 118 118 runners as "retro cops" - while still retaining their (slightly sleeker) moustaches and mullets - was a result of its spat with Mr Bedford. "They've just been dropped for this campaign," said a spokesman, who added that there was nothing stopping them coming back in the future. A new £10m marketing campaign featuring the new characters is due to kick off later this week. In January, Communications regulator Ofcom upheld a complaint from Mr Bedford after it ruled that the 118 118 Runners "do caricature David Bedford by way of a comically exaggerated representation of him looking like he did in the 1970s". Ofcom didn't ban the ads because Mr Bedford had not "suffered actual financial harm as a result of the caricature". ® Related Stories 118 118 slapped for David Bedford 'caricature' David Bedford gets the hump over 118 118 ads
Tim Richardson, 10 Mar 2004

Computer voting snafus plague California

Bizarre election results in California have been traced to an electronic touch-screen ballot system. But no one is quite sure what went wrong, and because there is no paper trail, no one is ever likely to get to the bottom of it. In several Orange County precincts last week, more ballots were cast than the number of registered voters can account for, the LA Times reports. Around 5,500 citizens appear to have unwittingly cast votes in the wrong districts, out of a total of 7,000 who experienced some manner of snafu, the newspaper reckons. The unlikely number of ballots cast in certain precincts alerted officials to the difficulties. This does not mean that less obvious errors did not occur at the same time. But at least, in those areas where the ballots cast exceeded voter turnout, it is known that some manner of snafu occurred. A spokesman for the voting system manufacturer hastened to make a virtue of the bungling: "David Hart, chairman of Texas-based Hart InterCivic, which manufactured Orange County's voting system, said it would be impossible to identify which voters cast ballots in the wrong precincts because of steps the company had taken to ensure voter secrecy. For this reason, an exact account of miscast ballots is impossible," the LA Times says. Fortunately, the discrepancies - at least those that have been detected - are too slight to have influenced the outcomes of any elections. However, had any of the races been close, Orange County would have found itself in the awkward position of knowing that an election is doubtful, and having no hope of sorting it out. Since a paper recount is impossible with the majority of these machines, one has to wonder if touch-screen voting might eventually inspire nostalgia for the hanging chads, political wrangling and mass confusion that propelled George W Bush into the Oval Office. The old system may have been a nasty business, but at least we know what went wrong with it. ®
Thomas C Greene, 10 Mar 2004

Ryanair Telecom delays mobile telco launch

Ryanair Telecom - the Irish-owned private company operating under licence from airline Ryanair PLC - has delayed the launch of a new mobile service because take-up of its new fixed-line service has been "fantastic". The no-frills discount telco opened up for business last month, promising to shake up the Irish market with half-price local and national calls. At the launch it said it planned to roll-out discount mobile telephone services throughout Europe. A formal announcement detailing the new mobilephoneco was due to be made today, but a spokeswoman for the company said that the launch of this service has been delayed for a couple of weeks because the company is "busy with the fixed line business". ® Related Story Ryanair, Stelios in telecoms departure
Tim Richardson, 10 Mar 2004

CeBIT to premiere USB Swiss Army Knife

It was bound to happen. Given that you can buy a Victorinox Swiss Army Knive with just about every gadget known to man, from horse-hoof awl to Hubble Space Telescope lens polisher, it's no real surprise that the company - in association with flash memory outfit Swissbit - is now offering cutting tools plus USB flash memory stick. The gadget will be unleashed on an incredulous world at CeBIT next week. The USB Swiss Army Knife is available with 64 or 128MB memory, plus all the usual extras - knife, corkscrew and tin-opener. The 64MB version will cost €55; the price of the 128MB version is tba. Swissbit is not just any old company trying to make a buck from ingenious vehicles for memory. It grew out of Siemens and has been producing DRAM and flash memory modules - including Compact Flash and the 1 gigabyte SwissBitKey USB Memory key - for over ten years. USB flash memory pops up everywhere these days. Indeed, our own Cash'n'Carrion already sells a popular 256MB USB Memory Watch. Whether the USB Swiss Army Knife proves as successful remains to be seen. For those of you who are attending CeBIT, Swissbit is in Hall 2, Booth B31, and in Hall 4, Booth B58. ®
Jan Libbenga, 10 Mar 2004

RealNetworks sues baseball broadcaster

RealNetworks is suing baseball broadcaster MLB.com. The two have been partners in broadcasting baseball games over the Internet since 2001. But negotiations between the two over renewing a licensing agreement fell apart in early February. RealNetworks claims MLB has failed to comply with a contract the two signed in February. It is seeking a temporary injunction to enforce its contract and for MLB to "perform its obligations to the letter and spirit of our contact". MLB has been broadcasting games in Windows Media Player format. RealNetworks has a long running law suit against Microsoft claiming $1bn in damages. To see the whole statement from RealNetworks click here ® Related stories Real makes MLB.com a free agent Real and IBM form media software link Why Real sued Microsoft Real talks to itself about Rhapsody billing
John Oates, 10 Mar 2004

Benefits of online tax returns ‘negligible’

A government incentive to get small businesses to file their tax returns online is not what it appears, with the financial benefits set to be "negligible", an accountancy firm has warned. Ministers have said that from 19 May 2010, firms with fewer than 50 employees will have to file their PAYE returns online each year by law. As an incentive to get employers using the internet to send returns now, the government announced that firms who file online every year until 2009 will get a total of £825, tax-free. However, accountants at PKF said that due to software costs and other expenses, small businesses are unlikely to see any real benefits from filing online before they are required to do so. Peter Pennycard, national director of tax at PKF, warned small firms to be wary of the initiative: "Whilst this may sound like a genuine incentive to start filing online sooner rather than later, small businesses would do well to remember that, like many government offers, the financial advantage could be negligible. "Not only will employers have to purchase software approved by the Inland Revenue to complete PAYE returns at the beginning of the 2004/5 tax year, but they will have to wait for their first incentive payment of £250. "It will be credited against their 2005/6 tax payments and they will only get a cheque in they actually ask for it." Although business groups have repeatedly urged chancellor Gordon Brown to lessen tax requirements in the upcoming Budget, PKF said that firms should brace themselves for an even greater regulatory burden. The accountancy company pointed out that the Inland Revenue is now collected tax earlier from employees by taking payments from the PAYE tax code on their earnings. This system means that tax will be paid up to nine months earlier than under self-assessment rules. Pennycard said that it was clear that the chancellor’s attempts to increase the tax take is forcing the Inland Revenue to take a singular approach to tax collection. "Their slogan seems to be 'We want you to pay is now, but you will have to wait for anything that we owe you'. "Such penny pinching is yet another example of the government’s unnecessarily ruthless treatment of businesses and taxpayers and we are likely to see more of the same in this year’s Budget," he concluded. Copyright © 2004,
Startups.co.uk, 10 Mar 2004

Union opposes BT – HP job swap plan

Some 400 BT workers who provide internal helpdesk support for the UK's dominant telco could be shunted across to HP. And a similar number of HP staff could be moving over to BT in a job-swap deal. BT staff currently providing desktop and service desk support are to be moved to HP under TUPE (Transfer of Undertaking - Protection of Employment) regulations. BT will manage HP's voice and data network in EMEA, long with a number of call centres, which could also see a similar number of HP staff move to BT. BT has told staff in an internal memo that it has signed heads of agreement with HP, but contracts will take several months to conclude. Employees and unions will be kept informed throughout. But unions have already signalled their intention to oppose the transfer of staff. Connect - which represents some 20,000 managers and professionals in the communications industry - has already held discussions with BT on the matter. Said the union in a statement: "We see absolutely no justification for a TUPE transfer. What is proposed is in effect to outsource BT's internal desktop and mid-range computer support to HP. In doing so, the company would be outsourcing computer support facilities judged by one external benchmark to be third best in the world. There is no obvious reason why this should make any contribution to BT's ability to secure major third party ICT contracts, either alone or in partnership with HP." Connect is to consult with its members over the proposed deal. "If it is clear, as we believe it will be, that members are opposed we will campaign against this proposal with your support." ®
Tim Richardson, 10 Mar 2004

Hubble nudges the dawn of universe

Yesterday, astronomers revealed the deepest-ever picture of the visible universe, taken by the Hubble Space Telescope (HST). It contains an estimated 10,000 galaxies clustered in a patch of sky one-tenth the diameter of the moon. In among the normal spirals and ellipses are an assortment of odd-looking galaxies. The European Space Agency explains that this is because we are looking at a time when order and structure in the universe were just beginning to emerge, and when the first galaxies were starting to reheat the universe. The Hubble Ultra Deep Field is the result of a million-second (nearly 12 days) exposure and reveals the earliest galaxies to emerge from the so-called Dark Ages just after the Big Bang. The picture reveals galaxies too faint to be seen from the ground, or in Hubble’s previous faraway looks, called the Deep Fields, taken in 1995 and 1998. The picture is composed of two images taken by the HST’s Near Infrared camera and Multi-object Spectrometer (NICMOS) and Advanced Camera for Surveys. The NICMOS camera may even reveal galaxies that existed only 400 million years after the Big Bang. This will hold the record as the deepest-ever view of the Universe until ESA and NASA launch the James Webb Space Telescope in 2011. ® Related story Oldest galaxy found behind big cluster
Lucy Sherriff, 10 Mar 2004

NetSky author signs off

The latest version of the NetSky worm is to be the last, according to a message buried in the worm's code. Anti-virus firms are taking the pledge with a pinch of salt. Netsky-K (AKA Netsky-J) is little different from the 10 earlier versions we've seen over the last month. Once again, the worm contains insults against the authors of the Bagle worm - continuing the flame war among malware authors that has raged in cyberspace since last week - along with code designed to remove Bagle from infected PCs. But this time we have a message from the unknown authors of the worm promising to the end of the NetSky onslaught. The message reads: "We want to destroy malware writers business, including MyDoom and Bagle... This is the last version of our antivirus. The source code is available soon." AV firms are waiting to see if NetSky's authors live up to their word. Alex Shipp, of email filtering outfit MessageLabs, said it doesn't really matter if AV researchers believe the pledge or not, because virus fighters have to plan for the worse. Either selling access to hijacked computers to spammers or a clash of egos between rival malware authors is behind the spat between rival VX gangs, he thinks. ® Related stories War of the worms turns into war of words Fistful of Bagles shoot up the Net
John Leyden, 10 Mar 2004

Our t-shirt went to America and all we got was this lousy email

The controversy surrounding the origins of the My job went to India and all I got was this lousy t-shirt has escalated somewhat since our indignant piece yesterday. To recap, NY Times columnist Thomas L. Friedman suggested that this legendary piece of apparel may have been conceived in the US and not, in fact in Britain. We at Vulture Central were, naturally, having none of it. Indeed, our ire was exacerbated somewhat when we further learned that The Washington Post's, Cynthia L. Webb had got hold of the story, and reprinted the pertinent parts of Friedman's piece. Well, here's the NYT's defence, issued after reader Ben Godber forwarded This Modern World's sceptical analysis of Friedman's claim to the paper: ------------ Forwarded Message ------------ Date: 09 March 2004 17:32 -0500 From: Public To: Ben Godber Subject: Re: Factual Error Dear Mr. Godber, Thank you for your message. Mr. Friedman informed us of the following regarding your concerns about the t-shirt mentioned in his column (3/7), "The Secret of Our Sauce." "The argument seems to be that it was a British Web site that came up with the idea of the T-shirt -- ``My job was lost India and all I got was this lousy T-shirt'' -- and therefore the whole premise of my column was wrong, that Americans are not innovative. First, all one has to do is Google that phrase and you will discover that it is not only a British Web site offering this t-shirt for sale, but that a U.S.-based Web site, indeed one located in Palo Alto where so many jobs have been lost, has been selling the same T-shirt for some time. It is the online design-your-own t-shirt and apparel store, Zazzle.com (see attached URL). So either someone in America copied it -- or independently came up with the idea themselves and therefore it is not a British exclusive. The point I was making about the innovative nature of American society and institutions obviously rests on more than a T-shirt." I include a link to the T-shirt shown on Zazzle.com below: www.zazzle.com Sincerely, Arthur Bovino Office of the Public Editor The New York Times OK, readers will have to make up their own minds on this one. The El Reg India shirt was launched before Xmas 2003. The US equivalent was apparently created on 17 January 2004. We make no further comment. Except to say that I have been personally requested by Cash'n'Carrion to exhort all true patriots to support our cause by immediately buying the original and best My job went to India and all I got was this lousy t-shirt. A shameless plug, yes, but remember that jobs are at stake here - our Indonesian eight-year-olds depend on the $10 a week they get for hand painting these shirts to support the the impoverished members of their extended families who could not get jobs in local callcentres. ® Update The link to the zazzle.com shirt shown above is no longer active. However, the item has reappeared here with a new creation date of 10.10.2003. Hmmm. Bootnote Thanks to Bruce W. Alter for the Washington Post tip-off.
Lester Haines, 10 Mar 2004

BT near to settling London allowance dispute

BT's long-running dispute with the Communications Workers Union (CWU) over increased allowances for staff who work in London could be settled soon. The CWU is recommending that its members accept an offer from BT to raise levels of London Weighting. The new offer includes an increase of £200 with effect from 1 March, with another rise of £25 from 1 Jan, 2005. If accepted, it would increase Inner London Weighting by 8.6 per cent from £2,600 to £2,825 and Outer London Weighting by 20 per cent from £1,128 to £1,353. The allowances - which compensate workers for the greater expense of living and working in London - have been frozen since 1999. The CWU said the deal "reflects the best that can be achieved by negotiation". A ballot of members is expected soon. In December the CWU described as "derisory and completely unacceptable" BT's offer of an extra £100 for London weighting. The CWU had called for London weightings of £4,000 and £2,400. ® Related stories Union calls BT strike ballot over 'derisory' offer Maybe it's because I'm a Londoner (that BT wages get me down)
Tim Richardson, 10 Mar 2004

Airbag grasses up killer driver

An intelligent airbag looks likely to prove a key witness in the case of a 26-year-old Canadian driver who killed another driver while speeding along a Montreal street. Although the inflatable friend may have saved Éric Gauthier's life in the crash, it later sang like a canary, revealing that the young man had been travelling at three times the 50kmph speed limit. 20-year-old student Yacine Zinet died in the incident when his car was struck. Gauthier's Chevrolet Sunfire carried a recording device - known in the trade as a EDR, or event data recorder. EDRs are now commonly fitted to new cars and are intended to protect manufacturers against faulty airbag lawsuits. Police called on the digital evidence because there were no skid marks at the crash scene to indicate how fast Gauthier had been travelling. There is increasing disquiet among drivers about such "snooper" devices. Last November, the FBI forced the operators of one stolen vehicle's on-board vehicle navigation system to enable it as a covert eavesdropping device. The courts were not impressed. In California, a new law means that anyone who buys a car after June must be informed of exactly what data any fitted EDR can record. Commonly, EDRs are simply a memory chip "loop" system, which continually records and re-record five seconds of data such as speed, rpm, etc. In Gaulthier's case, this last five seconds of data proved critical. He attended a pre-sentence hearing yesterday, having been already convicted on two counts of dangerous driving. The prosecution is demanding three years' jail. ® Related stories Court limits in-car FBI spying Air bag 'black box' nails killer driver Doh! Man steals GPS tracking device
Lester Haines, 10 Mar 2004

Industry unites for .mob?

Microsoft, Vodafone and Nokia have signed a memorandum of understanding to develop a top level domain (TLD) name, like .com, for mobile devices. The group has applied to ICANN to grant the new TLD and let them manage it. Other members of the consortium include 3, the GSM Association, HP, Orange, Samsung and Sun Microsystems. The companies have yet to decide on a name for the joint venture. Nor have they decided what the new domain will be - we're betting on .mob... The group is looking for more members to ensure wide customer and industry input. The address could be used alongside existing .com addresses to provide stripped-down content for people accessing the site on the move. ® Related stories VeriSign calls ICANN bluff in world’s biggest game of poker Internet showdown side-stepped in Geneva VeriSign bows to ICANN, suspends Net Grab
John Oates, 10 Mar 2004

Robot grunts tumble in race for $1m prize

Robot grunts have struggled through two days of test runs in Fontana, California, as they prepare for DARPA's $1m Grand Challenge event. Only Carnegie Mellon University's Sandstorm robotic vehicle has completed a test course that measures how well the machines are greased for a 200 mile race to be held Saturday. A number of other teams' vehicles have made partial runs over the 1.36 mile course, while other teams have decided to hold off on the qualification until their vehicles are fully tuned. The weekend race from Barstow, California to Las Vegas will be the culmination of months of work by 25 teams to try and seize a $1m prize put up by DARPA to spur the creation of a robot army. "We had a very exciting day with the Red Team being the first group to complete the course," said Colonel Jose Negron, DARPA Grand Challenge Program Manager. "We streamlined some of our procedures and allowed the teams extra practice time on the track. The excitement is building as more teams move positively forward to Saturday's Challenge." Carnegie Mellon's success does not come as much of a surprise, as many observers have pegged it as the favorite in the race. Like all of the 25 competitors, Carnegie Mellon must turn its vehicle over to DARPA on Saturday, hit the go switch and hope the robot can steer itself through the Mojave Desert and on to Sin City. Most of the vehicles are packed with radar, laser radar, various sensors and mountains of compute power to process the robot's course as its moves from one GPS coordinate to another. DARPA - an arm of the Defense Department - will not provide the GPS "waypoints" making up the course to the teams until two hours before the race. Carnegie Mellon's Red Team is racing a Hummer built on the back of more than $3 million in funding from a variety of sources, including Intel and Boeing. The team had a setback last week when Sandstorm tumbled over, destroying some sensor components. After a rush fix, however, it looks like the Red Team is ready to race. Axion, The Golem, Rover Systems, SciAutonics I, SciAutonics II, Team ENSCO, Team Terrahawk and TerraMax partially completed the course. El Reg is keeping a close eye on Team Phantasm out of St. Louis. The team is in need of new radar equipment before it goes at the test course. Team Phantasm consists of only two men and has tapped into less than $50,000 to prepare a robotic ATV (All Terrain Vehicle) donated by Kawasaki. DARPA is keeping an optimistic tone about the weekend race and with good reason. The Grand Challenge was designed to make up for largely wasted multi-million dollar handouts to large military contractors who could not come up with vehicles capable of guiding themselves over long distances. Congress has mandated that one-third of military vehicles must operate unmanned by 2015. With that in mind, DARPA decided to dangle the $1 million prize in front of students, small companies and gear heads to see if they could come up with groundbreaking ideas in the field. Over the past few months, DARPA has changed a number of the contest's rules to adjust to an overwhelming number of entrants. In addition, DARPA will now send vehicles off in a time-trial format instead of having them all take off from the start line at the same time. The race will be broadcast over satellite on Saturday. The coordinates can be found here. For more information on the basics of the race and controversy surrounding it, please look over the related stories. ® Related stories $1 million Grand Challenge map leaked on Web DARPA quells robot road rage DARPA chisels little guy out of $1 million race DARPA's indecision threatens integrity of $1 million race
Ashlee Vance, 10 Mar 2004

Claire Swire II faces worldwide humiliation

We received a forwarded email last week which, by our reckoning, has already been seen by four-fifths of the world's population. Which is a shame for author Sharon Dyson because it was originally intended for boyfriend Alex Hewson only. You get the idea. Sadly, Sharon was responding to a general email Alex had sent from abroad to her and 30 mates. Unfortunately, when she wrote her reply, she hit "reply to all" by mistake - something she will live to regret. Naturally, we at El Reg were not originally going to run with this story. After all, the girl's done nothing wrong. Then we found the Sun had got hold of it, so it's all a bit late for damage limitation. We gather that Sharon is in line for a bit of a ear-bashing from her bosses - London-based Hobson's. Give the girl a break, it could happen to anyone: We feel for the new Claire Swires - no, really - and ask her bosses to go lightly on the poor lass. As for Alex's 30 mates, who could have nipped this in the bud - you ought to be ashamed of yourselves. ® Related stories Yummy Claire gets in touch with The Reg Claire Swire: wanna know who she is?
Lester Haines, 10 Mar 2004

Radio star gazing gets European boost

This week sees the launch of RadioNet - a three-pronged programme to boost European radio astronomy. Using a big chunk of EC funding, the programme unites a broad group of institutes to collaborate in research and to improve communication within the astonomy community. Organisers hope it will prepare the European radio astronomers for the next generation of telescopes and arrays currently being planned and built. This will require a more co-ordinated approach from the community, if observers are to get the most out of the new facilities. A prime objective is to encourage more communication between astronomers working at different wavelengths - from X-ray, radio and infrared to the optical range. Collaboration on this scale will be vital to fill the gap between Hubble and the launch of the James Webb space telescope in 2011. The first part of the programme, Trans-National Access, aims to increase the number of European radio-astronomers using the many radio telescopes run by Europe, including the 217-km MERLIN array in the UK and the James Clark Maxwell Telescope in Hawaii. The programme will cover the running costs of the facility and the travel expenses of the astronomers. The next strand is a trio of technical R&D initiatives aimed at improving the useability, efficiency and scope of radio astronomy. More details here. RadioNet will provide networking opportunities for radio, and other, astronomers. Among other things, it will fund science and engineering workshops, working visits between institutes and training schools. RadioNet has 20 partners ranging from radio telescope facility operators to laboratories specialising in micro-electronics, MMIC design and constructing super-conducting components. The first RadioNet-funded workshop: 'Dense Molecular Gas around Protostars and Galactic Nuclei', was held on 17-20 February in the Netherlands. ®
Lucy Sherriff, 10 Mar 2004

Liverpool is 30 minutes from IT wipeout

Just 30 minutes without power would reduce Liverpool council services' IT infrastructure to a state of meltdown. The council's mainframe currently has no back-up system, and if there's a blackout lasting longer than half-an-hour, every record would be irrevocably lost. Auditors flagged this oversight last year, The Liverpool Echo reports. In a report to council members, the executive member for resources, Councillor Chris Curry told the members that "there is no generator backup for power outages and in the event of a power failure the UPS [emergency power system] provides only 30 minutes backup". The council voted to install some back-up without delay. The project, which is worth £400k, has been handed to Liverpool Direct, the council's joint venture with BT. The work was not put out to competitive tender as council members were concerned that a bidding process would delay a swift solution to the problem. Work will begin on 1 April, and is expected to take 16 weeks. Existing network equipment will be moved into unused space in the basement of the municipal building, along with the new back-up system. ®
Lucy Sherriff, 10 Mar 2004

Hitachi ships 400GB whopper

The fight for the title of biggest hard drive hotted up today as Hitachi announced its 400GB contender. The Deskstar 7k400, a 7,200rpm, 3.5in drive, is aimed at the audio-visual market, where capacity and low cost per GB are the main reasons to buy. Hitachi says the new drive can hold 400 hours of standard TV programming, 45 hours of HDTV programming or more than 6,500 hours of high quality digital music. It features a new industry-standard AV feature, known as Streaming Command Set. This optimizes the drives for storing and retrieving content on a digital video recorder (DVR). The DVR market is set to explode in the next few years, according to the Yankee Group. The research firm forecasts that DVRs will be found in 24.7 million homes by the year 2007. High definition TV will also drive demand. The Deskstar 7k400 is shipping now, in limited quanities. More info here. ®
Lucy Sherriff, 10 Mar 2004

Cisco beefs up IOS security

Cisco Systems has launched a range of products to ward off security threats. An upgrade to Cisco core IOS Software (Release.12.3T) should make networks more resilient to malicious attacks. New features include the ability to more easily segment networks into trusted zones. Also, it is now easier to identify the source of DDoS attack traffic, using Cisco IP Source Tracker. And improved support of the Extended Simple Mail Transfer Protocol makes it easier to inspect mail traffic for malicious code. Cisco has added support to the next generation net traffic standard, IPv6, to its popular PIX range of firewalls. Rivals Check Point and NetScreen both added IPv6 support some time ago. On the hardware front, Cisco has introduced the Cisco 7301 Router and Cisco VPN 3020 Concentrator. These appliances promise performance improvements of Cisco's existing range of secure router and VPN kit plus support for Cisco Security Device Manager, a management product designed to make setting up secure networks more straightforward. The products are available now; prices are listed here. Networks, heal thyself Yesterday’s announcements represent the latest milepost in Cisco's Self-Defending Network. This is its strategy to improve the ability of networks to autonomously identify, prevent and adapt to a range of security threats. The latest updates are geared towards adapting to security threats. Preventing attacks in the first place falls within the remit of Cisco Security Agent (CSA), the host-based intrusion prevention software inherited through last year's acquisition of Okena. CSA protects corporates against worms such as Blaster and Nimda, and is positioned as a supplement to existing AV software and as a replacement for desktop firewalls. Cisco consultant Paul King told El Reg that the technology is not ready for consumers, because deployments must be carefully set up and managed. However punting the technology towards small and medium-sized businesses is very much part of Cisco's plans. It is talking to ISPs about licensing the technology as a security add-on the business broadband connection packages. But no deals yet. ® Related stories Cisco combats network worms Cisco launches security blitz Cisco buys behaviour blocker IPv6 Task Force UK works on five-year plan
John Leyden, 10 Mar 2004

Big US ISPs set legal attack dogs on big, bad spammers

America's four leading ISPs today announced the filing of the first big lawsuits under the new federal anti-spam law, the CAN-SPAM Act. America Online, EarthLink, Microsoft and Yahoo! last night filed six lawsuits against hundreds of defendants, including individuals suspected of being among the US's most prolific spammers. The suits are overwhelming against unnamed defendants (only Yahoo! alone names those it's gunning for). At a press conference in Washington DC today top legal officers from AOL et al explained that federal laws allow the names of defendants to be inserted at a later stage in proceedings. Defendants in the civil suits (filed in federal courts in California, Georgia, Virginia and Washington state) are collectively charged with sending hundreds of millions of spam messages to customers of the four networks. A wide variety of products - ranging from get-rich-quick schemes, to prescription drugs, pornography, instructions for conducting spam campaigns, banned CDs, mortgage loans, university diplomas and cable descramblers - were punted in these junk messages. Tricks and subterfuge Spammers used a variety of deceptive and criminal techniques in their attempts to make sure their spam was read. These tricks included: sending spam through third-party computers to disguise their point of origin (i.e. using open proxies); falsified 'from' email addresses (spoofing); omitting a physical address in messages; and failing to include a valid unsubscribe option. Each trick violates CAN-SPAM. The law provides for serious penalties against large-scale spammers who use fraud, deceit and evasion to send junk email to consumers. Two in three spam messages contain deceitful elements actionable under CAN-SPAM, according to America's big four ISPs. Follow the money They are targeting high-volume outlaw spammers in a campaign which will see "stepped-up and co-ordinated civil enforcement programs". The next targets are likely to be the firms which hire spammers to promote their services. Investigators will follow the money to bring spammers to book. US residents who operate off-shore are not beyond the reach of US law, the ISPs warned in a press conference today. Randall Boe, AOL general counsel, said his company is committed to dismantling the junk mail industry "one spam kingpin at a time if necessary. "Our actions today clearly demonstrate that CAN-SPAM is alive and kicking - and we're using it to give hard-core, outlaw spammers the boot." CAN-SPAM really can CAN-SPAM gives the industry a "significant new advantage" in its fight against spam, according to Yahoo! general counsel Mike Callahan. "We're holding spammers directly accountable for the relentless infiltration of people's inboxes," he said, adding that the industry has formed a "more unified front" in its fight against spam. AOL, EarthLink, Microsoft and Yahoo! formed the Industry Anti-Spam Alliance last year. Since then they have shared information, resources and investigative best practices in assembling their lawsuits. But legal enforcement is only part of the answer, they say. Wider user of anti-spam technologies, consumer education, stronger partnerships between industry and government are also needed. the Industry Anti-Spam Alliance is working to establish improved certification and authentication of email as an Internet standard. Case Summaries AOL v. Davis Wolfgang Hawke, et al Davis Wolfgang Hawke (AKA Dave Bridger), Braden Bournival and unknown defendant co-conspirators are alleged to have transmitted millions of spam email messages directing AOL members to Web sites selling "Pinacle" penis enlargement pills, weight loss supplements, handheld devices advertised as "personal lie detectors" and a product labelled "the Banned CD". These messages have generated 10,000 user complaints since last July, according to AOL. In addition, the complaint alleges that Hawke also offered to provide or sell illegal "bulk-friendly hosting" services, "cracked" bulk mailer programs and millions of AOL addresses. AOL v. John Does 1 to 40 AOL's complaint alleges that from at least November 2003 to the present, unknown defendants transmitted millions of spam messages to AOL members advertising numerous websites selling a variety of products, including mortgage leads, adult-content websites and business opportunities. The messages (with misleading subject lines, natch) were transmitted through fraudulent means to make it difficult to determine the identity of those responsible. The unnamed defendants used various tactics in an attempt to evade AOL's spam filters, including random text in the body of their messages. These spam messages generated more than 500,000 complaints from AOL members. EarthLink v. John Does 1 to 25 (The "Prescription Drug Spammers"); John Does 26 to 35 (The "Mortgage Lead Spammers"); John Does 36 to 45 (The "Cable Descrambler Spammers"); John Does 46 to 55 (The "University Diploma Spammers"); John Does 56 to 65 (The "Get Rich Quick Spammers"); and John Does 66 to 75 (other spammers) These varied unnamed defendants have sent sending millions of spam email messages to advertise websites selling prescription drugs, mortgage leads, cable descramblers, university diplomas and get-rich-quick schemes to EarthLink members again using deceptive practices. Some of the defendants have used text randomizers to insert long passages of gibberish in messages in attempts to evade EarthLink's spam filters. Microsoft Corp. v. JDO Media of Florida, and John Does 1 to 50 (U.S. District Court, Western District of Washington) This lawsuit charges JDO Media and other unknown defendants of operating an automated multilevel marketing program advertised through spam. Microsoft Hotmail subscribers have been barraged by millions of illegal email messages touting this program. The lawsuit alleges that the spam used to promote the program is intentionally routed through open proxies, contains header information that is false and misleading, and uses other deceptive methods to disguise the senders' identities in violation of CAN-SPAM. Microsoft Corp. v. John Does 1 to 50, doing business as Super Viagra Group The "Super Viagra Group" sent Microsoft Hotmail subscribers "hundreds of millions of illegal email messages" advertising either 'Super Viagra' or a weight-loss patch. The lawsuit contends that Super Viagra Group routes its email messages through open proxies and hijacked computers in countries around the world, uses misleading transmission information and subject lines. Approximately 40 domain names registered throughout the world were promoted in these junk mail messages. Yahoo! Inc. v. Eric Head, Matthew Head and Barry Head, and their companies Gold Disk Canada, Head Programming, and Infinite Technologies Worldwide, collectively known as "The Head Operation" The defendants were on Yahoo! Mail's "Most Wanted" spammer list for allegedly sending millions of spam messages. In January 2004, Yahoo! Mail received about 94 million email messages from The Head Operation. Messages consisted of solicitations for life insurance, mortgage and debt consolidation, and travel services sent using open proxies all over the world. The defendants allegedly used colour font tricks to hide randomized text in an attempt to circumvent Yahoo's SpamGuard filter. ® External Links Critique of CAN-SPAM by anti-spam organisation Spamhaus All six CAN-SPAM lawsuits (on Findlaw) Related sories Californian ISP sues Bob Vila site for spam (using CAN-SPAM) Spammers not deterred by Can Spam Act AOL and Earthlink chase spammers through the courts Earthlink brings down the Buffalo Spammer Feds seek input on spammer sentencing
John Leyden, 10 Mar 2004

Tiscali UK unveils PAYG broadband

Tiscali UK is launching a pay-as-you-go broadband service later in the spring. The 512k services cost £19.99 a month (the same as BT's recently announced BT Broadband Basic) and give punters those choice of either 50 hours online a month or 1Gb monthly limit. Punters who exceed this limit will then pay just 2p per minute on the 50-hour package and 2p per Mb for the 1Gb package. Just in case consumers get carried away, Tiscali is capping monthly bills at £50. It is also launching a 1Mbps broadband product for £29.99 a month, which it says undercuts similar speed services from AOL by £5 a month, BT Retail by £8 a month and BT Yahoo! by £11 a month. Both the PAYG broadband and 1Mbps services are based on the BT Wholesale product Datastream which enables operators to use their own networks to provide the ADSL services. As a result, these products are available to around 80 per cent of UK broadband-enabled areas only. Tiscali UK announced today that it has more than 200,000 broadband customers. The ISP declined to break down the figures to say how many were on its sub-512k services. Anyhow, according to Tiscali this now makes it the second largest independent DSL provider in the UK, behind BT, which is approaching a million punters, and AOL. In a statement, Tiscali said its market share has increased from three per cent in September 2003 to more than 10 per cent in March 2004, making it the fastest-growing DSL provider in the UK. And since it is adding more than 2,000 new DSL customers every day, it reckons it's grabbing between 30-40 per cent of new UK DSL customers. ® Related Stories BT climbs down in Tiscali ad spat BT knocks Tiscali in ad. Tiscali gets cross PlusNet throws strop at BT cheapest broadband claim Rival ISPs rubbish BT Broadband Basic BT touts £20 capped broadband Telewest unveils capped 256k Net access
Tim Richardson, 10 Mar 2004

IDC forecasts healthy PC sales

IDC is betting on double digit growth in the global PC market for next couple of years. This will be spurred by aggressive pricing, improving business spending, and consistent growth in demand for portables. According to the research firm, the PC recovery is in full swing, translating into 11 per cent annual growth until 2005. Things start looking tougher shortly after that, but the numbers are still positive - a big improvement on recent times. By 2006 growth falls to five per cent, and then to three per cent by 2008. Enterprise sales are improving: in the US this should offset a declining public sector spend, the company says. In Western Europe, both consumer buying and business demand will stay strong, thanks to better pricing and a switch to laptops. Japan's economic problems have held back market growth, and because nearly everyone has a laptop at home already, growth will be much more conservative. IDC expects growth of just six per cent in this matured market in 2004/5. In contrast, the rest of Asia-Pacific looks very healthy. Low market penetration means that high growth rates will persist, tax breaks and Government spending on IT in India will give the market a boost. ® Related story NY Times in 'My job went to India' shirt outrage
Lucy Sherriff, 10 Mar 2004

Fujitsu zooms with tubby Xeon blade

Fujitsu Computer Systems has rolled out a new rather bulky but powerful blade server in its Primergy product line. Fujitsu is aiming more at the corporate software market than scientific computing or Web serving - the traditional blade stomping grounds - with the Primergy BX600. The system runs on powerful Xeon processors from Intel, as opposed to lower-powered processors often used in thinner blade servers. Up to 10 server blades can fit in the 7U (19-inch) BX600 chassis. Fujitsu is describing the BX600 as a midrange blade, which seems fairly accurate given where it sits in the market. HP, for example, has just rolled out a denser product that complements a wide range of low and high power blades. IBM, on the other hand, leans more toward high-end blade computing, using Xeons and less dense builds. The BX600 can support up to 12GB of memory, two Ultra320 SCSI disks and can be upgraded to support two Fibre Channel interfaces. Later this year, Fujitsu aims to roll out a four processor blade based on Xeons. Customers will be able to place five of the four-way blades in the 7U chassis. Pricing for the BX600 starts at $10,300. ® Related stories HP nips and tucks low-end servers Intel adds more muscle to Xeon MP Intel's Xeon Extender promises to enlarge your memory size
Ashlee Vance, 10 Mar 2004

Artists vow to sue Apple for dodging French music fees

The body representing French composers says it will sue Apple for evading its compensation obligations on sales of its iPod player. That's Apple, the computer company, not Apple Corp, The Beatles' publisher; the former is forbidden from selling music products as a result of a 1991 legal settlement with the latter, a dispute that's currently in court again. Under a French law passed two years ago, hard disk players are subject to a levy that goes to compensate royalty holders. Sacem, the Society of Music Creators, Composers and Publishers, says Apple has failed to comply, and will sue for back fees. Canada recently introduced a similar levy on fixed-disk portable music players to help compensate artists. Last year Apple Computer quietly removed a claim on its iTunes Music Store that the service was "fair to artists". Major label deals can leave artists indebted for years. Professor William Fisher at Harvard University, who has been studying alternative compensation systems, suggests that hardware levies are one of the least effective forms of raising money. Fisher is one of many people studying the consequences of decriminalizing music 'piracy' while ensuring artists get paid. The average US household spends $500 on audio and video hardware, media subscriptions and rentals, and yet for 17 cents a week per household, rights holders could receive a more than generous compensation equivalent to 20 per cent of their current revenues. A fee that fell solely on broadband users - who do the most file trading - would amount to little more than a dollar a week: the price of an iTunes song, or half of a Napster subscription. A move would give a tonic to hardware vendors such as Apple and both wireline and wireless infrastructure providers by boosting demand for their products: so it's hard to understand why computer companies and the mechanical copyright holders are united against such a move. Alliances based on short-term greed often win the day, but in the long run, such companies exist only to shift more product. This one will run and run. ® Related stories Free legal downloads for $6 a month. DRM free. The artists get paid. We explain how... Why wireless will end 'piracy' and doom DRM and TCPA - Jim Griffin
Andrew Orlowski, 10 Mar 2004

Sun nails StarOffice win in India

Sun Microsystems has outmanoeuvred Microsoft with a StarOffice win in the Indian state of Haryana. The Haryana government has signed a memorandum of understanding (MOU) with Sun to use StarOffice 7 across all state departments. This marks a major deal for Sun and open source software in India and adds to a trend of governments looking to use free software instead of Microsoft's products. "We are extremely pleased to enter into this agreement with Sun Microsystems," said Dr Harbaksh Singh, the commissioner and secretary to the government of Haryana's electronics and IT department. "The MOU marks a landmark agreement for us in our efforts to drive IT adoption in the state. This deal with Sun will enable the government of Haryana to significantly ramp up desktop penetration within its departments, as the cost of installing desktops are expected to come down dramatically." StarOffice is Sun's version of the open source OpenOffice productivity suite designed to compete against Microsoft Office. StarOffice runs on Windows, Linux and Solaris and is priced at between $25 and $50 per user for government customers. Last month, Sun won a deal with United India Insurance for 10,000 StarOffice licenses. In addition, government bodies in the UK, Germany, Brazil and parts of Asia have been on an open source software tear, looking at software such as StarOffice and also the Linux operating system. ® Related stories Sun finally ships StarOffice for Solaris x86 Sun tunes up StarOffice Slurpee in Japan Sun's Linux desktop off to flying start
Ashlee Vance, 10 Mar 2004

Intel won't play by China's Wi-Fi rules

Intel will stop selling its 802.11 WLAN products in the People's Republic of China because it refuses to comply with the country's home-grown proprietary encryption technology. Beijing has mandated that from June, equipment must conform to its own WAPI, or WLAN Authentication and Privacy Infrastructure standard, GB15629.11-2003. The move has been variously interpreted as a measure to protect China's own emerging technology manufacturers and as a national security ploy. It might not cost the US chip giant very much - sober estimates reckon the Chinese WLAN market is worth just $24m right now - but it is the latest installment in which the upcoming superpower is setting the terms of engagement. WLAN compliance has divided US exporters. Texas Instruments, Cisco's Linksys and Atheros say they're willing to comply with WAPI, while Broadcom, and now Intel, would rather withdraw from the market. China ensures that foreign capital stays in the country and demands joint ventures, with technology investors, in which the latter are encouraged to share their IP. With a long engineering tradition and a high investment in education, the PRC has little reason to believe that it needs to be dependent on expensive foreign technology. China is developing its own third generation mobile phone technology, TD-SCDMA, its own DSPs and its own PC microprocessor, Godson, and intends to deploy Linux widely. Spooks' concerns have bedevilled wireless trade between the two countries before. Beijing was wary of adopting Qualcomm's CDMA technology which would have left its mobile phone infrastructure at the mercy of the US Department of Defense. CDMA uses the DOD-controlled satellite network to synchronize its base stations. Neither W-CDMA nor China's home grown TD-SCDMA have this disadvantage. ® Related stories Occidents will happen: China rips up the 3G rulebook China doubles DIY 3G bounty China's 64-bit chip gains ground
Andrew Orlowski, 10 Mar 2004