5th > July > 2004 Archive

UK website flogs forged degree certificates

A British-based website is offering good quality forged degree and A level certificates for just £165. They include a medical degree from Oxford University, a BA from the University of Strathclyde and a complete set of GCSEs. The certificates arrived a few days after order, and included forged signatures, stamps and watermarks, according to The Guardian which uncovered the scam. The man behind the site has been questioned by police but never successfully prosecuted. It is not against the law to make fake school exam certificates and it has proved too difficult and expensive to prosecute him for forging university certificates. Barry Sheerman, chairman of the Commons education committee, told The Guardian the scam was "terrifying". He suspects a database of qualifications will be needed and will raise the matter with Education Minister Charles Clark. Dr Peter West, secretary of the University of Strathclyde, was surprised at how real the degree certificate looked, but found nine small errors. He said: "It does look quite authentic. It is deeply offensive to us and all graduates who have worked for their degrees." A spokesman for Oxford University said the integrity of academic qualifications should concern everyone, not just those from the institutions named. ® Related stories Americans lost $2.4bn to net fraudsters in 2003 Did Rumsfeld ban Iraq camera phones? UK fraud laws to get millennium facelift
John Oates, 05 Jul 2004

IBM opens RFID test centre

IBM has opened up the doors on a new European test and interoperability laboratory for piloting and proving radio frequency identification technologies. The adoption of RFID will not only help retailers and consumer goods manufacturers better manage their stocks, it will also offer a potential windfall for the likes of IBM Global Services, Accenture and Computer Sciences. The new centre, which is based in Nice, France, will test RFID chips, data-collection readers and related applications software to find out if they integrate effectively and work well together. It will mirror the facilities of IBM's existing RFID testing laboratories at Gaithersburg, Maryland and Kanagawa, Japan. Last month, RSA Security said it would start to offer early adopters of RFID technologies a range of application security test and design services. But it is the big services firms of Accenture, Computer Sciences, Deloitte Touche Tohmatsu, and IBM Global Services that stand to gain the most from RFID adoption. According to the latest market forecasts, manufacturers are expected to spend $3bn on RFID technology and services in 2007, up dramatically from current spending levels of about $500m. Some 1,000 IBM employees are already involved to some extent with RFID. RFID technology is poised to revolutionise the way products are manufactured, tracked, sold, and bought across business supply chains. RFID uses low-powered radio transmitters to read data stored in smart tags embedded with tiny chips and antennas. The tags are attached to packaged goods that can communicate with electronic reading devices and deliver a message to a computer that alerts retailers and suppliers when a product is taken off a store shelf or moved out of a warehouse. The business benefits being mooted for RFID are particularly compelling to retailers and consumer packaged goods companies. Procter & Gamble estimates between 10 per cent and 16 per cent of its products may be out of stock at any one time. Reducing that by just 10 per cent to 20 per cent could mean a revenue boost of between 1 and 3 per cent, worth more than $400m. Source: ComputerWire/Datamonitor Related stories Munich faces RFID-controlled congestion charge US lubes passports with RFID snake oil Wal-Mart attracts more RFID flak German revolt against RFID Exel trials RFID in House of Fraser European retailers have the hots for RFID
Datamonitor, 05 Jul 2004

Chip sales soar in May

The world continues to buy ever larger quantities of semiconductors, with the chip industry selling $17.32bn worth of them in May 2004, 2.1 per cent more than it did in April and 36.9 per cent more than it sold in May 2003. According to the Semiconductor Industry Association (SIA), there's usually a jump in chip sales mid way through Q2. However, May's figures represent the highest monthly sales since December 2000. Sales went up in all regions, except Europe. Sales in Asia-Pacific rose the most - 4.5 per cent sequentially and 54.2 per cent year-on-year to $7.21bn. Japan followed a two per cent sequential growth took sales to $3.73bn, up 25.1 per cent over May 2003. The Americas experienced a meagre 0.2 per cent sequential growth rate - 26.5 per cent year-on-year - with sales of $3.2bn. Europe's decline was just 1.2 per cent, with sales falling to $3.18bn, though that still represents a 29.1 per cent increase year-on-year - second only to Asia-Pacific. According to the SIA, most product segments saw traditional growth patterns, though chips for communications kit saw particularly high demand on the back of "robust" sales of mobile phones. ® Related stories Chip biz breaks quarterly fab spend record SIA: 2004 will be chip biz's best yet ATI breaks revenue record Intel aims high with Q2 forecast Replacement kit dominates world PC sales
Tony Smith, 05 Jul 2004

Sender authentication is coming

Sender authentication will almost certainly become a de facto standard part of the Internet's email infrastructure over the next few years, but it will not stop the spam problem by itself. Microsoft, in a refreshing break from its usual standards strategy, has merged its Caller ID For Email specification with that of a competing independent project, Sender Policy Framework. The merged spec, now called Sender ID, is going through the Internet Engineering Task Force and is already gaining significant support. SPF is already supported by tens of thousands of email servers, and Sender ID will be backwards compatible. Some companies are deploying SPF now with that in mind. Some of the biggest email providers in the world, namely AOL, Microsoft, and Yahoo are promoting Sender ID, along with Comcast and EarthLink in the US, and BT in the UK. Sendmail is adding support to its mail transfer agents. Sender ID is expected to be relatively simple to deploy, requiring little ongoing maintenance. In essence, all you need to do is publish the IP addresses of approved outgoing email MTAs in your domain name records. When your users send email, the recipient can make sure the mail is coming from authorized IP addresses by checking the DNS for the domain in the "From:" field. The spec is designed to mitigate the problem that a good 95 per cent of spam, not to mention joe-jobs (spam forged to appear as though it came from an innocent party) and email worms, use spoofed From: information to hide their source. Fortunately, it's a lot harder to spoof source IP addresses, although it is possible. Experts point out that if hackers gain the ability to forge IP addresses on a large scale, we'll have bigger problems to worry about than spam. Sender ID won't solve the spam problem. At first nobody will make an accept/deny filtering decision based purely on the fact that the sender is authenticated, but they will likely use it as a heavily weighted factor to consider during a spam scoring operation. There are also many legitimate reasons why a good email may originate from an IP address outside the authorized range, mainly to do with remote and traveling workers and mobile devices. It should also be considered that spammers will very probably start to publish their own Sender ID records, meaning the authentication will be pointless. There's also the problem that a compromised MTA could be used to send spam. While Sender ID will not be a cure-all for spam or worms, it will probably do a good job of reducing the number of phishing attacks. The rate of adoption and support being seen in the industry means it will soon no longer be a question of if it will become the norm, but when. Source: ComputerWire/Datamonitor Related stories Anti-phishing group backs email authentication Chairman Bill's magic spam cure - a revenue opportunity? We'll kill spam in two years - Gates
Datamonitor, 05 Jul 2004

Intel to tackle Sempron with 'Celeron price cuts'

Intel will trim the prices of its desktop Celeron chips on 22 August in a bid to fend off AMD's pitch against the value processor line with its own Sempron range. So claims DigiTimes, which reckons prices will fall by up to 13.6 per cent. The cuts take in recently released 90nm Celeron D chips as well as older, 130nm parts, its Taiwanese industry sources say. Paring back Celeron D will help boost sales of Intel's i915 chipset family - aka Grantsdale - the sources added. This snippet provides more support for suggestions that Intel will offer Socket-T Celerons in the very near future. Intel's Celeron roadmap appears to include the arrival of a 2.93GHz part in August, the Celeron 340, a point Digitime's sources also make. A 3.06GHz version is expected at the start of Q4. ® Related stories PC maker confirms 775-pin Celeron D Intel launches 90nm Celerons Intel prunes pre-Grantsdale P4 chipset prices AMD readies low-cost Sempron CPUs AMD preps revitalised value CPU line
Tony Smith, 05 Jul 2004

Dunes manages the heterogeneous virtual machine

In the largest server sector of all, namely those operating on Intel and AMD based processors, the virtualisation of computers has become something of a fashion tidal wave with vendors such as VMware, the major server suppliers and even Microsoft all actively promoting the benefits of this approach to computing. Into this heady world has stepped a small Swiss company, Dunes Technology, with software for the administration of virtual machine environments utilising a "service management" approach. In essence, the S-Ops v2.2 software provides unified management and control capabilities for distributed virtual resources, across the enterprise. The software enables enterprise IT, service providers and software vendors to supply customers and business users rapidly, efficiently and cost-effectively with personalised services running on virtual machines. The unified control of distributed heterogeneous virtual resources makes it possible for virtual resources to be aggregated into manageable "services". In this way multiple software, virtual and hardware resources to be managed as one pool of assets dedicated to a specific business activity. The software supplies capabilities to handle the provisioning (create, control, deploy) of virtual services along with strong monitoring functionality to handle service status, performance and alarm reporting. All capabilities require the use of an S-Ops agent to be deployed on the platforms to be managed. Last month, the company added policy based orchestration for virtual machines with the launch of the Dunes Policy software. This tool enables the definition, validation and implementation of custom scripted policies to automate service and operation level management. Dunes Policy provides an integrated development environment (IDE) and the tools required to allow policies to be articulated, modelled, tested, implemented and re-used. Dunes Policy also allows the policies to be implemented as wizards as well as traditional scripts. Currently, VMware's ESX and GSX servers along with VMware Workstation virtual machines form the bulk of platforms managed. However, it should be noted that S-Ops also provides support for Microsoft Virtual Server (beta version) and Microsoft Virtual PC, thereby supplying valuable heterogeneous platform management capabilities. Stephane Broquere, president and CEO of Dunes, said: "With S-Ops, IT professionals can benefit from the ability to compose, deliver and guarantee personalised services on demand. S-Ops management technology takes full advantage of VMware and Microsoft virtualisation software to provide a means by which our customers can align the needs of virtual resources with that of the physical resources capacity in order to meet business objectives." Both leading virtual machine providers, VMware and Microsoft, deliver their own management tools, S-Ops may appeal to larger organisations and service providers that operate both virtual machine platforms. The addition of policy management capabilities that can operate across both environments and the ability to build virtual services, not just virtual machines, may attract further attention. It is clear that the investment in virtual machine technologies continues apace in vendors large and small, reflecting the potential benefits that this approach can deliver. © IT-Analysis.com Related stories Virtual machines come to Opteron, 64-bit Xeon VMware's virtual software gets ever more real Rise of the virtual machine
Tony Lock, 05 Jul 2004

Beehive pollinates Eclipse

Java's success is based on the write-once, run-anywhere promise. But as the number of development environments increased the view for developers was not as rosy. The development user interface varied by vendor, as did the application development frameworks, which were used to develop Java more rapidly and consistently. This meant that developers could not move easily from one environment to another, as they needed to learn a new user interface and worse a new set of frameworks and controls. Even worse, the frameworks might not run on all platforms. The obvious competitor to Java is Microsoft .NET. which provides a single development experience and runs on a multitude of Microsoft platforms. Thus it is attractive to the developer even if it is not as flexible in its deployment. Developers often choose the development and therefore the runtime environments - or at least are key influencers in that decision. The consistency of the development environment increases the portability of the developer and that has an influence on their choice of platform. Both IBM and BEA understand this argument, and have offered technology to the open source community that will make the developer environment more consistent. IBM handed over Eclipse, a platform for tools integration. BEA handed over Beehive, an application framework, to Apache. These two threads were brought together with the announcement that: SAN FRANCISCO, JAVAONE 2004 CONFERENCE-June 28, 2004-The Eclipse Foundation, a community committed to the implementation of a universal platform for tools integration, along with Instantiations, Inc., a leading provider of advanced Java development solutions, and BEA Systems (NASDAQ: BEAS), the world's leading application infrastructure software company, today announced the creation of 'Pollinate'. Pollinate is a new open-source incubator project focused on creating an Eclipse-based development environment and toolset to be named 'Eclipse Pollinate.' Eclipse Pollinate, which will be designed to integrate with Apache Beehive, the industry's first easy-to-use, cross-container, open-source application framework for building service-oriented architectures (SOAs) and enterprise Java applications, is being developed to help enable developers to more easily develop and deploy service-based and J2EE-based applications. This is a major step in keeping the Java developers happy. It should make it more likely that they will recommend a Java environment. The application development pie is increasing in size - Pollinate will ensure that Java increases in line with the total pie and should enable Java to increase its share. This increase in the Java market is why BEA is so firmly behind, you could say leading from the back, this initiative. I believe this is the first step in bringing Beehive and Eclipse even closer together and as the initiative matures I would expect the major players, BEA, IBM, Sun and others to take further steps to line up. For example, neither IBM nor Sun has openly embraced Beehive, and BEA has not re-factored its IDE on Eclipse. Moves of these sorts are affected by technology requirements and commercial benefits and each player will choose the most opportune moment to make the move. I would expect to see further moves from all parties in the next twelve months. © IT-Analysis.com Related stories Software giants feel open source pressure MS baits .Net with CE 5 MS Compact Framework squares up to Java
Peter Abrahams, 05 Jul 2004

Spanish Zombie PC virus author jailed

A Spanish man was sent to jail for two years last week after being convicted of virus writing. Óscar López Hinarejos, 26, was also ordered to pay compensation to his victims for writing the Cabronator Trojan. Valencia Crown Court heard that Cabronator infected 100,000 machines. The Trojan surrendered control of infected PCs to hackers who were able to harvest personal details from compromised PCs or turn into drones in a zombie attack network, all controlled over an IRC channel. The Spanish Civil Guard arrested Lopez Hinojosa in April 2003. He is the first virus writer to be jailed in Spain. ® Related stories Hungarian virus writer avoids jail Taiwanese engineer 'assisted Chinese hackers' Phatbot arrest throws open trade in zombie PCs Welsh virus writer Vallor jailed for two years Busting the Worm Writers
John Leyden, 05 Jul 2004

Dell issues adaptor electric shock warning

Dell has warned that around 38,000 power adaptors it shipped between December 2003 and May 2004 could cause electric shocks. The problematic product is an Auto/Air Adaptor accessory offered alongside a number of Latitude, Inspiron and Precision notebooks between those dates. According to Dell, the adaptor was sold with the Latitude X300, D400, D500, D505, D600 and D800, the Inspiron 300m, 500m, 510M, 600m, I8500, I8600 and the Precision M60. The adaptor was also sold separately. It can be recognised by the words "DELL" and "Dell P/N W1451" printed on the top of the adaptors. At issue is the use of the adaptor with third-party power cables. Says Dell: "It is possible for a consumer to plug into the adaptor certain power cords not intended for use with it, which could pose a shock hazard." However, no one has yet reported such an injury, the company added. Dell said it has developed a small unit with connects to the adaptor and prevents it being used with industry standard power cables as well as the original cables shipped with the Auto/Air Adaptor. Dell will send out new cables and the attachment unit free of charge. "Until they receive and implement their retrofit kit, customers should not connect any power cable to the adapter other than the cables that were provided with the product at the time of purchase," the PC giant warned. Dell said it is contacting customers, but has set up a range of international numbers for concerned buyers to call to obtain more information. This list of numbers can be found here. ® Related stories HP recalls notebook RAM Intel recalls faulty Grantsdale chipsets Kyocera recalls exploding PalmOS phone battery PalmOne settles m500 synchro class action Fujitsu HDD fiasco to end in $42.5m pay-out
Tony Smith, 05 Jul 2004

Cableco 'inside job' aided Dutch 419ers

The 52 Nigerian 419ers arrested in Amsterdam earlier this year had "inside help" from cable company UPC, the company's security officer Norbert Spekking admitted last week. Someone within UPC provided the scammers with cable modems - a fact which escaped the company because the users weren't registered. Spekking, who testified against 15 Nigerian scammers in an Amsterdam court last week, says the swindlers used these modems to churn out out thousands of scam emails. Normally, the Dutch cable operator would not tolerate this kind of behaviour. Last year UPC's Internet subsidiary Chello summarily cut off dozens of subscribers spewing 419 emails; but the unregistered scammers continued unmonitored, at least for a while. About a year ago UPC discovered that more than 200 cable modems had been stolen and sold to mostly hackers and spammers through an illicit company which promised lifelong cable subscriptions for just €350. In February 2003, police arrested six suspects, including one accomplice at UPC. Some of these modems may have been sold to the 419ers in Amsterdam. UPC is still investigating. Since the arrests earlier this year in what is believed to be the biggest raid of its kind, almost no 419 spam has been sent through UPC's network. Scam emails purporting to come from Winners Rainbow Lotto or Pinga Kasenda, son of the late foreign affairs minister to the Federal Republic of Zaire, have since been monitored arriving via ASDL providers Zonnet and Bbned. ® Related stories Dutch police arrest 52 email scammers Amsterdam: home of the 419 lottery scam 419 gang scam themselves into the slammer
Jan Libbenga, 05 Jul 2004

IE workaround a non-starter

Doubts have been raised about the effectiveness of a workaround issued by Microsoft to guard against a potentially devastating vulnerability in IE. Left unchecked the flaw creates a means for hackers to turn popular websites into conduits for viral transmission. On 24 June many websites running Microsoft's IIS 5 Web server software were infected with malicious JavaScript code called Download.Ject. If IE users visited websites hosting Download.Ject their PCs attempted to download a virus from a Russian website. This website was quickly shut down, but the incident illustrated serious security shortcomings with IE and prompted security clearing house US-CERT to advise users to ditch IE in favour of alternative browsers. Last Friday, Microsoft rolled out configuration changes to the Windows XP, Windows Server 2003 and Windows 2000 designed to protect against the Download.Ject attack as a workaround prior to the availability of patches. But postings to the insecure.org full disclosure mailing list over the weekend provide evidence that a slightly modified exploit can still yield full system compromise even on systems that have applied the workaround. Users are advised to disable Active Scripting, except for trusted websites, as a precaution, until Microsoft comes out with a fix. Alternative browsers such as Mozilla, Opera or Netscape - which are not subject to this IE-specific attack - remain a much safer option. ® Related stories Microsoft half fixes serious IE vuln Malware attacks IE users via pop-ups CERT recommends anything but IE Internet Explorer. Quick, call security! MS hatches June patch batch
John Leyden, 05 Jul 2004

Vodafone's adult filter is go

Vodafone has implemented its adult content blocker, to rapturous applause from child protection groups, and irritated cries of "Hey, where'd my websites go?" from some of its users. Adult content is not just porn - the definition includes gambling sites, chat and dating services and content and games classified as violent. The company has implemented a blanket ban on access to such services, requiring users to register as adults, providing proof of age, if they want to opt back in to these sites. The system has already earned Vodafone a nod from Privacy International (PI). PI has nominated the content filtering system for the "Most Appalling Project" category of its annual Big Brother Awards. Other contenders in this category are the US Safe Harbour Agreement, and the NHS' National Project for IT. It seems, however, that the implementation of the service has not been trouble free. Register readers have found themselves blocked, not from adult content, but from all their corporate email and data service applications. Registering as an adult user has also proved troublesome for some: You can't turn it off on your phone - you have to go to a browser and create a 'my voda' account before you can clear it. I was hopeful that this would fix it but unfortunately to prove your age you have to use a credit card. They only accept mastercard or visa, I only have an amex!! Other Vodafone users say the company's customer services line could only say that there had been a major network problem, and they did not know when it would be fixed. Vodafone says that any changes to a system that has 14 million users is bound to have some teething problems. A spokesman told El Reg: "We haven't had any complaints over the weekend, so we think the wrinkles have been ironed out." In January this year, all the major UK network operators; O2, 3, Vodafone, Orange and T-Mobile, agreed a code of practice designed to restrict access to adult content with the aim of protecting children from unsuitable material. They signed up to have their filters in place by the end of this year. At the moment, Vodafone itself is in charge of deciding what is and what is not adult content on its network, although by the end of the year, an independent body is expected to take over the role of censor for the industry as a whole. This shouldn't mean customers need to re-register, Vodafone says, as it has taken a very conservative approach to rating content. "It is more likely stuff will drop out of the blocked list, rather than being added to it," a spokesman said. Vodafone said earlier this year that the mobile industry had approached a number of bodies who might fill the role, but that there had been no firm decision as yet. Bodies such as ICSTIS and the Internet Watch Foundation are rumoured to be likely candidates. ® Related stories Mobile porn is a 'time bomb' Ireland to build register of 3G phone users Porn and the handset
Lucy Sherriff, 05 Jul 2004

Seagate targets rival with import ban demand

Seagate has escalated its legal assault on rival micro hard drive maker Cornice by asking the US International Trade Commission to ban the import into the US of any product that contains a Cornice 1in drive. If enforced the ban could hit the likes of MP3 player makers Aiwa (ie. Sony), iRiver, Element, Rio and RCA (ie. Thomson), and other vendors, including Digitalway. Seagate claims Cornice's 1in drive, the Cornice Storage Element (CSE), infringes six of its patents. In June, it slapped its rival with a lawsuit seeking not only a ban on the sale of CSE in the US but the payment of damages. Last week, fellow drive maker Western Digital also took a pot shot at Cornice. It has launched its own lawsuit, alleging that Cornice violated seven of its patents in the development of CSE. The suit, filed with the US District Court for Orange County, California, also seeks a ban on the sale of CSE in the US and monetary damages. To date, Cornice has not responded to either action. ® Related stories Seagate gets litigious with small hard drive rival Western Digital sues Cornice Seagate unveils 'tiny to terabyte' hard drives Hitachi production ramp-up = cheaper storage Hitachi to boost 1in HDD output A hard drive smaller than an inch
Tony Smith, 05 Jul 2004

Payment card industry cleans up its act

Apacs, the Association for Payment Clearing Services, has upgraded its guidelines for the kind of websites its members should take payment from. Previous guidelines warned card issuers not to provide services to any site which was likely to bring the industry into disrepute. A spokeswoman for Apacs said the guidelines needed upgrading because they were originally outlined seven years ago. Apacs members will not "do business with Internet sites that sell content or merchandise inciting, advocating or perpetuating activities such as child pornography, racism, terrorism and violence against persons, including scenes of sexual violence." The specific guidelines are offered as advice to Apacs members. The Apacs spokeswoman said: "Banks provide payment services for websites and we've always said those facilities should only be offered to ethical companies and not damage the reputation of the card industry. We're not banning porn." She added that Apacs guidelines cover UK-based companies. It is up to individual banks to withdraw services from sites they believe are in breach of the guidelines. The move follows a campaign by the family of Jane Longhurst who was murdered in Brighton by Graham Coutts, a keen consumer of necrophiliac websites. The Longhurst family called for tighter regulation of such websites. ® Related stories Police to monitor chat rooms BT's modest plan to clean up the Net ISPA: users should report dodgy content... UK web hosts spurn illegal content
John Oates, 05 Jul 2004

Bank issues cashpoint warning

First Direct has written to one hundred thousand of its customers warning them of the danger of cashpoint-based fraud. The bank is warning the ten per cent of its customers who use cashpoints most frequently that they are increasing the risk of being a victim of such fraud. A spokeswoman for First Direct told The Register: "It is like crossing the road, every time you do it there is a small risk, so you shouldn't do it more than you have to. If someone is taking out £20 three times a day they're increasing their chances of cashpoint fraud." Apacs estimates £39m was lost to cashpoint fraud in 2003. The spokeswoman said the bank was not advocating carrying large amounts of cash: "We are just warning people of the risks and advising them that there are alternatives," she said. Police in Carlisle, Cumbria last month found a device attached to an cashpoint which copied cards put in the machine. Thieves had also installed a pinhole camera to pick up customers PIN numbers. ® Related stories Phishing attacks on the rise Thieves ravage Texan ATMs Halifax users locked out of ATMs
John Oates, 05 Jul 2004

Daleks invade New York

New York residents are today contemplating how close they came to "extoimination" after the Sun draped a Dalek in the flag of St George and let it loose in Times Square. The UK tabloid has launched a laudable campaign to demand that the Daleks be allowed to participate in the forthcoming relaunch of Dr Who. Negotiations between the BBC and the estate of the late Terry Nation regarding editorial control last week broke down, resulting in the stairphobic salt-cellars stropping off back to their home planet. The New York invasion came hot on the heels of an earlier protest in Southampton. One outraged Big Apple local is quoted as saying: "How can deez guys at da BBC dump da Daleks? Dat’s ridiculous. Dey need extoiminating." Another chipped in: "I grew up watching the Daleks. It’s hard to believe a race hellbent on galactic domination will let a few suits at a TV company stop them." Quite so. It appears that the BBC now faces a powerful alliance of malevolent machine and tabloid muscle, although rumours that the Sun will feature a week of topless Daleks on Page 3 (Davros, 21, from Skaro), remain unconfirmed. ® Related stories Daleks boycott Dr Who Doctor Who fans applaud new assistant
Lester Haines, 05 Jul 2004

Software patents under attack

The Electronic Frontier Foundation has assembled a crack team of software and legal experts to challenge what it sees as ten of the most dangerous software patents ever awarded. It is seeking nothing less than the overturn of all ten. The group says that these patents, including Ideaflood's infamous "System apparatus and method for hosting and assigning domain names on a wide area network", are too broad, and pose a threat to innovation, and possibly to freedom of expression online. To qualify for inclusion in the list, the patent holders also had to make attempts to enforce their IP. The EFF says in a statement: Every single one of the targeted patents is held by an entity that has threatened or brought lawsuits against small businesses, individuals, or nonprofits. Others that made the list are Clear Channel's patent which covers production of post-concert live recordings on digital media; Acceris' patent covering phone calls routed over the Net and Nintendo's patent covering a software emulator for handheld video game platforms. As part of its challenge to the patents, the EFF is launching a mammoth search for prior art. However, it acknowledges that finding it may be difficult. In an interview with The New York Times, one of the lawyers involved, Jason Schultz, said that finding the documentation to support a prior art claim is often difficult: "A lot of code is done, dumped and never documented." One of those named in the list, Test.com, has been in touch with the EFF since the launch of the campaign. Chief exec, James Posch, said that his company had no intention of pursuing non-profit organisations for license fees, and would work with the EFF to develop a formal restriction that would exempt such users from its patent, NY Times reports. The company holds a patent for an Internet test taking method, and according to EFF, has been in contact with various universities, including Regis University and University of Tulsa. It has also told the media it would consider selling the patent to a larger organisation that would be more able to extract license fees from groups carrying out online testing, the EFF says. In separate news, the Dutch Parliament has directed Minister Brinkhorst and Secretary of State van Gennip, to withdraw Dutch support of the current text of the directive on computer implemented inventions. Minister Brinkhorst had told the Dutch Parliament that the text approved by the Council of Ministers was a compromise with the European Parliament. However, according to the FFII (Foundation for a Free Information Infrastructure), van Gennip "was forced to admit that this was incorrect information, and attributed it to 'an error in the word processor'." The Dutch Parliament was not impressed by this explanation, and instructed the ministers to withdraw their support of the directive and convert it to an abstention. Dieter Van Uytvanck, spokesman for the FFII in the Netherlands, said that a historic precedent has now been set, and called on other European nations whose parliaments have doubts about the directive to do the same. He said: "Let this be a lesson to the lawmakers in Brussels: the European citizen watches you closely. It is much better to take this into account from the beginning than to get into trouble later." ® Related stories Patents and the threat to open source Qualcomm claims victory in TI suit Microsoft patents the body electric UK firm patents software downloads EU software patents: how the vote was won
Lucy Sherriff, 05 Jul 2004

US group lobbies for the airborne mobile

A group in the US is seeking to standardise technology in consumer electronics devices so that people can use mobile phones and PDAs on airplanes. The Consumer Electronics Association (CEA) has said that it wants to develop new industry standards so that people will be able to use certain functions on mobile phones and PDAs while on-board commercial aircraft. Such functions could include games, word processors, music players and other features, but would exclude wireless functionality, which can affect critical communications systems used by pilots. At present, it is difficult for aircrews to determine if the wireless functionality on a mobile phone has been disabled. As a result, phones must be shut off entirely while the plane is in the air. "Many wireless devices can operate without transmitting, such as the use of a game player on a mobile phone, or the use of a personal organiser on a wireless PDA," said Douglas Johnson, senior director for technology policy at the CEA. "In these and similar cases, we expect it will be useful for airline passengers and others to know and be able to verify whether the wireless part of their device is enabled or disabled." A CEA working group, involving more than 35 representatives of wireless device and component manufacturers, airlines, pilots, and flight attendants, is developing an industry "recommended practice" in order to provide a standard way of showing that a wireless device's transmitter is disabled. The group aims to complete and distribute the recommended practice by autumn 2004. The group has said that its code could also be used for other locations where phone use is restricted, such as hospitals. The use of mobile phones in hospitals has been a matter of discussion on this side of the Atlantic in recent weeks, with Irish communications regulator ComReg saying that it is considering the introduction of so-called "interceptors," or devices that could be set up in hospitals and other locations that would prevent mobile users from making or receiving calls. Interceptors differ from phone-jamming equipment insofar as they allow calls to be made by people with special clearance, such as doctors or emergency workers. Meanwhile, in the UK, at the British Medical Association's annual conference last week, doctors called for a lifting of the UK Department of Health's ban on the use of phones in hospitals. Led by Dr Simon Calvert, the doctors have argued that the risk posed by the use of mobiles - which can affect the operation of medical equipment - was minimal. © ENN Related stories Mobiles in hospitals are safe, say doctors Time to challenge airline paranoia on wireless Mobile phone suspected in plane crash inquiry
ElectricNews.net, 05 Jul 2004

UK small.biz rejects outsourcing

Nearly nine out of ten UK small businesses do not feel that outsourcing will benefit them, new research has found. A study carried out by NOP World found that just 12 per cent of small firms had decided to move part of their production or administration process out of the business. Just 14 per cent said that they would consider outsourcing in the future, with most bosses seemingly determined to keep everything "in-house". Although outsourcing is seen as the domain of larger businesses, the Tenon Forum, which commissioned the research, said that small firms can also benefit from the process. Alan Newton, chairman of the Tenon Forum, said that small businesses still weren’t keen on outsourcing: "By outsourcing a business function to an external specialist, companies can direct their time and energy on what they do best - running their business - with savings in efficiency far outweighing any initial costs. "This message has got through to larger companies, but is clearly still not reaching the majority of small business owners who, more than anyone, can benefit from a more focused use of their time," he added. Copyright © 2004, Related stories IT outsourcing goes east Inverclyde IT staff fight outsource threat Outsourced IT staff fingered porn stash banker PCG slams Abbey's India jobs move Northern Ireland touts low IT wages
Startups.co.uk, 05 Jul 2004

EU ruling set to can business spam

A new European ruling has made it possible for small businesses to block unsolicited emails, telephone calls and faxes, a law firm has claimed. Glaisyers said that under the European directive, firms will be able to op-out from direct marketing campaigns from other businesses. By registering with the Direct Marketing Association’s Corporate Telephone Preference Service, bosses will be able to stem the tide of spam which has threatened the productivity of many UK businesses. Until now, only private individuals have been able to opt-out from such direct selling techniques. However, the ruling will be bad news for small firms that rely on direct business-to-business marketing for sales, coming less than a year since the government banned companies from sending spam to individuals without their prior consent. Joanne Sanders, of Glaisyers, said there are two sides to this new ruling: "On one hand, it will be of benefit to the countless organisations who feel they are being plagued by unsolicited calls and faxes that waste staff time and resources. On the other, there are plenty of legitimate direct selling operations that rely on ‘cold calling’ to generate a stream of new business leads. "They could see a significant reduction in the potential of the telephone as a sales medium and may need to find alternatives. We'll have to see how the new ruling works in practice," she added, before cryptically concluding: "A fox appears to have been given the job of minding the chicken shed." Copyright © 2004, Related stories EU attacks anti-spam industry Europe drags heels in war on spam EC seeks to stamp out Net child porn, racism and spam
Startups.co.uk, 05 Jul 2004

BBC faces online shake-up

A report into the BBC's online activities has recommended that the broadcaster should take a tougher line on its public service remit and stop replicating content which is, or could be, supplied by private companies. The Graf report calls for the closure of some BBC sites. The BBC, which has four months to respond to the report, has already decided to cull some content. FantasyFootball, the Games portal, the Surfing portal, Pure Soap and central What's On events listing guide will all close. The Surfing portal, btw, has nothing to do with the Internet but contains information about waves and stuff. Culture Secretary Tessa Jowell said: "Philip [Graf]'s excellent report provides some constructive pointers for how they can do this. It is now up to the Governors to respond on how they plan to redefine the purposes and aims of BBC Online, so that they are more closely aligned to the public service remit of the BBC." The report calls for all online activity to be judged by the BBC's public service remit. It recommends a precautionary principle - a proposed new service should not launch if there is a close call between the public service benefit and its costs. Two governors should be appointed, one with new media expertise and one with knowledge of competition law, to oversee the BBC's online activities. The report also recommends at least 25 per cent of BBC online content should be supplied by external independent companies. Hugo Drayton, managing director of the Telegraph Group and chairman of lobby group the British Internet Publishers Alliance, welcomed the news: "It's fantastic. We've been on the case for six years. It's an indictment of the Department of Culture, Media and Sport and of the BBC governors that it has taken so long to get movement on this. There is a clear view that the BBC's activities online need to be regulated and reduced." he said he would happily take up a seat as governor. A spokeswoman for the BBC said the sites will close at the end of the financial year and staff will be redeployed. "It's too early to say whether the other changes will result in job losses. Graf called for 25 per cent external spending - we currently spend about 13 per cent externally." The BBC has until October to respond to the report, which forms part of the wider review of the BBC's Royal Charter. The report is available for download here. ® Related stories BBC news site facing extinction? Has Ken Kesey infiltrated BBC News online? BBC ditches online ads plan
John Oates, 05 Jul 2004

Credit card details published on Web

It was five years ago today...It was five years ago today... Anyone who has ever used a credit card online must be familiar with that slight twinge of uneasiness, that "what if these details ever leaked out into the public domain" moment. And here's why: Credit card details published on Web after hack attack By Tim Richardson Published Monday 5th July 1999 13:31 GMT The names, addresses and credit card details of around half a dozen people have been published on the Net after a redundant site was hacked at the weekend. The site belonged to Ecstatic, a virtual marketing company that sold radiation shields for mobile phones before ceasing trading last month. Ecstatic's MD, Rash Naggar, is today trying to contact those involved to warn them that their personal details have been published. Naggar said he was told about the security breach on Saturday. He also received a number of nuisance calls over the weekend, although he said he has no idea who was behind them. Barry Ricketts, a former consultant at Ecstatic and one of the names published was audibly shaken by the experience. He questioned the security of the site - a view vigorously denied by London-based company NetDirect Internet which ran the site on behalf of Ecstatic. "We were sold the VeriSign server by NetDirect at considerable expense," said Ricketts. But in a statement from NetDirect, the ISP has put the source of the blame firmly at the feet of Ecstatic. "We have spoken to the customer, Mr Rash Naggar, who ceased retail trading in June and dismissed the employees of Ecstatic. We have been informed that there may have been a breach of security at the customer end. "We cannot be held responsible for the actions of disgruntled employees of Ecstatic who had access to passwords," it said. Details of the security breach were publicised by self-confessed hacker David Habanec, although he maintains he did not break into the site. Of course, we'd all like to believe this sort of cock-up is a thing of the past, but then we are reminded of the recent case of Softbank which rather magnificently managed to leak the details of four million broadband punters. However, instead of kicking off a round of bitter recriminations and name-calling, Softbank execs immediately executed a 50 per cent salary cut for themselves, as is the local custom. The moral of the story is this: cut up the card and deal only in cash - just be careful that you don't get stiffed at the cashpoint. ®
Team Register, 05 Jul 2004

UK reseller unveils 'video iPod'

Reg Kit WatchReg Kit Watch UK mobile device supplier Peripheral Corner has launched what it claims is the "Swiss Army Knife of gadgets" - a hard drive-equipped portable video player, the PV-330. The unit ships with up to 40GB of storage, ready for MP3 audio, MPEG 4 video and JPEG still photography to be pumped over from a host PC via USB 2.0. Playback comes courtesy of an on-board version of Real Networks' Real One Player. The PV-330 also contains 64MB of SDRAM for skip-free playback, and 2MB of Flash ROM. Content can be displayed on the PV-330's 3.5in, 480 x 234 LCD, but it also sports an RCA jack allowing it to be hooked up to a TV. It also has its own video encoder, based on the G.726 codec, allowing the unit to be connected to a DVD player, VCR, TV or set-top box and to record programmes in 320 x 240 at 24-28fps straight to disk. Audio can be recorded, too, both through the AV jacks and via a built-in microphone. The PV-330 appears to the PC as a standard external hard drive, so it can be used as a storage device for other file-types, too. It also ships with a utility to convert PowerPoint files into JPEGs, allowing Peripheral Corner to pitch the device as a portable presentation tool. The unit ships with its own remote control. The PV-330 weighs 350g and measures 13 x 8.4 x 3.3cm. Inside is a 1800mAh rechargeable Lithium Ion battery capable of delivering four hours' video playback. Peripheral Corner is offering the 40GB PV-330 now for £382 including VAT. ® Related stories Sony unveils HDD Walkman Sony to ship portable video, MP3 player Sony unveils video iPod iRiver to ship third 'video iPod' in July iRiver readies 'PC-free' colour music, photo player Personal video devices to challenge music players PortalPlayer Photo Edition paves way for Picture iPod Thomson to ship portable digital video, audio player Notebook makers want a place in your living room
Tony Smith, 05 Jul 2004

Microsoft SA - reasons to comply

Just over half of businesses renewing Microsoft Software Assurance say the primary reason for doing so is to reduce licensing fees and maintenance costs. The highest priority for 52 per cent of those surveyed was to lower license and maintenance charges. 43 per cent said the primary reason was to ensure licensing compliance. Four per cent said they were concerned with implementing software standards across the organisation. Despite professing a desire to cut costs many companies still carry out software audits manually. John Mahon, vice president of sales and marketing for Tally Systems EMEA, said: "Hundreds of man hours are wasted through manual inventory. It requires a high level of licensing expertise and depends on the accuracy of the information available that rarely exists in a raw 'exe' file collection or the Add/Remove Program data." Tally sells software which checks not just license compliance but also checks how regularly it is being used - more useful information when deciding on licenses. Mahon added: "When Microsoft SA costs approximately 25-29 per cent of the license purchase price, it is a sizeable expense for any business and miscalculations may result in overpaying. SA does have many benefits, however it is not compulsory and only an accurate inventory that reflects true usage of installed licenses reconciled with purchase records will enable the decision whether to renew or not to renew possible." Researchers talked to 190 people representing 175 companies. The survey was carried out for Tally Systems. ® Related stories C2000 gears up for Microsoft sales binge Customer rebellion spikes Microsoft quarterly results Today's MS Licensing 6.0 deadline to loom again tomorrow
John Oates, 05 Jul 2004

Shortlist for privacy 'Oscars' announced

The shortlist for this year's Big Brother awards for nasty privacy invaders has been released. The awards include: Worst Public Servant, Most Invasive Company, Most Appalling Project, Most Heinous Government Organisation and Lifetime Menace Award - now renamed the David Blunkett Lifetime Menace Award. Pressure group Privacy International, which organises the awards, said it was overwhelmed by nominations for Blunkett, the Home Office and national ID cards but they had been recognised in previous years. Simon Davies, director of Privacy International, said: "The nominations reflect a broad and intensified assault on the right to privacy in the UK. There is a clear hostility within government to privacy and a general antagonism to it from within business. We have seen few instances where privacy has been genuinely respected by large organisations." Contenders for Worst Public Servant are Margaret Hodge for her support for a database of children and "good behaviour" orders for children as young as eight. There is also a joint nomination in this category - Katherine Courtney and Stephen Harrison for their work in promoting the National ID card. Two nominations for Most Invasive Company - LloydsTSB for its insistence that customers report to a branch with documents to prove their identities and FollowUS - a company which allows you to track mobile phones for "security or fun". Favourite though is British Gas for blaming the Data Protection Act when an elderly couple died when British Gas disconnected their gas. There are three contenders for the Most Appalling Project prize. Vodafone is in the running for its decision to bar all "adult" sites. The NHS is there for its plan to "computerise all patient records in a way that is both insecure and dangerous to patient privacy." The Safe Harbour Agreement - which governs transmission of data between EU countries and the US, also gets a mention despite not being a UK-initiative. The awards ceremony takes place at the London School of Economics from 6.30pm on Wednesday 28 July. Full details are available here. If you are interested in attending the awards you need to register at UKBBA@privacy.org ® Related stories Vodafone's adult filter is go ID cards: a guide for technically-challenged PMs Blunkett states ID card aims but can he achieve them?
John Oates, 05 Jul 2004

ACI to outsource notebook output to India

UK system builder Allied Computers Industry (ACI) will begin outsourcing notebook production to India with a view to ceasing UK laptop production by September 2005. ACI will begin building its Ethos range of notebooks in the company's plant in Gandhinagar, Gujarat by the end of July 2004, chairman Hirji Patel told reporters today. The INR200m (£2.4m) facility will initially fulfil sales in the India and the UK. As more production moves to India, the plant will pump out kit for the Middle East, Sri Lanka, South Africa and East Africa. "This facility will help bring prices of notebook down even further and spark a massive boom in notebook market in all the companies of ACI's operations," said Patel. ® Related stories My job went to India... UK small.biz rejects outsourcing UK IT departments waste £165m a year Inverclyde IT staff fight outsource threat Job fears raised as Demon offshores tech support to India In praise of outsourcing El Reg moots Bangalore hack outsource plan
Tony Smith, 05 Jul 2004
Broken CD with wrench

China adopts mystery Internet Protocol

Reports from China that the country has widely adopted a next-generation Internet protocol, called IPv9, have raised eyebrows in the networking community. IPv9 which is "compatible with IPv4 and IPv6, has been formally adapted and popularised into the civil and commercial sector," the People's Daily reports. This was news to the sysadmin crowd on NANOG, who'd never heard of IPV9 as an established technical standard. IPv9 had been woven into an April Fool's joke dating from 1994, but that's about the only time it has been mentioned. We asked the IPv6 Task Force, a UK group formed last year to promote wider adoption of IPv6, the next generation Internet protocol, if they could shed any light. But they were equally perplexed by the Chinese reports which have been repeated unchallenged in the IT press today. Mat Ford, technology adviser to the IPv6 Task Force, said: "In the absence of any public technical specification, this is still in the category of 'sub-vapourware' at the moment." Christian de Larrinaga, vice-chairman of the IPv6 Task Force, said he'd made enquiries with senior figures in the China Internet industry today. "If I get something back that is useful I will let you know," he added. ® Related stories China snoops on text messages Brussels gets up to speed with IPv6 IPv6 Task Force UK works on five-year plan
John Leyden, 05 Jul 2004

Close the email wiretap loophole

OpinionOpinion Last week a Federal District Court in Boston decided that when someone reads your private email without your permission and before you receive it, it doesn't violate federal wiretap law. The ruling perfectly illustrates how we can frustrate the entire purpose of a statute simply by reading it too carefully. The case began when an online bookstore named Internloc decided to also become an online ISP... and a KGB. First it provided its clients with email and Internet access, then it became interested in its customers' communications with competitor Amazon.com, presumable to find out which books its customers were buying from Amazon, and not from them. Internloc modified its inbound mail server to make special copies of any incoming Amazon email for the company to read, without the customers' knowledge or consent. The US Attorney's Office for the District of Massachusetts indicted the company and its vice president, Brad Councilman, for violation of the federal wiretap law, Title 18 United States Code Section 2511, which makes it a crime to: "intentionally intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication." The charges seemed reasonable enough: the communications were certainly "intercepted" in the sense that they were read by the ISP before the recipient got them. But the federal court disagreed. The statute in question distinguishes between communication "in transmission," which is protected by the law, and one that is in "storage," defined as "any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof." Based on this language, the court held that, even though the ISP diverted the incoming emails and read them before the recipients even knew they were there, they did not "intercept" them in transmission, and therefore violated no law. This reading of the law is not really unique. Courts have held that the wiretap law required interception in transmission before - finding that seizing of a computer gaming company's email, perusing a secure website under false pretenses, reading an independent insurance agent's corporate email, installing and using tracking cookies, and even hacking into a computer and retrieving email does not violate the wiretap law. The courts have observed that to "intercept" something, according to the dictionary, is "to stop, seize, or interrupt in progress or course before arrival" and therefore that "a contemporaneous interception - i.e., an acquisition during flight - is required to implicate the Wiretap Act. The problem in the Boston case is that the ISP's reading of the email was as close to contemporaneous as you can get with the Internet. Paradox According to the indictment, Councilman worked his spying by virtually tapping the very means by which email is delivered on his company's system: he instructed his employees to modify the Procmail mail processing code to spin off a copy of any inbound mail originating from Amazon.com to a location where it would be accessible to Councilman and others in Interloc, who then read it. That means this diversion truly happened as the mails were in transit en route to the recipient. The "interception" was contemporaneous with the delivery of the email - in fact, it occurred moments before the email was delivered to the proper recipient. But that wasn't good enough to satisfy the wiretap statute, the judge found. Because the email was in the mail server's memory and incoming mail queue at the time of the interception, it was no longer in transit. That's not an unreasonable reading of the statute, but I am hard pressed to understand how emails could ever be truly "intercepted" in transmission under this law, as the packets that comprise them follow a "store and forward" model. I could program your ISP's router to send me a copy of every packet your computer transmits or receives, and it would be legal under the Boston court rationale. The FBI, NSA and CIA could have a field day, without the trouble of getting court orders. The government did not try to prosecute Councilman for violating the Stored Communications statute, 18 USC 2701, which makes it a crime to "intentionally exceed authorization to accesses a facility through which an electronic communication service is provided and thereby obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage in such system..." The court noted in passing that this provision might not apply to the actions of an ISP that has authorization to access the system, but not necessarily to read your mail. The troubling aspects of the Boston decision were even apparent to the judge, who pointed out, "[T]he storage-transit dichotomy ... may be less than apt to address current problems. ... Technology has, to some extent, overtaken language. Traveling the internet, electronic communications are often - perhaps constantly --both 'in transit' and 'in storage' simultaneously, an linguistic but not a technological paradox." The court also noted, "The Wiretap Act's purpose was, and continues to be, to protect the privacy of communications." It's time for Congress to step in on this one, and change a poorly written law that is ill adapted to current technology. This it should do quickly. As I have noted in previous articles in this space, this "loophole" threatens to extinguish the entire wiretap law, and acts as an open invitation to government agencies, ISPs, and others to read e-mails anywhere they are stored - even temporarily. Copyright © 2004, SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc. Related stories Brussels tables data retention law Emails that come back to haunt State senator drafts Google opt-out Bill Privacy in the workplace is a 'myth' UK Govt publishes revised snoopers charter
Mark Rasch, 05 Jul 2004

CSC German military mega deal scrapped over price row

A CSC-led consortium has failed to reach an agreement with the German Ministry of Defense over a planned $7.3bn IT and communications outsourcing contract. The failure highlights both the level of caution displayed by the German government toward outsourcing, and the increasing reluctance for outsourcing vendors to take on mega-deals without sufficient rewards. Computer Sciences Corp [CSC] leads the ISIC 21 consortium, which in April 2002 was named as the preferred bidder for the Project Herkules contract. Talks between the German Ministry of Defense and ISIC 21 broke down on Thursday because they could not agree on pricing. CSC started the bidding process for the contract back in 2000, and the costs of competing for and negotiating the deal have been an ultimately fruitless drain on the company's resources for four years. The refusal to agree final terms with ISIC 21 underlines the greater caution with which the country's public and private sector organizations approach outsourcing. CSC and its rivals IBM Global Services and EDS have all failed to replicate the financial success of their multi-billion-dollar US and UK outsourcing businesses in Germany. The Germans' caution is highlighted by the timetable set by the UK Ministry of Defence, which is currently assessing bids for a £5bn IT infrastructure outsourcing contract. CSC is leading another consortium pitching for the UK deal, which it expects to be awarded in early 2005, having been put out to tender in April 2003. The breakdown in negotiations also reflects the increasing caution among outsourcing vendors towards taking on long-term mega-deals. The recent financial problems suffered by EDS, in part triggered by its inability to generate a profit from its landmark contract with the US Navy and Marines, have highlighted that the development costs and operating risks of managing major deals often outweigh the expected profits. CSC's experience in Germany could deter the global outsourcing vendor community from pursuing any future deals in the country, and particularly with central government agencies. However, the Ministry is now expected to re-open talks with a rival consortium including IBM, Siemens, and Deutsche Telekom, which unsuccessfully bid against ISIC 21 three years ago. Source: ComputerWire/Datamonitor Related stories Eurofighter at risk of 'catastrophic failure' IBM, Logica spar for £80m MoD deal Iraq 'abuse' contractors go on the offensive
Datamonitor, 05 Jul 2004