20th > July > 2004 Archive

Virgin Mobile slashes share prices

Sir Richard Branson has been forced to cut the guide price for shares in Virgin Mobile after a poor reception for the company's roadshow - management presentations to institutional investors. Virgin shares were expected to be offered in the range 235p to 285p but that has now been cut to 200p to 220p per share. The company blamed tough market conditions for the move. Yesterday also saw Premier Foods, makers of Typhoo tea, cut its IPO price. Branson is also reducing the percentage of the company offered from 37 to 43 per cent to 25 per cent. The new price values the company at between £500m and £550m - about half of the original value. The float is widely seen as a precursor to Branson floating Virgin Mobile USA. Trading should start on Wednesday. ® Related stories VirginMobile float price may sink Virgin Mobile prices IPO at up to £713m Virgin Mobile gives it up for charity
John Oates, 20 Jul 2004

Sony/BMG merger gets the nod

The European Commission has approved the merger of Sony and BMG's respective music units. Competition Commissioner Mario Monti gave the deal the nod despite complaints from other labels and smaller independents that a merger would reduce competition and lead to higher prices for consumers. There are no conditions attached to EC approval. The new firm will account for 23 per cent of worldwide music sales, and one in three new releases in the US, according to Nielsen SoundScan. It still requires approval from the Federal Trade Commission in the US but that is expected within days. The deal will leave 80 per cent of the market in the hands of the "big four" - Sony/BMG, Vivendi Universal, EMI and Warner. European regulators said they would keep an eye on the market and would "carefully scrutinise" any further consolidation. ® Related stories BMG to punt cheap, no-frills CDs Sony - BMG wedding hit by EC spoiler London council clamps down on Sony and BMG
John Oates, 20 Jul 2004

EDS wins $1.1bn gig with BoA

Services giant EDS has signed up the Bank of America for a $1.1bn contract - despite being downgraded to junk status by credit agency Moody's late last week. EDS objected strongly to Moody's decision. The eight-and-a-half year deal covers the integration of recently-acquired FleetBoston Financial's network into Bank of America systems. EDS already runs BoA's network. The completed voice and data network will link 180,000 employees in 5,700 banks and 16,500 ATMs as well as supporting telephone and internet banking. As part of the outsourcing deal 150 FleetBoston IT staff will move to EDS. In February 2003 EDS began moving Bank of America onto a combined voice and data network - two thirds of branches are now connected. The press release is here ® Related stories Moody's junk-rates EDS debt NHS squares EDS over nixed email deal EDS Abbey flagship project in doubt
John Oates, 20 Jul 2004

Dolby adds High-Efficiency AAC to MPEG 4 patent pool

Dolby's licensing division is to make it easier for manufacturers to licence the more advanced form of the Apple iPod-friendly audio format, AAC. Via Licensing yesterday said it had partnered with the MPEG 4 Audio Licensing Committee to simplify access to key intellectual property behind High-Efficiency AAC - aka AAC Plus. HE AAC-related patents will be added to the broader MPEG 4 audio patent pool to provide one-off licensing. The move, they claim, will make it easier and - crucially - cheaper for companies to ship products that support HE AAC. That's not an indication of the iPod-led popularity of AAC. Rather it's the result of the DVD Forum's decision to mandate the use of HE AAC as the audio format for DVD 'ROM zones' - a new area that can be added to DVDs that provides computer-compatible content. HE AAC is also being deployed as the basis for audio streaming across 3G mobile phone networks. By contrast, Apple uses Low-Complexity AAC files. And in any case, its proprietary FairPlay DRM technology is not (yet) available for licensing, so the Via/MPEG 4 ALC's move isn't going to open the floodgates to true iPod clones. HE AAC uses a technique called Spectral Band Replication (SBR), which essentially provides room for higher levels of compression without losing sound quality. HE AAC encodes high-frequency sounds with SBR and low frequencies with regular AAC. HE AAC was developed by Dolby, Coding Technologies, AT&T, Sony, Philips, NEC and the Fraunhofer Institute, one of the co-developers of MP3. ® Related stories Macrovision and SunnComm court Apple for a seachange in CDs Digital home group touts convergence spec HMV iPods not compatible with store's music downloads DVD Forum backs CD/DVD hybrid Forum approves Apple music format for DVD Audio DVD Forum denies AAC for DVD Audio approval DVD Forum chooses Apple music format for DVD Audio Apple DMCA sends iTunes DRM decryptor offshore New workaround for Apple DRM
Tony Smith, 20 Jul 2004

AT&T goes live on 3G

AT&T Wireless is expected to announce its first 3G services in four US cities. The service will be available in Detroit, Phoenix, San Francisco and Seattle. AT&T Wireless is in the process of being bought by Cingular for $41bn but had a legal obligation to offer next generation services. AT&T had to offer 3G services in four cities by the end of the year or pay a penalty to Japanese mobile fim NTT DoCoMo. AT&T refused to give details of the new service ahead of a conference call later today but told the Seattle Times that executives from NTT DoCoMo, HP, Microsoft and Real Networks would join the call. AT&T originally planned to offer 3G in 13 cities by the middle of the year but problems with the technology meant those plans were scaled back. ® Related stories US groups lobby over VoIP regulation Famous American launches 4G - but this time, is anyone listening? AT&T back on the mobile road
John Oates, 20 Jul 2004

E-voting terminals: gambling with data?

OpinionOpinion Making electronic voting terminals more like slot machines won't keep elections secure from tampering. Neither will using ATMs as a model improve the prospects for data integrity. There is a children's day care facility in my area called "The Pied Piper". Apparently, many people around here don't have a problem with that. Presumably they consider the fairy tale of a stranger saving a town by leading away rats via dance and melody, and think it worthy criterion by which to base the name of such an operation. Of course, anyone who knows the whole story will immediately realize that in the end, the Piper actually steals away all the children (save one) after the local town-folk cheated him out of his thousand guilders fee. Had the owners of the business considered all the available information, I doubt seriously that they would have decided upon that particular moniker. In the continuing debate over the use of e-voting machines to replace paper-ballots, I fear that both sides - those designing controls around these systems, and those critical of said security measures - are falling prey to the same kind of short-sightedness. By way of example, a recent dialog regarding the insecurity of electronic voting machines compared them with slot machines, and found them lacking. Much was made of the fact that a computerized slot machine could withstand a Taser gun attack without evident failure, while an e-voting machine apparently could not. This is a kind of security-modeling-by-resemblance, and it takes away from designing a security foundation that actually serves the needs. When designing security around a new technological process, we must first consider what problems we seek to remedy. For a video poker machine, that's obvious: if it gets broken into, manipulated, or zapped into dispensing money, someone gets away with the cash. Being "tamper resistant" is the most important element in countering that scenario. The tamper resistant properties of the unit - including standing up to a little high voltage - is what protects the asset. But despite a certain physical and architectural resemblance to their casino cousins, e-voting machines have a completely different threat model, and need to value a completely different set of security properties. The asset that these units seek to protect is the integrity of the data it holds. Consequently, it is much more important to have mechanisms in place that immediately alert officials to the fact that voting data was somehow altered, such as cryptographic and algorithmic checks, than any physical means that attempts to prevent attacks in the first place. These machines must be "tamper evident", not zap-proof. Data Integrity If e-voting critics really want to take a lesson from Vegas, they should look at the history of gambling machine security. New means of stealing money still come along from time to time, and new measures are taken to prevent it. There was a time where a piece of aluminum foil could make a slot machine pay out, and there will always be new attacks against these units. Some are trivially simple, and at some point cash will be lost. There's no reason to think e-voting machines can hold up better. Knowing this, it stands to reason that voting machine security should be concentrated on the aftermath of an attack, and not the attack itself. Regardless of how someone breaks an electronic ballot, the fact that it was broken into must remain the most important point of knowledge - data integrity must be required. The attack vector can be addressed later; we must first know if any votes were tainted, and we need a plan for recovering lost votes. Other comparisons fare little better than the slot machines. Academics have suggested ATM machines as a model for e-voting machines, and one of the largest e-voting players, Diebold, also makes cash machines. ATMs are very physically secure, and even possess data integrity mechanisms (like having crypto keys embedded in the keypads rather than some extraneous software exchange). But, here, too, the security is directed at protecting cash, not data. Moreover, ATM's are hardly invulnerable themselves: they're increasingly deployed on insecure networks. I write about just this scenario in Syngress' new book, "Stealing the Network: How to Own a Continent". We've already seen the dangers of applying the wrong kind of security to e-voting. Earlier deployments of Diebold's physically secure voting machines used a Microsoft Access database to store and tally votes. Diebold reportedly left this database anonymously accessible via the Internet, with no password, and no change log. It doesn't matter if the unit could withstand a tactical nuclear missile attack if someone on the Internet could point and click someone into elected office from the comfort of their desktop. This is what happens when any security measure is designed without first determining what issues it sets out to solve. As elections draw near, it is time that we as a security community revisit this topic. We can't let facile comparisons lead us like the Piper away from e-voting's true problem. Copyright © 2004, SecurityFocus columnist Timothy M. Mullen is CIO and Chief Software Architect for AnchorIS.Com, a developer of secure, enterprise-based accounting software. AnchorIS.Com also provides security consulting services for a variety of companies, including Microsoft Corporation. Related stories E-voting security: getting it right E-voting security: looking good on paper? E-voting promises US election tragicomedy
Tim Mullen, 20 Jul 2004

Get up to speed with MS Windows Server 2003

Site OfferSite Offer Why should a new versions of mission-critical technologies mean starting from scratch? If you already know how to use Microsoft Windows Server 2000 or NT, leverage those skills to quickly become an expert on Microsoft Windows Server 2003. Microsoft Windows Server 2003 Delta Guide skips the basics and moves straight to the crucial stuff - what's new and what has changed. The result? You save time and money while preparing yourself for the next generation of Microsoft Server. Focus on learning advanced new technologies, techniques, and concepts. Use topic-focused chapters to quickly upgrade the skills you use the most. See important security changes that can affect server upgrades. Master new techniques for installing, administering, and securing servers. Build headless servers using Emergency Management Services. Take advantage of powerful new Group Policy capabilities. This comprehensive guide covers all the new features of Microsoft Windows Server 2003 including: Sharepoint Services Automatic Deployment Services Identity and Integration Services Security Configuration and updates from the latest Service Pack. Master Windows Server 2003 in just 300 pages at a great discounted price, £21.99 which saves you 30 per cent. Don't forget that you can save 30% on over 4000 other great titles at the Reg Bookshop, with free delivery on all orders to the UK and Europe. Design Patterns in C# RRP £37.99 - Reg price - £26.59 - Saving £11.40 (30%) Learn how to use C# as an object-oriented language, using design patterns to create clean code while taking advantage of the extensive Microsoft(R) .NET Framework Class Libraries. Sams Teach Yourself Networking in 24 Hours RRP £17.99 - Reg price - £12.59 - Saving £5.40 (30%) Clearly, explains, in simple terms, the most complicated networking technologies. Includes updated coverage of wireless, including cell phones and PDAs, Linux, security using OSes and firewalls, and anti-spam technologies. ASP.NET Evolution RRP £36.50 - Reg price - £25.55 - Saving £10.95 (30%) Only book on the market to include a complete ASP.NET application that is deconstructed to show readers how features work. Covers ASP.NET 'hot topics' such as multi-user security, personalization and performance. ASP.NET 1.1 Insider Solutions RRP £36.50 - Reg price - £25.55 - Saving £10.95 (30%) Practical ASP.NET insight and advice from the experts. Contains literally hundreds of valuable tips and best practices. .NET Compact Framework Programming with Visual Basic .NET RRP £45.99 - Reg price - £32.19 - Saving £13.80 (30%) The one book all Visual Basic .NET developers will need on the .NET Compact Framework. Microsoft SharePoint 2003 Unleashed RRP £36.50 - Reg price - £25.55 - Saving £10.95 (30%) Delves into the power of collaboration and knowledge management for small, medium and enterprise level businesses. IT Production Services RRP £31.99 - Reg price - £22.39 - Saving £9.60 (30%) In this book, leading consultant Gary Walker presents systematic, proven methods and guidelines for ensuring that production acceptance works -- and that the resulting software delivers the high levels of reliability, availability, and serviceability it promises. Practical BGP RRP £34.99 - Reg price - £24.49 - Saving £10.50 (30%) The most current and most applied BGP title on the market -- complete with the blessing of BGP's creator and lead designer. World's 20 Greatest Unsolved Problems, The RRP £19.99 - Reg price - £13.99 - Saving £6.00 (30%) Today's greatest scientific minds discuss the most intriguing unsolved scientific questions. Topics include: The Beginnings of the Universe, Earthquake Prediction and the Mystery of Darkmatter. Absolute Beginner's Guide to iPod and iTunes RRP £13.99 - Reg price - £9.79 - Saving £4.20 (30%) The only book that gives both Windows and Mac music lovers everything they need to maximize their music experience. Brilliant Answers to Tough Interview Questions RRP £8.99 - Reg price - £6.29 - Saving £2.70 (30%) Swot up and be prepared for anything. Answer whatever an interviewer can throw at you. Stay calm and in control. Know your strengths and how to play to them to get the job you want. The Art of Sport RRP £19.99 - Reg price - £13.99 - Saving £6.00 (30%) The Art of Sport captures moments of action, drama and skill from the world of sport. It gives an all-inclusive taster from the world's sporting circuit, showcasing spectacular, bizarre and stunning images from the world of sport. To browse or buy the other great discounted titles available to Reg readers, simply click on any of the links below: The Reg Bestsellers Last week at The Reg Great new releases This week's book bag
Team Register, 20 Jul 2004

Infineon cops unexpected loss

Europe's second-largest chipmaker, Infineon, has posted an unexpected loss after making provisions for a US anti-trust lawsuit that targets memory chip makers. The Munich-based company said that in its fiscal third quarter, its net loss came to €56m, or €0.08 a share, compared to €116m, or €0.16 a share, in the same period a year ago. Analysts had been expecting the firm to post a profit, but the €212m it decided to stash away in the event that a US anti-trust investigation turns the wrong way pushed the company into the red. The firm said that sales in the June-ending quarter were up by about 30 per cent over a year earlier to €1.91bn, just ahead of forecasts. The company's results also showed that the German chipmaker would have posted a €107m profit had it not been for the exceptional anti-trust-related provision. For over two years, the US Justice Department has been seeking to determine if the four chipmakers that produce about two-thirds of the world's memory (DRAM) chips conspired to manipulate prices of their products. The firms involved are Micron Technology, Samsung Electronics, Hynix Semiconductor and Infineon. Despite the looming cloud of the US government investigation, the company was upbeat about the future of the sector, claiming that its own sales will rise in the current quarter thanks to rising prices of DRAM, which are mainly used in personal computers. Some two-thirds of Infineon's sales come from its memory chips unit, making the company highly susceptible to even the smallest shifts in chip pricing. "The worldwide semiconductor market has gained considerable momentum during the last three months," said Max Dietrich Kley, acting CEO of Infineon Technologies, who will be replaced by Wolfgang Ziebart next year. "We were able to take advantage of this development which is reflected in our improved financial results, excluding the effect of the anti-trust accrual." Kley also noted that during the third quarter the firm initiated a number of R&D projects and also invested in its production facilities, moves that should help the company improve its productivity. "Thus, we have paved the way for Infineon's plans to deliver profitable growth," he said. Just over a year ago, Infineon said that it had received IDA backing to open a new customer support service centre in Dublin. The chipmaker's other business in Ireland is Guardeonic Solutions, a software company specialising in security products that employs about 40 people. © ENN Related stories EC green lights Infineon state aid Infineon hires CEO from tyre maker Infineon demos nano-scale transistor
ElectricNews.net, 20 Jul 2004

Host Europe morphs into Pipex

Host Europe PLC - which was acquired in April by Pipex Communications for £31m - has changed its name to Pipex Communications Hosting Ltd. Host Europe PLC, which provides webhost services, has now been delisted from the AIM Market of the London Stock Exchange. As part of the name change, Host will also undergo a corporate makeover to bring it in line with Pipex's existing livery. Host Europe's major products - 123-reg.co.uk, WebFusion, Magic Moments and Dedicated Servers - would continue to operate as sub-brands "for the foreseeable future". Pipex acquired Host Europe in April for £31.2m cash. The companies said the deal was a neat match, as more and more customers want telecom services from a single supplier. ® Related stories Pipex acquires Host Europe for £31m Pipex in talks to buy Host Europe BT's DSL market share carries on falling Pipex pipes-up with 150k DSL
Tim Richardson, 20 Jul 2004

Ireland is never Netherlands for McAfee

Anti-virus firm McAfee is move its European headquarters from The Netherlands to the Republic of Ireland. Lower corporate tax rates - 12 per in Ireland compared to 34 per cent in Netherlands - inspired the exodus, which could take place as early as Q1 2005. Symantec, McAfee's chief competitor, moved its technical support team from The Netherlands to Ireland about two years ago. In McAfee's case, Dublin or Cork are the preferred locations for the new HQ. McAfee's Amsterdam staffers were told of relocation plans by CFO Stephen Richards last week. Dutch labour laws require the approval of a works council for such relocations. Staff expect the works council will only consider the strong business case behind the move. So it is highly likely to OK the move. "Since all EMEA/APAC revenue runs through Amsterdam the savings would be considerable. The office in The Republic would also be cheaper to run," one McAfee staffer told El Reg. McAfee workers will be offered relocation or redundancy packages as well as a 'business continuity bonus' (likely to amount to a month's salary) to keep them sweet about the proposed relocation. According to Dutch paper Het Parool, the move could lead to the loss of 81 jobs in McAfee's Amsterdam office, which will continue to be the base of the company's marketing and sales activities in Europe. McAfee set up shop in the Netherlands in 1995. In slightly related news, McAfee formally changed its name from Network Associates after the sale of its Sniffer network performance tools business to new firm Network General went through last week. ® Related stories Network Associates CEO denies sale rumours Network Associates warms to behaviour blocking Network Associates sells Sniffer (...and becomes McAfee. Again)
John Leyden, 20 Jul 2004

BT blocks 230k attempts to access child porn

BT has blocked almost 250,000 attempts to access websites containing images of child abuse in just three weeks. On 21 June, the UK's incumbent telco turned on Cleanfeed, a censorsware system which blocks access to several thousand websites on a blacklist compiled by UK Internet trade body, the Internet Watch Foundation (IWF). Sites on the list contain images of child sexual abuse, which are illegal to view in the UK, under the 1978 Child Protection Act. In the three weeks from June 21 to July 13 BT blocked 230,000 attempts to access illegal sites. A BT spokesman said the company had been "taken aback by the scale of the problem" and the number of times people had attempted to access pages containing illegal content. However, this figure represent less than one millionth of the total Internet traffic handled by BT during the period. BT has almost 2m net punters. A BT spokesman told The Register that even though it represents a tiny amount of total Internet use, it is "still worthwhile doing something to stem to the tide of child abuse". Speaking on the BBC's Today programme, Home Office minister Paul Goggins described the figures as "deeply shocking". He called on other ISPs to take similar measures to try and prevent people from accessing child abuse images. The UK's ISP trade body, ISPA, said the Cleanfeed solution would "only prevent 'casual' browsing of known websites...It will not hinder organised distribution of such images. It will not prevent access to new websites offering illegal content, nor will it prevent children being abused." ® Related stories BT's modest plan to clean up the Net BT to block child pornography Police to monitor chat rooms
Tim Richardson, 20 Jul 2004

Big Blue sails Atlantic (in Rational manner)

IBM has supplied a sneak peek of Atlantic, the next version of the Rational software development platform. The company previewed the new set up at the annual Rational Software Development User conference in Grapevine, Texas. Atlantic will include several new tools for the Workplace product family, designed to simplify the process of application design and deployment. New technologies IBM has integrated into the suite include Service Data Objects, JavaServer Faces and Unified Modeling Language (UML) 2.0. The updates will be integrated with the Eclipse 3.0 open source computing platform. The changes represent a greater integration between Rational and WebSphere, according to Sridhar Iyengar, chief technical strategist for IBM Rational. This will make it easier for development teams to collaborate, he told the conference, eWeek reports. Mike Devlin, general manager of IBM Rational, said the platform is the cornerstone of its software development community: "Software development should be based on an open and standard development environment that results in software that is easy to deploy, easy to use, highly integrated and of the highest quality." At the conference, IBM got plenty of mileage out of its commitment to the UML 2.0, specification, in comparison to Microsoft's decision to go it alone. Iyengar argued that Microsoft was potentially isolating its developers by not following UML, eWeek reports. IBM Rational user conference news is here. ® Related stories IBM grabs Alphablox IBM UK in running for £50k innovation purse Microsoft, Sun, IBM and the war for government desktops
Lucy Sherriff, 20 Jul 2004

Nigeria - the land where phone numbers can kill

Thanks very much to the scores of readers who emailed to alert us to the extraordinary story of Nigerian "killer phone numbers". The BBC reports that panic is sweeping through Lagos because the highly superstitious population has got it into their heads that if you answer a call from certain numbers, you will simply drop dead on the spot. The latest tsunami of fear follows a similar wave of panic a few years back provoked by the rumour that "a handshake could cause sexual organs to disappear". Remarkable. We wonder though, if the 419ers haven't got a hand in this latest round of hysteria. After all, we reported just yesterday that one advance fee fraud outfit has set itself up as "INTERNATIONAL ASSASINATORS AND WORLD SECURITY ORGANISATIONS" and is sending out emails threatening to rub out anyone who doesn't cough up $40k immediately. And what better way to ice your victims than with a quick call to their mobile? Mind you, when our team rang UK-based 419er James Cole on his mobile a couple of weeks back as part of our investigation into the so-called "United Mercantile Credit & Investment Bank", he spectacularly failed to kick the bucket as a result. We can only conclude that either Cole is not a superstitious man, or the Vulture Central phone number does not contain the required lethal combination of digits. Which is a shame, either way. We have, however, identified one number which is certain to cause at best palpitations and dizziness, and at worst spontaneous cardiac arrest. It's that used by your credit card company to call you when you have seriously exceeded your credit limit after a particularly ill-advised bout of fiscal profligacy. ® Related stories 419ers morph into Murder Incorporated Anatomy of a 419 scam Cosmic 419er lost in space
Lester Haines, 20 Jul 2004

Developers play air guitar to Megadeth

The latest research by "accelerated learning" outfit The Training Camp may be very silly, but at least it doesn't accuse piratical punters from downloading movies illegally from the Internet. Nope, the Training Camp has uncovered some much more exciting facts regarding the musical preferences of those working in the wonderful world of computing. The company "took advantage of a captive audience of IT professionals to poll them on the contents of their portable music players". Shockingly, the results of its poll among 200 students at the Training Camp's UK residential courses reveal that developers are malodorous headbangers playing air guitar to Megadeth, Microsoft Certified professionals get their rocks off to Britney while IT directors can be found sipping the finest wines while Mozart tinkles away in the background. No stereotype-fulfilling findings there, then. Training Camp co-founder Robert Chapman said of this "iPod anatomy" research: "I’ve always suspected that there is a strong link between professional and musical orientation, which is certainly confirmed by this research." Hmmm. There is argument which says that your musical tastes adapt to your job, rather than dictate your choice of career. We know of at least one Reg hack who came to Vulture Central with a fine ear and an profound appreciation of Baroque choral works, but was one month later found in a London pub, drunk, and dancing on a table to the Sex Pistols while police officers moved in with dogs and nets. Sadly, the Training Camp survey does not note what IT journalists prefer on their playlist. Neither, scandalously, does it recognise what is taken as absolute fact among the IT community: that adsales boys, marketing directors and Strategy Boutiques in general prefer to brainstorm to the sound of whalesong. ® Those results in full Job: Microsoft-certified professionals Favoured genre: Mainstream pop Top three bands: Britney Spears Dido Beyonce Job: Security Favoured genre: 60s "Alt" Rock Top three bands: Grateful Dead The Doors Hendrix Job: Linux Favoured genre: Electro Top three bands: The Orb Underworld Kraftwerk Job: Developers Favoured genre: Heavy Metal Megadeth Iron Maiden Slipknot Job: Database administrators Favoured genre: Indie The Smiths Haven Suede Job: Project manager Favoured genre: Rock Pink Floyd Queen Rolling Stones Job: CIO/IT director Favoured genre: Classical Mozart Handel Vivaldi Related stories Who conducts the crappiest polls? Have you downloaded movies from the Internet? Shock therapy not used in movie downloading study - official Strategy Boutique relights apparel joss-stick
Lester Haines, 20 Jul 2004

Wi-Fi Alliance acts on dodgy wireless kit

The Wi-Fi Alliance is going to work harder to ensure that wireless devices work properly with each other. The action is a belated response to a row late last year between Atheros and Broadcom. Broadcom complained that some Atheros kit interferred with its own equipment causing data rates to slow even on networks operating on a different wireless channel. The Wi-Fi Alliance said that products using vendor-specific high speed options or product extenstions will have to ensure they do not interfere with other products or they could lose their "Wi-Fi CERTIFIED" status and logo. The ruling will effect manufacturers whose kit goes beyond IEEE 802.11 standards. Frank Hanzlik, managing director of the Wi-Fi Alliance, said: "If a product extension significantly impacts the ability of other Wi-Fi CERTIFIED equipment to operate as intended, the Alliance may withhold or revoke certification. We have taken this important step due to the Wi-Fi Alliance’s continued commitment to a positive consumer experience." Alan Smith, sales manager for specialist reseller KMH Wireless, welcomed the news: "Technology in this area moves so fast that you need standards to keep it under control or you do damage to the ethos of wireless networking and damage the whole market." Smith said customers wanted universal connection especially when using the network for voice calls. ® Related stories The Wi-Fi explosion: a virus writer's dream Broadcom simplifies Wi-Fi security set-up Atheros updates Wi-Fi speed booster tech
John Oates, 20 Jul 2004

Hacking, downloading and bad Web design

LettersLetters Last Friday, we reported that two Oxford University students at face suspension over a little hacking project they undertook to expose, they said, security flaws in the University's IT system. The pair could be rusticated (a great word, no? It means 'banned from college grounds') and fined £500. Hi John, These two oxford 'hackers' were able to access sensitive systems - yeah right. They were able to read all traffic on a Hub - not even a switch - by setting their cards in promiscuous mode, which is hardly rocket science. No proper hacking is involved, but this simple fact has evaded The Grauniad, Auntie Beeb, and just about anyone else who All the passwords they managed to grab were sent in /plain text/ by network users not using security with their browsers - contrary to standing IT Advice that is received upon joining. The University email system now forces you to use https (no plaintext) and has done so since it's introduction in March. However, unencrypted IMAP is still permitted. Other systems that were 'hacked' (Not really - just snooped on) were unencrypted CCTV footage using the data network. The two students involved should also have been aware that they were breaching University IT rules, as they get a copy with their induction packs and they're on the web here for all to see. Otherwise a chat with their IT person would have been enlightening - they'd have realised that networks are horribly insecure, unless you take precautions. Cheers, Name supplied Your story says to me that Oxford's administration is very much of the same mindset as the Bush/Cheney/Ashcroft Administration here in the US; that is, if someone discovers that you have "screwed the pooch," ratehr than coming clean and attempting to fix problems with your own system, it is important to punish the whistleblowers whilst allowing the abuses and failures committed by your own staff to continue unhindered. Apparently an "education" from Oxford these days is no better than an MCSE; if you can pass the tests and don't "make waves," actual *working* knowledge and experience are irrelevant. Rich Last week, Odeon decided to shut a long-running, and it now appears, popular accessible version of its website. The company said the site infringed its trademark, and asked for all copyrighted material to be removed. Since them, two new accessible versions of the site have sprung up, thanks to a couple of Iains: Hello, I thought that some Odeon-challenged readers might be interested in this perl-based browser I just wrote especially for viewing the Odeon listings. It simply acts as a client for reading remote information and as such is, I'm pretty sure fairly unlikely a target for an Odeon law suit. Unless I've read the site small print wrong and it really *is* against the law to try and browse the Odeon site without IE5+! Cheers, Iain Hello Reg.Hacks Seeing as the only cinema near me is an Odeon, but I refuse to allow virus-injecting software such as Internet Explorer to run on my machine, I was kind of shafted when the Accessible Odeon website shut down. So in a fit of exuberance, I went away and wrote my own. It's very rough and ready, and a bit ragged round the edges, but it does work, and I've made very sure to point out to anyone looking that it's not the real odeon website. If you think any of your readers might be interested in such a site please point them here Thanks etc Iain We've had a variety of responses to the news that an Excel auto-formatting function can introduce bad data into public DNA research databases. The following selection pretty much covers the full range: Hello there, I can almost see horrible monster creatures crawling through green (glowing) fields of GMO, wanting to eat me, because some boffin forgot to turn-off date conversions in the dammn Excel. I can almost see me in the electric chair as a result of crappy victim under-nail DNA analysis. But then again, maybe some Word will save my life turning "CHAIR(EL)" into ... "carrel" .... Sincerely, Abraham Zhane That wouldn't be the first time Excel has induced moments of anxiety in scientists. One upon a time, we were compiling tabular profiles of various woody species, including the genus "Callitris" (an evergreen shrub). We very quickly learned that Excel's automatic spelling correction insisted on changing the word to "Clitoris" (fortunately before we published anything embarrassingly confusing). A check with Excel 2000 shows that "Colitis" is now the suggested replacement. While an inflammation of the colon could not be regarded as an improvement, at least Excel 2000 asks by default. Antti i think that excel is the bane of the internet revolution, and when i run my own IT department i will mandate that beancounters learn access instead of wasting time formatting stuff in Excel. I just think that there are MILLIONS of people spinning their wheels out there, doing stuff in Excel that would fit better into Access Access is soooooooo much more powerful, it is really ridiculous Aaron Excel also mangles credit card numbers. I'm currently a sub contractor working on software for fraud detection and we sometimes wanted to use a spreadsheet for sharing sample runs of transactions. The sixteen digit strings were converted to floating point losing the last digit of precision so all numbers ended in zero. (Try entering 16 digits and then changing the cell format to "text". A major problem is the curious lack of any way of importing data from another file. You can only "open" files and then all manner of formatting and conversion decisions are silently made on your behalf in the "MS knows best" tradition. Mitch Why the hell are these people using Excel as their primary data collector?? Given that bioinformatics is now a recognised discipline (well, O'Reilly are writing books about it) and MIcrosoft is officially Evil, surely someone has written a better processing interface than bloody Excel. That's what postdoctoral employees are for. Tanya (postgrad computational chemist) Anybody retarded enough to use Excel for critical data deserves whatever happens to them. I can understand people using it who are not educated. This takes the cake. If this is happening, can you imagine what other typical Excel boo-boos are being perpetrated? They need not be the fault of Excel of course. 1.) non-printing characters interfering with calculations 2.) improper selection of a range of data 3.) duplicate data <-- this is the really big one for Excel users So one day El Reg. announces "Scientist who said we are related to squirrels retracts announcement. Says it was an Excel error." Bob Calder What a bunch of horse's asses. This problem could have been easily avoided if they had simply tested the data using a small data set comprised of all of the values that would appear in the full data set. Most people don't comprehend that a spreadsheet is a computer program in and of itself. They probably assigned creation of the spredsheet to an assistant instead of hiring a computer programmer with exertise in database design. If they had done that they would probably ended up using an enterprise class solution such as Oracle or Sybase. Instead they spend untold amounts of money acquiring the data and then use a relatively cheap tool to store the data. Kevin McDonald We here at El Reg occasionally have to go back and correct, or update a story. Sometimes it is because we made a mistake, sometimes it is because a story has moved on, and sometimes it is because people (not all people) take us altogether too seriously. This was the case with our JOKE poll about the amount of illegal downloading going on out there. Very amusing. Your poll is (deliberately?) making the same mistake that the MPAA (deliberately!) made in the results of their "study". You should instead be asking: Q) Have you or have you not downloaded ILLEGAL (unlicensed, etc.) video material from the Internet? A1) Yes. A2) No. A3) No, I prefer my pornography in stills format. Too many so called studies trap the unwary into answering the way the poll taker wants. Jair Hmm... As usual, you non stats majors forgot. The world is not just yes, no and maybe. What about those of us who run our own news servers, and have pr0n sent directly to our own news servers? I certainly don't have to download anything, it's all sent to my server. This is the push versus pull technology at work, guys. -Tai Regarding "illegal movie downloads", atleast here in Finland it's complitely legal to download music and video from the internet, copyrighted or not. However downloading software (and in some cases, making backups) is illegal. Only sharing/uploading copyrighted material is illegal. Qwerty [Perhaps not his real name? - Ed] this vote is absolutely wild! you guys are grade AAA cynics. I had to read the article 2-3 times before I fully understood how subtle your disbelief is. But you do bring up a valid point. From the voting it is clear you are correct, however I suspect if we changed the question to determine how many have downloaded non-erotic material... Much more difficult to find movies which aren't sticky... Elmars You should add the option of, Yes, I did download a motion picture from the internet, but after waiting 3 days for the thing to come down, with 7 restarts, I played it, realised the quality was crap and just spent the money to either get the video out or watch it in the widescreen, digital dolby of the cinema. Really, movies aren't MP3's. The quality is crap so you may as well watch it properly in comfort either on you TV or at the cinema. I used to get a 10 quid monthly pass at Staples Corner in Cricklewood. Cheaper than a broadband connection... Jason I have downloaded about 250 Movies from the web, HORRORS, but that's all over now. The saviour of Movie Industry (Ta Da) is Netflix as far as I am concerned. Why download what is often a lousy copy when you can rent the real thing so easily. Why download or rent at all? Because I won't buy it until I try it. I'm to old to negotiate a noisy kid-filled theatre. I am building a magnificent movie collection of the ones I want. Emphasis should be on I....something the record and the motion picture industry have as yet failed to grasp. If the record industry would sell their complete catalogs as singles for a reasonable price with their infernal digital rights schemes to boot, they would make money. How much are they making on their out of print music? I buy movies for the quality, the bonus features, the cover art and, if you wait sometimes till the bloom of a movie has faded, a good price. Heck if I want it now, I pay the higher price. CDR copies don't come close. Send this to the RIAA and the MPAA and see how a consumer really feels. Tjalda Dear Mr+Ms+Mrs Register. Any online family should know that people who are savvy enough to download movies would not submit to an online poll with the potential to record IP addresses. Then again, one could anonymise that stuff. The arguments either way are too tiresome. In fact, I'm submitting this little blurb knowing full well you'll have me by the short and curlys, even though I haven't admitted to downloading. Clearly, I fit into that self-proclaimed savvy underbelly of the e-commerce-net. I'm all confused. Gummi :x No cookie/ip based poll? NTL use proxys that you can't bypass so I can't vote! (Well, you can - but I've reformatted, and have lost the other cache addresses to put into IE) On a side note (Sort of), check out www.suprnova.org - Especially check this site out when big games/movies come out. Scary numbers - For big releases, it's not unsual to see upwards of 10,000 people downloading new items within the first 24 hours. When Far Cry came out, I did a quick MPAA style calculation and took the total downloaders of 3 or 4 games, and came up with over a million pounds worth! (£30/copy) Even though I am a frequent downloader, I know it can't go on this way. I'm not sure how much a game is worth in profits, but it's fairly obvious that 10,000 less copys per game is a fairly heavy loss. I know a game-mag editor who tells me doom 3 will hit US shelves in 3 weeks. Keep your eyes peeled on suprnova.org for the downloading stats. The ONLY way to stop piracy, and I do mean the ONLY way - Is to do what Quake 3 did and use a master server browser and cd-key to play online. No-cd cracks and patches will always defeat safecast and the other useless protections they use - A lot of people are not willing to pay for a single-player game, but they will gladly fork out good cash for a worthwhile multiplayer game that needs a cdkey. Suprnova's intuitive mirror system ensures they can't be taken down from a single source, and they are very persistant. This problem won't be going away any time soon. Name Supplied That's all folks. Letters will be back with another batch on Friday. Until then, enjoy the week. ®
Lucy Sherriff, 20 Jul 2004

Filipino phone phreakers foiled

A gang of eight suspected of ripping off the Philippines' main phone company and its customers of millions over the last six years have been arrested by local authorities. The Manila-based syndicate allegedly exploited security loopholes to obtain free access to telephone calls at the expense of customers of the Philippine Long Distant Telephone (PLDT). The process - known as phone phreaking - involves electronic manipulating phone systems, normally by sending additional control codes down phone lines. The gang is accused of reselling this free access for illicit gain. The scam came to light only after PLDT's business customers complained of rogue calls on their bills. Most of the illegal calls were made to the Middle East, where many Filipinos work. Reuters reports that PLDT went to the "military, police and immigration officials", after tracing the illegal calls back to the eight suspects. PLDT reckons it has lost $3.5m since 1998 because of cyber criminals hacking into its subscribers' PABX system. The Manila Eight are prime suspects. Air Force Chief Lieutenant General Jose Reyes said the gang (two Indian nationals, a Bangladeshi and five Filipino accomplices) are suspected of illegally tapping into the Philippine Long Distant Telephone (PLDT) company's system since 1998. The eight were rounded up in raids in Manila last week. "They have deprived the government of nearly 20 million pesos [$357,000] in expected revenues," Reyes told reporters, adding that syndicate's alleged crimes were tantamount to economic sabotage. ® Related stories Multi-million pound mobile phone fraudster goes to jail Telecoms fraud costs $55bn a year Accused Pentagon Hacker's Online Life Love Bug suspect (Filipino student Onel de Guzman) released
John Leyden, 20 Jul 2004

Cisco hunts for small.biz

Cisco is fighting the perception that it only sells kit for large enterprises and telcos with a new set of products aimed at smaller businesses and a channel programme to make it easier for resellers to sell to smaller companies. The Small and Medium-sized Business(SMB) is defined as between 20 and 249 employees. The programme, called SMB Select will reward resellers who focus on this market. SMB Class is a set of marketing materials aimed at smaller businesses. Edzard Overbeek, vice president commercial, channels and consumer at Cisco EMEA, said: "Cisco will introduce new SMB-focused products over the next 12 months. We will combine these with a standardised and simplified user interface on all SMB-related products, giving our customers a consistent and integrated experience." The networking giant has spent a year researching the European market and is using what it has learnt to rejig its channel programme. SMB Select Partner it will recognise resellers who focus on the SMB market. Keith Humphreys, managing consultant at EuroLAN Research, estimates the EMEA "networking commercial market" is worth $3.7bn. He explained that SMB Select program is looking for "proximity resellers - dealers who are geographically constrained by factors such as the Yellow Pages region, or the area in which they can effectively service using their limited vehicle fleet." Dealers, working with Cisco sales teams will have specific areas to prospect for sales. Cisco is also creating a new regional sales role - the Territory Market Manager - who will be "responsible for creating customer intimacy at a regional level by managing non-named account opportunities within a defined local territory" - if that doesn't get small business on side nothing will... There is more on the Cisco website here. ® Related stories Cisco wins jumbo VoIP contract Cisco gobbles up Parc Technologies Cisco manual goes online for free Happy Birthday to Cisco
John Oates, 20 Jul 2004

HP feared MS open source patent offensive

A senior executive at Hewlett Packard two years ago expressed fears that Microsoft would use its patent portfolio to close down the company's open source efforts. The concerns were expressed in a June 2002 memo by Gary Campbell, and HP confirmed their authenticity to Newsforge's Joe Barr. "Basically Microsoft is going to use the legal system to shut down open source software, and for all of its cleverness, the GPL makes it fairly easy unless a white knight steps in," wrote Campbell. He warned that Samba, Wine, KDE, Gnome, Apache, Sendmail, and the Linux kernel itself are not covered by HP's cross-licensing agreements. Recipients of the memo included software chiefs then and now - Peter Blackmore and Nora Denzel, respectively - and HP's CTO, Shane 'Prince of Darkness' Robinson. Campbell worried that HP's cross-licensing agreement did not protect the company from patent litigation on IP filed after June 2001. However, the Free Software Foundation's Eben Moglen has explained that the GPL is robust against the kind of attack HP's Campbell suggests. HP says that the memo no longer relevant. A year ago, Microsoft hired IBM's patent attorney Marshall Phelps, the executive who built IBM's royalty business from zero in 1985 to the billion dollar business it is today. "You don't just get patents for the sake of getting patents," Phelps told a legal symposium last May, shortly before decamping to Redmond. Last Fall, Microsoft introduced its first patent licensing program. The Free/Open Source Software ommunity has taken steps to challenge the foundation of the first wave of IP programs, the FAT file system. The newly-formed Public Patent Foundation has succeeded in getting the US Patents and Trademarks Office to re-examine Microsoft's FAT patents, providing examples of prior art. ® Related link Campbell memo at NewsForge Related stories Microsoft FAT patents could be re-opened Microsoft aiming IBM-scale patent program at Linux? MS tightens IP grip on Cleartype and FAT- calls it liberalisation FSF eases Microsoft schema patent fears The GPL will win, claims law prof.
Andrew Orlowski, 20 Jul 2004

C&W boss urged to help free jailed Net users in Maldives

The chief exec of Cable & Wireless (C&W), Francesco Caio, has been asked personally to lobby authorities in the Maldives to help free jailed Internet users. In an open letter, Reporters Without Borders (RSF), the French-based press freedom organisation, called on Caio to "put pressure on the Maldives authorities to end abusive Internet censorship and to press for the release of imprisoned Internet-users". C&W holds 45 per cent of the stock in Dhiraagu, the company that runs the phone network in the Maldives. RSF says that while the Maldives are an island paradise for tourists they are an "all-out hell for cyber-dissidents". It describes the situation in the Maldives as "very serious" ,claiming the Government only pays lip service to freedom of speech laws and cracks down brutally on dissent. RSF maintains that the Maldives is one of the world's most repressive countries in the world for freedom of expression on the Internet. Four Internet users are currently in jail there for having posted articles critical of the government and RSF wants C&W to use its muscle to try and end the hard-line attitude in the country. RSF said in statement: "Cable & Wireless has said it is very concerned about human rights issues. We therefore hope that its top executive will appreciate the ethical consequences of running the network in a country like the Maldives." A spokesman for C&W said he was aware of the open letter but insisted that it wasn't for foreign investors, such as C&W, to intervene in government affairs. He told us: "As a partner with Governments in many of the countries in which we operate, C&W's position is that the form of governance is a matter for the citizens of that country concerned and not a matter for a foreign investor to intervene." ® Related stories Beijing stamps down on Net porn China snoops on text messages China urges ISPs to sign 'self-disciplinary' pact Chinese cyber-dissident gets four years' house arrest
Tim Richardson, 20 Jul 2004

Five years ago: BBC shrugs off Web float rumours

There was a time when suggesting that the BBC privatise part of its operation was akin to mooting the idea that the British monarchy be sold off to the Americans. Some Beeb services have, of course, been "outsourced" to private companies - all in the name of efficiency and economy - but when it comes to the online stuff, well, it's just not cricket: BBC shrugs off Web float rumours By Lucy Sherriff Published Tuesday 20th July 1999 12:40 GMT The BBC is thinking about floating Beeb.com, its commercial Internet service, according to rumours floated in the UK this morning. Fire-brigading BBC spin doctors speedily hosed the notion with cold water, but you can see why it might be tempting. Privatisation of any part of the BBC would be a political hot potato, but the outfit has been getting more and more commercial since the heady days of Thatcherism, and it's spent an awful lot of money on its - generally well-regarded - Internet activities. "It's because of the Davies Panel examining our funding," a spokesman said of the rumour. "People are saying that we are planning to sell off everything except the Teletubbies. It really is total speculation." Estimates based on the Freeserve valuation would put the value of the Beeb.com at more than £500 million. The corporation currently brings in annual revenue of £2.15 billion from licence fees, so the hypothetical sale of Beeb.com would not go far to replace the money that would be lost if the licence fee was scrapped, but would come in very handy if it was cut, or frozen. Another spokeswoman for the BBC said that the corporation had no formal plans to sell off any of its appendages. "It is very speculative," she said. "The Davies Report isn't even written yet and there will be a consultation period and so on. All this speculation has been sparked by the article in the Sunday Times about the possible sale of BBC Worldwide." Beeb.com is funded by advertising and the sale of its content to other web sites. Official ABC figures for March put monthly page impressions for the site at 8.8 million and recorded 402,000 individual users. This is a mere bagatelle by the standards on BBC Online sites, clocking in excess of 80 million a month, but it's still not at all bad. Beeb.com now points to http://www.bbcshop.com - a veritable e-cornucopia of Corporation merchandising. The portal was revamped in 2002 with a £1m facelift and a new e-commerce platform by ICL. Happy shopping indeed. Nothing ever came of the "privatisation" rumours, although the BBC's Internet presence has been under scrutiny recently: five sites recently got the chop after a government review demanded a tougher line on whether online material adequately fulfilled the Beeb's public service remit. Most current rumours about the best-known BBC Web service - www.bbc.co.uk - centre around the possibility of demanding registration for the news therein as a prelude to - God forbid - punters having to stump up hard cash for the service. The licence payers would certainly have something to say about that. ®
Lester Haines, 20 Jul 2004
SGI logo hardware close-up

Businesses warm to converged networks

Two thirds of businesses are planning to move applications onto converged networks within the next five years and just over half - 55 per cent - of businesses have already started implementing projects in parts of their operations. A survey from the Economist Intelligence Unit, sponsored by Nortel Networks, talked to 103 execs representing 17 industries across the world. For the purposes of the poll a converged network was considered one based on IP with voice, data, video and other applications using one broadband network. The survey also found that Voice over IP applications will make up the majority of investment in the next three years, with cost savings the main driver. A majority of respondents also hope converged networks will allow wider use of applications like video conferencing and collaboration software. Very few believe converged networks will mean more productivity - only 13 per cent believe IP networks will bring significant productivity benefits in the medium term. Some executives remain worried about the security concerns of using one network. Quality of voice calls was also cited as a worry. ® Related stories BT to save £1bn a year with IP network Converged networks find increasing favour IBM and Cisco team up for VoIP
John Oates, 20 Jul 2004

Welsh small.biz urged to get wired

E-minister Andrew Davies says more small and medium businesses in Wales need to take advantage of broadband Internet access. Wales will have 96 per cent broadband coverage by 2005 but take-up among smaller businesses is disappointing. Davies said that only six per cent of Welsh SMEs have broadband connections, compared to 10.4 per cent nationally. Davies said: "We need to find ways to increase this figure and promote the advantages of this new technology." In separate, but related, news broadband suppliers could do a better job of targeting small and medium businesses across Europe, according to the latest research from Frost and Sullivan. There are still some barriers - broadband providers lack an understanding of the business issues faced by smaller companies and could improve their marketing. The survey notes that regional and national governments are increasingly promoting the benefits of broadband services to SMEs. Selling broadband to SMEs is also an opportunity to bundle and sell other products and services. Subsidies for rural areas mean that all businesses should have a chance to get broadband access. Providers should also be aware that simple provision is an increasinly crowded market place so they need to provide a different service. Paul Devine, research manager at Frost and Sullivan said: "For effective targeting of and penetration into the SME sector, service providers will have to focus on promotion, channel management, increased availability of applications and means of alleviating end-user concerns," Frost and Sullivan talked to most European broadband providers for this survey. The UK business broadband is growing at 100 per cent a year. France will see 90 per cent of SMEs with potential access to DSL by 2005, Germany already has 250,000 SMEs with broadband connections. ® Related stories BT and Microsoft target small.biz BTo touts DSL discounts for Small.biz Broadband by blimp idea floated
John Oates, 20 Jul 2004

OGC streamlines purchasing portals

The Office of Government Commerce (OGC) today launched a single online purchasing portal it says will make purchasing simpler for public sector organisations. OGCbuying.solutions had operated several buying sites where public sector organisations could buy pre-tendered and pre-approved products, but elected to streamline its operations. In a statement, Hugh Barrett, Chief Executive, OGCbuying.solutions said: "We recognised that a 'single sign up' route would make life a lot easier for public sector buyers and hope that this will make it easier for them to buy from a number of our catalogues." Having one central portal site means buyers need only register once to gain access to many product lines, ranging from IT and telecommunications to furniture and furnishings. In total, customers of the OGC now have access to over 600 different suppliers from one place. OGCbuying.solutions is the trading arm of the OGC, which itself is part of the Treasury. Its remit is to squeeze as much as possible out of the government's procurement budget. ® Related stories Blunkett appoints development partner for ID card project Gershon retires from the Office of Government Commerce MPs call for Gov.uk to switch to open source (maybe)
Lucy Sherriff, 20 Jul 2004

Booze blamed for MS staff's 'foggy' blogging hoax

Alcohol was to blame for senior Microsoft developers setting a blog-born trap for a journalist, according to the company's most-prominent weblog evangelist, Robert Scoble. The blokey bloggers (yes, they're all men) hoped that journalist Mary Jo Foley would fall for some fictional middleware acronyms they'd invented: BML, Boa and Indigo Marks, and that they'd be reported as a genuine project. Only it was the scamsters themselves who were left red-faced by the Sixth Form prank. And as many parents know, it was the kids' first brush with alcohol that caused the embarrassment. "Don and Clemens and a few others were at a party at TechED Europe and had a few too many," explained über-blogger Robert Scobie. Doubtless there really are dedicated staff at Redmond working all hours to speed Longhorn to market, despite the impression that the blogging teenagers - several of whom are middle aged - convey to the waiting world. One of the perps, Clemens Vasters, pleads mitigation in an email to El Reg. Disowning the forward-looking statements he made earlier, he explains - "What was the point? There is way too much bullshit going around about new specs and new stuff and new, new, new, new," he writes. Yes, Clemens. That's a dark-looking kettle. "We didn't issue a press release, we just blogged some foggy stuff. If you really read my 'hoax' and read the *first* four to six (depends on how you look at it) seemingly unrelated sentences and then read the rest, it should be pretty embarassing [sic] to take that as a serious news material." "No Longhorn dev time was lost here," he insists. Then again, he can't help boasting that the prank almost worked. "As it happens, some well-known industry journalist was about to break that as a serious story until someone intentionally tipped her off," he writes. So, the bloggers insist, it was a parody of middleware jargon. (The chaps can be witty when they put their minds to it, as this version of Don McClean's American Pie, entitled Bye Bye Mr.CIO guy demonstrates). But not with this mean-spirited jape, confirm Reg sources. Foley was the target, as the bloggers were seething that she broke stories about Visual Studio Express and Bill Gates' own weblog, and wanted to get even. The noise-generation craze that's rampant at both Microsoft and Sun Microsystems - coincidentally, two companies with a terrible recent record for getting products out of the door - is usually justified on two grounds. Firstly, it's supposed to route around the technical press and gives more accurate information to the company's community of users. (Sort of an adjunct to the existing Usenet forums, only with cat pictures instead of the replication features). Secondly it's makes the job of traditional public relations defunct. Alas, it may need a PR professional to clean up after these boys' Common Room capers. ® Related stories Microsoft developer hoax backfires Sun launches IGRTN program Physics hoaxers discover Quantum Bogosity Archive.org suffers Fahrenheit 911 memory loss Microsoft's wireless toilet prank Microsoft toilet troubles continue
Andrew Orlowski, 20 Jul 2004

$242m 419 scam trial collapses

The trial of three 419ers accused of taking an employee of a Brazilian bank for $242m of his employers' cash has collapsed after the judge in the Nigerian capital Abuja said he had "no jurisdiction to hear it". Emmanuel Nwude, Mrs. Amaka Anajemba and Nzeribe Okoli were arrested on more than 86 counts and charged with "fraudulently obtaining through false pretence $242 million from one Nelson Sakaguehi [=Sakaguchi] and Stanton Development Corporation being the property of Banco Noroeste S. A. of Sao Paulo Brazil, purporting same to represent payment due to the Federal Government for the construction of the Abuja International Airport," according to the Daily Times of Nigeria. "They were also accused of fraudulently using false documents purporting them to emanate from the Central bank of Nigeria (CBN), the Corporate Affairs Commission, the indigenisation office, the presidency, the Federal republic of Nigeria, CBN Governor and Federal Ministry of Aviation, and addressed to Sakaguehi, Stanton Development Corporation, a subsidiary of Bank Noroeste Sao Paulo Brazil. They were said to have forged the documents to give effect to the airport contract," the Daily Times reported in February. The scam reportedly took place over a four-year period from 1995. The victim was allegedly offered a $10m personal commission for fronting cash for the aforementioned Abuja International Airport project. He duly transferred huge sums of money to various bank accounts around the world. However, Abuja High Court judge Lawal Gumi decided yesterday that since the offences had not been committed in the Nigerian capital, "It is my considered view that the appropriate place for the trial of the accused on those charges is the high court of Lagos. For these reasons... I do decline and strike out the case from my list," the BBC reports. The three accused were released, but immediately rearrested and will now stand trial in Lagos. Suspicions that judge Gumi may have been "nobbled" seem unfounded. He refused bail for the three defendants back in February after issuing an earlier warning that various monies were being made available to members of the court - presumably as bribes. He stressed that he would not tolerate this. As for Nelson Sakaguchi, he was later arrested at New York's JFK airport and dispatched to Switzerland to stand trial on charges relating to setting up bank accounts there as part of the fraud. His former employers - Banco Noroeste - went bust as a result of the fleecing. A fourth member of the 419 gang has, nonetheless, escaped justice - after a fashion. Ikechukwu Christian Anajemba posed as the deputy governor of the Bank of Nigeria at the initial meeting with Mr Sakaguchi. He was killed in a road accident in 1998, and is widely believed to have been murdered at the end of a lavish spendfest which saw him shell out $200,000 on two diamond-studded Rolex watches. Defendant Amaka Anajemba is Ikechukwa's presumably distraught widow. ® Related stories Nigeria failing to tackle 419ers Business as usual for jailed 419er Dutch police arrest 52 email scammers Canadian 419er released without charge
Lester Haines, 20 Jul 2004
server room

Software carries EMC to bumper Q2

EMC enjoyed one of the best quarters in recent memory for a hardware vendor, posting a 33 percent jump in revenue in its second quarter. EMC churned out $1.97bn in revenue, which compares to $1.48bn reported in the same quarter a year ago. EMC's income also surged, rising 136 per cent to $193m on 8 cents in earnings per share. EMC's software and services businesses drove the growth with hardware chipping in solid gains as well. "We continued to drive revenue growth, improve gross margins and increase cash flow, while improving operating income to more than 12 per cent of revenues - putting us squarely on track to reach our mid-teens operating margin goal by the end of the year," said Bill Teuber, EMC's CFO. EMC's hardware revenue rose 16 per cent in the period with particularly strong sales of its Clariion and Celerra systems helping out. Total hardware revenue came in at $930m compared to $804m last year. EMC's software business, however, stole the show. Software revenue rose 64 per cent to $526m, versus just $321m in the same period one year ago. But these gains don't come as much of a surprise with EMC's Documentum, Legato and VMware acquisitions all padding the bottom line. EMC's services revenue jumped 45 per cent as well to $498m, compared to $328m last year. The gains made by EMC surpass those of IBM, which also enjoyed strong storage sales in its second quarter. These results are good signs for the hardware industry, as it appears to be deflecting the weakness affecting software vendors. Sun Microsystems should give a clearer picture of the server market when it reports earnings later today. EMC expects to post $2bn in revenue in the third quarter. ® Related stories Help the Aged Data Rumours of Tape's death exaggerated In the chair: VMware's Ed Bugnion Storage users love the press and a good brand EMC ups storage software market share EMC measures ADIC for tape rescue
Ashlee Vance, 20 Jul 2004

Sloppy banks open the door to phishermen

A new vulnerability makes it easier for fraudsters to pass off content from bogus websites as the real thing. Using a variant of well-known cross site scripting attacks, British Web developer and security researcher Sam Greenhalgh was able to inject JavaScript from his own website into pages generated by NatWest, Mastercard and Barclays. Even the website of GCHQ, Britain's electronic eavesdropping operation, can be overlaid with bogus content, Greenhalgh shows. Since the demo was first published late last month, MasterCard and Barclays have blocked the exploit route. This is just as well, as both have recently announced initiatives to combat phishing - apparently without ensuring that their own houses were in order. The continued vulnerability of other sites - such as NatWest's - is a cause for serious concern, because it could help fraudsters make their scams appear more plausible. Security firm Netcraft warns: "Having the ability to run their code from the financial institution's own site is a big step forward for fraudsters, as it makes their attack much more plausible. It will almost certainly lead fraudsters to seek out banking sites vulnerable to cross site scripting as a refinement on current phishing attacks which depend upon obscuring the true location of a window prompting for bank account authentication details." "The technique works equally well over SSL, and so offers fraudsters the enticing opportunity of having a phishing attack delivered over SSL with the attacker's code being served as part of a url from the bona fide bank's own secure server," it adds. The attacks Greenhalgh demonstrates arise from well-documented cross site scripting security risks. Declaring a self interest, Netcraft advises companies to carry out more application testing. Other vendors promote digital certificates. Steve Roylance, technical marketing director at security firm Comodo, told El Reg that the best way to defend against content injection threats is to bind the visual contents of a site to its website address using digital certificate technology. "CVC – Content Verification Certificates, a digital certificate binding these content and URL elements together is available from Comodo. Using our VEngine technology ,users are easily be able to spot this type of spoof," he claimed. ® Related stories Phoney Net contest 'winner' sued by bank Bush to sign anti-phishing bill Brits fear online shopping
John Leyden, 20 Jul 2004

Tag, track, watch, analyse- UK goes mad on crime and terror IT

Tech-happy UK Home Secretary David Blunkett was in his element announcing the Home Office's Strategic Plan yesterday. At multiple levels, starting with satellite tracking of repeat- and minor offenders and moving swiftly on through DNA databases and sundry terror- and immigrant-detection equipment, the plan proposes to harness new technology "to maximise key opportunities" and "stay ahead of the criminal." Sort of like the Jetsons with shackles. Blunkett's plans for broader use of satellite tracking have received most coverage so far, and these look set to take the UK into uncharted territory, beyond anything the Florida Department of Corrections, which is frequently cited by the Home Office as an example of successful deployment, has implemented. Blunkett envisages a "prison without bars" (i.e. the UK) where "first-time" low level non-violent offenders would actually be tracked rather than sent to short-term prison sentences." At this level GPS technology, likely using some form of bracelet, can probably be implemented with some degree of effectiveness, as most of the subjects will actively want to stay out of prison and will be prepared to cooperate. However, if it is to have any effect whatsoever on the prison population it will require a very substantial expansion of of the Home Office's tagging and tracking programmes. Currently the UK uses electronic monitoring (not the same as satellite tracking, and largely home-based curfew systems) for around 9,000 people. GPS tracking, however, would involve monitoring the movement of subjects, making it possible to keep an eye on what they were up to in general, and to enforce movement restrictions on particular subjects. With the likelihood of several tens of thousands ultimately coming into this category, even if the subjects were largely cooperative there would be a requirement for procedures to deal with the many, many occasions when some of them would move out of GPS coverage (perfectly innocently, or perhaps not...) and for the invention of a whole new branch of the call centre business. The Home Office envisages these call centres being operated by the private companies supplying the tracking gear, so some years hence, somewhere in the Indian subcontinent, Big Brother is watching... The Home Office's plans to deploy the technology on repeat and priority offenders as part of the "Prolific and Other Priority Offenders Strategy" is a much trickier proposition, as here we are talking about people who largely don't want to cooperate. And my, what a lot of them we've got. There are apparently around a million active offenders in the UK (that's right, just cast your eye around the office, the bus, the train carriage and wonder), and 100,000 offenders have three or more convictions and are responsible for half of all crime. Unsportingly, this 100k pool's population changes by 20,000 each year, with that number apparently becoming good and being replaced by a further 20,000 from the rest of us, moving over to the Dark Side. The Home Office does not at this juncture envisage a 'three strikes and you're networked' programme, but drills down further to a handier-sized population of 5,000. These, it says, are the most active offenders and are estimated to be responsible for one in ten of offences. "Electronic tracking will be introduced for the most prolific offenders [i.e., the 5,000] so their movements are known on a 24 hour basis," says the strategy document. As the Home Office will be starting with pilots, it will not be attempting to handle 5,000 subjects initially, but as it envisages tracking sex offenders, the problem 5,000 and various other categories (those barred from specific areas under Anti-Social Behaviour Orders, for example), it clearly intends to be dealing with large numbers of not terribly cooperative subjects quite soon. Florida, on the other hand, operates a fairly modest scheme compared to what the Home Office has in mind. Here you will see the Florida Department of Corrections' Electronic Monitoring report for March of this year, and you'll note a couple of things about it. First, the numbers are extremely modest, and second, if you read back through the reports you'll find the numbers are pretty static. Home Office reps who tell us they've been to Florida and seen the future would do well to realise that Florida hasn't actually tried that future. But onwards and upwards. The Home Office notes the projected 2008 arrival of biometric ID cards, and says it will develop "a new system... to automatically record those entering and leaving the country." It is worth noting that the latter is presented as a separate system, so it is clearly not included in the ID scheme tab we've already heard about, although it's quite clearly part and parcel of the scheme. In addition, £800 million is to be invested in "a joined up criminal justice system in which the police, courts, prosecution, prisons and probation can securely exchange information and reduce duplication." The "joined-up system" will allow "police, probation, youth offending teams and their partners [Who they? Securicor?]" to identify "the main offenders in their local area. They will be intensively monitored, caught, punished and more effectively rehabilitated..." This first phase "will be followed... by a determined roll out of enhanced tagging to control criminal behaviour... and the beginning of satellite tracking to allow more effective monitoring of some criminals after prison... As this approach develops, we will see the police and probation services increasingly mobilising the strength and local knowledge of communities" (by which we think they mean they want to industrialise grassing). There is more, much more. The document reveals that there's already a £2 billion police IT investment programme, and that the use of automatic number plate recognition will be expanded, with improved "data linkages between the system [er, what system?] and the DVLA and Police National Computer to help identify cars of interest to the police." Hilariously, however, shortly after claiming the £2 billion scheme and revealing the extra £800 million, it tells us there will be a further £800 million investment "on top of the £1.2 billion already committed." So the Blair government's talent for double entry bookkeeping is clearly alive and well. There will be a new Safer and Stronger Communities Fund "worth £660 million over three years." This will provide finance for "better home security and CCTV." Technology will be used for crime analysis, via the National Intelligence Model, "a system for rigorously analysing crime threats and focusing resources where they are needed most." Over at immigration, the entry and exit monitoring system will use "the information collected by airlines and ferry companies" (i.e., it's CAPPS UK). Known as e-Borders, it "will begin to identify people who have boarded transport destined for the UK, check them automatically against databases of individuals who pose a security risk, and keep a simple electronic record of entry into the country." Backing this up is groovy people sniffing kit. CO2 detectors, gamma scanners, passive millimetric wave imagers and heartbeat detection equipment. It has already been suggested, not least in these parts, that the ID card scheme may turn out to be Blunkett's poll tax. But after checking through this little lot we really do think poll tax understates matters. The Home Office's giant pile of interconnecting (yeah, right...) IT schemes designed to monitor, manacle and manage us will intersect most horribly with the UK government's catastrophic record on IT implementation, resulting in a full-scale IT Gotterdammerung. And you won't need to trust us on this. ® Related links: Iris scans at UK airports, says Home Office Commissioner 'increasingly alarmed' by ID card scheme A tag too far - Blunkett's satellite tracking plans The Home Office Strategic Plan
John Lettice, 20 Jul 2004

Duke develops iPod-equipped download army

Duke University has returned a bit of dignity to the college music downloading scene by purchasing 1,650 iPod music players for its students. Duke nobly plans to use the expensive Apple gear in the pursuit of academic excellence. Students will tap into the iPod's beefy hard drive to store course information, language lessons, recorded lectures, the academic calendar and even the freshman orientation schedule. Oh, yeah, and they can file away a few thousand songs too. With the iPod deal, Duke has, at least temporarily, separated itself from less innovation curious institutions such as Penn State, University of Rochester and USC - all of which are Napster customers. Where Duke awards its students free kit, the Napsterized schools pay around $3 or $4 per student per month to let their kiddos rent as much music as they want. This teaches the students valuable lessons about how "university subsidized" actually means "tacked on to your IT fee" and how obedient consumers cherish recurring revenue models. The Napsterized schools pay their monthly fee - say $200,000 for a large school - and then add on the costs of Napster- recommended IBM software and servers. The schools, however, have been very reluctant thus far to reveal exactly how much this total package costs. Duke, by contrast, fessed up to the $500,000 it will shell out for the hardware and support. Duke also bucks the other schools by having a device that works with both Macs and Windows. Napster lives in Microsoft country only. "We're approaching this as an experiment, one we hope will motivate our faculty and students to think creatively about using digital audio content and a mobile computing environment to advance educational goals in the same way that iPods and similar devices have had such a big impact on music distribution," said Tracy Futhey, vice president for information technology at Duke. "We think the power and flexibility of these devices offer some real advantages over other media used to distribute educational content such as CD-ROMs and DVDs." Somewhere, the pigopolists are burping. Duke is also talking about using iPods to create audio editorials, to add more audio and video content to students' classes and to take verbal notes while doing field work. Duke's entire freshman class will receive the iPods and get to keep the device after their first year is done. It's encouraging to see Duke step to the side of where the RIAA (Recording Industry Association of America) would like them to go.No pricey service. No cloaked costs. No Microsoft confines. Just a free toy and some creativity. ® Pigopolist Pork 101 Napster gags university over RIAA's student tax Tennessee rejects Napster/RIAA tax RIAA tax could add millions to education fees University of Rochester opens online music store Penn State President loves Microsoft, Napster, the RIAA and Al Gore (true) There is magic behind Penn State's Napster deal Penn State trustee and RIAA lawyer denies conflict of interests Penn State's pigopolist pork is not smelling sweet Penn State students revolt against Napster, DRM invasion Related stories Witchfinder General targets NSA in Warez sweep? RIAA withdraws prosecution amnesty Music biz appeals Canada file sharing-is-legal ruling Labels seek end to 99c music per song download War on Culture's victims face Penitentiary Blues RIAA student lawsuits. Haven't we been here before? Five University of Northern Colorado students caught in RIAA John Doe suits RIAA sues lots more students New Zealand to legalise CD piracy music biz Mom sues RIAA members for racketeering Why wireless will end piracy and doom DRM and TCPA Jim Griffin Film makers join revulsion at Pepsi RIAA doublespeak
Ashlee Vance, 20 Jul 2004
DVD it in many colours

Sun salutes Microsoft for delivering Q4 profit

Sun Microsystems today disappointed investors with lower than expected fourth quarter earnings but showed some positive signs with units shipped increasing and a large check from Microsoft being deposited in its bank. Sun reported revenue of $3.1bn in its fourth quarter - a 4.3 percent rise over the $3.0bn posted in the same period a year ago. For the full year, Sun pulled in $11.2bn - a 2.2 percent drop from the $11.4bn reported one year earlier. Sun executives pointed to high server shipment numbers, increased services revenue and more sales to key financial services, government and telecommunications customers as drivers of the fourth quarter growth. "This the first year-over-year growth since (the third quarter of fiscal 2001)," said Steve McGowan, Sun's CFO, during an afternoon conference call. Sun, however, still posted a loss of $0.05 per share in the fourth quarter - one penny below what financial analysts were looking for. Sun reported a net loss of $169m compared to a $24m gain in the same quarter last year. Including "special items" such as Sun's massive settlement with Microsoft, this picture changes drastically. With more than $1.9bn of Microsoft money added in, Sun showed $795m in income for the fourth quarter or $0.24 per share. Sun's CEO Scott McNealy urged that that settlement money be considered a "right on" as opposed to a "write off." "This is a company that is in control," McNealy said. "It is very focused and well-managed." McNealy's soothing words and Sun's stats kept the financial analysts in a relatively decent mood, during the conference call. Sun did their bidding months ago with layoffs and has been working to trim the bottom line across the board. The analysts must also have been pleased with Sun's 46 percent year-over-year growth in servers shipped. That's by far the largest jump Sun has seen in many, many quarters. Sun's x86 server shipments rose 327 percent from a small base and had little impact on revenue, meaning Sun's new fleet of UltraSPARC IV-based kit carried the load. Sun's total fourth quarter hardware revenue, including storage and software, came in at $2.1bn compared to $2bn last year. "First of all, volume matters," McNealy said. "It is the leading economic indicator." As Sun's server volume increases, the vendor benefits from more component sales, software and services deals and a stronger channel, McNealy added. The CEO, however, was less instructive as to how much all these goodies will add to Sun's bottom line. McNealy declined to set a date for Sun's return to profitability, although at one point during the conference call he did make a vague suggestion that it would be "within this year." In its fourth quarter, Sun showed some server add-on success. Its services revenue rose to $1.0bn from $979m last year. Sun also saw the number of JES (Java Enterprise System) subscribers jump from 174,400 in the third quarter to 303,100. The going rate for JES is $100 a year per user. Away from the financials, Sun's President Jonathan Schwartz made a curious comment about the future of Solaris. "We've begun looking at Solaris on Power (IBM) as well as on Itanium (Intel/HP)," Schwartz said. "That is not a product announcement," McNealy countered. It seems the McNwartz is confused. Schwartz also said that Sun might consider selling x86 servers at below cost if the systems lead to JES and Solaris sales. And McNealy called HP a "hurting cowboy" - a possible jab at Carly Fiorina's Texan heritage. Sun's shares were up 4 percent to $4.11 during Tuesday's trading and were flat in the after-hours markets, at the time of this report. ® Related stories Software carries EMC to bumper Q2 Booze blamed for MS staff's 'foggy' blogging hoax Sun staff give birth to 64-bit Solaris on Opteron Sun delivers Unix shocker with DTrace
Ashlee Vance, 20 Jul 2004