30th > July > 2004 Archive

Deutsche Telekom Passport hole exposes 120,000

Deutsche Telekom this week was forced to suspend all activities of its Online Business Service Operation Centre (OBSOC), a German version of the Microsoft's Passport system, which enables customers to order and pay for online services and products. German Chaos Computer Club (CCC), Europe's largest hacker group, discovered a security hole that they fear may already have been exploited. Hackers could have had access to records of businesses and their customers and change all kinds of data for almost a year. The security hole was discovered by ICT expert Dirk Heringhaus, who accidentally entered the wrong client number and discovered he had access to records of other businesses. Heringhaus immediately reported the security hole to Deutsche Telekom in May 2003, and although the company says it did fix the problems, CCC discovered the security hole was still open. Approximately 120,000 customers will now need a new password for the system, which was developed with Microsoft Services. On Friday the services were still not restored. ® Related stories Intel joins Liberty Alliance Tower Records settles charges over hack attacks Drop MS Passport, advises Gartner
Jan Libbenga, 30 Jul 2004
DVD it in many colours

IBM shuffles top execs

The top brass running Big Blue are still reshuffling executives in the aftermath of the departure of Mike Lawrie, formerly the senior vice president of sales and distribution. IBM likes to cross-train its key executives in different geographies, job types, and lines of business every couple of years, but there could be more to these particular moves than meets the eye... IBM's second quarter financial results saw the company's Software Group struggling to make headway in a very tough market, while the iSeries division within its Server & Technology Group was stopped nearly cold by a transition to the Power5, with sales down 28 per cent. It would not be surprising to some that, in the aftermath, Al Zollar, the general manager of the iSeries unit who hails from Big Blue's software businesses, would be replaced by a channel expert, in this case Mike Borman, who was most recently general manager of global business partners - the person who deals with IBM's vast reseller channel. With Borman as the new general manager of the iSeries unit, this marks the second time that a seasoned IBM channel executive has taken charge of the iSeries. Zollar's predecessor, Buell Duncan, was in charge of the PartnerWorld organization for a number of years before he was tapped to be general manager of the iSeries unit. With about 85 per cent of iSeries shipments (and perhaps 50-60 per cent of the revenue) of the OS/400 server platform coming through channel sales, IBM is concerned about getting the channel in order and motivated for the eServer i5 push. Zollar steered the i5 gear through to its completion, much as Duncan did a substantial revamp of the iSeries line (which was launched in January 2003) before he became IBM's WebSphere evangelist. Zollar has been named general manager of IBM's Tivoli software unit, another line of business that has been struggling lately. The move does not appear to be a penalty box for the poor sales of the iSeries in the second quarter, but rather a desire to get a software executive familiar with Tivoli back into that unit to shore it up. Zollar came to prominence within IBM when Big Blue acquired systems management software maker Tivoli Systems nearly a decade ago. He was senior vice president of development for Tivoli, in fact, and had various management positions in Software Group's development laboratories in Raleigh, North Carolina, and Santa Teresa, California. Prior to running the iSeries business for 18 months, Zollar was named general manager of the Lotus groupware unit. Borman, the new general manager of the iSeries unit, has a broad range of experience. Prior to running the PartnerWorld organization, he was president and chief operating officer of Blue Martini Software, a customer relationship management software maker that Borman left IBM for during the dotcom bubble. The bubble burst, though, and as Blue Martini lost air, he eventually resigned in October 2002 (he came back to IBM to run PartnerWorld in January 2003). Prior to his job at Blue Martini, Borman was the general manager of the RS/6000 unit (now the pSeries and p5 server lines), and worked his way up to that job by being the a general manager for the American Midwest, then vice president in charge of North American SMB sales, then vice president of worldwide Unix server sales. Borman started his career at IBM in 1977, and has held a bunch of engineering, sales, marketing, and management positions. The most important thing you can know about Borman is that he has worked with Bill Zeitler, who also used to be a general manager of the OS/400 platform and who now controls all of IBM's systems and storage. Zeitler, plus Steve Mills, who heads up Software Group, and Doug Elix, who used to run IBM's Global Services unit and who now runs Big Blue's sales organization, are where a lot of the real power is in IBM these days, and they seemed to have decided to trade a bunch of executives this week to try to improve sales and operations. Specifically, Donn Atkins, who used to head up worldwide software sales, will report to Elix and take over Borman's job as head of worldwide business partner relations. As Zollar, the former iSeries GM, moves to be GM of the Tivoli unit, Robert LeBlanc, who used to have that job, will replace John Swainson, who has been the general manager of the application and integration middleware software lines (what IBM internally calls its AIM, as opposed to its DB2 database, business line). Completing the circle, Swainson, who used to steer the development of WebSphere and related middleware, now takes over Atkins' job as the head of worldwide sales for Software Group. The departure of Lawrie in May is what caused IBM's former chief financial officer, John Joyce, to take over as head of Global Services as Elix moved into Lawrie's top sales job at Big Blue. Some of the changes outlined above might have happened in another six months even if IBM's second quarter was stellar, but seemed to be precipitated by the prior executive changes and the relatively poor results in Software Group (particularly Tivoli) and the iSeries line. Source: ComputerWire/Datamonitor Related research Datamonitor MarketWatch: Technology Annual Subscription Related stories IBM snags software maker Cyanea The mainframe is back Hardware drives IBM in Q2
Datamonitor, 30 Jul 2004

Bsquare axes WinXP GSM handheld

Bsquare is to drop its Power Handheld (PH) Windows XP-based wireless PDA. The company will instead offer the device's design to other vendors under licence and sell them the application and utility software it had developed for the device. The company made the announcement just before posting a quarterly net loss of $5.1, $4.5m of which resulted from the decision to end PH manufacturing and marketing, through asset impairment and the cost of laying off the PH operation's workers. Bsquare achieved revenues of $8.8m for the quarter, the company's second, compared to $9.4m in Q2 2003 and $10.6m in Q1 2004. The company also it had paid $310,000 to settle a royalty payments dispute with Microsoft, and that too may have had an influence on Bsquare's decision to stop producing the PH. As we noted in our review of the product, the PH is an innovative revival of the late 1980s handheld PC as a modern GSM/GPRS-enabled communications tool. The unit sports a high-quality 640 x 480 display and runs the embedded version of Windows XP. It was powered by a 400MHz Intel XScale CPU with 128MB of RAM. "We sold a relatively small number of units and the ongoing investment didn't make sense at the expense of our core business," Bsquare CEO Brian Crowley admitted. Some of the devices were sold to UK mobile phone network Vodafone. PH was one of a range of wireless data-oriented devices the operator offers. Essentially, Bsquare suffered the fate that overcomes many hardware start-ups - it simply couldn't sell enough units to cover the ongoing development and manufacturing costs and to deliver lower end-user pricing over time. It's a shame - the PH has its flaws, but it remains a solid alternative to too-small PDAs and too-large notebooks. The demise of the PH leaves the handheld PC leaves the market open to the likes of Tiqit, OQO and FlipStart. HP too is said to be pondering a return to the handheld PC market. ® Related stories Bsquare Power Handheld Vodafone UK to offer handheld wireless PC HP moots handheld PC comeback Dialogue demos 'total wireless' sub-notebook Microsoft co-founder to demo always-on mini PC Pocket-sized PC has PowerBook pedigree
Tony Smith, 30 Jul 2004

Elitegroup lets slip 2.13GHz Pentium M details

Taiwan's Elitegroup has revealed that Intel is indeed planning to release a 2.13GHz Pentium M 770 processor this autumn - possibly as early as September 2004. The PC maker this week announced what it claims is the first notebook to offer an integrated 1.3 megapixel digicam. The ECS G220 is pitched at businesspeople who do video conferencing and don't want to have to carry and connect a separate webcam whenever they're out and about. The notebook is based on Intel's Centrino platform, offering a range of Pentium M CPUs, from 1.3GHz up to 2.13GHz, the company said, with older 130nm 'Banias' versions at the bottom end of the range, rising to newer 90nm 'Dothan' chips at the top. The 2.13GHz PM doesn't appear on Intel's price list yet, but is expected to ship as the PM 770. As the clock frequency indicates, the chip will run over a 533MHz frontside bus, and not the current 400MHz PM FSB. The higher bus speed wil be supported by Intel's upcoming 'Alviso' chipset, which will form the basis for the second-generation Centrino platform, 'Sonoma'. Intel recently admitted that Sonoma will not now ship until Q1 2005, so either Alviso will ship in the autumn on its own and under the 'Centrino 1' brand, or Intel plans to update its current Centrino chipset, the i855GME to support a 533MHz FSB. Elitegroup has since said that it will actually only ship a 2GHz part this September, and not a 2.13GHz part after all. That, it claims, was a mistake. The G220 provides 802.11b and g courtesy of an Intel ProWireless 2200BG network adaptor, and there's the usual 10/100Mbps Ethernet and 56Kbps modem in there too. The notebook also offers a unified SDIO/MemoryStick/MemoryStick Pro card reader, PC Card slot, Firewire port and three USB 2.0 ports. Elitegroup will offer two screen options. Both are 12.1in LCDs, one with a 1280 x 800 resolution, the other set to 1024 x 768. The G220 will go on sale in September in the UK from Protac Direct Sales, Elitegroup said, but it did not disclose pricing. ® Related stories Intel preps autumn Pentium M price cuts Intel 'delays' Centrino 2 chipset to Q1 2005 Intel debuts speedier low-voltage Centrinos Intel to EOL Mobile P4 in Q1 2005 Intel launches Dothan with Pentium M price cuts
Tony Smith, 30 Jul 2004

64-bit WinXP set-back forced Intel to delay 4GHz P4?

Intel has delayed the arrival of the 4GHz Pentium 4 to Q1 2005, the chip giant has admitted. The part was originally intended to ship in Q4 2004, but it now appears that that deadline was unfeasible if Intel wanted to ship the part in significant volume. "To get to the volume we want to, we are telling [customers] we're moving to a Q1 launch date," said Intel spokesman Bill Kircos, according to an InfoWorld report. It's telling that the P4 delay comes in the very same week Microsoft said it would now not ship 64-bit Windows XP until Q1 2005. It's certainly tempting to see a connection, given later 90nm P4 chips' support for Intel's AMD64-like 64-bit x86 technology, EM64. The first 64-bit enabled P4s will ship next week and be sold to workstation vendors. Monday will also see 64-bit Xeon DP processors derived from the same core go on sale. Was the 4GHz P4 earmarked as the first 64-bit Pentium for mainstream markets? Intel always said it would ship such a part "when the applications and operating system support was there". Microsoft's decision to delay the latter may well have forced Intel to rethink its own schedule. Kircos denied the motivation for the move lay with manufacturing or design problems with the chip. In June this year, Intel briefly suspended shipments of its 'Grantsdale' chipset family after their launch because of a glitch. And it recently admitted that it has put back the release of its 'Alviso' Centrino 2 chipset to Q1 2005 because of technical issues. Last year, the first 90nm P4s were delayed to the end of the year but only in small "revenue shipment" volumes. The processor wasn't formally launched until February 2004. Intel's 90nm Pentium M likewise suffered several delays through 2003 and into 2004 until the company admitted there was a problem and finally rescheduled the launch to May 2004. The 4GHz desktop part is expected to ship as the P4 580. Presumably the delay will also push back the 4.2GHz P4 590, originally roadmapped for a Q1 2005 release. In the meantime, Intel is expected to cut its P4 prices on 22 August ahead of or just after the introduction of the 3.8GHz P4 570. It is not known whether the 580 delay will also affect the 570. Certainly with the 3.6GHz 560 coming on stream so recently, Intel may well decide to hold off the faster chip to better fill the gap made by the 580's delay. ® Related stories Intel 'delays' Centrino 2 chipset to Q1 2005 Dothan slips again Intel delays Dothan debut? Intel 'resumes Grantsdale shipments' Wi-Fi to come late to Grantsdale party Intel forecast to cut P4 price by up to 34% Intel to add NX security to Pentium 4 in Q4 Intel preps P4 core update Intel mobile, desktop chips for the chop
Tony Smith, 30 Jul 2004

180solutions answers pop-up charges

LetterLetter Our recent story Pop-up goes the commission reported on allegations that 180solutions' permission-based search assistant application Zango may have been dowloading itself onto users' computers without their knowledge. We further reported on allegations that 180solutions "violated the policies of two affiliate marketing networks by soliciting commissions from merchant members, and redirecting to itself commissions that should have gone to other affiliates". Here is 180solutions' reply to the charges, which we reprint here in full: In your story Pop-up goes the commission, you name N-case as an "Active X program which automatically installed itself onto desktops through online ads..." 180solutions has never caused its software to download automatically or without user consent. 180solutions' software, N-case and Zango included, is opt-in only. The only time 180solutions' software has ever been downloaded unknowingly was when a third party affiliate exploited holes in Internet Explorer and installed the 180Search Assistant without user consent and without 180solutions knowledge or consent. The number of computer affected by this were minimal. This company was in direct breach of contract with 180solutions and is currently being sued by 180solutions for its illegal practices. Edelman has accused 180solutions of being in violation of Commission Junction and Linkshare policies. 180solutions is actually in total compliance with the regulations of these networks and would be removed from the networks if it was not following policy. 180solutions constantly monitors its practices and changes are ongoing for us to remain in compliance with these networks. Edelman's research also suggests that 180solutions tags "hidden windows" that are used to re-direct commissions and displays 180solutions-tagged pop-ups that cover competitors sites. There are a couple issues to be addressed here. First, the hidden windows are empty windows, with no tagging whatsoever that the user does not see. These windows work as a check for the 180solutions server, preventing it from displaying a Web site (or ad) when a commission is about to be sent to another affiliate. This is in place to ensure that commissions are not sent to the wrong party. Secondly, when a 180solutions window is presented to a user, the top of the window is labeled to make sure the user knows where the offer is coming from. For example, if you have Zango installed on your computer and you are searching Google for Las Vegas hotels, and your search returns a listing of hotels, a window might pop up displaying the Web site for Mandalay Bay, (this is only an example) at the top of this window you would see: "Brought to you by the Zango Search Assistant" to inform you of where the offer is coming from. This window would also not completely cover the Google page, it would simply be shown on top, so you could view both at the same time. 180solutions is not tagging windows to overpower a competitor's site, the labeling is there so the user knows who is responsible for the Web site displayed. Edelman also reports 180solutions overwriting cookies. 180solutions does not overwrite or manipulate cookies. The occurrence of double pop up windows, which led Edelman to believe that we were overwriting cookies, is a brand protection mechanism for customers who want it. Some affiliate networks do not agree with this method, and 180 makes sure to disable this part of its software on networks where it is not allowed or wanted. The most important point to be realized is that Edelman does not have access to see where the commissions go or who they are paid to, that information is not public. Edelman has himself admitted that he has not and cannot see where the commissions are paid. His research is missing vital facts. His report overall is based on assumptions that lack information to be complete and correct. Additionally, 180solutions does not display pop-up ads. 180solutions' software shows users a limited number of targeted Web sites based on searches and Web surfing behaviors. 180solutions absolutely denies and gives no validity to the allegations posed by Edelman's report. Ashley Wolfe Barokas Public Relations 180 Solutions
Team Register, 30 Jul 2004

BT shaves a quid off VoIP service

BT has cut the cost of its voice over IP (VoIP) service in a bid to make it "better value" for punters. BT's Broadband Voice product - which was launched in December - lets phone users make calls using a touch-tone telephone. But since it uses their broadband connection (rather than the traditional telephone line) to connect the calls, the UK's dominant fixed line telco reckons the calls are often cheaper. Now, though, BT has shaved a quid off the cost of its "Evening and Weekend Plan", which has been reduced from £6.50 to £5.50. Its "Anytime Plan" has also been reduced from £14.00 to £13.00 for all BT Broadband customers. And as a special promo, BT Broadband punters signing up before 31 October can get the service for free for three months. Of course, anyone keen to use the service will still have to pay line rental and cough up £60 for an adaptor. When BT launched Brioadband Voice last year, it reckoned the service could save punters up to 57 per cent on calls to mobiles and up to 25 per cent on UK daytime calls. All in all, the monster telco said it could save punters more than £100 a year in cheaper phone calls. At the time, rival cable firm Telewest described the service as little more than "hype", while NTL questioned BT's figures insisting the VoIP service would only save punters a measly 50p a month Two weeks ago, BT let loose its Communicator VoIP service which offers free PC to PC calls, but which also links back into the telephone network. The product manages phone calls, webcam, emails, texts and instant messaging in one place on a PC, with multi-way video calls expected to be added in 2005. Elsewhere, retail prices for broadband fell sharply in the first six months of the year. Analysis from broadband research outfit, Point Topic, found that cable operators cut monthly rentals for services by an average of 16 per cent, with DSL operators cut them by 13 per cent in the same period. Although almost all DSL operators either held or reduced prices, the cable modem market proved to be more dynamic with widespread price falls across the Americas, Asia Pacific and EMEA, said analysts. ® Related stories BT signs up VoIP with Yahoo! BT targets cablecos with voice over IP BT punters flee Wanadoo unveils wireless broadband gizmo Consumers want big telcos to supply VoIP services
Tim Richardson, 30 Jul 2004

Sasser kid blamed for viral plague

A staggering 70 per cent of viral activity in the first half of this year can be linked to just one German teenager, according to anti-virus firm Sophos. Sven Jaschan, 18, the self-confessed author of the NetSky and Sasser worms is blamed by Sophos for the vast majority of viral reports it recorded during the first six months of 2004. Just two of Jaschan's viruses - the infamous Sasser worm and NetSky-P - account for almost 50 per cent of all virus activity seen by Sophos up until the end of June. Counting Jaschan's other released variants of the NetSky worm, the total figure comes to over 70 per cent. Jaschan was arrested at his home in the sleepy village of Waffensen, North Germany in early May following a tip-off from one of erstwhile mates (who have since become suspects themselves) to Microsoft. But for this arrest the situation could have been even worse, according to Sophos. The computer worm he created continues to spread despite the fact that their creator has been taken out of the equation. The Sasser worm hit home computer users worldwide, including the South African government, Taiwan's national post office, Sampo (Finland's third largest bank), RailCorp in Australia and the UK's coastguard service. "It's like Pandora's box - once released viruses can carry on spreading even if the author has been caught or realises he has done something wrong," said Graham Cluley, senior technology consultant for Sophos. "However, because Jaschan was under 18 at the time he released the viruses it's possible he will escape a stiff sentence if found guilty." Sophos identified and released protection for 4,677 new viruses in the first six months of 2004, up 21 per cent on the same period last year. "Reassuringly, virus writers haven't had it all their own way so far in 2004. Increased scrutiny from law enforcement agencies and Microsoft's bounty initiative to encourage people to snitch on virus writers and led to Jaschan's high profile arrest in Germany," Cluley added. ® Virus charts from Sophos 1H04 Sasser NetSky-P NetSky-B NetSky-D MyDoom-A Zafi-B NetSky-Z NetSky-C Sober-C Bagle-A Related stories German police arrest Sasser worm suspect Sasser worm creates havoc Sasser creates European pandemonium Netsky tops virus charts by a country mile We're all MyDoomed
John Leyden, 30 Jul 2004

GameCube sales leap doubles Nintendo Q2 profits

A surge in sales of its GameCube console pushed Nintendo's second-quarter income almost 100 per cent over the same period last year. For the three months to 30 June 2004, Nintendo achieved a net income of ¥22.6bn ($202m), 96.5 per cent up on Q2 2003's ¥11.5bn ($103m). Driving the gain was a 712.5 per cent increase in unit shipments, from 80,000 in Q2 2003 to 650,000 this past quarter. Some 2.3m GameBoy Advance units were shipped during Q2 2004. A 21 per cent year-on-year decline in hardware manufacturing costs helped the console maker further. Lower prices saw hardware revenues fall 13 per cent year on year to ¥39.5bn ($352m), but software revenues jumped 11 per cent to ¥42bn ($375m). Nintendo quit the quarter with ¥717bn ($6.49bn) in the bank. Looking ahead, the company said it expects to see FY 2004 as a whole deliver a doubling of income over 2003. ® Related stories Nintendo redesigns DS handheld console Nintendo DS: more communicator than console? Nintendo plots next-gen console 'Revolution' Games too complex, Nintendo chief warns Nintendo patents handheld emulation software Sony to expose PSP insides at September show Sony to unveil PlayStation 3 early '05 Japan ponders Wi-Fi tax
Tony Smith, 30 Jul 2004

DNA codebreaker Francis Crick dies at 88

Francis Crick, described by some as the father of genetic science, has died after a long battle with colon cancer. He was 88. Crick, along with James Watson and Maurice Wilkins, first revealed the famous double-helix structure of the DNA molecule. Key to their discovery were the X-ray photographs of the molecule taken by Dr. Rosalind Franklin, a colleague of Wilkins' at King's College London. Crick continued his investigation of the molecule, working with Sydney Brenner to discover how the information contained in DNA is used to create proteins. This work laid the foundations for the whole of the biotech industry: without it, DNA fingerprinting and genetic screening would be mere science fiction. In 1962, Crick, Watson and Wilkins were awarded the Nobel Prize for physiology or medicine "for their discoveries concerning the molecular structure of nucleic acids and its significance for information transfer in living material". Crick began his scientific endeavours at University College London, where he studied for a Physics degree, graduating in 1937. His postgraduate studies were interrupted by WWII. During the war, he joined the British Admiralty Research Laboratories where he designed acoustic and magnetic mines. During the war, his Lab at UCL was blown up by a land mine, so he stayed on with Admiralty research. His interest in molecular and neurobiology prompted a change in direction, several years later. In 1947, he joined the Strangeways Laboratory in Cambridge where he began researching cytoplasm in fibroblast cells. Two years later he transferred to Cambridge's Cavendish laboratory where Max Perutz was investigating the 3D structure of proteins using X-ray crystallography. James Watson, who joined the lab in 1951 later wrote of Crick: "I have never seen Francis Crick in a modest mood. He talked louder and faster than anyone else, and when he laughed, his location within the Cavendish was obvious." In 1976, Crick left Cambridge for the Salk Institute where he began working in neurobiology. He was particularly interested in finding a physical link to consciousness. He attributed his scientific interests to a loss of his faith, when he was 12. He said that the things that interested him were the things it seemed science had no explanation for. He continued this work until his death. "Francis Crick will be remembered as one of the most brilliant and influential scientists of all time," Richard Murphy, president of the Salk Institute told The Associated Press. He married twice: first in 1940 and again in 1949. His marriage to Ruth Dodd was dissolved in 1947, but not before they had a son. He had two daughters with his second wife, Odile Speed. ® Related stories Police to retain DNA records of cleared suspects Excel ate my DNA Medical imaging research awarded £4.5m
Lucy Sherriff, 30 Jul 2004

Real fires back at Apple in DRM dogfight

Real Networks has compared its DRM translation software, Harmony, to Compaq's cloning of the original IBM PC to rebuff Apple's claims that the technology may infringe the Digital Millennium Copyright Act (DMCA). "Harmony follows in a well-established tradition of fully legal, independently developed paths to achieve compatibility," the company said in statement issued last night. Harmony converts Real's own DRM system, Helix, into Apple's equivalent scheme, FairPlay, or Microsoft's Windows Media DRM. The company launched a beta version of the software earlier this week, and hopes it will encourage digital music buyers to choose its RealOne subscription service over rival offerings from Apple, Napster, Sony and others. By converting audio files to Apple's favoured AAC format and translating Helix DRM rules into FairPlay, songs download from Real's service will play on an iPod while retaining the usage limitations imposed under the terms of the licences granted Real by music companies. That annoys Apple because it wants iPod owners to buy from the iTunes Music Store (ITMS). Yesterday, Apple said it was "stunned" by Real's move and confirmed that it was investigation the legal repercussions of the Harmony launch. In response, Real said: "Harmony technology does not remove or disable any digital rights management system. Apple has suggested that new laws such as the DMCA are relevant to this dispute. In fact, the DMCA is not designed to prevent the creation of new methods of locking content and explicitly allows the creation of interoperable software." Apple has indicated it is looking beyond the DMCA, so it may yet allege Real used proprietary information without authorisation to develop Harmony. The Mac maker also warned that future changes to FairPlay could cause Harmony-converted songs to break. However, Apple can't risk breaking songs downloaded from its own service. "Consumers, and not Apple, should be the ones choosing what music goes on their iPod," said Real. Maybe, but its Compaq-comparison remains specious. Did Compaq reverse engineer the IBM PC - or did it simply open the box, spot an off-the-shelf Intel CPU and chipset, an off-the-shelf BIOS and a Microsoft OS? IBM's use of readily available third-party parts - chosen becuase it bever really thought it would sell any personal computers and wanted to keep the cost down - is what made the IBM PC cloneable. Apple's FairPlay, by contrast, is not an off-the-shelf product. ® Related stories Apple blasts Real DRM translator Real to 'free' iPod from iTunes Music Store DRM begins to work its magic Guilty until proven innocent - DRM the mobile phone way Macrovision preps '99% effective' CD lock-in tech Macrovision and SunnComm court Apple for a seachange in CDs Intel, MS and co. to tout copy-friendly DRM tech
Tony Smith, 30 Jul 2004

US green-lights Sony BMG merger

The US Federal Trade Commission has given the thumbs-up to the proposed merger between Sony Music Entertainment (SME) and Bertelsmann Music Group (BMG). The FTC ruling comes a week after the European Commission approved the deal, which will create a company controlling a quarter of the global recorded music market. Sony BMG - as the new company is to be called - will account for just over 25 per cent of the market, just below current market leader Universal, which also owns just over a quarter of the business. Together, independent labels account for a further 25 per cent, with EMI and Warner splitting the remaining quarter roughly 50:50. Sony's Japanese music business, which was not part of the deal - essentially Sony is splitting off the business built out of its acquisition of CBS - sits among the indies. Sony and Bertlesmann will each own half of the new company, which will commence operations on Monday, sources close to SME told us. Now the battle begins between erstwhile BMG and Sony staffers, as the combined operation seeks to cut overheads and eliminate duplication among its workforce. ® Related stories Sony/BMG merger gets the nod Sony - BMG wedding hit by EC spoiler BMG to punt cheap, no-frills CDs London council clamps down on Sony and BMG EMI, Warner Music renew 'pre-nup talks' Judge will not dismiss 'Napster investor' suit Sony turns to video to boost music service Sony Connect to launch 5 July, late
Tony Smith, 30 Jul 2004

Telewest brags of record broadband sign-ups

The launch of a cut-price, entry-level broadband product in March has helped Telewest rack up a record three months for attracting new customers. In the three months to the end of June cableco Telewest added 72,000 new high-speed Internet punters, compared to 51,000 in the first quarter (Q1). As of 30 June, Telewest had 538,000 broadband Internet subscribers. "This growth was driven principally by the successful launch of our lower tier 256Kb service in March 2004," said Telewest as it reported its Q2 figures. During the second quarter of 2004, the cableco also increased the connection speeds of its top three broadband services which the company claims has helped it maintain an edge over rivals in the franchise areas it operates. Although Q2 revenues rose a smidgen from £323m last year to £326m in 2004, Telewest dived into the red again with a net loss of £126m compared with a profit of £5m last year. Telewest blamed a large part of the loss on foreign exchange fluctuations. Said Cob Stenham, chairman of Telewest Global, Inc: "This is the last set of results for Telewest Communications plc, the predecessor company of Telewest Global, Inc prior to the completion of its financial restructuring on 15 July, 2004. They show continued good operating performance with growth in customers and revenue generating units. "As a result of the financial restructuring, Telewest now has a strong balance sheet and a sound platform for delivering profitable growth as a leading broadband communications and media group in the United Kingdom," he said. On 15 July, the cable company completed its financial restructuring to help sort its debt problem. Telewest Communications plc, formerly the parent company of the Telewest Group, was de-listed from the London Stock Exchange and will be liquidated or dissolved. As a result of the restructuring, Telewest Global, Inc became the new parent company of the Telewest Group with its stock trading on Nasdaq. ® Related stories Telewest plagued by intermittent email probs 40k hit by Telewest email snag Telewest cuts losses Telewest boosts broadband speeds Telewest dubs broadband most successful product Telewest unveils capped 256k Net access
Tim Richardson, 30 Jul 2004

IE patch 'imminent'

Microsoft may break its normal patch cycle to issue a fix for the vulnerability infamously exploited by last month's Download.Ject (AKA Scob) attack. Internet.com cites Dean Hachamovitch, Microsoft group product manager for Internet Explorer, in support of a story that a patch is imminent. It reports that patch to be released next week will provide a "long-term solution to the core vulnerability" that led to the Download.Ject attack, one of the most serious security pratfalls ever to hit IE. Microsoft UK was a little more circumspect with naming a date, but suggested a fix should be available "within the next two weeks". Microsoft's monthly patches normally come out on the second Tuesday of each month. So this would allow Redmond to issue a double-plus critical fix on August 10, consistent with its monthly schedule - but at a time when many admins will be on holdiday. Microsoft has previously indicated it wanted to avoid this scenario, but its hand as been forced by the seriousness of the vulnerability exploited by Download.Ject. In a statement, Microsoft UK said: "A comprehensive fix for all supported versions of IE is under development and will be released once it has been thoroughly tested and found to be effective across the wide variety of supported versions and configurations of IE. In the meantime, we’ve provide customers with prescriptive guidance to help mitigate these issues." "We will release the update as soon as we are confident that we are providing a quality release with detailed prescriptive guidance to help customers effectively manage and deploy the update. This update should be ready for release within the next two weeks as soon as testing and quality review is complete," it added. Trojan wars Earlier this month Microsoft released a tool to clean up machines infected during last month's Download.Ject security flap. Users visiting a website contaminated with Download.Ject activated a script that downloaded a Trojan horse (called Berbew) from a website in Russia. This website was rapidly taken down, but the underlying vulnerability in Internet Explorer used in the Download.Ject attack remains unpatched, despite a workaround from Microsoft designed to limit the scope for mischief. Redmond released these configuration changes earlier this month and yesterday followed up with a tool to remove variants of the Berbew Trojan from infected systems. Berbew (AKA Webber or Padodor) is capable of extracting passwords and login details from victims and forwarding this confidential data to crackers. The risk posed by future Download.Ject-style attacks prompted security clearing house US-CERT to advise users to ditch IE for general web browsing, a call since repeated by other security experts. "Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience," Microsoft's Hachamovitch said. A brave statement, to say the least, especially given IE's chequered security history. Even after Microsoft shores up IE's defences to repel Download.Ject-style Trojan downloaders, history would suggest the next scripting vulnerability is only a matter of time away. ® Related stories CERT recommends anything but IE IE workaround a non-starter Microsoft half fixes serious IE vuln MS hatches July patch batch Watch out! Incoming mass hack attack Unpatched IE vuln exploited by adware
John Leyden, 30 Jul 2004
DVD it in many colours

Intel 'Nocona' Xeon to get 'no execute' support

Intel will ship Xeon processors capable of supporting Windows XP Service Pack 2 Data Execution Prevention (DEP) security feature from 24 September, company documents seen by The Register reveal. On Monday, Intel will begin shipping its 90nm 'Nocona' Xeon DP chip. Derived from the 'Prescott' Pentium 4, Nocona will support an 800MHz frontside bus speed and be made available in clock frequencies from 2.8GHz to 3.6GHz. The chips contain 1MB of L2 cache. They also support Intel's AMD64-like 64-bit x86 instruction set extensions, EM64. Monday's parts will be based on the chip's D-0 core. But just as Intel is upgrading the D-0 P4 core to version E-0, so too will the new Xeon get a similar upgrade. But while E-0 P4s are scheduled to arrive early October, the E-0 Xeons will ship a few weeks ahead of them, in late September. According to the Intel documentation, the Xeon E-0 stepping provides support for the "execution disable bit", which is the hardware foundation upon which WinXP SP2's DEP is built. Essentially, it prevents executable code running when it's located in a page of memory earmarked for data. AMD's CPUs have had the feature for some time - AMD calls it 'No-execute Page Protection', or NX for short - and Transmeta is building it into the 90nm version of its Efficeon x86-compatible CPU. The P4 is expected to gain DEP support in Q4 2004, but at this stage, it's not clear whether the feature will come from the E-0 stepping. Intel's P4 documentation doesn't say so, but the technology's incorporation into the 90nm Xeon suggests it could well be. However, the anticipated timing of a P4 with the "execution disable bit" provision coincided with the original timeframe for the 4GHz P4. That part has been put back to Q1 2005, Intel has admitted, which could also push back DEP support. The Xeon E-0 stepping will also "incorporate planned power optimisations to enable speed enhancements", including Thermal Monitor 2 and an enhanced processor halt state. ® Related stories Intel to add NX security to Pentium 4 in Q4 Intel to update 90nm Mobile P4 core Intel preps P4 core update 64-bit WinXP set-back forced Intel to delay 4GHz P4? Intel feels more 'complete' with release of 64-bit Xeon Intel unveils 64-bit capable Xeon
Tony Smith, 30 Jul 2004

Canadian pomp rock tops Reg music poll

Poll resultPoll result Well, the results of our Mother of all Music Polls are in, and they make sobering reading indeed. More than 7,000 of you voted and we can now confirm beyond any doubt that - despite previous reports to the contrary - developers do not play air guitar to Megadeth. No, it's much, much worse than that. The shocking truth is that the whole of the IT world is apparently obsessed with unpleasant Canadian pomp rock in the shape of Rush. In fact, the only profession which did not vote this their number one choice of easy listening were the Strategy Boutiques (Ad Sales/Marketing/PR), who have evidently decided to eschew whalesong to rock on to honourary unpleasant Canadian pomp rockers Heart. There are three possible explanations for this: 1) That the world of IT is awash with Rush aficionados. 2) That the vote is simply a "dirty protest" against the omission of certain genres and artists - the online equivalent of fouling oneself and spreading the results around the walls. 3) That participants did not understand that only one vote was allowed overall - not one vote in each category, thereby swinging the tally in favour of unpleasant Candian pomp rock. Whatever the truth, all three options are equally unpalatable. Furthermore, we discern few patterns emerging from the poll, apart from the fact that academics are the only people to have even the slightest interest in classical music and hardware engineers will occasionally get their rocks off to Queen. Draw what conclusions you will from that chilling prospect. Before announcing the full results we would, however, like to give a heads-up to CIO/IT directors who do not - as previously claimed - enjoy fine wines to the sound of Mozart, but rather formulate their IT strategies to a backdrop of Slayer and the Dead Kennedys. And Rush, obviously. Here, then, are the top 30 artists as voted for by you, our beloved readers: Rush — 737 Metallica — 422 Radiohead — 281 Heart — 276 Iron Maiden — 274 Red Hot Chili Peppers — 238 Pink Floyd — 230 Led Zeppelin — 202 Megadeth — 191 Nirvana — 188 Slayer — 165 Queen — 138 Portishead — 129 Smashing Pumpkins — 125 Kraftwerk — 125 Pixies — 116 AC/DC — 115 U2 — 108 Black Sabbath — 99 Coldplay — 87 Guns N' Roses — 84 R.E.M — 75 Bach — 69 Beastie Boys — 65 Dead Kennedys — 65 Jimi Hendrix — 62 Motorhead — 60 The Beatles — 60 Joy Division — 57 The Smiths — 57 And you may now peruse the top five artists by profession. Read it and weep: Software developer Rush Metallica Radiohead Iron Maiden Red Hot Chili Peppers Webmaster Rush Heart Nirvana Radiohead Metallica Security Rush Metallica Iron Maiden Radiohead Pink Floyd Telecoms jockey Rush Metallica Heart U2 Radiohead Reseller/distie/channel-type Rush Pink Floyd Led Zeppelin Kraftwerk Slayer Training Rush Metallica AC/DC Nirvana Kraftwerk Student Rush Iron Maiden Metallica Radiohead Red Hot Chili Peppers Sales Rush Heart Metallica Led Zeppelin Nirvana Project manager Rush Metallica Radiohead Red Hot Chili Peppers Queen Strategy Boutique (Ad Sales/Marketing/PR) Heart Rush U2 R.E.M Bach Database administrator Rush Heart Pink Floyd Metallica Red Hot Chili Peppers Hardware engineer Rush Metallica Heart AC/DC Queen Callcentre thingummybob Rush Metallica Iron Maiden Red Hot Chili Peppers Slayer Academic Rush Radiohead Pixies Bach Pink Floyd Engineer Rush Metallica Heart Red Hot Chili Peppers Pink Floyd Network manager Rush Metallica Portishead Nirvana Iron Maiden IT manager Rush Radiohead Heart red Hot Chili Peppers Pink Floyd Sysadmin Rush Metallica Iron Maiden Pink Floyd Megadeth IT hack Rush Heart Megadeth Pink Floyd Metallica CIO/IT director Rush Pink Floyd Heart Slayer Dead Kennedys
Lester Haines, 30 Jul 2004

Wi-Fi Alliance cracks down on ‘standards-plus’ kit

The Wi-Fi Alliance is rather belatedly seeking to crack down on ‘standards-plus’ products that achieve extended speed or range through proprietary add-ons, yet still claim to be fully interoperable. The Alliance has threatened to remove its certification from any product that interferes with another Wi-Fi product.
Wireless Watch, 30 Jul 2004

Apple - Moto ‘iPhone’ deal full of promise...

Apple and Motorola left a lot unsaid as they jointly announced this week that they will work together on an iPod-style player for Motorola music phones, due next year. The two referred to the device as a new iTunes mobile music player, and the fact that Apple chose Motorola to work with comes as no surprise to anyone who has studied the two companies over the past few decades. Apple’s architecture has been reliant on Motorola chipsets since the early days of Apple II, up to and including the PowerPC chips that drives the current generation of Apple Macs. Taking that old alliance into the digital media era, now the iTunes capability will be included in all of Motorola’s mass market music phones, the two companies said, though they did not say what proportion of Motorola handsets that covers. The first question the deal raises is just how much memory on the phone will be allocated to keeping Apple music onboard? The iPods go from 4Gbytes to 40Gbytes, holding between 1,000 and 10,000 songs. A phone is more likely to offer around 500Mbytes, so perhaps will hold only 100 to 125 songs. Another option is for these phones to be among the earliest to use a one-inch disk drive inside the mobile, which would open the way for far more storage and perhaps images and video as well as music. More partners? The second question is, since Motorola itself represents only 16.5 per cent of global handset sales, why would Apple want to limit itself to doing a deal with just one partner? Could it be that the two will work together on the device and then license the knowhow to Nokia (31 per cent market share), Siemens, Sony Ericsson and others, to create a real shut-out on the mobile phone in the future? This would fit well with Apple’s aim to make iTunes the dominant music platform, and with the trend among cellphone makers to seek influence and revenue by setting de facto standards and licensing key technologies to their rivals. Another interesting suggestion is that Motorola could put the new interface on its Microsoft Windows Mobile products. In which case the irony of Apple giving Microsoft a leg-up in phone markets would not be lost on the Apple CEO Steve Jobs, a seasoned veteran of wars with Microsoft. With the inclusion of a piece of memory in a phone that has a link to the outside (PC) world through a USB or Bluetooth link, there are also new issues raised around the protection afforded by existing phone digital rights management (DRM) software, which is currently unified around OMA 2.0 standards and just being rolled out. Operators will not be happy with a phone that doesn’t use OMA 2.0, because it will undermine the burgeoning standard, so will Apple perhaps create a gateway between its Fairplay DRM and OMA? Surely a logical next move would be a similar tactic from Sony, with its Sony Connect iTunes rival. We should expect a connection between Connect and its DRM, and Sony Ericsson phones, sooner rather than later. Walled garden But yet another question is - what operator in its right mind will allow music on and off a phone that it controls, to a PC? So far, music offerings from carriers, such as MMO2’s dedicated music player, have been focused on keeping users within the walled garden. In the PC environment, the operator has no chance of making a margin on the music or on the download data communication time. And yet, the idea of an iPod-style interface on a phone is superbly compelling and perhaps Motorola and Apple can come up with a business model, like fitting an iTunes music store to an mobile operator service, that will recompense the operators for letting the music in from the PC. The companies did not release details on specific features of either the stripped-down version of iTunes or the new handsets, including how many songs the phones will be able to store. Jobs said: “The mobile phone market—with 1.5bn subscribers expected worldwide by the end of 2004—is a phenomenal opportunity to get iTunes in the hands of even more music lovers around the world and we think Motorola is the ideal partner to kick this off.” If Motorola is just going to kick it off, it sounds as if Jobs is creating a path for every other phonemaker to come knocking at his door between now and the launch of the first iPhone. Apple currently claims to have 70 per cent of the online music market and a 50 per cent market share at the top end of the portable music player device market. But at a mere 3.5m devices, this is but a drop in the ocean compared to the two billion mobile phones that will be in circulation by 2008. Copyright © 2004, Wireless Watch Wireless Watch is published by Rethink Research, a London-based IT publishing and consulting firm. This weekly newsletter delivers in-depth analysis and market research of mobile and wireless for business. Subscription details are here. Related stories Motorola delays MPx220 MS smart phone Motorola touts 'razor thin' metal mobile DRM begins to work its magic Apple licenses iTunes to Motorola
Wireless Watch, 30 Jul 2004

AMD Sempron desktop CPU

ReviewReview AMD's new budget processor, the Sempron, has finally arrived. The speculations behind what the Sempron would be were confusing and didn't seem to make sense at the time, and it's still not quite clear why AMD has released some of the models, writes Lars-Goran Nilsson.
Trusted Reviews, 30 Jul 2004

US cyberstalker pleads guilty

A US man has pleaded guilty to cyberstalking a former girlfried. Believed to be the first person to be fingered under US laws prohibiting Internet stalking, Robert James Murphy, 38, of Columbia, South Carolina, originally denied a hearing in April 26 counts of using his computer "to annoy, abuse, threaten and harass" Joelle Ligon, a 35 year-old Seattle woman. Yesterday, Murphy pleaded guilty to two counts of cyberstalking in an agreement with federal prosecutors, AP reports. He is to be sentenced at the end of October. In May, Chubb Insurance warned that stalkers are increasingly using email and the Internet to prey on their victims. Although widely regarded as a crime that happens to celebrities, a study found that one in eight adults in the UK is a victim of "persistent or unwanted attention". Experts identified ordinary men and women in their 40s - especially those holding managerial positions or working as lawyers and doctors - as "typical victims" of stalking. In many cases, people are followed or receive menacing phone calls, in eight out of ten cases email is used to threaten or abuse victims. According to the report: "It is anticipated that the rapid technological advances of recent years will facilitate stalking offending further. Although no figures are available yet, stalkers are taking advantage of email to harass their victims. The Internet and electronic databases provide rich potential sources of information for offenders on their victims. This is making it more difficult for victims to hide from their stalkers." ® Related stories US man on Net stalking rap Stalkers target victims with email German 'old tart' emailer fined Jilted lover jailed for email stalking
Tim Richardson, 30 Jul 2004

The battle for email privacy

Ah, humanity. We are a sneaky species, forever attempting to get a leg up on everyone else in as underhanded a manner as possible. If there's a way to listen in to conversations not meant for us, watch the actions of others furtively, or read someone else's secrets, we do it. In January, it was reported that a 24-year-old thief in Medellin, Colombia had himself delivered to a wealthy condominium in a parcel. His plan? Wait in the box until it was deposited in the home he wished to ransack, then worm his way out and have his way. Unfortuntely, police suspected a bomb, and started to open the box when ... the lad cut his way out, complaining that he couldn't breathe. Oops. Last October, Bruce Schneier reported a new technique used by car thieves: precision stripping. Here's how it plays: steal a car. Strip the car down to the chassis. Dump the chassis on the street. Soon enough, the cops tow the chassis away. When the chassis is offered up at a police auction, buy the chassis. Reattach the parts to the chassis. Bingo! You now own - legally - a car that you stole. As Schneier puts it, the VIN (Vehicle Identification Number) has been "laundered". And now, perhaps the sneakiest technique of all, although I can find no actual stories of anyone using it in the news (if someone knows of one, please send it to me). It seems that cell phones made by Nokia, Motorola, and others have a great new feature: you can make the phone appear to be turned off, then call it and initiate a special mode in which it answers incoming calls and turns on the speaker, allowing you to hear everything uttered in the room in your absence without anyone knowing. Now that is sneaky! And, I think most of us would agree, pretty creepy, if not close to downright dishonest. Unfortunately, such behavior is easy to find in the online world - just take a look at email. Most of us have been the victims of the dreaded email "read receipt". You know: "Mr. Duplicitous has requested confirmation that you have received his email." And underneath are two buttons: Yes and No. I don't think I'm alone in always choosing No (unless someone is dumb enough to send such a request to a mailing list, which hopefully results in about a thousand "confirm" messages drowning the jerk in email). In fact, my email program of choice - Kmail - allows me the choice of four settings in the program's preferences: (a) Ignore, (b) Ask, (c) Deny, (d) Always send. Guess which one I've got checked? Many other email programs have similar options available (unless you're using Outlook to check an account on an Exchange server, in which case you're hosed). These options are a good thing. It's nice that we have some measure of control over our email. And, to be honest, I can see how certain folks, in certain situations, may need to use read receipts (and deleted receipts, and forward receipts, which are sometimes found as well). But for most people, read receipts are annoyances at best, privacy intrusions at worst. But at least they're visible - assuming, of course, that you've haven't set your email program to always send a reply, automatically. It's hard to be unaware of the situation when a big dialog box opens up asking you what you want to do. At that point, you know that someone is trying to track your email behavior. Bug Off Read receipts were bad enough, but they weren't good enough for certain Net users, like spammers, so-called "email marketers", and your overly-paranoid boss. For years, while email was still the blessed realm of simple text, these people wailed and gnashed their teeth, awaiting the day when they could begin tracking in earnest. And finally, with the arrival of HTML-based email, their prayers were answered. For now a plague of "Web bugs" swept over the Internet, alerting the spammers, the marketers, and yes, your wacko boss, that you had in fact read their email - and precisely at 2:49:34 p.m. I hope they're happy. Web bugs, for those of you who don't know about these insidious little beasties, are basically tiny, 1 pixel by 1 pixel, transparent GIF images embedded in HTML emails. When you open the email, a connection is made back to a server requesting the GIF, letting those who sent the email know that you have in fact opened their missive offering you an enlarged body part - or ordering you to work on Saturday. Either way, it's a raw deal. Web bugs are in far greater use than I think any of us realize. A lot of "companies" offer the "service" - just search Google for "tracking email" and note the ads on the top and right side of the results. In fact, Edward Felten wrote in his blog about one company - DidTheyReadIt (I'm not going to dignify them with a link) - that promises not just to inform users that an email has been read, but also how many times it's read, if it's forwarded, and where geographically the reader is. Email clients to the rescue, once again. Kmail allows me to go into the program's options and check whether or not I want to allow my email program to "Allow messages to load external references from the Internet". Mozilla Mail and Thunderbird offer "Block loading of remote images in mail messages". Even Outlook 2003 has finally gotten into the act, although the instructions for prior versions of Outlook are crazily complicated and the option is cleverly buried so deep that a bloodhound couldn't find it, but hey. At least it's there. At least read receipts are visible and obvious. Web bugs are another story. They're insidious, used by people who don't have the guts to stand up and announce themselves. But at least we can block them. Of course, the same people bent on ensnaring us in their own private panopticons won't be satisfied with the defeat of Web bugs. No, the arms race continues, and that brings us to ReadNotify, also discussed by Edward Felten. They Like to Watch ReadNotify makes Jeremy Bentham's dreams of surveillance look mild. They allow users of an almost every major email program in use today - Outlook, Outlook Express, Netscape Mail, Eudora, Thunderbird, Pegasus, even Hotmail and Yahoo - to create email that gives the sender an enormous amount of information about the recipient, as they describe on their site (again, no direct link to these guys): Tracking: find out when email you send gets read, where the reader is located, how long they read it for, if they printed it out, whether they forwarded it to someone else, and much more. Certify your email: get proof-of-sending and proof-of-opening digitally signed and time-stamped court-admissible receipts. Self Destructing Email which blocks printing, copy, save, forward, print-screen, can be retracted after sending and deletes itself after being read. Ensured Receipts guarantee you get a receipt when your email gets opened, and lets you retract your emails after sending. Detailed Notifications arrive via email and optionally by SMS, Pager, ICQ, IRC, MSN/AOL/AIM/Yahoo Messenger and on your own "Personal Tracking Page" on our website. By the way, that "much more" in the first bullet point is in fact much more. You get maps of the reader's location, her IP address, her email address, referrer details - and everything is also available for anyone who reads the forwarded email as well. Yikes! Now, you may be thinking, "why not just block this email's Web bugs like we do all the others?" Well, that would be great, if ReadNotify just used Web bugs. Unfortunately, these clever, clever people use another technology in addition to Web bugs: IFRAMEs. If you're a Web developer and you need a brush-up on the IFRAME element, HTMLHelp has a nice piece; if you're not a Web developer, don't worry about it. Just understand that it's far more complicated - and far more effective - than simple transparent GIF images. (And y'know what's even better? The thoughtful Orwellians at ReadNotify also offer the same tracking service for Word and Excel documents! How sweet of them!) So how do we defeat ReadNotify's IFRAME trick? The short answer: we can't ... yet. Oh, we can disable HTML-based email. That option is easy to do in Kmail. As I've discussed before, Kmail really does things the right way when it comes to HTML emails: The default behavior of the email program I prefer - KMail - is to not load external references in messages, such as pictures and Web bugs, and to not display HTML. When an HTML-based email shows up in my Inbox, I see only the HTML code, and a message appears at the top of the email: "This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here." But even after I activate the HTML, certain dynamic elements that can be introduced in an HTML-based email - like Java, Javascript, plugins and even the "refresh" META tag - do not display, and cannot even be enabled in KMail. The problem is that the vast majority of email clients in use today do not possess Kmail's flexibility. Email programs' treatment of HTML is often more like a light switch: either it's on or it's off. There's no in-between. Clearly, users need to demand safer email programs that give them greater control over message display. I wouldn't hold my breath (remember, it took 'til Outlook 2003 for the program to automatically block Web bugs), but eventually the problem will be fixed. This is an arms race. Every time the technology changes to enable further surveillance, something happens to render that surveillance inoperable ... at least until the next technological change. And so it goes. Ah, humanity. Copyright © 2004, Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients. Related stories America - a nation of corporate email snoops Computer Security: a handbook for the ordinary user Anti-phishing group backs email authentication
Scott Granneman, 30 Jul 2004

Your data online: safe as houses

A decision by a federal court in Minnesota may have profound repercussions for the ability of consumers and others to rely upon promises of security and privacy made on corporate or governmental websites - and that's just for starters. On 21 June, 2004, the United States Senate Governmental Affairs Committee was told that a number of US airlines had routinely collected data about travelers on their flights. This information included dates of travel, origin and destination, credit card and payment data, seat preference, and even whether they wanted a kosher, low-fat, vegetarian, or Atkins-friendly meal (remember when you got meals?) on the flight. Moreover, the airlines that collected this information had privacy policies like that of American Airlines, which states: Information Security is one of our highest priorities at American. We limit access to personal information about you to those authorized employees and agents who need to know the information to provide products and services to you. We maintain strict physical, electronic and procedural safeguards that comply with federal regulations to protect personal information and we regularly review our security standards and procedures to protect against unauthorized access to personal information. Based on this language, it might be reasonable to conclude that any personal information you shared with American Airlines would be secure. From a legal perspective, such an assumption would be misplaced. First, what American giveth, American can taketh away. On a separate part of its webpage, under the sinisterly named moniker "legal," American Airlines' policy disclaims any warranty. In short, they say that even though information security is "one of their highest priorities," if they screw up and leak your information, you are out of luck. They state: While American Airlines takes reasonable steps to safeguard and to prevent unauthorized access to your private information, we cannot be responsible for the acts of those who gain unauthorized access, and we make no warranty, express, implied, or otherwise, that we will prevent unauthorized access to your private information. IN NO EVENT SHALL AMERICAN AIRLINES OR ITS AFFILIATES BE LIABLE FOR ANY DAMAGES (WHETHER CONSEQUENTIAL, DIRECT, INCIDENTAL, INDIRECT, PUNITIVE, SPECIAL OR OTHERWISE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH, A THIRD PARTY'S UNAUTHORIZED ACCESS TO YOUR INFORMATION, REGARDLESS OF WHETHER SUCH DAMAGES ARE BASED ON CONTRACT, STRICT LIABILITY, TORT OR OTHER THEORIES OF LIABILITY, AND ALSO REGARDLESS OF WHETHER AMERICAN AIRLINES WAS GIVEN ACTUAL OR CONSTRUCTIVE NOTICE THAT DAMAGES WERE POSSIBLE. There is one particularly intriguing part of this statement. American Airlines disclaims any liability in the event that any third party gets unauthorized access to your personal data. Thus, if American Airlines' agents themselves voluntarily (but in violation of their stated privacy policy not to share this data) give the data to, for example, a private contractor working for the United States Department of Transportation, such sharing is "unauthorized" in the sense that it is in violation of their policy. But American disclaims any liability. So, if the sharing is "authorized," it's ok, and if it's "unauthorized" it's also ok. You gotta love these lawyers. It's okay to give your personal data to the government. And ultimately, this is exactly what American Airlines did, along with Delta, Continental, America West, JetBlue, Frontier Airlines and travel reservation firms Galileo International and Sabre Holdings. In all, tens of millions of passenger records were transferred in violation of express privacy and security policies. Among these revelations, Northwest Airlines admitted that it shared records with NASA in a similar program. But in the end, very little of this matters, because even the restrictive privacy language may not be enforceable. You see, Northwest customers sued the airline for revealing their data, and on 6 June, 2004, US District Judge Paul Magnuson, in Northwest's home turf of Minnesota, dismissed the case (PDF) without a trial. First, the court held that when the US Congress deregulated the airline industry, it didn't want the states to tell the airlines what to do, and prohibited states from passing laws related to the "service of an air carrier." Thus, if an airline commits fraud, deception, larceny, theft, invasion of privacy, or any other civil or criminal wrong, the state can't prosecute the airline under ordinary consumer protection or theft laws (or torts) that would apply to other entities. The airlines as an industry are free to deceive without fear of accountability under state law. Next, the court went on to state that the customer's "personally identifiable information" - the stuff that the airline agreed to protect - did not belong to the customer, because the customer "voluntarily provided some information that was included" in the information given to the government, and that when Northwest "compiled and combined" this information with other data it "became Northwest's property." The court concluded "Northwest cannot wrongfully take its own property." This analysis is not limited to airlines. Any company or entity is now free to say anything in order to induce you to part with your personal information (don't worry, it's secure, or we won't sell it), because once you give it up, it "belongs" to them. The Fine Print This court's reasoning overlooks the fact that the consumers only "voluntarily" provided this information to Northwest because the airline made certain promises and representations about its privacy and security. It's also wholly inconsistent with a series of deceptive trade practice cases brought by the United States Federal Trade Commission against companies like Guess Jeans, Microsoft, Eli Lilly, and Tower Records, as well as New York State consumer protection enforcement actions against Barnes and Nobel, Ziff Davis Publishing, and Victoria's Secret. In each of these cases, the government's theory was that the personal information obtained by the companies was obtained wrongfully (and therefore constituted a deceptive trade practice) because the individuals were promised that their data would be secure when it was not. Ownership of the personal data did not transfer to the companies - well at least not voluntarily. The Minnesota decision, if more widely adopted, threatens to derail all of this privacy and security related case law. And all of that is the good news. The final part of the district judge's opinion threatens to derail a long established body of law regarding the enforceability of language on websites. All companies have them - you know, the burdensome and oppressive terms on a website that nobody reads (or is capable of reading) that limits the company's liability, or contains grandiose claims of superiority of their vaporware. In this case, the court held that Northwest was not bound by contract to do what it said it would do because there was no evidence that the consumers "actually read the privacy policy." Now the reasoning is not without some intellectual merit. After all, you can't be harmed by a breach of terms of an agreement you never knew existed. You also can't claim a "quid pro quo" - that you agreed to give up your personal information in exchange for a promise of privacy or security that you never saw and never knew about. The problem with this reasoning is its unilateral nature. Certainly Northwest would seek to enforce all kinds of terms of its website, or the microprint on the back of paper tickets, irrespective of whether the consumer actually "read" the contract. Under click-wrap, click-through, or other Web-based contracts, it has generally been deemed sufficient to bind the party if the terms of the contract were "available" to be read - whether or not they were actually read. Would the American Airlines legal disclaimer of warranty only apply to those who read it? What if I only read the privacy and security policy but not the legal disclaimer? Could I claim breach of only the parts of the contract I chose to read? More troubling was the fact that the language that Northwest sought to avoid was written by Northwest itself, posted on Northwest's own website. Clearly, they knew about it. So it was binding only on the people who booked online and read the policy? Did Northwest segregate its data - those who booked after reading the site get privacy, but those who booked without reading the policy have their privacy data shipped to the government? This is caveat emptor in reverse. If a promise is made in a forest, and nobody is around to hear it, is it binding? I think it is - or at least it should be. If you make a promise to the general public that you will make their data secure, then by God, you should do so - for everyone. Otherwise, by default, everyone who fails to read a HIPPA, GLBA, or Data Privacy notice has "opted in" to any use the company wants to make of their data. Promises of privacy become, if not completely meaningless, at least meaning less. As a final insult, the Northwest airlines judge essentially resorted to the "so-what" defense. The court said that even if you read the policy, relied on it as a contract, agreed to part with your personal information in return for the promise of privacy and security, and then Northwest knowingly and deliberately breached this promise and shared your data with the government, you suffer no contractual damages as a result. Your real damages, according to the judge, are for invasion of privacy, not breach of contract, and since you no longer own that data, you have no privacy rights at all. A classic no-win situation. The basis for this decision potentially undermines the ability to contract in cyberspace. It also means a lot more reading of fine print by all of us. Get your reading glasses ready. Copyright © 2004, SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc. Related stories Spammer charged in huge Acxiom personal data theft Your data is at risk - from everything How safe is your medical record?
Mark Rasch, 30 Jul 2004

ID cards: a bad idea, but we'll do it anyway

The National ID Card programme will be too expensive, has been shrouded in secrecy and lacks sufficient safeguards against abuse. So says a report from the Home Affairs Select Committee, which describes the Home Secretary David Blunkett's secretive approach as "regrettable". The report criticises the Home Office for its approach. It said that there was a "lack of clarity and definition on key elements of the scheme and its future operation", and that some basic tenets of the proposal had been "poorly thought out". The MPs call on Blunkett to be more open, recommending that he open the procument process to competitive tendering. He has refused to do so, citing market sensitivities. Many of the concerns raised in the report mirror those reported in The Register. The MPs said the cards could make identity fraud easier in cases where cards were not inspected in detail. They also expressed concern about function creep, and the degree of access MI5 and MI6 would have to the database. Shadow Home Secretary David Davis told The Independent: "It is extremely disturbing that decisions on ID cards are being taken in secret. ID cards raise complex questions of civil liberties so of all of the policy decisions taken in secret, ID cards shouldn't be one of them." However, in apparent defiance of its own findings, the report broadly supports the introduction of a national identity register and identity card. The general sentiment is that ID cards are OK, but the government must proceed with caution. The report acknowledges that the introduction of an ID card would "represent a significant change in the relationship between the state and the individual in this country", but concludes that it should not be rejected on constitutional grounds alone. The MPs concluded that "the Government has made a convincing case for proceeding with the introduction of identity cards". The report points to the government's poor record on large scale IT projects. It warns that costs could easily spiral out of control, particularly when decisions are taken behind closed doors. It accuses the Home Office of being "too vague" in its assesment of some cost areas, particularly the human elements of the scheme such as enrolement time and applications that need further investigation. Finally, the MPs recommend that the draft Bill be given primary legislation status. You can read up on that here, but put simply, this means it would be subject to parliamentary scrutiny, and that passing it into law would need the backing of both houses. The key thing to note in all this, is that the debate has moved on: we are no longer talking about if we should have a national identity register and identity card, but how the system can be made to work. ® Bootnote Blunkett is under no obligation to open the procurement process to public scrutiny, despite the fact that the programme is likely to swallow at least £3bn of taxpayers' money. The Code of Practice on Access to Government Information allows for information to be witheld, if releasing it is not in the public interest. The list of circumstances in which the public interest is best served by secrecy is here. A cursory scan reveals that it has pretty much everything covered. Related stories Get your Blunkett-bashing NO2ID shirt here US wins David Blunkett Lifetime Menace Award Tag, track, watch, analyse- UK goes mad on crime and terror IT Everything you never wanted to know about the UK ID card Blair puts compulsory ID card on fast track for UK
Lucy Sherriff, 30 Jul 2004

Sysadmins need love too. No, really

It's that time of year again when we are all invited to appreciate that most unlauded of colleagues: the humble sysadmin. Yes indeed, they may play air guitar to Rush, Metallica, Iron Maiden, Pink Floyd and Megadeth, but 30 July is the day when all that is temporarily forgiven to allow a heartfelt celebration of all things sysadminesque. Full details on how you too can love your sysadmin are available on www.sysadminday.com. Here's how they put it: "A special day, once a year, to acknowledge the worthiness and appreciation of the person occupying the role, especially as it is often this person who really keeps the wheels of your company turning." Bless. ®
Lester Haines, 30 Jul 2004

US.gov plans DES's retirement

The ageing Data Encryption Standard (DES) is no longer secure enough for use by government and should be replaced by Advanced Encryption Standard (AES) instead, according to a key US government standards agency. The National Institute of Science and Technology (NIST) yesterday proposed to withdraw the Federal Information Processing Standard for DES, effectively pensioning off the venerable old algorithm. Interested parties have until 9 September to respond to NIST's retirement plans. DES has been a key US government (and therefore industry) security technology since 1977 but now its beginning to crack up - it just can't keep up with these whippersnappers in Unis with their new, fancy computers. NIST notes that DES is now vulnerable to brute force attack - thanks to advances in parallel computing. DES's shortcomings have been apparent for some time, so NIST's retirement plans will come as no great surprise to cryptographers and other members of the code-breaking community. The review of DES that led up to NIST's recommendation to drop its use by Federal agencies reached an inescapable conclusion. Even though NIST will sanction the use of Triple-DES even after DES is sent off to pasture, the agency is encouraging Federal agencies to implement the faster and stronger Advanced Encryption Standard. ® Related stories The encryption algorithm demolition derby (the Genesis of AES) US give AES the official yes IETF puts weight behind Advanced Encryption Standard New AES crypto standard broken already? 56-bit crypto code cracked in a day
John Leyden, 30 Jul 2004

Researcher ups world mobile sales forecast

Mobile market watcher Strategy Analytics (SA) has upgraded its forecast for world mobile phone sales to 670m. The not only represents a 14 per cent jump on the researcher's previous forecast, made last January, of 586m units, but a 29.5 per cent growth rate over SA's total for 2003. Last year, it calculates, vendors shipped some 517.2m handsets. Fellow researcher iSuppli also uppped its annual handset shipments forecast this week. SA's bullish forecast follows strong Q2 sales across the world. Some 156.9m units shipped, bringing the H1 2004 total to 312m units. Shipments were up 37.9 per cent year on year, down slightly on Q1 2004's year-on-year growth of 42.3 per cent, but well up on Q2 2003's annual growth rate of 13.9 per cent. The researcher made one warning: that potential component shortages could hinder growth in Q4. But for now it expects strong growth during that quarter thanks to holiday sales. SA said it expects Q3 to be slightly weaker than Q2, with the bulk of H2's 358m shipments coming in Q4. According to SA's numbers, four of the top six vendors saw shipments up more than 50 per cent year on year. Over the same time frame, Nokia and Siemens lost market share - by 7.1 and 0.5 percentage points, respectively - while Samsung saw the biggest gain, adding four percentage points to its market share. It also gained 1.5 percentage points between Q2 2004 and Q1 2004. This time the big losers were Siemens and Motorola, down 1.7 and 0.9 percentage points respectively. ® Q2 Global Mobile Phone Vendors Rank Vendor Q2 2004 Shipments Q2 Market Share 1 Nokia 45.4m 28.9% 2 Motorola 24.1m 15.4% 3 Samsung 22.7m 14.5% 4 Siemens 10.4m 6.6% 5 Sony Ericsson 10.4m 6.6% 6 LG 9.9m 6.3%   Others 34m 21.6%   Total 156.9m 100% Related stories Nokia and co 'to ship 625m handsets' this year Europe: we will buy your PDAs PalmOne extends world PDA lead HP extends Euro PDA lead Motorola delays MPx220 MS smart phone Motorola touts 'razor thin' metal mobile HP rolls out Wi-Fi PDA phone Mio launches MS smartphone in UK Neonode smart phone to ship minus key features Asus announces PDA with VGA LCD, Wi-Fi
Tony Smith, 30 Jul 2004

HK customs seize £600k fake mobile phone kit

Customs officers in Hong Kong have seized fake mobile phone accessories worth HK$8.5m (£600,000) after searching a container bound for Argentina. Officers found around 130,000 suspected counterfeit batteries and cartridges yesterday morning, according to Chinese state media. Officers are investiging the haul although no arrests have been made, said the report. The problem of counterfeit mobile phone accessories has worried mobilephoneco's following a spate of exploding handsets with some people suffering nasty burns. Giant mobile outfit, Nokia, warned users that using inferior or fake gear could lead to phones overheating or exploding. In November last year Trading Standards officers in the UK raided premises in Camden, London, seizing a "substantial number" of fake Nokia-branded mobile phone accessories. Nokia said the seizures were part of its committment to "reducing the amount of counterfeit products reaching the high street and in doing so protecting our customers from sub-standard and, in some cases, dangerous goods". ® Related stories Trading Standards seizes fake Nokia gear Belgian watchdog fumes over Nokia battery statement Nokia batteries not safe either Belgian watchdog Nokia phone explodes in Finland Another Nokia phone explodes Woman burned by exploding cellphone
Tim Richardson, 30 Jul 2004

Segways are brilliant, you idiots

LettersLetters Seems young Ashlee upset a few people with his latest article about Segway Polo. Turns out there are a lot of people out there with scooter envy, who take umbrage on behalf of Segway Poloists. We still think its a bit silly, to be honest, but that might just be us. You must be really proud of your ability to pour scorn on people who choose to use the freedom that comes from living in the USA, differently than you do. Thank God you put the kibosh on Segway polo before they resort to doing something really stupid, like throwing a bladder of pig skin around for an hour, or jumping out of a perfectly good airplane to see if the parachutes work. Would'nt that be something to examine in minute detail! You really must be a perfect person, in every way. How I wish I could be like you. John Egan-Wyer You are right. We are a regular bunch of Mary Poppins round here. Dear Ashlee, What a spiteful little article you have written about Segway polo. I am sure it amused you no end to write it. What was the point? Was your goal to belittle Segway, its owners and creators? What value did your article bring? Clearly you have never ridden or even seed a Segway. If you had, you would not have called it a "Scooter" - it is not a scooter. I have taken the time to write this because I want you to know that Segway is an incredibly useful tool for those that need it. (Not everyone needs it.) My wife uses one as an alternative to a wheel chair. It has been a fantastic improvement to her life, and the lives of many others. You might write an article on that. As for me, I enjoy riding the Segway - it is an incredible engineering achievement. If you have seen or ridden one, you would know why it cost $4000. You would also know why you could not play Polo on any traditional scooter. I am now looking forward to playing Segway polo. Regards, Roger you're an idiot. seriously, use your freaking brain. if you have issues against the segway, then why don't you join into an open debate about them. come onto the segwaychat board and voice your concerns and let people respond. your one sided pathetic report only makes you look like a moron. 'Pete' "Inspired by the Segway enthusiasts' passion for exercise, your reporter left the office this morning with a six-pack in hand, hailed a cab, drank the six-pack, returned to The Vulture Compound and then waved his arms wildly while riding the elevator back up to the office. This feat did not cost $4,000, and it left us with a shred of dignity." There's a Vulture compound in Chicago? these places springing up like Starbucks Anyway, that isn't a fair test, drunks with no control of their limbs heading into the office is normal staff practice for you guys, right? How else do you explain the music survery... Adam Cains OK, Ashley, so it's fun to bash Segways. And no, Segway polo really isn't much of an achievement, when you consider all the pre-release buzz about "Ginger". But please take a look at this site before you decide the Segway is only a trivial rich-guy toy. Although it isn't sold as or advertised as an assistive technology, the Segway offers some disabled people the chance to glide through the world at face-to-face level. Please consider giving this usage some space in your column. FYI, I don't represent Segway in any way, and I don't own one myself. Thank you, Ann Computer games are being held responsible for the decline of the morality of youth. Again. This is all just like the time TombRaider was blamed for an alarming rise in thefts from pyramids. Actually, we made that part up, but we think you'll take our point. If Game and Dixons will boycott games after a silly, knee-jerk headline, I think it only fair that us, the people who this whole thing actually involves, respond in a reasonable and useful way. So, I've started a boycott of game retailers that boycott games. As I say in the petition-thing, if they want to cater to the tabloids instead of us, the gamers, then they can fuck right off. I presume you'd agree. The boycott is here. I'd appreciate it greatly if you gave it some coverage. Peace and love, Dave ps. To add weight to my whole 'Games don't make violence' claim thing, I think it worth pointing out that I was jumped by five neds on the way home from the pub half an hour ago. They had me surrounded. They were short, skinny, puny , vicious-but-stoned little junkie neds though, the sort that look like the result of numerous generations of inbreeding, and the sort that a moderatly tough young man like myself could've overcome without too much difficulty. So, did I, an avid gamer, embrace it as an oppertunity to kick shit out of people, or did I sweetly talk them out of everything, and end what could've been a bad situation with a handshake? Well, the fact that there isn't a STREETFIGHTER 2 CAUSES PSYCHO TO MURDER FIVE INNOCENT ANGELS Daily Mail story brewing away should answer that. So, you slaughtered them but hid the bodies? Just joking... I presume from thetone of your article you are not familiar with much of the research - a sample from the Web to whet your appetite "There are some in the entertainment industry who maintain that 1) violent programming is harmless because no studies exist that prove a connection between violent entertainment and aggressive behavior in children, and 2) young people know that television, movies, and video games are simply fantasy. Unfortunately, they are wrong on both counts. At this time, well over 1000 studies - including reports from the Surgeon General's office, the National Institute of Mental Health, and numerous studies conducted by leading figures within our medical and public health organizations - our own members - point overwhelmingly to a causal connection between media violence and aggressive behavior in some children. The conclusion of the public health community, based on over 30 years of research, is that viewing entertainment violence can lead to increases in aggressive attitudes, values and behavior, particularly in children. Its effects are measurable and long-lasting. Moreover, prolonged viewing of media violence can lead to emotional desensitization toward violence in real life. " Perhaps if you had listed the variety of ways you kill and win in this game more readers would feel that perhaps enough is enough - ! Roll on snuff movies - after all they are probably fiction too. Yours despairingly Patrick Moving on to happier topics: El Reg may be branching out into dance tuition, following an interesting response to the news that Peter Stringfellows' girlfriend published an online lapdancing guide: hi my name is danielle im 18 i have wanted to do lap dancing 3yrs but i dont know how to get in to it so if you get back to me and help me that would thanx Kieren says: "Anything to help an aspiring lap dancer, Michelle. As luck would have it, The Register Lap Dancing School has just opened up. We have a free slot on Friday at 6pm. Please keep the evening free as lessons may overrun." What a generous soul. A quick reader review of US immigration, inresponse to Bruce Schneier's piece about the Houston airport rangers: To give you a flavour of the high standards of Huston Airport security, particularly as it relates to WMDs such as biological contaminants, I had to fly to Huston on business as a database consultant in 2001, at the height of the foot and mouth crisis, a few months prior to 11 Sept. Since I lived opposite an infected dairy farm with a destruction order, in Gloucestershire, I took with me a complete change of shoes and clothes, and wore old clothes and shoes on the flight on the assumption that they would be destroyed in Huston, the heart of Texas beef country. I had become used to the routine of disinfecting my car tyres and boots on my regular commute from farmland into the bustling metropolis of Tewkesbury, and expected that the cattle ranchers of Huston would take it even more seriously. On the plane I filled in my immigration card. "Do you live in a farming area?" Yes "Do you live on, or regularly have to travel over, farmland?" Yes "Is this land used for cattle or sheep farming?" Yes "Has this farm been subject to any disease orders in the last ten years?" Yes "Is this farm currently subject to any disease orders?" Yes "Is it swine fever or foot and mouth disease?" Yes "Has the livestock been issued with a destruction order?" Yes It didn't actually say "Are there plumes of choking thick smoke rising from the burning carcases in the field behind your house, whilst government officials roam the parish with rifles taking down cattle for the cull?" but if it had, the answer would have also been "Yes". Arrived at the airport. No disinfectant mats. No warning posters. No men in blue overalls and yellow wellies. No clothing incinerators. Handed over my immigration card to the passport guy. He looked at my shaggy hair and asked me a few questions relating to the drugs trade and organised crime; I explained I was a computer consultant working for the men in suits he'd just waved through. He waved me through. And that was Huston airport security. If that's how they deal with the people who tick "Yes" to all the biohazzard questions on their paperwork, then they have a long way to go before they protect themselves from WMDs carried by less honest passengers. -- Andrew Oakley Dunno 'bout you, Andrew, but we reckon it might be a little bit different now... In this next section, company names have been omitted to protect the guilty. Why? Yes, you guessed it. It's all about corporate mail snooping: I'm not sure if you're still interested, considering the story has been published, but the insurance company I worked as an intern for monitored all outgoing email. I discovered it one afternoon while I was reinstalling software on our VP of IS's computer... she basically had all outgoing email in the company cc'd to her through the server. Since she had preview on in Outlook, she'd just skim the first 3 or so lines, and if something in there required attention, she'd read the whole damn thing. This was happening three years ago, but I have no reason to think that they'd [the company concerned] change their policies. It blew me away... people that are paid a fantastic amount because the company basically rides on their backs, and their time is spent reading everyone's (about 130 employees) email. Can you imagine? Name supplied I used to work at a merchant bank based in London and I know for a fact they had an information security officer that read the e-mails as he queried one of mine which kind of gave the game away. Name witheld And finally : this might not come as a surprise, but news that DoubleClick was under DDoS attack hasn't exactly made you lot cry: All I can say is "hooray". How many times have I had a webpage wait piggin ages for ads.remote.com or some other winker site to finishe putting the "finishing touches" on a website. It wouldn't be so bad if they used a certain host name for their ad/tracking software, but no. They KNOW that there are people who don't WANT to get their guff, so they use "ads1.thingy", "ads2.thingy" .... just so that blocking them from a site you ahve NEVER been interested in watching the ads for becoems more of a pain in the ass than waiting, looking at a bank(ish) screen for "retrieving data from ads.scripps.com" to finish and it to start downloading the data you WANTED in the first place. Garn. Boo Hoo Hoo. Double-Click begins to get what they deserve. Too bad the worm didn't wipe them out. Lynn Excellent - where do I sign up? Jim Enjoy the weekend, dear Readers. ®
Lucy Sherriff, 30 Jul 2004

The Segway: glorified scooter or democracy on wheels?

PollPoll It has come to our attention that some readers are a bit miffed with our stateside correspondent Ashlee Vance's controversial coverage of the Segway scooter and how it has contributed to the advancement of humanity in so many ways. To be honest, this has taken us a bit by surprise over here in Blighty, because the Segway has resolutely not caught on, and certainly does not inspire the kind of passions expressed in readers' letters on the subject. Indeed, it's pretty certain that if you were caught in the open in the UK astride your mighty Segway, there would be only two possible outcomes: that semi-naked scaffolding operatives would shout "Oi, mate, the back wheel's dropped off your moped!"; or that a gang of teen ne'er-do-wells - fuelled by cider and industrial adhesives - would relieve you of said transportation and use it to ram-raid the nearest off-licence (liquor store). That being said, we understand that feelings are running a bit high over the pond regarding the Segway, and we have decided to tackle the matter as per the local custom: a definitive Vulture Central poll. All you have to do is select one of the ten options below which best describes the Segway. We have endeavoured to supply choices representing the widest possible spectrum of opinion. Enjoy: The Segway is a...  Glorified scooter.  Motorised zimmer frame.  Sports Utility Vibrator.  Electric polo pony.  Ruthless killing machine.  Fashion statement.  Political statement.  Mechanical representation of democracy.  Stars'n'Stripes on wheels.  Your poll sucks. I'm angry. Get me the key to the gun cupboard.
Lester Haines, 30 Jul 2004

Alcatel offloads telecoms fraud biz to India

Alcatel this week sold its telecoms fraud management business to Indian telecoms software firm Subex Systems for $3m cash. With the acquisition, Subex leapfrogs Hewlett-Packard to become the world's largest supplier fraud management software to telecomms carriers, at least in terms of number of customers and installations. The deal adds 25 new clients (including Tiscali Italy, Vodafone Ireland, Colt UK and Energis UK) to Subex's existing customer base of 39. Under the agreement, Alcatel will become a reseller of Subex Systems's fraud management and revenue assurance to telcos worldwide. Subex will be retaining an unspecified number of the 50 workers in Alcatel's fraud management group. These workers will be asked to decamp to London, where Subex plans to set up a new European sales and support office by September. It's unclear how many jobs will go to India as a result of the deal. Neither Alcatel nor Subex could be reached for immediate comment on this aspect of the agreement. Post acquisition, Subex will merge the functionalities of Alcatel's Fraud Management technology with that of our own, Ranger software and also take over the support of Alcatel FMG's global clientele. According to the US-based Communications Fraud Control Association's (CFCA) survey in 2003, annual worldwide telecom fraud losses are estimated to range from between $35-40bn. Other studies have revealed that telecom operators lose as much as 10 per cent of their potential revenue with fraud being one of the main culprits. Subex Ranger and RevMax technology is designed to help operators to identify and stem these losses. ® Related stories Alcatel ponders Chinese takeaway Filipino phone phreakers foiled Telecoms fraud costs $55 billion a year
John Leyden, 30 Jul 2004

NYT writer challenges Reg hack to hobby-horse race

LetterLetter Regular readers may recall Andrew Orlowski's reaction to a New York Times article concerning the wonderful news that someone out there liked Wi-Fi. The NYT ran a heartwarming story about a man who happily used Wi-Fi to access his email during his daily commute. No problem there, except that the man was tied rather more closely to the providers of the services he used than the writer let on. So began Andrew's dismantling of the article. The writer of that NYT piece had a few points he wanted to make, so we thought, why the hell not? Over to you, Glenn: You have to love Andrew Orlowski’s style. I do. In this brief piece commenting on my New York Times article about commuter Internet access - in which Wi-Fi isn’t the point, just a mechanism - he manages to climb on his hobbyhorse about for-fee Wi-Fi hotspots failing. Andrew, you and I can race hobbyhorses: I say Wi-Fi will spread and you say - wait, you agree! The commercial proposition for hotspots remains in my mind as perilous as it is in Orlowski’s; I’m more optimistic that bundling with cell voice and cell data plans will be the ultimate way in which pay-for-use Wi-Fi will persist. T-Mobile’s pricing, for instance, is pretty reasonable and I know a number of people who have T-Mobile voice, GPRS data, and Wi-Fi because it’s simple and ubiquitous - it’s the cheapest solution to a problem of connectivity. It’s possible, and many folks including me admit this, that for-fee Wi-Fi won’t actually be a long-term strategy if bundling doesn’t succeed. Wi-Fi could be available for free as a necessary amenity at coffeeshops and hotels. (I continue to believe, too, that airports and conference centers will charge for Wi-Fi even if no one uses it because that’s how those institutions think about amenities.) That’s a little beside the point, though, because my article was focusing on whether commuter Internet access was viable and feasible. All of the current experiments use Wi-Fi as a means to distribute access, but none of the experiments are charging for service. It’s not a question of "Will commuters pay?" yet, but rather "Are commuters even interested?" If they are, pricing will be figured out. Using Wi-Fi on a boat that you’re on for an hour or 90 minutes a day is an entirely different matter than a traveler who might need to use hundreds of different hotspots, and has the choice to pick free ones. Commuters aren’t road warriors: they’re captives to convenience and conveyence. (I like that phrase: perhaps I have a career in tabloids, too.) More seriously, Orlowski accuses me indirectly of drinking Intel’s blue soup, as it were, because I quote an Altamont Commuter Express (ACE) rider who works for Intel. Orlowski writes: The Times discloses that the name of this Wi-Fi user was provided by the trial operator, PointShot. It doesn’t mention that PointShot’s experiment is funded by Intel, who we learn in the article is also Dickson’s employer. Intel’s capital fund has helped to sponsor a number of Wi-Fi trials in North America and Canada. I had looked into this before quoting Terry Dickman - Andrew, check that typewriter, his name’s not Dickson - to ensure that he had no ties to ACE or PointShot. I had also made sure via ACE and PointShot that I knew who was funding what. University of Phoenix is paying for the service on ACE, not Intel. Further, PointShot’s rounds of private investment are publicly available through press releases, and Intel Capital is not an investor. Intel did fund a marketing study in Canada with PointShot on the VIA railway line to determine passenger attitudes about having Internet access en route. The VIA line is experimenting with this offering between Toronto and Montreal. The CEO and president of PointShot, Shawn Griffin, read Orlowski’s article as well and confirmed via email all of the statements made above. PointShot has no ongoing or financial relationship with Intel or Intel Capital beyond that one survey. Because commuter Internet access is so new and so sporadic, PointShot offered customers to talk with. I asked PointShot and the individuals I spoke with to confirm that they had no connection with ACE or PointShot and were not family or friends of people involved with either group. Mr. Dickman was a wonderful person to interview, because having Internet access on his train has given him back hours of his day. We disclosed this in the story to make sure that readers knew from whence we obtained this perfect user. He sounds perfect because he’s self selected: he liked the service so much that he contacted PointShot and then agreed to be interviewed. A spokesperson for ACE told me that they have 45 to 60 users on an average day out of about 1,500 weekday riders. Virtually all of these people are commuters. Another error is that Orlowski states Intel Capital has sponsored Wi-Fi trials. In fact, Intel Capital has invested in companies that produce wireless LAN switches, cellular/Wi-Fi technology, and run hotspot networks like STSN or provide back-end technology to hotspot networks. Intel itself put massive co-marketing dollars into promoting Centrino’s Wi-Fi service, which allowed hotspot networks to advertise like crazy in the last year. I am unaware of Intel Capital specifically funding experiments like PointShot’s ACE run, the ferry system, or even hotspot networks qua experiments (as opposed to commercial deployments that parallel existing networks). Glenn Fleishmann, Wi-Fi Networking News Buckle up kids, those hobby-horses are probably gonna be out racing for a while...®
Lucy Sherriff, 30 Jul 2004

IBM preps new Xeon kit, returns to iSCSI game

IBM next week will kick off Linux World with a hardware charge, announcing new servers and storage systems. On the server front, IBM's moves are fairly expected. The company will upgrade its existing Xeon processor-based server line with Intel's upcoming processor code-named Nocona. The Intel chip will debut at 3.6GHz and, of course, be the first part designed for dual-processor systems that supports Intel's, er AMD's, 64-bit extension technology. IBM is expected to pick up the new Xeon for its x205, x225, x235, x305. x335 and x345 servers, according to sources familiar with the company's plans. There is more detail on Intel's Monday Xeon launch available here. HP also plans to upgrade its ProLiant of Xeon servers on Monday. You can expect other servers makers, most notably Dell, to do the same. Sun Microsystems, however, will boycott the processor launch, keeping attention on its rival Opteron-based gear instead. On the storage front, IBM will announce a pair of entry-level boxes - the DS300 and DS400. The DS300 is of particular note, as it marks IBM's return to the iSCSI market. Way back in 2001, IBM led all major hardware vendors with the delivery of an iSCSI system - the 200i. This box, however, did not sell well, and IBM eventually pulled it from the market in 2003. Since then, IBM has teamed with Cisco to offer an iSCSI adapter - a product designed to bridge the gap between IP and Fibre Channel worlds. With the DS300, however, IBM is reentering the iSCSI game with a box of its own, our sources said. The DS400 is a less exciting but perhaps more practical Fibre Channel system. Expect more detail on all this on Monday, when IBM opens up and talks to the press. ® Related stories Sun targets HP-UX and Windows with software subs Intel: common Xeon, Itanic chipset by 2007 Microsoft touts AMD, snubs Intel with Yukon beta Intel's new Xeon undergoes reconstructive nomenclature Intel feels more 'complete' with release of 64-bit Xeon
Ashlee Vance, 30 Jul 2004
server room

Microsoft makes up for 64-bit delays with OS upgrade plan

In a bid to placate AMD, Intel and its own customers, Microsoft has voiced plans to let users upgrade from the current Windows Server 2003 to a 64-bit version of the operating system at no charge. Customers that purchase a new server running on either AMD's Opteron chip or Intel's new 64-bit Xeon processors are eligible for this deal, according to a report from CNET. Microsoft earlier this week irked world+dog by delaying a 64-bit version of its server operating system yet again, saying the software will not arrive until the first half of 2005. Many in the industry had once expected the OS to ship by the end of 2003. One could see AMD as the primary beneficiary of Microsoft's announcement. The company rushed to gets its x86-64-bit product out before rival Intel, hoping to gain a stronger position in the server market. Thus far, however, users have only been able to take advantage of the 64-bit extensions by running new versions of Linux. The 64-bit Windows delays certainly helped Intel, which just recently introduced 64-bit Xeons, catch up to its rival. Still, AMD does have a lead of sorts over Intel in the x86-64-bit market and now has a better way to tempt Windows users into trying out its gear. Microsoft has tied the 64-bit support to its release of the first service pack for Windows Server 2003, which is one of the main reasons for all these delays. Microsoft next week will also release a new beta of 64-bit Windows Server 2003 for both Opteron and Intel chips, according to the CNET report. The previous beta only supported Opteron. Microsoft's pay now, upgrade later plan is a nice boost for customers. Users can buy high-performing gear now, run their 32-bit code and then bulk up to 64-bit Windows on that fateful day when Microsoft finally gets its act together. This move should also temper months of stories about Microsoft's inability to help its partners along. Here you have AMD and Intel working their tails off to give customers a reason to buy new gear only to see the world's wealthiest tech firm make 64-bit computing seem like a joke. Now when analysts charge Microsoft with doing nothing on the x86-64-bit front, it can respond by saying, "We are doing something." And that's always nice. ® Releated stories IBM preps new Xeon kit, returns to iSCSI game 64-bit Windows delayed Sun targets HP-UX and Windows with software subs Microsoft touts AMD, snubs Intel with Yukon beta Sun's Opteron fleet finally goes on sale
Ashlee Vance, 30 Jul 2004

Cray pours Red Drizzle over anxious investors

Some vendors try to defuse a bad quarter by screaming at the press, demanding recognition for myriad customer wins and products shipped. This is not the model embraced by Cray. The supercomputer specialist appears to prefer a whimper over a scream. Earlier this week, Cray watched as investors took a hatchet and reduced its stock price to a barely crooked number - $2.90 per share. The shareholders were coming to terms with the paltry $9.5m in product revenue Cray posted in its second quarter. Cray specializes in making supercomputers for high-class, government customers. A series of product delays, however, coupled with a lack of demand from the business sector took their toll on the company during the period, resulting in an embarrassing $55m loss. With its pre-earnings quiet period lifted, Cray did its best to counter these results in the days that followed. For one, it announced that an unnamed customer had placed a $3.5m order for a system based on the "Red Storm" supercomputer being built for Sandia National Laboratories under a $93m Department of Energy contract. You might call this $3.5m mystery box "Red Drizzle." Secondly, Cray said that the Sandia machine, which will be under construction this year, will be upgraded with dual-core Opteron processors from AMD in 2005, effectively doubling the computer's performance. Both announcements were, of course, meant to convey the notion that all is going as planned at Cray. Its high profile customer is happy and looking forward to an upgrade. And smaller customers are buying into Cray's transition to the Opteron processor. Frankly, we're a bit unmoved by these proof points. Damage control this feeble raises serious concerns. At this point, Cray appears to be a slave to its government contracts. The Feds are dragging the company along to meet their high-performance computing needs, dangling life-sustaining grants. Business customers, however, are not stepping up to purchase the Feds' scraps. A more savvy company may well have just made some customer wins up, but it's too late for that now at Cray. The vendor is being watched closely by investors and suitors alike. And we doubt that Red Drizzle and an upgrade can save the day. ® Related stories Cray's Q2 revenue gigaflops Met Office bags shiny new supercomputer IBM overtakes HP in top of the teraflops Cray to buy AMD cluster maker Cray to set Strider and Black Widow loose on server world
Ashlee Vance, 30 Jul 2004