13th > August > 2004 Archive

419ers break into the oil business

It appears that decent 419 scam emails are like buses - you wait ages for one and then eight turn up at once. Only yesterday we were lamenting the recent lack of imaginative material from the Lads from Lagos, but not only are they now offering themselves into sexual servitude, they're also breaking into the oil business. Good timing, too, what with the current Iraq punch-up already pushing up the price of black gold: ATTENTION: THE PRESIDENT/CEO SALE OF 2 MILLION BARRELS OF BONNYLIGHT/QUA IBOE CRUDE OIL PER MONTH FOR 12 CALENDAR MONTHS Sir, We offer for sale, 2 million barrels of bonnylight/Qua-Iboe crude oil per month for 12 Calendar month. The price shall be calculated on the current platt/brent less US $4 net and US $6 gross to the buyer on CIF, while FOB shall be discounted on US$7 gross and US$5 net to the buyer. The mode of payment shall be by a non-operative, bank guarantee, standby letter of credit or a financial guarantee bond with a validity of sixty (60) days. This non-operative shall be operational with a 2% performance bond from us. Any interested buyer should endeavour to forward an LOI/ICPO as soon as possible, a FCO will be issued to the buyer on receipt of an intent. You can reach us on telephone No. 34-80-33226559 for more details. Yours, ENGR. EVIDENCE YOUNG Nicely done, and thanks very much to reader David Hough for forwarding this excellent business opportunity. Our advice: buy, buy, buy! ® Related stories 419er sells herself into sexual slavery 419 shirt in ghostly 'Abacha white' 419ers morph into Murder Incorporated Anatomy of a 419 scam Nigeria failing to tackle 419ers 419ers score football lottery winner 419ers open Chinese takeaway 419ers crack cold fusion 419er Struck By American Headline Disorder Cosmic 419er lost in space
Lester Haines, 13 Aug 2004

European sofas brace for HDTV

Momentum for HDTV is now building. Broadcasters have announced definite deployment plans and the consumer electronics industry is a-buzz over this new market. Some observers said that HDTV would never come to the European market, but this year it has arrived and James Healey, Datamonitor's senior media and broadcasting technologies analyst, says that it is here to stay... New Datamonitor research forecasts that there will be 4.6 million high-definition TV (HDTV) households in Europe by 2008, up from 50,000 at the end of 2003. Germany, the UK and France will lead the European rollout. In the beginning high prices will hinder sales but those who do buy will be in the top-tier of the ABC1 advertising super-group, with large disposable incomes. HDTV - the cinema show at home The most accurate comparison to HDTV is the introduction of the simple color TV in the 1950s in America. The similarities are striking: the picture quality was noticeably superior to the old generation of black and white TVs, there was little color content initially and the prices were sky high. The first TV, produced by RCA, cost $1,000. It is estimated only 1,000 were sold in the first year (1956). Even by 1964, penetration had climbed to only 3 per cent. Color TVs cost $500-1,200, while black and white versions retailed for $150-300. Today, it's HDTV. Already being broadcast in the US, Australia, Japan, Canada and South Korea, European consumers will be able to benefit from improved picture clarity and surround sound like at the movies (referred to as 5.1 in technical terms). HDTV introduces new terms: 720p and 1080i. Televisions in Europe today display 576 lines, but HD video increases this line count (thus the improved picture quality) to either 720 or 1080 (depending which standard is selected by the broadcaster). Sky in the UK and M6, TPS and TF1 in France have all recently announced plans to offer HD content to viewers - TPS should launch services in 2005 and Sky in 2006. In fact, the French terrestrial channels had asked the French government to permit HDTV on the digital terrestrial television network that will launch next year - although that request has been rejected. The BBC has plans to produce all of its content in HD by 2010. Datamonitor expects Germany, the UK and France to lead the adoption of HDTV, with Italy a distant fourth. Although HDTV is currently still a nascent market, 20 years from now all of Europe will broadcast television only in HD. Consumers will find adoption confusing To watch/record HD content, consumers will have to upgrade their home entertainment systems (a new television, set-top box, VCR, PVR/DVD recorder etc). Despite the best-laid plans of manufacturers and broadcasters, and (undoubtedly) a massive marketing campaign, many consumers will be confused by the competing technologies. The only certain result is that there will be headline stories of consumers unintentionally buying expensive televisions that are not truly HD-ready. It happens in the US and it will happen in Europe. Educating the consumer is critical to ensuring the technology upgrade occurs as smoothly as possible. Although televisions remain high priced, and few operators are ready for HD broadcasts, momentum for the introduction of HDTV in Europe is unstoppable. Consumer electronics manufacturers are already selling HDTVs - Sony even has large displays in 180 retail stores across Europe promoting the superior picture quality - and broadcasters are beginning to record content in HD. While take-up rates will remain low until the end of this decade due to the high cost for both the consumer and the broadcaster, HDTV is here today and it is here to stay. Source: ComputerWire/Datamonitor Related research: Datamonitor, "MarketWatch: Technology Annual Subscription" Related stories US and Europe embrace the digital home VIA aims latest P4 chipsets at HDTV generation Europe's first HDTV satellite channel
Datamonitor, 13 Aug 2004

US Emergency Alert System open to hack attack

The US Emergency Alert System (EAS) that lets officials instantly interrupt radio and TV broadcasts to provide emergency information in a crisis suffers from security holes that leave it vulnerable to denial of service attacks, and could even permit hackers to issue their own false regional alerts, federal regulators acknowledged Thursday. "Security and encryption were not the primary design criteria when EAS was developed and initially implemented," the Federal Communications Commission (FCC) wrote in a public notice launching a review of the system. "Now, however, emergency managers are becoming more aware of potential vulnerabilities within the system. For example, the complete EAS protocol is a matter of public record and potentially subject to malicious activations or interference." The EAS was launched in 1997 to replace the cold-war era Emergency Broadcast System known best for making the phrase "this is only a test" a cultural touchstone. Like that earlier system, the EAS is designed to allow the President to interrupt television and radio programming and speak directly to the American people in the event of an impending nuclear war, or a similarly extreme national emergency. The system has never been activated for that purpose, but state and local officials have found it a valuable channel for warning the public of regional emergencies, including the "Amber Alerts" credited with the recovery of 150 abducted children. Despite its regional successes, the EAS is increasingly under fire by critics who charge that its national mission is obsolete in an era of instant 24-hour news coverage, and who deride its quaint reliance on analog radio and broadcast and cable television. On Thursday, the FCC responded by opening a formal review of the EAS, beginning a public comment period on how the network might be improved. One of the issues the FCC is probing is the security of the system. As first reported by SecurityFocus nearly two years ago, the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves. That places radio and television broadcasters and cable TV companies at risk of being fooled by spoofers with a little technical know-how and some off-the-shelf electronic components. Under FCC regulations, unattended stations must automatically interrupt their broadcasts to forward alerts, making it possible for even blatantly false information to be forwarded without first passing human inspection. The FCC's review follows a detailed report on the EAS produced by the non-profit Partnership for Public Warning (PPW) in February, which noted that "EAS security is now very much an issue." "Since attacks involving chemical or biological weapons are likely to require use of the EAS system to provide official alert information to the public, it is possible that an attacker could decide to cripple the EAS or use it to spread damaging disinformation," reads the PPW report. With Thursday's Notice of Proposed Rulemaking, the FCC acknowledged the vulnerabilities "could be exploited during times of heightened public anxiety and uncertainty" to distribute false information to the public, or that alternatively the "EAS signal could be subject to jamming." Among the questions the FCC is pondering: how best to protect broadcasters from legal liability if they inadvertently rebroadcast a false EAS message; who should be responsible for system security; how can the authenticity of EAS messages be verified; and "what security standards, if any, should be implemented?" "The Commission must now buckle down and do what it is we are asking state and local officials to do - assess vulnerabilities, create a plan for better service, and review and update that plan as communications technologies evolve," said commissioner Jonathan Adelstein in a statement. There are no reported cases of the EAS vulnerabilities being exploited, and the PPW report concludes that the potential consequences of spoofing attacks are limited. "Research into the behavior of warning recipients suggests that a single false alarm, without corroboration from other credible sources, generally elicits only limited reaction from the public." Copyright © 2004, Related stories Los Alamos and the missing discs that never were Al-Qaeda computer geek nearly overthrew US FBI publishes computer crime and security stats
Kevin Poulsen, 13 Aug 2004

Cardholders clueless on chip and pin

Retailers will be bracing themselves for what could be a chaotic festive season following the news that more than half of British cardholders know little or nothing about the new chip and pin card system. Up to 120 million new chip and pin cards will be winging there way to Christmas shoppers in time for the 1 January 2005 deadline, when retailers will be required to introduce the new system. The new cards are designed to combat fraud by replacing magnetic strips with information stored on a microchip which customers must verify by keying in a four digit pin number. IT consultant and fraud specialists, Detica, who commissioned the research said that it had come across incidents where retailers had refused to serve customers failing to remember their pin or even refusing to use it in the first place. According to David Porter, Head of Fraud & Security at Detica, a lot needs to be done between now and December. He said: "Retailers need to act quickly to help their customers. Nearly three-quarters of the public are confident chip and pin will reduce theft and fraud once it’s explained to them, but retailers can’t afford to begin educating everyone individually at the busiest time of the shopping year. They need to begin a prominent education system in stores now. With 117 shopping days to Christmas, the clock is ticking." With the number of pin numbers to remember set to increase, analysts are also worried that cardholders may change all their pins to one number or share their pins, a danger that could adversely increase the likelihood of fraud. At present among those who have more than one pin or security code to remember, almost half pin-share for two or more things requiring a code. With one in three people affected by card fraud and a cost to the UK of £425m in 2002, Detica are still confident that the new system will significantly reduce card crime. However there are those who remain cautious about the immediate impact of chip and pin. A chip and pin spokeswoman said of Detica’s findings: "This contradicts all the research we have done. Transaction times are reduced with chip and pin, not necessarily in the first instance, but beyond that it is faster to use a pin than a signature." Copyright © 2004, Related stories Chip and PIN gathers pace UK terminally unready for Chip and PIN Visa trials RF credit cards
Startups.co.uk, 13 Aug 2004

AMD sells first 90nm CPUs - analyst

AMD has begun revenue shipments of its 90nm processors and will begin larger scale output next month, a Goldman Sachs analyst has claimed. That's within the broad schedule the chipmaker has discussed in public: revenue shipments by the end of Q3, with wide availability sometime during H2 2004. AMD has already said that it has reached its first 90nm production milestone - chips fabbed using the process began to come off the company's Dresden production lines last quarter - but actually making chips that can be sold for hard cash rather than offered to potential customers as samples is the second milestone. The next one is volume output. "AMD appears to be executing well on its AMD64 roadmap," wrote Goldman Sachs analyst Andrew Root to investors this week, according to an Investors Hub posting. "Revenue shipments of AMD64 notebooks on 90nm started this week, well within the planned schedule for shipments prior to the end of Q3. Desktop AMD64 shipments on 90nm will commence a month later, followed by servers." Root also claims that "AMD is one of the few companies on 90nm that does not seem to have had significant delays or defect issue". That remains to be seen. Certainly the chipmaker has allowed itself more time to explore the current leakage problems that plagued Intel's early 90nm offerings, while IBM continues to struggle with the 90nm yield issues that are causing Apple so much grief. Like IBM, AMD is using silicon-on-insulator (SOI) techniques but at least isn't running the risk of biting off more than it can chew by attempting to incorporate strained silicon materials too. By sticking to techniques it knows well, AMD is better placed perhaps to make a successful run at getting 90nm right first time, since SOI almost certainly will help keep leakage down. But moving from 130nm to 90nm is no easy task, and it's too early to say there are no "defect issues". And it wills still have a yield ramp-up to cope with, as all chipmakers do with new product and a new process. AMD's latest public roadmap continues to call for the delivery of 90nm Opterons - aka 'Venus', 'Troy' and 'Athens' - the 'Winchester' desktop Athlon 64 and its low-voltage mobile equivalent, 'Oakville'. ® Related stories AMD to overtake Intel in 2017... AMD Opteron noses into Euro x86 server sales Does Sempron herald end of Athlon XP? AMD ships Sempron AMD to offer strained silicon chips Intel dual-core desktop chip 'to ship mid-2005' History repeated as Apple slams CPU supplier IBM eFuse to yield self-repairing, self-regulating CPUs IBM fabs 90nm G5 using strained silicon
Tony Smith, 13 Aug 2004

Corporates can delay XP SP2 auto-update

Microsoft is to allow organisations to defer the adoption of Windows XP SP2 ahead of its widespread availability though Automatic Update and Windows Update starting next Monday (16 August). The approach allows corporates to delay the installation of XP SP2 while still allowing them to obtain other security updates automatically from Microsoft. The move - which lets companies carry out extra testing and validation work - follows the decision of key MS OEM IBM to hold off on deployment of XP SP2. Companies following the same policy have one of several options: use a downloadable executable to change registry settings on PCs; apply Group Policy template to Active Directory or use a sample email text that includes a URL link that users can "click on to disable delivery of Windows XP SP2". This latter option gives us the fear since it’s easy to see how it could be mimicked by virus writers in order to direct users towards maliciously constructed websites. Microsoft's recommended option is for companies to use corporate update management applications such as its own Systems Management Server (SMS) 2003 or Software Update Services (SUS) to control the deployment of patches. In this scenario, patches are downloaded onto local servers and their application managed by local administrators. However companies achieve it the mechanism to temporarily disable delivery of Windows XP SP2 will only be available for a period of 120 days from 16 August. By mid-December, Windows XP SP2 will be delivered to all Windows XP and Windows XP Service Pack 1 systems. Users still reluctant to deploy XP SP2 after then will have to stop using automatic updates. The release, which made its debut as a beta back in March, bundles major security revisions and a new Windows update procedure. Principal additions with Windows XP SP2 include: Windows Security Centre; automatically turning on Windows Firewall; and browsing enhancements to Internet Explorer (providing far more control of ActiveX controls, for example). Less mentioned so far, but arguably more important, is revamped memory protection to prevent buffer overruns, the perennial source of so many security problems. ® External link Temporarily disabling delivery of Windows XP Service Pack 2 through Windows Update and Automatic Updates Related stories WinXP SP2: stop moaning and get downloading Microsoft drops WinXP SP2 surprise onto Beta site How to order WinXP SP2 now Intel 'Nocona' Xeon to get 'no execute' support Intel to add NX security to Pentium 4 in Q4 Should XP pirates get SP2? Good for you, good for Microsoft - here comes WinXP SP2 MS bigs up Windows XP SP2
John Leyden, 13 Aug 2004

BBC Tech staff reject Siemens sell-off - again

Tech staff at the Beeb have voted overwhelmingly to reject plans to sell off BBC Technology to Siemens. In the latest ballot more than 92 per cent of union staff said they want the sale of the broadcaster's technology division to be scrapped. Workers also rejected the latest revised offer on the table by 53.2 per cent. Despite the result of the ballot, the planned industrial action due to take place today and tomorrow has been canned following the prospect of legal action. The BBC had threatened to take the union to court if it went ahead with industrial action, which would have coincided with the opening of the Olympic Games in Athens. The union's own lawyers had described the BBC's legal threat as "serious". BECTU, the union representing the Beeb's tech workers, is still in negotiatons with Siemens over employment rights and believes there are a number of issues where Siemens' offer "falls short of the existing BBC terms and conditions". Said the union in a statement: "BECTU is due to hear from Siemens in the next seven days, and depending on their response, the union will be considering what course of action to adopt, which could include a further industrial action ballot. The overwhelming 92.9 per cent rejection of the sale of BBCT is in line with the union's recommendation to its members." Related stories Legal threat halts second proposed BBC Tech strike BBC Technology strike off BBC Tech staff to vote again for strike action BBC Tech strike over outsourcing BBC outsource deal includes staff black list BBC shortlists tech division buyers BBC to flog technology division
Tim Richardson, 13 Aug 2004

How to make hard cash from old IT

Small businesses do not need to worry about the cost of complying with new EU rules for disposal of old hardware after all. According to one recovery firm, companies may actually end up making a profit from the WEEE Directive. The WEEE directive (WEEE stands for Waste Electrical and Electronic Equipment) makes manufacturers responsible for recycling electrical equipment at the end of its useful life. However, research from printer manufacturer Brother suggest most companies expect to shoulder some of the cost. Maxitech.biz, a not-for-profit recycling company, says its experience suggests otherwise. In a pilot programme last year, the company found that most businesses can recover five per cent of the initial spend on IT equipment by recycling properly. Some can even do better: one company in three can actually get back more than they invested in the recycling in the first place, funnelling some cash back into the IT budget. "While companies are beginning to increase their IT spending there is a common, but unfounded, fear that the WEEE Directive is going to eat into these budgets through administrative burdens and increased business costs of disposal of the old equipment," said Peter Paduh, MD of Maxitech. Awareness will be key to avoiding an increase in overheads, however. "We urge businesses to put the issue on their agenda now to ensure compliant, financially beneficial disposal schemes are in place and avoid the potential high costs" Paduh concludes. ® Related stories Brace your IT budget for green impact Dell and HP have a green moment Toxic PCs destroy life as we know it PC disposal: recycle or build for durability?
Lucy Sherriff, 13 Aug 2004

419ers make guest appearance in Doom 3

UpdatedUpdated Nigerian 419ers certainly like to travel. Since kicking off their careers as international scamsters back in the old mother country, they've popped up in Liberia, Ivory Coast, Dubai, Zimbabwe, Iraq, China and even a low-earth orbit. What they have not, however, managed is to journey into the future - or so we thought. In what is a very timely email - given that Doom 3 officially stormed the UK's shores today - reader David Pleavin explains how the Lads from Lagos get a heads-up from the chaps behind the game: 419 scam alive and well in 2145 :) The guys at id software have included a spam 419 e-mail from Nigeria in Doom3. Brilliant take-off, and can be found if you kill a poor scientist at the beginning of Alpha Labs Sector 4, nick his PDA and go through his inbox. Could be the best way ever of alerting the gaming public about the lads from Lagos. Regards David Remarkable. Of course, we can't immediately confirm that this is so, although we have no reason to doubt our correspondent. Readers will doubtless set us straight one way or the other. Happy gaming, and watch out for those unsolicited emails - they bite. ® Update Our faith in David was well-founded, it seems. Thanks to all those readers who have emailed to confirm that said PDA contains a letter from one "DR. John Okonkwo" outlining a tempting get-rich-quick scheme. Cheers too to those gamers who note that another PDA has a piece of "pharmaceutical" spam on it. Expect stiff opposition when you eventually come across it. Related stories 419 shirt in ghostly 'Abacha white' 419er sells herself into sexual slavery 419ers morph into Murder Incorporated Anatomy of a 419 scam Nigeria failing to tackle 419ers 419ers score football lottery winner 419ers open Chinese takeaway 419ers crack cold fusion 419er Struck By American Headline Disorder Cosmic 419er lost in space
Lester Haines, 13 Aug 2004

Hush ATX silent PC

ReviewReview Hush ATX
Trusted Reviews, 13 Aug 2004
Click here for the full BOFH range

BOFH: How dangerous are your users?

BOFH UserometerBOFH Userometer - an online sysadmins resource Sure, your users may look about as likely to rebel as the pack of mindless sheep that they are - but can they be trusted? Are your users reading forbidden literature? Are they trying to climb the technical greasy pole behind your back? How will you know? Can the cattle prod be trusted to solicit the truth? It's time to put it to the test! Put yourself in your users' place and answer these simple questions to see if things are going according to plan at YOUR workplace. 1. A MAC Address is: A. A place you get Quarter Pounders B. A street address in Scotland C. Something Technical D. A Hardware Address in Networking E. Something technical a system administrator changes to cause the Boss's machine to lose network connection 2. You ring your Systems and Network people because the server has just gone down and you want to know when it will be up again. You expect them to tell you: A. A number of minutes B. A number of days C. To sod off D. The incriminating evidence they found in your email folder E. The incriminating evidence they just placed in your email folder 3. The low-power components in your laptop are optimised to run at what voltage? A. DC B. AC C. Whatever the adapter says D. Just under 3 volts E. 240 volts AC, and not a volt less! 4. You bring a box of 9 track tapes of your life's work to the operators to read in so that you can download them to your PC. The operator tells you it should be there in an hour. This means: A. It will be loaded into your home share in an hour B. It will be loaded into your home share today sometime C. It will be loaded into your home share this week sometime D. It will be loaded into your home share when hell freezes over E. The Operator's bin has recently become full 5. You smell smoke in the building. You know immediately that: A. You should sound the alarm B. You should make your way quickly to the exit, notifying staff as you go C. You should turn your machine off in case the sprinklers activate D. The System Administrator is interviewing consultants again E. The operator's bin doesn't need emptying any more 6. The faultiest piece of crap in the building is: A. Sitting in the bin outside the head of IT's office B. Sitting on the floor outside the head of IT's office C. Sitting on the floor inside the head of IT's office D. Sitting on the desk inside the head of IT's office E. Sitting on the chair behind the Head of IT's desk, talking on the phone. 7. The best place to backup your files is: A. To your Home Share, just like the System Admin said B. To the TEMP directory, just like the System Admin said C. To ZIP disk D. (c) to Several Zip disks, and possibly CD-ROM E. To the Recycle bin, to save the System Admin the trouble 8. The danger of leaving your machine switched on is: A. It could catch fire B. It could become a security risk C. The disk could crash D. It wastes lots of power E. The processor might burn the System Administrators hand when he replaces it with a ... faster one ... late at night. 9. The security and integrity of your email is protected by: A. Your password B. Company Policy C. PGP Encryption D. Microsoft's pursuit of excellence. Waaaaaa ha ha ha! E. Two pints for the System Administrator every Friday night 10. A System Administrator slaps a piece of paper down in front of you with lots of large technical words on it... which don't mean anything to you. He also indicates a line, with a large X beside it. You: A. Sign on the line B. Sign on the line C. Sign on the line D. Sign on the line E. Refuse to sign on the line then check on your life Insurance Payments.  
Simon Travaglia, 13 Aug 2004

Clockwork radio pioneer to float company

The man behind the clockwork radio - Trevor Baylis - is to float his incubator company in a bid to generate more cash to help fund the work of aspiring inventors. Trevor Baylis Brands was set up in September 2003 to help inventors get their ideas to market. During that time Baylis Brands has scrutinised more than 200 ideas and made commercial agreements with over 60 inventors. Said Mr Baylis on his website: "Our novel approach of finding the right route-to-market for inventors' ideas so that they can realise the value of their intellectual property is proving very popular. The response we've had has been tremendous and convinced us that we need to expand our services. We've decided to raise the funds by making a public offering for shares in Baylis Brands." Financial sevices outfit, Capital Index Group has been hired to handle the offer, which could be sorted in the next month or so. Speaking to the FT today, Mr Baylis said: "If you can solve a problem you are on your way to being an inventor. Your idea might be unique but you probably think it's been done before. Then a few months later you see it in a shop, you slap your forehead and you think 'I thought of that!'" ® Related stories X-prize race hots up Flying car more economical than SUV Ctrl-Alt-Del inventor makes final reboot
Tim Richardson, 13 Aug 2004

Credit card crime squad celebrates success

A UK police squad dedicated to fighting out credit card fraud has recovered 36,000 cards and card details in its first two years of operation. The Dedicated Cheque and Plastic Crime Unit (DCPCU) estimates it work has prevented £65m in fraudulent losses during its two year pilot. The DCPCU was set up to in April 2002 to target the organised gangs who are responsible for the lion's share of the UK's card fraud losses, amounting to £402m in 2003. It has successfully prosecuted all kinds of card fraudsters but has particularly focused on the scams carried out by counterfeiting gangs who often run sophisticated factory-style operations. The squad's successes have also helped combat other more serious criminal activity such as the trade in drugs, illegal immigrants and counterfeit goods, which are often funded by card fraud profits. In the two years up to April 2004, the unit made 171 arrests resulting in 52 convictions over the period. DCPCU is made up of officers seconded from the City of London and Metropolitan Police forces, backed by banking intelligence and administrative support from the financial services industry. The squad is staffed by serving police officers jointly funded by the banking industry and the Home Office - a highly unusual arrangement. A report on DCPCU's activities was published yesterday along with news that it had secured an additional £3m in funding from UK banks that will allow it to continue its operations. Detective Chief Inspector Tony Thomas, from the City of London Police, who heads up the Unit, said: "This gratifying news is well-deserved considering the enormous successes of the past two years. Already we are building on that success; as almost every week since the end of the pilot we have had a number of successful raids and arrests. "With more staff joining us in the near future I have no doubt that our track record of beating these criminals will not only be maintained but will be significantly improved. We are also keen to share what we have learnt with other forces so that they can enjoy the same results," he added. ® Related stories UK credit card fraud down 8% Chip and PIN hits 8 million cards Shoppers warned of £110m card not present fraud Stiff sentences for biggest UK credit card fraudsters Open and helpful community of credit card thieves
John Leyden, 13 Aug 2004

Reg readers warm to BSA antipiracy weasel

LettersLetters It being Friday, we thought Letters could do with a lighthearted tone, for a change. And what, dear readers, could be more lighthearted than a story involving children and animals? And software piracy. Oh, wait, that spoiled it... Yes, we are talking about the competition the Business Software Alliance has launched in the US to get school kids to name its anti-piracy weasel. Or ferret. Or something. One has to wonder what bright little lamp came up with a ferret of all animals as a mascot for a company against copyright theft. Any ferret owner knows all too well that these little critters are very good thieves. Perhaps we can suggest to them that a sea lion would be a better mascot? Big, ugly, smelly and pushy fits the BSA far better than a small, cuddly sneakthief that craps in corners. Nathan re: Name that antipiracy weasel, BSA asks kids I may be a little old for the BSA's voting pool, but I have a few names I would like to nominate: Rip-off Rat Money-hungry mink Haul your downloading ass to court Hob (Male ferrets are called Hobs, females are called Jills) Subpoena Skunk or my favorite, F*ck the artists Ferret BTW, did you know a grouping of ferrets is called a business and the name ferret is derived from the latin word for thief? That can't be a coincidence. Cheers, Johnny Mac I suggest Popgoes (the weasel) although I considered the obvious "Ashcroft" or "Hatch". as the mascot for this latest brown shirted kinderbrigade. Charles Is the comic in question being written by Jack Chick ( http://www.chick.com/catalog/tractlist.asp )? Certainly sounds insane enough to be his work! I'm sure there's some convergence possible here too - the Lord can't possibly approve of rampant copyright abuse, can he? Then again, maybe it'd be balanced by his hatred for the Satanists at the BSA, the RIAA and so on.. Matt Rather than The Wind in the Willows, what the pigopolists will probably do is a dodgy rewrite of The Animals of Farthing Wood. It doesn't really take much rewriting: Series 1 involved Farthing Wood being destroyed by humans, and the animals decided to work together to get to the paradise of White Deer Park. They had to face all the dangers of humanity - poison, fire, guns - and some were killed in the process but they made it in the end. Series 2 was all about surviving the winter in White Deer Park, trying to stay true to the "Farthing Wood" ideals in amongst other animals who didn't know/care about their ways. So, let's see - replace "Farthing Wood" with "Billion Dollar Wood", "White Deer Park" with "Pigopolist Paradise (by the Hypokra Sea)" and Bob's your uncle. Richard "The comic book and companion teacher’s guide will be mailed across the US to fourth grade teachers who subscribe to Weekly Reader and will be available for free download at the Play It Cyber Safe website." I hope it's ok to distribute it as PDF files in P2P networks, it surely would be much cheaper and would reach l0tZ4 k1dZ. I'm curious about what alternative dialogs and enhanced artwork will be in those files. Regards, ajax Well, I found a ferret names web page here No Fink/Rat/Nark, but there is, "Snitch." Could we have a Reg Poll/Contest, please? Mike Not a bad idea... We'll have a word with the mighty tech gods and see what we can do. Just a little nod to the slug-like Vogons, and their namesakes' valiant efforts in relieving Dame Shirley of all that nasty extra money she had lying around: Vogon investigators took complete images of the hard disks contained in various computers, which were then processed, and forensic recovery techniques were used to analyse deleted files. This provided important evidence for Westminster. One wonders if samples of Vogon poetry were added surreptitiously, to numb the higher faculties of the Westminster investigators. Morely It is frighteningly likely... Ahhh, there was no way we'd get through a whole email bag without a complaint. This week's sole gripe is in response to a story on the challenges faced by businesses trying to comply with corporate governance regulations: What a load of fetid dingos kidneys. Did you swallow a M$ sales executive, they are easily mistaken for a M$ engineer (hint, the engineers are etiher Frick or Frack)? What businesses need is not more equipment or software to handle more data, which is what M$ is suggesting. What they need are human systems for managing the relevant data so that it becomes information. There's nothing in M$'s portfolio of malware that will help them do that. If anything, M$ will only serve to swamp businesses with more data. Putting a database file system in Foghorn is not going to solve the problem either as any user of Google can tell you. Separating the relevant information from the gobs of data is not a machine task, it is a human task. The social structure of your organization is what will help turn mere data into information. Once information becomes internalized by humans, it might even become knowledge. M$ cannot help you with any of this. Now go get your stomach pumped and don't swallow any M$ sales people again. Gerry We especially like Fetid Dingoes' Kidneys. Vultures, remember? Our explanation of Sharp's 3D LCD technology got a couple of interesting responses: Great review of stereopsis (3-D vision using two eyes), but missing one ingredient. It turns out we get even more visual cues from motion: not only how things move by themselves in the world, but how the image changes slightly when we move ourselves. For example: close one eye and it's hard to tell depth, but move your head side-to-side, and suddenly depth pops out again. Unfortunately, there has been no way for steropsis tricks (like the Sharp LCD or the polarizing glasses) to recreate this essential aspect of 3-D vision, which is one of the reasons the steropsis illusion is incomplete.... things look kind of realistic until you move a bit--then you expect a slight change of image, which doesn't come, and some of the realism goes away, and a bit of nausea shows up instead. I'm guessing that in a few years some company is going to build a head-tracker into such a laptop, and let software synthesize new images on the fly according to where the viewer's head actually is, so each eye always sees exactly what it ought to see... not only avoiding the "sweet spot" problem, but creating a much more persuasive illusion. Now THAT will be fun to watch. Bill Softky Redwood Neuroscience Institute Lucy, Another aspect of 3D stereoscopic vision that you did not mention in your article refers to the use of 3D "Shutter" glasses. Currently, video boards with the nVidia chipset (All the way back to the TNT series chips, through the brand spanking new GeForce 6800 Ultra, have been able to support this) have manufacturer-provided drivers for this. Most people commonly refer to it as "Page flipping". The technology relies on the fact that newer video cards have two frame buffers - the front and back buffer. While the board is displaying an image from one buffer, the card's GPU is busy rendering the next frame in the other one. How the page flipping works is, the card renders two separate frames - one oriented for the right eye, and one oriented from the left eye. When the driver is activated, the GPU is rendering both frames simultaneously - One in each buffer. The glasses slightly resemble an ordinary pair of sunglasses, except for the fact that each "lens" is really an LCD panel - when energized, it completely blacks out, thus blocking that eye from seeing the screen image. The glasses are synchronized with the video card by means of a cable that attaches to a video card dongle (Some glasses are wireless - they use an infrared transmitter attached to said dongle), that triggers on the VSync signal. As the video card displays one image, the opposing eye is blocked by the shutter. Then the card "Page flips" from one buffer to the other, displaying the image for the other eye, and at the exact same moment the glasses switch which eye is covered, thus fooling the brain into perceiving 3D depth. The biggest drawback to this is that it only works on CRT monitors (In order to effectively display the 3D stereoscopic images without serious eye-strain, the video card needs to run at least 100Hz refresh rate, preferably 120Hz or higher). LCD displays typically only refresh at 60hz. I have been a long-time user of the 3D stereoscopic vision on my nVidia boards, and to be quite honest, that feature has kept me a loyal nVidia customer - even if the ATI cards do perform better in the benchmarks. I'm glad they're finally moving the technology forward to LCD displays - Lately it seems that CRT's are becoming more and more obsolete, and the 3D stereoscopic vision is the main reason I still use a CRT at home. (And, if this letter is posted in the "Letters" section, I'm sure at least one person will want to know: Doom 3 looks --phenomenal-- with the 3D Stereoscopic drivers activated...) Thanks for listening to me ramble, and sorry for the lengthy techno-babble message. Cheers! Eric Rambling technobabble is exactly what we want here in letters, so keep 'em coming. Enjoy the weekend. ®
Lucy Sherriff, 13 Aug 2004

Digital print booths: more reader snapshots

LettersLetters Thanks to all those readers who have kept stoking the fire of the digital print booth debate. We kick off this round-up of new input with Scott Holland, who's got some first-hand experience of the Kodak flavour of kiosk: I have been a photo lab technician in the US for five years. Working with these machines the whole time. I missed your original article on the subject, but after some catch up reading, I believe what you're discussing is what we in the states call a Kodak Picture Maker. The thing is pretty straight forward. It's a Windows 2000 PC with a multi-card reader, a scanner, and a touch screen. The models we have here use two types of printers, one is roll fed for making traditional 4 x 6 pics, the other is sheet-fed for making larger prints (8 x10's, 5 x 7's, and various packages). All of the printers are thermal dye-sub units. So, when compared to your average inkjet, the quality is pretty good. The prints are also water proof, smudge proof, and are printed on heavy bond photo-quality paper. The reason the price is relatively high compared to other options is two-fold. First, the supplies for these things aren't cheap. For example, the ribbon and paper come in a pre-packaged kit, 150 sheets of 8.5 x 11 paper and 1 ribbon. These kits cost us $210 each. I work for a large retailer who, no doubt, gets quantity discounts. So, for a smaller shop, the price is likely higher. That comes to $1.40 per print for the 8" sheets. We sell them for just under $5. While some may think this is price gouging, it's not all profit. The second reason is, as you noted, the things are self-serve and work on the honor system. You make your prints, and we trust you to bring them to us for pricing. While there is some theft, there is also a lot of waste. The primary source of wasted paper is people who don't bother to read the copyright notice (you MUST press an "I have read and understand the notice" button before you can do anything with the machine), and then proceed to print five 8 x 10's of junior's school picture. Of course, since such professional pics are copyrighted, we can't sell the copies to you without written consent from the photographer. This simple fact confuses, and quite often pisses off, many people. They walk off in a huff, and we're stuck eating $7 worth of wasted prints. As for the things keeping a log of the prints they make, they do. Ours store the last 10 print jobs. The reason for this should be fairly clear. A customer sets up his print, but isn't sure how it'll turn out. So, he makes only one. If it comes out ok, he only has to go to the "Previous Pictures" screen and tell the machine he wants 5 more. He doesn't have to go through all of his editing steps again. This particular feature is turned off on our units. Though this wasn't always the case. From what I understand, at one point, some genius brought in some unsavory pictures of his lady. These were of course left in the previous jobs queue. Then some innocent little tyke comes by, starts pressing all of the pretty buttons, and manages to print a copy for himself. Which he dutifully takes to mommy, who is none too pleased with his discovery. Shortly after that the order came down to turn the option off. The machine still stores the pictures, but you need a password to get to the option and print anything. As a caveat to your readers, the "Automatically Enhance Your Photo" option is entirely automated. It is designed to restore color to faded prints, like those that have been bleached by sunlight or exposure to acid in photo album pages. It will NOT bring a blurry picture into focus, or compensate for an underexposed original. It won't turn crap into a Van Gogh. Applying it to an otherwise ok picture will, in many cases, make the picture look worse. Rather than smooth transitions, color may become blotchy. And it will "enhance" such features as rosy cheeks. Making someone with such a complexion look like they stuck their face in a tanning bed for a few hours. The red-eye reduction does just that. It helps eliminate RED eye. Not white, not green, or any other color that may be reflecting off of someone's retinas. I have seen red eyes that apparently weren't red enough in the software's opinion. Also, the way your picture looks on the screen is EXACTLY how it will appear when it prints. If your uncle's head is cut out of the picture on the screen, it won't magically reappear when you hit the Print button. The machine maintains the proportions of the print size you want to make. So, trying to make a 8 x 10 (raito of 1.25:1) from a 4 x 6 (ratio of 1.50:1) means that something is going to get cut off, no matter what. If you attempt to print a low resolution picture at an unreasonable size, say making an 8 x 10 from a 300x200 original, the machine will warn you that the results may not be what you expect. Though this warning is an option that can be turned on or off by the store. Well, I see this has turned into quite the little rant. I apoloigize for the length, but hope you or your readers may find some of this useful. Cheers. We're sure they will. Next up, Dave Bell, who addresses the colour cast issue, as previously commented on by one or two readers: I've not noticed a colour problem myself. I may make up a couple of test images...Colour casts can happen with photographic printing. For an in-store minilab, there's somebody seeing the prints with some experience. If something's wrong with these machines, you may be the first human to notice. The big problem I've had is with the edge of the image not getting onto the paper. A couple of times I've had a closely-framed shot which lost too much, but at least you can see this on the preview. It isn't hard to do a version of the picture which will avoid that problem. Do a cut-and-paste into a larger blank image, and then zoom in at the booth. I have no firm evidence but I suspect it's restricted to old-style 8.3 filenames. Remember that the two print sizes offered are different aspect ratios. 6"x4" is 1:1.5 (same as the 36mm x 24mm of 35mm film) while the larger 8"x 6" is 1:1.33 (matching a computer monitor or standard TV). There are some other options for multiple prints. I'd agree that they're a bit expensive, but consider what your inkjet may cost to run. And I've met people with a digital camera, but no computer... A good point. Regarding the file extension issue here's what can happen when your computer is running a "minority OS", as is Tony Haines': The first time I tried to print pictures from CD (at Jessops, not Boots) I found that the booth couldn't see any pictures on my CD. It turned out that the machine ignores files which don't have a .jpg (or .tif etc) filename suffix. (I use a minority OS which doesn't have the twisted idea of filetypes as part of the name.) This certainly makes things more difficult for me. But it makes me wonder, is that braindamaged check the only way they determine file-formats? Would it be possible to insert a malformed file, cause a buffer overrun or somesuch and reprogram the machines? The most malicious use I can come up with is that nothing would change on the display, but the prints would come out as hardcore porn. But geeks being geeks, I think it more likely that the vending booths would be subverted into games machines. Reprogramme the machines and create a relentless robot army of printing drones? Now there's an idea. Our penultimate contribution is from Mark Turner, who outlines his experiences of the Boots/Kodak photo print booth - the piece of kit which started this whole debate: 1) I've got a Fuji Finepix F610, which does 12MP images (approximately 4000 * 3000 res). I end up taking all my holiday photos on the maximum res, so that I ensure I get a good quality print. I went in to Boots this morning, CD in hand and had a try with a few images. Curious about the "enhancement" option, I thought I'd give it a go. The system croaked when I asked for an enhancement. It simply said, "Cannot display this image" and gave up. Nice. Thought it was strange it couldn't display it, as it had already shown the pictures to work with in the image list. I suspect that Kodak weren't ready for people with images of that resolution to give it a go, but as cameras go up in terms of megapixels, it will become more likely. I told the Boots woman about what had happened and I don't think she had a clue as to what I was on about, although she did say she "valued my comments". *cough* The terminals need a speed boost, as it took ages to do anything with the images. I know, they're 12MP images, but this is supposed to be a dedicated terminal. It took several minutes to get a print or two out. They need beefing up somewhat. 2) Please, please, please, can there be an option to turn off the annoying scottish voice-over man ? I hate talking machines! What makes it worse is that the everyone in the entire store turns around and watches what you're doing, as they can hear this loud John-Leslie-esque voice boom across the store. 3) 49p a shot ? Egads! Maybe they should look at services such as Colormailer.com, which does 4*6 prints for 20p. 4) Images sizes. You only have the option for 4*6, 8*6 and a few strange other ones. What about 5*7 and larger prints. Chances are, if I print out a digital photo, it's because I want to frame it and put it on the wall. 5*7 (or some bigger sizes such as 8*12) would be the way to go here. 5) Print quality wasn't bad, though. Nonetheless, an interesting distraction for 98p. The machine speaks with a Scottish accent? Good Lord! Readers who find that prospect particularly unsavoury might like to pop down to the Dagenham branch of Asda, where we are absolutely certain that the machine has a pleasant Essex brogue, awight? Has anyone else tried the digital booth at ASDA? The Dagenham branch was running a special of £5.00 for 50 6 x 4 prints so I thought it would be worth a go. Quick and easy to set up and alter any pics for red eye or cropping. When finished you get a printed reciept which you pay for at the photo shop till. As advertised they were ready an hour later and were very good as regards quality and colour. The camera was a 2 mega pixel Olympus being used at a 1600 x 1200 medium resolution. I got just over 160 photographs in an hour for £18.00 - not bad at all. I would recommend it to almost anyone. Even the standard price is only 29p per copy. And there you have it, courtesy of James Clapperton. We wish our readers happy snapping and many years of pleasant print booth experiences. ® Related stories Digital print booths: readers put us in the picture Digital print booths: Kodak addresses your concerns Reg reader tackles Kodak digital print booth Boots deploys digital print kiosks
Lester Haines, 13 Aug 2004

CBI wishes for the ID scheme we're not getting

The Confederation of British Industry, the public prints told us this morning, has backed the government's "flawed" ID card scheme, from which one might conclude that the UK business umbrella body thinks ID cards a good thing in principle, but that the scheme as currently presented needs a fair bit of work. This however is not so - the CBI says "employers are ready to back an ID [note that 'card' is missing] scheme in principle", then presents a long and broadly well-argued document discussing the issues of identity management as they relate to individuals and business. The CBI does not say flat out that the entire scheme the government is proposing is rubbish, but by the time you've got to the bottom of its paper it has blown so many bits off of the edifice that there's not a lot left standing. The CBI's basic premise, as you would expect, is that a solid, reliable means for identity verification would be A Good Thing. Businesses have a legal liability in numerous (and growing) areas to verify identity, and individuals concerned about identity fraud would like solid mechanisms with which to prove their own identity and stop other people stealing it. Insert any personal caveats about trust, freedom and privacy here and there's really not a lot most people would disagree with, in principle. Wishing for the existence of solid identity management systems is however not the same as agreeing either that they can be done, or that the government's unhinged faith in the buildability of a single, bulletproof, universal system is in the slightest bit justified. The CBI leads in by detailing some of the advantages that would accrue if "a single system of identity authentication" existed, pointing out that the card itself could become the token whereby public and private services were linked, and that "links to credit brands could be added and subtracted." But although it notes that the government appears to envisage businesses adopting the card, it says businesses are concerned "that the Government is driving forward a murky agenda without full appreciation of the potential drawbacks of a loosely-structured scheme." "Government should clarify the overarching objective of the proposed ID Card scheme and define the potential benefits to business of being an integral part of the scheme." Warming to its theme, the CBI swiftly moves to the identity register as the nub of the matter. This should contain the minimum data necessary to identify individuals, the proposal to allow individuals to store voluntary information on it should be dropped, and the Home Secretary's powers to add new information should be curtailed. If it's supposed to confirm ID, then that's what it should do, and all of the other stuff simply introduces more scope for errors, inaccuracies and breaches of privacy. The CBI is arguing from the point of view of usefulness and effectiveness, but comes to similar conclusions to the privacy lobby here. The government has made a great deal of noise about the supposed accuracy of biometrics as the key ID system, but hasn't come up with anything in the way of coherent plans for dealing with situations where biometrics aren't really relevant. Online transactions are not helped unless a completely secure and uncompromised biometric reader is involved, which rules out bank machines and Internet transactions for starters. The government does envisage issuing pins and passwords to people for use in situations of this sort, but as was noted in The Register when the draft bill was published, this effectively means the government is envisaging a tiered system of identity authentication, using different strengths of ID where appropriate, while talking horsefeathers about a single, invulnerable one. The CBI queries the governments plans in this area to issue PINs and passwords for remote identification, citing the "inherent weakness of these traditional authentication methods" and volunteering "the experience and expertise of businesses in building different levels of database access be considered by Home Office as the scheme develops". Which makes sense, given that businesses have the most experience of secure transactions, and the most to lose if they're compromised. It also questions the vagueness over "the requirements on and redress for private sector organisations involved in data-sharing gateways". Government wants business to embrace the scheme and in some cases (e.g. employment) will require that it do so, but government seems not to want to shoulder the responsibility if there are errors in the database and, say, you lose that job/mortgage because the registry says you're a failed asylum seeker on the run: "The CBI is concerned that the government will not accept liability for wrongful identification or verification of an individual through information on the Registry. Although government is keen to involve the private sector by using companies’ valuable intellectual property to create the national Registry, its willingness to transfer the risk associated with using the Registry onto business is disappointing. It could lead to instances where businesses that rely on ID cards as a trusted means of secure authentication, are financially liable for fraudulent activities conducted using a false identity, verified as accurate by the Registry." Well indeed. The outfit also, very politely, makes the point that the government is entirely missing the point on identity verification needs for individuals and businesses: "... a lack of critical mass for authentication methods has resulted in business searching for an effective yet common means of authentication for b2b transactions. Given the Government target for all government tendering to be conducted online by 2005 there also exists a need to ensure that government can authenticate a company’s identity online as part of the online tendering process through the Government Gateway portal. "The CBI urges the Home Office to consider how the ID card scheme could be developed to provide an authenticated means of identification for companies conducting business online, as a way to ensure the further development of online trading in b2b, b2c and b2g markets. The co-ordination of business initiatives in this area with the government proposals could also assist in reassuring business that a robust, reliable and secure framework for ID authentication can be developed without being solely reliant on the effectiveness of a single ID card." Finally, the CBI considers biometrics, saying that it is "concerned at Government’s insistence on including biometrics in the draft Bill without conducting broadly based discussions with business on the practical complexities for its use. This is reflective of business concerns that Government is driving forward an agenda without full appreciation of the potential drawbacks of aspects of the scheme." It says that it supports the use of innovative technology, but says biometrics presents "significant challenges" as regards the accuracy of equipment. Unless this can be assured "it is unlikely that the ID card biometric component will sufficiently reassure businesses that an ID card by itself can provide a viable means of verifying an individual’s identity." Which is something of a sting in the tail. "The CBI suggests the government conduct further consultation with the wider business community on the issue of biometrics before moving ahead with the inclusion of biometric information in the ID card scheme." As we said, once the CBI has finished there doesn't seem to be a whole lot left of the scheme, aside from the view that an identity would be A Good Thing in principle. ® Related links: CBI announcement Full CBI document (word format) Home Office prohibits happy biometric passports ID cards: a bad idea, but we'll do it anyway US wins David Blunkett Lifetime Menace Award Tag, track, watch, analyse- UK goes mad on crime and terror IT Everything you never wanted to know about the UK ID card
John Lettice, 13 Aug 2004

Office phones filthier than toilet seat

Filthy phones and germ-infested keyboards mean that anyone eating their lunch while at their desk could be biting off more than they can chew. In fact, a recent report by the University of Arizona found that the typical office desk harbours around 400-times more disease-causing bacteria than a toilet seat. The muckiest spots were shown to be the telephone and desktop, followed by the keyboard and computer mouse. But the highest levels of bacteria were found on the fax machines - three times more than on a toilet door. Intrigued by the findings, Manchester recruitment agency, Connections, quizzed 500 office workers to find how clean people are at work. Its survey found that people simply don't look after their workspace enough, with just one in three cleaning their desks, keyboards and phones once every three months. Said Neal Etchells, a consultant with Professional Health and Safety Consultants: "One of the reasons for the decline in workplace hygiene is that many offices have cut down on professional cleaning, relying instead on employees to clean their own work areas - and it's simply not happening. "With more workers eating lunch at their desks, it amounts to an alarming health hazard. Food left decaying on desks attracts cockroaches and other vermin, which can find their way into air conditioning systems and bring about viral diseases." Which is nice. ® Related stories Chinese sales staff sent to beg in streets SMEs sniff at smelly techies "OK I smell a bit" but leave us BoFHs alone!
Tim Richardson, 13 Aug 2004

Small.biz unprepared for disaster

Businesses remain largely apathetic about disaster recovery even after they have seen the effects of catastrophic communications failures first hand, according to a survey out this week. A poll of more than 1,000 firms in and around Manchester taken shortly after a serious fire in a BT hub in the city last March reveals evidence of complacency about communications disaster planning. The findings illustrate the uphill battle the UK faces to alert companies of the need to plan for the unexpected disasters or the effects of possible terrorist action, according to communication services firm Direct Response, which commissioned the study. The Manchester fire brought 130,000 phone lines down, half of which still hadn’t been restored several days later. This left some companies without communications for up to five days. The fire had an impact on voice communications in 60 per cent of those polled by Direct response. Email, fax or Internet operations were also affected in 38 per cent of companies affected by the fire. Many small businesses in Greater Manchester were hard hit by the knock on effects of the massive blaze. Angie Robinson of Manchester Chamber of Commerce commented at the time that "businesses in this area are losing £4.5m a day. It’s unlikely that they will be able to claim any of this back." Three quarters of organisations quizzed by Direct Response admitted they would lose sales calls if the event of a similar incident again. Almost one in five (18 per cent) estimated they would lose more than 100 enquiries per day in the event of a repeat performance of the fire. Despite this only a third of the companies polled by Direct Response had a disaster recovery or business continuity plan in place. Direct Response's study revealed widespread ignorance about disaster recovery options and a misconception that business continuity services were only suited to larger organisations. Chris Robinson, managing director of Direct Response, said: “Our experience of disruption of this type is that companies fail to have in place even the most basic solutions. A disaster recovery plan does not need to be complicated, nor do its elements need to be expensive. Often, just getting a business’s phones to automatically divert to a location scripted to manage them can make a huge difference, as can making sure the firm backs up data to a remote location.” ® Related stories BT cable fire causes extensive damage in Manchester BT fire disrupts emergency services BT will compensate customers for Manchester blaze UK firms flop in the data back-up department Backup and Recovery er what's that? UK.biz ready for disaster, says UK.biz 9/11 fails to influence disaster recovery strategies survey IT Failures In The Great US Blackout IT spending shifts to business continuity, services Liverpool is 30 minutes from IT wipeout Outsourcing Back-up
John Leyden, 13 Aug 2004

Euro filing reveals Apple 'handheld computer'

Apple has filed for a European design trademark which may provide a tantalising glimpse of the company's long-awaited tablet computer. The filing, made in May this year but only published this week, covers a "handheld computer" and contains sketches of what look like an iBook screen minus the body of the computer. The paperwork was handled by Leeds, UK-based patent and trademark attorneys Urquhart-Dykes and Lord. The filing lists Apple CEO Steve Jobs and the company's industrial design chief, Jonathan Ive. It also refers to Daniele De Iuliis, Richard Howarth, Eugene Whang, Matthew Rohrbach, Bart Andre, Calvin Seid and Christopher Stringer all of key members of Apple's industrial design team, with the Power Mac G5, iPod, 17in and 12in PowerBook G4, and others under their belt. Hints that Apple might be working on such a product emerged in 2003 when a source close to Taiwanese contract manufacturer Quanta claimed that the company had been hired by Apple to build what was dubbed a "wireless display". Jobs has consistently downplayed claims that Apple is working on a PDA, and given the state of the world PDA market, it wouldn't make much sense for it to do so. Doubly so given how well the iPod works as a portable personal information carrier. Jobs has similarly poo-poo'd suggestions that the company should offer a video iPod. Again, we agree - video simply isn't an application as well suited to portable players as music is. However, that doesn't mean that there's not room for a larger, house-bound mobile video system, and we've mooted a system comprising a wireless display terminal connected to a base iMac via 802.11g before. Apple's "handheld computer" design registration sounds more like a PDA, but it looks like the home entertainment tablet system mentioned above. Back in November 2003, our old pal Matthew Rothenberg at eWeek let the cat out of the bag with a "hunch" that Apple had seeded prototype tablet Macs with developers. The device used Mac OS X's Inkwell handwriting recognition technology and a healthy amount of knowledge picked up during the development of the Newton OS. Inkwell has been a part of Apple's system software since September 2002's release of Mac OS X 10.2. So far, only graphics tablet users have been able to do anything with it. Matt later refined his hunch to encompass a "device that superficially resembles a large iPod with an 8in diagonal screen, lacks a keyboard, packs USB and FireWire ports, and runs Mac OS X along with a variety of multimedia goodies". His January 2004 launch window has long since passed. But Apple may finally about to bring it to market. The device is certainly a logical extension of what it's been doing with iTunes and AirPort Express. While its mini wireless access point is good for streaming audio from a host Mac to a hi-fi, it lacks a local control unit. It's tempting to view this latest design filing as the basis for just such a device. Indeed, the upcoming new iMac is said to sport an all-in-one design with the system board, hard drive etc. mounted on the back of the monitor LCD. Only the suggested 17in and 20in displays indicate that the new machine isn't as portable as the tablet concept. Instead, then, we might be seeing an 'iMac Jr.' in the not too distant future, equipped to work with both iTunes - and perhaps other iLife apps, such as iPhoto - and AirPort Express to deliver Mac-stored music, photography and video wirelessly to your hi-fi and TV. August's Apple Expo Paris may prove more exciting than previously thought. ® Related stories Apple to ship next-gen iMac in September Delayed tablet Mac to launch next month? Apple contracts Quanta to build wireless display - report Apple builds wireless hi-fi bridge with pocket router A Bluetooth iPod (and three other Apple distractions) DVD Jon cracks Airport music streaming Apple iTunes catalogue tops 1m songs
Tony Smith, 13 Aug 2004

El Reg pledges to name BSA antipiracy weasel

CompetitionCompetition The Business Software Alliance's plans to name their weasel mascot by holding a competition for school children has obviously moved you, our beloved readers. Such a quantity of emails flooded into Vulture Central that we felt it our duty to respond with immediate action. Accordingly, we have decided that we will hold a little naming competition of our own, and will send the winning suggestion to the BSA and insist that they adopt it forthwith or face legal action. It will work thusly: you send us your suggestions, we'll collate the top ten (most popular, or just ones we like) and hold a poll to determine the winner. Yes. You, the readers, will have your say. This is just like reality TV, except that there is no TV involved. Or reality. Here are some suggestions to get your minds working on this one, taken from today's letters bag: Popgoes (the weasel) Rip-off Rat Money-hungry mink Subpoena Skunk You get the idea. Note: We have now closed the suggestions inbox and are collating the data. Poll will be up on Tuesday 17 August. Thanks to all those who have sent in suitable monikers. ®
Lucy Sherriff, 13 Aug 2004

Ashlee Vance: the readers have spoken

Poll resultsPoll results Well, the polls have closed, the votes have been counted and now it's time to reveal just what readers think of our stateside correspondent Ashlee Vance, legendary champion of the all-American Segway. Around 10,000 readers took the time to chip in their two bits' worth on the issue, so let's see if Ashlee is to be crowned with laurel or dispatched to the Vulture Central toilet block. First up, gender: is Ashlee Vance male or female or ladyboy? The answer is, of course, ladyboy, the option which captured 43 per cent of votes cast. 30 per cent claimed woman, while 27 per cent reckoned male. For the record, here is a picture containing Ashlee Vance. We're not sure which one of this group the campaigning shemale is, but he/she's certainly in there somewhere: Having sorted that out, we can now move swiftly on to more pressing matters, such as how's Vance's writing? Mercifully, 58 per cent of you opted for the safe "mostly IT-related, with the occasional light-hearted non-IT piece", with 22 per cent opting for "divine" and a paltry 20 per cent getting the knives out with "putrescent". Phew. Furthermore, 46 per cent reckoned Vance a "silicon-clad St George" as opposed to a "Intel whore" or "Microsoft running dog lackey", which both corralled 27 per cent. Of course, Vance plays air guitar to Rush, as 100 per cent of voters confirmed. Thanks to the International Friends of Rush for sponsoring that question. The cash raised will, as ever, go to our favoured charity - a Canadian seal pup refuge. So, the upshot of all this is that a mere seven per cent of participants would like to see less of Vance on El Reg, while just 39 per cent reckon he/she should be scrubbing the toilets. That means a mighty 54 per cent demand more Vance. And finally - before we thank all of Ashlee's friends and relatives who stayed up all night yesterday hammering the poll to ensure a favourable outcome - we're delighted to announce that an awesome 66 per cent of voters said that the poll experience: "Really brightened my day. Give me more!". The remaining 34 per cent asserted that it: "Sucked on a big fat one" and that someone should "get me Pa's shotgun from the barn". ®
Lester Haines, 13 Aug 2004

Buffy the Censor Slayer

LettersLetters The news that the US Federal Communications Commission (FCC) recently rejected a complaint from the Parents Television Council (PTC) that an episode of Buffy the Vampire Slayer contained illicit nookie caused quite a stir with readers. To recap, Buffy was apparently getting down and dirty with Spike. Cue outrage from concerned parents. But what was the fuss all about, exactly? Jamie Kitson explains: Ashamed as I am to admit this, I believe that I do remember the episode which "showed" Buffy and Spike, ahem, doing the deed. The reason for the quotes, and an important bit of the story that has been missed, is that throughout most of the episode Buffy was invisible, leaving it up to your imagination what was going on. Yes my imagination went a bit far :) You ought to be ashamed of yourself, young man. After all, Buffy is good, wholesome family entertainment - if you discount the vampires, demons, martial arts slayings of shape-shifting Satanic emissaries, etc, etc. In any case, hadn't we been there before, Steven asks?: Isn't that a rather moot point as she had got "down and dirty" with Angel in the 2nd or so series, 5 series before the romp with Spike. I didn't see anyone complaining about that then, so what makes this one any the more special? Some people just have nothing better to do with their time.... Who can say what provoked the PTC's attack on this occassion? Still, let's have a round of applause the FCC. Take it away (another) Steven: I'm glad to see the FCC are finally doing something _right_ for a change. I am an obsessed Buffy fan and whilst I've never seen anything "explicit" in the show, I sure wish I could (not in a pornographic way.. obviously ;) ). I am however, rather curious about why these things are getting attacked?. I mean, first it was games, and how they are to blame for murders (utter rubbish IMHO), now it's TV shows, and explicit scenes that have never even taken place. Are these edgits really that sad that they have to find something to nit pick. Why can't they do something constructive and actually help people (oh I don't know, by jumping in front of a bus or something?). For the record, the PTC's current hobby-horse is modern music, in all it's filthy forms. Bryn Jones has this to say: Hahahaha! Oh yes ,so the kids of thirty years ago weren't listening to music about sex, drugs and violence? Could have fooled me. Ranting about societal meltdown was cool thirty years ago but now its just embarrassing. Unless you're Republican or Tory, then its still Rock (or Rap if thats your fancy) On!!!! Indeed. Cue Rush compliation CD at full volume and air guitars at the ready... ®
Lester Haines, 13 Aug 2004

UK police issue 'vicious' Trojan alert

Britain's top cybercrime fighters have joined up with the banking industry today in warning of the latest attempt to defraud online banking customers. The attacks, in the form of 'Trojan horse' emails, have been spammed out to a number of email account holders randomly across the country. The emails contain links to malicious websites in North America and China. The UK's National Hi-Tech Crime Unit (NHTCU) is working with the Internet industry to have these sites shut down. At the time of writing three have been taken out of commission but others remain active. NHTCU and banking organisation APACS have teamed up to warn on the threat in a highly unusual move that underlines the seriousness of the risk. An NHTCU spokeswoman explained: "This is really vicious. It's just a normal phishing attack but something that tries to install backdoors on victims' PCs". Touch of Evil The spam emails contain details of a fictitious order for Web hosting or computer goods and thank the email recipient for a non-existent order. In addition, they also display the apparent cost that will be charged to their credit card. The email also contains a link to one of a number of maliciously constructed website in order to "view the order in more detail". If an email recipient is duped into visiting one of these sites, it appears merely as a site under construction. But in the background malign actions are afoot designed to load a variant of the Mitglieder proxy Trojan onto vulnerable Windows boxes. These maliciously constructed sites harbour a Trojan downloader routine capable of dropping a keystroke logging program onto vulnerable PCs. This exploit is possible because of well-known Windows security bugs, namely an MHTML URL vulnerability (MS04-013) and an ADODB.Stream vulnerability. Both of thses flaws can be fixed by the latest Internet Explorer megapatch (MS04-025). If a machine becomes infected, the next time a customer uses their PC to access their own online banking site, the Trojan can potentially record their secret passwords and PINs used to log-on. This information is accessible to attackers thereby compromising the security of victim's online banking accounts. In addition, the Trojan surrenders control of the machine to attackers. It's unclear how many users have been hit by the attack. Protect and survive Although the threat from Trojans is a serious one if precautions and advice are not taken, the banking industry offers a number of security measures to defend against these types of attack. These include partial passwords, so not all characters from a password are revealed at any one time. This is further enhanced by the use of drop-down lists, which rely on the use of a mouse to select alphabetic or numerical characters. In addition, some banks also offer customers the opportunity to purchase reduced-price security software via their websites. Sandra Quinn, Director of Corporate Communications at APACS, said: "By being wary of unsolicited emails and maintaining basic security measures on your computer you can go online with confidence." APACS refers consumers to its previously published guidelines on safe computing. Detective Chief Superintendent Len Hynds, Head of the NHTCU said: "The NHTCU is continuing to work hard to bring the perpetrators of these elaborate scams to justice. The criminals behind these attacks are constantly evolving their techniques and changing tactics to target a wider range of victims. With this range of exploits being blended in one piece of code, it is not just about online banking. There is a second keylogger and a program that allows the machine to act as a mail proxy that could be used by spammers. It is the Swiss Army knife of the cyber-criminal." ® Related stories Cybercops seize Russian extortion masterminds UK police arrest 12 phishing mule suspects UK police arrest copycat phisher UK banks and police proffer anti-phishing advice
John Leyden, 13 Aug 2004

Cheat on me and the sex vid goes live

It seems that one of the most dangerous things you can do in a relationship is make a video of yourself and your loved one getting jiggy with it. It will almost certainly come back to haunt you; a fact which one Clara Whitehouse has learned the hard way, the Sun reports. Her ex, Paul Clarke, clearly enraged that she had ditched him for another, got his revenge by posting just such a video online, for all the world to see. It used to be that only celebritites (Pammy and Paris, fr'instance) needed to worry about that sort of thing. He followed this up by making sure as many people as possible were aware of the site - by handling out flyers advertising it at Clara's 21st birthday party. He also had them sent to her workplace and delivered to her neighbours. A very thorough marketing campaign, we're sure you'll agree, that resulted in around 300 visits to the site before it was taken down. (We note that had he begun an email campaign, that figure would almost certainly have been higher) Devilishly devious, yes, but also rather self-defeating as Paul ended up in the dock and has admitted harassment. The case was adjourned for reports before sentence. ® Related stories London schoolkids drown in spam tsunami FCC rejects Buffy screen romp charge Porno blog spam turns nasty BOFH: Might as well face it, you're addicted to smut
Lucy Sherriff, 13 Aug 2004

SEC to examine Playboy for boobs

The Securities and Exchange Commission will be examining the September issue of Playboy even more closely than normal. The reason? The appearance of a pair of boobs at a particularly sensitive time. The boobs in question are Google Inc. founders Larry Page and Sergey Brin, who have punctuated the company's mandatory pre-IPO period with an extensive interview with the monthly. The interview itself was conducted on 22 April, at the end of a Spring publicity campaign. Google filed its initial public offering a week later. "This interview is going to cause regulatory concern," a former SEC attorney tells USA Today. "There could be consequences." Columnist John C Dvorak adds, "You cannot live in and around Silicon Valley and not know you cannot do this stuff. I think many of these stunts are perhaps on purpose," he says, a theme echoed on bulletin boards. [Er - nice beaver, John]. The concerns maybe premature. SEC is only likely to get involved if the statements differ from public filings. As the Washington Post noted in May, Google hadn't exactly been reticent after filing its Coca Cola Jingle. But there's nothing new here you haven't heard many times before. Simply the obligatory references to Rollerblades and Segways, random toys, not being evil, helping school children in Cambodia (by giving them Gmail accounts) and connecting Google "to your mind". We learn that Larry Page "wore shoes" throughout the interview and that at one point he vowed, oddly, "we will not hold your email hostage." He suggests that Google-gamers who "optimize" their results for the search engine may eventually find "realize that it's more efficient just to pay to promote their things, if that's what they want to do." We know this, because leaving nothing to chance, Google has reprinted the entire Playboy interview on its IPO website, with the following warning Risk Factors—If our involvement in a September 2004 magazine article about Google were held to be in violation of the Securities Act of 1933, we could be required to repurchase securities sold in this offering. You should rely only on statements made in this prospectus in determining whether to purchase our shares for certain information in the following article that has been modified or updated. Due diligence? They've heard of it.® Related Stories Google! Licenses! Yahoo's! Secret! Sauce! Google IPO 'hangs in the balance' Google goes gimpy from MyDoom infection Google must buy back buddy stock Google demotes Coca Cola jingle Google decides banner ads, skyscrapers are not evil Google files Coca Cola jingle with SEC
Andrew Orlowski, 13 Aug 2004

Why aren't more women in ICT?

The Equal Opportunities Commission (EOC) is carrying out a "major investigation" to discover why there are so few women working in the ICT sector. It wants to hear from employers and workers as part of an initiative to understand what makes the industry "tick" and why so many women are put-off getting into ICT. The consultation - which is also targetting the plumbing, engineering, construction and childcare sectors - follows on from an EOC report in May which found a direct link between the segregation of the sexes in some sectors and serious skills shortages. Plugging Britain's Skills Gap revealed that the number of women working in the industry has fallen recently from 23 per cent to 20 per cent. Part of this is blamed on the industry's "poor image", particularly among girls who might otherwise be attracted to work in the industry. One unnamed 24-year-old-woman quoted in the report said: "I have recently started working in the ICT industry. I fix computer problems and get told things like, 'wow, you should be an honorary male' or 'gosh you should have been born a boy', and it really gets you down. "It makes you feel like an outcast and is depressing, so much so I have recently considered converting to law. Perhaps a job in cyber-law would be more 'female', more acceptable." Those wishing to take part can access the questionnaire on the EOC website (eoc.org.uk/segregation). Deadline for completed surveys is Friday 27 August. ® Related stories Technology pushes women to the edge Small.biz: hotbed of sexism? IT workers demand greater work flexibility Sex no bar to geekdom
Tim Richardson, 13 Aug 2004

Outsourcing Human Resources: cause for celebration?

The rise in importance of the Human Resources (HR) department within the company structure has gone on unchecked for decades. There was a day when it was simply called payroll, but now its influence stretches right to the top, and it busies itself evaluating employee performance, and generally bewildering all with bureaucracy for even the smallest decision within every department... You can hardly blame those who have struggled to suppress their delight at the rise of HR outsourcing. Surely with the focus on slimming down and cutting costs, the sort of interfering that HR is loathed for should disappear. After all, if HR employees are working for a service organization, they might work out that they are supposed to be providing a service. It is then, with horror, that we learn that suppliers are not just looking for transactional-based functions such as payroll and pensions administration, but 'full service' HR, which includes almost everything bar telling staff when they can go to the toilet. While contracts are still being won on price, vendors are now pushing the 'total value' concept - encouraging companies to push more and more important decisions and processes to HR. Business process outsourcing (BPO) advisory firm Everest Group now estimates that a third of such deals involve outsourcing training and development, 28 per cent include performance management and 12 per cent actually include the outsourcing of some elements of HR strategy. The end of the HR autocracy is not imminent. Within other horizontal BPO areas such as finance and accounting, prospective customers are fearful of outsourcing the higher strategic levels of the department, such as budgeting and management analysis, because they fear the loss of control. With HR, similar alarm bells should be ringing in clients' ears. HR outsourcing should be restricted to its most basic functions - processing payroll, benefits, updating personnel records, and responding to employee queries. Strategic and higher level functions should be kept within each department as far as is possible, so that they can be made by people who truly understand them, and the needs of the employees concerned. Removing important decisions - that can have a serious impact on employees' working lives - away from the head of an employee's department to a centralized HR unit has been a morale-sapping own goal scored by most businesses. Outsourcing is an opportunity to restructure the bloated responsibilities of HR, rather than simply moving the decision making process further away from the employees they are meant to serve. Source: ComputerWire/Datamonitor Related research: Datamonitor, "MarketWatch: Technology Annual Subscription" Related stories Offshoring a growing option
Datamonitor, 13 Aug 2004

Nanotech aids green hydrogen production

A UK company has developed a nano-crystalline material that will dramatically improve the production of hydrogen by using solar energy to split water more efficiently into its elemental parts. Hydrogen Solar says its efficiency rate is now at eight per cent - just two per cent shy of the 10 per cent benchmark accepted for commercial production. Company CEO Dr. David Auty says he expects to commercialise the technology within a year. Speaking to The Register, Dr. Auty explained how the Tandem Cell technology works. There are two photocatalytic cells arranged in series. The front cell is coated with a nano-crystaline film which absorbs high energy (ultraviolet and blue) light. The lower energy light (green and red wavelengths) passes through the front cell and into the second. Here, the light excites the electrons in this cell's coating which sets up an electrical potential. Now there is a potential difference between the two cells allowing current to flow. This electricity splits the water molecules in an electrolyte, producing hydrogen. "The coatings we have put down have features on a scale of 30-50nm," he says. "But the films are between 1000nm and 3000nm thick, with lots of features throughout the thickness. The material is mesoporous, which means there is a huge surface area available for activation." Dr. Auty explained that there the properties of the materials used change in subtle ways at the nano scale. "We think this may be helping us, too," he said. Hydrogen Solar is discussing commercial projects with international companies is both car manufacturing and construction industries. ® Related stories Toshiba touts pump-free fuel cell for MP3 players Sulphur fuels battery breakthrough Shrunken rods make batteries better Hitachi readies fuel cell for PDAs
Lucy Sherriff, 13 Aug 2004

HP: The Adaptive Enterprise that can't adapt

OpinionOpinion For quite some time now, HP has been hawking its Adaptive Enterprise idea to anyone that would listen. The basic concept being that companies need to use technology as a tool for making quick, fluid changes in their businesses. But after HP blamed a disastrous SAP roll-out for its third quarter failings, you have to wonder exactly how adaptive HP's own enterprise really is.
Ashlee Vance, 13 Aug 2004