20th > December > 2004 Archive

US ISP wins $1bn damages from spammers

A small US ISP has been awarded damages of $1bn against three spammers by an Iowa judge. The surreal size of the award was arrived at under an Iowa law which fines spammers $10 for each unsolicited emai they send. CIS Internet Services supplies email services for 5,000 customers in and around Clinton, Iowa. At one point in 2000 the ISP was receiving up to 10 million spams a day - mostly directed to non-existent email addresses. The source of the addresses was a CDROM called Bulk Mailing 4 Dummies. This contained 2.8m email addresses supposedly for customers of CIS, as well as millions of addresses, mostly bogus, for the likes of AOL, Hotmail and Earthlink, AP reports. In 2003 Robert Kramer, CIS's owner, filed John Doe suits against 300 spammers. On Friday, a US district judge issued default judgments against three companies which failed to turn up to an earlier hearing in November to defend themselve . Kramer is unlikely to collect any damages, but his lawyer is hopeful that he can claw back legal costs. The three companies which are supposed to pay damages are: AMP Dollar Savings Inc.($720m) of Arizona; Cash Link Systems Inc.($360m) and TEI Marketing Group Inc ($140,000), both of Florida. ® Related stories Spammer prosecutions waste time and money The economics of spam 'Together we can defeat spam in two years' Europe drags heels in war on spam Spam is 10 Spam villains: named and shamed
Drew Cullen, 20 Dec 2004

Dutch companies fined €7k for eBay typosquatting

Dutch graphic design company JustDesign and customer J. van Dalen have been ordered by The World Intellectual Property Organization (WIPO) to pay a fine of €7000 for registering the domain name e-bay.nl. The name was used for a website with information on Van Dalen, a company which inspects buildings. Although the site didn't misrepresent the popular auction house, eBay was not amused. As it registered with the Benelux trademark office as early as 1998, the company filed a complaint with the Arbitration and Mediation Center of WIPO, which prohibited both companies from registering domain names similar to e-bay.nl and ordered them to pay both arbitrator fees and administrative costs. JustDesign and Van Dalen argued that eBay initiated the arbitration proceedings without first attempting an amicable settlement, but WIPO disagreed, saying that the defendant had "deliberately taken the risk of registering e-bay.nl". Oddly enough, eBay hasn't filed a complaint against the owners of the domain "E-bay.com", US company CellExpress. As the auction house is often misspelled as e-Bay.com, many internet users will land at the site of CellExpress, which apparently is used for search engine purposes. ® Related stories Gooooal! Ronaldinho scores his own domain name Microsoft halted in phonetic domain crusade Gatwick.com owner wins WIPO battle US porn typosquatter banged up
Jan Libbenga, 20 Dec 2004

We were sold into porn slavery, cry African islands

The government of the tiny African islands Sao Tome and Principe has made a terrible discovery - it has been sold into porn slavery. The country' infrastructure minister, Deolindo Costa de Boa Esperanca, was intrigued to find out what this Internet thing was when the Net's overseeing organisation ICANN held its annual meeting in South Africa earlier this month. He didn't like what he turned up: a report by Secure Computing from this June which pinpointed the Sao Tome ".st" domain as the host of more than 307,000 pages of pornography - three-quarters of all African porn pages on the Internet. While Sao Tome remains a mere adolescent in the world of online porn (in terms of countries, Germany leads the way with 10 million pages, and the UK is close behind with 8.5 million), that figure corresponds to 1.7 pages per inhabitant. Germany in contrast has 0.12 pages per person, and the UK, 0.14. Winner of porniest country in the world is Tonga with an incredible 7.7 pages for each of its 110,000 inhabitants. A little bit of research by the minister later and it transpired that the man chosen the run the domain in November 1997, one Aguinaldo Salvaterra, who runs a cybercafe on the island, had done a deal with a Swedish ISP Bahnhof Internet back in June 1999. Bahnhof now runs the entire .st domain and, obviously, saw the opportunity to provide a liberal service outside of normal restrictions to those most willing to pay for it. Pornographers have fallen neatly into the category. Costa is not at all happy and claims the small piece of paper he has located handing over his country's domain to a foreign ISP is not above aboard - the government was never consulted, he says. The decision-making process does indeed appear to have been informal but then the fact that it has taken the government over five years to discover the fact is not especially persuasive. It doesn't help that the Sao Tome government also doesn't make any money from the online domain deals. Bahnhof says it has done nothing wrong and only makes around £8,000 a month from the domains anyway. Mr Salvaterra has forgotten to keep any financial records. And so another country wakes up to its domain, and another government becomes convinced there are millions to be made from that thar domain. There are good stories and bad. For example, the 12-year leasing by the government of Tuvalu of its .tv domain in 2000 for a $15 million lump sum and annual multi-million-dollar royalties is always held up as the gold standard. In reality, it is the exception. Moldova's .md domains - aimed at US doctors - have failed miserably. The tiny island of Niue's .nu domain tageted at saucy French and busy Swedes has sold 100,000 domains but is hardly setting the world on fire. And there have been one or two other efforts to pitch the two-letter suffix as something unique but there were so tenuous that we can't actually remember them. Then there is the case of Nigeria, whose government became so convinced that there was millions to be had in .ng domains that elements within it embarked on a three-year campaign to get hold of the registry. After an appallingly vicious battle which finally saw the Nigerian president intercede, .ng was handed over to an arm of the government. The expected rush of gold never appeared and now the main site for registration of Nigerian domains is mostly offline. The local Internet community is less than pleased. Nonetheless, with Sao Tome now aware of the Internet, there is no doubt that if it is serious about running the .st domain, it can reach agreement with ICANN and take over control. The problems of the past - namely catastrophic network collapse - should with any luck be avoided with the help of the freshly created AfriNIC organisation, formally recognised at the ICANN South Africa meeting. We shall see. It is possible that a cut of the money coming in from the st porn sites may be enough to put this tiny island's mind at rest. ®
Kieren McCarthy, 20 Dec 2004

BT connects 4m to broadband

BT has now connected more than four million wholesale broadband users. The latest million ADSL customers were added in just four months with around 60,000 people a week hooking up to broadband. Ben Verwaayen, BT's chief executive, said: "We are currently making a new broadband connection at least every ten seconds, 24 hours a day, seven days a week. We reached three million ADSL connections in August of this year, so to have now reached four million well before Christmas is tremendous news. It shows that the take up rate for broadband is accelerating apace." In 2002, BT set an ambitious target of five million wholesale DSL lines in the UK by 2006. That target is within touching distance and looks set to be overhauled next year before the last of the daffodils have faded in the late spring sunshine. ® Related stories BT crows about broadband numbers Ofcom orders BT price cuts for broadband rivals BT appoints phone Czar Guildford runs out of broadband
Tim Richardson, 20 Dec 2004

eBay India boss cuffed in porn vid scandal

The boss of eBay's Indian subsidiary - Baazee.com - has been remanded in custody until 24 December after his arrest on charges of online trading in pornography. Police cuffed US national Avnish Bajaj following the revelation that an Indian college student had offered an MMS of two of his peers indulging in a sex act for sale on the auction site. Despite protests from eBay that the two minute clip contravened its acceptable use policy and had been immediately removed upon discovery, a New Delhi magistrate refused Bajaj bail, saying: "The investigation of the case is still in progress and the offence alleged does not warrant grant of bail to the accused." The video in question was not actually shown on Baazee.com but rather punted by Ravi Raj Singh, 23, a student of the Indian Institute of Technology at Kharagpur in West Bengal. It features two students from Delhi Public School. Singh was arrested last Wednesday on the charge of selling the clip on Baazee.com to eight people. Police have also issued a warrant for the arrest of one of the video's 17-year-old stars. The latter has become a bit of a celebrity after circulating the MMS to his friends, after which it escaped into the wild and has proved a big hit across India. For its part, eBay last week issued the following press statement: Baazee.com, eBay's wholly owned subsidiary in India, is an online marketplace which brings buyers and sellers together. In late November a Baazee.com user attempted to sell a controversial pornographic video clip on the site. The video clip itself was not shown on the site; the seller offered to email the clip to buyers directly. The listing violated Baazee.com's policies and user agreement and was removed from the site once it was discovered. Like eBay, Baazee.com strives to offer a transparent, trustworthy and safe trading environment and the company takes very seriously any breach of its acceptable use policy. Baazee.com executives, including its count Baazee.com executives, including its country manager Avnish Bajaj, have been closely cooperating with the New Delhi police to trace the seller in question. The information we have provided has allowed the police to locate and arrest the seller. We are outraged that Mr. Bajaj, who had voluntarily traveled to New Delhi to further cooperate with the police on this case, was arrested and today sent into judicial custody without bail until December 24. The arrest was unexpected and completely unwarranted. It is unfortunate that local law enforcement has chosen to misdirect its energies towards Mr. Bajaj. eBay is working to secure Mr. Bajaj's release from jail as soon as possible. If the authorities pursue their case against Bajaj, he faces a possible jail term of up to five years and a fine of Rs.100,000 ($2,275) ® Related stories Phone porn can boost 3G China jails four for running mucky site Net porn good for you: official
Lester Haines, 20 Dec 2004

Mugging the truth to spin Blunkett's comeback

AnalysisAnalysis David Blunkett, amnesiac, hadn't even left the stage last Wednesday night when David Blunkett, straight-talking, noble force for good, brought down by love and vindictive pygmies, began to re-emerge. With a little more work he could - if we are not careful - complete the fastest political rehabilitation in history and be ready for a speedy return to government.
John Lettice, 20 Dec 2004

Dutch eDonkey site owners released

Seven people arrested last week by Dutch law enforcement officials for offering links to allegedly copyright-infringing content have been released. The group shared thousands of movies, games and music files through eDonkey and BitTorrent files. Dutch lobby organisation BREIN remains likely to start criminal procedures against the site owners. BREIN believes that warez group DVD Europe Team, which shares illegal copies of movies as soon as they are released in cinemas, is part of the group that hosted the files. Christiaan Alberdingk Thijm, the Dutch lawyer who successfully defended Kazaa against Dutch collecting rights organisation Buma/Stemra, says BREIN does not have a case as linking to files isn't illegal in the Netherlands. The Dutch raids were part of an action by the Motion Picture Ass. of America (MPAA) against server operators in Europe. MPAA and local rights-holder organisations are also sending "cease and desist" letters to ISPs worldwide that host eDonkey, BitTorrent and DirectConnect servers. ® Related stories SuprNova.org ends, not with a bang but a whimper The BitTorrent P2P file-sharing system - indepth academic study MPAA to serve lawsuits on BitTorrent servers Dutch Dutch raid eDonkey sites, seize servers Finnish police raid BitTorrent site, arrest 34 Cryptography Research wants piracy speed bump on HD DVDs German police to take 16,000 warez buyers to court The Supremes prep for P2P battle royal
Jan Libbenga, 20 Dec 2004

Music biz threatens International Red Cross

Australian anti-piracy operatives are seeking a freeze on funds donated to the International Red Cross by a Vanuatu-based trust fund run by Sharman Networks - maker of Kazaa P2P software. The recording industry is asking the Red Cross to voluntarily freeze the cash pending the outcome of an Australian court case brought against Sharman by several record companies. The suit alleges that Sharman "has directly and indirectly infringed on the recording companies' copyrights, violated Australian fair trade laws and conspired to harm the music industry", according to a Wired report. Michael Speck of Australia’s Music Industry Piracy Investigations said: "We're preparing our approach to the International Red Cross. I believe this whole thing will come as a complete surprise to them, and we’re only approaching them to stop them disposing of any funds." Speck expressed his hope that the Red Cross would co-operate, adding: "It would be incredibly disappointing if we had to sue them." Sharman has responded by declaring that the music biz's approach is "quite simply staggering", as the company's lawyer Mary Still put it. The ongoing Sharman v Recording Industry case has been adjourned until next March, when both sides can make final oral submissions. The outcome depends on the judge's opinion of the music industry's assertion that the "primary activity of Kazaa users is to infringe copyright" - something that Sharman allegedly does nothing to prevent. ® Related stories The BitTorrent P2P file-sharing system Finnish police raid BitTorrent site Kazaa can't bar child pornographers, court told Musicians 'unconcerned' about file sharing
Lester Haines, 20 Dec 2004
DVD it in many colours

Grid Computing: mainstream, or not?

OpinionOpinion IBM has announced that Grid Computing is now a mainstream technology. In a press release just issued, it cited three of its customers’ applications as evidence of this. This claim of mainstream status is very bold given Grid Computing’s science and research heritage. One of the most widely reported Grid applications, for example, has been Seti@home, an initiative set up to make use of the idle time of home PCs to assist in the search for extra terrestrial intelligence. The idea was to create as much computing power as a commercial supercomputer for five per cent of the cost by stealing a bit of resource from a few hundred thousand PCs. Interesting though it is to the X-File brigade, Seti@home is hardly something that’s relevant to the job of the average overworked sysadmin trying to keep a load of demanding and ungrateful users happy running a bunch of servers on a shoestring budget. This is the core of mainstream as far as most of us are concerned. That’s why it was a bit of a letdown reading the details of IBM’s “mainstream” examples. When we look at the Sal. Oppenheim private banking institute in Germany, we see that it is using Grid to deal with compute-intensive simulations for optimising price and risk analysis. We then have the Institut Français du Pétrole (IFP) running simulations in the areas of exploration and reservoir engineering, drilling and production, and car engine combustion. And to finish off, we have the Italian National Agency for New Technologies, Energy and the Environment (ENEA), applying Grid to yet more compute intensive research problems. These examples are arguably a little closer to the rest of us than searching for little green men, but not that that much. This underlines IBM’s apparent belief that Grid is still something that relates only to research environments – albeit more “mainstream” ones. In theory, though, there is no reason why Grid Computing cannot be brought to bear in the average computer room and data centre running the usual mix of boring old business applications. Treating physical IT assets such as servers and storage systems as a single resource pool that can be dipped into whenever an application needs something can potentially have significant benefits. No longer do application servers need to be sized for peak activity and sit there just ticking over for the rest of the time. No longer do applications hit a wall or grind to snail’s pace because of an unexpected demand that we couldn’t react to in time because of budget or resource constraints. And it’s in the area of benefits that the IBM examples become more interesting as they illustrate some of these principles. IFP, for example, has reportedly achieved 70 per cent server utilisation against a generally accepted industry average of less than 40 per cent for servers in a typical business environment. ENEA has improved service levels to their users and saved considerably on maintenance costs. But it all still sounds pretty far removed from where most IT departments are today so how do we bring it back to the real world? The key to doing something practical with Grid is not to focus purely on the nirvana of automatic allocation and deallocation of computing resources to different applications on demand – which is essentially what Grid is about. As discussed in a recent Quocirca study of Grid related activity in the real European mainstream, much of the benefit can be unlocked my moving forward in smaller more manageable steps using storage and server virtualisation technologies. In fact, the results of this study suggest that many organisations are already moving in the direction of Grid without necessarily realising it. And IBM too, without necessarily admitting it, is already is a big player in the Grid environment – but seems loathe to bring this into its more mainstream OnDemand message, perhaps for competitive positioning reasons. That it has proven capabilities goes without saying. That it runs the risk of losing market to the likes of Oracle and HP with their more mainstream messaging is worrying. IBM’s claim of Grid's arrival into the mainstream is clearly exaggerated when we look at the bigger picture of the entire marketplace. But it is true that the move to Grid and Utility architectures is probably inevitable for many organisations and, in many cases in the longer term, may even be the only way for all the sysadmins out there to hold things together. This is even more reason why IBM should be thinking a little more about the genuine mainstream when it considers the messages it is sending to the market in this area. © Quocirca Related stories Grid computing gets EC backing Brits to demo world's largest computing grid Earth to disappear from alien radar Oracle, HP, Intel and Sun start YAGCSB* Sun subscriptions become model for growth Grid and Web Services to converge Oracle 10g grids at tenth of the price Oracle ships 10g application server for grids Grid Computing for real Is grid computing finally a reality?
Quocirca, 20 Dec 2004

Trading Standards, ASA confirm BT 'Advent Calendar' probe

Trading Standards officers and the Advertising Standards Authority are investigating BT concerning its "Advent Calendar" promotion on its "BT Shop" website. Customers complained that BT increased the price of items on sale immediately before introducing a discount of up to 30 per cent. BT has denied that it fiddled the prices on its Advent Calendar promo, which promises that punters can "save up to 30 per cent on your Christmas gifts [such as digital cameras, pocket PCs and phones] with our fantastic daily offer". In a statement last week BT said: "BT retail prices are influenced by supply costs and market conditions, products and prices may change on a daily basis. The future 30 per cent discount promotions in the Advent calendar have not yet been published on the site, each one is published on the day and are not available until they are published. "BT reserves the right to change products, prices, promotion dates and discount voucher codes prior to publication. Each offer is valid only for one day and the discount applies to the price of that product on that day. The use of voucher codes provides customers with genuine savings and is not dependant upon a pre-established sales price." Despite this, at least two Trading Standards offices are investigating complaints from customers about the offer. Officials declined to release any further details while the matter was under review. The Advertising Standards Authority (ASA) is also investigating BT's festive offer following a complaint, a spokeswoman for the ad watchdog confirmed today. ® Related stories BT denies fiddling prices on Advent Calendar sales promo Online stores 'pricing out' high street retailers Flashing Xmas lights down DSL connection
Tim Richardson, 20 Dec 2004

Apple sues unnamed whistleblower

Apple has filed a lawsuit in Santa Clara California Superior Court against an unidentified individual who has "recently misappropriated and disseminated confidential information". The move comes in advance of the forthcoming MacWorld conference in San Francisco, at which Apple aficionados speculate the company will unveil a new flavour of iPod. Apple admits that it does not know the defendants "true names or capacities, whether individual, associate, corporate or otherwise", but is clearly hoping that this bit of sabre-rattling will deter people from lifting the lid on new kit in advance of official launches. The move follows the 2002 application of the big stick against Jose Lopez, a contractor who allegedly swiped schematic drawings, images and engineering details of the PowerMac G4 and posted them on the web. Related stories Apple sues PowerMac Web leaker Next-gen iPod details emerge Apple anti-leak action shifts to Yahoo!
Lester Haines, 20 Dec 2004

Web inaccessibility 'creates net underclass'

Companies and public bodies are still failing to take accessibility into account when designing their websites, despite the risk of legal action under the UK's disability discrimination laws. A SiteMorse test last week of central government websites uncovered errors on the vast majority of sites, and even the Disability and the Disability Rights Commission (DRC) websites failed A and AA compliance. This lack of action on accessibility is creating an internet underclass, according to web testing firm Scivisium. The company has identified several different kinds of accessibility problems, where the site will only work with a particular browser, or requires the user to change their browser settings to gain access. Deri Jones, SciVisum's CEO, likens it to operating a door policy, and points out that the problem is compounded by the increase people using alternatives to Internet Explorer. Sites guilty of running such a policy range from SMEs to FTSE 100 firms and government organisations, he says. Some sites limit access to a couple of browser types, and simply block all other requests for access. At www.totaljobs.com, visitors using Firefox or Netscape can't access the recruiters section, as shown below. Users are recommended to use IE. Other sites require that you make changes to your settings. For example, if you have turned off Javascript, a visit to the web page of London law firm, Trowers, here just gets you a blank white page. www.government-accounting.gov.uk has the same problem. "[The problem] has arisen because web designers are building increasing complex sites optimised to work a specific browser, typically Internet Explorer. Inevitably the viewing experience is reduced with other browser types and so sites are increasingly being locked down to work with limited browser types," says Jones. He argues that rather than presenting users with various options (plain text, flash etc) when they arrive at a web page, that sites ought to be designed to work for everyone. "Flash content, if it is really vital, can be offered within the site at the right places. There is no need to have the entire site flash. Likewise, if you offer a text equivalent, is that because you know some parts of the site don't work with images switched off? Better then to ensure the one site works with and without images." In April this year, the Disability Rights Commission (DRC) surveyed 1,000 sites, testing their accessibility levels with automated testing software and then with a disabled user group. Of the 1,000 sites, only six qualified as AA compliant under automated testing. Further, the disabled user group found usability problems even on sites that did comply with accessibility guidelines. ® Related stories WiderWeb promises accessible net Text is best for website accessibility Odeon rolls credits on copycat website
Lucy Sherriff, 20 Dec 2004

Harry Enfield fronts Madasafish broadband ad

Comedian Harry Enfield has been named as the "pukka celebrity" fronting a new series of TV ads for ISP Madasafish. Described as "funny as f**k", the ads are due to appear this Christmas and use some of the colourful characters made famous by the TV funnyman. Written and directed by Enfield, one of the ads sees him having a pop at brain box Albert Einstein. The TV ads plug Madasafish's £17.99 a month ADSL. The offer includes a free modem, free connection and no download restrictions. ® Related stories 'Pukka celeb' to front Madasafish ad BT connects 4m to broadband Tinsel knocks out Brighton wireless network Flashing Xmas lights down DSL connection
Tim Richardson, 20 Dec 2004

Destroy your old emails for Xmas, UK gov tells civil servants

Just weeks before the UK's Freedom of Information Act comes into force, the Cabinet Office has told staff to delete emails that are more than three months old, as of today (20th December). Could this possibly be the same Government that is pushing for a 12 month electronic data retention dragnet throughout Europe? Yes, it could. It could also be the same Government which just last week lost a minister with the help of a civil service email that was sent over 18 months ago. The fax that the email drew attention to had been destroyed (contrary to the rules), so if we hadn't known about the email because it had been deleted David Blunkett might still be with us. But that wouldn't have happened, because the Cabinet Office assures us that most emails would be copied to a number of officials, and ministers' private offices would ensure that important records are kept. If it's important someone wise, upstanding and diligent will have stored it, oh yes. The 'nothing to do with the FOIA' claim is similarly convincing. The measure is ostensibly being brought in because government computer systems are becoming overloaded - not, as was generally thought, because they're wrecked systems presided over by imbeciles, but because people's inboxes are too full. The wrecked nature of the systems is however highlighted by the humorous procedure proposed for retaining emails that might have to be disclosed later. Civil servants (using their own discretion) are instructed to print and file them. In, one presumes, filing cabinets. In October the Cabinet Office told MPs it was unable to say how many information and communications technology specialists it employed, and that it was unable to say how much it had paid the 267 companies and consultancies it had retained since 2001. One begins to grasp why it might not know these things, but has it looked in the filing cabinets? In addition to starring (or not) in the return of paper-based government administration, deleted emails may also be stored on back-up systems. But in the absence of any policy or rules governing their operation, or even their existence, retrieving important information which may or may not exist from them is likely to prove impossible. One cannot help noticing the striking similarity between the Government's approach and that of a certain large company. For Government, this simply isn't good enough. At the moment an opt-in system of retention is being imposed as a baseline, and without adequate supervision and oversight that system needs to be underpinned by a more extensive and workable automated archiving system which absolutely removes the possibility of cover-ups. The fact that the Government isn't doing that illustrates how little it grasps about the proper functioning of the systems it claims it's embracing. And if it has its way on retention, it could be sending people to prison for running IT systems this way. ® Related Stories: UK.gov to impose data retention dragnet on ISPs Brussels tables data retention law EC calls for rethink of data retention proposals
John Lettice, 20 Dec 2004

NASA hacker jailed for six months

A US man has been jailed for six months for a 2001 attack on the web systems of space agency NASA which cost $200,000 to fix. Gregory Aaron Herns, 21, from Portland, Oregon, hacked into the network at NASA's Goddard Space Flight Center to store movies he had downloaded. The intrusion caused systems to crash and took technicians hours to fix, according to reports. In court last Friday, Herns admitted his guilt and apologised for the inconvenience he caused. "These actions took place years ago and are behind me. I've moved on since," he told US District Judge Anna Brown, AP reports. Herns, a computer science student at Mt. Hood Community College, was ordered to pay compensation. Judge Brown also imposed an order restricting his use of computers for three years. Breaking into high-speed networks to make it easier to share illicit content online is a fairly common trick among members of the computer underground. A UK teenager who admitted breaking into the network of Fermilab, a US high-energy physics research lab, narrowly escaped imprisonment. Joseph McElroy, 18, from Woodford Green in East London, was sentenced to 200 hours community service at a hearing at Southwark Crown Court in February 2004. McElroy escaped a fine, on the grounds that he had no means to pay. ® Related stories Teen charged with hacking into NASA research centre NASA hacker rolex jailed for four months Brit charged with hacking Pentagon, NASA Bedroom NASA hacker set to bite pillow in choky NASA downed in hack attack
John Leyden, 20 Dec 2004

Sonic buys Roxio software biz

Sonic Solutions today completed its acquisition of the consumer software division of Roxio, including the company's "industry-renowned CD and DVD burning, authoring, photo and video editing applications, notably Easy Media Creator, PhotoSuite, VideoWave, Easy DVD Copy and Toast". The deal, announced in August, sees Sonic pay $80m - $70m cash and $10m stock. In return it gains all the intellectual property rights for the software division, but does not include Napster. Roxio Inc. will now become Napster Inc. and continue to operate Napster as an independent outfit. Sonic hopes that Roxio will become its "premier consumer software brand". The company has inherited over two hundred Roxio employees as part of the deal, and says that we should watch the new "Roxio Division of Sonic Solutions" for "exciting announcements as we combine two world class technology organizations and redefine the digital media landscape". The move leaves Napster's eggs firmly in the online music basket - a strategy open to question as we have previously noted. ® Related stories Roxio sells software core, adopts Napster shell Napster tunes into mobile ringtones Napster unveils portable music service
Lester Haines, 20 Dec 2004

Government keeps the secrets on ID scheme legal advice

The Government is refusing to publish detailed legal advice on human rights and privacy aspects of the ID card scheme, according to a report in today's Guardian. The paper says that attorney general Lord Goldsmith has provided this to the Cabinet, but that it is not to be made public, nor will Parliament's Joint Committee on Human Rights be allowed direct access to the documents. Immigration Minister and noted Home Office charmer Des Browne confirmed the story while claiming it was largely made up on BBC Radio 4's World at One today. Browne said that the Government had certified that the ID legislation was compatible with human rights law, that Goldsmith's advice was for internal use, and that there had never been any intention to publish it. This line, however, merely confirms the Government's shameless approach to human rights in its legislation. One of the early moves of the Blair Government was to incorporate the European Convention on Human Rights into UK legislation in the Human Rights Act. This one might suppose would mean that the UK Government would be far more careful about human rights in its legislation, but instead of this it tends to be used as a kind of cloaking device. Instead of being accompanied by detailed assessments of human rights impact, UK legislation now tends to have just a one liner saying 'the provisions of this legislation are compatible with the European convention of human rights.' So, as Browne put it today, the Cabinet has advice on the impact prepared for it, and nobody else needs to see the advice because the legislation has been deemed to be compatible by the Cabinet. Trust us. According to the Guardian, Goldsmith's advice considers whether people's rights would be infringed if they were denied access to public services, and covers access to personal details, medical records and financial data by the police, security services and other authorities. It's also broader than an assessment of privacy and human rights impact in that it would cover the strengths and weaknesses of the ID Bill. An access request for the document by Chris Pounder, editor of Data Protection and Privacy Practice, was refused on the basis that its release "would harm the frankness and candour of internal discussion." Pounder has lodged an appeal. ® Related Stories: Clarke takes charge of Blunkett's Fear Agenda Need a job? Get a card - arresting ID pitch to business ID scheme, IT the key to Blunkett's new terror laws
John Lettice, 20 Dec 2004

Dissolute youth plan mass pillow fight

The dissolute ne'er-do-wells behind the recent London mobile clubbing event which terrorised one of the capital's mainline railway stations have organised a mass pillow fight to take place this evening outside The National Gallery. The so-called "London Pillow Fight Club II" will kick off at 18.09pm on the pedestrian area in front of that august institution, and we can only hope that the authorities have assembled a considerable force of riot police backed up by water cannon, dogs and nets to quell this display of civil disorder. The "rules" are as follows: Tell everyone about Pillow Fight Club Turn up at Pillow Fight Club venue with a nice soft pillow hidden in bag At exact given time pull pillow from bag and fight Do not fight anyone without pillow in hand (unless they want it) Have fun Normally, we would advise bored and disaffected youth to get out more. In this case, however, we are going to suggest that they get out less. ® Related stories iPod-crazed youths invade London station Central London webcams go dark for anti-war demo Anti-Dubya protest organised via Net
Lester Haines, 20 Dec 2004

Punters warned over 'matrix' web scam

UK consumers are being warned to be on their guard against a new scam offering "free" electronic gadgets in return for buying low-value products over the web. Described as "matrix schemes", shoppers are promised the chance of getting a valuable "free gift" - such as a mobile phone, ipod, or PDA - if they cough up, say, £20 for a mobile phone signal booster or a CD-ROM containing ringtones and games. However, the Office of Fair Trading (OFT) warns that these are just scams with consumers given little or no chance of getting their hands on these items. In particular, it seems that teenagers are being sucked into these too-good-to-be true offers. Said OFT chairman John Vickers: "These waiting-list schemes require many more people to join than will ever receive their 'free gift'. The schemes will ultimately collapse and the vast majority of people who have joined will lose out. Don't be misled into buying by the remote prospect of a 'free gift'." The scams work like this: customers buy a low value item and are placed on a waiting list to receive their chosen "free gift". The matrix works by sending the person at the top of the list their "free gift" but only after a prescribed number of new recruits has shelled out for their £20 item. Once the freebie has been sent, the remaining people on the list move up one place and only move up again once enough people have been suckered into buying the £20 dud prize. Someone who is hundredth in a list that requires 50 new recruits per gift would not reach the top and receive their prize until 5,000 people had joined and shelled out £20 each. Said the OFT: "The nature of the schemes means that the number of members who are waiting for their 'free gift' will always far exceed the number of 'free gifts' actually awarded. The further down the waiting list you join, the less your chances of ever receiving your 'free gift'." In August, UK company Liquorice Mix Ltd was "wound up in the public interest" for running a matrix scheme, after a DTI investigation. ® Related stories OFT checks out online grocers over price gouging claims UK govt takes iTunes gripe to Europe Dodgy UK websites terminated OFT fingers Bristol man over misleading data protection ad
Tim Richardson, 20 Dec 2004

EU fish ministers to vote on software patents

The directive on software patents is slated to be rubberstamped at a meeting of the Agricultural and Fisheries Commission tomorrow. The vote will mean the directive has been formally accepted by the European Council of Ministers and will go back to the European Parliament for a second reading. This decision has caused widespread consternation among those opposed to the directive. The Foundation for a Free Information Infrastructure (FFII) says that the last minute tabling of the directive on this agenda is contrary to the Council's own rules of procedure. It has called on the ministers of the Agriculture and Fisheries commission to object to the late tabling. This could, it says, be enough to get it removed. Attentive readers are probably wondering how it has come to pass that the fate one of the more technical items on Europe's agenda will be decided by a group of people more used to thinking about declining North Sea cod populations. The Competition Commission - the group of ministers that would ordinarily be looking at the software patents directive - is not scheduled to meet again this year. Meanwhile, the six months of the Dutch presidency are coming to a close. The more they can get done in their term, the better they look. So the directive has been shunted onto the nearest available agenda with space. But the real question is: does it matter who rubberstamps it? The current form of the directive was approved in May this year, and only needs to be formally accepted. Once it had that majority vote, it was all but certain it would pass to a second reading: although it is possible for a member state to official change its stance on a bill, it is rarely seen, and would be difficult, politically, for a country to do. The European Council of Ministers is determined to see this legislation pass, and pass in its current form. Last week, ambassadorial representatives from each of the 25 member states agreed that the directive would sit on the ministerial agenda as an A item, one which may be voted through without discussion. Any changes to the directive will have to be made by the European Parliament. Last time the MEPs looked at the bill there they made substantial changes to the draft, putting far more restrictions on what would or would not qualify as eligible for patenting. It is possible that they will be able to exert themselves again, and insist that at least some of the changes be reinstated. ® Related stories No more debate on EU patents directive draft Software patents: the UK Patent Office pleads its case UK.gov in scrap over school e-register patent
Lucy Sherriff, 20 Dec 2004

Hotmail ditches McAfee for Trend

MSN Hotmail has dropped anti-virus scanning technology from McAfee in favour of rival Trend Micro. Hotmail's 187m email accounts are promised "automatic protection anytime they send and receive email attachments" via Trend Micro's scanning and detection services. The switchover was made on Friday (17 December). The McAfee virus scanner (Security Services for MSN) formerly used by Hotmail promised much the same thing. But anti-virus signature files for the McAfee service were only updated once a week (on Thursday nights). Trend said it will be updating the signature files at least three times a week. "We are considering doing a daily update. In the meantime we'll be updating signature files three times a week or when a major outbreak occurs," said Raimund Genes, European president of Trend Micro. Neither firm says how much the deal is worth. Trend hopes the link-up with Hotmail will help increase awareness of its consumer anti-virus and security product line, PC-cillin. ® Related stories Hotmail fails to block SirCam worm Investors mis-interpret McAfee/MS .NET deal Cisco picks Trend to fight network worms
John Leyden, 20 Dec 2004

Watchdog groans as email hoax returns to life

The premium rate telephone watchdog - ICSTIS - is warning punters not to fall for an email hoax that has been doing the rounds for more than two years. The email seems genuine enough since it is from PC Paul Toseland, Corby Business Anti-Crime Network Administrator, and warns that that users could get stung for £250 from a woman posing as someone whose car has broken down. The gist of the apparent scam contained in the email is simple. There's a knock on the door. "My car's broken down, can I use your phone?" says the smartly-dressed woman. She then uses the phone and pretends to ring her husband, but in reality rings a premium rate phone line, set up at £50 per minute. When she's finished, she even offers £1 to cover the cost of the call. The first you know you've been ripped off is when the phone bill comes in. Of course, this is all nonsense. Yes, cars do break down and people do sometimes knock on doors and ask to use a phone. But there are no £50 a minute phone services in the UK. The most anyone can be charged for premium rate services in £1.50 a minute. Two years ago when this email first did the rounds Northamptonshire police was forced to issue a statement which read: "We can confirm information circulated electronically to businesses by the Force regarding a telephone fraud, is now believed to be an urban legend." Now, the email has surfaced once again and has been picked up and reported by various media organisations, including The Scotsman (The story was on its website this morning, but appears now to have been removed.) A spokeswoman for ICSTIS told The Register that the regulator would be writing to all police forces in the UK warning them to be on their guard against such email hoaxes. She said that such reports were "not very helpful" and "made it harder [for the regulator] to debunk these myths". Earlier this month ICSTIS was forced to issue yet another caution over another email warning of high phone bills. ICSTIS had received dozens of calls from people concerned that they could be ripped off if they fall for the con. The emails claimed people could be hit with a bill for £260 if they "press 9" and listen to a recorded message offering them a free all-expenses paid holiday. Another apparent scam relates to people phoning a "missed call" number beginning 0709. Anyone calling the number will be charged £50 a minute, warns the hoax email. However, ICSTIS says this is all utter tosh. Yes, some people do get these dodgy marketing calls but they cannot be billed £50 a minute. Which is why the regulator has urged anyone who receives one of these emails to bin it and not to pass it on. ® Related stories PC Plod fills email inboxes with The Great Scam Spam 'Dial 9' email (still) a hoax, says watchdog UK watchdog blocks 11 rogue dialler operators
Tim Richardson, 20 Dec 2004

The chip and PIN insecurity card

UpdatedUpdated A supposedly more secure method of authorising credit cards transactions in the UK may play into the hands of fraudsters, a leading IT security expert warns. A banking industry organisation says such fears are misplaced. Chip and PIN began in October 2003 and is designed to make credit and debit card purchases more secure. Customers are asked to enter a four-digit PIN code instead of signing to verify card transactions. Newly-issued credit and debit cards will come with smart chips to recognise this PIN number when transactions are processed. Up to 130m new Chip and PIN cards will be sent out by the end of the year, at which point retailers who haven't introduced the new scheme become liable for fraudulent transactions. Professor Ross Anderson, from Cambridge University, warns that the system could make it easier for crooks to capture vital security codes. "Now we're all being trained to use our pins at the point of sale it's a simple matter to set up a market stall and capture card and pin data. They can make up forged cards and use them, for example, at cash machines," Anderson told the BBC. Recently, fraudsters have upped their efforts to harvest PIN details of potential victims by using fake ATM machines and other technical trickery. However, a spokesman for banking organisation APACS, said that fraudsters lack the resources to fabricate counterfeit Chip and PIN cards, which would be far more expensive to produce. He added that the earlier introduction of Chip and PIN-style schemes in France had led to a 80 per cent reduction in card fraud. Anderson's concern is that once a fraudster knows a PIN, they don't need to copy the chip. All you need is to copy of the magnetic strip and use the card in an ATM that only reads the strip. These type of ATMs are common outside of the UK. This is possible because the same PIN is used for the Chip and magnetic strip on a UK card. ® Related stories Chip and PIN intro fuels mini-boom in card crime The ATM keypad as security portcullis Retailers still not prepared for Chip and PIN Women are crap with PIN numbers - shock survey UK credit card fraud down 8%
John Leyden, 20 Dec 2004

Teenage British Trojan distributor escapes jail

A 16 year-old Briton was convicted last week for releasing the Randex trojan, which was used to relay spam through infected PCs. The teenager had his six-month sentence suspended on probation by the South Cheshire juvenile court in Crewe. He belonged to a group of juveniles from the US and Canada, which offered spammers access to a botnet of compromised PCs in change for money. Because all suspects are juvenile, none will have to serve a prison sentence, according to Heise Online, the German website. Earlier this year c't, the German computer magazine (which is owned by Heise), obtained evidence that virus writers were selling the IP addresses of PCs infected with Trojans to spammers. A German college student from Marburg tracked down the distributor of the computer virus in the UK, and c't was then able to buy access to the infected machines. c’t passed on all the information to New Scotland Yard, which began an investigation, along with Microsoft. The Randex worm was also reported used to launch Distributed Denial of Service (DDOS) attacks against a number of ecommerce sites, including Weaknees.com from Los Angeles. According to the Criminal Complaint (Pdf) the companies involved lost over $2m in revenue and costs. ® Related stories Zafi-D turns PCs into zombies The strange death of the mass mailing virus 'White collar' virus writers make cash from chaos Cisco unveils 'mini' monster router Who would you like to attack today? Bofra exploit tied to 'massive botnet' Trojan infects PCs to generate SMS spam Botnets trawl for phishing victims Virus writers seek cash from chaos P-cube goes hunting for zombie PCs Rise of the Botnets Virus writers add network sniffer to worm Gizza job, virus writers ask AV industry Telenor takes down 'massive' botnet
Jan Libbenga, 20 Dec 2004

UK's biggest spammer charged with more offences

The UK's biggest spammer, Peter Francis Clifford Macrae, has been charged with more offences, including blackmail, fraud and criminal damage. Macrae - who uses variations on his four names to provide a range of different pseudonyms - was arrested and charged at the end of November for threats to kill, threatening to burn down a trading standards office that was investigating him, and making obscene phonecalls. However, appearing at Huntingdon Magistrates court on Tuesday 14 December, he was also faced with a series of other charges including blackmail, transferring criminal property, criminal damage and running a business for fraudulent purposes have been added. He remains in police custody until his next court date in Peterborough today, Monday 20 December. Macrae has been nicknamed the UK biggest spammer and makes the SpamHaus register of the top 200 people worldwide responsible for unsolicited email. He has previously been linked to a number of online scams including the misselling of unavailable .eu domains. Last month, UK registry Nominet won an injunction against Macrae that prevents him from threatening Nominet's staff or even using the company Whois database of .uk domain owners. Nominet alleges he has been using the Whois to send fraudulent re-registration letters to domain owners. Related story UK's biggest spammer in court
Kieren McCarthy, 20 Dec 2004

Major flaw found in Google Desktop

Computer scientists have discovered a potentially serious flaw in Google's desktop search utility that could allow attackers to steal information. Scientists at Rice University in Texas found a glitch in Google Desktop that could permit an attacker to search the contents of a PC from the internet, The New York Times reports. Dan Wallach, an assistant professor of computer science at Rice, and two graduate students, Seth Fogarty and Seth Nielson, say the risk is real, although an exploit would require a thorough understanding of the flaw. Google's desktop search tool was launched as beta software in October. It allows users to scour their PC hard drives for files, folders and cached web pages in the same way that the Google internet search engine searches the web. In terms of user interface, the tool looks nearly identical to the Google.com page and will even insert relevant desktop search results and web-based searches. The software has already faced some criticism over its ability to show users cached versions of supposedly-secret files and web pages, such as online bank and credit statements. Now, the Rice University team say the tool can actually allow attackers to search for files on the PCs of Google Desktop users without their knowledge. According to the New York Times, the flaw is what computer scientists call a composition flaw, or a weakness that emerges when separate components interact. "When you put them together, out jumps a security flaw," Wallach told the newspaper. "These are subtle problems, and it takes a lot of experience to ferret out this kind of flaw." The problem resides in the way that Google Desktop intercepts outgoing network connections from the user's computer. When Google Desktop registers that a search has been carried out on Google's internet engine, it inserts relevant results for a PC search in with website listings - although no information about the contents of the PC hard drive search is carried over the web. However, the researchers say it is possible to trick the Google desktop search program into inserting those results into other web pages where an attacker could read them. To carry out such an attack, a user would first need to visit a website crafted by an attacker, where malicious code could be upload to allow for the attack to take place. Google has corrected the problem in the current version of the software, which is available for free over the web and will update itself automatically in PCs where it has already been installed. Google also claims that there have been no reported exploits of the flaw. © ENN Related stories You can't move for desktop searches out there Don't use Google desktop search in your business, warns Gartner Yahoo! gives! away! free! desktop! search! Google blocks Gmail exploit Gmail accounts 'wide open to exploit' - report Google finally fixes Desktop security vuln Google Desktop privacy branded 'unacceptable' Google launches desktop search for Windows PCs
ElectricNews.net, 20 Dec 2004