2nd > February > 2005 Archive

Google tops $1bn

Google earned $1bn revenues in a quarter for the first time, the company announced today. The web giant grossed $1.032bn, up from the $805.8m it grossed in the quarter ending September 30, and double that grossed a year ago. Net income, calculated on a GAAP basis, was $204m, which included a $60m write-down for stock compensation. Traffic acquisition costs for the quarter were $378m, or 77 per cent of network revenues. Revenues from Google's ad brokerage now account for almost half of its income. Google is keeping an increasing proportion of the money it receives from advertisers. 77 per cent was passed on to partner sites, down from 85 per cent in the preceding quarter. This quarter gives a better picture of Google's financials than its predecessor, which was Google's first as a public company. In that period, Google made a one off payment to Yahoo! - settling a legal dispute by licensing patents for the latter's Overture technology - to the tune of $201m. Over the entire calendar year last year, Google earned $3.19bn, almost exactly half of which came from its own properties and the rest from its ad brokerage. Revenues from the latter - which include Adwords and Adsense - are increasing at a faster clip: up 147 per cent over the year, compared a 101 per cent increase from its own properties. Over the year, Google declared net income of $399m. Google ended the year with over 3,000 staff. How does it stack up against it arch rivals? Yahoo! reported slightly better numbers for the calendar year: $3.575bn earned and $840m in profit; although Google had a stronger quarter. Amazon.com reports its earnings tomorrow, which in light of recent snafus, should make for interesting reading. ® Related stories Google becomes domain name seller Ad confidence spurs Yahoo! German court rules email blocking 'illegal' An open source Google - without the ads
Andrew Orlowski, 02 Feb 2005

Sun product discovered away from product launch

A couple of years back, Sun Microsystems decided to start holding quarterly product launch events. It figured this system provided the best way to show what $500m - Sun's quarterly research and development spend - could do. The format typically has Sun dish out a flood of product news designed to overwhelm customers, analysts and media hacks. While these "Networking Computing" galas usually do impress, Sun's event today showed what can go wrong with the quarterly launch formula when you don't have much to discuss. As pointed out earlier, Sun did not release any new hardware. It simply reworked the pricing of some software, did the grid computing dance and highlighted services packages. Where did the $500m go? Who knows? Sun's CEO Scott McNealy and President Jonathan Schwartz spent close to two hours gushing over these endeavors. We dare say they forgot to mention the actual news. The execs did not utter word one about a processor upgrade to the Sun Blade 1500 and 2500 workstations. The systems now ship with up to 1.6GHz UltraSPARC IIIi processors, which gives them about a 40 per cent boost over previous systems. In addition to this kit, Sun announced a $600 discount off its Opteron-based Q1100z and W2100z workstations, if customers will move from current Xeon-based systems. Word of these deals arrived via a Sun press release not from the Sun brass. Sun also revealed in a press release that it signed a long-term deal with XM Satellite Radio. XM has agreed buy some of Sun's highest-end gear, including a StorEdge 9990 box and Sun Fire 25K server. It has promised to turn to Sun for all its Unix needs for years to come. Finally, Sun officially put Solaris 10 up for free download. Sun had promised to deliver this code several weeks ago. ® Related stories Sun server crushes IBM MP3 player OSDL opens IP advice centre for Linux developers Sun researchers discover 'pricing' breakthrough OpenSolaris makes Sun top donor of open source code Net cheers IBM's rejection of Solaris x86 IBM admits to low-end Linux on Power assault HP France plans February Opteron server party
Ashlee Vance, 02 Feb 2005

Adware-infected PCs net slimeware firms $3 a pop

Adware infections net the purveyors of slimeware software around $3 a year for each infected PC, according to estimates from anti-spyware firm Webroot Software. Using this figure and stats from its own malware auditing services, Webroot guesstimates the illicit advertising market underpinned by adware infection of home and business PCs could be worth up to $1.6bn a year. According to Richard Stiennon, VP of threat research at Webroot, the illicit ad market enjoys approximately the same growth rate as the legitimate market. But that's where the similarities end. "It [adware] has a similar bus model and some of the same affiliates as the spam industry. Adware is not just used to serve up ads for penis pills though. Sometimes legitimate companies - whether they realise it or not - purchase ad views from adware firms," he said. It's hard to square Webroot's $1.6bn estimate with the observable size of adware market. The company looks to be on much firmer ground in working out how much adware agent makes its owner, because its assumptions derive from the public disclosure of firms operating in the market. Stiennon notes that adware company Avenue Media claims the 2m PCS running its software brought in $7m of revenue per year in its lawsuit against rival DirectRevenue, whose VX2 package allegedly disables Avenue Media's software. Claria (the firm formerly known as Gator) revealed that its software was loaded onto 40m PCs, bringing in $90m in revenue a year in public fillings made in 2003. From these two data points we get an estimate that each item of adware generates between $2.25 and $3.50 per year from each infected PC. That's an average of $2.95 per-infection-per-year, Stiennon says in a recent opinion piece on CIO Update. But simply averaging the two figures is a questionable statistical assumption and worse is to follow. Stat attack Webroot's spy audit suggests an average PC on the net (whatever that is) has at "least two pieces of adware on it". ClickZ Stats indicate that there are 280m active PCs on the internet. Multiplying the number of PCs by the average number of adware items on each by the revenue per app figure allows Stiennon to guesstimate that the illicit advertising market is worth $1.6bn a year. This calculation assumes a uniform distribution of spyware, among other statistical sins. Estimates on the damage caused by malware are a notoriously inexact science. The same seems to apply to looking at the adware market. Stiennon told El Reg that machines loaded with more than three pieces of adware slow down to the extent they are less effective cash generators. This may be the case but we remain unconvinced about Webroot's headline figure for the illicit ad market of $1.6bn, which it compares to the $10bn a year pulled in by Google, Yahoo! DoubleClick et al. ® Related stories Corporate PCs 'riddled with spyware' IE exploits top web security threat list Webroot: Spyware is Windows-only US moves towards anti-spyware law The average PC: spyware hotel
John Leyden, 02 Feb 2005
server room

EMC whistleblower says Symmetrix coverup caused nervous breakdown

EMC allegedly tried to withhold information about faults in its Symmetrix storage systems from customers in the hopes of avoiding millions in replacement charges, according to a lawsuit from an EMC employee. Jack Wade has lobbed serious charges against EMC in a lawsuit filed with the Franklin Country Common Pleas Court in Ohio. The worker claims that EMC forced him to withhold information about Symmetrix flaws from three customers. The situation was so disconcerting to Wade that he suffered a nervous breakdown and went on disability. Wade's lawsuit has gone largely unnoticed by the mainstream media, but two outlets - The Plain Dealer and The May Report - have done extensive research into the case. They document charges that EMC witheld some information from Bank One, the Ohio Department of Administrative Services and Convergys Corp. and sold the organizations old Symmetrix systems when the companies expected to receive new kit. An EMC spokeswoman said that Wade's claims "are without merit". The company has not shipped the type of systems mentioned in Wade's lawsuit for two years. One email dating back to May 2003 included in Wade's lawsuit has company officials describing the Symmetrix flaws as "a ticking time bomb," according to The Plain Dealer, which obtained the documents. " Another email, marked confidential and sent seven months later, reported that someone had leaked information about a Symmetrix chip defect to Bank One and that 'the cat is out of the bag,' the paper reported. In November of 2003, Wade complained to a supervisor that he refused to ship Bank One old systems and that he was concerned about having to "falsify" quarterly reports to reflect sales of the supposedly new systems. In 2004, EMC admitted to problems affecting its pricey Symmetrix 8000 systems, saying a small number of the boxes suffered from faulty SCSI chips. At the time, EMC told reporters that it had "proactively" reached out to customers to fix the issue and had put the matter behind it. But just how proactive was the company? The May Report has posted an email from a person claiming to be a former Bank One employee who dealt with the bad Symmetrix gear. It reads as follows: We had a large crop of 8830's and many of them were affected by the chip problem described in your report. As a matter of fact we had 4 of them fail in a 6 month period and they had to be replaced. However, as Bank employees we didn't know about the chip problem. While I was there, EMC came in and offered to replace all of our 8830's and older boxes with the new DMX's for "free". This was about 20 million dollars worth of equipment. Bank management agreed, but there was a stipulation. In exchange for the "free" tech refresh, the Bank had to agree to award 80% of it's storage buisness going forward to EMC. So basically, without ever disclosing to Bank One that there critical data was sitting on faulty equipment EMC turned their liability into a "win" by buying the Banks future business. After I left the Bank I ran into an ex-EMC employee and asked why EMC had been so "generous". He then described in detail the chip problem and stated that EMC decided there was too much potential for exposure because of the number of 8830's on the floor, and that they had to get them out. The problem affected every 8830 manufactured after a certain date, and EMC did indeed, knowingly keep shipping the boxes to customers. He said EMC wasn't doing this kind of replacement for smaller customers because they could explain away one or two failures as anomalies. Ron May - the owner of the site - first reported Wade's complaints in March 2004. The two men stayed in touch over the next year, with May revealing more and more about Wade's battle with EMC. That is until Wade's lawyers realized what was happening. "His lawyers are probably ready to shoot him," May told The Register. "He told me that EMC offered a settlement for $1m and that his lawyers were looking for as much as $10m. He is a really straight guy - the kind of guy that really wouldn't do wrong to anybody. That's my sense." Wade has since stopped communicating with May. While EMC may have had problems with the Symmetrix gear, its customers don't seem terribly bothered by the situation. Bank One named EMC its "IT Supplier of the Year" in 2003 - the same year in which the Symmetrix issues are said to have occurred. In addition, a representative from Ohio's Department of Administrative Services told online storage rag Byte and Switch that he was happy with EMC's gear and actions. EMC sells a lot of Symmetrix systems, making a serious flaw hard to hide. One would expect numerous reports of system failures from customers. EMC may well have offered sweet deals to the few affected customers but that type of behavior is typical of a large vendor. EMC confirmed that Wade is still an employee of the company and that it is dealing with the lawsuit. A lawyer representing Wade has yet to return a call seeking comment. ® Related stories EMC finds vacuum for backup software upgrades EMC aims 'switcher' campaign at Veritas users EMC rides coders to banner Q4 Brocade makes income and CEO disappear
Ashlee Vance, 02 Feb 2005
fingers pointing at man

TSG buys Leeds reseller

Technology Services Group (TSG) has bought another accountancy software dealer, this time in Leeds. The two directors and 15 staff of Logical Solutions, a Sage reseller, are relocating to TSG North offices, also in Leeds, They bring on board 300 small and medium-sized business customers. Financial terms are undisclosed. TSG now has 380 staff, claims an annualised turnover of £36m and 9,000 SMB customers. Set up in 2003 by Graham Wylie, Sage co-founder, The Newcastle-based dealer has built up a big branch network in Scotland and Northern England, mostly through acquisition. It has also dipped its toes further south with branch offices in Birmingham and Basingstoke. In December, the company bought three resellers. ® Related stories Mentec buys British Great Plains reseller TSG buys Scottish dealer Sage co-founder goes to Glasgow Sage founder buys Nordic Data
Drew Cullen, 02 Feb 2005
homeless man with sign

Simply Computers changes name

Simply Computers, hit by huge redundancies last week, is rebranding as "Misco Consumer". Simply customers are unaffected by the name change. with warranties honoured, as before. A spokeswoman for Misco told El Reg: "Misco is well known in the business market and the Simply name will be gradually phased out over the next few months to be replaced by Misco Consumer." She said existing warranties will be supported and the firm will improve its website. The change is designed to improve efficiency and cut costs. Misco Conusmer will continue to trade through magazines, its website and direct mail campaigns. Simply was credited with improving sales but they proved too expensive for its parent company, Systemax. Simply, or Misco Consumer, will source machines from Systemax in the US; there will be no UK manufacturing or assembly. In early January 50 jobs went at Misco when the firm closed its Greenock sales office. ® Related stories Simply Computers suffers big redundancies Misco pulls plug on Scotland Systemax completes UK restructuring
John Oates, 02 Feb 2005

Midwich signs up Elonex

Midwich has set up a home entertainment division, bringing media centre PCs and home AV products under one roof. The IT distie is to wholesale Elonex Media Centre PCs - the best in the UK market, it claims, pointing to a sheaf of rave reviews in the bookstand computer magazines. Midwich is also stocking AV products from Sony, Panasonic, Pioneer and Toshiba. ®
Team Register, 02 Feb 2005
homeless man with sign

UMC Q4 income plummets on inventory adjustments

UMC, the world's second largest chip foundry, saw its income plunge almost 88 per cent sequentially during its most recently completed quarter, the company said today. However, the foundry reported "strong" full-year results; its figures - like those of arch-rival TSMC - reflect a vigorous business in the first half of the year, followed by weakening in the second. For the three months to 31 December 2004, UMC's revenues fell 14.8 per cent sequentially to TWD28.23bn ($891m). It shipped 657,000 wafers in Q4 FY2004, down from 791,000 in Q3. Operating income was down 67.5 per cent to TWD2.84bn ($90m) from TWD8.74bn ($274.8m) in Q3. Net income fell even further, down 87.8 per cent to TWD1.33bn ($41.8m) with earnings of TWD0.07 ($0.01) per share. The company blamed the decline on "inventory adjustments by our customers" which saw the utilisation of the foundry's production capacity fall to 72 per cent during Q4, from 94 per cent in the previous quarter. One ray of hope: demand for the company's 90nm process increased during Q4 - the process now accounts for eight per cent of UMC's revenues, from two per cent in Q3. UMC expects this percentage to rise to ten per cent in the current quarter, despite "a more challenging market environment". The company also forecasts a post-inventory correction recovery in the second half of the year. However, it expects to spend less money on new plant this year than in 2004. Last year, it spent $1.53bn, more than planned, but capex will fall to $1-1.5bn in 2005. For 2004 as a whole, UMC's revenues reached TWD117.31bn ($3.69bn), up 38.2 per cent on 2003. Net income jumped 127.1 per cent to TWD31.84bn ($1bn), with earnings of TWD1.89 ($0.3) per share. ® Related stories World chip sales down in December SMIC coughs $175m to settle espionage allegations World chip inventory fell 38% in Q4 TSMC Q4 decline mirrors chip market iSuppli cuts 2005 chip sales growth target World chip sales to fall next year - analyst Chips are down for Taiwan foundry giants Q3 chip production up despite downturn
Tony Smith, 02 Feb 2005

MS licenses analog anti-rip technology

CD copy-protection specialist Macrovision is to work with Microsoft to ensure their respective DRM and anti-rip technologies are interoperable, the two companies said this week. Sounds straightforward enough, but the deal runs deeper. Microsoft agreed to license a number of Macrovision's patents, in particular those relating to analogue copy protection technology and more recent extensions to that system that cover video-on-demand, pay-per-view content and support for the US 'broadcast flag', which determines whether consumers will be able to record digital TV broadcasts. Essentially, the deal positions MS' strategy of locking down as much content as it can in the hope that such an approach will find greater favour among consumer electronics kit makers and content providers than the more flexible approaches taken by, say, Apple. As DRM increasingly restricts what users can do with digital data, the analog domain remains one way around the problem. In the case of audio, for instance, digital data ultimate has to be converted into an audio sound wave which can be recorded and re-encoded without the limitations of the DRM'd original. MS is aware of this and is clearly hoping to use Macrovision technology to help block that avenue too. "An Internet-delivered movie, downloaded to a PC, can now be protected on analog video playback out of a PC," the two companies claimed. The deal also signals MS' interest in building pay-per-view, VoD and support for other approaches to content delivery into Windows, the better to turn Media Center PCs into the jack-of-all-trades home entertainment systems MS wants them to be. MS has no problem developing the code, but sooner or later it'll run into a company that was, in the past, more focused on such applications than MS was at the time. Microsoft could, of course, just buy Macrovision, but it's treading a fine line between supporting content providers' aims and controlling the technology that underpins them. MS has already ruffled the feathers of European Union antitrust officials through its stake in DRM software maker ContentGuard - and that's just a joint ownership, with Time Warner. MS and TW neatly sidestepped further governmental entanglements by selling a portion of the DRM company to French CE vendor Thomson. Consumers? What consumers? That the whole thing is pitched at the content industry is clear: "For the entertainment industry to deliver premium on-demand entertainment in the home, rights must be protected to prevent revenue loss," M'n'M say. "Microsoft and Macrovision are working to provide a flexible rights solution that allows the entertainment industry to take full advantage of new usage models for today's digital home." No mention there of the consumer, you'll note. Ditto the interoperability deal, which will sew Windows Media DRM systems adapted to "recognise" Macrovision's copy-protection signals embedded in analog content. So no more digitising your old VHS tapes via your Media Center PC, you hear? ® Related stories Dozen claim MS codec patents CE giants open DRM to the community CE vendors unite to develop DRM ContentGuard talks DRM futures Macrovision gives forth on DRM Europe pauses Microsoft DRM probe Thomson takes 33% stake in MS-backed DRM developer EC objects to MS - Time Warner ContentGuard takeover Ballmeromics: the hardware way to end software piracy
Tony Smith, 02 Feb 2005

Bumper Q4 takes Borland into profit

Borland brought in revenues of $82.5m in the quarter ending 31 December, up 11 per cent on the $74m in the same period in 2003. A Q4 profit of $8m looked distinctly healthier than a loss of $5.7m a year earlier. Full year revenue hit $309.5m, up five per cent on 2003, taking the company into profit again. A net loss of $40.5m in 2003 gave way to profits of $11.4m for 2004, or 14c per share. Dale Fuller, Borland's president and CEO, attributed the healthier bottom line to a better rate of converting design wins to large scale deployments in Q4. He said: "In 2004, we nearly tripled the number of million dollar transactions as compared to 2003. Also during the year, we were successful at broadening our relationship with global name brand companies like British Telecommunications, Nokia, Ericsson, and many others." Borland expects Q1 2005 revenues of between $77m and $81m, translating to 3c-5c per share. ® Related stories Google tops $1bn AMD market share hits two-year peak Virgin Mobile hits five million UK users Intel, Nvidia were Q4's graphics chip winners
Lucy Sherriff, 02 Feb 2005

SBC to axe 13,000 jobs in AT&T merger

US telecoms giant SBC is to axe 13,000 workers in its $16bn (£8.5bn) acquisition of former parent AT&T. Details of the job cuts were contained in slides accompanying a briefing explaining the deal.< Some 5,100 jobs are to be lost in sales and business and 5,100 are to go at the engineering divisions. Around 2,600 admin jobs - including HR, PR, legal and advertising - are also to be wiped out. SBC employs 163,000 workers, while AT&T has 47,000. On completion of the job cuts, the enlarged group expects to employ around 197,000 staff. The redundancies will contribute "more than $15bn (£8bn) in synergies with more than 85 per cent coming from cost reductions", the company said. Execs also reckon they can save more than $500m ($265m) a year by delivering IT synergies, which are "achievable and significant". The mega-merger between SBC and AT&T was announced on Monday after being agreed at the weekend. SBC is a local specialist in the US. It has 52m access lines and 5.1m DSL customers with its broadband network covering 77 per cent of its local customer locations. It owns 60 per cent of US mobile firm Cingular which has 49m subscribers. AT&T works at the other end of the market - it serves almost every member of the Fortune 1000. Its global network covers 50 countries and it has 26 internet data centres, 13 in the US and 13 across the world. It also claims the "world's premier communications research organization, AT&T Labs". Edward Whitacre, SBC chairman and chief exec, who will lead the new company, said: "The communications industry is undergoing a profound transformation as it transitions to unified, IP-based networks capable of delivering a host of integrated services. "To manage this evolution, customers need a partner with the resources to provide new service platforms and product sets, while maintaining world-class reliability and security. This merger creates that company." He promised the new company would regain America's lead in communications. ® Related stories SBC rings AT&T for $16bn mega-merger HP and SBC pledge to service you together AT&T to deploy WiMAX in 2006
Tim Richardson, 02 Feb 2005

Mobile telcos pressure fixed-line rivals

The number of global mobile phone subscribers will reach nearly two billion by the end of 2005, although most voice calls will still be made by landline, according to a new telecom trends forecast issued by Deloitte's Technology, Media and Telecommunications (TMT) Group. Deloitte predicts that mobile subscriber growth will continue to rise this year with demand being fuelled by developing countries in Asia and Latin America. The research also suggests that mobile penetration will surpass 100 percent in some developed markets as customers take out second subscriptions for data or for personal use. Voice will continue to be the primary source of revenues and profits for mobile operators throughout the year, accounting for more than 80 per cent of total revenue on average. Deloitte forecasts that voice volumes will continue to grow during 2005 due to ease of use and falling prices. With the move towards second subscriptions, mobile operators will begin to re-structure current bill plans to include new services such as automatic line switching, multiple voicemail accounts and separate billing. Deloitte also predicts that the most compelling and lucrative mobile content will continue to revolve around phone personalisation, such as ringtones, wallpapers and games. Although, mobile subscriber numbers are set to skyrocket, the vast majority of voice calls made in 2005 will still originate and terminate on the PSTN (Public Switched Telephony Network) due to superior call quality and overall reliability. However, telecom operators will be forced into reducing prices in response to competition from mobile operators and VoIP providers. For its part, Deloitte recommends that fixed-line operators focus on full-featured phones that have key convenience features such as conference calling and text messaging in order to stimulate call volume over fixed-lines Although VoIP adoption is expected to rise during the year, Deloitte expects it to remain a niche product with growth limited by shortfalls in quality, consistency and reliability. The company believes that these problems will lead firms to opt for a hybrid approach, using VoIP for internal communications and the PSTN for external traffic. In terms of internet technologies, Deloitte predicts that broadband penetration will continue to grow in 2005, with high-speed connections finally outnumbering dial-up in many countries. Broadband use will continue to revolve around PC applications however; newer appliances such as videophones, networked gaming consoles and home security devices launched during the year. Deloitte's study also forecasts that 2005 will be the year when RFID (Radio Frequency Identification) finally makes it out of the lab and into the commercial world. The company says that major retail chains, defence contractors, automotive manufacturers and others are now demanding that suppliers use the miniscule microchips and this is expected to fuel a massive increase in RFID adoption with the production of RDID tags expected to mark the start of another major wireless revenue stream. © ENN Related stories Smart phone shipments break records Mobile phones shipments up 38% in Q4 Philips predicts mobile TV dominance
ElectricNews.net, 02 Feb 2005

Dell ships (almost) unleaded desktop

Dell this week announced what it believes are greener desktop PCs based on an "environmentally friendly" design that reduces energy consumption and cuts the amount of lead used in their construction. Not that the PC giant would have so developed the OptiPlex GX280 had the European Union not forced its hand. The EU's Reduction of Hazardous Substances (RoHS) directive, due to come into force in July 2006, imposes restrictions on what materials kit makers can incorporate into products that are likely to end up in landfill after their productive life is over. The RoHS calls of the elimination or the minimisation of the use of lead in electronics equipment. How far toward that goal Dell has actually gone remains unclear, but it's to be commended for at least making a nod in the right direction ahead of time. The new machines use Intel's BTX motherboard and casing specification, geared to cut system energy consumption by leveraging passive cooling to reduce the need for fans within the PC. Not that corporates are generally concerned with such issues, which probably explains Dell's desire to equate lower operating temperatures not with energy conservation but more reliable operation. Other nods to IT department needs include putting system status and power, and hard drive and network activity lights back on the front of the case "for easy reference", like all PCs once had. The GX280 series also incorporate brownout/blackout circuitry and surge protection, and a tool-less case opening system of the kind that Apple pro desktops have had since the late 1980s. The GX280 series is available in desktop and mini-tower cases, with Pentium 4 and Celeron processors, from 256MB of 400MHz or 533MHZ DDR 2 SDRAM, 20-250GB of 7200rpm Serial-ATA storage, and a choice of integrated (Intel) or PCI Express add-in graphics cards (ATI). Prices start at $737 in the US. UK prices start at £389 exluding VAT. ® Related stories Dell joins domain name hall of shame (again) How Dell made North Carolina beg for business World PC sales still growing Review: Dell Axim X50v wireless PocketPC eBay bids for PC recycling glory Revolting customers slam dunk Dell
Tony Smith, 02 Feb 2005

Windows authentication: reasonable and gentle

AnalysisAnalysis Microsoft recently announced its latest ploy to extort more money from the public and further strengthen their software monopoly: they want to make you pay for a legal copy of Windows before you get any OS add-on features or updates. To make matters worse, they are even extending this restriction to security updates, potentially placing millions of software pirates and their families at risk. At least that's the way that some people see it. From 7 February, Microsoft will add support for twenty new language versions of XP for their opt-in Windows Genuine Advantage program. Users of Norwegian, Czech and Simplified Chinese language versions of Windows will be required to verify the authenticity of their copy of Windows. By the second half of 2005, all users will be required to participate in the Windows Genuine Advantage program to download anything from the Microsoft Download Center or Windows Update. But to avoid risks of leaving systems unpatched and vulnerable, Microsoft will still allow anyone to keep their copy of Windows updated through the Automatic Updates feature. Nevertheless, since they first announced their Genuine Microsoft Advantage program, I have heard many lame arguments criticizing Microsoft's move to make this program mandatory. Is it really such a bad idea? Don't they have a right to ask people to pay? If you bought a scalped concert ticket that turned out to be a forgery, would you expect the concert promoters to let you in anyway? Here are some of the arguments I have heard: Pirates will just pirate the patches Of course, people will likely be able to get the patches from the very sources where they pirated Windows. In the pirate community, where limited supply drives much of the initial motivation, Microsoft's announcement is good news. One anonymous source deeply involved in the 0-day warez scene told me: "This will just make hotfixes a viable release for us and we can probably distribute them faster than Microsoft anyway." The source explained: "We can have the release on exclusive topsites within a minute and to hundreds of dump sites within five." Within a couple hours, the hotfix would make it to many public websites, IRC channels, Usenet groups, and P2P networks. In my opinion, this might be okay. This new policy won't stop piracy, but it will make it easier for me and my clients to avoid delayed updates due to congestion at Windows Update. Microsoft is providing greater value for those who have genuine copies of Windows and potentially increasing the risk of those who don't. If you got your copy of Windows through the warez scene, you can get your support there also. People will circumvent the system It is already possible to circumvent the system if you know what you are doing. Corporate Volume License Keys (VLKs) are frequently leaked on the Internet and there are now key generators that will provide you with a valid license that doesn't require activation. Microsoft could spend millions of dollars in research and enforcement programs that make it nearly impossible to pirate Windows, but I'm glad they don't. They have taken reasonable steps to limit piracy but they haven't done this at a huge expense nor have they caused much inconvenience to most customers. They have taken steps to protect their software but they also know when to stop. People just won't patch and we'll all pay the price Perhaps the greatest fear is that by limiting access to patches, there will be a greater number of systems simply left unpatched, causing a security risk for everyone else in the world. For those people who refuse to buy the software and are too dumb to steal the patches or circumvent the system, this is definitely a problem. On the other hand, if these people are that dumb, would we really expect them to be secure even if the patches are freely available? To minimize this problem, Microsoft has still made all security updates available through Automatic Updates. According to a Microsoft spokesman: "Microsoft has no plans to stop providing security updates to all users via Automatic Updates." By providing these patches via Automatic Updates, not only is Microsoft still providing them to the people who steal their software, but they're even making an effort to keep the pirates patched in a timely manner. Windows already costs too much and isn't fairly priced for many countries While it is a matter of opinion that Windows costs too much, it is accurate to say that it is too expensive for many people in many countries. If Windows cost you two months salary, purchasing the pirated copy on the street for a fraction of the price is a no-brainer. This is a sad reality facing many companies in our new global economy and I'm not sure there is a good solution to this. Sure they could adjust the prices for each country based on their economy, but is it fair to make us pay more for the very same product? We have seen that problem with prescription drugs, resulting in many Americans looking to Mexico or Canada for cheaper sources. I'm sure Microsoft would love to find a good solution to this problem, and they have made such attempts as producing a stripped-down version of XP, but ultimately it's always going to be unfair to someone. But even if Microsoft did reduce the price of Windows, would that really affect piracy? Some people would pirate software no how cheap it was or no matter how much they could afford it. Look at Winona Ryder; she certainly could have afforded the items she was caught shoplifting. Only innocent consumers will be hurt by this While other industries are suing their own customers and raiding college campuses, Microsoft has been quite sensitive to their customers in this issue. I sat at an MVP conference last year at Microsoft when Steve Ballmer discussed the authentication decision, and he was obviously conflicted. This is something they have put much thought into, and they likely see it not as a great solution but as the lesser of two evils. To soften the blow and keep consumers happy, Microsoft is offering incentives valued at more than $450 for those who anonymously participate in the Windows Genuine Advantage program. Furthermore, in some countries they will offer users a genuine copy of Windows at a discounted price. Even after all this, if the user still chooses not to purchase Windows, Microsoft will not sue them or delete their copy of Windows. The pirate can even continue to use Automatic Update. The main purpose of this program is to stop those companies who make money off innocent consumers by selling them computer systems with pirated copies of Windows. According to a Microsoft spokesman: "Twenty-three per cent of PCs in the US use a copy of Windows that is not genuine. Often the users are unaware that they have been sold counterfeit software." This is Microsoft's effort at user education. This helps consumers and it helps those honest computer resellers who purchase a Windows license for every system they sell. This will just make more people move to Linux or Macintosh Okay, if you are that passionate about another OS, do you really need this as an excuse to switch? Price certainly shouldn't be the only consideration when selecting an operating system. So while so many are screaming about the evils of Microsoft, most of their arguments just aren't that compelling. All Microsoft is asking is that you pay for the software you use, and the company is even rewarding you for coming clean. Sure, if you have a store selling counterfeit Windows licenses, you might expect a lawsuit. But the average consumer isn't the target here. Like any company, Microsoft just wants to be paid for its work. Considering the pervasiveness of piracy, it's taking a pretty fair stance here. If you don't believe me, imagine what choices the RIAA would make if they were in charge of this decision. Copyright © 2004, Mark Burnett is an independent researcher, consultant, and writer specializing in Windows security. He is the author of Hacking the Code: ASP.NET Web Application Security (Syngress), co-author of the best-selling book Stealing The Network: How to Own the Box (Syngress), and co-author of Maximum Windows 2000 Security (SAMS Publishing). He is a contributor and technical editor for Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle. Mark speaks at various security conferences and has published articles in Windows IT Pro Magazine (formerly Windows & .NET Magazine), Redmond Magazine, Information Security, Windows Web Solutions, Security Administrator and various other print and online publications. Mark is a Microsoft Windows Server Most Valued Professional for Internet Information Services. Related stories MS updates: real Windows users only need apply Maximum sentence for SA software pirate Stunned pundit agrees with Gates over passwords
Mark Burnett, 02 Feb 2005

Dell touts smart card disk crypto for laptops

Dell yesterday updated its business-oriented notebook family with a smart card-based security sub-system designed to protect corporate data in case of loss or theft. The three new models in the Latitude D line-up all feature built-in smart-card readers and integrated data encryption chips. Based on the Trusted Platform Module 1.1 specification, the system uses passwords and data on the smart card to decrypt data on the fly. All information stored on the hard drive is encrypted and can be explicitly tied to a given machine to prevent protected information being unlocked on a compromised computer. The new notebooks are based on the latest generation of Intel's Centrino platform, aka 'Sonoma', and sport Pentium M processors clocked at up to 2.13GHz running over a 533MHz frontside bus. The machines ship with 802.11b/g or 802.11a/b/g Wi-Fi, and Bluetooth 2.0 is offered as an optional extra. The line up comprises the Latitudes D410, D610 and D810, designed for ultra-portable, thin'n'light and mainstream usage models. They incorporate from 256MB of DDR 2 SDRAM clocked at 400MGHz or 533MHz, depending on configuration. The D410 has a 12.2in 1024 x 768 display, the D610 a 1400 x 1050 14.1in panel, while the D810 offers a 15.4in display offered at 1280 x 800, 1680 x 1050 or 1920 x 1200. The D810's display is driven by an ATI Mobility Radeon X600 with up to 128MB of video RAM. The D610 uses either Intel's in-built GMA900 graphics engine with up 128MB of shared memory or an ATI Mobility Radeon X300 with 64MB of DDR SDRAM. The D410 offers only the Intel graphics system. The D410 is priced from $1677/£972, the D610 from $1384/£902 and the D810 from $1549/£1122. ® Related stories Dell ships (almost) unleaded desktop Apple updates G4 PowerBooks with Bluetooth 2.0 Tablet PC bug 'fills computer with ink' Averatec sets up shop in UK IBM's Mr Thinkpad on life before Lenovo Intel revamps Centrino Vendors target IBM ThinkPad market share Sony unveils 'Centrino 2' notebook family
Tony Smith, 02 Feb 2005

Small.biz demands scam protection

The Federation of Small Businesses (FSB) is calling on ministers to furnish small firms with safeguards from dishonest scams. It says the government's plans to protect consumers from shady dealers should extend to small businesses, otherwise they will continue to fall foul of the criminals. The call came as the Office of Fair Trading (OFT) launched 'scam awareness month' - a campaign to alert the public to deceptive and fraudulent mass marketed scams. The OFT has the power to serve 'Stop Now Orders' on con artists who swindle consumers. But a clause in the 2002 Enterprise Act excludes businesses and the self-employed from similar protection. Small firms are more vulnerable to scams because they have fewer resources to conduct background checks on business partners, nor, so the FSB argues, check all their correspondence thoroughly. In the last year, a range of scams have targeted SMEs, including the European City Guide fiddle, in which firms were invited to list themselves, but were subsequently charged for the privilege. In another con, official-looking documents were sent out to small businesses by an organisation claiming to be an official health and safety group. It said they were in breach of safety rules and demanded hundreds of pounds in 'registration' payments. FSB trade and industry chairman Tina Sommer said: "The aim of scam month is to arm consumers with the knowledge and skills necessary to recognise and report scams - but what about small firms? Fraudsters are increasingly aware that small business owners must do two full time jobs - run their firm and also comply with ever increasing regulations and red tape." The OFT has published a list of 10 scams to look out for. They include telephone lottery scams, premium rate number prize draws and pyramid schemes. Copyright © 2005, Related stories Small.biz gets more spam Watch out for bogus health and safety invoices UK.gov urged to lead fight on e-crime
Startups.co.uk, 02 Feb 2005

Revenue waives late filing penalty, for some

The Inland Revenue will waive its £100 late filing penalty for some people who were unable to complete their self assessment forms online by the 31 January deadline. A problem with the IR's email system meant that a backlog of "submission failed" messages built up over the weekend. Normally the messages would be delivered almost instantly, advising taxpayers that their forms were incorrect in some way, and that they would need to resend them. However, the backlog meant that by the time some got the failure message it was too late to resubmit their forms. Anyone who received a "submission failed" message will have two weeks grace, from the time the message was sent, to resubmit their return. A spokesman said that this was in line with the policy for paper returns. Returns that are submitted in time, but are not signed, or don't have all the stated forms attached, for example, are considered invalid. However, taxpayers are granted a 14-day extension to correct any errors. In a notice on its website, the Inland Revenue said: We recognise that if the submissions failed our validation, you may be unable to rectify and resubmit before the deadline. We hold a complete record of all submissions over the weekend and if any of those failed submissions are re-submitted within 14 days of the date when we sent out the 'submission failed' message we will waive any late filing penalty notices. Any payments due should still be made by 31 January. We apologise for the disruption to the service and can assure you that no details have been lost and there is no need to resubmit successful returns. Over a million people, maybe as many as 1.25 million, completed self assessment forms online this year, up from 780,000 the year before. The sheer numbers of people trying to meet the deadline - as many as 5,000 per hour over the weekend - meant that the site was extremely slow, driving many users to distraction. An IR spokesman said: "We'll learn the lessons from this year, and will take action to get it done better, next year." He added that the best advice he could offer was that people should file their returns in plenty of time: "Avoid September and January, if you are filing online. The first week in October is usually very quiet." ® Related stories Inland Revenue site buckling under load Inland Revenue predicts bumper year for online filing The new certainties: spam, taxes and software licences
Lucy Sherriff, 02 Feb 2005

Ebbers fortune at risk as share prices slid

Bernie Ebbers used his substantial number of shares in telecoms giant WorldCom to guarantee a $400m (£212m) personal loan from Bank of America, a US court heard yesterday. But as WorldCom's stock price fell over 2000 and 2001 the bank called on Ebbers to pay the loan or stump up more security for the loan. If he failed, Bank of America threatened to sell his stock, according to Ebbers' personal banker Jayne Hammond who testified yesterday. In the end, WorldCom backed Ebbers' entire loan, AP reports. Yesterday's testimony follows that of former WorldCom financial controller David Myers last week. Ebbers - who is facing fraud charges in relation to the $11bn (£5.8bn) collapse of WorldCom in 2002 - feared that his personal fortune would be "wiped out" unless something was done to improve the financial health of ailing telecoms outfit WorldCom. Myers recalled a meeting in 2001 where the former WorldCom boss called on senior execs to turn the company around. The stock price was falling as expenses spiralled and revenues had dipped. Testifying last Friday, Myers told the court that Ebbers had said that if things didn't improve "everything that I worked for since I joined WorldCom will basically be wiped out". Recalling the meeting, Myers continued: "He made a plea to everybody to do everything they could possibly do to work to reduce costs." Ebbers denies the charges against him. The trial is expected to last eight weeks. ® Related stories Ebbers never made 'an accounting decision' - witness Ebbers feared fortune would be 'wiped out' Ebbers knew of financial fiddling Ebbers' financial know-how probed Gloves off in Ebbers WorldCom fraud trial Ebbers fraud trial kicks off Ebbers faces WorldCom court showdown Former Worldcom directors cough up $18m MCI breaks free from Chapter 11 WorldCom gets sums wrong by $74bn Bernie Ebbers faces criminal charges
Tim Richardson, 02 Feb 2005

How to stay in touch - even when you're dead

An inventor from Osnabruck, Germany, has released a mobile phone for the deceased. The idea is that once your loved one is six feet under, you will still be able to talk to them, even if the conversation might be a little one-sided. The phone comes in a black box with a loudspeaker that is placed on top of the grave. It runs on a battery that lasts at least twelve months, and the inventor claims the sound quality is excellent. For those who believe that telecoms links with the hereafter are a viable proposition - including the woman who claims to have received text messages from her late hubby - the Telefon-Engel (Phone Angel) might be an excellent idea. It will, however, set you back a cool €1495. Disgruntled punters can return the phone within 18 months and get a generous €50 refund. And if you don't fancy the idea of a grave phone, why not take inspiration from UK singer Cilla Black, who has scattered her late husband Bobby's ashes at her four homes across the world - thereby ensuring close proximity with her dear departed at all times. ® Related stories An MP3 player you can talk to... Mobile players look beyond 3G Mobile phones 'alter human DNA'
Jan Libbenga, 02 Feb 2005

US hit for $548m in fraud losses

Identity theft topped the list of complaints received by the US Federal Trade Commission for the fifth successive year, accounting for 39 per cent of consumer fraud complaints filed with the agency last year. Credit card fraud was the most common form of reported ID theft (28 per cent), followed by phone or utilities fraud (19 per cent), bank fraud (18 per cent), and employment fraud (13 per cent). Americans reported fraud losses of $548m to the FTC last year. Of these 635,173 complaints, 246,570 concerned ID theft and 388,603 were about other forms of fraud. Internet-related complaints accounted for 53 per cent of fraud reports (and $265m of reported losses), with problems involving online auctions proving a particular problem. Gripes about net auctions featured in over 102,000 complaints to the FTC last year (16 per cent of total reports). The top 10 of consumer fraud complaints for 2004 also included: catalogue sales - eight per cent of total complaints; internet services and computer complaints - six per cent; foreign money offers - six per cent; prizes/sweepstakes and lotteries - five per cent; advance-fee loans and credit protection - three per cent; business opportunities and work-at-home - two per cent and telephone services - two per cent. Consumers can file fraud and identity theft complaints on the FTC's website. The agency collates this information with data from other law enforcement and consumer protection agencies to create a comprehensive database. This information helps law enforcers co-ordinate actions, avoid duplication and spot trends in consumer fraud. Washington DC, Las Vegas and San Jose, California were 'hot spots' for consumer fraud, according to FTC reports. Last Vegas (again); Phoenix, Arizona and San Bernardino, California generated the highest per-capita reports of ID theft. The FTC's report, National and State Trends in Fraud and Identity Theft, can be found here (PDF). ® Related stories US jails Brit credit card fraud mastermind for 14 years Internet fraud is easy, says judge... 'Integrity of eBay markeplace' at risk - sellers' group
John Leyden, 02 Feb 2005

UK Online unveils 2Mb service

UK Online, a division of Easynet, has launched a 2Mb service. The Broadband 2000 package costs £29.99 a month and comes with a free modem and connection. Oh, and there are no usage limits either, apparently. Said UK Online general manager Chris Stening: "Broadband 2000 answers the demand for extra speed from customers who share their broadband with other members of the family, or are frequent downloaders, and often find that 512K or 1Mbps broadband is not enough." Yesterday, Madasafish - the ISP that had its "Oi, Churchill, nooooooooo! TV" ad banned - wheeled out a capped 2Mb service for £17.99 a month. ® Related stories Madasafish in 2Mb ADSL promo Eclipse punts entry-level 2Mb broadband Telewest upgrades network NTL supercharges broadband
Tim Richardson, 02 Feb 2005

Police cuff US student keystroke logger

A Houston High School student faces a fine possible $2,000 fine or 180 days' jail after admitting rigging a keystoke logger to a teacher's PC and using it to download exams, Houston's Local 2 reports. Fort Bend School District School spokeswoman Mary Ann Simpson said: "Sometime in mid-December, we got a tip that this student was selling test exams that had apparently come from a teacher's computer, so that's when the investigation began." Said probe ended with the unnamed 16-year-old having his collar felt by the police. He immediately confessed to the crime when confronted, was charged with a Class B misdemeanour and transferred to another school. Police this week sent out alerts to other schools warning them of the threat of keystoke-logging ne'er-do-wells. ® Related stories Judge dismisses keylogger case Interview with the keystroke caperist Disgruntled ex-employee arrested for keystroke caper
Lester Haines, 02 Feb 2005

Swift observatory sends back stunning test shot

The final instrument on board Swift, the satellite launched in November last year to hunt for gamma-ray bursts, has been switched on, and the space lab is now fully operational. The ultra-violet optical telescope (UVOT) has sent its first picture back to Earth, and is poised to snap its first gamma-ray burst. The false colour image is of the Pinwheel galaxy, M101, regarded by many as the perfect spiral galaxy. The picture shows hot, star forming regions on the arms of the galaxy, while the centre is older, and cooler. The picture was created by combining light from several of the UVOT's filters, all the way from invisible-to-humans ultraviolet, to the blues and yellows of the visible spectrum. In the image, however, the shortest wavelengths are represented as blue, while the longest are coloured in red. Swift will investigate gamma-ray-bursts, the most violent, and mysterious explosions in the universe. It has been designed to respond rapidly to detection of gamma rays - within 20-70 seconds. This is vital as the whole explosion can be over in as little as 200 seconds. Professor Keith Mason, the UK UVOT lead at University College London commented: "The UVOT isn't as powerful as [observatories like Hubble, or Keck], but has the advantage of observing from the very dark skies of space. Moreover, it will start observing the burst afterglow within minutes, as opposed to the day or week long delay inherent with heavily used observatories. This is extremely important because the bulk of the afterglow fades within hours." The UVOT is the third of Swift's observing instruments that will come into play, after the Burst Alert Telescope and the X-Ray Telescope. It can pinpoint a gamma ray source to sub-arcsecond accuracy, the equivalent of the eye of a needle held at arms length, PPARC (Particle Physics and Astronomy Research Council) helpfully informs us. It will reveal more about the behaviour of this ultraviolet afterglow, such as the temperature and velocity of material ejected during the explosion. Knowing how the afterglow is shaped, and how it fades will give researchers an insight into the explosion that preceded it. Peter Roming, UVOT lead scientist at Penn State, notes that we know next to nothing about this stage of a burst. "This is because the atmosphere blocks most ultraviolet rays from reaching telescopes on Earth, and there have been few ultraviolet telescopes in orbit. We simply haven't yet reached a burst fast enough with a UV telescope." ® Related stories Swift blasts off on dying star mission ESA's lunar probe closes on target Supernova revealed in gamma rays
Lucy Sherriff, 02 Feb 2005

Mobile-using drivers 'age 50 years'

University of Utah researchers claim that a 20-year-old blabbing on a mobile phone while driving has the reaction times of a 70-year-old, AP reports. And it doesn't matter if you're chatting hands-free, because "any activity requiring a driver to actively be part of a conversation likely will impair driving abilities," said principal study author professor David Strayer. Guinea pigs were subjected to four 10-mile freeway trips lasting about 10 minutes each in a simulator. They talked with a researcher via a handsfree mobe for half of the trip and maintained a concentrated silence for the other half. The results showed that those chewing the fat were "18 per cent slower in braking, had a 12 per cent greater following distance and took 17 per cent longer to regain the speed they lost when they braked". The team concludes that "when 18-to-25-year-olds were placed in a driving simulator and talked on a cellular phone, they reacted to brake lights from a car in front of them as slowly as 65- to 74-year-olds who were not using a cell phone." Which means that a 70-year-old yakking away on his cellphone has the reaction times of a 120-year-old, or have we misunderstood this rather poor analogy? In fact, old timers behind the wheel interfacing with their telephone do not pose a greater risk to road users because "more experience and a tendency to take fewer risks helped negate any additional danger," as Strayer puts it. Yes indeed, we have ourselves been stuck behind octogenarian motorists doing 10mph in the fast lane and can confirm that their safety consciousness is a shining example to other road users. ® Related stories Mobile phone driving ban comes into force The truth about mobile phones and driving Reg road tests the BioNav™ in-car nav wonder
Lester Haines, 02 Feb 2005

BT clobbered in Ofcom probe

Energis could be looking forward to a six-figure repayment from BT following a draft ruling today by Ofcom. The communications regulator was forced to intervene in a row between the two companies last October concerning allegations that BT had overcharged Energis for wholesale business ISDN2 Line Rental (WLR ISDN2) between November 2003 and October 2004. Earlier reviews of the telecoms market had found that BT has Significant Market Power (SMP) in the wholesale business ISDN2 exchange line services market. As a result, Ofcom imposed certain conditions on BT including ensuring that its charges for providing WLR ISDN2 are "based on the forward looking long-run incremental costs of providing it", something challenged by Energis. Announcing its draft decision today Ofcom said: "The Draft Determination requires BT to repay sums for an overpayment, the sum of £11.69 for each WLR ISDN2 provided to Energis between 28 November 2003 and 30 September 2004." Energis declined to say exactly how much it expected to received but said it was "under £1m". Today's draft decision - to which responses must be submitted by 15 February - comes just 24 hours before BT's deadline to respond to Ofcom's demands for "substantive behavioural and organisational changes" within BT as part of the regulator's year-long review into the telecoms sector. Failure to meet the demands set by Ofcom, could result in an Enterprise Act investigation which, in turn, could lead to the giant telco being split in two. Asked about Energis' Telecoms Review submission to the regulator, a spokeswoman said: "We'll be telling it like it is." ® Related stories Rivals warn of BT 'delaying tactics' BT faces 'bogeyman' if it fails to open market BT warns of broadband divide ahead of Ofcom review MPs to scrutinise Ofcom's telecoms review
Tim Richardson, 02 Feb 2005

MS downplays SP2 vuln risk

Microsoft is downplaying the significance of research that suggests support for revamped memory protection in Win XP SP2 will fail to block a common type of security attack. Alexander Anisimov of Russian security firm Positive Technologies last week published a paper explaining how the data execution protection (DEP) and heap overflow protection features that debuted in Windows XP SP2 can be bypassed. This execution protection (NX) technology - which is only supported by a limited number of processors including AMD K8, Intel Itanium and some Xeon processors - is designed to thwart buffer overrun attacks. Buffer overflows are a perennial source of software security problems that often feature in Windows security exploits. The infamous Sasser worm, for example, used a buffer overflow flaw in Windows' Local Security Authority Subsystem Service to spread. Microsoft's NX protection is designed to make it more difficult for crackers to inject malicious code into memory but Positive Technologies' MaxPatrol security scanner research team found a chink in these defences, outlined in Anisimov's paper. Positive Technologies said it discovered the problem in October 2004, notified Microsoft in December and went public last week. In a statement, Microsoft said that "early analysis" indicates that attempts to bypass its newly-introduced memory protection technology are "not a security vulnerability". It said it never claimed the technology was foolproof. "An attacker cannot use this method by itself to attempt to run malicious code on a user’s system. There is no attack that utilizes this, and customers are not at risk from the situation," it said. "It’s important to note that DEP and heap overflow protection are not designed to protect against all kinds of malicious code exploits. These features effectively address the exploits that they were designed to prevent and make it more difficult for an attacker to run malicious software on the computer as the result of a buffer overrun. We will continue to modify these technologies as appropriate to improve them and will evaluate ways to mitigate against this method of bypass while retaining performance on the system, either through an update as part of our monthly bulletin release process, or in a service pack," it adds. Microsoft continues to urge customers to load Windows XP Service Pack 2 as a defence against security attacks. ® Related stories MS bigs up Windows XP SP2 Intel 'Nocona' Xeon to get 'no execute' support WinXP SP2 = security placebo? Exploit code attacks unpatched IE bug
John Leyden, 02 Feb 2005

Heise.de under DDoS attack

German tech publication Heise.de has been targeted by a persistent and determined denial of service attack, it says. The origin of the attack is unknown so far, and Heise's publishing house is offering a €10,000 reward for information leading to the arrest of the attacker. The assault began on Monday this week, and Heise reports that it has come in four waves. At its worst, it disabled the site for five hours. The first attack swamped the load-balancer, which manages the flow of traffic across the site's web servers. Heise's publishing house runs 25 web servers and one solaris machine, more than enough to handle an unexpected influx of visitors to the site. As Heise's technical staff worked to deal with the influx of rubbish, the attacker changed his approach, probably by bringing more machines from different locations to bear. This would make it harder for Heise to filter out the noise, and put the site under renewed pressure. So far, the techies have ruled out an attack via HTTP requests, and say there is no truth in rumours that the Sober.K worm is responsible for its troubles. The attacks have dropped off for the time being, and Heise is taking steps to protect itself against any new DDoS attempts, it says. ® Heise's own story is here Related stories ;Blaster copycat author jailed for 18 months Unholy trio pose DDoS risk for Cisco kit The strange death of the mass mailing virus Who would you like to attack today? Register suffers DDOS attack
Lucy Sherriff, 02 Feb 2005

SunnComm fixes 'Shift Key' embarrassment

SunnComm has at last fixed its most infamous flaw - the Shift Key break to its DRM (digital rights management) technology. The company has started shipping an update to its MediaMax software that blocks users from employing the Shift Key attack discovered in 2003 by a student at Princeton University. The student realized that SunnComm's DRM technology could be disabled by holding the Shift Key down when inserting a new CD. This allowed users to do what they liked with the songs, undermining the entire point of SunnComm's software. "The new technology, when embedded onto the optical medium, makes it even more difficult for the consumer to improperly use the CD without first installing the MediaMax software," SunnComm said in a statement. "Throughout the latest series of tests, this newest version of the copy management technology has proven to significantly improve protection for MediaMax-enhanced discs while remaining 100% playable in all consumer CD and DVD players." SunnComm acknowledges that some people may still find a way to workaround its DRM, but it's convinced the MediaMax update makes the Shift Key issue a moot point. The average consumer is not going to take the time to try and break the technology. Let the researchers have at it - we're not worried about them. SunnComm has been looking to sign up more big labels as customers of its technology and recently announced that Universal is considering MediaMax. The software places restrictions on how many times and to what devices a user can transfer music. Such technology is seen a must have for the record labels trying to block piracy. Many customers, however, dislike DRM technology, as it places new boundaries around once untainted products. ® Related stories CE vendors unite to develop DRM Legal downloads jumped 900% in 2004 Sunncomm gets a nod and a wink from Universal Is SunnComm a sham or the next, big DRM success? Macrovision and SunnComm court Apple for a seachange in CDs SunnComm shrinks from DMCA threat SunnComm to sue Shift key student for $10m Shift key breaks latest CD anti-rip tech grad student
Ashlee Vance, 02 Feb 2005

Root kit surfaces after Jabber attack

The Jabber Software Foundation (JSF) - the open source instant messaging organisation - has advised developers to check their code, after discovering that a hack attack against its website was more serious than first suspected. An audit conducted on JSF's web servers after an intrusion two weeks ago revealed a root kit on a machine hosting both the jabber.org website and the JabberStudio service. Subsequent investigations revealed the machine (hades.jabber.org) had been compromised for more than a year. The affected machine has been rebuilt and fully locked down. Dynamically generated pages were disabled on the site and the JabberStudio service was temporarily suspended as a precaution after JSF detected the January assault. JSF Executive Director Peter Saint-Andre said in a recent update that Jabber.org will restore its website to normal operation when it is satisfied that there is no security risk. Developers are urged to validate their code as a precaution. However, evidence suggests that other servers in the jabber.org infrastructure (such as the production Jabber server or the mailing list server) were unaffected by the security breach. Neither does much mischief seem to have been perpetrated against the compromised server. It's rare, but not unprecedented, for malicious hackers to load backdrops onto the web servers of application developers. Crackers owned the primary file servers of the GNU Project for five months in 2003, the Free Software Foundation admitted. In May 2001, infamous cracker Fluffy Bunny bragged that he had compromised the systems of the Apache Project. In October 2000, Microsoft's systems were comprehensively compromised by a cracker using the QAZ Trojan. Weeks later, Microsoft's core websites were again 0wn3d in an attack that went beyond the usual web page defacement. ® Related stories Jabber Inc frees IM add-ons Jabber builds IM bridge to SMS chat rooms Jabber Speaks GNU servers owned by crackers for months
John Leyden, 02 Feb 2005

Symbian updates OS, toolchain

Symbian has updated its smart phone operating system to version 9, adding DRM and support for new screens and storage devices. The company has also updated its toolchain, and Nokia today announced a new version of CodeWarrior for Symbian, version 3.0, that supports the updates. Nokia acquired the rights to CodeWarrior for Symbian OS, along with a couple of dozen Metrowerks developers, last Fall. It isn't as dramatic as last year's announcement, version 8, which made a one-chip, real-time version of Symbian available. Phones typically use a baseband processor to handle the radio, and a separate processor to handle the applications. But the industry has been working towards one-chip designs for a while, and Nokia has said it will use Texas Instruments' one-chip board when it appears next year. (Optimistically: when TI announced the project two years ago it was predicted to ship this year). The OS now supports OMA and MPEG DRM, and a variety of screen sizes and orientations. No surprise there, as the most recent iteration of Nokia's Series 60 platform, built on top of Symbian OS, supports four screen sizes. And that's before Series 90 was folded in to the roadmap. The OS also now supports larger removable storage devices. At the application level, OS 9 supports IMAP and calendar events from Outlook and Lotus Notes. Symbian will bundle ARM's RealView compiler. ® Related stories Symbian founder on mobile past, present and future Nokia blesses mobile Python Symbian CEO to quit PalmSource to build Palm OS on Linux Nokia bows to cellcos in midrange Intel, Symbian to define 3G smart phone 'standard' Nokia walks tightrope with Metrowerks acquisition Symbian owners foil Nokia takeover Symbian releases real-time, one-chip OS UI wars tore Symbian apart - Nokia
Andrew Orlowski, 02 Feb 2005