15th > March > 2005 Archive

Site aims to quash auction fraud

Small business fraud buster Early Warning is targeting auction scams with the launch of a new website. ReportAuctionFraud.com - which goes live 15 March - offers fraud screening for auction site users, allowing registered users to search a live database of fraud data. Each fraud search costs 50p. Registered users can also add their own fraud data to the database, helping to keep the system as up to date as possible. No charge is made for using this feature. Early Warning reckons that the vast majority of people likely to use its site are honest and unlikely to abuse this facility. Even so it has built in measures to help ensure bogus reports are weeded out. It has also established a procedure for parties to challenge the accuracy of its listings. Early Warning maintains the CardAware database, a similar scheme designed to help retailers prevent losses from CNP (card-not-present) credit-card fraud. Andrew Goodwill, Early Warning’s managing director, said: "Our CNP fraud screening product, CardAware, has saved retailers just under £4m over the past two years. We are now extending the CardAware concept of sharing fraud data into the online auction market. Online auction fraud has now reached pandemic proportions. Our new website will make a significant contribution to reducing this problem." Neighbourhood Watch Online auction sites such as eBay have a feedback scoring system designed to indicate the reliability of a buyer or seller. Early Warning argues this facility is unreliable because a prospective fraudster can get his associates to give him favourable feedback. Rather than being embraced by online marketplaces, the people behind ReportAuctionFraud.com expect to be criticised by auction sites for running an unnecessary service, at least initially. "Auction sites like eBay may say they are doing all they can to prevent fraud but we know different. Fraud is a major problem on online auction sites," Early Warning’s Goodwill told El Reg. The ReportAuctionFraud database contains the details of individuals who have actually committed auction fraud before. Users have the ability to search on different criteria; name, email address, telephone number, postcode, username and auction item number. By searching the database a user can find out if a match exists for the buyer or seller who they are dealing with. In the course of beta testing, 5,000 records have been added to the ReportAuctionFraud database. Grey market Official figures for online auction fraud are hard to come by, particularly as auction site users can be reluctant to report small-scale frauds. However, in 2003 the US FTC (Federal Trade Commission) released a report on Consumer Fraud and ID Theft, which claimed Internet auction fraud alone accounted for 48 per cent of Internet-related fraud complaints, generating losses of $437m. A recent FBI report cited by Early Warning reports that 250,000 of an estimated 12.5 million transactions run through auction sites worldwide every day were fraudulent. Common frauds include the non-delivery of purchased goods, misrepresentations of the item for sale, non-payment for goods, the sale of stolen goods (which might later be confiscated) through online auction sites and various bidding scams. ® Related stories Beware auction sites, says Citizens Advice eBay fraudster faces possible jail eBay provides backdoor for phishers eBay plays down 'shill' bidding allegations External links ReportAuctionFraud.com FAQ
John Leyden, 15 Mar 2005
channel

Computacenter ups profit despite sluggish turnover

Computacenter managed a small increase in profits for the year ended 31 December 2004 despite not increasing turnover. The firm blamed France, Germany and the re-negotiation of terms with HP, its main trading partner, for the sluggish sales. The group made revenues of £2.46bn for the year, down slightly on £2.48bn in 2003. But the firm pointed out that core product prices fell 12 to 15 per cent in the period. Profit before tax was up 3.2 per cent to £67.3m. The firm is paying a final dividend of 5.2p per share - giving a total for the year of 7.5p. The giant reseller was pleased with UK managed services revenue growth of 16.6 per cent for the year, compared to 10.9 per cent in 2003. But Computacenter said the renegotiation of its agreement with HP was likely to cost the firm £10m in profits. Trading in France was poor - it made an operating loss of £6.2m, up from £2.7m in 2003. Computacenter invested in management changes but hasn't seen the benefits yet. New managers were appointed to run maintenance, finance and logistics and in January 2005 Chris Webb was appointed MD for Computacenter France. Webb previously ran UK sales and delivery. Germany saw modest growth: turnover was up 3.2 per cent and profits grew 3.1 per cent to £9.0m. Although the firm admitted some disappointment with these figures it said the work has now been done to build the German unit into a strong business. Computacenter Austria is being sold to S&T Systems Integration & Technology Distribution AG, which becomes Computacenter's partner for central and eastern Europe. The deal should close in March 2005. Computacenter said demand in the first two months had been slow but it was still too early to say if this would hit full year results. More info on Computacenter website here.® Related stories Computacenter flees Austria France weighs down Computacenter 'Primary vendor' turns screw on Computacenter
John Oates, 15 Mar 2005
arrow pointing up

ATI announces phone video chip

ATI today introduced its latest mobile phone graphics chips with a view to seeing the products appear in handsets "from leading manufacturers" later this year. The company also announced the acquisition of Hyderabad, India-based digital media technology developer CuTE Solutions. Indeed, CuTE's technology delivers some of the new Imageon 2182 and 2282 chips' features, including 13 codecs to deliver MP3, AAC, AMR, Real Audio, WMA, MIDI and other audio formats. The new processors also support CD-quality 3D sound ringtones, and stereo recording. Both chips support cameras with resolutions of up to three million pixels, and can handle video playback and recording good enough for camcorder usage, ATI claimed. The high-end handset-oriented 2282 improves on this basic 2182 spec. with additional support for videostreaming and conferencing with picture-in-picture. The chips are complaint with the 3GPP (3G Partnership Project) scheme to develop foundation technology sepcifications that allow GSM/GRPS and 3G handset makers and networks to ensure a level of compatibility between each others' services, yet still have room to differentiate their offerings. The 2182 and 2282 incorporate ATI's PowerPlay power management system to help maximise battery life. ATI didn't say which if any mobile phone makers have committed to the new Imageon processors, but past customers include Motorola, LG and Fujitsu. Meanwhile, the completion of the CuTE acquisition will see ATI convert the company's HQ into its India digital media R&D centre, retaining all of CuTE's workforce in the process. ATI described the purchase as a way to build on its own video and graphics expertiose with CuTE's audio skills. ® Related stories ATI paves way for sub-$50 graphics cards ATI ships AGP-edition X850 XT graphics chip Nvidia ships 'world's fastest' notebook graphics chip ATI ships 'first' mobile AMD chipset Nvidia Q4 sales best yet - almost Nvidia updates GoForce phone chip ATI buys cable modem chip biz for $14m
Tony Smith, 15 Mar 2005
globalisation

Banks 'wasting millions' on two-factor authentication

Banks are spending millions on two-factor authentication for their customers but the approach no longer provides adequate protection against fraud or identity theft, according to Bruce Schneier, the encryption guru. "Two-factor authentication was invented a couple of decades ago against the threats of the time. Now, the threats have changed - and two-factor authentication doesn't defend against them. It's a waste of money," Schneier told El Reg. His comments are controversial because they attack a technology touted as a gold standard for net security - but that doesn't necessarily mean he's wrong. In an essay in the April issue of Communications of the ACM - published 15 March - Schneier notes that two-factor authentication tokens have been around for nearly 20 years, but are only just receiving mass-market attention with AOL and some banks issuing them to customers. Passwords alone do not provide adequate security, everyone now acknowledges. Supplementing passwords with hardware tokens, which dynamically generate authentication key codes that change every minute, guards against eavesdropping and offline password guessing (types of passive attack). All well and good but this approach fails to protect against modern active attack techniques such as man-in-the-middle attacks or Trojans, according to Schneier. Too Little, Too Late In a man-in-the-middle attack, an attacker puts up a fake bank web site and entices a user to that site. The user types in his password, and the attacker uses this data to access the bank's real site. An attacker could pass along a user's banking transactions while making his own transactions at the same time. "Done correctly, the user will never realize that he isn't at the bank's web site," Schneier writes. In a Trojan scenario, an attacker would be able to piggyback on a user's session whenever he logs into his bank's website and make any fraudulent transactions he wants. Schneier argues two factor authentication fails to protect against either of these scenarios. "In the first case [man-in-the middle], the attacker can pass the ever-changing part of the password to the bank along with the never-changing part. And in the second case, the attacker is relying on the user to log in," he writes. "The real threat is fraud due to impersonation, and the tactics of impersonation will change in response to the defences. Two-factor authentication will force criminals to modify their tactics, that's all." Early adopters of the technology may enjoy a significant drop in fraud, as crooks move onto easier targets, acknowledges Schneier. But he predicts that the approach is ultimately doomed. Despite his criticisms, he reckons two factor authentication still has a role in enterprise security. "It works for local log-in, and it works within some corporate networks. But it won't work for remote authentication over the Internet," he concludes. ® Related stories Passwords? We don't need no stinking passwords RSA cosies up to AOL as VeriSign enters token market RSA gets into fingerprints UK firm touts alternative to digital certs The Great 'standalone' ID card Swindle
John Leyden, 15 Mar 2005

Apple eyes broader iTunes services

Apple's online music ambitions are broadening - if the latest round of rumours are anything to go by. The Mac maker is said to be in talks to acquire digital music start-up HipSolve Media, and to have made a hire that could indicate it is laying the groundwork for the launch of a music subscription service. According to a Think Secret report, Apple has offered $3.6m to HipSolve's owners, who are claimed to be talking to a number of possible buyers and/or investors. HipSolve offers iHoopla, a Windows-based music distribution system the company has so far pitched toward labels as a low-cost means of selling DRM-protected music direct to customers, eliminating go-betweens like... er... the iTunes Music Store from the supply chain. It also offers a version for e-tailers to take out franchises from the labels, and there's also a version pitched at movie makers. It's been suggested that products like iHoopla are a threat to iTunes. Maybe one day, but not now. Such is Apple's market share that it's going to take some time for such rivals to cause the company lost sleep. And iHoopla isn't the only such solution: is Apple going to buy them all? That seems unlikely. Possibly Apple wants to widen its offer to labels who don't want to tie themselves into iTunes, or would prefer to target the potentially larger Windows Media device market. But Apple's strength lies in driving the iTunes brand, and it's hard to see how it might benefit by offering an alternative to its own product, at least for the foreseeable future. Separately, AppleInsider notes that Apple has hired one Julia Miller, formerly head of marketing for Microsoft's Xbox Live online gaming service. She also worked on SegaNet, in years gone by. Xbox Live is a subscription service, leading the site to speculate that Apple is planning a similar business model for iTunes. Alas, Miller's role at Apple isn't known, so it's entirely possible she has nothing to do with iTunes at all. Her resumé, according to AppleInsider, includes work on point-of-sale systems and loyalty-card schemes, so she may simply have joined the company to explore alternative iTunes - or Mac - sales and marketing channels. Apple has, to date, dismissed the subscription model, stating its belief that music buyers want to own songs, not rent them. But Napster and others are showing there is some demand for monthly fee-charged 'all you can eat' services, which at the very least appear to offer better margin opportunities than a la carte downloads do. At this stage in the game, it's far too early to tell whether consumers will prefer one service model or the other - most likely both will operate alongside each other, just as the DVD sales and rental markets do, for example. It seems unlikely, then, that Apple's doesn't at the very least have a contingency plan in place to roll out a subscription service if it feels the market needs one, or its rivals do rather better than it anticipates they will. Whether Miller has been brought on board to oversee the scheme, or even to prepare its roll-out, remains to be seen. AppleInsider mentions some industry insiders who claim Apple will offer such a service by the end of the year. That may require fresh negotiations with the labels, assuming Apple didn't factor such a model into its original licensing deals, as Napster did. ® Related stories Moto's iTunes phone - please try again later Apple faces iPod, iTunes patent violation claims Napster ups revenue forecast Apple music store downloads top 300m Europe probes 'rip off' Apple iTunes pricing French consumer group sues Apple, Sony
Tony Smith, 15 Mar 2005
channel

Intel 'plans' Pentium M price cuts

Intel is planning to cut Pentium M processor prices by up to 33.6 per cent in response to the launch of AMD's Turion 64 mobile CPU, sources in Taiwan's notebook manufacturer community have claimed. So reports DigiTimes, which says that the cuts will be applied across the mid- and high-ends of the PM line-up - the basis of Intel's Centrino platform - from the recently released 770 down to the 735. The cuts take on 400MHz frontside bus models and those with the newer 533MHz FSB. What's really leading the price cuts is the Q3 launch of the 2.2GHz PM 780. Intel usually reduces the prices of other chip-family members when it introduces a new product to the line-up, and the expected PM cuts appear no different. According to the report, the launch and the price cuts will be made on Sunday, 24 July. Turion 64 chips are already shipping, with notebooks based on the parts set to arrive over the coming month. AMD announced the new mobile processor in January, formally launching the first seven models last week. Even with the price cuts, Intel's mobile processors are more expensive that its rival's, ranging from $423 to $209, compared to $354 to $189 for the Turion line-up. ® Related stories AMD tweaks mobile chip roadmap Intel's Q1 'a little better' than expected AMD details its Turion mobile processor Intel confirms chipset graphics update Intel 'Yonah' to boost Centrino media speed ATI ships 'first' mobile AMD chipset Intel dual-core Yonah to ship single core too AMD unveils Centrino spoiler
Tony Smith, 15 Mar 2005
channel

Intel's Cedar Mill chip 'to draw 65W'

Intel's 65nm desktop-destined single-core processor, 'Cedar Mill', will consume 43.5 per cent less power than today's Pentium 4 chips. So claim Taiwanese motherboard maker sources who have seen the chip giant's roadmap, cited by DigiTimes. Cedar Mill is due to ship during the first quarter of next year. Current 'Prescott' desktop chips consume up to 115W of power. Cedar Mill will draw just 65W, the sources claim. That's a big reduction, and one that suggests Intel may have licked the current-leakage problems that pushed the 90nm Prescott's power draw above that of the 130nm generation of the P4. Until Prescott arrived, it had been assumed that the move to a smaller fabrication process would reduce the CPU's power consumption, as past process shifts have done. Next quarter's dual-core Pentium D - aka 'Smithfield' - has been said to draw 130W of power. It's a 90nm chip comprising two Prescott cores on the same die. Interestingly, the Taiwanese sources claim 'Presler', the 65nm PD, due Q1 2006, will also draw up to 130W, according to preliminary data Intel has supplied them. Unlike Smithfield, Presler is made by combining two separate dies into a single package, Intel announced earlier this month, though it has yet to make public any power-draw figures for future processors. ® Related stories Intel details twin 'desktrino' platforms Intel dual-core Smithfield to ship as Pentium D Intel confirms 64-bit Celeron scheme Intel 65nm desktop, server CPUs 'up and running' Intel confirms 'desktrino' consumer platform plan Intel to bring 64-bit to P4, Celerons in Q2 Intel's 65nm desktop CPU to ship Q1 2006 Intel 'Smithfield' to run 130W hot
Tony Smith, 15 Mar 2005

Eircom to double broadband speeds

Irish incumbent telco eircom is to double the entry-level speed for broadband in a move it claims will help boost demand for high speed net access. The upgrade should be completed by 8 April increasing the entry-level speed from 512k to 1 Meg for wholesale and retail punters. Speed hungry residential and business punters should see their service speeds increase to between 2 Meg and 4 Meg. eircom reckons yesterday's announcement underlines its "commitment to provide broadband for everyone in Ireland". In December it announced it had signed up 100,000 broadband punters and reckons this latest announcement "demonstrates eircom's approach of continuous improvement in broadband connectivity". While the move has been welcomed by lobby group IrelandOffline it reckons it doesn't go far enough. Said the group's chairman Damien Mulley: "eircom completely failed to address the pricing issues, which means Ireland will continue to be one of the most expensive countries in the OECD for entry level broadband services, while continuing to fall behind in high speed access. "This announcement would have been impressive if it was made two years ago, but instead we are now left playing catch-up once again." Maintaining its criticism of the incumbent IrelandOffline used eircom's announcement to highlight the fact that one in five lines connected to an exchange is unable to support broadband. eircom's 20 per cent failure rate compares badly with the UK and Northern Ireland, it says, where the number of lines failing the test is less than one per cent. Said IrelandOffline spokesman Aidan Whyte: "This announcement will ring hollow for the tens of thousands that are unable to take advantage of any ADSL service because eircom simply fail to maintain their network to basic international standards. In fact, this increase will further exacerbate the digital divide that plagues Ireland at the moment." ® Related stories Third of Irish phone lines fail broadband test NI heralds 100% broadband coverage UK IT market tops Europe league
Tim Richardson, 15 Mar 2005

IBM faces protests

Unhappy IBM workers whose jobs are disappearing later this year have taken their protests to the CEBIT computer show in Hannover. Visitors to the show over the weekend were greeted by noisy protests from German IBM staff. Customer support workers at two IBM sites have been told their jobs will disappear from September this year. The workers warn that customers will suffer when support is offshored to Hungary or China. Development work is expected to go to local companies. Workers praised efforts by Big Blue to retrain people and find them other jobs at the firm. One anonymous worker told IDG that the layoffs were necessary because when IBM won a support contract with Deutsche Bank in 2002 they agreed to take on Deutsche's support staff - these people have guaranteed contracts. More details here. IBM said in a statement: ""We have announced to employees our intention to close IBM business services locations in Hannover and Schweinfurt, Germany. We are taking this action to meet the evolving needs of our clients in the most efficient manner possible. We currently are in the consultation process with the relevant works councils. "IBM can also confirm that the two sites have approximately a total of 600 employees."® Related stories IBM buys Ascential IBM to sell Lenovo kit by year-end Why IBM needs ETL
John Oates, 15 Mar 2005

Africa calls for tech tax to fill digital divide

African leaders have backed plans for a new tax on public sector technology investment in wealthy nations to fund technological infrastructure investment in poorer countries. The money raised would go to the United Nations-backed Digital Solidarity Fund, which aims to drive economic development by supplying technology, such as satellite phones and computers, to areas without even basic technological infrastructure. At a meeting in Geneva Algerian President Abdelaziz Bouteflika said that the gap between the rich nations in the North and the developing nations in the south was aggravated by the digital divide. According to Reuters, he told the conference: "It is imperative that international measures be taken." Senegalese President Abdoulaye Wade said it was about empowering poorer nations. Cities would subscribe to the tax voluntarily. Geneva was the first city to sign up, and now imposes a one percent tax on the profits technology suppliers make on public sector contracts to raise money for the fund. Conference organisers said several others were considering following the Swiss example. ® Related stories Senegal seeks bridge across digital divide Bono rides into Silicon Valley Nelson Mandela is IT mandala
Lucy Sherriff, 15 Mar 2005
channel

Dual-core AMD Athlon 64 benchmarks emerge

The first dual-core Athlon 64 benchmarks have appeared on the web, courtesy of an Italian-language hardware site and an unnamed Taiwanese OEM. The site, Hardware Upgrade, tested a 2.4GHz dual-core sample chip using the same CineBench 2003 test Intel used at its Developer Forum earlier this month to show off the speed benefits of its own dual-core processors. The Italian site came up with a rendering time of 41.4s for the Athlon 64 dual-core sample, second only to a two-way, HyperThreading-enabled 3.6GHz Xeon system, which clocked in at 38.4s. The Xeon rig offers four logical cores to the Athlon 64's two physical cores. Operating in single-core mode the 2.4GHz AMD chip took 77.5s to render the CineBench test image - almost, but not quite, half the speed of the chip running in dual-core mode, as you'd expect. Adding in the second core yielded an 87 per cent performance boost. Real mileage will vary, of course, but any system running a modern OS that supports multiple processors - such as Windows XP Pro, though not, of course, Windows XP Home Edition - and time-slices however many threads happen to be running at a given time across each processor core will benefit. Hardware Upgrade ran - or collated - CineBench 2003 test scores for a range of other Intel and AMD processors, all of which can be viewed here. ® Related stories AMD tweaks mobile chip roadmap Apple utility 'confirms' dual-core PowerPC chip P4 to get Virtualisation Tech before dual-cores do Intel preps Truland, Bensley Xeon platforms Intel to ship dual-core Xeon MP in Q1 06 Intel dual-core Smithfield to ship as Pentium D AMD's 2006 roadmap - details emerge
Tony Smith, 15 Mar 2005

Sony PSP Euro debut delayed?

Sony has apparently pushed back the UK release of the PlayStation Portable to late June, if Amazon.co.uk's PSP product page is to be believed. If the site's new date is credible, the delay marks a serious slippage from the late March timeframe Sony originally had in mind for the handheld console's UK debut. Amazon.co.uk first listed 18 March for the PSP's time of arrival. However, last month, amid speculation that Sony had decided to put the Europeaan PSP release back a month, the online retailer changed the date to 29 April. Now it says 24 June. The first change hasn't prevented the PSP from reaching number 25 on Amazon.co.uk's sales chart, so there are lot of folk who've pre-ordered the console and are going to have to wait even longer for it. The site offers the usual caveat, of course: "release dates are subject to change". However, it's interesting to note that Sony has been telling staffers that the PSP's European release is "at least a few months away", according to company sources cited by GamesIndustry.biz. The PSP's US release is still on course to arrive on 24 March. ® Related stories Nokia nails N-Gage to its perch Xbox2 goes core to core to core with PS3 Gizmondo to ship 19 March Sony PSP to ship in UK on 29 April - Amazon Sony preps PlayStation 'music download service' Sony PSP to ship in UK on 18 March - Amazon Related review Sony PlayStation Portable PSP-1000
Tony Smith, 15 Mar 2005

Bomb scare targets Indian software firms

The Indian offices of software outfits Infosys and Wipro were evacuated last night following a bomb scare. Police used sniffer dogs to search the Bangalore offices of Infosys and Wipro for more than an hour after receiving the bomb threat. No explosives were found during the search. This is the second time Wipro has been at the centre of a bomb hoax. Last week the bomb squad searched its offices after police received a call warning of a bomb. Within hours of tracing the call, police arrested a 30-year-old software engineer employed by the company. Prashanth Kumar admitted making the call but said he did it to test security which he claimed was in a shambles, reports The Deccan Herald. The bomb scares followed the discovery of a terrorist cell planning to attack leading software firms in Bangalore. Three men were shot dead and two arrested in southwest Delhi ten days ago. Indian police claim the men were members of Lashkar-e-Toiba - a Wahabi militant group fighting for an independent Kashmir. ® Related stories Terrorists target offshore call centres Outsourcing more expensive than in-house service UK firms avoid outsourcing tech support
Tim Richardson, 15 Mar 2005
homeless man with sign

911 Trojan author jailed for six months

A Louisiana man has been jailed for six months after he was convicted of infecting WebTV users with a Trojan horse that made 911 nuisance calls. David Jeansonne, 44, of Metairie, Louisiana, pleaded guilty last month to causing a threat to public safety and causing damage to computers. At a hearing Monday 14 March, Judge Ronald M Whyte ordered Jeansonne to pay Microsoft more than $27,100 in addition to serving six months in prison, Reuters reports. Following his release, Jeansonne will be under a six months home detention order. The WebTV service (now renamed MSN TV) allows subscribers to get online using their television. Jeansonne's malware, emailed to users in 2002, posed as a program which would change colours on their TV screens. In reality, the malicious code reset the settings on the user's WebTV box so that it dialled 911 next time it attempted to connect to the net. Ten users reported that local police either telephoned or visited their home in response to what they thought were emergency phone calls as a result of the attack. ® Related stories WebTV 911 ne'er-do-well pleads guilty WebTV 911 hacker charged with cyberterrorism WebTV 911 exploit causes confusion Microsoft plugs inexpensive TV Net access Essex girls to get free WebTV
John Leyden, 15 Mar 2005

DRM comes to mobiles

SanDisk is working with a subsidiary of Rupert Murdoch's News Corporation to make storage cards which include digital rights management. The flash card maker will offer cards for use in mobile phones from the last quarter of this year. SanDisk cards will use NDS's mVideoGuard Mobile DRM technology. This allows operators to control what people can do with content stored on the cards. They can offer subscribers content subscriptions, single purchase and pay-per-view versions of stored content. SanDisk said, "This will allow mobile network operators, service and content providers to protect their content property rights and ensure that consumers gain access to premium content, such as pay-per-view movies, video clips, digital images, video games, ringtones, realtones, MP3 music tracks..." The flash cards will be fully compliant with the Open Mobile Alliance DRM standard. For Sandisk's full press release see here.® Related stories Moto's iTunes phone - please try again later Contentguard boss sues shareholders MS, Time Warner Coral DRM spec imminent
John Oates, 15 Mar 2005

Netgear MP101 wireless music player

ReviewReview Netgear has always focused on the SOHO market and has consistently delivered a range of keenly price networking products. The MP101 represents a new direction for the company as this box is a digital media player that will play MP3 and WMA music files over wired and wireless networks. And, in keeping with Netgear's philosophy that technology shouldn't cost a packet, it comes at an affordable price, writes Dave Mitchell. The MP101's brushed steel front panel won't look out of place on a hi-fi rack. In the middle is a brightly lit four-line text display that provides information about the unit's status, its configuration and the tracks being played - title, artist, album and so forth. The machines is used solely with the remote control, which provides easy access to the unit's settings and playback menus. Alas, Netgear has been a bit crafty about the MP101's wireless capabilities. The packaging states the machine is 802.11b and 802.11g compliant. In fact, the unit only supports 802.11b running at 11Mbps, but will connect to an 802.11g access point set up to operate in 802.11b mode too. Streaming performance shouldn't be an issue over 802.11b wireless unless you want to stream uncompressed audio. Unfortunately, according to the spec sheet, the MP101 doesn't support uncompressed audio formats, so it's clearly not a box for audiophiles. It can't handle DRM-protected songs, nor is it Mac and/or iTunes compatible. An additional 10/100Mbps Ethernet port on the back of the unit allows it to be wired to the network if you need the extra bandwidth - and have the cables in place. There's not much else to see at the rear: just a pair of audio jacks for connection to your stereo and a mini-jack for headphones. There are no digital outputs. Installation is simple enough: you just power the device on and let it search for available wireless networks. The display keeps you updated on its progress and it had no problems finding our 802.11b network. It will show all discovered networks, and you use the remote control to scroll through them and select the one you want to connect to. If you're worried about security, the MP101 supports 64/128-bit WEP encryption, though it's not up to WPA-level protection. When the unit attempts to associate with a secured access point it automatically detects that WEP is enabled and asks if you want to activate this on the player. You use the remote's alphanumeric keypad and music control buttons to enter the network's password. We have heard reports of problems with Netgear's Media Server software but it behaved impeccably during testing. Adding music files to the Netgear collection is easy enough as the import function scans selected drives and folders looking for MP3 and WMA files. You can even use a built-in scheduler to scan selected locations at regular intervals. iTunes-style smart playlists make organising your music files even easier as you can match conditions based on any or all of these categories and use keywords to automatically populate a playlist. The sound quality is great. Playback was very clean on both 'phones and a stereo, and at no time did the 11Mbps wireless link cause any performance problems. That said, the MP101 as supplied refused to play any of the vTuner radio streams until its firmware had been updated, so we recommend you do so regularly. Verdict We enjoyed testing the MP101 and found it very easy to install and use with good playback quality. The unit offers excellent levels of control over the music provided by the Media Server so you can mix and match tracks to your heart's content. The remote control was simple to get to grips with, making this package a useful addition to a home entertainment centre. Review by Netgear MP101   Rating 70%   Price £82 inc. VAT   More info The Netgear MP101 site Recent Reviews Nokia 9300 Communicator Apple 15in PowerBook G4 Seagate 5GB USB 2.0 Pocket Hard Drive Olympus Camedia C-370 Zoom Belkin Wireless Pre-N Router Sony Vaio VGN-FS115B 'Sonoma' notebook Bose SoundDock iPod speakers Firebox VoIP Cyberphone
Trusted Reviews, 15 Mar 2005

Apple wins iTunes.co.uk case

UpdateUpdate Apple has been awarded control of the domain iTunes.co.uk, even though it was registered before the Mac maker announced its online music service. The decision by Nominet-appointed expert Claire Milne, a telecoms consultant, puts the UK registry in a difficult position where it is deciding cases for businesses despite prior rights and possibly against the law of the land. iTunes.co.uk’s orginal owner, Benjamin Cohen, has vowed to fight on, threatening to appeal the case through Nominet or, if necessary, the High Court. Only last month, Nominet ruled that Game.co.uk should be handed over by game consultant Gareth Sumpter to Game plc. That decision - due to go to appeal next month - raised the worrying possibility that large companies would be encouraged to sue smaller competitors online. For a few thousand pounds, large companies may be able to get hold of domains potentially worth tens or hundreds of thousands of pounds. With the iTunes decision, a smaller company holding prior rights on a domain (in this case CyberBritain), has for a second time lost out to a larger company. iTunes.co.uk was registered in November 2000, and redirected to a music search engine on CyberBritain. Apple only launched its UK service in June last year - four years later. Nevertheless Nominet expert Milne found that: "On the balance of probabilities, I find that the Domain Name, in the hands of the Respondent, is an Abusive Registration on the grounds of its use in a manner taking unfair advantage of, and being unfairly detrimental to, the Rights of the Complainant." The full decision is not available yet. But it would appear that the long-held notion of prior rights has been set aside in Nominet's most recent domain resolution rules. Has the UK registry become corporate friendly? The logic that will no doubt be strenuously put forward by intellectual property lawyers is that if someone with a similar domain to a (subsequent) well-known service then uses the knock-on effect to benefit financially, then they are guilty of using that registration abusively, and the domain should be handed over. This is a dangerous logic however. If a company builds, say, a pedestrian shopping centre and subsequently causes the price of commercial properties in that area to rocket, that company is not entitled to take over those properties just because they have benefitted. And it would appear that UK law also stands by this position. Earlier this month, the High Court threw out a case against Phone4U.co.uk by high-street mobile company Phones4U. The owner of Phone4U.co.uk, Abby Heykali, was found not guilty of trade mark infringement or passing off. He said: "I am relieved this is all over. I registered phone4u.co.uk in August 1999 long before I heard of Phones 4u. I have always traded honestly and attract customers because of my low prices, not because they think I am anything to do with Phones 4u." His law firm, Bird & Bird, said: "The case demonstrates the difficulty a company can face if they choose a name which lacks distinctive character. They cannot prevent other traders from using similar names. Had there been evidence of people being deceived we would have advised our clients to change the name of the website. Caudwell was unable to show that internet purchasers were confused at the point of purchasing from our clients." The case is strikingly similar to both Game.co.uk and iTunes.co.uk and Nominet finds itself ruling twice against the stated views of the UK legal system. The owner of iTunes.co.uk, Benjamin Cohen, has not missed the point. "I must admit that we were not expecting this decision by Nominet's appointed expert. Apple chose to launch the UK brand of 'itunes' within the UK with the knowledge that we had owned the name for three years before their US launch and four years before their launch within the UK," he said. "We now face two decisions, whether to appeal to Nominet directly or refer the matter to the High Court. Both of these options are expensive and are not necessarily within the means of a small business. However, the recent High Court victory of Phone4U.co.uk against the major retailer, Phones4U - owned by the Caudwell Group - leads me to think that our case may be extremely strong." Update Nominet's solictor Edward Phillips has been in touch confirming the decision by independent expert Claire Milne, and urging us to not draw conclusions until the full decision is published. "In this case the Expert explains that the finding of abusive registration is made, in part, because of the use of the name. The decision describes the sequence of events in relation to the domain name, which you may find informative." He also stressed the experts' independence from Nominet. "The decisions are not made by Nominet UK, they are made by the Independent Experts and I can assure you that the Experts truly are independent. The DRS staff and I never discuss with the Experts how we want a case to go, do not edit the decisions or recommend changes to the Experts when the decisions come back, and go to great lengths to ensure our neutrality. Equally we do not comment on published decisions, either to endorse or criticise." As for the apparent conflict with the High Court in the Phone4U.co.uk case, Phillips makes the point: "The Experts bear the general law in mind, but the basis that they are making their decisions on are different to a normal civil law case. In a civil law case the cause of action will be 'passing off' or registered trade mark infringement: in the DRS the Expert is considering the narrower question of (a) does the Complainant have rights and (b) is the registration or use of the name 'abusive'. This distinction has always been there, and arises because the DRS simply solves a dispute under the contract of registration, not a larger problem, as the courts seek to."® Related stories Domain dispute puts question mark over UK ecommerce Apple threatens iTunes.co.uk owner Related link Report of Phone4U.co.uk decision
Kieren McCarthy, 15 Mar 2005

The unsavoury world of PC licences and Firefox exploits

LettersLetters A quick rummage through the letters bag for the choicest morsels [sounds like a dog food advert - Ed] turned up one of your favourite topics: the television licence, and its future. Those from outside the UK are often utterly baffled by the television licence: a piece of paper conferring upon the grateful subject the right to watch the goggle box. Here in Blighty, opinion on the subject is already deeply divided, so you can probably imagine the kind of reaction to government speculation that the long-term future of the licence could possibly involve a possible switch to a PC licence: Makes sense. I don't pay the TV license because the aerial doesn't work. Instead, BitTorrent and the BBC On-Demand Player satisfies all my needs. Even had a TV license guy come in, I told him I download everything, and there's nothing he could say to that. Living in guilt, Anon John, Wow, what a wonderful idea. The same state system that whines on about trendy concepts like 'digital divides' then goes on to suggest instead of taxing TVs, we'll tax PCs instead. Sounds like jobs for the boys following the analogue switch-off. How's this for an idea - sack the bureaucrats who come up with this trash (this will probably save the same amount anyway), make Auntie self-financing by encrypting the TV channels and offering them out via digital service so that we, the consumer, can choose what we watch (Why should I pay for BBC 4 so a handful of high-brow types can watch opera/Why should high-brow opera types pay for knuckle-dragging content on BBC 3?). Alternatively, the government could be honest, whack a penny on income tax and directly fund Auntie. After all, Geriatrics do so love their state pension. Curtis, the foaming, gibbering mass, sitting in the corner with too much time on his hands....... PC Tax Several thoughts spring into my mind here, first what's a PC? A playstation? A Mac? A nokia Communicator? A SKY+ box? Second why pick on PC's to fund the BBC, why not telephones or shoes? Ian A "PC Tax"? Heaven forbid! "Unenforceable?" - when my phone and my PDA are in effect PC'S that can get the BBC - you bet! Remember the "Window Tax" of 2 centuries ago? You can still see the bricked-up windows. If I was Jessa Towel, I would be thinking along the following lines: a VOLUNTARY TAX on ISP's, which networks run by BT would pay for immediately. In return for their payment, these ISP's will be able to offer their customers access to "state-provided" services, including of course the BBC, but also the other things you need to connect to the authorities for, such as taxes, the dole, driving license, voting, school meals preferences, planning permission, hip surgery.............. ISP's who didn't pay up would still be able to provide a "second-class" service for the brickers-up. Andrew Some of you took issue with the results of an RSA Security survey which found London's Wi-Fi networks are unsecured and vulnerable to attack: In regard to your recent publication on the survey claiming a percentage of Wireless networks in the London area are not secure, I believe this to be a tremendously flawed number. For you see, you cannot easily find out if a network is not secure. Most would say, you could war drive around for a few hours with an Omni antenna mounted on the roof of your car, scan for networks and then assume that all of the Networks you find running without WEP or WPA and the like are open to attack. Well no, this is not the case, For example, 1. I know for a fact that there are a number of "honeypots" running that are open for the simple reason of wanting to be attacked, these are used for research purposes by individuals and companies. 2. Public wifi networks, such as the meshhopper style cannot use encryption, otherwise how would you get onto the Network in the first place to pay. 3. A number of companies use a combination of an open wireless networks and a VPN solution with RSA keys or SSH tunnels which is perfectly fine anyway since the all your traffic is sent over a secure tunnel even if your network is insecure. Now to probe each network and find out what each setup entails would take an inordinate amount of time (believe me, i've done it, and even scripting the whole thing using tools such and kismet and ettercap, its still a lengthy process). So this can only lead me to the conclusion that their statistics are incorrect, as in my tests I found presuming encryption on/off and an Access point name of "any" meant secure/insecure was wrong. P.S. At home I use a PoE Wireless Access point (mounted on the roof) as a client (No WEP) running on CAT 5 to another access point inside the house running a second wireless network with, again, no WEP. The reason I do this is because the Wireless is provided for free from the County Council and I don't mind letting the neighbours using it. Am I concerned about my information being sent securely ? I use a VPN Tunnel to a Co-Located machine and it would simply be easier to break into my house and rob the machine. Regards, Keith Next up we have the rather unpalatable news that the hacking community does not regard Mozilla/Firefox as sacrosanct and has written a nasty piece of code designed to get spyware and adware onto the machines of users running non-IE browsers: How can you describe this as a security weakness in Firefox and other browsers when the user has to click to give permission for the install? If you actually read the dialog box the security certificate is invalid and was issued by a company that is not trusted. How do you suggest that Firefox and other browsers should deal with this ? simply prevent installation of java at all times. Any system can be compromised by user stupidity if you are prepared to download and execute software from unknown and untrusted sources then I don't know why you expect your browser to protect you ! Ian "exploiting the vulnerabilities that exist in any complex browser" Should this be a call to return to simple browsers ? Ones that do not integrate Java and ActiveX ? After all, there is no information on the web that calls for anything else than HTML, all the rest is just icing on top, icing that is real good at attracting flies (and worse). If Flash can be lumped into the "complex" category, and I've got a strong hunch it can, then I'm all for it. Long live pure HTML ! Pascal. Well, sounds like we should all just go back about 15 years and start using lynx again. Wouldn't hurt the quality of the web either - imagine banning frontpage and dreamweaver and all those other tools that generate massively bloated HTML and requiring web designers to write robust, clean HTML... Ah.. the good old days... Edwin Yawn. So there's yet another "if the user clicks the button, they're infected" exploit. Why is this news? We already know users are idiots. Next week in The Register: "Shocking New Evidence Proves Water is Wet!" Steven Get your facts straight, learn about computers and make sure your mouth (in your case your ass) is connected to your brain before commenting on something you obviously know nothing about. Kevin A direct brain-to-donkey connection, eh? Intriguing... We'll be back on Friday with an update from Muffin the Mule. ®
Lucy Sherriff, 15 Mar 2005

Mystery shoppers hit London churches

Ship-of-Fools, the online Christian magazine, is sending the religious equivalent of Mystery Shoppers to check on the quality of church services in London. The Mystery Worshippers will visit churches across London Sunday 24 April and take note of sermon quality and length, pew comfort and the quality of after-service coffee. All visits are anonymous but the Mystery Shoppers will put a calling card, complete with picture of the Lone Ranger, in the collection plate. The site is hoping to send out between 40 and 50 inspectors and is still looking for volunteers. If you want to help click here. Ship-of-Fools came to the tender attentions of El Reg in May of last year when its virtual church, the Church-of-Fools, was hit by heretical hackers. Church wardens were forced to excommunicate some members of the virtual chapel for harrassing female members of the congregation and registering racist names for their avatars. More details here. Mystery Worshippers have already sent in more than a thousand individual reports from churches across the world but this will be the first mass-Mystery Worship. Results will be published on the Ship of Fools website May 10.® Related stories C of E seeks dynamic cybervicar Bath church casts net, catches 500 Online flirting will send you straight to hell
John Oates, 15 Mar 2005

BT to block rogue diallers - again

BT is trying yet again to crack down on rogue diallers by introducing new software that will stop computers from dialling premium rate numbers. It's commissioned a small UK-based independent software company to develop a system to prevent PCs from dialling expensive numbers. Although BT won't reveal the name of the company, the UK phone giant says trials of the Modem Protection software in Northern Ireland have proved successful. Now it intends to make the software available for free to all of its punters by May - regardless of which ISP they use. BT Modem Protection will block PCs from dialling costly premium rate or international numbers - even if rogue dialler software is installed on machines. Punters will also be warned if their modem begins to dial any number other than a list of approved numbers, such as those used by their ISP. Another idea BT has up its sleeve is to notify punters if it spots spikes in phone charges that could signify that they're the target of phone fraud. BT reckons today's announcement is part of a "co-ordinated two-pronged approach" to help alert punters to scammers who try to rip-off consumers. Of course, this isn't the first time the monster telco has tried to respond to the issue of rogue diallers - software that secretly changes computer settings so they call a premium rate phone line instead of their usual ISP number. In June last year BT began blocking UK-based premium rate numbers suspected of being used by rogue dialler companies to defraud consumers out of hundreds of pounds. But BT was forced to drop the scheme after it was sued by Birmingham-based Opera Telecom seeking compensation for lost revenues. BT is confident that its Modem Protection software will not land the telco in legal hot water because it's the consumer who decides to block numbers - not BT. Even so, there are those who believe BT should do more to protect phone users from being ripped off - and should be made to pay. Last December Manchester law firm, Davis Blank Furniss set up a company, Dial Up Fraud Ltd, to launch a legal challenge against BT on behalf of internet users stung by rogue diallers. The law firm is currently trying to recruit 2,500 punters who are prepared to cough up £60 to a legal fighting fund that will be used to challenge BT and seek compensation for those hit by rogue diallers. Said commercial lawyer Stuart Shalom: "BT is currently refusing to cover the cost and compensate its customers who have fallen prey to this scam, it means that they are liable to pay out hundreds of pounds for calls they have not made. This is grossly unfair and we want to get BT to accept that its customers should not have to pay for all those unwanted calls." A BT spokesman told The Register: "We don't think they've got grounds for a case." ® Related stories BT rogue dialler court case delayed BT sued for blocking suspected 'rogue dialler' numbers New 0871 rogue dialler scam spotted Citizens Advice warns of 'shocking' rogue dialler scams BT abandons scheme to block rogue diallers
Tim Richardson, 15 Mar 2005

Hollywood threatens to sue UK BitTorrent man for millions

ExclusiveExclusive Alexander Hanff had no idea Hollywood was keeping such a close eye on him. Then, last Saturday morning, a movie studio functionary arrived at his door. Hanff, still in his dressing gown and not yet full of coffee, opened the door, only to be served with a lawsuit by Paramount, Twentieth Century Fox, Universal City Studios and Warner Bros. You may have already guessed Hanff's supposed transgression. The movie studios suspect him of running a BitTorrent hub and helping people download copyrighted films via P2P technology. The MPAA (Motion Picture Association of American) has gone after numerous BitTorrent hubs on similar charges and managed to shut many of them down. The plot here is a familiar one. There are, however, a couple of factors that make Hanff's story unique. For one, the US studios served Hanff papers at his home - in England. Secondly, Hanff, 31, owns the DVDR-Core domain name and pays for its server, but he has never actually administered the site. That's done by a group of online friends that Hanff has never met in person. Lastly, Hanff plans to fight the movie studios, making him a rarity among BitTorrent hub owners. "I am certainly not going to settle for anything that will compromise my integrity or the integrity of our members," Hanff said. "They can bankrupt me. I don't own a house, so they can't take it. I own a few guitars that they can have and an old inkjet printer. It's a waste of their time and of my time." Hanff argues that BitTorrent hubs should be covered by the same rulings that have made P2P services legal in the US. The hubs don't host actual movie files. They point people to computers where the movies are stored. It's the users and not the hub owners that are directly infringing on the movie studios' copyrights. And with personal files and open source software being moved via BitTorrent technology, there are plenty of substantial non-infringing uses for the hubs. "Torrent files don't contain any data," Hanff said. "This is a search engine scenario. Why aren't Google, Yahoo or Microsoft getting sued?" Hanff bought the DVDR-Core domain name close to 18 months ago and then last year purchased a server hosted in California. His online friends then set up a community site for DVD and movie enthusiasts. The site had all the basics such as chat rooms, discussion boards and special "members only" sections. It also happened to have a BitTorrent tracker for finding files - many of them copyrighted works of MPAA members. In total, the site was actually only up and running for a few months. Hanff shut it down of his own volition in December, after reading about raids on Dutch P2P sites. (Hanff had moved from the California servers to Dutch servers in early December and shut down the site in mid-December). "The servers were wiped clean by the administrators," Hanff said. Hanff insists that he has never administered the DVDR-Core servers, unless you count paying for them as administration. Only his online associates - who he has never met and can't even be sure if he knows their real identity - have touched the boxes. Hanff declined to provide contact details for these administrators but said they have not been served with any papers by the movie studios. The movie studios never sent word that they were concerned about the DVDR-Core site until the lawsuit threat arrived - a fact which really displeases Hanff. "I never received a complaint, and I took the site down on my own," he said. "Now, three or four months later, I am getting served." While he was only served last week, the studios filed their lawsuit back on 14 December in the District Court for Northern Illinois. They filed a "John Doe" lawsuit, but the studios were later able to identify Hanff with the help of the server's ISP. "Though you may currently be located in the United Kingdom, you will be subject to the jurisdiction of the United State federal court by virtue of your engaging in BitTorrent activities through a US Internet Service Provider, among other reasons," the studios said via their lawyers. The lawsuit filed by the movie studios claims DVDR-Core provided links to 1,000 torrents and films such as "Big Fish," "The Bourne Supremacy" and "The Stepford Wives." The media mob threaten to seek anywhere from $750 to $150,000 per infringed work. DVDR-Core never provided Hanff with any extra income. He didn't put ads on the site and used a scant amount of donations to pay for the server. At its peak, the site had about 30,000 registered members. Hanff has no idea how to respond to the studios from a legal standpoint. The studios have tapped Jenner & Block LLP in Chicago to do their dirty work. The law firm, however, didn't say what it would accept as a settlement or what the movie studios wanted. On Tuesday, Hanff, an IT trainer by day, plans to ask for legal and possibly even financial help on the DVDR-Core site. A similar strategy was employed recently by another BitTorrent hub - the dubious LokiTorrent. "Loki kind of ruined it for people like me, but I am going to appeal for legal advice on the web site," he said. This case proves that the MPAA, like its musical counterpart the RIAA, is intent on making an example out just about anyone. It's prepared to send operatives scurrying about the UK to serve papers on a man who had already shut down a possibly legal site months ago. The media moguls likely won't get any lucrative pay out of Hanff. All he has are those guitars, a printer and three cats. As it turns out though, that's the type of arsenal our most feared criminals pack these days. ® Related stories Swedish ISP raid prompts backlash Bloggers invade Austin music fest BitTorrent gets major revamp Arizona tags naughty file-trader BPI nails 'music pirates' P2P promises economic Valhalla - Grokster et al Loki puts donations toward $1m MPAA payoff Sue the reader of this File Sharing Book
Ashlee Vance, 15 Mar 2005

ESA flirts with NASA over Jupiter mission

The European Space Agency is beginning preparations for another collaboration with NASA, this time for a mission to Europa, the icy moon of Jupiter. Officials on both sides of the Atlantic are keen to renew the partnership that made the Cassini-Huygens mission such a success, BBC Online reports. A joint working team has been established to look into the role each agency might play, the possible spacecraft involved, and what the mission objectives would be. Europa is an icy ball, slightly smaller than Earth's moon. Scientists suspect that the tidal forces it is subjected to because it is so close to Jupiter could generate enough heat to sustain liquid water below the surface. The tides certainly create plenty of cracks on the moon's surface, and the fact that many of these are tinted reddish-brown has prompted speculation that there could be microscopic life below the ice. It is this possibility which really makes Europa an irresistible target. Professor David Southwood, director of science at ESA, says that he piqued the interest of the Americans during meetings held last week. But both parties have an interest in working together rather than going it alone. NASA was planning to send a mission to Jupiter's moons, but funding has since been re-allocated to support Bush's goal of sending a manned mission to our own moon, and the Jupiter Icy Moons Orbiter (Jimo) mission has been shelved for the time being. Europe, meanwhile, has no expertise in radioisotope thermal generators, the preferred power system for such missions. "I'd much rather do this with RTGs," Professor Southwood told the BBC News site. "And that makes it almost certainly a joint venture with the Americans and why should we do it separately?" Another area for consideration is how to look below the ice. On one hand, deep penetrating radar scans from orbit are likely to provide a great deal of information, but Professor John Zarnecki, head of the surface science package on the Cassini-Hygens mission to Titan, says that the pressure to go to the surface will be immense. This poses a huge challenge for mission designers, who will have to figure out a way of drilling or melting through as much as 30km of ice to get to the liquid beneath. "If it is technically feasible to go to the surface, you would want to do that. Huygens' surface image on Titan says everything," Zarnecki told the BBC. "But, it may be that what you want to do - to look below Europa's ice - you can do that better from orbit." Either way, the mission is in the very early planning stages: the earliest any craft will get underway is 2016. ® Related stories Saturn sings the blues Titan: rains of methane, mountains of ice ESA shows off Titanic views Huygens lands on Titan, and the data floweth China plans five-day space mission Cassini glimpses Titan's face
Lucy Sherriff, 15 Mar 2005
channel

Database developers get tooled up

Microsoft has announced the general availability of Visual FoxPro 9.0 for developers making applications for databases. The set of tools allows developers to create apps for desktop, client-server or web environments. The new version has improved SQL language capabilities More info from Microsoft here. In more database shenanigans doubts have been cast on the scalability of the upcoming release SQL Server 2005. It is due to ship this summer but so far there is no sign of the TCP-C benchmarking tests. Forrester Research is publishing a report titled "SQL Server 2005 Likely to Fall Short in High-End Performance Delivery" - which perhaps gives a little too much away. The report's author Noel Yuhanna believes Microsoft would have released figures if they had been any good. Yuhanna also said that beta users are not seeing benefits in terms of high-end scalability. More details on eweek here.® Related stories Learn to design effective database systems MySQL worm attacks Windows servers Crooked Microsoft worker masterminded $7m racket
John Oates, 15 Mar 2005
channel

EC ends Microsoft DRM probe

The European Commission has ended its investigation into the ownership of DRM technology developer ContentGuard. The probe was put on hold in December 2004 pending the sale of a 33 per cent stake in ContentGuard to French firm Thomson by joint owners Microsoft and Time Warner. The EC decided to take a closer look into ContentGuard's ownership in August 2004, four months after Xerox sold the DRM company to Time Warner and Microsoft. EC anti-trust officials were worried that control of a key digital media technology, DRM, could allow the owners to exert undue pressure on the developing online music market. The sale of a third of the company to Thomson was announced in November last year and was widely seen as a way of sidestepping the EC. Indeed, the Commission today said the Thomson deal was enough to take the ContentGuard acquisition out of its remit. "Through the conjunction of Thomson's acquisition of an equity stake, and of changes in ContentGuard's governance structure, no shareholder will have control over ContentGuard," the EC said in a statement. "Thus this transaction is not subject to EU merger rules." ® Related stories Contentguard boss sues shareholders MS, Time Warner CE vendors unite to develop DRM ContentGuard talks DRM futures Europe pauses Microsoft DRM probe Thomson takes 33% stake in MS-backed DRM developer EC objects to MS - Time Warner ContentGuard takeover EC launches Microsoft DRM probe EC mulls MS DRM monopoly trawl Time Warner invests in ContentGuard
Tony Smith, 15 Mar 2005
hands waving dollar bills in the air

Rise of the botnets

Botnets - networks of compromised PCs - launched 226 distributed denial of service (DDoS) attacks on 99 different targets in a three-month period from November 2004 to January 2005, according to a study from The Honeynet Project. The report, Know your Enemy: Tracking Botnets, estimates a population of approximately one million infected hosts is under the control of computer crackers. The findings come from monitoring a network of PCs deliberately left open to attack in order to track and study in detail the actions of attackers and the tools they use. The project, run by the German Honeynet Project, also monitored IRC channels used to control botnets. What emerged from the study is the most detailed technical description of the modus-operandi of botnets we've seen to date. The project tracked more than 100 active botnets, some with up to 50,000 compromised "zombie" machines. It saw 226,585 unique IP addresses joining at least one of the monitored channels which represent only a small proportion of overall botnets activity. Based on these figures The Honeynet Project conservatively estimates that "more then one million hosts are compromised and can be controlled by malicious attackers," Botnets are being used for a variety of nefarious criminal or malicious purposes including: distributing spam, mounting distributed denial of service attacks, sniffing network traffic for unencrypted passwords, key logging, installing spyware and click fraud targeting Google's AdWords program. The study also details the most common zombie agents used in the creation of botnets such as Agobot (AKA Phatbot), SDBot and various mIRC-based bots. "Our research shows that some attackers are highly skilled and organized, potentially belonging to well-organized crime structures," the report concludes. "Leveraging the power of several thousand bots, it is viable to take down almost any website or network instantly. Even in unskilled hands, it should be obvious that botnets are a loaded and powerful weapon." ® Related stories DNS cache poisoning bugs hits Symantec shops Send-Safe spam tool gang evicted by MCI Botnets strangle Google Adwords campaigns Heise.de under DDoS attack Scot in court on DDoS charges VXers creating 150 zombie programs a week Botnet used to boost online gaming scores
John Leyden, 15 Mar 2005
channel

Apple's iPod stokes MP3 player market 'boom'

Apple's decision to release a Flash-based digital music player, the iPod Shuffle, was tacitly vindicated today by market watcher iSuppli. Its statistics suggest that solid-state players will continue to outsell hard drive-based units through to 2009. Between now and then, overall MP3 player shipments will almost quadruple, from 36.8m units to 132m, the researcher notes in a new report, Portable MP3 Players: Booming Market Looks for New Twist. In 2004, some 27m Flash players shipped, almost three times more than the 9.8m HDD-based units released into the marketplace. Come 2009, however, the proportions will have fallen closer to parity: 75.8m Flash players to 56.2m HDD-based units, iSuppli said. The two categories will show compound annual growth rates of 22.9 per cent and 41.8 per cent, respectively. HDD shipments will show continuous, linear growth through over the next four years or so, while Flash's growth will quickly slow. That said, it's clear from the price differential between Flash and HDD players that Apple was right to establish itself in the HDD space first. Flash may lead in unit shipments, but it's hard drive player sales that are really driving revenue growth. iSuppli said Apple was largely responsible for the explosion in shipments during 2004 - as much because of the competition it inspired as its own sales efforts. Player shipments jumped 116.5 per cent between 2004 and 2003, the researcher said. Growth is likely to be a more sedate 57 per cent this year, with 57.7m units shipping globally. Apple's example suggests that devices that try to offer a broad range of features - music, video, radio, recording etc. - are likely to fare less well than products with a more basic, yet simple to use feature set. Higher player sales means, of course, more audio processor chips and Flash memory will ship, and iSuppli said MP3 semiconductor sales will rise from $319m in 2004 to $1.07bn in 2009. ® Related stories Samsung unveils 3GB HDD smart phone Slim Devices adds 802.11g to wireless MP3 player Sony preps iPod Shuffle 'killer' Apple faces iPod, iTunes patent violation claims Is the Mac Mini Apple's future 'smart' iPod Dock? Sony Ericsson launches 'Walkman' Seagate, Hitachi launch 1in 6GB HDDs Apple revs iPod, cuts prices
Tony Smith, 15 Mar 2005

Broadband boost helps NTL trim losses

NTL's decision to restructure its business, focus on broadband and elbow "delinquent" punters into touch appears to paying off. Operating losses fell 80 per cent from £192.4m to £39m for the year to the end of December as revenues rose 8.7 per cent to £1.5bn. Much of this is down to a 40 per cent growth in broadband subscribers to 1.33m, said the UK cableco, although 62,000 of those were added following the acquisition of Virgin.net in November. Despite increased competition from DSL providers NTL estimates that the number of cable broadband punters will continue to grow by around 20 to 25 per cent during 2005. As well as generating extra revenue, NTL is also cutting overheads. In November, it announced it was getting tough with late payers and that appears to be paying off too. Said chief exec Simon Duffy: "After implementing major systems improvements in 2004 and aggressively removing delinquent or non-paying customers from our customer count, we expect to add over 200,000 customers on-net this year, including a further 20-25 per cent increase in our broadband customer base." Last month NTL completed the £1.27bn sale of its broadcast division to a consortium led by Macquarie Communications Infrastructure Group. The UK cableco used £500m to repay some of its outstanding debt. ® Related stories NTL completes £1.27bn sale of broadcast division NTL to trump BT in March assault NTL flogs broadcast division for £1.27bn
Tim Richardson, 15 Mar 2005

Ebbers guilty of WorldCom fraud

Bernie Ebbers did mastermind the $11bn (£5.8bn) book fiddling that torpedoed US telco WorldCom, a New York jury decided today. After more than a week of mulling, the jury ruled that Ebbers was behind the scandal that led to the collapse of WorldCom in 2002. In the end it was Ebbers' word against that of former CFO Scott Sullivan. Sullivan - who had already pleaded guilty to his part in the fraud and was the star prosecution witness - said Ebbers was obsessed with hitting the numbers and drove the fraud. Ebbers said he had no knowledge of the accounting scandal. The jury believed Sullivan. Ebbers is due to be sentenced on June 13 and faces up to 85 years in jail. His defence team is already planning an appeal. ® Related stories Ebbers was 'leader of the con' Ebbers was 'intimidating' boss Ebbers failed to tell of book fiddling Ebbers 'drove Worldcom fraud' - Sullivan
Tim Richardson, 15 Mar 2005
globalisation

Benchmarks haunt AMD's Turion

Chip and server makers have an awful habit of unintentionally highlighting their weaknesses by making a big deal of dubious benchmarks. Intel has done it. IBM has done it. HP has done it. Sun Microsystems has done it. And, most recently, AMD has done it when it launched the mobile Turion 64 processors last week. The Turion chips were designed to make AMD more competitive against Intel's Pentium-M processors. Specifically, AMD is looking for Turions to find their way into the thin'n'light notebooks that account for an ever larger chunk of laptop sales. Customers seem fed up with lugging around massive lap warmers. A key factor in the thin'n'light category is the balance a notebook strikes between performance and battery life. So when a vendor - in this case AMD - puts all of its attention on performance and doesn't say one word about battery life, you know the product in question might have some balance issues. AMD rolled out plenty of performance benchmarks in front of the press, stacking a Turion 64 notebook against a Pentium-M notebook in office productivity, digital media and gaming tests. But, while the 2.0GHz clock on both companies' chips would seem to indicate an apples to apples comparison, AMD really had a rather special system on its side. Since no Turion laptops are actually on the market, AMD created a "reference" laptop of its own. The AMD system ran on a 35 watt Turion 64 and had a graphics processor from ATI. That's a pretty handy pairing when you decide to compare it against a 27 watt Pentium-M with Intel's integrated graphics processor. See the AMD system specs here (PDF) and the Intel system specs here. AMD could well have picked its own 25 watt part to stack up against Intel and used a Pentium-M laptop equipped with an ATI or Nvidia graphics controller. But what would that have done to the benchmarks? "If they had compared a 25 watt system and a lower power graphics controller, the numbers would be down a lot," said Martin Reynolds, an analyst at Gartner and an especially close PC industry watcher. An AMD spokeswoman insisted the company picked "the most comparable offering from the competitor" that it could find, even though it didn't actually do that. AMD declined to provide any of its own battery life measurements at this time because there are no production laptops on the market to measure, she said. Somehow it's okay to use a "reference" system for performance results but not for battery life results. The only third-party battery life indicator AMD could come up with was from a MSI Megabook S270 review written in German. Google's translator tells us, "The Subnotebook weighs approximately 1.8 kg and is with its lithium ion Akku (4400 mAh) approximately 4.5 hours to hold out." So, if holding out is important to you . . . Why is AMD being so coy? "The answer is that the battery life isn't so good," Reynolds said, adding that Turion-powered systems could have up to one-third less battery life than laptops running on Intel's ultra low voltage products. As Reynolds pointed out, AMD didn't do anything terribly unique with the Turion benchmarks. It saw that performance was the chip's strongest aspect and then tweaked the comparisons to make sure it outperformed Intel. Chipzilla has done this many times as well - one incident in particular comes to mind. Potential customers, however, should be aware that Turion barely beat Pentium-M on numerous benchmarks even with the deck stacked in its favor. And it killed Pentium-M in gaming and digital media tests because AMD had ATI and a higher-powered chip on its side. An Itanium laptop would surely crush either of these chips on any benchmark - in those few minutes available before it melted to the desk. AMD should have picked processors with similar power envelopes and graphics. By being so proud of its performance, AMD might have alerted all of the reporters covering the Turion launch to take a closer look at the benchmarks. Few reporters really did though. (We can think of just one that kind of hinted at the lack of battery life.) This kind of trickery in the benchmark game does little for the vendor. It makes you question any future performance claims and draws extra scrutiny to the product. While battery life is a function of the chip, hard disk and screen, you can't help but wonder if something really quite odd is going on with the processor in this case - something that has a painful effect on your Turion laptop's life. Here are AMD's Turion versus Pentium-M benchmarks in PDF format for gaming, digital media and office productivity.® Bootnote A number of readers have argued that the wattage on the Pentium-M would go higher once you include the memory controller. In addition, AMD measures TDP (thermal design power) differently from Intel. Those factors, however, still don't account for the graphics edge or the fact that AMD is right off the bat pushing much harder against the power envelope you want in a thin and light notebook. No matter how you slice it, AMD drilled right in on performance for a reason - because it would prefer not to talk about battery life. Related stories Intel 'plans' Pentium M price cuts AMD tweaks mobile chip roadmap Intel's Q1 'a little better' than expected AMD details its Turion mobile processor VIA unveils ultra-compact media chip AMD unveils Centrino spoiler
Ashlee Vance, 15 Mar 2005

Apple de-socializes iTunes

While Apple has been in the news again this week for its war against the people who promote its products, another of its wars has received much less attention. It may as well be a covert war. Bit by bit, Apple is tightening the DRM noose, reducing the amount of freedom its own customers enjoy. Last year, the company cut the number of times users could burn a playlist from ten to seven. This time, Apple has chosen to cripple one of its coolest and most socially beneficial technologies - Rendezvous. Apple actually applied the restriction two months ago, but the passage of time hasn't made it any sweeter. In iTunes, Rendezvous allows users on the same subnet to share their music - although this is limited to streaming only. But the most recent version of iTunes, 4.7.1, restricts that streaming capability even further, and users aren't happy, as this support discussion shows. It used to support five simultaneous listeners, but now iTunes only permits five listeners a day. Of course, Apple has its defenders, as it always will. "No one is forcing anyone to upgrade," fumes one 'henryblackman' at the MacNN forum, irked that someone should should disturb his digital bliss. But they did - and using a security scare to foist an upgrade on users that's really a downgrade is, well how shall we put it - familiar? Let's have a quick reality check. If you opened up iTunes, turned up the volume really loud on your Mac, and hit Play, you could "stream" to five people within earshot. And no one would bust down the door, except possibly the neighbors. Certainly not the RIAA's paramilitaries. Now fast forward to the "digital music revolution". The revolution is really about lower marginal costs for the producers - which is turning out to mean higher profits, as the price hasn't come down. For us, it means we get less for our faith - in this case, certainly much less than what old fashioned, speaker to ear, analog sound waves can give us. Once again, "digital" is proving to be a synonym for "crap". This isn't to single out Apple in particular. It's just that they like to be thought of us as leading this charge back into the Middle Ages - so they're first to take the arrows. Digital has been a marketing term that used to have a certain kind of cachet. Digital society! Digital sound! All kinds of magical things were possible. Now, after the backlash against digital TV (with its infernally more difficult HI, a greater choice of poorer programs, all delivered with an unreliable transmission and flakey image), "digital" actually means that you're getting less than you had before across the board. This is no way to sell technology, and it's only a matter of time before people find this out, and stop buying. Technology is only useful to us if it allows us to do something we already like doing, easier and better. Then we'll set up a social contract: we'll keep giving you money, if you keep investing and making technology better. Apple, Napster and their ilk have been lauded in the public prints for "revolutionizing the industry". We're told they've broken a log jam between technology interests and copyright holders. But this isn't how the woman or man in the street sees it, and at a much deeper level that view is correct. We give money to Technorecordings Corp. In turn, Technorecordings Corp is supposed to invest in the storage and transmission technologies that allow us to enjoy our music, and reward the creators. That social contract has now been broken. We don't much care for the finger-pointing about who was to blame (both sides were) - it simply needs to be fixed. As Jim Griffin, along with many others, have pointed out - radio was a far greater "disruption" to rights holders than the internet. So get over it already, Technorecordings Corp. Technology companies are now producing stuff that works worse than it did before, is more expensive, and gives us less than what we already had. Rationality suggests that companies and industries that sell worse products either go out of business, or mend their ways. For the technology industry, which is fretting deeply about China, overproduction, and the public's reluctance to indulge in another dot.com bubble, that's a new and unwelcome challenge. What do you think they should do? There is one thought that should put the future of digital music into some perspective, and I'm amazed people never mention it. Visitors to Europe and North America from more vibrant cultures often voice the same observation - "It's very quiet over here!" As indeed it is - for in every other part of the world the neighborhood street is alive with competing sound systems: from car, to kitchen radio. For more than a billion people, even the call to prayer is musical - in contrast to our unhappy and largely unheard clanging death bell. So perhaps people are really embarrassed by music here in the West and technology companies are simply giving them what they want. Who knows? But the point becomes moot if you try and imagine how the "digital revolution" - one that's predicated on restricting music's social function - is going to be exported to the rest of the world. Music is a sign, and may even be a reason, why they're so happy and we're not. So globally, this is one "digital revolution" that's never going to happen. ® Related stories Apple brings discord to Hymn There's a noose in the hoose iTunes shoppers discover DRM DVD Jon cracks Airport music streaming
Andrew Orlowski, 15 Mar 2005

Ebbers guilty on all counts

WorldCon founder Bernard Ebbers has been found guilty on all charges related to the massive accounting fraud that brought the telecomms giant to its knees, the Associated Press reports. Following eight days of deliberation, a Manhattan federal jury returned guilty verdicts on charges of conspiracy, securities fraud, and seven counts of filing false reports. During the trial, on the witness stand, Ebbers had portrayed himself as an innocent bumpkin manipulated by a mercenary senior staff. He claimed to have no education in business and finance, and was therefore not qualified even to detect the grotesque distortions of the company's finances, much less direct them. But former financial honcho Scott Sullivan, who has pleaded guilty to similar charges, contradicted Ebbers' testimony, claiming that the scam was executed on Ebbers' orders. Sullivan has admitted to working out the nuts and bolts of the fraud, but he testified that it was Ebbers who had directed it. Cui bono? Ebbers had guaranteed $400 million in loans with his shares in the company, and was therefore motivated personally as well as professionally to see its share prices remain inflated. Much of Ebbers' personal wealth was directly tied to company share prices, in an increasingly complex series of transactions intended to prevent him from havint to sell them in quantity, and so signaling that the company was in trouble. Concealing company costs and improperly recording revenues had a significant impact on Ebbers' personal finances and the company's finances, which, by 2001, were becoming increasingly interlinked. This, the prosecution alleged, established the motive for Ebbers to direct the accounting fraud. The jury apparently did not believe that Ebbers - whatever his educational background - could have been so far out of the loop, and so ignorant of the company that he'd founded, to be innocent of all involvement, especially when he had such a deep personal interest in the company's finances. Sentencing is scheduled for 13 June. ® Related stories Ebbers jury weighs up evidence Ebbers denies knowledge of WorldCom fraud Sullivan tells of WorldCom fraud fears Ebbers 'drove Worldcom fraud' - Sullivan
Thomas C Greene, 15 Mar 2005