22nd > March > 2005 Archive

chart

Novell gets suite on SMEs

Novell is going after the small business market with what's billed as the first Linux suite for SMEs. Novell Linux Small Business Suite 9 is designed to offer an alternative to Windows as a "server-to-desktop" Linux bundle tailored to the needs of smaller firms. The technology - due to ship March 31 - will feature Linux server and desktop software along with security and management products. Novell's Linux suite, which will cost from $475 per five new user licenses, features support for up to three servers and 100 users. According to a recent survey by Forrester Research, small businesses accounted for 44 per cent of US tech spending in 2004. Like many vendors Novell is eying this lucrative but difficult to target market which it hopes to exploit via its channel partners backed up by its in-house Linux gurus and hardware partners. Dell and HP have announced support for the product, which was launched at the start of Novell's Brainshare user conference on Monday. ® Related stories Novell rolls out Linux Desktop 9 Novell aims Linux at corporate desktops Novell woos CeBIT with SUSE Linux 9.3 IBM and Novell grease Linux development wheels
John Leyden, 22 Mar 2005

HP hooks Snapfish.com

HP is buying online photo storing and developing website Snapfish.com. The deal comes just a day after Yahoo bought Flickr - another leading online photo firm. Snapfish users can keep their pictures online, share them with other people, edit and improve pictures as well as order prints and other products. Snapfish also offers these services to retailers and other companies to sell to their customers. The firm, based in San Francisco, claims 13 million registered users and is gaining another half a million each month. Pricing for printing starts at 19 cents per picture. HP is keeping the Snapfish brand for now and will gradually move users of its HP Photo service over to Snapfish. Assuming regulators and shareholders agree, the deal should close in April. No financial terms were released. HP press release available here.® Related stories Samsung unveils 3GB HDD smart phone O2 and Kodak team for online piccies Printing for camera phones
John Oates, 22 Mar 2005

eBayer seeks to exorcise voodoo cuddly toy

Those readers who feel that their lives are lacking a little excitement may well be interested in snapping up a possessed Stitch teddy bear which has terrorised a Canadian family to the point that they are now compelled to take the only course of action left to them - offload the voodoo devil cuddly toy on eBay before it decapitates the entire clan in an blood-splattered slashfest of mindless, knife-driven violence. If you think we're exaggerating here, think again. Since buying the apparently innocent toy in Florida, the unnamed vendors have been subjected to a litany of horror so spine-chilling that those of a nervous disposition are advised to quaff a stiff brandy before continuing. Here are the edited highlights: Last summer, my fiance & I were visiting her family in Florida, and taking a stop in Disneyworld. As big fans of the Lilo & Stitch movies, we were interested in buying some Stitch toys. We ended up getting quite a few, of all shapes & sizes. We have had no problem with any of them - they're all regular friggin teddy bears. One, however, has been a problem since day one. That was the one we picked up on our way from Orlando to Daytona Beach. We stopped at a little out of the way place while looking for a restaurant. This place was small, and kind of dingy, but they had food, and a 'gift shop', if you could call it that. I wish I could remember what it was called, but the only thing that seems to ring a bell is 'Leary'. Anyway, they had another Stitch toy there, which looked just as good as any we had picked up in Disneyworld, and was a quarter of the price. The person behind the till seemed a little too pleased to be making the sale, and now I can see why. We displayed the toys on our TV stand, with some other stuffed animals my fiance has collected over the years. Nothing has ever moved them, except for when cleaning & dusting, and then they are promptly put back in place. After the new Stitch toys were put up, about once a week, we would find one or two of the other stuffed animals on the floor... This became a semi-regular occurance until early November, when we awoke to a loud slam in the middle of the night. I got my fiance to stay upstairs, and crept down to see what was happening... I turned the light on at the front door, and saw that the items on the floor were actually all of the stuffed animals, and other Stitch toys. The only thing left on our TV stand was the Stitch we had picked up from that store. That would have been enough, but the top of the TV was cracked as well - it looked as though something heavy had been dropped onto it. At this point, I knew that there was something wrong with this 'toy', so right then & there I threw it in the garbage... and went back up to bed to explain to my fiance why that Stitch would not be on the shelf when she got up in the morning. Since I didn't want to scare her, I told her it got ripped open when it fell off the shelf, and I had to throw it away, as it looked too bad to repair. Sleep was hard to come by that night. The next day I got up early, emptied the garbage, and threw it in the dumpster in the parking lot before leaving for work. Problem solved. Or so I thought... To cut to the chase here, every time the terrified owners tried to dispose of the Stitch devil toy, it reappeared in the house as if nothing had happened. Attempts to bury it in a landfill site on the other side of the city, burn the monster with lighter fuel, dismember it or offload the emissary of Satan at a local pawn store proved fruitless - on each occassion it turned up again, good as new, atop the TV stand. Finally, the vendor decided to incapacitate the beast by pinning it under the TV (see photo of restrained Devil toy) and turning to the only hope of salvation. No, not the Catholic church, but rather the world's favourite auction site. Now call us old-fashioned if you must, but surely the time-honoured tradition for offloading cursed items is to pass them to the next victim without his or her knowledge. Those unfamiliar with the concept are directed to 1957 Brit horror classic Night of the Demon, wherein the passing of a demonic paper results in a very nasty end for one promising B-movie career. Indeed, our eBayers in this case do not do themselves many favours with their caveat emptor section: Please, if you have children or pets, think twice before bidding. This is not a 'toy' for a child. I can not say with any assurance that you will have the same experiences as us, but there is a strong likelyhood that you will see what I mean, and I do not want to feel any guilt for harm coming to a child or an animal. We also cannot guarantee that the item will stay with you after you have received it. If it stays as persistent as it has previously, it may try to get back to us. I will not be putting a return address on the package, as if when you realize that the item is evil, as I'm sure you will, I do not want you sending it back to us. It will become your responsibility as soon as it enters your possession. The winnning bidder should, though, rest assured that it will not leap out of the box on arrival and get stuck straight into the kids with a chainsaw: The buyer is to pay for shipping, in whatever form they would like. I can dismember the item before shipping as well, if you would feel safer that way, but I can not guarantee it will arrive in this form. If you would like the toy shipped without being cut up, I will attempt to immobilize it with either duct tape, or rope, or a combination of the two. It is your choice. And there you have it. Unsurprisingly, the possessed Stitch teddy is currently standing at a modest $137.50 with four days left to run. Time for Golden Palace Casino to intervene, we feel. ® Related stories New Yorker punts haunted Nintendo NES Stripper flogs breast implant on eBay Casino brands eBay cleavage woman
Lester Haines, 22 Mar 2005

Bono to buy Eidos

US venture capital company Elevation Partners is to buy UK games publisher Eidos for $135m (£71m), it emerged last night. The deal is a straightforward cash purchase, with EP paying 50p a share, 27 per cent above Eidos' Friday closing price of 39p. Eidos' shares rose to 53p this morning on the news. The deal is expected to be transacted through EP subsidiary EM Holdings. Eidos has been looking for a buyer since last August, when it revealed it was talking to a number of possible partners. The announcement came two months after the publisher revealed its full-year figures would not meet its previous expectations. Sure enough, come September and the publication of FY2004 numbers, Eidos saw FY2003's £17.4m profit turn into a £22m loss. A 3.8 per cent rise in gross margins to 62.8 per cent proved insufficient to counter an 11.6 per cent decline in turnover. Preliminary figures for FY2004 saw sales total £133.9m, down on the previous year's figure, £151.5m. Earlier this month, it revealed a FY2005 first-half loss of £28.7m compared to a £7.8m profit a year ago . Despite owning some big-name franchises, most notably the Lara Croft Tomb Raider titles and the Championship Manager series, its other titles have largely failed to excite buyers. A number of games releases have been hampered by development delays. To be fair, the industry is having a tough time at the moment, and greater consolidation appears likely. Last December, Electronic Arts acquired 19.9 per cent of French publisher Ubisoft, though the speculation that it might try to grab the rest of the company rallied Ubisoft's shares. EA has also been rumoured in the past to be interested in Eidos. And there's a connection here with EP: the investment group's partners includes John Riccitello, a former EA president. Also involved are Fred Anderson, until last year Apple's CFO, and, most notably, U2 lead singer Bono. EP focuses on media, entertainment and consumer-oriented companies, and has said it plans to accrue $1bn (£520m) for investment. ® Related stories EA to buy 20% of Ubisoft - report Eidos does due diligence on would-be buyers Eidos plunges into red Eidos confirms takeover talks Eidos issues profit warning Eidos snaps up IO Interactive
Tony Smith, 22 Mar 2005
globalisation

Oracle wins Retek bidding war

Larry Ellison's Oracle has fought off bitter competition from SAP to buy retail software specialist Retek for $630m. Earlier this month SAP offered $8.50 a share for Retek but Oracle made a counter offer of $9 a share. SAP increased its offer to $11 a share - an offer Retek's board recomended shareholders accept. Oracle then offered $11.25 and, shortly after midnight Tuesday, said SAP had dropped out of the auction. Larry Ellison, Oracle's CEO, said: "Oracle has the largest applications business in North America, and we intend to expand that leadership position." Marty Lesstma, president and chief exec of Retek, said: "We believe that Oracle's offer is a good deal for Retek stockholders, and all directors in attendance at our board meeting have recommended that it be accepted." Gartner analysts say the deal is good news for Oracle's retail customers because it will give them access to a single vendor for all their retail apps. The analysts say Retek customers are also better off in the short-term because if SAP had won the bidding war it would likely migrate people to its own products more quickly - Oracle will give customers until 2008. But Gartner adds that in the longer-term Retek customers would have been better off if SAP had won because Oracle has had limited success with vertical applications. Gartner also warned Oracle customers to expect delays to the Fusion project to bring Oracle's apps together with those of PeopleSoft, JD Edwards and, now, Retek. Retek was founded in 1986 and provides supply chain and merchandise planning software. It turned over $168m in 2003 and employs 550 people. Almost 80 per cent of Retek's customers run their apps on an Oracle platform. Oracle press release available here.® Related stories Oracle CFO exits as fight for Retek heats up Oracle's bid for Retek leaves SAP speechless Oracle puts $525m between SAP and Retek
John Oates, 22 Mar 2005

Apple plugs PyMusique iTunes 'hole'

It was always too good to last. Apple has stamped on an attempt to make it possible to purchase songs from the company's iTunes Music Store without having DRM restrictions added to the downloads. In a statement, the Mac maker announced last night that it was henceforth requiring all ITMS customers to upgrade to version 4.7 of Apple's iTunes jukebox software. iTunes 4.7 was released late last year, and is already notable for nobbling DRM-stripping utility Hymn. The announcement was made in response to the emergence of PyMusique, an app created by programmers 'DVD Jon' Johansen, Travis Watkins and Cody Brocious. The code exploited the fact that iTunes adds Apple's FairPlay DRM data to each purchased song after downloading had taken place. PyMusique essentially replaced iTunes, allowing users to create online accounts, choose and review songs, then purchase and download them. Of course, using PyMusique was inherently in violation of ITMS' usage terms and conditions, but what kind of disincentive was that? Hence the move to plug what Apple called a "security hole". Apple's move will affect only 15 per cent of ITMS customers, the company said. DVD Jon has been a thorn in Apple's side for some time. Last August, he revealed how to crack the encryption Apple uses to protect songs as they're streamed across a wireless network to its AirPort Express 'Wi-Fi to hi-fi' access point. At the time, he posted JustePort, a Linux/Windows app that allows applications other than iTunes to transmit audio via the AirPort Express hardware. ® Related stories DVD Jon: buy DRM-less tracks from Apple iTunes Apple de-socializes iTunes Apple brings discord to Hymn DVD Jon cracks Airport music streaming Apple DMCA sends iTunes DRM decryptor offshore New workaround for Apple DRM Hollywood drops DVD lawsuit iTunes DRM cracked wide open for GNU/Linux. Seriously DVD Jon wins again
Tony Smith, 22 Mar 2005

MCI/Verizon/Qwest slanging match continues

MCI is refusing to talk to Qwest about its $8.45bn take-over offer. MCI's decision to go "dark" has angered Qwest so much its boss rattled off a sharply worded letter yesterday calling on MCI to "immediately engage in negotiations to finalize the proposed merger agreement" between MCI and Qwest. For its part, MCI's management is content to press ahead with the $6.7bn deal it has already agreed with rival telco Verizon. Wrote Qwest chairman and chief exec Richard C Notebaert: "Your advisors tell us that MCI has gone 'dark' and refuses to continue to speak with Qwest about our proposal [to acquire MCI]. "The straw man being propped up to explain why MCI won't continue what has been a fruitful exchange of information with Qwest is that MCI's merger agreement with Verizon prohibits any discussions with Qwest. It is disturbing that Verizon and MCI are so concerned about allowing MCI to expeditiously and transparently evaluate Qwest's proposal fully that they do not avail themselves of the provisions in the Verizon-MCI merger agreement to do so. "It is beyond dispute that allowing Qwest and MCI to discuss Qwest's proposal during the period that the MCI Board of Directors is considering that proposal would be beneficial to all interested parties. The Verizon-MCI merger agreement allows, your fiduciary duties require and fairness to the MCI stockholders dictate that MCI continue to talk with Qwest as long as the MCI Board of Directors has concluded that Qwest's proposal could "reasonably be expected to lead to a Superior Proposal." As the slanging match continued to show no sign of calming down, Verizon contnued to sweet-talk MCI while blasting Qwest's proposal as "profoundly flawed" and a "gross exaggeration". Wrote Verizon boss Ivan Seidenberg on Tuesday: "We continue to believe the agreement with Verizon represents a fair and sustainable value proposition for MCI's stakeholders, including your investors, your customers, your employees, and your creditors. We will continue to work with you to complete our agreed transaction and will not be distracted by Qwest's histrionics, false statements and grossly exaggerated synergy claims." Last week Qwest sweetened its offer for MCI taking the total paper and cash offer to $8.45bn. ® Related stories 'Desperate' Qwest ups bid for MCI SEC accuse Qwest fat cats of cooking the books Verizon: Qwest can talk to Verizon bride MCI KPN to axe 1,750 jobs a year 15,000 jobs to go if Qwest/MCI gets green light Qwest to sweeten sweetened offer - WSJ Qwest sweetens MCI offer MCI faces shareholder fury Qwest to bid again for MCI Qwest goes public with $8bn MCI bid Verizon's MCI takeover faces shareholder revolt Verizon and MCI to tie the knot
Tim Richardson, 22 Mar 2005
channel

U3 signs first USB Flash drive makers

U3, the company formed by SanDisk and M-Systems to develop and licence an application delivery platform for USB Flash drives, has won the backing of memory and storage firms Verbatim, Memorex and Kingston Technology, it said yesterday. Verbatim will ship U3-compatible drives under the Store'n'Go brand in the Autumn. Memorex's products will be labelled TravelDrives, and Kingston's will be dubbed Data Traveller - both companies would only commit to shipping U3 drives "later this year". These three are the first public announcements to be made by U3 hardware licensees since the company was formally launched in January. At that time, a number of software developers, including Mozilla, Check Point and Corel, gave the platform their thumbs-up. The U3 platform provides a way for applications to be stored on and run from USB Flash drives, ensuring that all user data and preferences information is kept on the drive rather than the host PC. The goal is true application portability, the ultimate manifestation of which is keeping your entire user account information - apps, data and settings - on removable storage, allowing you to work from any compatible computer. U3 compatible products are expected to ship from the summer, the company said at launch. ® Related stories U3 launches USB drive-hosted app 'standard'
Tony Smith, 22 Mar 2005

NTL hits copper trail to ADSL2+

It turns out that the crazy idea that NTL had all those years ago when it bundled a twisted pair copper wire into its home connections, alongside co-ax, is going to give it a fantastic advantage in the UK triple play market.
Faultline, 22 Mar 2005

Sweaty palms? You're nicked, chummy

Researchers at the Los Alamos laboratory in the US have developed a new way of detecting fingerprints, using the chemical elements left behind in fingerprint residue. That is sweat, to you and me. When we sweat, our bodies excrete salts, such as sodium chloride and potassium chloride. These salts can actually be detected in fingerprints using a technique called micro-X-ray fluorescence (MXRF) which will pick out the constituent elements. The elements make it possible to "see" a fingerprint where the salts have been deposited in the patterns of fingerprints, the lines that forensic scientists call friction ridges. Traditionally, forensic scientists dust a crime scene for prints, literally adding a layer of coloured powder to a surface. The dust sticks to sebum, an oily substance left behind by each finger, and enhances the contrast between the surface and the print's friction ridges. This technique does have its limitations, particularly when a surface is multicoloured, or highly textured. The research team sees the technique as a companion to more traditional methods. They say it could be particularly useful for detecting prints left by children, because kids' hands don't leave sebum behind for the contrast enhancing agent to stick to. It is also a non-invasive technique, so any print examined using MXRF is left pristine for examination by other methods, such as DNA extraction. Los Alamos scientist Christopher Worely, who presented the research to the American Chemical Society in San Diego, last week, said that the new method should not be regarded as a replacement for traditional fingerprint detection and collection. He stressed that some fingerprints will not leave behind enough of these trace elements to be seen using MXRF. ® Related stories Biometrics: the legal challenge UK police fingerprint system collapses DIY fingerprint idea thwarts ID thieves
Lucy Sherriff, 22 Mar 2005

Time Warner settles AOL SEC fraud investigation

Time Warner has finally settled a long running investigation by the US' Securities and Exchange Commission (SEC) amid claims that AOL inflated its ad earning revenue in the early part of the decade. Details of the settlement for Time Warner's AOL internet division had already been trailed in December. Yesterday's announcement by the SEC draws a line under the affair and should enable media giant Time Warner to leave this part of its recent history behind. In a statement the SEC said: "The Commission today charged Time Warner Inc. with securities fraud for materially overstating online advertising revenue and the number of its Internet subscribers and aiding and abetting three other securities frauds. "Without admitting or denying the allegations in the complaint, Time Warner consented to the entry of a judgement that, among other things, orders it to pay $300m in civil penalties," it said. Some industry watchers reckon the settlement could pave the way for Time Warner to flog AOL. ® Related stories Time Warner squares AOL fraud claims with $510m settlement AOL loses 2m US customers AOL future uncertain report
Tim Richardson, 22 Mar 2005
channel

UMC to take stake in Hejian

UMC, the world's second largest chip foundry, yesterday said it may take a 15 per cent stake in the Chinese foundry at the heart of allegations that it made a "breach of trust" with the Taiwanese government. UMC said the stake, worth $110m, would be in return for advice the company gave to Hejian during its 2001 foundation by a number of ex-UMC executives, Silicon Strategies reports. The deal may be seen by UMC and Hejian as a way of de-railing the investigation into the two foundries' relationship currently underway at Taiwan's Ministry of Justice. Taiwanese law forbids local foundries from setting up on the Chinese mainland without the Taiwanese authorities' say-so. Similarly, investments in Chinese companies must be declared to the government. The MoJ is probing allegations that UMC broke these laws in its dealings with Hejian. UMC has always denied any investment in Hejian, from both a financial and technology standpoint, on its own part and by its executives as individuals. However, chairman Robert Tsao has admitted to advising Hejian's founders on business matters. And it has been claimed that Hejian's facilities infringe on around 200 chip fabrication technology patents held by UMC, allegedly acquired through a link into UMC's intranet. The MoJ is clearly concerned that, if true, these links may indicate an attempt by UMC to sidestep Taiwan's restrictions on mainland operations. UMC said that the 15 per cent stake - which is going through the usual vetting process, apparently - was not related to the alleged use of those 200 patents. In the past, UMC has said it has never taken legal action against Hejian because it was reserving the alleged violation as a bargaining tool should it decide to buy into or acquire Hejian at a future date. Tsao has said he may like to buy Hejian at some point. Tsao made that admission after MoJ officials raided UMC's HQ and the homes of a number of executives. If the company and its staff are found guilty of breaking faith with the Taiwanese government, the firm could face fines of up to $800,000 and its staffers up to five years in gaol. Tsao this week told local media that the 15 per cent investment was the result of an agreement struck verbally between UMC and Hejian some years ago. ® Related stories UMC chiefs to answer China investment claims UMC chief admits desire to acquire Hejian Taiwanese agents detain Chinese foundry chief UMC HQ raided in China investment probe
Tony Smith, 22 Mar 2005

Quadriplegic controls PC by mind power alone

A US company has carried out trials on a brain implant which offers quadriplegics the possibility of controlling a computer by mind-power alone. Although the first volunteer to use the Cyberkinetics Neurotechnology Systems' BrainGate has so far been able only to move an on-screen cursor, play the game Pong and transmit simple instructions to a robotic arm, the developers hope that in the future, paralysis will not be an obstacle to surfing the web, sending email and generally enjoying the PC experience. The Cyberkinetics Neurotechnology Systems' blurb explains: The BrainGate™ System is based on Cyberkinetics' platform technology to sense, transmit, analyze and apply the language of neurons. The System consists of a sensor that is implanted on the motor cortex of the brain and a device that analyzes brain signals. The principle of operation behind the BrainGate™ System is that with intact brain function, brain signals are generated even though they are not sent to the arms, hands and legs. The signals are interpreted and translated into cursor movements, offering the user an alternate "BrainGate™ pathway" to control a computer with thought, just as individuals who have the ability to move their hands use a mouse. In practical terms, a surgeon drills a hole in the subject's skull and places a small implant containing 100 electrode sensors directly on the brain surface. The first volunteer to undergo the BrainGate procedure was Matt Nagle of Boston - a knife attack victim paralysed for over three years. He subsequently said of the robotic arm experience: "I was using my thoughts. When I wanted it to go left, it would go left, and, when I wanted it to go right, it would go right," the Chicago Sun-Times reports. Following this success, the Food and Drug Administration has authorised Cyberkinetics to try out the system on four further volunteers. Cyberkinetics founder, Nicholas Hatsopoulos, admitted that the surgical procedure carried some risk of infection or brain damage, and praised the volunteers thus: "We're doing it in the safest and best way we know how. These people who participate deserve a lot of credit. They're pioneers." Cyberkinetics hopes that - all being well - it will have FDA approval to market BrainGate by 2007. ® Related stories EU fusses over cyberhumans Brain scans show difference between truth and lies Monkey mindpower manipulates robotic arm
Lester Haines, 22 Mar 2005
For Sale sign detail

Intel to cut chipset prices 3 April - report

Intel will cut the prices of its 'Grantsdale' and 'Alderwood' chipsets next month, with further cuts coming in July, Taiwanese mobo maker sources have claimed by way of DigiTimes. The first round of cuts, said to be coming on 3 April, will see the price of the 910GL, 915PL, 915GL, 915P, 915GV and 915G fall by up to $2. Come 3 July and the prices of the 910GL, 915PL, 915GL and 915P will fall a further $1, the site claims. The first of the two dates marks the debut of Intel's next-generation Pentium chipsets, the 945P, 945G and 955X, said to ship for $38, $42 and $50, respectively. It is claimed the 945-series chipsets' prices will fall to $36 and $41 on 3 July. The new chipsets will feature support for twin PCI Express x16 graphics cards, 667MHz DDR 2 SDRAM, 3Gbps Serial ATA 2 with enhanced RAID, and an updated graphics core, the GMA 950. The arrival of the 945 and 955 chipsets will alleviate the chipset supply problems mobo makers claim to have been suffering throughout Q1. ® Related stories Intel details twin 'desktrino' platforms Intel confirms chipset graphics update Intel preps Q2 dual-core P4 Extreme Edition launch Intel confirms 'desktrino' consumer platform plan Intel pushes out low end Grantsdales
Tony Smith, 22 Mar 2005
channel

Business school 'hack' raises ethical questions

Where do morality and ethics end, and criminality begin? What is the appropriate "punishment" for the crime of curiosity coupled with the act of snooping? These questions have been raised once again in the case of a number of applicants to the US' most prestigious business schools who went beyond the normal processes to sneak a peek at the status of their applications. The question is, how should the law and society deal with these individuals, and how do we build a society in cyberspace that is not only legally compliant but moral and ethical? Indeed, the larger question is, have we yet established a sufficiently coherent set of rules of right and wrong in cyberspace to pass moral (as apposed to legal) judgment on others? The facts that led up to this most recent scenario are relatively simple, although all of the details have not yet been made public. A computer "hacker" - and the quotation marks are used for someone who goes by the moniker "brookbond" - apparently discovered a configuration defect in the way that a web interface was constructed at a company that had been contracted by many business schools to process applications. The company, Fairfax, Va. based ApplyYourself Inc. stored the current results of the applications of many business or management schools, including Carnegie Mellon, Harvard, Dartmouth, Duke Universities and Massachusetts Institute of Technology. "Brookbond", who described himself as a specialist in information technology and software security, posted the configuration vulnerability and a script which, if inserted into a browser, would permit an individual to look at the status of his or her own application. While Brookbond has been described as a "hacker", he may or may not have (OK, he probably did) make an unauthorized access to the ApplyYourself website. At 12:15 on the morning of 2 March, 2005 Brookbond posted this information into Business Week's online technology forum, where apparently about 150 applicants read the posting and attempted (mostly without success) to see the status of their applications. The technique was also apparently reposted by a blogger named PowerYogi who added the comment: "Is it right or wrong to check status this way? Basically, we are talking about some sloppily protected software here. If you don't want someone to see it, hide it well. Welcome to the internet." Different business and management schools took a differing approach to dealing with the curious applicants. The Harvard business school (which had the vast majority of the cases - call it Crimson ingenuity?) decided to immediately deny admission to all of the 119 applicants who attempted to go to the ApplyYourself website. In a letter to applicants, HBS Director of Admissions noted that: "Such behavior is unethical and inconsistent with the behavior we expect from high-potential leaders we seek to admit to our program." Harvard left the door open for these individuals to reapply. Stanford is reviewing each application on a case-by-case basis. The questions raised are: "Is the conduct by the applicants morally repugnant? Should they be punished? And what should the punishment, if any, be?" Laws and ethics The federal computer crime law, 18 U.S.C. 1030, makes it a crime to make or attempt an "unauthorized access" into a computer used in interstate commerce with the intent to get "any information" from that computer. So the first question is whether the applicants made or attempted an "unauthorized access" into the ApplyYourself computer. It is clear that, by using the script posted by Brookbond, applicants were able to display portions of the ApplyYourself network that were not otherwise viewable. Once typing in the modified URL, the information became publicly viewable - if not publicly accessible. However, the fact that the information became publicly viewable does not make the information public, nor does it make the access by the applicants "authorized." One of the big problems in cyberspace is the lack of workable analogies. In the "real" world, we generally know what is authorized and what is trespass without any signs, postings, or demarcations - we just kinda know. For example, we intuitively "know" that in a hotel, there is a difference between being in the lobby (generally OK, but they can kick you out), a conference room (OK if you are attending the conference, or if the conference is intended to be public), a hotel room (OK if you are an employee, guest, or invitee of a guest) or the business offices (OK for employee or what the law calls "business invitee"). We also consider factors like the level of security (door or no door, lock or no lock, posting or no posting) in determining whether it is reasonable to assume that the access is authorized or not. We finally consider certain exigent circumstances in deciding whether, as a society, we are willing to accept the conduct (OK to break into a locked car to get a baby out, OK to open door of unlocked car to turn lights off). The problem is, cyberspace is the almost complete lack of such a consensus. While the website developer may know what he or she wants to be available to the public, this may not always be the same as what had been made available to the public. Even an innocent surfer may not always know whether information floating around is intended to be public, or just happened to become so. The ordinary rules of behavior tend not to apply in cyberspace. For some reason, because we are merely sitting at a computer screen in our own den just typing, we aren't doing anything "wrong" or criminal. There is a huge tendency to blame the victim - if they didn't WANT me to break in, why didn't they have better security? And, like steroids in baseball, there is a tendency to say, "everybody is doing it" so it must be OK. For example, an individual claiming to be one of the HBS rejected applicants posted to Slashdot, stating, "Personally, I'm glad I checked my own status. Do I think I'm unethical? I'm willing to bet 90+ per cent of the people who actually saw the technique and applied to HBS in Round 2 (the round currently awaiting decisions) tried it." The applicant - showing typical entrepreneurial spirit is now selling T-shirts demanding that the "HBS 119" be freed - pronouncing "ethical schmethical!" It seems pretty clear that the applicants knew - or reasonably should have known - that they weren't supposed to see the status of their applications, and that the portion of the ApplyYourself website they went to wasn't supposed to be accessed by the public. In that regard, not only did they open themselves up to ethical retribution, but to potential criminal prosecution under both federal and local law. But that doesn't answer the entire question. Indeed, in the 1973 movie The Paper Chase, the protagonist Harvard Law student breaks into the law library with a friend to satisfy his curiosity about a contracts professor's unpublished writings. The scenario is not presented as illegal (trespass) or particularly unethical - indeed, it is almost heroic. This is what makes the reaction of the business school admissions directors particularly subject to scrutiny. The applicants' conduct is certainly more than mere curiosity, and something less that smashing down the door of the admissions office and cracking open a file cabinet to learn the status of the application. It is also wrongful, unethical, and potentially criminal. But should HBS treat the applicants as modern Hester Prynne's, painting a Crimson "H" (for hacker) on their chests? If these individuals are truly not ethical enough to go to HBS, should they be permitted to enter the business world at all? Is this inherently unethical behavior, or a foolish mistake? After all, there is more than one moral ambiguity here. What is the responsibility of ApplyYourself to secure the sensitive personal information they store on their site, and to test the configuration for some relatively simple scripting errors? A perusal of the "press" section of their website says nothing about the recent brouhaha - do they have any duty to warn their customers or the applicants? Did HBS or other business schools disclose to the applicants the fact that their data would be shared with or processed by third parties who may or may not have had security? What about the applicants who saw the Business Week postings and failed to notify ApplyYourself or their respective schools - do they have moral blamefulness? And don't forget Brookbond and PowerYogi! An ethical solution The approach taken by Stanford is, in my opinion, more reasoned and ultimately morally more defensible that that taken by Harvard. It is OK to treat this incident as a black mark against the applicants - and a major one at that. But an unethical act does not necessarily make an unethical person. It is easy to publicly proclaim your ethical standards on the backs of others - would Harvard dismiss tenured faculty for a similar breach? Or better yet, disclaim a large grant from a donor who had done the same thing? Probably not. But most ethical breaches in business are likely crimes of opportunity. First you convince yourself that you did nothing wrong, or that what you did was morally justified. So many of these individuals should be admitted into HBS, or other prestigious business schools - not because they are morally pure, but because they are not. This should be an opportunity for HBS and the others to teach the incoming students not only how to be better managers - but more ethical ones. Harvard University's MBA program, for example offers two courses (both of which are electives) entitled "Moral Leadership," one of which "relies heavily on classic and contemporary works of fiction... to examine in depth the practical moral issues that managers face, as individuals and as leaders of organizations." CMU's Tepper School has a mandatory course in Business Law and Ethics which, according to the course catalogue, focuses on "problems dealing with legal and regulatory matters." Stanford's MBA program includes a course in business ethics, which is designed to teach students to "consider an important set of ethics systems, increase the precision with which students think about, discuss, and practice ethics, and provide opportunities to apply ethics systems to business problems." Such ethics courses should be mandatory in all business schools, and, while we are at it, computer science and IT schools - they are already mandatory in law school. If you have ever gotten a speeding ticket, you likely remember exactly where the ticket was issued, and instinctively slow down at that location. If otherwise ethical applicants who visited the ApplyYourself website are admitted, they may become the proselytizers for ethical computing - having faced significant consequences for their lapse. In the 1973 baseball movie "Bang the Drum Slowly" the players con the unsuspecting by playing a card game called "TEGWAR" - The Exciting Game Without Any Rules. That unfortunately is the state of the Internet and cyber-ethics today. Business and computing schools need themselves to step up to the plate and do more than grandstand about ethics - they need to teach it as well. Copyright © 2004, SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc. Related stories Reed subsidiary hack exposes 32,000 T-Mobile hacker pleads guilty Open Source security manual and training for ethical hacking
Mark Rasch, 22 Mar 2005
channel

Elpida samples 256Mb 800MHz DDR 2 chips

Elpida will begin shipping 800MHz 256Mb DDR 2 SDRAM chips in two months' time - the "industry's first" DDR 2 devices to reach 800Mbps operation - the memory maker said today. The chips will be available in 8- and 16-bit widths ready for incorporation into DIMMs. Elpida is sampling the 8-bit parts now, and expects to offer 16-bit chip samples next month. Volume production will commence in May, it said. Both versions are fabbed at 110nm. The devices operate at 1.85V and CAS Latency - the length of time between the chip receiving a command to read data, and the first piece of data being sent back - of 5, Elpida said. The company is pitching the memory at high-end PCs with a frontside bus of 800MHz and up, though there's not yet any chipset that will cope with DDR 2 clocked above 667MHz. Elpida said it had made a 1Gb 800MHz DDR 2 part last November. It provided no guidance on availability, but with 256Mb versions only coming on steam now, commercial 1Gb parts are some way off yet. ® Related stories Philips claims 'super Flash' memory breakthrough WTO backs Hynix against EU on DRAM levies Samsung shows 'world's first' DDR 3 chip Toshiba, SanDisk prep 1GB Flash chip Elpida licenses 'DVD on a chip' memory tech Elpida preps low-amp DDR SDRAM for portables Elpida offers 800MHz 1Gb DDR 2 chip
Tony Smith, 22 Mar 2005

MCI UK settles three-year-old billing snafu

MCI UK has finally called off its debt chasers after admitting that a company that it has been mistakenly billing for three years is no longer one of its customers. In February 2002 London-based web design and production company Purple Interactive terminated its leased line agreement with MCI UK. However, the telecoms giant continued to bill Purple Interactive more than £1,000 a month. Purple Interactive has received an invoice for the non-existent leased line from MCI every month since February 2002. It's even received what's been described as "threatening and aggressive" calls from MCI UK's debt chasers demanding to know when it will cough up. Nicole Morris, founder and chief exec of Purple Interactive, told The Register: "We had a leased line from them until February 2002. We are 'still' getting billed by them three years later and despite mulitple acknowledgements by them that we don't owe them anything. "We moved out of the office and someone else took over the line and that company then terminated the line a few months later. The office has been vacant since October 2002. We're talking about a grand a month for three years. That adds up to a bit." MCI UK has now resolved the billing issue. In a statement the company said: "MCI has cleared the billing issues with Purple-Interactive and we regret any inconvenience that this may have caused. While we work diligently to minimise the prospects of billing issues before they arise, unfortunately they can occur. MCI regards that the billing issues that were related to Purple-Interactive were as a result of individual circumstances which now have been resolved." ® Related stories MCI/Verizon/Qwest slanging match continues Britain tops zombie PC charts VIA NET.WORKS faces liquidity crisis
Tim Richardson, 22 Mar 2005
hands waving dollar bills in the air

Desperate housewives spam used to spread spyware

There has been a sharp increase in spam messages purporting to offer the details of women looking for casual sex in recent weeks. But surfers hoping to hook up to swingers are actually directed to pornographic websites, which often harbour spyware, email security firm Clearswift warned Tuesday. The ruse is one of the latest additions to the spammers’ armoury, and has led to a rise in sex-themed spam from 10 in January to 18 per cent in February 2005. "Aside from the fact that these mails are bogus, clicking on any link within a spam mail can lead to a whole host of unwanted problems. They frequently contain malicious programs including spyware or rogue internet diallers which can run up huge, unexpected bills," said Alyn Hockey, Clearswift’s Director of Research. Sex-themed emails have risen in prominence at the expense of a range of bizarre products seen post-Christmas - including a dog-translator and a device which turned a coffee table into a kennel - which has completely dried up. The direct products category has declined slightly from an estimated 17.85 per cent of junk mail messages in January to 14.47 per cent in February 2005, with software product spams occupying the lion's share of the segment. One new arrival, however, is phoney Sony PSP giveaways. After something of a break over recent months sex-theme spam is very much back in fashion. Previous tricks to induce punters to visit porno websites have included offering people a well-paid career as a porn star or a job maintaining an xxx website. Clearswift's stats are extracted from the millions of spam emails harvested by the firm's honeypot network of seed accounts. Spammers are becoming ever more inventive in their attempts to avoid email filters. The vast majority of spam - up to 80 per cent - deploys obfuscation tricks to try and disguise the words, and slip them past spam filters, according to UK-based security firm Sophos. These tricks can be as simple as deliberately misspelling a word, or using a zero instead of the letter "o", to much more sophisticated HTML-based techniques. The words most commonly obfuscated in spam emails include cialis, orgasms and Viagra, according to Sophos. Porn appears in the 28th position in Sophos's list of commonly disguised words. ® Related stories Man sues bigger penis pill company Interview with a link spammer UK firm fingered in US XXX spam probe
John Leyden, 22 Mar 2005

O2 to axe 500 jobs...

O2 is to axe 500 jobs as part of a major restructuring of its business. The mobilephoneco wants to replace back office workers tied up with managerial and admin tasks and replace them with 2,000 workers dealing directly with punters. It also plans to open a fourth call centre and expand its network of shops. The job losses are expected to be made later this year and cost the company between £40m-£45m. Once done, though, it should help deliver an "enhanced customer experience and strengthen customer loyalty". Which means that the mobile outfit will spend more time chatting up its punters so they won't up sticks and switch allegiance to one of the discount mobile operators - such as easyMobile - currently making a big noise in the market. Or as chief exec Peter Erskine puts it: "By delivering an enhanced customer experience, and strengthening customer loyalty, we aim to improve customer retention and reduce churn, to create a sustainable basis for enhanced long-term returns." Publishing a trading update today O2 reported that net service revenue growth in the UK for 04/05 is expected to be somewhere between 2-15 per cent. Slower growth in the second half of the year was due to a cut in termination rates, the loss of a key BT contract and increased competitiveness among rival operators. Looking ahead, it reckons that revenue in the UK will experience "mid-single digit growth". By mid afternoon shares in O2 were down 4.5p (3.6 per cent) at 118.5p. ® Related stories mmO2 posts 'strong' Q3 BT and O2 finalise divorce Fresh undercuts discounted easyMobile tariffs
Tim Richardson, 22 Mar 2005
cloud

Firms paying too much for software, says anti-piracy group

Almost eight out of ten UK businesses could be paying too much for their software licenses. Only 22 per cent of people responding to a FAST survey were sure they had the right number of licenses. Another 11 per cent did not know if their business was over or under-licensed and 41 per cent thought they were probably over-licensing. The warning comes from the Federation Against Software Theft Corporate Services - a body more usually concerned that business is not buying enough licenses. Geoff Webster, chief executive of FAST Corporate Services, told us the problem is getting worse. He said: "For a period we have seen people over licensing - it's getting to the point where it's silly. It's easier for firms to do it this - few companies even count PCs accurately so they round-up the number of licenses they think they need." Webster advised businesses: "Do the boring housekeeping stuff - you need to know how many PCs you're using and what software they have on them. It's not just big companies either - smaller firms are paying too much too." The survey received 83 anonymous responses from FAST members via its website.® Related stories FAST threatens jail for misusing software FAST to tackle font filching FAST hails copyright big stick
John Oates, 22 Mar 2005
globalisation

Duo charged over DDoS for hire scam

The FBI last week arrested a 17 year-old and a Michigan man over suspected involvement in a denial of service for hire racket. The duo allegedly orchestrated an October 2004 attack against a New Jersey company that sells sporting goods over the internet. Jersey-joe.com suffered the loss of "hundreds of thousands of dollars" of business as the result of the disruption caused by the attack, according to a statement by investigators. Detectives learned that the 17 year-old had been hired by 18 year-old Jason Arabo, a Michigan man who operates two competing businesses, to flood the Web site of Jersey-Joe with data using a network of compromised machines (i.e. a botnet), infected with an unnamed computer virus. Arabo runs customleader.com and Jerseydomain.com from his Detroit, Michigan home. Working with the FBI and the Division of Criminal Justice, New Jersey detectives were "able to duplicate the virus and track the source to the juvenile, then to Arabo in Michigan". In disabling Jersey-Joe’s website, the accused allegedly affected the operation of numerous other websites, causing a total loss of more than $1m. The juvenile suspect in the case was arrested at his home by New Jersey State Police and lodged in the Middlesex County Juvenile Detention Center, charged with first degree computer theft. Arabo was arrested at his home in Michigan by FBI agents and will be prosecuted by the US Attorney’s Office. The investigation into the case continues and further arrests may follow. ® Related stories Feds bust DDoS 'Mafia' Alleged DDoS kingpin joins most wanted list Charges dropped against 'DDoS Mafia'
John Leyden, 22 Mar 2005

Plucky, aged online British store sold

Digital River, the ecommerce specialist, is buying British online software store SWreg for $8.8m. There is a chance of further payments if revenue and development targets are met. SWreg claims to be the world's oldest online store. It was founded by Steve Lee in 1986 and has been profitable ever since. It sells software from independent developers as well as larger firms. Financials for the year ended 31 December 2003, the most recent available on its website, show the firm turned over £21.5m and made a profit after tax of £452,000. SWreg founder Steve Lee was one of the leading lights of early shareware development. Digital River press release here. ® Related stories Digital River buys Element 5 Software download site pitches across Europe CNET intros listing fees for Download.com
John Oates, 22 Mar 2005

French firms rampage through Reg letters bag

LettersLetters Wanadoo got in lots of hot water last week for their advert showing teenagers snogging in a scrap yard. The advertising standards people said it was too risque and that scrap yards are dangerous places to play; so it slapped a ban on the ad: You can see it now: Kid one: "did you see the Wanadoo ad?" Kid two: "Yeah it was so cool!" Kid Three: "Lets go play in the scrap yard to mimic that really cool ad" Kid Four: "Yeah I'd never thought about it before, 'cor ain't marketing wonderful" All Kids: "Yeah!" ... hmmm don't see it myself but at least it keeps them from hanging around outside shops beating up anybody who looks like they may have a brain. Sounds like a good idea actually.... Matt Oh good, another way for us to "protect" our children from everything under the sun. Of course a scrap yard is a dangerous place to play, but is banning the advert going to change anything? Too safe, too safe this society of ours. When I was growing up I had farms and farm machinery all over the place to play on, and trees to climb, and yes, scrap yards to bugger about in. I had all manner of places to play in, and also to get hurt in. A good thing, too. The sooner someone learns that falling out of trees leads to a sprained ankle, or that scrapped fire engines have all manner of sharp bits to graze knees on or whatever, the better as far as I'm concerned. Learning how to manage risk and danger is an essential skill that we all need. Take that away and before we know it, we've got adults that genuinely don't know that sticking your hands into the engine of a car is going to get messy. We're getting to grips with the fact now that an ultra-clean lifestyle actually depletes our ability to combat illness. The old immune system needs a run round the block occasionally (witness my excuse for living like a slob). Same goes for physical danger. I'm not suggesting we all give our kids live grenades to play with or anything, but let them graze their knees and sprain their ankles, let them earn the trademark tiny-scar-under-chin that surely anyone who ever had a BMX must have, before we end up living in 'Demolition Man'. Right, rant over, I'm off for a bit of a climb of that tree over there. George Speaking of stupid children, as we almost were, it was revealed this week that technology doesn't make for cleverer kids, in fact quite the reverse, according to the UK's Royal Economic Society: So, computers aren't a magical fix for the education system, and kids lose the ability to reason, eh? That's no surprise to me. Neither is the idea that our world is so awash with "facts", much of them contradictory, that "reasoning" becomes impossible and basic skills are lost. What I do find surprising is what appears to be a casual assumption that these two problems are linked. As regards the kids: before I worked as a techie, I worked in a library, and it wasn't unusual to see parents drop their kids off at the library and go out to work for the day during the summer holidays. The kids would spend the day talking to strangers in chatrooms. Hardly the most "creative" social activity - or the most wholesome, because nobody knows who they were talking to. (Naturally the library staff could do nothing whatsoever about this because the kids had their parents' permission to do whatever they wanted.) If this is typical of how many parents treat their children - and unfortunately it seems to be more and more so nowadays - then I think the problem most likely goes a lot deeper than too much computing and too little creative activity at school. As for "facts", various people have famously claimed as "facts" at various times: That the world is flat and is circled by the sun, that they have been abducted and experimented on by Martians, that their day-to-day fortune can be foretold by the movements of the planets, that O J Simpson killed his wife, that mobile phones are harmless, that GM crops are harmless, that asbestos is harmless, that thalidomide is harmless, that a human diet of cows fed on other cows is harmless, that cigarettes are good for your respiratory system, and that Saddam Hussein really did have weapons of mass destruction before we invaded Iraq. It's got to the point now where you have to be sceptical to the point of harmful cynicism about pretty much everything you hear, because there's no such thing as a "reliable source" anymore. Hardly an environment conductive to good reasoning skills. Two huge problems, both of which could do with fixing as soon as possible. But related? Nope, don't think so. Paul We had a lot of mail from you lot about the wisdom of mixing phones and petrol stations. Firstly, our thanks to everyone (and you are many) who wrote in to tell us about the Brainiac episode where the loveable pranksters filled a caravan with petrol and mobile phones, then rang the phones in an unsuccessful attempt to ignite the fuel. For those who missed it, a man jumping around in a shell suit later succeeded in generating enough of a spark to send the cursed vehicle to oblivion. Our thanks also to those who flagged up Discovery channel's Mythbusters programme, which has also demonstrated that mobile phone can't make petrol explode. Onward: You try and tell the brain-dead button-pushers that work in the petrol stations that. I've said for a long time that mobiles and petrol mix safely (obviously you can't dunk your phone in it and then use it, but you know what I mean) and even proven this to a forecourt attendant. But, since the sign was on the wall, he told me that unless I put my phone away he'd call the police. Treat 'em like zombies and they'll behave like zombies. Can't we just take the warning labels off everything and let society's stupidity problem solve itself? jola Surely you've seen the demonstrations - the spark from static in clothing *is* enough to trigger a petrol explosion. Rather than banning the use of mobile phones in petrol stations, it would be far more safety conscious to insist users of petrol pumps are naked. Dunstan If the mobile phone rumors are groundless then we have a likely cause of the sparks :-) Tim Bit of a late contribution this one, but a valid point nonetheless. You might remember the arrest, back in January, of a 14-year-old who, it was alleged, made a hefty £20,000 flogging non-existent gear from his website: Pesky Kids?? Certainly not much good at business? "Scam" nets £20,000 - No plasma TV's were ever shipped, so I assume no Plasma TV's were ever purchased from suppliers. So he took around £20,000 in sales (I assume through Paypal ... Or maybe cheques in post .... Seriously, tell me no online "payment processor" gave him an account!!!?) But - despite the fact that only (I assume) payments were processed, and nothing ever bought in or shipped out; WHY did he need an office and staff??! You see, this is the state of today's youth; when a simple telephone line and net connection will do - Yes, Granny's will be fine - The youth of today just can't be bothered ... Even the small amount of work involved in scamming a couple of hundred punters, and answering a couple of "worried phone calls" requires the lazy little things "getting help in". And I'll bet he wasn't employing UK located call staff was he!? The things they learn today - This outsourcing craze has gone far enough; offshore your Scam Operation with us, indeed!! Shameful - I suggest he is sent on a course from his local Business Link as swiftly as possible; that'll teach him! Andy No-one wrote in to tell us how impressed they were with the idea of two-factor authorisation. Oh, wait, they did: I read your article "Banks wasting millions on two-factor authentication" today and felt compelled to put ASCII to form field: Schneier's analysis here is flawed and sensationalist: 1. Bruce is wrong; two-factor authentication WILL fundamentally drive down fraud by forcing attackers to use synchronous rather than asynchronous attacks. The attack mechanism described by Schneier requires a synchronous, interactive connection from the attacker. This is a much less attractive proposition than the situation today where Trojans automatically harvest username/passwords for the attacker to use at their leisure. If I was a criminal I'd rather not wait up 24 hours a day on the off chance Joe Bloggs logs into his account at 3am so I can hijack his session. 2. 100% Security doesn't exist - Banks are in the business of risk management not risk avoidance. Introducing two factor authentication should stem the current tide. Even if criminals get significantly smarter and fraud levels recover, the introduction of 2-factor buys time. Time for other improvements to be realised that make Internet banking fraud relatively less attractive, e.g. increases in prosecution rates. Drew I would have hoped an "encryption guru" would realise that security isn't about making it impossible (you can't), it's about making it hard. Two-factor authentication may not be foolproof, but it does eliminate keylogger attacks and drastically limit the time window in which attacks can be carried out - from months to minutes. Of course attackers tactics will change, they always have and they always will, but that doesn't make two-factor authentication useless. I presume Bruce Schneier uses no security whatsoever, if he did it would "force criminals to modify their tactics, that's all". Time Others thought a bit more sun would solve everything. And why not? If hardware token two-factor authentication is vulnerable to man-in-the-middle attacks, then maybe it is time to remember old-fashioned one-time-password authentication, and either use that, or use hardware tokens in a similar fashion. My bank issues me a sheet of paper with a bunch of numbers on it: TANs, or Transaction Authorization Numbers. They're good for one and only one 'transaction' each - whether that be sending money somewhere, sending a message to my bank, or changing my login password. Every time I actually do anything with my account, I use up one of these TANs. That's in addition to login. Yeah, all I have for login is a user number and PIN - different from account number and ATM PIN, of course. But an attacker could not 'pass along' her transactions along with mine. She could, of course, replace each of my transactions with hers, while fooling me into believing my transaction had been processed. Tokens can be used in a similar fashion. The 60-second 'recycle' on most of them makes that aggravating if you're in a hurry - and if you cycle them every 20, old folks will complain. I'm fairly confident some 'boffin' can come up with a solution to that one, though. In the end, however, it's not ever-more-clever user authentication that will save us. What's needed is a way for the bank site to authenticate itself to me. Which is fiendishly difficult to do in a way that cannot be easily faked, and makes it blatantly obvious to my mom whether this is the online equivalent of the 'real bank building', or a cardboard fake of it. You know what? Forget all that online crap. Take a stroll down to the bank office and have a chat with the teller. It's nice and sunny out. Thorsten The threats mentioned are real, but I think Bruce is missing a couple of points. One of which is what kind of technology do we employ to prevent these kind of attacks? Should Banks require all Online Banking customers to install and connect through a VPN client? That takes away the flexibility of connecting from multiple locations. It also only prevents the man-in-the-middle attack and does nothing against the Trojan. I do not know of any technology right now that would stop that attack from working. Should we require users to have updated anti-virus in order to connect? Even that doesn't guarantee they are Trojan free. The second issue I have is that the most common attacks today collect passwords through phishing. They are easy to setup on someone else's server so that you are harder to trace. As long as these attacks still work I don't see why the criminals would change. I think that these attacks will remain common until enough Banks provide security measures make them significantly less profitable. Why move away from a nearly automated process until you have to? I also have to wonder at what point do we make the user responsible? Right now the courts are working on weather or not banks are responsible for keeping Trojans off customer workstations so I guess that may give us some answers. Ed Irish consumer group IrelandOffline was ranting this week that the emerald isle has some of the most expensive broadband in the world. There was no sympathy out there among Reg readers in the Seychelles, Gibraltar or South Africa: Oh, how amusing! 40 Euros for 512k broadband - expensive?! You have no idea... I work for a small international school in the Seychelles and we recently upgraded our Internet connection from dial-up to 'broadband'. Here's the deal (the best and only one available here!)... 256k link 4500 Seychelles Rupees per month There are SR10 to 1GBP - yes! That's £450 per month for 256k access!!! HAHAHAHAHAHAAHAHA! You lucky sods in Ireland don't know you're born! Steve I'm not sure the Irish realise just how lucky they are. Broadband prices in South Africa are in the region of £80 per month for a 512kb line capped at 3gb! Have a look at http://www.mybroadband.co.za and see just how unlucky and unhappy South Africans are! RH Heh - Ireland thinks they have it bad - try here in Gibraltar! £59 a month for a 512/128k line that's up and down all the time... Catherine (who's thankful her job pays for her home connection) Attendees at an Industrial Cyber Security Conference in London this week were warned, by AV vendors, no less, that without proper anti-virus technology, the world could very well come to a sticky end. The Register's own anti-virus industry watchdog thought their arguments might just be a little self-serving: I can see the OS Easter egg now. Hydro + Seattle + MS = Free MS, bartering for a worse tomorrow, I wonder how much money they keep from the economy? I hate rich people that beat taxes and leave it for us regular people to float the government that screws us in the end for the Corporations. Shane The thing that has me concerned here, is why would anyone be stupid enough to connect critical computer systems in utility plants to the outside world, especially via something as unnecessary as the internet. Let me guess, the plant operator needs to the computer to email everyone to let them know a meltdown is in process, or perhaps he just wants to play online games. Who knows? But my guess is that if the something as critical as a nuclear meltdown is in process, the people running the plant won't need an email to let them know it's happening. Whatever possible benefits using Windows boxes with easy network access, surely the downside is so far worse, that by even considering such a course of action you would have to be a/insane or b/on the receiving end of a massive bribe. There is no 100% effective way to secure a networked computer, especially one that has internet access. So what the f%&$ is going through these idiots brains when they decided to do away with virtually impossible to hack proprietary systems, and replace them with computers that can be attacked by script kiddies? Andy French news gatherers, the Agence France Presse, announced that it will sue Google for unauthorised access to its copy. The agency says Google is linking to its stories, and that this amounts to a breach of its copyright: I think Google should comply with AFP's demand. By blacking out the websites of all online publications that carry AFP content and referring anyone who tries to get to an AFP article page to a simple page saying "AFP doesn't want to be in our search engine. If this is a problem for you, the publisher's home phone number is xxx-xxxxx and his mobile number is XXx-xxxxxx) and the head of their law firm's home. . ." Publications will think twice about carrying AFP content if the price is exclusion from most of their potential readers and advertising income. While IMHO, AFP's case is completely without merit, the worst punishment that can be visited on a person or company is frequently giving them what they demand. Name withheld Just for giggles I went to AFP's website and was going to send them a nasty e-mail when I noticed the following on their contact page: N.B.: Any use of AFP services is prohibited without a licence from AFP Now it seems to me that I've just violated their TOS - if that's the proper wording here - by not having "a license to use their service" as no prior license was granted before I viewed their website. Seems like a really cheesy ( no pun intended ) way to generate a bit of publicity about your site. Maybe when I start a business I'll sue Google to stop indexing my site too, just for the free advertising. Dave Wouldn't a robots.txt file have been easier? Karl Finally, we have the latest on the almost unstoppable Rise of the Machines. The good news is that there is a means of defending ourselves from enraged French automobiles: pull the plug. Now. Before it is too late: Dear Mr. Haines, It is not only the French who make interesting cars. In the late 1960s I owned a 1962 Triumph Sports 6. It was designed so that it could be built either as a left hand or right hand drive vehicle without having to have too many left or right hand parts. The gas peddle was attached to a "Bordon" tube which went through the firewall to the throttle. A "Bordon" tube is a wire inside of a narrow hollow tube. The tube is fixed at each end and the wire can be pulled to move a component such as the throttle. This allowed the car to be built without left/right hand specific mechanical linkages. One evening while I was traveling, on an Interstate highway, the throttle stuck in the wide open position. I was doing 65 MPH, accelerating, and going down hill. I later realized that the wire was stuck or binding against the inside walls of the tube. At the time I had no idea what was going on. Pressing the gas peddle did nothing. The tube/peddle was at maximum extension and pressing the gas peddle did nothing. Putting in the clutch just made the engine race. After about a minute of panic I finally realized that I could simply turn off the ignition key! I did that, steered the car over to the side of the road, and caught my breath before starting to tinker with the wire attached to the gas peddle. I suspect that your Frenchman might have been able to fix his problem the same way - by turning off the ignition. Richard Young Dear Lester, The terrifying Gallic plot to enslave us all is slowly coming to the surface. After the would-be killer Renaults, we have French PM Jean-Pierre Raffarin (a man with all the charisma and sex-appeal of wet putty) speaking English with an accent last detected chez the late M. Distel. Does this mean I should immediately take steps to have my Agèd Mother locked up before she succumbs to this stealth-charm offensive. Yours from the outside of a rather nice half-bottle of Montbazillac ;) Rose Am I missing something, or has the Lizard Alliance conspired - dare I suggest coerced, even - Renault into replacing the ignition mechanism in the Laguna with something more easily controlled from the mothership, preventing the poor sap from simply turning off the ignition and coasting to a stop in neutral? Bill The plot certainly thickens. More letters later, so keep 'em coming. ®
Lucy Sherriff, 22 Mar 2005

Tiscali 'flogs French ISP'

Tiscali has flogged its French operation to Telecom Italia for between €250m and €300m, according to press reports. The acquisition of Tiscali's Liberty Surf unit should be signed on Thursday reports Il Corriere della Sera via AFX newswire. According to press reports a number of suitors - including Neuf Telecom, Cegetel and Deutsche Telekom - have all been sniffing around Tiscali France. For them, the acquisition of this major ISP would be a useful way to increase their subscriber base in an increasingly competitive market. Said analysts Ovum: "The valuation, number and identity of contenders tell much on the current state of the French ADSL market. The premium paid to win the third-ranking French player shows the competitive pressure felt by sub-scale players." For Tiscali, the motivation for flogging its French operation is simple. While it has already disposed of non-core country businesses such as Austria, Denmark, Norway and Sweden to raise cash, it does have the pressing matter of a €250m loan which needs to be repaid by the summer. ® Related stories 186k takes over 200 Tiscali UK VISPS Tiscali denies France sell-off reports Tiscali OKs H1 numbers Tiscali chops off Swiss arm Lycos Europe buys Tiscali Sweden Tiscali Norway flogged Tiscali flogs South African ISP
Tim Richardson, 22 Mar 2005

Scientists lighten up on dark energy

The universe is expanding at an accelerating rate because of ripples in space-time that stretch beyond the observable edges of the universe, according to a paper published in Physical Review Letters. This theory runs counter to current scientific thinking, which holds that so-called dark energy is responsible for this phenomenon. No one has ever seen any dark energy, but scientists think that it acts as a kind of anti-gravity, forcing everthing in the universe away from everything else. When Einstein first put his theories of relativity together, he included a cosmological constant, a number that accounted for this acceleration of the universe's expansion. He later referred to this as his greatest blunder, but his ideas have since been rehabilitated. But now, Edward Kolb of the Fermi National Accelerator Laboratory says that Einstein "was right when he said he was wrong", according to a Reuters report. Antonio Riotto at Italy's National Nuclear Physics Institute in Padova, who also worked on the research, told Reuters: "No mysterious dark energy is required. If dark energy were the size that theories predict ... it would have prevented the existence of everything we know in our cosmos." Instead, he says, the acceleration is an after effect of the big bang that has not been properly accounted for. However, the scientific community remains sceptical. Michael Turner from the University of Chicago actually coined the term "dark energy" and in 1990, co-authored a paper with Kolb. He says: "Their paper is going to get enormous scrutiny, and my own guess is that in the end, they'll be wrong." "But they may get the last laugh. And the interesting thing is, if they get the last laugh, I doubt that this is the only effect of these long ripples. We may have to make some other changes." ® Related stories Global particle accelerator gets the big chill CERN celebrates 50th birthday UK boffins sniff for Higgs boson
Lucy Sherriff, 22 Mar 2005

SCi launches bid for Eidos

UK games publisher SCi has made a rival bid for Eidos after the loss-making games company's board said it was recommending a bid from U2 vocalist Bono's Elevation Partners. The SCi offer amounts to £76.1m, just above EP's £71m bid, but would be transacted through a share swap rather than a cash purchase. SCi is offering six of its shares for each Eidos share. According to the Financial Times, SCi already has the support of Schroder's - with a 20 per cent stake in the publisher, it's Eidos' largest shareholder. SCi said it would issue extra shares to cover the swap. It would also attempt to raise £60.1m through a second share offer, with the proceeds being used to fund Eidos' revival. SCi reckons it can save £14m in costs by combining its operation with Eidos'. Eidos' board said it would "consider" SCi's offer in the light of other alternative courses of action, including EP's "recommended cash offer". ® Related stories Bono to buy Eidos EA to buy 20% of Ubisoft - report Eidos does due diligence on would-be buyers Eidos plunges into red Eidos confirms takeover talks Eidos issues profit warning Eidos snaps up IO Interactive
Tony Smith, 22 Mar 2005

Utah enacts net porn law

Utah's governor has defied criticism from technology firms and free speech activists to sign into law a bill designed to protect children from Internet pornography. The controversial bill (PDF)will require ISPs to block access to websites deemed "harmful to minors" on request. This blacklist will be drawn up by the state's Attorney General. ISPs in Utah have the option of blocking sites or providing customers with third=party filtering products unless they want to risk felony charges under the new law. The law states that: "Upon request by a consumer, a service provider may not transmit material from a content provider site listed on the adult content registry." Internet content providers that create or host data in Utah must properly rate the data or risk possible criminal charges. Local ISPs say the law is unnecessary. "The market has already provided a solution to this problem," said XMission President Pete Ashdown. NetCoalition, a lobbying group, says the measure will oblige search engines to display the rating of sites to Utah residents and is technically unworkable. Groups such as the American Civil Liberties Union go further and warn the bill violates the US Constitution's First Amendment on free speech and the Commerce Clause. Six other states have had similar legislation ruled unconstitutional, resulting in huge legal bills for residents, Media Coalition director David Horowitz told the Salt Lake City Tribune. The bill was drafted in an attempt to skirt constitutional concerns. Time will tell if the measures withstand legal srutiny. ® Related stories Orange shuts out adult content UK unfurls ratings system for adult content on mobiles The porn must go on - US Supreme Court Pakistan to distribute free Net Porn filters Aussies chew over enforced Net filters
John Leyden, 22 Mar 2005

Kill the Crackberry!

Symbian has licensed Microsoft's Exchange Server 2003 ActiveSync protocol and will in turn develop a plug-in for its phone manufacturers who license its operating system. The plug-in will be optional, but it will allow the manufacturers to build phones that support remote synchronization with Exchange with no extra license fees to Symbian. Of course, the manufacturers still need a development agreement with Microsoft, and IT shops who buy the phones still need a client access license or CAL for each unit they buy. It's foolish to say that Microsoft has made peace with Symbian, but the name that Redmond once dare not utter is no longer Enemy No.1. That dubious privilege, it seems, goes to our friends in Waterloo, Canada. Microsoft's communication protocols are simple internet standards obfuscated in complex RPC calls - Microsoft calls this its intellectual property crown jewels. So reverse engineering the protocols has traditionally been difficult for third parties. (Novell's Exchange Connector is one example of a workaround, screen scraping the results of Exchange's webmail.) Redmond's goal has been to sell more CALs and ensure the clients run a Windows OS - a double win. But as a consequence of the antitrust settlements Microsoft has been obliged to at least pretend to take interoperability seriously, and the EU is unexpectedly determined to ensure that Microsoft doesn't see licensing as yet another revenue opportunity. So the deal, which follows similar agreements with Symbian's largest licensee and shareholder Nokia, and PalmOne, removes one of the unique selling points for Windows-based phones. Until recently, Microsoft could argue that its Windows Mobiles were the only safe option for Exchange customers. So if it's selling CALs, it shouldn't mind seeing those two revenue streams shrink to one, if the one is larger than before, right? Wrong. In typically paranoid fashion, Microsoft sees its CAL revenue under threat, and for once, with some justification. Mail and calendaring isn't exactly rocket science in 2005 Microsoft's primary concern is really to stop the growth of the highly addictive "Crackberry". RIM servers currently sit alongside Exchange servers in the data center acting as a proxy. But Microsoft's fear is that its largest corporate users are becoming so reliant on the popular and expensive email sync service that they knock-out the Exchange server and keep using Blackberry Connect, with AN Other generic mail server underneath. This is something that Symbian is well aware of. Exchange can be used for much more than email and calendaring, and it's unlikely that customers can throw an Active Directory-based architecture overboard just like that. While no one in the Windows Mobile camp will admit it, Microsoft is prepare to see its client division take a bath in the short term to achieve what seems to be its primary goal in wireless right now: Get RIM. ® Related stories MS, Nokia in Valentine's Day headline bid RIM ships Blackberry Enterprise Server 4.0 Nokia aims to dominate mobile email Mac OS X gets Blackberry sync support PalmSource's sideways shuffle to Linux Symbian updates OS, toolchain
Andrew Orlowski, 22 Mar 2005