30th > March > 2006 Archive

For Sale sign detail

Joe-job spammers shift tactics to evade filters

Spammers are giving the old trick of joe-jobbing a fresh twist in a bid to fox email filters. Conventional joe-jobbing involves forging the sender's email address so that some poor innocent - rather than a spammer - has to wade through bounced messages sent to invalid email addresses. Instead of forging the sender's email address (a trick that's easily detected by anti-spam technologies) spammers are deliberately sending their messages to an invalid email address at a high profile company using a forged "From" address at a target company. The email is then bounced as an unrecognised email address and sent back to the "sender". Since the IP address and the email domain address now match, the junk email message stands a better chance of avoiding detection by some anti-spam technologies. Because of this there's a better chance that an item of spam will arrive in the inbox of end users. A spokesperson from the firm that identified the tactic, email security outfit SoftScan, said use of the tactic might lead to organisations abolishing the bounce back message. "No respectable company wants to see its domain name linked to spam. Although bounce back messages are helpful in letting senders know whether or not their message reached the recipient, in order to stop the abuse of their domain name, many companies are already starting to turn off their bounce back messages." ®
John Leyden, 30 Mar 2006

NASA probes underwater operations

Three astronauts and a doctor are being sent sub-aqua to try out medical techniques in a simulated space environment. Procedures developed by the NASA Extreme Environment Mission Operations project ('NEEMO' - bet that was a red letter day for the agency's pun lab) may one day be used in real space emergencies, the agency says. From 3 April to 20 April astronauts in the Aquarius underwater lab off the Florida Keys will be directed in surgeries by doctors thousands of miles away. Chest-burster stitch-up jobs and lightsaber amputations will be woefully neglected by the underwater med school. Also set for practice are "undersea moonwalking techniques". Sadly, pushing the frontiers of dance technology is not on the cards. Instead the team will learn lessons for future lunar exploration, such as construction using remote operated vehicles. NEEMO was originally scheduled for October last year, but was stalled by the hurricane season. ®
Christopher Williams, 30 Mar 2006
globalisation

IBM offers Sun-only price break on middleware

IBM's software team has cut Sun Microsystems server customers a price break of sorts. Those of you installing IBM middleware on Sun's new UltraSPARC T1-based servers will use a modified per-processor pricing model that attempts to deal with the unique nature of Sun's latest chip. IBM largely relies on a pricing model where one software license is required per processor core. This rule applies for IBM's own Power, Sun's UltraSPARC IV and HP's PA-RISC chips - all of which have two cores per chip. Sun's four-, six- and eight-core versions of the UltraSPARC T1 have cracked IBM's per core policy. Stick with us here because this gets a bit complex. You'll need two licenses for IBM middleware running on a four-core or six-core UltraSPARC T1s and three licenses for an eight-core chip. That compares, for example, to paying for eight software licenses on the eight-core chip under IBM's old model. Is this a real price break? We're not sure and doubt you are either. It all, of course, depends on the particular application. Sun has billed the UltraSPARC T1 as a gem for web server and application server loads, and IBM has plenty of middleware in that category. It seems that Sun customers will really benefit if the UltraSPARC T1 performs as well as advertised. If, however, an eight-core UltraSPARC T1 doesn't out perform three cores of Power, PA-RISC, Itanium or UltraSPARC, then you might be losing out because of more expensive licenses. IBM, incidentally, does give x86 chip makers Intel and AMD a break as well. Only one software license is needed for a dual-core Xeon or Opteron. IBM has been the most reticent major software maker to face the reality of multi-core chips, despite being the first major processor maker to produce a mutli-core chip. This position makes sense given IBM's large DB2 and WebSphere franchises. BEA, for example, stopped charging a 25 per cent premium for dual-core chips. Microsoft too has agreed to count multi-core processors as a single chip in per chip licensing schemes. Oracle seems to be doing better than IBM, although you need to purchase a supercomputer just to figure out different licensing scenarios. ®
Ashlee Vance, 30 Mar 2006
channel

Red Hat feels open source certification vibe

Red Hat has yet to release its first run of certified application stacks for Red Hat Enterprise Linux (RHEL) but already seems convinced it's on to something big. The OS maker has announced that it's looking into two more certification sets. Tim Yeaton, senior vice president for Red Hat's worldwide marketing, said Red Hat could introduce two more subscription-based services certifying open source and Java software for use with the company's Red Hat Enterprise Linux (RHEL) platform. Red Hat is contemplating this expansion ahead of planned delivery of its first three services that certify a brace of web and open source software components to RHEL. Red Hat's web application stack, Java web application stack and enterprise Java stack are due for delivery in the next few weeks. Stacks are seen as being the best way to ensure developers get to use the latest versions of web and open source software with the latest edition of Red Hat's Linux distribution. The theory is it's quicker and easier to update small stacks of software rather than wait for Red Hat to test and certify them with each release of RHEL. Testing and certification theoretically removes the need for customers to undertake integration work with RHEL to ensure the components all work together. Yeaton told The Register the stacks provide a greater degree of flexibility. Normally, Red Hat must decide at some point to lock-down development of each new RHEL release. The software packages that goes into the stacks, though, come from the community, meaning that they are in a constant state of change. "We can respond to what happens in the community. We could conceivably add stacks as other light technologies come to the fore," Yeaton said. Red Hat apparently hopes the stacks will help funnel developers and customers, using a brace of popular open source and web technologies, towards the RHEL platform. Red Hat's first stacks tackle Linux, Apache, MySQL and Perl/PHP/Python (LAMP) in addition to the Postgres open source database, Apache Tomcat serverlet and JSP container, and ObjectWeb Consortium's JOnAS application server. Yeaton said Red Hat had picked these components following requests from customers, while it expects the LAMP stack to become pervasive among developers. "We observed in the Java community there are a number of frameworks that are very popular with developers. We wanted to respond... it was a way to provide support without tying customers in to the RHEL release model," Yeaton said. Testing and certification of open source components takes Red Hat into the same market as start-ups SpikeSource and SourceLabs. These companies are trying to build services businesses that offer customers stacks of open source software that they have pre-tested and certified. Red Hat differs in its approach to SpikeSource and SourceLabs by certifying only to its Linux distribution. SpikeSource and SourceLabs are going for a broader market, which includes other OSes.®
Gavin Clarke, 30 Mar 2006
8

Of Infocard: Who keeps an eye on the guardians?

Nick Kew has raised an interesting point re: Mary Branscombe’s InfoCard piece. It touches on “quis custodiet ipsos custodies” - who will keep an eye on the guardians? Do you have to have an unblemished reputation in order to manage identity and security? Probably not, in theory – but I bet you won’t get much buy-in from the general public (or, I hope, the press) if your past behaviour is dodgy.
David Norfolk, 30 Mar 2006
1

Reports of death of MS Passport exaggerated

Another hare started from Mary Branscombe’s InfoCard piece. Chris Overd emails to point out that its first sentence "is rather misleading. InfoCard is not, in any shape or form, a replacement for Microsoft Passport". In support, he points at a blog posting from Trevin Chow here.
David Norfolk, 30 Mar 2006

BT Retail to increase call charges

BT Retail is to increase the minimum cost of all calls from 1 April, according to information seen by El Reg. The minimum call charge on all consumer phone and VoIP calls is increasing from 5p to 5.5p (inc VAT) to bring prices in line with the current evening and weekend tariff of 5.5p for calls lasting up to one hour. Business punters can also expect to see the cost of connecting a call rise from 4.2p to 5p (ex VAT). BT is also planning to tinker with international call rates, which comes into force from 1 April. Asked to comment on the implications of the price rise, a spokesman for the telco told us: "We are reviewing the price of minimum calls and we will make an announcement in due course." In January, BT increased the cost of renting a phone line by 50p from £10.50 to £11 a month. ®
Tim Richardson, 30 Mar 2006

Directive to switch off hate TV in Europe

EU broadcasting regulators last week welcomed the commission’s proposals to update the Television Without Frontiers Directive of 1989, partly because they will help in the fight against the incitement of hatred. Last updated in 1997, the directive was instrumental in ensuring that viewers and listeners in all member states were entitled to access broadcasts from any other member state. It also harmonised rules relating to broadcast advertising, the protection of minors and the right of reply. But since the last review of the directive, new advertising techniques, such as split screen, interactive advertising and virtual advertising, have developed, and problems in applying the existing, old-fashioned rules to these new technologies have arisen. The commission set out its plans to update the directive in December, focusing on the need to reduce the regulatory burden on Europe’s providers of TV and TV-like services and to allow them more flexibility in financing their productions. It also hopes to replace disparate national rules on the protection of minors, incitement to racial hatred, and surreptitious advertising, with a basic, EU-wide minimum standard of protection for audio-visual on-demand services. The hatred issue was highlighted in December 2004, when the French "Conseil d'Etat", the highest administrative Court in France, ordered the French-based Eutelsat Company to shut down broadcasts from a Lebanese TV station known as Al Manar, following accusations that its programmes were anti-Semitic and could incite hatred. According to the commission, although legally registered as the Lebanese Media Group Company in 1997, Al Manar has belonged to Hezbollah culturally and politically from its inception. In December 2004, the US Department of State put the station on the Terrorist Exclusion List due to the channel's "incitement of terrorist activity". Discussing the directive at a meeting last week, regulators from the 25 EU member states and Croatia, Turkey, Norway and Liechtenstein, noted the growing economic and societal importance of new on-demand audio-visual media services and of ensuring freedom of expression in such media, but also discussed the danger that they could become the next vehicle of hate. The updated directive, they said, will prohibit incitement to racial or religious hatred - not only for broadcasts, but for all audio-visual media services, irrespective of the technology used to deliver and view them. The regulators also supported plans to launch a new EU Intranet Cooperation Forum as an effective means to combat clear cases of incitement to hatred in broadcast and audiovisual media services. The forum would respect the freedoms enshrined in the EU Charter of Fundamental Rights and the need for judicial scrutiny of such interventions by broadcast regulators, according to the commission. "Cooperation between broadcasting regulators and the European Commission is extremely important for the future of the audiovisual landscape in Europe" Information Society and Media commissioner Viviane Reding said. "The basis of our cooperation must be – first of all and most important – freedom of expression and freedom of the media, as cornerstones of our pluralist democratic society in Europe; cultural diversity; and the commitment to our common European societal values, which leads us to jointly fight against clear forms of incitement to racial or religious hatred in the media." See: The Draft Directive (18 page/13MB PDF) Copyright © 2006, OUT-LAW.com OUT-LAW.COM is part of international law firm Pinsent Masons.
OUT-LAW.COM, 30 Mar 2006
cloud

BT opens IT helpdesk for home users

BT's offering punters a new telephone support service to tackle all their IT problems. Called BT Home IT Advisor, the helpdesk service costs £9.99 a month for help on a range of issues such as setting up broadband connections, wireless networking, identifying and removing viruses, and fixing faults. Alternatively, if customers don't want to subscribe to the service they can stump up £25 to get help solving an individual problem. The telco says the service is staffed by specially trained teams of techies who can provide a host of support for hardware, software, broadband or other IT issues. The helpdesk is manned between 8am and 11pm. Last June, BT unveiled a similar product aimed at small businesses that offered "corporate grade" IT support. At first the telco said the staff manning the helpdesk were BT employees based in the UK and that the service was not outsourced to another company or run from a centre overseas. However, it later emerged that BT staff were not behind the service - it was outsourced to ClientLogic. We're still waiting for BT to return our call and confirm who is behind the BT Home IT Advisor service. ®
Tim Richardson, 30 Mar 2006

Another delay for .xxx domain

Plans to approve the creation of a controversial .xxx top-level domain (TLD) at an ongoing meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) in New Zealand have been dashed, according to reports. United Press International says the US Commerce Department has raised objections to the domain, expressing concerns about the mechanisms for running the domain put forward by the domain’s proposed operator, ICM Registry. The Dominion Post first reported the story. ICANN first considered and refused an application for the .xxx suffix five years ago. But in 2004 a non-profit entity called the International Foundation for Online Responsibility (IFFOR) submitted another application for the domain. The group intends the .xxx domain, which would be run by ICM Registry, to cater for responsible adult-orientated websites. It hopes the domain will help to protect children from exposure to internet porn, while also having a positive impact on adult entertainment through voluntary efforts of the industry. ICANN gave preliminary approval for the adults-only label in June 2005, but immediately faced a storm of criticism. Members of ICANN's Government Advisory Committee advised the ICANN Board by letter that there was a "strong sense of discomfort" about the proposed domain, and that some governments were intending to contact ICANN directly about their concerns. Final approval was expected in August, but it has not been forthcoming. In December, ICANN announced that it had indefinitely delayed a decision on the domain. But according to reports, supporters of the domain had hoped that the issue would be discussed at the ongoing ICANN meeting in Wellington. Separately, US Democratic Senators Mark Pryor and Max Baucus introduced legislation earlier this month to require websites with adult content to have a .xxx domain that only adults can access. The legislation, the Cyber Safety for Kids Act, would require the Secretary of Commerce to negotiate with ICANN to develop a special domain name for websites containing adult content. Under the proposed Act, companies that fail to register with the new domain within six months would be subject to civil penalties. "By corralling pornography in its own domain, our bill provides parents with the ability to create a 'do not enter zone' for their kids," said Pryor at the time. See: The UPI report (hosted by Monsters and Critics) Copyright © 2006, OUT-LAW.com OUT-LAW.COM is part of international law firm Pinsent Masons.
OUT-LAW.COM, 30 Mar 2006

ID cards sorta compulsory

ID card opponents lost a key battle in Westminster last night, after a month that has seen the Identity Card Bill tossed between the Commons and Lords. MPs and peers found a compromise over their long-running disagreement over whether ID Cards should be compulsory: they made them sort of compulsory. Lord Armstrong, a respected cross-party peer, rescued the two houses from the embarrassment of a prolonged squabble by carving out a compromise amendment that everyone could agree on before they all packed up on Thursday for a two and a half week Easter holiday. The original proposal, that anyone who renewed their passport would be forced to get an ID card as well, has been held off for just four years until January 2010. People can choose to opt out for now, and there might now be time enough for civil liberties campaigners to build a stronger base of opposition to the rollout. However, people who renew their passport will still have their details entered on the National Identity Register, the mother of all government databases, a biometric database to which the cards are just the public face. Throughout the protracted ID debate in Westminster it has been pointed out time and again that the database is what really scares them. ®
Mark Ballard, 30 Mar 2006

Drunk driver fingers Shania Twain

Here's a top tip if you're ever pulled by the cops while driving your pickup truck down a busy Ottawa street while legless - you can try and avoid criminal charges by claiming that Shania Twain was helping you drive. That's exactly what Matt Brownlee did - and a judge this week ruled that the 33-year-old "was not criminally responsible for his actions because he suffers from delusions that celebrities such as Twain are communicating with him telepathically". The beak didn't take Brownlee's word for it, however, as CBC news reports. The judgement was based on "several psychiatric assessments" by experts at Brockville Psychiatric Hospital where he has been undergoing tests since last autumn. Brownlee had pleaded not guilty to four charges, including "impaired operation of a motor vehicle and driving while disqualified". The disqualification dates from 1996, when Brownlee was jailed for seven years and banned from driving for life when, while driving with a blood alcohol level three times the legal limit, he killed an Ottawa woman and her 12-year-old son. During the latest court hearing, a psychiatrist testified that Brownlee suffers from "psychosis and mood disorders resulting from a brain injury caused by the 1996 car crash". Brownlee now faces another assessment at Brockville Psychiatric Hospital, the result of which will determine how much of a risk he poses, and whether he should be "detained in hospital, released under supervision in the community, or given an absolute discharge". ®
Lester Haines, 30 Mar 2006
For Sale sign detail

Nokia staff jacked by Ernst & Young laptop loss

ExclusiveExclusive When Ernst & Young loses a laptop, it doesn't mess around. The Register has learned that the same missing system with personal information on Sun Microsystems, Cisco, IBM and BP workers also contained data on Nokia's US staff. A Nokia source notified us that he received a letter from Ernst & Young detailing the accounting firm's loss of his personal information. An Ernst & Young spokesman then confirmed that the laptop was "the same" machine with thousands of Sun, Cisco, IBM and BP staff data, including their ages, social security numbers, tax identification numbers and addresses. Ernst & Young continues to maintain that the laptop poses little risk as it was password protected. Some rather prominent security folk, however, dispute Ernst & Young's contention. This letter comes from a top security expert at a very, very large technology company. We've agreed to protect his identity. I am a former Partner of Ernst & Young's Technology & Security Risk Services practice for the Greater China region and was a Senior Manager for the US practice in the same area. I am horrified at what I have read about this rash of laptop losses since all the Big 4 firms have the technical talent and general security knowledge to know that passwords alone are not nearly secure enough and you don't leave laptops with sensitive data lying around anywhere! While at E&Y we, at least my team, was required to keep sensitive data secure. Never leave laptops around even in the office, use cable locks or lock them in cabinets out of site in addition to using bios passwords and encrypt sensitive data. Why is this data residing on laptops when it can just as easily be controlled on a secure server with secure, authenticated (2 factor) access and full audit trailing? Finally, when it came to laptop losses in my region of Greater China or in the US, rarely was the theft merely a coincidental theft. Many such thefts are targeted; maybe some further investigation is necessary here. I confirmed this informally a while back with friends at KPMG and PwC. Every major security journal, yours included, has noted the movement from shotgun style hacker attacks to pin-point ID thefts. Real criminals are getting involved in this very lucrative business and a loose laptop is obviously a prime target. I note that many of these Big 4 pros carry laptops in "Big 4" logo marked laptop bags - hey, why not just put a sign on the bag saying 'likely sensitive data on board, steal me!' My bag is, and always has been, basic black and does not leave my side. In fact, many of the above Big 4 firms report annually security surveys about precisely these trends in security. At the very least, I would have expected some managing partners of these firms in the US and other partnerships around the world to immediately advise staff of precautions to take with this critically sensitive data and for the partners to be transparent about it. Isn't that what they are requiring of companies via SOX and other audit requirements related work? Isn't transparency and accountability what they talk about everyday? Why aren't they being held to the same standard they require of all their clients? Best regards, [Name Supplied] The points raised in this letter are key. Ernst & Young has refused repeated requests to provide more information as to why an employee left this laptop in a place where it could be stolen, and if anyone has been held accountable for the incident or what measures it's taking to prevent future problems. In addition, the company has maintained a code of silence around the incidents, instead of coming forward in a transparent manner as it would have customers do. Ernst & Young has only admitted to these laptop losses on a case-by-case basis after being confronted by The Register in our string of exclusive stories on this matter. The company was also outed as having lost four more laptops last month in Miami when a police report was made public. Oddly, no other major publication has reported on the Ernst & Young incidents. The mainstream press, however, rushed to follow on our revelation that Fidelity had lost a laptop containing data on 200,000 HP workers. ®
Ashlee Vance, 30 Mar 2006

First phase of public service transformation underway

The Cabinet Office has published its Transformational Government implementation plan, outlining a range of targets for July 2007. Among its priorities are for government departments to plan for more data sharing, the creation of a UK geographical information system strategy, and the incorporation of service transformation into departmental comprehensive spending reviews. The plan, published on 29 March, also outlines phases of work that span to the end of 2011 and beyond. But it provides most detail for phase one, which runs until the middle of next year, breaking down the plans into streams for customer focus, shared services and professional focus. For the customer focus stream it notes that the Service Transformation Board (STB) and Service Design Authority have already been created, and the first two customer group directors appointed to coordinate cross-agency working for older people and farmers. The latter's activities will be reviewed and three further appointments will be made by November this year. The same deadline has been set for the STB to act as a clearing house for intitiatives, and for an agreement on an overall channel architecture and plans for reducing the number of government websites. These will feed into the departmental spending reviews by July of next year. In the shared services stream, a number of measures are meant to be in place by November: a roadmap for a common infrastructure; implementation plans for sharing human resources, finance and corporate services in nine sectors of government; guidance on security policy; identity management frameworks; interoperability for secure email to encourage inter-agency working; a reference model for standard enterprise architecture; an agreement on interface standards; a standard technical architecture for data sharing. Looking to next year, the priorities for this stream are that departments incorporate the findings of the Cabinet committee on data sharing into their planning and service delivery, and the publication of the UK geographical information systems strategy. This year's plans for the professional focus stream include the adding of innovation skills to the competency frameworks for IT professionals and civil servants, a standard business model for innovation development, and the creation of an innovation database. By July of next year these should lead to departments sharing research, ideas and information more widely, and a more systemic approach to innovation. Looking to the period between 2007 and 2011, the plan emphasises the desire to build up the shared services culture and tailor public services around people and businesses. The Cabinet Office also expects finance and service benefits, and wants to see a new culture reflecting the changes embedded in government. It also talks of further radical change beyond 2011, in which the boundaries between the different areas of government would become less apparent to people and businesses. This would involve a much wider use of technology in which people serve themselves and policy makers use it in service design. Cabinet Office minister Jim Murphy said: "We gave an undertaking when we launched the strategy last autumn to publish this implementation plan by April. In doing so we have reached another important milestone that shows how our ambitious public service transformation programme is not only on track but making good progress. "We have already appointed our first customer group directors. For example, the chief executive of the Pensions Service is leading a series of cross-cutting initiatives to address services for older people. Pilot workshops for the IT Academy have been run, providing real development opportunities for IT professionals. "There is clearly much to do, as the plan shows, but we are laying the foundations for radical change which will ultimately benefit our customers." The Transformational Government strategy was launched in November 2005, and an annual report will be published in November 2006. The Chief Information Officer Council and Service Transformation Board have responsibility for taking the strategy forward on a day to day basis. This article was originally published at Kablenet.
Kablenet, 30 Mar 2006

Navman intros 'navigation-by-pictures' GPS kit

Navman today revamped its dedicated GPS navigation kit, launching three new low-end, mid-range and top-of-the-line models - the latter with a 4in widescreen display, the first in a device of its class, the company claimed - along with an RDS traffic data system and a new look that places some clear blue water between Navman's products and their more gizmo-like rivals.
Tony Smith, 30 Mar 2006

The man behind OSSTMM

Pete Herzog, founder of ISECOM and creator of the Open Source Security Testing Methodology Manual (OSSTMM) talks with Federico Biancuzzi about the upcoming revision 3.0 of the OSSTMM.
Federico Biancuzzi, 30 Mar 2006

Japanese tune into quasar encryption

Japanese scientists are proposing the use of random radio pulses emitted by quasars as "one time pads" for the encryption of sensitive messages, New Scientist reports. Ken Umeno and his chums at Tokyo's National Institute of Information and Communications Technology reckon quasars could be useful in cryptography because "the strength and frequency of the radio pulses they emit is impossible to predict" - thereby making them truly random in contrast to computer-generated "pseudo-randomness" in which patterns will inevitably be revealed over time. Umeno told New Scientist: "Quasar-based cryptography is based on a physical fact that such a space signal is random and has a very broad frequency spectrum." Umeno's team proposes that the two parties wishing to encrypt - and subsequently decrypt - use "an agreed quasar radio signal to add randomness to a stream cipher - a method of encrypting information at high speed". Knowing which quasar to monitor and when would be the only information required to enable the secure communication. A third party without this knowledge would find it impossible to decipher the transmission. Umeno cites international financial institutions, governments and embassies as possible users for the system. The advantages are, he says, that the method "does not require a large radio antenna or that the communicating parties be located in the same hemisphere, as radio signals can be broadcast over the internet at high speed". The possible pitfalls? Markus Kuhn of the University of Cambridge noted: "It is easy to play tricks with reception antennas...an attacker could mimic a radio signal and gain a lot of control over the signal that the receiver can see." Bruce Schneier of Counterpane Security chipped in: "This is interesting research, but there's no reason for anyone to use it in a practical application. Furthermore, this is a brand new idea. Why would anyone want to use something new and untested when we've already got lots of good cryptography?" The Japanese researchers collected quasar signals using their own Very Long Baseline Interferometry antenna. They've filed two patents: one covering encryption and decryption of messages and a second "for generating digital signatures that can be used to match messages or files to a person". ®
Lester Haines, 30 Mar 2006
fingers pointing at man

Trojan row over spouse monitoring software

A commercial product that records information about an individual's mobile phone calls and SMS messages before sending them to a remote server has been labeled as malware by security researchers. FlexiSPY is described by Finnish anti-virus firm F-Secure as the first Symbian Trojan spy. The firm behind FlexiSPY, Thai-based Vervata, denies this accusation. Vervata markets the software as a tool for trapping errant partners. FlexiSPY Light, which costs $49.95, is sold as an "activity monitoring" utility. Vervata goes on to describe the software as "the world's first spy application designed and built exclusively for the mobile phone" that is "absolutely undetectable by the user". It promises the development of a more powerful version of the program that relays conversations in real time as well as versions of FlexiSPY that work on BlackBerry and Microsoft Pocket PC-powered mobile devices. In a statement, Vervata said that F-secure was incorrect in labeling its software as a Trojan. "FlexiSPY is not a Trojan, nor a virus and does not require the purchase of F-Secure Mobile Anti-virus products to remove it. An uninstall option is provided for the user, so the application can be removed at any time. Configuration settings are also available to allow frequency of connections, thereby allowing the user to minimise network connections to once daily if required." Vervata points out that its software is incapable of spreading automatically. "FlexiSPY is activity monitoring software that needs to be consciously installed by a human, who knows exactly what the software does. It does not self replicate, it does not pretend to be something it is not, and it always requires conscious human action for installation. "Like any other monitoring software there may be a possibility for misuse, but there is nothing inherent in FlexiSPY that makes it illegal or malicious. F-Secure's comments categorising FlexiSPY as a Trojan are completely incorrect," it added. Contrary to Vervata's claims that FlexiSPY is a useful tool for catching cheaters, F-Secure argues that because the application installs itself without any kind of indication as to what it is and hides from a phone's user, then it ought to be treated as malicious code. F-Secure points out that spying on the private conversations of other people is illegal in most countries. The storage of personal information on Vervata's servers also gives cause for concern. F-Secure warns that hackers might use the FlexiSPY software to develop malware. "The application [FlexiSPY] could easily be used by malware installing it as part of its payload, or a hacker could simply send it to a victim over Bluetooth and trust that there are enough curious people to install it," Jarno Niemela, a researcher at F-Secure's Labs, writes. F-Secure has added detection for FlexiSPY into its Mobile Anti-Virus software so that any user who has a phone that has been "infected" with FlexiSPY will get a warning that someone is spying on them. ®
John Leyden, 30 Mar 2006
arrow pointing up

AMD readies Opteron 2xx, 8xx speed bump

AMD will next week take its single-core Opteron 8xx and 2xx families to 3GHz and speed-bump the dual-core line-ups, it has been claimed. The move will see the arrival of Opterons with model numbers 256, 290, 856 and 890.
Tony Smith, 30 Mar 2006

Chinese invade Antarctica

Chinese researchers just back from a four-month jaunt to Antarctica's eastern extreme have announced their intention to name 46 newly-surveyed islands after notable "scholars, politicians, emperors and artists", Reuters reports. Accordingly, a new map due to hit the streets in 2007 will feature a veritable land mass of new titles - possibly including Confucius and Mao Zedong, although probably not Chiang Kai-shek. Expedition scientist Zhao Yue told state media: "This first map will be a landmark contribution made by China to the world in Antarctic research." Whether Google and Yahoo! have made the 160-strong shortlist for Antarctic immortality - based on their immeasurable recent contributions to the advancement of democracy in China - is not noted. ®
Lester Haines, 30 Mar 2006
channel

Packet-sniffing techie uncovers spousal infidelity

Technology has been instrumental in ending yet another long-standing relationship. Hot on the heels of tales of a woman who blames a bug in Firefox for exposing the flaws in her relationship with a fiancé and a man whose relationship was hit by the spam filtering shortcomings of Thunderbird, comes the story of a software programmer who unearthed evidence of his partner's infidelity using Ethereal, the packet sniffing software. Len Holgate usually writes about Windows software development and programming in C++. But in a break from the norm he recently wrote about how he installed (with some difficulty) a packet sniffer on his network after becoming suspicious that Michelle, his partner of 17 years, was cheating on him. "The sniffer provided me with evidence that Michelle had been having an affair since mid-January. I confronted her and we decided to try and see if we could 'work it out' during our ski trip to Colorado. During the trip I decided that the relationship couldn't continue and so on our return she moved out. We're currently doing the separation of assets thing. We hope to be able to remain friends. Since I don't hate her, I figure that nobody else is allowed to," Len writes. The coder offers the following sage advice to the less technically adept: "If you plan to use technology when cheating it's probably best to understand the technology involved better than the person that you're cheating on," he adds. We'd add that if you maintain any kind of relationship you might want to throw out your computer and mobile and invest in an abacus, if recent Reg stories (and a thread on digg.com generated by Len's post) are anything to go by. ®
John Leyden, 30 Mar 2006
fingers pointing at man

AMD re-schedules dual-core Turion 64 debut?

AMD may have put back the release of its anticipated dual-core Turion 64 X2 mobile processors to June, sources cited by website DailyTech have alleged. If the chip maker does indeed delay the chips' debut, it's also likely to reschedule the release of the parts' single-core siblings, the report claims.
Tony Smith, 30 Mar 2006

Techscape: what in the world is going on?

OpinionOpinion What in the world is going on in the tech sector? I'm a little concerned, and perhaps you are too. Even if you're not, in such a rapidly changing industry, it's worth stopping every now and again to have a look at the overall picture. So, where have we been and where are we going? The computing sector was plugging right along in the 70s, 80s and early 90s, albeit almost completely monopolised by IBM and Microsoft. People seemed happy with the way things were going, unaware that just around the corner the invention of the internet would change the world. The internet brought new competition to the tech sector and leveled the playing field for smaller enterprise. Surprisingly, Microsoft was late off the mark, thinking the internet wouldn't come to much. The internet also held much promise, and the arrival of email seemed the best invention yet. The government, who financed the invention of the internet, sought to regulate and maintain some control over and ownership of it, citing national security or a need to police criminal activity. But society wanted to maintain the independence of the internet, and this struggle still continues today. With the rise of the internet came ecommerce. Brands like Netscape, Yahoo!, Amazon, Priceline.com and more recently eBay, Salesforce.com and Google emerged. Cisco Systems came out of nowhere, springing up and threatening the supremacy of giant industrial companies. Then followed an era of rampant consolidations and acquisitions. AOL bought Time-Warner; Steve Case bought one of the world's largest media companies with what was once his little tech start-up, and Cisco Systems acquired hundreds of companies creating founder-billionaires. It was a wild ride for those in the right place at the right time. But then came the "Tech Wreck", "Dot-com Debacle", or "Telecom Meltdown". Beginning in March 2000 and continuing for more than five years, the NASDAQ composite lost 78 per cent of its value. Public sentiment was a matter of wishful thinking: "It'll get better soon; it has to". How do we account for this implosion? What did we learn, and how can it ensure it never happens again? If you believe in the adage that "those who cannot remember the past are condemned to repeat it", then we will undoubtedly be experiencing this same fate at some point in the future. I saw a magazine cover recently, its lead article about the perceived return of the tech sector to health and wealth, which boldly claimed: "Happy Days are Here Again". I don't buy it. I think the renewed spending by IT purchasers is temporary, certainly not permanent. This could easily be creating a red herring that, when factored in with the absurd prices being paid again for giants acquiring ants, could ruin everything again. Tech Wreck 2.0? If you are as apprehensive as I am about what this new-found consolidation means, and what it means to the workforce, middle-management or even tech entrepreneurs when eBay buys Skype; Oracle buys Peoplesoft and Siebel; or when tech giants such as RIM and Nokia are getting sued by small companies claiming they've had their IP ripped-off; then you'll welcome this visit to what can happen when we all lose our heads and forget any kind of common sense. Because things are crazy right now; a little too crazy. Bill Robinson may be reached at: bill@relentlessmarketing.com
Team Register, 30 Mar 2006

Tories promise to ditch ID Cards

The Conservatives will scrap ID Cards if they win the 2010 election, shadow home secretary David Davis promised last night. The House of Lords and the Commons cobbled a quick compromise together to end their protracted dispute over the Identity Cards Bill in time for their Easter holidays, which settled on ID cards being sort of compulsory until just before the next election, when there would be no choice in the matter. It was a compromise over which opponents to the ID scheme in both houses expressed regret and disappointment, but was nevertheless voted through and sent for royal assent. The Conservatives, however, raised a standard to revivify campaigners against the cards. "While I recommend that my party support the amendment, let there be no doubt that my first act when I take over as home secretary after the next election will be to do away with the Bill," declared shadow home secretary David Davis in the Commons last night, after telling Conservative MPs to vote in support of the compromise amendment. "It is still an unwarranted intrusion on the privacy of the individual," he said. "It is still ineffective, costly and potentially dangerous. It is still a massive reversal of the relationship between the citizen and the state." Stewart Hosie, MP for Dundee East, declared the Scottish National Party's intention to continue resisting the imposition of the National Identity Register, the biometric database on which the new legislation makes it compulsory for all British citizens to be recorded. The significant impact the cards would have on day to day British life, and even the British character, made it difficult for many MPs to accept the legislation, even though most of them voted for it (301 to 84). "The introduction of identity cards will usher in one of the most far-reaching changes in British public life in recent times," said Nick Clegg, Liberal Democrat MP for Sheffield, Hallam. "It will change, unalterably, the relationship between the individual and the state by massively increasing the quantity and scope of information held centrally by the Government on each and every British citizen," he said. "It will revolutionise the capacity of the state to monitor the movements and behaviour of each and every one of us. It erodes privacy, and in extremis it will curtail freedom," he added. It was a day for swan songs fit to stun the reaper. In the Lords earlier, Lord Thomas of Gresford repeated a rallying cry often heard during the course of this debate, for the "traditions of liberty and freedom which are at the heart of the British constitution". ID Cards demonstrated that in Britain the state was shifting from one that protected the inalienable right of every citizen to liberty, to one motivated by fear to create an authoritarian state, "on the basis of secret information that it does not disclose". Further evidence of that shift could be found in the way the government had sneaked the compulsory element of ID cards in behind an electoral promise that they would be voluntary, he said. Government's failure to provide evidence that the cards would protect people from terrorism and crime before they foisted them on the British people also smacked of authoritarianism, Lord Thomas said. He also made reference to the terrorism and criminal justice bills, in which compulsion was also the "keynote". The word "must" appears in the identity cards bill 62 times, which might be expected from a bill designed to give the state more power to tell individual people what to do and how and when to do it, with whom, and where. There would have been be more musts still had it also contained restrictions on how these powers might be used. There would have been yet more musts again had the government not parried opposition attempts to impose the principle of transparency on the government - and therefore a stronger likelihood of probity - in the way in which the ID system is developed, deployed and used. ®
Mark Ballard, 30 Mar 2006

Thus integration going to plan

Plans to fold Your Communications and Legend Communications into Thus are going just swimmingly. Two months ago, Thus announced plans to splash out more than £70m on the pair to bulk up its business. And it seems Thus, which is perhaps best known for its Demon internet brand, is happy at the way the integration is proceeding. It also confirmed it was still on target to reap more than £25m in annual operational cost synergies, even though it means a one-off cost of around £30m over the next 12 months. Of course, those "operational cost synergies" include the airbrushing of some 280 jobs (around 15 per cent of the enlarged workforce) to erase any duplications. According to a trading update issued by the Scottish telco today, total revenue for the year is anticipated to exceed £370m, an increase of around 10 per cent compared to revenue from continuing operations last year. EBITDA before exceptional integration costs is expected to be in the region of £40m compared to £38m the previous year. "The company is experiencing increased demand for new generation services but remains cautious on the market structure and pricing for telecommunication services in the UK market," it said today. "Nevertheless, the board remains confident that trading within the enlarged group remains in line with its expectations for the next financial year." ®
Tim Richardson, 30 Mar 2006

Asbo total hits 7,356

The Home Office has revealed that a total of 7,356 Asbos (AntiSocial Behaviour Orders) have been slapped on English and Welsh miscreants since their introduction in April 1999, the BBC reports. Home Office Minister Hazel Blears called antisocial behaviour a "harrowing experience" which "no-one should have to endure". The impressive figures demonstrated that "the police and the courts are not hesitating to use Asbos to clamp down on the problem". Between July and September 2005, judges issued 816 Asbos - compared to a modest 54 during the same period in 2004. Even that impressive tally couldn't match the period from April to June 2005, when 948 ne'er-do-wells found themselves asboed. Blears expressed herself "extremely encouraged" by the figures, adding they would send "a clear message to those people who persist in bad behaviour". ®
Lester Haines, 30 Mar 2006

IPTV set for £1bn future

Broadband TV could become a billion pound industry in the UK if providers get it right, according to research outfit GfK NOP. A survey of 1,600 people found that one in three UK broadband users would be interested in downloading content. However, IPTV providers need to remember that viewers won't be prepared to pay through the nose for such a service, with £25 a month the top price people would be prepared to fork out. But price isn't the only issue. Any IPTV service needs to be idiot-proof and content has to compelling. Selling the service on the basis that it's "TV over broadband" as opposed to "TV" would be a real turn-off for consumers. "Our research undoubtedly points to good demand for broadband TV, so the outlook for providers in this area is extremely positive," GfK NOP spokesman Niall Rae said. "It is key, however, that pricing, usability and marketing strategies are at the centre of this emerging market in order to ensure it doesn't become yet another over-hyped technology which fails to reach its potential." Earlier this month, consulting firm Frost & Sullivan published its own take on IPTV declaring that while broadband TV is likely to become "a valid alternative to cable and satellite TV over time", it warned that "IPTV may not be an immediate success throughout Europe". ®
Tim Richardson, 30 Mar 2006
graph up

SMBs eye up big boys' storage

Small and medium sized firms are ready to stump up big bucks for higher end storage set-ups, if the latest research from IDC is anything to go by. The latest report on storage from the analyst house predicts that SMBs will take an increasing share of spending on advanced storage systems as their own needs become more sophisticated, and vendors focus on SMBs’ “often conflicting” demand for performance, ease of use and affordability. Medium sized companies will increase their use of storage area networks in the next year, IDC said. Smaller businesses are getting hot and bothered about expanding their total capacity, while disaster recovery is what keeps medium sized firms up at night, IDC reckons. ®
Team Register, 30 Mar 2006
Nintendo Revolution

Nintendo Revolution chip specs leak

Nintendo's Revolution console will be powered by a 729MHz processor - 50 per cent more clock cycles than its predecessor in the GameCube - and a graphics chip set to run at 243MHz, it has been claimed.
Tony Smith, 30 Mar 2006
graph up

MS, EC trade slaps on way into anti-trust hearing

Microsoft and European competition officials were less than civil to each other on the way into a two day anti-trust hearing in Brussels today. At the same time, Microsoft released a statement on behalf of six of its partners who believe it is, indeed, a paragon of openness and cooperation in precisely those areas where the commission is tackling the vendor. The EC found the vendor guilty of anti-competitive behaviour back in 2004, and said it had to open up access to its server products or face swingeing daily fines. On the way into the hearing today, according to reports, Microsoft’s top legal eagle Brad Smith claimed it had gone beyond complying with the 2004 decision, saying the “facts are clear” and, to no-one’s surprise, “daily fines are not the solution”. In response, reports AFP, a commission spokesman said it had little choice but to use the threat of fines to force the software giant into line. The facts Microsoft are deploying include statements from the likes of EMC, and Network Appliance which accuse Microsoft of “working cooperatively” and improving its documentation. Surely only the most naïve would suggest that it is this very threat of fines that has focused Microsoft on constantly improving its documentation and cooperation for ISVs wanting to work out how its server products work. ®
Joe Fay, 30 Mar 2006

UK.gov html all over the place

Sixty per cent of UK government websites contain html errors, while 61 per cent do not comply with World Wide Web Consortium guidelines aimed at making sites accessible to disabled people, the BBC reports. That's according to a probe by Southampton University's Adam Field, who said of the W3C issue: "There is a big push within government to improve web accessibility. Although 61 per cent of sites do not comply with the Web Content Accessibility Guide, the 39 per cent which do is encouraging." Field admitted that while the accessibility issues were "difficult to sort out", he expressed his dismay at the html figures with: "It is a very unfortunate statistic. It should be better. It is not something that is difficult to improve upon." A Cabinet Office spokesman drew the Beeb's attention to "excellent examples of eAccessibility in the public sector" - including the "flagship" Directgov website. He said: "The Cabinet Office has been active in promoting better accessibility of government websites. "It has published detailed guidelines for UK government departments and it has raised the visibility of the issue across the EU by sponsoring a detailed study on eAccessibility of EU government websites carried out by RNIB and others. "One difficulty is that many authoring tools do not generate compliant HTML and make it difficult to edit the coding. This is an issue that the IT industry must address and we are working with them on that." ® Bootnote Thanks to reader Richard Williams, who rather agreeably sent a Firefox HTML Validation Result for the BBC story on the UK.gov outrage (http://news.bbc.co.uk/1/hi/technology/4853000.stm). It begins: line 39 column 1 - Warning:
isn't allowed in elements line 44 column 2 - Warning: missing before line 47 column 2 - Warning: inserting implicit
line 62 column 10 - Warning: is not approved by W3C line 72 column 2 - Error: discarding unexpected line 82 column 443 - Warning: '<' + '/' + letter not allowed here line 82 column 592 - Warning: '<' + '/' + letter not allowed here line 82 column 599 - Warning: '<' + '/' + letter not allowed here line 44 column 2 - Warning: