25th > October > 2006 Archive

cloud

SaaS goes customisable

The (generally speaking uncustomisable) user interface of online business services is the last significant stumbling block they have had to face. This has meant that users of services such as those from Software as a Service (SaaS) vendor NetSuite have had to use the UI that comes with the service, even if it didn't really fit their business processes.
Martin Banks, 25 Oct 2006
Seagate logo

Seagate slams profit-ignorant rivals

Seagate gave itself a pat on the back today in its September quarter report for holding the revenue line against hard drive competitors "who seem intent on trying to capture market share without regard to profitability". Fighting fire with fire , Seagate is determined to retain market share, and that will mean more price cuts.
Drew Cullen, 25 Oct 2006

AMD and ATI fuse

AMD has completed its purchase of ATI. It spent $4.3bn in cash and 58m AMD shares on the graphics chip company, taking on $2.5bn in debt to help pay for it all. Farewell, the ATI, retained only as a product brand.
Tony Smith, 25 Oct 2006
globalisation

Pointing fingers at corporate security

Fingerprinting firm DigitalPersona has launched a new version of its fingerprint authentication system, Digitalpersona Pro 4.0, which it says is faster and more reliable than its predecessor. Designed for use in a corporate environment, version 4.0 is more accurate, the company says, supports individual sign-on, is highly scalable, and is interoperable with all varieties of fingerprint sensors - optical and silicon. Those with responsibility for such things can read up on the technology here. Company co-founder and CTO Vance Bjorn is keen to stress that he is not pushing fingerprinting as a one-stop solution for security. He is all too aware of the limitations of the technology and of the criticisms levelled against it, but, he argues, it has its place. "The trouble with most other forms of security, passwords, etc is that they depend on the user keeping a secret to be secure. Fingerprinting solves that particular problem." It is also a fast and relatively simple way to manage access, and keep an audit trail - vital for compliance with many business regulations, he says. DigitalPersona's system doesn't store a fingerprint image anywhere. Instead, the initial scan takes the relevent data points, shoves them through an algorithm and ditches the original data. This, Bjorn says, is a major difference between DP's system, and the more big-brother style government deployments. "Those are meant to keep the bad guys out. Our system is supposed to let the good guys in. It is a totally different proposition," he told us. The applications are wide ranging: it can be deployed to secure door opening, system access, or clocking on. Concerned parents will also be able to secure the parental controls on Microsoft's long awaited Vista using fingerprint authentication from DigitalPersona. Marketing VP George Skaff lists clients as diverse as Pizza Hutt, Banco Azteca, and Charles Schwab. You can probably guess which client matches which kind of deployment. ®
Lucy Sherriff, 25 Oct 2006
arrow pointing up

3G routers the ticket to the mobile office

Quocirca's changing channelsQuocirca's changing channels Despite all the fuss a few years ago when 3G networks first became available, the take up of 3G services across Europe has been slow, the UK and Italy being the most advanced. Two of the main reasons for this were a lack of coverage (in the early days) and lack of need. The extra bandwidth and speed offered by 3G networks was not compelling for most businesses given the extra cost of the connection and the handset to access it. Basically, while there has been strong growth in the use of mobile data services, in particular email, 3G was not needed to achieve this. 2.5G/GPRS was sufficient for most requirements and far more widely available. But handsets are one thing; a truly mobile office is another. And this is where 3G might start to come into its own. There are all sorts of situations where a high speed mobile connection to serve multiple users in an office environment would be a boon. Think of tradeshow stands, construction sites, crime incident scenes etc; or new premises, where getting an ADSL or cable broadband connection in place is just taking too long. This is the domain of an emerging group of products – 3G routers. Simply put, they accept an incoming 3G connection from the outside world to serve a number of Ethernet ports or local wireless access at a remote or temporary location. The power of such a service is going to be limited - it will only be practical for a small number of users on a single connection and they are not going to be running VoIP or doing high speed video downloads – but with subscription costs at around £30 to £40 per month for rapidly putting in place shared data access, a 3G router is just the ticket. There are several products on the market from vendors like LinkSys and DLink that do the job. Generally speaking they have support for HSDPA cards, allowing the purchaser to select the 3G vendor with the best price and service in a particular location. And this week the channel friendly SonicWALL is due to launch a new product, the TZ190, which will be one of the most advanced 3G routers yet. The TZ190 is more than just a router, it includes the security capabilities of SonicWALL's existing TZ range to make it a fully functional unified threat management (UTM) device. This includes deep packet inspection as standard and at an optional extra cost, intrusion protection, anti-spyware and gateway anti-virus. These options are pre-installed, but an additional fee is required to turn them on. In addition, the TZ190 can run off a 12 volt power supply such as a battery or a cigarette lighter socket, underlining its suitability for use in remote and temporary locations. So, if in the past you have considered how 3G might be relevant to your customers and failed to find a reason, maybe its day has now arrived and there is finally an opportunity for resellers to make some money out of it. Copyright © 2006, Bob Tarzey is a service director at Quocirca focused on the route to market for IT products and services in Europe. Quocirca (www.quocirca.com) is a UK based perceptional research and analysis firm with expertise in the European and global IT markets.
Bob Tarzey, 25 Oct 2006
For Sale sign detail

Amazon profits dip

Bookseller Amazon.com saw profits fall in the third quarter despite increasing sales. The company made sales of $2.31bn in the third quarter ended 30 September 2006 - up 24 per cent on the same period last year. But net income was down to $19m compared with $30m in the third quarter of 2005. US sales were up 21 per cent to $1.26bn with China, France, Germany, Japan and the UK bringing in $1.05bn - up 29 per cent on the same period last year. Worldwide sales of electronic and general goods rose 43 per cent to $699m or 30 per cent of worldwide net sales. Amazon Prime, the company's loyalty scheme which gets you free shipping in exchange for a fixed annual fee, also showed good sequential growth. The company made strong predictions for the crucial Christmas season - it expects net sales between $3.625bn and $3.950bn and to bring in operating income of between $145m and $235m. More from Amazon here. ®
John Oates, 25 Oct 2006

Financial regulators draft proposals on outsourcing

There is growing concern among some commentators at the impending growth of regulatory scrutiny of outsourcing in the securities industry in the USA and Europe through introduction of additional regulation governing outsourcing. It is important to put these impending regulatory changes in context. MiFID requires investment firms to ensure they take reasonable steps to avoid undue additional operational risk when relying on third parties for the performance of operational functions. This is targeted, specifically, at functions that are critical for the provision of continuous and satisfactory service to clients and for the performance of investment activities on a continuous and satisfactory basis. Equally, a firm may not outsource important operational functions in a way that materially impairs the quality of its internal control and the ability of supervisors to monitor the outsourcing firm's compliance with all obligations. Strict and rigorous conditions are imposed on investment firms that wish to outsource "critical" and "important" functions. Most importantly, outsourcing of investment services and activities should be considered as capable of constituting a material change of the conditions for authorisation of an investment firm and, in consequence, have to be notified to the relevant financial regulator. The UK Financial Services Regulator, the FSA, is the first of the EU national financial regulators to articulate its concerns and outline how its proposes to address the requirements of MiFID. "Operational risks posed by outsourcing could present a significant threat to the statutory objective of securing the appropriate degree of protection for customers, maintaining confidence in the financial system and reducing financial crime." This is essentially in line with its statutory duties under the Financial Services and Markets Act 2000. Financial institutions must monitor and effectively manage and supervise the competence and performance of the outsourced service providers. At the same time there will be "a differential approach" to what are termed critical and important functions and non-critical functions. The NYSE drafted its proposal on outsourcing, "Due Diligence and Conditions Required in the Use of Service Providers", after concluding that broker-dealers were not adequately supervising the work they outsourced. The regulatory arm of NYSE Group said that "in many instances written procedures, business continuity plans and formal due diligence were lacking". The NYSE proposal also covers issues beyond compliance-functions having to do with "core processes". Customer orders or accounts handling, as well as clearing and settlement of transactions, would come under additional scrutiny. Written notification to the exchange will be required when one of these functions is outsourced, although service providers that are broker-dealers or clearing firms are exempt from this requirement. When work is sent offshore, exchange members would have to assess the laws and business procedures of the respective countries and how they affect the provider's performance. Firms must supervise ongoing outsourced work. If problems arise, a firm would have two months to either increase supervision of the activity or bring the work inhouse. Other US regulators have issued statements about outsourcing. The SEC has stated that firms cannot outsource key compliance obligations, while the US NASD (National Association of Securities Dealers) has advised member firms to not outsource compliance, except in cases where the outsourcing vendor is registered-such as an execution provider or custodian. Interestingly, neither the SEC nor NASD guidelines have any enforcement provisions, while the NYSE proposal will give the exchange the authority to require a member firm to correct any flaws and take action against deficiencies. To bring some consistency to the regulatory regimes in the USA, the SEC and NASD should review their enforcement options. In both the European and USA (NYSE) regulatory jurisdictions, these changes essentially subject to regulation the processes and procedures which firms should be applying as a matter good operational practice, if not under their corporate governance responsibilities. Where internal policies and procedure fall short of regulatory requirements, the shortfall in oversight and monitoring of outsourcing standards and conditions can probably be addressed by formalising processes and procedures, which occur informally, and designating specific internal corporate responsibilities as well as more rigorous and continuous monitoring of performance. Perhaps the real crunch comes for firms that have outsourced services to geographic areas where it is very difficult for either the outsourcer or the regulator to evidence adherence to outsourcing conditions and standards. In such circumstances, unless the outsourced activities can be transferred to another operating environment - internal or external - the pragmatic approach would be to insource the activity by acquisition of the resource which provides the service from the outsourcer. In other words, those resources would become employees of the firm. Copyright © 2006, IT-Analysis.com
Bob McDowall, 25 Oct 2006

QinetiQ pulls in ex-CIA boss

QinetiQ has burnished its intelligence credentials, boosting its board with the man who told Bush “yes, there are weapons of mass destruction in Iraq”. The one time MoD research arm, which controversially floated earlier this year, has recruited former CIA director George Tenet as a non-executive director. QinetiQ’s chairman Sir John Chisholm, said in a statement that Tenet’s “extraordinary track record and experience in the fields of intelligence and security are particularly relevant as we continue to focus on the US defence and security market.” Tenet’s canned quote tells us he is “especially interested in the capacity of the company’s technologies to meet a number of the challenges faced by our nations’ military and intelligence personnel.” We’re sure you’ll agree the placement of the apostrophe there is a nice, transatlantic touch. Tenet, QinetiQ tells us, was “one of the longest serving directors” in the CIA’s history, being in place from 1997 to 2004. And what a term – the African embassy bombings, the hunt for bin Laden, the USS Cole attack in Yemen, the hunt for bin Laden , the 911 attacks, the hunt for WMD in Iraq, which was of course even more successful than the hunt for bin Laden. In fairness though, Tenet’s major client for much of that time was the Bush White House, whose interpretation of “intelligence” is quite different to most of the rest of us.®
Joe Fay, 25 Oct 2006
For Sale sign detail

iSoft hit with another investigation

iSoft's ex-auditor RSM Robson Rhodes is facing a probe from the Accountancy Investigation and Discipline Board (AIDB). iSoft is already being investigated by the Financial Services Authority.
John Oates, 25 Oct 2006

Mac OS X 10.4.8 runs on any PC...

Mac OS X 10.4.8 will now run on any generic x86-based PC. Well, almost. Kernel coder Semthex has posted what he claims is an entirely legal release of the Mac operating system's foundation layer. The only snag: you can't boot into the familiar GUI.
Tony Smith, 25 Oct 2006
channel

SEC, Nasdaq gently coshing NEC

The SEC has moved up the pressure on NEC a notch, sending the Japanese firm an "informal inquiry letter". The letter asks NEC to disclose certain documents to the US markets regulator, the firm said yesterday, adding it would cooperate fully with the SEC inquiry. NEC has had a tricky few weeks in the US. Last month it received a delisting notice from NASDAQ after it failed to file its annual report in time, apparently to review its accounting practices. Its main problem, was how to recognise "revenue from maintenance and support services provided as part of multiple element arrangements with respect to IT solutions". It's not immediately clear if this difficulty is the reason why it announced yesterday that it would begin preparing its accounts in line with Japanese accounting principals as of the first half of the fiscal year ending March 31, 2007, i.e., the six months ending September 30. In the meantime, the preparation of US GAAP results "may take considerable time". It is also not clear what bearing this will have on its ongoing issues with NASDAQ. ®
Joe Fay, 25 Oct 2006
fingers pointing at man

Vista vouchers for Christmas PC buyers

Microsoft today announced the voucher scheme which will let punters upgrade some computers bought this Christmas when Vista and Office 2007 are released early next year. Express Vista Upgrade will offer vouchers for free or discounted copies of the Vista operating system and Office 2007 - the bundle of applications. Sales to consumers in the run-up to Christmas have long been a bedrock of the computer industry so Vista missing the deadline was expected to hit sales. Retailers were worried that people would put off purchases until January or February when prices are traditionally lower. From 26 October until March 26 people buying certain computers will get a voucher. Details of exactly what you get will vary according to manufacturer and retailer. The ones we spoke to were still working out what they will offer. Whether this is enough to tempt people into early purchases, or whether operating systems have an impact on such purchases, remains to be seen. A blogger from PC World magazine sounds a note of warning: "I enjoy working with PCs, or I wouldn't be here. But even so, I don't feel like dealing with the hassle of an OS upgrade anytime soon. A lot of you were looking forward to buying a new Vista PC. My advice: Be patient, and wait until your Vista operating system comes installed." More here ®
John Oates, 25 Oct 2006

Los Alamos docs turn up in meth lab bust

A search of a suspected meth lab turned up classified documents from Los Alamos National Laboratory, where, among other things, nuclear weapons research is conducted. According to the Associated Press, a researcher at the lab was under investigation for methamphetamine related offences, and the documents were discovered when police executed an arrest warrant against her. Police contacted the FBI, which has said only that the documents in question "appear to contain classified material," the AP reports. Los Alamos has developed a reputation for shoddy security, with a series of high-profile blunders over the past few years. These range from the bizarre case of Wen Ho Lee, who was either perfectly innocent and slightly careless, or a Red Chinese spy. After years of investigation, no one can say. Then there was the case of the missing hard disk drives with sensitive data that the lab reported missing, then claimed had never existed in the first place. The University of California, which guided the institution through these and other snafus, has since lost its contract to manage the labs, which are now in the hands of a private consortium called Los Alamos National Security (LANS) LLC. It had been hoped that private sector management might prove more effective than its academic predecessor, but today's news suggests that more will be needed to bring the labs up to snuff in terms of security. ®
Thomas C Greene, 25 Oct 2006
channel

BT buys Counterpane to bolster security services

BT is to acquire managed security services firm Counterpane Internet Security for an undisclosed sum as part of plans to beef up the security expertise of its global professional services capabilities. Post-acquisition, company founder and well-known security guru Bruce Schneier will continue in his role as CTO, while Paul Stich will remain chief exec of the US-based organisation. Counterpane currently monitors 550 networks worldwide for various multinational and large US enterprise customers. The firm pulls in revenues of around $20m a year. Counterpane competes in offering services that allow enterprises the monitoring of security threats affecting their networks with firms such as Symantec. ®
John Leyden, 25 Oct 2006

AMD: we will not kill ATI brand

So is ATI gone forever, as a brandname at least? Apparently not, AMD Chief Technology Officer Phil Hester revealed today. He also indicated the two companies' fusion may not necessarily mean it's curtains for ATI's Intel-oriented chipsets.
Tony Smith, 25 Oct 2006
channel

Verisign backs Vista security green streak

The Mozilla Foundation risks losing the browser battle if it fails to keep up with Microsoft by incorporating new security technology into Firefox, a Verisign exec has claimed. According to Verisign product marketing director Tim Callan, the "loose collection of technoanarchists" which make up the open source development community has frustrated efforts to build new security features into its new browser. Verisign is at the RSA Europe Conference in Nice talking up a new breed of online security certificate. The padlock encryption symbol used by browsers has been effectively meaningless for some time, and consumer paranoia surrounding fraud remains a barrier to using online commerce for many. In response, the verification industry in the form of the CA browser forum has come up with extended validation SSL, where the certificate really is a guarantee of kosher status. Honest. Murphy's law says extended validation will be broken by the bad guys sooner or later. Callan said the industry had learned from the fossilised nature of SSL, and the new standard will be continually updated to keep pace with organised crime. "That's how it goes...I'm not going to lie and say we can beat them with a static defence," he said. The system is implemented in IE7 by turning the address green for sites holding a extended validation certificate. Redmond is keeping the feature under wraps until the release of Vista in January, when the first wave of extended validation certificates will be issued to the likes of PayPal and Amazon. Along with many others, Verisign are working towards a January 24 release date which was briefly bean-spilled by Amazon on Vista pre-orders. Callan puts Mozilla's apparent heel-dragging on the new security technology down to the character of its development community. Several community members have been involved in the development process however and are "acutely aware of the most minor details" of the project. One snarl-up for Mozilla may have been working out an alternative to the rest of Microsoft's site-rating system. As well as getting dishing out green address bars, servers at Redmond will blacklist dodgy and suspect sites, which can look forward to red and amber flashing up. A Firefox implementation of extended validation can only be a matter of time, since the Mozilla Foundation knows in order to compete it cannot afford for its browser to be just as good as IE7; it has to be better. Verisign say 99 per cent of sites will be get the "ok" and the address bar left white. Only outfits which fork out for an extended validation SSL will get the psychological filip of "green for go". Firms will have to stump up about 150 per cent of what they currently do for an SSL certificate. Microsoft-beating security meant the first Firefox browser found its way onto millions of desktops. When Vista finally ships, a big Microsoft public awareness campaign will be aimed at making extended validation a de facto standard, which will pile pressure on Mozilla to update Firefox sharpish. ®
Christopher Williams, 25 Oct 2006

Hitachi rolls out 3.5in HDDs

Hitachi's Global Storage Technologies division has finally begun shipping its latest 3.5in hard drives, some six months after the Deskstar and CinemaStar models were originally anounced.
Hard Reg, 25 Oct 2006

Sony slams Lik-Sang 'sour grapes'

Sony Computer Entertainment Europe has failed to deny claims that senior employees used Hong Kong-based online games hardware retailer Lik-Sang.com to buy PSPs more than nine months before the device finally shipped over here.
Tony Smith, 25 Oct 2006

SavaJe falls quiet

SavaJe, pioneer of the concept of a Java-based mobile phone, appears to have gone into hibernation, leaving a few million lines of code and a bunch of arguing venture capitalists. UK staff have been sent home and told to keep their laptops in lieu of pay owed, at least until the dust settles, sources say. The SavaJe concept was to sink Java down into the OS, moving telephony applications such as messaging and call management into the Java Virtual Machine to provide a more stable and flexible interface, with exposed Java APIs for enhanced capabilities. This approach has been tried before with set-top boxes (Swisscom Blue Horizon) and desktop computers (Sun JavaOS) based entirely on Java, though generally these have resulted in expensive and embarrassing failure. Java is a great language, but it seems that trying to base an entire operating system on it might be a step too far. Not that SavaJe didn't achieve considerable success: it produced a working prototype for developers, the Jasper, and even managed a customer or two, but it was too little too late for the company which raised $71m over the years and burnt through it all. The question now is whether anything can be salvaged from the wreckage. If staff aren't paid off properly the company risks litigation, which will make it impossible to sell any IPR, but to pay them off the venture capitalists will need to come to an agreement for a little bit more cash to ensure a quick and painless death. Meanwhile, other mobile platform companies have been quick to contact the engineers and developers who, won't be hanging around to see what happens to the carcass of SavaJe. The company's UK offices are deserted, though people have been seen there in the last few days, and messages left with head office in the US have not been replied to. The mobile phone business is extremely competitive, at every level, and a new entrant needs much more than just good technology to succeed. A great deal of money, some very patient backers, and quite a bit of luck all need to come together in just they way they didn't at SavaJe. ®
Bill Ray, 25 Oct 2006
Nokia_N73_sm
9

Nokia N73 3G smart phone

ReviewReview Nokia is sponsoring X-Factor TV talent show this year, to promote its N series phones in general and the N73 in particular. Nokia's would-be star certainly has the looks to get it in the studio, but can it take it on the chin from the judges or will it be let down by a fickle public who got bored of waiting for it to respond to input..?
Bill Ray, 25 Oct 2006

Belkin gears up to ship Wi-Fi Skype phone in UK

Belkin will ship its Skype-friendly Wi-Fi VoIP phone this coming Monday, the accessory specialist's UK operation said today. The 802.11b/g device also supports Wi-Fi's various security schemes for secure calling, while its Skype support extends to the full range of telephony services offered by the VoIP company. The handset will retail for £100. ®
Register Hardware, 25 Oct 2006

US, EU sketch plans for global immigration database

ExclusiveExclusive The US is to corral "like-minded" nations behind a global immigration database after proving with a trial link to British computers that such an ambitious, global plan is technically feasible. Allies of the US have joined it in talks to formulate an international policy framework that would allow the sharing of immigration databases, effectively creating a global border control. Their aim is to stop criminals and other undesirable migrants at a vast, biometric border that is likely to include, at the very least, the EU countries, Australia, and Canada. Troy Potter, biometrics programme manager for the US Department of Homeland Security's biometric border control programme, told The Register only those countries "of like mind" would be allowed to join the scheme: "People with similar goals, aspirations, laws and ability to implement such a scheme. "It's about keeping out folks from countries, to have more of a global border per se," he said. "Shouldn't like-minded countries be told when someone's been kept out of the US? That's a necessary next step [because] immigration has become a worldwide issue." Frank Paul, head of large scale IT systems at the European Commission, hinted to an audience at the Biometrics 2006 conference last week about EU support for such a scheme. "We trust everyone enrolled in the US and they trust everyone in the EU system. Then I don't see why the systems shouldn't be linked in the future," he said. Terrorists would be the prime target of the system. Terrorism had been the reason the US government gave for setting up US-VISIT, the immigration database for which Potter is biometric manager. The US database had yet to snare a terrorist, and the Department of Homeland Security has since been advertising it as a means of keeping foreign murderers out of the country. An international agreement for sharing immigration data would also target criminals and "habitual immigration violators", Potter said. "If there's a murderer in another country we would rather not have that murderer in the US, especially if they are on the run," he said. But he stressed the system would not finger normal people, or "Joe Public". People's privacy would have to be respected, he said. "We would violate the privacy laws of individual countries if we shared data as we wanted to," said Potter, but added: "The last thing we want is for someone who has changed their ways and then we keep harassing them." It could take years for the US and its allies to form an agreement that deals with all the emerging privacy and legal concerns about sharing immigration data. Other developments at the Department for Homeland Security could complicate matters further. It is developing a permanent link between immigration and criminal databases, while US law enforcers also want links to civil databases so they can get a full biographical history of people who catch their interest. "There are fine lines and that's where these agreements are not going to be easy. But this is not routine data sharing on everyone. This is not big brother," said Potter. Similar concerns have slowed the progress of the European Visa Immigration System (VIS). A continent-wide version of the US plan, legislation to allow the VIS is stuck between the European Parliament and member states in the Council of Ministers. The concern is that European efforts to share information for immigration are being subsumed into a broader security effort that has no legal obligation to Europe's proud data protection authorities. This has created tension between member states and the European Parliament over other controversial data sharing arrangements - the US trawling of passenger name records and secret snooping on banking data handled by SWIFT being two recent examples. In neither case is the EU's authority to impose data protection laws that would protect citizens from being caught up in the zealous hunt for terrorists being conducted by the security agencies. The European VIS is being built by European Commission civil servants anyway, and will be completed in 2007. There will simply not be any legal basis for the system to be switched on. The US faces the same problem, said Potter: "The policy and legal framework is not in place to do routine data sharing between countries. but that's something we were discussing." The UK's Home Office and US Department of Homeland Security have already trialled a link between their immigration databases, which Potter said was successful. "It was a technical trial. It showed we could share data between countries if agreements were there so we could do it," he said. "Our biometrics were compatible...when the legal and policy framework catches up, we can do it." ®
Mark Ballard, 25 Oct 2006

PowerColor brings ATI X1950 Pro to AGP users

Tul's PowerColor operation has launched a version if its Radeon X1950 Pro graphics card for punters who've resisted the urge to go with PCI Express and are sticking to AGP 8x.
Tony Smith, 25 Oct 2006
arrow pointing up

ID theft scam hunt goes global

UK police are working with Interpol in a bid to track down the perpetrators of a malware-powered ID theft scam that has claimed thousands of victims worldwide. As previously reported, a computer seized in the US contained personal data - including names, addresses, credit card information, and transaction records - from around 2,300 UK punters. Closer examination has revealed the details of at least 8,500 people in 60 countries were obtained through the scam. The data was swiped using key-logging Trojan software, now identified as a variant of Haxdoor, according to the Metropolitan Police's Computer Crime Unit, which is investigating the case. Police are not explaining how the US computer came to be seized in the interests of protecting what's described as an ongoing investigation. Haxdoor sends login details and other sensitive personal information to systems controlled by hackers. Variants of the Trojan used in the attack use a screen capture function in order to capture sensitive information. It's thought that many of the affected PCs became infected after victims of the attack (who'd failed to take adequate security precautions) were duped into following links in instant messenger conversations or spam emails that led to hacker-controlled websites hosting malware. Login credentials associated with 600 financial companies and banks have been found on the US machine that's at the centre of the investigation, IDG reports. Analysis work is continuing on the data, contained in 130,000 files, forwarded by authorities to UK investigators. The data contains information including login details for ecommerce sites such as eBay, Amazon, and ISPs including BT and Pipex. It's unclear how much, if indeed any, money has been stolen from online accounts as a result of the scam. UK police began by contacting suspected victims directly by email. They have gone on to get in touch with banks to alert them that particular account numbers have been compromised, so financial institutions have the information they need to contact customers directly. Meanwhile, the Metropolitan Police's Computer Crime Unit is working with Interpol to trace the hackers behind the scam. ®
John Leyden, 25 Oct 2006

3 gobbles over 90 shops from O2 via The Link

Since O2 bought The Link in June this year, there have been some places in the UK where an O2 shop and a branch of The Link were uncomfortably close. But this has now been resolved with 73 The Link branches and 22 O2 stores being transferred to network operator 3 for conversion into 3 stores. The financial details of the agreement have not been revealed. Staff at The Link branches will also make the transition to 3, while those currently with O2 will be moved to the nearby O2 store. This takes 3's retail base to over 280 shops around the country, including 133 concession stands in Superdrug and Selfridges. Selling though your own shops is very advantageous: walking customers through how to access premium services, and showing them what their handset can do increases loyalty and (more importantly) revenue per customer. Third party retailers have little incentive to spend that time with the customer, as they don't experience the long-term gains. Not too long ago 3 was considered a joke by most in the UK mobile industry. The vast majority of its calls were routed over someone else's network and its premise of premier goals and video calling was widely ridiculed. However, 3 has gone a long way to build out infrastructure and gained significant customer share. The cost of getting and keeping those customers is still too high, but 3 is starting to look less like a mad plan and more like a telecommunications company, just when all the telecommunications companies are trying to look more like media companies. ®
Bill Ray, 25 Oct 2006

Korean sought mammoth meat from Russian mafia

Disgraced South Korean scientist Hwang Woo-Suk told a court in Seoul that his attempt to clone extinct mammoths was based on material he bought from the Russian Mafia. Woo-Suk is on trial for allegedly faking results of his stem cell research and related misappropriation of public funds and private donations. He admitted yesterday that some money was given to the Russian Mafia in exchange for supposed mammoth remains. Woo-Suk tried three times to clone the hairy elephants and also tried cloning tigers. He gave the court no details except that: "Some of the money was spent in contacting the Russia Mafia as we tried to clone mammoths," according to Reuters. Explaining the difficulties of Korean expense claims, he said: "But you can't say that [on the expense claim] so we expensed it as money for cows for experiment." Mammoth remains have been found in Siberia and it has been suggested that some of them might yield enough genetic material to recreate them. ®
John Oates, 25 Oct 2006

Hot tip: ARSS up due to drilling program

Those readers who missed the chance to get their hands on some ARSS before it exploded have been given a second chance to buy at rock-bottom prices. And make no mistake, ARSS is definitely on the up-and-up. The reason? Well... Yup, a hot tip, and no messing. Thanks to Rosabel Walden for keeping an eye on ARSS. ®
Lester Haines, 25 Oct 2006

Passport police wipe smiles off applicants' faces

A nine-year-old girl had her half term holiday cancelled because her teeth were showing in her passport photograph, reported The Sun newspaper. Alys Edwards paid a last minute visit to the passport office to renew her passport with her parents in Peterborough, but was told that a photograph with teeth would overload the machine that read it. Digital photographs have been stuck on the first generation biometric passports so computers can compare them to databases of people wanted by the police. But the systems have not been programmed to understand that little girls are more likely to smile in photographs than plant bombs on aeroplanes. The Identity and Passport Service (IPS) also shredded the travel plans of their sometime nemesis - Simon Davies of campaign group Privacy International. Davies has been fighting for people's privacy against state schemes like Identity Cards and biometric passports for some 20 years. Last year, he was labelled privacy enemy #1, and claimed the government was trying to sully his name after being identified as one of many contributors to an academic report that was critical of the ID Card scheme. On Monday he, like the Edwards', was told he couldn't renew his passport - this time it was a London office and this time it was because an inch of laminate covering the data page of his passport had come free. As a consequence, instead of renewing, he would have to apply for a new passport, the IPS staff said. IPS staff didn't bat an eyelid after being shown newspaper clippings with his photo and other proof of his identity. Moments earlier Davies had been the centre of a disturbance that had three security guards run to his attention. A wasp had taken to the air round his head while he was standing at the counter. The staff scattered, while the guards tried to swipe the wasp. Davies told The Register he had been suspected of bringing the wasp into the office. His plans to speak at a UN conference on internet governance next Monday have also been cancelled. ®
Team Register, 25 Oct 2006
server room

People - not products - are most important to security

People and processes are more important than security products in securing enterprise systems, according to a global survey of IT security pros published on Wednesday. The third annual Global Information Security Workforce Study, sponsored by security certification organisation (ISC)2 and carried out by IDC, saw punters listing the most important factors in security systems as (in order of importance): management support of security policies; users following security policy; qualified security staff; software solutions and hardware solutions. Processes and people are more important in keeping hackers at bay than security products, the survey found. Security pros said more organisation are beginning to realise that technology is an enabler - rather than the be all and end all - in addressing information security concerns. The study also found that more than 40 percent of information security budgets is spent on personnel, education and training, up around 5 per cent on previous years. Information security risk management is seen as a particular training priority. "Security breaches that have made headlines during the past year have been a result of human error, and this year’s Global Information Security Workforce Study further validates the conventional wisdom long-held by information security professionals that people are the critical component of an effective information security program," said Ed Zeitler, executive director of (ISC)2. IDC analysed responses from 4,016 information security professionals in 100 countries worldwide. The web-based study is described as the most comprehensive study of the global information security profession ever undertaken. IDC reckons the global information security workforce numbers 1.5m, an 8.1 percent increase over 2005. This figure is expected to increase to just over 2m by 2010, representing a rate of increase of 7.8 per cent around a year. This is higher than the 4.6 per cent estimated growth rate for the IT industry as a whole. Show us the money Information security pros in the UK are better rewarded than their European counterparts but they still earn less than US-based specialists. Average salaries globally are $81,000 (€64,031) compared to $70,169 (€55,617) in EMEA as a whole, $96,850 (€76,890) in the UK, $52,300 (€41,533) in France and $62,000 (€49,221) in Germany. Continuing a trend identified in last year’s study, responsibility for securing information assets is shifting from the chief information officer (CIO) into other areas of senior management and business, including the chief executive officer, chief financial officer, chief risk officer, as well as legal and compliance departments. Common security technologies being rolled out by organisations across all regions include biometrics, wireless security, intrusion prevention and forensics tools. Biometrics ranked in either first or second spot across all regions. ®
John Leyden, 25 Oct 2006
channel

Fedora stops the download madness

You want to play with Fedora Core 6, Red Hat's newest distro for enthusiasts? Unless you were an early, early bird, who downloaded the software in the first hours of its release yesterday, it looks like you will have to wait a little longer. For the Fedora site has taken an entirely predictable pounding - according to CNET there were 10,000 downloads in the first five hours. This is the problem with enthusiasts - they are so damned enthusiastic. But 2,000 downloads an hour? This is big, but not that big. Perhaps Red Hat could give the Fedora Project a beefy Unix box, or two. For a while today, it was difficult to reach Fedora's front page. At time of writing, we can access this easily enough. Downloads are another matter: attempts are met with the following holding message. We are working hard to bring fedora.redhat.com back up to its fully operational state. Until then, please visit our BitTorrent tracker or list of mirrors if you are trying to download Fedora Core 6. This way for FC6 download links. ®
Drew Cullen, 25 Oct 2006
arrow pointing up

Six months in, Sun's CEO faces Wall Street's yo-yo test

Sun Microsystems could do something tomorrow that it hasn't done in years and years: please investors. Those watching the deflated Sun know the earnings drill. Sun's shares start their march from around $4 a share to just over $5 a share as the company approaches its quarterly earnings announcements. Time and again, gullible investors buy into the idea that Sun will do better than the naysayers predict, and they inflate the stock accordingly. Time and again, Sun disappoints these investors, and the company's shares make their way back down to $4 shortly after Sun's earnings statement hits the newswires. Here we are again. Sun's stock is trading at more than $5.20 per share and has been above $5 for most of the past two months. Unlike past quarters, Sun actually has some positive market share gains to lean on, as it nears the Thursday first quarter '07 dish. Sun has wrestled away Unix server revenue from IBM, and has seen its x86 server line grow at a very healthy clip. The improving product sales and a hefty sales backlog have the likes of Sanford Bernstein's Toni Sacconaghi - a long-term Sun pessimist - singing the company's short-term praises. "We expect Sun to deliver upside to consensus revenue expectations and in line earnings per share," the analyst wrote in a recent research note. "We forecast first quarter revenues of $3.3bn versus consensus at $3.2bn. "We note that Sun exited Q4 with its largest backlog since Q3 of 2001 and that our channel checks indicate solid demand within the channel, although below last quarter's robust level." The optimistic camp must enjoy hearing Sacconaghi talk in such loving terms. But they should not get too excited just yet. The analyst has a humble $4 price target for Sun and "believes that a solid quarter is largely priced into the stock." Sun's management doesn't have the highest regard for Sacconaghi, particularly because the analyst often calls for heavy layoffs. Sacconaghi, however, has proven himself to be one of the most accurate and perceptive analysts watching the hardware market. "We have had some pretty dramatic growth over the past year," bragged Sun CEO Jonathan Schwartz, speaking today at the Oracle OpenWorld conference. Later, he added, that Sun is "seeing a very large scale global build out." Such talk backs up the optimism camp and Sun's own chatter about why Schwartz was handed the CEO role 184 days ago. Chairman Scott McNealy reckoned that Sun was poised for growth once again, and that a new fella might as well be attached to the company's gains. Of course, it's hard to get too excited about Sun's near-term performance given that it remains unprofitable. Yes, the company pulls in lots of cash, but investors have trouble responding to negative earnings per share. Schwartz will face his biggest Wall Street test to date on Thursday. He'll be hoping that Sun can reverse its $4/$5 share price yo-yo. The CEO's 180-day report card largely hinges on this first quarter performance. And no one knows this better than Sun's long-term investors. ®
Ashlee Vance, 25 Oct 2006
channel

Canada's privacy chief hails Microsoft's Seven Laws of Identity

The Information and Privacy Commissioner of Ontario has published a plan for automated internet privacy that is backed by Microsoft. Dr Ann Cavoukian has called for programmers to embed privacy capabilities in software. A Microsoft-led project to create an "identity layer" for the internet created Seven Laws of Identity, which Cavoukian has used as the basis for a paper calling for the laws to be embedded in software. The aim of the project is to help computer users to manage their own identity online. "Just as the internet saw explosive growth as it sprang from the connection of different proprietary networks, an 'identity big bang' is expected to happen once an open, non-proprietary and universal method to connect identity systems and ensure user privacy is developed in accordance with privacy principles," said Cavoukian. "Microsoft started a global privacy momentum. Already, there is a long and growing list of companies and individuals who now endorse the Seven Laws of Identity and are working towards developing identity systems that conform to them," she said. Cavoukian argues that the latest generation of internet services, commonly called Web 2.0 and depending in many cases on personalisation, will create a demand for more information about users' identities. Users will need to know whether they can trust a site before handing over information, and the Seven Laws are designed to help users make that decision, said Cavoukian's office. Microsoft has published its own guidelines on embedding privacy into software. "Privacy concerns are easy to understand in principle, but challenging to address in practice, particularly in the development of software," said Peter Cullen, chief privacy strategist at Microsoft. "Similar guidelines have helped Microsoft's developers better understand and address privacy issues, and we hope that by releasing a public version we can promote an ongoing industry dialogue on protecting privacy through consistent development practices." The proposals for embedded privacy settings is not unlike the Platform for Privacy Preferences (P3P), a World Wide Web Consortium-developed automatic reader and sender of information about a website's privacy policies. It was launched in 2002. Couvoukian said that another aim of the Seven Laws is to help users cut down on the degree to which data is shared and centralised. "In the real world when we present a library card, for example, to check out a book, and present our passport to cross a national border we don’t expect these to be linked together," she said. "Nor is the access card we use to enter our office the same as the transit pass we use to board a bus. In the physical world, different transactions require different identity credentials, but they need not be linked together. It should be no different in the online environment." Copyright © 2006, OUT-LAW.com OUT-LAW.COM is part of international law firm Pinsent Masons. Related links Dr Cavoukian's white paper (24-page / 271KB PDF) Microsoft's paper on The Laws of Identity
OUT-LAW.COM, 25 Oct 2006
cloud

Ellison muscles in on Red Hat support biz

OpenWorldOpenWorld Memo to Red Hat: never buy something Larry Ellison covets 'cos you'll regret it. Five months after Red Hat snatched JBoss from under the Oracle's nose, his company has struck back with a service and support package designed to gut Red Hat like a fish. Dressed in the guise of promoting adoption of Linux in mission-critical environments, Ellison today at Oracle Openworld, announced three-tiered support for Red Hat Enterprise Linux versions 3 and 4 starting at $99 per system per year. It's not necessary for Red Hat customers to be running Oracle products. Barely able to suppress excited giggling, Ellison claimed Oracle would undercut Red Hat by up to 60 per cent. Oracle middleware and application users on Red Hat and switching in the next 90 days get Oracle's support for an additional 50 per cent off. This could hurt Red Hat, a company that looks to support and maintenance for the bulk of its revenues. "We want to make all the Linux better," Ellison said. "The better Linux gets the more successful we will be." He confirmed Oracle would "absolutely" deliver an entire open source stack running from operating system to applications. Asked if the death of Red Hat was part of the plan or an unintended side effect, Ellison said he expects Red Hat will come back with better offerings. "I don't think Red Hat is going to be killed... I'm sure they are going to compete on quality of support. This is capitalism, we are competing. We are trying to offer a better product at a lower price. We expect them to improve their product and price." He added Oracle would consider supporting additional packages. Oracle has created the Unbreakable Linux Network alternative to Red Hat Network, to pump out bug fixes and updates. Oracle will take Red Hat's source code, pull it into Oracle's core control systems, remove trademarks, make fixes, compile code and publish resulting programs and libraries. According to Ellison, Oracle is within its legal rights to take and update RHEL by simply removing trademarks, as Linux is open source. "It's an open source product, this is open source... open source means the code is available to who ever wants it for free." He denied Oracle would fork Linux, as it will return bug fixes to the community and make fixes available to Red Hat. "Each time Red Hat comes out with new code we'll synchronize with that version. We will add our bug fixes to current, future and back releases. Your application will run unchanged. We are going to stay synchronized with the Red Hat version. We are not trying to fragment the Linux market." Oracle's three levels of Linux support are: network, for software updates; basic with 24 hours a day seven days a week support; and premier with week long, 24 hours a day support with back ports and Oracle Lifetime Support. Network starts at $99 per year, basic is $399 for machines with two CPUs and runs to $999 for big systems like a Hewlett Packard Superdome with unlimited CPUs; premier-level support is $1,199 per system with two CPUs and $1,999 for unlimited CPUs. Backing Oracle were Dell, Hewlett Packard, Intel, IBM, AMD and BMC. ®
Gavin Clarke, 25 Oct 2006
chart

Dell steals HP's blade boy Becker

ExclusiveExclusive Dell has poached one of HP's top blade boys in the form of Rick Becker, The Register can confirm. Becker, the VP and GM of blade systems in HP's software group, has gone West, leaving the old Compaq digs in Houston for Dell's Round Rock headquarters. In addition to his role as blade chief, Becker served as HP's CTO of x86 servers and used to be VP of operating system marketing. One man does not a major loss make, although picking up Becker is certainly a coup for Dell. While at Compaq and HP, Becker served in a number of roles talking up server technology. An HP representative confirmed that Becker is no longer with the company "effective immediately," and has gone to Dell. A Dell representative has yet to return calls seeking comment on what Becker's role will be at the company. You can bet though that Becker has been brought on to give Dell's blade server business a boost. The company, like Sun Microsystems, has struggled to make much headway against IBM and HP in the blade realm. Dell is on its second try at cracking the blade market, also like Sun, after giving up on a first set of not too attractive gear. On a personal level, Becker will no doubt benefit by enjoying Dell's stress free blade environment. The company only has one product of note to sell and doesn't really ship much in the way of blade software. It's a lot easier to "build messaging" around this no nonsense lineup than bothering with HP's razzle dazzle. "Rick made significant contributions to HP’s BladeSystem division," HP said. "With the recent launch of the BladeSystem c-Class architecture and our market share gains, he leaves a business that is healthy and pointed in the right direction." HP and Dell have been swapping executives for many years, although HP has enjoyed the upper-hand of late. It captured the biggest name in the Executive Bitch Slap game by nabbing former Dell CIO Randy "I love NCR" Mott. If you know what you'll be doing at Dell, give us a ring, Rick. ®
Ashlee Vance, 25 Oct 2006