6th > November > 2006 Archive

MS and Novell: the end of a good feud

CommentComment And so, last week, “Microsoft Corp. and Novell Inc. ... announced a set of broad business and technical collaboration agreements to build, market and support a series of new solutions to make Novell and Microsoft products work better together. The two companies also announced an agreement to provide each other’s customers with patent coverage for their respective products. These agreements will be in place until at least 2012”. I doubt it's as simple as that.
David Norfolk, 06 Nov 2006
globalisation

VMWare plays Lab Manager

One of the oft-quoted advantages of virtualisation is the re-use of existing server resources, a capability which need not just apply to servers working in a production environment.
Martin Banks, 06 Nov 2006

Wireless USB 'may slow Bluetooth growth'

Growth in Bluetooth has been spectacular, and will continue to expand, says analyst Fiona Thomson at IMS Research - but though its growth is assured, there is a question mark over just how far it can expand. The cloud over its future is Wireless USB. Thomson's report, being sent to Bluetooth Special Interest Group members, assesses the expansion over the last three years as being a tenfold one. It is bound to make for excited conversations around the buffet tables during this week's San Jose, California meeting of the SIG. "In five years time around 100 million each of notebooks, portable digital media players, and games appliances are predicted to have Bluetooth connectivity", Thomson says. "The impact of Bluetooth in some applications in the medium term is still in the balance, as how fast the alternative wireless technology WUSB makes headway in the PC, office equipment and digital camera markets is not yet clear." The SIG is already preparing for the future threat, of course, as reporter Rick Merritt noted in Doctor Dobbs' Journal: "The current Bluetooth Version 2.0 + Enhanced Data Rate hits a data rate of 3 Mbits/second, [but members] gather in San Jose this week to discuss higher-speed versions of the interface." The surprise emergence of WUSB is not necessarily the strangest feature of the report, however. The standard was expected to make waves, being heavily sponsored by Intel. Many Bluetooth SIG members are going to raise their eyebrows at the discovery that their future seems to stand or fall with the mobile phone business. "Two years ago, I'd have said that growth in other areas would accelerate," said one SIG member."Specifically, we were seeing massive growth in factory equipment, where a wireless control unit makes it easier to move equipment around the shop floor." Another area of success for Bluetooth has been in retail, where chip-and-PIN credit-card readers are spreading - but this isn't regarded as a significant enough part of the future growth to feature in the IMS summary of the report. Nonetheless, the report expects Bluetooth expansion into other areas: "What is clear is that the penetration of Bluetooth in cellular handsets has increased enormously over the recent past, boding well for its adoption in other equipments in the future," says the summary. That means that Bluetooth may well have an even more dire effect on WUSB than the other way round. Details and pricing on the report from IMS Research in the UK. Copyright © Newswireless.net
Guy Kewney, 06 Nov 2006
channel

DWP computers 'unreliable'

Staff performance at Department for Work and Pensions' contact centres is being damaged by problems with computer systems, says the Delivering effective services through contact centres report from MPs on the public accounts committee, published last week.
Kablenet, 06 Nov 2006

Patients can't stop medical records upload

Up to 50 million health records will be placed on Britain's new NHS IT system with or without patients' consent, a report has claimed. The Guardian newspaper said that patients will not be allowed to object to information being loaded on to the system. The newspaper also claims that the system could make medical information available to the police and security services more easily than before. That claim is rejected by the Department of Health. "The rules are well established and the new electronic record systems do not change this in any way," said the spokeswoman. A Guardian report based on its investigation said that details of mental illnesses, abortions, pregnancy, HIV status, drug taking and alcoholism could be included in patient profiles, and that there was a lack of safeguards for data once it was on the system. The new NHS system has been controversial because of its rising cost and slipping time scale. The report said that a virtual "sealed envelope" system was in place to protect sensitive information, but that the seal can be broken by medical professionals if "the interests of the general public are thought to be of greater importance than your confidentiality". That contrasts with the current situation where police must get a limited amount of information from a GP who knows the patient or must obtain a court order for data. The NHS spokeswoman said: "The NHS does not permit any external access to its patient records unless this is explicitly required by law. The police have no powers to require access to patients' NHS records. In the absence of a legal requirement, the NHS may, and indeed should, disclose patient information in relation to serious crimes or to protect the public from significant risk." Patients will not be permitted to stop their information being put on the system, a move which is opposed by the British Medical Association. "We believe that the government should get the explicit permission of patients before transferring their information on to the central database," said a BMA spokeswoman. Copyright © 2006, OUT-LAW.com OUT-LAW.COM is part of international law firm Pinsent Masons.
OUT-LAW.COM, 06 Nov 2006

Software bad across the board

The security problems that hit the headlines are those in web browsers and operating systems, but application security is in many cases a bigger risk. I spoke to Mike Armistead (vice president, products) at Fortify Software, specialists in software security solutions, takes a far broader view of where the risks lie. "Most of the prevailing security strategy is to build big walls, walls around the perimeter of an organisation so you keep the bad things out. People writing applications extend the enterprise outside of these walls. We've seen that everywhere through web-facing applications connecting suppliers and partners, supply chains, financial service chains, even the opening up of employee self-service type portals. All these applications house private information. The new reality is that there isn't a perimeter to these enterprises. Protecting them is no longer something that can just be done by building a big wall. Gartner estimate that 75 per cent of all attacks occur at the application level." I asked Armistead if some programming platforms were more secure than others. "Generally, we've found software is equally bad across the board," he says. Is open source more secure than commercial? From every kind of evidence we've seen it's not. There's the argument open source has more eyes on it, but the counter is that the people contributing the code are still working towards, hey, let me add my new cool thing. We've found things in open source software that have been there for a number of years. "The problem is twofold. Coding and testing applications for security is difficult, and developers are generally rewarded for features and time-to-market, not for the security of their code. Armistead says the problem cannot be fixed solely by educating developers. "Many of these vulnerabilities lie between assumptions made by team members, like thinking another group is doing the checking. Something doesn't get checked and a SQL injection vulnerability pops up." How then can applications be secured? "You're not going to be able to do it from one magic silver bullet," says Armistead. "We believe that at development time you'll try to identify and analyse those flaws, but at the same time you want to be able to harden the infrastructure." Naturally, Fortify would like to sell you its tools and services. These start with static analysis. Fortify Source Code Analysis (SCA) applies thousands of rules to your code, covering data flow, control follow, semantic analysis and code structures. It works with compiled languages including C/C++, C# and Java, but not currently with dynamic languages such as PHP, Perl or Ruby. "We expect that in the future we'll be going in that direction. Those are a little harder because they're interpreted and on the fly." Static analysis is not sufficient on its own. It is also important to test and analyse the running application. Fortify Tester is a plug-in for Microsoft Team System which does "Black Box" testing, so-called because it simulates attacks. You can either point it at a URL, or else specify an existing Team System web test for Fortify Tester to use as the basis of its own test. It looks for vulnerabilities including command injection, SQL injection, cross-site scripting and leftover debug code. Fortify Tracer is a coverage tool for security tests. It works with J2EE applications while other tests are running, and reports on what percentage of security-critical functions were exercised. Finally, Fortify Defender is a run-time solution to use with deployed applications. Fortify calls it a "function-level firewall". It can be applied to any .NET or J2EE application, working with the compiled binary code and looking for attack patterns. The company claims a low performance overhead and a low rate of false-positives. "We are looking for input that is tainted, but you can specify usage rules. For example, end the session if anyone tries five credit cards within two minutes. We took a lot of the rules from source code analysis and turned them into runtime rules. The development team that should have written those checks into the application, but because of time constraints, or if they're inheriting the source, they just aren't there." Fortify Defender does not come cheap, at around $6,500 per application instance, but this kind of smart runtime checking does make sense as part of a secure application strategy. It is no substitute for coding securely in the first place, however. There's plenty more information on Fortify's approach here and Fortify is not alone in this space. Cigital has some useful resources and Microsoft .NET developers should also check out DevPartner SecurityChecker from Compuware. ®
Tim Anderson, 06 Nov 2006

WirelessHD's 60GHz platform could spark standards war

Six of the world’s biggest consumer electronics companies - Sony, Panasonic, Samsung, Toshiba, NEC and LG Electronics - have turned the short range connectivity world on its head, in forming the WirelessHD (WiHD) special interest group, which will settle on license-free 60GHz spectrum for connecting entertainment devices in the home. This could be seen as a blow to the efforts of the PC/cellphone community to promote UltraWideBand as the fast, low power wireless network of choice for the digital home, but eventually, despite the posturings and vendor politics, an integrated platform combining UWB, 60GHz Wi-Fi and Bluetooth could be on the cards.
Wireless Watch, 06 Nov 2006

Motorola speeds open source momentum with Apache

The biggest obstacle in Java's path to becoming the dominant software architecture for mobile phones has been its fragmentation - both in terms of technical features and the various licensing schemes adopted by its early exponents. The past two years have seen the handset makers and large operators increasingly taking the steering wheel of the mobile Java movement, seeking to create unified platforms and work around the confusion caused by Sun's halfhearted open source approach. Motorola has been the most aggressive in recent months, and making itself the leading light in an industry-wide mobile Java framework would certainly score it major competitive points against arch-rival Nokia, which is equally committed to Java, but has tended to plough its own furrow. Motorola's latest move is to adopt the Apache Software Foundation's open source licensing process in the hope of making this the standard for Java ME, the mobile version of the architecture.
Wireless Watch, 06 Nov 2006

Pantech punts 3G music phone through Orange

Korean phone maker Pantech will see its U4000 3G music-centric slider phone offered to French consumers by Orange, the company announced today. Orange plans to punt its Live TV and music download services through the handset.
Tony Smith, 06 Nov 2006

Radio RTFM RSS feeds are go

You demanded it and by the Lord Harry you've got it: Radio RTFM now has the RSS feeds we promised last week. The urls are: www.theregister.co.uk/odds/rtfm/headlines.rss and www.theregister.com/odds/rtfm/headlines.rss. We've given them a spin in Bloglines and all seems well. The audio file for the first RTFM programme appears as an enclosure, so you should be able to have it downloaded automatically to your iPods. Let us know if you have any problems. And if you missed the show first time around the mp3 is available right here (19 meg mp3). We're also now offering all of the sketches as separate mp3 files... The London cabbie Brinfinger Space wurzel Trainspotting geeks The Strategy Boutique ...so you can pick'n'mix your favourite bits. If you have any, that is. We asked for your feedback on our audio discharge, and it appears it's a bit like Marmite: you either love it or... Dear Lester, Going by the old adage, if you can't say anything nice, don't say anything at all, I have absolutely no comments I would like to make with regard to the first installment of RTFM. Regards, Wolf Clostermann Hi Lester, I'm trying to be nice but I must say I was not a fan of RTFM. I didn't find it all that funny sadly. I'd recommend adding some exclusive content for RTFM listeners only. Exclusive opinion pieces would be nice. Also bringing in guests for interviews as you mentioned would be great. Cheers Ben erm ... reading stuff is about 10x faster than listening to it, and you can't skim audio for keywords of interest. Who actually has the time to listen to this stuff? I know I don't. Are you sure you aren't going web 2.0 by the back door? God forbid. We agree about the reading thing, though. In future, we'll save precious time on going to the cinema by simply asking film studios to send us copies of their screenplays. That's enough negative vibes. Let's indulge in a big group hug: Great stuff, unique audio content, just like the text on your website. I am never quite sure if you're reliable news, sharp entertainment, or both. With your audio, that's truer than ever--except I guess you're both. Lookin' forward to seeing the RSS feed and permanent link on your website. a loyal reader in Cambridge, England -Kevin r.e. RTFM. Claire Swires gives aural pleasure ? Gulp! I'll 'ave some of that. (This is the email gal isn't it ?) Hywel She is indeed, bless her. I loved "the Reg audio experience", and I love you and want to have your babies. I would sell my soul to hear this daily in a web radio format with maybe an automation through the day if I were to miss the live show, the automation might even have classic bits similar to the format of NHB. I feel warm and tingly all over having experienced this bit of brilliance. Nicholas Hi, I don't know you well enough to say I love you and my biological construction stops me from even thinking of wanting your babies, but the Podcast is brilliant! One or two suggestions; * BOFH! Put a BOFH or two in there (or maybe a BOFH presented show)! * It seems to be a little quiet Any chance of it being more regular than every month? It really rocked. Richard BOFH, eh? Hmmm... very entertaining, though it needs more sex and violence and the snooty sounding wench should get her gear off in the next episode ;-) Rob Well, the "snooty sounding wench" has rather kindly agreed to do the next session while completely naked, which should add spice to the broadcast. And yes, that does indeed mean we'll be doing another RTFM, which should be available for public consumption on 13 December, or thereabouts. Subscribe now to avoid disappointment. ®
Lester Haines, 06 Nov 2006
homeless man with sign

Phoenix coughs £30.25m for Servo

Phoenix IT Group has bought UK small and medium-sized business IT provider Servo Computer Services for £30.25m. The deal is made up of stock, and £28m cash from Phoenix's coffers and bank finance.
Christopher Williams, 06 Nov 2006
channel

Schneider was approached by private-equity firms

Schneider Electric SA's announcement last week that it is to acquire American Power Conversion Corp (APC) is believed to have been a "defensive move" to protect the company from any takeover bids. According to today's Wall Street Journal, a group of three private-equity firms approached Schneider in a €20bn bid for the electronic equipment business. Schneider confirmed last week that it had acquired APC - the uninterruptible power supply specialists - in a deal estimated at $6.1bn. On the same day shares in Schneider fell 7.5 per cent. This latest revelation looks set to further frustrate the company's investors. But Schneider has denied "any negotiations with any investments funds concerning a private takeover." Had the deal gone ahead it could have been one of the largest private-equity acquistions in history. Among the firms that approached Schneider were PAI Partners of Paris and Kohlberg Kravis Roberts of New York.®
Kelly Fiveash, 06 Nov 2006

Sony pitches Bond-branded 1GB USB Flash drive

Sony's love affair with Her Majesty's Secret Service and its most famous spy shows no sign of ending. Having punted a Bond-branded briefcase, Vaio and Cyber-shot combo at the Americans, the Brits get... a 007-embossed MicroVault USB Flash disk. The USB connector's retractable, which should appeal to budding Qs, but alas there are no explosive darts or anti-gravity devices built in.
Tony Smith, 06 Nov 2006

Rock Pegasus P665-T76 Core 2 Duo laptop

ReviewReview Rock may not be up there with the Dells and HPs of this world, but this UK laptop manufacturer has been around for almost 15 years and has a proven track record of producing high-performance notebooks, especially for gamers. The Pegasus P665-T76 isn't a hardcore gaming laptop per se, but with a top-of-the-range Core 2 Duo processor, it's gunning for the performance crown. It's certainly not going to win any beauty awards...
Lars-Göran Nilsson, 06 Nov 2006

Logo for legit UK drug sites

The Royal Pharmaceutical Society is piloting a new logo, designed to help people identify websites that sell safe, genuine medicine. The news follows reports that cancer patients are turning to the internet to obtain treatment, because the drugs they need are not available on the NHS. The RPS's new logo will only apply to sites registered in the UK, and will only be awarded to sites run by registered pharmacists. Since copying a logo is no difficult task, the RPS's will maintain a list of reputable internet pharmacies which shoppers will be able to search to check up on a site's credentials. However as the scheme is UK-only it will do little to stop patients visiting international pharmacies to buy drugs not yet available to them on the NHS. In the global environment of the web, this surely makes it of questionable value. It will also do nothing to stem the flow of spam emails offering "cheap V14gra" to everyone who owns a computer. The Observer reports that most often patients want to try treatments that have not yet been licensed for use in the UK, and often do so without the knowledge of their doctor. It quotes Karol Sikora, a leading cancer specialist in the UK, who was addressing a group of doctors and politician meeting to discuss the issue. He explains that a number of his patients buy medicines at CanadaDrugs.com, one of Canada's largest online pharmacies. He said: "These patients are well informed, and they shop around for the cheapest prices,' he said. 'I had one patient, a very well educated young woman who wanted Tarceva for lung cancer. She couldn't get the drug on the NHS. The price from a Harley Street clinic worked out at around £75 a tablet - but ordering from Canada would bring it down to £35 a tablet." He added that younger patients were particularly disinclined to wait for the government to OK a new treatment: "The idea that you can't get a cancer drug that will extend your life because a government body has decreed you can't have it just won't work," he said. This is perhaps not surprising when such huge sums of money can be saved, or when people are facing a terminal illness and perceive no support from the ever-cash-strapped National Health Service. There must be a distinction drawn between people using reputable international sites to save money on medicines their doctors have prescribed, and will be supervising, and those who are self-prescribing unlicensed drugs, or obtaining them from dubious sources. However, the RPS has fairly unequivocal advice for people considering such a service: Don't. A spokeswoman said: 'Sadly, we have no influence or say over what happens abroad. We can only warn people about the dangers." ®
Lucy Sherriff, 06 Nov 2006

DisplayPort to support HDCP?

DisplayPort, the would-be successor to today's DVI monitor connection standard and computer-centric rival to HDMI, is to support the HDCP high-definition copy-protection specification, if Video Electronics Standards Association (VESA) members approve a proposed 1.1 update.
Tony Smith, 06 Nov 2006
1

Under Torch Wood

StobStob FIRST VOICE No one would have believed in the last years of the nineteenth century that this world was being watched keenly and closely by intelligences greater than man's and yet as mortal as his own; SECOND VOICE Ahem. Hold on there, Richard. Wrong script.
Verity Stob, 06 Nov 2006

Virus dances onto Mac OS X

Malware authors have created a proof-of-concept virus that's capable, in theory at least, of infecting Mac PCs running OS X. The Macarena virus isn't spreading and even in the highly unlikely event your Mac catches the infection it doesn't do any real harm.
John Leyden, 06 Nov 2006

Motorola cuts black RAZR for Red AIDS charity

Black is the new red. Product Red, that is, the Bono-backed AIDS charity working to fight the spread of the disease in Africa. Having launched a red SLVR earlier this year and a red RAZR just recently, Motorola has launched a third Red-branded handset, this time one that's... er... black.
Tony Smith, 06 Nov 2006
globalisation

Webroot jumps into the channel

Enterprise anti-spyware software maker Webroot has tapped Softek and Sphinx as its UK distributors. The pair will identify channel resellers to hawk Webroot's Spy Sweeper to security-twitchy enterprise customers.
Christopher Williams, 06 Nov 2006

Garter maker touts 'sexy' thigh-mount phone holder

I'm not quite sure why you'd want a garter belt fitted with a pocket of sufficient size to hold most popular brands of mobile phone and digital music player. Simply to avoid taking a handbag when you're out for a night on the tiles? Or because you want to tease and charm the geek in your life?
The Hardware Widow, 06 Nov 2006

Airline grounded by rebranding madness

LogoWatchLogoWatch Those rebranding madness fans among you who enjoyed the recent outbreak at Virgin Galactic are in for a treat today, courtesy of Oasis Hong Kong Airlines. Thanks very much to reader Ian Atkin for pointing us in the direction of this complete cobblers: Every element of the Oasis Hong Kong Airlines identity has been crafted to convey our simple, powerful message: affordable, global mobility, provided by an airline whose home is one of the world's most dynamic cities. Our logo is a wordmark that neatly links “Oasis” with “Hong Kong” to communicate our name, the type of brand experience we offer and our home. The typeface, a modified version of Mondial, encapsulates the fundamental brand proposition: safety and comfort with unprecedented value. The stylized i of OASiS represents the essence of both our company and Hong Kong: international, innovative and inspired. Our primary colours are red and white, the colours of the Hong Kong flag. "HONG KONG" is in medium grey, a colour that conveys our commitment to reliability and the professionalism of our experienced staff. The bright tail fins of the Oasis Hong Kong Airlines aircraft feature our brand signature: bold streaks of light in red, orange and white. They are an instantly recognizable reference to ever-dynamic, diverse Hong Kong. They also communicate what we provide, i.e., the ability to fly non-stop instead of having to transit at an intermediate point. The energy of our brand identity extends to the aircraft cabin interiors, where the theme is "refreshing and cosmopolitan". colours are warm, inviting shades of purple, magenta and orange for the seat covers and aubergine for the carpeting. Our specially-designed seat cover pattern is called "infinite oasis," and features an ever-continuing flow of dots that represents the joy of mobility and discovery. Brilliant. A round of applause to the Strategy Boutique which managed to get "fundamental brand proposition" and "infinite oasis" in there without being ejected by security from the Oasis Hong Kong offices with their joss-sticks firmly shoved where the sun don't shine. ® Bootnote For more Powerpoint and whalesong-driven nonsense, try the Strategy Boutique skech on our new Radio RTFM broadcast. More rebranding madness UK charity has minor attack of rebranding madness (3 November 2006) Virgin Galactic goes Starck raving bonkers (15 September 2006) NZ power company decimated by rebranding madness (5 September 2006) MasterCard succumbs to rebranding madness (6 July 2006) Strategy Boutiques invade Japan (9 July 2004) Capgemini succumbs to rebranding madness (13 May 2004) NZ army reels under rebranding frontal assault (21 January 2004) Taiwan hit by sudden outbreak of rebranding madness (20 January 2004) Terrifying outbreak of rebranding madness in France (20 June 2003) Whalesong-driven rebranding madness spreads to Spain (18 June 2003) Rebranding kiss of death strikes Deloitte Consulting (7 April 2003) Braxton logo springs into the light (10 March 2003) Deloitte Consulting fires up the whalesong and joss sticks (10 March 2003) 3: a LogoWatch special (9 October 2002) LogoWatch The future's bright – the future's purple (20 August 2001) LogoWatch MySQL swims with the dolphins (1 August 2001) LogoWatch Sema rebranding ends in tears (7 June 2001) LogoWatch Zarlink trumpets imperial pretentions (1 June 2001) LogoWatch With this ring, I thee sack (8 May 2001) LogoWatch Telco punts for pink pound (1 May 2001) LogoWatch VIA rises from eastern mountain (17 April 2001) LogoWatch Sema aflame with vital energy (12 March 2001)
Lester Haines, 06 Nov 2006

Students shy away from 'difficult' science

Students are abandoning "difficult" science A-levels in favour of "funky" subjects like media studies and psychology, according to a report from the House of Lords. Physics take-up has been particularly affected, the Lords said. The report, entitled Science Teaching in Schools, notes a decade-long decline in the numbers of students taking science and maths at A-level. It attributed the decline, at least in part, to fashion, but said that the problem had been exacerbated by "teaching to test", school league tables and misplaced health and safety fears. It also noted the shortage of science teachers, and chastised the government for failing to follow through on a promised £200m investment in school science labs. Teaching to test meant that teachers were confining their instruction to a narrow and uninspiring set of methods, the report warned. Meanwhile, changes to the way Ofsted carries out its inspections mean that poor teaching might not be picked up. More seriously, however, the Lords noted that as well as being perceived as being more difficult, there was some evidence that science and maths subjects actually are more taxing than Media Studies. [In related news, the sky has been confirmed as blue, and last week, the sea was found to be wet.] The Lords said that the contention that all A-levels are given equal weight, as put forward by the Department for Education and Skills and the Qualifications and Curriculum Authority, was "unconvincing", the BBC reports. It also cited anecdotal evidence that some students are steered away from difficult subjects by schools concerned that lower grades might negatively affect the standing of the school in league tables. Lord Broers, the chairman of the committee behind the report, called for the post-16 curriculum to be broadened. He said: "We call on the government to look again at a diploma or baccalaureate system, which would enable students to keep studying science and maths along with other subjects, reducing the tendency for them to drop science entirely for 'easier' subjects after their GCSEs. The Welsh Assembly Government has recognised the need to broaden post-16 education - the Westminster Government needs to catch up." ®
Lucy Sherriff, 06 Nov 2006

Nvidia recalls GeForce 8800 GTX boards ahead of launch

Nvidia has confirmed that graphics cards based in its upcoming GeForce 8800 GTX chip have been recalled. However, the company claimed it would still go ahead with the G80 GPU's launch on 8 November. Boards based on the GeForce 8800 GTS are not affected, it added.
Tony Smith, 06 Nov 2006

Mio styles sat nav as girl-friendly 'fashion accessory'

Mio first demo'd its H610 GPS gadget at CeBIT in March. Then, the handheld sat nav tool was merely a good-looking but non-gender specific device. But now, by the application of some flower-like screen-printing and some equally florid PR fluff, the H610 is reborn as a gadget for girls - "a must-have fashion accessory" that takes "GPS out of the car and into the handbag".
The Hardware Widow, 06 Nov 2006
graph up

Blair bangs ID card drum

Tony Blair has once again seen fit to toss his prime ministerial two penneth into the ID cards debate. In a piece for The Telegraph today, the PM goes on the hard sell. Eulogising biometrics, Blair wrote: "I believe its benefits go beyond helping us counter problems. Biometric technology will enable us, in a relatively short period of time, to cut delays, improve access and make secure a whole array of services." "The case for ID cards is a case not about liberty but about the modern world. Biometrics give us the chance to have secure identity and the bulk of the ID cards' cost will have to be spent on the new biometric passports in any event." He goes on to promise ID cards will cost no more than £30 on top of the £66 the biometric passport will cost, asserting it is "not a bad price for the problems I am convinced they will help us tackle." "There is the argument that ID cards and the national register simply will not work. This rests largely on the past failures, which I accept exist, of IT projects of all governments. This, however, seems to me an argument not to drop the scheme but to ensure it is done well." We'd like to think those words won't come back to haunt him...but we don't. ®
Christopher Williams, 06 Nov 2006

SMEs vital in surveillance arms race, says 3i

Small businesses in the UK will be critical to the success of Home Office proposals for a security innovation forum, according to venture capitalists at 3i. In a speech at the Security and Resilience Forum, home secretary John Reid said that pioneering technology would be crucial in staying one step ahead of terrorists. He said the UK has to "speed the execution of delivery" of the surveillance devices produced by the security industry. "It is vital that our enterprises sustain the delivery of innovation at a pace that outstrips our adversaries," he added. Matthew Mead, partner at 3i, said that if the government chooses to focus all its effort on the big name technology vendors, it risks stifling innovation: "The UK has a long and impressive heritage in developing leading security technologies and making significant technological advances. To combat the threats facing us, it is key that this is recognised at all levels." The VC firm presents Chronicle Solutions as an example of the level of innovation it thinks Reid needs to tap into. CS sells communications monitoring technology. Company CEO Nick Kingsbury argues that much of the innovation in this sector is happening in smaller companies. "It is not the province of the technology corporations," he said. 3i says that the main challenge facing technology companies is to find technologies that give the government the edge over the bad guys, while not restricting civil liberties. ®
Lucy Sherriff, 06 Nov 2006
fingers pointing at man

0-day bug shatters Windows

Security researchers have identified an unpatched vulnerability in Windows. The flaw - which affects all supported versions of Windows bar Windows 2003 - resides in a security bug in Microsoft XML Core Services, specifically an unspecified security bug in the XMLHTTP 4.0 ActiveX Control. The flaw creates a means for hackers to inject malware onto the PCs of surfers running IE who visit a website hosting malicious code that attempts to harness the security bug. Security notification firm Secunia says that the vulnerability is being actively exploited by hackers. Microsoft has posted an advisory conceding the problem and suggesting possible workarounds, which basically involve disabling the affected ActiveX control, ahead of the arrival of a patch. ®
John Leyden, 06 Nov 2006

Medion shows showy crystal laptop for the ladies

Diamonds are a girl's best friend, roars Medion's latest announcement, but you won't find any such gemstones on its new notebook, a Chavette-friendly laptop embossed with 300 Swarovski crystals - lead glass, as the material's known in the trade - arranged in Medion's logo and a flower motif.
Tony Smith, 06 Nov 2006

Ex-Gizmondo exec court hearing ends in mistrial

Former Gizmondo executive Stefan Eriksson, 44, faces yet more time in a US courtroom after a judge ruled the action against him was a mistrial. The verdict, announced on Friday, followed the jury's inability to reach a unanimous verdict.
Hard Reg, 06 Nov 2006

Carphone Warehouse rapped over 'silent' calls

The British mobile retailer Carphone Warehouse Group plc could be hit with a penalty of up to £50,000 for making "silent" calls to its customers, communications regulator Ofcom has said. Ofcom explains the silent call menace thus: "Silent calls can occur when automated calling systems used by call centres generate more calls than the available call centre agents can manage. When the person called answers the telephone and there is no agent available, the automated calling system abandons the call. This can result in the person called experiencing silence on the line when they answer the telephone." Ofcom has confirmed that Carphone Warehouse had regularly exceeded the limit of three per cent of silent calls in any 24-hour period. A raft of requirements for all outbound calls had not been put in place by the Carphone Warehouse, despite Ofcom's revised guidelines which were issued to call centres in March this year. Rules breached included failing to providing caller line ID and full records of dialler usage as well as a recorded message to tell the customer that the lines were busy. Three other companies' (Brakenbay Kitchens Ltd, Space Kitchens and IDT Direct) call centres have also exceeded the limit of silent calls to unacceptable levels - some persistently higher than 20 per cent, according to an Ofcom statement Ofcom released last Friday. "There are reasonable grounds to believe that each of these four companies have engaged in persistent misuse of an electronic communications network or electronic communication services in a way that causes annoyance, inconvenience or anxiety to consumers," said Ofcom. As a result, the regulator could impose financial penalties to a maximum of £50,000 on each firm. It added that the companies have until 6 December to present their cases. Ofcom was unable to provide a detailed breakdown of how many complaints the regulator had received from Carphone Warehouse customers. But there had typically been a total of 270 silent or abandoned calls per month since the guidelines were issued, which is "a measure of the level of concern" regarding the four companies' misuse of communications, an Ofcom spokesperson told The Register. Responding to the action taken by Ofcom, the Carphone Warehouse said in a statement: "We are and have been actively working both internally and with our third party agencies to ensure that, at the least, recorded messages are heard by the individual being dialled and that the proportion of abandoned calls falls below the threshold." ®
Kelly Fiveash, 06 Nov 2006

Scientists collar bird flu's 'killer' gene

Scientists in China report that they have identified the gene which determines the virulence of the H5N1, or bird flu, virus in poultry. The breakthrough could pave the way for new vaccines, the scientists claim. Some strains of H5N1 kill more than half those they infect, while others leave virtually all their victims standing. Understanding what it is that makes one strain of the virus more deadly than another gives researchers something to target when developing a vaccine. Bu Zhigao at the Harbin Veterinary Research Institute told Reuters "We can now understand how this virus becomes lethal and the molecular basis for its pathogenicity." He says that a vaccine targeting the "highly pathogenic" NS1 gene could be developed very quickly. "Technically, that can happen very soon, but it is the tests and other procedures that will take a long time," he said. The research team took samples from geese that died from the disease in 1996, in the southern Guangdon province, and studied two closely related strains of the virus. One strain was very deadly to chickens, and the other relatively harmless. They found that the key differences lay in just four genes. By genetically altering the virus to create four new variations, they were able to determine which of those genes controlled how likely the virus is to kill anything it infects. The work is published in the November issue of the Journal of Virology. ®
Lucy Sherriff, 06 Nov 2006
hands waving dollar bills in the air

Japanese boffins show off 512-core chip

Japanese researchers at the University of Tokyo have built a multi-core chip that runs at just 500MHz but is capable, they claim, of performing 512bn floating-point operations every second. The secret: the processor contains 512 cores.
Tony Smith, 06 Nov 2006

Big Brother to debut in Second Life

Human zoo Big Brother will soon be entertaining the masses in Second Life, Reuters reports. BB production company Endemol has confirmed it will confine "15 international Second Life contestants" for a month in a "specially constructed glass-walled house", where their avatars will presumably indulge in the usual mindless bickering and fondling each others' virtual naughty bits under the duvet. The winner will be selected by the traditional voting process and will receive a Second Life island worth "about US$1,675". Endemol Netherlands managing director Paul Romer enthused: "Big Brother Second Life represents a fantastic opportunity to amass knowledge of the virtual world. In the future, we will use this experience to develop specific content for online communities." ®
Lester Haines, 06 Nov 2006
cloud

Symantec buys Company-i

Symantec has acquired to buy UK-based consultancy Company-i for an undisclosed amount. Company-i specialises in helping financial services firms manage their data centres. Symantec said the firm will help it expand its IT Risk Management practice.
John Leyden, 06 Nov 2006
homeless man with sign

Microsoft completes system code for Office 2007

Microsoft has finished the system code for Office 2007, concluding the company's largest beta program to date which generated an "unprecedented quantity of feedback". More than 3.5m people downloaded Beta 2, the company said. Redmond's finest also confirmed the code's release to manufacturing (RTM), which it termed a "gold code milestone" on the road to the business release of the Office 2007 system, along with Vista and Exchange Server 2007 on November 30 2006. The general release will follow in early 2007, Microsoft said. “We’ve crossed the development finish line, and the team deserves to celebrate,” said Jeff Raikes, president of the Microsoft Business Division. “The 2007 Microsoft Office system RTM completes the most significant improvements to the products in more than a decade. It’s rewarding to be able to send this release off to our customers and help them take the next big leap forward in productivity.” In the US and Canada, trial versions of Office 2007 will be available via Office Online from December 1. This will be expanded to a further 13 international markets "soon after" the company said in the press announcement. The new version of Office has an additional 50,000 help articles, some 400 new templates, and 35 new demos. Office Outlook 2007 has SMS support, allowing users to send and receive emails by mobile phone. Find out more here. ®
Lucy Sherriff, 06 Nov 2006

Fast24 missing, presumed...

The fate of Fast24 is in doubt, with the firm's broadband customers still to hear from the ISP a week after it disappeared off the net. Fast24's broadband punters were cut off last Monday by hosting provider UKSolutions. UKSolutions say Suffolk-based Fast24 has made no formal attempt to have the network re-established, though there had been informal approaches to restore some parts. A spokesman said the dispute between the firms remains unresolved. The Register has spoken to former employees of Fast24, who claimed the firm had been in financial difficulty for some time. Several staff left around one month ago over pay concerns and it is believed the remaining workers were fired on Friday. Attempts to contact Fast24 and Jason Elsom, who orchestrated a 2004 management buyout, have been unsuccessful. Landlord Regus, which operates the Histon, Cambridgeshire office park which was home to Fast24, told us the firm had moved out of its building. Fast24 representatives are invited to get in touch.®
Christopher Williams, 06 Nov 2006
channel

'Carousel fraud' bank's founder held for three more months

Controversial Dutch mult-imillionaire businessman John Deuss, who was arrested last month after his offshore bank allegedly aided 2500 UK tax carousel fraudsters, is to be held in custody in the Netherlands for another 3 months. Prosecutor Hendrik-Jan Biemond, who also led the case against the Ahold accounting scandal, is still investigating the fraud, which involves importing, or claiming to import, mobile phones and PC parts from another EU country without paying VAT, then selling them on and pocketing the tax. Deuss's First Curaçao International Bank (FCIB) was shut down after raids in co-operation with Dutch authorities. The Caribbean-based bank was popular not only with British VAT fraudsters, but apparently also aided Russian and Dutch companies involved with VAT fraud, according to sources close to the investigation. Deuss denies any wrongdoing and lawyers acting for the former oil tycoon are planning to appeal the decision to keep him detained. In the 70s Deuss used his bank to lure the Russian state oil company into signing a deal worth hundreds of million dollars, until he stopped paying them. Years of legal wrangling followed. ®
Jan Libbenga, 06 Nov 2006

USA to ground all travellers until 'cleared'

No one will be permitted to board an aircraft or a marine vessel leaving or bound for the United States until cleared by the US Department of Homeland Security (DHS) Bureau of Customs and Border Protection (CBP), under proposed regulations. Under current regs, the US requires airlines to transmit their manifests no later than fifteen minutes after a plane is in the air, wheels up. This, according to DHS, allows known terrorists to board, then hijack or blow up, commercial planes during the deadly window of opportunity provided between boarding time and when the aircraft is finally diverted or shot down by fighter planes scrambled to "escort" it. However, if the manifests were to be transmitted before the planes leave the gate, DHS would have time to ensure that "high-risk passengers" are prevented from boarding in the first place, with a subsequent reduction in the number of commercial aircraft needing to be blown out of the skies by their military escorts. Other benefits would include fewer diverted flights, with fewer holidays spoiled and business appointments postponed. Which all sounds quite reasonable. For DHS, it's a public relations dream come true. No longer will their crummy databases with their prolific false positives create entire planeloads of hateful citizens at each go. Now, only one poor bugger in a turban at a time is going to be inconvenienced for no good reason. When handled individually before boarding, "selectees" can easily be detained, intimidated, humiliated, cavity-searched, and then released as soon as DHS realises its error, without other passengers, and most importantly, the press, taking notice. Using its Advance Passenger Information System (APIS), DHS has the ability to screen an entire manifest within one hour, or to screen individuals within fifteen minutes of boarding. Airlines will be given a choice between transmitting an entire manifest under the one-hour rule, or transmitting the required "biographical information" on each passenger in real time under an optional fifteen-minute rule. "Under both options, the carrier will not permit the boarding of a passenger unless the passenger has been cleared by CBP," the Department explains. Naturally, at a major airport launching planes every minute or so, there's not going to be time enough to check each passenger's identity carefully. The passport will be read or scanned electronically, and if the name under which it's issued doesn't ring any bells, and the picture matches the bearer, it won't be challenged. Indeed, DHS already permits passengers to supply their own APIS information well in advance of travelling, conveniently via the Internet. During a recent international flight - prior to which I had registered with DHS online - I noticed that no attempt was made to verify my identity. I had a pre-printed boarding pass, and when I arrived at the security checkpoint, a uniformed TSA guard merely glanced at my boarding pass and passport, verified that the names matched, and observed that my face matched the passport photo. It took about two seconds. If I had been a terrorist, I'd have needed only two easily-acquired items: a credit card under a clean alias with which to buy the tickets and obtain a boarding pass, and a passport under the same alias with which to register with APIS and later to scam the TSA guard. From a security point of view, the new APIS regulation is just another useless counterterrorist rain dance. But from a civil-liberties point of view, there are some curious implications. According to a public comment submitted to DHS by the Identity Project, World Privacy Forum, and (who else?) John Gilmore, we have here a dramatic escalation in travel restrictions. But that isn't so. DHS is essentially admitting, without embarrassment, that it is the arbiter of who can travel. This has been the case for some time, since APIS compliance became an obsession in the wake of 9/11. DHS has been diverting flights at will, and removing (usually innocent) "undesirables". What's new here is merely the language: all passengers must be "cleared" in advance by the Department. In a practical sense, this has been going on for years, only it's been buried under steaming piles of counterterrorist rhetoric. DHS is finally admitting the plain truth: every one of us is on a no-fly list. We are all unfit to travel, until some government clerk verifies that our names don't match his sloppy list of suspected evildoers. Even US citizens cannot enter or leave the USA until they are approved - until they've passed the database test. The North Korean government has the same basic arrangement, only they don't try to hide it. It's about time Uncle Sam came clean about his own travel approval process. And now, finally, he has. ®
Thomas C Greene, 06 Nov 2006

Wireless insecurity: do not use the cheerleader defence

CommentComment The message boards are alive with misguided advice about wireless networks. Switch off your security, they say: you’ll get away with murder. It follows the news that the music industry has dropped a lawsuit against Tammie Marson of Palm Desert, California. Marson argued that the fact that her computer contained illegal music files downloaded over her internet connection was not proof of a crime. As a cheerleader teacher, she said, hundreds of girls passed through her house, any one of whom could have used her PC. She also ran a wireless network without security – so anyone outside her house could have used her net connection. Observers in homes without cheerleader traffic were fascinated by the wireless defence. "I’m going to open my network to the neighbourhood,” was a typical comment. "Screw the RIAA [Recording Industry Association of America]!” But think this through: suppose someone outside your house uses your connection to download child porn to a laptop, hack into a bank or launch a denial of service attack. Unless you change your router’s default settings, you’ll never know. But the police might. So they’ll impound your computer and, if they find no incriminating files, they might give it back; or suspect that you knew how to cover your tracks. It's your word against theirs. So keep your home network secure. For criminals, accessing an insecure network is as easy as putting on a balaclava. Your office wireless network is more likely to have good security – but perhaps you should check. A quarter of business networks are unsecured, according to a recent wireless survey by RSA Security. Its tests in London this year found that 22% of access points still had default settings that put networks at risk. RSA points out that these offices are at risk of data theft and virus infection. It follows that they could also face difficult questions from police tracing terrible crimes. They might not prove anything against your company; but nor is it an investigation your business wants. We don’t hear of such investigations today, but that could change. While the percentage of vulnerable networks is falling, it is falling slowly – and the total number of networks is rising fast. RSA reports a 73 per ecnt year-on-year rise in the number of wireless hotspots in London. The police don’t like anonymity breaking evidential chains. Will they push for new laws that make unsecured networks illegal, or grounds for a claim that the operator is aiding and abetting the commission of a crime? After all, our Data Protection Act already has certain expectations of office networks that hold personal data. While the police don’t care about extending these expectations to protect movies and music, they do care about hacking and child porn; and right now they probably care even more about terrorist communications. At a time when air travellers can’t carry toothpaste, it doesn’t seem quite so far-fetched to foresee the banning of safe havens for criminal communications. That may or may not happen. But for now, if nothing else, fix your wireless security. Otherwise you could find yourself reported in the press as helping the police with their enquiries in connection with a terrible crime. Nobody wants that. Copyright © 2006, OUT-LAW.com OUT-LAW.COM is part of international law firm Pinsent Masons. This article was orginally published in Issue 15 of OUT-LAW magazine. Register with OUT-LAW to get a free subscription.
Struan Robertson, 06 Nov 2006

UK, China and Russia beat out US in race to end privacy

A new report published by the British nonprofit Privacy International has ranked the leading surveillance societies in the world, and the results aren’t pretty. As far as benchmarks such as privacy enforcement and communications interception go, the United States has found itself in some rather awkward company, according to the survey from the privacy watchdog group. The US was ranked in the second- worst category overall in defending privacy, and at the very bottom when it came to enforcement of privacy regulations, communications interception, and workplace monitoring. Privacy International used 13 different criteria, ranging from constitutional protections to biometric identification, to evaluate privacy protections across 36 different countries. And the report is nothing if not graphic. The US shows up in the flaming red category, a color long associated with human rights stalwarts such as China and…uh, well, anyway, at least it did better by a hair than privacy black holes such as the UK, Malaysia, Russia and Singapore, not to mention China itself. The accompanying report does take note of the difficulties in this age of terrorism paranoia of preserving a civil and open society. That paranoia, supported by modern high tech surveillance equipment, is providing fertile ground for governments around the globe to roll back the civil liberties once lorded over the Chinese and the Russians as triumphs of western governance. Aloha, Big Brother. ®
Burke Hansen, 06 Nov 2006
fingers pointing at man

Is your software free, open or litigated?

AnalysisAnalysis By agreeing to license Microsoft's intellectual property, SuSE distributor Novell has created a potentially fatal division in what's called F/OSS, the Free/Open Source Software movement. What has Novell done, and why is it so potentially damaging?
Andrew Orlowski, 06 Nov 2006

Nvidia buys iPod chip supplier

Nvidia is buying PortalPlayer, Apple's supplier of the MP3 decoder and controller chip that goes inside your iPod. Well, the hard disk models, at any rate - other iPods use different companies' chips.
Drew Cullen, 06 Nov 2006

Sun's board gets leather jackets and talking cars

Sun Microsystems appears to have misunderstood analysts' call to "see some black ink." The company today picked up two new board members with strong ties to the publishing industry. Tony Ridder, the former chairman and CEO of newspaper giant Knight Ridder, will serve on Sun's Leadership Development and Compensation committee. And Peter Currie, a CNET board member and former Netscape CFO, will serve on Sun's Audit committee. Sun's board opened up when venture capital legend John Doerr left the company this month. Doerr had been one of Sun's strongest supporters, during booms and busts. The server maker has looked healthier of late, although it has still failed to reach profitability. Having the likes of Ridder and Currie on its board should help Sun if it decides to open a reporter surveillance office like HP. The directors would make it possible to avoid the pretexting mess by supplying phone logs directly to Sun. With that in mind, we're surprised that Sun didn't pick up a more experienced snooper like Patricia Dunn now that she's a free agent. ®
Ashlee Vance, 06 Nov 2006