Google
 

Wednesday, October 31, 2007

Warning Over Net Address Limits


30 October 2007

Internet Service Providers urgently need to roll out the next generation of net addresses for online devices, internet pioneer Vint Cerf has said.

Every device that goes online is allocated a unique IP address but the pool of numbers is finite and due to run out around 2010.

A new system, called IPv6, has been awaiting roll out for 10 years.

Unless IPv6 is switched on in the coming years, some devices might not be able to go online, Mr Cerf has warned.

Mr Cerf, who played a key role in the development of the protocols which underpin the global net, said: "There is a risk of not being able to get online."

He added: "The rate of consumption of available remaining IPv4 numbers appears to be on track to run out in 2010/11."

Mr Cerf is about to step down as chairman of Icann, the body which oversees the net, and is also Google's chief internet evangelist.

Potential shortage

The current system, called IPv4 provides four billion addresses but the explosion in the number of devices which go online has led to the potential shortage.

Although IPv6 was standardised 10 years ago it has not been rolled out at speed.

While modern computers, servers, routers and other online devices are able to use IPv6, internet service providers have yet to implement the system.

"The reason they haven't - which is quite understandable - is that customers haven't asked for it yet," said Mr Cerf, adding, "my job, whether with my Icann hat on or not, is to persuade them to ask for it.

"If you don't ask for it, then when you most want it you won't have it."

IPv6 will create 340 trillion trillion trillion separate addresses, enough to satisfy demand for decades to come.

"To be clear - if we finally exhaust the IPv4 pool it doesn't mean the internet stops working. But people wanting an IPv4 address won't get one.

"If there is an internet that does not support IPv6, not getting an IPv4 address means not getting on the net."

He added: "The appreciation of the importance of getting IPv6 into operation is very much more visible than before.

"I'm anticipating in 2008 a substantial increase of use of IPv6, introduced in parallel with IPv4."

One complicating factor is that IPv6 and IPv4 are not compatible so ISPs will have to run the two systems in parallel - adding to costs.

In Asia, governments in China, Korea and Japan have begun to lead roll out of IPv6 and the European Union is reviewing methods to encourage adoption
Source: BBC News

Sunday, September 23, 2007

Broadband speeds under scrutiny

21 September 2007

Broadband speeds in the UK are much slower than advertised by internet service providers, a study by Computeractive magazine has found.
Some 3,000 readers took part in speed tests and 62% found they routinely got less than half of the top speed advertised by their provider
.

It is the latest in a series of questions over the way net firms advertise broadband services.

Regulator Ofcom said it was aware of the issue and was "investigating".

Testing times

The figures were gathered from more than 100,000 speed tests that the 3,000 respondents carried out to build up a picture of their average net-browsing speed on ADSL lines.

Statistics about net users in the UK show that half of current broadband users receive ADSL services that should run at speeds between one and four megabits per second (mbps).

The other 50% are on deals offering up to eight mbps but the tests revealed that, in reality, very few achieve the top speeds.

"This problem has been building for a while with a growing gulf between what is advertised and what is delivered," said Paul Allen, editor of Computeractive.

"The adverts often have super-fast broadband in huge lettering with the "up to" clause in very small print," he said.

"Users who have taken the test were surprised at the size of the gulf," he added.

Some 28% of the 3,000 respondents who took the ADSL speed test found that they received less than a quarter of their maximum advertised bandwidth.

While consumers may currently not notice their sluggish connections, this could change thinks Mr Allen.

"Previously it has not been a massive issue but in the coming year we are entering the net TV age and video content is bandwidth-hungry," he said.

Mr Allen called on regulator Ofcom to provide an independent speed test to anyone who has signed up to receive broadband.

Speaking for the telecommunications watchdog, a spokesman said: "We are looking at this issue. It is not a huge driver of complaints but it has come on to our radar screen."

"It's about the difference between the headline rate and the rate received," he said.

The spokesman said Ofcom was working with the net industry and other organisations such as Which to investigate the extent of the problem and what can be done about it.

"Once we have carried out this work we will assess what options might be available to tackle it," he said. The results of the investigation would be made available in the "near future", said the spokesman.

Fast chance

Research by market analysts Point Topic sugggests that, in many areas of the UK, few people will be able to get the fastest broadband speeds.

Only 5% of the population will be able to enjoy speeds of 18Mbps. More than half will only be able to get 8Mbps.


Ofcom was also working with the Advertising Standards Authority to keep an eye on how net service firms word their marketing materials.

"We make sure broadband advertising does not advertise speeds that cannot be guaranteed," he said. "They have to make it clear that there is a best possible speed rather than an average speed."

The ASA has investigated several cases of misleading promotions, most recently asking Bulldog to make it clear in its adverts that speed was dependent on how far away from the exchange people lived.

It ruled that broadband providers could use the words "up to" 8Mbps when describing services as long as customers were likely to get close to those speeds.

A survey last month by consumer group Which found that consumers with services promising speeds of up to 8Mbps were actually getting an average speed of 2.7Mbps.

There are many variables that determine the speed of a connection, including how far away from the telephone exchange the line is, how many others are using the line at the same time and the quality of the wiring within a home.

The tool used in the study is available for download from the Computeractive website. It was developed by advice service Broadband Choice.

Computeractive has also launched an e-petition on the Downing Street website, asking the government to force net service firms to provide clear information about the typical speed users will receive alongside the maximum speed. Source BBc News

Thursday, September 13, 2007

The Making of e-Soldiers

Weapons without barrels or bullets
By Tim Weber


Make no mistake: Defence Systems & Equipment International (DSEI), held in the huge Excel Centre in London's docklands, is an arms fair.

Armoured fighting vehicles tower over visitors; most gleaming, some proudly muddy as if straight from the training range.

Stands are bristling with weapons - from lightweight submachine guns to long-barrelled sniper rifles.

And there are plenty of uniformed men (and a few women), some in combat gear, most in their parade-ground best with plenty of gold decorating their shoulders.

High-ranking Chinese officers crowd around the finest that UK arms firm BAE system has to offer, Sony camera at the ready.


Fewer weapons

But there are much fewer weapons on display than on previous shows - fewer guns and bombs, less military hardware.

It's not that DSEI - held every two years - has become smaller; indeed, the organisers say that it has grown by 20% and is the biggest show yet.

Rather, the two wars in Iraq and Afghanistan have shown that most armies are not equipped to fight clever and ruthless insurgents that have little regard for civilian casualties.

The 'e-soldier'

There still is some old-style posturing. Italian gun make Beretta shows off a new assault rifle to the tune of Wagner's Ride of the Valkyries - in best Apocalypse Now-style.

However, were it not for the camouflage decorations, many exhibition booths at DSEI would not look out of place at an electronics fair.


Communications equipment, sensors, microprocessors, software packages and rugged laptops are arrayed to help modern armies compensate for what they are least likely to get more of: manpower.

Visiting DSEI allows to catch glimpses of a new warrior in the making, the "e-soldier", as Matt Howchin of UK microtechnology firm C-Mac calls it.

E-soldiers still carry a gun, but their uniforms and helmets are laced with electronics, monitoring both their own vital signs and their environment, relaying the information up the chain of command.

Helmet cam

Some of this technology is battle-ready, but still looks a bit cumbersome.

French defence firm Thales shows a soldier's battle gear that is supposed to block some of the remote control signals that are used to set off insurgents' bombs.

And at the ITT stand, a soldier - thick wires protruding behind his neck - sports a helmet cam and headphone set wired up to a Spearnet data radio.

The set-up - effectively a high-resolution webcam - allows the commander back at headquarters to get a real-time look at the battlefield.

Software packages could integrate all this information from the battlefield with systems like General Dynamics' Urban Istar programme.

This combines a powerful scanning system with a database that would allow troops engaged in urban warfare not only to detect hidden insurgents, but to understand the structure and weak points of a building without entering it.

Ultimately, this is about smarter fighting, "not with the bullet, but with better command and control systems," says Peter Felstead, editor of Jane's Defence Weekly.

The suicide bomber belt

The new wars have brought new threats.

One stand at DSEI shows a mannequin kitted out with a suicide bomber's explosives belt.

The pyrotechnic belt is a training device for armies and police forces, developed by Isle of Man-based Milpolice Equipment.


The belt allows the wearer to mimic the triggers used by real suicide bombers - and helps soldiers prepare for the threat.

The firm also makes IED simulators - the notorious Improvised Explosive Devices, or roadside bombs, that have caused so many casualties in Iraq and Afghanistan.

So how does the company keep up with the constantly changing techniques used by the insurgents?

"We have good contacts in the intelligence services," says managing director Stephen Blakely with a wry smile.

The race for better armour

While training is useful, protection is better.

"Force protection is where the big bucks are at the moment," says Jane's Peter Felstead.


John Rutledge at American Defense Systems Inc, a maker of heavy armour, speaks of full order books - and an arms race against the increasingly powerful devices used by Iraqi insurgents.

"We are using ever more exotic materials to protect the troops", he says; "getting real-time intelligence" helps the firm to stay ahead of the latest insurgent tactics.

At previous arms fairs, armies were looking to "up-armour" their existing vehicles, like light Land Rovers and Humvee trucks. Now the focus has shifted to new vehicles that are heavily armoured by design.

US firm International Truck and Engine is rushing out more than 1,900 Maxxpro trucks to the US Marine Corps, troop carriers that are designed to withstand mine blasts and roadside bombs on the Iraq battlefield.

Look, no driver

Oshkosh - which provides all the US army's heavy trucks - has put mirrors below a truck that show the heavy armour plating protecting the driver's cabin.

Everywhere there are stands displaying the latest in blast-proof glass or ceramics, so that vehicle makers can achieve the protection level armies are calling for.

After all, says German army Colonel Udo Kalbfleisch, "without giving soldiers proper protection you can't motivate them" and points to a video showing the heavily armoured Dingo that protects German soldiers on patrol in Afghanistan.

The more radical solution, however, is to take the driver out of the truck.

Oshkosh is working on control systems for unmanned vehicles.

Long supply convoys could have just a few real drivers. The other trucks would be steered by sophisticated electronics that work both in all-terrain and urban environments.

"I can easily foresee a future where we can achieve a 75% reduction of troops at risk," says Joaquin Salas at Oshkosh. "We are in discussions with the military to see when they might want to test this capability."

All this comes at a hefty cost. There is a trade-off between better armour and tight budgets, says John Rutledge, and it just "doesn't add up".

Already the cost of troop protection has started to cut into other procurement programmes, say industry insiders.

Lifesaver bottles

Battlefield innovation comes in many guises.

Pour dirty polluted water into the Lifesaver Systems bottle, pump a couple of times, and out comes perfectly drinkable water - without the use of chlorine or iodine. It's a solution that works not just for soldiers but disaster areas as well.

UK firm Chemviron Carbon tries to find customers for its ultra-lightweight chemical weapons protection fabric. Buyers so far have been the Swedish army and some special forces, and the company is now talking to police forces.

"When you think about it, the most likely [chemical] attack won't be on troops, but in a metropolitan environment," says Chemviron's Paul Graham.

C-Mac's stand doesn't sport any guns or camouflage at all.

The UK firm makes ceramic-based chip modules that work under extreme conditions - in fighter jets, tanks and rockets.

The tiny electronics components don't look much. But they can help win wars.
Source: BBC News

Wednesday, September 5, 2007

Hacking Tools On Sale

Cyber crime tool kits go on sale

Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.
On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.

The top hacking tools are being offered for prices ranging up to £500.

Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.

Tool time

"They are starting to pop up left and right," said Tim Eades from security company Sana, of the sites offering downloadable hacking tools. "It's the classic verticalisation of a market as it starts to mature."


Malicious hackers had evolved over the last few years, he said, and were now selling the tools they used to use to the growing numbers of fledgling cyber thieves.


"When it comes to the hacking industry and level of business acumen there's no limit to what your money can buy "Paul Henry, Secure Computing

Mr Eades said some hacking groups offer boutique virus writing services that produce malicious programs that security software will not spot. Individual malicious programs cost up to £17 (25 euros), he said.

At the top end of the scale, said Mr Eades, were tools like the notorious MPack which costs up to £500.

The regular updates for the software ensure it uses the latest vulnerabilities to help criminals hijack PCs via booby-trapped webpages. It also includes a statistical package that lets owners know how successful their attack has been and where victims are based.

MPack has proved very popular with criminally minded groups and in late June 2007 managed to subvert more than 10,000 websites in one attack that drew on the tool.

Hacking groups also operate volume pricing schemes and discounts for loyal customers, he said.

"It's almost a play-by-play of good business practices of software marketing," he said. "When it comes to the hacking industry and level of business acumen there's no limit to what your money can buy."

Paul Henry, vice president of technology evangelism at Secure Computing, said the numbers of downloadable hacking tools was growing fast.

According to Mr Henry there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks, he said.

But, he added, many hacking groups were offering tools such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack that made it much easier for unskilled people to get in to the hi-tech crime game.

Mr Henry said the tools were proving useful because so many vulnerabilities were being discovered and were taking so long to be patched.

Little risk

"MPack used more than 12 different vulnerabilities that were launched against any web browser that visited any compromised site," he said.

Many hacking groups were attracted to selling the kits because it meant they took little risk themselves if the malicious software was used to commit crimes.

"The only thing you are going to find is a disclaimer that this was distributed for educational purposes and the user accepts any responsibility for any misuse," he said.

The only risk the hacker groups faced in making the tools available was in having someone else steal them and offer them at a lower price. Already, he said, the sheer number of tools for sale was driving down prices.

Garry Sidaway, a senior consultant at security firm Tricipher, said the success of MPack and the attendant publicity was rumoured to be worrying its creators.

"It was made by a group of friends and they all have regular jobs," he said.

Mr Sidaway said the group would not lose much money if they did stop selling it because they made much more from other lines of business.

In particular, he said, the groups can sell information about unpatched or unknown vulnerabilities in software for thousands of pounds per bug.
BBC News

Monday, September 3, 2007

Hackers Target Legitimate Sites

Hackers target 'legitimate' sites
20 June 2007


More than 10,000 websites have become unwitting hosts of malicious software, say security experts.
Those visiting the hijacked pages risk having keylogging software installed on their PC if it is not protected with the latest patches.

The webpages compromised are all legitimate sites devoted to subjects such as tax, jobs, tourism and cars.

The sites are thought to have been booby-trapped using a malware kit, called MPack, sold commercially online.

Hacked host

The MPack kit was first discovered by Panda Software in May 2007 and is now implicated in infections on more than 160,000 computers.

The kit, put together by Russian hackers, can be bought for $1,000 (£503) and the price includes a year of technical support.

Using the kit, budding hi-tech criminals can churn out code that exploits the latest vulnerabilities in widely used web browsers that work on Windows.

The latest round of infections using MPack is thought to be one of the most successful.

It is believed to have started when malicious hackers got access to one of Italy's largest website hosting companies and seeded servers with the code that attacks anyone visiting those sites.

Security experts say the attack code is "browser aware" and will tune its attack depending on the web browsing software used by a visitor. Attack code is present for Internet Explorer, Firefox and Opera.

Following the initial outbreak in Italy, booby-trapped sites are now turning up in Spain, the US and many other nations.

The new outbreaks come about as the attack code is inserted on more and more legitimate websites.

Hundreds of thousands of users are thought to have been caught out by the infection.

Many anti-virus companies have already updated their security software to defend against the attacks used in this outbreak.

BBC News

Sunday, September 2, 2007

How to Detect a Phishing Attempt

Phishing growth

Phishing e-mails that try to make you hand over confidential details are becoming more common.
In July 2006, the Anti-Phishing Working Group got reports about 23,670 unique phishing scams.

The trick seems to be catching a lot of people out too. In 2005 UK losses from phishing scams stood at £23.2m.

In this gallery we give you some handy hints on how to spot the signatures of the phish.

Name and address

The first thing to look for is if the phish is addressed to you at the e-mail account your bank knows.
Many phishers are former spammers and often send messages to mailing lists rather than individuals.

Look to see how you are addressed in the body of the message. Phishers almost always use generic greetings, such as in this phish from 2005, rather than your actual name.

Banks also make clear they will never ask for your personal information in e-mails.

Detailed look

There will be many more clues in the body of the message.
If the phish includes details, such as an account or credit card number, check they are correct.

As phishers want to steal this information they are unlikely to have it before they send the mail.

Many phishing gangs take a chance and include random details to make the message look more official and hope people respond rather than read the text

Text check

Though phishing gangs are getting more sophisticated and literate, many bogus e-mail messages give themselves away by their poor command of the English language.
This is because many phishing gangs hail from nations where English is rarely spoken.

Grammatical errors and spelling mistakes are classic signs that a message is a phish.

If you stumble over the text, it's probably a phish.


Link lessons

There are more subtle signs that a message is a phish rather than legitimate.
For instance, look to see if the web link in the body of the message matches those in the status bar of the e-mail.

If these differ you have probably caught a phish.

If you are suspicious do not click on the links in the e-mail body. Instead type the address out manually.

Text tricks

Many phishing gangs exploit the readiness of the human eye to see what it wants to see rather than what is actually there.
For instance, in this old Paypal phish the scammers have registered a site that, to a quick glance, looks very like the name of the payment company.

Most phish fall down on one or more of these criteria. If you are suspicious contact your bank directly.
BBC News

Bloggers Blogs Under Attack

Bloggers battered by viral storm

Google's Blogger site is being used by malicious hackers who are posting fake entries to some blogs.
The fake entries contain weblinks that lead to booby-trapped downloads that could infect a Windows PC.

Infected computers are being hijacked by the gang behind the attacks and either mined for saleable data or used for other attacks.

The Blogger attack is the latest in a series by a gang that has managed to hijack hundreds of thousands of PCs.

Attack pattern

Security researcher Alex Eckelberry from Sunbelt Software first noticed the booby-trapped links turning up on Blogger on 27 August.

Now many hundreds of blogs on the site have been updated with a short entry containing the link.

Mr Eckelberry said it was not yet clear how the links were posted to blogs. The bogus entries could have exploited a Blogger feature that lets users e-mail entries to their journal.

The blogs themselves could also be fake and set up solely to act as hosts for spam.

Commenting on the attack a Google spokesperson said: "The blog posts are likely from users' whose machines have been compromised by a virus.

"Among the other recipients of spam e-mails generated by the virus are users' mail2blogger accounts, which allow them to update their blogs via e-mail," said the spokesperson.

"We are in the process of notifying impacted users and recommending that they scan their computers and run current anti-virus tools--good advice for all internet users," they added.

The entries on the blogs have the same text as some of the spam distributed by the group behind the attacks. These attempt to trick people into clicking on links and downloading booby-trapped files using cleverly crafted messages.

Some pose as YouTube links others claim to be looking for testers of software packages or digital greetings cards.

The group behind the attack on Blogger is thought to have mounted a huge series of attacks since January.

The first attack used a spam that purported to give recipients more information about the severe storms seen in Europe in January. This led to the virus used by the gang being dubbed the "Storm Trojan".

Since January the group has been sending out huge numbers of different spam messages in a bid to trick people.

"The criminals responsible for this spam campaign are experts at exploiting social engineering to propagate their botnets," said Bradley Anstis from security firm Marshal.

The spam messages have been changed to capitalise on news events and the viral payload has been updated many times to fool anti-virus programs.

Mr Anstis said the sheer number of messages being sent by the group was staggering. On some days, he said, 4-6% of all the junk messages seen by Marshal were sent by the group.

Security experts estimate that the group can send out so much junk mail because they have hijacked so many Windows PCs via successive campaigns. Some suspect that the group has infected more than one million PCs over the last eight months.

STORM WORM SUBJECT LINES
are you kidding me? lol
Dude dont send that stuff to my home email...
Dude your gonna get caught, lol
HAHAHAHAHAHA, man your insane!
I cant belive you did this
LMAO, your crazy man
LOL, dude what are you doing
man, who filmed this thing?
oh man your nutz
OMG, what are you thinking


BBC News

Virus on Web Videos

Virus writers target web videos

The growing popularity of online video has caught the attention of malicious hackers and hi-tech criminals.

Security firms are reporting more and more instances of booby-trapped Windows codecs - file compressors - required to play some video formats.

Some of the codecs let users play types of net-based video, but also have spyware and adware wrapped inside.

Others, say experts, are outright fakes that just want to infect victims with data-stealing programs.

Audience ratings

"Everyone is watching movies on their PC," said David Robinson, UK head of security firm Norman Sandbox, "they are downloading the latest, greatest clips."

While sites such as YouTube and Revver try to make it easy to watch video online, many of the downloadable clips posted on the web require extra software, called a codec, to play them.

Mr Robinson said many security firms were now logging instances in which spyware and adware firms are turning out software bundles that claim to roll together many popular codecs or just have the one needed to play a particular clip.

Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs.

Some rogue codecs plague users with pop-up adverts, while others invisibly install keyloggers that try to grab confidential data.

Anti-spyware firm Sunbelt Software discovered one codec that became a program that found fictitious security problems on a PC and demanded payment to repair them.

Many downloads look benign when scanned with an anti-virus program, but, once installed, download updates from other websites that contain the malicious payload.

Mr Robinson said the growth of booby-trapped video codecs was just another example of how hi-tech criminals have moved on from the old days in which a virus only travelled by e-mail.

Now, he said, they maintain a diverse portfolio of attack methods and will tailor these to whatever is proving popular online.

Mr Robinson said his company Norman Sandbox, which analyses captured samples of malicious code, gets hundreds of new variants of malicious programs submitted to it every day.

David Emm, senior technology consultant at anti-virus firm Kaspersky Labs, said it was only a matter of time before virus writers turned to sites such as YouTube and booby-trapped pages showing popular clips with bugs.

"YouTube is almost by definition unregulated," he said, and was ripe for exploitation by malicious hackers. "It gives an almost endless stream of stuff to tap into."

Already spyware firms are known to be using the popularity of some clips on YouTube and social networking site MySpace to install their wares on the PCs of more victims.

Increasing numbers of malicious attacks were pegged to news or other events, said Mr Emm, which helped to catch people out.

The upcoming Halloween holiday is already being exploited by malicious hackers who are baiting websites with viruses and trojans. BBC News


Friday, August 31, 2007

Call To Regulate The Net Rejected

The internet should not be used as a scapegoat for society's ills, said Vint Cerf, Google's net evangelist and a founding father of the network.

Speaking on the BBC Radio 4's Today programme he rejected calls for strict control of what is put online.

He said the net was just a reflection of the society in which we live.

Anyone regulating beyond what was clearly illegal put themselves on a "slippery slope" that could limit freedom of expression, he said.

"If it's not illegal, it raises a rather interesting question about where you do draw the line," he said.

Mirror image

Mr Cerf's comments come after the UK's Conservative Party floated ideas to curb the access young people have to sites such as YouTube which let them see videos showing extreme or callous violence.

Rather than impose controls centrally, said Mr Cerf, it was far better to put them at the edges of the network where users go online.

For instance, said Mr Cerf, searching for results via Google can be constrained by filters that can be set to be strict or lax.

It was a mistake, said Mr Cerf, to divorce what was seen online from what happens in the real world.

"Most of the content on the network is contributed by the users of the internet," he said. "So what we're seeing on the net is a reflection of the society we live in."

"Maybe it is important for us to look at that society and try to do something about what's happening, what we are seeing

He added: "When you have a problem in the mirror you do not fix the mirror, you fix that which is reflected in the mirror.

"We have a job to do, collectively as a society, to deal with the problems we discover in the network," said Mr Cerf, "but suppressing the knowledge of what's going isn't going to help us.

"We need to face that problem directly."

Google has a policy of removing video content when it has been flagged as offensive by users. But the company has been criticised for not acting swiftly enough
BBC News

How to Detect Spam Email

Anatomy of a spam e-mail
11 October 2006
A daily chore of modern life for many is the morning trawl through a full inbox deleting spam email. But just where does it all come from and why do spammers use bizarre text, names and images in their emails?

To the expert eye a typical spam is laden with clues to its origin. Click on the links below to find out more.

Anatomy of Spam E-mail

SENDER
"Iverson Vernie": An implausible name that sounds human to computers if not people. This helps to offset the "spamminess" of the message. Plus it is in capital letters which also helps to bust the scoring systems often used to spot spam.


E-MAIL ADDRESS
"eieeeyuuyuioeeiiayi@fleetlease.com - Clearly fake. All the letters before the @ sign come from the top line of the keyboard starting at the left. The spammer generated this e-mail addresses by running their finger along that line when putting the spam run together.

However, this could provide useful forensic information when tracing spam campaigns or spam groups. Another clue is given by the fact that the company owning the domain, Fleetlease, rents vehicles - there's no reason to think it is really pushing pills.


SUBJECT
Bad spelling marks it as spam as does the exclamation point. But it avoids mentioning what the message is actually about which might help it sneak past some spam filters.


BODY IMAGE
The body of the message is actually an image rather than text. Again this is another trick to defeat spam filters which find it impossible to view what is in bitmap or jpegs.

This image was called from another computer based in Hungary. The net service offered by this company is free which is probably why it is being used as a source for these images. Spammers hate paying for anything.

It could also be a checking mechanism which records which e-mail address responded. "Live" addresses are much more valuable than ones that never react.


ASSOCIATED WEBSITE
This is apparently linked to a company in Wisconsin, but the details held on the net about it are likely to be fake given that there is evidence the server is physically located in South Africa. The server hosting this site hosts another 90, most of which are touting drugs of one kind or another.

The net address for this site is well-known as a source of spam and is actively blocked by many organisations. It is thought to be one of many used by the Yambo Financials spam gang.


EXTRA TEXT
Spammers regularly use large lumps of text to try to convince filtering systems that a message is legitimate. Extracts from books are popular but random text like this is too. What should be noted is that nowhere in this mail does the text actually mention what the message is about. The only mention of the drugs it is offering for sale is in the image.
BBC News

Thursday, August 30, 2007

Tips To Help You Stay Safe Online

By Mark Ward
Technology Correspondent, BBC News website
7 October 2006


Windows needs help to keep you safe online
There are now thought to be more than 200,000 malicious programs in existence - the vast majority of which are aimed at subverting Windows PCs.

These problem programs can arrive via e-mail, instant messenger, through your internet connection or even your web browser if you visit the wrong website. The threats are so numerous and appear so fast that Windows users must feel under siege.

While there is no doubt that attacks on PC users are getting more sophisticated, it is possible to avoid the vast majority of problems by taking some straight-forward steps and exercising some common sense.

If you are worried about your computer it is possible to scan it via the web to see if it is infected. Companies such as Trend Micro, Kaspersky and Microsoft all offer free scanning services.

Organisations such as the Computer Emergency Response Team (Cert) also offer advice on how to set up a safe net connection.


ANTI-VIRUS
The first piece of security software every PC user needs is some anti-virus software. It must also be regularly updated to ensure it protects you against the latest threats.

One of the ways that virus writers try to catch out anti-virus software is by pumping out enormous numbers of variations of their malicious creations. Good anti-virus programs use heuristic techniques to spot viruses that have not been formally identified but have all the characteristics.

Many PCs now come with anti-virus installed and though an annual subscription can seem expensive, it might be cheap when you consider how much it could save you if it stops your bank details being stolen.

As well as retail versions of anti-virus there are now some free programs that do a good job of protecting you. Avira, Avast and AVG all produce free anti-virus software.

Microsoft now sells a package of security programs but, so far, they are only available to US users.


FIREWALL
A firewall is also an essential piece of security software for PC users. Newer versions of Windows XP have a firewall built in and this will give you protection against nuisance attacks and many of the more serious ones.

However some people feel that the Windows XP firewall is a bit limited in its features. Many anti-virus programs have a firewall bundled with them.

There are free firewalls available too from firms such as Comodo and Zone Alarm.

To block some of the attacks it can also be useful to connect to the net via a hub or router. Often these have a firewall built in and, even if not, will do a good job of blocking a lot of the low level attacks.


SPYWARE
Increasingly simply browsing the web can subject you to all kinds of dangers. Specially crafted websites can initiate so-called "drive-by downloads" that exploit weaknesses in Microsoft's Internet Explorer browser to install programs you never asked for.

At best these will annoy you with pop-up ads, at worst they will let someone else take control of your PC. Anti-spyware software will help stop these taking hold and help you clean up your PC if you do get hit.

There are add-ons for browsers, such as McAfee's Site Advisor that warn you about potentially harmful sites. Also Google has now started warning when you are about to visit a potentially unsafe site. Search sites such as Scandoo will also flag sites loaded with malware.

These days adware tends to be very aggressive and it is far better to avoid an infection than try to clean up afterwards.

Security experts recommend migrating away from Internet Explorer to a browser such as Firefox or Opera. At the very least they say to keep Microsoft's browser up to date with patches.

Anti-spyware activists Suzi Turner and Eric Howes run a website that lists the bogus security products to help you avoid falling victim. Microsoft makes free anti-spyware but there are many other products from firms such as Lavasoft and Spybot.


UPDATE
With Windows it is also important to keep your system up to date. Windows XP now regularly nags people about upgrades and Microsoft produces security patches on a monthly basis.

Microsoft recommends automatic updating so patches are downloaded and applied as soon as they become available. As the time between the announcement of a vulnerability and it being exploited is shrinking, it pays to act quickly.

The other things you can do to stay safe fall into the realm of common sense. To begin with never open an attachment on an e-mail you were not expecting - even if it appears to come from someone you know.

Never reply to spam e-mail messages as that just confirms your address is live and makes it more valuable. Be wary of any e-mailed message about online financial accounts you own. Learn to spot the signs of phishing e-mails.


APPLE
Apple users who feel confident that they are invulnerable to attacks should also take steps to protect themselves.

While virus attacks are virtually unheard of, the platform can be subject to malware and adware.

The firewall on an Apple computer should be switched on and common sense regarding potential phishing attacks should be applied.

STAYING SAFE ONLINE
Use anti-spyware and anti-virus programs
On at least a weekly basis update anti-virus and spyware products
Install a firewall and make sure it is switched on
Make sure updates to your operating system are installed
Take time to educate yourself and family about the risks
Monitor your computer and stay alert to threats
BBC News

Sunday, August 26, 2007

Cyber Criminals

Criminals 'may overwhelm the web'
By Tim Weber
Business editor, BBC News website, Davos
25 January 2007

Criminals controlling millions of personal computers are threatening the internet's future, experts have warned.
Up to a quarter of computers on the net may be used by cyber criminals in so-called botnets, said Vint Cerf, one of the fathers of the internet.

Technology writer John Markoff said: "It's as bad as you can imagine, it puts the whole internet at risk."

The panel of leading experts was discussing the future of the internet at the World Economic Forum in Davos.

Internet pandemic

Mr Cerf, who is one of the co-developers of the TCP/IP standard that underlies all internet traffic and now works for Google, likened the spread of botnets to a "pandemic".

Of the 600 million computers currently on the internet, between 100 and 150 million were already part of these botnets, Mr Cerf said.

"Despite all that, the net is still working, which is pretty amazing. It's pretty resilient" Vint Cerf

Botnets are made up of large numbers of computers that malicious hackers have brought under their control after infecting them with so-called Trojan virus programs.

While most owners are oblivious to the infection, the networks of tens of thousands of computers are used to launch spam e-mail campaigns, denial-of-service attacks or online fraud schemes.

Net resilience

Mr Markoff, who writes for the New York Times, said that a single botnet at one point used up about 15% of Yahoo's search capacity.

It used retrieved random text snippets to camouflage messages so that its spam e-mail could get past spam filters.

"Despite all that, the net is still working, which is amazing. It's pretty resilient," said Mr Cerf.

The expert panel, among them Michael Dell, founder of Dell computers, and Hamadoun Toure, secretary general of the International Telecommunication Union, agreed that a solution had to be found to ensure the survival of the web.

But its members were unsure about feasible solutions, even though they identified operating systems and authentication as key issues.

It was still too easy for net criminals to hide their tracks, several panel members said, although they acknowledged that it was probably not desirable that every individual was definitively identifiable.

"Anonymity has its value, and it has its risk," said Jonathan Zittrain, professor for internet governance at the University of Oxford.

Closing doors

Operating systems like Microsoft Windows, meanwhile, still made it too easy for criminals to infiltrate them, the experts said.

Microsoft had done a good job improving security for its latest operating system, Windows Vista, said Mr Markoff.

"It's a known threat, but the numbers I heard today are staggering" -Tim Weber, BBC News website business editor in Davos

But already pirated copies of Vista were circulating in China, even though the consumer launch of Vista has been scheduled for next Tuesday.

Experience showed that about 50% of all pirated Windows programs came with Trojans pre-installed on them, Mr Markoff said.

Mr Dell said the future might bring "disposable virtual PCs", accessed through the internet, that would minimise the threat of a persistent virus infection.

Mr Toure said that whatever the solution, the fight against botnets was a "war" that could only be won if all parties - regulators, governments, telecoms firms, computer users and hardware and software makers - worked together.

BBC News

Thursday, August 23, 2007

Watching Me, Watching You


Bill Thompson tries not to worry whether the NSA is reading his e-mail

In the late 1970s the US was still recovering from Watergate, the scandal that forced President Richard Nixon to resign after revelations of a dirty-tricks campaign against political rivals which involved illegal surveillance.

Partly in response to the crisis, Congress passed the Foreign Intelligence Surveillance Act (FISA) in 1978, limiting the president's freedom to monitor US citizens without a warrant while providing rather more to bug foreigners or the agents of foreign powers when they were on US soil.

The goal was to strike a balance between people's freedom to go about their daily lives unobserved and the need to investigate serious crime, stop terrorism and keep those same people safe.

Bigger net

Finding the restrictions rather too onerous following the September 2001 attacks on New York and Washington, President Bush allowed the National Security Agency (NSA) to monitor phone calls and other communications from US citizens believed to have a connection to al-Qaeda without going to the trouble of getting a warrant.

And when the legality of this "warrantless wiretapping" was challenged President Bush persuaded Congress to amend FISA by passing the Protect America Act, which became law on 5 August.

It is the latest piece in a jigsaw of new laws, regulations and interpretations of existing laws and even the US Constitution which, taken together, provide a legal basis for the most extensive programme of domestic and international surveillance ever undertaken by a government.

"Perhaps we need to rethink our reliance on the US for our network services, if the government there persists in treating every non-US citizen as a source of intelligence data rather than an individual with their own rights and freedoms" Bill Thompson

And over the years to come its coverage, both electronic and non-electronic, will extend to millions or even billions of people, few of whom will have any real connection to terror or even criminality.

The US is not alone in wanting to collect this sort of information, of course.

EU governments want phone companies and net providers to retain information on customers for months or even years so police and the secret services can look at it when investigating terrorist offences.

But even hardline countries like the UK only want to keep what is called "traffic information", a list of websites visited or e-mails sent and received. Nobody is suggesting that the content of every e-mail or the data entered on every web form should be retained or monitored.

The US authorities will not be so reticent, we can be sure.

Coupled with the vast increases in network speed, data storage capacities and computer processing power, the well-funded NSA will soon be able to read and perhaps even store every e-mail or instant message that crosses over a US-based or owned network.

And the resulting databases will be used for purposes far broader than the stated goal of countering terrorism and keeping the US safe.

Once the data has been acquired and stored and collated there will be so many other useful things to do with it.

Back in 2000 the European Parliament reported that data gathered using the Echelon covert surveillance programme, which incidentally features in the new CIA thriller The Bourne Ultimatum, was being used for industrial espionage by US firms.

We can be sure that new systems will also be exploited for the commercial as well as the political advantage of the US, although the target may in future be China rather than Europe, reflecting the shifting balance of the world's economy.

Cafe culture

In light of the wholesale surveillance of online activities, putting information about my friends and business contacts onto Facebook seems rather tame, but knowing what is going on should encourage us all to take a more cautious approach to what we say and do online.

Reading about the new US laws and the extensions to the UK's Regulations of Investigatory Powers Act induces a state of network paranoia, where I'm convinced that everything I type is being sent to the NSA, and wonder whether the little camera in my laptop is even now secretly transmitting an image of my furrowed brow to the secret police.

But I'll get over it.

As we all know, it is impossible to live in a state of constant suspicion, and we will adapt to this new reality just as we have adapted to the presence of CCTV cameras on the streets and in the shopping malls where we spend so much of our time.

I'm writing this in a cafe, and looking up I can see the clear plastic dome of a camera fixed inconspicuously in the ceiling, watching me type.

My phone is sat next to me, telling anyone with access to the cellular network that I'm here too. And I've just told Twitter where I am so my friends can find me.

It may not seem worth worrying if the NSA, CIA, FBI and every other secret agency in the world wants to join the party.

But it does matter.

I can choose to live without a mobile, avoid cafes that insist on spying on their customers and stop using Twitter. I can campaign against the local authority's decision to install CCTV in my town, argue with my local MP about the limits of the state's right to watch what I'm doing, and influence the debate in this country or even more widely in Europe.

But I have no control, influence or even clear understanding of what the government of a supposedly friendly superpower is doing with the information it gleans from Google, Facebook, Linden Labs, Yahoo!, MSN, Apple and the many other US corporations that service my online life.

Perhaps we need to rethink our reliance on the US for our network services, if the government there persists in treating every non-US citizen as a source of intelligence data rather than an individual with their own rights and freedoms.
Source: BBC News

60 Rumor Spreaders Warned

China arrests or warns 60 for spreading rumors


BEIJING (Reuters) - Police in east China have arrested or warned 60 people for spreading rumors by SMS or on the Internet so far this year and specified the threat of modern communications to society, state media said on Tuesday.

China has an army of cyber-police who patrol the Internet for unfavorable content, but their targets are more often politically sensitive subjects than pornography.

Xia Cunxi, a public security spokesman in the eastern province of Jiangsu, said 60 were accused of spreading rumors, lies or offensive messages, the official China Daily said in its online edition.

"Rumors spread by modern means of communication can be a greater menace to society than those spread by word of mouth," Xia was quoted as saying.

The report did not specify how the cases were dealt with or how many suspects were arrested and charged.

In one case, police in July detained two men who sent text messages to more than 200 relatives or friends, claiming people with AIDS were spreading the disease by using toothpicks at restaurants and returning them to their containers, it said.

An Internet posting alleged that police chased a man riding a motorcycle with his son on the back, causing the death of the son who had won a place in a prestigious university.

In April, police launched an immediate investigation after a posting claimed a school in Jiangsu would be the site of a shooting spree with a death toll exceeding that of the Virginia Tech shootings in the United States just days earlier.
Reuters

Wireless "Piggybackers"

Wireless "piggybackers" beware -- you'll be arrested

By Peter Griffiths

LONDON (Reuters Life!) - If you think it's a clever moneysaver to sneak on to someone else's wireless network for free Internet access in Britain, then be prepared to see a policeman appear on your doorstep.

British police said on Wednesday they had arrested two people and given them legal cautions for "piggybacking", the term coined for using someone else's wireless Internet connection without permission.

The practice, which sharply divides Internet users, has been fuelled by the rapid growth of fast wireless broadband in homes and the average consumer's failure to secure their networks.

On Saturday, a man was arrested after neighbors spotted him using a laptop computer to browse the Internet while sitting in a car outside a home in the central English town of Redditch.

A 29-year-old woman was also arrested in a car in a similar incident in the same area last month.

Both received an official caution, a formal warning one step short of prosecution, for "dishonestly obtaining electronic communications services with intent to avoid payment".

They were among the first to be arrested for piggy-backing in Britain. Gregory Straszkiewicz, from west London, was the first person to be convicted of the offence in 2005. He was fined 500 pounds ($1,005) and give a 12-month conditional discharge.

"Wireless networks don't stop at the walls of your home," said PC Tony Humphreys, of West Mercia Constabulary. "Without the necessary protection, your neighbors or people in the road outside may be able to connect to your network."

There is a lively ethical debate in Internet chatrooms about whether piggy-backing is immoral or harmless.

"If it travels through the air it is open season," wrote one contributor to a Web forum. Another wrote: "If it's out there unsecured and I'm not trespassing, it's fair game."

Up to a quarter of home wireless connections are unsecured, according to a recent survey by the consumer finance Web site www.moneysupermarket.com.

Jason Lloyd, the site's head of broadband, said it left people open to identity theft, fraud and pornography being downloaded using their account.

"The repercussions can be severe," he said. "It's bad enough when your neighbors can use your Internet connection freely, but this becomes far more sinister if someone uses your wireless connection for criminal activity."

Businesses are also at risk. A survey of 320 companies by the London trade show Infosecurity Europe found that a quarter have no wireless security policy.
Reuters

Broadband "Theft"

Briton held over wireless broadband "theft"

LONDON, Aug 22 (Reuters Life!) - A 39-year-old Briton has been arrested on suspicion of using someone else's wireless Internet connection without permission, police said on Wednesday.

Officers spotted the man using a laptop as he sat on a wall outside a house in Chiswick, west London, on Tuesday.

He told officers he had browsed the Internet via an unsecured broadband link from a nearby house, Scotland Yard said.

He was arrested and later released on police bail to November 11 pending further inquiries.

"This arrest should act as a warning to anyone who thinks it is acceptable to illegally use other people's broadband connections," said Detective Constable Mark Roberts, of the Metropolitan Police.

"Computer users need to be aware that this is unlawful and police will investigate any violation we become aware of."

The practice, known as piggybacking, breaches the Computer Misuse Act and the Communications Act, he added.

Earlier this year, a man and a woman were arrested in the Midlands for wireless theft as they sat in their cars.

Gregory Straszkiewicz, from west London, is believed to be the first person to be convicted of the offence in 2005. He was fined 500 pounds and given a 12-month conditional discharge.

Internet security experts say people should secure their wireless connections or leave themselves open to identity theft and fraud.

Reuters

Wednesday, August 22, 2007

Broadband Spillover

The Right Analogy for Wireless Signal Spill

By John C. Dvorak (08/01/2005)

We're starting to see more and more articles in local newspapers with various slants on the fact that people are routinely poaching the spillover signals coming from unprotected Wi-Fi networks. Some researchers indicate that as many as two-thirds of Wi-Fi signals in the U.S. are not secured by WEP or any sort of encryption or tunneling.

Since it doesn't really take much to secure a network, you can assume that people do not mind you taking their Wi-Fi signals to do your e-mail. What people probably would not appreciate would be you loading up on porn or making terrorist threats on their dime with their IP address. What to do?

First of all, if you want to share your signal, you are probably not allowed to do so by your ISP agreement. But let's say you want to anyway. What is needed is a system to do it properly, such as a splash screen intercept and log-on of guest users, so you can at least have some record of who is using the connection. This would also allow you to do some monitoring of activity, in case the FBI comes knocking.

But let's face it, most people do not know that their signal is being poached, and probably don't care. So why should so many people be freaked out about it? With nearly 15 million Wi-Fi networks in the U.S. and perhaps 10 million of them unsecured, how many nefarious acts are being committed by poachers? Most people using these networks are doing it for an e-mail hit or a Web site visit and not much more. Often poachers simply use a neighbor's connection, and latching onto the signal is just a way to save money. I know at least two people doing this.


The problem I have with this activity is with the way it is described—as signal theft. I prefer to call it poaching. There is really nothing being stolen. The other user is paying a flat fee, and the worst that can happen is that his or her bandwidth takes a small hit for an inconsequential moment.

"It's like leaving the house unlocked," I'm told. "Just because there is no lock on the door doesn't mean you can walk in and take things." This is one of the dopey analogies you have to listen to. The analogy is bad. Walking into an unlocked home is not the same as hooking onto someone's Wi-Fi signal that is being broadcast all over the neighborhood. For one thing, no trespassing is being committed. The signal is being given to you. It's more like the unlocked house having a sign on the door saying "Welcome! Please enter!"

Let's drop the house analogy and find something better and more accurate. Here is what Wi-Fi spillage is like. Someone has a house and a big lawn and a sprinkler system that is watering the lawn and spraying the water into the street. You drive into the water spraying into the street and use it to wash your car. Are you stealing the water? It's not your water. Someone else paid for it and you are using it. Just like the Wi-Fi signal.

One might argue that this isn't the same, since the bandwidth is reduced when you poach a Wi-Fi signal. Okay, then let's take the analogy and say that the water is not going into the street and down the sewer. The sprinkler is spraying only a little bit past the lawn, onto the sidewalk and the thin strip of lawn between the sidewalk and the curb. The sidewalk is public property, and when you walk on the sidewalk you get wet and keep that water from going to the grassy curb area. Is this stealing the guy's water?

Maybe readers can come up with better and more apt analogies than this, but this comes close. If you are being soaked by a hose, are you stealing water? You didn't ask to be soaked. You didn't go turn on the water yourself. You didn't run onto the lawn. How is the sprinkler situation different from someone blasting 802.11 signals all over town?

The person who owns the signal has to be the responsible party. Grabbing a nearby signal because it is being beamed into your house or car is hardly the same as going into an unlocked residence and stealing the silverware. And it's not hacking if the signal is not protected. In fact, if I'm getting unprotected signals on my property from people nearby, they're the ones who are trespassing! What if I do not want these signals interfering with what I want to do?

The way I see it, if someone is shoving a signal down my throat like that, I have every right to use it any way I want to as long, as I'm not doing anything illegal. It's crazy to think that my using that intrusive signal is illegal. PCMag

Sunday, August 19, 2007

Piggy-backers Warned

Two cautioned over wireless "piggy-backing"

By Peter Griffiths

LONDON (Reuters) - Two people have been arrested and cautioned for using someone else's wireless Internet connection without permission, known as "piggy-backing", British police said on Wednesday.

The practice, which sharply divides Internet users, has been fuelled by the rapid growth of fast wireless broadband in homes and people's failure to secure their networks.

On Saturday, a man was arrested after neighbors spotted him sitting in a car outside a home in Redditch, Worcestershire, using a laptop computer to browse the Internet.

A 29-year-old woman was also arrested in a car in a similar incident in the same area last month.

Both received an official caution, a formal warning one step short of prosecution, for "dishonestly obtaining electronic communications services with intent to avoid payment".

They were among the first to be arrested for piggy-backing in Britain. Gregory Straszkiewicz, from west London, was the first person to be convicted of the offence in 2005. He was fined 500 pounds and give a 12-month conditional discharge.

"Wireless networks don't stop at the walls of your home," said PC Tony Humphreys, of West Mercia Constabulary. "Without the necessary protection, your neighbors or people in the road outside may be able to connect to your network."

There is a lively ethical debate in Internet chatrooms over whether piggy-backing is immoral or harmless.

"If it travels through the air it is open season," wrote one contributor to a Web forum. Another wrote: "If it's out there unsecure and I'm not trespassing, it's fair game."

Up to a quarter of home wireless connections are unsecured, according to a recent survey by the consumer finance Web site www.moneysupermarket.com.

Jason Lloyd, the site's head of broadband, said it left people open to identity theft, fraud and pornography being downloaded using their account.

"The repercussions can be severe," he said. "It's bad enough when your neighbors can use your Internet connection freely, but this becomes far more sinister if someone uses your wireless connection for criminal activity."

Businesses are also at risk. A survey of 320 companies by the London trade show Infosecurity Europe found that a quarter have no wireless security policy.
Reuters

Saturday, August 18, 2007

Last Supper

New "Last Supper" theory crashes Leonardo Web sites

Last Supper
MILAN (Reuters) 28/07/2007 - A new theory that Leonardo's "Last Supper" might hide within it a depiction of Christ blessing the bread and wine has triggered so much interest that Web sites connected to the picture have crashed.

The famous fresco is already the focus of mythical speculation after author Dan Brown based his "The Da Vinci Code" book around the painting, arguing in the novel that Jesus married his follower, Mary Magdelene, and fathered a child.

Now Slavisa Pesci, an information technologist and amateur scholar, says superimposing the "Last Supper" with its mirror-image throws up another picture containing a figure who looks like a Templar knight and another holding a small baby.

"I came across it by accident, from some of the details you can infer that we are not talking about chance but about a precise calculation," Pesci told journalists when he unveiled the theory earlier this week.

Websites www.leonardodavinci.tv, www.codicedavinci.tv, www.cenacolo.biz and www.leonardo2007.com had 15 million hits on Thursday morning alone, organizers said, adding they were trying to provide a more powerful server for the sites.

In the superimposed version, a figure on Christ's left appears to be cradling a baby in its arms, Pesci said, but he made no suggestion this could be Christ's child.

Judas, whose imminent betrayal of Christ is the force breaking the right-hand line of the original fresco, appears in an empty space on the left in the reverse image version.

And Pesci also suggests that the superimposed version shows a goblet before Christ and illustrates when Christ blessed bread and wine at a supper with his disciples for the first Eucharist.

The original Da Vinci depicts Christ when he predicts that one among them will betray him. Reuters

Pull Down The Walled Gardens

Pull down the walled gardens

Internet law professor Michael Geist says the walled gardens of social networks should be pulled down.
Social networking sites such as Facebook and MySpace have become part of the daily routine for millions of internet users. The popularity of these networks, however, has resulted in an unfortunate by-product - the mushrooming number of requests that come from dozens of these sites.

While not quite spam, the steady stream of requests for Facebook friends, LinkedIn connections, Dopplr travellers, or Plaxo contact updates, highlights the lack of interoperability between social network sites and significantly undermines their usefulness.

The interoperability issue is likely to become more prominent in the months ahead as hundreds of specialty social networking sites, covering virtually every area of interest from dogs to cooking, jostle for new users.

In fact, services such as Ning now enable anyone to create their own social network site.

The result is that internet users are repeatedly required to re-enter their personal information for each new network they join and find that each network is effectively a "walled garden", where the benefits of the network are artificially limited by the inability to link a friend in Facebook with one in MySpace.

These limitations are particularly striking when viewed from a global perspective. While Facebook is a leader in the UK (as well as in Canada, South Africa, and Norway), nearly a dozen other sites hold leadership positions in other countries.

These include MySpace (United States, Australia, Mexico, and Italy), Bebo (Ireland and New Zealand) , Cyworld (South Korea), Friendster (Indonesia, Philippines, and Singapore) , Fotolog (Argentina, Chile, and Uruguay), Hi5 (Colombia, Ecuador, and Thailand), Mixi (Japan), Orkut (Brazil, India, and Paraguay) , Skyblog (France, Belgium, Senegal), Studiverzeichnis (Germany, Austria) and Vkontakte (Russia).

The result is that social networking sites are far more "local" that is often appreciated.

"The better approach - for users and the sites themselves - would be to work toward a world of interoperable social networking."

Unlike the global internet, which enables virtually the entire world to connect, social networks have created very large, localised communities with far more limited international interaction.

The obvious solution is to facilitate greater interoperability between social networking sites, thereby enabling users to better control their personal information and reduce the need for duplication, while simultaneously enhancing the value of all social networks by removing the current barriers.

This suggestion is not new - experts began commenting on the desirability of open social networks years ago - yet there are reasons to believe that the opportunity for greater interoperability may have finally arrived.

First, the focus on the benefits of interoperability cut across a wide range of technological issues including recent calls for interoperable wireless networks and the music industry's recognition of the need to offer downloads that operate with all music players.

Moreover, the frustrations associated with the initial lack of instant messaging interoperability serves as an important reminder of how the issue resonates with consumers.

Second, there are signs that the social networking industry recognises the value of openness.

Facebook moved toward an open platform for software developers this spring, enabling third party developers to bring thousands of new Facebook applications to market. Similarly, Plaxo recently launched a service called Pulse, a social networking aggregator that works with many popular sites.

Third, there is mounting interest in developing open standards for social networks that would facilitate greater interoperability.

For example, the Liberty Alliance and Project Higgins are two privacy-focused identity management initiatives that claim to provide users with the ability to manage their personal information across social networks in a secure and trusted manner.

The irony of the current generation of online social networks is that although their premise is leveraging the internet to connect people, their own lack of interconnectedness is stifling their potential.

Some services may believe that it is in their economic interest to stick to a walled garden approach; however, given the global divisions within the social networking world, the mix of language, user preferences, and network effects, it is unlikely that one or two services will capture the global marketplace. The better approach - for users and the sites themselves - would be to work towards a world of interoperable social networking.

BBC News

Friday, August 17, 2007

WikiaSearch

Wikia details plans for search rival to Google

By Eric Auchard (31/07/2007)

SAN FRANCISCO (Reuters) - Wikipedia founder Jimmy Wales said on Friday he is putting the building blocks in place for a community-developed Web search service that would compete with search engines such as Google or Yahoo.

Wales told a conference of software developers in Portland, Oregon, that his commercial start-up, Wikia, has acquired Grub, a pioneering Web crawler that will enable Wikia's forthcoming search service to scour the Web to index relevant sites.

"If we can get good quality search results, I think it will really change the balance of power from the search companies back to the publishers," said Wales, chairman of San Mateo, California-based Wikia. "I could be wrong about this, but it seems like a likely outcome."

Wikia -- which has helped groups set up thousands of Wikipedia-style sites on topics ranging from popular TV shows to specialist health or travel -- plans to develop an "open source" Web search service with the help of volunteers.

Wales founded the anyone-can-edit Wikipedia encyclopedia, a noncommercial project that is one of the Web's most popular sites. He also co-founded the Wikia ad-supported network of self-edited wiki sites. However, the two organizations have no formal ties.

The new Wikia search service will combine computer-driven algorithms and human-assisted editing when the company launches a public version of the search site toward the end of 2007, Wales said in a phone interview.

Human editors would help untangle terms with multiple meanings, such as palm, which can refer to location like Palm Beach, or generic topics like trees or handheld computers.

Search results are generated via another open-source software project called Lucene. Wales said he is looking at options to enhance Lucene, but would not detail his plans.

Grub was originally an open source project that was freely available to software makers to enhance as long as they shared any improvements they made. Wikia has acquired Grub from LookSmart Ltd., which had halted work on the project.

Wikia plans to open up Grub to other developers to make improvements or to incorporate the crawler into other sites.

Terms of the deal between Wikia (http://wikia.com) and LookSmart (http://search.looksmart.com/) were not disclosed.

However, last week, San Francisco-based LookSmart, which provides banner and search-based online advertising to Web sites, said it had agreed to supply advertising across Wikia's network of wiki sites. Wikia had been using Google's advertising service.

"We have interest from a lot of other commercial players in the search space," said Wales.

Grub relies on distributed computing technology to power the crawler. Computer users who download the software at http://www.grub.org/ can share computer processing time when they are not using their machines, cutting the cost of Wikia developing its own network of computers to crawl the Web.

Open search is part of Wikia's broader push to promote the spread of free content publishing on the Web. Wales' objective is to make explicit the editorial judgments involved in modern Web search systems. Proprietary search systems such as Google Inc. keep secret key details of how their search systems work to prevent spamming and for competitive reasons.

Ultimately, Wales wants the Wikia search service to be available to other Web sites and smaller publishers who would be able to install a custom version of the service that points Web site visitors only to links with a specific site. Target customers might include local newspapers, for example.

He detailed his plans at the O'Reilly Open Source Convention (OSCON) in Portland, an annual gathering of open source software developers.

More details can be found at http://search.wikia.com/.

Wikia has raised $14 million in outside financing, including its latest round of $10 million from Amazon.com, according to a regulatory filing by the company. Reuters


My Name is @

Couple tried to name baby "@"

BEIJING (Reuters) - A Chinese couple tried to name their baby "@," claiming the character used in e-mail addresses echoed their love for the child, an official trying to whip the national language into line said Thursday.

The unusual name stands out especially in Chinese, which has no alphabet and instead uses tens of thousands of multi-stroke characters to represent words.

"The whole world uses it to write e-mail, and translated into Chinese it means 'love him'," the father explained, according to the deputy chief of the State Language Commission Li Yuming.

While "@" is familiar to Chinese e-mail users, they often use the English word "at" to sound it out -- which with a drawn out "T" sounds something like "ai ta," or "love him," to Mandarin speakers.

Li told a news conference on the state of the language that the name was an extreme example of people's increasingly adventurous approach to Chinese, as commercialization and the Internet break down conventions.

Another couple tried to give their child a name that rendered into English sounds like "King Osrina."

Li did not say if officials accepted the "@" name. But earlier this year the government announced a ban on names using Arabic numerals, foreign languages and symbols that do not belong to Chinese minority languages.

Sixty million Chinese faced the problem that their names use ancient characters so obscure that computers cannot recognize them and even fluent speakers were left scratching their heads, said Li, according to a transcript of the briefing on the government Web site (www.gov.cn).

One of them was the former Premier Zhu Rongji, whose name had a rare "rong" character that gave newspaper editors headaches. Reuters

Internet Writer Jailed

China jails Internet writer for subversion, disbars lawyer

BEIJING (Reuters) - A Chinese court jailed a dissident Internet writer for four years on subversion charges on Thursday for posting anti-government articles online, his disbarred lawyer said, the latest case in a government crackdown on dissent.

The Intermediate People's Court in Hangzhou, capital of the eastern coastal province of Zhejiang, convicted Chen Shuqing of "inciting to subvert state power", Li Jianqiang told Reuters.

"It's totally wrong to convict him ... He was only expressing his political views. He should enjoy free speech," said the lawyer, whose license was not renewed by authorities in his home province of Shandong, on China's east coast.

Li told Reuters he suspected he was barred from practicing for at least one year from June because he took on "too many sensitive cases".

Chen, who has been in custody since last September, will appeal.

Court officials were not immediately available for comment.

China is the world's leading jailer of journalists and writers. At least five writers have been jailed for up to 10 years since 2005 as part of a crackdown on dissent, according to the China chapter of International PEN, an association founded in Britain in 1921 to defend freedom of speech. Reuters

How Reliable is Wikipedia

CIA, FBI computers used for Wikipedia edits


By Randall Mikkelsen

WASHINGTON (Reuters) - People using CIA and FBI computers have edited entries in the online encyclopedia Wikipedia on topics including the Iraq war and the Guantanamo prison, according to a new tracing program.

The changes may violate Wikipedia's conflict-of-interest guidelines, a spokeswoman for the site said on Thursday.

The program, WikiScanner, was developed by Virgil Griffith of the Santa Fe Institute in New Mexico and posted this month on a Web site that was quickly overwhelmed with searches.

The program allows users to track the source of computers used to make changes to the popular Internet encyclopedia where anyone can submit and edit entries.

WikiScanner revealed that CIA computers were used to edit an entry on the U.S.-led invasion of Iraq in 2003. A graphic on casualties was edited to add that many figures were estimated and were not broken down by class.

Another entry on former CIA chief William Colby was edited by CIA computers to expand his career history and discuss the merits of a Vietnam War rural pacification program that he headed.

Aerial and satellite images of the U.S. prison for terrorism suspects at Guantanamo Bay, Cuba, were removed using a computer traced to the FBI, WikiScanner showed.

CIA spokesman George Little said he could not confirm whether CIA computers were used in the changes, adding that "the agency always expects its computer systems to be used responsibly."

The FBI did not have an immediate response.

Computers at numerous other organizations and companies were found to have been involved in editing articles related to them.

Griffith said he developed WikiScanner "to create minor public relations disasters for companies and organizations I dislike (and) to see what 'interesting organizations' (which I am neutral towards) are up to."

It was not known whether changes were made by an official representative of an agency or company, Griffith said, but it was certain the change was made by someone with access to the organization's network.

It violates Wikipedia's neutrality guidelines for a person with close ties to an issue to contribute to an entry about it, said spokeswoman Sandy Ordonez of the Wikimedia Foundation, Wikipedia's parent organization.

However, she said, "Wikipedia is self-correcting," meaning misleading entries can be quickly revised by another editor. She said Wikimedia welcomed the WikiScanner.

WikiScanner can be found at wikiscanner.virgil.gr/ Reuters

Thursday, August 16, 2007

Outburst On YouTube

Catholic dean on leave after YouTube outburst

CANBERRA (Reuters) 01/08/2007 - A Roman Catholic priest who unleashed a torrent of expletives and racist abuse against skateboarders outside his Australian cathedral, only to have the outburst filmed and placed on YouTube, has been put on leave.

The Reverend Monsignor Geoff Baron, the dean of St Patrick's Cathedral in Australia's second biggest city, Melbourne, was videotaped swearing at and abusing a group of teenagers using the cathedral grounds as a skate park.

"Move, you f****** fool," Baron tells one skater in the video, slapping one of the group across the head and prompting a torrent of abuse in reply.

Pointing to a skater lying on the ground, Baron is heard telling the youth "Little foreigner there, look at the sleepy eyes, black hair."

"At least he's got hair. You f****** bald p****," one youth replies. Others spat on and shoved the furious priest.

The embarrassed Catholic Archbishop of Melbourne, Denis Hart, placed Baron on indefinite leave after the outburst appeared on YouTube, while security guards began patrolling the cathedral grounds Wednesday amid threats of reprisal attacks.

"I want to relieve the dean of the pressures and responsibilities he carries as dean of the cathedral," Hart said, promising further action.

Baron apologized for the outburst Tuesday, but on radio described the skaters as "jackals and hyenas" who had provoked him with allegations he was a pedophile.

"It was outrageous behavior. I let myself down terribly badly, quite clearly, and I've also brought scandal and shock to other people," he told local radio.

The video clip of the outburst, which was filmed a year ago but only recently posted on YouTube, was viewed tens of thousands of times but is now listed as "removed by the user." Reuters


New Internet Law

Zimbabwe passes law to monitor communications


By Nelson Banya (03/08/2007)

HARARE (Reuters) - Zimbabwe's President Robert Mugabe has signed into law an act enabling state security agents to monitor phone lines, mail and the Internet, a government notice published on Friday said.

Officials have said the new law is designed to protect national security and prevent crime, but human rights groups fear it will muzzle free speech under a crackdown on dissent.

In the government notice, Chief Secretary to the President and Cabinet Misheck Sibanda said Mugabe had agreed to the Interception of Communications Act, which was approved by both houses of Zimbabwe's parliament in June.

The law gives police and the departments of national security, defense intelligence and revenue powers to order the interception of communications and provides for the creation of a monitoring centre.

Postal, telecommunications and internet service providers will be required to ensure that their "systems are technically capable of supporting lawful interceptions at all times".

Critics have said the law is a government ploy to keep tabs on the opposition at a time when political tensions are mounting and Mugabe is deflecting growing criticism from Western powers.

Zimbabwe is suffering a severe economic crisis, marked by the world's highest inflation rate, 80 percent unemployment and persistent food, fuel and foreign currency shortages.

The southern African country, once viewed as a regional bread basket, cannot feed itself and faces severe shortages of basic consumer goods after a government-ordered price freeze in June that has emptied shop shelves.

Mugabe -- Zimbabwe's ruler since independence from Britain in 1980 -- denies controversial policies such as the seizure of white-owned farms to resettle landless blacks have ruined the economy, and blames Western sanctions for the economic turmoil. Reuters

Look Ma I'm Not Born Yet

Australian fetus a Facebook Internet star

CANBERRA (Reuters) - Bubba Waring has not even been born yet and he, or she, has its own Web space with cyber "friends" clamoring to get acquainted.

Australian couple Claire Gillis and Luke Waring, who are expecting their first child in three months, decided to set up a page on Internet social meeting site Facebook to keep friends up to date on the developing baby's progress.

"We have friends and family all over the world, so we're using it for them, to post updates on ultrasounds, scans and what it has been doing all week, so that's how it started," Gillis told Australia's Daily Telegraph newspaper.

The grainy black-and-white ultrasound image of "Bubba Waring" has 29 friends listed, with dozens more waiting to be accepted by "the world's most famous fetus", Gillis said.

"I'm considering whether I should just open it up to the public because I'm just receiving the most ridiculous number of e-mails and friend requests," she said.

But the image gives nothing away about the most crucial question -- whether Bubba is a boy or a girl -- with most friends tipping a boy based on a fuzzy photo and Internet profile page.

"We're not going to find out its gender, so it'll be a surprise to everybody when the baby is born," Gillis said. Reuters

Wednesday, August 15, 2007

Blogging Under Skirts

Dutch bloggers due in court over filming under skirts

AMSTERDAM (Reuters) - Two Dutch news bloggers caught filming under women's skirts in a car park in order to warn the public of the intimate views afforded by see-through stairs must appear in court, according to their blog.

A court spokesman in Alkmaar, where the pair have been called to appear in October, said they had been charged with filming people without permission after someone complained. The bloggers say the women knew that they were being filmed.

The subterranean car park in the northern Dutch town of Heerhugowaard has a transparent ceiling in its stairwell, allowing people to look up at shoppers passing above.

The Geen Stijl blog said they were only filming to see whether the local council had done anything about the transparent ceiling after the issue was brought to their attention several months before.

The two bloggers could face a two-month prison sentence, according to Dutch news agency ANP. Reuters

Saturday, August 11, 2007

E-voting

Halt "high risk" e-voting-British watchdog

By Peter Griffiths (2 August 2007)

LONDON (Reuters) - Trials of Internet voting at elections should be halted until officials address serious concerns over costs and the risk of fraud, Britain's election watchdog said on Thursday.

Britain's Electoral Commission, said in a report that e-voting pilot schemes at the local elections in May were expensive, rushed and lacked adequate security testing.

"We have learnt a good deal from pilots over the past few years," said its chief executive, Peter Wardle. "But we do not see any merit in continuing with small-scale, piecemeal piloting where similar innovations are explored each year without sufficient planning and implementation time."

It was "fortuitous" that there were no security breaches during the trials, the report said.

"The level of risk of a security incident was much higher than it should have been," it said. "There was an unnecessarily high level of risk associated with all pilots.

"The testing, security and quality assurance adopted was insufficient."

Online voting could one day be more accurate and efficient than traditional methods, the watchdog found, but it said the trials had uncovered a series of problems.

They included:

* Some voters forgot the Internet password needed to cast their ballot online

* Others were confused by the forms and thought they were signing up for a telephone vote

* The system of pre-registering e-voters in an attempt to tighten security was "time-consuming and inefficient"

* In one trial area, the northern city of Sheffield, two-thirds of those registered to vote online failed to go to the polls electronically

E-voting should be halted until the government publishes a strategy on modernizing elections that addresses concerns over costs, transparency and public trust, the watchdog said.

Electoral Modernisation Minister Michael Wills said the government would study the report carefully.

"The purpose of pilots is to learn lessons for the future and we will do so," he said. "The testing of innovations in elections is an important part of developing public services that are efficient, effective, empowering and responsive to needs and demands of citizens."

Conservative Shadow Justice Secretary Nick Herbert said the report was a "damning indictment of Labour's interference with the electoral process".

The full report is at: www.electoralcommission.org.uk/elections/pilotsmay2007.cfm
Reuters

Friday, August 10, 2007

The Ghosts In The Voting Machines

Regular columnist Bill Thompson says our trust should only be given to technology when it is merited and proven.

When I started work as a professional programmer, writing in the C programming language, I sometimes wrote very bad code. It worked, but it wasn't what you'd call industrial strength, largely because it didn't do nearly enough checking.

As a result my programs would crash if you gave them unexpected input by typing a word into a field where a number was required, or because they failed to check whether a variable had been properly initialised before doing a calculation.

Fortunately I had talented and patient colleagues who showed me the difference between student programming and serious coding and understood that validating data, checking variables and handling all possible error conditions is not just a useful extra but at least as important as the part of the program that does the actual work.

The lesson has stayed with me, even though I now write little production code and only occasionally mess around with other people's programs.

Sadly, it seems that the developers behind three of the most widely-used electronic voting systems in current use in the United States have never grasped this important principle.


"Placing such trust in vendors who have shown a comprehensive inability to understand the security requirements of election systems seems to demonstrate a naivety about software development and integrity that is all too common in politicians" - Bill Thompson


Cryptography experts

Following concerns about the accuracy of the electronic voting systems used in last year's the California state legislature commissioned computer science and cryptography experts at the University of California to review the main players and ensure that 'California voters are being asked to cast their ballots on machines that are secure, accurate, reliable, and accessible'.

Anyone looking for reassurance will have had their hopes dashed, as the recently published report into e-voting systems from Diebold, Hart InterCivic and Sequoia found massive security holes in the source code which, combined with poor physical security and badly-designed procedures, make it impossible to rely on them to record votes accurately.

The report says that 'the security mechanisms provided for all systems analyzed were inadequate to ensure accuracy and integrity of the election results and of the systems that provide those results', which is about as bad as it gets.

'Hard-coded passwords'

And there some of the comments by the voting machine manufacturers could be seen as misleading.

Security researcher Ed Felten notes in his commentary on the work that 'Diebold claimed in 2003 that its use of hard-coded passwords was "resolved in subsequent versions of the software".

Yet the current version still uses at least two hard-coded passwords - one is "diebold" and another is the eight-byte sequence 1,2,3,4,5,6,7,8".

Apparently part of the problem was that the researchers actually had access to the systems they were testing. In a statement Hart InterCivic complained that investigators had 'unfettered access to all technical documentation and source code information', implying that since hackers or those trying to manipulate the vote would be less well prepared the bad coding doesn't really matter.

A system can only be used in an election if it is certified by the relevant authorities, and it was clear from the California study that none of the machines examined was up to the job, so their certification was withdrawn at the start of August.

Unfortunately California's Secretary of State Debra Bowen is clearly a trusting soul because she immediately gave them all a new certification provided that security features were added to 'protect the integrity of the vote'.

Placing such trust in vendors who have shown a comprehensive inability to understand the security requirements of election systems seems to demonstrate a naivety about software development and integrity that is all too common in politicians.

More progressive

Such problems are not confined to the United States, of course, though the campaign for more openness about the technology used in electronic voting seems to have made more progress there than elsewhere.

Here in the UK the Open Rights Group, resolute campaigners for civil liberties in the digital world, sent observers to several of the e-voting pilot projects in the May 2007 English and Scottish elections.

They had to fight through a bureaucracy which seemed to see openness as a dangerous aberration, where 'observers were frequently subject to seemingly arbitrary and changeable decisions via unclear lines of authority', but the final report makes chilling reading.

It outlines many problems, noting that 'inadequate attention was given to system design, systems access and audit trails. Systems used both inappropriate hardware and software, and were insufficiently secured'.

A big problem for ORG is that 'E-voting is a 'black box system', where the mechanisms for recording and tabulating the vote are hidden from the voter. This makes public scrutiny impossible, and leaves statutory elections open to error and fraud'.

The Electoral Commission, the body responsible for the administration of elections in the UK, has also been looking at the trials and it recently called for a halt to pilot projects while security and testing procedures are improved, an implicit admission that the ORG analysis of flaws in the May pilots was well-founded.

We can only hope that these warnings are heeded, and that the UK politicians show more awareness of the problems of building secure voting systems than the Californian officials have demonstrated.

Electronic voting is not the same as online voting, and the argument that voting by text message or over the internet diminishes the importance of democratic engagement does not apply to attempts to replace a pencil and paper ballot with modern technologies that could be more accessible and count votes faster and even more reliably.

But we would be better off keeping an old, paper-based system that we can trust rather than rushing to replace it with flawed technologies whose inevitable failure will further damage trust in the democratic process.
Source: BBC News