Broadband speeds under scrutiny

21 September 2007

Broadband speeds in the UK are much slower than advertised by internet service providers, a study by Computeractive magazine has found.
Some 3,000 readers took part in speed tests and 62% found they routinely got less than half of the top speed advertised by their provider.

It is the latest in a series of questions over the way net firms advertise broadband services.

Regulator Ofcom said it was aware of the issue and was "investigating".

Testing times

The figures were gathered from more than 100,000 speed tests that the 3,000 respondents carried out to build up a picture of their average net-browsing speed on ADSL lines.

Statistics about net users in the UK show that half of current broadband users receive ADSL services that should run at speeds between one and four megabits per second (mbps).

The other 50% are on deals offering up to eight mbps but the tests revealed that, in reality, very few achieve the top speeds.

"This problem has been building for a while with a growing gulf between what is advertised and what is delivered," said Paul Allen, editor of Computeractive.

"The adverts often have super-fast broadband in huge lettering with the "up to" clause in very small print," he said.

"Users who have taken the test were surprised at the size of the gulf," he added.

Some 28% of the 3,000 respondents who took the ADSL speed test found that they received less than a quarter of their maximum advertised bandwidth.

While consumers may currently not notice their sluggish connections, this could change thinks Mr Allen.

"Previously it has not been a massive issue but in the coming year we are entering the net TV age and video content is bandwidth-hungry," he said.

Mr Allen called on regulator Ofcom to provide an independent speed test to anyone who has signed up to receive broadband.

Speaking for the telecommunications watchdog, a spokesman said: "We are looking at this issue. It is not a huge driver of complaints but it has come on to our radar screen."

"It's about the difference between the headline rate and the rate received," he said.

The spokesman said Ofcom was working with the net industry and other organisations such as Which to investigate the extent of the problem and what can be done about it.

"Once we have carried out this work we will assess what options might be available to tackle it," he said. The results of the investigation would be made available in the "near future", said the spokesman.

Fast chance

Research by market analysts Point Topic sugggests that, in many areas of the UK, few people will be able to get the fastest broadband speeds.

Only 5% of the population will be able to enjoy speeds of 18Mbps. More than half will only be able to get 8Mbps.


Ofcom was also working with the Advertising Standards Authority to keep an eye on how net service firms word their marketing materials.

"We make sure broadband advertising does not advertise speeds that cannot be guaranteed," he said. "They have to make it clear that there is a best possible speed rather than an average speed."

The ASA has investigated several cases of misleading promotions, most recently asking Bulldog to make it clear in its adverts that speed was dependent on how far away from the exchange people lived.

It ruled that broadband providers could use the words "up to" 8Mbps when describing services as long as customers were likely to get close to those speeds.

A survey last month by consumer group Which found that consumers with services promising speeds of up to 8Mbps were actually getting an average speed of 2.7Mbps.

There are many variables that determine the speed of a connection, including how far away from the telephone exchange the line is, how many others are using the line at the same time and the quality of the wiring within a home.

The tool used in the study is available for download from the Computeractive website. It was developed by advice service Broadband Choice.

Computeractive has also launched an e-petition on the Downing Street website, asking the government to force net service firms to provide clear information about the typical speed users will receive alongside the maximum speed. Source BBc News

The Making of e-Soldiers

Weapons without barrels or bullets
By Tim Weber


Make no mistake: Defence Systems & Equipment International (DSEI), held in the huge Excel Centre in London's docklands, is an arms fair.

Armoured fighting vehicles tower over visitors; most gleaming, some proudly muddy as if straight from the training range.

Stands are bristling with weapons - from lightweight submachine guns to long-barrelled sniper rifles.

And there are plenty of uniformed men (and a few women), some in combat gear, most in their parade-ground best with plenty of gold decorating their shoulders.

High-ranking Chinese officers crowd around the finest that UK arms firm BAE system has to offer, Sony camera at the ready.


Fewer weapons

But there are much fewer weapons on display than on previous shows - fewer guns and bombs, less military hardware.

It's not that DSEI - held every two years - has become smaller; indeed, the organisers say that it has grown by 20% and is the biggest show yet.

Rather, the two wars in Iraq and Afghanistan have shown that most armies are not equipped to fight clever and ruthless insurgents that have little regard for civilian casualties.

The 'e-soldier'

There still is some old-style posturing. Italian gun make Beretta shows off a new assault rifle to the tune of Wagner's Ride of the Valkyries - in best Apocalypse Now-style.

However, were it not for the camouflage decorations, many exhibition booths at DSEI would not look out of place at an electronics fair.


Communications equipment, sensors, microprocessors, software packages and rugged laptops are arrayed to help modern armies compensate for what they are least likely to get more of: manpower.

Visiting DSEI allows to catch glimpses of a new warrior in the making, the "e-soldier", as Matt Howchin of UK microtechnology firm C-Mac calls it.

E-soldiers still carry a gun, but their uniforms and helmets are laced with electronics, monitoring both their own vital signs and their environment, relaying the information up the chain of command.

Helmet cam

Some of this technology is battle-ready, but still looks a bit cumbersome.

French defence firm Thales shows a soldier's battle gear that is supposed to block some of the remote control signals that are used to set off insurgents' bombs.

And at the ITT stand, a soldier - thick wires protruding behind his neck - sports a helmet cam and headphone set wired up to a Spearnet data radio.

The set-up - effectively a high-resolution webcam - allows the commander back at headquarters to get a real-time look at the battlefield.

Software packages could integrate all this information from the battlefield with systems like General Dynamics' Urban Istar programme.

This combines a powerful scanning system with a database that would allow troops engaged in urban warfare not only to detect hidden insurgents, but to understand the structure and weak points of a building without entering it.

Ultimately, this is about smarter fighting, "not with the bullet, but with better command and control systems," says Peter Felstead, editor of Jane's Defence Weekly.

The suicide bomber belt

The new wars have brought new threats.

One stand at DSEI shows a mannequin kitted out with a suicide bomber's explosives belt.

The pyrotechnic belt is a training device for armies and police forces, developed by Isle of Man-based Milpolice Equipment.


The belt allows the wearer to mimic the triggers used by real suicide bombers - and helps soldiers prepare for the threat.

The firm also makes IED simulators - the notorious Improvised Explosive Devices, or roadside bombs, that have caused so many casualties in Iraq and Afghanistan.

So how does the company keep up with the constantly changing techniques used by the insurgents?

"We have good contacts in the intelligence services," says managing director Stephen Blakely with a wry smile.

The race for better armour

While training is useful, protection is better.

"Force protection is where the big bucks are at the moment," says Jane's Peter Felstead.


John Rutledge at American Defense Systems Inc, a maker of heavy armour, speaks of full order books - and an arms race against the increasingly powerful devices used by Iraqi insurgents.

"We are using ever more exotic materials to protect the troops", he says; "getting real-time intelligence" helps the firm to stay ahead of the latest insurgent tactics.

At previous arms fairs, armies were looking to "up-armour" their existing vehicles, like light Land Rovers and Humvee trucks. Now the focus has shifted to new vehicles that are heavily armoured by design.

US firm International Truck and Engine is rushing out more than 1,900 Maxxpro trucks to the US Marine Corps, troop carriers that are designed to withstand mine blasts and roadside bombs on the Iraq battlefield.

Look, no driver

Oshkosh - which provides all the US army's heavy trucks - has put mirrors below a truck that show the heavy armour plating protecting the driver's cabin.

Everywhere there are stands displaying the latest in blast-proof glass or ceramics, so that vehicle makers can achieve the protection level armies are calling for.

After all, says German army Colonel Udo Kalbfleisch, "without giving soldiers proper protection you can't motivate them" and points to a video showing the heavily armoured Dingo that protects German soldiers on patrol in Afghanistan.

The more radical solution, however, is to take the driver out of the truck.

Oshkosh is working on control systems for unmanned vehicles.

Long supply convoys could have just a few real drivers. The other trucks would be steered by sophisticated electronics that work both in all-terrain and urban environments.

"I can easily foresee a future where we can achieve a 75% reduction of troops at risk," says Joaquin Salas at Oshkosh. "We are in discussions with the military to see when they might want to test this capability."

All this comes at a hefty cost. There is a trade-off between better armour and tight budgets, says John Rutledge, and it just "doesn't add up".

Already the cost of troop protection has started to cut into other procurement programmes, say industry insiders.

Lifesaver bottles

Battlefield innovation comes in many guises.

Pour dirty polluted water into the Lifesaver Systems bottle, pump a couple of times, and out comes perfectly drinkable water - without the use of chlorine or iodine. It's a solution that works not just for soldiers but disaster areas as well.

UK firm Chemviron Carbon tries to find customers for its ultra-lightweight chemical weapons protection fabric. Buyers so far have been the Swedish army and some special forces, and the company is now talking to police forces.

"When you think about it, the most likely [chemical] attack won't be on troops, but in a metropolitan environment," says Chemviron's Paul Graham.

C-Mac's stand doesn't sport any guns or camouflage at all.

The UK firm makes ceramic-based chip modules that work under extreme conditions - in fighter jets, tanks and rockets.

The tiny electronics components don't look much. But they can help win wars.
Source: BBC News

Hacking Tools On Sale

Cyber crime tool kits go on sale

Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.
On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.

The top hacking tools are being offered for prices ranging up to £500.

Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.

Tool time

"They are starting to pop up left and right," said Tim Eades from security company Sana, of the sites offering downloadable hacking tools. "It's the classic verticalisation of a market as it starts to mature."


Malicious hackers had evolved over the last few years, he said, and were now selling the tools they used to use to the growing numbers of fledgling cyber thieves.


"When it comes to the hacking industry and level of business acumen there's no limit to what your money can buy "Paul Henry, Secure Computing

Mr Eades said some hacking groups offer boutique virus writing services that produce malicious programs that security software will not spot. Individual malicious programs cost up to £17 (25 euros), he said.

At the top end of the scale, said Mr Eades, were tools like the notorious MPack which costs up to £500.

The regular updates for the software ensure it uses the latest vulnerabilities to help criminals hijack PCs via booby-trapped webpages. It also includes a statistical package that lets owners know how successful their attack has been and where victims are based.

MPack has proved very popular with criminally minded groups and in late June 2007 managed to subvert more than 10,000 websites in one attack that drew on the tool.

Hacking groups also operate volume pricing schemes and discounts for loyal customers, he said.

"It's almost a play-by-play of good business practices of software marketing," he said. "When it comes to the hacking industry and level of business acumen there's no limit to what your money can buy."

Paul Henry, vice president of technology evangelism at Secure Computing, said the numbers of downloadable hacking tools was growing fast.

According to Mr Henry there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks, he said.

But, he added, many hacking groups were offering tools such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack that made it much easier for unskilled people to get in to the hi-tech crime game.

Mr Henry said the tools were proving useful because so many vulnerabilities were being discovered and were taking so long to be patched.

Little risk

"MPack used more than 12 different vulnerabilities that were launched against any web browser that visited any compromised site," he said.

Many hacking groups were attracted to selling the kits because it meant they took little risk themselves if the malicious software was used to commit crimes.

"The only thing you are going to find is a disclaimer that this was distributed for educational purposes and the user accepts any responsibility for any misuse," he said.

The only risk the hacker groups faced in making the tools available was in having someone else steal them and offer them at a lower price. Already, he said, the sheer number of tools for sale was driving down prices.

Garry Sidaway, a senior consultant at security firm Tricipher, said the success of MPack and the attendant publicity was rumoured to be worrying its creators.

"It was made by a group of friends and they all have regular jobs," he said.

Mr Sidaway said the group would not lose much money if they did stop selling it because they made much more from other lines of business.

In particular, he said, the groups can sell information about unpatched or unknown vulnerabilities in software for thousands of pounds per bug.
BBC News

Hackers Target Legitimate Sites

Hackers target 'legitimate' sites
20 June 2007

More than 10,000 websites have become unwitting hosts of malicious software, say security experts.
Those visiting the hijacked pages risk having keylogging software installed on their PC if it is not protected with the latest patches.

The webpages compromised are all legitimate sites devoted to subjects such as tax, jobs, tourism and cars.

The sites are thought to have been booby-trapped using a malware kit, called MPack, sold commercially online.

Hacked host

The MPack kit was first discovered by Panda Software in May 2007 and is now implicated in infections on more than 160,000 computers.

The kit, put together by Russian hackers, can be bought for $1,000 (£503) and the price includes a year of technical support.

Using the kit, budding hi-tech criminals can churn out code that exploits the latest vulnerabilities in widely used web browsers that work on Windows.

The latest round of infections using MPack is thought to be one of the most successful.

It is believed to have started when malicious hackers got access to one of Italy's largest website hosting companies and seeded servers with the code that attacks anyone visiting those sites.

Security experts say the attack code is "browser aware" and will tune its attack depending on the web browsing software used by a visitor. Attack code is present for Internet Explorer, Firefox and Opera.

Following the initial outbreak in Italy, booby-trapped sites are now turning up in Spain, the US and many other nations.

The new outbreaks come about as the attack code is inserted on more and more legitimate websites.

Hundreds of thousands of users are thought to have been caught out by the infection.

Many anti-virus companies have already updated their security software to defend against the attacks used in this outbreak.

BBC News

How to Detect a Phishing Attempt

Phishing growth

Phishing e-mails that try to make you hand over confidential details are becoming more common.
In July 2006, the Anti-Phishing Working Group got reports about 23,670 unique phishing scams.

The trick seems to be catching a lot of people out too. In 2005 UK losses from phishing scams stood at £23.2m.

In this gallery we give you some handy hints on how to spot the signatures of the phish.

Name and address

The first thing to look for is if the phish is addressed to you at the e-mail account your bank knows.
Many phishers are former spammers and often send messages to mailing lists rather than individuals.

Look to see how you are addressed in the body of the message. Phishers almost always use generic greetings, such as in this phish from 2005, rather than your actual name.

Banks also make clear they will never ask for your personal information in e-mails.

Detailed look

There will be many more clues in the body of the message.
If the phish includes details, such as an account or credit card number, check they are correct.

As phishers want to steal this information they are unlikely to have it before they send the mail.

Many phishing gangs take a chance and include random details to make the message look more official and hope people respond rather than read the text

Text check

Though phishing gangs are getting more sophisticated and literate, many bogus e-mail messages give themselves away by their poor command of the English language.
This is because many phishing gangs hail from nations where English is rarely spoken.

Grammatical errors and spelling mistakes are classic signs that a message is a phish.

If you stumble over the text, it's probably a phish.


Link lessons

There are more subtle signs that a message is a phish rather than legitimate.
For instance, look to see if the web link in the body of the message matches those in the status bar of the e-mail.

If these differ you have probably caught a phish.

If you are suspicious do not click on the links in the e-mail body. Instead type the address out manually.

Text tricks

Many phishing gangs exploit the readiness of the human eye to see what it wants to see rather than what is actually there.
For instance, in this old Paypal phish the scammers have registered a site that, to a quick glance, looks very like the name of the payment company.

Most phish fall down on one or more of these criteria. If you are suspicious contact your bank directly.
BBC News

Bloggers Blogs Under Attack

Bloggers battered by viral storm

Google's Blogger site is being used by malicious hackers who are posting fake entries to some blogs.
The fake entries contain weblinks that lead to booby-trapped downloads that could infect a Windows PC.

Infected computers are being hijacked by the gang behind the attacks and either mined for saleable data or used for other attacks.

The Blogger attack is the latest in a series by a gang that has managed to hijack hundreds of thousands of PCs.

Attack pattern

Security researcher Alex Eckelberry from Sunbelt Software first noticed the booby-trapped links turning up on Blogger on 27 August.

Now many hundreds of blogs on the site have been updated with a short entry containing the link.

Mr Eckelberry said it was not yet clear how the links were posted to blogs. The bogus entries could have exploited a Blogger feature that lets users e-mail entries to their journal.

The blogs themselves could also be fake and set up solely to act as hosts for spam.

Commenting on the attack a Google spokesperson said: "The blog posts are likely from users' whose machines have been compromised by a virus.

"Among the other recipients of spam e-mails generated by the virus are users' mail2blogger accounts, which allow them to update their blogs via e-mail," said the spokesperson.

"We are in the process of notifying impacted users and recommending that they scan their computers and run current anti-virus tools--good advice for all internet users," they added.

The entries on the blogs have the same text as some of the spam distributed by the group behind the attacks. These attempt to trick people into clicking on links and downloading booby-trapped files using cleverly crafted messages.

Some pose as YouTube links others claim to be looking for testers of software packages or digital greetings cards.

The group behind the attack on Blogger is thought to have mounted a huge series of attacks since January.

The first attack used a spam that purported to give recipients more information about the severe storms seen in Europe in January. This led to the virus used by the gang being dubbed the "Storm Trojan".

Since January the group has been sending out huge numbers of different spam messages in a bid to trick people.

"The criminals responsible for this spam campaign are experts at exploiting social engineering to propagate their botnets," said Bradley Anstis from security firm Marshal.

The spam messages have been changed to capitalise on news events and the viral payload has been updated many times to fool anti-virus programs.

Mr Anstis said the sheer number of messages being sent by the group was staggering. On some days, he said, 4-6% of all the junk messages seen by Marshal were sent by the group.

Security experts estimate that the group can send out so much junk mail because they have hijacked so many Windows PCs via successive campaigns. Some suspect that the group has infected more than one million PCs over the last eight months.

STORM WORM SUBJECT LINES

are you kidding me? lol
Dude dont send that stuff to my home email...
Dude your gonna get caught, lol
HAHAHAHAHAHA, man your insane!
I cant belive you did this
LMAO, your crazy man
LOL, dude what are you doing
man, who filmed this thing?
oh man your nutz
OMG, what are you thinking

BBC News

Virus on Web Videos

Virus writers target web videos

The growing popularity of online video has caught the attention of malicious hackers and hi-tech criminals.

Security firms are reporting more and more instances of booby-trapped Windows codecs - file compressors - required to play some video formats.

Some of the codecs let users play types of net-based video, but also have spyware and adware wrapped inside.

Others, say experts, are outright fakes that just want to infect victims with data-stealing programs.

Audience ratings

"Everyone is watching movies on their PC," said David Robinson, UK head of security firm Norman Sandbox, "they are downloading the latest, greatest clips."

While sites such as YouTube and Revver try to make it easy to watch video online, many of the downloadable clips posted on the web require extra software, called a codec, to play them.

Mr Robinson said many security firms were now logging instances in which spyware and adware firms are turning out software bundles that claim to roll together many popular codecs or just have the one needed to play a particular clip.

Some of the codecs do help to play clips, but others are disguised as a variety of nuisance or malicious programs.

Some rogue codecs plague users with pop-up adverts, while others invisibly install keyloggers that try to grab confidential data.

Anti-spyware firm Sunbelt Software discovered one codec that became a program that found fictitious security problems on a PC and demanded payment to repair them.

Many downloads look benign when scanned with an anti-virus program, but, once installed, download updates from other websites that contain the malicious payload.

Mr Robinson said the growth of booby-trapped video codecs was just another example of how hi-tech criminals have moved on from the old days in which a virus only travelled by e-mail.

Now, he said, they maintain a diverse portfolio of attack methods and will tailor these to whatever is proving popular online.

Mr Robinson said his company Norman Sandbox, which analyses captured samples of malicious code, gets hundreds of new variants of malicious programs submitted to it every day.

David Emm, senior technology consultant at anti-virus firm Kaspersky Labs, said it was only a matter of time before virus writers turned to sites such as YouTube and booby-trapped pages showing popular clips with bugs.

"YouTube is almost by definition unregulated," he said, and was ripe for exploitation by malicious hackers. "It gives an almost endless stream of stuff to tap into."

Already spyware firms are known to be using the popularity of some clips on YouTube and social networking site MySpace to install their wares on the PCs of more victims.

Increasing numbers of malicious attacks were pegged to news or other events, said Mr Emm, which helped to catch people out.

The upcoming Halloween holiday is already being exploited by malicious hackers who are baiting websites with viruses and trojans. BBC News