DaniWeb IT Discussion Community

DaniWeb IT Discussion Community http://www.daniweb.com/forums/ Tech support, programming, web development, and internet marketing community. Forums to get free computer help and support. en-US Sat, 07 Nov 2009 19:21:04 GMT vBulletin 60 http://www.daniweb.com/alphaimages/misc/rss.jpg DaniWeb IT Discussion Community http://www.daniweb.com/forums/ News Story FIGHT: World of Warcraft vs China http://www.daniweb.com/news/story235672.html Tue, 03 Nov 2009 14:04:15 GMT It would seem that there is something of an ongoing battle in the world of online Chinese gaming, and World of Warcraft is right in the midst of it. As I reported (http://www.daniweb.com/news/story220683.html) back in July, the company behind World of Warcraft (Blizzard Entertainment) was having... It would seem that there is something of an ongoing battle in the world of online Chinese gaming, and World of Warcraft is right in the midst of it.

As I reported back in July, the company behind World of Warcraft (Blizzard Entertainment) was having problems in getting The Burning Crusade expansion pack up and running in China. Best not even mention Wrath of the Lich King then. It's all a little, well a lot, complicated and just a tad political, of course. Here's what I said a few months ago:

"A planned upgrade to the game which involved moving to a new operator in China, an online gaming outfit by the name of NetEase, has been anything but easy. Because it is a foreign game, and the move to a new local operator makes it a new foreign game for good measure, the Chinese government get to put it through a strict approval process."

Now it would seem that the publishing regulator in China has returned that application and halted the approval process as a result. NetEase, meanwhile, has already started operating World of Warcraft in China again despite not having approval. It fired up the local WoW servers back in September, one assumes as it was tired of waiting for that bureaucratic rubber stamp. Remember, WoW had already been approved and had been operating in China previously, all that changed was the local operator. Heck, NetEase apparently even got the nod to go ahead from the Cultural Ministry in China to rev up the WoW servers again.

But that has not appeased the agency concerned with the approval process, the General Administration of Press and Publication (GAPP) and it has now demanded NetEase stop taking money, stop new players from signing up, and in effect just, well, stop. No doubt part of this intransigence stems from the declared intent of GAPP to clean up the online gaming sector and remove violence and pornography from the MMORPG genre (oh how China loves those weapons of mass censorship) but it will be interesting to see how the war is won between commerce, a Government with one eye on foreign investment and an internal agency seemingly struggling to justify its own existence. ]]> Game Development happygeek http://www.daniweb.com/forums/thread235672.html News Story Hold the front page: Piracy is not killing the music business! http://www.daniweb.com/news/story235178.html Sun, 01 Nov 2009 22:39:06 GMT If piracy and illegal downloaders really are killing the music industry, how come more singles have been sold this year than ever before and people who file-share spend more money on legal releases than those who do not file-share?

I have to admit, it's not been a good week to be on the side of law and order and the established way of things as far as the music business is concerned. While the UK Government pushes ever onwards with the Digital Economy Bill which promises a robust legal and regulatory framework to deal with illegal file-sharing, and continues to insist that illegal downloading is a real threat to the music industry, figures have been released which seem to undermine the official 'three strikes and your out' to save creative output position.

According to the Daily Mail a newly published study shows that, in the UK at least, those who download illegal music actually spend considerably more on buying legal music than those who do not admit to illegal downloading. When it comes to music singles and albums, the illegal downloaders spend an average of £77 per year on official releases while people who say they have never downloaded any music illegally spend only £44 per year.

Of those asked, around two thirds would stop downloading illegally if music download services were cheaper. Just reducing the cost to 45p a track could double the sales of legal downloads it would seem. Add to this the fact that 42% of people said they download illegally to try before they buy, and 83% insist they buy more music as a result of such downloading, and you get the feeling that the music industry needs to be examining new music distribution business models and exploiting them rather than applying the big stick with fingers in ears going la la la approach.

The British Phonographic Industry, the UK music industry trade association, reckons that illegal downloaders will cost the music biz around £200 million in lost sales by the end of this year. Yet at the same time it is being reported that the BPI is also saying that 2009 will be the biggest year ever as far as sales of singles in the UK is concerned. The previous record for most single records being sold was et, er, last year in fact. Even more proof, were it needed, that illegal downloads are simply not killing the music business as is constantly being suggested by the industry powers that be. ]]> eCommerce happygeek http://www.daniweb.com/forums/thread235178.html News Story Trick or Treat Security Scares http://www.daniweb.com/news/story234435.html Thu, 29 Oct 2009 13:36:34 GMT You probably call it Halloween, for myself and other pagans it is Samhain (http://en.wikipedia.org/wiki/Samhain), but for the cyber-gangs it is phishing time. Seasonally-themed spam is on the up at this time of the year, Halloween related messages accounting for 0.5% of the daily spam traffic by... You probably call it Halloween, for myself and other pagans it is Samhain, but for the cyber-gangs it is phishing time. Seasonally-themed spam is on the up at this time of the year, Halloween related messages accounting for 0.5% of the daily spam traffic by volume in mid-October according to the latest Symantec MessageLabs Intelligence Report.

Currently, with the 'Witch's New Year' Sabbath itself coming this weekend, there are some 500 million emails circulating worldwide and the majority of the Halloween spam is originating from the Rustock and Donbot botnets. Most of this would appear to be pointing towards pharmaceutical sites and rogue/counterfeit software sites.

"As is typical with spammers this time of year, we are seeing them try to capitalize on the holiday season" said MessageLabs Intelligence Senior Analyst, Paul Wood. "Although they may be a bit overzealous, spamming is a numbers game and the spammers have certainly succeeded with volume thus far. Perhaps their early-bird approach is an attempt to compete with the other botnets and get in early to maximize their chances of success."

This month has also seen a batch of intercepted event-related advance-fee fraud spams, mostly relating to the 2010 football World Cup in South Africa which try and get the target to pay an up front fee in order to supposedly receive their prize draw winnings.

The October phishing activity has been 1 in every 293.7 emails, an increase of 0.11% since September but a drop of 10.5% if looked at as a proportion of all email-borne threats.

When it comes to viruses, October has seen the global ratio of email-borne viruses in email traffic from new and previously unknown bad sources increase by just 0.18% from September to 1 in every 230.8 emails. However, only 19.2% of email-borne malware contained links to malicious websites, which is a huge drop of some 20.6% from the previous month.

Geographically speaking, Denmark was the most spammed country with levels of 96.2 percent of all email, with the US on 94% and the UK on 93.3% while China tops the virus activity charts though, with 1 in every 80.7 emails being infected. ]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/forums/thread234435.html News Story Firefox by the numbers: 30 million new users in just 8 weeks http://www.daniweb.com/news/story233983.html Tue, 27 Oct 2009 23:31:34 GMT Some Twitter postings just demand you read them two or three times to take in what is being said in 140 characters. One such posting was made today by Mozilla CEO John Lilly which simply said: "Firefox user growth has been amazing last 8 weeks or so. +30M or so unique monthlies"

That's worth repeating, 30 million new users for Firefox in an 8 week period. Wow!

Tristan Nitot, President of Mozilla Europe, confirmed the figures when speaking to ZDNet in the UK. Nitot explains that it can calculate the number of users per month by multiplying the active daily users by a factor of three to allow for those days when they are not actually browsing the web. In confirming that Mozilla has seen a "significant increase" in Firefox user numbers, Nitot said "Firefox checks for new versions every 24 hours, when it's running, and when it checks, it pings the Mozilla server. We count the number of pings."

The figures collected show that Firefox now has some 330 million monthly users, and increase over the last eight weeks of some 10 million daily users on average. Although the numbers look good for Mozilla, and the latest global market share statistics suggest it is up around 3% from this time last year, it only has 23.75% of that world share. Microsoft, on the other hand, is in decline with a loss of 5% share during the same period, but crucially Internet Explorer still commands an impressive 65% of the market. That share does vary from country to country though, and Firefox rules the roost in 17 European countries for example. ]]> Web Browsers happygeek http://www.daniweb.com/forums/thread233983.html News Story Google, Bing and Twitter sitting in a tree... http://www.daniweb.com/news/story232243.html Thu, 22 Oct 2009 09:36:49 GMT Forget the Windows 7 launch, the real big news from Microsoft this week is that it has reached a deal with Twitter to include real-time tweet data in Bing searches. If that wasn't excitement enough for the Twitterati, just a few hours after Microsoft made its announcement Google joined in and announced that it too had reached an agreement with Twitter to do the same.

If you still play buzzword bingo, then forget Web 2.0 or even Social Media if you want to score big points, the buzzword today has to be Real Time Web. And that is what has got both Microsoft and Google so excited, the notion of capturing and enabling access to data in real time. It is something of the Holy Grail as far as search is concerned, and something which the deals with Twitter makes a little more of a reality.

In an announcement on Wednesday Microsoft was positively gushing over the glory of Twitter, stating "Twitter is producing millions of tweets every minute on every subject you can imagine. The power of those tweets as a form of data that can be surfaced in search is enormous. Innovative services like Twitter give us access to public opinion and thoughts in a way that has not before been possible".

Which is why Microsoft was pleased to announce that "we now have access to the entire public Twitter feed and have a beta of Bing Twitter search for you to play with" which is great, and you can try the thing out here. Assuming you are in the US that is. The great real time global news and opinion feed that is Twitter is only available to Americans for now. The logic behind that particular decision escapes me, so if anyone from Microsoft, or on the Bing team, cares to comment here and explain I'm ready and waiting.

I am also ready and waiting for the Google Twitter Search which is not just available for the US audience. In fact it is not even available for the US audience, or any other for that matter. All Google has done is quickly react to the Microsoft announcement and let everyone know that it too has done a deal with Twitter to try and take some of the sting out of Bing beating them to the PR punch.

"We believe that our search results and user experience will greatly benefit from the inclusion of this up-to-the-minute data" says Marissa Mayer, Vice President of Search Products and User Experience at Google, who continues "we look forward to having a product that showcases how tweets can make search better in the coming months".

Coming months? Looks like Microsoft really has stolen a march on Google this time. Another feather in the Bing bonnet, but one that may well blow away when Google does get that Twitter search integration sorted. I just hope it doesn't take too long to archive and index the 5 billion tweets that have already been tweeted, and the millions more that are being added every day. ]]> Search Engine Optimization happygeek http://www.daniweb.com/forums/thread232243.html News Story 5 Billion Tweets! http://www.daniweb.com/news/story231619.html Tue, 20 Oct 2009 10:13:10 GMT GigaTweet (http://popacular.com/gigatweet/) has been counting the total number of messages posted to Twitter in real time, and the rolling count is almost hypnotic. Overnight the 5 billionth Tweet was posted. So what was it? Perhaps someone speaking out... GigaTweet has been counting the total number of messages posted to Twitter in real time, and the rolling count is almost hypnotic. Overnight the 5 billionth Tweet was posted.

So what was it?

Perhaps someone speaking out against corporates trying to gag freedom of the press again? Nope.

Maybe another campaign kicking off against insensitive and homophobic ranting in the Daily Mail newspaper? Nope.

Must be an anarchist orchestrating a protest movement then? Nope.

Which surely only leaves the willy waving celebrity crowd, was it one of them letting us know they had eaten dinner with another celeb and were off to bed now? Nope.

It surely wasn't me, @happygeek, saying something profound? Nope, no chance of that I am afraid.

Actually, the 5 billionth Tweet was something of a let down, yet a refreshing reminder that the real power of Twitter is with ordinary users having ordinary conversations with their ordinary friends.

It would appear that Tweet 5,000,000,000 was posted by one Robin Sloan (@robinsloan) in reply to a user called @sexysloan9912e, and simply said "Oh lord".

Indeed. ]]> Growing an Online Community happygeek http://www.daniweb.com/forums/thread231619.html News Story Gary McKinnon wins extradition reprieve for psych review http://www.daniweb.com/news/story231374.html Mon, 19 Oct 2009 11:01:16 GMT Just when it looked like every avenue to prevent the extradition of self-confessed NASA Hacker Gary McKinnon had been exhausted, especially when just last week a couple of High Court judges denied him leave to appeal his case to the highest court in the UK, it looks like the hacking cause célèbre... Just when it looked like every avenue to prevent the extradition of self-confessed NASA Hacker Gary McKinnon had been exhausted, especially when just last week a couple of High Court judges denied him leave to appeal his case to the highest court in the UK, it looks like the hacking cause célèbre has got a reprieve.

In an unexpected twist, Home Secretary Alan Johnson has delayed the extradition proceedings while he considers the medical evidence. Diagnosed with Asperger's Syndrome, it has been argued by the Free Gary campaign that to send him to prison in the US would be the equivalent of signing his death warrant.

Certainly there seems to be a groundswell of opinion (both here and in the US) that were McKinnon tried in the UK he would most likely face a more lenient sentence. I myself have argued that he should face the music, as it were, in the UK rather than the US. I recently stated right here on DaniWeb that "I seriously doubt that McKinnon could get a fair trial in the US where he has already been branded a fugitive from justice (for merely going through the legal process of appealing against an extradition order, something to which he has every legal and moral right) and various government and military mouthpieces have made it quite clear that they think the book should be thrown at him and McKinnon should get 'what he deserves' which would appear to be 60 years in a supermax prison apparently".

However, I have also made it quite clear that I believe McKinnon should not be let off with a slap on the wrist. He has broken the law, he admits as much, and must face the consequences - Asperger's Syndrome or not. This has, let's face it, been dragged out long enough now. McKinnon was arrested way back in 2002 and the 43 year old needs to be prosecuted and tried in a court of law so that he, and everyone else, can move forward. ]]> Network Security happygeek http://www.daniweb.com/forums/thread231374.html News Story Mozilla says Microsoft browser malware can Firefox off http://www.daniweb.com/news/story231169.html Sun, 18 Oct 2009 13:21:34 GMT Odd isn't it, how Microsoft kicked up a fuss when Google announced the Chrome plugin for Internet Explorer on the grounds that it could make the browser more insecure. Indeed, it went as far as to suggest that it doubled the potential surface area for malware and scripted attacks. Yet, amazingly, Microsoft sees no such problem with installing a plugin into the Firefox browser. What's more it is installed without asking the permission of the user and, he says with more than a hint of irony, it left Firefox vulnerable to a drive-by exploit.

This is nothing new, as those with a memory for such underhand shenanigans will recall, as Microsoft started 'silently' installing a .NET Framework Assistant extension for Firefox users earlier in the year. The sting at the time was that it could not be uninstalled, and when an uninstall option was provided (after much media attention) it managed to break some other Firefox extension during the uninstall process.

So imagine the surprise when numerous Firefox users were presented with an 'Add-ons may be causing problems' popup when they had not added any new extensions. That popup quickly explained what was going on (see screenshot) determining that the Microsoft .NET Framework Assistant 1.1 may be "unstable or insecure". Given the option to restart Firefox so that the add-on could be disabled most punters would, I suspect, jump at the chance.

People have a right to be angry both at Microsoft for plugging something into a non-Microsoft browser client which could impact upon the security of that client, and doing so without their knowledge or prior consent I might add, but also with Firefox for allowing this silent installation in the first place.

But why the fuss now, when this plugin was pushed out some months back? Well it all boils down to the recent big Patch Tuesday roll out from Microsoft. On Tuesday Microsoft warned that unless Firefox users had installed the appropriate Internet Explorer patch then they would be vulnerable to an exploit enabled by a .Net Framework Assistant extension bug. Microsoft stated that installing Tuesday's MS09-054 patch protected all users from the exploit, no matter the attack vector, including Firefox users.

Mozilla responded, quite correctly, by telling Microsoft to Firefox off. It automatically turned on a system to block the extension for all Firefox users. Mike Shaver, Vice President of Engineering with Mozilla, explains "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately."

The thing is, if you silently or stealthily install software which impacts upon the security of the user, without that users knowledge or prior consent, isn't that called malware?

Attached Images

firefox-says-no.jpg (14.1 KB)

]]> Web Browsers happygeek http://www.daniweb.com/forums/thread231169.html News Story World ad-supported first as C4 lets you see more on YouTube http://www.daniweb.com/news/story230391.html Thu, 15 Oct 2009 12:42:24 GMT UK broadcaster Channel 4 has signed a deal with YouTube to bring full TV programmes online, streamed for free. It's the first time that any broadcaster in the world has made such a comprehensive schedule of 'catch-up' programming available for free via YouTube.

Of course, when I say free I mean ad-supported but that's only to be expected. With YouTube now serving some one billion video streams a day, it makes commercial sense to increase your advertising reach in this way. Financial terms are not being disclosed, but the partnership runs for an initial term of at least three years on a shared revenue basis. We do know, however, that the deal is non-exclusive, allowing Channel 4 to continue distributing its 4oD service via its own website and other third party sites.

According to the press release from Oliver Rickman, manager for Google UK Communications and Public Affairs, the terms of the deal mean that "Channel 4 will make its 4oD video-on-demand ‘catch-up’ service of new programmes available via YouTube shortly after television transmission, including series that have already proved particularly popular with online audiences such as Skins, Hollyoaks, The Inbetweeners and Peep Show".

As well as that, YouTube users will also be able to access around 3,000 hours of full length programming from the Channel 4 archive at any given time, including shows like Brass Eye, Derren Brown, Ramsay’s Kitchen Nightmares, Teachers to name but a few.

Although the service will not be available in full until early next year, content is expected to start dribbling through in the coming weeks and months.

Andy Duncan, Channel 4’s Chief Executive, said: “Channel 4 was the first broadcaster anywhere in the world to make all its commissioned content available online and we’ve consistently pioneered in this field. This strategic partnership is another important milestone for us and we’re delighted to be combining the power of the ‘4’ brand and the appeal of our content with YouTube’s unrivalled reach and reputation online. Making our programmes directly accessible to YouTube’s 20 million UK users will financially benefit both Channel 4 and our independent production partners and help bolster our investment in quality British content. It demonstrates our ability to strike dynamic commercial partnerships to help underpin our future as a commercially funded, not-for-profit multi-platform public service network.” ]]> Advertising Sales Strategies happygeek http://www.daniweb.com/forums/thread230391.html News Story Spam fighting Europeans must do better http://www.daniweb.com/news/story229532.html Mon, 12 Oct 2009 13:03:08 GMT The European Commission has called on EU member countries to do more, and do better, in fighting spam and other online privacy threats. In a newly published study... The European Commission has called on EU member countries to do more, and do better, in fighting spam and other online privacy threats. In a newly published study, commissioned by the EC, it was revealed that almost all EU countries have at least one spam, spyware or malware reporting site for members of the public.

Yet the actual number of prosecuted cases, or occasions of imposed sanctions against privacy lawbreakers, varies considerably from member country to member country despite the EU-wide ban on spam. European law has actually banned spam and spyware since 2002, although you wouldn't know it considering that some 65% of European citizens are still plagued by both. And, of course, that apparent different interpretation of the law between members.

In the report an analysis of some 140 enforcement cases from 22 different member countries highlights the considerable differences between the number of cases per country and the fines imposed. The highest numbers of cases were reported in Spain (39), Slovakia (39) and Romania (20). The highest fines were imposed in the Netherlands (€1 000 000), Italy (€570 000) and Spain (€30 000). However, spammers in countries such as Romania, Ireland, and Latvia received modest fines ranging from hundreds to several thousand Euros.

The EU Commissioner for Information Society and Media, Viviane Reding, says that the figures "show that several EU countries are doing more to enforce online privacy rules" but concedes "spam is an area where we can and must improve for the benefit of internet users in the EU".

Reding argues that the EU needs to step up the fight against spammers and make sure that it adopts "legislation that provides for strong civil and criminal sanctions against spammers".

Not least, I would have thought, a better system of Europe-wide cooperation between countries in order to enforce the law and brings perpetrators to book. The report suggests that the level of cooperation also currently differs strongly between EU countries, with agreements existing in Belgium, Cyprus, Estonia, France, Germany, Italy, Latvia, Lithuania, the Netherlands, Romania and the UK. Luxembourg and Malta, however, rely purely on informal cooperation. Others seemingly do not cooperate at all.

"I call on EU countries to reinforce their national efforts to fight on-line privacy threats such as spam, spyware and malicious software" Reding concludes "If we can end the spam plague within Europe we will set the example for our neighbouring countries and other parts of the world which are as responsible for spam we receive in Europe".

With spam figures rising and the spammers always quick to adapt to changing market conditions, something needs to be done and done soon. ]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/forums/thread229532.html News Story Twitter gets knickers in a twist over security scare http://www.daniweb.com/news/story229498.html Mon, 12 Oct 2009 11:08:45 GMT I love Twitter, and post a lot of links to security related stories via my @happygeek (http://twitter.com/happygeek) account. But now I am getting a little worried that I might suffer the same fate as a well known, and highly respected security expert. Mikko Hypponen is a familiar face around the... I love Twitter, and post a lot of links to security related stories via my @happygeek account. But now I am getting a little worried that I might suffer the same fate as a well known, and highly respected security expert. Mikko Hypponen is a familiar face around the security conventions, and a familiar name to anyone who reads security news blogs. Mikko is the Chief Research Officer at F-Secure, and knows a thing or two about issuing security warnings.

Shame that Twitter cannot say the same.

It all started back on August 3rd when Mikko posted a tweet which simply read:

Quote:

"I guess somebody will fall for it... a desperate MySpace phishing site at www. rnyspece. com (don't go there)."

The eagle-eyed amongst you will note that Mikko inserted spaces into the URL to prevent the hard of thinking from clicking on a link to a phishing site. You might even have spotted the words 'phishing site' and the phrase 'don't go there' which were part of the posting.

Twitter, it would seem, did not spot any of these things. Although it took the micro-blogging outfit a couple of months not to spot them and suspend the @mikkohypponen Twitter account. Yes, suspended the account of a well known Internet security expert for passing on a warning about an Internet security threat. Doh. Or, as Twitter called it, strange activity. The official Twitter response when Mikko tried to access his account was a warning which read "this account is currently suspended and is being investigated due to strange activity. If we have suspended your account mistakenly, please let us know."

Mikko did just that, and got the rather patronising response from Twitter customer services of "I've unsuspended you acct. You were suspended for using the malware URL rnyspeceDOTcom in DMs. Be careful! We scan evrythng for malware." Yes, those were the Twitter customer service spellings.

Nice to know that Twitter apparently considers itself to be the security expert here. You might recall that it has been at the centre of some slack security scares itself in the recent past, such as when an employee got hacked and confidential company documents became public record. Not that I am going to dwell on such things, the issue here is why Twitter suspended the mikkohypponen account, the manner in which it did it and the nature of that customer service response.

Maybe Twitter didn't realise that Mikko was a leading security expert, after all there are millions of users of the service. Well, he told ZDNet that he had "worked with Twitter previously regarding twitter worms and such" so you might think they would remember him.

OK, but Twitter restored the account once he complained loudly about it so no harm done. Well, apart from the fact that, initially at least, Twitter did not restore the thousands of followers that Mikko had nor the people he himself followed, not to mention his Tweet archive. That has now been rectified I am pleased to report.

The above shows something of an immature system for dealing with such issues, as indeed does the customer service response which was not only patronising but I think really rather rude as well. Is it that hard to say 'sorry, we got it wrong' apologies for the inconvenience' rather than 'you've been very naughty and you are lucky we are being so nice about it' or is it just me?

Look, I'm pleased to learn that Twitter takes security matters seriously. Especially the posting of malicious links which is a real problem for it, the bad guys can and do post links to bad places. Yet the nature of the suspension would suggest that this is some kind of automatic scanning system for content deemed inappropriate or links known to be malicious. In this case I would suggest it was looking for the word rnyspece as Mikko deliberately posted a malformed URL to prevent link clicking. Again, you might think that this is a good thing, but here are two reasons why it is not.

Firstly, how come it took two months to discover the link and suspend the account posting it? If that's the time-scale involved then Twitter might as well save some resources and pull the plug on that filtering. The phishing gangs do not hang around for months, they are generally fly-by-night types with sites up and down like a whore's drawers.

Secondly, what about the retweet situation? Twitter itself states, in a blog posting regarding Project Retweet which will bring official support to retweeting, that "The open exchange of information can have a positive global impact and the more efficient dissemination of information across the entire Twitter ecosystem is something we very much want to support." Well, it has a funny way of showing it. If you suspend someone for posting something inappropriate, what about anyone who retweets that posting? If the filtering system is, indeed, automated then rewteeters are surely also at risk of suspension. ]]> Growing an Online Community happygeek http://www.daniweb.com/forums/thread229498.html News Story Netscape Communicator is born again http://www.daniweb.com/news/story229484.html Mon, 12 Oct 2009 09:50:41 GMT Remember when a web browser was so much more than just a web browser? It seems that the days of the all-you-can-eat Internet suite are back as the SeaMonkey 2.0 release code (http://www.seamonkey-project.org/releases/2.0rc1) is made available to download. There was a time when Netscape ruled... Remember when a web browser was so much more than just a web browser? It seems that the days of the all-you-can-eat Internet suite are back as the SeaMonkey 2.0 release code is made available to download.

There was a time when Netscape ruled the online world, but you have to be something of an Internet veteran to remember it to be honest. Back in the day, and that would be 1997 if my memory serves me well, Netscape Communicator was the only browser in town but it wasn't only a browser. You got email in the form of Netscape Messenger which also included a Usenet News client, and address book, a calendar and even an HTML editor known as Netscape Composer.

That was before Mozilla came along with Firefox and declared war on browser bloat. Now, as the likes of Google with the Chrome browser have stripped back to the basics, the circle of online life has been completed. Yes, the SeaMonkey Council is adopting the bloatware principle and brings you an all-in-one Internet suite. There's the familiar web browser, of course, but also a Mail and Newsgroups client with spam controls built in, an IRC 'chatzilla' client and, oh yes, the SeaMonkey Composer for HTML editing.

The big question remains, to be fair, does anyone actually want this kind of Internet application suite anymore? To be honest if I wanted a bloated browser I would still be using Internet Explorer. Oddly, back at the start of 2005 Mozilla itself didn't seem to think anyone wanted bloated browsers either. On March 10th, 2005, the Mozilla Foundation said that the Mozilla Application Suite (as it was then) would not have any more releases. The pretty sound reasoning being that it needed to concentrate on Firefox and Thunderbird as people wanted standalone clients. The development door was left ajar, however, with the SeaMonkey Council taking over the project and release management allowing community members to continue pushing the concept and the code forward.

So why do I say that Netscape Communicator has been born again? Well I have a very long memory, and was indeed around working online at the time, and can recall that while Netscape Communicator 5 never actually saw the light of day it did have a code name. That code name was SeaMonkey... ]]> Web Browsers happygeek http://www.daniweb.com/forums/thread229484.html News Story The Return Oriented Programming Hackers http://www.daniweb.com/news/story228659.html Thu, 08 Oct 2009 20:21:06 GMT Want to know how to fix an election without resorting to bribery and corruption? Ever thought about throwing some Return Oriented Programming into the voting equation? Ordinarily, the hacking into of an electronic voting machine might spark a little bit of interest if there were an election... Want to know how to fix an election without resorting to bribery and corruption? Ever thought about throwing some Return Oriented Programming into the voting equation?

Ordinarily, the hacking into of an electronic voting machine might spark a little bit of interest if there were an election looming perhaps. That said, the potential insecurity of such machines can happily be filed under old news.

However, my attention was grabbed by the paper (Can DREs Provide Long-Lasting Security?) from a bunch of security researchers based at the Universities of California, Michigan and also Princeton. Not least because while it did, I admit, involve revealing how a Direct Recording Electronic voting machine had been hacked it also described something called Return Oriented Programming. Also, much of the research that has gone before when it comes to the security of voting machines tends to rely greatly upon having access to source code. The researchers say that they hope their results "go some way towards answering the objection, frequently raised by vendors, that voting security researchers enjoy unrealistic access to the systems they study."

The DRE voting machine in question, a Sequoia AVC Advantage, dates back to the 80's so maybe it is not that surprising that it can be hacked today. However, that does not make it an easy target: the thing employs numerous safeguards such as separating data and code, and throwing up a non-maskable interrupt error if someone were to try and execute injected code in RAM (the actual executable code for this machine is held in ROM). Nor does it make the research irrelevant, as the team states in its paper "because the development, certification, and procurement cycle for voting machines is unusually slow, the service lifetime can be twenty or thirty years."

Yet the research team are insistent, courtesy of Return Oriented Programming techniques, that if someone used the same techniques as they describe it would be possible, assuming they had access to the machine in the first place, to replace the installed election application with one of their own which could manipulate the voting in any way the attacker wished.

"The Z80 instruction set is very dense. Every byte is either a valid opcode or is a prefix byte. As there are no invalid or privileged instructions, instruction decoding of any sequence of data always succeeds" the researchers explain in their paper, adding "This density facilitates return-oriented programming since we can exploit unintended instruction sequences to build gadgets — a sequence of pointers to instruction sequences ending with a ret." By using a stack that is made up of code snippet addresses the researchers were able to show how they can recreate what are, for all intents and purposes, arbitrary programs. It's clever stuff, using a bog standard buffer overflow within the program code to create the stack and having a ret instruction triggering one ret after another in order to execute the vote rigging code itself.

The team have managed to demonstrate that an attacker could exploit vulnerabilities in one particular voting machine in order to install vote-stealing malware using a maliciously formatted memory cartridge. The important thing being that they have done this without replacing the system ROMs and starting out with "no source code, schematics, or nonpublic documentation." The whole attack-stealing code was produced in less than 16 man-months of labour and at a cost, if replicated in the private sector of around $100,000.

Kudos to Stephen Checkoway, J. Alex Halderman, Ariel J. Feldman, Edward W. Felten, Brian Kantor and Hovav Shacham for their innovative research. ]]> C happygeek http://www.daniweb.com/forums/thread228659.html News Story The political power of Twitter challenged http://www.daniweb.com/news/story227590.html Sun, 04 Oct 2009 15:59:44 GMT It would appear that a political activist from New York has been arrested by the FBI in connection with helping orchestrate G20 summit protesters in Pittsburgh. According to The Guardian (http://www.guardian.co.uk/world/2009/oct/04/man-arrested-twitter-g20-us) the man, Eliot Madison from Queens,... It would appear that a political activist from New York has been arrested by the FBI in connection with helping orchestrate G20 summit protesters in Pittsburgh. According to The Guardian the man, Eliot Madison from Queens, has been charged with hindering prosecution after helping G20 protesters evade police by using Twitter.

Along with another man, Madison is said to have been tracked by law enforcement agents to a motel room during the summt, where he was found in front of a row of laptops and emergency frequency radio scanners.

The official police documents say that both men were using Twitter in order to "inform the protesters and groups of the movements and actions" of law enforcement during the protests. Of course, it should come as no surprise that Twitter is being used to help organise political protest if, indeed, that were the case in this instance. After all, people Tweeting have a proud and proven track record of providing information during all kinds of political disturbances around the world.

When it is someone using Twitter to report on the movements of police during a rebellion in a hostile nation then it is positively encouraged by the US authorities. However, it appears that when the political unrest is nearer to home (well, right inside the house, as it were) then US authorities are less accommodating of the democracy afforded by such real-time micro-blogging.

During the G20 summit the police were seen to be openly monitoring Twitter feeds so as to be able to listen in on the protesters' communication lines, but this is the first time that I am aware of arrests being made as a result of that monitoring.

If this goes to court, as seems likely, I will be interested to see the defence that Madison puts up. Especially if reports that he is a member of a group called People's Law Collective, which serves to give legal advice to protesters, are true.

The New York Post reports that Madison is also charged with criminal use of a communication facility and possessing criminal instruments.

So, is this a case of the political power of Twitter being challenged right on it's own doorstep? Let me know what you think... ]]> Growing an Online Community happygeek http://www.daniweb.com/forums/thread227590.html News Story Malware hosting trends exposed http://www.daniweb.com/news/story226750.html Wed, 30 Sep 2009 10:46:42 GMT Using newly registered domains with a very short lifespan to host malware websites is so last year. It would appear that these days such things are far more likely to be hosted on much older compromised web sites instead. Could this be down to a decline in domain tasting? The latest MessageLabs... Using newly registered domains with a very short lifespan to host malware websites is so last year. It would appear that these days such things are far more likely to be hosted on much older compromised web sites instead. Could this be down to a decline in domain tasting?

The latest MessageLabs Intelligence report appears to think so, suggesting that the previously widespread practise of cancelling a new domain registration within a few days 'cooling off' period has been in decline recently. Indeed, the Internet Corporation for Assigned Names and Numbers stated as much in June. The MessageLabs analysis of those websites which had been established purely to deliver malware showed that those domains classified as young, registered within three months of being blocked for hosting malicious content, are now relatively small in number. Mainly because they are discovered and taken down within the first 38 days of registration in 90% of cases. When it came to older domains that had been registered for more than three months and then compromised for malware service, MessageLabs discovered that they have a much longer shelf life: 90% are taken down after 138 days. Overall, 80% of sites blocked for serving up malware are established legitimate sites which have been compromised.

"It is not surprising that with a small window of opportunity for younger domains, the attackers register domains much faster" Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec says "suggesting that attackers are working very hard to set up new domains and compromise new websites. However, in an effort to keep up with the rapid turnover of domains, the bad guys are often serving up the same malware". Which is why it is of a greater benefit for the bad guys to compromise those existing sites rather than establish a specialised new domain for the purpose. "Fundamentally, using legitimate websites to spread malware reduces the labor for the cybercriminals and extends the lifetime of the malware" Wood explains, adding "moreover, by taking advantage of the Add Grace Period, a policy that allows scammers to register a domain at no cost and cancel after five days, ‘domain tasting’ and ‘domain kiting’ have become common practice for cybercriminals, allowing them to beat the system without ever paying for malware distribution."

The report also highlights a decrease in the global ratio of spam in email traffic from new and previously unknown bad sources in September, down 2.1% since August to 86.4% or 1 in every 1.2 emails sent. Year on year though, spam levels were up: 88.1% for Q3 2009 compared with 81.0% for Q3 2008. There was also bad news about botnets, which appear to be have well and truly recovered from the McColo takedown hiccup and are now responsible for sending a staggering 150 billion spam emails every day! ]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/forums/thread226750.html News Story WW2 code breakers win the lottery http://www.daniweb.com/news/story226521.html Tue, 29 Sep 2009 11:01:10 GMT Bletchley Park, the top secret code breaking hub that played a pivotal role in the outcome of World War Two, has finally been awarded development funding of some £460,500 ($735,500) from the Heritage Lottery Fund. The money will literally save the place the saved the lives of countless people by... Bletchley Park, the top secret code breaking hub that played a pivotal role in the outcome of World War Two, has finally been awarded development funding of some £460,500 ($735,500) from the Heritage Lottery Fund.

The money will literally save the place the saved the lives of countless people by shortening World War two by at least two years. With the money, the Bletchley Park Trust will be able to start plans for transforming Bletchley Park itself into a world class heritage and educational centre. The Trust now has a further two years in which to finalise the plans before submitting them to the HLF in order to raise a further £4.1 million ($6.5 million) of the total £10 million ($15.9 million) needed for the project.

One very vocal supporter of Bletchley Park, the renowned actor, author and Twitterer Stephen Fry could hardly contain his joy: "the news that Bletchley Park has the initial support of the Heritage Lottery Fund is simply wonderful" Fry enthused, adding "and yet, what should the Heritage Lottery Fund do if not exactly this? As each year passes it is becoming clearer and clearer just how vital a role in winning the war Bletchley played".

It has been a good month for code breaker fans. Just a couple of weeks ago the British Prime Minister, Gordon Brown, apologised for the prosecution and persecution of Alan Turing which ended up killing the man who led the technological fight against Hitler and the Nazis. "The Prime Minister’s apology on behalf of the nation to Alan Turing last month was the first step" Fry explains with "the government announcement in July of Commemorative Badges for Bletchley Park veterans" the second, and now the funding announcement completes a trio of good fortune.

Since 1994, Bletchley Park has been open to the public in the guise of a museum and houses the National Museum of Computing which, also this month, announced it was on a mission to restore the world's oldest original working computer. Bletchley Park Trust wants to transform the current museum into a world-class heritage and educational site that can remind us all of the profound significance of the impact its work had on the outcome of war and as a permanent tribute to its unsung intellectual warriors.

Carole Souter, Chief Executive of Heritage Lottery Fund, said "Bletchley Park is an extraordinary part of the UK's heritage. The Heritage Lottery Fund's initial support for the Trust's restoration plans demonstrates our belief that Bletchley's story should be much more widely known and appreciated. We also recognise the importance of preserving the site as a tribute to the men and women who worked there with quiet and tireless dedication during World War Two. Without their dedication, our nation's history might have been a very different one." ]]> Computer Science happygeek http://www.daniweb.com/forums/thread226521.html News Story How the music copyright debate turned into a copywrong farce http://www.daniweb.com/news/story226113.html Sun, 27 Sep 2009 13:24:48 GMT When singer Lily Allen posted a passionate plea for people to stop illegally sharing music files, and started a dedicated blog where fellow pop stars could voice their concerns over the 'theft' of their work, you might have been forgiven for thinking it would just turn into the usual bunch of rich kids moaning about how unfair it was that they couldn't buy a second Ferrari this year. However, it quickly got much more interesting than that, thanks to a large dose of double standards on the part of Allen herself.

The trouble with setting yourself up as some kind of industry spokesperson when the debate is as explosive as the music sharing one, and proffering support for a three strikes and you are out law, is that you have to be pretty damn sure of your position. While there is certainly a goodly amount of honesty, passion and common sense in what Allen says on the subject all of that pretty much disappeared up the wazoo, hidden by a smokescreen of her own making. Allen lit the match by seeming to forget that copyright and intellectual property rights apply outside of the glitzy music business. It would appear that the 'It’s Not Alright' blogger rather unfortunately posted a message to kick the whole debate off which, while explaining that copyright infringement is a bad thing, itself infringed the copyright of the person who had actually written most of it and the news site where the cut and pasted paragraphs had originally been published. There was no hint that the first half of the message had been lifted entirely from the Techdirt site, nor that it had been written by someone else; no link back to them, no credit, nothing. Not only that, but as was quickly pointed out, the site also contained images of newspaper articles scanned and reproduced as entire pages.

No wonder supporters of file-sharing, journalists and other independent observers quickly piled in to accuse the singer of displaying a bad case of poor judgement and double standards. It almost seemed like the 'we work hard to create music, don't steal it' argument was existing in a bubble where other creatives and their work were not seen as valuable or worthy of equal protection.

To make matters worse, when the inevitable criticism started to hit the fan, Allen responded not with hands up in horror at such a glaring faux pas but instead with an apology that seemed to border on the 'it was a mistake, I've done nothing wrong' kind of argument that you might hear from, oh let's see, someone accused of music file-sharing. Allen posted a rebuttal, largely in shouty upper case text, which read

Quote:

"I THINK ITS QUITE OVIOUS THAT I WASNT TRYING TO PASS OF THOSE WORDS AS MY OWN, HERE IS A LINK TO THE WEBSIITE I ACQUIRED THE PIECE FROM. Apologies to Michael Masnick.
http://www.techdirt.com/articles/20090914/0348436181.shtml"

The spelling mistakes are hers, not mine, dear reader. I note that she used the word 'acquired' rather than stole, funnily enough.

I would imagine it would be a different matter if Michael Masnick, the author of the copy that appeared on the site, were to post Lily Allen music clips on his site without crediting her as the artist, or posted those clips at all for that matter.

Also, funnily enough, that message is no longer available. Nor are any of the others that were posted to the Lily Allen blog either by Allen herself, fellow musicians such as Gary Barlow and Mark Ronson amongst others, or any of the people who commented either supporting or criticising her position. The blog has vanished, closed down by Allen it would appear according to her Twitter postings as "the abuse was getting too much."

All of which helps to perfectly illustrate just what is missing from much of the file-sharing debate, and that would be reasoned thought. There is far too much knee jerk reaction on both sides of the argument and not enough people prepared to think before they post. Only when the two camps can sit down and debate rationally will a reasonable solution emerge, and emerge it must if the music industry is to survive the business evolutionary stage it has found itself at in the 21st century. ]]> Cellphones, PDAs and Handheld Devices happygeek http://www.daniweb.com/forums/thread226113.html News Story The true cost of a free Windows 7 upgrade revealed http://www.daniweb.com/news/story224831.html Tue, 22 Sep 2009 10:48:44 GMT There ain't no such thing as a free Windows 7 upgrade. At least that's what it is starting to look like for the majority of people, despite the 'free upgrade' vouchers that are being handed out with new computers as part of the Windows 7 Upgrade Option scheme. A scheme which has been introduced to stop the huge dip in PC sales during the period before a new Windows OS ends up being a standard feature that would otherwise occur.

According to research carried out by PC Pro magazine in the UK, PC manufacturers are charging their customers in order to redeem free upgrade vouchers.

Just how much they are charging customers for the privilege of a free upgrade varies from manufacturer to manufacturer, but the voucher processing fee can be as high as £27.90 ($45) in some cases. That's how much PC Pro revealed was being charged by Toshiba in order to send out the upgrade OS discs. Dell was keeping quiet and refused to say how much it was going to be charging for shipping and handling, however HP, Lenovo and Sony customers can all expect to have to find around £20 ($32.50) for the discs. Just to make matters worse, Microsoft recently announced it would make the full version of Windows 7 Professional available to students in the UK for just £30 ($40).

Of course, nobody is denying that there is a cost to providing Windows 7 upgrade OS discs. Media reproduction and shipping fees must be factored into the equation. Toshiba are sending additional Windows 7 driver discs with the upgrade, but even so it seems to me that tempting customers with a 'free upgrade' headline offer and then asking them for a far from free handling and shipping fee is rather, well, unfair. Especially when some PC manufacturers are being less greedy: the PC Pro investigation revealed that both Chillblast and Mesh are not charging a penny to mail out the upgrade discs to customers.

So who is to blame here, PC vendors or Microsoft? Well Microsoft are saying that it's up to the vendor as to how much they charge for the Windows 7 upgrade discs, saying that the manufacturers have "complete control" over such things. However, PC Pro has one vendor on record saying that Microsoft has been selling two different SKUs for each version of Vista, and the one with the Windows 7 Free Upgrade voucher costs an additional £10 ($16). ]]> Windows Vista and Windows 7 happygeek http://www.daniweb.com/forums/thread224831.html News Story Can a Cosmic iPhone bring order to your life? http://www.daniweb.com/news/story224558.html Mon, 21 Sep 2009 10:12:49 GMT It has long been affectionately known as the Jesus Phone (http://www.itpro.co.uk/blogs/daveyw/2008/08/28/jesus-phone-does-not-perform-miracles/) because of the almost religious following it receives, but can the iPhone really harness the power of the Cosmos to help organise your life? Veteran TV... It has long been affectionately known as the Jesus Phone because of the almost religious following it receives, but can the iPhone really harness the power of the Cosmos to help organise your life? Veteran TV presenter Noel Edmonds, he of Deal or No Deal, Are You Smarter Than A 10 Year Old and Noel's Christmas Presents fame reckons it can.

Indeed, Edmonds already created something of a fuss about the new age concept of Cosmic Ordering after taking to drawing different symbols on his hand for each show in the Deal or No Deal TV programme. The show became hugely popular here in the UK, catapulting the former-star back into the media limelight after having been largely off the small screen for some years. There was plenty of speculation about the images drawn on his hands, but they were eventually revealed to be part of the whole Cosmic Ordering thing which seems to involve making requests of the Cosmos which are then granted for those who adopt a positive attitude to life.

Positive Apps, the developers of the Noel Edmonds' Cosmic Ordering iPhone App, are keen to point out that "Cosmic Ordering is not a whacky form of prayer" and that they cannot "actually prove that it exists" however they also insist that it "can change your life forever".

Noel Edmonds says, in the blurb for the software at the iPhone App Store, that "Cosmic Ordering has over the past 4 years brought me a fresh, exciting lifestyle full of love, laughter, happiness and success." Not quite sure what he was ordering from the Cosmos two years ago, then, when it was reported that Edmonds was believed to have lost a small fortune as a result of the collapse of his Unique Group business. This was the company that owned the intellectual property rights to perhaps the best known of the Noel Edmonds creations, Mr Blobby.

Anyway, allowing for that apparent blip in the cosmic order of things, what do you get for the £1.19 ($1.92) that the iPhone app costs? I bit the cosmic bullet, dipped into my cosmic wallet and downloaded it to find out. While I was waiting for it to install I read some of the instructions, which seem to revolve around the fact that the Cosmos will not deliver upon your life requests unless you set yourself clear goals, open your mind, body and soul to life's opportunities and "most importantly of all" believe in yourself and your own abilities.

Right, so plenty of get out clauses when it doesn't actually work then. Looks like it will be all my own fault. Sweet. Microsoft should try that one.

The first thing you notice, and you really cannot escape it, is the fact that Noel Edmonds is big in Cosmic Ordering: so big his face fills the entire iPhone screen when you launch the app. I could have done without that, to be honest. Hit the big ? button on the toolbar and you get more Noel, explaining in a video how Cosmic Ordering can change your life. I am starting to wonder if I have actually just bought a Noel Edmonds PR application by mistake here. Ah, hit the 'manage' button and you get the chance to 'Make a Cosmic Order' which I do against a pink and blue background of stars and suchlike. Not being too greedy, I opt for winning the UK National Lottery this Wednesday when the jackpot will be much smaller than either the Saturday draw or the Euro Lottery draw on Friday. Hitting the button to launch my order it vanishes in a star-field screensaver effect, complete with Disney fairy twinkling sounds. I'm not sure if this is important to make it work or not.

So what else does it do? Actually, not a lot. I can sort my orders by category such as health, wealth, happiness etc. I can flag them as being completed, although obviously I will have to wait until Wednesday night for confirmation of my lottery win.

Ah, the penny drops: I've bought a Cosmic ToDo list with pink and blue stars, twinkly sound effects and a video of Noel Edmonds. If you do believe in this stuff, save yourself a quid and just use any free ToDo list app on the iPhone and you'll surely still achieve the same results?

If there was any justice in the Cosmos, Apple would have approved the Google Voice app and the South Park app. Maybe I should send a Cosmic Order requesting approval for those two much more deserving apps, and another for a full refund, before I delete this one from my iPhone? ]]> Apple Hardware happygeek http://www.daniweb.com/forums/thread224558.html News Story Blogger uses SEO to get vacation refund http://www.daniweb.com/news/story223996.html Fri, 18 Sep 2009 11:05:08 GMT When a complaining consumer starts topping the Google search rankings for your company, perhaps it is time to start taking them seriously?

Who says that blogging is a waste of time? Not me, but then I've been blogging for a while now, admittedly in a professional capacity as a technology journalist rather than the perhaps more usual rant and ramble personal way. Andrew Sharman did the rant thing recently, and oh boy is he glad he did. It seems to have led to him getting a pretty hefty refund from a tour operator after a particularly poor vacation experience in Tunisia.

Sharman sent a letter of complaint to the tour operator, a 10 page letter of complaint no less, but after six weeks had only got the normal thanks for your complaint acknowledgement and nothing appeared to be getting done. So the web developer decided to blog about it.

I've just been reading Andrew Sharman's blog in which he describes at some length just how awful his holiday trip to Tunisia, booked via Thomson holidays, actually was. Under the heading of 'Thomson trip to Tunisia, staying in Marhaba Palace Review' Sharman describes how Tunisia itself is a nice place, but recounts the bad experience he had booking his vacation and actually taking it. He mentions how he was promised a double bed but ended up in a hotel without any double beds at all, how he was told the hotel was popular with his age group but it actually turned out to be a haven for the elderly, and how a day trip to the Sahara was possible when in fact it was an eight hour drive away.

But it gets even worse than that, according to the Sharman blog. He details how the sales representative promised a free drink with every meal on his full board tariff but discovered only expensive drinks at the hotel, and how the beach was filthy and the hotel not a lot better.

After publishing the blog and then Tweeting about it as well, the thing kind of took off. So much so, in fact, that if you Googled for 'Thomson Tunisia trip' or even 'Thomson Tunisia review' instead of getting results from the holiday company itself or glowing reviews of vacations, you got his blog rant ripping them to shreds. Thousands of readers were proving that citizen journalism extends into the world of travel, and corporations can ignore it at their peril.

Sharman then informed Thomson of just how popular the blog entry had become and ended up with a £595 refund on the holiday that had cost him £900 originally. He says that the firm asked him to mention on his blog that he was happy with the way the complaint had been dealt with, but Sharman refused to play ball and instead insisted he would say the complaint was resolved but also explain how that resolution came about. A spokesperson for the tour operator says "all our customers can expect to receive an excellent level of service before, during and after their holiday, regardless of whether or not they publish a blog" - although I'd like to add that, as Mr Sharman's case seems to prove, a good old rant sure doesn't do any harm! ]]> Search Engine Optimization happygeek http://www.daniweb.com/forums/thread223996.html News Story FTP Security FAIL http://www.daniweb.com/news/story223468.html Wed, 16 Sep 2009 10:08:23 GMT One third of businesses totally fail to encrypt their sensitive data transfers. That's the conclusion of a new survey into file transfer security which noted the huge disparities in attitudes towards data security in general and data security during transfer. According to the 2009 File Transfer Security Survey undertaken by managed file transfer solutions developer Ipswitch, while some 82% of organisations engage in the exchange of sensitive data only 64% actually encrypt that data either when it is at rest or being transferred.

Within the engineering and heavy industry sectors only 54% of respondents reported encrypting sensitive data as part of their secure data transfer strategy, whereas when it came to health, education and government services the numbers improved to 69%. Perhaps unsurprisingly, the IT sector did better with 70% of respondents encrypting data, but not as good as professional services on 74% or the big daddy of secure data transfer which was financial services on 77.5% - although this is largely down to the presence of explicit and demanding regulations to ensure financial data is safe.

Based upon responses from more than 300 businesses ranging from media organisations, law and accountancy firms through to national and local government, schools, hospitals banks, consultants and retailers, other key findings of the report included:

22% of businesses in financial services do not encrypt data transfers
16% are still not confident that their arrangement for transferring large files is secure
Over a third of respondents cite secure file transfer as a ‘high priority’, 24% see it as a ‘low priority’, and a third regard price as the most important criterion when implementing it

Despite increasingly stringent regulation, including new rules for data protection and handling of financial data, only 6% recognise that this has presented short term implementation deadlines, whilst 49% either believe no improvements to secure transfer infrastructure are needed, or have placed improvements on hold

Referring to a record £3.3 million fine handed down by the FSA, this month, to a major financial institution, for the loss of unencrypted data, Ipswitch Vice President, Jonathan Lampe, says "we know that even big banks still fail to encrypt all transfers of sensitive financial data, we commissioned this report to examine failings in the transfer of sensitive data across all business sectors, and we are still seeing a persistent minority failing to deal with sensitive data in a secure or compliant manner." ]]> Network Security happygeek http://www.daniweb.com/forums/thread223468.html News Story The evil twins of cyber-security: clients and servers http://www.daniweb.com/news/story223202.html Tue, 15 Sep 2009 10:40:11 GMT According to a new report, published today by SANS, the overwhelming majority of all cyber-security risks can be laid at the door of just two areas: unpatched client-side software and vulnerable Internet facing web sites. The report was compiled by Rohit Dhamankar, Mike Dausin, Marc Eisenbarth... According to a new report, published today by SANS, the overwhelming majority of all cyber-security risks can be laid at the door of just two areas: unpatched client-side software and vulnerable Internet facing web sites.

The report was compiled by Rohit Dhamankar, Mike Dausin, Marc Eisenbarth and James King of TippingPoint with assistance from Wolfgang Kandek of Qualys, Johannes Ullrich of the Internet Storm Center, and Ed Skoudis and Rob Lee of the SANS Institute faculty. But, to be fair, I'm not sure that attack data from systems protecting 6000 organisations and vulnerability data from 9,000,000 systems was really needed to arrive at its conclusion.

You only need to keep an eye on the news to realise that unpatched software is being targeted by the spear phishers and bad guys, with client-side vulnerabilities in the likes of Adobe software hitting the headlines this year and last.

The SANS 'Top Cyber Security Risks' report says that it represents "the primary initial infection vector used to compromise computers that have Internet access." What is interesting is the report finding that, on average, major organisations will take at least twice as long to patch these client-side software vulnerabilities as they do to patch operating system vulnerabilities. As SANS puts it "the highest priority risk is getting less attention than the lower priority risk."

And talking of priority risks, the number two according to the report would be vulnerable web sites. SANS says that attacks against web applications constitute "more than 60% of the total attack attempts observed on the Internet." No real shocker there either then, especially coming hot on the heels of another report which suggests that some 90% of all web applications have at least one medium risk vulnerability present and 27% have at least one high risk. The SANS numbers pretty much match up with other reports, suggesting that SQL injection and Cross-Site Scripting in web applications account for around 80% of the vulnerabilities reported. Again, almost incredulously, web site owners are simply failing to effectively scan for the most common of flaws and leaving their sites and applications open to abuse.

On the good news front, OS worms are down with only Conficker making any real impact between March and August this year. That impact looks like continuing though, with emerging news that Conficker is back with a scareware twist in the tail. On the not so good news front, zero-day vulnerabilities have continued to rise significantly over the last three years with some remaining unpatched for as long as 2 years. ]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/forums/thread223202.html News Story Time for the SexBox 360 and PornStation 3? http://www.daniweb.com/news/story222514.html Sat, 12 Sep 2009 13:27:25 GMT If it wasn't bad enough that someone is filing for a trademark to cover an adult-oriented games console called a SexBox, the world's largest adult entertainment company is seeking approval from Sony to turn its entertainment console into a PornStation 3.

Silican Xtal Corp, a San Jose based integrated circuit manufacturing company, has filed a trademark claim with the US Patent and Trademark Office for a SexBox. The filing refers to a "Video Gaming System Console comprised of computer hardware with unique user controls which plays interactive Adult Only rated video game software titles." I cannot imagine that the Microsoft lawyers will be taking this one laying down, considering how close to an Xbox a SexBox sounds. Indeed, the filing itself even talks about playing these adult content games through interactive adult communities and multiplayer online games. Considering that Microsoft does not allow such adults only content games, and we are not referring to 18 rated violent games but rather ones with a very explicit sexual content, you have to imagine it will fight this one all the way. If successful it could bring a whole new meaning to Red Rings of Death I guess.

Meanwhile, the largest adult entertainment (that's porn to you and me) company in the world, Vivid Entertainment, is apparently trying to convince Sony to allow porn content to be made available on the PS3. In an interview, Vivid boss Steve Hirsch argues that as long as "age verification is in place that (Sony) feels comfortable with we see no reason why adults shouldn't be allowed to access adult movies on the Playstation 3."

You might imagine that such a move stands as much chance as that SexBox trademark application being accepted, but there does seem to be a precedent albeit a Japanese only one. Apparently, Sony has allowed Blu-ray quality HD adult movies on-demand via DDM.TV in Japan only. So if PlayStation porn is OK in Japan one wonders why it will not be elsewhere in the world. ]]> Cellphones, PDAs and Handheld Devices happygeek http://www.daniweb.com/forums/thread222514.html News Story Conficker is back and twisted http://www.daniweb.com/news/story222214.html Fri, 11 Sep 2009 09:37:38 GMT Remember Conficker, the virulent worm which caused such havoc at the start of the year? No, well maybe news headlines such as 'Virus sinks Royal Navy fleet comms' and 'Windows worm infects millions' might help jog your memory. Well hold onto your hats people, Conficker is back. And this time it comes with a new twist.

According to security specialists BitDefender the worm has not turned, but returned. Looking at the e-threat statistical report the company produces, I could hardly believe my eyes: sitting ugly on top of the most infected by charts was Conficker. In fact, of all the infected machines that BitDefender looked into during the month of August, Conficker (a.k.a Win32.Worm.Downadup) was sitting there staring back at them on a really quite staggering 43% of them. That puts it way out in front of other malware threats, with the second most prevalent infection (an Embarcadero Delphi built code injector called Win32.Induc.A) mustering a relatively meagre 15% share.

The latest Conficker variant has some new tricks up its virtual sleeve, such as not only being able to prevent access to IT security vendor websites as it always has but adding the installation of rogue security software onto the compromised machine. Highly profitable scareware scams have hit the headlines here at DaniWeb before, and Microsoft has had some success in hunting down the offenders. But the fact that Conficker is blocking access to legit software sites and leaving the door open to fake security solutions is a worrying turn of events.

The rest of the August threat list looks like this:

3. Win32.Sality.OG (polymorphic file infector)
4. Worm.Autorun.VHG (network worm)
5. Win32.Virtob.Gen (file infector written in assembly language)
6. Packer.Malware.NSAnti.1 (malware packing protection)
7. Win32.Worm.AutoIT.AC (keylogger dropper)
8. Win32.Sality.2.OE (dropped by Win32.Sality)
9. GEN:TDSS.Patched.1 (file dropper)
10. Win32.Worm.Downadup.Gen (worm exploiting MS08-67 vulnerability) ]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/forums/thread222214.html <![CDATA[News Story Top 10 reasons why I don't care about The Beatles on iTunes]]> http://www.daniweb.com/news/story221694.html Wed, 09 Sep 2009 09:09:05 GMT All the news and social media feeds seem to have overdosed on one story this week: will The Beatles be on iTunes after the big Apple 'Rock and Roll' event today? News at eleven: I don't give a stuff, and here's my top ten reasons why.

Most people would rather have an iPod with a camera than an iPod with The Beatles.
Reality check: the only people who are really getting their knickers in a knot over the possibility of Beatles music on iTunes, unfortunately, would be we the media.
The Beatles are not, and I'm really sorry to have to break this to the fans out there, I repeat not the biggest/best/hottest band on the planet. The hard truth of the matter is that in 2009 The Beatles are simply not relevant, in music terms.
If I wanted Beatles music on my iPod I would have copied tracks off the over priced Beatles box set CDs I had bought (I don't, and I have not bought a box set, but plenty do and have) rather than be stupid enough to pay twice for the same music.
If the record companies really cared about music fans, also known as their customers, they would have made the Beatles back catalogue available in digital format a long time ago. They have not, ipso facto they don't give a stuff about us so why should we give a stuff about them. Even if there was an announcement at the Apple event today, it's too little and too late to make any difference.
The news feeds have taken two plus two and come out with five. The Apple event was announced with a tagline of "It's only rock-n-roll but we like it" and everyone said oh they are talking about The Beatles. Totally failing to notice that it is actually a Rolling Stones reference.
If you do want Beatles music but don't have the cash or inclination to line the greedy record company coffers, pop down to the local garage and pick a CD out of the bargain bin for a few pennies. There are plenty of them available, then just rip them onto your MP3 player. It's doubtful that the police will be breaking your door down any time soon as a result.
It's not even as if Beatles music isn't already available online for download, it is by the barrow-load. OK, none of it is legal, but it does already exist and how.
The sixties were a long time ago, get over it.
Beatles Rock Band, the game, is a far more relevant and interesting way to get into the 'Fab Four' in the 21st century. You might as well have some fun while listening to the tedious pop melodies of yesteryear.

]]> Mac Rumors and Reports happygeek http://www.daniweb.com/forums/thread221694.html News Story Security spending to outpace other IT spending in 2010 http://www.daniweb.com/news/story221460.html Tue, 08 Sep 2009 13:13:19 GMT It's good news for those in the security business, according to Gartner at least. It is predicting that security software and services spending will outpace other IT spending areas in 2010. The Gartner report suggests that security software budgets will grow by approximately 4% in 2010, while security services budgets will grow almost 3%.

Earlier this year Gartner surveyed more than 1,000 IT professionals with budget responsibility worldwide to determine their budget-planning expectations for 2010 and the results form the basis of this new report.

"In the current highly uncertain economic environment, with overall IT budgets shrinking, even the modest spending increases indicated by the survey shows that security spending accounts for a higher percentage of the IT budget," said Adam Hils, principal research analyst at Gartner. "Security decision makers should work to allocate limited budgets based on enterprise-specific security needs and risk assessments."

Specific areas of projected security-related software spending growth in 2010 includes security information and event management (SIEM), e-mail security, URL filtering, and user provisioning. The continued, comparatively strong emphasis on security extends beyond software. The survey showed that security services spending will also outpace spending in other services areas, with budgets expected to grow 2.74 per cent in 2010. This anticipated increase is being driven in part by a growing movement towards managed security services, cloud-based e-mail/web security solutions, and third-party compliance-related consulting and vulnerability audits and scans.

"When evaluating and planning 2010 security budgets, organisations should work to achieve a realistic view of current spending and recognise that it may be impossible to capture all security-related spending because of organisationally diffused security budgets," said Ruggero Contu, principal research analyst at Gartner. "Businesses should also recognise that new threats or vulnerabilities may require security spending that exceeds the amounts allocated, and should consider setting aside up to 15 per cent of the IT security budget to address the potential risks and impact of such unforeseen issues." ]]> Network Security happygeek http://www.daniweb.com/forums/thread221460.html News Story Is Sony a Linux killer? http://www.daniweb.com/news/story220780.html Sun, 30 Aug 2009 11:07:28 GMT Most people welcomed the news (http://www.daniweb.com/blogs/entry4642.html) that the Sony PlayStation 3 was slimming down, both in physical size and in terms of off the shelf pricing. The Linux crowd are not so impressed however. According to SCE president and CEO Kazuo Hirai, the PS3 slim is... Most people welcomed the news that the Sony PlayStation 3 was slimming down, both in physical size and in terms of off the shelf pricing. The Linux crowd are not so impressed however.

According to SCE president and CEO Kazuo Hirai, the PS3 slim is some 36 percent lighter and 32 percent smaller than the original PS3 but retains the Blu-ray player along with a 120GB hard drive. What it has got rid of, according to reports, is the option to run Linux under an Install Other OS option that is available on the fat PS3.

Who cares, you might be thinking. After all, it's just a games console and the number of users who will be fiddling with the thing to install any kind of Linux on to it has to be fairly small in the scheme of things. Well, yes, maybe. But the small number of researchers who have been using the PS3 Cell processor by running Linux and creating PS3 clusters to further their research on a budget will see it as a big loss.

A (since deleted) forum post on an official Sony PlayStation website stated:

"In order to offer the OtherOS install, SCE would need to continue to maintain the OtherOS hypervisor drivers for any significant hardware changes - this costs SCE. One of our key objectives with the new model is to pass on cost savings to the consumer with a lower retail price. Unfortunately in this case the cost of OtherOS install did not fit with the wider objective to offer a lower cost PS3."

Oh well, maybe those researchers had better start saving up for a $35 million, 1.6 petaflops, Cell processor powered IBM RoadRunner supercomputer instead. ]]> Posting Games happygeek http://www.daniweb.com/forums/thread220780.html News Story An iPhone in the bedroom http://www.daniweb.com/news/story220771.html Thu, 27 Aug 2009 23:36:44 GMT What do you wake up to? An old-fashioned alarm clock with small hammer and large bells atop a round clockface? Maybe a clock-radio or perhaps a straightforward digital alarm with a loud beep-beep-beep to get you moving of a morning? If you do, then you are in the minority as more and more of us... What do you wake up to? An old-fashioned alarm clock with small hammer and large bells atop a round clockface? Maybe a clock-radio or perhaps a straightforward digital alarm with a loud beep-beep-beep to get you moving of a morning? If you do, then you are in the minority as more and more of us apparently wake up to our mobile phones.

According to one new survey which questioned 1500 people regarding their morning bedroom routine, more than half used their mobile phones as alarm clocks.

One leading horologist and fellow of the British Horological Institute told the Daily Mail newspaper that the trend has already been seen with people using mobiles instead of wristwatches, and how it signals modern technology replacing mechanical things.

So what else is the mobile phone replacing? Well the same survey, unsurprisingly conducted for a mobile phone retailer, suggests that 20% of us use them to access the Internet, take photos, organise business schedules and keep on top of social networking.

I have to admit that it never actually occurred to me that I had replaced my alarm clock with an iPhone, but I have. In fact I have not used a 'proper' alarm clock since I first took delivery of the iPhone, it sits on my bedside cabinet acting as a handy one-tap illuminated clock for those middle of the night stumbles to the loo, and as a very effective alarm clock in the morning. I hate to sound like one of those annoying 'have you seen what my iPhone can do' types, but it really is starting to live up to that reputation. My iPhone is my alarm clock, calendar, mobile web browser, email client, portable games machine and even satnav. I have even been known to make a telephone call with it every now and then. ]]> Apple Hardware happygeek http://www.daniweb.com/forums/thread220771.html News Story Government gets tough on pirates after Mandy dines with Geffen http://www.daniweb.com/news/story220769.html Thu, 27 Aug 2009 00:44:10 GMT I'm not a great fan of the phrase 'total coincidence' and nor am I a fan of The Rt Hon Lord Mandelson, First Secretary of State, Secretary of State for Business, Innovation & Skills and Lord President of the Council to be formal.

While I'm on the small matter of things I don't like, I'm not exactly standing cheering on the sidelines when a recording or movie industry executive bemoans modern technology for stripping them of some of their profit from the sale of music or film.

So you can probably guess I was none too pleased to learn that the UK Government has done something of a 180 degree about turn of thinking when it comes to dealing with entertainment industry piracy on the Internet. The proposed draconian new powers include forcing Internet Service Providers to suspend or block the accounts of persistent downloaders. Oddly enough, this exact same suggestion was rejected just a couple of months ago in the much awaited Digital Britain report, which was published by none other than the UK Government itself.

Of course, the turnaround could have nothing to do with Peter Mandelson having dinner with David Geffen, a well known Hollywood media mogul, at a villa in Corfu belong to Nat Rothschild could it? Absolutely not, according to a Government spokesperson who said "I believe they had dinner, but they absolutely didn't discuss any peer-to-peer file-sharing."

Believe what you will, but understand this: many Internet Service Providers are not happy. One major ISP, TalkTalk, has gone on record to state "Introducing measures such as disconnection at the instigation of the Secretary of State will sidestep proper scrutiny, likely breach fundamental human rights and result in innocent people being disconnected or, worse, prosecuted" adding "What’s more, they will not work" and concluding that the plans would be strongly resisted. Even the Internet Services Providers' Association has said that it was disappointed by the announcement regarding disconnection which it considered to be "a disproportionate response."

Here's what the Government has to say about ISP account suspension:

Quote:

"The original proposal lists six technical measures that Ofcom might require ISPs to impose on repeat infringers. Since the issue of the consultation some stakeholders have argued strongly that none of those technical measures is powerful enough to have a significant deterrent effect on infringing behaviour. Also we cannot know how P2P technology might develop in the short to medium term, and we want to ensure that Ofcom has a full tool-kit from which to select the most appropriate measure should technical measures be deemed necessary. Taking those points into account, although we continue to regard the uptake and use of Internet services as essential to a digital Britain, we are considering the case for adding suspension of accounts into the list of measures that could be imposed. This does not necessarily mean that suspension would be used - this step would obviously be a very serious sanction as it would affect all members of a household equally, and might disrupt access to other communications, so it should be regarded as very much a last resort. Accordingly a thorough examination of the proportionality and effectiveness of the measure (as with any of the other measures) would have to be undertaken before ISPs would be required to implement it, even if the decision to move to technical measures is taken. As ever we would need to ensure any such measure fully complied with both UK and EU legislation."

]]> Network Security happygeek http://www.daniweb.com/forums/thread220769.html News Story Microsoft comes out fighting over XP mode security fears http://www.daniweb.com/news/story220755.html Mon, 24 Aug 2009 09:20:23 GMT It's always fun to stand and watch as two big names slug it out, and they don't come much bigger than Microsoft. Sophos, it has to be said, is no small fry either when it comes to the world of IT Security. So when a Sophos blog posting from it's Chief Technology Office, Richard Jacobs, started with the playground taunt equivalent of 'I've been kissing your mum' by saying "Windows 7's planned XP compatibility mode risks undoing much of the progress that Microsoft has made on the security front in the last few years and reveals the true colours of the OS giant" you kind of new things would get nasty, and quick. Jacobs continued his verbal assault on Microsoft and Windows 7 by adding "XP mode reminds us all that security will never be Microsoft's first priority. They'll do enough security to ensure that security concerns aren't a barrier to sales, but not so much that it gets in the way of progress". Ooh, a little below the belt perhaps?

That's certainly what the Chief Security Advisor for Microsoft in the EMEA region, Roger Halbheer, thought. Halbheer responded with a blog posting entitled 'Why Windows 7 XP Mode makes sense from a security perspective' and argued "I know of companies that have decided to stay with XP and not move to Windows Vista because of concerns over compatibility issues with other applications they run. Their systems no doubt run, but they are depriving themselves of security and privacy enhancements designed to cope with modern threats – bear in mind that XP was designed in 2001 to cope with the threats back then – threats which changed significantly over the last eight years! The impact of Windows Vista as a secure platform is significant, and Windows 7 will built on that foundation" concluding "Which risk is higher? Leaving our customers on an 8-10 year old operating system for another few years, or helping them to migrate to a modern one, accepting the drawback with XP Mode? With XP Mode, we could have helped my friend above without actually having to force him to run a PC just for the sake of this single application!".

So who's side am I on in this particular security fist fight? I think I am veering towards the Sophos position, it has to be said. After all, everything that Halbheer has argued hangs on the use of XP mode being a strictly temporary move with a strategy to migrate away in place. As Halbheer himself admits in the comments section of his blog, responding to a reader called 'Stuck in the Mud' who thinks that "in the majority of cases that temporary thing becomes part of established infrastructure" his biggest fear is just that. Halbheer admits "Windows XP will go out of support 8.4.2014 according to http://support.microsoft.com/lifecycle/?p1=3223. This is the point where you will not get any security updates anymore... And this scares me".

Guess what Roger, you are not alone! ]]> Windows Software happygeek http://www.daniweb.com/forums/thread220755.html News Story Sony PS3 Slim shrinks in size and price http://www.daniweb.com/news/story220754.html Fri, 21 Aug 2009 20:48:09 GMT Don't get me wrong, I'm a great fan of the PS3 but not for the gaming which, when compared to the Xbox 360 is in a totally different league in my opinion. But when it comes to the actual hardware, well, the PS3 wins every time. Not only is it of a far higher quality than the Xbox 360, and if you don't believe me then ask those people who when surveyed revealed the Xbox 360 has a failure rate of 50 percent compared to just 10 percent for the PS3, but it also has Blu-ray. Truth be told, when I first bought the PS3, on the day of release, the Blu-ray player was the deal clincher. You just could not buy a player for anywhere near the asking price, and getting a games console thrown in for free seemed a decent offer. Of course, there was always a slight niggle that I had got it wrong and the HD-DVD would win out and I'd have to invest in an Xbox 360 and add-on player for my DVD's.

Little did I know I would, indeed, end up investing in a 360 but not for the now deceased HD-DVD format support but simply because the games I wanted to play were appearing on the Microsoft platform rather than Sony's.

Of course, many others would appear to have had similar feelings and the PS3 has been struggling to match the Xbox 360, and the Wii, in terms of sales and market share. Surprisingly, given what a great deal getting that Blu-ray player was a few years back, the price has been the deal breaker for Sony.

The PS3 has proved to be simply too expensive when compared to the other consoles in the marketplace.

At long last Sony Computer Entertainment appears to have not only realised this, but decided to do something about. No, not reduce the price of the PS3 but rather introduce a new and cheaper version of the console in the shape of the PS3 slim.

Just as the PlayStation 2 before it saw the introduction of a slim version to boost sales, so the PlayStation 3 has perhaps inevitably followed suit. According to SCE president and CEO Kazuo Hirai, the PS3 slim is some 36 percent lighter and 32 percent smaller than the original PS3 but retains the Blu-ray player along with a 120GB hard drive.

So just how much has the price slimmed down? The answer is by a none too shabby US $100. On sale, we are told, from September 1st, the PS3 slim will cost $299 in the US and £249.99 in the UK. ]]> Cellphones, PDAs and Handheld Devices happygeek http://www.daniweb.com/forums/thread220754.html News Story Is the Apple happiness honeymoon over? http://www.daniweb.com/news/story220748.html Tue, 18 Aug 2009 22:36:12 GMT As honeymoon periods go, the Apple customer satisfaction one has lasted a remarkably long time. However, you might be forgiven for thinking that honeymoon is now over, given some headlines I have seen online. Forgiven but, I would maintain, as wrong as wrong can be. Google might not like Apple... As honeymoon periods go, the Apple customer satisfaction one has lasted a remarkably long time. However, you might be forgiven for thinking that honeymoon is now over, given some headlines I have seen online. Forgiven but, I would maintain, as wrong as wrong can be.

Google might not like Apple very much any more, and the EFF are none too pleased with the company either, but your average punter is more than happy.

Headlines declaring that amongst the top tier PC vendors only Apple has seen a dip in customer satisfaction rates would appear to suggest that all is not well at Chez Apple. However, read behind the strap and get into the meat of the story and you will soon discover that this just simply is not the case.

The attention catching headlines have come about courtesy of a consumer satisfaction survey carried out by the American Society for Quality which looked at customer happiness over the last year. This does, indeed, show that satisfaction rates amongst Apple users have dipped during the second quarter, but only by one point from the previous year. In contrast, neither Dell, HP, Compaq or Acer showed a drop in customer satisfaction.

So, it is bad news for Apple then? Well I doubt they will pleased to have dropped a wee bit, but it really does need to be viewed in the proper perspective which means looking at where Apple sits when compared to the other vendors overall for customer satisfaction. And the answer is still right there sitting at the top of the happiness league table. To put it into even more perspective, Apple has held that particular position for six years now.

The real clincher is by how much Apple leads the pack, even allowing for that one point drop it sits on a satisfaction score of 84. The nearest rival is Dell on 75.

So there we have it, the Apple happiness honeymoon is far from over if you ask me, or more importantly if you ask most Apple users it would seem. ]]> Mac Rumors and Reports happygeek http://www.daniweb.com/forums/thread220748.html News Story The high price of fake software http://www.daniweb.com/news/story220743.html Fri, 14 Aug 2009 13:27:04 GMT As someone who works within the IT Security space, I have to say that rogueware (also known as scareware (http://www.itwire.com/content/view/20938/53/)) is starting to seriously hack me off. Not that I have ever been conned into purchasing it, I hasten to add, but rather because so many others have... As someone who works within the IT Security space, I have to say that rogueware (also known as scareware) is starting to seriously hack me off. Not that I have ever been conned into purchasing it, I hasten to add, but rather because so many others have and so many people are making rather a lot of money as a result.

Rogueware, which can be loosely defined as any 'fake software solution' which separates unsuspecting users from their cash in order to fix non-existent problems, is increasing by a factor of ten in less than a year according to the chaps at PandaLabs. They have been watching the rogueware phenomenon very closely indeed, and have now published a multi-year study into the proliferation of rogueware into the overall cybercrime economy. The research report, The Business of Rogueware, reveals that:

Cybercriminals are earning approximately $34 million per month through rogueware attacks
Approximately 35 million computers are newly infected with rogueware each month
Rogueware is now being distributed through Facebook, MySpace, Twitter, Digg and targeted blackhat SEO attacks
And finally, a confirmation of something that many of us suspected anyway: the majority of these cybercriminals are operating from Eastern Europe

"Rogueware is so popular among cybercriminals primarily because they do not need to steal users’ personal information like passwords or account numbers in order to profit from their victims" said Luis Corrons, PandaLabs Technical Director. "By taking advantage of the fear in malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially as popular social networking sites and tools like Facebook and Twitter have become mainstream."

There are now approximately 200 different rogueware families, and in the first quarter of 2009 alone more new strains were created than in all of 2008. The second quarter painted an even bleaker picture, with the emergence of four times as many samples as in all of 2008. In Q309, PandaLabs estimates a rogueware total greater than the previous eighteen months combined. ]]> Network Security happygeek http://www.daniweb.com/forums/thread220743.html News Story Top Ten iPhone Games http://www.daniweb.com/news/story220739.html Wed, 12 Aug 2009 00:30:15 GMT I have, in the past, argued that the iPhone is more of a games console that happens to make phone calls (http://www.itwire.com/content/view/22077/1168/) than the other way around. I admit that I had my tongue in my cheek when I penned that particular piece, but there is no doubting that the iPhone... I have, in the past, argued that the iPhone is more of a games console that happens to make phone calls than the other way around. I admit that I had my tongue in my cheek when I penned that particular piece, but there is no doubting that the iPhone has become something of a portable gaming platform sensation. Often despite the best efforts of Apple, it seems, to prevent good game ideas from reaching the public.

A friend of mine recently suggested that the iPhone was even a return to the golden age of gaming in as far as it brought affordable fun back into the gaming equation. Well, affordable if you remove the hardware from the equation admittedly. The point being, with games coming free of charge at the App Store, and even the paid for ones starting from as little as 59p ($1)it really does hark back to the glory days of Commodore 64 tapes at pocket money prices.

More importantly, because of the limitations of the format, especially with regards to screen size, processor power (even on the 3GS) and input methods there is a renewed focus on that all important, and seemingly sadly oft overlooked when it comes to next generation consoles, little thing called gameplay.

Popularity in terms of the official App Store top paid for and top free games is as follows:

Paid -

Moto X Mayhem (a motorbike riding game)
Paper Toss: World Tour (throwing a screwed up bit of paper into a bin, seriously)
Civilization Revolution (yes, the Civilization sim on your iPhone)

Free -

20Q Mind Reader (twenty questions fun)
Flick Cricket (cricket in your pocket)
Waterslide Extreme (racing down giant waterpipes)

Of course there are some stinkers out there, and for every 20 games that I have downloaded and played on my iPhone I reckon I have kept only one or two. So what are the games which I would not want to spend a week in a hotel room without? Here's my personal top ten iPhone games, irrespective of whether they cost a handful of change or not, although your mileage will vary according to your particular gaming tastes.

Worms (classic gaming with the battling worms, now on the iPhone)
Secret of Monkey Island (another classic, this time the pirate puzzler)
Bejeweled 2 (gem swapping puzzler that really is totally addictive)
Spore Origins (Electronic Arts with a totally original evolution sim)
Tap Tap Revenge (tap and shake your iPhone to the beat of popular tunes)
Assassin's Creed (yes, that one, but shrunk down to fit the iPhone)
Minigore (3D survival shooter)
Flight Control (don't let the planes crash! with peer-to-peer multiplayer action)
Bookworm (straightforward word puzzler, hugely addictive though)
Ragdoll Blaster (shoot a ragdoll at targets and avoid the obstacles, crazy fun)

]]> Apple Hardware happygeek http://www.daniweb.com/forums/thread220739.html News Story Is this the ultimate geek test? http://www.daniweb.com/news/story220738.html Tue, 11 Aug 2009 23:21:39 GMT Just how much of a geek are you? Do you know who Sergey Brin is? Can you solve a Rubik's Cube, in under five minutes? Do you know the value of Pi beyond 3.14? Would you spend a small fortune to get satnav on your mobile? Or maybe strap a large sucker to your thigh to hold your iPhone in place when sitting down in public?

I did not make that last one up, honest. There really is a company which is marketing an iPhone accessory which is, essentially, just a large sucker cup attached to some velcro which straps around your thigh that you whack your iPhone on to keep it nice and stable when you want to use it sitting down away from a desk or table top.

The Thiphone (yes, that is what it is called) is described as being the 'universal thigh mount' for your iPhone which allows you to write an email and drink a frappuccino at the same time. No, seriously, this is such a geek magnet of an idea that it is exactly the kind of advertising which might just work. The manufacturers even reckon it makes driving safer as you can have your iPhone, controlling your in-car music, out of your hands and on your leg while motoring.

At a cost of $29.95 (£18) there is one thing that the advertising does not mention - you are pretty much guaranteed to look like, well, a geek if you use one. It is, I would argue, the ultimate geek test. The people selling this get one thing right, even though I think they are talking about the attachment mechanism, when they admit "It sucks. Really" - umm, yes. Fashion sense apart, I am not sure I would want a 3GS strapped to my thigh, considering how hot they can get. ]]> Apple Hardware happygeek http://www.daniweb.com/forums/thread220738.html News Story Michael Jackson in Twitter Thriller http://www.daniweb.com/news/story220734.html Mon, 10 Aug 2009 09:24:18 GMT With the investigation into the death of Michael Jackson still ongoing, and claims over the paternity of Paris Jackson hitting the headlines with the involvement of the chap who rose to fame as Oliver in the film way back when and then plummeted to obscurity, you might think that it would be pretty... With the investigation into the death of Michael Jackson still ongoing, and claims over the paternity of Paris Jackson hitting the headlines with the involvement of the chap who rose to fame as Oliver in the film way back when and then plummeted to obscurity, you might think that it would be pretty hard for a technology outfit to get on the Jackson media bandwagon right now. But full marks have to go to web promotion business uSocial for trying anyway.

A press release dropped in my lap this morning which claims that uSocial, which amongst other things promises to provide thousands of Twitter followers in return for bundles of your hard earned cash, had been hired to conduct a "Twitter campaign" on a Michael Jackson account, by "someone in his family" according to uSocial CEO Leon Hill.

"I can't admit that we dealt with Michael Jackson directly" Hill says, adding "it was exciting to say the very least to conduct work with such a big name." uSocial claims that some 25,000 Twitter followers were purchased, although not all delivered as Hill says that the company is still working to fulfill the order.

"For obvious reasons we'll be dealing with his family from here on in, though it would have been great to conduct services for Michael Jackson in a different time, under different circumstances" Hill concludes.

One does have to wonder why anyone would want to buy in 25,000 followers rather than build a proper following organically as it were, but especially Michael Jackson or those involved with him. If anyone can quickly build a social network it is Jackson, even after his death I would imagine. Heck, when he died the Internet melted and the spammers quickly jumped on the celebrity death bandwagon both of which are proof of his pulling power.

Unfortunately, uSocial do not appear to be naming names right now, either in respect of the Twitter account involved or the member of the Jackson family for that matter. So we have no way of knowing if it was one of the brothers or a second cousin four times removed looking to make a quick buck somehow. ]]> Internet Marketing Job Offers happygeek http://www.daniweb.com/forums/thread220734.html