Posts by happygeek

It seems that Apple has got all the big boys of IT whipped up into a mobile phone frenzy with the huge interest that surrounded the recent announcement of the iPhone. Microsoft is rumored to be developing a cell phone version of the Zune MP3 player. And now as part of an interview with Spanish news site Noticias.com, the Google CEO for the region, Isabel Aguilera, let the genie out of the bottle: Google is working on a mobile phone product.

OK, so what she actually said was that “some of our engineers’ time is dedicated to the development of a mobile phone” rather than “expect a product announcement next month” but it does at least put to rest the arguments over whether Google is interested in the cell phone hardware market for once and for all.

It also means that the recent deal that Google struck with Samsung in order to put Google applications on Samsung cell phones could be just the tip of that working relationship iceberg. The IT grapevine suggests that Samsung are the handset manufacturer most likely to be building the actual hardware for the Google branded and driven gPhone. Those same jungle drums tell of a device not dissimilar to a Blackberry, running VoIP services with built in search and Google powered office applications.

Travelling further along the rumor trail, you can take the patent application fork in the road and follow Google as it filed for a search tool …

You are just odd though :cheesy:

Not the kind of place where you want to be sent as an IT support guy :cheesy:

The MHW2040AC Parallel 2.5-inch mobile hard disk drive has a capacity of just 40 GB, a rotational speed of 4,200 rpm and an 8Mb buffer size, so why is Fujitsu making such a fuss about it? Perhaps it has something to do with the temperature tolerance, this thing will comfortable keep working within a temperature range of -22F and 185F and relative humidity ranges of 8 percent to 90 percent. Or how about the operating shock resistance of 300G (2ms) and an average idle power consumption of 0.7W?

While the performance is only average then, the environments it can perform only averagely in are certainly extreme. But why would you want such specifications, where would you use such a hard drive? The clue is in the fact that these will be called the navigation series, and are officially automotive-class drives. If there is one place that you need strong temperature and altitude tolerance, exceptional shock and vibration resilience, but not particularly earth shattering capacity of speed then it is in your car. The primary market will be for automotive GPS devices no doubt, although I can imagine developers of automated money teller machines, point-of-sale systems and automatic ticketing devices will be just as interested when the drives start to ship in a month or so.

A word of warning though, don’t get it wet as that is one extreme this hard drive cannot cope with, and it probably isn’t a great idea to be driving (even …

A number of users are reporting that the new Kaspersky AV component in the latest ZoneAlarm Security Suite 7 is broken. And broken in such a way as to leave your system unprotected while appearing to be fully functional.

The problem manifests itself after a successful installation with the AV engine corrupting during a system signature update. Once corrupted it simply fails to offer any protection at all, although the user will be none the wiser of this unless they happen to put their protection to the test.

Something as simple as running an EICAR file past the scanner will do the trick.

With numerous complaints in the tech support forum, I thought I would investigate further having already positively reviewed the security suite for PC Pro magazine. During the extensive testing that is part of the review process none of the problems being reported manifested themselves, leading me to believe that this is one of those ‘hits some users and not others’ problems that seem to curse security software developers. Indeed, ZoneAlarm once had a terrible reputation for causing problems with different set-ups, and went through a period many years ago where serious security reviewers refused to recommend it as a direct result. However, in more recent years Check Point has managed to put a lid on such problems and ZoneAlarm deservedly sits at the top of the software firewall and security suite tree as far as many …

Reports have come in over the weekend of a series of dawn raids by the Metropolitan Police on a number of terrorist suspects with Al-Qaeda connections in London. All the suspects have been arrested. The raids follow the seizure of computer files last year suggesting that the target of their planned attack was none other than Telehouse Europe. Located in the Docklands area of London, this is the biggest Internet hub in Europe and the majority of UK Internet traffic flows through it.

The damning discovery follows on from a similar operation earlier last year when the UK secret service, MI5, found evidence to suggest that Islamic terror groups were targeting the Bacton gas terminal complex on the Norfolk coast. What the two plots would suggest is a concerted attempt to cause widespread disruption to British business and domestic life through the destruction of critical infrastructure. Thankfully neither plot has come to fruition courtesy of the prompt actions by UK security services. MI5 has even set up the Centre for the Protection of National Infrastructure unit to protect key infrastructure sites from terrorist attack.

The Telehouse plot was quite well advanced, with the key to the operation being an inside job to infiltrate the hub and blow it up from within. But would the consequences of such an attack, were it successful, be catastrophic? I have to say I am unconvinced that it would. Disruptive, costly, annoying and hugely problematical for sure, but catastrophic as in …

Yep, it is news after all. By not discussing it, pretending it does not exist, then the problem gets worse not better.

The Symantec State of Spam report is always something to look forward to, although it can often make depressing reading. Everyone is plagued by junk mail, filters are straining under the load, and spammers are managing to stay on top of their evil trade by employing cunning new techniques to avoid detection and deletion. A good example being the 38 percent of total global spam by volume seen by the Symantec Probe Network that was image based. Symantec also note that spammers are employing the use of slanted and warped text within the image spam as a method of obfuscation to further successfully confuse anti-spam filters.

It used to be the case that if you read a different report by a different security vendor then you would see wildly different statistics and analysis, often dictated by whatever particular product or service that vendor was keen to promote at the time. That is no longer the case, and the statistics have settled down to become much closer these days. Perhaps a sign that the anti-spam industry is, at last maturing, and getting it right. If only from the reporting frontier, and not necessarily the filtering one. So whereas Symantec report 70 percent of SMTP email by volume as being spam during February, the MessageLabs report for the same period is not far away at 77.8 percent.

The really interesting stuff is revealed when you start to dig deeper into the figures and see trends emerging relating to the type …

New research from Vizu Answers and Ad Age suggests that when it comes to blog posting discovery, the majority of readers use links from other blogs to arrive there. The fact that the figure is as high as 67.3 percent is slightly surprising, given the amount of people that use services such as Digg, Reddit, Technorati, Google Blog Search and Feedster for example. Indeed, the report reveals that only 5.6 percent of blog post discovery comes by way of specialist blog search engines, and far more people use standard search engines, 19.6 percent in fact.

Other interesting snippets to come from this survey include that 68.3% of people read their favorite blogs every day, and personal opinion plus writing style and editorial freedom is what makes a blog a blog. But perhaps the most telling statistic has to be that it is the quality of the writing that determines the blogs that people choose to read regularly and the credibility of that blog. Forget the notion that citizen journalism is just about breaking the story, getting their first or shouting the loudest.

As a professional journalist myself (a member of both the National Union of Journalists and Society of Authors in the UK) and a blogger, I have to admit that it is good to get some statistical confirmation to back my gut feeling that basic journalistic skills should not be trampled …

I wish Uclue well, I really do. I am just doubtful as to the sustainability of the paid for answers concept as a business model, given the number of free information alternatives out there.

I don't agree that volume is the only marker of web success, far from it, but Google Answers highlighted many of the problems facing the pay me for my time approach: namely that many people want the cheapest possible answer, irrespective of whether that is the best answer or not.

Remember Google Answers? Anyone? No, didn’t think so, as it was hardly the most popular service that Google ever provided. Indeed, you can probably count the number of services that Google has launched and then closed on the fingers of one hand, and possibly even one finger. Google Answers launched in April 2002 and did that other rare thing for a Google product, came out of Beta juts one year and one month later. Yet it closed down in November, after four years and the participation of 800 ‘researchers’ answering questions for cash.

The only official statement regarding the closure talks about it being “a great experiment” and “reconsidering our goals for a product” but ironically provides no real answers as to why the plug was pulled. The consensus of opinion out in the blogosphere is that the researchers just got fed up with the way they were treated when it came to the cash grab for the high dollar questions which did not necessarily result in the most qualified expert getting the gig, nor the folding stuff. Which was another problem, apparently, as there were complaints that money was being held back even if a correct answer was given because customers without the brain power to properly absorb the answer marked them as not being satisfied. It was something of a vicious cycle of dissatisfaction on both sides of the fence, with the researchers most able to answer the questions being least likely to …

Dani beat me to it with the un-featuring :)

No need to feel stupid about believing the original claim, it was a very easy thing to do. The fact that people were running the keygen code without understanding how it was meant to work, seeing a code appear without knowing it was not a legit dodgy one (if you see what I mean) and then posting about how great it all was added to the validity. As did the number of blogs that just took it on face value and ran with it, without doing any checking whatsoever. The whole story quickly got a kind of natural momentum to it and became, for want of a better description, a runaway train. It was Slashdotted for example, and from then on became the truth.

Until the original poster realized what had happened and coughed.

Well, what a weekend that has been. Ever since the reports started emerging online of a brute force attack on the Vista activation code using a modified version of the original software license manager script file I have been, shall we say, dubious as to the authenticity of the claim. Not least because amongst all my contacts in the security research business, on both sides of the industry fence, I failed to find a single one who could verify the crack through their own personal experience.

Oh, there have been plenty of reports online of people finding legitimate code keys in a matter of minutes, sometimes hours, appearing but not from anyone I know as a trusted source of such information. If, as was claimed, the script could run through around 5,000 keys every hour (of itself not the most powerful of brute force attacks it has to be said) I would have expected to have seen hundreds of these keys being offered for sale via the usual suspects on the dark underbelly of the web.

But no, that was not the case. So I was left with just the one option: try the keygen script for myself. In two days of constant running it returned the grand total of, well, no valid keys at all in fact. There was little shocking me when I read that the original poster of the keygen code was now claiming it had all been a hoax.

Here’s what …

Microsoft Windows Live OneCare was already struggling in the credibility stakes after failing to pass the Virus Bulletin VB100 certification tests as I reported here last month.

Talk about kicking a wounded animal, now the results of the latest, and much respected, av-comparatives are in, and do no make for comfortable reading if you happen to be Microsoft.

Security researcher Andreas Clementi conducted in-depth testing of 17 anti-virus scanners, subjecting them to no less than 497,608 items of malware during the process. This is not, by any stretch of the imagination, a test to be dismissed as insignificant. It is the real deal, which is why the results are so devastating for Microsoft. Of those 17 products, including entries from all the major vendors in the marketplace, Windows Live OneCare came last. Worse yet, it came last by quite some margin.

Indeed, only it and the little known Dr Web scanner failed to reach an overall detection rating of 90% and whereas Dr Web only just failed, with 89.27%, OneCare managed a really very poor 82.4%. Compare this with G-DATA AVK leading the test on 99.45%, F-Secure 97.91%, Kaspersky 87.89% and even arch-rivals Symantec Norton AV with 96.83%.

So bad was the OneCare result, in fact, that it didn’t actually make the cut for inclusion in the evaluation process so is unlikely to even appear in the next set of tests in August. To reach the lowest grade …

During the course of this week there have been numerous reports floating around, mainly online and mainly pretty devoid of any real substance, claiming that the popular anonymous browsing solution Tor has been cracked. In fact, what these reports should have been reporting is the fact that researchers from the University of Colorado in Boulder have demonstrated that it is possible, under certain laboratory conditions, to peel away the layers of the onion and reveal the ultimate identity of the secret surfer.

Those same reporters might also have mentioned that this is nothing new, and exactly the same basic principle has been documented and publicized before, a number of years ago in fact, and yet Tor remains as secure as ever. Now don’t get me wrong, as secure as ever is not the same thing as 100% secure, but then Tor actually state right up front on the website that “it's not a good idea to rely on the current Tor network if you really need strong anonymity” and “using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol” so it’s not like they are claiming otherwise.

But that’s no reason to claim that all of a sudden Tor is less secure than it ever was, that it has been cracked, that if you use then your online experience is owned. Yet that is exactly what seems to have been happening this …

Hi Jason, thanks for clearing that up. I suspect you can take some credit for Peggle though, as without you at the creative helm I doubt you would be attracting such great programmers anyway!

Which is what I was getting at really, because I tend to see PopCap and yourself as one and the same thing :)

Face it, the PDA is dying if not dead, killed off by the evolution of the cellphone into smartphone. This is no great shame, because it means you now have a smaller device in your pocket that does twice as much as either a cellphone or PDA on its own. In fact, the latest smartphones do three times as much because GPS satnav is starting to become a de facto must have in this highly competitive market.

Like many professional users I am not mourning the loss of the PDA in general, but like many professionals I admit to missing one thing that was hidden away in the depths of my PDA personal files directory: Bejeweled. This incredibly addictive and supremely time wasting little game, developed by PopCap co-founder Jason Kapalka, was the first ‘casual’ game title to be inducted into the Computer Gaming World Hall of Fame (in 2004) for 19 years. Before Bejeweled, the last entrant was Tetris. If you have ever played it then you will recall how difficult it is to stop lining up rows of the same colored jewels just in order to see them explode and gather up the points bonuses.

Casual games are seen as being one of the main revenue drivers in the mobile game business, and with revenue growth forecast to go from $3bn last year to $10bn by 2009 that’s quite some emerging marketplace. By definition these games are small diversions, things you can pick up …

Marc Andreessen may not have actually been knighted for his contributions towards making the web what it is today, but if he were British then I am sure Helen Mirren would have bestowed that honor upon him alongside Sir Tim Berners-Lee. Not that a lack of a knighthood is stopping the graphical web browser pioneer who co-founded Netscape from continuing to innovate.

Always up for a challenge, this time it isn’t Microsoft that Andreessen pits himself against, but rather MySpace and Facebook. You see his company, Ning, is promising to provide the necessary tools required to enable users to create social networking sites of their own. Let me go over that again, Ning is providing free tools for the creation and operation of social networking services.

With the ‘official’ launch of Ning 2.0 today you can expect the Andreessen trademarks of ‘pick up and play’ along with ‘web for everyone’ to be very much present. Indeed, Andreessen promises that anyone, even the most causal of web users, will be able to pick up these tools and create a totally personalized social Ning network within a few minutes.

So, big deal, you may be thinking. Heck, anyone can create a MySpace space within minutes, and pretty much anyone and everyone has. That’s the secret to its success after all. Well yes, but the difference is that MySpace and its News Corp owners keep a very tight grip on the commercial network behind …

The trouble with asking your customers what they want is sometimes they tell you and it is not what you were expecting to hear. Case in point, Dell requesting just such feedback 10 days ago and being inundated with thousands of customers and, one assumes more importantly, potential customers yelling loud and clear: “open source software please, and do not forget the Linux OS.”

So what is newly reinstated CEO Michael Dell going to do about the suggestions received at the IdeaStorm site? Using a Digg style vote and promote system, the undeniable top suggestion has been for Pre-Installed Linux/Ubuntu/Fedora/OpenSUSE/Multi-Boot with an astonishing 83539 votes. That is 30,000 votes ahead of the nearest contender, for pre-installed OpenOffice software.

Here is the official Dell response:

“It’s exciting to see the IdeaStorm community’s interest in open source solutions like Linux and OpenOffice. Your feedback has been all about flexibility and we have seen a consistent request to provide platforms that allow people to install their operating system of choice. We are listening, and as a result, we are working with Novell to certify our corporate client products for Linux, including our OptiPlex desktops, Latitude notebooks and Dell Precision workstations. This is another step towards ensuring that our customers have a good experience with Linux on our systems.

As this community knows, there is no single customer preference for a distribution of Linux. In the last week, the IdeaStorm community suggested more than half a …

Here at DaniWeb I have always been rather proud of the fact that not only is member feedback encouraged, but the powers that be read what is being said, participate in the debate and sometimes their minds, and system policy, are changed by it. For any real community this feedback process is vital. OK, not everything is going to be determined by the opinions of those members choosing to debate the issues, sometimes executive decisions need to be made. The point being, though, that DaniWeb does at least listen and does at least allow members to express their opinions even when those opinions are highly critical ones. Read through the threads in the DaniWeb Community Feedback forum for some classic examples of this. The only time I can recall a thread being moved out of the public forums and into a closed arena was when system moderators started arguing amongst themselves, and messages were posted explaining how to circumvent the advertising that helps keep DaniWeb up and running.

Which is why I was happy to see that Yahoo! launched its very own Suggestion Board last week, encouraging feedback from users as to how to improve its services.

Unfortunately my happiness was soon squashed by a blog posting from David Dalka which reports on how he made use of the suggestions facility to suggest that the Yahoo! Email spam filters were improved as he thought they let too much spam through. Just the …

Cory Doctorow, he of Boing Boing fame and one of the most well known proponents of the Creative Commons scheme, has rather surprisingly attacked Steve Jobs and Apple over DRM. Whoa, hold on a minute there, surprising that someone who speaks out in favor of Creative Commons should be arguing against DRM, predictable surely?

Well, yes, apart from the fact that Doctorow is something of a self-confessed Apple fan boy. How much of one? Does having a tattoo of a Mac answer your question?

Anyway, according to a piece in Salon Doctorow has had enough and claims that he doubts Jobs’ sincerity. “I suspect he likes DRM because it creates an anti-competitive lock-in to Apple” Doctorow states, adding “Apple even applies the no-copying measure to audio released under a Creative Commons license (for example, my own podcasts), which prohibits adding DRM." This being particularly hard for Doctorow to swallow, especially when Creative Commons licenses are machine readable so not particularly hard for iTunes software to locate and prevent the FairPlay DRM from applying, were the will there.

The description of the way that Apple protects music downloads from the iTunes store with its FairPlay system as being a tax on switching away from the iPod strikes me as being wholly accurate in the circumstances. Doctorow argues that the Apple DRM is ineffective at preventing copying, and there is no dismissing that as nonsense because the evidence is out there for anyone …

As if Microsoft did not have enough on its security plate, what with the launch of Vista followed by the chorus of ‘it is not quite as secure as you would have us believe is it’ from the worlds media, things only go from bad to worse for the Seattle giant. News has emerged that Microsoft's Windows Live Messenger client has been displaying dodgy banner ads for several days. Not dodgy in the usual really bad bit of Flash animation or why would I want to buy a blade server for my bedroom kind of a way. Bad in an oh goodness me that banner ad is trying to install malware on my system kind of a way.

A double embarrassment for Microsoft considering the amount of marketing currently for its own anti-spyware application, Windows Defender (itself not exactly clear of criticism, as per this blog posting.)

The adverts in question being for an application called, rather ironically under the circumstances, Errorsafe. Symantec give this a medium risk level rating and describe it as “… a Security Risk that may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threats.” As such it is treated as malware or a PUP (potentially unwanted program) by many security vendors and applications.

Screenshots of the offending ads in-situ, together with further background details can be …

An independent test of Windows Defender against third party vendors has demonstrated holes in Microsoft Vista’s spyware protection. Calls of Swiss Cheese could be heard coming from the direction of Spyware Doctor vendor PC Tools which commissioned Australian concern Enex Testlab to evaluate how Windows Defender compared to its own and other products. Enxe Testlab is not some fly-by-night outfit or a sham set up just to soothe the PC Tools ego either, it is an internationally renowned, independent lab which has been performing comparison tests for the past 17 years.

In the latest study, it compared identical threats against a number of leading anti-spyware products throughout 2006 and concluded that Spyware Doctor was the overall winner. No great surprise there then, PC Tools would hardly be making a song and dance out of it were it not so. What was surprising was the relatively poor performance of Windows Defender. According to the aggregate Enex test results for the entirety of 2006, Microsoft’s Windows Defender quick scan was able to block only 46.61 percent of dangerous threats while their full scan blocked 53.39 percent. Tested at the same time and using the same sample-set, PC Tools’ Spyware Doctor quick scan blocked 83.26 percent and the full scan blocked 88.69 percent.

Research from other security vendors has also revealed weaknesses in Vista’s security, from ineffective blocking capabilities and slow definition updates through to weak in-built anti-spyware protection. If nothing else the …

So a US Federal Judge says that MySpace is legally protected from any liability as a result of external criminal acts that have been committed by people misrepresenting themselves to other MySpace users. Judge Sam Sparks of the U.S. District Court for the Western district of Texas ruled that the 1996 Communications Decency Act excludes web providers and ‘information intermediaries’ from the action of their members when it comes to criminal acts involving content. This is, of course, intended to protect service providers from being put out of business by never ending lawsuits resulting from the actions of people over whom they have no real control. Without such legislation there is a very persuasive argument to be made that the Internet would not have reached the level of development it has today.

But many will argue equally strongly that the CDA is now ancient legislation in technology terms, and largely irrelevant to the Internet of today. Indeed, the dismissal of the negligence lawsuit in question which looked for damages of $30 million following an alleged assault of a 13 year old girl by a 19 year old man leaves us no nearer creating a safe online environment. Something, I am sure, that the family of the girl at the center of all this were hoping for. The suit essentially said that MySpace did not show a duty of care by allowing the girl to be able to register despite being under the age of 14, the minimum …

Google certainly has a part to play in the whole search thing, it would be silly to suggest otherwise, but I have to agree that it is not the be all and end all of search as far as I am concerned. My search methodology day to day revolves around Copernic Agent Professional without which I would be lost, pretty much literally much of the time!

This searches across numerous sources and analyses the results for me. Takes a little bit longer than just hitting the button at Google, but the quality of results is worth waiting half a minute for.

For the vast majority of the Internet using public though, Google is and will remain the gateway to the web no matter what you or I say.

Well, until the new Google comes along that is. I remember when AltaVista looked unbreakable, and Yahoo...

lasher511: not in Europe, as far as I am aware...

indianscorpion2: do you like Google then? :)

It has been a few years coming, but at long last the Google operated, web-based, free Gmail email service has lifted the crazy invitation only restriction. As from today you can simply click on a link from the Google home page and join in the fun of easily searchable email with that all important 2.8GB of online storage space thrown in.

Sergey Brin, one of the Google co-founders, has gone on record to say that Gmail is a cornerstone for the company. And rightly so, when you take into account the advertising revenue it generates by displaying context sensitive adverts alongside email messages but without ever really interfering with the user experience. Of course, the importance of Gmail goes beyond being a simple cash cow, it is at the heart of the integrated software services policy that Google has been promoting for some time now, bringing together Google Calendar and Google Talk IM for example.

But a cash cow it is, and with this latest announcement comes the news that it will become n even bigger one. It’s OK, don’t panic, there are no immediate plans to start charging for the basic service which will remain free according to Brin. However, note that I said ‘basic’ service there. Brin has made it clear that there are plans to charge for additional storage capacity, with an annual fee levied if you want to dramatically boost your online data store. Although no firm figures have been released, I …

Security specialists Sophos has released a warning regarding the inevitable malware posing as a message of love on this, Valentine’s Day. The Dref-AB worm is said by Sophos to be spreading fast across the Internet, helped by a clever distribution campaign which saw it emailed to inboxes late last night so that unsuspecting office workers and home users alike would find it waiting for them first thing this morning. Needless to say, the con worked and since midnight GMT the Dref-AB worm has accounted for an astonishing 76.4 percent of all malware coming through the Sophos global network of virus monitoring stations.

Although the subject lines being used in the attack email are varied, as usual, the romantic theme remains throughout. Some examples that Sophos has seen include:

• A Valentine Love Song
  
• Be My Valentine
  
• Fly Away Valentine
  
• For My Valentine
  
• Happy Valentine's Day
  
• My Lucky Valentine
  
• My Valentine
  
• My Valentine Heart
  
• My Valentine Sunshine
  
• Send Love On Valentines
  
• The Valentine Love Bug
  
• The Valentines Angel
  
• Valentine's Love
  
• Valentine's Night
  
• Valentine Letter
  
• Valentine Love Song
  
• Valentine Sweetie
  
• Valentines Day Dance
  
• Valentines Day is here again
  
• Your Love on Valentine's

Look out for files called flash postcard.exe, greeting postcard.exe, greeting card.exe, or postcard.exe which are attached to the email and carry the worm payload itself. Again, exactly the kind of files the unsuspecting romantic fool would …

One of the biggest names in keyword research, Wordtracker, has announced the availability of separate UK keywords, rather than forcing British search marketers to depend on worldwide data including keywords from every English speaking region for their SEO campaigns. The ability to fine tune campaigns to the local market should not be underestimated and could lead to increased ROI, for UK marketers and those targeting the UK region alike.

Wordtracker CEO Andy Mindel told me “by using only UK specific keywords, marketers will be able to increase the effectiveness of their campaigns. We collect uncompressed log files from the ISPs. From these we extract the keywords from the major engines including Google, Yahoo, AOL and MSN amongst others, leaving just over 4% of the original Files. We then extract duplicate queries, robotic queries and generally de-spam the data. The extraction process is a lengthy one but we’re left with high quality keywords that represent just 0.038% of the original log files. However those quality keywords are like gold dust to people optimizing their websites. Online business is growing at a terrific pace and no company, large or small can ignore the potential of the web. Our database contains many millions of keywords from both the UK and the US. People no longer have to guess their best keywords, with our database, they will know.”

Wordtracker, a privately owned London business that started in 1997, provides keyword research services to search engine marketing professionals and website owners …

If there is one thing that everybody can agree it is that spam is a right royal pain the ass. If there is another then it is that image spam is the biggest pain in the ass of all. While it is bad enough for the end user, especially at the smaller end of the scale where desktop filtering clients are the order of the day because there isn’t the budget to support enterprise grade server side solutions, the real victims are the service providers. Think about it, these guys are getting hit by an enormous volume of unwanted traffic, saturating bandwidth and costing them not inconsiderable amounts of money.

Which is why you should not be surprised to learn that one of the latest breakthrough developments in the fight against image spam has not emerged from the research labs of some security vendor or one of the big names in the established anti-spam game, but rather it is a web hosting company that is making that announcement this week. STRATO is one of the larger pan-European web hosts, and has been collaborating on its picture spam filtering technology with the boffins at the Institute of Computer Technology at the Humboldt University in Berlin since as far back as 2005.

“STRATO handles over two billion E-mails per month which illustrates the extent of current E-mail traffic” Rene Wienholtz, STRATO CTO told me, continuing “spam senders are exploiting the fact that picture spam is a …

The biggest test of Internet homeland security went pretty much unnoticed this week. Yet it represents the most serious attack on the Internet itself for five years. On the 6th February a 12 hour concerted Distributed Denial of Service attack took place aimed at the DNS root servers that manage global Internet traffic. DNS is the Domain Name System that translates between the easy to remember URLs we all use, such as daniweb.com, and the much less memorable underlying IP address in numeric form. Think of it as being a huge distributed database system and you are pretty much in the right ballpark.

In this attack, making use once again of that ever present menace fuelled by end-user insecurity and malware infected applications, the Botnet, three root servers in particular were targeted and briefly succumbed to the flood of data: G, L and M. G refers to the one operated by the Defense Department and is in fact the military’s top level domain, L refers to the Internet Corporation for Assigned Names and Numbers (ICANN) server, and M the Widely Integrated Distributed Environment (WIDE) project. Yet it appears the real target might have been UltraDNS which operate servers that manage traffic within the org domain, and it looks likely that the attack originated in South Korea given the volume of rogue data traced back there.

So why didn’t you notice? Because unlike the last big attack against root servers in 2002 …

In something of an embarrassing development for Microsoft, four anti-virus products for Vista have failed to reach the required standard to achieve VB100 certification by the highly respected independent industry body, Virus Bulletin.

In something of an even more embarrassing development, Microsoft’s own anti-virus flagship product, Live OneCare, was amongst the four applications that failed the certification process.

Sure, it’s a tough procedure which is why the VB100 certification is treated with such respect throughout the IT security industry. To pass the process, an anti-virus package must be able to detect every single one of the numerous ‘in the wild’ viruses pitted against it. What’s more, it must be able so to do without generating a single false alarm when faced with a set of totally clean files to scan. One would like to think that AV vendors submitting their products for such testing would have done their homework and be pretty certain of an ability to pass, to save themselves from embarrassing news releases such as this one. Unfortunately, that does not seem to have been the case with the G-Data AntiVirusKit 2007 v.17.0.6353, McAfee VirusScan Enterprise version 8.1i and Norman Virus Control 5.90 all of which failed.

And, of course, Microsoft itself with Live OneCare.

John Hawes, a technical consultant with Virus Bulletin, is equally bemused as I with the whole affair, commenting “with the number of delays that we've seen in …

It is not as if it did not know the problems existed, surely. Apple had the same access to Vista as other developers, and it was in its own best interests to get it right.

Sweeping problems under the carpet, refusing to talk to customers about them, and then a week after the event telling people not to upgrade stinks of Apple arrogance.

File under ‘well it would say that’ you might think, but nevertheless the fact remains that Apple has issued a statement on its support website warning iTunes users not to upgrade to Vista. This due to a number of known compatibility issues with iTunes 7.0.2 and earlier versions, although you might not realise that were you to just read some of the news headlines reporting the story:

InfoWorld has ‘Wait on Vista upgrade, Apple says’ and Digital Lifestyles runs with ‘Apple Tells Vista Upgraders To Wait’ and a similar headline features at CIO Today with ‘Apple: Don't Upgrade to Vista Just Yet.’ PC Advisor is more sensationalist with ‘Windows Vista may corrupt your iPod’ while mad.co.uk has ‘Apple: Vista may corrupt iPods.’

The common thread running through all of this being that it sounds more like a Microsoft problem than an Apple one, when nothing could be further from the truth. Of all the reasons not to upgrade to a new operating system, the fact that an audio library application doesn’t work properly is pretty low on the list it would seem to me.

And Microsoft for that matter, although the ‘well it would say that’ argument applies here as well. In a statement Microsoft has said that “Customers should not feel they need to wait to adopt Vista for these reasons” and “We're committed to ensuring that all partners, including Apple, get all of the resources they need to ensure that their …

And now, you can see for yourself because the domain and blog is back up again...

The email address I sent to was not, obviously, at the domain that has been suspended but rather at his ReactOS mailbox. Double Doh! :)

As mentioned in the posting, Ionescu did not publish his code nor enough detail for anyone to be able to duplicate it. He published the fact that he had managed to stumble across a way to bypass the Vista DRM protection, and explained how this was possible. That is something that is not in violation of the law, and indeed he showed responsibility in not puclishing the code itself.

Microsoft Vista has, in the few days that it has been on general release, managed to avoid the embarrassment of anyone poking major holes in its security from the perspective of protection of consumer PC integrity at least. However, everything is not so sweet when it comes to those media companies looking for Vista, and in particular the Protected Media Path (PMP) it uses to ensure that protected content cannot be played back on hardware not certified so to do.

The problem being that security researcher Alex Ionescu, while on a workaround for the PatchGuard 64-bit driver signing in Vista, stumbled upon code that effectively bypasses PMP entirely and so means that anyone using it could play back protected HD-DVD content on uncertified computers. Sure, Microsoft can and probably will issue a patch to fix the error. But according to Ionescu it will be a very short term fix because he insists that the patch itself can then be bypassed using similar methods as he employed originally.

Fortunately for Microsoft, Ionescu has decided against releasing the code for now as he has no desire to violate the DMCA, which it would if seen as being an anti-DRM tool. The bad news is that he is apparently investigating if there are ways around this by crippling the binary and putting the emphasis on the security research side of things.

Or at least he might be if he still had a blog to publish his research to. At the …

My original news story here at DaniWeb has certainly caused something of a media frenzy. Everyone from specialist GPS and gadget websites through to national newspapers have been covering how TomTom let an unspecified number of its GO 910 satnav devices escape from the factory with not one but two nasty surprises in the form of a virus infection.

Actually, it has now come to my attention courtesy of Martin Campbell, who first contacted TomTom on December 16th about the virus infection on his unit, that there are not two but three infected files on the device. The third being autorun.inf which adds entries for copy.exe to the Windows Registry in
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2].

This means that even if your AV software has both detected and removed the infected copy.exe and host.exe files, as Martin discovered, the TomTom drive cannot be double clicked in Windows Explorer because it will try and autorun the virus and, of course, fail with an error message. Martin resorted to manually deleting the Registry entries, which is not quite as simple a fix as TomTom are suggesting.

But the icing on the cake of this particular story is yet another nail in the coffin of TomTom customer service. Forced by 'we the media' into admitting the problem existed and posting a somewhat dismissive statement to that effect on its website you would have thought that TomTom would be making every effort into correcting this PR and customer service blunder. But no, …

comScore Networks has today revealed which Web properties were the most popular, ranked by way of total unique visitors over the age of 15 and across the month, during December 2006.

According to the comScore analysis, Internet usage increased 10 percent between December 2005 and 2006, with the search and navigation category containing the top three sites and growing by 9 percent overall. Interestingly, while Microsoft topped the hot property table it only grew by 5 percent worldwide, the same as Yahoo! which placed third overall. Google, second in the overall list, saw the biggest spike with 13 percent global growth for the year. When looked at in terms of the top gaining categories for 2006, search, multimedia, community, email and games lead the way and present no real surprises.

"Google’s popularity has been driven in part by its international appeal as well as the rapid uptake of some of Google’s applications beyond traditional Web search," said Bob Ivins, managing director of comScore Europe. "Examples include the 40-percent year-over-year growth in visitors to Google Image Search, the 71-percent growth in visitors to Gmail, and the 62-percent growth in visitors to Google Maps."

Here are the results in full:

Top Global Web Properties

1. Microsoft Sites (508,659,000)
2. Google Sites (494,170,000)
3. Yahoo! Sites (476,761,000)
4. Time Warner Network (260,387,000)
5. eBay (251,423,000)
6. Wikipedia Sites (164,675,000)
7. Amazon Sites (151,033,000)
8. Fox Interactive Media (135,730,000)
9. CNET Networks (114,940,000)
10. Ask Network (113,881,000)
11. Apple Computer, Inc. (111,131,000)
12. Adobe Sites (100,421,000)
13. Lycos, Inc. …

It was 'miserable failure' rather than just 'failure' on its own as a search term that did the George Bush thing I think.

TomTom are keeping very quiet, choosing only to say that measures have been put in place to prevent it happening again, and that the problem was something to do with the China based production plant.

It is very unlikely that this was an outside attack, and hugely more likely (in my opinion) to have been a case of the quality assurance process, ironically, being to blame. Although it has to be guesswork, so please don't take this as gospel, I am not alone in thinking that a likely scenario is that random units taken off the production line for QA testing were plugged into an infected computer during the process.

The biggest concerns are that the infections are old ones, known about and protected against by the major AV vendors since July 2006, long before the production window here, and the fact that it took this blog posting and the storm of interest that blew up arising from it for TomTom to bother actually putting an advisory on the website to warn its own customers about the potential risk. Even then, the warning (same as posted above) rather poo poo's the whole thing claiming it is a low risk situation. Personally, I don't agree that any Trojan infection is low risk...

It started with an email from a worried satnav user, Lloyd Reid of Trichromic LLP an IT consultant who knows his way around a computer and knows a virus when his AV software flags one up. The cause for his concern being a newly purchased TomTom GO 910 satnav unit that, once connected to his PC, immediately caused an anti-virus software alert. Not one, but two alerts in fact. The win32.Perlovga.A Trojan and TR/Drop.Small.qp were identified as being resident on the satnav hard drive, within the copy.exe and host.exe files.

That’s worth repeating, two Trojans resident on the hard drive of a brand new, straight from the shop, satnav unit.

Worth repeating, perhaps, that this was a unit connected to a PC already protected by AV software, a clean PC, a PC belonging to an experienced IT consultant. It was for this reason that I believed him, that I did not simply assume it was a case of mistaken identity as is so often the case with such reports where the infection was already there, or came via a route unconnected to the accused party.

Also worth repeating is the response that this particular chap got from the TomTom support line, which was simply to let his AV software delete the virus and move on as these ‘are not dangerous’ Trojans. Upon pressing his point that the tech support guy was missing the point, he was told to submit a report to the …

The fact remains that 137 million users, and growing fast, from one country will have an impact upon the face of the Internet.

Two statistics entered my radar today and stopped me dead in my tracks, which doesn’t happen often. Both concerned the remarkable growth in the connectivity of the Chinese population. The first comes courtesy of the China Internet Network Information Center and reports that the total number of Internet users in China has risen by 23.4 percent from 111 million in 2005 to 137 million at the end of 2006. That’s still something in the region of just 10 percent of the total population of 1.3 billion. The second, via the China Net Investor was even more gob smacking: the China Mobile telephone company has a staggering 301 million cellphone subscribers. Let’s put that into some perspective, a single telecoms company has more cellphone subscribers than the entire population of the United States (298 million as of July 2006.)

Talking of the US, if that growth trend continues at the same rate then it could be just a few short years before China overtakes America as being home to the most Internet users with 210 million currently. And that, dear reader, could change the online world culturally, politically and commercially. I will leave aside the temptation to comment upon the security implications, unlike many commentators, simply because according to security specialists Sophos 34.2 percent of malware originated from the US last year compared to just 31 percent from China. There’s no real need to be pointing the finger of security blame to …

> And don't the security firms have access to the same beta and
> prerelease versions you do (and early access versions of development
> tools for Vista)?

Indeed, and what has that got to do with anything?

This posting picked up on the fact that malware vendors are ahead of the game as far as making their code compatible with Vista when compared to the security vendors.

It also picked up on the fact that Microsoft brought in the NSA to help them with the security of Vista.

The former is not something bad to say about Microsoft it's a straightforward reporting of some news.

The latter is an opinion, and one shared by many, that involving the NSA in operating system security development leaves a bitter taste in the mouth (and mind) of those who worry about privacy.

As for me not using Vista on a mission critical machine, would you? I don't use any new OS on mission critical machines until the initial bugs have been fixed, so at least until SP1 is out. And that is Microsoft bashing how exactly?

> Seems someone's looking for something negative to say about
> Microsoft, as usual.

Seems someone's looking for something negative to say about a posting that does not drop down onto its knees and praise Microsoft without hesitation. As usual.

This is a blog that mixes news, analysis and opinion. It is not the …

According to a news story at IT Pro, malware writers are doing a better job of making their code Vista compatible than the developers of the security software meant to protect users of the soon to be released operating system. Rene Millman reports that Tim Eades, a senior vice-president at security company Sana Security, reckons no less than 38% of malware is Vista friendly, if that’s the right word.

The fact that Microsoft has changed core pieces of the Windows architecture for Vista has meant that the security industry has found itself having to reengineer code rather than simply tweak it as usual. The result a longer than expected delay in getting product ready to ship, and a nice window (excuse the pun) in which crimeware coders can use the Windows Hardware Quality Labs lists to ensure that their much simpler code does work. It’s a catch 22 situation, and it’s the end user, early adopter of Vista that is likely to get caught.

So, will I be one of those early adopters? Will the laptop I am currently researching as a replacement for my Sony sub-notebook with the thumb pad I have completely worn away and the keys that are not far behind it in the component graveyard, be loaded with Vista? No, sorry, not me. I have a test machine with Vista running, and have had since the early Betas (all legit, technical review copy supplied by Microsoft to keep journos such as myself …

There can be no doubting that the Nintendo Wii, despite the still extremely silly name even after living with it for a couple of months, has been something of a gaming revolution. Not because of the power of the console, Nintendo has no gone down the Hi-Def, triple core, HD-DVD, Blu-ray, yada yada yada path of Microsoft and Sony, and it has done sales little harm. Nope, this revolution is being backed by good old fashioned fun.

The factor that has all but been somehow forgotten in the competitive rush to be crowned kings of gaming hardware, it would seem to me. yet the Wii is a revelation as well as revolution, anyone can pick it up and play. Literally. The controller makes playing any game both easy and incredible fun, and there are games aplenty to exploit the enjoyment.

Let’s face it, the Nintendo Wii is a family gaming sensation and there is very little that anyone can say about it in a derogatory fashion. And that's the problem. The parent company does well to keep out of the political battle of wills and dirt slinging competitions that one has come to expect from both Microsoft and Sony, preferring to let the games do the talking. So it should come as no surprise that we, the media, have to be a little more creative in conjuring up sensational, attention grabbing headlines (what did you think of mine, by the way?)

Which is why this week there …

Sex has been one of the silent drivers of technology for as long as I can recall. It might not get reported much, not least because many in the media would prefer to pretend it is not important and has no impact. But the truth is the adult industry has been a key player when it comes to the development and acceptance of technologies from the early days of the printing press, through to helping VHS displace the technically far superior Betamax format in the video wars all those years ago. Since then, sex has had a hand in getting DVD off the ground, developing ecommerce micro-payment and subscription mechanisms, and even the widespread popularity of the webcam driven website. It is no exaggeration, well OK perhaps a small one, to say that YouTube would not be here today if it were not for the work done by the adult industry yesterday.

Which is why, given that Sony has been bitten so badly once with the whole Betamax thing, I was so surprised when a friend and colleague turned me on to a revelation he picked up while attending the Adult Expo that (although you would not know it from the press coverage) runs at the same time as CES in Las Vegas. That revelation being that it appears Sony Corp has decided that its Sony DADC Global subsidiary, responsible for Blu-ray disc replication, will not duplicate ‘adult’ movies of a ‘certain rating’ or if they have …

No, with respect, that is the conclusion you draw by reading between the lines :)

The stuff about open source being more secure than Microsoft was a direct quote from someone giving evidence to the committee, not my comment. That's all I can think you might be talking about.