Posts by happygeek

It is either a clever bit of strategy or a shambolic u-turn depending upon your view of the company, but Microsoft has now formally abandoned plans to sell the controversial Windows 7 E edition in Europe.

Windows 7 E was going to be the special edition, for European customers only, which would come without the Internet Explorer 8 browser client. A response that was aimed at preventing the European Union from throwing yet more charges of anti-competitiveness in the direction of Microsoft, along with the potential of fines reaching into the billions of dollars for good measure.

According to the Microsoft Vice President and Deputy General Counsel, Dave Heiner, one of the reasons for taking the decision now to pull the plug on Windows 7 E was due to "concerns raised by computer manufacturers and partners" revolving around "the complexity of changing the version of Windows that we ship in Europe if our ballot screen proposal is ultimately accepted by the Commission and we stop selling Windows 7 E."

The ballot screen being the browser configuration option that Microsoft looks likely to adopt for Windows 7 and which would appear "shortly after new Windows PCs are set up by the user" according to Heiner. Microsoft hopes that this would make it obvious to Windows users that they have a choice of various browsers, although Internet Explorer 8 will be at the top of the list of the screenshot of …

Gary McKinnon is either a UFO-obsessed nerd who happens to suffer from a form of autism, or a fugitive from justice who was responsible for the biggest military hack of all time. The description varies depending upon whether you are a balanced individual with no axe to grind or the US authorities looking for a scapegoat to deflect the simple fact that their own cyber-defences are woefully inadequate.

Rather predictably, but nonetheless sadly, Gary McKinnon today lost his judicial review in London which he was hoping would allow him to be tried for his crimes in the UK rather than extradited to the US.

Look, I've been around the IT Security business for more than a decade, in fact fast approaching two now. I'm guessing that I know something about it, after all I am the current Information Security Journalist of the Year, an honour which I have been fortunate to have bestowed upon me twice in the three years since it has been awarded here in the UK. So it might surprise you to read that I am defending McKinnon, a hacker. Well the truth of the matter is that I am not. He is guilty as charged, he's admitted as much. He did hack into military and government systems to which he had no legal right of access. There is no arguing about that, and there should be no arguing that he deserves to be tried for this and sentenced accordingly. Whether that means prison time, …

Wanna fight? :) See http://www.daniweb.com/blogs/entry4595.html

There are two things you can be sure of about the annual Las Vegas Black Hat security conference: nobody will use the free wifi as they are all too worried about being hacked, and someone will demonstrate an exploit that will scare the living bejesus out of you. The latter has just happened for iPhone users.

One well known discoverer of such things, Charlie Miller from Independent Security Evaluators, has revealed how a vulnerability can give savvy attackers the ability to gain complete control over your iPhone without any action on the part of the victim. Yep, this is the mother of all mobile remote hijack exploits by the look of it. Using nothing more complicated than a specially constructed text message, Miller says that malicious code can be executed in order to crash the device at the lesser evil end of the scale or take complete control for the more malicious attacker. It is even possible to use the attack to send text messages on to everyone in the victim's contacts list so spreading the hijack quickly to many more handsets.

Miller has been able to demonstrate the vulnerability courtesy of weaknesses in the iPhone CommCenter service that has responsibility for SMS and wireless functionality. Amazingly this runs as root but is not limited by any kind of application sandbox, so Miller realised it was ripe for use as a remote control hacking vector. All that is required is a slight …

To be honest, these days it takes a new iPhone or maybe the latest Android-powered beast to get my smartphone pulse racing even if BlackBerry is the top of the smartphone pops in raw number terms. So news of a new BlackBerry, the Curve 8520 which was also know as Gemini during the many months of hyping that always arrives long before the actual product, was never going to get me all hot and bothered.

Indeed, for all intents and purposes the Curve 8250 is just another BlackBerry, albeit something of an entry-level model. I am told it will most likely be a free choice on most monthly network packages, which is just as well seeing as there's no 3G connectivity on offer. You do get WiFi, but that's not very clued up for something that purports to be a smartphone for the social networking crowd, now is it? Of course, the iPhone crowd in the UK recently had only WiFi access courtesy of the network provider failing to provide data for the best part of a day, but that's another story.

Sure, the QWERTY keyboard is a nice touch, although a full size touch screen keyboard such as found on the iPhone would be nicer. Sure, the Facebook and MySpace apps are cool if you use either of these services (what, no Twitter?) but no deal clincher I would have thought seeing as the BlackBerry App World dooberry allows …

I note that Apple makes a similar claim with "Mac OS X is designed with security in mind. Its built-in defenses help keep you safe from viruses and malware without the hassle of constant alerts and sweeps" although further down the same security puff page it does have a disclaimer which states "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection."

I don't think any OS can be bulletproof, certainly not for long. Give it market share of any kind, give it additional functionality of any kind, and the bugs creep in, the holes appear and the secure smokescreen is shattered.

What happens if you get caught out sharing copyright music or video online? If you live in Hull, in the north of the UK, the answer will probably surprise you. At the same time that most Internet Service Providers are applauding the recent Digital Britain report from the government which argued against the music industry 'three strikes' approach admitting this was not the government's preferred option, the only broadband ISP in Hull (yes really) has decided that even a three strikes option is too lenient.

If you want to get a broadband Internet connection in Hull then you have to go through the Karoo ISP as Hull is the only city in the UK which has a single, solitary broadband provider. This is because there are no British Telecom lines in the area at all, instead telecommunications and data services are primarily provided by Kingston Communications, and Karoo is part of Kingston.

According to the BBC Karoo is cutting off, without warning, those users who are suspected of file sharing. Copyright owners can notify Karoo of the illegal sharing, if it confirms the usage it will suspend the account. The customers are then asked to sign a legal waiver in which they promise not to do it again, and only then will Karoo reinstate the broadband service.

The BBC says that "some customers have had their accounts suspended for more than two years."

Surely such drastic and direct …

Adobe has issued a security advisory following the discovery of what it describes as a "critical vulnerability" which exists within the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) across all platforms, Windows, Macintosh and Linux operating systems, The same vulnerability can be found within the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems and has the potential to cause a crash which could then allow an attacker to take control of the system. Well, I say potential, but Adobe admits that there are "reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows".

Adobe goes on to confirm that it is "developing a fix" which it expects to be available by way of software upgrade by the 30th of July for Flash Player v9 and v10 for Windows, Macintosh, and Linux at least. Users of Flash Player v9 and v10 for Solaris will need to wait a while longer it would seem, and a confirmed date for the security update is still pending. Adobe Reader and Acrobat v9.1.2 updates for Windows and Macintosh users should be available on 31st July, although once more the date for Adobe Reader for UNIX users is pending.

In order to mitigate the threat in the meantime, Adobe recommends deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x …

I think the story is painfully hilarious in a sad kind of way :)

Well thanks for that O2, my iPhone was as much use as a chocolate teapot from lunchtime yesterday thanks to the pay monthly data network suffering a monumental failure. There I was, sitting in a (without wifi) Costa Coffee about to start an informal meeting with a potential client. I needed to check my email to confirm something with him, but wait, what was that my iPhone was telling me: unable to connect to the O2 data network? Surely some mistake. But no, a very embarrassing 30 minutes passed during which time I was unable to access the all important email, or anything online for that matter. Eventually the potential client and I decamped to the nearest pub which had wifi. Luckily it was operated by The Cloud, which means as an O2 iPhone pay monthly customer I get free access. Even more luckily, it was actually working.

I got the email, the meeting went well, and set about trying to find out just what the hell was going at O2. A quick call to customer services turned out to be nothing of the sort, I guess everyone with an iPhone was doing the same thing. A check on the web didn't turn anything up at this point either, but logging on to Twitter I discovered a tweet from the official O2 feed which simply stated that the company was "having a problem with Pay Monthly internet access, this will affect MMS too. Sorry - …

With some 11.5 million subscribers playing it worldwide, there is no denying that World of Warcraft is one popular online game. Nowhere more so than in China, where it has been reported around 5 million of those subscribers are based. It should come as no surprise that not everyone in China is a fan, however. Unfortunately for game developers Blizzard Entertainment it would appear that the Chinese government might be in the dislike camp, no surprise there then.

A planned upgrade to the game which involved moving to a new operator in China, an online gaming outfit by the name of NetEase, has been anything but easy. Because it is a foreign game, and the move to a new local operator makes it a new foreign game for good measure, the Chinese government get to put it through a strict approval process.

Some six weeks on, during which time the game has been offline in China, there is still no sign of World of Warcraft getting the approval it needs. The problem being that the Chinese government has objected to some of the new content to be found within the upgraded game, although neither it nor the local operator and Blizzard are saying what is so objectionable. I guess the approval process itself has now become something of a multi-player game, with diplomacy being the most effective weapon against a much more powerful player.

Once the changes have been made, of course, the …

Usually quarterly spam trend reports from security vendors are, how can I put this nicely, actually I can't so I will just have to say it as it is: bloody boring and mostly pointless. However, the latest such report to fins its way into my mailbox from Sophos caught my attention because right from the get go it went on the attack, and the target was none other than US President Barack Obama.

Now just the what the heck Obama has got to do with spam, other being one of the names that crops up in spam subject fields to try and get past junk traps and attract reader attention, was at first a little puzzling. Then I read on and realised that what the accompanying press release was actually saying is that it is all very well for Obama to give one of his eloquent and forceful speeches but maybe glass houses and throwing stones should be remembered here.

Obama said that it was the "great irony of our Information Age" that the "very technologies that empower us to create and to build also empower those who would disrupt and destroy" continuing that this paradox both seen and unseen "is something that we experience every day." Unfortunately, much of the disruption would appear to be coming from within the US itself.

Referring to the spam trends report for the second quarter of 2009, which showed that the US contributed some 15.6 percent …

Anyone else getting pretty fed up with the number of headlines both online and in the print media which have been exclaiming 'Twitter hacked' this week? I have even just got a press release, from a storage systems company of all things, that has the strap line of "Twitter hack caused by lack of security" and starts "News that Twitter has been hacked yet again comes as no surprise." Well it comes as something of a surprise to me, to be honest, not least considering that Twitter has not actually been hacked at all.

It is surely stretching both journalistic and marketing license to the limit to proclaim that Twitter has been hacked when in actual fact the security breach was concerning a Google Apps account? Yes, that account was operated by a Twitter employee and, yes, the 300 Google Docs documents stolen include projected Twitter annual revenues for 2013.

Embarrassing for the chap concerned without a doubt, not the greatest thing that can happen to a company for sure, a Twitter hack? Not on your nelly.

Twitter founder Biz Stone concedes that "an administrative employee here at Twitter was targeted and her personal email account was hacked" which allowed the hacker to gain enough personal detail to "access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company." Specifically, the employee used the same non-unique …

Another of those security trending reports has dropped onto my desk, this one coming from PandaLabs which is now apparently part of 'Panda Security, The Cloud Security Company.' Jeez, someone needs to give the marketing director a kick up the pants for that one. Anyway, back to the report: it seems that during the second quarter of 2009, Trojans accounted for 70 percent of all new malware detected. No surprise there then.

The PandaLabs Quarterly Report also 'reveals' that the malicious use of Twitter is a problem. Meh. Sure, we have seen cross-scripting worms from Mikey, and BlackHat SEO attacks where the trending topics list is targeted. But my hunch is that actually we haven't seen the half of it yet as far as Twitter malware and spam is concerned. The second half of 2009 could be, er, interesting to say the least. Given the number of followers that want to show me their naked pictures or help me get more followers, and not forgetting the hashtag marketing campaigns from the likes of Moonfruit, I expect that 2009 will be the year that Twitter spamming becomes de-rigueur with the junk marketing morons.

Did the report reveal anything else interesting? Not really, although there was a 6.25 percent drop in reported spyware which means it now accounts for less than 7 percent of all new malware. Does this mean that the bad guys are losing? No, it just means they are …

Thanks for the update Joe.

A 118800 spokesperson has denied reports that number removal requests are to blame for the prolonged downtime. She told El Reg http://www.theregister.co.uk/2009/07/13/118800_failure_encore/ that it was "was suffering technical problems caused by a rushed launch" and went on to blame bad press reports. Meh.

It launched in a flurry of controversy over privacy issues, but within weeks of going live the 118800 mobile phone online directory service has been suspended. Although the official reason for the, so far, 3 day unavailability of the website is being given as "undertaking major developments" to the beta service, off the record reports suggest that the real reason could be the sheer number of people logging on to request that their own numbers are removed.

The holding page at 118800.co.uk currently reads:

"The 118 800 service for mobile phone connections is currently unavailable - from this website and by phone - whilst we undertake major developments to our 'Beta Service' to improve the experience for our customers. We'll be back as soon as possible with the new improved service. All ex-directory requests made by people in our directory to date are being processed. There will be no need to resend these requests. And we will take further ex-directory requests when the service resumes. We will not be taking ex-directory requests by phone or text whilst the service is not operational."

Despite being given the OK on privacy grounds by the Information Commissioner's Office in the UK, the 118800 has not been warmly welcomed by privacy campaigners and many individuals alike. Not least because it purchased something in the region of 16 million mobile phone numbers from market research firms and online businesses that require registration in return for services supplied. 118800 itself has …

Last weekend Twitter was apologising for accidentally suspending a number of user accounts due to human error. Now it is suspending accounts again, but this time there is no error: Twitter is getting serious about malware.

In a status posting on Thursday July 9th, Twitter admitted that it had come under attack from Koobface malware which works by sending bogus tweets from infected users' PCs to further distribute itself. "We are currently suspending all accounts that we detect sending such bogus tweets" twitter stated, adding "If we suspend your account, we will send you an email notifying you of the suspension. This email also includes tips for removing the malware from your PC."

Koobface will, of course, be familiar territory to Facebook and MySpace users after it first invaded the social network space last year with messages proclaiming such things as 'Paris Hilton Tosses Dwarf On The Street.'

Now the Twitterverse is getting a taste of the Koobface menace, and although the actual messages being tweeted do vary a common thread seems to be the 'see my private home video' line according to security researchers. Some have even resorted to using the death of Michael Jackson to try and lure people into clicking through to what they think are video clips but which will actually just infect their computers with Koobface. The fact that the message is coming from someone who you follow, who belongs to your network of Twitter friends, makes it …

In what must go down as one the biggest tech u-turns of the century so far, the ISP that was quite happy to undertake Internet snooping trials without informing those customers being spied upon has changed its mind about Phorm WebWise. BT, the biggest Internet Service Provider in the UK, has dramatically dropped plans to roll out the Phorm deep packet inspecting WebWise behavioural advertising Internet usage system completely.

This after it defended its position with regards to those secret trials, and proposed usage of Phorm to spy upon its members, through a furious media backlash, a police investigation which was eventually dropped and even through a high level privacy breach investigation which went as far as the European Union Commissioner for Information Society and Media, Viviane Reding, who decided that the trials were, indeed, illegal under European law.

The EU Commissioner said "I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications" but BT remained unphased.

All the while it stood firm, shoulder to shoulder with Phorm, and insisted that it had done nothing wrong and was acting in the best interests of its customers. Yeah right, I remain unconvinced that the Phorm argument of 'as you browse, we're able to categorize all of your Internet actions" is in my best interest.

And then, …

link fixed. :)

OK, so Firefox 3.5 is out and looking good but why should Opera care? After all, the alternative web browser from years back has long since lost that title to Firefox, at least as far as the desktop is concerned. But what about in the mobile market? Opera has been making real progress in penetrating the mobile device embedded browser market. It isn't Firefox 3.5 which should be worrying Opera but rather another Mozilla release: Fennec.

The Mozilla mobile browser has been released in Alpha form for Windows Mobile, as well as a Beta for Maemo (Nokia's software and development platform) although the two share the same code base. According to Stuart Parmenter, Mozilla’s mobile team technical lead, it has been working on "improving the user experience, replacing our old theme with a much nicer looking one and fixing numerous usability issues. We’ve continued to increase performance and responsiveness. We’ve revamped how you install Add-ons, improved our download manager and the whole look of the application. We’ve started work on making forms on web pages easier to use, providing a nicer combo box UI than before."

Fennec is also already starting to get some add-ons built by the developer community which take advantage of new location aware APIs to bring mapping and information to where the user is, as well as things such as a Twitter client which adds the ability to post drawings as tweets.

Although it is early days …

Done.

Facebook entries which include pictures of middle-aged men in Speedos should be taken down as a matter of course.

Much of the premise of Twitter is, of course, self-promotional. Heck, all those celebs aren't in it just to make new friends are they?

However, while the Moonfruit promo was clever marketing in the short term I am not convinced it was great brand treatment overall.

Certainly there has been a lot of Twitter backlash against the hashtag spam concept however it is served up. While Moonfruit is not alone in participating in this particular social media marketing concept, it is the brand that the vast majority of Twitter using folk will associate with it currently.

Is that good for a brand, I'm not so so sure it is. Is it good for Twitter, I am convinced it is not.

You might wonder why a 10 year old web building business managed to become the number one trending topic on Twitter this last week, with the moonfruit hashtag being tweeted in excess of 10,000 times an hour at one point. The answer is not as straightforward as some would have you believe.

OK, the facts of the matter seem pretty simple: the Moonfruit marketing department decided to run a 'competition' to celebrate 10 years in business whereby anyone who included #moonfruit in their postings on Twitter would be entered into a random draw. The prize, spread across a 10 day period, would be 10 MacBook Pros.

With more than 200,000 such postings a day at the peak of this moonfruit madness, the chances of winning one of the prizes was less than 1 in 200,000 which are pretty slim odds. The chances of losing friends, however, are much higher. Reading some of the comments from those people I follow on Twitter, a surprisingly large number were expressing their displeasure at this latest bit of hashtag marketing.

Someone, and I apologise in advance for not being able to recall who, calculated that the Moonfruit campaign had effectively bought media impressions at a CPM rate below 50 cents, which is so low as to be in the spam sector. The truth of the matter is that it must also have caught the attention of others, after all there are not many places on the Internet where you can get …

Everyone knows that the iPhone 3GS only comes in black or white varieties, but some unlucky users are claiming to have got their hands on a pink version. The thing is, these started out as bog standard white models but, according to some reports, they get so hot during extended use or when GPS applications are running that they start to glow pink!

The iPhone 3GS, which is currently totally sold out here in the UK, is twice as fast as the previous model. It is also twice as hot, too hot for some users to hold against their ear when making a call. Other users are complaining that when they run mapping software or any application that makes extensive use of the built-in GPS technology, the back of the device literally becomes too hot to handle.

So what is happening here? Apple itself is saying nothing, for now, but you can bet your bottom dollar that it is investigating the claims. Some are saying that it could be an iPhone 3.0 software problem, but that would seem very unlikely. Because not everyone with a new iPhone 3GS seems to have a hot pink model, and because there are also reports of the battery life being worse rather than better, as claimed, than the iPhone 3G there is some speculation that this could actually be a battery related problem.

Certainly there have been plenty of examples of overheating batteries causing problems with mobile …

No sooner had the news of the untimely death of Michael Jackson hit the Internet than the vultures started circling. For once it was not the gossip columnists and tabloid journalists digging up the dirt, but rather spammers and hackers looking to exploit a golden opportunity to distribute their wares and expose a very sick sense of humour.

The very fact that there has been so much media coverage of the Michael Jackson death, and at around the same time Charlie's Angels actress Farrah Fawcett lost her battle for life, pretty much paved the way for the spammers to be honest. Any campaign could be guaranteed a boost in click-throughs just by linking it with those deaths, especially Michael Jackson of course. But a more sinister trend also started to emerge over the last week, with emails arriving in my inbox which claimed to link to news stories and videos carrying exclusive breaking news of other celebrity deaths. Of course, the celebs in question were alive and well - and the links were the usual malware infested crap, but people would still be clicking through, bet your bottom dollar.

Perhaps the sickest twist has hit Twitter though, not least because there is no malware payload and no spam to shift. In the past I have put forward the theory that celebrities might be killing Twitter but now it seems that the reverse is true. Some folk have been hacking into celebrity accounts and announcing …

Am I surprised that many 'IT Security Professionals' appear to have had a common-sense bypass when it comes to the security of their own mobile devices? Nah, not really. Look, we already know that 88 percent of web users are morons and 93 percent of IT Admins are idiots so why should IT security pros be any different? The Mobile Usage Survey from endpoint data outfit Credant suggests that this particular group is suffering from password fatigue when it comes to their business smartphones.

Apparently some thirty five percent of those asked revealed they had not ye got around to using a password on their business phone or smartphone, despite also admitting they knew they should do in order to protect the confidential information contained upon the devices. In fact, according to this survey at least, IT professionals are "only marginally better at using passwords than the general population." Which is kind of worrying, given just how crappy the average password actually is.

The worst culprits when it comes to mobile security within their companies seem to be the sales teams who really suck at it, closely followed by the board of directors and senior management. And the best? Well the survey reckons that Human Resources best manage to keep their mobiles aligned to the corporate mobile security policy.

Andrew Kahl, Co-Founder of Credant Technologies told me "It is alarming to note that the very people who are responsible for IT …

The privacy invading nonsense that is the controversial UK ID Card Scheme could be scrapped by this time next year. With the chances of the Labour Party being returned to power looking very slim indeed, the chances are that a Conservative Government will be voted in. Which is good news for privacy campaigners as the Shadow Home Secretary, Chris Grayling MP, has confirmed that his party will scrap the ID Card Scheme if and when it gets elected.

The suppliers which have been bidding for the contracts to provide ID Cards have all been contacted by Mr Grayling who has warned them to not bother with further contract negotiations as the plans will be kicked to the kerb when the Tories win the general election.

In a statement on the Conservative Party website, Grayling says "we intend to scrap the ID card project as one of our first acts if we are successful at the election" adding a warning about making contractual arrangements with the current Government by stating "I want to make the contractors absolutely aware that we do not intend to complete this work."

There is little doubt that when it comes to consumer satellite navigation devices, TomTom pretty much rules the roost. There is equally little doubt that in the past it has made some pretty serious mistakes, such as introducing the world to the first virus infection distributed by a satnav device. But surely introducing the voice of Homer Simpson to announce your driving directions has to go down as the biggest mistake so far.

Not a financial mistake, that's for sure. By doing a deal with Twentieth Century Fox Licensing and Locutio Voice Technologies, TomTom has pulled off something of a commercial coup by getting the genuine and original voice of Homer Simpson, as recorded by Dan Castellaneta, onto its devices. The fact that it can charge owners who want to upgrade their units to the new voice a none-too-shoddy UKP £7.95 to download the voice files almost guarantees a nice little earner I suspect.

However, I also suspect it will not be long until we hear of someone blaming Homer Simpson and the satnav through which he is speaking, for an accident. After all, while it is very funny (at least the first time) to hear Homer saying such things as "take the third right. We might find an ice cream truck! Mmm…ice cream" it is also hugely distracting if you are actually trying to get from A to B. Let's face it, drivers really do not need any additional excuse for satnav inspired …

Everyone knows that China is not exactly the most Internet friendly country, in fact the Chinese government pretty much hates it. Despite being a truly connected superpower, the Chinese government has already declared war on Internet porn. Of course, the Internet is a cool tool when used as a weapon by the army of Chinese government sponsored hackers against other countries.

Now it seems that the Chinese authorities are turning their weapons of mass censorship on all citizens. It seems that as from next month, every PC sold in China will have Green Dam software installed. Green what? Well, the software will be installed under the direct orders of the Ministry of Industry and Information Technology. What does it do, I'll give you one guess? yeas, that's right, it censors the Internet automatically. The blocking software is being touted as a simple pornography filtering tool, but just happens to be developed by a company called Jinhui Computer System Engineering which is thought to have ties to the country's military. A spokeswoman for the company, Miss Zhou, however let slip that it will "automatically filter pornographic images and antirevolutionary content" and add that this was "very good news for users, so they should not uninstall it."

Yeah right.

As well as Green Dam, PCs will also come pre-installed with Youth Escort. This one filters out rude or "subversive" words. Nice.

Lenovo is said to be participating in …

Oh boy, this one just gets worse and worse: looks like the boss of the company that developed HyperVM has killed himself. He was found hanged in his Bangalore house.

Hackers managed to get root access to a large Internet Service Provider, reportedly via a zero day vulnerability over the weekend, and destroy data from 100,000 websites as a result. The UK-based ISP, VAServ, has stated that the attackers apparently exploited a vulnerability in virtualisation software called HyperTM in order to gain access to the servers.

It would appear that around 100,000 of the websites hosted at Vaserv had data destroyed in one hit on Sunday, possibly courtesy of a recursive delete 'rm -rf' Unix command. Unfortunately, many VAServ customers have an unmanaged account with no data backup. It is estimated that half the sites hosted at VAServ are still offline as a result.

The compromise has all the hallmarks of being a highly targeted SQL injection attack on the ISP's central management software, a deliberate infrastructure breach rather than kiddies doing random scanning according to a spokesman for VAServ.

A VAServ statement admits "We have worked tirelessly through the night and over the last 48 hours to recover as many VPS as possible. However, we have now reached the end of all of our servers, and as such, if your server is not currently up, or not partly up (i.e. it is up but not working due to a configuration issue) then it is unfortunate that you will have lost your data due to this third party attack."

Bruce, I don' t think we disagree here. I am also arguing that O2 is wrong to be treating customers as they are and should be offering a discount of some sort for loyal customers to upgrade.

Perhaps I should have said 'I don't think any reasonable person is asking for a free upgrade' instead :)

I don't think anyone is asking for a free upgrade, but rather an upgrade route other than "pay off existing contract in full, pay for new contract in full, pay full price for new iPhone hardware" which is where O2 is at. Surely it would be reasonable, in terms of customer loyalty/relations, to say to those folk who are say 12 months into an 18 month iPhone 3G contract that they can upgrade at a reduced cost? Even if that reduced cost is the same as paying off the six months remaining and getting the handset at half price or similar, anything would be better PR than the media crapstorm that is raining down on O2 right now.

I guess that is what you might call a turn up for the books, as the US Department of Homeland Security announces the 16 members which have been sworn in to serve on the Homeland Security Advisory Council. Especially when you consider that one of them, Jeff Moss, is best known for being the founder of the Black Hat and DEFCON hacker conferences and something of a hero to the hacker community. At DEFCON there is even a 'spot the fed' competition where prizes are awarded for those who can pick out undercover FBI agents in the crowd.

The official announcement explains that Moss has "also worked for Ernst & Young, LLP in their Information System Security division" but fails to add that he used to be known as Dark Tangent to the hacking community. Not that I think this is a bad thing, indeed as DHS Secretary Janet Napolitano said while congratulating the 16 members: "the unique insights and expertise of this diverse council will be a valuable resource." With increasing concerns over cybersecurity issues, it makes sense to have someone with a grasp of the dark side as it were and I am sure that Moss will give valuable advice to Napolitano in this regard. I'm also sure that there will be a few raised eyebrows amongst the likes of

HSAC chairman, and former CIA and FBI Director, Judge William Webster, or New York Police Commissioner Raymond Kelly for example. …

Liam, on the second point: why is it unreasonable to withdraw the product (no matter how many users there are) after a period of time? I'd agree if the Russians were talking about withdrawal of support for XP, but they aren't they are complaining about the product itself coming off the retail shelves.

Isn't it amazing just how attached so many people are to Windows XP given that it is relatively old and relatively insecure? I will even admit to having a netbook which runs very nicely on XP thank you very much, and have no plans to 'upgrade' this to Vista or Windows 7. The Russian government, in the shape of the Federal Antimonopoly Service (FAS), does not seem to keen on Vista either. Actually, let me rephrase that, it does not seem too keen on Microsoft forcing people into buying Vista by retiring Windows XP. Somewhat incredulously, it is investigating Microsoft with a view to filing formal charges revolving around an abuse of a dominant market position.

The argument seems to be that there was still considerable user demand for XP back in June 2008 when it was dropped from retail sale by Microsoft, thus creating a demand for Vista which did not exist at the time. There is also anger over computer vendors being allowed to downgrade from Vista to XP which apparently violates Russian antitrust laws in some way, possibly the charging of different prices for a product.

Is it just me, or does this seem to be taking Microsoft-bashing to a whole new low? Is it really that unreasonable for a company to withdraw an older product once a newer one has been on the market for a while? Is it really unreasonable for a company to allow vendors to …

Here we go again, it is silly season at Apple as an iPhone application feeding news from a civil liberties organisation is banned and Hitler gets the blame.

Just two days ago I posted a news story entitled 'You don't have to be easily offended to be an iPhone app approver, but it helps' which explained how an eBook reader app was banned because it might be used to view sexually explicit texts. This coming on top of other mad decisions, apparently taken to protect those who are prone to be offending by everything, such as banning a game featuring Barack Obama bouncing on a trampoline and another paying homage to South Park, the hugely popular cartoon series aimed at adults.

Now it would appear that the Apple iPhone app approvers have decided to play up to their easily offended stereotype by banning an application which displays news content from the Electronic Freedom Federation RSS feed on the iPhone. The EFF, of course, are a long established civil rights organisation which deals with freedom as far as the online realm is concerned. Could be quite the wrong target to pick upon, you might imagine, if the reasoning behind the ban was not 100 percent watertight.

Oh dear, Apple, looks like the water is pouring in on this one: the application was banned on the grounds of objectionable content. In this case, that content was a link to a parody video made …

Ever wondered just how big the Internet is? I know I have, and during my search for an answer I have discovered along the way how fast it is and how much spam it produces. But now I know how big it is as well.

When it comes to size, however, then you have to consider the metric upon which the measurement is based. Is it the number of websites, or maybe the number of people connected to it? How about the number of domain name registrations, which actually seems like a pretty good way of seeing the Internet in terms of capaciousness. Which is a bit of luck, because VeriSign have just told me that the Internet is 183 million big.

That is the number that came from the first quarter Domain Name Industry Brief for 2009 which also revealed, no great surprise, that .com remains the most popular of Top Level Domains followed by .cn, .de and .net of which the Germans hitting the third spot was probably the biggest surprise of the lot.

This first quarter 2009 figure represents a three percent increase over the fourth quarter of 2008 and a 12 percent increase over the same quarter from last year. Looking at the figures in a little more depth, Country Code TLDs (ccTLDs) rose to 74.1 million domain names during the first quarter, a four percent jump from the previous quarter and an 18 percent increase year over year.

Someone at Apple really does need to take a closer look at how they choose the people who work as iPhone application approvers, either that or take a chainsaw to the approval process guidelines and start again but when sober this time.

Look, much has been written about the madness that is iPhone app approval. Remember the fuss about a bouncing Barack Obama or the South Park application which were banned in case they offended anyone, for example?

While these examples are enough to make you wonder if the app testers jump and scream when confronted by their own shadow, the strange case of Eucalyptus really does suggest they get someone to go through the daily newspaper with a magic marker to remove anything vaguely worrying before reading it each morning, such a state of permanent nervousness they must be in. Eucalyptus is an ebook reader app, pretty harmless you might think. Surely it would fly through the approval process as long as it actually worked according to the Apple developer guidelines? It did, work that is not get approval.

Why did this ebook reader client not get approval? Well according to reports it was because it could be used to view pornographic material. Not that it contained any porn, you understand, but because one of the ebooks you could download and view with it was the Kama Sutra. The client itself comes with no content, but it can download titles …

Here is an interesting dilemma: if 99 percent of Generation Y consumers have an active social networking profile, why do only 22 percent of them use Twitter? Could it be that celebrities are killing the micro-blogging service?

A newly published study by the Participatory Marketing Network and Pace University reveals that while Twitter has undoubtedly caught the attention of many, including the media, the 18 to 24 year old age group just do not get it.

Interestingly, 89 percent of the same group have downloaded at least one app to the social networking profile page, with photos, games, entertainment and news being the most popular. 38 percent of these young consumers own an iPhone or iTouch, and for them mobile social networking has become an important part of their lives with games, entertainment and lifestyle applications topping the usage list.

So if Generation Y is into social networking, and loves participating via a mobile device such as the iPhone, what on earth is holding them back from simply loving Twitter which would appear, on face value, to be purpose built for them? Worryingly for Twitter this is not an isolated bit of research, another study from Pew six months ago concluded pretty much the same with 19 per cent of 18-24 year olds using Twitter back then.

What is the problem with micro-blogging? "Could it be that between texting and social networking there is little need?" asks Michael Della Penna, PMN co-founder? Given the …

Moazzam Begg, former Guantanamo Bay detainee, is set to go back to the now closed suspected terrorist prison camp. But this time his stay will be purely virtual, on the Xbox 360.

As strange as it might sound, a new computer game is being developed based upon life in Guantanamo Bay according to reports. 41 year old Brit Begg spent the best part of two years there, detained as a terror suspect. He was eventually released without charge.

Game play will not, however, revolve around lengthy political campaigning, nor indeed water boarding or other torture activity. There is no word on whether players will be able to adopt the role of a soldier and take photographs of prisoners being abused either. All that is clear so far is that players will be able to shoot their way out of Guantanamo Bay on the Xbox.

The former prisoner does have a financial stake in the game, although he has stated that no money has yet exchanged hands. Begg says "My first response was hesitation - I was worried that it might trivialise my experience. I'm involved to make sure it is as true to life as possible."

Zarrar Chishtim, director of T-Enterprise which is developing the game, says that players will
"start with the orange boiler suit, cuffs and earmuffs" and is at pains to point out that no British or US Army soldiers get killed, only mercenaries hired by the private …

A new Symantec survey has discovered that people are more likely to check the oil in their car than they are to back up valuable data. When you consider that our computers are so much more than mere work machines, that they have become very much woven into the fabric of our lives as both 'life storage' facilities and some might even argue 'emotional hubs' that contain our digital souls, it is rather surprising that we are so lax about backing it all up.

But, despite admitting to feelings of anger and upset when data is lost, the survey participants are quite clear about it: only 34 percent make regular data back ups, and only 22 percent back up all their data. Of 1000 people surveyed, 38 percent said that yes they had lost files and the average cumulative replacement cost for a UK user when it comes to all the data on their PC was a hefty £1258.

The most expensive data to replace was video which worked out to £158 for all recorded TV content on an average PC, with home videos adding another £108 and £101 for downloaded movies. Household information beat off the music in the replacement costs stakes, at £85 on average for documents compared to £80 for the tunes.

Forget the money, honey, as Symantec’s survey also confirmed a strong emotional connection to the huge range of personally significant files stored on PCs. Losing photos, personal information, …

Do you wear a tinfoil hat by any chance?

The FBI has confirmed reports that it was forced to shut down it's external unclassified email network "as a precautionary measure" following the discovery of a virus infection. I am led to understand that the particular virus concerned has been identified by the FBI but this information has yet to find it's way in to the public domain.

What most certainly has, however, is the admission by the FBI itself that it was some 48 hours after identifying the issue and mitigating the risks before email traffic was 'largely restored' to the network which is used primarily for routine communications and messages. The FBI told us that it is "important to note that the FBI's internal, classified network is where communications and e-mail about sensitive and investigative matters take place and was never affected."

Yet full functionality has yet to be restored to that unclassified network, in what must go down as a huge embarrassment for the Feds. An official FBI statement states that "Out of an abundance of caution, the FBI has temporarily self-imposed a limit on sending and receiving attachments on our external, unclassified network to give our technicians time to scan all the attachments that came into the e-mail system to make sure we have identified and mitigated all threats to the network."

We wonder, could it have been conficker? After all, it pretty much managed to sink the Royal Navy fleet comms system a few months back.

The latest Symantec MessageLabs Intelligence Report has landed on my desk and makes for the usual rather depressing reading. I guess that most depressing of all, if not surprising when you take a look at your inbox or worse still your junk folder, are the figures relating to spam activity during May 2009.

It would appear that spam has managed to hit a new low by reaching a new high, and what a high: up 5.4 percent on the previous month to peak at representing some 90.4 percent of all email by volume. That really does suck elephants through a straw backwards, only 1 in every 10 emails not being some unwanted junk mailing. Sigh.

What is odd, however, is the fact that the report reveals the majority of the May increase comprised of messages with hardly any content at all beyond a subject line and a valid URL in the body. Saves having to have it translated into English I suppose. Perhaps not so odd the fact that every URL pointed towards a different, yet active, social networking profile which would appear to have been created using automated CAPTCHA-cracking tools.

“As spam levels continue to increase, we are seeing existing attack techniques combine and morph into one” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. “In 2008 CAPTCHA-breaking, social networking spam and the use of webmail for spamming all became popular tactics. Today, the bad guys are using the three together as …

I have to admit that I Tweet from pretty much anywhere and everywhere, the beauty of the medium is that you don't know if I am on the toilet or in the theatre, at my desk or naked in my bed. Or, for that matter, even on holiday. A survey from online travel site Lastminute.com reckons that British holiday makers in particular are failing to relax while vacationing because they insist on sending updates to Twitter while away.

How sitting on a beach somewhere with an iPhone in one hand and a cold drink in the other constitutes failing to relax is beyond me. Heck, sending all my friends (virtual or otherwise) a Tweet saying "having a great time, wish you were here" sure beats the hugely non-relaxing task of writing postcards to them all.

According to the Lastminute survey, around half of Brits will check email or send texts while on holiday, with 42 percent of the younger generation updating blogs or Twitter feeds. A figure that is expected to go upwards this year with the recession forcing more people to spend their holidays in the UK rather than splash out on overseas travel.

As for the suggestion that I should take a "Long Tweekend" and turn off all my gadgets for a couple of days break, have they gone mad? I probably would, go totally insane that is, if I were to be completely gadget free for 24 hours let alone …

There has been no shortage of data loss by the military over the last year or so, from US Army files found on eBay MP3 player through to more than 600 laptops going missing from the UK Ministry of Defence. However, usually these losses concern data such as names and addresses, maybe some financial information. Serious enough to bring more than a small amount of blushing to the cheeks of those responsible for securing such information in the first place. Imagine, then, just how embarrassed the Ministry of Defence must be right now after it has emerged that no less than three unencrypted hard drives containing highly sensitive data have been stolen from the Royal Air Force.

When I say highly sensitive, I do not mean in the perhaps expected manner of pertaining to military movements or technology. Oh no, much more sensitive than that. Apparently the data concerns files appertaining to drug taking by staff, extra marital affairs and the use of prostitutes. All the information was gathered when RAF servicemen and women underwent a vetting process for high security clearance it seems.

An internal Ministry of Defence memo claims that the details could be front page news as it relates to very high ranking officers amongst the 500 staff concerned. The memo states that "The data is not routine vetting information, but relates to those cases that have been referred to RAF because the individuals have serious vulnerabilities that affect their suitability …