Posts by happygeek

It has been estimated that something in the region of 70 percent of the ATMs in current use are based not on the proprietary hardware, software and communication protocol platforms of old but instead on PC/Intel hardware and commodity operating systems, the most popular being Windows XP embedded. In fact, it is not too much of a stretch of the imagination to think of these ATMs as being simple PCs running simple PC operating systems and using the standard Internet Protocol that we are all used to. Of course, all this is housed in a very secure vault-like box along with some additional peripherals, which makes it all OK. Or does it? According to Network Box, a managed security services company which has just published a white paper on the subject of IP-ATM security, banks and financial institutions are failing to properly secure their ATMs, leaving consumers' personal details vulnerable to hackers. The report itself actually cites three main threats to ATMs: internet protocol (IP) worms; disruption of the IP network and denial of service; and the harvesting of consumers' transaction data for malicious purposes. The latter could result in hackers being able to collect consumers' personal details, such as their card number, account balance and transaction history.

Network Box say that the migration towards commodity-embedded hardware platforms, commodity operating systems and standard IP networking across the last five years is to blame for the increase in exposure as far as the security risk is concerned. They …

IT security and control outfit Sophos has revealed the results of a poll that shows the number of people who believe that Apple Macs will be increasingly targeted by cybercriminals in the future has risen from 79 percent two years ago to 93 percent now. Sophos undertook the poll as the first financially motivated malware for Mac OS X was discovered. It also, without much surprise, suggested that half of us do not think that Mac users will face as big a cybercrime problem as Microsoft Windows users.

OK, so the results are not exactly earth shattering stuff when it comes to surprises, but it does tend to indicate that Apple Mac users are now a lot less optimistic than they were just a couple of years back and that the spectre of Mac malware attack is now hanging over their heads.

“Although we have seen the first attempts by criminal gangs to make money through Mac OS X malware, there is still only a tiny number of viruses and Trojan horses for Apple Macs when compared to Windows PCs. It seems unlikely that the Mac virus problem will ever be as big as the Windows one," said Graham Cluley, senior technology consultant for Sophos. "Yes, the Macintosh malware threat is a concern - but it's important to put it in perspective. Mac users now have the opportunity to prove their smarter than their PC cousins by putting the proper defences in place and stopping the …

Security researchers at Sophos Labs have revealed that nearly 70 percent of all Linux honeypot infections are caused by a single virus. Perhaps even more shocking, all things considered, is the fact that the virus in question, Linux/Rst-B, is actually six years old now. So concerned is Sophos at this identified trend that is has now made a specific tool available just to detect whether this one virus is present on your Linux based computer or server.

The fact that Linux servers are of great interest to the cyber-criminal fraternity should come as no surprise, after all these are likely to be 24/7 running machines and because the general (misplaced) perception is that Windows based systems are inherently insecure and Linux ones the opposite, protection against malware attack is sadly lacking. The cold, harsh truth is that Linux systems are pretty much ideal for being compromised for use as a botnet controller, ironically more often than not being in control of a virtual army of infected Windows PCs.

"The number of malware programs in existence is around 350,000, and while only a very small number of these target Linux, it seems as though hackers are taking advantage of this false sense of security," said Carole Theriault, senior security consultant at Sophos.

Meanwhile, Billy McCourt, a SophosLabs UK researcher, wants your help to determine just how prominent these Linux based botnet controllers are. In order to do this he is asking that anyone who …

It has been a couple of months now since a Russian security researcher, Evgeny Legerov, confirmed that the widely deployed media software RealPlayer was vulnerable to a zero-day exploit. The Russian company, Gleg, is in the business of selling information on such exploits and security flaws. Unfortunately, according RealNetworks's Vice President Jeff Chasen, Gleg has been unwilling or unable to provide the necessary data to allow the alleged gaping security hole to be patched despite repeated requests from both RealNetworks and CERT. Gleg has, on the other hand, posted a video showing the heap overflow/code execution exploit in action.

According to Chris Wysopal, CTO for application secure code testing company, Veracode, it was only ever a matter of when rather than if the zero day exploit commercial market would find a vulnerability in widely deployed software such as this. "We don't know when this unpatched RealPlayer vulnerability was introduced into the code" Wysopal says "It has probably been latent for many months. Real's customers were vulnerable as soon as they downloaded this version of RealPlayer. There is currently knowledge circulating in criminal circles and attackers are using it to compromise Real's customers."

The fact that Gleg apparently knew how to reproduce this problem at least a month beforehand, but did not inform the vendor, is quite frankly appalling. Indeed, there appears to be a legitimate concern over what benefit the customers of Gleg, who were informed about the problem, would get by having such client side exploit information …

Oh the irony. Windows Vista Service Pack 1 is, quite rightly, being pushed hard on the merits of the numerous security improvements over the original release. However, despite the fact that Vista SP1 will not be made available to end users until March, because it has just been released to manufacturing I guess it should come as no surprise that it has also already hit the pirate download sites. Indeed, BitTorrent tracker sites report hundreds of seeders and hundreds more lechers within 24 hours of that RTM release. It would appear that what is circulating here, as a 2.9GB file, is a full Vista install with SP1 included. So at least honest users who wait for the SP1 upgrade pack will not have to jump through the same install hoops as the pirates who will see all the data on their primary hard drive erased.

But what of those security improvements, will they be worth waiting for? You betcha. Vista SP1 brings the ability, at last, for security software vendors to interact in a more purposeful and secure way with the Windows Security Centre for a start. BitLocker drive encryption is beefed up with additional multifactor authentication combining a Trusted Platform Module (TPM) key with a pin-protected startup key stored on a USB device. Talking of TPM, a redesigned random number generator strengthens the cryptography platform using AES based pseudo-generation from NIST special publication 800-90. Remote Desktop Protocol files can be signed to improve security, and third-party security applications …

Today sees the official formation of the Anti-Malware Testing Standards Organization (AMTSO) which has come about following an industry wide concern about the lack of any real-world standards that apply to anti-malware solutions when it comes to testing. Why is this important? Because unless the testing methodologies used to evaluate anti-malware are doing an effective, and consistently so, job then the product reviews that end up in magazines and published on the web are going to be incomplete, inaccurate and sometimes simply misleading. This has become an increasing pressing problem to address as anti-malware solutions become ever increasingly complex themselves in order to best secure systems against the maturing malware threat.

AMTSO itself is purely focused on addressing this global need for an improvement in the objectivity, quality and relevance of these testing methodologies, and as such is looking to promulgate universally adopted standards and guidelines. AMTSO promises to:

• Provide a forum for discussions related to the testing of anti-malware and related products
  
• Develop and publicize objective standards and best practices for testing of anti-malware and related products
  
• Promote education and awareness of issues related to the testing of anti-malware and related products
  
• Provide tools and resources to aid standards-based testing methodologies
  
• Provide analysis and review of current and future testing of anti-malware and related products

As Andreas Marx from the highly respected AV-Test.org site says "well executed and comprehensive tests will light the way to better products …

One of the biggest takeovers that the corporate world has ever seen could be on the cards now that Microsoft has confirmed an acquisition bid for Yahoo! According to various reports online it had already made what moves towards what it says were negotiations for a 'friendly takeover' late last night but this was flatly rejected by Yahoo! Mind you, $44.6 billion doesn't sound too unfriendly to me it has to be said, and that's what I understand Microsoft is offering in terms of cash and share options for the business.

The offer values Yahoo! at around $31 per share, which represents something in excess of a 62% premium compared to the Yahoo! closing price last night. Although pre-market trading this morning did witness Yahoo! shares jumping a none too shabby 56% off the back of the news, which is $10.71 in real money. Not bad for a business which earlier in the week had announced job cuts of 1000 and an overly cautious fourth quarter earnings report. Indeed, before the Microsoft interest Yahoo! had slipped from having a market cap of more than $100 billion only eight years ago to just $25.6 billion last week. By contrast, Microsoft has generated revenue growth of 15%, earnings growth of 26%, and a return on equity of 35% on average for the last three years. Microsoft's share price has generated shareholder returns of 8% during the last one year period and 28% during the last three year period.

In a …

A specialist mobile software management company, Red Bend Software, has today announced what it claims to be the first Linux based mobile phone complete with fully over the air customizable software. The breakthrough has been made possible by partnerships with companies such as Digital Airways, Opera, Synchronica, Trolltech and Zi, and has been used to showcase the deployment and updating of applications using the Red Bend vRapid Mobile technology concept.

The handset itself is not actually available to purchase though, but remains firmly in the realms of concept fantasy. Red bend refer to it as a MAST, short for Master key, which is meant to symbolize the milestone of open access updating during the life-cycle of the device. MAST is based on the Trolltech Qtopia application platform for Linux and is implemented on Trolltech's Qtopia Greenphone. The Synchronica Device Management Server provides the device management server connection from which software is provisioned in a secure and reliable manner using the Open Mobile Alliance (OMA) Device Management protocol. If you want to get hands-on with the MAST phone then you'll have to wait a couple of weeks until the Mobile World Congress in Barcelona where Red Bend will be demonstrating it live between February 11 and 14.

It could be worth the wait, especially if features such as being able to update the Opera mobile web browser without needing to update the entire firmware image, and enabling network operators to customize a generic handset and promoting services …

A CIA analyst speaking at the SANS 2008 SCADA and Process Control Summit in New Orleans has admitted that hackers have not only been able to penetrate the power grids of several countries, but also successfully cut power to several cities, all from the relative safety of the Internet.

Central Intelligence Agency analyst Tom Donahue was quick to point out that all the attacks were external to the United States, but not so quick to provide specifics of the incidents. According to reports Donahue claimed the objective was simple criminal extortion rather than being driven by a terrorist agenda. Conference organisers, the SANS Institute, posted a statement by Donahue which stated that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet." The SANS Institute added that according to Mr Donahue the CIA "actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure."

According to Brian Contos, Chief Security Officer at Arcsight which is an active member of all these cybersecurity consortia, there are a whole host of projects underway in the US to ensure that such penetration of national infrastructure utility services is made as difficult as possible:

• Project LOGIIC has …

The Fortinet threat response team has reported a new and malicious Symbian OS based worm that is currently actively infecting mobile phone networks. According to Fortinet, the worm comes packaged in disguise as a multimedia file with a name such as sex.mp3 or love.rm and enables it to easily con the average mobile phone user into installing the software onto their handsets. The SymbOS/Beselo.A!worm, as it has been none too snappily named, can exist on several different Symbian S60 enabled devices including popular Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets.

Once installed, the worm gets to work harvesting every phone number contained in the handset address book and then starts to systematically target them with a viral MMS carrying a SIS-packed (Symbian Installation Source) version of the worm in order to spread itself. Of course, like all such malware the worm does more than just that. It also sends itself to other numbers which so far have all been found to reside in China. Fortinet is still investigating the purpose and nature of these calls.

Let's not get too carried away with this though, Fortinet admits that the prevalence of this mobile malware is "still low" and users can fairly easily check their message outboxes for unrecognised entries which would hint at infection if they are at all worried.

Of course, Fortinet would also argue that installing the FortiClient Mobile antivirus on the handset would automatically detect and remove the worm, …

Nokia recently undertook a survey of consumers in emerging markets and exposed a new trend: mobile phone sharing. Apparently, more than 50 percent of those surveyed in India and Pakistan, plus almost 30 percent in Vietnam, either already share or would be willing to share the use of their mobile phone with family or friends. Alex Lambeek, Vice President of Entry Devices with Nokia does not as the name suggests deal with doorbells, but rather the lower end of the handset product line. Lambeek reckons that phone sharing is a logical trend in the less mature markets, saying "more and more families are purchasing a mobile phone for the entire family to use, not just the head of the household."

In response, Nokia has announced a handset that is made to share. Literally made to share, from the ground up. The Nokia 1209 really goes the whole 9 yards as far as sharing is concerned, by offering cost management features built in so as to add to the ease and convenience of dividing up a mobile phone between more than one person. Cost management features include the pre-paid cost tracker application to keep tabs on who has been spending what on calls. I also rather like the multiple phone- book idea, allowing up to five people to store personal contact details and up to 200 numbers on a single phone.

Although the trend might well be in emerging countries only at the moment, and Nokia is targeting the …

Many years ago, during a press visit to Microsoft HQ in Seattle, I was given relative freedom to wander around the Redmond campus. Of course, there were some areas that were strictly out of bounds. Areas like the one which was entered via the 'Cryogenics Lab' door for example. At the time I thought it a little odd that Microsoft should be investing in cryogenics, but wrote it off as the kind of thing you can get your company to play with when you are the richest man on the planet.

More recently, in 2004 to be precise, I noted with some interest that Microsoft had filed a patent (number 6754472 if you want to go and look it up) which covered an unusual method for transmitting both power and data to devices worn upon the body. This particular patent took the notion of wearable computers and personal area networks to a new level though, because it furthered the concept of creating a virtual keyboard on human skin.

Ever since, I have taken something of an interest in Microsoft patent filings. Everything from ergonomic keyboard navigation design through to the act of tabbing your way through a web page. But a story in The Times yesterday really stood out for all the wrong reasons. Microsoft seeks patent for office spy software, the headline screamed, with the article beginning as it meant to go on with "Microsoft is developing Big Brother-style software capable of remotely monitoring a …

I updated on the day of release, like thousands of others I suspect. I have no regrets as it does make the iTouch a much better device all round IMHO.

However, I did barf a little at the cost (£12.99 in the UK which works out to around $25) as you just know that in a few months, or maybe a year, it will be Apple caving and making the update available as a freebie.

I have not even been tempted by the jailbreak stuff, simply because there is no compelling software out there to make me void the warranty.

In an attempt to wean her students off of what she calls ‘white bread for the mind’ one University of Brighton professor has banned her students from using either Google or Wikipedia in their research for the first year of study. Instead, in what many will consider a neo-Luddite move, they get given a selection of some 200 peer-reviewed printed text extracts as research material.

The professor of media studies is no newbie, looking to get noticed, either. Tara Babazon has been teaching at university level for no less than 18 years. But an article in The Times suggests that Brabazon thinks the ‘University of Google’ is producing a generation of students ill equipped with the skills they require to be able to interpret and filter online information, a generation reliant upon unreliable information and with no true sense of academic curiosity.

Continuing the white bread analogy, Brabazon insists that “Google is filling, but it does not necessarily offer nutritional content.”

Of course, Brabazon is not alone in believing that the Internet has created a flattened expertise research facility where every personalised truth appears as equal and as valid as the next but in reality most are at best unsubstantiated opinion. What she is suggesting is that students need to be taught how to think, in a dynamic and critical sense, before they Go Google. The argument being that in the pre-digital education research age this ability to think about information was less critical as …

Read beyond your own prejudice of my opinion and you might see that this posting is simply saying that the situation is very unclear at the moment. The Gates Foundation comment is regarding educational programs not dual booting of the OS...

CES always provides plenty of great news, and plenty of juicy gossip, but I love it best when it mixes the two and you end up with a nice big fight. This would appear to be what is happening right now after the One Laptop Per Child (OLPC) project announced that it and Microsoft were working to develop a dual-booting, Linux and Windows, version of the cheap and cheerful laptop for third world kids. Nicholas Negroponte, OLPC chairman, has been quoted as saying "We are working with them very closely to make a dual-boot system so that, like on an Apple, you can boot either one up. The version that's up and running of Windows on the XO is very fast, it's very, very successful. We're working very hard to do both."

Which is great news, as you can currently buy an OLPC laptop with a Fedora distro installed, and there is a version of Windows XP available that will run on it as well, but the two together would obviously make things much simpler within this particular marketplace where cost and clarity are everything.

Unfortunately, Microsoft is not playing ball and has issued its own statement which brings the clarity of mud (or should that be fud) to the situation:

“While we have investigated the possibility in the past, Microsoft is not developing dual-boot Windows XP support for One Laptop Per Child’s XO laptop. As we announced in December, Microsoft plans to …

Yes, in a bizarre twist and turn of fate, the original bad boy of illegal MP3 downloads which then went legit and hooked subscribers into music with Microsoft's digital rights management system has changed tack and announced it is to sell MP3 format tunes. So, OK, maybe not a real return to its roots as you will notice that I said sell, rather give away in a free file-sharing spree.

Still, as a major online music retailer these days the fact that Napster is dumping DRM has to be good news for the consumer. DRM, for those who may not know, prevents the purchaser of a music track from being able to copy it between devices, make multiple backup copies or share the music with friends. Not so hot in a digital age where people have several different devices upon which they might expect to be able to listen to the music which, after all, they have paid for.

Napster are not alone in seeing the bigger picture, as EMI started offering DRM free tracks as an option as long ago as last April via iTunes (although at a higher cost, supposedly because they were of a better audio quality) and Universal is also tinkering with various tracks being free of this copy protection although it's a long way from deciding if this is the future of its back catalogue or not.

Napster itself, despite the announcement, is waiting a few months before starting the DRM free …

He owns it. The wall is part of his business property, Banksy just happened to pitch up and put his piece upon it...

There have been some odd items for sale on eBay over the years, but a million pound wall has to be amongst the most bizarre.

The wall itself, of course, is not the reason for the high Buy it Now price tag. That can be accounted for by the graffiti upon it which happens to be a piece by that rising star in the street art world, the guerrilla artist Banksy.

The wall, and the work of art, is situated on the world famous Portobello Road in London and is currently protected by a perspex covering, one assumes to prevent either jealous rival graffiti artists from damaging it or the local council from washing it off.

According to the seller, mobolajimedia, the painting was done during a busy Sunday morning with the Portobello market in full swing. Banksy turned up, erected a huge scaffolding and started painting under the cover of a large blanket. Within a few hours the piece, featuring an artist painting the name Banksy upon the wall, was complete.

You can view the item yourself, either on eBay itself or by popping down to 274D Portobello Road, London W10 if you happen to be in the vicinity.

Funnily enough, the £10,000 reserve price has not yet been met, let alone that absurd £1 million ($2 million) Buy it Now valuation. Could it be that people are not really that interested in a wall with some graffiti on, or maybe it's …

I have not actually played with the W910i so cannot really comment.

Kaspersky Lab has published its list of the most prevalent viruses for the end of 2007, and although an email worm retains the top spot the more interesting stuff is happening immediately below it in the rankings of shame.

Specifically, the second, fourth and seventh places which are all occupied by variants of the Trojan-Downloader.Win32.Diehard. The .dc modification of this Trojan dropper only appeared for the very first time on 21st December, yet on some days in December it proved virulent enough to account for some 80% of all the malicious traffic seen in email by Kaspersky users. Droppers are particularly worrying, because these deploy the Trojan components that are required to control computers in order to send spam. Think the Warezov family of worms that were so successful during the course of 2007 and you are not far off the mark. In fact you are bang on it, as the Diehard Trojan does pretty much exactly the same thing.

Of the entire top ten viruses on the list, eight are new entrants. The first time this many newcomers have dominated the list for the longest time. A Kaspersky spokesperson said "these trends threaten to provoke significant changes in mail traffic in the near future. Contrary to predictions, Trojan programs and phishing attacks are ending up near the top of the table more and more frequently. Classic email worms re-enter the rankings, then disappear again, creating a backdrop for the real battle which is taking place. …

The title poses a question which the article answers, standard journalistic practise.

Things are not looking good for KDE, following the news that KDE will not be getting long term support (LTS) whereas GNOME will according to Canonical. The Hardy Heron will be assured of LTS status it seems, making Ubuntu 8.04 the second version of this Linux distro to get the Canonical commercial blessing. The decision would appear to be a simple commercial one, after all GNOME is far and away the most popular when it comes to downloads. Mark Shuttleworth, Canonical CEO, reckons it accounts for around 65% of all Ubuntu downloads. So where does this leave the other 35% who are loyal to KDE?

The leader of the Ubuntu Desktop team at Canonical, Scott James Remnant, has admitted that KDE 4 will not be stable enough to support for the term of the release. Posting to the ubuntu.com mailing list, Remnant states “I've not seen anybody who believes that this would be the case; a long-term supported release would have to be based on the stable KDE 3.5 series.” He goes on to admit that Kubuntu 8.04 comes at what is described as being a “difficult time” in the KDE release cycle, citing the arrival so soon after a major release of the platform to substantiate the claim. The support issue becomes even cloudier when the question of whether a bug in KDE 3.5 will receive upstream support as far ahead as March 2011. Remnant suggests that in order for Canonical to make such …

According to security researchers at BitDefender a new Trojan has been discovered which hijacks text based Google adverts and replaces them with ads from a totally different provider. Trojan.Qhost.WU acts by modifying the infected computers' Hosts file to include a line which redirects the web browser from the expected .googlesyndication.com IP address to another which ensures that the browser gets its ads served from a completely different place instead of Google.

"This is a serious situation that damages users and webmasters alike," said Attila-Mihaly Balazs, a BitDefender virus analyst. “Users are affected because the advertisements and/or the linked sites may contain malicious code, which is a very likely situation, given that they are promoted using malware in the first place. Webmasters are affected because the Trojan takes away viewers and thus a possible money source from their websites.”

Google has acted to cancel customer accounts that display ads which redirect users to malicious sites or which violate Google software principles within advertising, but this Trojan would seem to criminalise victims twice: they get the double whammy of serving up potentially malicious adverts and face being booted off of Google as a result.

A Google spokesperson has stated that it works hard to detects and remove sites which serve malware in the ad network, adding “we have manual and automated processes in place to detect and enforce these policies."

With Xmas fast approaching, one almost expects the unexpected. It would not come as a shock, for example, if a clip of a dancing cat were to be the most viewed video on YouTube this month, or for that matter one of some rather pathetic Harry Potter puppets, or even Britney Spears singing. Indeed, all of these clips feature in the top five, with millions of downloads. Yet none of them are at number one, this honour is currently reserved for a video of the Ubuntu Linux distribution being downloaded.

Yes, you read that right. And no, there is no catch. The computer doing the download does not explode, Tux the penguin does not start singing half way through, and there are no naked ladies involved. It is, pure and simple, just a video of Ubuntu being downloaded using the UseNeXT client. What's more, as I write this, it has been viewed almost 4 million times in December! The High School Musical blooper real can only claim 1.7 million views this month, Ubuntu Linux being downloaded hits 3.98 million.

So just what exactly is going on?

The blame would appear to lay with the UseNeXT download client itself, or rather the people behind it who have offered a $1000 prize to the person who can make a YouTube video showing the fastest download of the distro using the client. Under the banner Usenet Download World Record the guantlet would appear to have been well and …

According to Airwide Solutions, which is well placed to comment on such matters as it is a provider of mobile messaging infrastructure amongst other things, the SMS (short message service) we all better know as text messaging will hit record highs on New Years Day.

In fact, you can think of January 1st 2008 as being the SMS Text Olympics. But who will the winners be?

Well, according to the bean counters at Airwide at least, the US is expected to hit a staggering 730 million messages sent on the big day while the UK will put in a credible performance of 280 million messages or put another way, 4.6 texts per capita!

The gold medal candidate has to be China though, despite the official Chinese New year not happening until later in the year. However, Airwide estimate that SMS volumes for China will be the usual daily figure of, wait for it, 1.6 billion texts sent.

Switzerland sends seven times as many messages on New Year's Day than average, making it the best at texting greetings to family and friends, and is expected to hit 75 million messages. Belgium looks like doubling its previous best New year figure and sending 46.7 million texts, while the Czech Republic is predicted to tap out 55 million.

The French send a healthy 55 million messages on New Year's Day, but that is actually just a normal day for them. Which either means that as a …

Although it could be argued that your average fanboy has already got the present they wanted this xmas in the continuing growth of Linux in terms of both actual deployment and media popularity, or maybe the arrival of the Linux server for Unreal Tournament 3 or even the fact that the BBC iPlayer is now Linux compatible. But no, believe me, when they see the dancing plastic penguin that announces the arrival of new email all that will change.

Anyone into weird and wonderful geeky gadgets will probably recall the manic WiFi rabbit that was Nabaztag and which could tell you when you had new email by waggling his ears or read you the contents of a live newsfeed for example. Well now Linux users have got their very own version in the shape of the Tux Droid which promises to kick some robotic robot ass.

Tux Droid is essentially an open source version of Nabaztag so there are no subscription fees, and the software used is totally customizable should you wish to make it do pretty much anything you like. Oh, and as the name suggests, this is no manic rabbit but rather a large and intelligent plastic version of the Linux mascot, Tux, itself.

Suitably enough, the Tux Droid does not work with Windows so you'll need to be a Linux fanboy already and have a free USB slot to stick your small plastic fish in. This …

It has long since been argued that continued exposure to something over a length of time will reduce the shock value of whatever it happens to be, from violence in movies to swearing in public. Now according to a report researchers at the Brigham Young University have suggested that the availability of 'pocket porn' via the Internet and mobile phones has led to a sea change in how women react to pornography.

The full study is to be published in the Journal of Adolescent Research in January, but enough detail has been leaked ahead of publication for us to know that most of the young women surveyed for the study did not use porn themselves, or at least did not admit to it, but an astonishing half did say that in their opinion the viewing of x-rated material was a perfectly acceptable way express sexuality. This compares with only 20 percent of the mothers of those women agreeing with them, although perhaps predictably 37 percent of fathers did.

Researcher Jason Carroll and his team spoke to more than 800 students in all, and in an interview with USA Today he revealed that the easy availability of adult images and explicit video content not only on the Internet but also via wireless technology, especially mobile phones, could be a significant factor. Something Carroll refers to as living in an "age of pocket porn."

Of course, the real lack of surprise comes when you look at how …

Opera Software ASA, the company behind what used to be the alternative web browser of choice until Firefox came along and changed all that, has urged Microsoft to give consumers a genuine choice of standards-compliant browser clients. It has filed an official complaint with the European Commission which describes at some length how, Opera claims, Microsoft is "abusing its dominant position by tying its browser, Internet Explorer, to the Windows operating system and by hindering interoperability by not following accepted Web standards."

Opera has requested the Commission to take the necessary actions to compel Microsoft to give consumers a real choice and to support open Web standards in Internet Explorer. Specifically, it has asked the Commission to implement two remedies:

1. To obligate Microsoft to unbundle Internet Explorer from Windows and/or carry alternative browsers preinstalled on the desktop.
   
2. To require Microsoft to follow fundamental and open Web standards accepted by the Web-authoring communities.

The complaint goes on to insist that Microsoft adheres to its own public promises to support such standards rather than "stifling them with its notorious Embrace, Extend and Extinguish strategy." Opera says that Microsoft's unilateral control over standards in some markets creates a de facto standard that is more costly to support, harder to maintain, and technologically inferior and that can even expose users to security risks.

According to Opera CEO Jon von Tetzchner "we are filing this complaint on behalf of all consumers who are tired of having a …

Have jumped in and corrected the typo...

Nochex has been providing secure online payment services to small and medium businesses in the UK ever since 2001. It seems to take security seriously, as anyone dealing with your money should, with encrypted data transfers, encrypted data storage and servers at the same highly secure location as used by many high street banks. Unfortunately, the security chain seems to have a link missing when it comes to common sense and the type of confidential customer information that any identity thief would be drooling over the prospect of getting hold of.

The problem was revealed to me by an understandably annoyed customer who had set up a Nochex account some years back and then not used it for the longest time. Finding himself with a need to make a Nochex transfer of funds, said customer tried to log in but could not do so as his account had been deactivated through lack of use. Now that, I would argue, is a good thing. Dormant accounts are a security risk in and of themselves, ask anyone who has stopped using eBay for an extended period only to come back and discover the account has been hijacked by fraudsters trading on the account holders previous good reputation. If the accounts were deactivated, such fraud would not be possible.

Getting back to Nochex, the customer did not have a problem with the account deactivation nor the fact that to reactivate it a form had to be downloaded and completed. …

I guess that's another way to cash in on open source projects the eBay way though :)

Whenever I see a press release that includes words such as monetize, world's largest and unique position I have to admit I get a sudden urge to reach for the delete key. However, on this occasion I decided to read on simple because it came from the direction of SourceForge.net and concerned the opportunity to monetize open source software. Not that I am 100% convinced that this is as close to the heart of the open source developer as some pundits believe. That said, if anyone can produce the necessary software alchemy then it has to be SourceForge.net, occupying as it does the lofty position of the world's largest web site for open source development and distribution.

The newly launched SourceForge.Net Marketplace promises to provide a familiar environment in which technology professionals can buy and sell support and service for open source software. Familiar because it follows an eBay-alike concept, with sellers being able to set their own pricing levels, determine their own support levels and define their own service types. To further add a little eBay sprinkle into the marketplace mix, there is also a reputation system which gives buyers and sellers the ability to rate the transaction after each and every sale. Interested buyers can even pay the seller by PayPal.

That's where the eBay analogy ends though, because listing services on SourceForge.net Marketplace does not actually carry a fee at all, at least not at the moment. …

According to John Lilly, the Firefox web browser has 126 million unique monthly users. A figure extrapolated from an Active Daily Users number of 48 million, itself a massive increase on the 23 million ADU figure from this time last year. So who is John Lilly and why should we take any notice of his figures? Well, Lilly happens to be the Chief Operating Officer at Mozilla and the figures have been reached by analysing statistical data from the Firefox browser update service logs.

Lilly admits that the various browser market share reports, while having value are subject to different biases. "The most basic issue is that there's no way to really represent the complexity and the dynamism of the global Web - it's just too big, with too many things changing too rapidly" he says. So you get a global share reported at the top end as high as 36%, while Mozilla itself seems happy with a consolidated share garnered from numerous data reports at somewhere in the region of 20%. The problems of measurement are magnified by the metrics used, many of which happen to be in page views. "As hard as it is to get an accurate read on worldwide traffic numbers for Firefox" Lilly comments "it's even harder to figure out the relationship between page views and users. We have some intuitions here, supported by anecdotal evidence, that Firefox users look at more pages and do more searches than typical users, but nothing …

Rewind to London in 1850 and the first public toilets which required users to insert a coin to gain entrance were born, along with the phrase ‘to spend a penny.’ Fast forward to 2007 and Londoners can now spend 25 pennies to use a cellphone operated, location based, SatLav service that has just been introduced in the West End by Westminster City Council.

The shopping capital of Europe, London’s West End includes such famous places to do some retail therapy as Oxford Street and Regents Street and can boast world renowned shops such as Harrods. With crowds guaranteed at this time of the year, being able to quickly locate a loo might not be high on the list of priorities for most shoppers – until they need to quickly locate a loo that is! Unless you have a portable GPS satnav unit complete with a public lavatory location Points of Interest file pre-loaded, the term desperate housewives could take on an altogether new meaning.

Which is where Westminster City Council and student Gail Knight enter the fray. Gail won a design innovation competition sponsored by the council with her SatLav concept. Using the ability of a cellphone network to know where the caller is, or at least in which network ‘cell’ the call is originating from, the system can quickly let them know where the nearest public toilet to them happens to be. All the user has to do is send a SMS text message containing …

The annual Virtual Criminology Report, published today, warns that international international cyber espionage is set to be the biggest single threat to national security next year. Right there on the front line of this cyber cold-war is China, according to report authors McAfee. However, that is just the tip of this particular security iceberg as McAfee claims that some 120 other countries are also jumping on the web espionage bandwagon.

Primary targets include critical national infrastructure network systems with electricity, air traffic control, financial markets and Government computer networks taking centre stage. If any of these systems were successfully penetrated the consequences at national level could be devastating, highlighting the need for tightened virtual security according to McAfee which, of course, just happens to be in the business of providing virtual security solutions.

Dr. Ian Brown from Oxford University and Professor Lilian Edwards from the University of Southampton, consulted with more than a dozen security specialists at institutions such as NATO, the FBI and SOCA to arrive at key findings which include:

• Governments and allied groups are using the Internet for web espionage operations
  
• Many cyber attacks originate from China, and the Chinese have publicly stated that they are pursuing activities in cyber-espionage
  
• Cyber assaults have become more sophisticated in their nature, designed to specifically slip under the radar of government cyber defences
  
• Attacks have progressed from initial curiosity probes to well-funded and well organised operations for political, military, economic and technical …

A proposal from the French Ministry of Culture could hit online music and movie piracy very hard with a very big stick if it goes ahead. In addition to the existing law, introduced only last year, which made unauthorised file-sharing a criminal offence carrying a 30,000 Euro fine and up to six months in prison, the new proposals seek to kick pirates off the Internet altogether.

Along with other measures such as the watermarking of digital content, the Ministry of Culture plans include the controversial concepts of monitoring and tracking the movement of those watermarked files and the people who move them. A registry would be created to log those users accused of piracy by the copyright holders, and following official investigation a three strikes and you are out system will issues two warnings and finally forced termination of the ISP contract.

Unsurprisingly, the government plans have been warmly welcomed by the French media industry which is keen to implement the watermarking system. I understand that agreements have already been signed with TV channels, film makers and ISPs to this effect. For its part, the French government will set up a new agency to monitor Internet traffic and deal with the complaints process. French president Nicolas Sarkozy said of the deal "We run the risk of witnessing a genuine destruction of culture" adding "The Internet must not become a high-tech Far West, a lawless zone where outlaws can pillage works with abandon or, worse, trade in …

Although the Linux Foundation 2007 Desktop/Client survey does not actually finish until the 30th November, there would seem to be little point adding your opinion to the thousands who have already done so as the results appear to have escaped. The web is already buzzing with reports that participation levels are twice as high as last year, more than 20,000 people are said to have taken part so far. Cutting to the chase, it seems that most people who want to take part have done so as the numbers have tailed off significantly. Enough, in fact, for the Linux Foundation to have started crunching numbers and inevitably those numbers have leaked out.

So we can say with some confidence, for example, that 35.8% of those taking part were from the US while the majority were based in Europe. We can reveal that Linux is most popular in the SoHo market where there are less than 100 machines (usually a lot less) which equates to some 68.4% of Linux desktops according to the leaked figures. Interestingly, the majority of people are not using Linux desktops exclusively, with a fairly high 59.6% admitting they have Windows installations on more than half of the PCs they use.

When it comes to Linux though, people cannot make their minds up as regards which distro is best and most respondents have more than one desktop installed. The survey suggests that Ubuntu rules the roost with 54.1%, closely followed by Red Hat …

Tin Can Tools has announced a new fully functional embedded Linux platform in the shape of a 40-pin DIP package. The Hammer board, based upon the Samsung S3C2410 ARM920T processor, is designed from the ground up to be very modular and easy to interface. Tin Can Tools suggests it is ideal for developing embedded applications such as web-enabled appliances, robotics, process control and remote monitoring. Unlike most single board computer (SBC) solutions, the Hammer CPU board fits into a standard 40 pin DIP socket which means it can be quickly interfaced to using standard 0.1 inch center prototyping tools.

Preloaded with an open source bootloader, Linux 2.6 kernel, and a uClibc/Busybox based root file system, it also carries an open hardware design advantage. OK, so the hardware design side of things has not been made available under the GPL, but the schematics and other design files are available according to Tin Can Tools.

The 0.75 x 2.25 inch, $160, Hammer integrates its 200MHz ARM920T core with a MMU and 16KB of instruction and 16KB of data cache, plus 16MB of NOR flash soldered onboard.

The full hardware specs are:

• Microprocessor ( CPU ): S3C2410A - Samsung (200 MHz)
• ARM 920T core with Cache (16K+16K) and MMU
• Main Memory: 32MB SDRAM (16M x 16 bit, 100MHz)
• FLASH : 16MB NOR Flash
• Peripherals available:
• 2 UART’s (also supports IrDA)
• 1 I2C
• 2 SPI’s
• 2 16-bit Timers/PWM’s
• 1 8-bit LCD Interface + control signals
• 1 USB Host …

The University of Miami in the US has got together with the University of Dundee in Scotland to work with IBM on a project to develop open source software designed specifically to address the needs of older people, and help them to adapt to and remain productive in the 21st century workplace.

While I can certainly see that workforces in many developed countries are aging, and at the same time the pool of available younger workers is often shrinking fast, I am not convinced that the answer to lost skills and knowledge as this older workforce retires sits with software, open source or not.

IBM argues that as the trend towards a retiring work population continues as we approach the end of the decade, companies can use the opportunity to innovate and gain a competitive advantage by "ensuring skilled older workers have the tools they need to be effective and by offering advantages to promote retention." One way to do this, IBM continues, is "to support maturing workers who have age-related disabilities is to find new ways to increase their comfort level and ability to use technology."

"IBM strives to aid companies in developing solutions to accommodate the maturing workforce, as well as prolong and increase productivity" Dr. Vicki Hanson, Manager, Accessibility, IBM Research told DaniWeb. OK, all well and good but just how does the Open Collaborative Research (OCR) program help? Quite apart from the fact that I find the acronym confusing seeing as it already …

I have two mobile phones. One is purely for personal calls and so that number is only known to my family and closest friends. The other is purely for business calls, the number is printed on my business. A couple of times last week I received what are known as silent calls: telephone rings, you answer, nobody speaks and the line drops after a brief whirring and clicking. It used to be the case that most silent calls could be put down to embarrassed types who had mis-dialled. These days they are much more likely to be a precursor to spam.

That business cellphone of mine is only switched on during the hours I am working on any particular day, mainly as I don't want to be pestered by business calls on those very rare occasions when I am taking some time off. The day after the last of those silent calls hit me I took one of those days off, or at least the 'office hours' part of one. Deciding to get an hour or so of work in the bag later that evening I switched the phone back on expecting to see a missed call or three, maybe a few texts. There were those, but there were also a bunch of missed call notifications from the same 0800 number. Having Googled the full number, I am glad I was not around to take the call. It seems that this one belonged to a well known marketing company …

Back in May, I broke the story on DaniWeb in this very blog of how the online application facility for UK visas was not only insecure, but that it had potentially been so for years. The company concerned, VFS Global, which operated the visa online application form filing service on behalf of the UK government in India and other countries, had such Mickey Mouse security in place that anyone could easily get hold of the full application form information of anyone who had made such an application. That's anyone as is terrorist, identity thief, innocent applicant stumbling across the information or even an investigative journalist. The story quickly gathered momentum, and featured as the lead on Channel 4 News in the UK after I brought it to their attention and aided with the investigation.

Today, the UK Information Commissioner's Office (ICO) has found the Foreign and Commonwealth Office (FCO) in breach of the Data Protection Act following an investigation into that application facility security fiasco.

This follows on from an independent report, instigated by the UK Foreign Secretary at the time, and conducted by Linda Costelloe Baker in June which concluded that the VFS operated online application system should not be re-opened. Indeed, it has remained closed ever since I first brought the security problem to light back in May.

I alerted the ICO the very first day that the security breach became clear, following my own 'testing' of the database …

Firefox ticks many boxes, but the one big cross it has had to bear over the years is the memory leakage problem that many users have experienced. Here's how it works: user has Firefox browser open and visits websites, Firefox slurps up some system resources, user continues to keep Firefox running, Firefox continues to slurp up ever increasing amounts of precious system resources. Well, that has been the allegation at least, and one which Mozilla has been long at pains to deny. Whenever the subject has cropped up, the official response has always been that there is simply no significant memory leakage with Firefox or anything else that uses the gecko engine for that matter thank you very much.

Until now.

At long last a senior figure in the Mozilla hierarchy, Christopher Blizzard who has not only contributed much to the Mozilla project as well as holding down his full time job of a systems engineer and open source developer at Red Hat but also sits on the Mozilla Corporation Board of Directors, has admitted that there is a problem after all. Writing in his blog Blizzard claims that because Mozilla is looking at the mobile space, where memory issues become ever increasingly important, "we are spending time looking at memory pressure issues more closely."

It is not all change when it comes to the Mozilla line though, because Blizzard still denies there is any significant memory leakage, instead blaming memory fragmentation instead. "I know …

My beef is that I can do all these things without paying over the odds for the iPhone which, with the possible exception of playing music, does all of them less efficiently than existing handsets which have been around for a while.

For example, I have been using a T-Mobile MDA Vario III (rebadged HTC TyTn) for what, 18 months now. The handset came free on contract, for my £30 a month I get more texts and more minutes than the equivalent O2 iPhone contract in the UK (which, by the way, costs significantly more if you use an iPhone than the same O2 plan would with any other handset - yet more evidence of it being a rip off in financial terms), my web browsing is via a super fast HSDPA connection, I get a decent screen, decent browser, decent hardware keyboard, it runs the business apps I need, it has a camera (including flash) and as I say - this is an 18 month old device. Oh, and it has a touchscreen as well...

If you look beyond the design, and there is no denying that Apple have got something that is truly beautiful to look at, the iPhone really is not that innovative, new or exceptional - it is just over hyped, over priced and over here :)

Elven fingers, not eleven :) Perhaps I was getting at the fact that Apple must be away with the fairies if it thinks I am buying an iPhone right now.

The Internet browsing issue is important for me, as I do a lot of it on a mobile phone. Having got used to the speed of a HSPDA connection, dropping back down to a GPRS one is not to my liking. It isn't that it is slow, but slower than the competing mobiles at the top end of the market that is the problem.

I've used an iPhone, and really cannot get on with the virtual keypad I am afraid. I like a keyboard I can use without having to rely on software to guess what I mean to say :)

So the Apple iPhone has finally gone on sale in the UK, with hundreds of fans queuing at the Apple store in London's Regent Street to be one of the first customers for what has become known here as God's Own Phone as it does everything, according to the fanboys including much of the media which would be equally excited if Apple launched an iToilet it seems to me. Staff at the store applauded the first customers through the door, as well they might considering the cost of this particular piece of over-hyped hardware.

I was not amongst those customers, nor will I be in the foreseeable future. Here are my top 5 reasons why I won't be buying an iPhone:

Cost. Although the £269 ($562) price for the handset alone is bad enough, this pales into insignificance when you start looking at the total cost of ownership. The minimum network contract for the iPhone in the UK is 18 months, with some deals requiring a full 2 year lock-in. The monthly contract cost varies between £35 ($73) and £55 ($115) which means that in total it will cost me a minimum of £899 ($1890) to own. That is a lot for any phone, considering that most handsets come free on contract in the UK and my 500 texts, 500 minutes and all the Internet data I can eat deal costs me just £30 ($62) per month or £360 ($752) over the course of the 12 …

Ahead of its unveiling and hands-on demonstration at the TechEd: IT Forum in Barcelona, Spain next week, Microsoft has announced that Centro will be officially known as the Windows Essential Business Server.

With something in the region of 1.4 million mid-sized businesses around the globe, it does not take a genius to appreciate that their needs are not only varied but often unique. Yet to be able to sustain corporate growth it is vital that they have access to the same kinds of powerful technology solutions that are enjoyed to such good effect by larger enterprises. Which is where Microsoft is stepping in with the Windows Essential Business Server, an integrated IT solution for midsized organizations.

Steven VanRoekel, Director of the Windows Server Solution Group at Microsoft has announced that hardware partners including the likes of Fujitsu-Siemens, HP, IBM and Intel, will support Windows Essential Business Server, and on the software side CA, Citrix, FullArmor, McAfee, Quest, Symantec and Trend Micro plan to provide "Add-In" solutions to enhance the product's benefits.

But the big question, ahead of TechEd Barcelona, remains: what exactly is Windows Essential Business Server?

VanRoekel explains that is combines the technologies of "Windows Server 2008, Exchange Server 2007, Forefront Security for Exchange, System Center Essentials, the next version of ISA Server and SQL Server 2008 into an "all-in-one" solution. With Windows Essential Business Server, IT professionals will find the acquisition, setup and ongoing management of IT vastly simplified. It provides a unified console …

Radiohead are a band which does not need to prove anything to anyone. Their seminal album 'OK Computer' is consistently voted one of the greatest recordings of all time, be it the critics or mere mortal music fans putting the crosses in the boxes. Which is perhaps why the latest Radiohead album 'In Rainbows' has not been made available through the usual channels, but rather the group have bucked the trend and challenged the music industry by making it available for free download instead.

It was not meant to be quite that simple, of course. The distribution and sales model followed by Radiohead was one of pay what you think it is worth. The consumer is asked to determine how much they want to pay for the album and can then download it for that cost, even if the value placed upon the recording is a big fat zero. The real die-hard fans can cough up the big bucks, $80 to be precise, and order a vinyl copy, a bonus CD plus assorted band goodies in a package called the Discbox if they so wish.

So, anyone fancy hazarding a guess as to what most people chose to pay for In Rainbows, according to comScore which has used its 2 million strong web user database to monitor the situation? Yep, you got it, a big fat zero.

comScore reckon that 3 out of every 5 downloaders opted for the free music thank you very much, …

You kind of get the mental picture of some chap in a bowler hat across the desk from a magazine geek:

Mag Geek: So Mr BBC Director, how many Linux users do you have?

BBC Bowler Hat: 400.

Mag Geek: How many?

BBC Bowler Hat: 97,600.

Mag Geek: Pardon?

BBC Bowler hat: Must dash, have a math class 101 in 10 minutes...

Every now and then The Register publishes a really funny news piece, and the one entitled 'Confused BBC tech chief' is a perfect example. According to the report, in an interview with UK based web design magazine .net, the Director of Future Media and Technology at the BBC, one Ashley Highfield, claimed that only 400 to 600 of the visitors to the BBC website were using Linux. That's 400 to 600 out of the 17.1 million users of the site.

"We have 17.1 million users of bbc.co.uk in the UK and, as far as our server logs can make out, 5 per cent of those [use Macs] and around 400 to 600 are Linux users" Highfield is quoted as saying.

Although it is easy to understand that actual numbers are never going to be possible to reap from server logs, especially when the browser user agent string can so easily be adjusted by users of Linux for example, it is still useful as a trend reporting device. Indeed, according to the CurryBetDotNet, the blog of a former BBC new media employee, if you go back a couple of years the BBC were saying then that Linux represented a 0.41 percent visitor share which would be over 70,000 rather than 600 max.

So what has Highfield got to say by way of an explanation?

Responding to the criticism of the figures in the BBC blog, Highfield comments …