Posts by happygeek

Although we all like to moan about the amount of spam hitting our mailboxes, the truth is that spam filtering is pretty good these days and only a tiny amount of it actually need bother us at all. Unlike all that stuff we have actually signed up for but cannot be defined as personal mail. Stuff like electronic bank statements, Facebook posting notifications, news roundups or Twitter alerts. The list goes on, and on, and on. Now this stuff has a name other than, well, stuff: bacn.

Pronounced as bacon, bacn can be described as email that you want, or at least that you have asked for, but that you don’t want to read right now thanks very much. The term appears to have been coined only a week or so ago, at a new media monetization event known as Podcamp Pittsburgh. Yet within just a few days it has spread as quickly as any meme when that particular buzzword was fancy of the week, it is almost viral in its infectiousness. Just like bacn itself, as it appears that even those of us who are already drowning in notifications, alerts and sundry opt-in email just cannot help signing up for more. After all, what is the point of online interactivity, social networking inclusion and news alert services if you don’t take advantage of the immediacy of the medium?

But that really is the problem, we are increasingly becoming addicted to information and simply cannot say …

It was only a matter of time, but the long arm of the British law has finally reached out to embrace the BlackBerry. 500 front line police officers in Bedfordshire, England have already been issued with BlackBerry devices to enable them to spend more time tackling crime and less time being chained to the desk at the police station. Another 500 are due to be equipped by early next year.

The BlackBerry handsets give the British Bobbies direct access to all relevant back-end systems such as the Police National Computer and the Police National Legal Database, as well as the forces own custom-built briefings application. This latter system provides the officers with real-time access to information and photographs of wanted or missing people, helping them to quickly and confidently conduct identifications.

Bedfordshire Police is also using BlackBerry smartphones to gain immediate, mobile access to the force's warrants database. This is a completely electronic system that delivers a warrant entered at court directly to the officer on the beat. Accessing these crucial systems remotely has enabled officers to increase their efficiency, as they no longer need to return to the station or radio the control room to access information or log their updates.

Inspector Jim Hitch is the project manager for the Bedfordshire police force, and he told us here at DaniWeb that "Officers no longer need to radio the control room for information or intelligence every time they question someone or see something suspicious."

This marks …

IT is going through a period of great change, a transition which will see organisations shift focus dramatically from technology to business processes and relationships. That's what Gartner Research Vice-President John Mahoney has told DaniWeb. He warns that by no later than 2010 as many as 50 percent of IT organisations will be refocussing on brokering services and shaping business demand, instead of delivering IT services directly. This is a huge leap from the 5 percent figure reported by Gartner in 2004. Such a fundamental change in focus will inevitably drive new styles of IT organisations and new roles for IT service businesses. Oh, and let's not forget new functions for Chief Information Officers. CIOs should be preapring to take decisions concerning the future direction of their organisational change now, not least because such changes will take at least two years to execute according to Gartner.

Mahoney, who will co-chair the 'Transformation of IT - CIO Summit' during September in Barcelona, Spain reckons that at least 50 percent of large IT organisations will divide into two distinct parts by 2012, one focused on technology sourcing and delivery while the other concentrates on architecture and change. “CIOs need to lead transformation and to adapt their own roles as they do so. CIOs who master leadership will blend business and technology capabilities in their teams and in themselves” Mahoney commented.

In order to facilitate this transformation, CIOs will have to pursue five critical actions within the next 18 …

I suspect that Monster.com will be reconsidering how it handles user privacy issues following the bad press it is getting over this...

A Symantec Security Response posting suggests that Monster.com, the huge job hunting website, has been subject to an online attack resulting in the theft of personal data in the form of resumes of its users.

"We analyzed a sample of a new Trojan, called Infostealer.Monstres, which was attempting to access the online recruitment Web site, Monster.com" the posting reveals, continuing "It was also uploading data to a remote server. When we accessed this remote server, we found over 1.6 million entries with personal information belonging to several hundred thousand people."

Further investigation revealed that only connections to the subdomains of hiring.monster.com and recruiter.monster.com were being made by the Trojan, both subdomains used by employers searching for potential employees at the site. Importantly, this part of the site requires those recruitment personnel to log in if they want to view any information on candidates. No surprise then, to discover that the Infostealer.Monstres Trojan is using a number of recruiter logins to do just that.

Rather than being a security breach in the traditional sense, it would appear therefore that what we have here is actually a fairly sophisticated data harvesting bot in action. Once logged in it searches, using the available tools at Monster.com, for the resumes of candidates dependent upon location or business sector and parses the output from the matching profile pop-ups.

So why go to all this trouble to harvest information that …

Jeff Jones is a Strategy Director in the Microsoft Security Technology Unit, part of the team trying to make Microsoft products more secure, poor guy. No surprise that he publishes a vulnerability report on his Microsoft TechNet hosted Security Blog which always seems to suggest that Microsoft Windows is far more secure than competing operating systems from Linux vendors. What is slightly surprising, however, is that this is no died in the wool Windows guy but someone who first tasted Linux running a P66 SLS machine with end-to-end tunneling to internal office Sun servers, running X as his GUI and using an X-redirector across the tunnel. This is someone who has done kernel development on Trusted Xenix. This is a guy who knows a bit more about Linux than your average Windows OS developer.

The blog in question carries a certain amount of weight with the media courtesy of being a TechNet published one, and given the position of the poster in question. “Looking at Security from All Angles” the blog banner claims, continuing “Security is not simple, so we should try not to simplify it to the point of uselessness.”

Can’t argue with that, but I sure can argue with the conclusion drawn from the colorful graphs used to simply the security argument that Windows is hugely more secure than assorted Linux distros. The assumption is based upon research data concerning vulnerabilities that required patching, or to be absolutely precise after checking the

The blame Microsoft game is up, and Skype seems to have changed tack following the bad online press it got as a result of the original release:

"We do not blame anyone but ourselves. The Microsoft Update patches were merely a trigger for a series of events that led to the disruption of Skype, not the root cause of it. And Microsoft has been very helpful and supportive throughout" says the same Skype spokesman as made the original finger-pointing statement...

Get the feeling that Microsoft has been kicking a few heads over this?

In one of the most incredible cases of I did not do it syndrome, eBay owned VoIP supremo Skype has denied that it was at fault over the system outage which started on Thursday 16th August and prevented the vast majority of its users from being able to login to the peer-to-peer voice network for 48 hours.

In an official statement, Skype claims that the disruption was "triggered by a massive restart of our users’ computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update. The abnormally high number of restarts affected Skype's network resources. This caused a flood of log-in requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact."

Right, so the Windows Update from the last Patch Tuesday which required a system reboot somehow is to blame for the inability of Skype's network to cope? A network, remember, that has always coped before. Patch Tuesday, and Windows user reboots, are not a new phenomena.

The truth of the matter is revealed some way further down the Skype statement, which admits that a "previously unseen software bug within the network resource allocation algorithm" prevented the peer-to-peer network self-healing function from working properly.

OK, let's run that past you again: lots of people updated their Windows OS and rebooted, this caused them to have to reconnect to Skype rather than staying logged …

Dan Meredith and Andy Golding are software engineers at Google, working as part of the News Team responsible for developing the Google News service. They might just have made one of the most important statements to come from the direction of Google for a long time.

Posting on the official Google News Blog they have announced that "Starting this week, we'll be displaying reader comments on stories in Google News."

OK, on its own nothing to get too excited about, but read on because there is a twist of epic proportions.

"We'll be trying out a mechanism for publishing comments from a special subset of readers: those people or organizations who were actual participants in the story in question."

The idea is to bring a broader perspective to the news, while retaining a level of professional objectivity. So rather than just having the report by the journalist concerned, with assorted opinion from anyone who fancies adding a comment as you find with most blogs, you will get comments only from those people directly involved with the news story itself. What's more, these comments will be published in full with no editing whatsoever.

Of course, there is nothing wrong with everybody and their uncle commenting to blog postings such as this one, it is the very nature of blogging after all. But speaking as a professional journalist myself, most comments provide no real additional value to the story itself. Indeed, they are usually (and …

A report published today by Experian suggests that for many a business we are still living in the dark ages as far as making sure customers are who they say they are. Furthermore, the Electronic Authentication: Breaking the Paper Chain report at least partly blames those businesses for the growth of ID fraud, by relying upon fraud friendly paper documents when far more reliable digital alternatives are readily available.

Looking at the numbers, 71 percent of companies surveyed claimed that ID fraud presented a significant challenge to their business yet half relied heavily on paper for authentication purposes. The break down sees 36 percent of retailers fall into this bracket, 40 percent of telecommunication companies, and most concerning of all an astonishing 70 percent of those in the financial services sector.

On the flip side, 70 percent of consumers argue that it is too easy to forge utility bills and bank statements, while 68 percent find it inconvenient having to provide such paper based documents in the first place. The dissatisfaction being greatest with the younger age groups, nearly a third of those in the 18 to 24 category have either delayed or given up on applying for a new account as a direct result of difficulties in providing the required proof of ID.

Anne Green is a fraud consultant at Experian, and she says that "it's staggering to think that today's businesses are still using paper documents to confirm a person's identity. …

The screen reader problem has been considered and many sites with a HIP/CAPTCHA filter now offer audio to read the letters aloud.

Of course, photos of kittens could prove more problematical in this regard.

Just when you think you have heard every crackpot theory for fighting the spam menace, a new one comes along that makes you sit up and take notice. How does using pictures of kittens to foil spammers grab you?

Bear with me, because the concept has some merit. Indeed, it was proposed by a researcher at the Microsoft 'Advanced Reading Technologies' group no less. Kevin Larson, speaking at the TypeCon 2007 conference in Seattle, has proposed a new twist on the Human Interactive Proofs (HIP) system best known through the CAPTCHA interface. HIP works by requiring a real human, as opposed to a computer driven spambot, to be able to identify something on screen. The human can, more often than not, quickly decipher the jumbled text presented on a patterned background, whereas the bot cannot. Or at least that used to be the case. HIP is an old technology in anti-spam terms, Microsoft has been using it for five years for example. This gives the spammers an edge, they have had time to perfect methods of getting around the protection.

Although, for now, CAPTCHA and its ilk are holding out against the spammers, the chinks in the HIP armor are starting to show. HIP systems are forever being tweaked and changed to stay ahead of the computers that are fast catching on and catching up. The clever money is on them overtaking the twisted text concept real soon now.

Larson and his group spend most of their …

There has been much online speculation about how Microsoft is going to head off the Google Apps free office software attack, much of it focusing on an advertising supported version of Microsoft Office. While this may, at some point, feature in the Microsoft strategy it is not going to appear any time soon. Microsoft Works SE9 most certainly will, in fact it is here already.

A pilot program, albeit a very small one, has been started to test the workability of the advertising supported model and Microsoft has confirmed this. The pilot is expected to last well into next year, and consist of a relatively small closed group of testers. There are no plans or the ad-supported version to be made available for public Beta testing. Just as there are no plans to make it available as a web powered or online application. According to my sources, Microsoft Works will remain firmly anchored to the desktop, it is just the revenue methodology that will change.

The concept is nothing new as such, although obviously it is a whole new ballpark for Microsoft to be playing in. Every time the user fires the software up, and an Internet connection is present, advertising content will get updated. These adverts being displayed whether you disable your Internet connection or not. Expect there to be some mechanism to prevent usage if an Internet connection to update the adverts is not made over a given timeframe.

What you cannot expect, however, is …

I think the advertising will be more screen based, in keeping with the smartphone design. After all, the plan would be that you would use this as more than just a cellphone, with Google apps at the core of the user experience.

So maybe AdWords would impact upon your texting, browsing and possibly even just appear on your main screen. I doubt that there would be any voice based advertising because, as you rightly suggest, people would not put up with that.

Although Google itself refuses to budge from the official company line of confirming or denying nothing, it looks increasingly likely that a Googlephone is in the offing. Several sources are now claiming that prototype phone devices have been touted around the US mobile carriers in recent weeks (ironically you need just go Google to reveal the details) and the Wall Street Journal has reported that hundreds of millions of investment dollars have been poured into the project.

Amongst the more interesting developments to break recently has been speculation that Google might be contemplating becoming a mobile operator itself, fueled by insider gossip suggesting it is considering a bid for radio spectrum space.

But the most interesting of all the speculation comes in the shape of reports emerging from Singapore that suggest talks with High Tech Computer (HTC) in Taiwan, manufacturer of some of the most innovative and powerful smartphone devices on the market, have reached a conclusion. Those same sources say that a Linux software based handset will be ready for launch as early as the first quarter of 2008. This could make for the ideal partnership, as the HTC handsets so far are technically advanced but somewhat let down by the somewhat unstable Windows software that powers them.

I am led to believe that T-Mobile is the most likely candidate to ship the first Googlephone in the US, with Orange taking the European market. The Googlephone itself is likely to run an as yet unnamed Linux …

Legality prides itself as being the first virtual law firm in the UK, having set up in business some five years ago now. So it seems fitting that it should be providing advice to those businesses looking to set up shop in the daddy of virtual worlds, Second Life.

Now I appreciate that this is still something of a shady area when it comes to law, no matter where you are on the planet. After all, there have already been reports of law enforcement agencies in Europe investigating such apparently absurd situations as an avatar being raped by another avatar, and even underage avatars being pimped for sex with other avatars. I use the word 'situations' rather than crime because it is far from clear that any crime has been committed in either case. An unpleasant activity, no doubt about that whichever of the two things you are looking at, but criminal? I suspect that one day we will get to the point where avatars do have rights, both moral and under the eyes of the law. But for now, that isn't the case. Well beyond the possible legal argument that as you agent, something that harms your avatar might be said to harm you, in which case there might be a case.

It's a long shot though.

There seems little doubt that when it comes to the virtual world we will see laws develop over time, as circumstances dictate. This is the natural way …

Looks like they are killing off Lonelygirl in the final YouTube 'episode' of this thing. What a shame. Not!

Remember Lonelygirl15? If you have ever been anywhere near YouTube then the chances are the answer is oh yes, or more likely oh no. This was the supposed video diary of a teenager on the run that resonated with intrigued, and often concerned, viewers around the globe. A total of 60 million hits on the videos, with an average viewing figure of 300,000 per episode.

Viewing figures and episodes? All sounds a little bit like TV doesn't it?

That's because it was. The YouTube postings and the Lonelygirl15 website was the brainchild of three twenty-something guys from California: Miles Beckett (a doctor), Greg Goodfried (a lawyer) and Mesh Flinders (A screenwriter.) Think Buffy for the YouTube generation and you pretty much have the concept wrapped up. Oh, plus the advertising, of course. Lonelygirl15 was the first YouTube video to bring product placement and advertising right into the clips on a commercial footing, with Hershey's Icebreaker's Sours Gum featuring in one episode and the Nutrogena brand covered in the plot over a two month period.

Beckett and Goodfried have moved on, and are now behind another interactive, online, mix and mash-up video drama. This time it is KateModern, commissioned by and screening exclusively on social networking site Bebo.com and aimed at a UK audience.

Plugged as a spin-off of Lonelygirl15, KateModern mixes newcomers with established stars of the UK TV scene to form a series of daily video blog …

The first interesting missive to arrive in my inbox came courtesy of the words of Microsoft COO, Kevin Turner, speaking at the July 26th Microsoft Financial Analyst Meeting 2007. Turner decided to focus his attention on Vista security, rolling out the usual 'most secure Windows operating system ever' company line as expected. Perhaps less predictable was his insistence that it was safer than both OS X Tiger and all major distributions of Linux!

Talking about high-severity vulnerabilities, Turner insisted that "in the first 180 days we've had 12 in Vista" comparing this to the 25 in XP over the same period and drawing attention to how much more sophisticated people are when it comes to exploiting vulnerabilities today. "Over that same time period, I think you should also note that Windows Vista had far fewer than Apple, as well as any major desktop Linux distributor" Turner added. As I previously stated in my blog posting here, given the resources available to them the level of security vulnerability exposure achieved by major players such as Microsoft is still way too high.

Comparing oranges to oranges, I would contend that Microsoft should stop playing the blame game and start concentrating on quicker responses, better testing and more open vulnerability disclosure. All areas where they could learn a thing or three from the Linux folk.

The second Microsoft missive to land on in my inbox was word that Steve 'Barmy' Ballmer, the Microsoft CEO, is predicting that the …

Mozilla CEO Mitchell Baker has admitted that Thunderbird is to be booted out of the Mozilla camp in order to allow “the Thunderbird community to determine its own destiny” apparently. Put through my patented BS translator this produced “Thunderbird brings us no revenue, gets a bad press whether compared to Outlook or Gmail, and anyway Firefox is our future.”

Although Mozilla has stated it is looking for a new and separate organizational setting for Thunderbird, the writing really does look to be on the wall for the client. As much as I want to like it, and have in the past praised it for daring to be different, the truth is that while Firefox has generated the revenue required to allow the Mozilla Foundation to create something that truly has the ability to shake up the browser client market (and has already done so to a limited extent), Thunderbird has stagnated into just another desktop email client at a time when people are moving away from the same.

Indeed, despite the reported 5 million users of the software, Thunderbird is increasingly looking like the Billy No Mates of the email world. And Firefox is at least to blame as it makes finding and using free web based email services that much easier and rewarding. Gmail has pretty much got the spam situation sorted, unlike Thunderbird which requires plenty of out of the box training to achieve a barely adequate level of Bayesian filter protection. The bigger …

If you were to just take weekly media reports and monthly security researcher statistics as your metric, then I suspect it would be a safe bet to suggest that you would say software security vulnerabilities are on a steep upwards curve. Furthermore, it is just as likely that given the media exposure to such events as Microsoft Patch Tuesday and the furore when Adobe or Apple announce a hole has been discovered in a high profile product, you would say that things are only getting worse as far as the big software vendors are concerned.

The thing is, when you have statistical tunnel vision it becomes very difficult to see the bigger picture. But that panoramic view, surveying the software vulnerability landscape over the last five years, is just what Gunter Ollman, Director of Security Strategy at IBM Internet Security Systems has been looking at.

And he has come up with a, frankly, surprising conclusion that as far as the top ten software vendors contributing to vulnerability disclosure statistics are concerned, the trend is actually a downwards one. Using data collated by the IBM ISS X-Force security research labs, Ollmann was able to do the math and discover that despite there being a record growth in vulnerability disclosure during 2006, up 39.5% over 2005, the contribution by the top ten vendors has decreased from 20.2% to 14.6% during the last five years.

In his IBM ISS blog posting, Ollman quite rightly talks about major vendors …

In what could prove to be of major importance to the future of motherboard and component data transfer rates, the Photonics Technology Lab at Intel has announced a silicon laser modulator that can encode data at 40Gb/sec.

According to Dr. Ansheng Liu, Principal Engineer with the Intel Corporate Technology Group and a former NASA Ames Research Center engineer, "the photonic integrated circuit (PIC) could provide a cost-effective solution for optical communication and future optical interconnects in computing industry." PICs on silicon platforms in particular have been the focus of much attention and excitement within the research community because of the low cost coupled to the potential for high volume manufacturing. "Competition in this arena is intense as many players in both academia and industry have been aggressively pursuing research into completely integrated CMOS photonics" adds Liu.

A key component of any silicon PIC is a high-speed silicon optical modulator, required in order to encode the data on the optical beam. The reason why the Intel breakthrough is just that can be clarified if you take a look at the state of play with current silcion optical modulators. Not only are they expensive to produce courtesy of the materials used, such things as lithium niobate and III-V compound semiconductors do not come cheap apparently, but they are also just as fast.

Unfortunately, it has been impossible to squeeze anything approaching this turn of speed out of silicon until now. Crystalline silicon just does not have the …

Entry level mobile ones, according to Fujitsu :)

Twenty years ago the hard drives I recall using might not have been fast in the data transfer stakes, they were certainly not lithe and sexy pieces of hardware and I prefer not to think how much I actually paid for a large and clunky bit of kit to store hardly any data at all. One thing they did have going for them was reliability though. Indeed, in the space of a decade I think I only needed to replace a single failed unit across a dozen or so computers. And that had something to do with me dropping the amber gas plasma screened, laughingly called a laptop, device while trying to live the mobile computing fantasy we had all been sold.

Fast forward to today, and in the last five years I have replaced no less than six hard drives which have mostly failed without warning, a couple within months of purchase and all for no good reason other than sloppy quality control and a market which has driven prices down at the cost of reliability.

Which is why I had to laugh when Fujitsu presented me with a press release today in order to 'big up' its latest innovation: the hard drive designed for continuous operation.

Yes, you read that right. The unique selling point of the Fujitsu MHY2 BS-series of 2.5" SATA hard drives would appear to be that they have been designed not to fall over at the slightest provocation, like actually using …

Has JK Rowling created a lovable hero or out of control monster in her Harry Potter character? Amazon would probably suggest the former considering that it has just announced, with no surprises whatsoever, that Harry Potter and the Deathly Hallows has become the 'largest single-product distribution in Amazon.com's history.' Even before the publication date, Amazon had taken 2.2 million pre-orders to eclipse the previous record of 1.5 million which was held by the last book in the series, Harry Potter and the Half-Blood Prince. The 1.4 million pre-orders in the US alone made it the largest new-product release at Amazon ever. On the first day of sale, 1.3 million copies were actually delivered to the public and shipped to 160 countries across the world via its seven web sites. Not a bad slice of the total 20 million books that have been sold globally, 8.3 million of them in the US.

Sitting on the monster side of the fence are the websites that rely upon Google AdSense for income it would seem. According to a thread at WebmasterWorld many people are noticing a drop off in traffic from midnight Friday. One claims his traffic, and therefore his AdSense revenue, has dropped by 80% as people stay at home to read the book cover-to-cover rather than partake of their usual weekend web browsing habit. There are even suggestions that by looking at the downturn in traffic you can get an insight into visitor demographics. But this …

Then there is the argument that the power used to debate if a black Google would save power uses more than would be saved even if it did make a difference...

Agreed. There are hugely more effective ways to save energy than piddling about with the background color of your web pages...

Having returned from a pleasant family vacation where the main topic of conversation was a huge tanker being split in two by controlled explosions off the East Devon coast in England, it was nice to get back to reality and discover the nerdfest surrounding how much power could be saved globally if Google switched from a white background to a black one. Of course, this discussion has all the usual scientific merit of previous debates involving improving the audio quality of a CD by using green marker pen along the rim or leaving a window open during a hurricane will equalize the pressure and prevent the roof blowing off.

The claim is that an all white web page consumes around 74 watts of power, an all black one just 59 watts. Based upon this assumption, and extrapolating from it that it Google gets 200 million queries per day and each is displayed for 10 seconds, then in full screen mode if Google was to change from a white to black background it would save 3000 Megawatt-hours every year. A good old fashioned dose of science appears to have quickly headed the way of the author, no doubt mentioning that when it comes to LCD monitors, you k now those ones with a back-light which is on regardless of whether the screen is displaying a black, white or rainbow colored background, the difference equates to, well, absolutely nothing actually. The original posting entitles ‘Black Google Would Save 3000 …

No less than three critical vulnerabilities have been identified by Adobe affecting upon users of Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier.

The cross-platform problem refers to an input validation error that could, potentially, lead to arbitrary code execution via content delivered from a remote location using web browser, email client, or pretty much any application that includes or references the Flash Player. Furthermore, a separate issue regarding an insufficient validation of the HTTP Referrer has also been identified in Flash Player 8.0.34.0 and earlier which could result in a cross-site request forgery attack.

Although the newly released update fixes software on all platforms, Linux and Solaris unsurprisingly get away with just Flash Player 7 (7.0.70.0) being at fault and with no impact at all for the version 9 software. The Linux and Solaris updates for Flash Player 7 addresses an issue with usage of Opera and Konqueror browsers alone.

Although a malicious SWF does need to be loaded in Flash Player by the user for any attacker to exploit the vulnerabilities, there are plenty of click-happy targets to aim at, especially when it comes to multi-media content such as this. Therefore, Adobe is recommending all users should update to the most current version of Flash Player available for their chosen platform. Namely, version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux), by using the auto-update mechanism within the …

Looking at just standalone players is a little simplistic when it comes to drawing battle lines and predicting winners. You need to consider the built-in hardware side of things for both computers and games consoles as well.

Not that this changes the overall picture of Blu-ray getting something of a kicking in the HD player stakes of course.

Could we be on the verge of seeing the end of that spam scourge known as the pump and dump scheme? You know the drill, an email arrives urging you to invest in some little known penny stock and beat the experts to the punch. Nice one son, get your own back on those greedy stock broker types, that will teach them. Or maybe not, after all why would anyone with real insider information about cheap stock that is about to go ballistic bother telling you, a complete stranger, about it? What’s more, why would they tell a few million complete strangers about it? Surely, if it were true, they would invest everything they have and retire happy and rich.

Yet thousands of people fall for such scams every week, which is why pump and dump spam has become such a big business. Organized crime has not overlooked this fact, and is thought to be behind much of the pump and dump spam that arrives in mailboxes every day. Reports suggest that the average return made by the spammer for a pump and dump operation is 5%, and not so funnily enough the average investment loss made by the mug punter who falls for it is also 5% within a couple of days and not counting the share trading fees.

It is not just the money that attracts the pump and dump spammer, but the relatively ease in getting away with it as well. Unlike just about every …

Word has it that the long awaited Service Pack 1 for Windows Vista, also known as what Vista would have been if it were released when actually fully tested and ready, could be with us sooner than expected. While most industry commentators have been sticking to the official ‘sometime in the first half of 2008’ line, one has broken ranks and suggested we could get the first glimpse by way of a Vista SP1 Beta within a week.

Mary Jo Foley claims that it is official, and unnamed sources have revealed that Microsoft is gearing up to “drop Vista SP1 some time during the week of July 16.” She goes on to suggest that the final release will be available during November, which kind of makes a lot of sense when you consider that the Release-to-Manufacturing date for Windows Server 2008 also happens to most likely be November although once again Microsoft are keeping quiet regarding this officially. Still, it would make a lot of sense for the two to arrive together, as The Inquirer remarks “SP1 will almost certainly include a client update to revise the client in line with Server 08.”

There is another reason why Vista SP1 looks set to be here sooner rather than later, and it will be a pretty quick release of a service pack as far as new Windows OS history is concerned, and that is Google. More specifically, the Google threat of yet another anti-trust lawsuit …

Romanian security developer BitDefender has issued a warning about a fast spreading Trojan dubbed Spammer.HotLan.A which is using Hotmail and Yahoo accounts to send spam. According to BitDefencer some 15,000 accounts have already been compromised and the situation is likely to get much worse over the next few days.

Viorel Canja, BitDefender Antivirus Lab chief, told DaniWeb that “it’s hard to estimate how much spam has already been sent out, but there are at least 500 new accounts being created by the Trojan every hour.”

The worrying piece of this particular puzzle is the fact that the Trojan uses automatically-generated accounts, something that suggests spammers might have found a way to bypass the Captcha system so many of us depend upon to keep spambots out of forums, email and social networking systems.

Other than that, it is pretty much the same old same old: every active copy of the Trojan accesses an account, downloads encrypted spam from a website, decrypts it and sends on to a spam mail list of email addresses from yet another website. The spam being sent is currently leading users to a pharmacy product site, but expect that to change as the Trojan morphs over the next few days and weeks. Common spammer techniques are being used in the e-mail body text including Bayesian poisoning and the old corker, a random e-mail subject.

Check with your security vendor and make sure this threat is covered in the latest signature update …

Perhaps it has a different generally accepted meaning here in the UK, seeing as jbennet, myself and the author are all British?

I agree with jbennet, my understanding was to hop into bed with someone.

Indeed. My take on it is as a measure of parental control and responsibility, enabling the child to chat within a safer context yet without impinging upon their privacy. It is this latter point that has always made exercising parental responsibility within the chat sphere so difficult, and if you push your kids away by invading privacy and listening in on their conversations they will only move somewhere less open, often in darker corners of the web, to chat.

If AGE does actually work, and that remains to be seen of course, then it could be an important weapon in locking down chat rooms and IM to keep the pedos out.

The worry is, as in the real world, if you drive them out of your street where do they end up?

A British company claims to have developed software which can spot pedophiles online and catch them in the act of ‘grooming’ children in chat rooms and IM sessions. Just as handwriting and voice analysis is used by law enforcement agencies the world over in order to accurately determine age, so Crisp Thinking can use its Anti Grooming Engine (AGE) to identify the unique fingerprint contained within an Internet conversation to do the same thing.

Given that according to US Attorney General Alberto Gonzales it is estimated that there are at least 50,000 pedophile predators, at any time, prowling the Internet for potential victims and the National Center for Missing and Exploited Children suggest as many as 1 in 7 children aged between 10 and 17 have been solicited for sex online, it could be a hugely important piece of software. If it works.

Crisp Thinking insists that AGE reads between the lines to spot the potential offenders, not relying on simple keyword detection but rather understanding the context of that online conversation over time. By looking for a combination in patterns of aggression, sexual comment, solicitations for personal information and so on, the software is able to accurately determine how dangerous the chat could be. We are told to think of it in terms of an older brother, listening in on a younger siblings conversation and only telling Mom when that chat is obviously not going down the right path. Unlike the older brother, AGE gets …

Pardon you.

It has always been something of a running joke here in England, where you have to buy a license from the government in order to watch TV (I kid you not, it helps fund the good old BBC), that blind people get a 50 percent reduction on the annual £135 ($271) fee.

Some might say that not being able to see the programming content of British television is a good thing, others that you can already listen to radio for free so why bother paying for the privilege?

However, in a similar way that subtitles and closed captioning have allowed deaf people to enjoy TV and video output for years, technology is now bringing the same benefit to blind folk.

The technology in question being Audio Description (AD) which essentially adds a secondary audio soundtrack to programming, taking advantage of pauses within the spoken dialog to explain visual plot points and environments. It is not a totally new technology, but up until now you have needed to invest in a separate set-top box in order to add this narrative voice to your telly.

What is new is that Sony has announced that all of its BRAVIA television sets will now provide integrated Audio Description capability as standard.

This has been made possible by the provision of a more powerful audiovisual processor within the TV, one that can decode multiple audio channels simultaneously. Sony is, naturally, quite excited about this development. Andreas Ditter, VP of Operations …

Were you one of the many, and the chances are that being a reader of Inside Edge dumps you squarely into the informed geek category (and there really is no offense meant in that remark, says a fellow informed geek), who mourned the passing of promised core parts of Longhorn such as WinFS when Vista finally emerged?

If you shed a tear then, perhaps you might want to get the big box of tissues out again. This is not going to be a good news day for you.

It has come to my attention that attempts to revive a version of Vista, complete with WinFS, have been shot through the head by the Microsoft legal machine.

It should come as no real surprise that the Longhorn Reloaded project is officially dead. “To put the projects aims simply, we aim to finish off what Microsoft started before the operating system was canceled. It is a modification of Windows 6.0.4074, which was originally released during the 2004 Windows Hardware Engineers Conference” says the project blurb. It was doomed to failure from the get go.

Did anyone seriously think that Microsoft would allow an early Vista Beta to be promoted, distributed and lauded?

Of course not.

Doesn’t stop me from applauding the effort to take this build and build upon though, not least because it would have been nothing short of a miracle if the Longhorn Reloaded project could succeed given that it …

Unfortunately Nigeria does immediately spring to mind when it comes to ID fraud and phishing scams, courtesy of the whole 419 history. No, it is not the only country involved in such things, but it does have the highest profile and for good reason...

Forty three British MPs have backed a House of Commons motion calling for the Duchy of Cornwall estate, owned by Prince Charles, to make its accounts more transparent and the finances of the Prince of Wales clearer. Which is just what might happen following the disclosure that a laptop belonging to the company that handle the Duchy payroll has been stolen.

A company spokesperson has told us journalist types that this could "pose a security threat if a technical expert was able to breach its password protection."

Well duh.

More to the point, a company that lets such incredibly sensitive data out and about, stored on a laptop, which was then left in a car from where it was stolen, does not exactly inspire a sense of security from the get go. A feeling compounded by the fact that this is the same company that had another payroll heavy laptop, with details of the staff of the Eden Project tourist attraction, all 500 of them, stolen just a couple of weeks ago.

The idea that all will be required to access the data on the Duchy of Cornwall accounts laptops, which includes details of the private bank account and national insurance number of Prince Charles, is for the password to be cracked almost beggars belief. To whoever has the computer, given the security track record so far, may I suggest you try ‘password’ as your first attempt.

Has Moorepay, the company …

Well the Microsoft Windows Compute Cluster Server seems to be doing OK, especially within the financial sector :)

Disagree. There are. I have seen them in action, infecting devices via Bluetooth, albeit in a controlled environment.

Admittedly, there is little malicious impact of the mobile threats that exist both in the lab and in the wild, but they do exist.

The 'la la la I am not listening' approach to IT security is never very effective in the long term :)

Well it looks like I was right, as someone has emailed me with a pointer to this which suggests that it was indeed a hoax, perpetrated by the Full Disclosure people to show just how easy the global media are to fool.

I am sorry that this did not hit my radar before posting the piece, but my reasons are sound enough and I guess some kind of proof that anyone who actually sat back and thought it about it before rushing to join the Harry Potter Hacked Hype Society should have come to the same conclusion.

Slowly. Very slowly...

Unlike the deadline for the first draft.

According to a posting by someone calling themselves Gabriel, published on the Full Disclosure list (warning – this link contains the so-called plot spoiler), the ending of the yet to be published Harry Potter and the Deathly Hallows book has been revealed. Not by magic or wizardry, but by good old fashioned hacking. Or at least that is what is being claimed.

Frankly, it looks like a work of fiction to me, and here’s why:

1. The hacker is obviously trying to get some kudos and self-publicity here, being an otherwise unknown entity. Yet he/she provides absolutely no evidence of a successful hack other than a synopsis that claims to be from the unpublished manuscript but could have been cobbled together by any follower of the Harry Potter stories.
2. With the book due out within a few weeks, Harry Potter mania is starting to take hold once more. Any hacker with half a brain would understand the incredible real world value of the document claimed to have been stolen. Forget the criminal aspect of this, tabloid newspapers around the world would pay a small fortune to get their hands on the manuscript. Yet Gabriel posts to a little known, outside of IT security circles, mailing list. Ipso facto Gabriel is either a moron or not motivated by money/fame. If the latter, then why bother with the whole thing in the first place? Even if you go for the religious explanation of “protecting you and your …

In a rather ironic turn of events, the US Department for Homeland Security has found itself having to admit to Congress that it has been subject to the odd one or two minor security problems in-house.

Well, I say one or two. Actually the figure is more than 800.

Well, I say minor security problems. Actually the attacks cover everything from full scale hacking attempts through to virus outbreaks and spyware infection and lost laptops.

OK, so let us get this into perspective.

From the perspective of the US Government and Department for Homeland Security it is no big deal because all of the problem apparently have involved unclassified networks. DHS officials have promised Congress that they will try harder though, which is comforting for the millions of US citizens who trust them to protect the nation from the terrorist threat.

From the perspective of the IT security journalist, it is a big deal. Quite apart from the fact that if any official body should have its own security locked down tighter than a Scottish purse then it is this one, there is the small matter of those unclassified networks carrying classified material. Oh yes, in what is officially described in twee terms as classified spillage, the DHS have also admitted that some secret information was indeed sent across those very same unclassified networks which have been compromised. When the nature of that compromise includes the discovery of hacker executables and spyware applications …

Perhaps I should have said 'Virtualization is not working, yet."

It was meant to be something of a pun on the fact that virtualization isn't catching on as fast in the world of work (business) as the hype might suggest.

While there is no doubting that virtualization is not only a technology to watch, but one that will move into the mainstream real soon now, there remains a question of just how soon that will actually be. A new survey by emedia suggests that the timescale for making that move, at least as far as 50 percent of the IT professionals it asked, is within the next 18 months.

However, it is the reasons why virtualization is not working for more people right now that interest me more. The indication, for example, that 52 percent of people questioned are concerned with the new security challenges the technology introduces. Challenges such as patching and updates which concerned 32 percent and guest-to-guest attacks 27 percent. Mind you, when pressed the same IT professionals were quick to admit that they can overcome these threats with staff training (51 percent), firewalls (30 percent) and network separation (25 percent.)

Yet even these concerns are not what is really holding back the move to virtualization, it is much more straightforward than that and can be summed up as where is the beef? The simple lack of a compelling business case for total cost of ownership and of course getting a return on the investment, cost and budget restraints and insufficient staff expertise can all come to the front of the real world obstacles queue. I suspect that it is that first combination of TCO and ROI that will continue to hold back …