« March 2004 |
Main
| May 2004 »
Man arrested over UK phishing scam - Breaking - theage.com.au
April 30, 2004
A man has been arrested in the UK over a phishing scam in what is said to be the first such case in the country, according to the anti-virus software vendor Sophos.
The 21-year-old, who hails from Lancashire, was questioned in connection with trying to steal account details from users of the Smile online internet bank.
Smile reported the phishing email to Britain's National Hi-Tech Crime Unit in March.
Other "phishing" attempts in the UK have included bogus emails claiming to come from a number of banks including Wells Fargo, Nationwide, NatWest, Barclays, Westpac and Halifax, SOphos said.
A spokeswoman from the National Hi-Tech Crime Unit said PCs belonging to the man were being examined by computer forensic experts. The man, who is unemployed, has been released on bail until August.
April 30, 2004 at 12:47 AM in Phishing & identity theft | Permalink | TrackBack (34) | Top of page | Blog Home
The New York Times > Technology > News Analysis: Google Says to Investors: Don't Think of Flipping
By ALEX BERENSON
all Street loves Google, but the feeling isn't mutual.
That is the message permeating nearly every page of the public offering statement that Google Inc., the Web search engine company, filed yesterday. In a frank and provocative statement, the company's leaders argued that companies cannot manage for the long term unless investors and analysts have limited say in the way they are run.
In this, they are responding to a widespread belief that investor pressure for predictable short-term earnings growth led many publicly traded companies to engage in accounting gimmickry and business improprieties in the 1990's. Google says that it will not offer quarterly earnings guidance and that it expects shareholders to understand even if it makes unprofitable short-term investments.
"A management team distracted by a series of short-term targets is as pointless as a dieter stepping on a scale every half-hour," Larry Page, one of Google's co-founders, wrote in a "Letter From the Founders." The letter, which appeared at the front of the statement, was signed by Mr. Page and his fellow founder, Sergey Brin.
Many institutional investors may cheer that attitude. But another part of the company's strategy will draw some criticism. Google aims to insulate its executives somewhat from shareholder demands. The company will have dual classes of stock that will give company insiders much more voting power than public investors to elect directors. The company's disdain for the traditional stock offering process is also evident. Instead of selling a small number of shares at a predetermined price, which often stokes demand for the stock when it begins trading, Google will auction its shares to the highest bidders. In that way, the windfall profits from the offering will go to the company and its private shareholders, not to favored customers chosen by Wall Street investment banks. In its registration statement, Google explicitly warns investors not to buy the offering in the hope of making a short-term profit by flipping their shares.
Google can behave with so little regard for shareholders' wishes because its business is so attractive that investors will be clamoring to buy stock no matter what conditions the company sets. The company's sales and profits are increasing at a spectacular rate, at least for now, and its profit margins appear to be among the highest in corporate America.
In 2003, Google reported an operating profit of $340 million on sales of $960 million. But the 2003 figure appears to understate the company's cash profit margin, since it includes very high expenses related to stock options that will probably decline in future years. On a cash basis, Google had an operating profit of $570 million in 2003, and an operating margin of 62 percent.
Given those figures, Google will easily command a market valuation of at least $30 billion, and perhaps much more. EBay, which had an operating profit of $660 million on sales of $2.2 billion last year, is valued at $54 billion; Yahoo, with sales of $1.6 billion and operating cash flow $428 million, is valued at $36 billion.
So the offering will make billionaires of Google's top three executives. Mr. Page, 31, and Mr. Brin, 30, each owns about 15 percent of the company, conservatively worth more than $4.5 billion; Eric Schmidt, the 49-year-old chief executive, has stock options on 6 percent, worth $1.8 billion.
Those figures are eye-popping, even in Silicon Valley, which during the 1990's generated fortunes on a seemingly weekly basis. But if the registration statement is a guide, the prospect of riches has not dulled the reservations that Mr. Page and Mr. Brin have about the public markets.
"As a private company, we have concentrated on the long term, and this has served us well," Mr. Page wrote in the public offering statement, which companies must file with the Securities and Exchange Commission before selling shares. "As a public company, we will do the same. In our opinion, outside pressure too often tempts companies to sacrifice long-term opportunities to meet quarterly market expectations. Sometimes this pressure has caused companies to manipulate financial results in order to 'make their quarter.' "
Mr. Page pledged that Google would never manipulate its results or allow accounting decisions to dictate its business decisions. Nor will the company provide quarterly earnings guidance, as most public companies have done for the last two decades.
Neil Barsky, a former analyst for Morgan Stanley who runs a hedge fund in New York, said Google's attitude was refreshing and candid.
"There is a slavishness that companies feel that they have to play to Wall Street quarter in and quarter out, and that is not the way the real world works," Mr. Barsky said. "They're saying, 'Merely because we go public and because analysts will feel the need to comment on every quarter does not mean that we will manage our business for short-term pressures.' I agree to that 100 percent. That's the right way to run a business."
But Google evidently does not trust shareholders to think long term. Under the dual-class voting structure, the new shares it sells to the public will have only a tenth as much voting power as the shares current investors own.
"New investors will fully share in Google's long-term growth but will have less influence over its strategic decisions than they would at most public companies," Mr. Page wrote. He compared Google to Berkshire Hathaway, Warren E. Buffett's company, which also has a two-class structure.
Not all investors think this is a good idea. Thomas Giovine, a hedge fund manager in Los Angeles, said shareholders should punish Google for its failure to give new investors the same rights as its founders. Once a company goes public, its founders must understand and accept that they are responsible to public shareholders and are no longer fully in control, he said.
"The guys sitting in the boardroom are just employees that the owners are paying to run companies as best they can," Mr. Giovine said.
Still, Google's motives seem decent, he said. "At the end of the day, it's probably a good thing to get Wall Street to think longer term."
The company's offering process will also give Wall Street less control over its shares and new shareholders much less of a chance to make a short-term profit. During the late 1990's, many technology companies offered a small number of shares to big investors at a price far below the price that individual investors were willing to pay. When the shares began to trade publicly, those big investors often would flip their shares to smaller investors for huge profits. For example, VA Linux, a computer company, rose from $30 to $239.25 when it opened for trading in December 1999. VA Linux's stock closed yesterday at $2.15 a share.
But Google plans to set its offering price differently. The company will ask investors how many shares they want to purchase, and at what price, and then try to sell enough shares to the highest bidders so that its stock is unlikely to rise quickly on its first day.
"We are working to create a sufficient supply of shares to meet investor demand at I.P.O. time and after," Mr. Page wrote. "We would like you to invest for the long term, and to do so only at or below what you consider to be a fair price."
As a result, investors who buy Google stock in the hope of making a quick profit may be disappointed, Mr. Page wrote. "Short-term speculation without paying attention to price is likely to lose you money, especially with our auction structure."
Of course, the structure also guarantees that Mr. Page and Mr. Brin, who plan to sell part of their holdings in the offering, will get the highest price possible.
April 30, 2004 at 12:44 AM in Portals | Permalink | TrackBack (21) | Top of page | Blog Home
The New York Times > Technology > Google's Sale of Its Shares Will Defy Wall St. Tradition
By JOHN MARKOFF
AN FRANCISCO, April 29 - Ending months of speculation, Google said Thursday that it would sell shares to public investors in an unusual auction that represents a stark shift from the way Silicon Valley companies raised money during the technology boom of the 1990's.
The stock offering, which is intended to provide about $2.7 billion in cash when it takes place later this year, is expected to give Google a market value on Wall Street of at least $30 billion and perhaps $50 billion or more. It will transform the two former graduate students who founded it less than six years ago into instant billionaires several times over.
Virtually everything about Google's decision to go public is a departure from standard practice.
The secretive company, which quickly emerged as the most popular method for searching the Internet for information, plans to conduct an auction intended to make its stock widely accessible to individual shareholders. At the same time, it plans to issue two classes of stock so that the founders can retain far more control than is usually the case when companies are publicly traded in the stock market.
And the dry, legalistic language typical of financial documents was replaced, at least at the beginning, with something of a manifesto attacking Wall Street's traditions and the practices of most public corporations.
"Google is not a conventional company," the founders, Larry Page and Sergey Brin, proudly wrote in a preface to the offering that they termed an "Owner's Manual" for Google's future shareholders. "We do not intend to become one."
Started in 1998 while Mr. Page, 31, and Mr. Brin, 30, were still graduate students at Stanford University, Google challenged the common wisdom of the time that searching the Web would not be a valuable technology but essentially a commodity freely offered by the lucrative portals like Yahoo, America Online and MSN from Microsoft.
But as outsiders got their first look Thursday at basic details of Google's finances and business operations, they found evidence of a company that is both exceptionally profitable and extraordinarily fast growing.
Google reported that it earned $106 million on sales of $962 million last year. But after taking into account several unusual bookkeeping techniques, Google has actually generated much greater profits, largely from selling small targeted text ads tailored to the interests of the more than 200 million Web searches conducted through Google daily.
Jordan Rohan, an analyst with Schwab Soundview Capital Markets, calculates that in the first quarter of this year, Google had pretax profit margins of 59 percent.
"That is extraordinarily profitable," Mr. Rohan said. "Very few companies of any sort reach those levels."
Google's founders started the company with no clear idea how they would make money and they stumbled into one of the most potent business concepts in history. Unlike most advertising, which tries to interrupt and distract people, advertising on search engines often gives them exactly what they are looking for.
And since ads on search engines are simply a few lines of text and links to Web sites, often purchased simply with nothing more than a credit card, companies that never could hire a Madison Avenue advertising agency have been able to find a way to reach a worldwide audience. Google claims more than 150,000 individual advertisers.
Despite the success of the company so far — and what is almost certain to be heavy demand for shares in its offering — there is no assurance that the stock will be a good long-term investment. Many Internet stocks sold to the public in the past did well initially, but then faltered.
And the unusual auction method that Google has chosen poses additional risks. If the price bid by initial buyers goes too high, there may be few takers once the shares start trading in the stock market.
Whatever its ultimate fate, the long-awaited Google public offering represents a signal moment for Silicon Valley and the technology industry, which is just beginning to recover from a devastating slump that followed the collapse of the dot-com bubble in 2000.
The industry is now starting to look forward to a new wave of growth based on the resurgence of the Internet as a commercial tool.
This mirrors similar once-a-decade events that started companies like Intel in the 1970's, Microsoft and Apple Computer in the 1980's and Netscape in the 1990's, all of which attracted intense attention and served as the icons for successive generations of digital technology.
Silicon Valley executives here praised the unique achievements of the company but cautioned that anything like the Google public offering was not expected to happen again soon.
"Google today in many ways embodies what is best about Silicon Valley," said Jim Breyer, managing director of Accel Partners.
Venture capitalists warned, however, that even as other companies line up to follow Google, its decision to go public was not likely to do anything to directly benefit the investment climate for most of them.
"Google is not an icebreaker for other companies to follow," said John Shoch, a partner at Alloy Ventures. "It's a polka-dotted zebra."
The company, based in Mountain View, Calif., provided detailed financial information for the first time, allowing outsiders to search through previously closely held secrets of its finances and operations.
What emerged is a portrait of a company with higher profit margins than its most powerful competitors, including Yahoo and Microsoft, and which many analysts now believe could be worth more than Yahoo's $36 billion market value and perhaps come close to the value of eBay, the Internet auction company that is worth about $54 billion.
Google, as a private company, has kept hidden even the most basic details of both its business activities and its intentions until finally required to reveal them by a deadline imposed by an arcane law applying to private companies with more than 500 shareholders.
Now that its finances are open to scrutiny, analysts were stunned by what they learned. "If you look at the quarterly progression," said Andrew Kessler, a Silicon Valley investor and former Wall Street analyst, "it just ramps and it's accelerating."
Like some of the other legends of Silicon Valley, including those who started Hewlett-Packard and Apple Computer, Mr. Brin and Mr. Page began Google in a garage. The documents show that they both earned salaries last year of $150,000, with bonuses of around $200,000. But each owns shares in the company that should be worth $3 billion or substantially more when the company goes public.
Seeking to prevent a sharp spike in the price of its stock on the first day of trading, Google said the initial price would be determined through an auction aimed at giving the general public a better chance to buy its stock before the shares begin trading, most likely in late summer or early fall.
The filing begins a 60-day period during which the Securities and Exchange Commission will review the registration and can make comments to the company. Once the agency declares the registration statement effective, the company can offer its shares to the public.
Initial public shares of the most sought-after deals traditionally have been restricted to an elite group picked by the investment bankers handling the deal. But that approach produced intense controversies once the Internet boom faltered, with critics complaining that clients of the bankers received favored allocations, while others went to mutual funds in exchange for buying more shares after the offering to help support the stock.
Yet Google turned to two long-established Wall Street investment bankers — Morgan Stanley and Credit Suisse First Boston — to manage its unconventional approach.
Experts in such auctions, which are widely used internationally but are rare in the United States, cautioned that a wealth of experience overseas suggested a real possibility that the Google offering could be dramatically overpriced.
"What really disappoints me is that Google has chosen a method that has been in use for 20 years and has failed everywhere it has been tried," said Ann E. Sherman, an assistant professor in the department of finance at the University of Notre Dame and an expert on initial public offerings auctions.
"A stock is not like painting," she said. "You can't just look at a company and know what the value is to you."
Google's approach, however, does fit closely with the values of the company as they were outlined in the founders' preface.
Despite being at the helm of a publicly traded company, Mr. Brin and Mr. Page insisted that they would hold on to their core commitment to letting Google's engineers take wide risks and that they would not bow to pressures from Wall Street to show consistent quarterly financial results.
"As a private company, we have concentrated on the long term, and this has served us well," they wrote. "As a public company, we will do the same."
A spokesman for Google said the company's leaders, including its chief executive, Eric Schmidt, would not give interviews.
Mr. Page and Mr. Brin wrote that they had been inspired by Warren E. Buffett's essays in the annual reports for his company, Berkshire Hathaway, and that they would remain risk takers, willing to place bets that had only a 10 percent chance of earning a billion dollars over a long period of time.
The founders also defended their decision to adopt a dual-class voting structure for the stock, which is rare in publicly traded companies and generally used only when long-established family-owned companies like Ford Motor or The New York Times invite outside investors to buy shares. They acknowledged that the structure, which keeps voting power in the hands of the founders and original investors, would leave insiders with "significant" control over the company's decisions.
Separately the company said that it would add three high-profile Silicon Valley executives as independent members of its board: John L. Hennessy, Stanford University's president; Arthur D. Levinson, chief executive of Genentech; and Paul S. Otellini, president of Intel.
For all the details in the more than 1,000-page document the company filed with the S.E.C., one thing remained constant: Google's secretive nature and the aura that surrounds it will not go away any time soon.
"Once again Google becomes the `nobody knows the answer' company," said Mitchell D. Kertzman, a longtime Silicon Valley executive and venture capitalist. "At first nobody knew when it would go public. Now no one knows what the results of their public offering will be."
April 30, 2004 at 12:43 AM in Portals | Permalink | TrackBack (26) | Top of page | Blog Home
Email trails lead to DRM - ZDNet UK Insight
David Becker
CNET News.com
April 20, 2004, 12:45 BST
Chief executives have found to their cost that keeping a lid on inflammatory business documents remains extremely difficult
An ancient email message embarrasses Microsoft in a key legal case. A leaked memo has Linux antagonist SCO Group scrambling to explain apparently secret Microsoft connections. A leaked message from RealNetworks chief executive Rob Glaser reveals his behind-the-scenes manoeuvring to get a stake in Apple Computer's booming iPod business.
All it takes is a quick run through the headlines to see why some software makers might think there's a market for products that lock down common types of business documents by restricting access to authorised recipients.
But the market for such tools remains small and fragmented, despite recent entries by high-profile players Microsoft and Adobe Systems. Analysts expect the market to grow slowly for at least the next few years, as companies wait for the technology to mature and for IT budgets to loosen.
The relative youth of this technology is evidenced by the fact that it doesn't have an agreed-upon name yet. Various software makers use "enterprise rights management," "document rights management" and "information rights management" to refer to similar technology. Others simply use the blanket term "digital rights management" (DRM), though that is more commonly linked with technology employed to prevent unauthorised copying of movies, music and other published content.
"Right now, you're talking about technology that's very immature and doesn't really work very well," said Scott Lundstrom, senior vice president of AMR Research. "I have yet to see security implemented in (an enterprise DRM) system that hasn't been able to be circumvented in a week."
He likens the existing technology to a hook latch on a screen door. "It'll keep your neighbour out, but it won't keep out a burglar. It's just enough to keep an honest person honest," Lundstrom said.
Whatever you call them, the various enterprise DRM products are inspired and enabled by similar forces. Ubiquitous email has made it easier than ever to pass around documents. At the same time, ever-present Internet access has made it feasible to use server-based software to restrict access to corporate documents.
Enterprise DRM packages from Microsoft, Adobe and specialists such as Authentica use a central server to generate and store information on permissions for documents, email messages and other corporate content. Those permissions restrict who is able to open an item and what they can do with it -- copy and paste, edit, forward, print, and so forth. Documents can also become inaccessible after a set expiration date or if a more up-to-date version becomes available.
Such restrictions are meant to solve an array of corporate problems, from big-ticket headaches like leaked documents that can expose company secrets or pose legal liabilities to the challenge of making sure everyone's working from the current price list.
Selena Wilson, Microsoft's director of Windows security product management, said there's little trouble convincing businesspeople of the value of enterprise DRM. Microsoft entered the market late last year with Rights Management Services (RMS), an add-on to Windows Server 2003 meant to handle access restrictions for a wide range of corporate data. Office 2003, the latest version of Microsoft's widespread productivity package, allows RMS-based restrictions to be built into common types of documents.
"Every time we present RMS to business decision-makers, they just immediately get it," Wilson said.
One Authentica customer that's gotten it is San Francisco-based CaseCentral, which provides Internet-based depository management for complex litigation.
CaseCentral used Authentica technology to create secure, online versions of the "data rooms" companies typically maintain during merger and acquisition negotiations to provide controlled access to financial reports and other sensitive documents. With Authentica's DRM, electronic versions of such documents can be embedded with restrictions that permit only limited access by authorised parties, explained CaseCentral chief executive Christopher Kruse.
The upshot is that corporate lawyers can access the documents they need without time-consuming travel or worrying about information falling into the wrong hands. It's an approach that can only work with a sturdy DRM system, Kruse said.
"There really isn't much more confidential stuff in the business world than what we protect," he said. "We make sure people can't copy or even take a screenshot of a document. And the minute someone drops out of the bidding, we can shut off all their access to documents."
Lack of interest
But businesses like CaseCentral are still a tiny minority. Outside heavily regulated sectors such as banking, which have already developed industry-specific approaches to document security, there's been little visible interest to date in enterprise DRM.
Reasons include the relative immaturity of the market. Microsoft's product has been available for only four months, and Adobe won't introduce its Policy Server until late this year. That leaves a handful of specialists, led by Liquid Machines, Sealed Media and Authentica.
Even for businesses that do start to think about document security, their huge collections of content, often stored on individual hard drives, can make it tough to develop a comprehensive approach to enterprise DRM, said Joshua Duhl, an analyst for research firm IDC.
"People don't want to admit there's a content problem," he said. "And if they do, people have to have a sense of what's worth securing and what isn't, which can be very difficult to sort out."
The scope of material an enterprise DRM system secures can also make companies reluctant to commit to a software maker. Microsoft's entry into the field sparked fears the company could use secure document format to lock out competing productivity products and other applications.
"I've heard some concerns that (RMS) would make it a requirement to upgrade applications, that you could lock down formats in some way so third-party applications wouldn't be able to open and view them," said Ray Wagner, an analyst for research firm Gartner.
Such concerns have many businesses waiting for a more open approach to enterprise DRM. Lundstrom doesn't expect the field to take off until there are open standards for encryption and other security components.
"DRM could be one of the first big open-source wins" for enterprise applications, he said. "Customers would really see value in open, standards-based robust encryption... When you get into security and encryption as an intellectual discipline, the people driving that forward are completely focused on open source and peer review."
Even for businesses that are OK with a proprietary approach to enterprise DRM, it can be tough to sort out the different approaches offered by current suppliers, IDC's Duhl said.
"There's limitations to every one of these vendors," he said. "Whether its company size or viability questions or just the fact it's Microsoft, there are lots of issues that people have to sort through."
Then customers must determine which offering matches their particular business needs. "It's like looking at horses -- if you're going to pull a beer wagon, you want a Clydesdale," Duhl said. "If you're going to run a race, you want a thoroughbred."
Key differentiators include the manner in which an enterprise DRM product links up with other applications. Microsoft intends RMS to be a platform product, Wilson said, linked with the Windows Server operating system and capable of securing everything from memos to information in back-end databases. "Our technology is content- and format-agnostic," she said. "Customers can apply the same template, whether it's a document or a line-of-business application."
For now, however, RMS only works with documents generated by Office 2003, a significant factor for the vast majority of Microsoft customers that take their time in updating to the latest versions of key applications.
Adobe's Policy Server will be limited too, working only with documents based on the company's Portable Document Format (PDF). Adobe executives have said the product builds on several key advantages of the widespread PDF format, including its ability to ensure document fidelity and compatibility with a wide range of operating systems.
"The cross-platform aspect is very important to the clients we talked with," said John Landwehr, group manager for security solutions and strategy at Adobe. "They really want a system that will integrate well into a heterogeneous environment."
But for companies that haven't already adopted PDF and Adobe's accompanying Acrobat products for document distribution, Policy Server is a non-starter, said Gartner's Wagner.
"They have a pretty nice set of tools if you're willing to modify your whole system to be PDF-based," he said. "That's been a limiting factor for DRM all along -- people aren't going to change the way they work just to accommodate a security solution... You want this to be as minimally intrusive on the user as possible."
Specialty players
Aside from the big guys, enterprise DRM has a handful of specialty players whose products typically work with most common document formats -- from email messages to AutoCAD architectural drawings.
Variables include how a system deals with workers when they don't have Internet access. Microsoft's RMS requires at least an initial check-in with the rights server, while products such as Liquid Machines' self-titled server software allow document creators to set offline permissions.
"We find most people want to raise their level of security, but they don't want to make it difficult for people to do their jobs in a mobile work force," said Ed Gaudet, vice president of product strategy and marketing for Liquid Machines.
Competing products also differ in how much you can do with a document once it leaves the author's desktop. Authentica promises some of the most detailed control, allowing authors to change permissions for a document while somebody else is using it.
"We give very granular control," said Authentica chief executive John Bruce. "I can watch on my desktop and see how someone is interacting with a document once they get it. And if I decide I don't like what they're doing, I can change the settings then and there."
Another variable in enterprise DRM products is policy settings that IT administrators can employ to ensure a basic level of security for all documents. Policies are important to ensure that enterprise DRM doesn't get in the way of workers doing their jobs, said George Everhardt, chief executive of Sealed Media. At the same time, detailed controls need to be available to workers who want to get more involved. The key is finding the right balance for a particular business.
"Our fundamental premise is that there is no magic technology button you press and then everything's secure," Everhart said. "Any good security process involves people. The process has to be easy to use and totally secure. If it's intrusive, workers will figure a way to get around it. If it's too easy, the bad guys will figure out ways to get around it."
Everhart and executives of other enterprise DRM specialists said they aren't worried about major players such as Microsoft and Adobe entering the market. Instead, they see the moves as bolstering their position with potential customers who don't want to be restricted to working with particular types of documents or authoring applications.
"It's been like a validation," said Authentica's Bruce. "For the longest time, I've talked to folks about DRM and they keep asking, 'is there a business there?' Now we've got two major vendors standing alongside us and saying, 'this is important.' It's nice to find the world is turning in our direction."
Attention from Adobe and Microsoft helps, agreed Mark Patton, Sealed Media's vice president of marketing. So does support from content management software makers such as market leader Documentum, a Sealed Media partner. But the biggest incentive may be the type of incidents that have caused embarrassment and legal headaches for Microsoft and others.
"All it takes is for a chief executive to get burned one time on a leaked document, and their interest level in this kind of technology goes way up," Patton said.
April 29, 2004 at 01:38 AM in Security | Permalink | TrackBack (9) | Top of page | Blog Home
Internet telephony rides back into fashion - ZDNet UK Insight
Winston Chai
CNETAsia
April 22, 2004, 16:00 BST
Linksys chief executive Victor Tsao unfolds the networking-gear firm's expansion plans
If Victor Tsao has his way, your next broadband router could bear an uncanny resemblance to your living room telephone.
Ten months after his company was bought by Cisco Systems for $500m (£282m), the founder of consumer networking-gear maker Linksys plans to embark on an aggressive product expansion trail this year.
Beyond latching onto the digital entertainment wave with more offerings for multimedia streaming and wireless console gaming, Tsao will venture into an area where many before him have seen limited success -- Internet telephony.
With the proliferation of the Web in the 90s, the ability to make cheap long-distance calls over the Internet -- based on a technology called voice over Internet Protocol, or VoIP -- was often touted as the next big thing for consumers. Of little surprise, the market soon witnessed an onslaught of hardware and software that aimed to ride the Net phoning tide. However, poor voice quality and frequently dropped calls soon drowned much of the consumer enthusiasm surrounding IP telephony.
Thanks to improvements in quality of service and Internet bandwidth in recent years, VoIP has again caught the attention of telecom carriers around the world. During a recent Singapore stopover, Tsao, now vice president and general manager at Linksys, tells ZDNet UK sister site CNETAsia about his plans for VoIP and future directions for the company.
Q: How has Linksys changed after the acquisition?
A: There is no change to the business model. Cisco is the leader in the enterprise networking field. Linksys is a brand of Cisco, but the brand Linksys covers the other side -- small businesses, home users and consumers.
As for market focus and product focus -- they haven't really changed, although, yes, some things have changed. Before the acquisition, 95 percent of our revenue came from the US and Canada. With Cisco's worldwide presence and infrastructure, we started branching out. We had never really focused on this, due to constraints as a privately held company.
Back on 14 October, we launched the Linksys brand in China. We created an entity in Chengdu, focusing on (aftermarket) sales, technology support as well as marketing and promotions.
April 29, 2004 at 01:33 AM in Telecommunications | Permalink | TrackBack (6) | Top of page | Blog Home
Down with standards - ZDNet UK Insight
CNET News.com
April 28, 2004, 16:35 BST
Martin LaMonica
Standard is 'one of the most abused words in the language', according to Robert Glushko, who was involved in early efforts to create business-to-business e-commerce standards using XML
Robert Glushko has a problem with standards.
There is a clear demand from customers for products that work together based on widely used standards. But Glushko contends that the standards process is stacked in favour of large tech companies, which can control and ultimately benefit most from specifications that are ratified as industry standards.
Glushko, an adjunct professor at the University of California at Berkeley, speaks from experience. As co-founder of XML company Veo Systems, Glushko was involved in early efforts to create business-to-business e-commerce standards using XML, or Extensible Markup Language, in the late 1990s. His involvement in XML led to work with the Organisation for the Advancement of Structured Information Standards (OASIS), which was formed to promote XML-related specifications, and the United Nations' Centre for Trade Facilitation and Electronic Business (CEFACT).
In 1999, the United Nations and OASIS joined forces to promote ebXML, which was designed to enable electronic business over the Internet, rather than over expensive proprietary networks. But as ebXML began to mature as a technical specification, another set of XML-based specifications collectively called Web services -- which had the backing of IBM and Microsoft -- came onto the scene. Today, Web services are more widely used than ebXML.
Glushko said his experience working on ebXML reflects how powerful interests can derail the work of well-established standards organisations. He also contends that the standards development in governmental organisations, such as the United Nations, is a very politicised process. High-minded goals, such as cheap global e-business standards, can easily be tarnished by money, power and access to powerful bureaucrats.
ZDNet UK sister site CNET News.com spoke to Glushko to get his views on the state of technology standards after revelations that Microsoft paid some travel expenses of UN technical committee members on a CEFACT mission -- a move that critics claim gave the software giant unfair influence in pressing the case for Web services over ebXML standards within the United Nations.
Q: Why have so many standards emerged for electronic commerce?
A: One of the issues here is what a standard is. That is one of the most abused words in the language and people like you [in the media] do not help by calling things standard that are not standards. Very few things are really standard. Standards come out of standards organisations, and there are very few of those in the world.
April 29, 2004 at 01:31 AM in Web/Tech | Permalink | TrackBack (11) | Top of page | Blog Home
MPs ponder whether 'benign' hacking should be legal - ZDNet UK News
ZDNet UK
April 26, 2004, 17:25 BST
With Britain's Computer Misuse Act heading for a revision, some MPs want to explore whether ethical hacking should be allowed
Should UK citizens ever should have the right to launch a hack attack against a computer or a network?
A group of tech-savvy MPs are poised to consider this question, as the All-Party Internet Group (APIG) launches an investigation into Britain's cybercrime laws.
APIG has recognised that the Computer Misuse Act (CMA), which came into law in 1990, needs to be updated to cover attacks upon the Internet and on other computer networks. Like many experts, the group is concerned that the existing legislation may not apply to denial-of-service attacks -- where a network is driven offline by a flood of Web traffic.
"As it stands, the Computer Misuse Act suffers from a lack of a network focus. Today, the primary threat from hackers is to the network, rather than to individual computers, and if the network goes down we've got problems," said Richard Allan MP, joint vice-chairman of APIG.
APIG has already received written evidence from interested parties, and is taking further oral evidence at a session in parliament on Thursday. The Home Office has said it is revising the CMA at present, and APIG wants to feed the views of the UK IT industry into this process.
And while Allan is adamant that tough action is needed against denial of service attacks, he's also keen to examine whether ethical hacking should be protected in law. He cited the law on criminal damage, where a defendant can claim that they acted to avoid a worse event taking place.
"If a successor to David Blunkett was going to introduce tough censorship laws on the use of the Internet in the UK, should someone be able to justify a hacking attack against the IT involved because they opposed that censorship," asked Allan, who is the liberal democrat MP for Sheffield Hallam.
The idea of a draconian home secretary smashing our human rights may be far-fetched -- or not, depending on your take on the ID Card issue -- but Allan points out that such suppression is already thriving in other parts of the world.
"When the Chinese government blocked access to the BBC Web site, people very rightly sought to subvert that censorship. As a legislator, am I prepared to support legislation that says benign hacking can result in several years in prison?"
Other issues that should be covered at this Thursday's oral evidence session are whether the CMA should be revised to meet Britain's international treaty obligations with other countries, and whether the level of penalties within the CMA are sufficient to deter today's criminals. The rise in organised e-crime makes these issues increasingly relevant.
E-envoy Andrew Pinder is due to attend this session, as are representatives from the home office and the ISP industry, as well as legal experts and security providers.
April 29, 2004 at 01:30 AM in Security | Permalink | TrackBack (161) | Top of page | Blog Home
Yahoo chief shrugs off Google threat - ZDNet UK News
Google's long-awaited public offering will not hurt Yahoo, says chief executive Terry Semel
Yahoo's chief executive and chairman, Terry Semel, on Tuesday shrugged off the possibility that a widely anticipated public offering by search giant Google would hurt the older Web company.
"Yahoo is a company that has always had good competitors, and Google will be a good competitor. There is plenty of room for Yahoo to thrive and for Google to thrive," Semel told reporters on the sidelines of a Milken Institute conference here.
Yahoo has an estimated 5 percent stake in Google, which is expected this week to announce plans for an initial public stock offering that could value the company at about $20bn (£11.2bn).
But Yahoo also has expanded far beyond its core portal business. Last year, the company invested more than $1bn in acquisitions, as part of its effort to challenge Google in the lucrative business of Web search and keyword advertising.
Google, meanwhile, recently announced plans to get into the free email business, which is now dominated by Yahoo and Microsoft's MSN unit.
Semel, a former Hollywood studio head credited with diversifying and reigniting revenue at Yahoo, told a panel at the conference that the nature of search is changing, as customers increasingly look for search engines to allow comparison shopping across the Internet.
"Search has become a lot more than we think of [as] search," he said.
April 29, 2004 at 01:29 AM in Portals | Permalink | TrackBack (14) | Top of page | Blog Home
Security policies fall behind Internet adoption - ZDNet UK News
Munir Kotadia
ZDNet UK
April 20, 2004, 12:00 BST
More UK firms are offering employees access to the Internet but many are failing to sort out security policies until it's too late
Most UK companies now provide their employees with Internet and email facilities but this has led to more employees abusing their cyberspace privileges, because firms are not enforcing a security policy, according to a survey carried out on behalf of the Department of Trade and Industry.
The DTI's Information Security Breaches Survey found that 89 percent of employees now have access to the Internet, up from 69 percent two years ago. But, worryingly, the number of companies that restrict access to inappropriate Web sites has fallen from 34 percent to 15 percent. Additionally, only 16 percent of respondents said that they blocked or quarantined email. Two years ago, this figure was 57 percent.
Chris Potter, a partner at PricewaterhouseCoopers, said that most companies -- especially small- and medium-sized businesses -- are waiting until they experience a "major breach" in security before putting "effective controls" in place.
"Only one in three companies that suffered an incident involving Internet abuse already had a contingency plan in place to deal with it. Where such plans did exist, however, most proved very effective at handling the problem," he said.
Johanna Severinsson, marketing director of EMEA at Internet management company Websense, said that providing unrestricted Internet access is not only a distraction for employees but raises "serious security implications" for companies.
"Every company with Internet access has a responsibility to ensure it is managed in order to protect both their shareholder value and their employees," she said.
The survey was compiled from about 1,000 telephone interviews carried out by PricewaterhouseCoopers, funded by Microsoft, Computer Associates and Entrust, among others. The full results will be published during the InfoSecurity Europe conference in London next week.
April 29, 2004 at 01:27 AM in Security | Permalink | TrackBack (17) | Top of page | Blog Home
UK firms still don't get security
By Graeme Wearden, ZDNet UK
Too many companies are committing too little of their IT budget to security, according to the government.
Viruses, hackers and spam are a growing problem for UK firms because many are failing to pay enough attention to IT security, according to the DTI Information Security Breaches Survey 2004 (ISBS 2004), which was published on Tuesday.
ISBS 2004 found that the majority of companies spend less than 1 percent of their IT budget on security systems. This, according to the authors of the report, isn't enough to guarantee effective security.
"This really needs to shift upwards if businesses are to protect themselves properly going forward," said Chris Potter, information security assurance partner at PricewaterhouseCooper.
ISBS 2004 also found that many companies have failed to improve their performance on IT security issues that were flagged up in a previous survey in 2002.
For example, fewer than one in ten companies have tested their disaster recovery plans to see if they actually work.
"This is a shockingly poor result, given the post-9/11 furore about contingency plans and disaster recovery," said Potter.
According to one antivirus vendor, there is still plenty of education to be done with smaller British companies about the importance of IT security.
"Some firms think that spending less on IT security is a good thing. They need to think about the return on investment, and assess the cost of their systems being offline for an hour or a day," said Roger Levenhagen, Trend Micro's managing director for UK and Ireland.
ISBS 2004 also found that only one in ten companies employ staff who have formal IT security qualifications, and that just one in two corporate wireless networks have specific security controls.
Most firms also believe that IT security problems are set to increase. Just 10 percent of large businesses said they expected fewer security incidents during the coming year, compared to 75 percent who predicted more -- a pessimistic view that the government shares.
"Things are going to get worse before they get better," warned a DTI official.
April 29, 2004 at 01:26 AM in Security | Permalink | TrackBack (12) | Top of page | Blog Home
The New York Times > Technology > Companies Finding Some Computer Jobs Best Done in U.S.
By EDUARDO PORTER
Published: April 28, 2004
ven as the prospect of high-skilled American jobs moving to low-wage countries like India ignites hot political debate, some entrepreneurs are finding that India's vaunted high-technology work force is not always as effective as advertised.
"For three years we tried all kinds of models, but nothing has worked so far," said the co-founder and chief technology officer of Storability Software in Southborough, Mass. After trying to reduce costs by contracting out software programming tasks to India, Storability brought back most of the work to the United States, where it costs four times as much, and hired more programmers here. The "depth of knowledge in the area we want to build software is not good enough" among Indian programmers, the executive said.
If it sounds like "Made in the U.S.A." jingoism, consider this: The entrepreneur, Hemant Kurande, is Indian. He was born and raised near Bombay and received his master's degree from the Indian Institute of Technology in that city, now known as Mumbai. Mr. Kurande is not alone in his views on "outsourcing" technology work to India. As more companies in the United States rush to take advantage of India's ample supply of cheap yet highly trained workers, even some of the most motivated American companies — ones set up or run by executives born and trained in India — are concluding that the cost advantage does not always justify the effort.
For many of the most crucial technology tasks, they find that a work force operating within the American business environment better suits their needs.
"Only certain kinds of tasks can be outsourced — what can be set down as a set of rules," said Nariman Behravesh, chief economist of Global Insight, a forecasting and consulting firm based in Waltham, Mass. "That which requires more creativity is more difficult to manage at a distance."
Another Indian executive in the United States who has soured on outsourcing is Dev Ittycheria, the chief executive of Bladelogic, a designer of network management software with 70 workers, also in Waltham. Bladelogic, whose client list includes General Electric and Sprint, outsourced work to India within months of going into business in 2001. But it concluded that projects it farmed out — one to install an operating system across a network, another to keep tabs on changes done to the system — could be done faster and at a lower cost in the United States.
That was true even though programmers in India cost Bladelogic $3,500 a month versus a monthly cost of $10,000 for programmers in the United States. "The cost savings in India were three to one," Mr. Ittycheria said . "But the difference in productivity was six to one."
Bladelogic's chief technology officer, Vijay Manwani, born and educated in India, predicts that once the "hype cycle" about Indian outsourcing runs its course, projects will come back to the United States "when people find that their productivity goals have not been met."
The upshot is that high-technology corporations are likely to ship more and more business functions to India to take advantage of its well-trained work force. However, even as they do so they will keep many essential tasks here.
For instance, Storability Software, which designs systems to manage data storage and has 25 employees in the United States, first tried to outsource some core programming tasks to a big software contractor in India. When that did not work, it tried a more specialized boutique. When this company did not deliver up to Storability's specifications either, the company hired four programmers in the United States to help rewrite the code.
But Storability also stuck to India, setting up its own small shop in Pune late last year, where its 25 programmers perform noncore tasks. "We essentially realigned our motivations," Mr. Kurande said. "We were able to figure out areas of our engineering that suited them."
The Indian entrepreneurs in this country — business executives with the cultural affinity and local connections that might be most conducive to making offshore partnerships work — do not fault the work ethic of the programmers in India. But they say the geographic distance and the differences in business contexts can be difficult to bridge.
A typical challenge is the difficulty of finding programmers overseas who can go beyond following well-known procedures to the next steps of identifying problems and creating new solutions.
For instance, ConnecTerra, a Cambridge, Mass., company that designs software to manage data from electronic devices like new radar-based ID tags that companies can use to track inventory, tried programmers in India last year. But ConnecTerra, which has 30 employees in the United States, ultimately gave up on outsourcing because the Indian company that it worked with could not deal with the fast-changing requirements.
Murali Menon, an Indian-born executive who was ConnecTerra's vice president for engineering at the time, dealt with the recruitment of the Indian company. He said the Indian programmers required more detailed instructions to write the software code than would a programmer here, who would be more familiar with the customer's needs. This slowed the process, which was a major drawback because this technology is new and changing very fast. Ultimately, the product that the Indian programmers delivered was unwieldy, with software code written in one big chunk rather than more flexible modules that top programmers use now.
No one questions the dedication of Indian programmers. "They worked hard," Mr. Menon said of the programmers in India, "but couldn't keep up."
(Executives at Bladelogic, Storability and ConnecTerra declined to divulge the names of the companies they have worked with in India, saying that it might damage potential business relationships for other work in the future.)
In the end, many say the advantages of keeping some of the most sophisticated work in the United States are related to the factors that draw technology entrepreneurs from India and elsewhere to this country in the first place: Indian engineers and software designers in this country know that the businesses whose needs are driving technological innovation are mostly in the United States. It comes down to being where the customers are.
A defense of the programming industry in India comes from Bassab Pradhan, the senior vice president for worldwide sales for Infosys Technologies. Infosys, based in Bangalore, is India's largest software services company. Of its revenue of $1.06 billion last year, about two-thirds came from American corporate clients including Visa International, Boeing and Cisco Systems; it provides them with services like data entry, programming and customer technical support.
Mr. Pradhan, who is Indian-educated, disagrees with critics who say that Indian-trained workers lack creative ability. When outsourcing fails, he said, it is typically because "less disciplined" businesses try to farm out projects that are not properly defined.
But Mr. Pradhan agreed that the need for proximity to the final user of the technology does place limits on what types of tasks can be outsourced. "Whenever the pace of innovation is very rapid," he said, "is when the work should be done closer to the client."
In the future international division of labor, Mr. Pradhan said, the production of the technology will be done in places like India, which can deliver it reliably at a low cost. What cannot be sent to India, he said, is the invention of new business processes and technologies.
Conceiving inventory-management software that helps a retailer make the best use of electronic product tags, for example, might be something best done by system designers in the United States working closely with the retailer. Once such a system and its tasks have been mapped out, though, the software code could be written by programmers in India.
Such distinctions are why even the champions of India's programmers-for-hire industry are trying to do more work within the United States. This month, for instance, Infosys announced that it would spend $20 million to set up a consulting company in the United States. It has already hired some top consultants from companies including Deloitte Consulting, Cap Gemini, Ernst & Young and E.D.S., and plans to recruit others.
Innovative business processes result from "an understanding of the business that happens when people get into a room and talk to each other," Mr. Pradhan said. "That is very difficult to outsource."
April 28, 2004 at 03:55 AM in Business Models | Permalink | TrackBack (14) | Top of page | Blog Home
BBC NEWS | Technology | Text messaging reaches new high
The British love of text shows no signs of abating as numbers sent hit record levels.
According to the Mobile Data Association (MDA), 2.1 billion text messages were sent in March 2004, a 25% rise on the total from the same month last year.
On average, around 69 million text messages are sent every day in the UK.
Older people are also catching the bug and using text in an increasing variety of ways.
Versatile
Regular listeners to the independent radio station Saga Radio, which is aimed at the over 50s, have been flooding the station with messages following the launch of a texting facility.
It is evident that in the last five years texting has grown from a popular craze among teenagers to an essential communication tool.
"The launch of text messaging at Saga Radio shows how versatile text messaging is, which makes it an attractive form of communication for everyone," said Mike Short, chairman of the MDA.
Text messaging show no signs of abating. The March figures are an increase of nearly 80 million on February's total.
April 28, 2004 at 12:49 AM in Web lifestyle | Permalink | TrackBack (9) | Top of page | Blog Home
If i could just be "me" wherever I am and no matter what I am doing, then thats what I want. If these new ID cards do that its great, but I fear they won't ven come close. Items to consider in the new ID Card ... passport, dirvers licence, health card, and most important .... user based authentication ... I can add what I want, including bankin id, shopping id, etc.
BBC NEWS | UK | Politics | Public 'happy to carry ID cards'
David Blunkett has pledged to push ahead with ID card legislation after an opinion poll said most people would be happy to carry one.
The home secretary said he wanted a bill paving the way for a national ID scheme to become law before the next general election.
And he said he would bring in outside expertise to ensure the system worked.
Most of the 1,000 people questioned by MORI expressed doubts the cards could be introduced without problems.
Cost fears
Almost half those surveyed said they would not want to pay for the cards. A £35 fee has been proposed.
HAVE YOUR SAY
I don't mind carrying a card, I just don't want to pay for something that benefits the government and not me
Ray, Soton, UK
Click here to read more of your comments
Mr Blunkett said the cards would probably be free for young people and there would be concessions for the elderly and those on low incomes.
He said the biometric system proposed would end multiple identities and give a boost to the fight against terrorism and organised crime.
"What has anybody to worry about having their true identity known?" he said.
"They have got everything to fear from someone stealing and misusing it."
Prevent immigration
The MORI survey was commissioned by an IT consultancy which has worked on projects with the government.
It revealed 80% of those questioned backed a national ID card scheme, echoing findings from previous polls.
A similar proportion said they would be happy to carry a card with them at all times, although ministers do not intend to make it compulsory to do so.
The principal reason people gave for backing the adoption of ID cards was to prevent illegal immigration.
The government has said it sees ID cards as a weapon against terrorism.
Mr Blunkett hailed the results. "As we have been saying, it also demonstrates a degree of trust in terms of being able to protect privacy which I'm very pleased about," he told the BBC.
Necessary checks
However, 58% of those questioned said they were "not confident" the government would be able to introduce the system smoothly.
Only one in five said they would be prepared to meet the suggested £35 charge.
Mr Blunkett said he also accepted these findings and the lack of confidence in government computer systems.
"I have been the first to admit in the two years we have been dealing with this behind the scenes that we need to get this right which is why we will have to take our time," he said.
"We will have to do this incrementally, why at each stage the Office of Government Commerce will do the necessary checks and we are going to get outside expertise in to make sure that this isn't a cock up."
Driving licences
Companies who make ID cards are to give their opinions to the Home Affairs select committee on whether there should be basic or sophisticated types.
Smart and biometric cards could hold unique physiological or behavioural characteristics such as iris patterns or fingerprints.
From 2007-08 all new passports and driving licences will include biometric data.
April 22, 2004 at 09:17 AM in Phishing & identity theft | Permalink | TrackBack (4) | Top of page | Blog Home
You have to love it when someone lays down the 'ultimate' in anying technological ... someone will prove it wrong.
BBC NEWS | Technology | Hard drive speed limit is reached
US scientists have found the theoretical maximum speed that data can be written to a PC's hard drive.
They discovered the limit by shooting electrons travelling close to the speed of light at a chunk of the same material used in computer hard drives.
This created magnetic field pulses too short to alter the material's properties and record a bit of data.
The discovery might force hard drive makers to use exotic materials or new methods to breach this speed limit.
Quick response
Typically data is written on the platters of hard drives using opposing magnetisations to represent the 0s and 1s of binary information.
Bits are flipped by applying a short-lived magnetic field to reverse the magnetisation at a particular location and turn a 0 into a 1 or vice versa.
In a paper in the journal Nature, Ioan Tudosa and colleagues at Stanford University report that they have found just how short-lived that magnetic pulse can be.
Using the linear accelerator at Stanford University in California, the researchers managed to generate magnetic field pulses in hard drive materials that lasted a mere 2.3 picoseconds.
One picosecond is a millionth of a millionth of a second.
The team discovered that the changes the magnetic pulses made to the material were not reliable enough to use as a way to write data on a hard drive.
The bad news is that this upper limit means that the fastest data can be written using changes in magnetisations is 435,000 million bits every second.
The good news is that this is still one thousand times faster than the best magnetic hard drives in use today.
April 22, 2004 at 09:13 AM in Web/Tech | Permalink | TrackBack (4) | Top of page | Blog Home
EarthLink Spyware Scan Turns Up Big Infections
ComputerWire Staff
Research out yesterday from EarthLink Inc and Webroot Software Inc shows that there are large numbers of PCs on the internet infected with spyware and Trojan programs that monitor keystrokes and give bad actors access to data.
EarthLink said that in a little over one million PC scans executed by its SpyAudit service, it found 184,559 installations of "system monitor" software, such as keystroke loggers, and 184,919 installations of Trojan programs.
The numbers do not necessarily indicate the same amount of unique PCs infected, but are concerning nevertheless. Trojaned machines are often used in botnets - networks of compromised "zombie" PCs - to carry out denial of service attacks or worse.
EarthLink actually said it found 29.5 million instances of "spyware" over that same one million scans, but 23.8 million of those are attributed to "relatively benign" cookies used by advertising networks to track user behaviour.
The firm also said it found 5.3 million instances of "adware", software which ostensibly serves banner ads and sends data back to third parties without permission. EarthLink uses the free scan service to promote its Spyware Blocker software.
April 18, 2004 at 06:29 PM in Phishing & identity theft | Permalink | TrackBack (5) | Top of page | Blog Home
National Post starts their own blog with editorial staff as contributors, disucssing the news. This brings newspapers to three with some attempt in this space (NY Times, and The Guardian)
April 18, 2004 at 06:24 PM in Business Models | Permalink | TrackBack (8) | Top of page | Blog Home
Note these online banking numbers are "registered customers" while the bill payment number is "active".
finextra news: Bank of America grows online banking and bill payment user base
14 April 2004 - Bank of America's online banking customer base grew to 8.1 million subscribers during the first quarter of 2004, a 55% increase in user numbers over the year ago period. Online bill payers also grew by 79% to 3.7 million users during the quarter.
Bank of America says its online banking customers are 13% more profitable than non-Web users within three years of going online; customers who both bank and pay bills online are 21% more profitable.
The bank claims to have more online bill payers than any other US bank, with 3.7 million users paying $16.3 billion worth of bill in the first quarter.
Bank of America qualifies active customers as those who have used the bank's online services within the previous three months.
The latest figures, released as part of a positive first quarter results statement, do not include data from merger partner FleetBoston.
18 December 2003 - Bank of America has signed up over seven million customers to its free online banking service.
Bank of America started the year with 4.7 million Web banking customers. The number of consumers using online bill payment services increased to three million during the year, compared to 1.8 million at the start of 2003.
Sanjay Gupta, e-Commerce executive at Bank of America, says there are several reasons for the rapid growth, aminly that customers are becoming more comfortable in handling finances online: "We expect that trend to continue, as customers find that they can do more of their banking online, 24 hours a day."
April 15, 2004 at 07:22 AM in Financial Services | Permalink | TrackBack (28) | Top of page | Blog Home
Loose Wire points out that the sophistication level of phishers continues to grow, with Barclays "2 1/2 level" authentication the latest target.
LOOSE wire: Phishers Raise The Bar
Phishers can now access banking websites that use an extra 'keylog-proof' security layer.
For several months phishers -- folk fooling you into giving up valuable passwords -- have used keylogging software which will capture passwords and user names as you type them into banking and other financially-oriented sites. But these aren't much use against websites that use extra layers of security that don't require the user to type anything, but instead click on something. At Britain's Barclays bank, for example, users are required to select from a list two letters matching a pre-selected secret word. Keyloggers aren't any use against this, since there's no keyboard clicking taking place and so no letters or numbers to capture.
Enter a key kind of phishing trojan, documented by the ever vigilant Daniel McNamara of Code Fish. While capturing keystrokes like other keylogging trojans, this one also captures screen shots (images of whatever is on the screen) and sends them along to a Russian email address. It captures a host of other goodies too, including whatever text the user happens to copy to the clipboard while they're accessing the banking website in question (A smart move: Users often copy their password to the clipboard and then paste it into the appropriate field.) The target in this case? Barclays bank.
As Daniel points out, it seems as if this trojan has already been spotted. Symantec and other anti-virus vendors have in the past week referred to it, or something like it, calling it, variously, Bloodhound.Exploit.6, W32/Dumaru.w.gen, Exploit-MhtRedir and Backdoor.Nibu.D. And Barclays may be referring to the scam when it warns its users that "Some customers have been receiving an email claiming to be from Barclays advising them to follow a link to what appear to be a Barclays web site, where they are prompted to enter their personal Online Banking details." (Although in fact the email in question doesn't do this: It disguises itself as a web hosting receipt, and makes no mention of Barclays or online banking. The victim is instead lured by curiosity to a link in the email which takes them to a website that downloads the trojan in question.)
But none of these messages indicate the seriousness of this escalation. Whether this phishing trojan is just a proof of concept or specific attack against Barclays, it should send some serious warning signals through both the anti-virus industry and the online banking world. Phishers are getting smarter, and getting smarter quick. As Daniel himself writes, "This is a huge step in the phisher trojan evolution...This well-designed trojan should make anyone who has complete faith in visual selection systems a little bit worried."
April 12, 2004 at 10:32 PM in Phishing & identity theft | Permalink | TrackBack (4) | Top of page | Blog Home
Yahoo! News - Calif. Lawmaker Moves to Block Google's Gmail
By Lisa Baertlein
SAN FRANCISCO (Reuters) - A California state senator on Monday said she was drafting legislation to block Google Inc.'s free e-mail service "Gmail" because it would place advertising in personal messages after searching them for key words.
"We think it's an absolute invasion of privacy. It's like having a massive billboard in the middle of your home," Sen. Liz Figueroa, a Democrat from Fremont, California, told Reuters in a telephone interview.
"We are asking them to rethink the whole product," she said.
In late March, the world's No. 1 Web search company announced plans to launch Gmail -- a service that would offer users 1 gigabyte of free storage, more than 100 times the storage offered by other free services from Yahoo Inc. (NasdaqNM:YHOO - news) and Microsoft Corp. (NasdaqNM:MSFT - news)
But in return for the extra storage, users would agree to let Google's technology scan their incoming e-mail, then deliver targeted ads based on key words in the messages. For instance, a user receiving a message about a friend's flu symptoms might also receive ads for cold and flu remedies.
Gmail is now being tested with a limited number of users. Privacy advocates are assailing Gmail even before its formal launch. Google faces heavy opposition in Europe, where privacy laws are stricter than they are in the United States.
European groups recently lodged a complaint with UK authorities, charging that Gmail may violate Europe's privacy laws because it stores messages where users cannot permanently delete them. Europe's privacy protection laws give consumers the right to retain control over their communications.
Google said in a statement that it intends to work with "data protection authorities across Europe to ensure their concerns are heard and resolved."
Industry analysts see the service as a key product for Google because it would boost revenues from advertisers and expand its business as the Mountain View, California-based company nears an expected initial public offering of stock.
Figueroa, who was the author of California's "Do-Not-Call" law that allows citizens to block telemarketing calls, said she was pursuing the legislation because she had not yet received a response to an April 8 letter to Google co-founders Sergey Brin and Larry Page, in which she laid out her concerns.
"We received the letter from Senator Figueroa. We appreciate her feedback and will take it into consideration as we build the best possible webmail service for our users," Google said in an e-mailed statement.
FREE STORAGE ENTICEMENT
The Gmail service would bring Google into the market for free e-mail services now dominated by Yahoo Inc. (YHOO.O) and Microsoft Corp.'s (MSFT.O) MSN. Those rivals have been challenging Google's core Web search business.
More than two dozen privacy groups in the United States and Europe have demanded that Google suspend Gmail's launch until privacy issues are adequately addressed.
The groups charged, among other things, that scanning e-mail for ad placement poses unnecessary risks of misuse and that the system sets "potentially dangerous precedents and establishes reduced expectations of privacy" in e-mails.
"We are confident that Gmail is fully compliant with data protection laws worldwide," Google said in a statement.
"Google has the highest regard for the privacy of our users' information. We have taken great care to architect Gmail to protect user privacy and to deliver an innovative and useful service," said Google, which added that it is actively soliciting user feedback on its privacy policies.
April 12, 2004 at 08:11 PM in Portals | Permalink | TrackBack (20) | Top of page | Blog Home
Yahoo! News - Senior Execs Must Tackle Cyber-Security -US Report
By Andy Sullivan
WASHINGTON (Reuters) - Corporate chieftains must take responsibility for their computer networks to secure them from viruses, worms and other online attacks, an industry task force said on Monday.
Long the domain of network administrators, computer security must command the attention of those in the boardroom as well, said the task force, which developed its report under the guidance of the Department of Homeland Security.
"Executives must make information security an integral part of core business operations," the task force said. "There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance."
Online attacks can clog computer networks, knock vital Web sites offline and expose customer records to prying eyes. Viruses and worms like SoBig and Slammer have cost businesses billions of dollars in lost productivity.
The U.S. government released a strategy last year to improve the security of the nation's computer networks, but it contained few hard-and-fast rules for the private companies that control 85 percent of the Internet.
Instead, industry officials working with the Department of Homeland Security have released a flurry of reports this spring outlining voluntary ways that companies can improve security.
The task force presented a framework companies can use to assess their exposure, based on plans developed by the U.S. government and an international standards organization.
CEOs should examine their networks annually and present their findings to the board of directors, the report said.
The framework should help executives measure their progress on computer security and pinpoint areas of high risk, task force members said.
"What is coming out of this body of work is the distillation of eight and a half feet of reports stacked on top of each other into something a board and an executive can get their head around," said Entrust Inc. CEO Bill Conner, a task force co-chair.
"A lot of it is common sense. We did not reinvent the wheel here," said RSA Security Inc. CEO Art Coviello, another task force co-chair.
Orson Swindle, a commissioner with the Federal Trade Commission who has been active on cyber-security matters, said companies that don't take steps to improve their security might quickly stand out in an unfavorable light.
"I think you'll see industry join this because you'll become famous if you don't," said Swindle, who noted that most businesses have voluntarily adopted consumer privacy protections rather than wait for government regulation.
April 12, 2004 at 08:03 PM in Security | Permalink | TrackBack (8) | Top of page | Blog Home
YayHooray! - Technology - Longhorn = Microsoft Internetâ„¢
Jesus christ. Doom and gloom--M$ is killing the web with XAML! Run, little chicks, run!
...Here's the reality. Aside from the fact that Longhorn will probably not be in widespread use until 2008, the point of XAML is to allow anyone with a little bit of knowledge to write small apps that can be run on a Longhorn box.
You know. Like a lot of the little apps that are available for OS X that grab weather or stock quotes from the web.
The push is to use the HTTP pipeline as a datasource connection. It doesn't mean the web is dead. There's a difference between data that can be consumed as data, and information intended from consumption from a reading device (i.e. your browser). Web sites will NOT go away.
It's just that HTTP will be carrying a bit more raw data around. You know, that whole "Web Services" thing.
More about XAML: it is an XML wrapper for the Windows Forms .NET technology. In theory you could write Word or Photoshop with it. But just like with any other app development platform, it will make it easy to write small things with it (like a desktop calendar), but it will take real expertise to write big things with it (which most real coders won't, because it mixes code and markup which is always a pain in the ass).
The only thing I'm afraid of is that a whole new generation of skript kiddies will innundate the world with a new generation of crapware (hey, chek mI kool ApP in 36pt Comic Sans)...
April 11, 2004 at 11:04 PM in Microsoft | Permalink | TrackBack (9) | Top of page | Blog Home
Guardian Unlimited | Online | Ben Hammersley: RSS and Atom peace proposal
A bid to merge two competing software specifications could put an end to confusion in the industry. Ben Hammersley reports
Thursday March 18, 2004
The Guardian
A chance for peace, then, in the fiercest war you've never heard of. For almost five years, some of the internet's best-known developers have been fighting among themselves over the fate of RSS, the content syndication specification. This month saw one of the main protagonists, Dave Winer, Harvard fellow and former blogging software developer, issue a proposal to merge RSS with its main competitor, known as Atom.
RSS and Atom are most commonly used by websites, such as the Guardian's and the vast majority of weblogs, to supply headlines and articles to user's reader applications. Through these applications, users can keep up to date with hundreds of sites easily. It is a powerful thing to use, and increasingly popular.
Many pundits have pointed to this year as the tipping point for the idea of content syndication and desktop readers. Some consider it to be a potential big earner, so the raging battle over who controls the dominant specification has flared up again.
The history of these specifications is one of deep division. RSS was first developed by Netscape in 1999, but its merger with AOL, and the subsequent closing of the RSS team, left the specification homeless. Winer's company, Userland, of which he remains majority shareholder but plays no day-to-day role, picked up the orphaned specification and republished it under its own copyright notice.
A few months later, a grassroots effort to improve the specification was rejected by Winer, and RSS split into two versions, with Winer controlling one, and the other under the jurisdiction of the members of an open mailing list. Both threads have evolved separately, with Winer's version called "RSS 2.0", and the other "1.0".
With continual revisions, there are now nine different RSS specifications and much bad blood between the developers. Last year, Winer declared the RSS 2.0 specification finished and frozen, but a growing number of people considered it to be lacking in several areas and imprecise, and started a rival project called Atom.
As the project manifesto puts it: "RSS is five years old. It was designed for news sites, a way for them to list the stories they had. Things are different now, and RSS is mostly used as a way of sending around the content of weblogs. RSS has been kludged and pushed into this world, but it doesn't really fit."
The style of the Atom project differs greatly from the RSS 2.0. Whereas RSS 2.0 is controlled by a steering committee of Dave Winer and two others, Atom has been developed by an adhocracy of interested developers, with decisions reached by consensus.
"The internet has changed considerably in the five or so years since RSS first came along. We can't get by any longer with just Really Simple Syndication, Sellotape and String," says Danny Ayers, a developer.
And so, as it stands, the content syndication world has two competing specification "brands": RSS in its many flavours, and Atom. The Atom project has been very successful, with the two biggest weblogging firms, Blogger (run by Google) and Six Apart (the people behind Movable Type and Typepad) adopting the standard. This produced more than half a million users alone.
This switching effect, where one or two developers can move thousands of users between different specifications, highlights a valid point: for the end users, the argument is close to meaningless. As long as their RSS reader software can read Atom as well, they will never notice the difference - and most of the contemporary RSS readers have been, or are being, upgraded by their authors to support both specifications. This has happened before, when Userland, under the guidance of Winer, automatically upgraded its entire userbase to a new RSS specification overnight. No disinterested user noticed.
Nevertheless, Winer feels that the adoption of Atom has harmed content syndication, causing confusion in the marketplace. "The community is served by removing confusion," he says. "Every article about RSS begins with the arguments of the tech community, and that slows adoption.
"That Google and Six Apart chose to add another argument, more confusion, is something I would like them to think about, and consider reversing." Winer says. His proposal, as described on his weblog, is to merge RSS and Atom to create "rssAtom", which "would differ from RSS 2.0 as little as possible".
The Atom community's reaction has been limited. Neither Blogger nor Six Apart has responded to requests for comment, and only one Atom developer, Sam Ruby, would go on record. He said the Atom project would, in August, petition to become an official project under the auspices of the Internet Engineering Task Force. Should this happen, he says, the rules of the IETF state: "Participation is open to all." If this happens, then anyone, Winer included, would be free to contribute to the specification, but no one would be in overall charge.
Ben Hammersley is author of O'Reilly's Content Syndication with RSS.
April 11, 2004 at 09:02 PM in Blogging & feeds | Permalink | TrackBack (12) | Top of page | Blog Home
BBC NEWS | Technology | Phishing con hijacks browser bar
Scammers are using increasingly sophisticated methods to trick people into handing over personal information.
The latest con uses a fake version of a web browser's address bar to hide a bogus site set up to collect Pin codes for cash machines.
The address bar stays in place and could be used to steal information about other sites too.
Security experts said users should be suspicious of any e-mail that asks them to verify confidential information.
Scam spotting
So-called phishing cons have become increasingly common recently among tech-savvy criminals keen to steal cash from gullible users by making them hand over sign on or account details.
Most phishing attacks involve an e-mail that purports to be sent out by a legitimate organisation, such as a bank, that asks users to enter information on a special site.
Anyone following the instructions will unwittingly be handing over details to conmen who use them to empty the account of cash.
Often the fake websites are difficult to spot because they do a good job of reproducing the website of the company they are impersonating.
Now the Anti-Phishing Working Group has come across an even more sophisticated attack that targets Citibank customers.
When users click on the web link in the e-mail of this latest attack, the site they are taken to detects what browser they are using, suppresses the real address bar and generates a fake one to take its place.
This fake browser bar shows the real web address of the firm being impersonated rather than the address of the scam site the user is actually visiting.
"The biggest problem you have when trying to fool people is what appears in the address bar of the browser," said Dave Brunswick, technical director at Tumbleweed and a member of the APWG.
But, he said, this attack removes that problem.
The address bar even acts like a real part of the browser and will direct net users to other website addresses that are typed into it.
The website also fakes the appearance of the webpage code used to create it to make it look more convincing.
One of the few clues that it is a fake is the fact that it does not show a locked padlock icon for the supposedly secure web-browsing session it is supporting.
The grammar and style of the original e-mail is also slightly suspect.
Mr Brunswick advised people to be suspicious of any e-mail message that asked users to supply key login or personal information.
"The idea is to be cynical and ask: 'Why would my bank be sending me this e-mail?'" he said.
There were 60% more phishing attacks in February than January according to the APWG.
April 11, 2004 at 10:53 AM in Phishing & identity theft | Permalink | TrackBack (4) | Top of page | Blog Home
Broadband campaigners demand more govt leadership
By Graeme Wearden, ZDNet UK
A broadband Britain in which one gigabit per second connections are the norm won't be as easy as ABC but e-commerce minister Stephen Timms has a vital role to play
Broadband activists have called on e-commerce minister Stephen Timms to give a more powerful lead in the drive to create Broadband Britain 2010.
Brian Condon, chief executive of the Access to Broadband Campaign, said on Wednesday that Timms is capable of coming up with bigger ideas for how the UK's high-speed Internet access market should develop during the next few years.
"We need a big idea as we plan towards 2010, and I think Timms has thoughts that could be useful to us. I want to see him pushing that more. He's certainly intellectually able enough to take a leading role," said Condon, in an interview with ZDNet UK.
Since becoming e-commerce minister in the summer of 2002, Timms has presided over a booming broadband market in the UK. There are now more than 3.5 million broadband connections at speeds of 150Kbps or faster, and some experts believe that the government will achieve its aim of creating the most extensive and competitive broadband market of any major industrialised nation by the end of 2005.
For organisations such as ABC, though, that's only the start of the challenge.
"If I could sit across a table with him [Timms], I'd tell him that he knows there's lots to do and that we must move on from the government's targets for 2005. The job won't be done when that's achieved," said Condon. He believes that the broadband sector needs to aim for a future in which affordable connections as fast as one gigabit per second are available.
Having worked formerly for Ovum and Logica, Timms is well respected in the IT industry for his depth of knowledge -- although there have been concerns about the size of his workload now that he is also the minister for energy.
According to the Department of Trade and Industry (DTI), Timms is already geared up for the challenges ahead.
"Stephen's already made it clear that we need to move beyond the targets for 2005," a DTI spokesman said. "It's important not to sit on our laurels, and we're already talking about 2010 and beyond."
Back in January, at an ABC conference, Timms said he was starting to consider the broadband roadmap towards 2010, and in a Broadband Stakeholder Group document published earlier this month, he wrote that it is now time to consider a new generation of faster services.
"In doing so, we may support real economic and social improvements such as productivity gains, educational improvements, skills enhancement, flexible teleworking and the improved delivery of public services," wrote Timms.
At present, however, no firm longer-term targets have been announced by the government.
Britain's wholesale market is dominated by BT's ADSL network and the cable networks of NTL and Telewest, and there are concerns that BT's copper network will not be capable of supporting services faster than a couple of megabits per second. The telco is currently working on a scheme to reengineer its network for the 21st century but Condon says that BT hasn't released enough details about this plan.
In a statement to ZDNet UK, a BT spokesperson said: "BT is making every effort to ensure that interested parties are aware of our 21st century network vision and the progress we are making. We are talking to the industry, to consultants, to academics, to regulators and to our customers."
The full interview.
2010: A broadband odyssey
Graeme Wearden
ZDNet UK
April 08, 2004, 16:30 BST
Tell us your opinion
The head of broadband campaigning group ABC claims the public and private sector must prepare for the UK's future high-speed networking needs now
The Access to Broadband Campaign (ABC) was launched last year by several of Britain's leading broadband activists. It is pushing government and industry to make high-speed Internet access available across the UK, and supports individuals who want to create their own community broadband networks.
ZDNet UK caught up with Brian Condon, who was appointed as ABC's first chief executive in November 2003, at the Wireless LAN Event in London this week.
Britain is well-stocked with organisations related to broadband. What does ABC bring to the table, and why are you a part of the group?
I got involved with the Access to Broadband Campaign after attending their first conference in July 2003. I'd started my own business that year, and then discovered I couldn't get broadband. So I began investigating whether I could set up by own broadband network, perhaps by using satellite, read about ABC and pitched up at their conference. That was a great event, and it was so exciting that the guys running it were clearly going places.
ABC tackles broadband through a different agenda. Usually, people campaign against things rather than for them. ABC campaigns for affordable broadband across the UK. We need universal broadband coverage, otherwise there is both an economic and a social problem.
And what are your priorities? What do you hope to achieve as head of ABC?
My real interest is the 2010 agenda, the issue of what Broadband Britain will look like then. DSL is great, and a fantastic improvement on