Internet News from The Industry Standard

Blair tries to allay fears over ID card database

U.K. Prime Minster Tony Blair attempted to quell growing concern over the security of the country's national identity program by threatening jail time for anyone caught tampering with the project's massive database. Anyone found guilty of tampering with the database will face a maximum penalty of 10 years in prison and anyone involved in ID card administration who improperly discloses information could be hit with a two-year sentence, Blair said Monday at his monthly news conference in London.

The Identity Cards Bill, published on Monday, seeks to create by 2010 a system of ID cards with embedded chips that carry personal information and biometric identifiers. The information will include name, address and biometric information such as fingerprints, facial scans and iris scans, all of which will be included in the database.

Blair said that the biometric ID cards would be a powerful weapon in the government's fight against terrorism, identity fraud, illegal workers, illegal immigration and illegal use of government entitlement programs such as the National Health System, though he acknowledged that the system would not be a "silver bullet."

"We know false identities are important to terrorists and criminals because of the frequency they use them," Blair said, adding that of the 6.4 million people recorded on the U.K.'s police criminal records database "over a quarter have an alias."

But as security experts have pointed out, the police criminal records database is known to be riddled with inaccuracies. Ovum Ltd. analyst Graham Titterington warned the government doesn't appear to have learned its lessons from various IT projects, like the police criminal records database. The Identity Cards Bill lacks measures that ensure the accuracy of the data being entered or allow individuals to check their information in the database, according to Titterington.

Beginning next year, passports will include biometric facial identifiers. The ID card program will then receive the information and technology. The U.K. government hopes to make carrying the ID card compulsory for everyone living in the country by 2011 or 2012.

Though a number of countries, like Belgium, Sweden and Latvia, have ID cards with databases of information, they are used on a much smaller scale than the U.K.'s proposal and are primarily related to accessing government e-services.

"I believe this is responsible government, not as some have called it 'Big Brother government,'" Blair said. "It is responsible to do what we can to enhance security and ensure that public services are only used by those who are actually entitled to use them."

Posted by Chad Dickerson at 02:24 AM

DoCoMo, mmO2 confirm I-mode deal

Mobile phone carrier mmO2 PLC will launch versions of NTT DoCoMo Inc.'s I-mode mobile Internet service in the U.K. and Ireland in the second half of 2005 and in Germany in early 2006, the companies said in a statement on Tuesday. DoCoMo will license I-mode for mmO2's 22 million customers on 2G (second-generation), GPRS (General Packet Radio Service) and 3G (third-generation) networks, the companies said.

I-mode offers a package of content, e-mail, games, online shopping, video clips, ticketing services and other applications and services designed for packet-based network technologies in a format that is nearly identical to regular Web pages.

In the U.K. and Ireland, mmO2 will have exclusive use of I-mode technology. In Germany, mmO2 will launch a service and handsets under its own brand through existing independent retail channels. MmO2 in Germany will use I-mode-capable handsets that incorporate mmO2 Germany's Genion HomeZone product, the companies said.

This will mean that for the first time, I-mode will be competing with itself; E-Plus Mobilfunk GmbH & Co. KG already offers the service in Germany.

MmO2 also will have the right to sell I-mode through its own channels in Ireland, Germany and the U.K., according to the companies.

Offering I-mode will boost the revenue mmO2 gleans from its subscribers each month, the company said. Nearly 22 percent of its service revenues already come from data services and the company claims it has 3 million customers using its WAP (Wireless Application Protocol) technology.

News of the deal between mmO2 and NTT DoCoMo first surfaced on Nov. 25 when sources said the two companies were negotiating to introduce I-mode to the U.K.

The U.K. had remained one of the last major European markets without DoCoMo's service, after an earlier attempt to introduce the I-mode in the U.K. with Hutchison 3G UK Ltd. fell through.

I-mode was launched in 1999 and is popular in Japan, where DoCoMo has more than 42 million I-mode subscribers. The service has more than 3 million subscribers outside Japan, according to DoCoMo.

The deal with mmO2 is the eleventh I-mode partnership between DoCoMo and a carrier outside of Japan, and it is the third partnership announced this year.

Other I-mode partners are Cellcom Israel Ltd. in Israel; Cosmote Mobile Communications SA in Greece; KPN Mobile NV in the Netherlands; Far EasTone Telecommunications Co. Ltd. in Taiwan; BASE N.V./S.A in Belgium; Bouygues Telecom S.A. in France; Telefonica Móviles SA in Spain; Telstra Corp. Ltd. in Australia; and Wind Telecomunicazioni SpA in Italy.

Posted by Chad Dickerson at 02:24 AM

November 29, 2004

SCO Web site hack mocks company's legal claims

Malicious hackers have compromised The SCO Group Inc.'s Web page twice in as many days, posting messages that appear to mock the company's claims to own parts of the Linux operating system. On Monday, hackers compromised the site and inserted a banner image that reads "We own all your code. Pay us all your money." The image was removed on Monday morning in the U.S., but the incident followed a similar attack on Sunday.

SCO acknowledged that its Web site "experienced two intrusions by a malicious hacker that temporarily altered two web pages." The Lindon, Utah, company acted quickly to restore the hacked pages and patch a vulnerability that the hackers used to compromise the site, according to an e-mail statement from Blake Stowell, the company's public relations director.

IDG News Service could not confirm the nature of the attack on Sunday, but open source news Web site Newsforge.com on Sunday claimed that the SCO site was altered to say that the company would be making intellectual property claims against Microsoft Corp.'s software. That hack displayed the signature "hacked by realloc(," according to Newsforge.com. The same signature was displayed in the background of the altered banner image in Monday's attack.

SCO has been a frequent target of online attacks since it filed a multibillion-dollar lawsuit against IBM Corp. in March 2003, charging the company with misappropriation of trade secrets and unfair competition. Among other things, SCO claims that IBM violated SCO's copyright on Unix System V, which SCO purchased from Novell Inc., by copying elements of that operating system into Linux, which is distributed for free.

SCO's legal claim to own parts of Linux, and its threats to enforce its ownership through patent infringement lawsuits against Linux users, raised the ire of open source enthusiasts. The company's legal actions are seen as a threat to the spread of Linux, which many consider a possible rival to the dominance of Microsoft's proprietary desktop and server operating systems. The lawsuits have prompted companies, including Novell and Hewlett-Packard Co., to offer customers protection against copyright infringement suits.

Despite the serial attacks, SCO believes that it addressed security issues on its site to prevent future intrusions, Stowell said.

Posted by Chad Dickerson at 04:53 PM

UK's patient e-booking system falls behind schedule

One of the centerpiece projects in the massive IT infrastructure upgrade of the U.K. National Health Service (NHS) is running behind schedule due to "early stability problems with the central system," according to the agency. The project, an e-booking system called Choose and Book, is currently being tested by four early adopter sites in a pilot program that began in August. The system is intended to let users schedule out-patient hospital appointments,

Currently, "fewer than 100" live bookings had been made on the system, a spokesman for the NHS National Programme for IT (NPfIT) said on Monday. The spokesman declined to specify what the target number for the system is, other than to say, "though there have been fewer bookings than we had aimed for, we are not widely off our mark and are not behind for achieving the roll out."

The NPfIT declined to be more specific about the problems with the Choose and Book system other than to say that the core technology for the system is now in place and has been tested to manage 500 million appointments a year. "Bookings are being made by all the early adopters," the NPfIT spokesman said.

Though a second set of early adopters planned to participate in the program in the fourth quarter, that will most likely be postponed until January at the earliest, the spokesman said.

NPfIT will not name the four current participants. However, the Barnsley Primary Care Trust is a known participant. Representatives for the hospital group could not immediately be reached for comment.

Atos Origin International BV, based in Hoofddorp, the Netherlands, won the primary contract for the e-booking system last year, and Cerner Corp., of Kansas City, Missouri, provided the software. Representatives for Atos Origin and Cerner could not immediately be reached for comment.

The system is designed to handle 13 million outpatient consultations, 4 million emergency admissions and 617 million prescriptions, according to Cerner. The NHS serves 52 million people in England and employs 1.3 million people.

Choose and Book is part of an overall NHS IT program that is forecast to cost U.K. taxpayers between £15 billion (US$28.4 billion) and £30 billion by 2013. The U.K. government's Department of Health raised that estimate last month from its previous estimate of £6.2 billion.

The British Medical Association (BMA) added to the NPfIT's Choose and Book headaches when it expressed its concerns with the overall privacy of the e-booking system. The BMA on Monday warned that general practitioners (GPs) may boycott the system if they are not convinced that the confidentiality and security of patient records are beyond reproach.

"A Choose and Book appointment cannot be concluded until an electronic referral has been made by the GP. At the moment it would be impossible to do so confidentially as electronic referrals are not yet coded in a way that keeps them secure," Dr. Laurence Buckman, deputy chairman of the BMA's General Practitioners Committee wrote in an e-mail response to questions.

The NPfIT claims the system is secure but conceded that more needs to be done to engage the doctors and other staff who will use the technology.

The chairman of the BMA's IT committee said earlier this month at the eHealth Conference in London that the NPfIT's engagement and consultation with the medical profession has been inadequate.

At the same conference, a hospital administrator who asked not to be named said that she and her group were having difficulty working out various kinks in the system due in large part to a lack of communication between all of the parties involved. She said that since her department started using the e-booking system in May, there's been a lack of consultation between the NPfIT and those using the system on a grassroots level.

Posted by Chad Dickerson at 04:52 PM

JFK reloaded game causes controversy

A controversial new video game that has drawn harsh criticism from both politicians and the general public asks players to test their theories about the 1963 assassination of President John F. Kennedy. Traffic Management Ltd., a Scottish video game company, released JFK Reloaded last week. The game re-creates the assassination of JFK, and lets players take the role of assassin Lee Harvey Oswald. The game depicts the presidential limo as it cruises through Dealey Plaza in Dallas, and allows the player to fire at the president from Oswald's perch in the school book depository building. After shooting at Kennedy, the player sees a slow motion replay and an analysis of where -- and who -- the bullets hit.

Senator Edward Kennedy (D-Massachusetts), brother of the late president, has condemned the game. His spokesperson calls it "despicable."

Senator Joseph Lieberman (D-Connecticut) has spoken out against it, too. Lieberman "was sickened by the game," says his spokesperson Casey Aden-Wansbury.

Kirk Ewing, the managing director of Traffic, says the purpose of the game is to provide a realistic environment for users to test the lone gunman theory. The gamer who can most accurately replicate Oswald's shooting on November 22, 1963, can win up to US$100,000, according to the Web site.

"We genuinely believe that if we get enough people participating we'll be able to disprove once and for all any notion that someone else was involved in the assassination of President Kennedy," Ewing says in a press release.

But Christy Glaubke of Children NOW, an organization that promotes safer media for children, dismisses the claimed educational merits of JFK Reloaded. "I would think the only (lesson it teaches) is how to be an assassin," Glaubke says.

She also worries that, despite the registration policy that restricts JFK Reloaded to people over 18, kids will find a way to play Oswald on their computers.

"I would think any kid (who) has access to a debit card or prepaid credit card would have access to this," she says.

The release of JFK Reloaded, which coincides with the 41st anniversary of the assassination, follows the recent appearance of Riot UMass, another contentious reality game.

Riot UMass, created by freshman Grant Cerulo, depicted University of Massachusetts students beating police officers, re-creating the riots that occurred in Amherst after the Boston Red Sox won the World Series last month. That game site has been taken off the Internet.

Jason Della Rocca, program director for the International Game Developers Association, says that these two releases don't signify a trend. "This is not necessarily representative of the mainstream gaming industry," Della Rocca says.

At the same time, however, he defends quasi-reality games such as 9-11 Survivor, a game that challenges players to escape from the World Trade Center in New York before the building collapses, as helping the public "better understand a topic or issue."

Similarly, Ian Bogost, a game designer at Persuasive Games, considers JFK Reloaded "an attempt to frame a news event."

But not everyone appreciates these games' use of emotionally charged historical events to generate sales.

"I think it's awful that they're turning something as tragic as that into a game, for children especially," says Rebecca Sizelove, a graduate student of political management at George Washington University.

Jason Tuohey writes for the Medill News Service.

Posted by Chad Dickerson at 04:28 PM

Low-cost easyMobile service hits UK, eyes Europe

Danish telecom company TDC A/S is teaming up with T-Mobile UK Ltd. to launch a low-price, no-frills mobile service in the U.K. under the easyMobile brand. TDC said Monday that, beginning in March 2005, it will offer a Web-based telephony service, in which customers buy a prepaid SIM (Subscriber Identity Module) card for their existing handheld and manage their account online. TDC experienced some success with a similar service in Denmark dubbed Telmore, which claimed 10 percent of the market within four years of launching.

The company is now planning to dial into other markets by leveraging the easyMobile brand, which it has licensed from easyGroup (U.K.) Ltd., to use in up to 12 European countries. First it's testing the U.K. market, however, where it is using the network infrastructure of T-Mobile. Telmore founder Frank Rasmussen will serve as chief executive officer of the new business.

The easyMobile service offers voice and SMS (Short Messaging Service) capabilities and is available for all mobile customers who use second-generation handsets, a spokesman for TDC said.

Prices are yet to be announced but are expected to be lower than those offered by the U.K.'s major mobile providers.

To give a comparison of the possible price difference, the TDC spokesman said that Telmore charges 0.80 krone (US$0.14) per minute for voice, compared to the average mobile voice charge in Denmark of 1.10 krone per minute.

The easyMobile service could lead to an overall reduction in U.K. mobile tariffs, according to a report by analysts at Ovum Ltd. The offering is likely to put pressure on other mobile operators, the analysts said, and won't win many industry friends for T-Mobile.

T-Mobile, which is the U.K. wireless arm of German telephone giant Deutsche Telekom AG, already has a wholesale deal with Virgin Mobile in the country, but easyMobile will give it added revenue without taxing its network, the analysts said.

Like Telmore, the easyMobile concept is based around lean operations, a small marketing budget and no physical store locations.

Although the service is basic, TDC is hoping that customers appreciate the cost savings. In Denmark, Telmore customers called to complain that the company was wasting money when it ran a TV ad for the service, the spokesman said.

Now it remains to be seen if U.K. customers are as thrifty.

Posted by Chad Dickerson at 04:28 PM

Satellite failure hits US broadband services

The failure of a communications satellite on Sunday has knocked out broadband services supplied by StarBand Communications Inc., according to a statement posted on the company's Web site. The irreparable failure of Intelsat Americas-7 at 2:30 a.m. Eastern Time on Sunday is forcing StarBand to move customers to a different satellite. Meanwhile, the company is attempting to provide temporary dial-up service to customers affected, the statement said.

The satellite owner, Intelsat Inc., said the craft had suffered a sudden and unexplained electrical anomaly and that it was permanently lost. The satellite was built by Space/Systems Loral and launched in September 1999. From its orbital position at 129 degrees West it covered North America, Central America, and parts of South America. The satellite was self-insured by Intelsat, according to the company.

StarBand did not say how many subscribers were affected.

StarBand serves residential customers at download speeds of 150k bps (bits per second) to 500k bps and small business customers at speeds up to 1M bps. Its services are available throughout the U.S. and Puerto Rico. Subscribers use a 90 centimeter satellite dish to send and receive signals.

Intelsat said its IA-8 satellite, scheduled for a Dec. 17 launch, may take over some of the lost services. The IA-8 will provide 36 Ku-band and 24 C-band transponders according to the company.

The loss of the satellite could affect plans to sell the company, Intelsat said. A consortium led by Zeus Holdings Ltd. has bid for the company, but under an agreement with Intelsat, the total loss of the IA-7 satellite gives Zeus the right to cancel the deal. Zeus has advised Intelsat that it is evaluating the impact of the IA-7 failure, according to a statement by Intelsat.

Posted by Chad Dickerson at 04:28 PM

The battle against cyberterror

The arsenal of modern weapons that terrorists might someday use to disrupt power grids, gas lines and other parts of the nation's critical infrastructure includes conventional weapons as well as bits and bytes -- in other words cyberterror attacks. The cyberthreat to the electricity we use and the water we drink is real, experts say, but there's no need to panic -- at least not yet. "Our research shows that terrorist groups are definitely interested in attacking critical infrastructures," says Eric Byres, research director at the Internet Engineering Laboratory of the British Columbia Institute of Technology in Burnaby. "The good news is that we don't think they have the technical ability yet -- in other words, the combined IT and control system skills needed to penetrate a utility network. The bad news is that they're beginning to acquire some of these skills."

Confidential documents about supervisory control and data acquisition (SCADA) systems, for instance, have been found in al Qaeda hiding places in Afghanistan, while the Irish Republican Army has said it plans cyberattacks on crucial supply systems, according to Justin Lowe, principal consultant with PA Consulting Group.

Equally disturbing, talented hackers in many parts of the world are willing to peddle their expertise for the right price or political cause, according to DK Matai, chairman of Mi2g Ltd., a London security service provider. "We have evidence of Russian hackers selling their skills to radical Islamic groups," he says.

Few, if any, of the industrial control systems used today were designed with cybersecurity in mind because hardly any of them were connected to the Internet. For the most part, these companies viewed their infrastructures as secure from cyberattacks because of their isolated structure.

However, utilities and factories are now using the Internet to carry SCADA messages from an increasing number of Web-enabled, remote-control systems, according to Joe Weiss, who served as security director at the Electric Power Research Institute in Palo Alto, and its Enterprise Infrastructure Security Initiative before joining KEMA Consulting.

Not only that, but also many of their "private" networks now are built with the help of competitively priced fiber-optic connections and transmission services provided by telecom companies, which have become the frequent target of cyberattacks.

Last year, a power utility crash that was caused indirectly by the Slammer worm paralyzing a leased telecom service. For its SCADA communications network, the utility used a frame relay service, which a carrier provided over its ATM backbone. The ATM network was overwhelmed by the worm, blocking SCADA traffic to substations.

"In some sense, we're always under attack," says Vint Cerf, senior vice president of technology strategy for MCI Inc. "The wonderful thing about the Internet is that everything is connected. The horrible thing about the Internet is that everything is connected."

And if terrorist groups fail to mount an attack from the outside, they can always take the insider approach, finding disgruntled employees who know the vulnerablities, say, of a power grid control network, according to PA Consulting's Lowe.

That's why Cerf insists on access controls at every host in every internal network. "The notion of inside and outside shouldn't confer a great deal of authority on anybody," he says. "My recommendation: every host should have its own firewall and require authentication that should be very strong."

So where does the U.S. stand in terms of vulnerability, compared with other countries?

Byres says protection varies in critical infrastructures around the world, but the level isn't directly linked to the national economy. In other words, it isn't necessarily better in rich countries and worse in poor countries. For instance, deregulation of the energy market in the U.S. has led to cost-cutting that has affected investments across the board, including security systems and services, he says.

And what about the Internet, which is a critical infrastructure all of its own?

"Sure, if gangsters are using cyberattacks as weapons, why shouldn't terrorists?" says Steve Cocke, director of the security and stability advisory committee at the Internet Corporation for Assigned Names and Numbers. But Cocke argues that the distributed architecture of the Internet makes it a difficult target to bring down. "When the World Trade Towers came down, local telephone service was severely impaired but disruption of the Internet was minimal," he says.

The disturbing fact is that the world's utility and industrial infrastructures remain vulnerable to cyberattacks not only by terrorists but also by disgruntled employees and even script kiddies, experts agree. The challenge now, they say, is to minimize this vulnerability -- before it's too late.

Posted by Chad Dickerson at 04:28 PM

November 26, 2004

UK government hit with another large computer failure

IT system failures continued to plague the U.K. government this week, when as many as 80,000 civil servants working for the Department of Work and Pensions (DWP) had to deal with what is being described in the local press as the biggest computer crash in government history. The DWP was carrying out a "routine software upgrade" on Monday when the system crashed, leaving around 80 percent of the department's 100,000 desk machines disrupted or completely shut down, a DWP spokeswoman said Friday. The problems lasted through most of Thursday, but the "majority of our system is up and running now," she said.

Microsoft Corp. and Electronic Data Systems Corp. (EDS) run the DWP's network as part of a £2 billion (US$3.8 billion) information technology contract.

Microsoft issued a short statement on Friday saying that it worked closely with its partners to help rectify the situation and support the DWP, but declined any further comment. Representatives from EDS could not immediately be reached for comment.

The head of the DWP, the government secretary Alan Johnson has promised an internal inquiry into the systems failure and the role Microsoft, of Redmond, Washington, and EDS, of Plano, Texas, played in the crisis.

The DWP, which is responsible for providing a variety of state benefits to about 24 million people, attempted to downplay the effect the computer problems will have on its customers, saying that the department's mainframe computers were not affected. "There will be delays with new and amended benefit claims, but we have been dealing with the problems though our contingency plans and the disruptions will be minimal," the DWP spokeswoman said.

It is believed that the crash was caused when an incompatible system was downloaded on to the entire network, forcing employees to send faxes because they couldn't access their e-mail accounts and to fill out some payment checks by hand.

The IT failure was only the latest in a string of serious computer system problems experienced by the department. The DWP's Child Support Agency (CSA) has been struggling with a £456 million system from EDS that has made payments to only one in eight single parents awaiting them. Last week, Johnson told a House of Commons Parliamentary Select Committee that he is considering shutting down the child-support case management and telephony system, and Doug Smith, the chief executive of the CSA, resigned from his job.

On Friday the general secretary of the Public and Commercial Services Union, Mark Serwotka, called on the government to hold off on its plans to cut 30,000 jobs in the DWP on the basis of IT improvements, in light of the computer crisis. Earlier this year, the government announced it plans to eliminate 104,000 civil servant jobs across the government based in part on increased efficiencies gained though new IT systems.

Since 2001, the DWP has spent around £4.25 billion on various IT projects, including the CSA system. According to a report it submitted to a Parliament Select Committee, the department has spent £306.7 million on management and IT consultancy, £51.5 million on staff substitutions and contractors and £54.3 million on professional services.

The U.K.'s public sector IT projects in 2003/4 are expected to cost more than £12.4 billion, but U.K. government IT projects have often been accused of being over-ambitious and prone to disastrous delays and cost overruns.

Beyond the DWP, further examples include the benefit-payment card program from the Post Office, the Department of Social Security and International Computers Ltd. (ICL), which fell apart after three years and £300 million; software problems that delayed the Swanwick air traffic control center and have since been blamed for a near collision between two airplanes; the disruption wrought on thousands of people with travel plans in 1999 by the Passport Office's new computer system, and the National Probation Service's case-record and management system which was abandoned in 2001 after it was revealed the project was expected to be two years late and 70 percent over budget.

Posted by Chad Dickerson at 05:19 PM

Hamburg city pushes mobile phone ticketing

Hamburg, one of Germany's largest cities, is showing consumers how they can check into soccer games, museum exhibitions, musicals and more with their mobile phones as part of a two-day mobile phone ticketing initiative beginning Friday. Soccer fans attending the Friday evening match between FC St. Pauli and Hertha BSC Amateure will be able to avoid long lines at ticket booths by displaying their mobile phones with a message containing a bar code, which is scanned at the gate. The same service will be available on Saturday to those attending the musical "Dance of the Vampire," or live music performances in several bars in Hamburg's famous Reeperbahn district.

Mobile Ticketing Days is an initiative of the City of Hamburg in collaboration with several technology partners, including T-Mobile International AG, Matrix Solutions GmbH and Teltix GmbH. The two-day program is being managed by Hamburg@work, a public-private organization involving the Hamburg city economic development agency and a group of local multimedia technology companies.

"Earlier this year, we conducted a survey of local business people and consumers and asked them what they view as the key technology trends in 2004 and 2005," said a spokesman from Hamburg@work. "Many of them viewed mobile phone applications as an important trend. That's what prompted this two-day mobile application event and others to follow next year."

Matrix has developed a mobile ticketing system, called PicTicket. Customers can either purchase their ticket online by going to the PicTicket Web site or calling the automated PicTicket call center. They must provide both their mobile phone number and the type of phone they use.

Customers pay either by credit card or direct debit. Once payment is verified, the ticket is sent electronically to their handset as an SMS (Short Message Service) text, which contains an encrypted code.

The ticket is issued to one phone only, according to the spokesman. "So it can't be copied or forwarded," he said.

The Teltix service is similar except for the scanning option. Customers can call a number from a list to purchase tickets to different events. An SMS is sent to their phones, displaying information which they show at the gate. Before customers can purchase tickets, they must become registered users of the Mobile Wallet payment program, which is run by T-Mobile.

Teltix has also developed a mobile ticketing application for the public transit sector as well. Several German cities, including Bonn and Osnabrück, now offer commercial mobile ticketing services.

In addition to a mobile gaming event slated for March, the City of Hamburg plans to host a program for 3G (third-generation) content technology later in the year, according to the Hamburg@work spokesman. The city is home to some of Germany's biggest publishers, including the news agency Deutsche Presse Agentur (dpa), he said.

The agency's information service subsidiary, dpa-infocom GmbH, is a founding member of the mobile content project MINDS (Mobile Information and News Data Services). The project aims to develop new information services for 3G mobile networks and define necessary technical and commercial standards.

Additional MIND members include the national newspaper agencies of Austria, the Netherlands, Switzerland and Hungary, as well as the Hamburg-based software company CoreMedia AG and the Fraunhofer Institute for Open Communication Systems in Berlin. The project is funded by the European Commission through its eContent program.

Posted by Chad Dickerson at 05:18 PM

UK online music sales to be included in singles charts

The U.K. music industry plans to take into account the sale of legal online music downloads in preparing its traditional weekly top 40 singles sales list from early next year. According to the British Phonographic Industry (BPI), a trade group representing U.K. record companies, the market for legally downloaded music is helping to revitalize the ailing music single market. In the third quarter of this year, about 1.75 million download tracks were sold, compared with 7.3 million singles, the BPI said Friday.

The market for legal downloads has taken off in the last year, fuelled in large part by the success of digital music players such as the iPod from Apple Computer Inc. and the launch of online music stores like Apple's iTunes, Connect from Sony Corp. and Napster LLC. Download sales are currently running at around 250,000 a week, the BPI said, and are expected to grow even faster around the holiday season as people give digital music players as gifts.

According to the BPI, if the sale of online music singles had been included in its figures, the overall singles market would have grown by 9 percent when compared to the second quarter. Instead, it posted a 12 percent decline for the period.

As with the Recording Industry Association of America (RIAA) in the U.S., the BPI has been aggressive in its campaign against individuals illegally sharing music online. Last month, the BPI successfully sued a number of U.K. ISPs (Internet service providers), forcing them to disclose the names and addresses of 28 people it believed to have uploaded music files on to filesharing networks.

Posted by Chad Dickerson at 05:18 PM

November 25, 2004

MmO2 to offer DoCoMo's I-mode in UK

NTT DoCoMo Inc. is negotiating an agreement in which it will help mmO2 PLC launch an I-mode-based mobile Internet service in 2005 in the U.K., said an industry source familiar with the discussions between the two companies. The companies are working on a deal, which has yet to be finalized, in which DoCoMo will provide mmO2 with data distribution, content development services and other know-how. MmO2 will introduce a version of the I-mode service on its GPRS (General Packet Radio Service) handsets next year, and later, on 3G (third-generation) handsets, according to the source, who declined to be named.

In an official statement released Thursday, DoCoMo said it was studying the possibility of offering an I-mode service in the U.K. and was conducting various studies about how to advance the service in the U.K., but that no agreement had been reached. The statement did not mention mmO2.

However, one analyst said the deal had been completed.

"It's a done deal," said Kirk Boodry, telecom analyst with Dresdner Kleinwort Wasserstein (Japan) Ltd. in Tokyo.

The agreement won't provide DoCoMo with much revenue, but it will extend the company's brand image in Europe, Boodry said. For mmO2, the move will give the carrier an easy route to provide mobile Internet services, taking advantage of DoCoMo's extensive experience with the I-mode technology and software, he said.

"Over the last two or three years, the mobile Internet has been seen as a big opportunity for European carriers," Boodry said.

I-mode offers an easy-to-use package of content, e-mail, games and other applications and services designed for packet-based network technologies, with a format that is nearly identical to regular Web pages.

The move plugs a gap in DoCoMo's efforts to promote the service throughout Europe.

After investing a 20 percent stake in Hutchison 3G UK Ltd. (H3G) in 2000, DoCoMo had hoped that H3G UK would introduce I-mode on its 3G high-speed network. But after H3G UK failed to roll out the service, DoCoMo sold the stake back to H3G's Hong Kong parent company, Hutchison Whampoa Ltd., in May and has been looking for another U.K. partner ever since.

Meanwhile, U.K.-based carriers have been rolling out rival mobile Internet services.

I-mode was launched in 1999 and is popular in Japan, where DoCoMo has over 42 million [m] I-mode subscribers. As of July, the service had more than 3 million subscribers outside Japan, according to DoCoMo spokesman Takumi Suzuki.

A deal with mmO2 would be the eleventh I-mode partnership between DoCoMo and a carrier outside of Japan.

This year, DoCoMo has announced a string of deals to promote I-mode use by carriers outside of Japan. Earlier this month, the company said it was partnering with Cellcom Israel Ltd. to launch I-mode in Israel. That service will start in 2005, according to Suzuki.

In June, DoCoMo said it was partnering with Telstra Corp. Ltd. to offer the service on the Australian carrier's mobile phones. The service will be launched before year-end on Telstra's 2G (second-generation) network and later on a 3G network. Also in June, TOKYO (11/25/2004) - Cosmote Mobile Communications SA launched a wireless Internet service based on the I-mode platform in Greece.

Other I-mode partners are: E-Plus Mobilfunk GmbH & Co. KG in Germany; KPN Mobile N.V. in the Netherlands; Far EasTone Telecommunications Co. Ltd. in Taiwan; BASE N.V./S.A in Belgium; Bouygues Telecom S.A. in France; Telefonica Móviles SA in Spain; and Wind Telecomunicazioni SpA in Italy.

Posted by Chad Dickerson at 03:52 PM

Industry group might buy Commerce One patents

A move is afoot to form an industry consortium to buy about 40 patents that are among the assets of bankrupt Commerce One Inc. The CommerceNet industry group met on Monday with representatives of major technology vendors to discuss forming a foundation to buy the patents, which cover Web services technology, according to Lee Van Pelt, an attorney at Van Pelt & Yi LLP, in Cupertino, California, who attended the meeting. That purchase could prevent speculators from acquiring the patents and launching expensive lawsuits to enforce them, he said.

Software patents have become a hot topic in IT, an industry rife with patent lawsuits. The government of the European Union is currently embroiled in debate over a proposal to codify software patents there.

The Commerce One patents cover methods for companies to communicate with each other and provide certain types of information when carrying out machine-to-machine transactions over the Internet, Van Pelt said. Patents from the Santa Clara, California, company, which was a pioneer of electronic marketplaces, could cover technologies widely used by other companies, said Zapthink LLC analyst Ronald Schmelzer.

A speculator might capitalize on the broad use of the technology by taking those vendors to court for infringement, possibly consuming more time and litigation costs than the patents are worth, according to Van Pelt. He estimates the patents, most of which are still pending, will fetch between US$1 million and $10 million.

"Probably the least efficient way for these patents to be used by the industry would be for a speculator to buy them and aggressively enforce them against the industry," Van Pelt said. "A lot of the companies who have expressed interest in this are not necessarily companies that would be targets."

The concept of a public foundation buying "orphaned" patents and essentially retiring them is one that Van Pelt and other attorneys have been advocating for a while, he said. A key challenge is raising the money to buy patents. No vendor has pledged money to support a buy-out of the Commerce One patents, and CommerceNet has not yet committed itself to take action, according to Van Pelt. Time is tight: The auction hearing is scheduled to take place Dec. 6, he said.

CommerceNet, based in Mountain View, California, could not be reached for comment on Wednesday

Posted by Chad Dickerson at 12:37 AM

November 24, 2004

Phishing on the increase

Online phishing schemes increased significantly in October as financial institutions struggled to combat attempts to steal private account information from online consumers, according to the Anti-Phishing Working Group (APWG). Last month, 1,142 sites were used for phishing, up 110 percent from the 543 sites reported in September, according to the report issued this week by the APWG, a consortium of law enforcement, financial institutions and computer-security firms that tracks the online attacks.

Almost 6,600 different phishing messages were reported to the group in October. The number of unique phishing e-mails has grown an average 36 percent each month since July, said Peter Cassidy, secretary general for the group. "Organized crime has embraced this technology and automation has increased the availability of phishing technology. They've become much more sophisticated," he said.

Phishing occurs when scam artists send fraudulent e-mails to consumers to lure them to Web sites that appear to be the home page of a well-known financial institution. The e-mails instruct the consumer to leave account information on the site, which the scammers then use for identity theft. According to the U.S. Federal Trade Commission, more than 10 million Americans were the victims of identity theft last year, with an estimated 57 million Internet users receiving a phishing e-mail.

The financial services industry has been the hardest hit. A phishing e-mail making the rounds last month was designed to appear to be from Citicorp, one of the nation's largest banks. Last year phishing scams cost banks and credit-card companies $10.2 billion, according to a recent Gartner report.

Banks are trying to combat phishing by educating their consumers about "spoof" e-mails. Several banks include information about phishing on their Websites and in monthly statements. The APWG has been expecting the phishers to begin targeting regional and local banks with their attacks, but that has yet to occur, noted Cassidy. "The phishers have not really broadened their attacks beyond established brands such as Citicorp and Bank of America," he said. The number of brands subjected to the largest numbers of phishing attacks did increase, rising from four in July to six in October. "Yet, you would really expect it to be more. We think that will happen, but that is taking a little longer than we expected," said Cassidy.

The APWG is also warning companies and users of a new form of fishing that runs a script just when an e-mail is opened. The new technique has only been detected in Brazil, but is probably being tested for wider deployment, said Cassidy.

In August, the Justice Department said it had arrested, charged or convicted more than 150 people related to criminal activity on the Internet. Many of the cases centered on phishing schemes. The U.S. Federal Bureau of Investigation has reorganized its efforts to combat cyber crime, in large part because much of the illegal internet activity comes from international crime rings.

Posted by Chad Dickerson at 10:09 PM

EBay launches Philippine portal

Online auction giant eBay Inc. has launched its Philippine portal but the company has yet to decide what single payment system to use. EBay uses PayPal, a company it acquired in 2003, as its online payment unit. PayPal, however, does not yet cover users from the Philippines.

The local portal will undergo enhancements based on user feedback, said Frederic De Bure, eBay managing director for Hong Kong, Singapore and the Philippines.

"We don't want to force a single payment system ・whether online payment or through SMS," De Bure said during the launching of eBay.ph last week.

According to him, eBay was encouraged to put up a Philippine portal because of the large number of Filipinos using its main site.

"If we don't have a big business here in the Philippines, we wouldn't build a local portal," De Bure answered when asked how many Philippine-based users are trading in the main site.

However, in putting up its Philippine portal, eBay, at best, is trying to build a local community of buyers and sellers. Unlike the company's main site, eBay.ph does not charge users a fee for buying or selling goods on the site.

While there are several existing local auction sites already, eBay is counting on its strong brand to give it a substantial edge. Its global trading platform now covers 30 countries worldwide, nine of which are in the Asia Pacific.

According to De Bure, eBay currently has more than 125 million users trading items in more than 50 categories, from consumer electronics to memorabilia. At the end of 2003, eBay reported more than $24 billion in total value of goods traded on its site.

EBay.ph is hosted in Singapore along with local portals in other Southeast Asian countries. Each local portal, servicing 30 different countries and connected to the main site, shares a single database, according to De Bure.

Asked how eBay intends to earn revenues from its local portal, De Bure replied: "From a cost basis, it is something we do not worry about. We are not thinking of charging fees, it is not relevant to us at the moment."

Posted by Chad Dickerson at 02:46 PM

Valve cracks down on Half-Life 2 CD hacks

Valve Corp. has reportedly been cracking down on those who have downloaded illegal copies of the game or those who've tried to bypass Steam with a CD key--allegedly banning up to 20,000 users from playing the critically acclaimed PC shooter. "The number of people who actually had bought HL2 and used the CD key cheat was very small. Very small. Most people just tried to rip off the game and not bother buying it," said a Valve spokesperson.

The company's heavy-handed approach has been understandable--piracy has plagued the PC industry for years, with games being available within days before or after release. Valve also suffered a blow with the source code leak last year, forcing the company to delay the game by a year.

Online authentication has received mixed feedback from consumers, namely due to longer load times and the complications that arise when facing busy servers. However, if Valve's approach proves to be successful in warding off piraters, more game companies will likely follow suit.

Posted by Chad Dickerson at 02:43 PM

November 23, 2004

UK deploys electronic image archiving in all hospitals

General Electric Co. and EMC Corp. announced this week that they have won a US$200 million contract to install electronic image archiving systems in 70 hospitals in the U.K., as part of an effort to centralize communications and modernize technology throughout the national health system. The contract, part of an $18 billion IT upgrade to the U.K.'s health care system, will combine GE's picture archiving and communication system (PACS) technology with four models of EMC's storage systems.

"They're going to be able to streamline their patient data and images -- put all the patient records in one location," said Jerry Layden, EMC global account manager for GE.

Layden said the U.K. government contract is one of the largest for EMC with respect to storage systems supporting PACS attached.

PACS technology allows X-rays, MRIs and other medical images to be digitized, stored and transmitted electronically, avoiding the need for film development processes and delivery by mail or by hand to physicians and technicians.

Earlier this month, EMC announced that it had tightly integrated its low-end AX100 array with GE's Centricity PACS system for smaller hospitals. The U.K.'s National Health Service (NHS) project will be using two types of EMC's midrange Clariion storage-area network arrays and EMC's Celerra network-attached storage arrays. It will also involve EMC's Centera content-addressed storage array.

Each hospital site will have two Clariion arrays supporting the GE Centricity PACS Enterprise Edition application. There will also be two data centers in each of five regions with clustered Centera arrays that will hold archived medical images two years old or older for the 70 hospitals. Critical application data will also be replicated between both data centers in each region.

The U.K. government announced in May that the NHS in England would install nationwide digital imaging systems that allow patients medical images and records to be transmitted via a Web portal from a centralized data center to remote sites for medical diagnosis.

Vendors including Perot Systems Corp., Cerner Corp., IBM Corp. and Accenture Ltd. have already been awarded two major contracts valued at nearly $4 billion as part of the IT upgrade. Fujitsu Services Ltd. is the designated local service provider for the NHS project.

The overall project has been split into five districts throughout the U.K. EMC and GE won the southern district, which is the largest.

"We believe the networks now being established will greatly improve health care in England and will be imitated worldwide as health systems move the management of patient care into the 21st century," said William Castell, vice chairman of GE and CEO of U.K.-based GE Healthcare.

Posted by Chad Dickerson at 11:36 PM

Observers find 201 e-voting problems in Maryland

Poll observers in about 6 percent of Maryland's precincts recorded 201 problems with electronic voting machines during the Nov. 2 general election, according to a report released Tuesday by TrueVoteMD.org. Poll watchers trained by the voting integrity activist group reported 42 cases of crashed e-voting machines, 37 cases of access card or encoder problems, and 30 screen malfunctions, according to the report. More than 400 TrueVoteMD poll watchers observed the elections at 108 of the state's 1,787 voting precincts.

TrueVoteMD poll watchers saw problems that were "easily observable" and not problems that may have happened inside the electronic voting machines, said Linda Schade, co-founder of TrueVoteMD. While the problems observed in the precincts where the poll watchers were stationed may not be typical of all precincts, they were likely a "small fraction" of the actual problems with e-voting machines in Maryland, Schade said.

"One of our greatest resources is the widespread common sense of Maryland voters, and also their passion to defend our democracy from what we see is a clear threat, which is nontransparent elections, unverifiable elections using error-prone secret software with gaping security holes and with a history of election failures," Schade said at a press conference. "They are in complete agreement about one thing -- that is that blind faith has no place in the voting booth."

TrueVoteMD, along with several national groups, has called for electronic voting machines to include voter-verified paper trails, which are printouts of each voter's choices that can later be used to recount ballots. E-voting critics say independent recounts are impossible without such paper trails; when a recount is demanded, most e-voting machines will spit out the same electronically generated set of disputed numbers again and again.

Separately, the Electronic Frontier Foundation and the Verified Voting Foundation announced late Monday they have sent letters asking voting officials in eight counties across the U.S. to allow independent testing of their e-voting machines.

Those counties were identified by the groups as encountering significant e-voting problems on Nov. 2. The problems were listed on a Voteprotect.org database after voters called in problems to a toll-free telephone number on Election Day. The counties contacted were Broward and Palm Beach in Florida; Mahoning and Franklin in Ohio; Mercer and Philadelphia in Pennsylvania; Harris in Texas; and Bernalillo in New Mexico.

The Election Verification Project, a coalition of e-voting critics, recorded more than 1,800 voting machine problems through the Voteprotect.org database, although the Maryland reports are not yet included. About 900 of the 1,800 reported machine problems related to paperless e-voting machines, according to Will Doherty, executive director of the Verified Voting Foundation.

E-voting advocates have defended the machines as accurate and voter friendly. Linda Lamone, administrator of the Maryland State Board of Elections, said the TrueVoteMD poll watchers found a handful of problems in 16,000 e-voting machines used in the state Nov. 2. Replacement machines were available in case of breakdowns, she added. Maryland uses Diebold Inc. e-voting machines.

"By all (Board of Elections) accounts, we had a successful election," Lamone said. "We planned for equipment issues this election just like we do in every election. You can't expect everything to work perfectly."

Two poll workers attending the TrueVoteMD press conference disputed that the problems described in the group's 18-page report were typical. Along with the 201 e-voting machine problems identified by TrueVoteMD poll watchers, another 330 nontechnical problems, including long lines and registration problems, were reported by the poll watchers.

But Judy Dein, an election judge in Ann Arundel County, said her precinct experienced no problems. "Our experience was different," she said after hearing about e-voting machine and registration problems from Schade and three poll watchers.

An estimated 40 million U.S. voters used about 175,000 e-voting machines on Election Day, said Bob Cohen, senior vice president at the Information Technology Association of America, a trade group that has e-voting machine vendors as members.

"You have a handful of incidents reported," Cohen said. "The electronic voting issues were extremely small compared to the big picture."

Among the incidents reported in Maryland were a voter in Montgomery County who said the machine went dark and spit out her ballot card before she finished voting. Another voter reported the machine shutting down while she was trying to correct her vote, and another voter in Montgomery County said the machine switched her choices and she was directed to another machine.

A poll watcher in Montgomery County reported two e-voting machines at one precinct crashing less than 75 minutes after polls opened.

TrueVoteMD's Schade called for the Board of Elections to adopt "systematic" quality control measures. Because of the secret software inside e-voting machines and the lack of TrueVoteMD volunteers at every precinct, the group doesn't know how many e-voting problems there were, Schade said.

"At a certain point, if we don't know the scope of the problems, we don't know if it's a legitimate election or not," Schade said. "Any rational organization would institute a quality-control program."

Nancy Almgren, a former candidate for Maryland House of Delegates, questioned why it was TrueVoteMD's responsibility to track e-voting problems. "I think the question is why is a citizens group doing this?" Almgren said. "Why isn't it being done by the state? If they're investing our money in this system, why aren't they verifying the results?"

The Board of Elections conducts an extensive review of voting issues, countered Lamone, the state elections administrator. "They take far too much credit," she said. "We have a huge process in place to monitor what's going on."

Posted by Chad Dickerson at 11:20 PM

Queen calls for UK biometric ID card

The U.K. government's high-tech plans for ID cards using biometric technology was announced Tuesday in the Queen's Speech, amid the traditional pomp and pageantry of the annual opening of the U.K. Parliament. Queen Elizabeth II read the government-written speech, which unveiled plans for 32 proposed laws, including the Identity Cards Bill, to be considered in the newest session of Parliament. The Queen's Speech set out the government's agenda ahead of the next general election, which the leader of the Labour government, Prime Minster Tony Blair, is widely expected to call for May 5, 2005.

The legislation proposes a system of ID cards that carry biometric identifiers in an embedded chip, and are linked to a "secure national database" to be created by 2010. Secretary of State for the Home Department David Blunkett proposed the new system last year.

The government is working to make the ID cards compulsory for everyone living in the U.K. by 2011 or 2012, Blunkett said Tuesday in an interview broadcast by the British Broadcasting Co. after the Queen's Speech. The national database will hold personal information for each person carrying the ID card. The information will include name, address and biometric information such as fingerprints, facial scans and iris scans.

Blunkett said that the database is the "crucial part" of the program and will eventually be linked to the European Union's (E.U.) proposed registration program.

The European Commission has produced draft regulations to introduce, by 2005, biometric data (fingerprints and facial images) on visas and resident permits for non-E.U. nationals. The information would then be stored on national and E.U. databases that will be accessible through the Visa Information System held on what is called the Schengen Information System.

Ovum Ltd. analyst Graham Titterington agreed that the database is the key aspect of the system. "It is quite unique what the U.K. government is proposing and would be absolutely vast," Titterington said. "A number of European countries like Belgium and Latvia have ID cards with databases of information, but those are used primarily as an entry to e-services where as the U.K. plan is primarily about law and order."

Titterington warned that it is unclear how much information or what types of information could eventually be entered into the database, or even who would be given access to the database. "Just what will be in the database and who can use it needs tying down because already, you are seeing 'function creep' becoming a problem," he said.

Blunkett has repeatedly hailed the biometric ID cards as a powerful weapon in the government's fight against identity fraud, illegal workers, illegal immigration, terrorism and illegal use of government entitlement programs such as the National Health System. The Queen echoed that sentiment in her speech.

"My Government recognizes that we live in a time of global uncertainty with an increased threat from international terrorism and organized crime. Measures to extend opportunity will be accompanied by legislation to increase security for all," the Queen said. "My Government will legislate to introduce an identity cards scheme, and will publish proposals to support the continuing fight against terrorism in the United Kingdom and elsewhere."

The biometric facial identifiers will first be included in passports beginning next year, and will then "build the base" for the ID card plan and its "clean database," Blunkett said.

But many security experts question whether such a vast database could ever be free of errors. "By its very nature, a database of that size could never be truly clean. Just in terms of data entry, how do you ensure the accuracy of the data being entered?" Ovum's Titterington said.

Titterington pointed to the U.K.'s police criminal records database, which is known to have built up numerous inaccuracies over the years. "That is a database of a much smaller scale than the one the government is proposing and it only allows access to law enforcement officials with the highest levels of clearance," Titterington said. "How on earth do you control legitimate access to the ID card database, let alone keep it protected from hackers and terrorists?"

Should the Identity Cards Bill become law, a new agency will incorporate the functions of the U.K. passport service and begin issuing ID cards from 2008.

Posted by Chad Dickerson at 05:42 PM

Law may snag Philadelphia Wi-Fi rollout

A proposed Pennsylvania law now on its way to the governor's desk could pose a hurdle for the city of Philadelphia's ambitious plan to provide broadband service throughout the city via Wi-Fi. One provision of House Bill 30 (HB30), a wide-ranging telecommunications regulation bill that earned final approval by the state House and Senate on Friday, would prohibit a government or any entity it creates from offering broadband for a fee.

Philadelphia's city government is studying plans to deploy Wi-Fi wireless LAN access points throughout the city, each offering IEEE 802.11b access and linked to others via a wireless mesh network, said Dinanah Neff, the city's chief information officer. Deployment is set to begin in June 2005 and should be completed by June 2006.

The US$7 million to $10 million project is intended to encourage economic growth and help poor residents access the Internet with a broadband service priced at an estimated $15 to $25 per month, she said. About 60 percent of Philadelphia's neighborhoods, primarily poorer neighborhoods and less densely populated ones, don't have access to broadband services, according to Neff.

HB30 would eliminate three of the five possible business models being studied by Neff and the Wireless Philadelphia Executive Committee, according to Neff.

"It will make it more difficult. It will not kill the project," Neff said.

The city could provide the service for free, but it is unlikely to find a funding source for that, she said. Alternatively, it could offer the service through a consortium of private companies that would sell it to the public -- probably at a higher price, Neff believes.

The language on government-supplied broadband in the bill would hand a big favor to Verizon Communications Inc., the incumbent regional telecommunications carrier in Philadelphia, according to Gary Tuma, press secretary to state Senator Vincent Fumo, a Democrat who opposed the bill. Verizon has fallen short on its promises to build a more up-to-date network over the past 10 years, contributing to the lack of broadband availability, he said.

"It's one of many efforts being made by Verizon to prevent competition," Tuma said. "What was going on here was an intense lobbying effort by Verizon to get a version of the bill they were happy with."

Verizon disputed that charge. The carrier has invested $8.5 billion in infrastructure in Pennsylvania over the past 10 years, and competition is thriving in the state, said company spokeswoman Sharon Shaffer.

Local governments that get into the broadband business risk pouring taxpayer dollars into projects that don't pay off, Shaffer said. In addition, they enjoy competitive advantages that include having access to public funds and not having to pay taxes, she added.

Verizon, as well as a state senator who supported the bill, dismissed the perceived threat to Philadelphia's planned network. A "grandfather" clause in the bill would exempt from the ban any service that is already operational on Jan. 1, 2006. To qualify, the service would only have to have one paying subscriber by that time, according to Don Houser, chief of staff for state Senator Jake Corman, a Republican.

However, Philadelphia CIO Neff believes the language isn't clear enough for comfort. The project might have to be accelerated so the network was fully in place by the cut-off date, she said.

Governor Edward Rendell, a Democrat, had ten days to act on the bill, said Tuma, who would not speculate whether it will be signed or vetoed.

Posted by Chad Dickerson at 05:42 PM

HP unveils Blog experiment

Hewlett-Packard Co. has become the latest IT vendor to dip its toes in the wild world of Web logging, or blogging. Over the last few weeks, a handful of developers in the company's software development group have quietly begun publishing their regular musings on such technical issues as service-oriented architectures and XML (Extensible Markup Language). But the company is now showing signs of following competitors like Microsoft Corp. and Sun Microsystems Inc. and opening up its blogging efforts to a wider range of company employees.

HP's blog experiment was launched Nov. 8, as a way to better communicate with the technical community, said David Gee, vice president of marketing for HP's management software organization. "We wanted to foster communication with particular audiences," he said. "In this case, it's with the developers and the managers in the technical space."

The company rolled out the blogs in a very low-profile fashion, Gee said. "We buried it in the developer section by design because we want to get our feet wet."

Within the next few months, however, Gee expects employees working on a number of different areas to get involved in blogging. "I think the compiler guys, the OS (operating system) guys, and the Linux guys within HP will use this medium much more aggressively," he said.

HP comes late to the corporate blogging game. Microsoft began publishing employee blogs on its MSDN (Microsoft Developer Network) Web site in January, and Sun followed suit a few months later with the launch of a Web site where any Sun employee can create a public-facing Web log. In April, IBM Corp. opened up part of its DeveloperWorks Web site to a small number of technical bloggers.

Blogging has become a way of reaching audiences that may be unreachable with conventional marketing techniques, said Amy Wohl, president of Wohl Associates, an industry analyst firm based in Narberth, Pennsylvania. "This is all about getting to an audience who ordinarily wouldn't read anything that you put out there," she said. "They don’t read marketing material."

Sometimes that audience is reached by making statements that would not normally appear on corporate Web sites. IBM engineer Bill Higgins, for example, recently dissected some widely publicized comments by Microsoft's Steve Ballmer, accusing the software giant's chief executive officer of making "specious" arguments against open source "to bolster Microsoft and spread (fear, uncertainty and doubt) about Open Source."

HP and Sun are both experimenting with blogs that target less technical audiences as well. Andy Lark, Sun's vice president of global communications and marketing, regularly posts his observations on media issues. And the blog of Sun President and Chief Operating Officer Jonathan Schwartz, the most prominent of Sun's blog sites, has become a must-read for members of the press and analyst community looking for Schwartz's views on industry events.

Competitors have also taken notice. Schwartz's Sept. 16 comments on the "death" of HP's Unix operating system, HP-UX, elicited a Sept. 28 letter from HP's legal department calling on Sun to retract Schwartz's comments. Sun's lawyers responded with a letter of their own, arguing that the contents of Scwhartz's blog were merely his opinion.

HP is also toying with the idea of executive blogs. Last week, HP Linux Vice President Martin Fink launched a blog of his own, not on the HP.com Web site, but on the Linuxcio.com domain instead. The first post on Fink's blog was a critique of Sun's Solaris operating system strategy, something much more controversial than the highly technical musings on the HP.com blogs.

Still, HP's Gee said the company may move Fink's blog over to the HP.com Web site. HP executives Nora Denzel, senior vice president of the company's software unit, and Gilles Bouchard, the company's chief information officer and executive vice president of global operations, may also begin blogs, he said.

While corporate blogs may eventually expand beyond their technical audience and become useful ways of addressing partners and customers, analyst Wohl does not recommend that other companies follow Schwartz's example and send their senior executives into the fray. This is a bad idea because the frankness needed for effective blogging may ultimately be in conflict with the legal restrictions on statements from executives at publicly-traded companies, she said.

"I sometimes think that (Schwartz) goes a little bit too far," she said. "When you're talking about your feelings about the computer industry, which your company happens to do business in, then I think it's very difficult for you to claim, 'that was only my personal point of view.'"

Regular blogs from company executives may not be squelched by legal liabilities so much as by the fact that the grassroots popularity of the blogging medium may ultimately be undone by overexposure, said Jonathan Zittrain, a law professor at Harvard University, and co-founder of the Berkman Center for Internet and Society.

"Every time I look at blogging, I see the seeds within it of CB radio in the 80s," he said. While the CB radio turned out to be useful for commercial trucking, the idea that it would be ubiquitous turned out to be false. "We look back and say, what were we thinking? We were all like 'Breaker 1-9'"

HP's blogs can be found at http://devresource.hp.com/blogs/index.jsp.

IBM's DeveloperWorks blogs are located at http://www-106.ibm.com/developerworks/blogs/.

Microsoft's blogs can be found at http://www.microsoft.com/communities/blogs/PortalHome.mspx.

Sun's blogs can be found at: http://blogs.sun.com/roller/

Posted by Chad Dickerson at 05:41 PM

Skulls Trojan attacks Symbian mobile phones

Users of Nokia Corp.'s 7610 smart phone and possibly other phones running Symbian Ltd.'s Series 60 software should be aware of a new Trojan program on the Internet. "We have located several freeware and shareware sites offering a program, called Extended Theme Manager, that contains a Trojan horse," Mikko Hyppönen, director of antivirus research at Helsinki-based F-Secure Corp., said Monday in an interview. "The virus writer is going by the name Tee-222."

The malicious code, called Skulls, deactivates all links to Symbian system applications, such as e-mail and calendar, by replacing their menu icons with images of skulls, according to Hyppönen. Users of affected phones can only send or receive calls, he said.

F-Secure issued a warning on Friday.

Hyppönen said that the Extended Theme Manager program looked "pretty convincing" as a freeware maintenance tool and that many sites had not bothered to verify it or even try it out. Most monitored sites, he said, have since removed the program.

When installing the file "extended theme.sis," Symbian phone users are informed by the operating system (OS) that the software is not Symbian Signed -- a trusted software application program initiated by the OS developer -- and asked if they want to continue, according to Hyppönen.

"This is definitely a good warning but the problem is that any advanced PC user who downloads software regularly sees this kind of warning 99 percent of the time and simply clicks OK," he said. "So the warning isn't really protecting much."

One way to correct the problem, Hyppönen said, is a hard reset, which restores affected phones to their default factory setting. Unfortunately, all private data, such as phone books and calendars, is lost in the process.

Earlier this year, the Symbian operating system software was the target of the Cabir virus, which, like Skulls, transmits a .sis file. But unlike Cabir, which scans for accessible phones within Bluetooth range and makes a copy of itself, Skulls is not self-replicating.

MORE LINKS:

• InfoSync
• The Register
• Symbianblast

Posted by Chad Dickerson at 01:20 AM

November 22, 2004

Google appoints new European head

Google Inc. named its first vice president outside of the U.S. on Monday, tapping a former mobile telecommunications company executive as its new head of European operations. Nikesh Arora, former chief marketing officer and member of the management board at T-Mobile, the mobile arm of Deutsche Telekom AG, will move to Google in early December, the Mountain View, California, company said.

Based in London, Arora will be charged with managing and developing Google's European business as the company moves into a new phase of growth, Google said.

At T-Mobile, Arora was charged with product development and brand and marketing activities in Europe. Previous to that he founded T-Mobile's multimedia subsidiary T-Mobile PLC, and held management positions at Putnam Investments and Fidelity Investments, Google said.

Arora's appointment comes a few months after Google listed itself as a public company, and signalled its intention to further grow its international presence.

Posted by Chad Dickerson at 03:41 PM

Ad server hack spreads worm

Web site visitors who clicked on banner ads on a number of popular European Web sites this weekend could have infected their computers with variants of the Bofra worm, experts warned on Monday. The attacks take advantage of an unpatched buffer overflow flaw in the way Internet Explorer 6 (IE) handles the IFrame tag, and has been confirmed on PCs running Windows XP with Service Pack 1 and Windows 2000, according to a warning posted Sunday on the SANS (SysAdmin, Audit, Network, Security) Institute Web site. Windows XP Service Pack 2 (SP2) is not vulnerable, it said.

The vulnerability allows attackers to gain complete control of a user's computer.

Also on Sunday, U.K. technology news Web site The Register reported that its third party ad serving company Falk AG became infected with the Bofra/IFrame exploit, forcing the Web site to suspend its ads from Falk.

"If you may have visited the Register between 6 a.m. and 12.30 p.m. GMT on Saturday, Nov. 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue," The Register said on its Web site.

According to SANS, there were also reports of sites in Sweden and the Netherlands being compromised by the malicious code.

In the Netherlands, the country's biggest news site, NU.nl, with over 450,000 unique visitors per month, was infected through the ad system of Falk eSolutions AG and served the code to its visitors. Additionally, the other sites of Ilse Media BV, including one of the largest Dutch sites Startpagina, distributed the Trojan horse as well.

Adserver tags and link addresses were manipulated in order to install and execute the malware. User requests were redirected from Falk's servers to the URL (uniform resource locator) "search.comedycentral.com" (199.107.184.146), from where the malicious code was delivered, Falk said in a statement.

Falk denied that its advertisement serving systems were hacked. It said that an attack on a Web-traffic, load-balancing system spread the code. The compromised load balancer redirected about every 30 requests for the Falk's advertisement distribution servers to compromised Web sites that served the malicious code, the company said in the statement.

At least one security expert disputed that claim.

"We saw HTML (Hypertext Markup Language) code that included the exploit code distributed from (Falk's) servers," said Joe Stewart, senior security researcher at LURHQ, a managed security services provider (MSSP) in Myrtle Beach, South Carolina. Either Falk's ad serving systems were compromised by the hackers, or malicious hackers found another way to have their attack code distributed by the German company, perhaps by disguising the code as a legitimate advertisement, then paying Falk to run it, he said.

Given that the attackers may have compromised Web sites like those at comedycentral.com, there's no reason to think that they wouldn't compromise Falk's, as well, Stewart said.

Without more information from Falk or other companies involved in the attacks, including Viacom Inc. , which owns the comedycentral.com domain, it is unlikely the public will know how the malicious code was hidden in advertisements on legitimate Web sites, said Daniel Frasnelli, manager of the technical assistance center at NetSec, a MSSP in Herndon, Virginia.

Falk's competitor Adtech AG released its own statement saying that its adserving system Helios was not affected by the problem.

The attacks all make use of the same vulnerability in Microsoft Corp.'s Internet Explorer Web browser. A problem with the way IE processes Web pages with long strings of characters encoded with the IFRAME HTML tag allows malicious hackers to create a buffer overflow condition and run their own code on vulnerable Windows machines, Stewart said.

IFRAME attacks can be carried out behind the scenes, using IE or Microsoft's Outlook and Outlook Express e-mail programs. Windows users have no indication or warning that their systems are being compromised, he said.

"It's about as bad is you can get for IE exploits," Stewart said.

Microsoft has yet to issue a patch for the IE IFrame hole for users who have not installed SP2. However, some "unofficial" patches have been released, including one from a German security researcher at the Web site, cherryware.de.

The attacks are more bad press for Microsoft's Web browser, which is facing competition from a new generation of browsers such as the Mozilla Foundation's Firefox and Apple Computer Inc.'s Safari browser. Changing to an alternative Web browser is one way to avoid exploitation using the latest attack, according to security experts.

"Microsoft cannot be pleased with something like this," Frasnelli said.

The hit against Falk's service is very similar in style to a June attack on approximately 100 Web sites by a Russian hacking group known as the "hangUP team." The group used a recently patched buffer overflow vulnerability in Microsoft's implementation of SSL (secure sockets layer) to compromise vulnerable Windows 2000 systems running IIS Version 5 Web servers, said Johannes Ullrich, chief technology officer at the SANS Internet Storm Center.

Those attacks also used two vulnerabilities in Windows and the Internet Explorer Web browser to run the malicious code distributed from the IIS servers on machines that visited compromised sites. The code redirected users to Web sites controlled by the hackers and downloaded a Trojan horse program that captures keystrokes and personal data.

These attacks and others, including a September denial of service attacks against Lightbridge Inc.'s payment processing service Authorize.Net, highlight the vulnerability of the Internet to security "choke points." Such choke points comprise low-profile but highly connected Web sites and services that serve content that is trusted by thousands or even millions of other Web sites, Ullrich said.

Posted by Chad Dickerson at 03:40 PM

ICQ joins webmail battles with new service

The increasingly competitive webmail market has a new player: Instant messaging provider ICQ now offers a fee-based service that includes 2G bytes of storage, a calendar feature, task manager, notepad, wireless access and support for both POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol). ICQ, owned by America Online Inc., on Monday will announce the service, which costs US$19.99 per year, said Ronen Arad, ICQ director of product management.

The service also includes spam filtering and blocking, protection against viruses and a 20M-byte ceiling on files sent or received. The service offers a feature that translates messages into seven languages, the ability to compress large attachments and WAP (Wireless Access Protocol) support for access from a mobile device. The features in this webmail service make it a real competitor to services from other providers, such as Yahoo Inc., Microsoft Corp. and Google Inc., whose Gmail webmail is still in beta test.

The ICQ webmail service also has features available for additional fees. One such extra-cost feature lets users send e-mail messages to wireless devices that support SMS (Short Message Service). Another one is a video e-mail service that can be used by subscribers who have a webcam attached to their PCs; the webmail interface has VCR-like controls to record the message, which recipients in turn can play back without additional software on Windows-based PCs.

Meanwhile, ICQ will also announce Monday that its existing free webmail service, which used to be a generic and bare-bones offering, has undergone a significant revamping, Arad said. It now features enhanced message search functionality, virus and spam protection, more ways to manage inbox messages, such as a new folder for drafts and a sent-mail confirmation feature. However, inbox storage for the free service, at only 6M bytes, is low compared with other providers.

ICQ, based in Tel Aviv, is partnering with Mail2World Inc., based in Los Angeles, to provide these webmail services. ICQ signed up Mail2World several months ago, Ronen said. ICQ's former webmail partner was San Francisco-based Critical Path Inc.

More details about ICQ's webmail services are available at http://www.icq.com.

Posted by Chad Dickerson at 03:40 PM

DoCoMo develops Linux-based 3G phones

NTT DoCoMo Inc., Japan's largest mobile operator, has developed a common software platform that can run on both the Linux and Symbian operating systems used in its 3G (third generation) mobile phones, the company said Thursday. Three new handsets announced on Wednesday by the company are compatible with the new platform. The N901iC by NEC Corp. and the P901i by Panasonic Mobile Communications Co. Ltd. use a Linux version of the platform, while the F901iC by Fujitsu Ltd. uses Symbian OS version, according to DoCoMo.

The common platform is designed to cut costs and speed development of difficult-to-make 3G phones, according to DoCoMo. The platform consists of middleware for common services and functions, customized modules for the operating systems, sample device drivers, sample application software, handset emulator software for personal computers, and development guidelines, the company said.

From now on, DoCoMo expects that most or all of its new 3G handsets will run on either Linux or Symbian OS, spokesman Takumi Suzuki said Thursday. Vendors will be able to decide which operating system they adopt.

The company is not pushing development of any other operating systems, he said.

"To tell you the truth, we don't like ... (and) we don't have a plan to invest in (Microsoft Corp.'s) Windows," he said. "Windows is not for the mobile space, the files are big."

The handsets announced this week are the end results of two joint projects to develop phones based on the common software program: one between DoCoMo, NEC and Panasonic; and one between DoCoMo and Fujitsu, according to Suzuki.

The N901iC is the first mobile phone made by NEC that uses Linux, according to spokeswoman Akiko Shikimori. The common platform will help NEC more easily add third-party application software into future 3G mobile phones. NEC is also considering placing Linux on future 3G handsets for the international market, she said.

"We can't say that every single 3G phone from now on will have Linux, but most of them will," she said.

Panasonic's future Linux-based phones will be primarily for the Japanese market, but the company also plans to use Linux for models for international sale, said spokesman Wilson Solano.

"Linux is for phones for the domestic market first and foremost, then for phones for overseas," he said.

MORE LINKS:

• News.com
• Slashdot
• Linux News

Posted by Chad Dickerson at 12:55 AM

November 20, 2004

Nintendo and Sony battle for the handheld

It's the fight computer gamers have been waiting for. But the latest duel between wise old master Nintendo and challenger Sony is not taking place on a TV screen. This real-life fight begins on Sunday and pits Nintendo against Sony Computer Entertainment. Their weapons of choice: for Nintendo it's the DS (Dual Screen) and for Sony, the PSP (PlayStation Portable).

Nintendo has effectively owned the portable gaming space with its Game Boy for the last several years but that position is now facing a threat. Sony is attempting to do with the PSP what it did in the console gaming space with the PlayStation: enter as a newcomer and ascend to the top position.

The console fight played out in the latter half of the 1990s--a time when Nintendo and Sega dominated the console gaming market with positions that seemed unassailable. Like a fast-action move in one of its video games, Sony went for the jugular of both companies and in the end only Nintendo was left standing. Sega was ousted from the hardware side of the market in 2001 and earlier this year announced it was merging with Sammy, a Japanese Pachinko pinball machine maker.

The Nintendo DSThere's a lot riding on the success of the DS. Consumers will get their first chance to pass judgment on the system on Sunday, when it makes its world debut in the U.S.

The DS is a clamshell device that unfolds to reveal a pair of 3-inch LCD screens, one of which is touch-sensitive. Together with a microphone that's embedded into the device, Nintendo is hoping the two will add new angles to game-play by allowing feedback by touch and voice in addition to using the control pads.

Nintendo has already demonstrated a game called Nintendogs that features a digital dog and involves the player calling out instructions such as to roll over or sit. If the dog obeys, the player can reward it be stroking its head or rubbing its belly using the touch-sensitive screen.

Look a little deeper into the system and you'll also find support for wireless LAN. This can enable the creation of ad hoc networks reaching up to 30 yards from the device. Depending on software support, two or more users with the same game can play against each other via the wireless link. An innovative feature is game sharing which allows two users to share a single game cartridge and play against each other. This is only available on certain titles.

The network also supports a chat function. An application called PictoChat, built into each DS, allows up to 16 users within wireless range to create an ad hoc network and participate in a group discussion. A stylus and on-screen keyboard are used to type messages into the system.

But what of the challenger?

Sony has promised to launch the PSP in the U.S. before the end of March, but in Japan it will go on sale on December 12, less than two weeks after Nintendo launches the DS there. Sony has already been showing it to prospective users.

The PSP is easy to hold, with control pads located either side of its bright, wide-screen 4.3-inch display. Sony is promising users all of the performance of the PlayStation 2 console but in a handheld form. Users at the Tokyo Game Show were impressed.

Like Nintendo, Sony has also built in a wireless LAN function that can be used for wireless games.

Games in the PSP will be packaged on a new format called UMD (Universal Media Disc). UMDs are 2.4-inch diameter optical discs encased in cartridges, and can hold up to 1.8GB of data.

The PSP will support versions of UMD discs for games, audio content and video content. UMDs featuring mixed game, audio, and video content are expected on the market during the second quarter of 2005, Sony says.

Already, one of the hottest discussion points among potential users is the PSP's battery life. Staff on the company's booth at the Tokyo Game Show who were demonstrating the device said they were getting a battery life of around 2 hours--much shorter than the 6 to 10 hours for the Nintendo DS. Sony later said that it had measured the battery life at 4 to 5 hours--so all eyes will be on the real-world performance reported by its first users next month.

Nintendo's DS will cost $150 in the U.S. Sony has yet to announce U.S. pricing for the PSP, but it will cost the equivalent of about $190 in Japan. That's quite a bit lower than analysts had originally predicted, and will no doubt be welcomed by users who usually have to pay a premium for early versions of new products.

MORE LINKS:

• Reuters
• Houston Chronicle
• CNNMoney

Posted by Chad Dickerson at 07:49 PM

FCC approves first software-defined radio

A technology that could transform wireless communications got a boost on Friday when the U.S. Federal Communications Commission (FCC) announced its first approval of a software-defined radio. The Vanu Software Radio GSM Base Station from Vanu Inc. can support multiple cellular technologies and frequencies at the same time and can be modified in the future without any hardware changes, according to Vanu Chief Executive Officer Vanu Bose. Software-defined radios like Vanu's could lower costs and provide new flexibility in wireless networks, IDC analyst Shiv Bakhshi said Friday.

Traditional radios are hardware components built for a particular frequency range, modulation type and output power. Software-defined radios (SDRs) consist of a flexible radio controlled by software running on a computer or device. The concept goes beyond cellular base stations to other types of radios, such as handheld devices that can switch from one network to another to suit a particular application or environment.

The FCC applauded the technology in a Friday statement on the approval. Software-defined radios can help users share limited airspace and prevent interference, the FCC said.

Vanu's GSM (Global System for Mobile Communications) base station is a Hewlett-Packard Co. ProLiant server running Linux, coupled with an ADC Telecommunications Inc. Digivance radio subsystem. Using an off-the-shelf server and standard operating system allows Vanu to ride the declining cost curve for processing power, Bose said. Though the price of the current product is close to that of conventional base stations, according to Bose, the equation is expected to change.

"It is going to change the entire cost structure over time," IDC's Bakhshi said. In fact, the new approach is so revolutionary that it's hard to know what benefits will come of it, he said, comparing it to the change from analog to digital cellular networks. Though large operators will not make the switch quickly from their conventional radio networks, some have signaled interest in the technology, Bakhshi said. Cingular Wireless LLC, Orange PCS Ltd. and NTT DoCoMo Inc. all are members of the SDR Forum industry group, along with Intel Corp., Motorola Inc. and other infrastructure companies.

Vanu, based in Cambridge, Massachusetts, is first targeting small, rural operators, Bose said. Those carriers want to support multiple cellular technologies so they can secure roaming agreements with more than one major operator, he said. Software-defined radios let them do that without investing in new hardware each time they add a new technology. For customers of the major operators, that should mean better coverage, Bose said. Vanu launched a trial with Mid-Tex Cellular Ltd. last year and is now installing its base stations on the De Leon, Texas-based operator's network. Bose believes the company is two years away from a direct sale to a top-tier U.S. carrier.

The FCC was supportive during the approval process, according to Bose. Its main concern was ensuring that software-defined radios don't cause harmful interference, he said.

Outside the U.S., software-defined radios could be a boon to mobile operators in less-developed countries, Bose said. The technology provides the flexibility to combine different grades of hardware and software to strike the right balance between cost and network resiliency. Most cellular systems today ensure 99.999 percent, or "five nines," reliability, he said.

"For certain areas, such as rural or developing areas, five nines is overkill because it prices the network right out of the market," Bose said. "Now they can make a choice.

Posted by Chad Dickerson at 05:23 AM

November 19, 2004

Internet tax moratorium clears Congress

The U.S. House of Representatives on Friday approved a compromise version of a moratorium on Internet-only taxes, the last step needed before the bill is sent to President George Bush. The compromise, worked out with the Senate earlier this week, extends for three years an Internet tax ban that expired Nov. 1, 2003. The original version of the Internet Tax Nondiscrimination Act, passed by the House in September 2003, would have permanently extended a five-year congressional moratorium on taxes unique to the Internet, such as taxes on access or bandwidth.

Bush expressed support for an Internet tax moratorium during the recent presidential campaign and is expected to sign the bill into law. Bush and other supporters of the moratorium say it is needed so the Internet will continue to grow and to help the U.S. economy.

The version of the bill that will go to Bush addresses an issue that held the legislation up in the Senate. The new version allows states and cities to continue to collect taxes on telephone services, even if the calls are made over the Internet.

After the House passed the first version of the bill, a group of senators lead by Lamar Alexander, a Tennessee Republican, and Tom Carper, a Delaware Democrat, criticized the bill for potentially allowing telecommunications carriers to avoid billions of dollars in taxes as they move more traffic to VOIP (voice over Internet Protocol) services.

The compromise version of the bill also allows states already collecting taxes on Internet access to continue that for up to four years, according to a press release from Alexander.

"The end result isn’t perfect, but it is a big victory for states and for enhancing the development of the Internet," Carper said of the compromise bill in a statement released this week. "More than a year ago, the Senate was prepared to pass legislation that would have done irrevocable harm to state and local governments. But the compromise we worked out will do minimal harm to states, while also protecting consumers from taxes on their monthly Internet bills."

Several tech-related trade groups praised the bill's passage after more than a year of debate, but the Computing Technology Industry Association (CompTIA) called on Congress to make the ban permanent and to prohibit telecommunications taxes on VOIP. The bill is "a good start, but a starting point nevertheless" for the 109th Congress that begins in early 2005, CompTIA group director of U.S. public policy Roger Cochetti said in a statement.

The passage of the bill is a "huge win for consumers," added Walter B. McCormick Jr., president and chief executive officer of the United States Telecom Association. "In today’s information-based economy, this legislation ensures that consumers will benefit from more competition, increased investment and new innovative services," McCormick said in a statement.

Posted by Chad Dickerson at 11:18 PM

Firefox lights up Web browser world

Firefox 1.0 appears to have sparked new activity in the Web browser market. The release of the open-source Web browser by the Mozilla Foundation last week prompted Microsoft Corp. to break the silence about Internet Explorer (IE) and America Online Inc. (AOL) is breathing more life into the Netscape brand with a preview of a new Firefox-based browser scheduled to be unveiled on Nov. 30.

Microsoft has no plans to release a new version of IE until the next version of Windows, code-named Longhorn, due out in 2006. Still, the Redmond, Washington-based company says it has the option to add features to IE by way of the browser's add-on technology, said Gary Schare, director of Windows product management at Microsoft.

"It is an option for the Internet Explorer team to add functionality in between releases. We do not have specific plans at this point to use it, but it is an option," Schare said. Microsoft's MSN group already uses the add-on mechanism for its MSN Toolbar.

Microsoft has not released a completely new version of IE in years. Windows XP users recently got a browser upgrade with Service Pack 2 (SP2) for Windows XP. SP2 included features such as pop-up blocking and security enhancements, but those updates won't be made available for IE on earlier Microsoft operating systems, Microsoft has said.

While some people working on IE at Microsoft are maintaining the current version of the browser, most of the team members are focused on IE for Longhorn, Schare said. The Longhorn browser will include new features, improved security and privacy features and better support for third-party developers, he said.

For end-user features, Microsoft is looking at better ways to manage favorites and tabbed browsing, a feature to improve the browsing experience by consolidating multiple Web pages into a single window organized with tabs, Schare said. "Basically making IE a more functional and feature rich browser," he said. Firefox and other browsers that compete with IE already offer tabbed browsing.

Meanwhile AOL's browser unit Netscape Communications is preparing to preview a new browser based on Firefox. "It is based on Firefox, but will be Firefox Plus, it has got improvements beyond Firefox," AOL spokesman Andrew Weinstein said.

The preview, a so-called alpha release, is due on Nov. 30. The new browser and a new e-mail client will eventually replace the current Netscape offering, Weinstein said. He declined to detail product details.

AOL released Netscape 7.2 in August, but that product is based on Mozilla 1.7, a suite of products that includes a browser, e-mail client, Internet Relay Chat client and Web page editor.

Riding a continued high, the Mozilla Foundation keeps counting Firefox downloads, which hit 4.7 million on Friday morning, a spokesman said.

The rise of Firefox, first introduced in February this year when Mozilla renamed its Firebird project, has been remarkable. The browser held 3 percent market share at the end of October, according to WebSideStory Inc. The Mozilla Suite, Netscape and Firefox together held 6 percent of the market at the end of October, up from 3.5 percent in June.Though losing share, IE still dominated with 92.9 percent of the market, according to the San Diego Web metrics company.

Firefox is the Mozilla Foundation's stand-alone browser. The Mozilla open-source project was started in early 1998 by Netscape, which was acquired later that year by AOL. Last year, the people behind Mozilla created a foundation, largely funded by a $2 million pledge from AOL, to build, support and promote Mozilla products. MORE LINKS:

• InformationWeek
• LinuxInsider
• InfoWorld

Posted by Chad Dickerson at 11:17 PM

Yahoo, SBC extend partnership, plan new services

Yahoo Inc. and SBC Communications Inc. will collaborate to extend to cell phones and home entertainment devices some of the online services and content they currently provide to PC users. The two companies, which have provided co-branded DSL (digital subscriber line) and dial-up Internet service since 2002, announced Thursday they have agreed to continue that partnership and extend it with new services that will be available next year.

Subscribers to the co-branded DSL and dial-up services receive not only Internet access, but also a variety of complementary services, such as e-mail, security tools and multimedia content.

The planned new services include:

-- Project Lightspeed and Home Entertainment, for extending to home entertainment devices, such as television sets and stereo equipment, Yahoo-SBC services and content, such as video on demand, Internet radio and online photos.

-- Cingular Wireless LLC, for extending Yahoo-SBC content and services to Cingular Wireless subscribers.

-- SBC FreedomLink Wi-Fi, for integrating Yahoo-SBC content and services with the SBC Wi-Fi service.

The companies' initiative is a clear attempt to move Internet services and broadband content beyond a PC's boundaries. Users increasingly expect to have access to Internet services and content from wireless devices and consumer electronics products.

A race is brewing in the IP (Internet protocol) television segment between Yahoo and Microsoft Corp.'s MSN, with Yahoo grabbing an early lead, one analyst said.

"I see IP TV as a venue for all types of new content," said Allen Weiner, a Gartner Inc. analyst. Weiner predicted that Yahoo would begin "creating all kinds of new content" in the future, both as a TV producer and as a TV network.

Microsoft's MSN is in a position to challenge Yahoo, but "Yahoo is well ahead of MSN" in this space right now, Weiner said.

The companies didn't provide information on when next year these services might be available or at what price.

Posted by Chad Dickerson at 04:02 PM

Google sees benefits in corporate blogging

Google Inc., which implemented an internal Web log system behind its firewall about 18 months ago, has seen tremendous benefits from it and may in the future consider providing tools and expertise for this purpose to interested clients, a Google executive said. Google deployed an internal blog for its employees shortly after acquiring the blogging service Blogger in early 2003, and since then Google staffers have found many useful and creative ways for the internal blog, said Jason Goldman, Blogger product manager at Google.

"Since then, we have seen a lot of different uses of blogs within the firewall: people keeping track of meeting notes, people sharing diagnostics information, people sharing snippets of code, as well as more personal uses, like letting co-workers know what they're thinking about and what they're up to," Goldman said. "It really helps grow the intranet and the internal base of documents."

Google executives have talked in the past about the company's internal Blogger implementation, called Blogger in Google (BIG), and a Google employee even posted a screenshot of a BIG page last year at http://www.shellen.com/gallery/big_screenshot800px.gif.

Asked if Google would be open to providing software and consulting to companies interested in deploying an internal Blogger version, Goldman was non-committal but didn't close the door on the possibility either. "Sure, it may. If the right business relationship existed, that could be a great opportunity. But it's not something we have specific plans around right now," he said.

It's unlikely that Google will develop a version of Blogger that would compete head-to-head against enterprise document management products, but it's very possible Google will give Blogger some features in the future to make it more attractive for business use, said Allen Weiner, a Gartner Inc. analyst.

Ultimately, vendors will approach the emerging enterprise blogging market from two angles, Weiner said. First, there will be the enterprise document management vendors and the enterprise publishing software vendors tweaking their industrial-strength products to support blogging functionality. These companies will cater to organizations that need security, rich functionality and IT control. Second, there will be more lightweight products such as Blogger, which will do just fine for organizations that approach blogging from a more casual perspective.

What is undeniable is that there is a growing interest among businesses towards blogs as business communication tools, particularly among IT departments, Weiner said. "The mandate of IT organizations today is to do more with less, so the better they can communicate and share things, the more efficient their operations will be," he said. "There's a huge benefit in blogging for companies implementing IT projects. It's going to be a growing trend over the next couple of years."

Posted by Chad Dickerson at 04:02 PM

Study finds e-voting irregularities in Florida

Voting irregularities in three Florida counties that used electronic voting machines may have awarded more than 130,000 votes to President George Bush in this month's election, according to researchers at the University of California, Berkeley. The Berkeley researchers claimed on Thursday that their findings raise questions about the accuracy of voting results in Broward, Palm Beach and Miami-Dade counties, all of which have more voters registered as Democrats than Republicans. According to statistical models, voters in those three counties delivered more than 130,000 votes to Bush than were expected by a post-election analysis, the researchers maintain.

"Something went awry with electronic voting in Florida," said Michael Hout, a sociology professor, who led the research effort.

Hout said that the odds of the Florida irregularities happening by chance were less than one in a thousand and he called for an examination of the results. "It's like a smoke alarm and it's beeping," he said. "We call upon the voting officials in Florida to determine whether there's a fire."

The irregularities did not account for enough votes to give the state to Democratic challenger John Kerry, who lost to Bush in Florida by more than 377,000 votes.

To obtain their results, the Berkeley researchers analyzed publicly available voting data from all of Florida's counties using a technique called multiple-regression analysis, which accurately identified butterfly ballot problems in Palm Beach County during the 2000 election, Hout said.

The technique involves building a statistical model to predict voting patterns based on a number of factors, including history of voting, median family income, age and race. Hout's team conducted their study using data compiled from the Nov. 2 election.

"We noticed that three counties stood out from those expectations," Hout said. "These were counties that had a significant departure from what we would expect, statistically, given the patterns in all those other counties."

Using their statistical model, Hout's team forecast that Bush should have received 28,000 fewer votes in Broward County than he received there in 2000. However, Bush received 51,000 more votes than he did four years ago. In Palm Beach County, where Bush gained 41,000 votes, the Berkeley research suggested a loss of 8,900 votes. For Miami-Dade County the research showed Bush should have gained 18,400 votes. In fact, he gained 37,000 votes.

The counties in question used e-voting machines manufactured by Election Systems & Software and Sequoia Voting Systems Inc.

The model found an even larger discrepancy when certain factors weighing the data in Bush's favor were removed, Hout said.

The team did not, however, find this level of irregularity in 12 other Florida counties that used e-voting machines, he said.

Hout was unable to explain why some e-voting counties would experience irregularities while others did not, but he said that the irregularities were more likely to occur in counties that voted for Democratic candidate Al Gore in 2000. "This becomes an important clue that investigators who know something about both the software and the hardware can use," he said.

The Berkeley study also appeared to debunk speculation about voting irregularities in several heavily Democratic counties that voted Republican in the 2004 election. After applying the statistical model to Dixie County and Baker County, both of which bucked party affiliations and voted overwhelmingly for Bush, Hout's team found nothing amiss. These counties, which used paper ballots that were optically scanned, have historically voted Republican in national elections, Hout said.

Hout's researchers also examined the election results in the hotly contested state of Ohio and found no irregularities there. "Our results do indicate that Ohio probably did get it right," Hout said.

A spokesman for the Information Technology Association of America, (ITAA) an IT vendor group, dismissed the Berkeley results, saying that the study appeared to ignore the political, social and economic factors that affected the vote. "It is unclear to us that the technology, which is the one factor the authors appear to have focused on for this study, should be viewed as causal above the many other factors that could affect a voter's decision," said Charles Greenwald, an ITAA spokesman in an e-mail interview.

Greenwald also criticized the study for not being peer reviewed.

The Berkeley research has already been informally reviewed by academics at Harvard University, and will no doubt be scrutinized now that the results are posted on Berkeley's Web site, Hout said. He declined to provide the names of researchers outside of Berkeley who were familiar with the results, saying they asked not to be identified. The results can be found at http://ucdata.berkeley.edu.

Because there is no paper audit trail for the e-voting machines used in Florida, it may be difficult to ultimately explain the irregularities. "Our statistical approach is just about the only way we have to uncover what went on in Florida or in any other state that uses e-voting as it exists today, except Nevada where there is a paper trail," Hout said.

Posted by Chad Dickerson at 04:02 PM

Sohu.com's president to step down next year

Victor Koo, the president and chief operating officer of Chinese Internet portal Sohu.com Inc., will step down from his position next year, the company said Friday. Koo, who has held a variety of senior positions at Sohu.com since joining the company in 1999, has resigned to pursue "entrepreneurial business opportunities," the company said in a statement.

Koo's resignation will become effective on March 31, 2005, the statement said. Following that date, Koo will remain an advisor to Sohu.com for six months, it said.

During his tenure at Sohu.com, Koo was credited with helping to grow the company's advertising business and expanding the company's business scope, the statement said.

Instead of appointing a replacement for Koo, the company will divide his current responsibilities among the heads of each of Sohu.com's business lines, such as advertising and online gaming, said Caroline Straathof, a spokeswoman for the company in Beijing.

Under this structure, the heads of each business group heads will now report directly to Charles Zhang, the company's chairman and chief executive officer (CEO), she said.

Posted by Chad Dickerson at 04:02 PM

Vodafone, Optus agree on shared 3G network in Australia

The Australian mobile carrier units of Vodafone Group PLC and Singapore Telecommunications Ltd. have agreed to roll out a combined third-generation (3G) cellular network in the country, they said Friday. The deal between Vodafone Australia Ltd. and SingTel Optus Pty. Ltd. builds on a preliminary agreement reached in August this year and will see the two companies jointly share frequency spectrum and about 2,000 base stations, they said in a statement.

The two carriers hope to save money by sharing the cost of building the WCDMA (Wideband Code Division Multiple Access) network. The initial build-out of the 2,000 base-station network covering six major Australian cities is estimated to cost about A$435 million (US$339 million) and Optus said it expects its investment to drop by around A$100 million as a result of working with Vodafone.

Construction has already begun with a view to launching the network in the third-quarter of 2005. It will initially be available in Sydney, Melbourne and Canberra and then be rolled out in Brisbane, Perth and Adelaide, they said.

The network will use a system from Nokia Corp. called Multi-Operator Radio Access Network (MO-RAN) that enables a single 3G network to be shared by more multiple operators.

The agreement is conditional on necessary regulatory approvals and clearances, including authorization from the Australian Competition and Consumer Commission (ACCC).

Posted by Chad Dickerson at 04:02 PM

November 18, 2004

RIAA files 761 new file-trading lawsuits

The Recording Industry Association of America (RIAA) has filed new lawsuits against 761 people who allegedly use peer-to-peer (P-to-P) software to trade music files without permission, the trade group announced Thursday. The lawsuits included users of the eDonkey, Limewire and Kazaa services, as well as 25 people using university Internet connections to distribute music files. American University in Washington, D.C., Boston College, Iowa State University and the University of Massachusetts were among the college networks used by those sued.

The RIAA believes that partnerships between universities and pay-for-music download services have in part come about because of the trade group's legal strategy, RIAA president Cary Sherman said in a statement. At least 20 U.S. universities signed agreements with pay-for-music services as of August, and more signed agreements since then, according to the RIAA.

"The lawsuits are an essential educational tool," Sherman said in a statement. "They remind music fans about the law and provide incentives to university administrators to offer legal alternatives."

Since September 2003, the RIAA has filed more than 7,000 lawsuits, including more than 2,200 lawsuits announced since Oct. 1, against alleged file traders.

The new RIAA lawsuits come on the heels of another group of lawsuits announced this week by the Motion Picture Association of America Inc. (MPAA). The undisclosed number of MPAA lawsuits were aimed at P-to-P users who allegedly distributed movies without permission.

MORE LINKS:

• CNet
• Collegiate Presswire
• The Standard

Posted by Chad Dickerson at 09:14 PM

Microsoft, Yahoo extend contract for Web ads

Microsoft Corp. has extended its partnership with Yahoo Inc. to deliver sponsored search results on its U.S. and international MSN sites, despite the software maker's recent declarations that it intends to be a major force in the search market. Microsoft has extended until June 2006 its agreement with Yahoo subsidiary Overture Services Inc. to deliver the pay-for-performance results, it said Thursday.

The agreement was initially undertaken in 2001 and was due to expire in June 2005, an Overture spokeswoman said. There has been no changes to the terms of the contract, the spokeswoman said. Financial details were not disclosed.

Microsoft's decision to lengthen its search partnership with Yahoo comes at a time when the software maker is sharpening its own tools and expertise in the area. Microsoft rolled out a beta of its long-awaited search technology last week, while company executives proclaimed their intentions to take on search leaders Google Inc. and Yahoo.

Experts have said that the Redmond, Washington, company's search technology as still in callow form, however, and this factor may have contributed to the decision to extend its agreement with Yahoo.

Under the extension, Overture will continue to provide sponsored results to MSN sites in the U.S., Canada, Europe and Asia.

Posted by Chad Dickerson at 03:25 PM

New Google Scholar search service aimed at academics

Google Inc. on Thursday formally launched a new search service aimed at scientists and academic researchers. Google Scholar is a free beta service that allows users to search for scholarly literature like peer-reviewed papers, theses, books, preprints, abstracts and technical reports, the Mountain View, California, company said.

The new service accesses information from resources such as academic publishers, universities, professional societies and preprint repositories, it said.

Because the service automatically analyzes and extracts citations and presents them as separate results, users can find references to older works that may only exist offline in books or o