Archive for March, 2008

2 Minute Hack for Mac

Leopard has been hacked in under two minutes using a flaw in Safari, while Vista and Ubuntu continue to stand firm.

The competition took place at the CanSecWest security conference in Vancouver, and pitted hackers against three laptops running Vista Ultimate SP1, Leopard OS X 10.5.2 and Ubuntu 7.10 to discover which was the most vulnerable.

A MacBook Air running a fully-patched version of Leopard succumbed in under two minutes, hacked by security researcher Charlie Miller who used a technique similar to a phishing attack, which involved clicking a link to a website containing malicious code, which allowed him to remotely access the machine.

Miller had been working on the exploit in the three weeks following the announcement of the challenge. He previously made a name for himself hacking the iPhone, though the Leopard exploit was far more lucrative bagging him a £5,000 prize from sponsor Tipping Point, who has notified Apple of the flaw.

At the time of writing both Vista and Ubuntu have yet to be compromised.

Source – PC Pro


The £10 device that could rescue your broadband connection

BT Wholesale is close to launching an inexpensive new device that could radically improve the speed of ADSL broadband connections.
The telecoms giant claims that electrical interference from household objects – including televisions, set-top boxes and even Christmas tree lights – can reduce a broadband connection to a crawl.

Faulty or leaky power supplies from the electrical equipment interferes with the “Bell Wire” running around the home, creating excessive noise on the line.

However, BT has been trialling a device called an Interstitial Plate – or iPlate – that will slot into the master telephone socket and largely eliminate the noise, providing a significant boost for broadband speeds.

BT Wholesale demonstrated the technology to journalists today at its Gatwick headquarters. It showed how an ADSL connection running at 3.8Mb/sec was reduced to just 700Kb/sec when a nearby fluorescent lamp with a faulty power supply was turned on. When the iPlate was fitted to the master socket, the connection returned to its normal speed.

BT says it’s been trialling the device with around 1,000 customers with connection problems and has been very pleased with the results. “We’ve seen huge increases in speed,” claimed Ashley Pickering from BT Wholesale’s broadband access solutions team. On average, it makes one and a half megs of difference.”

Pickering says he expects the device to be launched within the next few months, with a retail price of around £10. The device can be fitted without the services of an engineer, simply by unscrewing a plate in the master socket and slotting the iPlate in. BT says it expects ISPs to distribute the device freely to customers with connection problems, saving on the expense of support calls and engineer visits.

Source – PC Pro


Vista SP1 horror

Vista SP1 horror stories start to appear 11:54AM, Wednesday 19th March 2008
The first Service Pack for Windows Vista appears to be creating more problems than it solves for a number of users.

PC Pro reader Douglas Tresias emailed us this morning, claiming the Service Pack had rendered his PC inoperable. “Started installing at 7.15am this morning on a HP with Vista Home Basic less than six months old,” he wrote. “SP1 failed to install. Machine started to reset back to previous state. Computer still not usable three hours later.”

The Official Windows Vista blog also contains several tales of woe among the many congratulating Microsoft for a fine job.

“I have installed Vista SP1 today, now I have no sound and my DVD drive doesn’t work,” reports one user.

“I installed Vista SP1 after seeing it on Windows Update last night. In retrospect, not my finest decision,” writes another unhappy customer. “What a disaster! It exiled all of my Nvidia drivers to the Bermuda Triangle… they’re simply all gone. OK, no big deal, go to the Nvidia site, download the latest drivers, install and nada. Zip, zilch, nothing changes… the install fails… every time.”

Others claim that SP1 – which is meant to improve system performance – is actually having the reverse effect. “Isn’t a Service Pack suppose to fix issues?” another user comments on the Windows blog. “[I] went from using 650MB of RAM idle to 1 gig… I’ll be be switching back.”

Microsoft was unable to comment on any potential problems with SP1 at the time of writing.

The Windows blog also carries several complaints from users who have been blocked from downloading the Service Pack because of known driver issues. Microsoft said last month that “As updates for these drivers become available, they will be installed automatically by Windows Update, which will unblock these systems from getting Service Pack 1.

“The result is that more and more systems will automatically get SP1, but only when we are confident they will have a good experience.”

Source PC Pro


Half of broadband subscribers unhappy with service

Half of all broadband customers are dissatisfied with their service, according to a new report.
The survey conducted by Uswitch ranked nine internet service providers and found that the gap between best and worst is widening, with a difference of almost 21% in customer satisfaction scores – an 8% increase on the year before.

Topping the list is PlusNet, which won the survey’s Best Overall Provider accolade by polling 86% in customer satisfaction. Resting at the foot of the list is Orange, with the survey claiming that over a third of its customers were unhappy with the service they were receiving.

Sky continued its ascent, clambering above arch rival Virgin Media in the rankings with an 81% customer satisfaction score. Virgin Media held steady with three quarters of its customers satisfied, but losing ground on value for money, customer and technical support.

Outside the big winners customer satisfaction scores slipped across the board, with the big losers being Pipex which slipped 9% to 45% and AOL dropping 6% to 59%.

No more excuses

“The ISPs used to put these problems down to teething problems, but it’s been seven years now,” says Uswitch spokesperson, Charlotte Nunes. “The technology’s bedded down and customers expect more than they did. Broadband is an essential part of people’s lives now, they depend on it and so when things go wrong they expect their ISP to sort it out.”

“Companies like TalkTalk have invested a lot of money in their customer service, it’s better now but it’s still got a way to go. But some companies like Orange are still charging premium rates for technical support and that’s a big part of why people are dissatisfied. We’d certainly like to see Orange making the same sorts of promises on technical support we’ve seen from TalkTalk.”

However, Orange says it’s on the right track.

“Our own customer satisfaction research, along with independent testing of our service, has revealed extremely positive findings,” claims an Orange spokesperson.

“This has come as a direct result of us having recently taken steps to improve our network capacity and customer services, which included investing heavily in our teams and we will continue to do so.

“Our focus is on getting things right for our customers and we shall continue working to improve the levels of service we provide as well as to offer clear, value for money propositions.”

Source – PC Pro


Vista SP1 ready for retail

Microsoft looks set to make Vista Service Pack 1 available this week.
The company said last month that it would release SP1 in mid-March, giving it time to deal with a series of driver bugs discovered in the beta testing phase.

Now, it seems retailers are preparing for the full launch this week. A search on Amazon reveals that pre-packaged retail versions of Vista with SP1 will be released on 19 March.

Curiously, Amazon says the Vista SP1 products won’t be released until 4 April, suggesting that either the British arm of the web retail giant has failed to update its release dates or that British buyers may be in for a longer wait for the full retail versions to go on sale.

However, rival British retailer Dabs says that Vista SP1 boxes will be ready for delivery for within 3-5 days.

Rumours also suggest that Vista owners will be able to download the Service Pack from Tuesday, giving them a narrow headstart over retail buyers.


Mass Hack of 10,000 web pages

More than 10,000 web pages have been booby trapped with malware in one of the largest attacks of its kind to date.

Compromised web pages include travel sites, government websites, and hobbyist sites that have been modified with JavaScript code that silently redirects visitors to a site in China under the control of hackers.

Miscreants likely reprogrammed the web pages after scanning the net for insecure servers.

The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer, and other applications to break into insecure PCs, according to an analysis by net security firm McAfee.

Components of the malware attempt to steal passwords to online games while others leave a back door that allows the installation of additional malicious programs.

McAfee Avert Labs first spotted this attack on Wednesday, 12 March. Of the 10,000 pages that were compromised, a number have already been cleaned up.

A single organisation or small group is likely behind this attack, as the malicious code on all these pages is served up from the same server in China.

Craig Schmugar, threat researcher at McAfee Avert Labs, said the attack illustrated that the conventional wisdom that surfers are safe providing they stick to trusted sites (and away from warez and porn) no longer holds true.

“Often you hear warnings about not going to untrusted sites,” said Schmugar. “That is good advice, but it is not enough. Even sites you know can become compromised. You went to a place before that you trust, but that trust was violated through a vulnerability that was exploited.”

Source – The Register


Microsoft submit Windows 7 to US Gov

Microsoft has submitted an early version of Windows 7 to the US government, sparking speculation that the successor to Vista may arrive sooner rather than later.
According to court filings, Microsoft has handed over a test version of the next-generation operating system to a technical committee that is overseeing Microsoft’s compliance with its antitrust settlement.

“The TC [technical committee] has begun to review Windows 7 itself. Microsoft recently supplied the TC with a build of Windows 7, and is discussing TC testing going forward,” the report states. “The TC will conduct middleware-related tests on future builds of Windows 7.”

Microsoft has said very little publicly about either the contents or the release date of Windows 7. The new operating system was initially expected to arrive next year, although recent reports have suggested that launch date could be pushed back to 2010 or even 2011.

The fact that the US government has (presumably) a working version of the software indicates that Microsoft might be looking at next year after all. Given the current lack of enthusiasm for Windows Vista, Microsoft will certainly be keen to get Windows 7 into the market as soon as possible, although it certainly can’t afford another lacklustre release.

A “wishlist” of Windows 7 features was leaked last year, giving a few potential clues to features that could arrive in the new operating system, including a virtual desktop and a tabbed Windows Explorer.

Source – PC Pro


MIT Future Tech List

The MIT Review has revealed its list of the ten emerging technologies which it believes are likely to make the biggest difference to the way we live.
Among the more interesting innovations is a wireless power technology that could allow devices such as mobile phones and MP3 players to recharge automatically, simply by coming within range of a wireless power source.

Another of the standout technologies are “probabilistic chips”. The premise runs that for video and audio applications, processors are not being asked to return a correct answer, thus the chip doesn’t have to be 100% accurate. This could allow the voltage to be lowered, leading to significant power savings.

Among the other innovations are transistors made of grapheme, a carbon material one atom thick, which apparently has amazing conductive properties and could replace silicon paving the way for faster and smaller electrical devices.

Another enterprising group has developed tiny radios built from single nanotubes, which could lead the way to other nano-technology including medical devices capable of being injected into the bloodstream to deliver drugs directly to targeted organs.

Source – PC Pro


Voice Over IP Market Report 2008

Every industry has a story, and VoIP’s story circa 2008 is about a technology with growing business adoption, modest consumer success and an increasing dominance of the U.S. residential market by cable providers.

What follows are a few statistical highlights of where VoIP stands in these three areas today.

Enterprise VoIP

In 2005, the big news in VoIP was that U.S. revenues had finally broken the $1 billion mark, raising the question, “Is VoIP finally here?” But in 2007, the big news was that just over $1 billion in traditional PSTN (public switched telephone network) PBXes were sold, for what Infonetics Research speculated might be the last time ever. At least for enterprise deployments, the question about VoIP has become, “Is PSTN still around?”

Of course, IP PBX systems have been stealing PSTN’s market share for some time, but in 2007, hybrid IP PBX systems made up two-thirds of all lines shipped, while pure IP systems alone accounted for 18 percent. In addition, MarketResearch.com reported that 50 percent of global telecom traffic is now handled over IP, and it predicted this figure would increase to 75 percent “in a few years’ time.”

These figures jibe nicely with Garrett Smith’s anecdotal report that sales of enterprise VoIP systems are getting both larger and easier to close — roughly 20 times the rate of a year ago.

Consumer VoIP

However, consumer VoIP adoption remains modest worldwide — Infonetics reported just under 80 million VoIP subscribers worldwide in 2007, with the strongest adoption rates in the Asia Pacific region. That said, MarketResearch.com predicted that total VoIP subscribers would rise to 135 million in 2011, and London-based research firm Disruptive Analysis Ltd. predicted a mobile-VoIP market that will rise from today’s essentially zero users to 250 million users by 2012. Disruptive Analysis reasoned that mobile providers are unlikely to keep running separate voice and IP networks in parallel and will choose IP by default.

In December 2007, German Internet-traffic-management-systems provider Ipoque sampled three petabytes of anonymous data from Australia, Eastern Europe, Germany, the Middle East and Southern Europe. It estimated that while VoIP makes up just one percent of all Internet traffic, it is used by 30 percent of Internet users, and Skype Ltd. accounts for 95 percent of all VoIP traffic.

The U.S. VoIP Market
Back in the U.S., Ike Elliott assembled an interesting table ranking the top six VoIP providers by both revenue and subscribers. Four of the six are cable companies (CableVision, Charter Communications, Comcast and Time Warner Cable Inc.) while two are pure VoIP providers (Skype and Vonage Holdings Corp.).

Vonage and Skype are in third and fifth place respectively, with approximately 23 percent of revenue and 27 percent of subscribers in a market Elliott estimates at $1.44 billion in revenues. (He had to estimate how much revenue each subscriber represents to Skype, settling on $35.70 per month.) Unfortunately for these two, Elliott reports, the cable companies’ VoIP-subscription rates are accelerating while those of the pure plays are slowing. Worse still, cable has already captured 73 percent of the U.S. market for residential VoIP.

This story may be best told by this TeleGeography graphic, which shows Time Warner’s VoIP subscriber base pursuing and then surpassing Vonage’s in Q207. The four largest U.S. VoIP providers now have a total of 12 million customers, broken down as follows: Comcast, 4 million; Time Warner, 3 million; Vonage, 2.6 million; and Cox Communications Inc., 2.4 million.

However, Skype still beats all comers in terms of ease of use, as measured in a “PC Magazine” reader-satisfaction survey of whose customers needed tech support most frequently. For example, while a whopping 34 percent of Charter and AT&T Inc.’s CallVantage customers needed tech support, just 6 percent of Skype users needed a hand with their PC-to-PC calls.

This didn’t prevent Wired from running its own head-to-head test of seven VoIP services in October 2007, with the winner being the relatively unknown Lingo Inc., which won plaudits for price, ease of use and call clarity.

Lingo’s case highlights the fact that VoIP remains a fiercely competitive market that currently offers low payoffs thanks to its low barriers to entry and the legacy telephone companies’ strength. A pure VoIP provider like Jaxtr Inc. can enter the market and claim 10 million subscribers in relatively short order — but it still has zero revenue. Jaxtr is counting on its Café Jaxtr product to attract advertising dollars — but on a recent morning the sole display ad on Café Jaxtr’s homepage was for Qwest Communications International Inc.’s long-distance phone service.


Do I really need this? Users offered ad tracking choice.

TalkTalk customers will get chance to decide if they want targeted ads
Broadband provider TalkTalk has confirmed that it will allow customers to ‘opt in’ to Phorm’s controversial new advertisement system.
TalkTalk is one of three UK ISPs to sign up to the Webwise service which sees user’s surfing habits tracked.

It has decided not to offer the service by default but rather to allow users to choose whether they want it.

It follows 1,000 people signing a Downing Street online petition saying the system breaches customer privacy.

“We will be endorsing and recommending take-up of the system but we want to ensure that customers make their own decision,” said a spokesman for TalkTalk.

It believes that there is a two-fold benefit for customers.

“We feel customers will welcome the opportunity to get fewer irrelevant advertisements as well as benefit from the real-time anti-phishing alerts,” he said.

Behavioural advertising

Phorm works by placing a cookie on a user’s machine that contains a randomised identifying number. That cookie tracks websites visited and draws conclusions about a user’s behaviour in order to target more relevant adverts.

So, for example, someone who often visits the Top Gear website is likely to be served motoring advertisements.

The controversy over the system surrounds the fact that ISPs are “selling” information about users on to a third party.

Phorm, the US company behind the system, is keen to stress that the data it collects is 100% anonymous and no profile of the user is ever created, so that no-one could “reverse engineer” the information in order to establish identity.

Campaigner Simon Davies was asked to assess its privacy measures as part of the work he does for privacy start-up 80/20.

He believed the system “advances the whole sector of protecting personal information by two or three steps”, although he was not sure that the public was ready to buy into behavioural advertising.

The fact that TalkTalk has decided to let consumers choose whether they want to sign up to the service is likely to be a blow for Phorm, thinks Nate Elliott, an analyst with Jupiter Research.

“Ideally Phorm would like to have automatic access to all users but TalkTalk has gone for the safe option of opt-in which could limit the number of consumers,” he said.

For ISPs desperate to retain customers entering the untested world of behavioural targeted advertisng is “scary”., said Mr Elliott.

“If ISPs do something that consumers see as a violation of their privacy then they will simply change provider.”

Kent Ertegrul, chief executive of Phorm, told the BBC News website that he was confused about why the issue of opt-in versus opt-out was causing so much controversy.

“There is no way of not knowing that this is switched on. There is a clear choice offered to consumers and I am surprised that there has been so many questions about this. I find it a bit bizarre,” he said.

For him the service is a win win for consumers.

“Having advertising behind it allows for better, cheaper broadband,” he said.

BT will start a trial of the Webwise system this month and said that it would be offering it as an opt-in service in so far as it would be inviting 10,000 broadband customers to trial it.

“We will look at the findings of the trial before we make a decision on how to go about a more widespread deployment,” said a spokesman.

He believes that the anti-phishing tools will attract customers concerned by online safety although he stressed that other security measures would still be in place for customers who did not want to use the system.

Automatic access

He also said that triallists wishing to sign up to the system would have to agree to new terms and conditions. The details of this have not yet been finalised but it would not be a “material change”, said the spokesman.

Virgin Media is also due to trial the system later in the year and is happy that it does not breach any existing privacy legislation.

“We have had a few customers get in touch with privacy concerns but these have been fairly comprehensively addressed by answers from Phorm,” said a spokesman.

He believes the system sets a “new standard” in targeted advertising and is not convinced that there is any foundation for concern.

“Google and Hitwise manage and manipulate data and people generally don’t have an objection to that,” he said.

How the system was to be rolled out to Virgin Media customers was yet to be decided, he added.

“Deployment is months away but we will make sure that people know what it is about and exactly how it will work.”

ISPs entering the lucrative world of online advertising could receive a big revenue boost. Proceeds from the advertising platform being set up by Phorm – known as the Open Internet Exchange – will be shared with any ISPs that sign up.

Some analysts predict that the deal could generate millions of pounds annually for BT and other ISPs but not everyone is so optimistic.

“Our figures show that only 10% of online advertisers currently use behavioural targetted ads,” said Mr Elliott.

Source – BBC