The Longer Road to Longhorn According to numerous news stories, yesterday, Microsoft Chairman Bill Gates off-handedly said that probably true is speculation Longhorn wouldn't ship until 2006. I can't say that I'm surprised. In the summer 2003 report, "Longhorn: Implications of the Next Windows' Ship Date," I pegged 2006 as Longhorn's likely release date. Circumstances since lead me to question whether Longhorn's delivery might be later. As I blogged previously, release delays for "Whidbey" (Visual Studio .Net 2005) and "Yukon" (SQL Server 2005) jeopardized Microsoft's internal release schedule for Longhorn. I also see Windows XP Service Pack 2 compatibility issues and plans for Windows Server 2003 R2 as other indicators Longhorn's delivery would push out further. Now weigh in those news stories, where Mr. Gates reportedly said that an "alpha" Longhorn version would ship later this year. In October, Microsoft had said…
How E-Voting Threatens Democracy Nobody wants another Florida election debacle. Electronic voting is supposed to be the answer, but a growing body of evidence suggests the technology, at least in its current form, cannot be trusted. [via Wired News]
On the path down to the beach, I find a bent and scorched spoon alongside a used hypodermic needle with a brown substance coating its surfaces. No prize for guessing what this is and it explains the number of discarded BIC lighters I’ve seen lying around the seafront recently.
The idea of people shooting heroin a hundred yards from my peaceful seaside home disturbs me. It’s bad enough that Government are using the local area as a dumping ground or should I say ‘Processing Centre’ for refugees, leaving them marooned with little else to do than claim benefit and drive around in uninsured cars but hard drugs and the social problems that accompany them are another matter, the ugly face of 21st century Britain in all its dirty glory.
You can run but you can’t hide anymore, short of moving to the Falkland Islands perhaps? The place is falling apart and Government has few answers beyond plugging the gaps with higher taxes and more paperwork and statistics that have lost all credib…
Congress Moves to Criminalize P2P Two senators introduce legislation that would impose jail time for sharing as little as one file, while the House may consider another that would lower the bar to take people to court. Looks like entertainment lobbyists are winning their war against peer-to-peer networks. [via Wired News]
Phishing, using hijacked corporate logos and deceptive spam to steal personal information over the Internet, appears to have taken a more sinister turn. Reported Phishing attacks against well-known on-line brands such a Citibank, PayPal and eBay appear to be running as high as two hundred a month and none of the leading UK Internet banks and building societies remains untouched by increasingly imaginative criminals who can create near perfect digital copies of the website of the business they are targeting all the way down to the SSL key-lock on the browser.
A week ago, I’m told, something new and different appears to have happened in a phishing scam involving one of the UK’s largest banks. In fact, on the same day, two high street banks were targeted with elaborate scams but one introduced a new dimension to the crime.
In this case, the web site was so perfect that I doubted at first that it was a fake. All the links to the bank’s service worked perfectly and the only s…
I was up in London yesterday filming a piece on ‘Phishing’ for the ITV ‘Inside Crime’ series.
Not a great day for the banks, as both Nat West and Lloyds TSB were both hit by elaborate scams, the former more worrying than most because it appears to introduce a Peer-to-Peer (p2p) element into the crime for the first time, in that the offending website looks to be moving around between hijacked personal computers on a broadband network. This of course makes detection and closing down the very good if not perfect digital image of the Nat West site very difficult indeed.
My most bizarre conversation was with Channel 4 News. I was trying to explain that the URL for the spoof Nat West site was not in fact the bank’s web page.
“But it says Nat West”
“Yes, but it’s not, it resolves to an address in Alaska and as far as I know, Nat West don’t operate that far West”
“But it says Nat West”
More than seven years after its debut, Windows NT4 remains the hosting Operating System of choice for a surprising number of big brand web sites. But with Windows NT4 officially retired and Microsoft planning to discontinue security patches and support at year-end, even die hard enterprises still running NT4 will presumably switch eventually.
Starting yesterday afternoon, some of us Jupiter Research analysts have been bantering e-mails back and forth about Microsoft and its platforms business. At least indirectly, the exchange relates to Microsoft’s antitrust problems with the European Union.
Society is, I believe, rapidly losing its marbles....
Today, we have the example of a hospital neurosurgeon suspended, while an inquiry determines whether he in fact paid for an extra spoonful of croutons that he added to his thin hospital canteen soup. So if you were waiting for a new brain or a service on the existing model, then tough, you’ll have to wait for management to reach a decision over his future.
Then we have the back-stroke banned from Britain’s public swimming pools for fear of litigation or mass casualties. Strangely enough, I agree with the Home Secretary on this measure as back-strokers represent a public nuisance and should be jailed together with personal injury lawyers.
Finally, I’m not convinced that Gordon Brown’s secret plan to tax Catholics after the next election will be a success. This may have worked for another prudent Scot, James 1st but times have changed, although one wouldn’t think so from looking at the Treasury’s plans for the UK economy.
UK.biz leaves door open to hackers Department of Trade and Industry's 2004 Information Security Breaches Survey reveals penetration figure is four times higher than that recorded by the last DTI Information Security Breaches Survey, two years ago. [via The Register]
I don’t wish to appear alarmist but on the one hand, you have Sir John Stevens warning us that a terrorist attack on London is inevitable and on the other, there’s talk among the IT security vendors, among them Symantec, of a ‘Zero Day’, ‘blended’ threat being imminent.
On the heels of the fuss last month surrounding the escape of Microsoft’s older source code into the wild, a “zero-day” blended threat, say Symantec, could target a potential vulnerability before that vulnerability is discovered and a patch made available. If such an outbreak occurs, the results could make Blaster look like a bad case of the sniffles in contrast with a raging flu pandemic.
Added to this, The Computer Virus Prevalence Survey found that last year, almost a third of the businesses polled worldwide had suffered a virus "disaster," defined as twenty-five or more computers infected by a single virus in the same incident. The survey indicated that antivirus software is…
No Settlement in the Cards Even the ultimate salesman, Microsoft CEO Steve Ballmer, seems to have been unable to sway the European Union. Unless something drastic happens between now and Wednesday, it looks like Microsoft may be unbundling Media Player from some of the versions of Windows it sells (and paying a hefty antitrust violation fine, to boot). [via Microsoft…
I’ve been out tying down the aircraft against the wind. It’s so severe that it took my big 1150 GS BMW and tossed it over on its side as if it were a child’s bicycle.
With straps tethering the line of aircraft to a thick wire cable across the airfield, every now and then, a strong gust, over the wings is enough to achieve vertical take off and a hovering effect for a second or two before dropping down on the grass again.
The month has suddenly become incredibly busy with several projects appearing simultaneously. Microsoft are shipping me off to Kuwait, Bahrain and Qatar at the beginning of next month for a security road show and somewhere in between I’ve to start thinking originally about computer crime and terrorism and potential points of convergence.
Meanwhile, back at Maypole Farm, Brian is now building a full-scale B52 Bomber in his workshop form matches and baked bean cans. While this may concern local residents, who might be worried by the noise and radiation implicati…
Perhaps eSting or eFraud might be a better description but then I suppose it’s my own fault for not asking one very simple question when bidding on an eBay auction “Is the photo of the item on sale, the item that I will actually receive”?
In this example, the seller, we’ll call him ‘Newcastle Boy’, had gone to some trouble to paint an attractive description of an “Authentic” timepiece, with three photos, a front, rear and side view. The only problem was that when it finally arrived, it became immediately clear that an original manufacturer’s library image had been used for the display photograph, with all the correct branding, while two digital photos of what turned out to be a good fake, had been dropped in for the side and rear detail shots.
This raises a broader question about auction sites and exchanges on the Internet that I’m finding hard to resolve, even though eBay have been m…
DDoS Counterstrikes Prompt Debate The recent spate of distributed denial of service (DDoS) attacks is prompting discussion about defense strategies available to web sites. The debate intensified this week when Symbiot Inc. announced a new product that offers the capability to launch damaging "counterstrikes." [via Netcraft]
WIRED: Some Like It Hot. Lawrence Lessig.This doesn't mean that there are no questions raised by the latest piracy concern - peer-to-peer file-sharing. But it does mean that we need to understand the harm in P2P sharing a bit more before we condemn it to the gallows.
Europe Considers Harsh Piracy Law The European Union will likely enact a law to give local police more power to seize the assets of suspected intellectual-property thieves. Opponents say the law is jus…
Interview: Securing Windows - Infoworld Staff As director of product management in the Security Business and Technology Unit at Microsoft, Amy Carroll is responsible for making sure that new enhancements to Windows and new versions of Windows are very secure. Carroll spoke to InfoWorld Senior Analyst Wayne Rash about the company's approach to security and commitment to improving the overall security of its operating system. [via InfoWorld: Security]
Shorthorn Server? It sounds like the Windows server team is struggling just as much as the Windows client team in trying to decide how best to deliver out-of-band features. And one of the options under consideration by the server group is a possible interim release of Windows Server that would go live before Longhorn Server (which, we're guessing, is a 2007/2008 deliverable, at best). [via Microsoft Watch from Mary Jo Foley]
Prompted by the record of the last six months and with security vendor, Symantec, reporting that financial services, healthcare, power and energy sectors are being increasingly targeted by hackers for “severe cyber attacks”, the Conservatives are to call for an Opposition Day (or half-day) Debate on information security, “Concentrating on DTI and economic issues”, in areas where it touches the critical national infrastructure, crime and overall commercial confidence in the Internet.
“How”, says Parliamentary Group, EURIM’s Philip Virgo, “Are we going to handle the rising tide of E-Crime from grooming and phishing through to large scale charge card and benefit fraud as criminals use the Internet to automate old crimes and invent new ones faster that law enforcement appears able to respond”?
Symantec’s latest ‘Internet Security Threat Report’, which gives an average of 220 security vulnerabilities (an average of 99 were of “high severity), a month between July and Dec…
Computer Weekly reports there was an average of 220 security vulnerabilities a month between July and December 2003, of which an average of 99 were of “high severity”, and 70% of which were easy to exploit, according to Symantec’s latest Internet Security Threat Report.
The findings of the report highlight growing concerns among IT users that implementing every software patch released is becoming an impossible task.
Symantec Internet Security Threat Report July-Dec 2003: Main points
- Blended threats increasingly target backdoors left by other attackers and worms
- Financial services, healthcare and power and energy sectors were the hardest hit by severe cyber attacks
- 2,636 new vulnerabilities – an average of 220 new per month
- 70% of new vulnerabilities are easily exploited requiring no exploit code providing opportunity for attackers to gain access to critical systems more easily.
I had to turn off Gordon Brown’s ranting speech to the Labour Spring Conference yesterday, it was making me and my wife feel ill.
And the gestures? “A mix between Adolph H. and Edith Piaf”, said my wife and quite unnatural to the observer. One could almost imagine him reading his speech from the autocue, with a line break and “Gesture Now Gordon”, printed in large red letters. As a political speech writer, I have to smile!
We are, it seems, all better off under Labour. In fact we’ve never had it so good. Families, pensioners, business, education, and even the ungrateful, such as me are benefiting. He may have added sixty new taxes since he became Chancellor and increased the average family tax bill by £5,000 but it’s built a dynamic economy or so he says, standing at the edge of an abyss of personal debt, government overspend and a financial crisis looming in just about any direction you care to look.
I really don’t believe that people object to paying e…
An interesting Register story on government procurement this morning:
"The British government is effectively abdicating IT strategy to the major players and confining itself to attempts to play them off against one another in order to obtain lower prices. But it isn't considering overall strategy, and it isn't seriously opening up the competitive landscape. Nor can it do this without putting serious funding behind its own studies, ones that could conceivably be described as independent".
It may prove to be good preparation for a future at Westminster but I’ve just come from a village meeting that more closely resembled a revolutionary council than a democratic debate.
I’m writing, of course, about a village protest against planning permission that seeks to increase the daily number of permitted flights from the flying club at Maypole Farm, from the present twelve to a maximum of twenty-five.
As a guest at this Hoath village meeting, I was immediately worried, as were others, by the abrupt ejection of the airfield owner before the meeting even began. Surely, any truly democratic process demands a balanced argument and by throwing out the one person who could explain the finer detail behind the planning application, the audience in the packed village hall lost any real opportunity of being able to arrive at a truly informed opinion. Instead, it was offered the equivalent of a drum head court martial by the chair. “It’s our meeting and we can deci…
I was almost convinced, caught or ‘conned’ and it took a call to the head of security at eBay to confirm that the email I had received was part of a much larger ‘phishing’ scam; out to catch my credit card details and those of a million others,
Now I’m not unfamiliar with phishing, after all, I write about eCrime regularly in Computer Weekly. However, on this occasion I had been editing my account details inside eBay, when by sheer coincidence, an email arrived with the message: “Unfortunately, eBay has not been able to authorize your credit/debit card. Your credit/debit card information must be updated on your eBay account immediately.”
As I have only just registered on eBay and had bought my first items the previous week the request that I visit http://www.ebaydbs.com/ and “Use this secure form to update your credit/debit card information on your eBay account”, had, I thought been triggered by my updating my account preferences.
In fact, it’s three years since I was last in Rome, once again visiting the eternal city’s favourite sites, the Vatican, the Coliseum and of course, the remains of the Forum.
As a teenager, I took an A level in Ancient History, in fact, I almost pursued a career in archaeology and not IT but I’m reminded that Roman history is largely a political history, Caesar, Sulla, the Gracchii, Cicero and a great number of different laws, which in many ways parallels our own history but without Cromwell, Alistair Campbell and the violence of the Forum and the revenge of Clare Short.
The Romans also respected the innovative energy of small business and both this and military power built an Empire for Rome and for Britain, except that the former took four hundred years to collapse but we managed it in a mere forty.
Today however, in our own very special compensation and tax-driven culture the privateering spirit that once made Britain a world leader is being driven rapidly t…
I’ve spent twenty years in IT and have tried to remain apolitical, even as an advisor to The Office of the e-Envoy but now I find myself assisting the Westminster Front Bench in the preparation of policy and the materials needed to support technology-related debates in Parliament.
Just over a year ago, I realised that it would be nearly impossible for me to set-up any of the small and successful IT businesses that I had done in the past. That favourite Microsoft expression ‘agility’ might be true of software but it no longer appears to be a commodity available to smaller IT companies. Legislation, as my overworked friends tell me, makes running an SME a full-time burden and the entrep…
I’ve just returned from a fifteen minute loiter above Thanet in the fog, to find the road through the village of Hoath to the A229 dotted with fluorescent red posters asking people to “Fight further development of the Maypole airstrip”.
What development is this I wondered? After all, Maypole is a farm strip to the West of the village and my own little Cessna is tied-down on the grass there together with an assortment of around ten other light aircraft, most of which are rarely used.
Could it be an unpublished extension to the runway at Manston, ‘Kent International’ airport, ten miles to the East or perhaps the Defense Minister, Geof Hoon, plans to move what’s left of the RAF to a tiny stretch of grass in Kent which doubles as a livery stables?
In fact, to find Maypole, you have to know where it is, a ‘Catch-22’, which took me three years before I found the gate. There are, I'm told, people in the village of Hoath, adjacent to the airstrips…
I need to start planning for the 2005 eCrime Congress and it's only just over a week since we closed the 2004 event which saw four hundred government, business and law-enforcement experts attend from around the globe and saw Sir John Stevens confirming my honorary appointment as a Detective Sergeant in the Metropolitan Police. - I'm still wondering about the pension rights -
Predicting what's going to be hot in computer crime in 2005 is a bit of a challenge and I'm already working on ideas but my thanks goes to DCS Len Hynds, the head of the NHTCU, who just penned a very nice endorsement for the work I put into this last congress.
"I think that Simon has a comprehensive understanding of the challenges and opportunities facing law enforcement and business as they work together to combat hi-tech criminality. His in depth knowledge of the subject enabled critical issues to be examined in precise detail, stimulating debate and exploring workabl…
It must have been three years ago, in Computer Weekly, when I first wrote about the arrival of Linux Server Appliances and how, within five years, they would start to change the face of the computing landscape. At the time I was thinking more about cheap server appliances built around mainstream applications involving mail and database servers and hadn’t considered another use for the ‘Appliance of Linux’;infrastructure management.
Last week, I visited Itheon, a Hertfordshire company on the leading edge of ‘Total IT infrastructure management’. It’s not a company that many people know of but then it works invisibly through much larger partners, such as Hewlett Packard and Hitachi, who in turn deploy Itheon’s magic box at customer sites as part of a larger managed services package.
Some spam reptile is spoofing my Zentelligence domain. I’m receiving a steady stream of returns from mail servers telling me that mailboxes are full or recipients don’t exist. There’s absolutely nothing I can do about this and I feel dirtied and angry that some cheap criminal is using my brand name to send thousands if not millions of users useless email offers,
A busy day. I flew over to Panshanger to see Itheon, who have an interesting Linux (SuSe) appliance that can be used for total network infrastructure management. I called it a “box of tricks”, which it is and a clever one too. However, I won’t spoil things by writing about it now, so I’ll put my thoughts into a Computer Weekly column later.
The best way to get to Panshanger was by air, convenient because Itheon were only a couple of miles from the airfield. Not as bright as yesterday and very misty when I took off from the North Kent coast at 10:00 AM. In fact, visibility was so poor that I had to ask for a radar informa…
Spring arrived with an unannounced suddenness today which caught me by surprise. In the morning a thin layer of ice on the car told me that winter was firmly in control and yet by later afternoon, it was warm and the birds were celebrating quite noisily in the bushes behind the runway at Maypole.
I had been flying most of the day, sitting in the right-hand seat as a kind of unofficial mentor come instructor for a friend. The bright sunshine on the ground concealed a thick haze at two thousand feet, an opaque layer between Manston and Rochester, where we went to grab some lunch and shoot some practise circuits.
I’m hoping the weather will hold for another twenty-four hours as I’m planning to fly rather than drive to see a client near Hatfield. One way takes forty-five minutes and the other, maybe three hours by car. Lord help us if the flying car ever becomes a reality, translating the everyday grid-lock found on the M25 to something just as bad above it. Mind you, we have i…
Over dinner at the eCrime Congress I found myself sitting next to the CTO of Microsoft’s Security Business Unit, Dave Aucsmith, who isn’t your usual kind of industry character. We had started talking about flying and that’s when I realised that the novelist, Tom Clancy, may have loosely based his character of Jack Ryan on Aucsmith, who, as a former US Navy intelligence officer can count active service in carrier-borne F14 Tomcat fighters, followed by a stint in submarines, in addition to being the CTO for Intel prior to being lured to Microsoft.
Aucsmith believes that we may have seen the end of the RPC/DCOM style exploits against the Microsoft platform that peaked last year, now that the critical gaps in the Windows code have been patched. However, he points out, that the time between a patch being made available to the public and the first exploit appearing has now decreased to a level which makes patching no defence in larger organisations. In fact, it now t…