Mar 31, 2008

Harvested address books

Spammers are using hijacked Facebook accounts to post misleading links to dodgy sites, a security vendor has warned.

According to Fortinet, miscreants have obtained access to a number of Facebook accounts - possibly through a phishing worm that was circulating earlier this year - and they are being used to post Wall messages linking to sites such as online pharmacies. Fortinet officials observed that "although this has been rarely seen on Facebook so far, it is fairly common on MySpace."

They also referred to "a criminal fraud ring" that includes Canadian Pharmacy.

"While hijacked accounts have not been proved to be utilised for anything beyond posting relatively innocuous spam 2.0, it is not a stretch to think that links to drive-by-install malicious sites could be injected at some point," the officials said. "Following links contained in wall posts is therefore not recommended."

The technique mirrors the way email spammers previously used harvested address books to send messages apparently from people known to the recipients so they were more likely to open the emails and click on the links they contained or open any attachments.

Australia needs ID-theft laws: Minister

The Federal Minister for Home Affairs, Bob Debus, has encouraged state and territory governments to introduce new laws to combat identity theft but observers have cast doubt over their effectiveness.

The Minister hopes Australian states will create three identity crime offences that carry prison terms of between three and five years. The laws, according to the Minister, should be aimed at 'filling in the gaps' in current legislation, deterring potential criminals and providing redress for victims.

Debus recommended that making, supplying, using or possessing identity information -- with the intention of committing an indictable offence -- all become potentially indictable offences themselves. Possessing equipment capable of making false identification was also flagged as a possible offence.

"Identity crime is an international problem and while the true extent of it is unknown, a few years ago it was estimated to cost Australian business more than a billion dollars a year, a figure which has no doubt grown," said Debus in statement.

Making his proposal at the Standing Committee of the Attorney-General in Adelaide this week, Debus introduced a report which examined the nature, impact, extent and cost of identity crime. The report compared international responses to the problem.

"The notion of identity is central to almost every aspect of our lives, it affects relationships, reputation and livelihood, which is why when it occurs, people feel violated and vulnerable and individual victims can spend an average of two or more years attempting to restore their credit ratings," he said.

Barbed search terms threaten Web users

A million search queries have been "poisoned" at dozens of well-known Web sites over the past several weeks, according to security analyst Dancho Danchev.

Attackers are using programming errors to hijack keyword searches by automatically attaching malicious HTML code to specific search queries. Unwitting visitors who type in the selected key words while performing a search at the affected sites are then redirected to booby-trapped Web sites.

This is where the attackers attempt to install malware onto the victims' computers.

Among some of the Web sites that have been attacked are USAToday.com, Target.com, ABCNews.com, Walmart.com, and several sites owned by CNET Networks, the publisher of News.com. A CNET employee confirmed that the attack had occurred but did not know to what extent it had affected site visitors.

Representatives of CNET and USAToday could not be reached on Friday night. Wal-Mart spokeswoman Amy Colella on Saturday said the matter "has not impacted our site in any way," adding, "We take these matters very seriously at Walmart.com, and continuously use measures to protect our customers from any fraudulent online activity."

The attack differs from other IFrame injection attacks in that the traps are being set in the search results and not on a Web site's main pages, said Joris Evers, a spokesman for security firm McAfee.

"This means that a Web user would need to do a search query using one of the terms picked by the attacker to hit a poisoned page," Evers said. "This is in contrast to previously seen attacks where just visiting a site would launch an attack. This reduces the severity (of the most recent attack) somewhat."

Evers added that the Web is quickly becoming one of the most popular means to attack users. This is due in part to improvements made to e-mail security and filtering and also because Web vulnerabilities are a new frontier, he said.

Daylight saving chaos is standard procedure

Stop the presses and inform the emergency agencies, the eastern state governments have extended daylight savings and there is nothing we or Microsoft can do about it. Duck and Cover!

Sensationalist hacks are calling this a mini-Y2K -- they are more correct than they realise. Once again nothing will happen and life will continue, your calendaring will not implode and civilisation will continue. What evidence do I have for my outlandish "against the grain" claims?

We did the same thing in 2006 for the Commonwealth Games and the worst thing that happened then was the Opening Ceremony. Looking even further back to the Sydney 2000 games and the early daylight saving hours couldn't stop Cathy Freeman from a gold medal.

Timezone data changes all the time, it's what governments do -- probably to keep the populace on their toes -- and yet we still survive. We knew Gloria Gaynor was right.

Mar 28, 2008

TJX faces class action lawsuit in data breach

A class action lawsuit was filed yesterday in US District Court in Boston accusing TJX Cos. of negligence for failing to maintain adequate security of customer credit and debit card data and not disclosing the breach for a month.

The suit was filed on behalf of Paula G. Mace of Horner, W.Va., who had her debit card information stolen from the company's computer system. It is seeking credit monitoring services and any damages incurred by affected customers, according to Jonathan Shapiro , a partner with Stern Shapiro Weissberg & Garin of Boston, one of two firms that brought the case.

"Because of TJX's actions, hundreds of thousands or even millions of its customers have had their personal financial information compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identity theft, and have otherwise suffered damages," according to the suit.

Both Mace and Sherry Lang, a TJX spokeswoman, would not discuss the case.

The lawsuit came as TJX chairman Ben Cammarata spoke out yesterday for the first time since the Framingham discounter disclosed on Jan. 17 that a hacker stole customers' personal data from its computer system dating as far back as 2003. TJX, which last week was considering offering credit monitoring for customers whose personal data was compromised, yesterday said it would not provide that service.

"Based on the type of data involved in the breach of our systems, we don't believe that such monitoring will be meaningful to customers," Cammarata said in a seven-minute video posted on TJX's website.

The chairman, in the video and full-page advertisements in several New England newspapers, also tried to clarify why the company waited more than a month to talk about the incident. Banking officials and retail consultants have estimated that millions of customers could be affected in what may be the biggest loss of customer data in US history.

Cammarata sought to reassure customers that it's safe to shop at TJX's more than 2,500 stores, including T.J. Maxx, Marshalls, and HomeGoods.

"By delaying a public announcement, with the help of top computer security experts, we were able to contain the problem and further strengthen our computer network to prevent further intrusion," Cammarata wrote in a full-page advertisement that appeared in the Boston Sunday Globe. "Therefore, we believe that we were acting in the best interest of our customers."

Cammarata also said the company now believes that customer transactions at Bob's Stores, and transactions using debit cards issued by Canadian banks, were not compromised in the breach.

Still, some consumers and crisis communications executives said Cammerata's comments are not only late but inadequate, and criticized TJX for refusing to disclose how many customers were affected and for leaving too many other questions unanswered. TJX has not said how many customers have been affected, but the Massachusetts Bankers Association has already reported credit- and debit-card fraud connected to the breach for unauthorized purchases made from Florida to Hong Kong. So far banks have reissued hundreds of thousands of cards.

Some security experts also challenged Cammarata's video statement yesterday that it would be extremely unlikely for thieves to commit identity fraud with the information that was stolen in this incident. Besides card numbers, TJX has said that a small number of customers' driver's license numbers, names, and addresses may also have been taken.

Steven D. Bearak , chief executive of Identity Force, a Framingham identity-theft-solutions company, said thieves who have only credit or debit card numbers can steal identities by combining them with other information, such as names, addresses, and Social Security numbers sold or traded on the black market, to piece together what he calls a "synthetic identity."

Mar 27, 2008

HP UMPC 2133 specs revealed, street date of April 7th?


We'd been hearing that HP's slick UMPC 2133 was going sport VIA processors, and now we've got some more info to back that up -- we just received what appears to be a full spec list for the upcoming machine, and it's VIA C7-Ms all around, with graphics courtesy of a VIA Chrome 9 chipset.
According to our source, these will hit on April 7th, and it looks like those pricing whispers were pretty accurate as well:
  • $600 will buy you a 1.2GHz C7-M, a 120GB drive, 1GB of RAM and Vista Home Basic, while
  • $749 bumps you up to 1.6GHz and Vista Business and adds Bluetooth, another gig of RAM, and a bigger battery. There's also a mysterious
  • $849 Vista Basic model listed as having "regional" availability (the others are listed as "Smart Buy") with Bluetooth and bigger battery, but we don't see why it's more expensive than the Vista Business version.

Regardless, what really caught our eye was the $549 model that shares the same specs as the $600 unit, but looks to be running SuSE Enterprise -- another rumor that's come true. That could be the one that HP expects to sell like hotcakes -- after all, the goal is to have people buy these "without a thought," and that's certainly not going to happen at $749. We'll see soon enough, we suppose. Full spec sheet after the break.

Security Research Tools

Fess (Versn: 0.1) is an exploit scanner for email that uses a signature language (like Snort IDS).
Foregone (Version: 0.1 is a forensic file recovery tool written in Perl.
Mumsie (Version: 0.1) is the Malicious URL Monitor and Snort Injection Engine, a program used to log HTTP client request headers when Snort alerts on malicious content from a webserver.

Truman (Version: 0.1) is a "sandnet", a behavioral analysis system for malware that provides an Internet-like environment to the target, and doesn't depend on virtual machines.

Wind Pill (Version: 1.0) is a tool that assists in automating the tasks involved in debugging the Windows kernel.
Caffeine Monkey (Version: 0.5) is a tool that helps researchers discover different ways hackers hide their malicious JavaScript.

SecureWorks' Security Research Group has developed several security tools that are publicly available. All tools are released under the GNU General Public License (GPL) and are provided "as-is", with no warranty and no support.

Hackers Use Banking Digital Certificates to Scam Financial Customers in Australia and New Zealand


SecureWorks, one of the leading Security as a Service providers, announced today that hackers are successfully scamming banking customers with spear phishing emails stating that their banking digital certificate has expired. The malicious emails state that in order for the bank customer to access their bank account, they must load a new certificate by clicking on an enclosed link. See illustration below.

Once they click on the link, they are actually downloading the Prg Banking Trojan. This banking Trojan, originally discovered by SecureWorks in December 2007, is one of the most sophisticated and lethal pieces of banking malware developed.

Mar 25, 2008

Elderly Australian Man Creates Suicide Robot to Kill Himself, Used Internet Guide

In another case of someone using information gathered from the Internet to take their own life, an elderly man from Australia killed himself after making a robot. Francis Tovey, 81, lived alone and wanted to kill himself after enduring repeated requests from family to move to an assisted living facility.

Unhappy with their request, Tovey scoured the Internet for information on making a robot capable for firing a semi-automatic gun pointed at his head.

When triggered remotely, the gun fired four shots that killed Tovey.

The Gold Coast Bulletin newspaper indicated Tovey set up the robotic device in his driveway early on Tuesday because he wanted construction workers at a nearby housing site to hear the gunshots and discover his body.

The newspaper indicated that's exactly what happened.

"I thought I heard three shots and when we ran next door he was lying on the driveway with gunshot wounds to the head," worker Daniel Skewes said.

An unnamed neighbor said he had a good friendship with Tovey over the course of three decades.

The news is concerning to pro-life advocates who have been upset at numerous times over the years about suicide instructions appearing on the Internet.

Vista SP1: the amazing story of the software that changed Microsoft forever

After years of delays between Windows XP, and its true successor, Windows Vista, the Windows using world had hoped Vista would vanquish the problems Microsoft has experienced after each new version was launched.

But it was not to be. When Vista was launched, it was slow, incompatible with hardware and software, expensive and different enough from previous versions of Windows, causing many to throw up their hands in frustration and go back to Windows XP, an operating system released in 2001.

Microsoft, realising the incredible distress this caused to its semi-loyal user base, many only using Windows because of its market dominant position, decided to do something different: really work on making Vista’s first service pack, known as SP1, a shining beacon of Microsoft’s programming capabilities, fixing all the problems within Vista, and restoring hope to a world used to looking at computing and the web through Windows.

Actually, not everyone on Planet Earth was a Windows user. Some chose to use Apple’s Mac OS X, others went down the Linux path.

But with Windows being the world’s dominant operating system, Microsoft knew that it could win the hearts and minds of many by simply fixing Vista many deficiencies by doing what its EULA said it wouldn’t do: actually take responsibility for Windows, delivering an operating system people could rely upon, instead of delivering software ‘AS IS’ with practically no guarantees other than your wallet would be lighter.

Why? Because Microsoft was sick and tired of being lumped in the same basket as second-hand car salesmen and lawyers when it came to truthfulness, honesty and integrity. Microsoft made software, dammit – good software.

Or at least, it wanted to. SP1 was the milestone that proved Microsoft not only could – but absolutely would - deliver.

Indeed, in SP1, Microsoft actually decided to scrap its EULA. Some argued this could see Microsoft opened up to lawsuits and class-actions galore, but now was the time to draw a line in the sand.

Taking responsibility for software, standing behind the claims on the box and on Microsoft’s website, actually helping consumers and businesses actually fix problems that Windows had caused, so the problems were no more, delivering software that was truly secure... it was a revolution that saw the software world changed forever, even more than the ‘free and open source software’ movement had strived to for years.

How did Microsoft achieve such a feat when millions spent previously on Vista RTM didn’t help? Please read onto page 2 for some incredible revelations.

ThinkPad X300 and MacBook Air

Both of these products are very thin. The Macbook Air leads on design and price while trading off usability. The X300 is vastly more practical in use but is nearly twice as expensive as the entry level Macbook Air and it is not as attractive. This comes down to battery life, flexibility, price, and appearance.

The X300 has, with a bay battery, the ability to hot swap batteries and you can carry spares, which means you will have as much battery life as you need. It has an optical drive if you need it, and it comes with a second generation flash drive as standard, providing extra durability and performance.

It is massively wireless with WiMax, WAN, Ultra Wideband, Wi-Fi, and Bluetooth radios. It also has a full ThinkPad Vantage load of tools: Security and enterprise support typically associated with a ThinkPad.

The Air is drop dead gorgeous and currently the thinnest notebook on the market from any branded vendor. But with only 2.5 hours of battery life and a fixed battery it really isn’t that portable. However, it is far more affordable at around $1800 (without a slower older SSD than the X300 comes standard with).

As Monty Python would say, now for something completely different. The HTC Shift weighs in at well under two pounds (a little over half the weight of the Macbook Air) and has a small 800 x 480 pixel 7” touchscreen, built in Sprint WAN, built in GPS and has about 2 hours of battery life when running Windows Vista.

But, what makes it interesting is that it has a second mode using a limited version of Microsoft’s mobile platform that provides the device with massive battery life for email, calendar, and contact management. Basically, you hit one button and move from Windows to Windows Mobile which is a vastly more limited but also a vastly more power efficient mode.

This is the first Origami 2.0 device I’ve had a chance to use and it is much improved over Origami 1.0. This provides more of a Media Center like experience under Vista and rapid access to pictures, videos, and Music. In Origami, which loads much like Media Center does on top of Windows Vista, you get something that probably approximates to what the Mobile Internet Device experience will be in the next generation Atom (Silverthorne) systems that Intel has been talking about with even smaller devices.

Hyper girls 'struggle as adults'

Hyperactive young girls are more likely to have "serious" problems in adulthood, research suggests. A study of more than 800 girls up to the age of 21 found hyperactivity was linked to poor job prospects, abusive relationships and teenage pregnancy. Previous research on the lasting impact of childhood hyperactivity has focused on boys, who are more likely to be diagnosed and treated.

The Canadian and UK study is reported in the Archives of General Psychiatry. Young girls with high levels of hyperactivity should be targeted early in life to help them achieve better at school, the researchers concluded. The study, which assessed girls yearly between the age of six and 12, looked for signs of restlessness, jumping up and down, not keeping still, and being fidgety.

Researchers also assessed physical aggression such as fighting, bullying, kicking, biting or hitting. One in 10 showed high levels of hyperactive behaviour, while another one in 10 showed both high levels of hyperactive and physically aggressive behaviour. Those who were the most hyperactive or aggressive were more than twice as likely to be addicted to smoking, fall into mentally abusive relationships and four times more likely to do poorly at school.

However, only girls with both hyperactivity and physical aggression were found to report later problems of physical as well as psychological aggression towards their partner, along with early pregnancy and dependency on welfare. A quarter of girls with hyperactivity had no problems in adulthood

Mar 20, 2008

Outsourcing the Patients

For years, Americans have been traveling abroad to save money on elective procedures or dental work. David Boucher, 49, doesn't fit the usual profile for such medical tourists. An assistant vice-president of health-care services at Blue Cross & Blue Shield of South Carolina, he has ample health benefits. But Boucher recently chose to have a colonoscopy at Bumrungrad International Hospital in Bangkok, mainly to make a point about the expanding options available to Blue Cross customers. And his company happily picked up the $640 tab—a bargain by U.S. standards.

Blue Cross and other insurers would like to see more policyholders traveling abroad for medical care. Since the start of the year, Boucher has signed alliances with seven overseas hospitals and hopes to add five more by yearend, including them all in coverage for his company's 1.5 million members. As health-care costs continue to rise in the U.S., "medical travel is going to be part of the solution," he says.

Yes, just like manufacturing facilities and call centers, health care is moving offshore. "All of the largest U.S. insurers are starting to educate themselves or are putting [offshore] programs in place," says Jonathan Edelheit, president of the Medical Tourism Assn., an industry group formed just last year. Companies that self-insure are also bombarding Edelheit's group with requests for information.

Getting covered employees to leave the U.S. won't be that hard, says Edelheit. An insurance company could waive all deductibles and co-pays, offer to cover travel costs for the patient and family members, even throw in a cash incentive, and still save tens of thousands of dollars. After all, a heart procedure that costs $100,000 in the U.S. runs only $10,000 to $20,000 at some of the best private hospitals in Asia. And the quality of care? Foreign hospitals in such arrangements are typically approved by Joint Commission International, part of the same nonprofit organization that accredits American hospitals.

Blue Cross took the lead in medical offshoring when it formed its first partnership, with Bumrungrad Hospital, in February. Since then the insurer has signed similar pacts with the Parkway Group Healthcare, owner of three hospitals in Singapore, and hospitals in Turkey, Ireland, and Costa Rica. Three members of India's Apollo Hospitals Group are also joining the network. And another large Indian chain, Wockhardt Hospitals, is talking with U.S. insurers as well. "Americans haven't come to grips with having their heart surgery in Thailand," says Curtis Schroeder, the American CEO of Bumrungrad. "But that will change."

The shift is sure to leave some policyholders disgruntled, of course. Offering international coverage might make it easier for employers to limit benefits at home, for instance, by raising the deductibles on U.S.-based procedures. It's also extremely difficult for patients to sue for malpractice in most Asian countries. Bumrungrad has offices for marketing and promotion in 20 countries, but not the U.S.—in part because having a U.S. office would open the door to potential liability, hospital officials say. So it will take a while for the trickle of insured U.S. patients in Asia to become a torrent. But over time, for policyholders and payers alike, the price may be hard to resist.

Mar 11, 2008

Toni Bowers: IT skill shortage: Where’s the hard evidence?

It seems that everywhere you look these days there is some industry pundit or executive telling us that there aren’t enough skilled IT workers in the market to fill industry demand. But where is the hard evidence of this assertion? Some groups — including economists, academics, and industry experts — are starting to challenge the statement. Baseline Magazine writer Ericka Chickowski talks about what some people are doing to find out the real story. Her latest piece talks about one effort, led by Vivek Wadhwa, a professor for Duke University’s Master of Engineering Management Program and a former technology CEO. Chickowski quotes Wadhwa:

“This whole concept of shortages is bogus, it shows a lack of understanding of the labor pool in the USA.”

In one study, Wadhwa and his group asked HR professionals a number of questions that would determine their experiences with the issue of availability of qualified workers. What they conveyed was very different from their executive’s opinions on skills shortages, showing there was no lack of qualified applicants.

Chickowski says this study is backed up by other studies conducted by RAND Corporation, The Urban Institute, and Stanford University. Also, according to the article, one expert poured over data from the Bureau of Labor Statistics and concluded that:

…the United States has consistently graduated more than enough computer scientists and engineers to fill the IT jobs available in the country.

Similarly, he has seen no unemployment rates to indicate any kind of IT worker shortage.

So what’s the deal on this? Do you think this IT skill shortage mantra is a deliberate attempt to mislead? If so, what are the motives behind it?

Mar 8, 2008

VOIP costing service

Feel like an extra cash injection each month? No, you don't have to rob a bank, just take a closer look at your telecommunication bills. We studied the calling habits of three people - none of them big spenders on the phone or internet - and came up with savings of between $60 to $180 a month.
If your calling patterns are anything like our case studies, you could make big savings by giving yourself a phone or internet makeover and switching to a cheaper plan.

For most people, high phone or internet bills are a source of major irritation, yet taking a closer look at where and how the money is being spent is often deemed "too hard".

Set yourself an incentive by promising yourself a dinner out on the first month's savings. Put aside a few hours with the last few months' bills, pen and paper and internet at the ready, so you can compare what else is on offer.

There are plenty of websites that offer comparisons. Have a look at www.phonechoice.com.au to browse plans for fixed lines, mobile phones, broadband and VoIP (voice over internet protocol - a cheaper way of making calls via the internet).

In its VoIP section, the website uses a bill calculator to work out a plan based on the type of calls you make. Phonechoice also has a forum and an experts panel to answer questions.

For broadband, also see www.whirlpool.net.au for its plan search and excellent technical pointers in its discussion forum. You'll also find useful information at www.broadbandguide.com.au and www.internetchoice.com.au.

If you're time-poor and need more hand-holding, think about consulting a phone broker who can go through your current bills to work out your usage.

There are many listed on the internet but ask around because, as always, the best recommendation is via word of mouth. For example, the Full Circle Group (www.fullcirclegroup.com.au) has small business and corporate clients and Cheap Phone Deals (www.cheapphonedeals.com.au) works with households and small businesses.

Or call your current provider and ask if it can offer you a better deal to stop you moving your business elsewhere.

"It is absolutely worth shopping around," says Michele Collins of Cheap Phone Deals.

"There is so much smoke and mirrors out there. Consumers have to ignore the provider's marketing strategies and stick to what they need."

Mar 5, 2008

HP preps sexy new ‘Eee PC killer'

Has Asus set off a new price war in the mobile computing landscape? It was only a few years ago that brand-name laptops started to slide in under the $1,000 mark.

Then the Taiwanese company released the Eee PC. Its super-compact size and weight, surprisingly decent feature set, Linux OS and $499 price tag all ensured the Eee PC found favour well outside its intended target audience of school kids. Travellers and tech tinkerers alike have adopted the Eee PC as a brilliant little ‘second PC', and in some cases even a second laptop.

Asus EeePC: the original (well, of this era), but maybe no longer the best...Asus EeePC: the original (well, of this era), but maybe no longer the best...

This has ignited interest in the mini-notebook form factor and proven that if you get the formula right - if you nail the correct mix of size, features and price - you'll find plenty of buyers.

Now HP is coming to the party, and it's dressed to steal all the attention away from Asus. There's no doubt that the Compaq 2133 (which distinctly needs a catchy consumer-friendly brand name rather than Yet Another Model Number) will be aimed at a more professional slice of the consumer and perhaps even business market when it lands in the US sometime in April.

HP's Compaq 2133: you could call it an EeePC wanna-be, but it looks more like an EeePC killerHP's Compaq 2133: you could call it an EeePC wanna-be, but it looks more like an EeePC killer

The notebook itself looks more like Apple's classic 12in PowerBook G4, thanks to clean lines and an anodised aluminium chassis, although this plays some part in tipping the weight to 1.2kg. The 8.9in widescreen panel runs at a squint-worthy 1366 x 766 (WXGA), includes a tiny webcam and is perched above keyboard that HP claims is 95% of full size.

Deva vu: the stylish silver Compaq 2133 seems to mimic Apple's 12in PowerBook G4 in several aspects of its designDeva vu: the stylish silver Compaq 2133 seems to mimic Apple's 12in PowerBook G4 in several aspects of its design

Sideways: an ExpressCard slot, two USB ports (only one is visible here) and Gigabit Ethernet are all on tapSideways: an ExpressCard slot, two USB ports (only one is visible here) and Gigabit Ethernet are all on tap

It also has boasts technology handed down from more conventional notebooks, such as a Gigabit Ethernet and 3D accelerometer to protect the hard drive from sudden knocks and shocks. That won't be an issue if you choose the optional solid state drive, although we don't yet know its capacity (but we'll take a punt on 8GB).

On the communications front is 802.11b/g wireless, a single ExpressCard/34 slot (for the skinny cards favoured by devices such as 3G HSDPA wireless modems) and two USB ports (one either side of the keyboard).

Cent-rino: the tiny Silverthorne CPU is barely as large as a US penny, although it costs a little more...Cent-rino: the tiny Silverthorne CPU is barely as large as a US penny, although it costs a little more...

That's a pretty full set of features, and one of the few unknowns is the type of processor and how much RAM it's married to. There's speculation that it could be Intel's new 45nm ‘Silverthorne' ultra-mobile processor, which is expected to be officially launched during next month's IDF in Shanghai.

King of the road: Intel's Ultra-mobile 2008 platform, codenamed Menlow, has eben designed from the ground up for mini-notes and UMPC-style devicesKing of the road: Intel's Ultra-mobile 2008 platform, codenamed Menlow, has eben designed from the ground up for mini-notes and UMPC-style devices

The single-core Silverthorne processor sits at the heart of Intel's Ultra-mobile 2008 platform, codenamed Menlow, and clocks up to 2GHz.

However, other sources claim that HP has opted for a VIA processor, in which case we'd expect this to be the 64-bit CN chip (codenamed Isaiah) which VIA announced in January with a target release of the first quarter of this year.

Which will it be? This is where things get interesting, because HP's advance spec sheet notes the Compaq 2133 will be offered with a choice of Windows Vista and Linux. There's no word on which flavour of the Penguin OS gets the gong, but on its business PC line HP already supports Asianux, Debian, Mandriva, Novell SUSE and Red Hat.

It's said that prices will start at US$500, or A$530 based on a straight conversion (GST and local channel factors would see the local price nudge closer to $600) for the Linux version. Tick the options box for Windows Vista and the sticker jumps to US$650 (A$700).

We can't help but wonder if HP might not engineer the Compaq 2133 for two factory runs: one with the VIA chip for Linux, the other with Intel's Silverthorne for Vista (or anyone who wants to buy the more powerful model and then strip it back to Ubuntu or create a HP Hackintosh).

Meet Australia's geekiest geek


Some people are born with a chip on their shoulder, but Jonathan Oxer's chip is surgically embedded in his left arm.

The 37-year-old from Melbourne's outer-east never has to worry about forgetting his keys because the tiny chip, typically used to tag pets, opens his front door.

A swipe of his arm under a small scanner identifies Oxer with the house computer, which then unlocks the door.

But that's just the tip of the iceberg for Australia's biggest nerd, whose entire house is connected to a central processor and can be controlled remotely via a computer or mobile phone.

Teeming with technology, the abode conjures up images of The Jetsons but, much to the surprise of visitors, the house looks no less ordinary than a typical suburban dwelling. Wires, switches and gizmos are concealed, true to Oxer's philosophy of "having everything work invisibly".

A magnetic switch installed inside his letterbox detects when mail is inserted and occupants are notified via either the house computer, email or SMS. The garden irrigation system, too, is fully automated and computer-controlled.

Oxer's doorbell doesn't ring - instead, button presses are detected by the computer, which then activates a camera to stream video to TVs around the house showing who is at the door. If nobody is home, a picture message is sent to Oxer's mobile and he can choose to let the person in remotely.

Inside, curtains, doors, lights and windows are all wired up so they can be controlled electronically.

"You can go to bed and realise that you left the light on at the other end of the house and be able to turn it off without getting out of bed, using an interface on a mobile phone or using a telephone keypad," said Oxer.

"You can do things like issue a single command when you leave the house to tell it to go into lock mode and know that every single door is locked, all the curtains are closed and all the windows are closed, without checking them individually."

In the bathroom, lights and curtains are computer controlled and a keypad on the wall lets Oxer set the water temperature. Issuing the "shower" command turns all the lights on, closes the windows and curtains and sets the water temperature to 41C.

Oxer, who recently retired as head of the Linux Australia community group, holds down a full-time job as technical director of Internet Vision Technologies, which he formed in 2000.

He said the entire home automation project cost him "a couple of thousand dollars" because he did most of the work himself.

Antonia Magee: Depression drugs 'little better than placebos'

MENTAL health experts say patient's lives could be at risk if they stop taking anti-depressant drugs, after a UK study raised doubts about their effectiveness.

The Australian Medical Association has questioned the research methods of the UK study which claimed best-selling anti-depressants were barely more effective than sugar pills.

Association spokesman Dr Choong-Siew Yong, a Sydney psychiatrist, said anti-depressants were life-saving for depressed people and it was essential for patients to speak to their doctor if they felt their treatment was ineffective.

Dr Yoong said the study could not be relied because they represented the average results from from scores of separate studies with different drugs.

“That is not to say the evidence is wrong. It‘s a study that’s important for professionals, but I don’t think any reasonable psychiatrist, and I can safely speak for my colleagues, would advise people to stop taking their medications,” Dr Yoong said.

“The message the study gives us is that we have a long way to go in being able to pick the right medications for each patient, whether they have mild or severe depression.”

There were controls in place to ensure drugs performed the job they were designed for.

This included the Australian Therapeutic Goods Administration closely monitoring the effectiveness of drugs, while drug companies were also required to publish the results of drug trials.

The new claims come after a Melbourne psychologist Michael Carr-Gregg said he feared mentally fragile patients could stop taking their medication as a result of the study that found anti-depressants like Prozac and Seroxat were barely more effective than placebos in treating most people with depression.

"That will potentially create a large number of people with depression who are untreated," he told 3AW today.

"We know most of the people who end their own life have a mental illness and about 70 per cent of those people have a depressive illness of some type. They are all at risk."

The research, led by a British university and which analysed 47 clinical trials, breaks new ground by incorporating data not previously released by drug companies which researchers obtained under US freedom of information laws.

Its findings prompted some academics and mental health campaigners to question whether people with mild and moderate depression should be prescribed drugs like Prozac, which has been taken by 40 million people worldwide.

"The difference in improvement between patients taking placebos and patients taking anti-depressants is not very great,'' said Professor Irving Kirsch of Hull University, in northern England, who led the team.

"This means that depressed people can improve without chemical treatments.

"Given these results, there seems little reason to prescribe anti-depressant medication to any but the most severely depressed patients unless alternative treatments have failed to provide a benefit.''

The study, published in the journal PLoS (Public Library of Science) Medicine, looked at Prozac, Seroxat, Effexor and Serzone and found the drugs were only better than a placebo for some people with severe depression.

Kirsch's team said it was one of the most thorough probes into the impact of new generation anti-depressants or selective serotonin reuptake inhibitors (SSRIs).

But drug companies strongly questioned the findings.

A spokesman for Eli Lilly, which makes Prozac, said that "extensive scientific and medical experience'' had shown it is "an effective anti-depressant.''

And GlaxoSmithKline, which makes Seroxat, said the study had not acknowledged the "very positive benefits'' of the drugs.

"Their conclusions are at odds with what has been seen in actual clinical practice,'' a spokesman said.

"It is widely recognised by experts in the field that studies in depression are challenging and very difficult to conduct.''

One leading academic who has studied why drug companies only publish some of their data on new drugs said in the wake of the findings they should be obliged to provide full details.

Doctor Tim Kendall, deputy director of Britain's Royal College of Psychiatrists research unit, said the study was "fantastically important.''

"I think it's too dangerous to allow drug companies - where profit is a key factor - to be able to withhold data which shows that a drug is ineffective or harmful,'' he said.

Alison Cobb, of British mental health charity Mind, hailed the findings as "a serious challenge to the predominance of drugs in treating depression.''

"Anti-depressants do help many people but by no means all and some people experience severe side-effects with them,'' she said.

"Nine out of 10 GPs (general practitioners) say they've been forced to dish out drugs because they don't have proper access to 'talking treatments' such as cognitive behavioural therapy, which are recommended as the first-line treatment for mild to moderate depression.''

Another mental health charity, Sane, warned the findings "could remove what has been seen as a vital choice for thousands,'' adding people should not stop taking their drugs immediately.

As the study was published, the British government published details of a $360m programme to improve access to counselling and therapy for people with depression.

Officials say this should see 900,000 more people receiving such treatments over the next three years.

Mar 4, 2008

Six Botnets Send 85% of Spam

According to the net security firm Marshall, a mere six botnets are responsible for a whopping 85 percent of the world's spam in February. Out of this six, the Srizbi and Rustok botnets are heavyweights, sending out 39 and 21 percent of of messages respectively. Marshall notes that Srizbi is quite formidable as it is "extremely stealthy, operating in full kernel mode, which, among other things, allows it to hide its network activities and bypass sniffer tools."

What is more interesting about the botnets identified by Marshall is that there appears to be some crossover in the spam campaigns they are running, with more than one network pumping out emails for the same "product". "It appears the spammers behind this campaign have access to more than one botnet to distribute their messages. It's also a possibility that one group controls more than one of these botnets," said Bradley Anstis, vice president of products for Marshal. "By highlighting these spam botnets, we hope the security industry can collectively target these major spamming sources and in doing so significantly reduce spam volumes."

Microsoft, Vista price tumble

That's a big discount on the list price of $US159 for the most popular upgrade version of its operating system, which Microsoft stubbornly clung to from Vista's launch a year ago until last Thursday.

It's also a solid 25 per cent below the new list price, even before the cuts announced last week.

If there was any question that Microsoft is struggling to hold its ground in fast-shifting retail markets, it should be put to rest by the hit the company is taking on Vista prices and margins.

With 2008 widely expected to be the year when enterprise users will finally upgrade in larger numbers to Vista, the retreat also sends a negative signal to those buyers, and makes it even harder to sell the advantages of the newest version of Windows.

Of course, retail copies of Vista, which mainly sell to gamers or enthusiasts who build their own machines, are largely peripheral for Microsoft's Windows business, as most of its business is supplying Windows to manufacturers of new computers.

Manufacturers' sales account for close to 90 per cent of the 100 million or so copies of Vista shipped so far.

Even so, as revealed in many emails that have surfaced as part of a class action against Microsoft over its co-marketing of some PCs in late 2006 as Vista-Capable, the software giant is under pressure in the manufacturer business and has caved in to demands from Intel and other vendors.

Those concessions may come back to bite Microsoft if the class action goes against it.

At a higher level, the manufacturer business, which ensures almost all new computers shipped around the world have copies of Windows pre-installed, remains by far the company's strongest card, and is in little danger of eroding.

It's also reasonable to cut Microsoft some slack on the pricing of Vista in the retail market.

Never before had a major software product been released with such a complex combination of versions and feature sets, and in hindsight it is not surprising that some mistakes were made in setting the pricing of different bundles.

'Testosterone link' to depression

Older men with lower levels of the male sex hormone testosterone in their blood may be more prone to depression, a study suggests.

A study of about 4,000 men aged over 70 found those with lowest testosterone were three times more likely to be depressed than those with the most.

Researchers suspect the hormone may affect levels of key brain chemicals.

The study, by the University of Western Australia, features in Archives of General Psychiatry.


It would be no surprise that low testosterone reduces mood
Professor David Kendall
University of Nottingham

Research has found that women are more likely to be depressed than men until the age of 65, when the difference between the genders almost disappears.

Testosterone levels decline with age - but there is wide variation.

The Australian team studied 3,987 men over the age of 70. Each gave blood samples and took part in tests to determine whether they were depressed.

In total 203 of the participants were assessed as being depressed.

They had significantly lower levels of both total testosterone, and free testosterone, which is not bound to proteins.

The researchers then adjusted the data to take account of factors such as educational attainment and body fat levels.

They found those men whose level of free testosterone was in the bottom 20% were three times more likely to be depressed than those in the top 20%.

The researchers said further work was required to confirm their findings.

Mar 3, 2008

Ben Goldacre: The bitter pills of drug trials

Successful tests on new drugs are trumpeted far and wide by a proud pharmaceutical industry, but its many failures are quietly swept under the carpet. This potentially dangerous secrecy can, and must, be stopped, writes Ben Goldacre.

THE international medical journal PLoS Medicine has published a study which combined the results of 47 trials on some antidepressant drugs, including Prozac, and found only minimal benefits over placebos, except for the most depressed patients.

It has been misreported as a definitive nail in the coffin, but this is not true. It was a restricted analysis but, more important, on the question of antidepressants, it added very little. We already knew that selective serotonin reuptake inhibitors (SSRIs), one of the commonly prescribed drugs for treating depression, give only a modest benefit in mild and moderate depression.

But the real story goes way beyond the question of Prozac.

This new study — published, paradoxically, in an open-access journal — tells a fascinating story of buried data and of our collective failure, as a society, over half a century to adequately regulate the colossal global $550 billion pharmaceutical industry.

The key issue is simple. In any situation, to make any kind of sensible decision about which treatment is best, a doctor must be able to take into account all of the available information. But drug companies have repeatedly been shown to bury unflattering data.

Sometimes they bury data that shows drugs to be harmful. This happened in the case of Vioxx and heart attacks, and SSRIs and suicidal thoughts. Such stories feel, intuitively, like cover-ups. But there are also more subtle issues at stake in the burying of results showing minimal efficacy, and these have only been revealed through the investigative work of medical academics.

One example came just in January. A paper in The New England Journal of Medicine dug out a list of all trials on SSRIs that had ever been registered with the US Food and Drug Administration, and then went to look for those same trials in the academic literature. There were 37 studies which were assessed by the FDA as positive and, with a single exception, every one of those positive trials was written up, proudly, and published in full.

But there were also 33 studies which had negative or iffy results and, of those, 22 were simply not published at all — they were buried — while 11 were written up and published in a way that portrayed them as having a positive outcome.

The new study published in PLoS Medicine analysed all the data from the FDA, using the Freedom of Information Act to obtain the results of some of the trials. That medical academics should need to use that kind of legislation to obtain information about trials on pills that are prescribed to millions of people is absurd. More than that, it breaks a key moral contract between patient and researcher.

When a patient agrees to participate in a clinical trial, they give their consent on the understanding that their information will be used to increase the sum of our knowledge about treatments, to ensure that other people in the future will be treated more effectively. Burying unwelcome results is an unambiguous betrayal of their trust and generosity.

And yet we have known about this happening for a long time. The first paper describing "publication bias" — where studies with negative results tend to get forgotten — was in 1959. And there are two very simple and widely accepted solutions, which have been discussed in the academic literature at length since the 1980s, but which are still not fully in place.

The first is obvious. Nobody should get ethical approval to perform a clinical trial unless there is a clear undertaking that the results will be published, in full, in a publicly available forum, and that the researchers will have full academic freedom to do so.

Any company trying to silence academics should be named and shamed, and even attempting to do so should be a regulatory offence.

That's the butch solution. But there is also a more elegant one, which is arguably even more important: a compulsory international trials register. Give every trial an ID number, so we can all see that a trial exists, they can't go quietly missing in action, and we know when and where to look if they do.

The pharmaceutical industry is very imaginative, after all, and registers also help to manage some of the other less obvious ways in which they distort the literature.

For instance, sometimes companies will publish flattering data two or three times over, in slightly different forms, as if it came from different studies, to make it look as if there are a lot of different positive findings out there: registers make this instantly obvious.

Worse than that, companies often move the goalposts and change the design of a trial after the results are in, to try to massage the findings. This, again, is impossible when the protocol is registered before a trial begins.

This is just a taste of the tricks of their trade (although I've posted a long reading list at badscience.net if your interest is piqued). Alongside these deep-rooted, systemic problems with the pharmaceutical industry, the single issue of SSRI antidepressants, and these new findings, becomes almost trivial. Biased under-reporting of clinical trials happens in all areas of medicine. It wastes money, and it costs lives. It is unethical, and it is indefensible. But most damning of all, it could be fixed in a legislative trice.