Nov 29, 2009

Smoking just not for computer giant Apple

COMPUTER giant Apple is refusing to honour warranties on broken machines belonging to smokers.

Apple has already declined to work on at least three machines in the US, claiming the insides were so heavily coated in tar and potentially poisonous substances they posed a health risks to technicians working on the machines.

Victorian work safety authorities said any employer had the right to prevent employees performing tasks considered hazardous to their health.

That potentially opens the way for other computer manufacturers as well as other industries to implement similar policies against smokers, with several Melbourne PC repair shops prepared to follow Apple's stance.

"I think it's quite possible this policy could spread to other industries, not only in terms of being a health hazard, but also in terms of a warranty issue," Paul Pritsis, of Another World Computer Centre in Coburg, said.

NSW hospital lost $24m, research at risk

A major Sydney hospital has been forced to review how it invests donations and grants after losing $24 million, putting research projects in jeopardy.

St Vincent's Hospital has admitted losing 30 per cent of $80 million invested in a trust fund during the global financial crisis.

The fund was made up of public donations, government grants and doctors' earnings.

The hospital released a statement on Friday confirming the loss but said it had received independent external advice which supported the "appropriateness of its investment decision".

"St Vincent's has, however, since reviewed its investment strategy ... to prevent a reoccurrence in any future market downturn and is now investing only in guaranteed major bank bills and deposits," the statement said.

"These losses are extremely disappointing for all of us on the St Vincent's Campus.

"We guarantee that no front line hospital services will be impacted by these losses."

But the Australian Salaried Medical Officers Federation's (ASMOF) NSW president, Tony Sara, has called for an investigation, saying hospitals cannot "gamble away vital funds".

He said staff had undertaken research on the understanding that the money was secure.

"The difficulty is when grants funds have been lost it is very likely that research projects will be prejudiced," Dr Sara told reporters.

"On the balance of probabilities you would have to say that some research projects are likely to be prejudiced."

He said among the money lost were doctors' personal earnings.

If those personal funds are not returned, he said ASMOF would pursue the matter in the Industrial Relations Commission.

Nov 28, 2009

New breed of products calculates risk ratings of PCs based on what files they contain

All computer security defense ultimately comes down to managing risk. Security admins implement various defenses, each of which should have its own cost/benefit analysis. The cost of the defense should not outweigh the estimated damage of the attack or exploit. For example, if buying anti-malware software for a 100 PCs costs $3,900 per year, but cleaning up the damage from a malware attack would cost only $2,000 per year, implementing the anti-malware software wouldn't make sense.

On the other hand, perhaps it would be reasonable to deploy anti-malware only on an external gateway server for the cost of $1,500 per year while being prepared to absorb the potential $250 cost of cleaning up a PC that gets infected by a USB storage stick. Computer security is rarely a binary decision -- it's shades of gray analyzed across the spectrum using risk analysis.

[ Learn how a rough economy creates opportunities for better IT security. | Tune in to the InfoWorld Security Central channel for the latest IT security news and reviews. ]

Lately, while working on several forthcoming product reviews, I've come across some software products that make risk assessment easier to visualize and to present to management. Probably the best example is Bit9's Parity whitelisting application-control program. Parity comes with a service that automatically recognizes 5 billion different files (according to Bit9) based upon their hash signature and other file attributes. Parity can recognize every relatively recent file made by Microsoft, Adobe, and Macromedia, as well as waves of lesser-known programs, including common hacking tools, such as Nmap, Pwdump, Cain & Abel, and so on.

Here's how it work: Parity first compares computers to a baseline "gold standard" image established by the administrator. As users install new software (or malware exploits), Parity is able to calculate a "drift" score for the computer. By accumulating all the drift scores for all the computers on the network, Parity can calculate an aggregate drift score.

Even better, Parity also calculates a file's threat risk. For example, if it were to find a new text editor, it would give the program a low threat rating, because it's unlikely to be involved with an exploit. But if Parity discovers an unauthorized peer-to-peer or popularly exploited program, that program's risk rating would be higher. And if it happens upon a hacking tool -- say pwdump, used to dump Windows password hashes -- that program would have a high risk rating, as would any identified malware program.

The trouble with S/MIME e-mail encryption

A few times a year, I recognize the need for a product where none exists because I hear multiple customers asking for it. This is one of those times. The products that an increasing number of my clients is looking for are e-mail scanning and archiving systems that can handle S/MIME-encrypted messages.

In a normal year, I visit 20 to 40 clients, ranging from small companies to Fortune 10, where I get to see what products they are using and how well these products work in a real-world scenario. Increasingly popular these days is the use of S/MIME and other e-mail encryption methods (such as PGP, proprietary Web mail portals, and so on) to protect e-mail both within the enterprise and externally. S/MIME isn't necessarily the best method to use, but it's a stable, open standard and probably the most common e-mail encryption method I've seen in use.

[ Die, unknown executable! Now that malicious programs outnumber legitimate ones, blocking the bad may give way to allowing the good. See "Test Center review: Whitelisting security offers salvation." ]

Every S/MIME customer I have goes through a few phases. First, they need to understand how it works. How do you turn it on? Who gets what keys? How are the keys distributed? What training will end-users need? How to automate its use? It's no small undertaking.

E-mailing in the dark
Often in the second phase, S/MIME ends up nearly crippling the company's normal e-mail functionality. S/MIME involves encryption, and when you encrypt e-mail, it is no longer searchable. At the very least, users can no longer retrieve past e-mails based upon message text keyword searches, although the e-mail subject line and some other information, such as file attachment name, may remain visible.

This may sound merely bothersome at first, but it becomes mission critical when you need that one single e-mail for proof in a disagreement. Some users respond by turning their e-mail subject lines into more descriptive headings that can be more easily found using keyword searches, but at some point, the sender begins to reveal information that should probably be protected within the S/MIME body.

Worse for today's computer security departments is the fact that S/MIME ends up defanging their anti-virus scanners, DLP (data loss prevention) tools, and e-mail archiving and retrieval systems. Outgoing S/MIME-encrypted e-mail can be anti-virus scanned before encrypting and sending, but it's more difficult to scan incoming S/MIME messages, where the scanning is done on a gateway or by an external service provider. Most of the risk from e-mail malware isn't from the stuff you send, anyway. It's from the stuff sent to you. If you use S/MIME and don't have client-side malware detection for e-mail, you now have a problem

New SSL attack can steal sensitive info from secure Web sites

A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.

Frank Heidt, CEO of Leviathan Security Group, says his "generic" proof-of-concept code could be used to attack a variety of Web sites. While the attack is extremely difficult to pull off -- the hacker would first have to first pull off a man-in-the-middle attack, running code that compromises the victim's network -- it could have devastating consequences.

[ Vendors have been scrambling to fix a serious bug in the Net's security. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The attack exploits the SSL (Secure Sockets Layer) Authentication Gap bug, first disclosed on Nov. 5. One of the SSL bug's discoverers, Marsh Ray at PhoneFactor, says he's seen a demonstration of Heidt's attack, and he's convinced it could work. "He did show it to me and it's the real deal," Ray said.

The SSL Authentication flaw gives the attacker a way to change data being sent to the SSL server, but there's still no way to read the information coming back. Heidt sends data that causes the SSL server to return a redirect message that then sends the Web browser to another page. He then uses that redirect message to move the victim to an insecure connection where the Web pages can be rewritten by Heidt's computer before they are sent to the victim.

"Frank has shown a way to leverage this blind plain text injection attack into a complete compromise of the connection between the browser and the secure site," Ray said.

A consortium of Internet companies has been working to fix the flaw since the PhoneFactor developers first uncovered it several months ago. Their work gained new urgency when the bug was inadvertently disclosed on a discussion list. Security experts have been debating the severity of this latest SSL flaw since it became public knowledge.

Last week, IBM researcher Anil Kurmus showed how the flaw could be used to trick browsers into sending Twitter messages that contained user passwords.

This latest attack shows that the flaw could be used to steal all sorts of sensitive information from secure Web sites, Heidt said.

To be vulnerable, sites need to do something called client renegotiation under SSL and also to have some element on their secure Web pages that could generate a particular 302 redirect message.

Many high-profile banking and e-commerce Web sites will not return this 302 redirect message in a way that can be exploited, but a "huge number" of sites could be attacked, Heidt said.

With so many Web sites at risk to the flaw, Heidt says he does not intend to release his code immediately.

From the victim's perspective, the only noticeable change during an attack is that the browser no longer looks as though it's connected to an SSL site. The attack is similar to the SSL Strip attack demonstrated by Moxie Marlinspike [cq] at a security conference earlier this year.

Leviathan Security Group has created a tool that Webmasters can use to see if their sites are vulnerable to a SSL Authentication Gap attack.

Because SSL, and its replacement standard, TLS, are used in a wide range of Internet technologies the bug has far-reaching implications.

Thierry Zoller, a security consultant with G-Sec, says that theoretically, the flaw could be used to attack mail servers. "An attacker can potentially highjack mails send over secured SMTP [Simple Mail Transfer Protocol] connections, even if they are authenticated by a private certificate," he said in an instant message interview.

Zoller, who has not seen Leviathan's code, said that if the attack works as advertized, it will be just a matter of days before someone else figures out how to do it.

"Wickedly fast" boots

Google sketched out more details Thursday about its Chrome operating system, which is slated to become available before the end of next year. Google said the project's initial target is to get Chrome OS up and running on the computing devices that depend most on Internet connectivity.

Chrome OS marks a radical departure from today's operating systems because all the applications and even the user's data Relevant Products/Services will reside in the cloud Relevant Products/Services, noted Google Vice President Sundar Pichai. "We are initially focused on netbook-like form factors with a color display and real keyboard," Pichai said, though the company eventually wants Chrome OS "to run on full laptops and desktops."

In Sync with the Cloud

Google touted the enhanced stability and security Relevant Products/Services that Chrome OS is expected to offer. For example, every time users restart their machines, the operating system will verify the integrity of its code and if it needs a fix or an upgrade, the appropriate version of the OS will download to the machine automatically.

"If your system has been compromised, it is designed to fix itself with a reboot," noted Caesar Sengupta, Google's group product manager. "While no computer can be made completely secure, we're going to make life much harder -- and less profitable -- for the bad guys."

Because of the changes that Google has made to the Chrome OS file system, all user data will become encrypted and synced back to the cloud, which offers security advantages, noted Engineering Director Matt Papakipos. So if the machine is lost, damaged or stolen, all the user's data is protected from theft and "will sync back to a new machine in a matter of seconds," he said.

Moreover, unlike traditional operating systems, Chrome OS doesn't trust the applications that users run on their machines. Instead, each app is contained within a security sandbox -- just like the Chrome web browser -- which makes it that much harder for malware and viruses to infect the computers running Chrome OS, Papakipos said.

All the software running on top of Chrome OS will consist of web applications exclusively. However, Pichai said Google will ensure that users have easy access to millions of web apps.

An Open Platform

Though the design emphasis is currently all about delivering great Internet connectivity, primarily over Wi-Fi, Chrome OS users won't necessarily need a wireless connection to use their machines.

"You also can cache video" and other data "locally so you can continue to work when you are not connected," Papakipos explained. Moreover, Chrome OS will boot "wickedly fast", which means it will "get you on the web as quickly as possible" whenever a wireless connection is within reach, Papakipos said.

Google said it's working directly with its OEM hardware partners to ensure that the products that emerge next year comply with all the hardware specs necessary for running Chrome OS. "We really want software to understand the underlying hardware so that it can run faster," Pichai said.

All development work on the Chrome OS project from now on will be done in the open and with the assistance of the open-source community.

"We are incorporating open-source products from many open-source community projects, including the Linux kernel," Pichai noted. And going forward, the Chrome OS code will be free, accessible to anyone, and open for contributions, he said.

Nov 27, 2009

Dubai heat felt around the world

 THE tip is that the company that led Dubai's spectacular growth, Dubai World, will be bailed out of its financial strife by black gold, with the richest member of the United Arab Emirates, Abu Dhabi, writing the cheque. Let's hope it happens, because a Dubai World collapse would send shock waves around the globe, not least in Australia.

It is the holding company for a stable of corporations that includes DP World, which owns port assets around the world and in this country has a comfortable niche alongside local competitor Asciano in the biggest container ports: Brisbane, Sydney's Botany Bay, Melbourne, Adelaide and Fremantle.

The Australian stevedoring assets were picked up in 2006 when DP World paid about $US6.8 billion for the P&O group. In that deal it also inherited extensive maritime operations, including port and shipping contracts with the Royal Australian Navy.

Separately, DP has teamed up with Chris Corrigan's Kaplan Funds management in Australian Amalgamated Terminals, a port joint venture with Asciano that handles general cargo and motor vehicles. The AAT joint venture was approved by the ACCC, but ACCC chairman Graeme Samuel would like to see a third player established in Australia's biggest ports alongside DP World and Asciano, and Queensland, NSW and Victoria are all planning to make it happen. DP World's problems are an unwanted complication.

Another Dubai World offshoot is Nakheel, the property developer that led the astonishing property boom in Dubai that has crashed so spectacularly (Dubai property prices are down about 50 per cent since the global crisis erupted), and is a joint-venture partner in the Middle East with Australia's Leighton Holdings.

Debts Dubai World is seeking to freeze in standstill agreements with its bankers reportedly include $US3.52 billion ($A3.8 billion) of Islamic bonds that Nakheel is due to repay on December 14.

Total debts in Dubai World are about $US59 billion, and while DP World said yesterday the Dubai Government had confirmed DP World and its debt were not included in the ''restructuring process'' Dubai World wants its bankers to agree to, the entire Dubai enterprise is under pressure.

Evidence of that comes here from the fact that Toll Holdings, the group that took over Corrigan's Patrick group and then spun it out into Asciano, has been contacted to see if it is interested in acquiring Dubai World assets in the region.

Assets on the block do not appear to include DP World's container ports, and Toll would not be interested in them anyway. Sources say, however, that Toll is examining the possible acquisition of DP World maritime assets.

If the group's Australian container port assets did shake loose, the list of buyers would be headed by overseas groups including the government-owned, acquisitive Port of Singapore. The big local player, Asciano, would be ruled out on competition grounds.

The theory in the markets is that the United Arab Emirates will not - cannot - let Dubai World go to the wall. Abu Dhabi, by far the largest UAE oil producer, injected $US10 billion into Dubai in February, and is expected to inject more. But the very fact that a state enterprise of Dubai World's mass has gone cap in hand to its bankers to seek a debt moratorium is something for the markets to chew on as they pause for Wall Street's Thanksgiving Day extended weekend.

One of the unspoken assumptions behind the worldwide sharemarket rally is the big shocks from the global financial crisis are known. Dubai is a reminder that shocks are still possible.

It was well known that the emirate's speculative property boom had busted, but the markets were not expecting its key state-controlled company to seek a debt moratorium. They pushed the cost of buying credit default swaps that provide insurance against Dubai defaulting on its debt up by more than 1 percentage point to 4.34 per cent in response. As of yesterday, Dubai was rated a worse credit risk than Iceland.

Nov 25, 2009

Our call centre is important to us

Like most horror stories, this one begins with an everyday setting where the familiar gradually gives way to the sinister.

The first harbinger of the pain to come, not recognised at the time, was a letter sent out to me and millions of other Australians on July 20 by Ramon Gregory, ''Executive Director, Customer Sales and Service'', at Telstra, Australia's largest service company. This places Gregory at the centre of an enormous commercial machine, with huge databases, thousands of operators in call centres, and billions of customer inquiries recorded with Orwellian efficiency.

A study of the conditions in call centres conducted by Ruth Barton of RMIT University, released last week, found high stress levels and oppressive management control, as call centres field an average of 16 million calls a day.

Ramon Gregory's letter was also oppressive. It announced that people who paid their Telstra bill by return mail, or in person, or by credit card, would in future be charged a $2.20 ''payment administration fee''. He suggested various ways to avoid the fee, which actually did not avoid the fee at all. The letter was so infuriating and so poorly drafted that Telstra customers made their displeasure known in an outbreak of spontaneous combustion. Telstra rescinded the fee earlier this month.

But the company's latent aggression remains. Last Wednesday, my internet service was cut off by Telstra even though I have paid my bills on time, year-in, year-out, with a Telstra home phone account, and a Telstra cable account, and a Foxtel account. My bank statement shows Telstra banked my latest cheque on October 19. I had assumed I would be treated as a valued customer and notified before any drastic, summary action took place. How naive.

Telstra has shown, repeatedly, that it does not grasp the concept of political and consumer blowback. That's why the Rudd Government is destroying Telstra's market value, and why I have the Telstra support number, 133 933, programmed into my mobile phone, because losing service is part of the Telstra experience.

When I called Telstra's inquiry number at 9am last Wednesday, I got a ''consultant'' called Craig. When he turned out to be a drama queen, I began taking notes.

When I suggested that Telstra should have contacted me before taking such draconian action, given my long history of reliability, Craig threw a tantrum.

''You can't expect us to send out 50,000 notices to people,'' he said.

Yes, I do. It's part of the service.

''You have to step up to the plate!'' Craig replied. ''It's your responsibility!'' I asked him why he was treating me like a retard. He directed me to ''credit management''.

I called credit management and got a message: ''All our operators are busy. You have been placed in a queue.'' I was not surprised.

A heavily-accented young man came on the line and gave his name as ''Matt''. I realised I had been directed to a call centre in India when Matt insisted my name was not Sheehan. After he had called me ''Mr Goodhope'' three times I hung up.

The next operator was ''Beau''. He, too, was Indian, and simply not coherent. I politely abandoned the call and tried again.

Next on the line was ''Chari'', another Indian. He was the first person I could describe as pleasant and competent that day. He set up a direct debit payment system for future bills, took care of the small outstanding amount, and thanked me for the call, the first of the five Telstra operators to do so. He said my service would be quickly restored.

It was not. It was still blocked the next day. And so the merry-go-round resumed. I was directed to technical support, because the billing department said there was no problem. A technician told me to switch off my modem and then try again. That did not work.

I called the original number again. Another heavily accented operator eventually responded. Her name was ''Marie''. ''Are you in Australia?'' I asked. ''No,'' she replied.

She told me I could not have my service restored because my account had not been paid. ''You need to speak to the billing department.''

I told her I had spoken to the billing department at great length. She was adamant.

I called the billing department and Kirsty came on the line. She was working from a call centre on the Gold Coast. When I explained that she was the eighth person I had spoken to in two days, and my account was fully paid, she put me on hold and got someone further up the food chain. When she came back, she said the problem was a ''shadow'' payment system, which was showing my account to be inoperative. Kirsty was a pleasure to deal with, and restored my service.

The real problem was not the shadow payment system. It was the incompetent Indian call centre operators, and it was Telstra's attitude towards its customers. Nothing of my experience will show up on Telstra's key performance indicators.

And Ramon Gregory, it turns out, is yet another American brought in to run Australia's service giant. That explains his tin ear. I received another letter from him on Friday: ''Telstra is reinventing the home phone,'' he proclaimed. He was selling an upgrade called the Telstra T-Hub. I'm interested in going in exactly the opposite direction - getting rid of the Telstra fixed line altogether. And that's just the start.

By the standards of global telco giants, Telstra is an efficient, productive enterprise, but you have to ask at what cost to us, the people who used to own the company, and are now the company's serfs?

Alzheimer's set to soar

HALF the Australians born this century will reach their 100th birthday, a leading researcher says. But many of them will be suffering from Alzheimer's disease.

Tony Broe, scientific director at the Ageing Research Centre at the Prince of Wales Medical Research Institute, said that by 2050 Australia will have 1.3 million people aged over 85, a 400 per cent increase on the current 400,000.

''We're going to see a huge jump in the number of people diagnosed with Alzheimer's and Parkinson's diseases, and suffering both diseases at once,'' he said.

The national conference of the Australian Association of Gerontology, which starts today in Canberra, will examine the ramifications of the ageing population.

Professor Broe, the past president of the association, said there were no breakthroughs on the horizon for the treatment or prevention of Alzheimer's disease.

He said people could not prevent Alzheimer's by taking up bridge in their 80s. Improved education for everyone from infancy would help delay the average age of onset of Alzheimer's, and keeping an active mind in mid and later life was important.

No wonder Facebook can't manage security

 DEVELOPERS and marketers are up in arms over persistent technical problems with social networking platform Facebook.

Since October, software developers have been complaining about their Facebook applications not loading properly on most browsers.

In turn, the developers have had to handle complaints from clients who've had their Facebook marketing or advertising campaigns stalled.

Developers have highlighted a series of bugs to Facebook but no clear end is in sight.

"Facebook developers like us are very frustrated and have taken large volumes of support calls from users who are wondering why applications are suddenly failing without warning," said Ken Tan, managing director of Enterprise Glue.

Nov 24, 2009

The market has rejected Linux desktops. Get over it

I’ve been running Linux on PCs since 1998, when Red Hat still cared about the desktop and Mandrake was supposed to be the distribution that was going to bring Linux to the masses. That was also about the time that the mainstream media got infatuated with the story of the free operating system from the Finnish hacker that was going to bring down Microsoft Windows.

Spoiler alert: I’m going to give away the ending now. It never happened. In the decade since it was first proclaimed as the “Windows killer,” Linux on the desktop has made virtually no progress in real adoption numbers. According to market share trackers (based on real PC activity and not just sales) such Net Applications, StatCounter, W3Counter, and others, the market share of Linux has been hovering around just 1-2% of total PC operating system installations for a decade.

Even in the past two years since the netbook phenomenon began with Linux as its primary OS, Linux market share has failed to make a major jump. The chart below, based on Internet visitors tracked by Net Applications, shows the trajectory of Linux desktop market share over the past 24 months.

Notice that Linux market share got a little bit of a bounce (mostly from netbook sales) in the first half of 2009 but has been dipping since then. Even so, the top line here is the 1% market share threshold, so the peaks and valleys are pretty insignificant when viewed from the perspective of the larger desktop OS market.

Despite this consistent evidence that Linux desktops were going nowhere, pundits, analysts and Linux enthusiasts have been repeatedly predicting that Linux was on the verge of a breakthrough on the desktop. At the end of nearly every year, some writer or publication has prognosticated that the following year would be “The year of the Linux desktop.” Here’s a quick selection of these Linux prophecies:

    * 2009: Year Of The Linux Revolution (FastCompany)
    * 2009: Can Ubuntu Linux become a Windows killer? (TechTarget)
    * 2008: Linux’s year on the desktop (ZDNet)
    * Is 2008 the Year of the Linux Desktop? (Linux Magazine)
    * 2007: Forrester Calls Desktop Linux a Credible Threat to Windows (eWEEK)
    * 2006: The year of desktop Linux? (GCN)
    * 2005 will be the year of the Linux desktop (Express Computer)
    * 2004: The Year Linux Grows Up or Blows Up (eWEEK)
    * Linus Torvalds Says 2004 is the Year for Desktop Linux (Slashdot)

Desktop Linux: What happened?

Why hasn’t Linux succeeded on the desktop? There are several simple reasons:

   1. It’s still too much of a pain - While Ubuntu has made Linux much, much easier, it’s still not quite as easy to hook up a new printer, connect a digital camera, or manage your work calendar, for example, as it is on Windows. Plus, on the other end of the spectrum, Mac is even easier than Windows for most tasks and it has the same Unix underpinnings as Linux. As a result, in the last few years a lot of the hard-core techies who are the primary candidates for Linux have instead jumped to Mac OS X as a Windows alternative.
   2. The divide and fail strategy - The energy behind the Linux desktop movement has been divided up between a lot of different players, from Red Hat to SUSE to Ubtuntu to Debian at the software level to hardware players such as IBM and Dell at the PC level. A decade ago, the thought was that the force of Linux attacks from multiple angles would ultimately outflank Microsoft Windows. Instead, it has diffused the force behind Linux and dulled its attack from a marketing perspective.
   3. Not enough innovation - The primary value proposition for Linux is that it’s just as good as Windows - or at least “good enough” - and costs a lot less. Occasionally, you’ll hear that Linux is more secure or more stable than Windows - which can be true, but that’s mostly based on its Unix foundation. But, what innovative features has Linux brought to the world of desktop operating systems? The only one I can think of is the desktop manager / virtual desktop (which Mac OS X eventually adopted as its “Spaces” feature). The technology industry (and the consumers and businesses that support it) are still driven primarily by innovation, and the Linux development community has spent too much time trying to copy Windows and not enough time innovating on its own OS.
   4. Businesses want someone to blame - As my colleague Bill Detwiler says, IT professionals prefer to have someone to point the finger at when critical systems blow up and it leads to lost revenue or productivity. If you have Windows desktops (or even Mac), you’ve got a big target to point your finger at if you’re having a PC software problems, and someone predictable to call to help figure it out. On the other hand, if your IT department went with Linux desktops then you’d be going out on a limb. If something goes wrong - like users losing productivity from incompatible software - the finger could get pointed back at the IT leader who made the decision to take a non-standard Linux approach, since there’s no big software vendor to blame it on. In other words, Linux can expose IT leaders to more risk.

What about Google Chrome OS?

Now we’ve got Google Chrome OS being hailed as the latest savior of the Linux desktop. Google is taking a very different approach than Ubuntu or SUSE. The search giant is taking its Chrome Web browser and turning it into Web-only OS that will boot instantly, rely solely on Web apps, and drastically minimize local storage.

The Chrome OS will technically have Linux as its foundational software but it will not allow users to install Linux applications or even get to the Linux command line. It will be a non-standard, custom Linux kernel that serves only to boot the Google Chrome Web browser as quickly as possible.

Chrome OS is an intriguing concept and it will be one of the first big tests of the extent to which consumers and businesses are ready to accept the paradigm shift to cloud computing. However, it’s a concept that’s probably still several years ahead of its time and unlikely to make a major impact on the PC market in 2010. It’s also a little spurious to call Chrome OS part of the Linux desktop movement since the only thing it really does for Linux is to strip it down and get it out of the way.
Bottom line

It’s time to stop all of the misguided predictions about Linux becoming a force on the desktop. That ship has sailed. The masses don’t want it. Businesses don’t want it. Even Google can’t change that.

Linux is still building major momentum in servers and mobile devices. In the data center, Linux is replacing lots of Unix servers and is more than holding its own head-to-head against Windows servers. In mobile, Linux quietly serves as the underpinning for both Google Android and Palm webOS, the two platforms that pose the biggest challenge to the incumbents in the smartphone market. However, on the desktop, it’s time to just admit that the market has rejected Linux.

Government overhauls national cyber security arrangements

BUSINESSES on the cyber frontline will get more direct help as the federal government bolsters national defences against increasing online espionage and attacks on critical infrastructure.

"Many online threats are surreptitious and insidious, and the perpetrators are more inventive in their tricks," Attorney-General Robert McClelland said last night, unveiling a cyber-security strategy that positions e-security as a top priority.

"There are clear links to organised crime syndicates and the intelligence services of foreign governments.

"And while it is important to protect individual users this is also a matter of national security."

Mr McClelland said the plan was to help businesses maintain resilient computer systems to protect both their operating capacity and customers' information, and to boost the security of government agency systems, which held citizens' data.

Start of sidebar. Skip to end of sidebar.

End of sidebar. Return to start of sidebar.

The new government-owned Computer Emergency Response Team -- CERT Australia -- will become the single contact point on cyber security issues, locally and for international agencies.

Attorney-General's Department national security resiliency division head Mike Rothery said CERT Australia would take over and expand the work formerly done by GovCERT on information sharing with private firms.

CERT will draw on the expertise of AusCERT, the University of Queensland-based independent technology security unit that has provided CERT services for subscribers for 15 years, for everyday alerts and operational support.  "We have approached AusCERT to provide a range of services to support the new national CERT under contract, and those arrangements are being finalised," Mr Rothery said.

"We're not intending to charge for any of our services, but the determining factor for the level of services provided (to individual companies) will be based on a national security risk assessment.  "Some of the things AusCERT currently does will be funded by us, and we will provide those services free of charge to everyone.

"But where we believe a company faces a higher degree of risk from a national interest perspective, then they will receive more intensive assistance from us.  "So, the level of support won't be based on people's capacity to pay, but rather the overall risk."

Mr Rothery said some firms paying for commercial services may find they get a similar service from CERT Australia at no cost, while others "may find we can only give them reasonably basic support".   "If people want specific phone-based assistance to clean up their networks, they'll have to go to a private provider," he said.

Meanwhile, the strategy confirms distributed denial-of-service attacks have disrupted systems critical to the national interest, such as the financial sector, while a growing array of state and criminal actors are "compromising, stealing, changing or destroying information" on local networks.

"The distinction between hackers, terrorists, organised crime syndicates, industrial spies and foreign intelligence services appears to be blurring," it says.

"Systems of national interest today go beyond traditional notions of electricity grids, water supply, transport and telecommunications to include networks of high economic value, such as those that support electronic transactions, hold sensitive intellectual property such as patents or commercial data associated with international trade negotiations."

What is an IPS, anyway?

During Network World's recent Security Technology Tour, we received a lot of questions about intrusion-prevention systems. The problem is that there is little agreement on what an IPS really is.

The security experts on the tour agreed on one thing: An IPS must be inline. That is, packets have to move through the IPS to prevent intrusions. While the idea of resetting connections and changing firewalls is a good interim step, enterprise-class intrusion prevention will require that the IPS handle packets, dropping them when something is wrong.
The Executive Guide to Data Loss Prevention: Download now

A second assumption about IPS is that it is a "permissive" technology. In other words, an IPS will drop a packet if it has a reason to, but the default behavior is to pass traffic along. In contrast, a firewall is a "prohibitive" technology: It lets a packet through only if it has a reason to.

Obviously, firewalls are also intrusion-prevention devices. Some experts say that all IPS vendors are talking about is what firewalls should be doing. But the difference in the orientation of these technologies suggests that they are not the same.

Related Content

        * Use Twitter or Incite a Riot and Get Arrested
        * Open source no panacea for e-health
        * Spotify launched on Symbian smartphones
        * Buyers Guide to Endpoint Protection PlatformsWHITE PAPER
        * Report: News Corp and Microsoft Plot Anti-Google Pact

        * Underwhelmed By Chrome OS? That's Kinda the Point
        * Brin: Two Google Operating Systems May Become One
        * ImageAnalyzer
        * Will Chrome Breed Copycats? Internet Explorer OS, Anyone?

    View more related content

Get Daily News by Email

More importantly, because they are different, you can use a firewall or an IPS or both at any point in your network. At the perimeter, it's reasonable to expect that a firewall also will have an IPS built in. But at the core of the network, inline IPS might be built into switches and routers.

How do you convince purse holders to buy into IPS? There's no easy answer to that. The "fear factor" approach can be useful. Make the decision-makers afraid. Point out the new legislation regarding liability. And perhaps you'll see the money start to flow. But that's not a long-term solution.

For some, an IPS can be justified on the "nuisance factor" instead. By blocking the thousands of Code Red and MS-SQL Slammer attacks coming into the network every hour, the load on the firewall is lightened, the Internet connection is faster and the Web server logs are easier to analyze.

For others, IPS justification will have to be part of a larger program of security, justified on the basis of traditional ROI analysis.

What's clear from tour attendees is that wrapping a firewall around the perimeter is no longer sufficient to meet the needs of modern networks. Technologies such as IPS need to be pushed into the network, not just at the edge, but throughout the entire infrastructure.

Hackers leak emails, stoking climate debate

Computer hackers have broken into a server at a well-respected climate change research centre in Britain and posted hundreds of private emails and documents online - stoking debate over whether some scientists have overstated the case for man-made climate change.  The University of East Anglia, in eastern England, said in a statement Saturday that the hackers had entered the server and stolen data at its Climatic Research Unit, a leading global research centre on climate change. The university said police are investigating the theft of the information, but could not confirm if all the materials posted online are genuine.

More than a decade of correspondence between leading British and US scientists is included in about 1000 emails and 3000 documents posted on websites following the security breach last week.  Some climate change sceptics and bloggers claim the information shows scientists have overstated the case for global warming, and allege the documents contain proof that some researchers have attempted to manipulate data.

The furore over the leaked data comes weeks before the UN climate conference in Copenhagen, when 192 nations will seek to reach a binding treaty to reduce emissions of carbon dioxide and other heat-trapping greenhouse gases worldwide. Many officials - including UN Secretary-General Ban Ki-moon - regard the prospects of a pact being sealed at the meeting as bleak. 
In one leaked email, the research centre's director, Phil Jones, writes to colleagues about graphs showing climate statistics over the last millennium. He alludes to a technique used by a fellow scientist to "hide the decline" in recent global temperatures. Some evidence appears to show a halt in a rise of global temperatures from about 1960, but is contradicted by other evidence which appears to show a rise in temperatures is continuing.

Jones wrote that, in compiling new data, he had "just completed Mike's Nature trick of adding in the real temps to each series for the last 20 years (ie, from 1981 onwards) and from 1961 for Keith's to hide the decline," according to a leaked email, which the author confirmed was genuine.

One of the colleague referred to by Jones - Michael Mann, a professor of meteorology at Pennsylvania State University - did not immediately respond to requests for comment via telephone and email.

The use of the word "trick" by Jones has been seized on by sceptics - who say his email offers proof of collusion between scientists to distort evidence to support their assertion that human activity is influencing climate change.  "Words fail me," Stephen McIntyre - a blogger whose website challenges popular thinking on climate change - wrote on the site following the leak of the messages.

However, Jones denied manipulating evidence and insisted his comment had been taken out of context. "The word 'trick' was used here colloquially, as in a clever thing to do. It is ludicrous to suggest that it refers to anything untoward," he said in a statement Saturday.

Jones did not indicate who "Keith" was in his email.  Two other American scientists named in leaked emails - Gavin Schmidt of NASA's Goddard Institute for Space Studies in New York, and Kevin Trenberth, of the US National Centre for Atmospheric Research, in Colorado - did not immediately return requests for comment.

The University of East Anglia said that information published on the internet had been selected deliberately to undermine "the strong consensus that human activity is affecting the world's climate in ways that are potentially dangerous."  "The selective publication of some stolen emails and other papers taken out of context is mischievous and cannot be considered a genuine attempt to engage with this issue in a responsible way," the university said in a statement.

Nov 23, 2009

Proven, comprehensive protection for virtual servers

Security risks to virtual servers extend beyond those of physical systems to include virtualization-specific risks. For comprehensive protection for virtual servers, turn to the industry’s most complete and scalable security solution with integrated, centralized management, so that your enterprise can safely benefit from virtualization.


    * Protect your investment in virtualization
      Protect and enforce security policies across physical and virtual environments to guarantee virtualization's ROI in energy savings, lower capital costs, and hardware utilization.
    * Rely on strong proven protection
      Protect your virtual servers with proven anti-virus, anti-spyware, and intrusion prevention, using the award-winning McAfee scanning engine that proactively stops and removes threats, extends coverage for new security risks, and reduces the cost of managing outbreak responses.
    *  Keep offline virtual images secure
      Ensure that offline system images pose no security threat when brought back online, and reduce the time and effort previously spent on installing security patches and updates.
    * Avoid business interruptions
      Reduce your exposure to zero-day attacks, fend off new exploits, and save time with automatic vulnerability shielding to protect business productivity.
    * Lower management costs and improve visibility
      Deploy a single console across multiple security products, reducing costs and complexity, so that when threats and regulations change, policies can be updated quickly, accurately, and consistently.
    * Simplify internal and regulatory compliance
      Make it easier for your enterprise to meet reporting and auditing requirements and prove to all stakeholders that security measures are in place for internal and regulatory compliance.


    * On-access scanning for spyware and malware
      Prevent malware, rootkits, spyware, bots, Trojans and other unwanted programs from installing and spreading; McAfee technology examines threat behavior and quickly stops known and undiscovered threats before they can compromise your security.
    * Protection for offline virtual images
      Eliminate frantic patching and updating by automatically scanning, cleaning, and fully securing virtual images with updated signatures while offline, to ensure that the system images pose no security threat when brought back online.
    * Zero-day threat protection
      Block unwanted activity and proactively protect against known and unknown threats. This solution combines signature and behavioral intrusion prevention system (IPS) protection with a stateful firewall and application control.
    * Access protection rules
      Prevent changes to files, registry keys, and utilities within virtual machines, and McAfee's patented behavior-based technology prevents hackers from inserting malicious code into systems during buffer-overflow attacks.
    * Single management console
      Keep protection up to date, configure and enforce compliance with protection policies, and monitor security status 24/7, all from one centralized, web-based console
    * Compliance verification
      Use robust and flexible policy auditing capabilities to find and report vulnerabilities, service misconfigurations, and policy violations on all your endpoints.

De-Google and BING!

MICROSOFT and News Corporation are in talks about a plan that would see News being paid to "de-index" its news websites from Google.   A person familiar with the situation said the impetus for the discussions came from News, a Financial Times report said. Microsoft had also approached other online publishers about removing their sites from Google's search engine.

The interest by Microsoft puts pressure on Google to start paying for content, the FT said on its website.  It quoted a website publisher as saying the plan “puts enormous value on content if search engines are prepared to pay us to index with them”.  News Corporation, chaired by Rupert Murdoch, owns Dow Jones & Co.

The Wall Street Journal, also referring to people familiar with the matter, reported that the discussions News has had with Microsoft could result in News removing its newspaper content from Google’s search engine, while making it available on Microsoft's online properties.

E-health can bring $28bn in benefits: business council

A LEADING business lobby group is calling on the federal government to implement a national e-health strategy that would bring benefits of nearly $28 billion in its first eight years.  In a letter sent to Prime Minister Kevin Rudd last month and released on Monday, the Business Council of Australia (BCA) says using communication technology to improve the flow of health information is key to a more efficient health system.

But the letter from BCA chief executive Katie Lahey says e-health "will require national leadership and commitment to investment in national infrastructure to make it happen".  To make e-health efficient will require both private and public investment, the group argues.

"But before business can begin to invest, state and federal government must commit to making their own investments in the national infrastructure.  "Governments must also commit to invest in connecting public health providers to realise the potential benefits for patients and the sector." A paper supporting the letter estimates e-health benefits of $27.8bn in the first eight years of implementation, outstripping the $6.3bn investment over five years.

Nov 20, 2009

DNS survey shows significant risk to the internet

The survey results indicate that there has been a mass proliferation in the percentage of external name servers that allow open access to intruders. These external servers depict a major risk to the Internet because they can be used as vehicles of malice to implement distributed denial of service (DDoS) attacks.

Cricket Liu, vice president of architecture at Infoblox and author of O'Reilly & Associates' DNS and BIND, DNS & BIND Cookbook, elaborated.

"Of particular interest is the enormous growth in the number of Internet-connected name servers, largely attributable to the introduction by carriers of customer premises equipment (CPE) with embedded DNS functionality,” Liu said. “This equipment represents a significant risk to the rest of the Internet, as without proper access controls, it facilitates enormous DDoS attacks."

DNS Servers are network infrastructure that define domain names to IP addresses and route Internet queries to the correct location. Domain name resolution is essential to complete any Internet request. If an enterprise’s DNS system is subjected to attack, the results could be catastrophic causing loss of its web presence, inability of employees to access external web services and redirection of web and mail traffic to malicious sites. The last will result in data loss, identity theft, ecommerce fraud and much more.

The fifth annual DNS survey covered five percent of the IPV4 addresses -- or nearly 80 million web addresses. It assigned positive, negative and neutral ratings to various results achieved.

Sketchy details on restrictive DoCIS modems

After rival Telstra claimed it was launching "Australia's fastest broadband network" earlier this week, Optus has come out saying it too will upgrade its hybrid fibre-coaxial (HFC) cable network in three capital cities.
While details are scarce at this stage, an Optus spokesperson told Computerworld its HFC network upgrade to DoCSIS 3 would take place in Sydney, Melbourne, and Brisbane.
The announcement comes hot on the heals of Telstra saying it will upgrade its HFC network in Melbourne on December 1 in a move to increase speed and bandwidth for multiple users within households.
Tesltra said the upgrade will be able to provide download capacities of up to 100Mbps and increase upload capacities to 2Mbps for nearly 1 million homes.
Meanwhile, AARNet is to launch a supercharged file transfer service, CloudStor, capable of transferring files hundreds of gigabits in size via the organisation's high-speed academic network. The service, due to go live in early 2010, is designed to encourage greater collaboration between research and academic organisations through faster transfer of large data sets such as medical, gene sequencing, and synchrotron imaging and academic presentations.

Nov 18, 2009

Cashing in on banking security and compliance

With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions that protect sensitive financial information along with their reputations and industry competitiveness.

In today’s digital world, critical financial data - including social security numbers, bank account information, payment card numbers, and other highly confidential information - is being sent back and forth between businesses and individuals at speeds faster than anyone ever thought possible.

While this information exchange allows financial institutions to deliver higher levels of service and capitalize on emerging growth opportunities, it also leaves them vulnerable to security breaches and data leaks.

Cyber warfare 'now a reality' with United States and Russia armed

A wave of politically-motivated cyber offensives this year – such as attacks on the White House and the US Department of Homeland Security – show that the international arms race is now moving online, a study claims.

The report warns that cyber strikes could have a "devastating" impact on national infrastructure with power grids, water supplies and financial markets all at risk.

While the potential of online warfare has long been talked up, the Virtual Criminology Report released by the web security firm McAfee claims that it is now moving from science fiction to fact.

France, Israel and China are among the countries known to have cyber weapon programmes, according to Paul Kurtz, the former White House adviser who complied the study based on interviews with more than 20 experts.

“McAfee began to warn of the global cyber arms race more than two years ago, but now we’re seeing increasing evidence that it’s become real,” said Dave Dealt, president of McAfee.

“Now several nations around the world are actively engaged in cyber warlike preparations and attacks. Today, the weapons are not nuclear, but virtual, and everyone must adapt to these threats.”

The infrastructure of most developed nations is connected to the internet and vulnerable to hackers because of insufficient security controls, the report warns.

Companies will also be caught in the crossfire of future cyber wars between governments because so many essential services are privately run, it advises.

Last month a congressional advisory panel in the US warned that China appears to be using the growing technical abilities to collect US intelligence through a sophisticated and long-term computer attack campaign.

Nov 17, 2009

Common chemicals making boys soft

A US study has come to the conclusion that chemicals used to soften up household items may also be making a new generation of soft blokes.
Phthalates are used on household items and are present in processed food. New evidence suggests boys who were exposed to high levels of the chemicals in utero are less masculine.

It is a finding which has implications not only for pregnant women, but society at large.
Phthalates are chemicals which are used to soften up many household items such as flooring, furniture, wall coverings, shower curtains, soft toys and carpet backing.
Professor of obstetrics and gynaecology at the University of Rochester in New York, Shanna Swan, says some phthalates inhibit testosterone production during pregnancy.
Professor Swan measured phthalate levels in 145 pregnant women, and those who had boys then filled out a scientifically-recognised survey designed to show how male-typical their son's behaviour is.
Professor Swan says she found a direct correlation between phthalate exposure and masculine behaviour.

Nov 16, 2009

Money metrics on marriage and misery

WHAT'S a marriage worth? To an Aussie male, about $32,000. That's the lump sum Professor Paul Frijters says the man would need to receive out of the blue to make him as happy as his marriage will over his lifetime. An Aussie woman would need much less, about $16,000.

But when it comes to divorce, the Aussie male will be so devastated it would be as if he had lost $110,000. An Aussie woman would be less traumatised, feeling as if she had lost only $9000.

Recently named this year's Best Australian Economist under 40 by the Economic Society of Australia, the Queensland University of Technology professor knows this because he has been mining a unique set of data that has tracked the happiness and major life events of about 10,000 Australians once a year since 2001.

''These are real people to whom unexpected things happen. They weren't selected because these things would happen, and we can compare their happiness before and after,'' Professor Frijters told the Herald after presenting his findings at the Australian National University.

Asked to describe how satisfied they are with their lives on a scale of 0 to 10, the Australians surveyed most often use the number eight, but the answers change after (and sometimes in anticipation of) major life events and also after sudden changes in income.

That has enabled the professor to put dollar values on the effects on happiness of major events such as marriage, divorce and birth, or as he puts it to calculate their ''psychic costs'' or ''psychic benefits''.

The birth of a child turns out to bring both. It makes parents the happiest before it happens and then after some months slightly less happy than they would have been without the birth, which is why Professor Frijters puts low dollar values on the lifetime boost to happiness that flows from a birth - for the mother around $8700, for the father $32,600.

''Losing a loved one has a much bigger effect than gaining a loved one. There's a real asymetry between life and death,'' he says. ''This shouldn't surprise us. Human beings seem primed to notice losses more than gains.''

The death of a spouse or child causes a woman $130,900 worth of grief, according to Frijters's calculations. It costs a man $627,300.

''This isn't the value of the life that's lost. That would be much higher,'' he says. ''This is just the effect on the happiness of one person flowing from a death.''

Asked why his calculations show men much more affected by life's events than women, Professor Frijters says he doesn't know. ''But it does tend to give me confidence in the calculations. We know, for instance, that marriage improves the lives of men much more than women.''

Some of the results fit in with stereotypes. Women get a psychic boost of $2600 from moving house. Men suffer psychic pain of $16,000.

Professor Frijters's dollar figures are lower than those arrived at by other methods. He says that is because he finds that money has a greater effect on happiness than previously thought.

''Losing or gaining money can offset the effect of other life events quite well, and that is what we are formally looking at - the amount needed to offset an event or keep someone happiness-neutral,'' he says.

Insurance companies and lawyers take a keen interest in the research, he says, because of the need for dollar compensation.

In their sites

AN EXPERIENCED detective was furious when he spotted a criminal he had arrested years earlier loitering near his eastern suburban home. He grabbed the man and whispered, ''Before I take you to hospital after you seriously injure yourself, you'd better tell me how you found where I live.''

The stalker, who quickly lost interest in any revenge plans, said: ''Your daughters are on Facebook.''

Welcome to the cyber world, where privacy is as outdated as whalebone corsets.

One of Australia's biggest private detective agencies now employs staff in Melbourne and Sydney to troll through Facebook and MySpace sites to search for leads on people who have tried to disappear to avoid mounting debts.

And employers are exploring sites to check the profiles of prospective staff. One university student who has appeared regularly on a reality television program wisely removed a series of pictures showing a different side of his character.

Police are now dealing with the crime backwash generated from surfing the web, and many detectives believe the internet is eroding community standards. The new trends have forced police to set up a specific internet division within the sexual crimes squad.

The team uses undercover tactics to trap men who target teenage girls on chat sites. They have arrested and convicted cyber-stalkers as old as 40 who have tried to procure under-age girls by befriending them through the web.

Police and adolescent developmental experts have found teenage boys and girls are creating false and dangerous images of themselves through online profiles.

One experienced investigator describes it as the ''cult of the self-obsessed''. The detective says police are now starting to deal with teenagers who have grown up with mobile phone cameras and who have taken hundreds of pictures of themselves since they were six or seven years old. They post online details of their lives, from the mundane to the intimate, with little concern or understanding of the possible consequences.

The investigator says police are routinely finding teenage girls posting provocative comments and photos of themselves on the web. ''We see comments and you wouldn't know if the writer was 13 or 30,'' he says. He says the girls can portray themselves as sexually experienced in a bid to establish an edgy image. ''It is all make-believe but it can create a false image that comes back to bite them.''

One counsellor says girls from an exclusive Melbourne girls school have taken pornographic photos of themselves and posted them to their boyfriends. The pictures have then been forwarded to an unknown number of teenage boys leaving the girls' reputations in tatters.

Detectives are becoming increasingly alarmed at the sexually threatening nature of postings by some teenage males. Police were forced to close down a Facebook site set up to support two young footballers charged with rape after a team trip to Phillip Island. Up to 700 people joined the site that offered support to the accused teenagers, even though the case is yet to be heard in court.

Last week, The Age revealed a so-called ''pro-rape'' site, dominated by male students from the University of Sydney's St Paul's College, that had to be shut down.

Mainstream media now check Facebook and similar personal pages to provide information on suspects and victims in high-profile crimes. When Maria Korp was found slowly dying in the boot of a car near the Shrine of Remembrance in February 2005, the media soon exposed her private sex life after her and her husband Joe's profiles were found on a swingers' site.

As she lay in hospital for six months on life support, she was unaware her private sexual preferences had become very public property.

Joe Korp's mistress, Tania Herman, was sentenced to a minimum of nine years' jail for attempted murder. The two lovers had met through the internet.

Herman maintains Korp seduced her with a plan to manipulate her into killing his wife. Korp committed suicide in bizarre circumstances, hanging himself in the family garage after he completed a one-hour video autobiography that he wanted to sell to the media. Even the car his wife was concealed in after she was bashed and strangled was later put up for sale on the internet.

The managing director of one of Australia's largest private investigations firms, Mark Grover, says Facebook is now the major tool used to find people who dodge debts. His company now finds between 30 and 40 bad debtors a week through internet profile sites and social pages.

''It may be the person keeps their head down, but we can find them through their children or friends. They often leave a cyber trail though their social and family connections.''

Grover says there is also a trend for criminals and the mentally disturbed to use the internet to track people they want to stalk. ''If they are technologically savvy, they put all their energy into tracking the people they want to find.''

In one case under investigation, he says a Melbourne man used the internet to identify the home address of a high-profile singer, ''and is turning her life into a misery''.

According to Grover, young people post fantasy material about themselves on their sites unaware it could damage their reputations and harm their employment prospects.

''Most of our staff have nothing to do with these sites because they see the damage that can be done.''

One woman poured out her frustration and dislike for her boss on her Facebook page, having forgotten she had previously added him as a friend. ''She received a message to come in and collect her things after he read it,'' Grover says.

The head of the sexual crimes squad, Detective Inspector Glen Davies, says parents need to spend time discussing rights and responsibilities with their teenage children as the break-up party and schoolie season begins this month.

''Many of the victims and offenders we deal with are just young people who have been caught up in events that have tragic consequences for everyone. Young men should re-acquaint themselves with the concept of respect. Rape is an incredibly serious criminal offence. I cannot overstate this. We meticulously investigate all cases and will bring about charges against those who are found to be offending.''

In Victoria, rape carries a maximum penalty of 25 years. Assault with intent to rape has a penalty of up to 10 years.

Davies says that in some incidents young men fall into a pack mentality and appear to behave out of character or remain passive as they see events spin out of control. ''Young people, particularly men, need to consider their own behaviour and the way they treat women. Often these situations occur in group environments and young men need to take a strong moral stance and speak out to their mates and put a stop to their actions.

''What we are commonly seeing is young girls, who have often been drinking alcohol, being targeted by young men. Quite often these young women are incapable of giving consent and in some instances are being intimidated by large groups of men and taken advantage of because of their vulnerable state.''

He says male teenagers need to comprehend there can never be an excuse for sexual assault and they will be held responsible for their actions.

Melbourne adolescent psychologist Dr Michael Carr-Gregg says there has been a substantial and worrying change in the behaviour of teenagers in recent years. ''There is no doubt that 13 and 14-year-olds are doing things that were not happening 10 or 20 years ago.''

He says many teenagers have unfettered access to the internet and their parents have no idea what their children are doing. ''There has been a fundamental failure in parental responsibility. There is neglect mixed with affluence. The parents have no idea their children are heading into so much trouble. And they are becoming younger and younger.''

He says many children are receiving unrealistic sex education through hard-core websites.

''We know that teenagers of 14 and 15 lack the capacity to predict the consequences of their actions and they fail to understand that what they are posting is not private.''

U-Nome party security expert and former policewoman Naomi Oakley says she routinely sees scantily clad and alcohol-affected girls as young as 14 leave parties without a pre-arranged lift home. ''Parents and these children have to understand the dangers.'' She says the party scene is becoming younger as 13 and 14-year-olds ''see it as the cool thing to do''.

Carr-Gregg says parents need to ''shoulder surf'' to see who their children contact on the web.

Last month, British police charged a convicted sex offender after he allegedly confessed to killing a 17-year-old girl he met through Facebook, where he masqueraded as a teenage boy. Peter Chapman, 32, was charged with the murder of trainee nanny Ashleigh Hall, whose body was found dumped in a ditch on farmland near Durham.

Her mother, Andrea, said, ''Tell your kids to be careful on the internet. Don't trust anybody and don't put your children on Facebook or other sites if they are under-age. We have learnt a terrible lesson. We don't want any other child to be a victim.''

Nov 15, 2009

Steps taken to safeguard health IDs

AUSTRALIA's health ministers have committed to restrictions on the use of national health identity numbers, including "effective" privacy arrangements and penalties for misuse, according to a brief communique released late today. Federal and state ministers have agreed to release draft legislation for the healthcare identifiers regime for public consultation ahead of its planned introduction to the federal parliament in the autumn 2010 sittings.

The tight timeframe means responses to the draft will likely be required during the Christmas/school holiday period, testing the resources of many largely voluntary consumer and privacy advocacy groups which have voiced concerns over aspects of the proposals this year.  Under the planned Unique Healthcare Identifier scheme, all patients will be issued with an individual health ID number linked to their existing Medicare number and card; the number, together with a person's name and date of birth, is essential for the accurate matching of health information sent across electronic systems by medical providers such as doctors, hospitals, laboratories and pharmacists.

The intention is to improve patient care and safety across the healthcare system, while the automatic collation of patient data will provide a basis for the creation of personal e-health records.

Nov 14, 2009

Is this monster safe?

There's a story about a grizzled foreign correspondent in Asia who once was taken to task over a taxi fare on an expense report. He defended it as routine, but the accountants pointed out that he'd been reporting from an aircraft carrier at sea on the day in question. Without missing a beat, the correspondent growled, "Well, do you know how big those things are?"

I couldn't help thinking of that joke while in Finland last week, touring Royal Caribbean International's new Oasis of the Seas, a ship that eclipses the U.S. Navy's Nimitz-class supercarriers and will be the world's largest cruise liner when it makes its much-anticipated maiden voyage in December. As I stood on the bow, it didn't seem completely unreasonable to take a taxi to the stern, almost a quarter-mile away. In fact, the meter in a Washington, D.C., cab would charge 25 cents for the distance.

Under construction in the quaint port town of Turku since 2006, the Oasis of the Seas is longer, taller, wider, heavier and more expensive than any other passenger ship ever built.

It's five times the size of the Titanic and more than half again as large as the mammoth Queen Mary 2. A piece of it will have to be retracted just so it can squeeze under a bridge and make it out to the Atlantic. On its 18 decks, a crew of 2,165 will tend to as many as 6,296 paying customers, nearly 45 percent more than the largest cruise ships now operating, the Freedom-class vessels launched by Royal Caribbean three years ago.

But the Oasis of the Seas isn't just a jumbo version of its predecessors. More important than its staggering size is what its designers have done with the extra space: filled it with attractions never before seen on a cruise ship, including an open-air park with trees and hanging gardens, a boardwalk-style area with a merry-go-round, a pool that changes into a stage for high-diving shows and a theater that has booked the Broadway musical "Hairspray."

Nov 12, 2009

'Love Hormone' Also Triggers Jealousy

A researcher at the University of Haifa has discovered that the hormone oxytocin, also known as the "love hormone," can trigger negative emotions such as jealousy as well.

Oxytocin is released naturally in the body during childbirth and when engaging in intimate relations. Participants in a previous experiment who inhaled a synthetic form of the hormone displayed higher levels of altruistic feelings. However, it was also discovered in earlier studies on rodents that the hormone may be linked to higher levels of aggression as well.

"Following the earlier results of experiments with oxytocin, we began to examine the possible use of the hormone as a medication for various disorders, such as autism," explained Dr. Simone Shamay-Tsoory, who led the study. However, "The results of the present study show that the hormone's undesirable effects on behavior must be examined before moving ahead."

The study, published in the professional journal Biological Psychiatry, included 56 subjects, half of whom inhaled the synthetic form of oxytocin in the first session and were given a placebo the second time around. The other 28 participants were given a placebo the first time and the real hormone in the second session.

Following administration of the hormone, each participant was asked to play a game of luck together with another competitor, one who, without their knowledge, was a computer. Sometimes the participant won more money than the other player, sometimes less, creating conditions in which a player could develop feelings of envy or gloating.

The findings showed that participants who inhaled the "love hormone" exhibited higher levels of envy when their opponent won more money and gloated more when they were ahead. But as soon as the game was over, no differences were noted between the participants' emotional levels, indicating that the negative feelings were empowered only during the activity.

Nov 11, 2009

Clean algae biofuel project

Australian scientists are achieving the world's best production rates of oil from algae grown in open saline ponds, taking them a step closer to creating commercial quantities of clean biofuel for the future.

A joint $3.3 million project led by Murdoch University in Perth, Western Australia, and involving the University of Adelaide, now leads world algae biofuel research after more than 12 months of consistent results at both universities.

“It was previously believed impossible to grow large quantities of algae for biofuel in open ponds consistently and without contamination, but we've proven it can be done,” says Project Leader, Professor Michael Borowitzka from Murdoch University.

The project has received $1.89 million funding from the Australian government as part of the Asia-Pacific Partnership on Clean Development and Climate.

“This is the only biofuel project in Australia working simultaneously on all steps in the process of microalgal biofuels production, from microalgae culture, harvesting of the algae and extraction of oil suitable for biofuels production,” Professor Borowitzka says.

Professor Borowitzka says that due to the project’s success, construction of a multimillion-dollar pilot plant to test the whole process on a larger scale will now begin in Karratha in the North-West in January and is expected to be operational by July.

Fight e-waste. ban Facebook!

At a meeting in Perth on 5 November, the nation’s environment ministers endorsed a new National Waste Policy, the first such national framework charting a 10-year vision for resource recovery and waste management.  The policy includes a landmark scheme for recycling computers and televisions, with householders able to drop off used computers and TVs for recycling free of charge, Federal Environment Minister Peter Garrett announced.

“It has been 17 years since these issues were looked at in a national context and we now have a clear path for future action and a huge step up on existing efforts.” The National Waste Policy sets out a comprehensive agenda for national coordinated action on waste across six key areas:

    * Taking responsibility
    * Improving the market
    * Pursuing sustainability
    * Reducing hazard and risk
    * Tailoring solutions
    * Providing the evidence

The Minister said the new approach had been developed in consultation and with the support of industry as well as key non-government organisations and he acknowledged their involvement and support in negotiating these crucial breakthroughs.

Garrett said the first areas of waste targeted for action will be computers and televisions.

New hope for Locker Room Envy

SCIENTISTS in the US have engineered artificial penises in rabbits using cells from the animals to grow tailor-made organs, with some rabbits hopping to it and fathering baby rabbits within months.

Reported online in the current Proceedings of the National Academy of Sciences, researchers say the findings represent one of the most complete replacements of functional penile erectile tissue to date.

Within six weeks of having the lab-grown penises grafted on, the male bunnies were using their new organ to breed like the proverbial, with four of 12 female rabbits falling pregnant.

Co-author of the study Anthony Atala said the findings could one day enable surgeons to reconstruct and restore function to damaged or diseased penile tissue in men. But David Leavesley, a cell biologist from the Queensland University of Technology, said that could still be decades off.

Nov 10, 2009

Obama guts Sarbanes-Oxley Act

It took just five weeks after the WorldCom accounting scandal erupted in 2002 for Congress to pass, and President George W. Bush to sign, the Sarbanes-Oxley Act. That law required public companies to make sure their internal controls against fraud were not full of holes.

It took three more years for Bernard Ebbers, the man who built WorldCom into a giant, to be sentenced to 25 years in prison for his role in the fraud.

Mr. Ebbers will be 85 years old before he is eligible for release from prison. He may be freed, however, before the law is ever enforced on the vast majority of American companies. A Congressional committee voted this week to repeal a crucial part of the law. Other parts are also under attack.

Sarbanes-Oxley was passed, almost unanimously, by a Republican-controlled House and a Democratic-controlled Senate. Now a Democratic Congress is gutting it with the apparent approval of the Obama administration.

The House Financial Services Committee this week approved an amendment to the Investor Protection Act of 2009 — a name George Orwell would appreciate — to allow most companies to never comply with the law, and mandating a study to see whether it would be a good idea to exempt additional ones as well.

Some veterans of past reform efforts were left sputtering with rage. “That the Democratic Party is the vehicle for overturning the most pro-investor legislation in the past 25 years is deeply disturbing,” said Arthur Levitt, a Democrat who was chairman of the Securities and Exchange Commission under President Bill Clinton. “Anyone who votes for this will bear the investors’ mark of Cain.”

Those who favored the amendment saw it differently. They were simply out to help small businesses, which would be burdened by having to report on whether they maintained acceptable financial controls, and to have auditors check on whether those controls did work.

They also suggested that more foreign companies would list their securities in the United States if they were spared that onerous requirement. No one seems to have asked if investors really would benefit from making it easier to invest in companies that fear such an audit.

There are other threats to Sarbanes-Oxley as well.

The law set up a long-overdue system of regulating the accounting industry, which had proved time and again that it was incapable of effective self-regulation. The Public Company Accounting Oversight Board has done a credible job, but a month from now the Supreme Court will hear a case that could drive it out of existence.

The Sarbanes-Oxley law also took steps to reinforce the independence of the Financial Accounting Standards Board, which writes accounting rules in the United States. By giving the board a secure source of financing, legislators said they were protecting it from the threats of the companies that had previously made donations to keep the board functioning.

But this Congress has made clear that independence for the accounting rule writers can go too far — particularly if the rules force banks to reveal the horrid mistakes they previously made.

This year, a subcommittee of the House Financial Services Committee held a hearing at which legislators sought no facts but instead threatened dire action if the chairman of the financial accounting board did not promptly make it easier for banks to ignore market values of the toxic securities they owned. The board caved in, which may be one reason why banks are reporting fewer losses these days.

But the board’s retreat was not enough to satisfy the banks. The American Bankers Association is now pushing Congress to give a new systemic risk regulator — either the Federal Reserve or some panel of regulators — the power to override accounting standards. The view of the bankers is that the financial crisis did not stem from the fact that the banks made lots of bad loans and invested in dubious securities; it was caused by accounting rules that required disclosure when the losses began to mount.

The amendment approved this week dealt with Section 404 of Sarbanes-Oxley, which has become a rallying cry for opponents of regulation. Some Democrats seem to think that passing it will be seen as pro-business, and thus help to protect vulnerable Democrats who in 2008 won seats previously held by Republicans. The sponsor of the amendment, Representative John Adler of New Jersey, is one such legislator.

Section 404 was adopted with little controversy in 2002, and for good reason. It simply mandated that public companies report on the effectiveness of their internal financial controls, and that auditors render an opinion on them.

Since the law already required companies to maintain effective controls — and had done so since 1977 — it seemed unlikely that would increase costs much for any company that was already in compliance. And it was crystal clear that controls either did not exist, or were evaded, at WorldCom and Enron.

Unfortunately, when those Section 404 audits began to be conducted for the largest companies, they were costly. Partly, that was caused by badly designed and overly cautious audits conducted by inexperienced auditors. Experience reduces costs to some extent, and in 2007, the Securities and Exchange Committee and the accounting oversight board adopted reforms to make the audits much less expensive.

The section has never been enforced for most companies. The S.E.C. repeatedly delayed the effective date for companies with market capitalizations under $75 million, as lobbying grew bolder and legislators like Senator John Kerry, the Democratic presidential candidate in 2004, opposed enforcement of the law. Mr. Bush’s last S.E.C. chairman, Christopher Cox, avoided making a decision by ordering one more study that would arrive after he was gone.

That study showed that Section 404 costs had come down significantly, and last month the S.E.C. under its new chairwoman, Mary L. Schapiro, announced that in the middle of 2010 — eight years after the law was passed — all public companies would have to start complying.

It took just one month for the House committee to vote to gut Sarbanes-Oxley. It voted to exempt those companies worth less than $75 million, and asked for a study on whether companies worth less than $250 million should be allowed to stop complying with the law.

In doing so, it turned aside a plea from Ms. Schapiro, whose opinions carry far less importance in this Congress than those of lobbyists who claim to represent small business.

The Supreme Court case, to be heard Dec. 7, is on the somewhat arcane question of whether it was legal for Congress to require that the members of the oversight board be appointed by the S.E.C. rather than by the president or someone directly responsible to him, like the secretary of the Treasury.

If the Supreme Court rules that the board is illegally appointed, Congress could quickly act to save it by changing the appointment process. But who can be confident that this Congress would want to save the reforms of 2002?

Nov 9, 2009

Bug in latest Linux gives untrusted users root access

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

What's more, many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine.

Nov 6, 2009

Vegetal steel: bamboo as eco-friendly building material

Forget steel and concrete. The building material of choice for the 21st century might just be bamboo.

This hollow-stemmed grass isn't just for flimsy tropical huts any more - it's getting outsized attention in the world of serious architecture. From Hawaii to Vietnam, it's used to build everything from luxury homes and holiday resorts to churches and bridges.

Boosters call it "vegetal steel," with clear environmental appeal. Lighter than steel but five times stronger than concrete, bamboo is native to every continent except Europe and Antarctica.

And unlike slow-to-harvest timber, bamboo's woody stalks can shoot up several feet a day, absorbing four times as much world-warming carbon dioxide.

"The relationship to weight and resistance is the best in the world. Anything built with steel, I can do in bamboo faster and just as cheaply," said Colombian architect Simon Velez, who almost single-handedly thrust to the vanguard of design a material previously associated with woven mats and Andean pan pipes.

Velez created the largest bamboo structure ever built: the 55,200-square-foot (5,128 sq. meter) Nomadic Museum, a temporary building that recently debuted in Mexico City and takes up half of the Zocalo, Latin America's largest plaza.

The museum, open until May, is the brainchild of Canadian artist Gregory Colbert, who wanted a monumental structure built entirely of renewable resources to house his tapestry-sized photos of humans interacting in dreamlike sequence with animals.

He turned to Velez, who two decades ago made a simple discovery.

By using small amounts of bolted mortar at the joints - instead of traditional lashing methods with vines or rope - he was able for the first time to fully leverage the natural strength and flexibility of guadua, a thick Colombian bamboo, to build cathedrallike vaults and 28-foot (8.5-meter) cantilever roofs capable of supporting 11 tons.

Curing the stalks with a borax-based solution deterred termites.

He perfected his technique on hundreds of projects, mostly in Colombia but also in Brazil, India and Germany with structures as graceful as they are muscular.

In steamy Girardot, a two-hour drive from his bamboo home in Bogota, the 58-year-old Velez has just completed a prototype of an energy-saving store for French retail giant Carrefour.

The 21,500-square-feet (2,000 sq. meters) structure has a domed roof made of guadua - instead of sun-absorbing metal - that will cut down on air conditioning costs. In Bali, German Joerg Stamm applied the same technique - learned as an apprentice to Velez - in constructing a 160-foot (50-meter) bridge strong enough to hold a truck.

But Velez, the son and grandson of architects who grew up in a Bauhaus-inspired glass house in western Colombia, has little patience for environmentalists now drawn to his work for its planet-saving possibilities.

"I hate environmentalists. Like all fundamentalists, they just want to save the world," he says.

For this iconoclast who designs exclusively in freehand, bamboo is foremost a high-tech material.

Seismic testing of bamboo seems to back his claim. After years developing construction codes for bamboo in his lab in the Netherlands, Jules Janssen was in Costa Rica in 1991 when a deadly 7.7 magnitude earthquake struck. Touring the epicenter hours later, he found every brick and concrete building had collapsed.

"But 20 bamboo structures built there by coincidence held up marvelously. There wasn't a single crack," said Janssen, a civil engineer and expert on bamboo's physical properties.

Nov 4, 2009

Sony Ericsson launches first Android handset, meet the X10

Sony Ericsson has officially launched the Xperia X10, formerly known by the codenames X3 or Rachael. The X10 is the company's first foray into the Android market, but the announcement comes at an odd time, especially with Christmas drawing near.

Sony Ericsson today announced the Xperia X10, a visually stunning phone that has a feature set to match its good looks. The phone isn't set to drop until 2010, however, and this means that potential buyers of Sony Ericsson's current flagship phones, including the Satio and Aino, will now possibly wait until the release of the X10.

Timing aside, what's in the box..? Sony Ericsson has decided to utilize a new touchscreen user interface, which it calls the ‘UX platform’ and will provide “unrivalled” integration of social media, services like Facebook, Myspace and Twitter. The phone also promises to allow users to "truly humanise the way people interact with their phones".

Rikko Sakaguchi, one executive vice president of Sony Ericsson, said in a statement that "With the X10, we are raising the bar we have set ourselves with entertainment-rich phones like Aino and Satio by making communication more fun and playful, multiplying and enriching opportunities to connect.”

The phone comes with a 8.1-megapixel camera with a 18-times digital Zoom, LED Flash and autofocus, WiFi and HSDPA 3G, a 1GHz Qualcomm Snapdragon chipset, A-GPS and will be available in black or white.

The Satio and the Aino that Sakaguchi is referring to are two Symbian-based smartphones that were released internationally last month, but aim at a slightly less upmarket audience compared to the X10, which will be the flagship model in Sony Ericsson's 2010 range of devices. Time will tell if the X10's announcement cannibalizes sales numbers for these other two impressive devices.

The most noteworthy feature of the phone is its “4-inch capacitive touch display” that's capable of showing 854x480 pixels, making the X10 the smartphone with the highest resolution display, by far. For now.

Better the broken Windows than life with the Mac monks

I admit it: I'm a bigot. A hopeless bigot at that: I know my particular prejudice is absurd, but I just can't control it. It's Apple. I don't like Apple products. And the better-designed and more ubiquitous they become, the more I dislike them. I blame the customers. Awful people. Awful. Stop showing me your iPhone. Stop stroking your Macbook. Stop telling me to get one.

Seriously, stop it. I don't care if Mac stuff is better. I don't care if Mac stuff is cool. I don't care if every Mac product comes equipped with a magic button on the side that causes it to piddle gold coins and resurrect the dead and make holographic unicorns dance inside your head. I'm not buying one, so shut up and go home. Go back to your house. I know, you've got an iHouse. The walls are brushed aluminum. There's a glowing Apple logo on the roof. And you love it there. You absolute monster.

Of course, it's safe to assume Mac products are indeed as brilliant as their owners make out. Why else would they spend so much time trying to convert non-believers? They're not getting paid. They simply want to spread their happiness, like religious crusaders.

Consequently, nothing pleases them more than watching a PC owner struggle with a slab of non-Mac machinery. Recently I sat in a room trying to write something on a Sony Vaio PC laptop which seemed to be running a special slow-motion edition of Windows Vista specifically designed to infuriate human beings as much as possible. Trying to get it to do anything was like issuing instructions to a depressed employee over a sluggish satellite feed. When I clicked on an application it spent a small eternity contemplating the philosophical implications of opening it, begrudgingly complying with my request several months later. I called it a bastard and worse. At one point I punched a table.

This drew the attention of two nearby Mac owners. They hovered over and stood beside me, like placid monks.

"Ah: the delights of Vista," said one.

"It really is time you got a Mac," said the other.

"They're just better," sang the first monk.

"You won't regret it," whispered the second.

Leave me alone, I thought. I don't care if you're right. I just want you to die.

I know Windows is awful. Everyone knows Windows is awful. Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it. It's grim, it's slow, everything's badly designed and nothing works properly: using Windows is like living in a communist bloc nation circa 1981. And I wouldn't change it for the world, because I'm an abject bloody idiot and I hate myself, and this is what I deserve: to be sentenced to Windows for life.

That's why Windows works for me. But I'd never recommend it to anybody else, ever. This puts me in line with roughly everybody else in the world. No one has ever earnestly turned to a fellow human being and said, "Hey, have you considered Windows?"

Until now. Microsoft, hell-bent on tackling the conspicuous lack of word-of-mouth recommendation, is encouraging people — real people — to host "Windows 7 launch parties" to celebrate the release of, er, Windows 7.

To assist the party-hosting massive, they've uploaded a series of spectacularly cringeworthy videos to YouTube, in which the four most desperate actors in the world stand around in a kitchen sharing tips on how best to indoctrinate guests in the wonder of Windows. If they were staring straight down the lens reading hints off a card it might be acceptable; instead, they have been instructed to pretend to be friends. The result is the most nauseating display of artificial camaraderie since the horrific Doritos "Friendchips" TV campaign (which caused 50,000 people to kill themselves in 2003, or should have done).

It's so terrible, it induces an entirely new emotion: a blend of vertigo, disgust, anger and embarrassment that I like to call "shitasmia". It not only creates this emotion: it defines it. It's the most shitasmic cultural artefact in history. Watch it for yourself.

Still, bad though it is, I vaguely prefer the clumping, clueless, uncool, crappiness of Microsoft's bland Stepford gang to the creepy assurance of the average Mac evangelist. At least the grinning dildos in the Windows video are fictional, whereas eerie replicant Mac monks really are everywhere, standing over your shoulder in their charcoal pullovers, smirking at your hopelessly inferior OS, knowing they're better than you because they use Mac OS X v10.6 Snow Leopard. I don't care if you're right.

I just want you to die.