September 2001

Real World
Web-wide World
Wired World
Wireless World
Hard World
Soft World

Real World

  • The main news of the month has been, of course, the terrorist attacks in the US. A good resource for news and relief fund donations is (at the time of writing) Google's news page: http://www.google.com/news/. With the threat of military action in Afghanistan causing massive internal displacement of people, the United Nations High Commissioner for Refugees (UNHCR) is also appealing for funds: see: https://www.usaforunhcr.org/donations/secure/afghan.html.

    In the aftermath of the terrorist actions, various claims have been made about the role played by the Internet both before and after the events. Some relate to the way the Internet was utilised in response to the events. Others relate to the issue of how, if at all, the Internet was used in the terrorists' organisations, and what lessons should be learned from this.

    One thing that happened in the hours immediately following the disaster was that most of the major news sites quickly fell over under the weight of requests. This has been portrayed by some as a failure on the part of these sites, and it does show up the advantages of traditional broadcast media in reaching mass audiences. On the other hand, most of these sites did manage to get on their feet fairly quickly, in some cases after moving to a text-only format.

    If the immediate response of the web was patchy, however, email did rather better. Because the World Trade Center held lots of wireless telecom equipment, many of the mobile phones in New York ceased to work after they came down. But those unhurt by the tragedy were able to send out quick mass emails to anxious friends and colleagues over the still functioning landlines.

    In the days following the disaster, the Internet showed both the benefits and disadvantages of giving more communicative powers to the masses. On the positive side were the disaster relief sites, and the sites carrying details of missing persons. On the negative side were the inevitable enraged diatribes against Islam, and the emails claiming that Nostradamus predicted it all.

    The issue about whether the terrorists made use of the Internet in planning their crimes is more cloudy. The security services' initial claims were that the terrorist networks were hard to pick up with standard signals intelligence measures, because they relied upon such low-tech means as face-to-face contact. On the other hand, the possibility that the terrorists used cryptography to hide their communications has now been fuelling political calls for further restrictions on strong encryption. The following examples illustrate the hysteria that is being generated in relation to this latter point.

    Firstly, the military historian John Keegan wrote a rather crazed piece in the Daily Telegraph claiming that "[Washington] will have to forbid internet providers to allow the transmission of encrypted messages ... and close down any provider that refuses to comply." Luckily this is probably impossible in practice, as it would mean - for a start - an abrupt end to most e-business.

    Secondly, the Foreign Secretary Jack Straw has raised the possibility of a return to generally discredited key-escrow plans, saying that these plans were defeated by Radio-4 type liberals who should now recognise that they had been 'naive in retrospect'.

    Thirdly, Phil Zimmerman - the inventor of Pretty Good Privacy (PGP), which brings strong encryption to the masses - was blatantly misrepresented in the Washington Post as feeling grief about introducing it. Zimmerman has responded by pointing out that the grief he feels is for the victims of the attacks, rather than his introduction of PGP. See http://slashdot.org/interviews/01/09/24/162236.shtml for Zimmerman's latest statement on the 'misunderstanding'.

    The debate over encryption is set to continue, along with parallel issues about identity cards, face-recognition technology, etc., which pose questions about the extent of our civil liberties. As military engagement now looks increasingly likely, we can only hope that we'll be around to cover these issues in future months, and that there will be other people around to read them.
  • Employees persist in treating their emails as though they were a private forum for gossip, rather than as fairly permanent and official matters of record. The latest example is a case reported by the Independent newspaper, in which following the resignation of their secretary, one London lawyer wrote to another:

    "Can we go for a real fit busty blonde this time? She can't be any more trouble and at least it would provide some entertainment!"

    Unfortunately the - black, female - secretary accidentally saw a copy of this message, and is now suing the author on the grounds of sexual and racial discrimination. Whatever the merits of the case - and they do seem to be a little shaky - it does point up the advantages of keeping office gossip to chats around the watercooler.

    (For details of training on good practice in email use, covering legal requirements, email policies, coping with spam, etc., send an enquiry to gavin@softsteel.co.uk).
  • On September 3rd, Hewlett-Packard (HP) and Compaq announced a merger to form a new company on a par with IBM in terms of gross income. Reaction to the merger has been mixed, with the majority of commentators being somewhat pessimistic.

Web-Wide World

  • E-books are electronic copies of books that you need special software to read (you may be aware of the ongoing hoo-ha over Dmitry Skylarov, arrested in the US for being one of a team that broke the encryption on the Adobe format). You can view the books on a PC screen (but it's a fairly uncomfortable experience); or you can buy a piece of dedicated hardware as a reader (but they're fairly expensive - see http://12.108.175.91/ebookweb/ for more information)

    However, both Penguin (http://www.penguin.co.uk) and WHSmith (http://www.whsmith.co.uk) have now announced that they are to make much of their back catalogue available as ebooks. Hopefully this will stimulate interest in ebooks, and encourage the manufacturers of ebook readers to drop their prices.
  • An article on the Platform for Privacy Preferences Project (P3P) is currently being written, but is not finished as this newsletter goes to press. It will soon go up on our website, and the details will be carried in the next newsletter.
  • Researchers at MIT have developed client-side software that runs in a website and tracks the movements of your mouse. The research team claims that from the data it can gather information about what parts of the site you are reading, whether you are considering clicking on a particular link, etc. They're not the first to develop such software, but they may be the first to have it hyped in such a breathless way by a BBC website (see: http://news.bbc.co.uk/hi/english/sci/tech/newsid_1528000/1528426.stm). According to the report, the software could enable the website to present a more 'personal experience' for the user, but what it's clearly designed to do is to extract information useful to marketeers whilst hiding the information gathering from users.
  • According to British chess grandmaster Nigel Short, the reclusive and eccentric chess genius Bobby Fischer is actively playing chess online. Short was apparently approached by an intermediary offering a match with a "a very strong chess player ... who wishes to preserve his anonymity." Taking up the challenge, Short was then comprehensively thrashed in eight three-minute games.

    What convinced Short that his opponent was Fischer was partly their between-match chat, but also the fact that his opponent's openings were crazily unorthodox though ultimately successful. (Although, since the author of this piece is also regularly beaten by players who use unorthodox tactics, it seems that Fischer may be fairly ubiquitous on the web, and engaged in a range of games from Pontoon to Scrabble).
  • A study of the number of secure connections on ecommerce sites showed that they increased in the last quarter in the UK from 4.41 million to 4.96 million. As this figure is an indication of increased trade over the Internet, it seems that UK e-commerce is continuing to grow despite the current fears of global recession. At the same time, however, another survey has reportedly found that too many online shops are ripping off customers (although since even just one would be too many, it's hard to know what to make of this report).

Wired World

  • Internet users are being persuaded in a number of different ways to invest in broadband connections. After BT cut the cost of its wholesale service by five pounds to 30 pounds / month, a number of ISPs (but not, for some reason, BT openworld), have passed on the savings to their customers. Furthermore, both Telewest and BT have been running special offers on broadband installation.

    Business users in the Midlands have been particularly blessed, since a project developed by Coventry University has seven million pounds to give away as subsidies for broadband access for SMEs in Coventry and Warwickshire.

    If this is a carrot enticing people towards broadband, however, BT is also showing that it is capable of wielding the stick. About 200 BT customers using their 'Anytime' service have been expelled for excessive use. These customers were clearly confused by the terribly ambiguous advertising on the openworld website, which reads "Anytime... surf whenever you like, as often as you like with no internet call charges.".
  • The European Union has released a report claiming that the so-called 'Echelon' spying network does in fact exist, and should be brought under control. Echelon is the "global system for the interception of private and commercial communications systems" long supposed to be run by the US along with the UK and other Commonwealth countries. It's not clear how authoritative the EU's information is, but if you want to make up your own mind, their 142-page report is available here: http://www2.europarl.eu.int/omk/OM-Europarl?PROG=REPORT&L=EN&PUBREF=-//EP//TEXT+REPORT+A5-2001-0264+0+NOT+SGML+V0//EN&LEVEL=2
  • This month's celebrity virus was Nimda, which takes note of the basic rule of virus writing - make sure that they get given a memorable name. Unfortunately, Nimda is memorable for more than its name - it's one of the nastiest beasties around, attacking Microsoft products in a range of sophisticated ways.

    When Nimda is on your system, it doesn't in itself do any harm. But it does enable an outsider to take over your system at will and run arbitrary code on it. What's impressive about Nimda, however, is the variety of ways in which it propagates itself.

    The first way Nimda breeds is as a standard virus - passed as an email attachment for the usual sapheads to click on. The second way is by scanning over the Internet for 'open shares' (directories which users have left open for general upload, usually by mistake). The third way is by compromising web servers that are unpatched against old attacks, or else have backdoors in them left over from other attacks (like those left by Code Red). The fourth - and most disturbing way - is by taking advantage of a problem with Internet Explorer 5.01 and 5.5, which means that Nimda may download itself from an infected webserver to your computer *simply by your browsing to a page on that server*.

    As if that wasn't enough, Nimda will also hide itself in executable files on your machine. Oh, and when it passes itself by email it can change the subject line and the name of the attachment. And also alter the size of the attachment so that it's harder to pick up.

    If you're using unpatched versions of Internet Explorer 5.01 (not Service Pack 2) or 5.5, we strongly recommend that you install the patches available at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-027.asp. These plug a number of weaknesses in addition to the one which allows Nimda to crawl into your machine from a web page (note: you may have to install Service Packs before installing the patches themselves.)

    On a similar theme, it is interesting to note that a tool has been created which attempts to fight back against infected machines. In essence, this consists of a computer whose only job is to listen for the kinds of scans that worms like Nimda and Code Red perform, and then attack the scanning computer with a Denial of Service (DOS) attack. More information about this tool - called Labrea - is available at http://hts.dshield.org/LaBrea/.
  • There was a significant announcement this month by Sun, introducing their answer to Microsoft's Passport application. Unfortunately this seems to be going under the name of the 'Liberty Alliance Project', but they may be able to come up with something snappier anon.

    To recap: MS Passport is an answer to the general problem of having to authenticate to lots of different sites on the Internet. Instead of continually giving your details to lots of different Internet sites, you just tell them once to the Passport server, and then grant different sites limited rights to ask the Passport server for these details.

    The thing is, though, if Microsoft was the only company offering a Passport-style service, and it was used by lots of sites, this would give Microsoft enormous commercial power. As Sun (no friend of Microsoft) puts it: "This scenario will lead to the first toll booths on the Information Superhighway". Hence Sun's desire to see alternative authentication servers on the Internet. More details of their plans are to be found at: http://www.projectliberty.org/

Wireless World

  • The FT has reported on an internal document drawn up for the flotation of mmO2 (previously BT Wireless). The document suggests what many had been expecting, that the initial 3G wireless services are going to be pretty poor. It warns that the UMTS (third generation) network may not initially be better than existing networks, and that the improved masts and handsets may not be available for some time.
  • Oftel, which is soon to be subsumed by Ofcom, has actually shown some teeth in requiring price cuts by UK mobile operators. In the Oftel report, BT Cellnet and Vodafone in particular are criticised for charging more than one would expect given the market conditions.

Hard World

  • Almost certainly some interesting hardware-type things happened this month, but what with one thing and another, they must have passed us by.

Soft World

  • A tip gleaned from this month's copy of PC Pro. If you are using Microsoft's Windows Update, you should be aware that it only lists the patches relevant to your level of Service Pack. So, for instance, if there is a really useful patch against the latest nasty worm like Nimba, but it requires Service Pack 2 and you've only got Service Pack 1, you don't get to see that patch. Clearly this is a foolish way to present the information, and hopefully Microsoft will soon change things around.

Link Building Information