Tech Bitch

A staggering 33% of small- to medium-sized enterprises in the UK leave their backup tapes in the office at the end of the day, negating the benefit of backing up their servers, according to a new research report published today by Connect.

Two thirds of businesses (69%) had never tested whether they could retrieve all the information held on their backups. You naughty, naughty people …

The survey was conducted thanks to interviews with IT Managers and Directors at 151 UK companies in a range of industry sectors.

Tell me this. What kind on an idiot would store their backup tapes in their own offices? If there’s a fire, a flood or a burglary, they risk losing both the original data and the backups. Equally surprising is why so many organisations are using backup tapes at all. There are plenty of better and more up-to-date methods that can be used to protect their business critical data and at a similar cost. Stop me now, I could be here all day …

Google has met its match. Analysis of spam by men with machines has shown that 4.6% of all spam originates from Web mail-based services and the proportion of spam from Gmail increased two-fold from 1.3% in January to 2.6% in February, mainly promoting adult-oriented Web sites.Yahoo! Mail was the most abused Web mail service responsible for sending 88.7% of all Web mail-based spam.

Hackers have recently relied on new techniques for evading spam detection which involves computationally solving anti-spam CAPTCHAs, mechanisms designed to eliminate automated sign up tools used by spammers by requiring the user to perform a task that can only be performed by a human.

Once hackers develop a computational method with a 20- to 30% success rate they can use their botnets to create unlimited numbers of accounts on compromised services for spamming and phishing. Yahoo! Mail and Hotmail CAPTCHAs were first broken in July 2007. The increase in spam from Gmail this month may be indicative of similar success.

There are several approaches a spammer can take to defeat a CAPTCHA. Whether they do so using an algorithm, a ‘mechanical turk’ or combination of the two, e-mail providers are feeling the pressure to keep pace but are limited to what a human can realistically solve creating ever more doubt surrounding the long-term effectiveness of the CAPTCHA as a security mechanism for protecting email services from abuse.

Also in February, targeted Trojan attacks increased to approximately 30 per day, an increase of around 200% since the end of 2007. These attacks focus specifically on small numbers of targets in each incident, thus keeping below the radar of the wider security industry. One particular attack this month involved up to 900 targeted Trojans, primarily intended for named senior business executives worldwide, and made use of multiple attack vectors including compromised websites and malicious downloads.

It’s obvious online shifties are going to greater lengths than ever before to reach their targets. Not only are we seeing a significant increase in the number of targeted Trojan attacks, but they often appear to be based on prior intelligence gathered about their targets. At the same time though, more and more businesses are protecting themselves against potential threats by only allowing employees to access pre-approved Web sites.

In fact, there’s an increase in the number of Web sites blocked by businesses because they did not fall within an allowed list, rising by 12.9% from last month. By blocking unclassified Web sites, businesses can safeguard themselves against both new and existing potential threats. This is especially true of those Web sites which appear and disappear within 24 to 48 hours which are often used for phishing, spam, Trojans and other fraudulent activities. In fact, 62.2% of all Web-based viruses and 82.5% of all spyware and adware were from this kind of Web site.

The Storm botnet has also continued to be a significant force in driving spam in February. For the first time it has been used to send spam touting VXPL, a drug promising male sex organ enlargement (don’t bother, I’ve tried it and it doesn’t work -Ed!), and nicotine patches, likely tapping into a seasonal increase in smokers trying to quit. At the same time, there was an increase of activity from Storm to further compromise computers, making up more than 96% of this month’s email-borne malware linking to malicious sites.

Details of around 5000 of MTV Networks’ staff, including their names, dates of birth, social security numbers and even their salaries, have been compromised, the firm’s parent company, Viacom, has revealed. That’ll teach ‘em for spending too much time with those shifty hoodies.

As news of the potentially serious identity theft incident broke over the weekend, the incident could have been avoided had the company used database encryption on its personnel files.

Precise details of how the data was accessed have yet to be revealed, or whether the illegal access occurred as the result of an internal or external intrusion. Despite this, the simple message to IT people is to make sure you encrypt the human resources information files.

Using a data vault approach to HR files is a given in the modern world of employment, as companies owe a clear duty of care to their staff which, if they fail to meet, renders them liable to litigation, both by the relevant authorities and the staff themselves.

Perhaps worse there is the potential damage to a company’s reputation when something like this happens. The depth of the fallout will become clear as further details of the apparent IT security faux pas are revealed in due course. Come on people, get a grip …

Finally, an interesting GPS news piece. A new GPS tour guide that alerts you to Britain’s greatest historical sites as you drive near them should liven journeys up a bit. Invented by history buff Daniel Taylor, the RoadTour software works with Global Positioning (GPS) equipment to trigger audio commentary and pictures of 600 key attractions, including castles, stately homes and battlefields.

The software (£19.95) responds to satellite prompts as cars approach places of historical interest throughout the UK, delivering information narrated by a hot friendly female voice through the SatNav. It means you will no longer have an excuse for being an ignoramus.

Get this: new research commissioned by RoadTour shows that a quarter of people think Leeds Castle is in Yorkshire, rather than Kent, one in ten that the Romans built the A1 and 10% of 18-24-year-olds that Stonehenge is in Norfolk. A further 38% of all those questioned by YouGov believe that Hadrians Wall is in Scotland, not England.

Five years in the making, this invention fulfils Daniel Taylor’s passion for history and his desire to help Britons as well as tourists use technology to get the most out of our heritage. Ironically, GPS technology has perhaps until now put us out of touch with roadmaps and chance discoveries en route. For the dunces, there’s at least one picture of each place.

Any introduction of new legislation brings conflicting views and the WEEE Directive is no exception. For some it’s a threat - a change to the status quo which might mean extra work and investment.

Other organisations view the WEEE Directive as a welcomed change, a time to innovate and develop new services. While both sides, despite their views, try to comply with the introduction of the WEEE Directive, there is a third group - the ‘cowboy operators’ - who have quickly spotted how to make an easy buck by operating outside the rulings and at the expense of the industry’s reputation.

While many businesses across the UK struggle to get to grips with the WEEE Directive and make sure they are compliant with the rules it seems that one group which operates outside the industry is already ahead of the game. Just months after the legislation came into force, ‘cowboy’ operators’ have already found loopholes in the ruling that they are exploiting to the full.

While the export of untreated WEEE material is not illegal between EU members, according to the Legislation, it should not be shipped outside the European Union (EU) or OECD without prior sortation as it is untreated waste likely to contain hazardous items.

But already there is evidence of the illegal exportation of untreated WEEE. Unscrupulous operators are exporting untreated electronic equipment as bona fide electronic equipment for re-use. This means it can be exported outside the EU in the same manner that computers, which have reached the end of their useful lives in the EU but can still be used, are sent to developing nations such as Sierra Leone and Ghana.

The majority of illegal exports are made by a small number of traders who are hard to trace even though the streams, patterns, business models and end destinations are well known. Due to this, statistics are hard to come by and the growing problem isn’t highlighted in the way it should be.

Indeed, it is estimated has found that 500 containers arrive in Lagos, Nigeria each month with waste electrical materials. Around half of those containers come from the EU carrying brown waste from virtually every well known brand and two thirds of the imported computer equipment which arrives in the country is no better than junk. Operations have now been set-up in these countries and they do salvage some of this junk but often dispose of the majority of the equipment via non-environmentally sound methods.

Therefore, it’s no surprise that ‘cowboys’ are already finding ways around the legislation and steps have to be taken to eradicate this practice. Enforcement of the new Directive in the EU is far from efficient with no real cross border implementation, standards and cooperation. This has to be stepped up straight away. If enforcers act quickly, recognise the problem and thrash out a set of rules for everyone to adhere to, then the loopholes will be closed quickly before real damage can be done.

This will be a tall order to achieve with nothing uniform for countries to adhere to. Each country has its own domestic responsibilities and enforcement schemes but this just adds to the confusion, as each country will have its own interpretation of the ruling.

An obligation to test and register WEEE at the start of the export process should also be implemented across the EU. Already, the Environment Agency has started to do this to ensure that equipment being exported for re-use has been tested in order to prove its validity as a working piece of electrical equipment. It will also help verify the end destination which is sometimes hard to tie down.

Consistency of resource is another area that needs to be addressed. One EU member has only dedicated 200 man hours per year to enforcing the rules on the export of illegal WEEE. This is not enough and will surely affect the ability to conduct proper inspections. Therefore, countries must assign more capacity and man power to tackle what is a growing problem.

Finally, the communication and co-operation process needs to be vastly improved, both across international borders and amongst different parties domestically. In many countries, such as the UK, the detection and enforcement role is handled by a number of Government agencies such as the police, customs and port authorities.

If the communication process between these parties isn’t what it should be, and they are not talking to their international equivalents, then the loopholes will gradually grow and failings will appear, making it easier for the ‘cowboys’ to operate illegally at the expense of the industry.

We cannot allow that to happen. The business world can’t sit by and let the actions of a few tarnish its credibility and damage its reputation and the hard work and investment of companies committed to complying with the regulations. By uniting and working with each other, co-operating with the legislators and enforcers across the EU, we can ensure that the ‘cowboy’ operators are squeezed out and put out of business.

Graham Davy always recycles his Corn Flakes boxes

According to data gathered at Panda Security’s the Infected or Not Web site, the NaviPromo adware has been the most active malicious code this week.

Adware is annoying malware designed to show unwanted advertising while we browse the Net. Some adware can, of course, also spy on our surfing habits. This type of malware occupies nine spots in the top ten most prevalent malicious codes this week. The only exception is the Virtumonde spyware, which takes second place.

Top 10:

1. Adware/NaviPromo
2. Spyware/Virtumonde
3. Adware/OnlineAddon
4. Adware/VideoAddon
5. Adware/SecurityError
6. Adware/Zango
7. Adware/Lop
8. Adware/PurityScan
9. Adware/SaveNow
10. Adware/Gator

Keylogger.DB exploits a vulnerability in Access, Microsoft’s Access database application. This Trojan is designed to capture key strokes so that it can get any information entered by the user on Web pages.

The Banker.KTG Trojan spreads by using social engineering techniques.In this case, the bait is a link to a video that users receive via e-mail. If you try to play the video, a message is displayed informing you that you need to download a video codec to view it. However if you do it, you will actually be downloading a copy of the Nabload.DCH Trojan onto your computer.

Banker.KTG is designed to steal information entered through virtual keyboards, one the security measures implemented by many online banks. This Trojan spreads in a similar way to Orkut.AT, a Trojan which uses the Orkut social network to reach victims.

The MonaRona.A Trojan also uses social engineering techniques to spread, in this case, by offering users the possibility of downloading the Unigray application. Once it has reached the computer, the Trojan displays a warning message identifying itself as a virus that has been created to protest against human right violation. This malware has been designed to carry out malicious actions like disabling the Task Manager or end processes belonging to certain applications.

Finally, a number of junk e-mails announcing Fidel Castro’s death have been used to distribute the FakeDeath.A worm. This e-mail contain a link to a video. If you click the link, you will become infected. The worm downloads multiple copies of itself to P2P application shared folders and creates a key in the Registry Windows to ensure it is run every time the system is started up.

The tipping point for widespread adoption of business mobility is upon us, and it will take new levels of performance, greater functionality and interoperability, and broad access to mobility solutions beyond the executive suite for customers and operators to realise the benefits of anytime, anywhere productivity and collaboration. Now is the time for business users to demand a new standard of intelligent business devices.

Designed exclusively for working titans, Nokia’s outrageously expensive E90 Communicator (£625) forms part of the company’s second wave of E-Series devices (there’s actually been eleven Communicators released over the last 10 years). Each E-Series device features a combination of relatively advanced technologies designed to enhance the way business users experience work in a mobile world, by allowing faster and better quality access to important information for greater collaboration and productivity.

Nokia’s E90 Communicator (132×57x20mm, 210g) is a brick compared to a regular mobile phone (even Apple’s iPhone), but it’s one of the most capable business devices in its class. Based on Symbian OS 9.3 (the latest release is version 9.5) and the S60 3rd Edition platform, the latest technologies at the core of the device bring business necessities and personal amenities to the hands of those looking for office autonomy. Fast and inexpensive connections over WLAN and HSDPA-enhanced 3G (up to 3.6Mbit/s) accelerate the mobile use of data- and transmission-rich applications, and integrated GPS helps finding routes and locating services.

Plus, two displays mean you can operate the phone however you wish - the inner active matrix colour display (800×352 pixels) is used for serious messaging, while the outer colour display (240×320 pixels) provides quick navigating of the phone’s most frequently used features. The E90 Communicator is also equipped with an FM radio, music player, video player and two cameras - a 3.2-Megapixel autofocus camera with flash and a second front-facing camera for videoconferencing (up to VGA at 30fps).

More important is its support for the most popular e-mail and business voice solutions, plus its ability to operate across different continents using quadband GSM (850/900/1800/1900MHz) and 3G network frequencies, in addition to broadband data connectivity with 3G WCDMA and WLAN. It supports POP3, IMAP4, and SMTP messaging protocols, as well as the ability to view, open, and edit e-mail attachments with Quickoffice (documents, spreadsheets, and presentations), create and open ZIP files, and read PDF files. There’s also a text-to-speech message reader.

Voice features include voice dialling, voice commands for menu short cuts, keypad lock, and profiles, as well as voice recording for making notes or recording conversations. Internet Call release 2.1 lets you make VoIP (Voice over IP) calls, there’s an integrated hands-free speaker for conference calling (or giving your arms a rest!), and Push to talk (PoC) is also supported.

Other key specifications include up to 128MB free memory for user data and applications, extendible up to 4GB with a microSD memory card, 802.11b/g, USB 2.0 port, Bluetooth, 2.5mm Nokia audio connector with ECI, and an infrared port. Nokia claims up to 5.8 hours GSM talktime, or up to 14 days standby from the fully-charged 1500mAh Lithium-ion battery (BP-4L). Despite the GPS aerial, the device does not come with pre-stored maps for UK roads. Instead, you get Nokia’s own Maps service, which allows you to download (using Wi-Fi or a 3G link) the cartography that you want for the part of the world that you are in or are travelling to.

Nokia’s E90 Communicator is bulky and butt ugly compared to most shiny handsets on the market today, but its no-nonsense features list makes it the easiest and most effective solution for business professionals to get mobilised. The keyboard is a joy to use, the device sits nicely on a flat surface, and the widescreen display makes browsing the Web and working with office documents a whole lot easier than other smartphones. Since the E90 Communicator’s Web browser shares similar code-base as Apple’s iPhone Safari browser, most iPhone Web Applications are accessible through the E90 Communicator’s browser as well.

Though it is pitched squarely at heavy SMS/MMS and e-mail users, the E90 Communicator is limited in significant ways compared to Windows Mobile 6 devices. Most noticeable, the device does not have native support for common HTML e-mail, nor does the supplied Microsoft Exchange client, Mail for Exchange, support folders. This means that you cannot access ‘Sent’ items created on other Exchange clients, or sort e-mail into folders.

However, it is the first device of its type to support the Blackberry Connect Version 4 software. Overall the E90 is a fantastic smartphone if you prefer its form factor over Nokia’s also excellent E61i. Its size and styling won’t appeal to consumers, but for no-fuss business users needing to stay in touch with the office and customers, it can’t be beaten. [9]

One of the defining characteristics of the Web 2.0 generation of consumers who buy goods and socialise online is their demand for mobile and entertainment services that are linked to their lifestyle and individual preferences.This new generation of consumers - the fastest growing market for revenue rich mobile data services - are increasingly impatient and fickle individuals who are notoriously prone to switching network providers as frequently as they do phones.

Many operators, however, are struggling to deliver new dynamic services at the speed at which the market now requires. Converged services operators are looking to launch anywhere from 20 to 40 or more product offers and packages every few months. Reliance on traditional, labour-intensive methods for defining, managing and launching new products is no longer tenable if operators want to meet their objectives of delivering the right offer to the right customer at the right time.

As timing and targeting, together with speed of deployment, are proving critical in winning consumers’ business, operators need to adopt more agile and innovative ways of managing the ‘product idea to product launch’ process. Improving the speed and efficiency with which they introduce new, more complex converged services offerings is essential if they are to survive in this increasingly fierce competitive market.

Lacking the right tools and technology to support the product management process could severely hinder efforts to win and retain young consumers. Operators will need to overcome this challenge if they are to efficiently and quickly provide a tailored mix of services to their consumers.

For operators looking to build profit and increase market share, capturing the loyalty of the ‘i-generation’ is vital. These consumers - born in the 70s, 80s and 90s - consume a dynamic mix of entertainment and communication services - downloading music, TV and games to their mobile and subscribing to bundles of VoD and cable services, from the provider best suited to meet their changing needs.

The significance of their spending power was highlighted in a recent report of young Europeans, which revealed that half of those aged between 15 and 18 use revenue rich mobile multimedia services compared to just 17% of 35 and 44 year olds. They are also significant for the spending power they will wield in the future: today’s 15 year-old gamer is tomorrow’s multi-media communication services subscriber, who will expect an ‘on-demand’ mix of services.

The rules by which these consumers can be targeted are also shifting. Today’s consumer can be defined by a number of different roles and interests; employee, supporter of a football team, fan of action films or of a particular pop group. Accordingly, they expect to receive a mix of quality, personalised services that recognise their lifestyle and overlapping roles.

For operators, it’s the ultimate exercise in customer segmentation, and, with consumers expectations rising, the challenge of defining and rolling out new products in order to stay competitive and differentiate themselves has to be addressed now.

A number of operators are now recognising the need to more aggressively market highly tailored, product offerings of converged, broadband, mobile and entertainment services, and are already facing the challenge of coming up with new products and packages on a weekly basis in some cases. Eventually, service providers will need to be capable of putting up product and service package offerings that may only last a few days, or even hours.

The reality, however is that few operators have the systems and processes in place to be able to do this. Surprisingly, the current methods used to define and deliver products means that there is a lot of hit and miss in the approach and reliance on ad hoc, manual processes such as spreadsheets and word documents which can seriously delay product launches. Furthermore, product definition and management processes are not integrated into the core operational processes and systems of the service provider.

In many cases, product and marketing managers are now managing a product and service portfolio that often spans thousands of items and offer elements. The challenge of compiling and updating a definitive list of available service capabilities, devices, content and merchandise from which product managers can define product offerings - on a scale such as this - is formidable. The process can be tedious and time-consuming involving working out service combinations on paper, and manually repeating the bundle requirements, constraints and dependencies.

My own research suggests there are significant inefficiencies in the way in which operators launch new products. All too often, they are working in silos with no unified overview of product offerings, hampered by poor internal communications between business units and legacy infrastructures which prohibit their ability to get a full view of the relevant product and service assets.

From research carried out last year, the time from design to launch of a medium complexity product could be anywhere between three to 18 months with up to 300 people involved in the process, across divisions and functions, including planners, product managers, service designers and analysts. Lead times such as these will simply not be sustainable in today’s fast-moving multimedia/content-driven market.

The message then for operators is clear; adapt to survive. Developing more standardised approaches to product lifecycle management, by streamlining and simplifying the collaboration of cross-functional teams and automating processes across the organisation is essential. Operators need to become more innovative and agile in the way they combine underlying network and service capabilities into offerings and packages, and need to integrate their product realisation and management processes into their operational systems and processes.

Focussed and purpose-built Product Lifecycle Management (PLM) solutions are now emerging in the market. They can enable operators to significantly reduce time-to-market and cost-to-market for new products. Although the PLM discipline is not new, its application to the telecoms market brings a fresh approach. This software effectively automates the product management and product catalogue update process allowing operators to speed-up and simplify their new product introduction processes.

These systems provide a central definition environment and source of information on products and services which all relevant teams and systems can access - invaluable for teams working on products which cut across business divisions that must collaborate on creating new offerings. These PLM solutions also simplify creation of product bundles constructed from external supplier services/content, such as a package linked to a sporting event like next year’s Olympics, which would comprise a mix of content, wallpaper, ringtones and merchandise sourced externally.

This is a rapid-response, customer-focussed mode of operation which will allow teams and business units to manage and deploy a catalogue of product offerings, including new or updated feature attributes and pricing elements within weeks if not days. To capture and retain the youth market, speed and choice are everything. Moving to a more product-based, consumer focussed  business model will enable operators to design and launch new services or products, matched to changing individual needs, as quickly and efficiently as possible.

Written by Yogen Patel, who has admitted his phone bill is offensive.

Young recruits to the UK workforce are highly confident of their IT skillz, but new research suggests employees couldn’t give a toss.

According to a poll by database firm FileMaker, 82% of school leavers are assured at using general IT skills and 85% said they know how to create a PowerPoint presentation, yet only 39% stated that they had used the application at work.

It seems many employees are not only IT literate but can use their skills in a business- orientated environment. This generation has grown up IT savvy and educators have done a good job ensuring that they have the skills to take into the workplace, so businesses better wise up and tap into the knowledge and enthusiasm the kids have to offer.

Companies should check skill levels to see exactly where new recruits’ capabilities are and how to use them effectively. Seeing PowerPoint or Excel on a CV is not good enough. To slot new staff into exactly the right level, employers need to test and verify IT skills first, so easily done in just 40 minutes online. Employers can then see immediately if training is adequate, or more is necessary.

Sneaky Microsoft. At MIX08, Microsoft’s Web designer and developer conference, the company unveiled the beta release of Internet Explorer 8, plus some other boring stuff like Silverlight 2 and Expression Studio 2.

Dean Hachamovitch, general manager of the Internet Explorer team, demonstrated the latest version of the world’s crappiest most popular browser.

In Beta 1, it allegedly delivers significantly improved standards support and developer platform investments with enhanced user experiences. MS suits also said it increases interoperability, offers developers better predictability when designing sites, and will feature full support for cascading style sheet (CSS) 2.1 at release to manufacturing.

Internet Explorer 8 Beta 1 includes integrated developer tools to quickly debug HTML, CSS and scripts in a visual environment. Two new features, Activities and WebSlices, will enable developers to reach beyond the page and introduce news ways for users to stay connected to the content and services of their choice. Internet Explorer 8 Beta 1 is available for download.