A blogger in the Republic of Georgia with the username Cyxymu was the victim, according to Facebook’s chief security officer Max Kelly. Large BotNets - compromised machines around the web under the control of hackers - have been used in vendetta attacks for a number of years, and the motive here may have been to silence a single pro-Georgian blogger.

On-line services and business take note: one unpopular user can easily lead to a large scale attack. A response plan needs to be in place ahead of time - alternative data centres and well established contact points for upstream providers and a mechanism for keeping customers/users up to date with issues. The technical barriers to launching a DDoS attack are very low, with large numbers of unpatched machines still on the Internet, and hacker tool kits circulating the web.

The micro-blogging site was brought to a stand-still by  a distributed denial of service attack. Details are still sketchy, Biz Stone, on Twitter’s own blog, says:

We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate.

The service is back up, but the Twitter team are still investigating the attack and access is slow. Twitter has had a series of security incidents of late, the most recent involving a hacker gaining access to internal Twitter documents. As with any company, increased profile means more targeted attacks. It is sounding like time for Twitter to get a CSO in place.

In a follow up email McAffee stated:

“You may have been inadvertently sent information containing registration details from out recent security summit… …This was sent in error and we therefore request that this information be deleted and we sincerely apologise for any inconvenience caused as a result of this.”

Proof that is can happen to anyone. Write once. Check many. As they say…

According to new projections from TeleGeography’s Global Bandwidth Forecast Service, bandwidth requirements will grow 33 percent (CAGR) between 2008 and 2015. At this rate, trans-Atlantic capacity will be exhausted by 2014, and cables providing diversity along geographically unique routes may run out of capacity even sooner.

Just build some more you say. Well, that’s the problem, picking up the thread, Rob Powell writes “Time to Panic in the Atlantic?“:

…When the bubble burst, the dollars it took to build these cables was mostly written off.  The ‘balance’ right now is on an incremental basis, when you add in the costs of actually laying a new cable across the Atlantic the numbers don’t add up.

That isn’t the case for all deep sea cables, as Rob points out, the Pacific is a better way, due to higher prices. Traffic is growing and prices aren’t currently going up, so something will have to give in the next few years. Either technology gets better, demand levels off, or prices will have to go up.

BT Broadband cuts the speed users can watch video services like the BBC iPlayer and YouTube at peak times.  A customer who has signed on to an up to 8 megabit per second (MBPS) package can have speed cut to below 1Mbps. A BT spokesman said the firm managed bandwidth “in order to optimise the experience for all customers”.

Of course, this is very irksome to the BBC, who rely on broadband for users to access their iPlayer catch-up TV service. Traditional ISP networks are build around age old contention ratios and burst rates. Typically users access a web page (a burst of download bandwidth), then read it (which averages the bandwidth back down over time). Giving someone 8MBps for 1 minute out of every 10 is very different than 8MBps for 10 minutes.

iPlayer, more than any other, has changed network demand models. Youtube has too, but less so - average clip lengths on the service are much shorter than watching an hour long TV program.

Ultimately someone is going to have to pay for the extra network costs of the new usage patterns, or the ISPs will have to limit average bandwidths to avoid expensive network upgrades. This is going to add a whole new dimension to the argument over how broadband speeds are advertised. Let the arguments commence…

Last year the FSF filed a copyright infringement lawsuit against Cisco, specifically around the Linksys product range (Linksys is now under the Cisco brand).

We began working with Cisco in 2003 to help them establish a process for complying with our software licenses, and the initial changes were very promising,” explained Brett Smith, licensing compliance engineer at the FSF. “Unfortunately, they never put in the effort that was necessary to finish the process, and now five years later we have still not seen a plan for compliance. As a result, we believe that legal action is the best way to restore the rights we grant to all users of our software.”

Today Cisco and FSF announced that they have settled the case. Cisco has agreed to appoint a Free Software Director to supervise compliance with the requirements of free software licenses such as the GPL (the GNU General Public License). Cisco will also be making a financial contribution to the FSF.

“Mitel’s Series X software provides location independence for employees, enabling a true ability to ‘work where you are.’ This allows organizations to leverage and add value to existing assets to both increase productivity and save money. This is just the tip of the iceberg for Mitel’s software innovation; watch this space for further evolutions of Series X.”

-Stephen Beamish, VP Business Development and Marketing, Mitel

Competition for mobility solutions is intense, with Avaya the most active player The new functionality is activated it by purchasing licenses for individual extensions, a different licensing approach to Avaya. More on the Series X on the Mitel site, including a snazzy video, which is sadly overly long, repetitive and not at all content rich an can be summarised as: “you get one number”.

 We expect this acquisition to be accretive to Oracle’s earnings by at least 15 cents on a non-GAAP basis in the first full year after closing. We estimate that the acquired business will contribute over $1.5 billion to Oracle’s non-GAAP operating profit in the first year, increasing to over $2 billion in the second year. This would make the Sun acquisition more profitable in per share contribution in the first year than we had planned for the acquisitions of BEA, PeopleSoft and Siebel combined.

The deal puts Sun common stock at $9.50 per share in cash, valuing the transaction at approximately $7.4 billion, or $5.6 billion net of Sun’s cash and debt. What happens to MySQL will be interesting to see. Oracle has been spreading far beyond database technology in recent years, stretching into ERP, OSS and a host of other areas. The Sun acquisition will spread their foot print into the open source and operating system arena. It will be interesting to see what they do with it.

The deal brings together Oracle’s database software and MySQL under one roof. It also puts Java in the hands of Oracle. The transaction is subject to stockholder approvals and, if approved, would complete during the summer. More of Larry Ellison’s statment here on the next web.

 

The European Commission has started legal action against Britain over the online advertising technology Phorm. It follows complaints to the EC over how the behavioural advertising service was tested on BT’s broadband network without the consent of users. (via the BBC)

Concern has carried on since the initial trial (see: BT in Trouble or Just a Phorm in a Tea Cup?). However, the EU is obviously looking at this more carefully now:

 

“Technologies like Internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules,” the EU’s Telecoms Commissioner Viviane Reding said in a statement.

She added: “We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of the EU rules on the confidentiality of communications.”

 

For those not familiar, Phorm operates with an opt-out rather than an opt-in policy (like Google’s Street View). These “assume everyone is OK with it” policies are coming under scrutiny as network and application monitoring provides greater visibility into user’s personal data. Something for marketers and IT managers a-like to watch. There is more background in a piece on The Register. , which gives context on the ePrivacy Directive which came into force in 2003.

Nokia Siemens Networks, seeking a bigger foothold in the U.S. market, has offered to buy large pieces of Nortel Networks Corp., including much of its profitable carrier networks unit and a research unit developing a next-generation wireless technology, according to people familiar with the matter. (more in the Wall Street Journal subscription required)

Last year they were neck and neck in the Media Gateway and Softswitch markets. Now it’s not VoIP, it’s investment. Well, I say investment. I mean rescue. The answer to Nortel Where Now? may well be Nokia Siemens for at least some of the business. There are obvious synergies, and it would flesh out both of there product sets, especially in the mobile infrastructure space.

It isn’t clear what that will mean for Nortel’s enterprise customers, but if it helps Nortel get back on their feet, it must be a good thing.

Over the weekend, The Wall Street Journal reported that Sun’s board had rejected a formal offer from the Armonk, N.Y.-based technology giant. Talks had been going on for several weeks and the deal was initially pegged at close to $8 billion.

IBM and Sun spokespeople declined to comment on the developments. But a person familiar with the situation confirmed the talks had broken down.

Analysts are still saying that IBM is Sun’s best bet, but IBM clearly doesn’t see it as right for them. There are certainly other options for Sun. Cisco is moving into the server business. While Sun doesn’t fit the profile of a typical Cisco acquisition, it still must be tempting. Then there’s HP, Oracle and a few others with deep enough pockets.

Of course, it could all be positioning… Time will tell. Either way, a change on the landscape is probably imminent.

However, it isn’t all that straight forward, as a comment on the GigaOM post notes:

“We are on the Beta for Skype-for-asterisk and I discussed the ‘new account’ thing with both Digium and Skype. Bassically the issue is that the EULA for existing skype users states that they may not tell 3rd parties their passwords. The way that the Skype-for-asterisk is constucted you _have_ to tell the PBX admin your skype user-id and password. That’s in direct conflict. So S4A users will have to agree to new terms whatever happens. To ’simplify’ the situation Skype have said that existing personal accounts will not be able migrate to the new user class.

This gives those of us who have our business names registered as skype ids a problem that we won’t be able to use them with S4A. (the VoIP user’s conference has call discussing this with me and Digium’s John Todd - (link) )” Tim Panton

 

So, why should business IT folk worry? Well, it isn’t for the reasons you think. I doubt that Cisco will take it’s eye off of The Enterprise ball, but I think that the Enterprise is going to get a healthy dose of digital media. Dealing with Digital Artefacts is already part of the business mix. Now add video to that.

Yes, this will go into the territory that was Linksys. However, I expect some of the technology to end up in the Enterprise as well.

URL-shortening services such as TinyURL and Bit.ly are becoming popular attack vectors. You may not want to automatically click on the shortened URL after you read this. 

Ok, that bit’s write, but then it starts to go south. Michael says:

• Allow spammers to side step spam filters as domain names like TinyURL are automatically trusted.

“Everything I have that’s on RIM is recorded and retained as RIM. So if they want to have a chat with somebody and it’s not a chat that’s within RIM’s domain, then they may want their own personal device,” she said.

When asked exactly whether it was conversations, rather than just written information she kept tabs on, Bienfait answered: “Everything. I record everything.”

Of course, recording doesn’t protect IPR, it simply enables the business to track down where the leaks came from. Bienfait goes on:

 ”We go take a look at whatever the breach or the leak is and we track it back to who or whatever caused it and we take whatever necessary action.”

RIM certainly has a track record of IPR litigation, quite aside from the Stock Option Backdating issue. A poll on the ZDNet site was split between those who believe that taping all conversations is justified on a companies network, and those that believe it is a privacy violation.

It is worth noting that there are large differences in privacy rules between the US and the UK and rest of Europe. The revelation certainly lit some fires in the blogosphere, and I was thinking the policy would be very problematic in the UK at least…

That was Until… “RIM: We Don’t Record ANY Staff BlackBerry Phone Calls” A statement from RIM:

“RIM does not record employee phone calls. Robin Bienfait’s comments…were intended to describe a capability that exists with RIM’s BlackBerry MVS technology. This technology allows companies to record both voice and data based conversations, which is particularly useful for RIM’s customers in regulated industries that require such ability, but Ms. Bienfait did not intend to suggest that RIM itself records employee phone calls.”

Whoops!

Spotify is a relatively new on-line music service, somewhat in the vein of Last.FM. “Spotify - a world of music. Instant, simple and free” at least that’s what their website would say, if it wasn’t down as I am writing this (it was displaying a WordPress Error). However, that’s not the worst of the news for the folks at Spotify or it’s users, as you can read from “the NEXT web”: BREAKING: Spotify Hacked. If You Are a Member, Read This.

More from that email to Spotify users reads:

Last week we were alerted to a group that managed to compromise our protocols. After investigating we concluded that this group had gained access to information that could allow testing of a very large number of passwords, possibly finding the right one. The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it.

It’s a long time since December the 19th. Spotify obviously choose not to say anything at the time. It would have seemed wise to at least get their users to change their passwords at that point, instead of sitting on the issue.

Today’s email to users goes on:

Along with passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed. Credit card numbers are not 
stored by us and were not at risk.

The issue apparently only affects the accounts created on or before December 19th (I believe the Spotify service was in closed Beta at that point). I say apparently, since the passwords were exposed by interactions between Spotify’s protocols and more standard password hashes, so it probably needs an independent expert eye over it, looking at the security of their protocol. More on the Spotify blog.

For me, the take away here is to be cautious of applications with proprietary protocols. The advantage of more standard protocols is that there are large developer and security communities working with them. That means they get a fair amount of testing and they aren’t dependent on security-by-obscurity.

I looks as if the Digital Britain report may end up being a bit mute, since Ofcom has given the go ahead to release BT from a number of pricing controls (i.e. to let go of anti-monopoly controls). This enables BT to make a business case for VDSL+Fiber roll out in the UK, since it can effectively protect its investment by pricing out competition. 

If you dig through the glossy Peter-and-Jane style intro on the Ofcom site, press on past the “one page summary” and dive in to the 88 page report on delivering super-fast broadband - promoting investment and competition (pdf), you’ll find the follow:

• Copper to fibre transition is deemed unlikely in the short term.
• Balancing investment and competition is being tipped away from competition.

The report makes much of Virgin Media’s hyped 50Mbps service (Shhh… don’t ask what percentage of the population this is currently available to). You might not be sure how Ofcom helped that happen, other than allowing the collapse of the UK cable industry into a single operator, in which case you aren’t alone.

Ofcom proposes the following actions:

• Allow wholesale pricing flexibility to enable returns appropriate to the considerable risks of building new networks, but constrained by the market in the interests of customers;  
• Translation: Remove restrictions on predatory pricing by BT.
• Ensure that any regulatory pricing allows investors the opportunity to earn a rate of return that genuinely reflects the cost of deployment and the associated level of risk; 
• Translation: Protect people who build out networks from any competition.
• Minimise unnecessary inefficiencies in network design and build as a result of regulatory policies, while continuing to protect the consumer interest; 
• Translation: Collapse access networks down to just one operator per technology.
• Support the use of new, more flexible wholesale services by BT to offer super-fast services to other service providers and consumers at competitive prices; and safeguard the opportunity for further competition based on physical infrastructure, by facilitating fair opportunities for companies to synchronise their investments with BT’s deployments, should reasonable demand arise, and encouraging network design that takes future potential competition into account. 
• Translation:  We’ve listened to BT, and are doing what they’ve asked.

Lots of people are getting all wound up and demanding gigabit to the home. That comes from a failure to understand networks and the UK’s infrastructure. There is no point bringing millions of GigaBit connect users back to network exchange points based on 1 Gigabit and 10 Gigabit feeds. Think about it: a few roads worth of users with Gigabit connections would need a 1 Terabit pipe, even for 50:1 contended access. Additionally, unlike Sweden or Korea, we aren’t predominantly housed in easy-to-fibre high-rise, densely packed accommodation. We like our gardens and fields, and that means long distances and a requirement for point to point connections.

Today’s announcement builds on the Universal Service Obligations Shift in the UK. What you are watching is some careful manoeuvring between the regulator (Ofcom) and BT, with Virgin Media (NTL as was) cheering them on. Hopefully, in the interest of broadband consumers, at least in the medium term.

“Open Source has been one of the most significant cultural developments in IT and beyond over the last two decades: it has shown that individuals, working together over the Internet, can create products that rival and sometimes beat those of giant corporations; it has shown how giant corporations themselves, and Governments, can become more innovative, more agile and more cost-effective by building on the fruits of community work; and from its IT base the Open Source movement has given leadership to new thinking about intellectual property rights and the availability of information for re–use by others.”

As well as software, this also applies to government interface standards.  ”ConsultationXML is now Open Source, as announced in this post on theDExtrousweb:

We’re terribly, fantastically pleased to announce that after a bit of wrangling, Steph Gray and I are able to release ConsultationXML as open source software under the GNU Affero license. The recent report on open source software in Government hinted that departments ought to try to release source code for the software they commission, and we’re delighted to be (we think!) the first to do so. [more...]

The thread is picked up in a post on helpful technology, which also provides links to the specifications. I’ve mentioned in a post on the Digital Britain report that this is a great way to stimulate the development of new applications - setting the open source development community loose on (non-sensitive!) UK government data.

Expect to see more open source and open standards on a network near you soon.

TechNet is hosting a session that will cover the Voice Capabilities in Office Communication Server 2007 R2 features on March 11th at 4pm (thanks to Eileen’s blog for the heads up): TechNet OCS Registration here.

Note, that is also the week of the Unified Communication 09 show, I hope to see some of you there!

DSL port shipments on infrastructure equipment fell more than 10 percent in 2008. Within total ports, ADSL port shipments fell almost 20 percent while VDSL port shipments grew 40 percent.

The report predicts this trend will continue in 2009 - larger decline in shipments for ADSL and a higher growth rates for VDSL.

“The market for ADSL infrastructure equipment has matured largely due to subscriber additions peaking in 2006,” said Tam Dell’Oro, President of Dell’Oro Group. “Despite the weak economy that has resulted in cautious spending by service providers, we still expect higher growth for the VDSL segment in 2009, albeit lower than previous expectations. Some service providers including AT&T are upgrading networks with high bandwidth VDSL to enable new revenue streams such as TV over broadband.”

The report shows Alcatel-Lucent as the leader in the VDSL segment in 2008 (because of their deal for AT&T’s U-verse TV service). In second position was ZyXEL, from shipments to Taiwan and Japan.

VDSL promises subscribers very high speeds, but requires short loop lengths, which usually means deploying optical fibre deeper into the telco’s network. Although adoption has been slower in Europe, it will be key for telco’s fighting against the latest generation of super-high speed broadband services from the cable operators. The BBC’s Darren Waters is currently experimenting with a 50Mbps broadband connection. You can read the diary of his experiences on the BBC technology blog.

The GSMA is leading the charge to have a universal charging solution by 2012. This means:

• Reduced costs for chargers (at least potentially).
• Reduced waste, due to re-use of chargers.
• No more running around the office to find a charger for your CEO/MD’s phone.

Vodafone’s global head of content standards, Annie Mullins, told a Westminster eForum event on Wednesday that following food riots at Egyptian government-subsidised bakeries in March 2008, the Egyptian authorities demanded communications data from Vodafone to help identify rioters.

“We’ve had to hand over data on people in Egypt due to the food riots,” said Mullins. “Regulation can be a Trojan horse.”

It is a challenging time for operators - trapped between growing government legislation and increasingly angry users.

The comittee recommended restraint on the use of surveillance and data collection powers, including expanding the responsibility of the Information Commissioner to include monitoring the effects of government and private surveillance.

The UK’s National DNA database came in for mention as being undesirable and costly and the report suggests that the Home Office commission an appraisal of evidence on the effectiveness of CCTV in preventing and investigating crime.

The Internet came in for mention, with suggestion that the Government introduce regulations to deter organisations from connecting computerscontain large amounts of personal information to the internet. A suggestion which may have ramifications for cloud computing based services.

The upcoming Windows 7 release is shifting the debate in a different direction. How do you make the technology more usable? The aim was to have better UAC in Windows 7. Stream-lined and simplified, it would speed the adoption of UAC. However, it doesn’t see to be panning out that way. Over on i Started Something, Long Zheng has picked up some issues: ”Sacrificing security for usability: UAC security flaw in Windows 7 beta”

This is dedicated to every ignorant “tech journalist” who cried wolf about UAC in Windows Vista. A change to User Account Control (UAC) in Windows 7 (beta) to make it “less annoying” inadvertently clears the path for a simple but ingenius override that renders UAC disabled without user interaction. 

…

The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely.

There is a workaround posted, and this is a beta version of code, but it is a gentle reminder of the interplay between usability and security. Easier is not always more secure (neither is harder) - Crack that encryption! (or his head).