Business Internet Community

Miscreants have created a Michael Jackson mass-mailing worm. The malware, which follows a growing list of other hacking attacks in the wake of the superstar’s death last week, claims to offer secret songs and photos of Jackson in an attached zip file. In reality, the emails (which claim to come from sarah@michaeljackson.com) offer only malicious code.

The mass mailing worm – identified by Symantec as Ackantta-F – spreads in messages that typically bear the subject line “Remembering Michael Jackson.”

Ackantta is far from the only item of malware trying to ride on the coat-tails of Michael Jackson’s death.

For example, an executable file posted on counterfeit photo-sharing sites was detected by F-Secure last week. The malware tried to established a backdoor on compromised Windows PCs, as explained here.

Separately, a domain loaded with exploit code – supposedly touting Jackson death conspiracy theories – is actually just an outlet for an exploit tool, Sunbelt Software warns. The malicious domain is being promoted via an enthusiastic spamming campaign.

Mozilla on Tuesday released Firefox 3.5, calling it the best performing version of its popular web browser ever released, offering better JavaScript performance, private browsing, native support for open video and audio, and location aware surfing.

Built through Mozilla’s global, open source development process, Firefox 3.5 is said to be more than two times faster than Firefox 3 and ten times faster than Firefox 2 on complex websites thanks to a new TraceMonkey JavaScript engine. The new version arrives roughly one year after the release of Firefox 3.0, which was also billed as “two to three times faster” than its predecessor.

Firefox 3.5 has undergone “extensive under-the-hood work to support new technologies” that will allow Web developers to create the next generation of Web content, Mozilla says. It also packs a handful of user-oriented features such as:

Open Video and Audio: Supports playback of video and audio content from within the browser, without the need for plugins. Web developers can use these technologies to design pages that interact with video content in new and interesting ways, offering richer interactive experiences beyond controlling playback and volume.

Privacy Controls: Like the “Private Browsing” feature of Apple’s Safari web browser, an identically-named addition to Firefox 3.5 similarly prevents the browser from storing anything related to a browser session once it’s been activated.

Unique to Firefox 3.5, however, is a new Forget this Site feature that removes every trace of a site from a user’s browser. Users who want to remove all private data or activity from the past few hours can also use a Clear Recent History function, which is another Firefox-only feature that offers users more control “over what stays and what goes.”

Location Aware Browsing: Location Aware Browsing is an optional feature that, when enabled, lets websites tap into a user’s location information to find nearby points of interest and return additional, data-like maps of their particular area.

Firefox is currently the world’s second-leading browser with a 22.5% share of the global web browser market. It trails only Microsoft’s Internet Explorer, which maintains 65.5% of the market. Apple’s Safari is distant third with just under 8.5% market share.

OUT-LAW.COM, an online legal information site, has warned that neither regulators nor law protect Net Neutrality (restriction free access to legal online content and services) in the UK, where ISPs are free to block content from those that do not pay them to deliver it.

OUT-LAW Radio investigated whether there was any legal barrier in the UK to an ISP slowing or blocking access to video services, such as the iPlayer or YouTube, and found that there are none. As long as an ISP explains its actions in its Fair Use Policy (FUP) or statements of Terms and Conditions (T&C) then it is permitted to block whatever it likes.

In other words, if your ISP decided that you couldn’t access the YouTube website unless you paid them extra then you would have no choice but to accept. A spokeswoman for telecoms regulator Ofcom said that ISPs all had to abide by its General Conditions, but that these did not specify that all Internet traffic had to be treated equally. Ofcom considered the matter but never reached any conclusions.

A lawyer at consumer protection body Which?’s legal division added that consumers would only have grounds for complaint if a connection was interfered with without notification.

Stephen McGlade of Which? Legal Services:

“The Supply of Goods and Services Act relates to their broadband contract so basically there is an obligation there to provide the service that was previously promised and as described. If there is any situation where the internet connection is reduced in some way obviously one would have to look at the service contract, at the terms and conditions, to see what it says in relation to that service agreement.”

Naturally some degree of traffic management is often necessary, especially on budget priced broadband services, to help balance network load and give everybody a reasonable service. The problem is that the absence of Net Neutrality can also have a darker side, where UK ISPs effectively have the power to censor the entire Internet; not that ‘most’ of them would want to.

Imagine if you were only allowed to view selected websites or content. For example, consider the outcry if the boss of an ISP with a dislike for the BBC decided to block their websites and content. There are clearly some very sensitive political as well as service implications.

It is, in our view, patently absurd for any ISP to suggest that legal content developers should pay them (the ISP) for the delivery of their content. Content is what makes the Internet what it is and, while the costs of bandwidth may not always be cheap, it is ultimately the consumer that has to pay for what they use; just like your gas, water or electricity supply.

The European Commission has called on the US to let the internet’s main governing body become accountable to the whole of the world.

The Internet Corporation for Assigned Names and Numbers (Icann), which is based in California, is responsible for running core internet functions such as the assignment of address space, and the management of top-level domains and the root zone file. Icann performs these tasks on behalf of the US government, under an agreement that will expire on 30 September.

“The Internet Corporation for Assigned Names and Numbers is approaching a historic point in its development,” said information society and media commissioner Viviane Reding in a statement on Thursday. “Will it become a fully independent organisation, accountable to the global internet community? Europeans would expect so, and this is what we will push for. I call on the US to work together with the European Union to achieve this.”

According to the Commission, the EU has nearly 19 percent of the world’s internet users, despite having just over seven percent of the world’s population.

“Internet usage and penetration is now so high, especially in developed countries such as those of the EU, that it has become a critical resource, where any serious disruption in service can have potentially catastrophic effects on society and the economy,” the Commission said.

The Commission praised the private-sector nature of Icann and other, more regional internet administration companies such as Europe’s RIPE NCC, but said the banking crisis had led to a public expectation “that governments will be more proactive than they may have been in the past in defending the public interest”.

Icann should be accountable to the governments of the world, but is currently accountable only to the US government, the Commission said. “The stability and management of the root-zone file is, however, a matter of crucial importance not just to the US government but to all countries of the world,” the Commission said. The root-zone file is a database file that contains much of the information necessary for running the internet’s domain name system.

The Commission also noted that international accountability was essential for bridging the global digital divide.

“The first billion internet users have been largely from the developed world, and the initial governance decisions and structures were, not surprisingly, mostly made by participants from developed countries,” the Commission said. “The next billion users will mostly come from the developing world, however, and their interests must be taken into account in any governance arrangements made for the future.”

The UK government has published the final ‘Digital Britain report’ in an attempt to describe the digital future economy. The 245-page report can be downloaded in full here.

The main key points of the report are as follows:

1. The UK is to have a Universal Service Commitment of 2Mbps (2 Mega bits per second) by 2012, this is to be funded in a number of ways, £200m surplus from the Digital Switch Over Help Scheme, commercial gain through tender contract, contributions from private partners, money from other public sector organisations, consumers themselves by resolving wiring issues in their homes. Additionally the wider coverage obligations placed on mobile broadband providers will help to meet this obligation.
2. The report does not set an minimum speed for upstream or latency, though does suggest that money spent on meeting the USO should be spent in such a way that does not preclude expansion to Next Generation speeds in the future.
3. A 50p per month on fixed copper lines (basically telephone lines, i.e. residential phone lines, business analogue lines, ISDN2 lines and cable telephone lines. This £6 a year will go into the Next Generation Fund, the purpose of which is to fund the roll-out of Next Generation services in the third of the country where at this time commercial operators are saying solutions like fibre are not feasible. A sum of £150m to £170m is expected to be raised per year from the fund, with the aim of connecting most of the final third by 2017.
4. The 50p levy is not part of providing the basic 2Mbps USO.
5. In the area of illegal file sharing the report outlines a proposal to legislate and give Ofcom the a duty in reducing the amount of file sharing over the Internet in the UK. This will comprise of notifying account holders when it appears their account has been used to infringe copyright, and an obligation to keep records so that serious repeat infringers can be identified and thus allow targeted court action against the most damaging breaches of copyright.
6. A code of practice to underline these obligations will be produced, which should set out the processes for rights holders to inform Ofcom.
7. Ofcom will also be provided with additional powers, so that if this warning system does not have a significant impact on illegal file sharing then Ofcom can place additional conditions on broadband providers. For example blocking of sites, port blocking, bandwidth capping, data volume caps, traffic shaping. This measures are only expected to be used if the overall level of illegal file-sharing does not diminish after a 6 month initial period.
8. The report outlines that it plans for the first stages of the warning system will be deemed successful if infringement is reduced by 70% in the first year.
9. Fair use gets a mention, since at present even if you own a copy of an album on CD, ripping it onto your MP3 player is a violation of copyright law. Nothing concrete appears, other than to mention that this area is heavily constrained by the EU copyright framework.

The 50p levy on the telephone line is not likely to be popular and people acceptance will largely be down to whether they feel broadband is a utility and everyone should have a bite at the cherry. In terms of Next Generation services, eight years of £150 amounts to about £1.2 billion, which considering BT has talked of £5bn to do Fibre To The Cabinet to the whole country does not look to be a large enough pot of money.

The Universal Service Obligation looks set to be a slow process, we can expect the creation of a Network Design and Procurement Group in the Autumn, which suggests 2010 at least before people start to see action on the USO. Procurement is almost a dirty word as many people will associate it with long drawn out Government projects that deliver late and are over budget. Hopefully in this case, a lean mean machine can be created also access to information on the USO needs to be straightfoward so that consumers can easily find out which service is available in their area and what speeds it can offer.

Martha Lane Fox appears to have gained a figurehead role, as Champion for Digital Inclusion, forming part of the reports aim to drive forward Digital Inclusion and convince people that going online is worthwhile. The appointment seems somewhat odd, a more well known respected UK figure might have been more appropriate.

Overall its hard to say the report has been a waste of time, since the USO is better than most other countries, but at the same time the overall ambition is clearly still led by the commercial operators, with the Governments role being one of filling in the holes around the edges. Whether the new role for Ofcom will succeed is hard to know, and there is no guarantee that reducing the amount of unlawful file sharing will lead to an increase in sales, and if some surveys are to be believed it may for some content lead to a reduction in sales.

So the message now is clear, if you want ultra fast broadband, i.e. something over 8Meg then you need to move into the cities, otherwise you may be waiting until 2017 or later. Of course by then other countries will have completed their own Next Generation roll-outs, leaving the UK where it is now in relative terms in the worldwide digital economy. There is still the risk that countries that missed the first generation broadband wave could leapfrog the UK as we take our step by step approach to faster broadband.

Mozilla has released a new version of its Firefox browser that plugs nine security holes, four of which are rated “critical,” the foundation’s highest vulnerability level.

Version 3.0.11 squashes a javascript chrome privilege escalation bug, which Mozilla said allows attackers to execute malware on the computers of end users. Exploits would work by manipulating chrome privileged objects, such as a browser sidebar.

Mozilla said some of same bugs have been fixed in version 2.0.0.22 of Thunderbird, but at time of writing, the most current version of the email application was 2.0.0.21. We wouldn’t be surprised if an update was released soon.

As usual, the update will be pushed directly to Firefox users and requires only a simple restart of the browser to be installed.

The prime minister has appointed the inventor of the world wide web as the government’s adviser on information delivery.

Sir Tim Berners-Lee will lead a panel of experts to advise the relevant Cabinet Office minister on how government can best use the internet to make non-personal public data as widely available as possible. He will oversee work to create a single online point of access for government held public data and develop proposals to extend access to data from the wider public sector, including selecting and implementing common standards. In addition, he will help drive the use of the internet to improve government consultation processes.

Announcing the appointment on 10 June 2008, prime minister Gordon Brown: “So that government information is accessible and useful for the widest possible group of people, I have asked Sir Tim Berners-Lee who led the creation of the world wide web, to help us drive the opening up of access to government data in the web over the coming months.”

Berners-Lee has been a proponent of better access to all forms of government and other data. In a talk to the Technology, Entertainment and Design conference in March he said: “What you find if you deal with people in government departments is that they hug their database, hold it really close, so that they can build a beautiful website to present it.

“I would like to suggest: sure, make a beautiful website, but first, give us – all of us – the unadulterated data. We have to ask for raw data now.”

Andrew Stott, the director of digital engagement at the Cabinet Office, commented that he was delighted to be working with Berners-Lee and his panel. “They will provide the expert challenge and insight we need to drive action across the public sector,” he said.

The Internet Corporation for Assigned Names and Numbers (ICANN), which manages the Domain Name System (DNS), has called on ISPs around the world to start moving towards adoption of Domain Name System Security Extensions (DNSSEC). DNS translates IP addresses into human readable form but it is flawed, which can result in legitimate website addresses being diverted to malicious sites by hackers.

To solve this problem DNSSEC was developed, which uses a combination of encryption, origin authentication of DNS data, data integrity and authenticated denial of existence checks to prevent hackers from easily being able to hijack websites and domains from legitimate servers. It won’t stop Distributed Denial of Service (DDoS) attacks, where a server is bombarded by masses of requests and ultimately crashes, but it will prevent most current hacks.

This is clearly a very important step towards making the Internet more secure. However ICANN admits that without support from both ISPs and application developers around the world then it may not succeed. ICANN is now pushing for full adoption of DNSSEC but notes that it will initially result in a two-tier Internet between users of secure and unsecure platforms:

The CEO of ICANN, Paul Twomey, told ZDNet UK :

“It is important to get the application-layer community involved and to recognise that DNSSEC should move through all applications. It’s going to take some time to deploy and further discussions, as there are a lot of implementation issues for ISPs in how they support DNSSEC. Users will have to have access to both signed and unsigned roots. It’s not like we can turn DNSSEC on tomorrow.”

DNSSEC itself is nothing new and ICANN has reportedly been pushing for it since 2005, although political squabbles over who manages the Internet have held up progress. Happily agreements have now been reached and ICANN are finally in a position to push forward, although much like moving to IPv6 – it could still take many years to fully deploy.

To the average broadband consumer this will seem like little more than techno-babble that has no bearing on their experience. In reality it’s a bit like putting an immobiliser and alarm in a car that previously had neither.

Apple has released its final version of Safari 4 , which the company is billing as the “world’s fastest and most innovative web browser.”

Available for Mac and Windows PCs and introduced as a beta in February of this year, Safari 4 features the Nitro engine which runs JavaScript up to 4.5 times faster than its predecessor.

Safari 4 is built on some of the most advanced browser technologies including the new Nitro JavaScript engine that executes JavaScript nearly eight times faster than IE 8 and more than four times faster than Firefox 3, according to Apple’s tests. The company also claims that Safari quickly loads HTML web pages more than three times faster than IE 8 and three times faster than Firefox 3.

Starting with the development of the open source WebKit browser engine, Apple has been an industry leader in defining and implementing innovative web standards. Safari 4 includes HTML 5 support for offline technologies and support for advanced CSS Effects, enabling an entirely new class of web applications that feature rich media, graphics and fonts.

Safari 4 is also the first officially released browser to pass the Web Standards Project’s Acid3 test, which examines how well a browser adheres to CSS, JavaScript, XML and SVG standards that are specifically designed for dynamic web applications.

Other new features in Safari 4 include:

• Top Sites, offering a visual preview of frequently visited and favorite pages
• Full History Search, to search through titles, web addresses and the complete text of recently viewed pages
• Cover Flow, to easily flip through web history or bookmarks.
• Smart Address Fields for automatically completing web addresses from an easy to read list of suggestions
• Search Fields, to fine tune searches with recommendations from Google Suggest or a list of recent searches
• Full Page Zoom, for a closer look at any website without degrading the quality of the site’s layout and text.

Safari 4 is available for both Mac OS X and Windows as a free download.

ISP Entanet, a wholesale voice and broadband data communications provider, has warned that forcing UK Internet Service Providers (ISPs) to monitor all content could have a serious and dramatic impact on both price and performance. The provider has also raised concerns about how such a move might impact privacy and the security of data.

Entanet’s Marketing Manager, Darren Farnden, said:

“Some people will point to the ISPs and say that they should be monitoring content and ensuring that nothing unsavoury either gets through or can be created. ISPs also have a dilemma though. They cannot simply start monitoring every bit of content that is carried across their network or start scanning emails for content that might be considered inappropriate. Putting in systems to do that also requires massive investment in new technologies and systems and that is going to take time and add to the ISPs’ costs.

If ISPs were forced to monitor all content, the impact on performance (and probably prices) would be dramatic and likely to draw such an outcry from business users and consumers that restrictions would soon have to be relaxed to some degree, thus creating holes in the system that allow undesirable content to get though again. In addition there is the obvious concern over privacy and security of data. As we have asked in some of our previous articles, where does protection end and censorship begin? Would you want an ISP to have access to all the data you send across the Internet?

This is not a simple issue to address and we don’t pretend to have the answers as yet at Entanet. What we are certain of is that, if the responsibility for content monitoring is imposed on ISPs, service performance may be affected while price undoubtedly will be. We are not convinced the market will stand for that.”

Entanet has previously raised concerns about the way the Internet Watch Foundation’s (IWF) block list works, which is designed to filter out sites that contain illegal child sexual abuse and race hate content, thus its position is unsurprising.

Entanet’s Technical Support Manager, Neil Watson, said:

“Entanet fully appreciates the importance of protecting children from exploitation and fully supports the IWF’s intentions. However like many other ISPs we have concerns over the accuracy of the methods used to identify offending sites.

There are also concerns over the effectiveness of the IWF list. Paedophiles with minimal technical knowledge can easily circumnavigate the list to gain access to and distribute illegal images. So is it really worthwhile and will it make a difference?”

Presently just 5% of UK Internet connections, mostly via the smallest ISPs, have not yet made a commitment to adopt such filtering systems due to cost and or technical concerns. This may not last for long with both the EU and MP’s in the UK government now seeking to clamp down further.

In addition, it’s not clear how many of the 95% have actually gone beyond a mere “commitment” and physically deployed IWF style filtering. Still, most of the largest UK ISPs have adopted the IWF’s system and, despite some noted hiccups, the impact appears to have been moderate.

That said and Entanet’s piece isn’t just about the IWF situation, it also concerns the government’s plans to force UK ISPs into monitoring basic email and website access, not to mention any future and tougher content controls that could arise. ISPs can only absorb so much before the burden risks becoming counterproductive.