The US Dollar reached new lows against the Euro, reaching $1.364 by 6pm last night. The USD has now fallen 7% against the Euro this year, and lost 3.2% against the Yen.

Traders do not expect the European Central Bank to make any moves to weaken the Euro itself, while the US is expected to allow for further depreciation of the dollar so as to help face its massive trade deficit.

Link: Dollar continues record fall against Euro

Oil traders are ignoring the possible consequences of the Asian Earthquake disaster on global oil supplies, and instead looking only for the moment at the US weather forecast.

With good reserves and forecasts of a mild winter, it means that US production and distribution is expected to be steady and healthy, and that expectation has delivered a 6% fall in US oil prices.

However, as reported in Mild winter drives US oil down 6%:

Nonetheless, US crude is still 30% more expensive than at the beginning of 2004, boosted by growing demand and bottlenecks at refineries.

Link: Oil market looks at short-term US winter

According to the online report, Report: Craigslist costing newspapers millions, online classifieds via sites such as Craigslist is costing the local print market an estimated $65 million in employment advertising revenue.

The claim is made implicitly by Classified Intelligence, a marketing firm that aims to specialise in offering classifieds solutions to businesses.

According to the CNet coverage:

Local search advertising revenue is expected to reach $502 million in 2004, up from $408 million last year, according to market researcher Jupiter Research. That number is expected to hit $824 million by 2008.

Classified advertising represents a $28 billion to $30 billion business in the United States, including $16 billion in daily newspapers, and an estimated $100 billion business internationally.

Online auction giant eBay took a 25 percent stake in Craigslist in August.

Link: Craigslist eats into billion dollar classifieds market

Two days after the world’s worst earthquake for 40 years devastated coastal regions of South Asia, washed away by with 30 foot tsunamis, it emerged that no official warning channels existed.

According to USGS: Warnings could have saved thousands, US researchers who detected the massive quake tried to contact governments in the area to warn of an impending tsumani alert. However, only Australia, Indomesia, and groups of Pacific islands had any kind of notification alert in place.

The reason being is simply that this was a rare high magnitude event, and those countries that suffered most had no informal evacuation procedure in place in the event of a tsumani threatening, let alone any kind of official government channels.

It’s considered unlikely that the Indian Ocean itself will suffer such a major event anytime soon. However, it remains a clear lesson to the world that greater communication needs to be allowed between major earth monitoring stations and regional governments, so in the event of a major event being recorded, local officials in identified danger areas can be notified to take action. After all, as XX said:

“It took an hour and a half for the wave to get from the earthquake to Sri Lanka and an hour for it to get…to the west coast of Thailand and Malaysia,” said Charles McCreery, director of the National Oceanic and Atmospheric Administration’s center in Honolulu. “You can walk inland for 15 minutes to get to a safe area.”

Link: Natural catastrophe: monitoring and warning system to come?

Opera are determined not to be left behind in the battle for the browser market, as the open source Mozilla Firefox fights into Microsoft Internet Explorer’s dominant market share.

Announcing teh release of a new test version, it comes not simply with additional support for formats such as RSS, but also offers surfing via voice activated commands and the ability to have web pages read to them.

According to the report in CNet: Opera releases new talking Web browser:

The company said it has made enough improvements to turn the final version of this beta download into a major new release, instead of an ordinary incremental upgrade.

The new Opera beta version also includes user interface improvements such as bigger browsing space, cleaner menus, and better printing support, the company says. The browser also now works with Google’s Gmail, correcting a problem that had led some Opera users to switch to Firefox.

The voice support is powered by IBM’s Embedded ViaVoice technology, which Opera licensed early in the year.

Link: Opera: voice-activated browsing

RLX Technologies, who were the first to offer blade servers, to help cut down on power consumption and unit density in datacenters, have suddenly announced plans to entirely drop their server arm, and instead focus on selling its Control Tower software management software.

According to CNet, in Blade pioneer RLX gets out of servers:

The hardware market is notoriously difficult on start-ups, however, and RLX’s sales never took flight. The company debuted during the massive downturn in IT spending. Meanwhile, well-heeled competitors like Hewlett-Packard, IBM, Sun Microsystems and Dell began to create their own blade servers and management tools.

Sales of RLX systems were also initially hampered by the fact that it used Transmeta processors, though it subsequently shifted to Intel chips.

The decision to get out of hardware is relatively sudden. The company announced a new line of servers in November.

Link: RLX Technologies drops blade servers for software

Chinese security company, Xfocus Team, has published on the internet information on two new serious exploits within Microsoft Windows, along with “exploit code” that allows malicious coders to immediately start taking advantage of the exploits.

These appear to be pretty serious exploits, too - according to Exploits released for new Windows flaws:

One vulnerability, in the operating system’s LoadImage function, could enable an attacker to compromise a victim’s PC when the computer displays a specially crafted image placed on a Web site or in an e-mail. The other vulnerability, in the Windows Help program, likewise could affect any program that opens a Help file.

Because the flaws are in a library used by Windows programs, almost all browsers and e-mail clients are likely affected by the flaws, said Alfred Huger, senior director of engineering at Symantec.

“They are rather serious,” Huger said. “Both can be exploited by anything that processes images or reads help files.”

Link: New major Microsoft OS exploits

Ending speculation that the Russian state had simply circumvented international restrictions, Russia’s President Vladamir Putin defended the acquisition of Yukos’s key production unit by Rosneft, via Baikal finance, claiming that it followed “free market principles”.

As reported in Kremlin plays dirty for Yukos?, Russia’s state owned fuel giant, Gazprom were legally prevented from buying up Yuganskneftegas, despite being favourites - and instead a completely unknown company, Baikal Finance, suddenly appeared on the scene and won a bid for the production unit.

Baikal was then bought out by Rosneft - which is itself already in the process of being merged with Gazprom - thus ensuring acquisition despites international obstacles.

According to the BBC report, Putin backs state grab for Yukos:

The US, meanwhile, has said a lack of transparency in the sale of Yukos’ Yuganskneftegas subsidiary could affect Russia’s standing in the world economy.

“We think this sends the wrong signals to foreign investors and could negatively impact Russia’s role in the global economy,” deputy State Department spokesman Adam Ereli said.

Link: Putin backs Russia’s Yukos grab

HSBC bank announced that it would be opening 80 branches on December 28th 2004 - officially a bank holiday - to provide sales of mortgages, loans and savings products.

With volunteer staff earning double pay, trade union Amicus-Unifi supported the move so long as staff were not compelled to work bank holidays.

Link: HSBC opens Bank Holiday

A malicious script, a worm named “Santy”, was used to search through Google results to target tens of thousands of phpbb forums.

According to an article in Computer Review, Worm uses Google to hit thousands of PHP sites,

The worm, Santy, exploited a vulnerability in phpBB, a bulletin board plug-in for the popular PHP web site scripting environment, to deface at least tens of thousands of web sites, deleting data from servers as it went.

It is believed to be the first major automated threat to use a search engine, Google in this case, to identify potentially vulnerable targets. This tactic has been known about and used by hackers in more targeted attacks for a long time.

The worm searches Google for the term “viewtopic.php”, the name of the vulnerable component, in URLs, a signature of the presence of phpBB. Google returns about 7.5 million hits for the query “allinurl:viewtopic.php”.

Once it has found a vulnerable machine, the exploit is executed. On the target server, all files with the extensions .asp, .htm, .jsp, .php, .phtm and .shtm are overwritten with an HTML page announcing “This site is defaced!!!”

The defacement page also contains the text: “NeverEverNoSanity WebWorm generation X”, where X is the number of infections that iteration of the worm has so far caused. Google did not return any hits for a query on the defacement text.

A report on the event can be found at Kaspersky: Net-Worm.Perl.Santy.a threatens Internet forums:

This worm infects certain web sites by exploiting a vulnerability in phpBB, a popular package used to create Internet forums. Santy.a is spreading rapidly, and has caused an epidemic. However, this does not directly affect end users - although the worm infects web sites, it does not infect computers used to view these sites.

Santy.a is something of a novelty - it creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, the worm will penetrate the site, gaining control over the resource. It then repeats this routine.

Once the worm has gained control over a site, it will scan all directories on the infected site. All files with the extensions .htm, .php, .asp, .shtm, .jsp and phtm will be overwritten with the text ‘This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation’.

Apart from defacing infected sites with this text, the worm has no payload. It will not infect machines which are used to view infected sites. Kaspersky Lab recommends that all users of phpBB should upgrade to version 2.0.11 to prevent their sites from being defaced.

PHPBB forums also offered support for how affected sites should look to repair themselves in NeverEverNoSanityforDummies - Beginner How To Fix It Thread.

Additionally, in Channel 9, it was suggested in the thread Those running phpbb and php 4 or 5 should also update PHP:

php4 should be patched to 4.3.1, and 5 should also be patched immediately.

Additionally,

BEWARE, there is a bug in php-imap that was only fixed 2 days ago. so Ultimately, there’s a good chance your exploit fixed 4.3.10 rpm will have this bug in it.

http://bugs.php.net/bug.php?id=31142&edit=2

If you update php imap with an rpm of 4.3.10 it will most likely break your php email programs that work on the php-imap library.

Solution, here’s what I did. I used the faulty php imap rpm, then built the latest snapshot of php from the source

http://snaps.php.net/

from the dir where I makefile’d the source to binaries, I copied out only modules/imap.so to the one the php-imap rpm (the faulty one) had installed so

cp modules/imap.so /usr/lib/php4/

from the dir where you made php from the source. This fixes the imap_mail_compose bug with the 4.3.10 rpm (the one I had anyway) and doesn’t break RPM, RPM doesn’t know any better and still thinks it’s the original imap.so.

Problem solved!

Google noticed the use of the worm to automate queries on its search engines, and was able top kill the process after 10 hours. However, thousands of phpbb forums were believed to have ben affected in that time.

Forums that had not patched to the latest phpbb version 2.0.11 were affected, while forums patched up to date were protected from this attack.

However, this was the latest in a run of security exploits to affect the phpbb forum project.

Ultimately, in an ironic reverse on how open source vs licenced operating systems work, the phpbb forum project suffers from limited volunteer help and support. Despite the dedicated work of key developers, licenced forum software releases, such as vBulletin and Invision Power Board, have been able to hold much higher standards of security.

Link: Santy: Automated attack on phpbb forums

As reported in the MSN search blog, MSN have launched a Wiki to support their general attack on search markets, not least web and desktop search.

Named the MSN searchfeedback Wiki, it lists major areas of intended discussion as Web Search, Desktop Search, and Site Owners.

The Wiki is set up as part of Microsoft’s Channel 9 project.

As a few points of note:

1. The Wiki front page links into WebmasterWorld and the SearchEngineWatch forums as places to discuss with Microsoft staff.
2. When I applied to join the forums, MSN Hotmail’s spam filter sent the opt-in e-mail to the junk folder.

Link: MSN release search Wiki

Red Hat sold over 132,000 subscriptions to its Red Hat Enterprise Linux release, generating a Q3 profit of $10.8 million. Although a significant proportion of these licences discounted on price for large volume sales to purchasing businesses, the company had set itself higher sales targets. However, the revenue reported shows a company maturing, with over 6cents per share being returned to investors.

Interestingly enough, in Red Hat pulls out a profit, Chief Executive Matthew Szulik apparently:

preferred to tout deferred revenue–the subscription money that customers have pledged to pay but that Red Hat hasn’t yet recognized. Deferred revenue increased to $121.4 million in the quarter, a 22 percent increase of $99.7 million from three months earlier and a 170 percent increase from $45.1 million from the year-earlier quarter.

Either way, a company finding its feet and growing healthily.

Link: Redhat reports profit

Chris Jablonski at ZDnet makes a rather astonishing observation in his report, Enterprise IT to Firefox: “Your resume looks great, but sorry; we don t see a fit “.

Simply put, IT departments seem unwilling to work with Mozilla Firefox in a corporate enviornment.

Why? The answer is simply that they are unused to working with it, and because of close integration between Microsoft products, means that changing any aspect of that relationship needs to justify itself in terms of immediate costs.

As the MetaGroup explain in more detail in What Will Drive Firefox Adoption in the Enterprise?

Despite all the media noise around the Firefox browser, we do not believe the majority of IT organizations will decide to support it for a number of key reasons. These include the lack of subcomponent administration (for desktop lockdown), compatibility, and integration with other desktop applications. Compatibility is an interesting one. While IE has been criticized by purists for its poor adherence to standards, it is also the browser most sites have customized their development for. Many of the features talked about with Firefox are red herrings (e.g., tabbed browsing, ad blocking, extension architecture). However, some IT organizations have noticed stunning performance benefits in using Firefox with specific applications and will therefore likely support it in limited release - but only where performance is a more important consideration than the combination of all other factors. If consumer take-up of Firefox reaches the vast majority of users, then IE in the corporate environment will be reconsidered, but for now, the benefits of migration do not stack up.

Which is a situation I personally find pretty ridiculous. Internet Explorer is build upon inherent security vulnerabilities, and in a coporate environment where a large number of employees can be sharing this same flawed software, then you have a situation of mass liability.

Whilst this naturally should be factored into a corporate IT framework anyway - after all, you never known what any single employee may try to do willingly with any single software tool - resistance to offering a more secure browsing software tool is nothing more than resistance to necessary change.

The fact that Internet Explorer can much more easily coaxed into executing malicious code, surely means that encouraging its continuing use is effectively an invitation to suffer expensive damage at some later date.

After all, so many companies have suffered so badly at the hands of malicious scripts, especially in the form of mass mailing worms. And although it can certainly be appreciated that a complete change of Operating system is an extremely major undertaking in any develop IT infrastructure, the fact that where simpler software alternatives are offered that will work within existing operating enviroments - but are spurned - is simply an invitation to maintain an expensive status quo of repeated security attacks that cost UK companies millions in lost revenue every year.

If UK companies have no interest in tackling their larger security liabilities, then they invite such problems on themeselves. In which case, it becomes harder and harder to be sympathetic to their losses.

Link: FireFox: wrong for IT

Nanotechnology firms Carbon Nanotechnologies Inc. (CNI) and C Sixty both announced that they will combined into a single company.

Both located in Texas, CNI manufactures carbon nanotubes and C sixty manufactures Buckminster Fullerenes, and companies own a number of patents across their specialities - thus focussing a lot of the carbon nanotechnology exerptise and intellectual rights into a single company.

According to Carbon nanotechnologies companies merge,

Technically, the deal is a merger, but because CNI is larger, it will function more like an acquisition, Nordan said.

Link: Nanotechnology firms unite

Microsoft has lost it’s fight so far with the European Commission in Europe’s biggest ever anti-trust case, totalling 497m euros (��331m; $613m).

Microsoft had appealed that punitive demands of the EC would cause “irreparable damage” were entirely dismissed by the European Court of First Instance, second only to the European Court of Justice in terms of legal authority in Europe.

As of January 2005, Microsoft cannot release versions of Windows operating systems bundled with the Windows Media Player - a flasgship enterprise of the Windows XP operating system.

Microsoft has also been ordered to reveal sections of code to allow third parties to develop additional media applications for Windows.

According to: Brussels blow to Microsoft upheld

Brussels determined that the inclusion of Media Player was an abuse of monopoly as it made it very difficult for rivals such as RealNetworks and Apple’s QuickTime to get consumers to use their products instead.

In Microsoft readies scaled-back Windows, CNet further reports on the press conference Microsoft held, in which Microsoft group product manager, Matt Pilla, complained that European comsumers would be getting less value for their product. After all,

In addition to lacking a copy of Windows Media Player, the new version of Windows won’t be able to do things like play a CD or MP3 file or transfer music to a portable device–at least not without additional software from another company.

Although it’s easy to be sympathetic to the EU consumer, who will now have to make a decision regarding their choice of media player, anybody familiar with Microsoft as a company will be well aware that the European Commission’s concerns of abuse of monopoly are a well-known Microsoft tactic.

Link: Microsoft loses European Comission fight

The Financial Services Authority (FSA) has been getting tough this week.

In the first action, building society Bradford and Bingley was fined ��650,000 and ordered to compensate existing investors by ��6 million, for mis-selling precipice bonds and with-profits investments to 6,800 investors.

Precipice bonds are high risk investments - often linked to an index, such as the FTSE-100 - that can offer high returns when successful, but create significant losses where the market downturns. FSA accused the B&B of not warning investors properly of this risk.

According to reports: ��650,000 mis-selling fine for B&B

Bradford & Bingley did not make suitable recommendations to customers and failed to keep proper records of sales made, the FSA ruled.

The FSA added the offence had been compounded because the bank had ignored warnings about the quality of its record keeping dating back to 1998.

As a result the bank had exposed customers to a higher degree of risk than was suitable through its sale of with-profits and precipice bond investments, the watchdog added.

“This is a very serious case of mis-selling which was made worse by the fact that Bradford & Bingley had prior warning of the specific concerns about its record keeping,” Andrew Proctor, head of enforcement at the FSA, said.

“However, the firm failed to pay sufficient attention to these warnings and take adequate action, which put thousands of its customers at risk of financial loss. ”

Also targeted this week was insurance giant Axa Sun Life, who was fined ��500,000 for advertising of its Axa Cash Builder Plus. A with-profits endowment policy, that has seen a string of TV ads fronted by June Whitfield and Carol Smilie, was held to have been improperly represented, with potential investors not warned clearly enough of financial penalties imposed should be plan be cashed before maturity.

Last year Lloyds was ordered to pay ��98 million to its investors, also for the mis-selling of precipice bonds. and in September, finance advisors firm, David M Aarron Ltd, was banned from trading after it mis-sold precipice bonds to 8,000 investors.
(more…)

Link: FSA gets tough week

BBC documentary “Real Story” alleges that loans are being sold to banking customers primarily on the basis of eraching sales targets.

Relying on testament of an ex personal account manager for Lloyds, and on contact from clustomers who claim they were mis-sold loans, the program suggests that staff and customers liased within a high-pressure sales environment - where staff were expected to make lona sales targets, or face penalties to their salary.

According to the former employee:

“I know people who are still there at the bank now and they tell me the selling culture is continuing.

“If you didn’t reach your figures your salary could be reduced.

“You wouldn’t want to sell to people who you knew couldn’t afford it but, unfortunately, due to the high pressure sales environment, that was sometimes the case.

“The sales culture was very, very aggressive indeed.”

Link: Whistleblower alleges Lloyds mis-sold loans

Suprnova.org, a bit torrent file-sharing service, is the latest bit torrent file-sharing service to close down, after music and movie industries launched a strong of high profile cases against server operators where file sharing via bit torrent servers was allowed.

According to the report, Popular BitTorrent site shuts down after flurry of suits

Last week, movie studios sued more than 100 operators of U.S. and European sites that host BitTorrent links but did not name the defendants.

Suprnova.org was the most popular repository for links to files that could be downloaded using the BitTorrent program.

Another site that carried BitTorrent links, N4p.com, said it had shut down due to a civil complaint that cited the Digital Millennium Copyright Act. Torrentbits.org and Phoenix-torrents.com also shut down.

Still, there were plenty of sites with BitTorrent links alive on Monday, including a “mirror,” or copy, of Suprnova.org.

Link: Suprnova.org closes

Six Apart have released Movable Type 3.14, primarily in an effeort to stop comment spam overloading their servers.

Whilst Six apart blame automated bots themselves for increasing server loads, they have also made significant changes to prevent the unnecessary processing of comments, such as:

• Unnecessary rebuilds upon comment moderation are eliminated.
• Generation of internal bookkeeping data for dynamic pages is not performed when using static pages.
• New weblogs default to having comment moderation enabled.

However, webmasters at Threadwatch point out that reducing server loads does nothing to combat actual comment spamming. Nick Wilson has also posted an article, The Solution to Blog Spamming, which aims to address many issues.

Link: Movable Type 3.14 released

Today the World Wide Web Consortium (W3C) published new standards for merging XML documents, with XML Inclusions (XInclude) Version 1.0.

This is intended to deliver a final death blow to Document Type Definition (DTD), a server-based set of instructionsfor interpreting XML documents how their elements interact.

According to the CNet report: XML documents–merge ahead:

[W3C has] since 2001 has recommended the use of XML Schema instead. It has mandated the use of XML Schema in other recommendations such as SOAP (Simple Object Access Protocol) 1.2 and WSDL (Web Services Description Language).

“XML Schema will ultimately replace DTDs,” Le Hegaret said. “By adding this inclusion mechanism, we will rely less and less on it.”

Link: W3C: XML Inclusions (XInclude) Version 1.0