Security Bullet In

Mobile operators already charge each other termination charges -- now Ofcom has called for opinions as to whether end users should be charged.

Interesting articles both in the Register and the Telegraph discuss the proposals.

Call me skeptical, but surely carrier termination charges are already passed on to customers? Won't it just make it more overt, if customer termination charges are brought in?

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was that NASA doesn't have antivirus on its laptops:

"The laptops carried by astronauts reportedly do not have any anti-virus software on them to prevent infection," said the BBC. "Nasa said it was not the first time computer viruses had travelled into space and it was investigating how the machines were infected."

What a way to run a railroad.

Not the first time computer viruses had travelled into space? For goodness sake, surely Nasa of all organisations should know what "mission critical system" means? Surely those systems should be clean, to minimise the risk of anything going wrong?

Meanwhile, self-confessed Nasa hacker Gary McKinnon has lost his final legal battle not to be extradited to the US, where he faces up to sixty years in jail if found guilty. McKinnon has repeatedly said how easy it was to break into the Nasa systems, or, to quote his dad when I spoke to them both outside the House of Lords in June -- "The security was crap." Quite.

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive spam than if your address is zebra at animal.net.

"It makes quite a big difference," Clayton told me. "If you look at real zebras, they get less spam than real aardvarks."

For those of you surprised that real aardvarks and zebras have email accounts at all, perhaps it would be good to say that Clayton was speaking figuratively.

If 'aardvark' represents an email address beginning with 'a', and 'zebra' represents an email address beginning with "z", and if we are talking about 'real' email addresses that receive non-spam email, the aardvarks will get 35 percent spam, whereas the zebras will get 20 percent, said Clayton.

Clayton explained further in a blog post on Monday. There is a prevalence of dictionary-style spam attacks, where spam is automatically sent to a list of viable names. It follows that if you have an unusual name, you'll get less spam.

"The bottom line is that you should have an obscure name," Clayton told me.

I've been pondering why it's so difficult to get any official comment out of any of the organisations involved when it comes to what is happening with Transys.

Transys is the consortium which runs London's Oyster card travel smartcard, and consists of EDS and Cubic. TfL announced last week that it would end the Oyster card contract with Transys -- the contract termination will take effect in 2010. It then emerged that EDS had gained a temporary injunction against Cubic, which had sucessfully negotiated to run the Oyster system after 2010.

Ok, all well and good, but I think it's actually quite difficult to get any offical comment about what is going on from Transys. Both EDS and Cubic refer any Transys related questions to Transys. But I believe that when it comes to Transys affairs, the only comment available has to be agreed on by both parties in the consortium -- EDS and Cubic. So when the two parties have radically different viewpoints, official statements from Transys have to be toned down enough to appeal to both parties.

According to various reports, Vista has been downgraded to XP on a third of machines globally. Both TGDaily and TechNewsWorld are reporting claims that approximately 35 percent of Vista machines, both in the enterprise and home editions, have been downgraded.

However, have a closer look at the story and the stats appear to be a bit more shaky than the bold headline figures suggest. The stats were collected by a company called Devil Mountain Software, which is running a project to collect web metrics. Fair enough. All of the stories I've read on this have mentioned that Devil Mountain Software collects information from the "exo.performance.network" of around 3000 volunteers.

Of those 3000, a sample set of approximately 1000 were running Vista, according to TechNewsWorld. Under 35 percent of those had purchased Vista machines that were then downgraded, said the article.

Devil Mountain Software identified the Vista machines based on make and model -- "particularly HP, Dell and IBM systems" that had shipped in the past six months, said TechNewsWorld. "They compared that to the number of machines reported by their monitoring agent to be running that version of Windows in the field," TechNewsWorld added.

Now I'm no Microsoft apologist, but for this survey I think that a sample set of around 1000 machines just doesn't give an accurate enough picture to be able to say that a third of the world's Vista computers have been downgraded.

However, so saying, the story does highlight another set of dodgy figures -- Microsoft's Vista sales. While Microsoft has claimed victory in this respect, with over 180 million Vista licences sold, the metrics show that at least a proportion of users or OEMs are purchasing the licence, then downgrading to XP.